An audit report is a document that details a company’s financial statement status. It is written by an auditor and includes their opinion of the area of process they are auditing. An auditor’s opinion can be clean, qualified, adverse or disclaimer. An audit is the examination, inspection and evaluation of significant processes and/ or financial reports by an independent party or an employee within a business.
Audits are performed to ensure business compliance with laws and regulations and determine whether the financial information recorded is accurate. It can also assist in identifying risks and preventing fraud. It can highlight whether the controls in place are adequate to manage future threats or weaknesses within business processes.
An effective audit report needs to be comprehensive and communicate findings succinctly. Each section should be detailed and only include factual and relevant information. The auditor could create graphs, tables or present information in bullet points when required.
How to write an audit report
Every audit report must follow a structure. The full names of the auditors need to be included, not only initials. At the beginning of the audit report, the responsibilities of the management and the auditor should be outlined. The actions taken during the audit ought to be written in the past tense. The most important sections of the audit report are:
- Scope and objectives
- Executive summary
- Findings
- Opinion
- Basis for opinion
- Recommendations
Scope and objectives
After discussions between the auditor and business management, the scope and objectives of the audit can be determined. The audit report must state the purpose of the audit needs to be established and to what extent examination will be conducted. Which files will be evaluated, across how many years and which departments. To satisfy the scope of the audit, the auditor might have to review current policies and confirm whether the business’s resources are being used for its own interests. The objective and scope will vary depending on the type of audit performed.
The auditor must ensure that accounting books and records are correctly maintained for a tax audit. For a process audit, assurance needs to be given about the effectiveness of the systems and processes of the business. Scope and objectives can be set on a per-audit basis or they are set once the audit schedule has been determined.
Executive summary
The executive summary of an audit report should be carefully written as it summarises the content of the audit report. It is usually 1 to 2 pages maximum and contains the main sections of the audit report, along with definitions, in less detail. Bullet points could be utilised to make the executive summary easier to read, as well as present information clearly and concisely. The auditor could also use a table to highlight the most important issues and risks, how controls should be implemented, and when. When this part of the report is written, it is crucial to remember that it is constructed for people who do not have a lot of time and need clear and accurate information.
Findings
After looking at the activities and practices of the business, the auditor will be able to make conclusions based on their evaluation. Depending on the nature of the audit, the findings could indicate faults within the business. It could be found that unapproved overtime is being recorded or there are significant deficiencies in internal controls. The audit could also uncover other risks such as fraud, lack of policies and procedures and unauthorised access to information by employees, which should have been restricted.
Opportunities for improvement (OFIs) may be provided by the auditor in the audit report as they give feedback and could help the business avoid future or potential non-compliance. The auditor shares ideas that will improve business systems and offer a third-party perspective to the organisation. The OFI should not be written authoritatively, rather it should mention the area of the company that is affected and what action can be taken.
All nonconformances must be highlighted along with the areas they occurred in. The auditor should also describe how they got those findings, the actions they took and the data they looked at.
However, findings could be positive as well, not only negative. The auditor can find that the business is maintaining records properly and is compliant with all relevant laws and regulations. The opinion of the audit report will highlight that.
Opinion
At the end of the audit process, the auditor states their opinion based on their observations during the process. There are four types of auditor opinions:
- Unqualified opinion
- Qualified opinion
- Disclaimer of opinion
- Adverse opinion
Unqualified opinion
Also called a clean report, an unqualified opinion indicates that the auditor is satisfied with business practices and how financial information is recorded. It is the most common type of report and the one companies want as it means that there is nothing wrong with financial statements. An unqualified opinion confirms that the business follows laws and regulations, banks are more likely to lend money as all the information is fairly presented. There is assurance that there will be little to issues in the organisation and that it is compliant. It is also positive for investors as it shows that the business is moral and has integrity.
Qualified opinion
A qualified opinion in an audit report is given when the auditor is not completely satisfied with the state of financial procedures within a business. There may be an issue present such as the company not following the country’s financial standards when reporting its information. There could also be an issue regarding the limitation of the audit. It could be that the auditor did not find enough documents or data for a certain objective.
The qualified opinion indicates a non-pervasive issue but could still cast doubt on the company’s practices and its statements’ accuracy. This type of opinion is not as detrimental to the business as it can change in the future after the areas of issues are described by the auditor.
Adverse opinion
Adverse opinion means that the auditor is not satisfied with the financial statements provided by the management. They have found evidence that the financial information has been misstated and there are irregular records. The issues that arise from this opinion indicate a pervasive problem and serious risks within the company. It is also a red flag that indicates fraud is happening in the organisation as the management has not maintained truthful data.
