Internal Audit Report, What should it Include?
The Audit report, according to the definition of the ISO standard, specifies that it is: “a systematic, independent and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled”.
Internal Audit Process
In this regard, it should be noted that there are a series of issues that need to be addressed prior to the execution of the internal audit itself:
- Auditor and their characteristics: The team of people who will carry out the internal audit will be specified. This team must be independent, objective, and professional so that they have extensive knowledge in the subject to be audited. It can be personnel external to the organization, which is a recommended option if there is no in-house expertise in the subject, in order to ensure the fulfillment of the pursued objective of independence and objectivity.
- Internal audit plan and scope: Prior to the execution of the audit, the audit plan must be defined. This plan must reflect the issues related to its scope, such as the locations, processes, and specific matters to be audited, as well as the timeframe and schedule that will follow the execution of the planned audit.
Execution of the Internal Audit Fieldwork
Once these issues have been defined and the date for conducting the internal audit has been set, the fieldwork will be carried out, which, as indicated previously, will consist of obtaining objective evidence to assess the organization’s compliance at a given moment, with respect to a specific standard or management system.
Likewise, the personnel in charge of the audit will visit the facilities specified in the plan and at the scheduled time, with the purpose of auditing and requesting a sampling of evidence related to the processes and issues to be audited, previously defined in the audit plan.
Subsequently, the auditor should proceed with the preparation of the internal audit report. This report will present the audited issues and will not omit any point. Additionally, it will include the following details for each issue:
- The status of a specific process or issue at the time of the internal audit
- The deviations, which are essentially qualifications or non-conformities detected.
- Proposed corrective actions for the identified qualifications or non-conformities, aimed at ensuring compliance with a particular existing deviation.
- Recommendations, which are not corrective actions for a particular qualification, but opportunities for improvement or actions that could lead to an evolution or greater maturity of the audited process in question, but which currently do not constitute a qualification or non-conformity.
Action Plans
After completing the internal audit report, the identified deviations will be analyzed, and action plans will be approved to correct them. These action plans should be approved at the highest possible level in the organization, to ensure the correction of those issues or processes that are not being fully complied with.
It is important to reiterate the need for the organization to carry out internal audits periodically, depending on the process or standard to be audited.
With the aim of identifying certain issues that are not in compliance, as well as certain opportunities for improvement or recommendations that can help the organization to improve, evolve, and mature its processes.
Contracting an external audit service with specific knowledge in the subject to be audited is key for your company to have an objective audit report. The GlobalSUITE Solutions consulting team ensures the success of the internal audit work with an audit software, as well as the implementation of the proposed action plans for the correction of deviations.
