• The auditor shall determine whether, on the basis of the audit work performed, the auditor has identified one or more deficiencies in internal control.
  • If the auditor has identified one or more deficiencies in internal control, the auditor shall determine, on the basis of the audit work performed, whether, individually or in combination, they constitute significant deficiencies.

How to Communicate:

  • The auditor shall communicate in writing significant deficiencies in internal control identified during the audit to those charged with governance on a timely basis.
  • The auditor shall also communicate to management at an appropriate level of responsibility on a timely basis:
    1. In writing, significant deficiencies in internal control that the auditor has communicated or intends to communicate to those charged with governance, unless it would be inappropriate to communicate directly to management in the circumstances; and
    2. Other deficiencies in internal control identified during the audit that have not been communicated to management by other parties and that, in the auditor’s professional judgment, are of sufficient importance to merit management’s attention.
  • The auditor shall include in the written communication of significant deficiencies in internal control:
    1. A description of the deficiencies and an explanation of their potential effects
    2. Sufficient information to enable those charged with governance and management to understand the context of the communication. In particular, the auditor shall explain that:
  1. The purpose of the audit was for the auditor to express an opinion on the financial statements;
  2. The audit included consideration of internal control relevant to the preparation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of internal control; and
  3. The matters being reported are limited to those deficiencies that the auditor has identified during the audit and that the auditor has concluded are of sufficient importance to merit being reported to those charged with governance.

ISA 265 – Scope

ISA 265 – Objective

ISA 265 – Definitions