ASSESS AND REPORT AUDIT FINDINGS
At the conclusion of each audit, it is possible that there will be certain findings or exceptions in IT environment and IT controls of the company that need to be assessed and reported to relevant stakeholders including management and those charged with governance viz., Board of directors, Audit committee [Students may refer SA 260 (Revised) – Communication with Those Charged with Governance for more details].
Some points to consider are as follows:
- Are there any weaknesses in IT controls?
- What is the impact of these weaknesses on overall audit?
- Report deficiencies to management – Internal Controls Memo or Management Letter.
- Communicate in writing any significant deficiencies to Those Charged With Governance.
A deficiency in internal control exits if a control is designed, implemented or operated in such a way that it is unable to prevent, or detect and correct, misstatements in the financial statements on a timely basis; or the control is missing.
Evaluation and assessment of audit findings and control deficiencies involves applying professional judgement that include considerations for quantitative and qualitative measures. Each finding should be looked at individually and in the aggregate by combining with other findings/deficiencies.
No comments:
Post a Comment