During and at the end of the auditing process a series of reports may be elaborated: a report with the vulnerabilities identified in the organization information system, a report with the threats and risks the organization faces as a result of the existing vulnerabilities including faulty policy, architecture, etc., and an audit report which gives the security overview and the results of all the audits