ERA line of business
Month DD, 20## / Business unit management / Other
addressees
Name
Title
Name
Title
Name
Title
Name
Title
Audit Team
Name
Audit Director
Name
Audit Manager
Name
Title of Auditor-in-charge / Name
Name
Name
Name
Name
Name
Name
Name
Name
Name
Name
Name / Name
Name
Name
Name
Name
Name
Name
Name
Name
Name
Name
Name
September 2013 | Company Audit & Security 2
Executive summary
Date
Audit report name / RATING
#
ERA line of business name
Audit report snapshot
Issues
Impact/Severity / # Audit Issues / # SD
Issues
Very High
High
Moderate
Total Issues
Issues rated Low impact are not included in the report.
Self-Disclosed (SD) Issues are not included in the Audit Issues column.
Best practices
Best practices identified / #
Reference
Scope / Full
Control number / C####
Maximum cycle / ## Months
Prior rating
Name / Audit report name
Date / Month, DD, 20##
Rating / #
Name / Audit report name
Date / Month, DD, 20##
Rating / #
/ Opinion
Insert the standard Opinion statement.
Insert Opinion Narrative.
Insert one of the two standard Compliance Opinion statements, if appropriate.
Insert Other Standard Paragraphs if appropriate.
Insert Conclusion Paragraph.
Delete this sentence if the Opinion does not continue onto this page; otherwise, delete this sentence and continue the Opinion here.
Audit objective and scope
The objectives of this audit were to identify key business risks and to evaluate the system of internal control and the effectiveness of risk management practices associated with Audit Report Name. The scope of our audit included testing of transaction records, relevant systems events, safeguarding of assets, and interviews with relevant personnel. In addition, we evaluated any prior audit issues, self-disclosed issues, and regulatory examinations. The time period subject to review was Month DD through Month DD, 20XX with the actual test period being Month DD through Month DD, 20XX. Based on the risk assessment completed with input from management, our audit focused on the following business processes:
· Insert process/activity 1
· Insert process/activity 2
· Insert process/activity 3
· Insert process/activity 4
· Insert process/activity 5
Compliance testing
Insert the standard compliance paragraph if applicable; otherwise, delete the paragraph header and this sentence.
Significant scope change
Insert the significant scope change statement if applicable; otherwise, delete the paragraph header and this sentence.
Reliance
Coverage of the processes listed was not provided due to reliance on test work performed in other audits.
Process / AuditSummary assessment
The overall rating noted in the Executive Summary of this report is based on Audit’s evaluation of the business unit’s Business Line Processes and the Quality of Risk Management.
The Business Line Process table below summarizes the key business risks identified during the audit in consultation with business line management, our assessment of the key business risks, and a reference to any issues and recommendations and/or best practices. We use the results and conclusions of our audit testing to make our assessment. We assess each of the following risks and associated processes using a 5-tiered rating system.
Business line process / Riskcategories * / Audit
assessment ^ / Related issue # /
Insert process title
Insert risk statement. / / /
Insert process title
Insert risk statement.
Insert process title
Insert risk statement.
Insert process title
Insert risk statement.
Insert process title
Insert risk statement.
* Risk Categories – Accounting & Financial Reporting, Compliance, Credit, Market, Operational, and Technology
^Audit Assessment – Strong & Effective, Effective, Generally Effective, Needs Improvement, and Ineffective
The Quality of Risk Management table below summarizes our assessment of management’s internal control structure. Management creates the “tone at the top” and influences its business unit’s control environment by setting the standard through its actions and effectively communicating written policies and procedures, code of ethics, and standards of conduct. Audit evaluates the internal control environment using five key industry standard internal control components based on the results and conclusions of our audit testing. We assess each internal control component using a 5-tiered rating system.
Quality of risk management / Audit assessment^ / Related issue # /Control environment
The tone of the organization influences the control consciousness of its people. Examples include the integrity, ethical values, attitude, and competence of employees; management’s philosophy; and input provided by the board of directors. / /
Risk identification and assessment
Identification and analysis of risks relevant to achieving corporate goals, determination of how such risks should be managed and implementation of a process to address risks.
Control activities
Policies, procedures, and processes that help ensure a company carries out management directives and mitigates risk. Examples include approvals, verifications, reconciliations, reviews of operating performance, security of assets, and segregations of duties.
Information and communication
Timely and effective communication, internally within the company and externally with parties such as customers, regulators, and shareholders, to enable people to carry out their responsibilities, make informed business decisions, run the business, and produce accurate reporting.
Monitoring and testing
Assessing the quality/effectiveness of a company’s internal control systems. This is done through ongoing monitoring of activities within the business units and an independent evaluation of existing controls. Deficiencies are identified, communicated through the management chain, and corrected.
^Audit Assessment – Strong and Effective, Effective, Generally Effective, Needs Improvement, and Ineffective
Best practices
The table below lists best practices that were identified during the course of this audit. Best Practices are processes that merit recognition and are presented in order of most efficient or effective first.
Title / DescriptionBusiness unit summary
Major products/services /Key systems
Financial data
Business footprint
Insert Business unit summary text here.
Issues and corrective actions
1. Insert issue titleRating:
Issue disclosed by management
Enterprise-level issue
Issue
Insert issue.
Corrective action
Insert corrective action.
Manager: Name, Title, Organization name
Expected completion date: Month X, 20YY
2. Insert issue title
Rating:
Issue disclosed by management
Enterprise-level issue
Issue
Insert issue.
Corrective action
Insert corrective action.
Manager: Name, Title, Organization name
Expected completion date: Month X, 20YY
3. Insert issue title
Rating:
Issue disclosed by management
Enterprise-level issue
Issue
Insert issue.
Corrective action
Insert corrective action.
Manager: Name, Title, Organization name
Expected completion date: Month X, 20YY
4. Insert issue title
Rating:
Issue disclosed by management
Enterprise-level issue
Issue
Insert issue.
Corrective action
Insert corrective action.
Manager: Name, Title, Organization name
Expected completion date: Month X, 20YY
5. Insert issue title
Rating:
Issue disclosed by management
Enterprise-level issue
Issue
Insert issue.
Corrective action
Insert corrective action.
Manager: Name, Title, Organization name
Expected completion date: Month X, 20YY
7