What Plain Language Is — And Is Not
Plain language is writing that allows the intended reader to find and understand what they need on first reading. For audit reports, this means organising information logically, using words the reader knows, keeping sentences at a manageable length, and getting to the point without unnecessary preamble.
Plain language is not simplistic language. A plain-language finding on a complex IT control issue can still demonstrate technical depth — but it expresses that depth in terms that a senior IT executive or audit committee member can follow without a glossary. Plain language is not informal language either. Audit reports should be precise, measured, and professional. Plain language simply means that precision is achieved through clarity, not through complexity.
The Most Common Plain Language Failures in Audit Writing
Excessive passive voice: "It was found that controls were not operating effectively" should be "Controls were not operating effectively." The passive construction adds words and removes agency — leaving the reader uncertain about who did the testing and who is responsible for the weakness.
Nominalisation: Converting verbs into nouns produces sentences that are grammatically correct but unnecessarily heavy. "Management should perform a review of" should be "Management should review." "The team conducted an assessment of" should be "The team assessed."
Buried findings: Many audit findings open with three or four sentences of process description before reaching the issue. The reader of a dense audit report must work through extensive context before encountering the substance. Lead with the finding, then provide the context that makes it understandable.
Weasel words and hedging: Phrases like "it would appear that," "there may be a possibility that," and "it could potentially be considered that" weaken findings without adding accuracy. If the auditor found a weakness, they should state it clearly. If there is genuine uncertainty, that uncertainty should be described specifically, not expressed through vague hedging language.
Jargon without explanation: Terms like "ITGC deficiency," "COSO component," "attribute sampling," and "management override risk" are precise and appropriate — when the audience understands them. When they appear in reports going to board members, operational managers, or external stakeholders, they should be explained or replaced with plain-language equivalents.
The Structure of a Clear Finding
A well-structured finding contains four elements in order: the condition (what the auditor found), the criteria (what should have been the case), the cause (why the gap exists), and the effect (what the consequence is or could be). This structure — known as the condition-criteria-cause-effect framework — is not just an audit convention. It is a logical sequence that makes findings easy to understand and act on. When auditors skip the cause, management cannot design effective corrective actions. When they skip the effect, stakeholders cannot judge significance.
The test of a well-written finding is simple: can the responsible manager read it, understand what went wrong, understand why it matters, and know what needs to change — without asking the auditor for clarification? If not, rewrite it.
Editing as a Professional Discipline
Good audit writing requires editing. Most first drafts are longer, more passive, and more jargon-heavy than necessary. The discipline of reading a draft with the reader's eyes — asking whether each sentence earns its place and whether the overall message is clear — is part of the professional obligation. CAEs who build editorial review into their quality control process — not just checking technical accuracy but actively improving clarity and conciseness — produce better reports and better auditors.