Reporting your audit

Writing audit reports is valued output of Audit's work. But it's also complex and time-intensive. Reporting audit discoveries to different stakeholders requires different levels of detail to meet the expectations of multiple audiences. In this article, we discuss how to report your audit using the Issue Tracker, Projects, and Reports apps.

This article builds on the examples illustrated in Executing your audit and Monitoring and communicating results.

What information is contained in an audit report?

Audit reports typically include:

  • an overall assurance rating
  • individual recommendations and their rationale
  • a statement of the risk that has been identified

Where do I report an audit?

You can report your audit using the Issue Tracker, Projects, and Reports apps.

The big picture

  • In the Issue Tracker app, you can build custom issue reports, and export reports to share data with the relevant stakeholders.
  • In the Projects app, you can conclude and archive the audit to preserve it, or re-use configured settings at a later date.
  • In the Reports app, you can create custom reports from scratch or copy and modify report templates, and broadcast or export reports to share data with specified recipients.

Steps

Ready for a tour?

Let's take a closer look at these features in context.

1. Conclude the project and generate reports

Concluding a project involves determining an overall rating, documenting additional remarks or management recommendations, and attaching files and concluding memos to support workpapers. After concluding a project, you can download your final audit report and generate custom issue reports, as needed.

Example

Scenario

You are a staff auditor, and you have recently completed your audit. All the work has been reviewed and signed-off, so you're ready to conclude the audit and generate a final report of all the issues.

Process

Help topics

First, you navigate to the Results tab, provide a rating for the audit, and include a rationale for the rating. Then, from the Issues tab, you download your final audit report.

Finally, from Issue Tracker, you create a custom issues report to send to the Health and Safety Committee.

Result

You have concluded the audit and generated the required reports.

2. Archive the project

Audits are typically archived at two key points: once the settings of a project have been finalized (for reuse as a template) or when the project is complete. When you archive a project, it is removed from the list of active audits you can work with in Projects and is stored in the Project Library as a read-only project.

Example

Scenario

You have concluded your audit and generated all of the necessary reports. Now, you want to ensure that all of your audit work is maintained in a location that is separate from other active audits.

Process

Help topic Archiving and unarchiving projects

Within the project settings, you archive the audit.

Result

The audit is archived and moved to the Project Library.

3. Create a custom report

The Reports app provides the capability to create comprehensive reports. You can share reports online via email, export reports in a variety of formats, or broadcast reports on a recurring basis to specified recipients. Multiple broadcast schedules can be set up for a single report, which allows you to target different audiences, if required.

Tip

Use dashboards to display multiple reports on a single page. A typical dashboard is designed with high level reports, with the ability to drill down to more detail, when required.

Define report fields

You can use Views in the Reports app to define report data. A View is a component that defines the categories and fields from Diligent One that you can use to build a report. Fields are specific columns of data and categories are logical groupings of fields within a View.

Example

Scenario

Your manager appreciated the final report you produced from Projects, but now he wants a more sophisticated and detailed report of all issues by objective. The report needs to include:

  • a count of how many issues there are per objective
  • an aggregated issue severity rating per objective

Internally, Vandelay Industries scores issue severity using a basic scale (High = 3, Medium = 2, and Low = 1). Your manager wants you to use this scale to calculate the overall issue severity rating for each objective. He also wants to be able to filter by audit so that he can see at a glance where the most concerning areas are for each audit, and drill into individual issue details.

Process

Help topic Create a new report

First, you create your report using the Issues View, and include the following fields in your report:

  • Objective Name
  • Objective URL
  • Objective SYS ID
  • Issue SYS ID

Then, you format the Objective URL field so that it is more descriptive and displays the text "Link to URL".

Result

The report fields are defined:

Apply aggregation functions and build computed fields

You can apply aggregation functions to report data to summarize fields. You can also use calculated fields to display the result of a calculation, substitute text values for numeric values, or evaluate one or more conditions and determine the value of a field based on the result.

Example

Scenario

So far, your report includes basic information about the objectives and issues. Using this information, you want to build aggregations and computed fields.

Process

Help topics

To count the number of issues per objective, you apply an aggregation function on the Issue SYS ID field, and format the title to display "Issue Count" – which more accurately reflects the contents of the aggregated field.

You then create a Severity_rating computed field, add your newly created calculated field to the report, and use an aggregation function to sum up the total severity ratings per objective.

Finally, to define the data that is displayed in the report, you include the Project Name filter.

Result

From the Design tab, you review your report, and apply the Latex Facility Security Review project filter:

Add drill-through capabilities to your report

Drill Through reports allow report readers to follow a specific drill path defined by the report writer. You can create a Drill Through report to allow report readers to move from general to more detailed reports.

Example

Scenario

Your manager is impressed with your report so far, but needs to know which issues make up the issue count and severity rating.

Process

Help topic Creating Drill Through reports

You create another report (an issue details report), and define a drill path from the first report you created. You save and activate both reports, and set up a broadcast schedule to share the information with your manager on a recurring basis.

Result

Your manager is able to view summary level issues data by viewing the master report. Detailed issues data is available by clicking the issue count hyperlink, which leads to the child report:

What's next? 

Enroll in an Academy course

Continue to build your knowledge on the concepts introduced in this article by taking the REPT 100 learning path.

Academy is Diligent's online training resource center. Academy courses are included at no extra cost for any user with a Diligent One subscription. For more information, see Academy.