This page contains an updated, alphabetized list of the sample audit reports that are available on KnowledgeLeader. These audit reports are provided in downloadable versions, so they can be customized for use in your organization.
Accounts Payable Proposed Standardization Procedures Report
This report template provides an overview of an organization's current accounts payable process and outlines proposed process improvements.
Accounts Payable Review – Audit Report
This is a sample internal audit report for an accounts payable review. The example illustrates a clear and concise format for presenting audit objectives, scope and procedures performed.
Accounts Receivable, Credit, Collection and Cash Application Process Review – Audit Report
This report highlights segregation of duties, process, and system observations and findings for an accounts receivable, credit, collections and cash applications review.
Audit Committee Report – Sarbanes-Oxley Update
This audit report discusses Sarbanes-Oxley project updates including status of the documentation process, testing results, and opportunities for process improvements.
Audit Committee Report: Annual Audit Plan
This sample report shows how the internal audit group can present its annual risk assessment and planning process to the audit committee.
Audit Plan Presentation
This example presentation shows some of the documents that can be included in the presentation of the audit plan to management and the audit committee.
Back Office Process Optimization Report
This sample audit report benchmarks the costs and productivity of back office processes, with an emphasis placed on process standardization, reduced transaction processing times, and enhanced accountability with clearly defined roles and responsibilities.
Bank Audit Plan Report
This audit report relays the results of a risk-based audit plan. Internal audit identified auditable areas, performed a risk assessment for each, and assigned a risk rating of high, medium or low.
Business Continuity Management Program Assessment
This sample audit report assesses a second generation business continuity management (BCM) program.
Business Continuity Management Report
This template outlines sections to consider when developing a business continuity management (BCM) plan. It includes areas to document the business impact analysis, key company contacts, and location of BCM documents.
Business Continuity Software Research Report
This report assesses various business continuity software solution providers in the global market with the purpose of enhancing the organization’s business continuity management capabilities.
Business Partner Royalty Audit Report
One of the main purposes of a business partner audit is to ensure that the partner company is in compliance with the contractual obligations of its business partner agreement. This sample audit report covers business partner agreement compliance, including a review of company compliance related to employee training.
Business Process Effectiveness Review Report
This audit report reviews specific finance processes for process effectiveness and efficiency, including financial planning and forecasting, accounts payable, accounts receivable, credit and collections, inventory (cost accounting), and procurement and capital asset management.
COBIT Baseline Review Report – Sample Report
This sample report provides a template to assess the maturity of IT processes and controls using the COBIT framework.
Contract Terms and Conditions Review Report
This report provides internal audit's analysis of the terms and conditions of two construction project contracts. It includes recommendations for better contract terms and conditions, based on leading practices.
Controls Monitoring Quarterly Assessment Report
This is an example report of internal audit’s quarterly assessment of the ongoing controls monitoring processes. This report provides an overview of the work performed and corresponding audit findings.
Corporate Treasury Review – Sample 2
This audit report summarizes an internal audit review of a corporate treasury function and focuses on processes such as cash management, wire transfers and foreign exchange exposure management.
Corporate Treasury Review – Audit Report
This sample internal audit report illustrates treasury review objectives, scope and procedures performed. It includes a sample of treasury review observations and management implementation plans that address these issues.
Credit Evaluation and Collections Review Report
This 66-page audit report focuses on the credit evaluation and collections review process. The objective is to obtain an understanding of the existing processes, assess the internal control environment, and identify opportunities for process improvements. The Best Practices section provides numerous examples of opportunities where the credit and collections function could implement new processes and significantly improve controls and efficiencies, while the Benchmark section contains cost, quality and time performance measures that compare the sample company against “best companies” in its database and highlights additional opportunities for improvement.
Cybersecurity Audit Report
This audit report presents the results of vulnerability assessments and penetration testing performed on an organization’s external and internal facing environment.
Disbursements Review Report
This audit report provides a review of key processes and testing of transactions, internal controls, and processes related to disbursement, which include: accounts payable, expense accounting and procurement cards.
Distributor Sales Review Audit Report
This audit report focuses on the distribution sales process, including items such as current distributor contracts and compliance with established parameters.
Education Grant Compliance Review Report
This sample audit report focuses on identifying key regulations related to receiving grant funds from the Department of Labor. It provides recommendations on activities that identify and mitigate compliance risks.
Entity-Level Assessment Report
The purpose of this report is to document management’s assessment of the COSO internal control components – control environment, risk assessment, control activities, information and communication, and monitoring – at the entity level.
Entity-Level Fraud Risk Assessment Process Report
This sample report provides an overview of the process one company undertook to satisfy the requirements of evaluating fraud risks that pertain to internal control over financial reporting.
