SlideShare a Scribd company logo

ISA 265 Communicating Deficiencies in Internal Control to Those Charged With Governance and Management

Sazzad Hossain, ITP, MBA, CSCA™
Sazzad Hossain, ITP, MBA, CSCA™

ISA 265 Communicating Deficiencies in Internal Control to Those Charged With Governance and Management

Education
1 of 14
Download to read offline
Standard Audit and Assurance June 2016 International Standard on Auditing (UK) 265 Communicating Deficiencies in Internal Control to Those Charged With Governance and Management Financial Reporting Council
The FRC’s mission is to promote transparency and integrity in business. The FRC sets the UK Corporate Governance and Stewardship Codes and UK standards for accounting and actuarial work; monitors and takes action to promote the quality of corporate reporting; and operates independent enforcement arrangements for accountants and actuaries. As the Competent Authority for audit in the UK the FRC sets auditing and ethical standards and monitors and enforces audit quality. The FRC does not accept any liability to any party for any loss, damage or costs howsoever arising, whether directly or indirectly, whether in contract, tort or otherwise from any action or decision taken (or not taken) as a result of any person relying on or otherwise using this document or arising from any omission from it. © The Financial Reporting Council Limited 2018 The Financial Reporting Council Limited is a company limited by guarantee. Registered in England number 2486368. Registered Office: 8th Floor, 125 London Wall, London EC2Y 5AS
1 INTERNATIONAL STANDARD ON AUDITING (UK) 265 COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT (Effective for audits of financial statements for periods ending on or after 15 December 2010) CONTENTS Paragraph Introduction Scope of this ISA (UK) ............................................................................................ 1–3 Effective Date .......................................................................................................... 4 Objective ................................................................................................................ 5 Definitions ............................................................................................................. 6 Requirements ........................................................................................................ 7–11 Application and Other Explanatory Material Determination of Whether Deficiencies in Internal Control Have Been Identified ... A1–A4 Significant Deficiencies in Internal Control .............................................................. A5–A11 Communication of Deficiencies in Internal Control ................................................. A12–A30 International Standard on Auditing (UK) (ISA (UK)) 265, Communicating Deficiencies in Internal Control to Those Charged with Governance and Management, should be read in conjunction with ISA (UK) 200 (Revised June 2016), Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with International Standards on Auditing (UK).
ISA (UK) 265 2 Introduction Scope of this ISA (UK) 1. This International Standard on Auditing (UK) (ISA (UK)) deals with the auditor’s responsibility to communicate appropriately to those charged with governance and management deficiencies in internal control 1 that the auditor has identified in an audit of financial statements. This ISA (UK) does not impose additional responsibilities on the auditor regarding obtaining an understanding of internal control and designing and performing tests of controls over and above the requirements of ISA (UK) 315 (Revised June 2016) and ISA (UK) 330 (Revised July 2017).2 ISA (UK) 260 (Revised June 2016)3 establishes further requirements and provides guidance regarding the auditor’s responsibility to communicate with those charged with governance in relation to the audit. 2. The auditor is required to obtain an understanding of internal control relevant to the audit when identifying and assessing the risks of material misstatement.4 In making those risk assessments, the auditor considers internal control in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of internal control. The auditor may identify deficiencies in internal control not only during this risk assessment process but also at any other stage of the audit. This ISA (UK) specifies which identified deficiencies the auditor is required to communicate to those charged with governance and management. 3. Nothing in this ISA (UK) precludes the auditor from communicating to those charged with governance and management other internal control matters that the auditor has identified during the audit. Effective Date 4. This ISA (UK) is effective for audits of financial statements for periods ending on or after 15 December 2010. Objective 5. The objective of the auditor is to communicate appropriately to those charged with governance and management deficiencies in internal control that the auditor has identified during the audit and that, in the auditor’s professional judgment, are of sufficient importance to merit their respective attentions. Definitions 6. For purposes of the ISAs (UK), the following terms have the meanings attributed below: (a) Deficiency in internal control – This exists when: 1 ISA (UK) 315 (Revised June 2016), Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment, paragraphs 4 and 12. 2 ISA (UK) 330 (Revised July 2017), The Auditor’s Responses to Assessed Risks. 3 ISA (UK) 260 (Revised June 2016), Communication with Those Charged with Governance. 4 ISA (UK) 315 (Revised June 2016), paragraph 12. Paragraphs A68–A73 provide guidance on controls relevant to the audit.
ISA (UK) 265 3 (i) A control is designed, implemented or operated in such a way that it is unable to prevent, or detect and correct, misstatements in the financial statements on a timely basis; or (ii) A control necessary to prevent, or detect and correct, misstatements in the financial statements on a timely basis is missing. (b) Significant deficiency in internal control – A deficiency or combination of deficiencies in internal control that, in the auditor’s professional judgment, is of sufficient importance to merit the attention of those charged with governance. (Ref: Para. A5) Requirements 7. The auditor shall determine whether, on the basis of the audit work performed, the auditor has identified one or more deficiencies in internal control. (Ref: Para. A1–A4) 8. If the auditor has identified one or more deficiencies in internal control, the auditor shall determine, on the basis of the audit work performed, whether, individually or in combination, they constitute significant deficiencies. (Ref: Para. A5–A11) 9. The auditor shall communicate in writing significant deficiencies in internal control identified during the audit to those charged with governance on a timely basis. (Ref: Para. A12–A18, A27) 10. The auditor shall also communicate to management at an appropriate level of responsibility on a timely basis: (Ref: Para. A19, A27) (a) In writing, significant deficiencies in internal control that the auditor has communicated or intends to communicate to those charged with governance, unless it would be inappropriate to communicate directly to management in the circumstances; and (Ref: Para. A14, A20–A21) (b) Other deficiencies in internal control identified during the audit that have not been communicated to management by other parties and that, in the auditor’s professional judgment, are of sufficient importance to merit management’s attention. (Ref: Para. A22–A26) 11. The auditor shall include in the written communication of significant deficiencies in internal control: (a) A description of the deficiencies and an explanation of their potential effects; and (Ref: Para. A28) (b) Sufficient information to enable those charged with governance and management to understand the context of the communication. In particular, the auditor shall explain that: (Ref: Para. A29–A30) (i) The purpose of the audit was for the auditor to express an opinion on the financial statements; (ii) The audit included consideration of internal control relevant to the preparation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of internal control; and
ISA (UK) 265 4 (iii) The matters being reported are limited to those deficiencies that the auditor has identified during the audit and that the auditor has concluded are of sufficient importance to merit being reported to those charged with governance. *** Application and Other Explanatory Material Determination of Whether Deficiencies in Internal Control Have Been Identified (Ref: Para. 7) A1. In determining whether the auditor has identified one or more deficiencies in internal control, the auditor may discuss the relevant facts and circumstances of the auditor’s findings with the appropriate level of management. This discussion provides an opportunity for the auditor to alert management on a timely basis to the existence of deficiencies of which management may not have been previously aware. The level of management with whom it is appropriate to discuss the findings is one that is familiar with the internal control area concerned and that has the authority to take remedial action on any identified deficiencies in internal control. In some circumstances, it may not be appropriate for the auditor to discuss the auditor’s findings directly with management, for example, if the findings appear to call management’s integrity or competence into question (see paragraph A20). A2. In discussing the facts and circumstances of the auditor’s findings with management, the auditor may obtain other relevant information for further consideration, such as:  Management’s understanding of the actual or suspected causes of the deficiencies.  Exceptions arising from the deficiencies that management may have noted, for example, misstatements that were not prevented by the relevant information technology (IT) controls.  A preliminary indication from management of its response to the findings. Considerations Specific to Smaller Entities A3. While the concepts underlying control activities in smaller entities are likely to be similar to those in larger entities, the formality with which they operate will vary. Further, smaller entities may find that certain types of control activities are not necessary because of controls applied by management. For example, management’s sole authority for granting credit to customers and approving significant purchases can provide effective control over important account balances and transactions, lessening or removing the need for more detailed control activities. A4. Also, smaller entities often have fewer employees which may limit the extent to which segregation of duties is practicable. However, in a small owner-managed entity, the owner-manager may be able to exercise more effective oversight than in a larger entity. This higher level of management oversight needs to be balanced against the greater potential for management override of controls. Significant Deficiencies in Internal Control (Ref: Para. 6(b), 8) A5. The significance of a deficiency or a combination of deficiencies in internal control depends not only on whether a misstatement has actually occurred, but also on the
