• Andrew Thornhill

How to write a clear and concise audit finding statements

In this blog you will learn how to write clear, concise and complete audit findings. Particularly statements of non-conformance or conformance.


Within the organisation that you are conducting the internal audit, you’re going to have to make yourself aware of what your audit finding categories are. You need at least one category for conformance and at least one category for non-conformance.


Most organisations have other categories as well, such as;

  • Opportunities for improvement - Not a non-conformance, just a suggestion that the team might want to consider but ultimately, they could take or leave that opportunity for improvement

  • Observations - a findings category where you are just noting that you have observed something on the day of the audit


Look at your finding categories, and how they are defined under the ISO management system standards.


The term non-conformance does have a bit of a negative connotation, but is simply defined as non-performance of one of the requirements we are auditing against.


For either a conformance or non-conformance, let’s look at how to write a statement that’s clear and concise and helps us maximise the chance that the auditees understand what the finding is.


The two critical elements that must be found in any non-conformance or conformance statement is giving reference to the requirement, and providing the evidence that demonstrates that conformance or non-conformance against that requirement.


They’re fundamental and both of those elements (the requirement and evidence) must be reflected in your conformance or non-conformance statement.

Before we dig into that too much a couple of tips;


1. Be complete but concise.

This means you need to state the requirement and you need to state supporting Evidence.

When stating these, 1 or 2 paragraphs maximum between these is enough.


If you get any further than that, such as writing two pages, the risk is the auditee will look at it and go “hang on, I’m not quite sure what we haven’t conformed with.” Or even “I’m not sure what the evidence is.”


This is particularly important with the requirements – if you have written two pages, there will be a risk that they don’t understand what they haven’t conformed with and they could go and start to take corrective action on the wrong thing.


2. Be Specific (with both the requirement and Evidence)

You need to state why exactly something is required.


A simple example:

If you have a purchasing procedure that says ‘purchase orders over $10,000 must be signed off by the general manager or above’.


You don’t just say as per purchasing procedure; you would be specific.


If that’s required by 16.1(c) of the purchasing procedure that is what you would put in there: - “As required by 16.1(c) of the purchasing procedure not all purchasing orders over $10,000 were signed off by the general manager”.


The latter half there is the tip. Use the words out of that team’s own procedure. That saves the situation where the auditee might ask “why you are making us do this?”

You can reply “No I’m not, that is what your own procedure states”.


If you are not absolutely specific, you might have a 10 – 15 page purchasing procedure, the team you have audited will pick it up and they will pick out the wrong clause and start taking corrective action on the wrong thing.


This is also a good road test for yourselves as the auditor. Particularly if you think there is potentially a non-conformance finding.


You can’t call something a non-conformance unless it is specifically required somewhere in that procedure or in the audit criteria.

I have seen auditors fall into the trap of saying “Here’s something I think they should do in their purchasing process or here’s something they can improve”, but unless it is specifically required, and you can trace back to it, then it shouldn’t be a non-conformance statement. Maybe an opportunity for improvement if you think they could do something better.

With the evidence though, again you should be very specific. What exact purchase orders demonstrate that some of them over the required $10,000 are not signed off by the authorised person?


You need to be specific and say for example “purchase order 16 and purchase order 25.”

What you don’t want to say is “the evidence is some of your purchase orders” as they might have a big drawer or a big electronic folder of hundreds of purchase orders.


Again, you don’t want them looking through them and picking out the wrong purchase order and fixing the wrong thing.


This method is complete and concise.


When they see it expressed like that, they cannot argue about the finding, clearly it is required and clearly there is evidence. There is no wiggle room to argue, it’s pretty clear it is a non-conformance.

Take the same pattern with your conformance statements.


You can reverse that as well, you can sometimes start with evidence “Purchase orders 16 and 25 were sighted, over $10,000 not signed off by the General Manager as required by 16.1(c) of the purchasing Procedure.”

RESOURCE:

Download the ‘Internal Audit Training – Simple’ Document template from our Resources Page under the training section at the bottom of the page.


OTHER AUDITING BLOGS:

Do you need an audit plan? (and how to create one)

How to gather OBJECTIVE audit evidence

How MUCH audit evidence is enough to draw a factual finding?

What you can do if the auditee is uncomfortable with the audit process

  • LinkedIn Social Icon
  • YouTube