| 🏠 Back to Exam Syllabus | 📺 RooCloud on YouTube | 🌐 RooCloud Practice Exams |
Reporting & Communication Techniques
This episode of the ISACA Certified Information Systems Auditor (CISA) exam prep series covers the final and often most critical stage of an IS audit — turning findings into action. It addresses effective communication with auditees, the structure and objectives of the formal audit report, how materiality guides what gets reported, and what a robust follow-up program looks like.
What this episode covers
- Effective communication — using facilitation, negotiation, and conflict resolution to gain auditee buy-in and turn findings into agreed action.
- Exit interview — the structured close-out conversation that confirms facts, validates recommendations, and locks in implementation dates.
- Escalation sequence — discussing findings with auditee management first, then senior management, then the audit committee for sensitive issues.
- Six report objectives — from formally presenting results and providing assurance through to grounding later follow-up audits and promoting audit credibility.
- Report structure and content — introduction, findings grouped by materiality, overall control conclusion, reservations, and detailed recommendations.
- Materiality in reporting — how significance to different management levels determines what is included, what stays local, and what gets escalated.
- Audit documentation — the bridge between objectives and the final report, ownership rules, access controls, and retention policies.
- Follow-up program — confirming agreed actions were implemented, calibrating follow-up depth to the criticality of findings.
Watch the full episode above for the worked examples and detailed explanations of each concept.
Frequently Asked Questions
What are the six objectives of an audit report?
The six objectives are: formally presenting results to the auditee, serving as formal closure of the engagement, providing assurance and any needed recommendations, acting as a reference for anyone researching the topic, grounding any later follow-up audit, and promoting audit credibility through being well written and balanced.
What is the purpose of an exit interview in the audit process?
The exit interview is held once audit fieldwork wraps up and gives the auditor a structured opportunity to discuss findings with management, confirm the facts are correct and material, verify that each recommendation is practical and worth the cost, and agree on implementation dates for any corrective actions.
How does materiality guide what an auditor includes in a report?
Materiality is the key to deciding which findings to raise and at what level — the auditor judges what would be significant to each level of management and weighs the effect if no one corrects the issue. A physical access gap at a small remote site may matter locally but not be material to headquarters, while the same gap at a critical data centre would be escalated.
What must audit documentation contain, and who controls access to it?
At a minimum, audit documentation must contain the scope, objectives, and planning; a description of the area and its walk-throughs; the audit program and steps performed; the evidence gathered and use of any outside experts; and the findings, conclusions, and recommendations. Generally the auditee owns the documentation, only authorised people should access it, and any external request requires senior management and legal approval.
📚 Master the ISACA CISA Exam!
Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISACA CISA certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.
Reference: This article is based on concepts discussed in Reporting & Communication Techniques.