1. Home
  2. Lainnya

Reporting findings

Reporting findings

Audit findings result from comparing evidence to audit criteria. Depending on the type of audit and its objectives, reported findings may address all criteria or only those elements the auditors determine to be deficient or insufficiently supported by evidence. Almost all audit methodologies emphasize the importance of reporting findings of weaknesses or nonconformity to audit criteria, as these areas represent the sources of risk to which the audited organization needs to respond. Depending on the audit objectives and the intended audience for the audit report, the contents of the report may include satisfactory findings and areas of conformance as well as weaknesses or deficiencies. For example, audit protocols for compliance and certifi- cation audits often entail the use of checklists or requirements templates with which auditors record the organization’s satisfaction or failure-to-satisfy of all compliance requirements or certification criteria. The specific format and content required in an audit report—which influence the level of detail the report includes—are driven by the purposes for which the report will be used and the internal and external stake- holders with whom it will be shared. As the primary output from an audit engage- ment, the audit report needs to provide enough information to stand on its own as an artifact. Full details of the audit process are captured in audit work papers, which provide an accounting of the evidence each auditor considered, the criteria to which it applied, and the audit methods used. The level of detail reflected in work papers is rarely included in audit reports, but this supporting documentation may be refer- enced from the audit report if necessary. In addition to an overall summary of the audit and its results, an audit report typically contains information including [1] :

purpose and objectives for performing the audit;

audit scope, including organizational, functional, or technical elements to which the audit applies;

Reporting Findings 159

identification of the audit client;

identification of audit participants, including auditors and those subject to the audit;

time frame during which the audit took place;

locations where auditing occurred, including organization facilities and auditor work sites outside the organization, if any;

criteria specified for the audit;

audit findings and supporting evidence;

audit conclusions, including auditor recommendations; and

audit results, potentially including overall success or failure determination or the extent to which the organization satisfies the audit criteria.

Most audit methodologies and guidance distinguish between audit findings and audit conclusions—findings correspond directly to audit criteria and indicate whether or not the subject of the audit satisfies each criterion, while conclusions are evidence- and experience-based opinions from auditors regarding the impli- cations of the findings to the organization. Conclusions may include inferences about why different findings occurred, recommendations for mitigating risk or remediating deficiencies indicated in findings, whether audit objectives have been achieved, or the effectiveness of the organizational capabilities under examination. Organizational objectives for IT audits do not always include corrective actions or identifying opportunities for operational improvement, particularly if a deter- mination of “success” for the organization does not require a response to audit findings. Prevalent auditing standards and guidance for internal auditors empha- size the importance not only of making recommendations for corrective action to resolve audit findings, but also to verify that corrective actions are taken [2,7,9] . Many types of external audits include recommendations for corrective action and responses from the audited organization’s management, such as concurrence or dis- agreement with recommendations and commitments to implement plans of action to remediate weaknesses.

Audit findings describe in detail control weaknesses, operational deficiencies, and other sources of risk to an organization. Audit reports often include sensitive or confidential information that the subject organization does not want to be made public or disclosed to competitors, customers, business partners, or to regulators or oversight authorities unless such disclosure is explicitly required. Organizations need to ensure that audit reports and work papers detailing auditor findings are strictly access controlled to limit disclosure to only those authorized and with a legitimate need to have the information, such as members of the audit committee and others, with fiduciary responsibilities to the organization. Audited organiza- tions typically execute confidentiality agreements with their external auditors to protect internal information, but once audit reports are delivered the organization has the primary responsibility to ensure that only authorized parties have access.

160 CHAPTER 8 IT Audit Processes

Dokumen yang terkait

Food and Nutritional Toxicology

0 1 308

POTENSI EKSTRAK DAUN PINUS (Pinus merkusii Jungh. et de Vriese) SEBAGAI BIOHERBISIDA PENGHAMBAT PERKECAMBAHAN Echinochloa colonum L. DAN Amaranthus viridis. ( Potencies of Pine leaf Extract (Pinus merkusii Jungh. et de Vriese) as Bioherbicides for Geminat

0 0 9

Chapter 4 The Study of Chemical Reactions

0 0 44

TUGAS 9 MATA KULIAH PENGEMBANGAN MEDIA PEMBELAJARAN FISIKA BERBASIS IT “CARA PENYUSUNAN INSTRUMEN EVALUASI MEDIA DAN CONTOH ANGKET MEDIA PEMBELAJARAN” OLEH VEFRA YULIANI (14175036) KELAS A DOSEN PEMBIMBING: PROF. DR. FESTIYED, MS DR. USMELDI, M.PD PENDIDI

0 0 14

TUGAS 3 MATA KULIAH PENGEMBANGAN MEDIA PEMBELAJARAN FISIKA BERBASIS IT “TEORI PEMBUATAN MEDIA PRESENTASI YANG KREATIF, EFEKTIF, EFISIEN, MENARIK SERTA INTERAKTIF UNTUK PEMBELAJARAN” OLEH KELOMPOK 5 VEFRA YULIANI (14175036) DOSEN PEMBIMBING: PROF. DR. FEST

0 1 25

TUGAS 2 MATA KULIAH PENGEMBANGAN MEDIA PEMBELAJARAN FISIKA BERBASIS ICT “PERKEMBANGAN PEMBELAJARAN BERBASIS IT TERKINI” OLEH KELOMPOK 4 VEFRA YULIANI (14175036) DOSEN PEMBIMBING: Prof. Dr. Festiyed, MS Dr. Usmeldi, M.Pd PENDIDIKAN FISIKA PROGRAM PASCA SAR

0 0 26

PUSAT PENELITIAN OSEANOGRAFI LIPI CORAL REEF REHABILITATION AND MANAGEMENT PROGRAM (COREMAP) Phase II Coral Reef Information and Training Centers (CRITC)

0 0 79

OPTIMALISASI JUMLAH PEMBERIAN KONSENTRAT PADA PROGRAM PENGGEMUKAN SAPI PERANAKAN ONGOLE (PO) The optimum amounts of concentrate applied on the feedlot program of the male Ongole Cattle (MOC) Hybrid

0 0 7

LOGICAL Type and Variables

0 0 48

The elements and principles of graphic design used in desktop publishing

0 0 65