The auditor is required to obtain an understanding of internal control relevant to the audit when identifying and assessing the risks of material misstatement. In making those risk assessments, the auditor considers internal control in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of internal control. The auditor may identify deficiencies in internal control not only during this risk assessment process but also at any other stage of the audit. This ISA specifies which identified deficiencies the auditor is required to communicate to those charged with governance and management.


ISA 265 – Objective

ISA 265 – Definitions

ISA 265 – Requirements