Audit Au

Report
dit

Se
Client:
File:

rvi
Audit Manager:
Phone:

Email:

ce

s
Table of Contents
Executive Summary......................................................................................................3
Introduction...............................................................................................................3
Objective...................................................................................................................3
Conclusion................................................................................................................4
Management Action Plan..............................................................................................6
Summary of Recommendations...............................................................................6
Appendix A Audit Overview........................................................................................7
Introduction...............................................................................................................7
Background, Scope & Objective...............................................................................7
Methodology..............................................................................................................7
Risks..........................................................................................................................7
Reporting...................................................................................................................7
Appendix B Glossary of Terms..................................................................................8
Appendix C Risk Scoring Process...........................................................................10
Appendix D Classification of Recommendations....................................................13

Audit Services Draft Report

2
Executive Summary
Introduction
The Audit Services operational plan includes audit review of in .

Scope:

This draft report presents the findings of the audit review and the
recommendations made. It is intended for discussion purposes, after
which a final report incorporating management's comments will be issued.

Objective
The purpose of this review was to identify and discuss with management
the risks to the objectives of , and to assess how those risks are being
controlled.
The Background, Scope, Objective, and Methodology are included in the
Audit Overview given in Appendix A.

Audit Services Draft Report

TODO
3
Conclusion
Overall, based on the audit work undertaken during this review, Audit
Services
CONCLUSION

Audit Services Draft Report

TODO
4
Key to the table below

Risk The risks to the audit objective, as discussed with

management and included in the scope of the review
I The inherent risk score (an assessment of the level of
risk if there were no controls in place)
Conclusio Summary conclusions drawn from audit work
n undertaken
R The residual risk score (an assessment of the risk
given the controls that were found to be in place)
Ref Cross-reference to the Action numbers in the
Management Action Plan

N Risk I Conclusion R Ref

o.
Overall 0 0
Scores:
1 Risk Desc

Audit Services Draft Report

TODO
5
Management Action Plan
This section of the report shows the recommendations resulting from the
audit.
The relevant risk, audit finding and implication are also shown to give the
basis for each recommendation.
See Appendix D for definitions of High, Medium and Low significance. See
Appendix B for an explanation of other terminology used.
Risk Finding Recommendatio Actio Action Sign
n n Ref A
No. O
Targ
Risk Desc fin_Finding Recommendation

Summary of
Recommendations
High 0
Medium 0
Low 0
Total 0

Audit Services Draft Report

TODO
6
Appendix A Audit Overview

Introduction
The Audit Services Annual Workplan is based on an assessment of risk,
where the areas with greater potential risk are given higher priority. The
Workplan and the risk scores were discussed with the Executive Audit
Committee for the current fiscal year.

The Audit Services Workplan includes a audit review of in

Background, Scope & Objective

Terms of Reference

Methodology
Audit Description

Risks
The risks for this audit are set out in the table in the Executive Summary
above. The risks are given a rating based on an assessment of their
inherent likelihood and impact (without any controls to mitigate them),
using the standard risk scoring matrix referenced in Appendix C. They
have been discussed with the client.
Appendices B and C give explanations of scoring and terminology.

Reporting
A draft report will be issued for discussion purposes, after which a final
report incorporating managements responses will be issued.

Audit Services Draft Report

TODO
7
Appendix B Glossary of Terms

Table 1
Term Definition Example
Process An activity undertaken
Crossing a busy road
Objective The purpose of the activity To get to the other side
Risk Events that could prevent Getting run over
achievement of the objective
Inherent An assessment of the intrinsic Crossing the road
score riskiness of the activity (i.e. if without due care is very
there were no procedures in risky (and would have a
place to control the effects or high score)
occurrence of the risk)
Measured using factors of
consequence and likelihood
See Table 2 below and
Appendix B.
Residual As assessment of the Crossing the road only
score riskiness of the activity with after checking for traffic,
controls present or using a bridge,
Measured using factors of pedestrian crossing or
consequence and likelihood subway is less risky (and
would have a lower
See Table 2 below and
score)
Appendix B.
Implication The potential consequences There is potential for
of the controls (or lack of you to get run over
controls) in place to manage
the risk
Recommenda Where the inherent risk is not Look both ways before
tion adequately managed, and the crossing and follow
residual risk is still too high, pedestrian traffic rules.
management action is
recommended to improve
controls.
Recommendations are graded
by significance - see
Appendix D.
Impact The expected level of impact Catastrophic (death or
of an event (risk) on injury!)
achievement of objectives

Audit Services Draft Report

TODO
8
Likelihood The probability of an event Feasible
(risk) occurring

Audit Services Draft Report

TODO
9
Appendix B Glossary of Terms

Table 2
Risk level * Inherent score Residual score
High Risk The risk fundamentally Management controls are
threatens the insufficient to give
achievement of the assurance that the risk is
service objective. properly managed.
Primary Issue Though not fundamental, Though not fundamentally
there is a significant risk weak, management of the
to the service objective. risk could be enhanced.
Secondary The risk is generally well The risk is sufficiently well
Issue managed, but a minor managed but processes
risk is present. could still be improved.
Acceptable A minor risk, which does The risk is considered to
not significantly threaten be sufficiently well
the service objectives. managed.
* See Appendix C for risk scoring matrix

Audit Services Draft Report

TODO
10
Appendix C Risk Scoring Process

Impact

Factor Scor Expected Impact Service Delivery F

e Political
Major 4 Long term negative media focus, strong Branch operations impeded F
stakeholder concerns and/or public outcry e
for ministerial resignation
Moderate 3 Short term negative media focus, concerns Many aspects of operations F
raised by stakeholders and/or multiple suspended b
referrals on the same issue $
Minor 2 Negative articles in more than one Few operations suspended F
publication and or a ministerial referral b
$
Insignificant 1 A negative article in one publication Branch operates normally F
t

Audit Services Draft Report

TODO
11
Appendix C Risk Scoring Process

Likelihood

Factor Score Expected Frequency Indicative Probability

Very Likely 4 Regular Occurrence 75% or over

Likely to happen at some point in the next
Likely 3 year 50% to 75%

Unlikely 2 Only likely to happen once every 5 years 10% to 50%

Very Unlikely 1 Has happened rarely or never before 0% to 10%

Audit Services Draft Report

TODO
12
 Appendix C Risk Scoring Process
Impact of Risk

(2) Minor Moderate (3) (4) Major

Tertiary Primary Primary Primary

Issue Issue Issue Issue

Tertiary Secondary Secondary Primary

Issue Issue Issue Issue

Tertiary Secondary Secondary

Acceptable Issue Issue Issue
Insignificant
(1)

Tertiary
Acceptable Acceptable Acceptable Issue
Very unlikely (1) Unlikely (2) Likely (3) Very likely (4)
Likelihood of Risk

Likelihood of Risk
See Appendix B for definitions of terminology

Audit Services Draft Report

TODO
13
Appendix D Classification of Recommendations

Recommendatio
n Significance Definition

Recommendations requiring essential action by

High management in order to address a fundamental
threat to the achievement of objectives.
The implementation of these recommendations may
be monitored by the Executive Audit Committee.
Medium Recommendations requiring action by management
to improve control, although the achievement of
objectives is not fundamentally threatened.
Low Recommendations presented for management
consideration only, as they represent a suggested
improvement in management of the risks.

Audit Services Draft Report

TODO
14