Internal Audit Report Template — Findings, Recommendations, Management Response

The deliverable issued at the close of an internal-audit engagement — executive summary, scope and methodology, findings by severity, recommendations, management responses, and the auditor's opinion. Designed for Audit Committee circulation.

Free · ICAI AASB (June 2023)

Updated 28 May 2026

Standards

ICAI SIA, IIA Standards

Addressed to

Audit Committee / Board

Frequency

Per engagement / quarterly summary

Signed by

Engagement partner / Head of Internal Audit

Your firm — letterhead

Appears at the top of the document as the audit firm letterhead.

Audit firm name

Audit firm address

Used as the letterhead block.

Engagement partner

ICAI membership no.

Firm registration no.(optional)

Engagement details

The client and period this document is for.

Entity name

Audit period

Functional area / process covered(optional)

Report addressed to

Date of report

Live preview

7 required fields left to fill

Internal Audit Report Template — Findings, Recommendations, Management Response

29 May 2026

INTERNAL AUDIT REPORT

Entity: {{client_name}}

Audit period: {{audit_period}}

Functional area / process: {{functional_area}}

Report addressed to: {{reporting_to}}

Date of report: 29 May 2026

1. Executive Summary

This report presents the results of the internal audit conducted in respect of the {{functional_area}} area of {{client_name}} for the period {{audit_period}}. The audit was performed in accordance with the Standards on Internal Audit (SIA) issued by the Institute of Chartered Accountants of India and the Internal Audit Charter approved by the Audit Committee.

Overall, the systems and controls in the audited area were found to be [Adequate / Adequate with exceptions / Requiring improvement]. The detailed findings, ranked by severity, are set out in Section 4 below. Management agreed to corrective actions for all findings raised; targeted closure dates appear against each.

2. Scope and Objectives

The internal audit scope covered the following:

Review of the policies, procedures and controls applicable to the audited area
Testing of the design and operating effectiveness of key controls during the audit period
Verification of compliance with applicable laws, regulations, accounting standards and internal policies
Identification of process inefficiencies, control gaps and risk exposures
Recommendations for improvement and remediation

The scope did not include verification of the financial statements, which is the responsibility of the statutory auditor.

3. Methodology

The audit was carried out applying a risk-based approach. The methodology included:

Walkthroughs of key processes with process owners
Review of process documentation, policies and procedures
Test of controls — design and operating effectiveness on a sample basis
Substantive testing of transactions where indicated by control test results
Data analytics on full populations where data was available
Interviews with management and process operators
Review of system access, segregation of duties and IT general controls supporting the process

Sample sizes and testing thresholds were determined considering the population size, risk assessment, and prior audit findings.

4. Findings and Observations

Findings are classified by severity as follows:

High — Material control weakness requiring immediate corrective action
Medium — Significant deficiency requiring action within 60 days
Low — Process improvement opportunity

#	Finding (with risk)	Severity	Recommendation	Management Response	Target Closure
1	[Brief description of finding and the risk it creates]	[H/M/L]	[Specific recommended action]	[Management agreed / partially agreed / disagreed with rationale]	[DD-MM-YYYY]
2
3
4
5

5. Status of Previous Audit Findings

#	Prior finding	Status	Auditor remarks
1	[Carry-over from previous internal audit report]	[Closed / In progress / Open]
2

6. Auditor's Opinion

Based on the work performed and the findings set out above, in our opinion the systems and controls in the {{functional_area}} area of {{client_name}}, taken as a whole, [were operating effectively during the audit period / were operating effectively, subject to the matters reported above / were operating with significant weaknesses as reported above].

This report is intended solely for the use of the Audit Committee and management of {{client_name}} and should not be relied upon by any third party.

For {{firm_name}}

Chartered Accountants — Internal Auditors

Firm Registration No.: {{firm_registration_no}}

_______________________________

Partner / Engagement Lead

Membership No.: {{icai_membership_no}}

UDIN: ____________________

Place: ____________________

Date: 29 May 2026

Free · Email required once · Firm data stays in your browser

What’s inside

An excerpt from the template.

INTERNAL AUDIT REPORT

Functional area / process: ___

1. Executive Summary

This report presents the results of the internal audit conducted in respect of the ___ area of ___ for the period ___. The audit was performed in accordance with the Standards on Internal Audit (SIA) issued by the Institute of Chartered Accountants of India and the Internal Audit Charter approved by the Audit Committee.

↑ Excerpt only — the full template is what you download as Word

About this template

What you’re downloading, and when to use it.

This template follows the format published by the Institute of Chartered Accountants of India (ICAI) in the AASB Audit Working Paper Templates (June 2023), the authoritative reference for Indian statutory-audit documentation. Fill in your firm’s letterhead and the engagement details on the form above, click Download Word file, and you’ll get a fully formatted .docx ready to use.

Everything is generated in your browser and on a stateless API endpoint — no account, no email gate, nothing stored. Edit freely in Word, Google Docs or Pages before sending to your client.

Common questions

FAQs.

How is an internal audit report different from a statutory audit report?

A statutory audit report (under Section 143) provides an opinion on whether the financial statements give a true and fair view, and is governed by SAs. An internal audit report assesses governance, risk management, and internal controls — covering operations, compliance, and process effectiveness in addition to financial controls. The internal audit report is for management and the Audit Committee, not for shareholders.

What severity grading is standard for internal audit findings?

Most firms use three or four levels. A typical three-level scheme: High (material control weakness requiring immediate action), Medium (significant deficiency requiring action within 60 days), Low (process improvement opportunity). Some firms add a fourth "Critical" level for findings that could prevent achievement of strategic objectives.

Must management respond in writing to internal audit findings?

Yes. Management response is a required component of every internal audit finding under IIA Standard 2410.A1 and ICAI SIA 350. The response should indicate agreement / disagreement / partial agreement, the corrective action proposed, the responsible owner, and the target closure date. Follow-up on closure is the internal auditor's responsibility.

Related templates

You might also need.

Internal Audit Charter Template — Section 138 / IIA / SIA

Free Internal Audit Charter template for Indian companies under Section 138 of the Companies Act 2013. IIA / I

Engagement Quality Control Review (EQCR) Process — ICAI Audit Working Paper

Free engagement quality control review (eqcr) process audit working paper template (ICAI, Chapter 6). Generate

CARO 2020 Checklist — Companies (Auditor's Report) Order

Free CARO 2020 clause-by-clause checklist for statutory audits in India. Covers all 21 reporting clauses. ICAI