Posted by: Robert Davis
AA, Assurance Service, Attestation, Audit Assurance, Audit Opinion, CA, Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, Chartered Accountant, CIA, CICA, CISA, CITP, CPA, Engagement, Evidence, IFAC, Information Technology, ISACA, IT, IT Audit, PM, Project Management, Reporting, The IIA, The IIC
The final audit report should clearly identify ‘gaps’ in controls and the source of the vulnerabilities. Of the potential vulnerabilities documented in the audit report, it is importance to identify any significant, or material, risks. It must also include recommendations to address the issues identified. Lastly, the executive summary of the final audit report must elaborate on the ‘state of controls’ within the audit area. In particular, weaknesses need to be clearly communicated to enable management by exception.