This sample internal audit report includes a status update to be presented to the audit committee.
The primary objectives of the review are to identify enterprise risk planning (ERP) control changes resulting from the company’s tech implementation; perform a crosswalk of previously existing controls to current controls; and review controls to ensure fixed assets are appropriately identified, recorded and included in depreciation calculations. The scope of the review includes accounts payable, materials management, fixed assets and cash management. For this review, the sample company determined that it would like to compare its existing program to an industry leading framework and chose the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). The NIST CSF comprises the following key areas: identify, protect, detect, respond and recover.