We Need Fair and Balanced Audit Reports

Internal auditors face a paradox: delivering technically correct findings while ensuring those findings convey a full, unbiased narrative. The recent commentary by Norman Marks illustrates this tension through a real‑world IT audit that identified security gaps but omitted the organization’s ongoing remediation efforts and resource limitations. By presenting only the deficiencies, the report risked misleading senior leadership and the board, despite its factual accuracy. This example underscores why audit standards, particularly the Institute of Internal Auditors’ Standard 11.2, stress not just accuracy but also objectivity and balance in communication.

The practical impact of a one‑sided audit is profound. Boards rely on audit reports to gauge risk exposure and allocate resources; a report that excludes progress can inflate perceived risk, prompting unnecessary remediation spending or eroding confidence in management. Conversely, incorporating both achievements and challenges offers a nuanced view that supports strategic decision‑making and fosters trust. Auditors who embed contextual information—such as completed initiatives, resource constraints, and timelines—provide stakeholders with a realistic risk landscape, enabling more effective governance.

Adopting a fair‑balanced approach also reinforces auditor independence. Transparency about successes does not compromise objectivity; instead, it demonstrates a comprehensive assessment of the control environment. Organizations should embed this mindset into audit methodologies, ensuring that management responses supplement rather than compensate for incomplete reporting. By aligning practice with IIA standards, firms enhance audit credibility, improve risk communication, and ultimately strengthen their overall control framework.