Observation
Definition
A noted issue or improvement opportunity that does not constitute a formal finding because it lacks sufficient evidence or does not violate a specific control requirement. Observations appear in the appendix or a separate section and do not carry the same remediation weight as findings.
Related terms
- Executive summary
- The opening section of an audit report written for non-technical leadership. It states the audit scope, overall posture, the most material findings...
- Finding
- A discrete, evidence-backed statement that a specific control is absent, misconfigured, or insufficient. Each finding contains an issue statement, evidence, risk rating,...
- Management response
- The audited organisation's formal reply to each finding, included in the report. It states whether the recommendation is accepted, rejected, or accepted...
- Nonconformity
- The ISO 27001 term for a finding that represents a failure to meet a requirement of the standard or the organisation's own...
- Risk rating
- A classification of a finding's severity, typically Critical, High, Medium, Low, or Informational, derived from a likelihood-by-impact matrix. The rating determines remediation...
Explained in
- Audit Report Structure and Communicating FindingsA noted issue or improvement opportunity that does not constitute a formal finding because it lacks sufficient evidence or does not violate a specific control...