Report Classification | The internal audit identified one or more of the following: |
Cause for considerable concern | - Significant control design improvements identified to ensure that risk of material loss is minimized and functional objectives are met.
- An unacceptable number of controls (including a selection of both significant and minor) identified as not operating for which sufficient mitigating back-up controls could not be identified.
- Material losses have occurred as a result of control environment deficiencies.
- Instances of fraud or significant contravention of corporate policy detected.
- No action taken on previous significant audit findings to resolve the item on a timely basis.
|
Cause for concern | - Control design improvements identified to ensure that risk of material loss is minimized and functional objectives are met.
- A number of significant controls identified as not operating for which sufficient mitigating backup controls could not be identified.
- Losses have occurred as a result of control environment deficiencies.
- Little action taken on previous significant audit findings to resolve the item on a timely basis.
|
No major concerns noted | - Control design improvements identified, however, the risk of loss is immaterial.
- Isolated or “one-off” significant controls identified as not operating for which sufficient mitigating back-up controls could not be identified.
- Numerous instances of minor controls not operating for which sufficient mitigating back-up controls could not be identified.
- Some previous significant audit action items have not been resolved on a timely basis.
|
No or limited scope for improvement | - No control design improvements identified.
- Only minor instances of controls identified as not operating which have mitigating back-up controls, or the risk of loss is immaterial.
- All previous significant audit action items have been closed.
|