Internal Audit Report Template

What is an Internal Audit Report?

An internal audit report is a formal document that summarises the findings, conclusions and recommendations arising from an internal audit. It serves as the primary record of what was audited, what was found and what actions are needed to address any issues.

For organisations certified to ISO 9001, ISO 14001 or ISO 45001, the audit report demonstrates to both senior management and external certification bodies that internal audits are being planned, conducted and followed up effectively. A well-written report transforms raw audit observations into actionable intelligence that drives genuine improvement across the management system.

Report Structure

A comprehensive audit report follows a logical structure that guides the reader from the overall context through to specific findings and required actions. Each section plays a distinct role:

Cover Page

The cover page establishes the identity of the audit. It includes the audit reference number, date of the audit, the scope being assessed, the audit team members and their roles, and the auditee's department or process owner. This ensures traceability and makes it easy to locate specific reports during surveillance or re-certification audits.

Executive Summary

The executive summary provides a high-level overview for senior management who may not read the full report. It states the overall audit conclusion (e.g. the system is effective with minor issues, or significant gaps were identified), the total number of findings broken down by category (major nonconformities, minor nonconformities, opportunities for improvement) and any areas of notable good practice.

Audit Scope & Objectives

This section defines the boundaries of the audit. It specifies which processes, departments, locations and standard clauses were included. Clear scope definition prevents misunderstandings about what was and was not assessed, and ensures the audit programme covers the entire management system over time.

Audit Methodology

Describe the approach taken during the audit, including the sampling methods used, the types of evidence collected (interviews, document reviews, direct observation, records inspection) and any limitations encountered. This gives the reader confidence in the rigour and objectivity of the audit process.

Detailed Findings

The core of the report. Each finding should include a clear description of the nonconformity or observation, the specific clause reference from ISO 9001, ISO 14001 or ISO 45001, the objective evidence that supports the finding, and a risk assessment indicating the potential impact if left unaddressed. Findings should be numbered for easy reference and tracking through the corrective action process.

Positive Observations

Documenting good practices found during the audit is just as important as recording problems. Positive observations recognise effective implementation, motivate teams and can be shared as examples of best practice across the organisation.

Corrective Action Requirements

For each nonconformity, the report should outline the required corrective action, the responsible person, the agreed completion date and the planned method of verification. This section forms the basis of the follow-up process and ensures accountability. Record nonconformities using our NCR forms.

Conclusion & Recommendations

The conclusion summarises the overall effectiveness of the management system based on the audit evidence. Recommendations may include suggestions for process improvements, additional training needs, or areas that should receive priority attention in future audits.

Appendices

Supporting material such as the attendance list, the audit schedule, a list of documents and records reviewed, and any photographs or supplementary evidence. Appendices keep the main report concise while ensuring all supporting detail is available.

Tips for Writing Effective Audit Reports

• Be factual, not subjective.Report what you observed, not what you think or feel. Use phrases like "it was observed that" rather than "the auditor believes".
• Reference specific clauses. Every finding should trace back to a particular requirement of the standard. This removes ambiguity and makes it clear why the finding matters.
• Include objective evidence. State exactly what you saw, which records you reviewed, who you interviewed and what they said. Evidence turns an opinion into a verifiable fact.
• Classify findings correctly. Distinguish between major nonconformities, minor nonconformities and opportunities for improvement. Incorrect classification undermines the credibility of the audit.
• Be constructive. The purpose of an audit report is to drive improvement, not to assign blame. Frame findings in a way that helps the auditee understand what needs to change and why.

What's Included