International Standard on Auditing (UK) 265

Similar documents
International Standard on Auditing (Ireland) 265. Communicating Deficiencies in Internal Control to Those Charged with Governance and Management

SRI LANKA AUDITING STANDARD 580 WRITTEN REPRESENTATIONS CONTENTS

Written Representations

PROPOSED INTERNATIONAL STANDARD ON AUDITING (ISA) 260 (REVISED) COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE

TERMS OF REFERENCE. Audit and Risk Committee (the "Committee") of Wilmcote Holdings Plc (the "Company")

Audit and Risk Management Committee Charter

Communication with Those Charged with Governance

AUDIT, RISK MANAGEMENT AND COMPLIANCE COMMITTEE CHARTER

AUDIT COMMITTEE CHARTER

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd

Using the Work of an Auditor s Expert

Audit Committee Charter

ISA 580, Written Representations

THE CLOROX COMPANY AUDIT COMMITTEE CHARTER. [Effective May 8, 2017]

Documentation / Other important Standards with SME perspective

FINANCE & AUDIT COMMITTEE

International Standard on Review Engagements (ISRE) 2400 (Revised), Engagements to Review Historical Financial Statements

Audit Committee Charter

Written Representations

Risk and Audit Committee charter

A0aa. Assertions that the auditor may use in addressing the requirements of this ISA are further described in paragraph A121c.

Huntington Bancshares Incorporated

Safeguards Phase 2 Section 600/Non-assurance Services (NAS) Part 4A International Independence Standards for Audits and Reviews

AUDIT & RISK COMMITTEE CHARTER

Using the Work of an Auditor s Expert

GENERAL MOTORS COMPANY AUDIT COMMITTEE CHARTER. Amended and Restated: December 13, 2017

TASSAL GROUP LIMITED ABN Procedures for the Oversight and Management of Material Business Risks. (Approved by the Board 28 May 2015)

Audit & Risk Committee Charter

Corporate Governance Principles

The Committee is specifically charged with the following duties and responsibilities:

MiFID Supervisory Briefing Suitability

TERMS OF REFERENCE FOR THE PROVISION OF OUTSOURCED INTERNAL AUDIT SERVICE

CORPORATE GOVERNANCE POLICY

CITIGROUP INC. AUDIT COMMITTEE CHARTER As of January 18, 2018

PSNC Briefing on the NHS Complaints procedure (from 1 April 2009)

Terms of Reference - Board of Directors (approved by the Board on 12 April 2018)

CAQ Lessons Learned. Performing an Audit of Internal Control. In an Integrated Audit

AUDIT and ASSURANCE COMMITTEE TERMS OF REFERENCE

DRAFT AUDITOR S RESPONSIBILITY UNDER AUDITING STANDARDS GENERALLY ACCEPTED IN THE UNITED STATES OF AMERICA

Safeguards Phase 2 Proposed Section 600 (Mark-up From September 27 IESBA Meeting Discussion)

TASSAL GROUP LIMITED ABN

MiFID Supervisory Briefing Appropriateness and execution-only

CYBG PLC BOARD REMUNERATION COMMITTEE. Charter

Chapter 1. Introduction and Overview of Audit & Assurance

CHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF DROPBOX, INC.

CHARTER OF THE NOMINATING AND CORPORATE GOVERNANCE COMMITTEE OF THE BOARD OF DIRECTORS OF PLURALSIGHT, INC. Adopted May 3, 2018

Comment Letter on Exposure Draft Reporting on Audited Financial Statements: Proposed New and Revised International Standards on Auditing (ISAs)

Overview of Statements of Investment Policies and Procedures (SIPP) Requirements

Local Code Of Corporate Governance

CHARTER OF RESERVES, HEALTH, SAFETY, ENVIRONMENT AND SOCIAL RESPONSIBILITY COMMITTEE 2018

Select Auditing Considerations for the 2013 Audit Cycle

HUMAN RESOURCES AND COMPENSATION COMMITTEE CHARTER

CHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF ON DECK CAPITAL, INC.

