Audit Report Opinion

An audit report is an opinion on the health of the control environment. It is important to distinguish the difference between an audit report rating and opinion. While these terms are often used interchangeably, there are significant differences. For discussion, consider a report rating for an information technology (IT) infrastructure audit as the overall conclusion of an auditor and a report opinion is the level of confidence in the evidence supporting the report rating.

An unqualified or “clean” opinion is what is generally assumed when reading an internal audit report. The unqualified opinion simply means that the auditor is confident that sufficient evidence exists to support the report rating.

The key takeaway is that any time an auditor’s opinion is not unqualified, the reason must be stated as part of the executive summary. When evidence is not available to make an unqualified opinion, the auditor can choose to simply stop the audit and not issue a report or issue the report with an explanation. For example, let’s assume a major application is being released in the next 60 days and management has asked the audit to do an assessment. The auditor may have insufficient time to do a review of all the controls. Nonetheless, of the controls tested, the auditor may have sufficient evidence to issue a qualified audit opinion on the likely success of the application rollout. The qualification on the evidence available should be clearly expressed and included as part of the report rating.