ISA (UK) 265 5 likelihood that a misstatement could occur and the potential magnitude of the misstatement. Significant deficiencies may therefore exist even though the auditor has not identified misstatements during the audit. A6. Examples of matters that the auditor may consider in determining whether a deficiency or combination of deficiencies in internal control constitutes a significant deficiency include:  The likelihood of the deficiencies leading to material misstatements in the financial statements in the future.  The susceptibility to loss or fraud of the related asset or liability.  The subjectivity and complexity of determining estimated amounts, such as fair value accounting estimates.  The financial statement amounts exposed to the deficiencies.  The volume of activity that has occurred or could occur in the account balance or class of transactions exposed to the deficiency or deficiencies.  The importance of the controls to the financial reporting process; for example: o General monitoring controls (such as oversight of management). o Controls over the prevention and detection of fraud. o Controls over the selection and application of significant accounting policies. o Controls over significant transactions with related parties. o Controls over significant transactions outside the entity’s normal course of business. o Controls over the period-end financial reporting process (such as controls over non-recurring journal entries).  The cause and frequency of the exceptions detected as a result of the deficiencies in the controls.  The interaction of the deficiency with other deficiencies in internal control. A7. Indicators of significant deficiencies in internal control include, for example:  Evidence of ineffective aspects of the control environment, such as: o Indications that significant transactions in which management is financially interested are not being appropriately scrutinized by those charged with governance. o Identification of management fraud, whether or not material, that was not prevented by the entity’s internal control. o Management’s failure to implement appropriate remedial action on significant deficiencies previously communicated.  Absence of a risk assessment process within the entity where such a process would ordinarily be expected to have been established.
ISA (UK) 265 6  Evidence of an ineffective entity risk assessment process, such as management’s failure to identify a risk of material misstatement that the auditor would expect the entity’s risk assessment process to have identified.  Evidence of an ineffective response to identified significant risks (for example, absence of controls over such a risk).  Misstatements detected by the auditor’s procedures that were not prevented, or detected and corrected, by the entity’s internal control.  Restatement of previously issued financial statements to reflect the correction of a material misstatement due to error or fraud.  Evidence of management’s inability to oversee the preparation of the financial statements. A8. Controls may be designed to operate individually or in combination to effectively prevent, or detect and correct, misstatements.5 For example, controls over accounts receivable may consist of both automated and manual controls designed to operate together to prevent, or detect and correct, misstatements in the account balance. A deficiency in internal control on its own may not be sufficiently important to constitute a significant deficiency. However, a combination of deficiencies affecting the same account balance or disclosure, relevant assertion, or component of internal control may increase the risks of misstatement to such an extent as to give rise to a significant deficiency. A9. Law or regulation in some jurisdictions may establish a requirement (particularly for audits of listed entities) for the auditor to communicate to those charged with governance or to other relevant parties (such as regulators) one or more specific types of deficiency in internal control that the auditor has identified during the audit. Where law or regulation has established specific terms and definitions for these types of deficiency and requires the auditor to use these terms and definitions for the purpose of the communication, the auditor uses such terms and definitions when communicating in accordance with the legal or regulatory requirement. A10. Where the jurisdiction has established specific terms for the types of deficiency in internal control to be communicated but has not defined such terms, it may be necessary for the auditor to use judgment to determine the matters to be communicated further to the legal or regulatory requirement. In doing so, the auditor may consider it appropriate to have regard to the requirements and guidance in this ISA (UK). For example, if the purpose of the legal or regulatory requirement is to bring to the attention of those charged with governance certain internal control matters of which they should be aware, it may be appropriate to regard such matters as being generally equivalent to the significant deficiencies required by this ISA (UK) to be communicated to those charged with governance. A11. The requirements of this ISA (UK) remain applicable notwithstanding that law or regulation may require the auditor to use specific terms or definitions. 5 ISA (UK) 315 (Revised June 2016), paragraph A74.
