As mentioned previously, the specific circumstances would be helpful in evaluating the situation, but here are a couple of thoughts.
The larger the department (and in a previous post you mentioned having a large department), the more difficult it becomes to be consistent from one audit to the next. The primary control point should be the review and approval of the Chief Audit Executive (CAE) / Manager. The CAE is responsible for ensuring that each audit is properly planned and that appropriate audit procedures and sampling are used. The CAE is also responsible for reviewing and approving the audit procedures, findings, recommendations, etc. Therefore, true inconsistencies need to be corrected by the CAE.
That said, there will always be valid reasons for there to be some differences from report to report: increased scope due to a change in perceived risk or audit resources, changes in environment (i.e. 9/11 and the impact on business continuity), different sampling methodologies, etc. This topic is addressed in more detail in a
previous post.
Bottom line, try to get past the political issue ("what changed or why didn't you catch it last time") and focus on whether the risk is there now...you can't change the past.