IntermediateClaudeChatGPTCopilot

Internal Audit Findings Summarizer

What does this prompt do?

Internal auditors and audit managers use this prompt to convert raw field notes and draft findings into structured, management-ready finding cards β€” eliminating the time spent formatting and standardizing output across team members, and ensuring every finding includes the root cause analysis and quantified impact that audit committees expect.

Prompts

You are a senior internal auditor preparing a findings summary report for the audit committee and senior management. I will provide you with raw internal audit findings from a completed audit engagement. Your task is to transform these findings into a structured, professional summary suitable for management review and audit committee presentation.

Audit engagement details:
- Entity or process audited: [AUDIT ENTITY OR PROCESS]
- Audit scope period: [AUDIT PERIOD]
- Applicable framework: [APPLICABLE FRAMEWORK]
- Raw findings: [RAW AUDIT FINDINGS]

For each finding, produce a formatted finding card with the following elements:

**Finding Title** β€” A concise, action-oriented title that describes the control deficiency (e.g., 'Segregation of Duties Gap in Accounts Payable Approval')

**Risk Rating** β€” Assign one of four ratings based on potential impact and likelihood: Critical, High, Medium, or Low. Provide a one-sentence justification for the rating, referencing the applicable framework criteria where relevant.

**Control Objective** β€” State the control objective that was not achieved and the specific control activity that failed or was absent.

**Root Cause** β€” Identify the root cause of the finding at the appropriate level: design deficiency (the control was never designed to address the risk), operating ineffectiveness (the control exists but is not functioning), or management override. Avoid superficial root causes like 'staff error' β€” identify the systemic cause.

**Management Impact** β€” Describe the actual or potential business, financial, or compliance impact if the finding is not remediated. Quantify the impact where possible.

**Recommended Remediation** β€” Provide specific, actionable remediation steps. Each step should be a discrete action, not a general directive. Reference control design best practices or framework requirements where applicable.

**Ownership** β€” Identify the process owner responsible for remediation based on the audit scope information provided.

**Recommended Timeline** β€” Suggest a remediation timeline based on the risk rating: Critical findings within 30 days, High within 60 days, Medium within 90 days, Low within 180 days.

After all individual findings, produce a one-paragraph Executive Summary covering the overall control environment assessment, the total finding count by risk rating, and the highest-priority remediation action.

Prompt Variables

Replace each placeholder with your specific information:

[AUDIT ENTITY OR PROCESS]
[AUDIT PERIOD]
[APPLICABLE FRAMEWORK]
[RAW AUDIT FINDINGS]

What You'll Get

A formatted finding card for each raw finding, each including a risk-rated title, control objective, root cause analysis, quantified management impact, specific remediation steps, responsible owner, and timeline. Followed by a one-paragraph executive summary covering the overall control environment, finding distribution by risk rating, and top remediation priority.

πŸ’‘ Pro Tip

Include the applicable control framework in the prompt β€” whether SOX Section 302/404, COSO 2013, or a specific internal policy. Referencing the framework gives the AI the criteria needed to assign risk ratings consistently and frame remediation recommendations in terms auditors and management both recognize.

Compatible AI Tools

Claude

Best for processing verbose or unstructured raw audit notes into formatted finding cards. Claude handles multi-finding engagements consistently and maintains structured output quality even with lengthy raw input. Use follow-up prompts to generate a management action plan tracker or audit committee presentation slide content.

ChatGPT

Effective for findings summarization when the raw input is moderately structured. Use GPT-4o for longer engagement reports. Ask it to output each finding as a numbered section so it can be easily pasted into your audit management system.

Copilot

Ideal for audit teams using Microsoft 365. Copilot can draft the findings summary directly into a Word document or PowerPoint deck formatted to your audit committee template. Use Copilot in Teams to share and annotate findings with the engagement team before finalizing.

Gemini

Good for audit teams using Google Workspace. Gemini can export each finding card into a Google Sheets tracker with risk rating, owner, and timeline columns pre-populated, enabling automated status tracking through the remediation cycle.

Related Prompts

Regulatory Change Impact Analyzer

Chief Compliance Officers, regulatory affairs teams, and business line compliance officers use this prompt when a new rule is finalized or proposed β€” converting regulatory text into an actionable, cross-functional impact assessment that drives implementation planning, resource allocation, and board-level reporting before the compliance deadline.

Fraud Risk Assessment

Internal auditors, risk managers, and finance controllers use this prompt to conduct structured fraud risk assessments for individual business processes β€” replacing the inconsistent, experience-dependent approach of manual fraud brainstorming sessions with a systematic scheme identification and control mapping methodology aligned to COSO that can be applied uniformly across the enterprise.

Related Resources

glossarySOX Glossary
← Back to AI Prompts