The following system of grading audit recommendations is used:
UHR: University High Risk - This category is used only rarely where a recommendation, if not implemented, would represent a severe risk to the University as a whole.
HR: High Risk - A recommendation, which if not implemented, would represent a significant risk to the activity being audited and a real risk to the University as a whole.
RR: Real risk - A recommendation, which, if not implemented, would represent a real risk to the activity being audited.
MA: Merits action - A recommendation that indicates a control weakness, which does not present an immediate risk, but which should still be attended to.
In addition to these categorisations, two suffixes are added to the main grades in some cases. These indicate that the recommendation has other significance apart from the level of risk that is attached to it or the need for improved controls:
VFM: This relates to a recommendation which, if implemented, will improve the economy, efficiency or effectiveness for the activity concerned.
REG: This is added to all recommendations where a regulation of some sort has been breached and the recommendation is designed to ensure the breach does not recur.