SYSTEM & CONTROLS

INTERNAL CONTROLS

Internal controls

 Designed
by the management of the entity
&

 Implemented

to achieve some benefits (objectives of controls)

INTERNAL CONTROLS
Objectives/purposes of Internal controls
 To minimize the chances of fraud or errors.

 To ensure the safeguard of assets and prevent/reduce its misuse.

 To minimize the chances of material misstatements in the financial statements.

 To achieve the corporate objectives of the entity, on timely basis.

 To ensure receiving the accurate, relevant, timely information for appropriate decision making.
INTERNAL CONTROLS
Internal controls

Common Controls Specific Controls

Controls thought the entity Departmental controls

 Inventory system
 Purchase system
 NCA system
 Sales system
 Cash/Bank system
 Payroll system
INTERNAL CONTROLS

Common Controls
Some common controls can be remembered by the mnemonic S P A M S O A P

- S – Segregation of duties – Duties should be divided between two or more individuals.

- P – Physical controls – Restriction towards access to something, like password, door locks etc.

- A – Authorization & Approval – Endorsing with the signature of senior personnel – like authorizing
to purchase the material, authorizing the time sheet for payroll processing.

- M – Management control – Controls by the management in all the departments, via analysis, like
review, for example, IA department, budget, variances.
INTERNAL CONTROLS
S PA M S OA P

- S – Supervision – Supervising day to day activities – like factory supervisor, floor supervisor in supermarket.

- O – Organogram / Organization chart – It involves the hierarchy document so that staff know
their reporting structure – and no once can cross their boudaries

- A – Arithmetic control – It involves the controls over the mathematical accuracy of

figures, like control accounts, bank reconciliations, supplier reconciliations, trial balance.

- P – Personnel control – It involves the controls over the employees (personnel) like providing training,
disciplinary actions, proper investigation before appointment, performance appraisal.
INTERNAL CONTROLS

Some other common controls include: NOTE:

 Proper backups
There may be many other controls
depending on the situations of the entity.
 Official documents (dates, official logo, stamp)

 Sequentially pre – numbered documents

 CCTV facility

 Using words along with figures, like on cheque

INTERNAL CONTROLS
Limitations of internal controls

 Controls may not prevent all the frauds if all of the staff together committing the fraud, that is,
collusion with staff.
 There is a possibility of management override of controls, that is, responsible people may abuse
their powers for personal benefit – like presenting healthy financial results by overstating.
 Human error – that means mistakes made by those responsible for performing controls.
 Controls may be too much expensive and may not justify the cost benefit analysis.
 Controls, may become obsolete and may not be updated on timely basis, if so, then it is not
effective.
 Controls may be well designed for routine activities not well designed for the routine activities
thus limited use for the routine activities.
I.T. CONTROLS
I.T. Controls

General I.T. Information

Controls processing
Controls
I.T. CONTROLS
General I.T. Controls
Control over the entity’s IT processes that support the continued proper operations of IT environment, including effective
functioning of information processing control and the integrity of information in the entity’s information system.

General IT control includes

General IT controls Examples
• Standard setting over system design,
Development of computer applications programming, documentation

• Approval of computer user/management

• Staff training

• Installation process so that data is not corrupted.

• System test (different person other than who

designed) – segregation of duties
I.T. CONTROLS

General IT controls Examples

Prevention or detection of unauthorized • Password protection

changes to programs
• Restricted access

• Maintenance of program logs

• Anti-virus

• Back-up copies

• Full records of program changes

I.T. CONTROLS
General IT controls Examples

Testing and documentation of program changes • Complete testing procedures

• Approval of changes by computer

users/management

• Training of staff – for any changes in programs

• Operations controls over programs

Controls to prevent wrong examples or files being used
• Proper job scheduling
I.T. CONTROLS
General IT controls Examples

Controls to prevent unauthorized amendments • Password protection

to data files
• Restricted access to authorized users only

Controls to ensure continuity of operations • Disaster recovery procedures

• Storing extra copies of programs and data files

off-site

• Protection of equipment against fire and other

hazards

• Back-up power sources

I.T. CONTROLS
Information processing controls
Information processing controls ensure that all the transactions are authorized and recorded, and are processed
completely, accurately on timely basis.