Entity-Level Questionnaire Results Report
This report provides an analysis of a company’s entity-level controls under the COSO framework. Key sections include control environment, risk assessment, control activities, information and communication, and monitoring.
Entity-Level Risk Assessment Audit Report
This report focuses on confirming the existence of internal controls through the lens of COSO’s five components.
Equity Compensation Audit Report
This 43-page, comprehensive audit report assesses a company’s equity compensation processes and related activities.
Executive Report on Internal Controls: Sample 1
This annual audit committee report sample demonstrates one approach that a chief audit executive may use to report on the state of internal controls for the audit committee.
Executive Report on Internal Controls: Sample 2
This is an example of a report to the audit committee on the adequacy of a company's systems of internal controls. It describes the work that internal audit has completed over the past year, and provides an indication of trends and high level assessment of the control environment.
External Quality Assessment of Internal Audit Activity – Validation of Management’s Self Assessment
This audit report focuses on the external quality assessment review (QAR) conducted for a company’s internal audit activity.
Financial Close Review Report
This sample report can be used to help identify close-the-books process improvements to reduce time and effort, while improving accuracy, completeness and sustainability.
Financial Due Diligence Report
The purpose of this document is to provide a financial analysis of a company being purchased by another company. This report template can be used during the financial due diligence process.
Foreign Subsidiary Review – Audit Report
The objectives of this foreign subsidiary internal audit review are to: assess the adequacy of the overall financial control environment, assess the adequacy of key financial and accounting internal controls, evaluate compliance with significant corporate policies and procedures, and identify opportunities for process and internal control improvement.
Fund Accounting Process Review – Audit Report
This fund accounting process review internal audit report focuses on comprehensive record keeping and reporting requirements for registered investment companies and their affiliates. The objective is to review the controls over the oversight and reporting of financial data for each fund.
High-Tech Company Audit Plan
This report shows the results of a business self-assessment (BSA) session, which is a focused discussion of risks facing a corporation and an evaluation of the effectiveness of management controls designed to mitigate exposures.
HIPAA Security Gap Assessment
This audit report identifies potential gaps in complying with the HIPAA Security Final Rule.
Human Resources Process and Compliance Review – Audit Report
This sample human resources process and compliance internal audit report focuses on time reporting, payroll, recruiting, hiring and termination.
Human Resources Risk Management Assessment Report
This sample review was designed to obtain and evaluate the capabilities of existing global human resources risk management techniques using the Capability Maturity Model.
Import Compliance Audit Report
This audit report assesses adherence to a company’s import procedures as established by its International Transportation and Compliance (ITC) department. For each procedure within scope, internal audit identified the controls in place to monitor compliance with the procedures and then tested the operation of the monitoring controls.
Incentive Compensation Audit Report
This sample report summarizes an internal audit review of the incentive compensation area. The report includes an executive summary, description of audit work performed, process maps of the audit area, and recommendations.
Integrated Audit Plan – Audit Committee Report
This audit report provides a background on the PCAOB's Auditing Standard 5 (AS5) and covers its impact on a variety of areas.
Intercompany Reconciliation Report
This document focuses on reducing the intercompany out-of-balance differences to an immaterial amount for the month-end close process.
Internal Audit – Board of Directors Orientation Report
This document provides a board level overview of internal audit and internal controls. It can be used as an orientation guide for board members to a company’s internal audit department.
Internal Audit – Audit Committee Report
This presentation provides attractive examples of content that can be included within an internal audit report to the auditcommittee. It includes examples of audit planning calendars, dashboard summaries of audit activities and findings, budget and benchmarking material, and ways to present the audit organization and qualifications to the committee.
Internal Audit Plan – Presentation to the Audit Committee
This sample presentation describes the activities to be completed during the first two years of an internal audit plan for a start-up audit function based on a previous risk assessment.
Internal Audit Plan Status – Report to the Audit Committee
This sample internal audit report to the audit committee presents a logical, easy-to-follow summary of completed, in-progress and scheduled audit projects.
Internal Audit Risk Assessment – Audit Committee Report
This sample audit report summarizes internal audit risk assessment results to the audit committee. Report topics include: risk assessment approach, risk model, risk map update, top risks, proposed internal audits, audit universe coverage, distribution of internal audit efforts, and internal audit and Sarbanes-Oxley budgets.
Internal Audit Risk Assessment and Proposed Internal Audit Plan
Internal Audit can use this document as a template for developing an annual audit plan from a risk assessment.
Internal Audit Risk Assessment Report
This 18-page report provides management with information about the condition of risks faced by a company.
