Format for Reporting Internal Audit Findings

The convention for reporting internal audit findings (non-conformity/non-conformance) is (in general terms) the following: -

  • The source of the audit criteria (i.e. the quality manual, procedure # etc.)

  • The audit criteria requirement (i.e the statement of requirement from the above).

  • The source of the audit evidence (where the non-conformance was observed).

  • The audit evidence (what indicated the non-conformance)

Having said all that, does anyone use a different approach? - I’m not looking for a slight variation on the same theme - but an audit report which has a different method of conveying audit issues.



The approach if fine. I always try to add something to the pobservation in order to clarify ‘why the observation is a problem’. What is the potential risk if the company does not address this issue… This increases the commitment from the auditee and their management to solve the issue.

Here’s the structure of audit finding content widely used within the GxP industry

  • Condition: What non-conformance was observed, where was it observed and the frequency of the non-conformance?

  • Criterion: What should it have been (reference point), what is the standard from which the above has deviated?

  • Cause: What was the source/root cause of the non-conformance

  • Result: What is the impact of the non-conformance

  • Recommendation: Guidance as to what the compliant status should look like