Exposure Draft: Practice Note 15 (Revised) The audit of occupational pension schemes in the United Kingdom

NANOSTRING TECHNOLOGIES, INC. COMPENSATION COMMITTEE CHARTER. (Adopted as of October 16, 2012 and amended as of April 26, 2017)

AUDIT COMMITTEE CHARTER

Proposed Revised South African Auditing Practice Statement (SAAPS) 2 Financial Reporting Frameworks and the Auditor s Report

AUDIT & RISK COMMITTEE (ARC)

School Business Manager

Integrated Audits of Public Companies

Board Committee Charters

Equiniti Group plc (the Company) Audit Committee. Terms of Reference

NCTJ Conflicts of Interest Policy and Procedures

[AGENCY NAME] Mandate and Roles Document. (Pure Advisory Committees)

Audit, Risk & Compliance Committee Charter

HEIDRICK & STRUGGLES INTERNATIONAL, INC. Corporate Governance Guidelines

Current Developments: Canadian Securities and Auditing Matters

CHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF PLURALSIGHT, INC. Adopted May 3, 2018

16-18Co(17)97 Appendix 2. Panel Consideration Practice Statement. Introduction. This document has been produced to:

JAUPT Appraisal Criteria Centre Application. November 2016

The Company is a public company incorporated in Bermuda and its securities are listed on AIM.

Objectives of the review. Context. February 2015

AMENDMENTS TO NASDAQ RULES ON COMPENSATION COMMITTEES

Human Resources & Remuneration Committee Charter. Bank of Queensland

Understanding Self Managed Superannuation Funds

Safeguards Phase 2 Section 600/Non-assurance Services (NAS) Part 4A International Independence Standards for Audits and Reviews

Sempra Energy Environmental, Health, Safety and Technology Committee Charter

Independent Director and Audit Committee

Risk Management Policy

ADANI POWER LIMITED RELATED PARTY TRANSACTION POLICY. Page 1 of 10

VIVINT SOLAR, INC. COMPENSATION COMMITTEE CHARTER. (Adopted as of May 9, 2014)

Are you ready for the FUTURE of your Quality Management system?

CORPORATE GOVERNANCE, NOMINATING & RISK COMMITTEE CHARTER

TERMS AND CONDITIONS FOR APPOINTMENT OF INDEPENDENT DIRECTOR

Internal Control Requirements for Adopting New Accounting Standards

Investor Money Regulations

Order Execution Policy

PRIMERICA, INC. COMPENSATION COMMITTEE CHARTER Adopted on March 31, 2010 and revised as of August 15, 2018

EXECUTIVE SUMMARY INTERNAL AUDIT REPORT. IOM Kingston JM JULY 2017

Park Square Capital, LLP (the Firm, Park Square ) Remuneration Policy Statement

ALLIANCE ISLAMIC BANK BERHAD ( V)

Powerlink - Corporate Entertainment & Hospitality - Policy

1 st Floor, Building 32 The Woodlands Office Park Woodlands Drive, Woodmead 2148, Johannesburg, South Africa

The UK Register of Trusts 21 December 2017

We have carried out the following assurance activities:

AUDIT COMMITTEE CHARGE

Corporate Governance Charter

Manual of Administrative Policies and Procedures

Producer Statements will be accepted only in accordance with this policy.

Workers Pension Trust

Transcription:

Standard Audit and Assurance Financial Reprting Cuncil June 2016 Internatinal Standard n Auditing (UK) 265 Cmmunicating Defi ciencies in Internal Cntrl t Thse Charged With Gvernance and Management

The FRC is respnsible fr prmting high quality crprate gvernance and reprting t fster investment. We set the UK Crprate Gvernance and Stewardship Cdes as well as UK standards fr accunting, auditing and actuarial wrk. We represent UK interests in internatinal standard-setting. We als mnitr and take actin t prmte the quality f crprate reprting and auditing. We perate independent disciplinary arrangements fr accuntants and actuaries, and versee the regulatry activities f the accuntancy and actuarial prfessinal bdies. The FRC des nt accept any liability t any party fr any lss, damage r csts hwsever arising, whether directly r indirectly, whether in cntract, trt r therwise frm any actin r decisin taken (r nt taken) as a result f any persn relying n r therwise using this dcument r arising frm any missin frm it. The Financial Reprting Cuncil Limited 2016 The Financial Reprting Cuncil Limited is a cmpany limited by guarantee. Registered in England number 2486368. Registered Offi ce: 8th Flr, 125 Lndn Wall, Lndn EC2Y 5AS

INTERNATIONAL STANDARD ON AUDITING (UK) 265 COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT (Effective fr audits f financial statements fr perids ending n r after 15 December 2010) Intrductin CONTENTS Paragraph Scpe f this ISA (UK)... 1 3 Effective Date... 4 Objective... 5 Definitins... 6 Requirements... 7 11 Applicatin and Other Explanatry Material Determinatin f Whether Deficiencies in Internal Cntrl Have Been Identified... Significant Deficiencies in Internal Cntrl... Cmmunicatin f Deficiencies in Internal Cntrl... A1 A4 A5 A11 A12 A30 Internatinal Standard n Auditing (UK) (ISA (UK)) 265, Cmmunicating Deficiencies in Internal Cntrl t Thse Charged with Gvernance and Management, shuld be read in cnjunctin with ISA (UK) 200 (Revised June 2016), Overall Objectives f the Independent Auditr and the Cnduct f an Audit in Accrdance with Internatinal Standards n Auditing (UK). 1

Intrductin Scpe f this ISA (UK) ISA (UK) 265 1. This Internatinal Standard n Auditing (UK) (ISA (UK)) deals with the auditr s respnsibility t cmmunicate apprpriately t thse charged with gvernance and management deficiencies in internal cntrl 1 that the auditr has identified in an audit f financial statements. This ISA (UK) des nt impse additinal respnsibilities n the auditr regarding btaining an understanding f internal cntrl and designing and perfrming tests f cntrls ver and abve the requirements f ISA (UK) 315 (Revised June 2016) and ISA (UK) 330 (Revised June 2016). 2 ISA (UK) 260 (Revised June 2016) 3 establishes further requirements and prvides guidance regarding the auditr s respnsibility t cmmunicate with thse charged with gvernance in relatin t the audit. 2. The auditr is required t btain an understanding f internal cntrl relevant t the audit when identifying and assessing the risks f material misstatement. 4 In making thse risk assessments, the auditr cnsiders internal cntrl in rder t design audit prcedures that are apprpriate in the circumstances, but nt fr the purpse f expressing an pinin n the effectiveness f internal cntrl. The auditr may identify deficiencies in internal cntrl nt nly during this risk assessment prcess but als at any ther stage f the audit. This ISA (UK) specifies which identified deficiencies the auditr is required t cmmunicate t thse charged with gvernance and management. 3. Nthing in this ISA (UK) precludes the auditr frm cmmunicating t thse charged with gvernance and management ther internal cntrl matters that the auditr has identified during the audit. Effective Date 4. This ISA (UK) is effective fr audits f financial statements fr perids ending n r after 15 December 2010. Objective 5. The bjective f the auditr is t cmmunicate apprpriately t thse charged with gvernance and management deficiencies in internal cntrl that the auditr has identified during the audit and that, in the auditr s prfessinal judgment, are f sufficient imprtance t merit their respective attentins. Definitins 6. Fr purpses f the ISAs (UK), the fllwing terms have the meanings attributed belw: (a) Deficiency in internal cntrl This exists when: 1 ISA (UK) 315 (Revised June 2016), Identifying and Assessing the Risks f Material Misstatement thrugh Understanding the Entity and Its Envirnment, paragraphs 4 and 12. 2 ISA (UK) 330 (Revised June 2016), The Auditr s Respnses t Assessed Risks. 3 ISA (UK) 260 (Revised June 2016), Cmmunicatin with Thse Charged with Gvernance. 4 ISA (UK) 315 (Revised June 2016), paragraph 12. Paragraphs A60 A65 prvide guidance n cntrls relevant t the audit. 2

ISA (UK) 265 (i) (ii) A cntrl is designed, implemented r perated in such a way that it is unable t prevent, r detect and crrect, misstatements in the financial statements n a timely basis; r A cntrl necessary t prevent, r detect and crrect, misstatements in the financial statements n a timely basis is missing. (b) Significant deficiency in internal cntrl A deficiency r cmbinatin f deficiencies in internal cntrl that, in the auditr s prfessinal judgment, is f sufficient imprtance t merit the attentin f thse charged with gvernance. (Ref: Para. A5) Requirements 7. The auditr shall determine whether, n the basis f the audit wrk perfrmed, the auditr has identified ne r mre deficiencies in internal cntrl. (Ref: Para. A1 A4) 8. If the auditr has identified ne r mre deficiencies in internal cntrl, the auditr shall determine, n the basis f the audit wrk perfrmed, whether, individually r in cmbinatin, they cnstitute significant deficiencies. (Ref: Para. A5 A11) 9. The auditr shall cmmunicate in writing significant deficiencies in internal cntrl identified during the audit t thse charged with gvernance n a timely basis. (Ref: Para. A12 A18, A27) 10. The auditr shall als cmmunicate t management at an apprpriate level f respnsibility n a timely basis: (Ref: Para. A19, A27) (a) In writing, significant deficiencies in internal cntrl that the auditr has cmmunicated r intends t cmmunicate t thse charged with gvernance, unless it wuld be inapprpriate t cmmunicate directly t management in the circumstances; and (Ref: Para. A14, A20 A21) (b) Other deficiencies in internal cntrl identified during the audit that have nt been cmmunicated t management by ther parties and that, in the auditr s prfessinal judgment, are f sufficient imprtance t merit management s attentin. (Ref: Para. A22 A26) 11. The auditr shall include in the written cmmunicatin f significant deficiencies in internal cntrl: (a) (b) A descriptin f the deficiencies and an explanatin f their ptential effects; and (Ref: Para. A28) Sufficient infrmatin t enable thse charged with gvernance and management t understand the cntext f the cmmunicatin. In particular, the auditr shall explain that: (Ref: Para. A29 A30) (i) The purpse f the audit was fr the auditr t express an pinin n the financial statements; (ii) The audit included cnsideratin f internal cntrl relevant t the preparatin f the financial statements in rder t design audit prcedures that are apprpriate in the circumstances, but nt fr the purpse f expressing an pinin n the effectiveness f internal cntrl; and 3

(iii) ISA (UK) 265 The matters being reprted are limited t thse deficiencies that the auditr has identified during the audit and that the auditr has cncluded are f sufficient imprtance t merit being reprted t thse charged with gvernance. *** Applicatin and Other Explanatry Material Determinatin f Whether Deficiencies in Internal Cntrl Have Been Identified (Ref: Para. 7) A1. In determining whether the auditr has identified ne r mre deficiencies in internal cntrl, the auditr may discuss the relevant facts and circumstances f the auditr s findings with the apprpriate level f management. This discussin prvides an pprtunity fr the auditr t alert management n a timely basis t the existence f deficiencies f which management may nt have been previusly aware. The level f management with whm it is apprpriate t discuss the findings is ne that is familiar with the internal cntrl area cncerned and that has the authrity t take remedial actin n any identified deficiencies in internal cntrl. In sme circumstances, it may nt be apprpriate fr the auditr t discuss the auditr s findings directly with management, fr example, if the findings appear t call management s integrity r cmpetence int questin (see paragraph A20). A2. In discussing the facts and circumstances f the auditr s findings with management, the auditr may btain ther relevant infrmatin fr further cnsideratin, such as: Management s understanding f the actual r suspected causes f the deficiencies. Exceptins arising frm the deficiencies that management may have nted, fr example, misstatements that were nt prevented by the relevant infrmatin technlgy (IT) cntrls. A preliminary indicatin frm management f its respnse t the findings. Cnsideratins Specific t Smaller Entities A3. While the cncepts underlying cntrl activities in smaller entities are likely t be similar t thse in larger entities, the frmality with which they perate will vary. Further, smaller entities may find that certain types f cntrl activities are nt necessary because f cntrls applied by management. Fr example, management s sle authrity fr granting credit t custmers and apprving significant purchases can prvide effective cntrl ver imprtant accunt balances and transactins, lessening r remving the need fr mre detailed cntrl activities. A4. Als, smaller entities ften have fewer emplyees which may limit the extent t which segregatin f duties is practicable. Hwever, in a small wner-managed entity, the wner-manager may be able t exercise mre effective versight than in a larger entity. This higher level f management versight needs t be balanced against the greater ptential fr management verride f cntrls. Significant Deficiencies in Internal Cntrl (Ref: Para. 6(b), 8) A5. The significance f a deficiency r a cmbinatin f deficiencies in internal cntrl depends nt nly n whether a misstatement has actually ccurred, but als n the 4

ISA (UK) 265 likelihd that a misstatement culd ccur and the ptential magnitude f the misstatement. Significant deficiencies may therefre exist even thugh the auditr has nt identified misstatements during the audit. A6. Examples f matters that the auditr may cnsider in determining whether a deficiency r cmbinatin f deficiencies in internal cntrl cnstitutes a significant deficiency include: The likelihd f the deficiencies leading t material misstatements in the financial statements in the future. The susceptibility t lss r fraud f the related asset r liability. The subjectivity and cmplexity f determining estimated amunts, such as fair value accunting estimates. The financial statement amunts expsed t the deficiencies. The vlume f activity that has ccurred r culd ccur in the accunt balance r class f transactins expsed t the deficiency r deficiencies. The imprtance f the cntrls t the financial reprting prcess; fr example: General mnitring cntrls (such as versight f management). Cntrls ver the preventin and detectin f fraud. Cntrls ver the selectin and applicatin f significant accunting plicies. Cntrls ver significant transactins with related parties. Cntrls ver significant transactins utside the entity s nrmal curse f business. Cntrls ver the perid-end financial reprting prcess (such as cntrls ver nn-recurring jurnal entries). The cause and frequency f the exceptins detected as a result f the deficiencies in the cntrls. The interactin f the deficiency with ther deficiencies in internal cntrl. A7. Indicatrs f significant deficiencies in internal cntrl include, fr example: Evidence f ineffective aspects f the cntrl envirnment, such as: Indicatins that significant transactins in which management is financially interested are nt being apprpriately scrutinized by thse charged with gvernance. Identificatin f management fraud, whether r nt material, that was nt prevented by the entity s internal cntrl. Management s failure t implement apprpriate remedial actin n significant deficiencies previusly cmmunicated. Absence f a risk assessment prcess within the entity where such a prcess wuld rdinarily be expected t have been established. 5

ISA (UK) 265 Evidence f an ineffective entity risk assessment prcess, such as management s failure t identify a risk f material misstatement that the auditr wuld expect the entity s risk assessment prcess t have identified. Evidence f an ineffective respnse t identified significant risks (fr example, absence f cntrls ver such a risk). Misstatements detected by the auditr s prcedures that were nt prevented, r detected and crrected, by the entity s internal cntrl. Restatement f previusly issued financial statements t reflect the crrectin f a material misstatement due t errr r fraud. Evidence f management s inability t versee the preparatin f the financial statements. A8. Cntrls may be designed t perate individually r in cmbinatin t effectively prevent, r detect and crrect, misstatements. 5 Fr example, cntrls ver accunts receivable may cnsist f bth autmated and manual cntrls designed t perate tgether t prevent, r detect and crrect, misstatements in the accunt balance. A deficiency in internal cntrl n its wn may nt be sufficiently imprtant t cnstitute a significant deficiency. Hwever, a cmbinatin f deficiencies affecting the same accunt balance r disclsure, relevant assertin, r cmpnent f internal cntrl may increase the risks f misstatement t such an extent as t give rise t a significant deficiency. A9. Law r regulatin in sme jurisdictins may establish a requirement (particularly fr audits f listed entities) fr the auditr t cmmunicate t thse charged with gvernance r t ther relevant parties (such as regulatrs) ne r mre specific types f deficiency in internal cntrl that the auditr has identified during the audit. Where law r regulatin has established specific terms and definitins fr these types f deficiency and requires the auditr t use these terms and definitins fr the purpse f the cmmunicatin, the auditr uses such terms and definitins when cmmunicating in accrdance with the legal r regulatry requirement. A10. Where the jurisdictin has established specific terms fr the types f deficiency in internal cntrl t be cmmunicated but has nt defined such terms, it may be necessary fr the auditr t use judgment t determine the matters t be cmmunicated further t the legal r regulatry requirement. In ding s, the auditr may cnsider it apprpriate t have regard t the requirements and guidance in this ISA (UK). Fr example, if the purpse f the legal r regulatry requirement is t bring t the attentin f thse charged with gvernance certain internal cntrl matters f which they shuld be aware, it may be apprpriate t regard such matters as being generally equivalent t the significant deficiencies required by this ISA (UK) t be cmmunicated t thse charged with gvernance. A11. The requirements f this ISA (UK) remain applicable ntwithstanding that law r regulatin may require the auditr t use specific terms r definitins. 5 ISA (UK) 315 (Revised June 2016), paragraph A66. 6