Internal Audit Site Review – Audit Report
This sample audit report summarizes an internal audit review of a remote site location. It includes internal audit objectives, an executive summary, the audit work performed, risk based prioritization, process maps of audit areas, CAAT testing, and a best practices benchmarking study.
Internal Audit Site Review Report – Energy Industry
The purpose of this audit report is to document the results from a site review at an organization within the energy industry.
IPO Organizational Meeting Report
This document outlines key discussion topics and a timeline for an IPO organizational meeting.
IS Resource Management Internal Audit Review Report
This sample report focuses on how a company prioritizes information systems (IS) projects and manages IS resources.
ISO 27001 Information Security Assessment Report
This audit report focuses on a project baselining an organization’s information security practices, with the purpose of identifying opportunities to advance the information security function.
IT Governance Review Report
The Institute of Internal Auditors (IIA) Standards identify IT governance as a key area that should be regularly reviewed by the internal audit function. Objectives of this sample IT governance report include gaining a high-level understanding of the organization's IT governance processes and providing management with a benchmark against which to determine and pursue improved IT governance performance.
IT Organizational Assessment Report
This report focuses on assessing and improving IT processes. It provides an overview of methodology, business value drivers, recommendations and an improvement roadmap.
IT Organizational Planning Report
This sample report focuses on business strategy, anticipated growth, expected international expansion and present options to design a future-state IT organization and governance structure.
IT Risk Assessment Audit Report
The purpose of this sample report is to help management understand the technology risks impacting an organization, prioritize the technology risk areas, and develop a three-year IT audit plan.
IT Risks and Controls Review Report
The objective of this audit report is to reduce the volume of controls across applications, infrastructure and IT processes in order to improve consistency and focus on key risks.
IT Strategy Gap Assessment Report
Strategic alignment between business goals and drivers, and IT goals and initiatives is a critical area for most organizations. This report focuses on the gap assessment results of a company’s IT strategic plan.
Licensing Process Assessment Report
This report outlines assessment of the third-party licensing process, identifying risk areas that could lead to potential inaccuracies in the reporting of licensing obligations.
Payroll Review Audit Report
This audit report focuses on the payroll process and related functions. It documents the following: project executive summary; objectives, scope and approach; observations and improvement plans; and work performed.
Personal Identifiable Information Privacy Controls Review – Audit Report
This is an example internal audit report focusing on company procedures for handling personal identifiable information. The report includes an executive summary, objectives, detailed findings, recommendations and follow-up notes.
PMO Initiative Report
This report outlines a plan for reviewing the expectations and process of a project management office program within an organization.
Pre-Audit Readiness Report
This report focuses on an organization's pre-audit readiness and includes project scope, pre-audit key findings and a pre-audit assessment.
Pre-Year 1 SOX Roadmap – Audit Report
This report serves as a template for organizations to use when documenting business and IT processes for eventual Sarbanes-Oxley (SOX) compliance.
Privacy and Data Sensitivity Audit Report
This audit report focuses on the process to ensure effective controls are in place for handling sensitive data.
Privacy Compliance Program Review – Audit Report
This sample report focuses on the state of privacy compliance at a financial institution. The review addresses compliance with the Gramm-Leach-Bliley Act (GLB), and uses a capability maturity continuum and gap analysis to illustrate the status of compliance.
Product Safety Audit Report
This audit report provides a detailed description of a review of a company's product safety processes, including significant observations and recommendations.
Purchase-to-Payment Process Assessment
This report focuses on establishing an efficient and streamlined purchase-to-payment process, as well as utilizing strategic sourcing, providing added value through decreased operational costs, and effective supplier management.
Quality Assurance Review Implementation Report
This report provides an example of how to present recommendations and action plans to management upon completion of a Quality Assurance Review (QAR).
Quality Assurance Review Plan Report
This audit report outlines the approach followed to establish a quality assurance function, which includes evaluating the organization’s risks.
Quarterly Compliance Assessment – Audit Report
The purpose of this report is to document internal audit’s quarterly assessment of compliance policies and procedures and the validation of the operational effectiveness of key activities and controls within those policies and procedures.
Real Estate Services Agreement Review
The sample report discusses procedures for an audit of a real estate services agreement. The purpose of this audit was to identify and recover: cash due to contractually unallowable items; miscalculated payments; duplicate payments; overpayments; billing errors; and non-conformance to contractual terms.
Rebates Process Audit Report
This audit report evaluates current processes in place to calculate and record rebate information sent by distributors. The internal audit team also assessed the overall maturity of the business process with respect to six essential elements of infrastructure using a capability maturity model. The report highlights both “where the company is at present” and “what the future state of each process may look like” in a more mature state.
Risk Assessment Results – Audit Committee Report
This sample report to the audit committee primarily focuses on the audit risk assessment process and results and the internal audit planning process and timing.
