Thursday, March 3, 2022

ISA (UK) 265: COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT

 The auditor's goal is to report to those charged with governance and management any flaws in internal control that the auditor discovered during the audit and that, in the auditor's professional opinion, are important enough to warrant their attention. When identifying and assessing the risks of material misstatement, the auditor must have a thorough understanding of the internal controls that are relevant to the audit.  In making those risk assessments, the auditor considers internal control in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of internal control. Internal control deficiencies may be discovered by the auditor not only during the risk assessment process but also at any other stage of the audit. This ISA (UK) defines which detected problems the auditor must notify to those charged with governance and management.

The auditor may examine the following factors when deciding whether a defect in internal control or a combination of failures constitutes a substantial deficiency.

§  The possibility of major misstatements while preparing the financial statements in the future as a result of internal control weaknesses.

§  The associated asset's or liability's susceptibility to loss or fraud.

§  Estimated amounts, such as fair value accounting estimates, are prone to subjectivity and complexity.

§  The amounts on the financial statement that are vulnerable to flaws.

§  The amount of activity in the account balance or class of transactions exposed to the shortfall or deficiencies that have occurred or could occur.

§  The value of controls in the financial reporting process, such as:

 

ü  General monitoring controls (such as oversight of management).

ü  Maintains control over fraud prevention and detection.

ü  Has authority over the selection and application of major accounting policies.

ü  Maintains control over major transactions involving associated parties.

ü  Has authority over large transactions that occur outside of the normal course of business.

ü  Period-end financial reporting process controls (such as non-recurring journal entry controls).

§  The reason for the exceptions found as a result of control flaws, as well as the frequency with which they occur.

§  The interaction of the weakness with other internal control problems.

Practice:

Internal control problems that have been identified may call into doubt management's integrity or competence. For example, there could be proof of management fraud or purposeful non-compliance with rules and regulations, or management could show an incapacity to oversee the preparation of the proper financial statements, raising questions about management's competency. As a result, it may not be acceptable to inform management about such deficiencies immediately. When an auditor discovers or suspects fraud involving management, ISA (UK) 240 establishes requirements and provides guidance on how to communicate with those charged with governance.

Reference:      https://bit.ly/35NC6U9

1 comment: