Format for Reporting Internal Audit Findings

GOOD AUDITING PRACTICE (cGAP)
1

The convention for reporting internal audit findings (non-conformity/non-conformance) is (in general terms) the following: -

  • The source of the audit criteria (i.e. the quality manual, procedure # etc.)

  • The audit criteria requirement (i.e the statement of requirement from the above).

  • The source of the audit evidence (where the non-conformance was observed).

  • The audit evidence (what indicated the non-conformance)

Having said all that, does anyone use a different approach? - I’m not looking for a slight variation on the same theme - but an audit report which has a different method of conveying audit issues.

Thanks!

2

:slight_smile:

The approach if fine. I always try to add something to the pobservation in order to clarify ‘why the observation is a problem’. What is the potential risk if the company does not address this issue… This increases the commitment from the auditee and their management to solve the issue.

3

Here’s the structure of audit finding content widely used within the GxP industry

  • Condition: What non-conformance was observed, where was it observed and the frequency of the non-conformance?

  • Criterion: What should it have been (reference point), what is the standard from which the above has deviated?

  • Cause: What was the source/root cause of the non-conformance

  • Result: What is the impact of the non-conformance

  • Recommendation: Guidance as to what the compliant status should look like