内部审计报告不要说的10件事.doc

10 Things Not to Say in an Internal Audit Report1. Dont say, Management should consider . . .Audit reports should offer solid recommendations for specific actions. When our recommendation is merely toconsidersomething, even the most urgent call to action can become nebulous. No auditor wants a management response that says merely, Okay, well consider it.2. Dont use weasel words.Its tempting to hedge our words with phrases such as it seems that or our impression is, or there appears to be. It may feel safer to avoid being specific, but when you have too many hedges, particularly in the same sentence, theres a danger that you are not presenting well-supported facts. Report readers need to know they can rely on our facts, and overuse of weasel words can make solid recommendations sound a little too much like hunches.3. Use intensifiers sparingly.Because they can add emphasis, words such as clearly, special, well, or very might seem to be the opposite of weasel words. In actuality, these intensifiers are so nonspecific that they can be another type of weaseling. Intensifiers raise questions such as significant compared with what? and clearly according to whose criteria? If you use intensifiers freely, two readers of the same report may be left with very different impressions: Numbers such as 23 percent or $3 billion tell a story, but just what does very large mean?4. The problem is rarely universal.Its good to be specific, but theres a danger in words such as everything, nothing, never, or always. You always and you never can be fighting words that can distract readers into looking for exceptions to the rule rather than examining the real issue. Its safe to say you tested 10 transactions and none was approved less safe to say transactions are never approved.5. Avoid the blame game.The purpose of internal audit reports is to bring about positive change, not to assign blame. Were more likely to achieve buy-in when our reports come across as neutral rather than confrontational. The goal is to get to the root cause rather than to call out the name of the guilty party. Its fine for a report to identify the party responsible for taking action on a recommendation not so fine to say, It was Freds fault.6. Dont say management failed.Making statements such as management failed to implement adequate controls will invariably annoy those to whom we are looking to implement corrective actions. Simply stating the condition without assigning blame through words like fail is much more likely to result in the needed corrective actions and help preserve our relationship with management for the next time we conduct an audit of their area.7. Auditee is old-school.A few years back, people undergoing an audit were most often referred to as auditees. Today, many experts believe that the phrase has negative connotations and that auditee implies someone who has something done to them by an auditor. Internal audit has become a collaborative process, and terms such as audit client and audit customer indicate that we are working with management, not working on them8. Avoid unnecessary technical jargon.Every profession needs a certain amount of technical jargon, but the more we can avoid audit-speak, the more we can be sure that the message is clear. If you use more than one phrase such as transactional controls, stratified sampling methodology, or asynchronous transfer mode on a single page of an audit report, dont be surprised when some of your readers check out without reading to the end of the report.9. Avoid taking all the credit.It is tempting in audit reports to use phrases such as internal audit found or we found. Management will often bristle that you are taking credit for identifying something that wasnt all that well-concealed. It comes off like you threw them under the bus, and then backed over them.10. If it sounds impressive, you probably need a rewrite.Work to get readers to remember your recommendations and take action not to impress with pompous words or bloated phrases. Avoiding jargon is only the beginning: Try substituting by for by means of, now for at the present time, and so for so as to, for example.参考版译文内部审计报告不要说的10件事1.不要说“管理层应该考虑”审计报告应该为具体行动提供可靠的建议。如果审计建议仅仅是去考虑一些事（而不是要求对方具体如何去做），即使是最紧急的行动呼吁也会显得很模糊。审计人员也绝对不会想要得到管理层的回应，只是说：“好的，我们会考虑一下。”2.不要使用含糊其辞的表述用诸如“似乎是”、“我们印象中是”或“这看起来像”等短语来避免对一些问题做出正面回答，这对内审人员来说是很诱人的。避免明确的意见表述可能会更安全，但当你使用太多这样的表述，尤其在同一句话中，就会存在一个风险，别人可能认为你没有提供较高质量的支持性证据。报告使用者需要知道他们可以依赖我们描述的情况，而过度使用含糊的表述会使可靠的建议听起来像预测或猜测。3.慎用强调性词汇审计师可以在报告中增加强调性词汇。“很显然”，“特别”，“好”或“非常”这样的词似乎就与上述含糊其辞的表述相反。实际上，这些增强性词汇由于太普遍了而事实上成为另一种类型的“含糊其辞”。强调性词汇会产生一些问题，比如说“显著”时，人家会想，与什么相比显著；说“很显然”时，根据谁的标准来比较很显然。如果你随意使用这类强调词，那么两位不同的读者在阅读同一份报告后可能会产生截然不同的印象：像23或30亿美元的数字性描述，他们可以从中了解一些趋势或规模之类的现状，但如果报告中出现了“非常大”之类的词汇，他们就不知道到底意味着什么？4.审计发现的问题几乎不会一模一样使用明确的表达是好事，但如果使用了“所有”，“没有”，“从不”或“永远”等词汇，则存在一定的风险。如果报告中出现“你总是”和“你从来没有”等表述，读者可能会将注意力转到寻找表述涉及的例外情况中去，而不是把注意力放在事实问题本身。比较安全的做法是在报告中说明“我们测试了10笔交易，没有一笔是经过批准的”，而不是说“交易从来不经批准”。5.不要玩咎责游戏出具内部审计报告的目的是为被审计单位带来积极的流程或运营改进，而不是去指归咎责任。如果审计报告在表述上是中立的而非带有对抗性意味，那我们更有可能实现双赢。内部审计人员工作的目标是找出被审计单位问题的根源，而不是指出“有罪责”一方的名字。在审计建议中指明应当为改进管理而采取措施的责任方是适当的，但指名道姓地说“这是某某人的错”就不太好了。6.不要说“管理失败”。如果我们正欲管理层采取纠正措施，但却在报告中作出诸如“管理层未能实施有效控制”的陈述，则很容易惹怒管理层。单纯地说明管理现状，避免使用诸如“失败”这样的词来追究管理层的责任，这样更有可能使管理层乐于采取纠正措施，同时有助于保持我们与管理层的关系，以便下次我们对其所涉及的领域开展审计工作。7.“被审计者”是老旧的表述几年前，被审计的人最常被称为“被审计者”。现在，很多专家认为这样的称谓带有负面含义，“被审计者”指被审计员执行了审计程序的人，是做了什么坏事而使得审计师对他们展开审查的人。企业内部审计流程已经成为一个合作性的过程，“审计客户”和“审计顾客”等术语表明我们正在与管理层合作，而不是针对管理层本身执行审计工作。8.避免不必要的专业术语每个行业都其特定的专业术语，但是我们越少使用审计行话，我们越能确定自己传递出的信息是清晰的。如果在审计报告的一页中使用多个专业术语，比如“交易控制”、“分层抽样方法”或者“异步传输模式”时，读者没看到审计报告结尾就不看了是很正常的事。9.不要将功劳全数揽到自己身