An adverse opinion is the least wanted outcome as it jeopardises the company’s outlook and ability to borrow money and attract investors. It can impact many aspects of the business such as its reputation and stock prices as the organisation does not follow accounting principles and its morality is questioned.
Disclaimer opinion
A disclaimer shows that the auditor has formed no opinion for various reasons. It could be that the auditor did not have access to the right or enough documents. The auditor has questions that have remained unanswered due to insufficient evidence or the company not cooperating. Generally, it is neither a positive or negative opinion. However, it can have implications as it does not provide a clear outcome and may indicate that the business has not provided enough support to the auditor.
Investors might not feel as confident about the business and creditors can be hesitant about lending money. In some cases, the auditee can sue the auditor if they disagree with this opinion.
For a process audit report the results are:
- Compliant
- Minor non-compliance
- Major non-compliance
Compliant
In a process audit report, compliant is equivalent to unqualified opinion. It shows that all processes and systems abide by policies and requirements. They comply with laws and regulations and they are efficient and effective. Opportunities for improvement do not count against a ‘Compliant’ opinion, as the process complies with all requirements, there is simply an opportunity to make it more efficient or effective.
Minor non-compliance
Minor non-compliance is the equivalent of a qualified opinion. The audit report probably found that some processes are not compliant with policy or requirements but in a minor, non substantial way. An example of a minor non-compliance could be the inadequate implementation of a procedure that has little effect on business operations, and does not result in a breach of any laws, regulations, standards, or contractual requirements.
One weakness will not cause issues in the business, but if many issues start appearing, the company will have greater problems to deal with. If the audit relates to a certification then their certification will remain provided they’re corrected by the time of the next audit. However if they fail to meet the requirements after the next audit, their certification will be suspended. It can encourage a further investigation to find out why the non-conformance exists in the first place and the steps the organisation can take to prevent another one in the future.
Major non-compliance
Major non-compliance is the equivalent of adverse opinion. It occurs when the audit finds that there are serious and substantial deficiencies in the audited process(es) compared to policy and requirements. Major non-conformance can be the result of previous minor compliances being underestimated.
An example of major non-compliance is a business not following their standard operating procedure when building their product which causes faults and damage to the reputation of the company, or the breach of applicable laws, regulations, standards, or contractual requirements. If this is a certification-related audit, certification would be suspended until they’re rectified. If the business is found to have major non-compliance, then an investigation should take place to find the root cause of the problem. It will cause the company to lose money and time as they try to make improvements and get everything in order before the next audit.
Basis for opinion
This section of the audit report must mention that the audit was conducted according to the auditing standards of the country the company is based in. It may outline the responsibilities of each party under those standards, for example, that the business’s management is responsible for financial statements while the auditor is responsible for their opinion after performing an audit.
The auditor should explain whether the evidence and findings are sufficient for them to provide an opinion. They should also describe which accounting principle applies to their audit. They may explain to what extent the opinion is based, meaning the documents that were examined for them to form that opinion. If this is an external audit, the auditor needs to mention they are acting independently from the business.
Recommendations
Recommendations are made to the management of the company after the audit has been finalised. They are not mandatory, but once given, the managers have to follow the advice of the auditor as they made a commitment before the audit. Implementation of the recommendations involves the actions the business can take to improve its compliance and any nonconformances that are present within the organisation. It is important for the business to act quickly after receiving the recommendations to ensure that the audit is beneficial.
The recommendations need to be taken with improvement as the main goal as well as management of risks. It is not enough to follow the advice of the auditor, the management has to monitor the effectiveness of their actions and internal controls. It should be clear who is responsible for making the changes required to establish better communication and results.
At the end of the audit report, there should be the auditor’s signature, the date of the report and the auditor’s address. If external sources were used then the auditor needs to include a reference section.
Conclusion
An audit report can only be effective if the audit is performed correctly. The organisation will have to provide all relevant files to the auditor and provide them with the space to work within the company. If more documents are needed the business must be ready to provide them to ensure the timely completion of the audit. There has to be good communication between the auditor and the auditee to produce a better quality audit report. An audit report will have different content depending on the type of audit performed, but some sections remain the same for every report.
It is crucial that the business and the auditor cooperate to ensure that the results can help the organisation improve and avoid risks.
Let's Get Started
Interested in learning more about how Polonious can help?
Get a free consultation or demo with one of our experts
Eleftheria Papadopoulou
Eleftheria has completed a Bachelor's of Business with a major in Marketing at the University of Technology Sydney. As part of her undergraduate studies she also obtained a Diploma in Languages with a major in Japanese. Following her graduation she has been working as a Marketing Coordinator and Content and Social Media Specialist.
Eleftheria is currently finishing her Master in Digital Marketing.