Data

Input Process Output

I.T. CONTROLS

Controls over Input

Authorisation Completeness Accuracy

Manual check, whether:- • Control total • Digit verification (e.g. reference numbers are
as expected)
• Information input is • Document counts
authorized. • Existence check (e.g. customer name)
• One-for-one checking
• Input by authorized (processed output to source • Permitted range (no transaction processed
personnel. documents) over certain value)

• Programmed matching (input to • Character check (no unexpected characters

an expected input control file) used in reference)
I.T. CONTROLS

Controls over processing

• Notifications of the processing done

• Screen warning if logout before processing is complete

Controls over output

The control in the computerized environment to ensure that output (results) are viewed/accessible by
only authorized personnel and restricting the output from unauthorized personnel.
TEST OF CONTROLS
Test of controls (T.O.C.)
Auditor must test that controls:

- which are properly designed

- and operating throughout the period.

Failures of internal controls (deviations) should be recorded & investigated regardless of the
monetary amount involved.

When controls are not designed or implemented effectively – there is no benefit in testing it.

Increase the substantive testing

TEST OF CONTROLS

How to perform T.O.C.? AUDIT PROCEDURES

“C A I³ R² O” Also use CAATs

(Computerized
Assisted Audit
Techniques)
TEST OF CONTROLS

Performing T.O.C.? Example:-

Overtime sheets are authorized by the responsible official.
Procedure + Purpose

Test of controls
Select the sample of authorized overtime sheets and
agree it is authorized by the responsible official by looking
at the signatory evidence.
USE OF CAATS
CAATs (Computerized Assisted Audit Techniques)
There are two facilities in CAATs

- Test Data Many tasks can be done, like:

- Audit software • testing of particular system

• review past logged in trails

• enter dummy entry to check the

operating effectiveness of the system.
USE OF CAATS
Example:-
Credit customers are given the certain limit & sales orders are entered into the system.

Test of controls
Using test data facility of CAATs, access the sales system and enter the dummy sales order above the
credit limit to ensure system is rejecting.
USE OF CAATS
Example:-
Access to payroll master file is restricted to authorized staff.

Test of controls
Using test data facility of CAATs, access the payroll master file and review the past logged in trails to
ensure it was accessed and amended by only authorized staff in payroll.

Also access payroll master file using the system ID of unauthorized personnel to ensure system is
denying the access.
SALES SYSTEM
SALES SYSTEM
Risks
Orders may be received
from the customers with
poor credit ratings – leading
to late payments/bad debts.
Orders Received (from customers)
Control objectives Controls
To ensure that orders are For old customers, check
received from the the outstanding balances.
customers with good credit
ratings. For new customers, check
the credit worthiness prior
to accept the orders, like
check credit ratings from
credit rating agencies.
Allot the credit limit
accordingly.
Regularly review the credit
limit.
Test of controls
Inspect the management’s
working of credit check,
like review the
correspondence of
company with credit
rating agencies.
Enter the credit limit in
the system above credit
limit to ensure system is
rejecting.
SALES SYSTEM
Orders Received (from customers)
Risks Control objectives Controls Test of controls
Orders may not be To ensure all the Complete the Review the customers’
fulfilled – which may customers’ orders would customers’ orders on orders to confirm they
dissatisfy the customers. be fulfilled on time. sequentially pre- are sequentially pre-
numbered orders forms. numbered.

Pass customers’ orders Check the integrated

to warehouse or system – like through
production – use dummy entry.
integrated system which
would enable automatic
notifications to them.
SALES SYSTEM
Goods dispatched
Risks Control objectives Controls Test of controls
Wrong goods dispatched. To ensure correct goods Check the goods’ quality Visit the goods
are dispatched to and quantity while packaging process and
correct customers. packing. observe the system.

Check goods against

orders forms.
SALES SYSTEM
Goods dispatched
Risks Control objectives Controls Test of controls
Customers may falsely To minimize the chance Send GDN to Inspect the sample of
claim that goods are not of false claim made by customers, it should be GDNs and ensure
received. customers. signed by them. they are signed by
customers.
Multi-part GDNs
(warehouse, customers, Check copies of
sales team, invoicing GDNs in the
department) departments.
SALES SYSTEM
Goods invoiced & recorded
Risks Control objectives Controls Test of controls
Goods dispatched may not To ensure that all goods Invoices should be Agree invoices with the
be invoiced or invoiced dispatched are invoiced sequentially pre- GDNs.
with incorrect amount. correctly. numbered.
Insect sample of invoices
Invoices should be to confirm sequential
agreed with price list or pre-numbering.
credit terms with
customers. Agree invoices with the
authorized price list.
Invoices should be
system generated.
SALES SYSTEM
Goods invoiced & recorded
Risks Control objectives Controls Test of controls
Invoices posted to wrong To ensure that invoices Regular review of Discuss with
customers’ accounts. are posted to the customers’ accounts. management for the
correct customers’ regular review, confirm
accounts. Send regularly the any signatory evidence
statements to of review.
customers.
Review any written
correspondence with
the customers for any
disputed invoicing.
SALES SYSTEM
Payment received
Risks Control objectives Controls Test of controls
Cash (payment) from To ensure cash received Produce aged receivable Review aged receivables
customers not received from the invoices raised, report on time (monthly report.
on time or may become on time. basis).
bad debt. Discuss with the
Follow up overdue management the follow
customers for payments. up process.
SALES SYSTEM
Payment received
Risks Control objectives Controls Test of controls
Payments received may be To ensure payment Segregation of duties Observe the segregation
misappropriated. received are not who updates the ledger of duties.
misappropriated and and raise invoices.
payments are safeguarded. Agree invoices received
Ask customers to pay via in the company’s bank
bank in the company’s statement.
name bank account.
Review reconciliations,
Regular reconciliations re-perform it and discuss
of customers who paid. with them the
investigation process of
differences.
PURCHASE SYSTEM
PURCHASE SYSTEM
Ordering stage (placing orders to suppliers)
Risks Control objectives Controls Test of controls
Orders may be To ensure that orders are Purchase requisition Review the sample of
unauthorized, not for being made for genuine should be authorized by orders requisition,
genuine business use. business use. the departmental ensure it is authorized
manager or HOD. by relevant HOD, by
looking at signature.
PURCHASE SYSTEM
Ordering stage (placing orders to suppliers)
Risks Control objectives Controls Test of controls
Expensive materials may To ensure materials are Approved suppliers Review the sample of
be purchased. being purchased at should be used for orders made and agree it
competitive price or say purchasing (BOD is made to approve
reasonable price approved suppliers). suppliers, by referring
the approved suppliers
For non-routine items, list.
separate quotations
from suppliers should be
obtained.
PURCHASE SYSTEM
Goods received (at store)
Risks Control objectives Controls Test of controls
Ordered goods not To ensure those goods are Check the goods against Observe the goods
received. received which were the available copy of P.O. receiving process
actually ordered. whether goods are being
Faulty goods received. Check the quality of checked against the copy
To ensue goods are goods and then accept. of P.O.
accepted if they are of
required quality. Raise sequentially pre- Review the GRN and
numbered GRN and ensure they are
maintain multiple copies sequentially pre-
(store, ordering numbered and match
department, accounts GRNs with the P.O.
department).
PURCHASE SYSTEM
Goods invoiced and recorded (liabilities)
Risks Control objectives Controls Test of controls
Liabilities of the goods To ensure the complete Accounts department Agree GRNs with the
may not be recognized in and accurate record should have the copy of invoices.
the records. keeping for all the goods GRNs.
received. Review liability records
Invoices should be and ensure all goods
matched with the GRNs. received had been
recorded (liability).
Unmatched GRNs
should be reviewed and
investigated.
PURCHASE SYSTEM
Goods invoiced and recorded (liabilities)
Risks Control objectives Controls Test of controls
Liability may be recorded To ensure liability is only Allocate the same Review the Invoices
for the goods not for the goods which were sequential pre- received and ensure
received, risk of bogus actually ordered and numbering to the same sequential pre-
supply of goods. received. invoices received as of numbering as of GRNs.
GRNs raised.
Ensure all matched
GRNs and Invoices are
recorded.
PURCHASE SYSTEM
Payment made to suppliers
Risks Control objectives Controls Test of controls
Payments may be made to To ensure payments are All invoices should be Obtain the sample of
wrong suppliers. only made to correct authorized by invoices authorized,
suppliers. appropriate manager, confirm the signature of
before payment. authorized personnel.

Regular review of Review the supplier

suppliers’ statements statement
and should be reconciliations, discuss
reconciled. their process of
investigation.
Authorization of any
changes after the Review signature of
reconciliation. authorized personnel
after any changes made.
PURCHASE SYSTEM
Payment made to suppliers
Risks Control objectives Controls Test of controls
Wrong amount (twice) To ensure accurate and Agree all the invoices Review the sample of
amounts may be paid. correct being paid to with the GRNs, check calculations and confirm
suppliers. the price, sales tax, signatory evidence.
discounts and all and
also calculate the Inspect the sample of
amount. invoices to confirm paid
invoices are stamped as
Once paid, invoices “paid”.
should be stamped as
“paid”.
NON-CURRENT ASSET SYSTEM / CAPITAL EXPENDITURE
NCAs are having some Risks and Control Objectives

Risks Controls Objectives

 Capital expenditures may be incurred  To ensure capital expenditure are incurred for
unnecessarily. genuine business use.

 Capital items may be misappropriated.  To ensure the safe custody of NCAs.

 Capital items may not be recorded in NCA  To ensure all CapEx are completely recorded in
register. NCA register.

 Revenue expenditure may be recorded as NCA.  To ensure CapEx are properly classified in the
accounting records.
NON-CURRENT ASSET SYSTEM / CAPITAL EXPENDITURE
Capital Expenditure / NCAs – Controls and Test of controls
Controls Test of controls
 CapEx should be authorized by BOD/CapEx committee.  Review the minutes of BOD meetings to
confirm authorization.
 Establish physical controls on NCA like CCTV,
 Inspect NCA and observe security
security guards, tracker on vehicles. arrangements there.

 Insurance over NCAs.  Inspect the sample of order forms to ensure

separate forms of purchasing of NCA and of
 Separate order forms for materials purchasing and materials.
purchasing of NCAs.
 Review NCA register for completeness and
classification.
 Review the NCA register to ensure proper classification.
 Review IA work on NCA verification. Discuss
 Review the NCAs and trace in the NCA register, like by with them the process of investigation.
IA department.
INVENTORY SYSTEM
Inventories are having some Risks and Control Objectives

Risks Controls Objectives

- Inventory may be damaged/stolen.
- Inventories may not be used fully before its
useful life ends.
- Inventory movements are not adequately
monitored.
- Inventory may not valued at lower of cost or
NRV.
- To prevent or minimize the chances of theft of
inventory.
- To ensure less or no interruption due to stock
out costs.
- To ensure all movements of inventory is
authorized and adequately monitored.
- To ensure inventory is valued and lower of cost
or NRV and accurately and complete records
are maintained.
INVENTORY SYSTEM
Inventories – Controls and Test of controls

Controls Test of controls

- Proper and good conditions in the warehouse. - Visit the warehouse and observe the
 CCTV environment.
 Fire sprinklers/alarms
 Emergency exit - Watch previously CCTV footage on sample basis
 Temperature monitor to ensure it is being monitored and recorded.
 Proper arrangement of inventories –
well organized and placed.
INVENTORY SYSTEM
Inventories – Controls and Test of controls

Controls Test of controls

- Maintaining inventory records - Inspect the inventory records and confirm the
maintenance of records.
 Bin Card

 Store ledger

 Inventory master file

INVENTORY SYSTEM
Inventories – Controls and Test of controls
Controls Test of controls
Company should undertaking the inventory count with good features.  Visit the counting area,
 Counting should be done in quite times, not during the movement, if observe the system and
needed to count during the movement, then movement should be agree whether
separately conducted – outside the warehouse/separate place. instructions are being
complied.
 Counting staff should be selected from the department, other than
warehouse.  Inspect the job ID card of
employees performing
 Counting staff should have proper instructions. the count to ensure they
are from departments
 Counting should be done in pairs, one person should count and other than warehouse.
other should re-count.

 Counting process should be supervised, by the supervisor.

INVENTORY SYSTEM
Inventories – Controls and Test of controls

Controls Test of controls

Company should undertaking the inventory count with good features.  Inspect the counting sheets
 Counting staff should counting sheets which should contain all the and confirm sequential pre-
information – but not quantities to be counted. numbered, ensure no
quantities are mentioned.
 Counting sheet should be sequentially pre-numbered.
 Observe counted areas are
marked/flagged and
 Counted areas should be marked/flagged. customers inventory are
separately placed.
 Units sold (not delivered) should be kept separately with the tagging
of name of customers.  Agree the signature of
counting staff after the
 After the count, both the counting staff should sign off the counting count.
sheet.
PAYROLL SYSTEM
PAYROLL SYSTEM
There are two main aspects for payroll

Human Resource (HR) function Payroll processing function

Includes:- Includes:-
• Staff appointment • Monthly processing of payroll
• Staff removal
• Staff appraisal
• Notifications of salary changes

These two functions should be segregated.

PAYROLL SYSTEM
PAYROLL SYSTEM
Work recorded
Risks Control objectives Controls Test of controls
Time (hours) may not be To ensure hours worked Biometric system to Observe the employees’
recorded accurately. are accurately recorded. record employees’ attendance marking
attendance – with process.
integrated (auto
generated) time sheet. Review the sample of
timesheets for evidence
Time sheets to be that they have been
reviewed by responsible reviewed by responsible
official. official.
PAYROLL SYSTEM
Work recorded
Risks Control objectives Controls Test of controls
Un-worked hours may be To ensure only worked OT should be pre- Inspect the sample of
recorded. overtime should be decided, rate, time and OT sheets and agree it is
recorded and paid. work. authorized by the
responsible official.
OT should be authorized
by the responsible
official.
PAYROLL SYSTEM
Recognition of payroll liability
Risks Control objectives Controls Test of controls

HR should appoint Review job description

Data of fictitious To ensure only genuine and/or remove. of HR and payroll to
employees may be created and actual employees confirm segregation of
and paid. would be paid. Complete their forms duties.
and pass to payroll after
authorization. Review documentation
of HR and payroll
Unique employees’ confirming HR
number should be appointed/removed.
assigned.
Review personnel files to
Personnel files should be confirm joiners’ data are
maintained. added and resigned
employees data
removed.
PAYROLL SYSTEM
Recognition of payroll liability
Risks Control objectives Controls Test of controls

Any changes in the Review the sample of

Wages are To ensure that wages are employees’ standing data reports of changes made,
paid/deductions made at paid/deductions are made should be authorized by ensure properly
wrong rates. at appropriate rate. HR manager. authorized.

Exception/edit report Review the

should be generated edit/exception report
after any changes. generated.

Changes report should Review the signature of

be printed and signed by appropriate personnel
appropriate manager. on the printed changes
report.
PAYROLL SYSTEM
Payment made to employees
Risks Control objectives Controls
Senior personnel should
Employees may not be To ensure employees are recalculate the amounts to be
paid to staff.
paid the right amount. being paid the right
amount. Payment sheets to be reviewed
by senior responsible official.
Before payment, amounts to be
agreed with payroll record and
pay slips.
For BACS, bank account of
employees should be verified,
payment to be authorized by
finance director.
For cash payment, at least two
staff should be there.
Test of controls
Review the printout
payment sheets, review the
evidence of signature of
authorized personnel.
Agree the authorization
signature of FD on payment
sheets.
Review BACS details and
ensure payments were
transferred to correct
employees.
Observe the cash payment
process.
CASH & BANK SYSTEM
Cash & Bank system are having some Risks and Control Objectives

Risks Controls Objectives

 Cash may be thefted.  To reduce the chances of theft of cash.

 Unnecessary cash expenses.  To ensure cash expenditures are being made for
the genuine business use.
 Holding too much cash – missing out the
short-term investment opportunity.  To hold the cash as per the requirement.

 Cash received not banked.  To ensure all cash received are banked.

 Making fake signatures on cheque.  To ensure no fake signatures on cheque and no

misuse of signing authority on cheque.
 Authorized personnel may misuse the signing
authority on cheque.
CASH & BANK SYSTEM
Cash & Bank system – Controls and Test of controls
Controls
 Cash should be placed in the locked fixture.
 Every cash expense should be authorized by senior
responsible official.
 Holding the cash as per the need and not to hold too
much cash and should be banked.
 Maintaining the cash vouchers, authorized by responsible
official.
 Cheque book to locked away,
 Multiple signatories – like on large amounts.
Test of controls
 Assess the security/safety arrangements
where cash is placed.
 Discuss the need for cash and confirm it
is as per the requirement.
 Review the cash vouchers and ensure
the signature of authorized personnel.
 Assess the safety of cheque book.
 For any large payment, review the
evidence of multiple signatories.
DIRECT & INDIRECT CONTROLS
Direct controls
Direct controls addresses the risk of material misstatements in the financial statements, at assertion level.

Indirect controls
Indirect controls support direct controls.
Example

Responsible manager recalculates the payroll, agrees the amounts on the payroll list to individual pay slips.
(Direct controls)

Manager review on the total of

payroll total each month
(Indirect controls) Accuracy
EXAMPLES OF DIRECT CONTROLS
DOCUMENTING THE CLIENT’S SYSTEM
Auditors must document the client’s control system before evaluating whether the system is
adequate and working effectively.

Narrative Notes

Techniques to
document the
client’s system
Flow Charts Questionnaire
I C Qs

I C E Qs
DOCUMENTING THE CLIENT’S SYSTEM
Narrative notes
It involves documentation of client’s system in the written descriptive manner, usually typed and explains
each stage of the entity’s system.
Advantages of narrative notes Disadvantages of narrative notes
 It is relatively simple to record & can facilitate  It is time consuming & cumbersome to narrate
understanding by all audit team members. the system rather than if it can be presented in
flow chart (diagram).
 Any necessary amendments/edit can be done
easily of typed.  If it is written manually then it may be difficult to
amend.
DOCUMENTING THE CLIENT’S SYSTEM
Flow chart
It is the graphical illustration of the system of the entity and the flow lines (arrow lines) shows the
sequence of the process of the system.
DOCUMENTING THE CLIENT’S SYSTEM

Flow chart

Advantages of narrative notes Disadvantages of narrative notes

 It is easy to view the whole system in one  It would difficult to amend in case of any errors,
diagram. like it needs to be redrawn – time consuming.

 Easy to spot missing controls due to the use of  It may include less detail as compared with the
standard symbols. narrative notes.
DOCUMENTING THE CLIENT’S SYSTEM
Questionnaires
This is the list of questions in relation to client’s control system (…like expected good controls) and
questions to be asked to client entity.

There are two types of questions:

(a) I C Qs (Internal control questionnaire)
This involves list of questions to be asked to client entity to know whether or not control exist.

(b) I C E Qs (Internal control evaluation questionnaire)

This involves list of questions to be asked to client entity to know the quality of controls, whether the
controls are operating effectively.
DOCUMENTING THE CLIENT’S SYSTEM
Questionnaires – examples of wordings of ICQ and ICEQ
DOCUMENTING THE CLIENT’S SYSTEM
Questionnaires

Advantages of questionnaires Disadvantages of questionnaires

 It is easy to prepare and standard questions can  It may contain large number of irrelevant
be used in multiple clients. controls.

 Questionnaires help the auditor to identify good  Controls would be overstated as the client
controls (direct controls) which would be tested knows the answer the auditor is looking for is
during TOC. “YES”.

 It also enables to highlight deficiencies where  It may not include unusual controls which may
extensive substantive procedures would be not be identified.
required.
AUDITORS & CONTROLS
Auditors are required to:
 Understand the control system of client

 Document the control system of the client

 Perform test of controls

 Provide a recommendations – to client to improvise the system

COMMUNICATING CONTROL DEFICIENCIES
ISA 265 – communicating deficiencies in internal controls to those charged with governance and management

ISA 265 requires the auditor to:

Communicate any deficiency that are of sufficient importance to merit management’s attention to management.

Communicate significant deficiencies to those charged with governance.

 COMMUNICATING CONTROL DEFICIENCIES
Deficiencies in internal controls

Deficiencies occur when:

• A control designed, implemented or operated in such a way that it is unable to prevent, or detect and
correct misstatements in the financial statements, on timely basis.

• A control necessary to prevent, or detect and correct, misstatements in the financial statements on
timely basis is missing.
 COMMUNICATING CONTROL DEFICIENCIES
Significant Deficiencies in internal controls
Significant Deficiencies in internal controls are those which merit the attention of those charged with governance.
External auditor should consider the following when determining if a deficiency in internal controls is significant.
 The likelihood of deficiencies leading to material misstatements in the financial statements.
 The susceptibility to loss or fraud of the related assets or liabilities.
 The subjectivity and complexity of determining estimated amounts.
 The financial statements amounts exposed to the deficiencies.
 The volume of activity that has occurred or could occur in the account balance or class of transactions exposed to
the deficiency or deficiencies.
 The importance of controls to the financial reporting process.
 The cause and frequency of the exceptions detected as a result of the deficiencies in the controls.
 The interaction of deficiency with other deficiencies in internal controls.
REPORT TO MANAGEMENT (CONTROL DEFICIENCIES)
The auditor will communicate the deficiencies in a report to management (management letter).

It is usually sent at the end of the audit and comprises a covering letter with an appendix containing the
deficiencies the auditor has found within the client’s control system and recommendations to overcome
each deficiency.

The covering letter should clarify something:

 The report is not a comprehensive list of deficiencies, but only those that have come to light during normal audit
procedures.
 The report is for the sole use of the company.
 No disclosure should be made to third party without written agreement of the auditor.
 No responsibility is assumed to any other parties.
REPORT TO MANAGEMENT (CONTROL DEFICIENCIES)

Deficiencies Recommendations
COMPONENTS OF INTERNAL CONTROL SYSTEM
COMPONENTS OF INTERNAL CONTROL SYSTEM
COMPONENTS OF INTERNAL CONTROL SYSTEM
INTERNAL CONTROLS IN SMALLER ENTITIES