ISA (UK) 265 Cmmunicatin f Deficiencies in Internal Cntrl Cmmunicatin f Significant Deficiencies in Internal Cntrl t Thse Charged with Gvernance (Ref: Para. 9) A12. Cmmunicating significant deficiencies in writing t thse charged with gvernance reflects the imprtance f these matters, and assists thse charged with gvernance in fulfilling their versight respnsibilities. ISA (UK) 260 (Revised June 2016) establishes relevant cnsideratins regarding cmmunicatin with thse charged with gvernance when all f them are invlved in managing the entity. 6 A12-1. In the UK, where applicable, timely cmmunicatin f significant deficiencies, in writing, t directrs f listed entities can assist them t cmply with the prvisins f the UK Crprate Gvernance Cde relating t internal cntrl and reprting t sharehlders. A13. In determining when t issue the written cmmunicatin, the auditr may cnsider whether receipt f such cmmunicatin wuld be an imprtant factr in enabling thse charged with gvernance t discharge their versight respnsibilities. In additin, fr listed entities in certain jurisdictins, thse charged with gvernance may need t receive the auditr s written cmmunicatin befre the date f apprval f the financial statements in rder t discharge specific respnsibilities in relatin t internal cntrl fr regulatry r ther purpses. Fr ther entities, the auditr may issue the written cmmunicatin at a later date. Nevertheless, in the latter case, as the auditr s written cmmunicatin f significant deficiencies frms part f the final audit file, the written cmmunicatin is subject t the verriding requirement 7 fr the auditr t cmplete the assembly f the final audit file n a timely basis. ISA (UK) 230 (Revised June 2016) states that an apprpriate time limit within which t cmplete the assembly f the final audit file is rdinarily nt mre than 60 days after the date f the auditr s reprt. 8 A13-1. Fr audits f financial statements f public interest entities, ISA (UK) 260 (Revised June 2016) 8a requires the auditr t cmmunicate in the additinal reprt t the audit cmmittee any significant deficiencies in the entity s internal financial cntrl system r in the accunting system, and whether r nt the deficiencies reprted have been reslved by management. A14. Regardless f the timing f the written cmmunicatin f significant deficiencies, the auditr may cmmunicate these rally in the first instance t management and, when apprpriate, t thse charged with gvernance t assist them in taking timely remedial actin t minimize the risks f material misstatement. Ding s, hwever, des nt relieve the auditr f the respnsibility t cmmunicate the significant deficiencies in writing, as this ISA (UK) requires. A15. The level f detail at which t cmmunicate significant deficiencies is a matter f the auditr s prfessinal judgment in the circumstances. Factrs that the auditr may cnsider in determining an apprpriate level f detail fr the cmmunicatin include, fr example: 6 ISA (UK) 260 (Revised June 2016), paragraph 13. 7 ISA (UK) 230 (Revised June 2016), Audit Dcumentatin, paragraph 14. 8 ISA (UK) 230 (Revised June 2016), paragraph A21. 8a ISA (UK) 260 (Revised June 2016), paragraph 16R-2(j). 7

