Typically, the Internal audit report includes the following elements:
- The dates when the internal audit was performed
- Who performed the internal audit
- Audit criteria
- Audit scope
- Audit methods
- Audit trail
- Recommendations for improvement
- Nonconformities

Examples:
- Audit date: November 28, 2022
- Who performed the internal audit: John Smith
- Audit criteria: ISO 27001, internal security policies and procedures, security requirements of interested parties
- Audit scope: the whole ISMS scope
- Audit methods: document and record review, personal observations, interviews
- Audit trail: first top-level Information Security Policy was reviewed together with security objectives, followed by the interview with top management...
- Recommendations for improvement: improve the communication of top-level objectives to all employees
- Nonconformities: the backup is performed every 24 hours instead of every 6 hours, as specified in the Backup Policy