Audit report classification

Report Classification The internal audit identified one or more of the following:

Cause for considerable concern
  • Significant control design improvements identified to ensure that risk of material loss is minimized and functional objectives are met.
  • An unacceptable number of controls (including a selection of both significant and minor) identified as not operating for which sufficient mitigating back-up controls could not be identified.
  • Material losses have occurred as a result of control environment deficiencies.
  • Instances of fraud or significant contravention of corporate policy detected.
  • No action taken on previous significant audit findings to resolve the item on a timely basis.

Cause for concern
  • Control design improvements identified to ensure that risk of material loss is minimized and functional objectives are met.
  • A number of significant controls identified as not operating for which sufficient mitigating backup controls could not be identified.
  • Losses have occurred as a result of control environment deficiencies.
  • Little action taken on previous significant audit findings to resolve the item on a timely basis.

No major concerns noted
  • Control design improvements identified, however, the risk of loss is immaterial.
  • Isolated or “one-off” significant controls identified as not operating for which sufficient mitigating back-up controls could not be identified.
  • Numerous instances of minor controls not operating for which sufficient mitigating back-up controls could not be identified.
  • Some previous significant audit action items have not been resolved on a timely basis.

No or limited scope for improvement
  • No control design improvements identified.
  • Only minor instances of controls identified as not operating which have mitigating back-up controls, or the risk of loss is immaterial.
  • All previous significant audit action items have been closed.