Risk Assessment Audit Report
This report template provides the results of a risk assessment conducted by internal audit. Topics covered include: risk assessment methodology, risk assessment process, risk model, risk prioritization and risk map.
Sales Compensation Review
This audit report summarizes a review of the sales compensation area. It includes an executive summary, background statistics, benchmarking data and recommendations.
Sales Order Cycle Review – Audit Report
This sample sales order cycle review audit report outlines the quote-to-invoice process, contract operations and maintenance, accuracy and integrity of data captured in the order management system, as well as the quote-to-invoice cycle time.
SAP Change Management Review – Internal Audit Report
This internal audit report provides a detailed analysis of a company’s SAP change management process based on the Software Engineering Institute Capability Maturity Model.
Sarbanes-Oxley Section 404 Process Prioritization Report
This document outlines the steps used by management in assessing the criticality of business processes, which is important in setting the scope for the internal control over financial reporting assessments. This includes prioritizing financial reporting elements, defining processes, linking processes to financial elements, and prioritizing processes.
Sarbanes-Oxley Year-End Audit Committee Report
This report to the audit committee focuses on the progress of the Sarbanes-Oxley Section 404 program.
Security Assessment Report
This sample audit report discusses the key observations and recommendations of an enterprise security assessment for an organization’s external and internal IT infrastructure.
Security Policy and Procedure Evaluation – Controls and Responsibilities - Sample
This sample report records the result of an evaluation of security policies and procedures. It illustrates security policy issues and leading practices regarding controls and responsibilities that could be incorporated into a review, and provides a useful format for reporting the results.
Security Policy and Procedure Evaluation – Data Security
This report records the results of an evaluation of data security policies and procedures. This report format that can be used to communicate the status of company policies, and also to present recommendations for policy changes to management, including details of specific policy and procedure findings and gaps.
Security Policy and Procedure Evaluation – Software
This report format can be used to communicate the status of company software security policies and presents recommendations for policy changes and policy issues to management.
Security Policy and Procedure Evaluation Report – Administrative Personnel
This report records the result of an evaluation of security policies and procedures. The sample illustrates administrative and personnel security policy issues and leading practices to incorporate into a review and provides a useful format for reporting the results.
Security Policy and Procedure Evaluation Report: Application Development and Change Control
This audit report records the result of an evaluation of application development and change control security policies and procedures.
Security Policy and Procedure Evaluation Report: Communications
This report records the result of a security policies and procedures evaluation. The sample illustrates communications security policy issues and practices and provides a useful format for reporting the results.
Segregation of Duties Review Report
This 23-page sample report focuses on a project's final deliverables, including a project overview, remediation roadmap, rollout plan and lessons-learned document.
Self-Assessment on Internal Controls Report
This report focuses on a self-assessment initiative, evaluating the effectiveness of the design of internal controls for a company’s operations and budget process. It describes the approach, the results, and the recommendations that resulted from the initiative.
Software Company Internal Audit Plan
This sample audit plan presentation to the audit committee of a software company focuses on the audit risk assessment process and results, the internal audit planning process and timing, and the business self-assessment processes and results.
Special Accounts Staffing Process Assessment Report
This sample report assesses the staffing model created by human resources for special accounts.
Stock Option Measurement/Grant Date Review – Sample Internal Audit Report
The key objective of this sample audit report is to compare the date used by a company for accounting purposes (the date of record) to the date at which all requisite granting, approval and notification activities occur (the measurement date).
Stock Options Audit Report
This report focuses on internal audit’s review of stock option activities and processes, and the adequacy of controls.
Strategic and Operational Process Review Report
This audit report summarizes a strategic and operational review of a company’s business environment and production processes.
Tax Compliance Process Report
This document reviews the business processes related to the tax compliance process, identifies manual and system-based controls, and documents issues and weaknesses.
Team Member Resources Audit Report
This audit report discusses the resources allocated to an organization by level of team member, including components such as timekeeping, team member files, hiring process, and action items to improve each component reviewed.
Technology Change Management Audit Report
This report discusses the results of a technology change management (TCM) process audit. The document offers insight into of the company’s TCM practices and strategies, and identifies strengths and improvement opportunities.
Temporary Labor Service Contract Review
Identifying potential contractors and subcontracting with other agencies to satisfy resource needs is a common business practice. This sample review focuses on the temporary labor process.
Treasury Infrastructure Project Report
This report focuses on an organization's treasury process infrastructure, including payment authorization and release, cash flow forecasting, and related controls.
Warranty/Field Services Review – Audit Report
This is an example internal audit report focused on the warranty/field-services process. It highlights activities related to billing, customer inquiries, and contract negotiation.