ISA (UK) 265 The nature f the entity. Fr instance, the cmmunicatin required fr a public interest entity may be different frm that fr a nn-public interest entity. The size and cmplexity f the entity. Fr instance, the cmmunicatin required fr a cmplex entity may be different frm that fr an entity perating a simple business. The nature f significant deficiencies that the auditr has identified. The entity s gvernance cmpsitin. Fr instance, mre detail may be needed if thse charged with gvernance include members wh d nt have significant experience in the entity s industry r in the affected areas. Legal r regulatry requirements regarding the cmmunicatin f specific types f deficiency in internal cntrl. A16. Management and thse charged with gvernance may already be aware f significant deficiencies that the auditr has identified during the audit and may have chsen nt t remedy them because f cst r ther cnsideratins. The respnsibility fr evaluating the csts and benefits f implementing remedial actin rests with management and thse charged with gvernance. Accrdingly, the requirement in paragraph 9 applies regardless f cst r ther cnsideratins that management and thse charged with gvernance may cnsider relevant in determining whether t remedy such deficiencies. A17. The fact that the auditr cmmunicated a significant deficiency t thse charged with gvernance and management in a previus audit des nt eliminate the need fr the auditr t repeat the cmmunicatin if remedial actin has nt yet been taken. If a previusly cmmunicated significant deficiency remains, the current year s cmmunicatin may repeat the descriptin frm the previus cmmunicatin, r simply reference the previus cmmunicatin. The auditr may ask management r, where apprpriate, thse charged with gvernance, why the significant deficiency has nt yet been remedied. A failure t act, in the absence f a ratinal explanatin, may in itself represent a significant deficiency. Cnsideratins Specific t Smaller Entities A18. In the case f audits f smaller entities, the auditr may cmmunicate in a less structured manner with thse charged with gvernance than in the case f larger entities. Cmmunicatin f Deficiencies in Internal Cntrl t Management (Ref: Para. 10) A19. Ordinarily, the apprpriate level f management is the ne that has respnsibility and authrity t evaluate the deficiencies in internal cntrl and t take the necessary remedial actin. Fr significant deficiencies, the apprpriate level is likely t be the chief executive fficer r chief financial fficer (r equivalent) as these matters are als required t be cmmunicated t thse charged with gvernance. Fr ther deficiencies in internal cntrl, the apprpriate level may be peratinal management with mre direct invlvement in the cntrl areas affected and with the authrity t take apprpriate remedial actin. 8

ISA (UK) 265 Cmmunicatin f Significant Deficiencies in Internal Cntrl t Management (Ref: Para. 10(a)) A20. Certain identified significant deficiencies in internal cntrl may call int questin the integrity r cmpetence f management. Fr example, there may be evidence f fraud r intentinal nn-cmpliance with laws and regulatins by management, r management may exhibit an inability t versee the preparatin f adequate financial statements that may raise dubt abut management s cmpetence. Accrdingly, it may nt be apprpriate t cmmunicate such deficiencies directly t management. A21. ISA (UK) 250 (Revised June 2016) establishes requirements and prvides guidance n the reprting f identified r suspected nn-cmpliance with laws and regulatins, including when thse charged with gvernance are themselves invlved in such nncmpliance. 9 ISA (UK) 240 (Revised June 2016) establishes requirements and prvides guidance regarding cmmunicatin t thse charged with gvernance when the auditr has identified fraud r suspected fraud invlving management. 10 Cmmunicatin f Other Deficiencies in Internal Cntrl t Management (Ref: Para. 10(b)) A22. During the audit, the auditr may identify ther deficiencies in internal cntrl that are nt significant deficiencies but that may be f sufficient imprtance t merit management s attentin. The determinatin as t which ther deficiencies in internal cntrl merit management s attentin is a matter f prfessinal judgment in the circumstances, taking int accunt the likelihd and ptential magnitude f misstatements that may arise in the financial statements as a result f thse deficiencies. A23. The cmmunicatin f ther deficiencies in internal cntrl that merit management s attentin need nt be in writing but may be ral. Where the auditr has discussed the facts and circumstances f the auditr s findings with management, the auditr may cnsider an ral cmmunicatin f the ther deficiencies t have been made t management at the time f these discussins. Accrdingly, a frmal cmmunicatin need nt be made subsequently. A24. If the auditr has cmmunicated deficiencies in internal cntrl ther than significant deficiencies t management in a prir perid and management has chsen nt t remedy them fr cst r ther reasns, the auditr need nt repeat the cmmunicatin in the current perid. The auditr is als nt required t repeat infrmatin abut such deficiencies if it has been previusly cmmunicated t management by ther parties, such as the internal audit functin r regulatrs. It may, hwever, be apprpriate fr the auditr t re-cmmunicate these ther deficiencies if there has been a change f management, r if new infrmatin has cme t the auditr s attentin that alters the prir understanding f the auditr and management regarding the deficiencies. Nevertheless, the failure f management t remedy ther deficiencies in internal cntrl that were previusly cmmunicated may becme a significant deficiency requiring cmmunicatin with thse charged with gvernance. Whether this is the case depends n the auditr s judgment in the circumstances. 9 ISA (UK) 250 (Revised June 2016), Cnsideratin f Laws and Regulatins in an Audit f Financial Statements, paragraphs 22 28. 10 ISA (UK) 240 (Revised June 2016), The Auditr s Respnsibilities Relating t Fraud in an Audit f Financial Statements, paragraph 41. 9

