Audit Report & Its Content

An audit report is a product and outcome of any external or internal audit. Audit reports are the result of an evaluation against a set of criteria. The report indicates how the audited organisation complies with the assessed criteria. Some say the audit report must be comprehensive and include all the details of audited elements. Others believe the audit report should not have too much detail and only include positive and negative observations. The question is, what should a good audit report look like? What level of detail is required? Is there anything that should not be addressed in the report? What about corrective actions or root cause analysis? How to write the audit non-conformities?

This article will focus on the key elements that should be included in an audit report.

1) Audit Scope and criteria

The audit scope and criteria form the basis of every audit. They indicate what has been audited against which specific criteria.

Let's look at this example if a client’s intake department against the Intake procedures was audited, your report must contain this information otherwise, the readers would not understand where what or who had been audited.

2) Summary of positive observations

It is recommended that you start your audit report with some positive observations or best practices that you observed during the audit. These observations indicate the best practices you observed during the audit. Ensure that you support your positive observations with some objective evidence.

Please note that you do not have to make a positive observation in your report just for the sake of it! You can skip this section if you have not seen any positive observations.

3) Summary of gaps and non-conformities

The audit gaps are the findings that do not comply with the assessed criteria. The report must include a summary of the non-conformities and what did not comply with the criteria.

4) Categories of audit findings

There are various audit findings categories across different industries and organisations. These categories define the significance of an audit finding. It can be a major, minor, observation, opportunity for improvement, or an area of concern.

The report must include the category of each audit finding and how significant they were. Depending on the audited scheme, the outcomes can be different, whether they were major or minor findings. It is important to make sure that audit nonconformities are in line with the categories of the audited program. 

5) Audit findings, description and detail

Never forget that the audit objective aims to look for compliance. Writing the description of both conformity and nonconformity within the report is recommended. However, organisations are more interested to see their non-conformances. In general, there are some consequences for the non-conformities, such as corrective actions, change management, etc., whereas conformities don’t trigger any actions.

Being specific is a key factor when it comes to writing non-conformities. Each non-conformity must be supported by objective evidence. You cannot report an audit non-conformity based on what you think or guess.

6) The auditor statements

In this section, you should write down a general statement about the health of the audit process such as:

• The audit program was followed without any changes
• The requested information and records were found available at the time of the audit
• The audit findings were explained to senior management in the closing meeting
• Except for the nonconformities, other audited areas/functions were found to be compliant with the audited standards

7) Auditor's conclusion

The audit report is usually finished with a conclusion. The following suggestions are helpful when writing the conclusion to your report:

• The conclusion starts with thanking all participants for their support during the audit and the time they have spent.
• Overall status of the compliance. In this section, you can write a statement about the readiness of the auditee against the audited criteria.
• Whether the auditee has passed the audit, does the auditee need to do any action(s)? Is this going to lead to certification, suspension or withdrawal?

The level and content of the report can vary due to many reasons. These points are some tips to be considered regardless of the type or complexity of the audit report.

A good understanding of the auditing process is essential for business success. Businesses that fully understand their systems and procedures perform better as a team with less stress and more effective outcome.

 Check out our Internal Auditor Training Course to learn more about the audit process.

Who We Are

At core, LMS TRG is a compliance consulting and training organisation that builds and delivers powerful and practical products for people and businesses. Born and bred in Melbourne, Australia with an amazing team of expert auditors, consultants, and entrepreneurs.

Our area of expertise lies in providing training and guidance on compliance with the National Disability Insurance Scheme (NDIS) and the International Organisation for Standardisation (ISO). We also assist organisations in implementing effective management systems that are tailored to their specific needs and requirements. Our comprehensive approach to compliance training and management systems ensures our clients have the knowledge and tools necessary to meet regulatory requirements and industry standards. We are committed to helping our clients achieve success and maintain a culture of excellence in their operations.

We Care for each other, our members, and our society.

We Dare to discover and experiment, trying to be different and be fearless, and innovative.

We share our knowledge and experience, work together and continue to support our members.