3To rate or not to rate |
Audit reporting is one of the most crucial
elements of IA and, as such, elicits strong
opinions. Many CAEs have unwavering
commitments to their decisions to rate or
not rate audit reports based on their overall
experience and what has driven successful
communications in their organizations.
Some CAEs surveyed felt that the burden
of rating outweighs the benets, while
the majority expressed that ratings are
expected by stakeholders and give power
to IA’s results. When asked why her
organization rates audit reports, the CAE
of a large multinational company explained,
“The audit committee wants to move the
organization in the right direction, and
as the CAE, I am responsible for putting
internal audit reports into context to help
direct their attention to topics that require
attention, resources and funding support
to help our organization achieve its goals.”
She continued, “While I understand that
rating reports might create difcult
conversations with the auditee, the job
of the CAE is to deliver an independent
perspective, which sometimes includes
delivering hard messages.”
However, the CAE of a large utility has a
differing view and does not rate reports.
When asked how she communicates
audit ndings to the audit committee
without using ratings, she explained,
“By not using ratings, I can better shape
the message to the audit committee to
focus on emerging themes, resourcing
concerns or other notable activity I am
seeing across the organization. These
items may not have independently risen
to the level of being considered high
risk as a single nding or report would.”
Additionally, she commented, “Not rating
audit reports creates a collaborative
relationship focused on continuous
improvement instead of spending a
signicant amount of time debating a
rating. And at the end of the day, the
conclusion of the audit and the decision
on how it is presented to the audit
committee is the independent decision
of the IA organization.”
Most companies are
using many methods of
communication to share
audit results, including:
1. Detailed written audit
reports
2. Memos to management
3. Oral communication
4. Dashboards
Pro Con
Rating
• Clear and dened
communication to audit
committee
• Management can easily
identify which ndings are
most critical
• Potential for friction with stakeholders
• Does not provide adequate attention
to parts of the business with positive
audit ratings
• May reduce comparability
• May not provide insight into the
importance of the business activity
within the organization or levels of
risk it may pose
Not
rating
• Potential for collaboration
and forward-focus with
auditee
• Focus on areas of emerging
risk and trends that may not
rise to a signicant risk at the
individual audit level
• Difculty in quantifying results of
the audit and comparing results
between audits
• Lack of a simple and agreed-upon
communication plan to audit
committee and senior leadership
Chief audit executive point/counterpoint
Do you feel you could
adequately communicate
the results of your audit
work without a rating?
Ratings give power to
results, and are expected.
10%
view ratings are more
trouble and effort than
they are worth, and cause
friction between IA and
management
43%
said the results would not be
as powerful without a rating