Report Classification | The internal audit identified one or more of the following: |
Optimally Controlled | |
Managed | -
Sound design achieves control objectives. -
No control design improvements identified. -
Controls consistently applied. -
Only minor instances of controls identified as not operating, which have mitigating back-up controls or the risk of loss is immaterial. -
All previous significant audit action items have been closed. |
Some Improvement Opportunity | -
Control design improvements identified, however, the risk of loss is immaterial. -
Isolated or “one-off” significant controls identified as not operating for which sufficient mitigating back-up controls could not be identified. -
Numerous instances of minor controls not operating for which sufficient mitigating back-up controls could not be identified. -
Some previous significant audit action items have not been resolved on a timely basis. |
Major Improvement Opportunity | -
Design is not optimum and may put control objectives at risk. -
Control design improvements identified to ensure that risk of material loss is minimized and functional objectives are met. -
A number of significant controls identified as not operating for which sufficient mitigating backup controls could not be identified which may put control objectives at risk. -
Losses have occurred as a result of control environment deficiencies. -
Little action taken on previous significant audit findings to resolve the item on a timely basis. |
Unacceptable Risk Exposure | -
Control design leaves the opportunity for loss, error or abuse. -
Significant control design improvements identified to ensure that the risk of material loss is minimized and functional objectives are met. -
An unacceptable number of controls (including a selection of both significant and minor) identified as not operating for which sufficient mitigating back-up controls could not be identified creating the opportunity for loss, error or abuse. -
Material losses have occurred as a result of control environment deficiencies. -
Instances of fraud or significant contravention of corporate policy detected. -
No action taken on previous significant audit findings to resolve the item on a timely basis. |