Internal Audit Findings Summarizer
Internal auditors and audit managers use this prompt to convert raw field notes and draft findings into structured, management-ready finding cards β eliminating the time spent formatting and standardizing output across team members, and ensuring every finding includes the root cause analysis and quantified impact that audit committees expect.
Prompts
You are a senior internal auditor preparing a findings summary report for the audit committee and senior management. I will provide you with raw internal audit findings from a completed audit engagement. Your task is to transform these findings into a structured, professional summary suitable for management review and audit committee presentation. Audit engagement details: - Entity or process audited: [AUDIT ENTITY OR PROCESS] - Audit scope period: [AUDIT PERIOD] - Applicable framework: [APPLICABLE FRAMEWORK] - Raw findings: [RAW AUDIT FINDINGS] For each finding, produce a formatted finding card with the following elements: **Finding Title** β A concise, action-oriented title that describes the control deficiency (e.g., 'Segregation of Duties Gap in Accounts Payable Approval') **Risk Rating** β Assign one of four ratings based on potential impact and likelihood: Critical, High, Medium, or Low. Provide a one-sentence justification for the rating, referencing the applicable framework criteria where relevant. **Control Objective** β State the control objective that was not achieved and the specific control activity that failed or was absent. **Root Cause** β Identify the root cause of the finding at the appropriate level: design deficiency (the control was never designed to address the risk), operating ineffectiveness (the control exists but is not functioning), or management override. Avoid superficial root causes like 'staff error' β identify the systemic cause. **Management Impact** β Describe the actual or potential business, financial, or compliance impact if the finding is not remediated. Quantify the impact where possible. **Recommended Remediation** β Provide specific, actionable remediation steps. Each step should be a discrete action, not a general directive. Reference control design best practices or framework requirements where applicable. **Ownership** β Identify the process owner responsible for remediation based on the audit scope information provided. **Recommended Timeline** β Suggest a remediation timeline based on the risk rating: Critical findings within 30 days, High within 60 days, Medium within 90 days, Low within 180 days. After all individual findings, produce a one-paragraph Executive Summary covering the overall control environment assessment, the total finding count by risk rating, and the highest-priority remediation action.
Prompt Variables
Replace each placeholder with your specific information:
[AUDIT ENTITY OR PROCESS][AUDIT PERIOD][APPLICABLE FRAMEWORK][RAW AUDIT FINDINGS]What You'll Get
A formatted finding card for each raw finding, each including a risk-rated title, control objective, root cause analysis, quantified management impact, specific remediation steps, responsible owner, and timeline. Followed by a one-paragraph executive summary covering the overall control environment, finding distribution by risk rating, and top remediation priority.
π‘ Pro Tip
Include the applicable control framework in the prompt β whether SOX Section 302/404, COSO 2013, or a specific internal policy. Referencing the framework gives the AI the criteria needed to assign risk ratings consistently and frame remediation recommendations in terms auditors and management both recognize.
Compatible AI Tools
Claude
Best for processing verbose or unstructured raw audit notes into formatted finding cards. Claude handles multi-finding engagements consistently and maintains structured output quality even with lengthy raw input. Use follow-up prompts to generate a management action plan tracker or audit committee presentation slide content.
ChatGPT
Effective for findings summarization when the raw input is moderately structured. Use GPT-4o for longer engagement reports. Ask it to output each finding as a numbered section so it can be easily pasted into your audit management system.
Copilot
Ideal for audit teams using Microsoft 365. Copilot can draft the findings summary directly into a Word document or PowerPoint deck formatted to your audit committee template. Use Copilot in Teams to share and annotate findings with the engagement team before finalizing.
Gemini
Good for audit teams using Google Workspace. Gemini can export each finding card into a Google Sheets tracker with risk rating, owner, and timeline columns pre-populated, enabling automated status tracking through the remediation cycle.