Information Technology Reference
In-Depth Information
report will be delayed. It is always good to avoid the report being rejected on the basis that
it is late by communicating with the client if there are challenges regarding the preparation
of the report.
The IS auditor and the client would have agreed on distribution of the report prior to com-
mencing the audit and most likely during the kick-off meeting. It is important to adhere to
the agreed distribution so that the report is not sent to unauthorised persons. This is espe-
cially more important if the report is going to the board as the report might contain sensitive
issues.
One of the controversial issues in most audit meetings is concerning the report format. In
some enterprises, preference is given to detailed reports while others accept brief reports.
Normally higher level managers prefer less-detailed reports than lower operational or tech-
nical levels. It is also important to take note of the report formats used in the enterprise. It
is good practice to follow the client's report format if it does not pose any significant chal-
lenges.
The IS auditor should also be aware of organisational politics at various levels. Reports
sometimes are rejected because the audit director and IT director have personal differences
or because one of the senior officers did not agree to the terms of reference or audit object-
ives.
It is accepted practice to report on what has not been achieved or complied with. In some
enterprises, management might demand for more information, which includes the entire
picture of the IT environment. This is a requirement which should also be agreed before
commencement of the audit, whether the report should focus on excerpts only or provide
the whole picture.
The IS auditor should take note of the importance of using balanced language in the report.
If the recipients are not very technical, it is good practice to use non-technical language
unless it is not possible to avoid use of technical words. Where the recipients are technical,
it is recommended to use technical language so that the client is able to provide appropriate
technical responses to the IS auditors. Where the auditor would like to support the observa-
tions and recommendations made with detailed technical data (such as diagrams, specific-
ations, and maps), it is advisable to move such detailed information to the appendix.
Indicated below is the possible report structure which could be used to prepare an audit re-
port. There are different types of report structures you could use, and some may be specific
to particular enterprises. In some enterprises, especially those with an international presen-
ce, they prefer to have uniform reporting tools across all their offices.
Search WWH ::
Custom Search