ISA (UK) 265 A25. In sme circumstances, thse charged with gvernance may wish t be made aware f the details f ther deficiencies in internal cntrl the auditr has cmmunicated t management, r be briefly infrmed f the nature f the ther deficiencies. Alternatively, the auditr may cnsider it apprpriate t infrm thse charged with gvernance f the cmmunicatin f the ther deficiencies t management. In either case, the auditr may reprt rally r in writing t thse charged with gvernance as apprpriate. A26. ISA (UK) 260 (Revised June 2016) establishes relevant cnsideratins regarding cmmunicatin with thse charged with gvernance when all f them are invlved in managing the entity. 11 Cnsideratins Specific t Public Sectr Entities (Ref: Para. 9 10) A27. Public sectr auditrs may have additinal respnsibilities t cmmunicate deficiencies in internal cntrl that the auditr has identified during the audit, in ways, at a level f detail and t parties nt envisaged in this ISA (UK). Fr example, significant deficiencies may have t be cmmunicated t the legislature r ther gverning bdy. Law, regulatin r ther authrity may als mandate that public sectr auditrs reprt deficiencies in internal cntrl, irrespective f the significance f the ptential effects f thse deficiencies. Further, legislatin may require public sectr auditrs t reprt n brader internal cntrl-related matters than the deficiencies in internal cntrl required t be cmmunicated by this ISA (UK), fr example, cntrls related t cmpliance with legislative authrities, regulatins, r prvisins f cntracts r grant agreements. Cntent f Written Cmmunicatin f Significant Deficiencies in Internal Cntrl (Ref: Para. 11) A28. In explaining the ptential effects f the significant deficiencies, the auditr need nt quantify thse effects. The significant deficiencies may be gruped tgether fr reprting purpses where it is apprpriate t d s. The auditr may als include in the written cmmunicatin suggestins fr remedial actin n the deficiencies, management s actual r prpsed respnses, and a statement as t whether r nt the auditr has undertaken any steps t verify whether management s respnses have been implemented. A29. The auditr may cnsider it apprpriate t include the fllwing infrmatin as additinal cntext fr the cmmunicatin: An indicatin that if the auditr had perfrmed mre extensive prcedures n internal cntrl, the auditr might have identified mre deficiencies t be reprted, r cncluded that sme f the reprted deficiencies need nt, in fact, have been reprted. An indicatin that such cmmunicatin has been prvided fr the purpses f thse charged with gvernance, and that it may nt be suitable fr ther purpses. A30. Law r regulatin may require the auditr r management t furnish a cpy f the auditr s written cmmunicatin n significant deficiencies t apprpriate regulatry 11 ISA (UK) 260 (Revised June 2016), paragraph 13. 10

ISA (UK) 265 authrities. Where this is the case, the auditr s written cmmunicatin may identify such regulatry authrities. 11

Financial Reprting Cuncil 8th Flr 125 Lndn Wall Lndn EC2Y 5AS +44 (0)20 7492 2300 www.frc.rg.uk

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback