Executive summary
Definition
The opening section of an audit report written for non-technical leadership. It states the audit scope, overall posture, the most material findings in plain language, and the required actions. It must be self-contained: a reader who reads only the summary should understand the key risks and what must be done.
Related terms
- Finding
- A discrete, evidence-backed statement that a specific control is absent, misconfigured, or insufficient. Each finding contains an issue statement, evidence, risk rating,...
- Management response
- The audited organisation's formal reply to each finding, included in the report. It states whether the recommendation is accepted, rejected, or accepted...
- Nonconformity
- The ISO 27001 term for a finding that represents a failure to meet a requirement of the standard or the organisation's own...
- Observation
- A noted issue or improvement opportunity that does not constitute a formal finding because it lacks sufficient evidence or does not violate...
- Risk rating
- A classification of a finding's severity, typically Critical, High, Medium, Low, or Informational, derived from a likelihood-by-impact matrix. The rating determines remediation...
Explained in
- Audit Report Structure and Communicating FindingsThe opening section of an audit report written for non-technical leadership. It states the audit scope, overall posture, the most material findings in plain la...