Findings
Findings (also called observations) document issues discovered during audit testing. They are the primary output of an audit engagement and drive remediation actions.
Creating a finding
Findings can be created in two ways:
- Escalation from an exception — When a test failure is significant, escalate it to a finding from the testing sheet
- Manual creation — Add a finding directly from the Findings section
The 5 C's framework
Each finding is structured using the 5 C's:
| Element | Description | Example |
|---|---|---|
| Condition | What you found | "15 of 25 sampled expense reports lacked manager approval" |
| Criteria | What should be | "Policy requires manager approval for all expenses over $500" |
| Cause | Why it happened | "The approval workflow allows submission without sign-off" |
| Consequence | What's the impact | "Unauthorized expenses may be processed without oversight" |
| Corrective Action | Recommended fix | "Implement a system control requiring approval before payment" |
Finding severity
| Level | Description |
|---|---|
| Critical | Immediate action required — significant risk to the organization |
| High | Prompt attention needed — material control weakness |
| Medium | Should be addressed — moderate risk |
| Low | Minor improvement opportunity |
Finding source
Findings are classified by source:
- Internal — Identified by the audit team during this engagement
- External — Imported from regulatory examinations, external auditors, or other sources
Management response
For each finding, management provides:
- Response — Agreement or disagreement with the finding
- Action plan — Specific steps to remediate
- Responsible person — Who owns the remediation
- Due date — Target completion date
Viewing findings across engagements
Navigate to Findings in the sidebar to see all findings across your organization, with filters for:
- Severity
- Status
- Engagement
- Date range
What's next
- Action Tracker — Track remediation progress