Appendix C – Risk ranking of recommendations and audit opinion

Appendix C – Risk ranking of recommendations and audit opinion

This report uses the following definitions to classify the ranking of recommendations and the audit opinion presented in this report.

Audit recommendations

Critical

Relates to one or more significant weaknesses for which no adequate compensating controls exist. The weakness results in a high level of risk.

Essential

Relates to one or more significant weaknesses for which no adequate compensating controls exist. The weakness results in a moderate level of risk.

Audit opinion

Well-controlled

Only insignificant weaknesses relating to the control objectives or sound management of the audited activity are identified.

Generally acceptable

Identified weaknesses when taken individually or together are not significant, or compensating mechanisms are in place. The control objectives or sound management of the audited activity are not compromised.

Requires improvement

Identified weaknesses, when taken individually or together, are significant and may compromise the control objectives or sound management of the audited activity.

Unsatisfactory

The resources allocated to the audited activity are managed without due regard to most of the criteria for efficiency, effectiveness, and economy.