ISA (UK) 265 7 Communication of Deficiencies in Internal Control Communication of Significant Deficiencies in Internal Control to Those Charged with Governance (Ref: Para. 9) A12. Communicating significant deficiencies in writing to those charged with governance reflects the importance of these matters, and assists those charged with governance in fulfilling their oversight responsibilities. ISA (UK) 260 (Revised June 2016) establishes relevant considerations regarding communication with those charged with governance when all of them are involved in managing the entity.6 A12-1. In the UK, where applicable, timely communication of significant deficiencies, in writing, to directors of listed entities can assist them to comply with the provisions of the UK Corporate Governance Code relating to internal control and reporting to shareholders. A13. In determining when to issue the written communication, the auditor may consider whether receipt of such communication would be an important factor in enabling those charged with governance to discharge their oversight responsibilities. In addition, for listed entities in certain jurisdictions, those charged with governance may need to receive the auditor’s written communication before the date of approval of the financial statements in order to discharge specific responsibilities in relation to internal control for regulatory or other purposes. For other entities, the auditor may issue the written communication at a later date. Nevertheless, in the latter case, as the auditor’s written communication of significant deficiencies forms part of the final audit file, the written communication is subject to the overriding requirement 7 for the auditor to complete the assembly of the final audit file on a timely basis. ISA (UK) 230 (Revised June 2016) states that an appropriate time limit within which to complete the assembly of the final audit file is ordinarily not more than 60 days after the date of the auditor’s report.8 A13-1. For audits of financial statements of public interest entities, ISA (UK) 260 (Revised June 2016)8a requires the auditor to communicate in the additional report to the audit committee any significant deficiencies in the entity’s internal financial control system or in the accounting system, and whether or not the deficiencies reported have been resolved by management. A14. Regardless of the timing of the written communication of significant deficiencies, the auditor may communicate these orally in the first instance to management and, when appropriate, to those charged with governance to assist them in taking timely remedial action to minimize the risks of material misstatement. Doing so, however, does not relieve the auditor of the responsibility to communicate the significant deficiencies in writing, as this ISA (UK) requires. A15. The level of detail at which to communicate significant deficiencies is a matter of the auditor’s professional judgment in the circumstances. Factors that the auditor may consider in determining an appropriate level of detail for the communication include, for example: 6 ISA (UK) 260 (Revised June 2016), paragraph 13. 7 ISA (UK) 230 (Revised June 2016), Audit Documentation, paragraph 14. 8 ISA (UK) 230 (Revised June 2016), paragraph A21. 8a ISA (UK) 260 (Revised June 2016), paragraph 16R-2(j).
ISA (UK) 265 8  The nature of the entity. For instance, the communication required for a public interest entity may be different from that for a non-public interest entity.  The size and complexity of the entity. For instance, the communication required for a complex entity may be different from that for an entity operating a simple business.  The nature of significant deficiencies that the auditor has identified.  The entity’s governance composition. For instance, more detail may be needed if those charged with governance include members who do not have significant experience in the entity’s industry or in the affected areas.  Legal or regulatory requirements regarding the communication of specific types of deficiency in internal control. A16. Management and those charged with governance may already be aware of significant deficiencies that the auditor has identified during the audit and may have chosen not to remedy them because of cost or other considerations. The responsibility for evaluating the costs and benefits of implementing remedial action rests with management and those charged with governance. Accordingly, the requirement in paragraph 9 applies regardless of cost or other considerations that management and those charged with governance may consider relevant in determining whether to remedy such deficiencies. A17. The fact that the auditor communicated a significant deficiency to those charged with governance and management in a previous audit does not eliminate the need for the auditor to repeat the communication if remedial action has not yet been taken. If a previously communicated significant deficiency remains, the current year’s communication may repeat the description from the previous communication, or simply reference the previous communication. The auditor may ask management or, where appropriate, those charged with governance, why the significant deficiency has not yet been remedied. A failure to act, in the absence of a rational explanation, may in itself represent a significant deficiency. Considerations Specific to Smaller Entities A18. In the case of audits of smaller entities, the auditor may communicate in a less structured manner with those charged with governance than in the case of larger entities. Communication of Deficiencies in Internal Control to Management (Ref: Para. 10) A19. Ordinarily, the appropriate level of management is the one that has responsibility and authority to evaluate the deficiencies in internal control and to take the necessary remedial action. For significant deficiencies, the appropriate level is likely to be the chief executive officer or chief financial officer (or equivalent) as these matters are also required to be communicated to those charged with governance. For other deficiencies in internal control, the appropriate level may be operational management with more direct involvement in the control areas affected and with the authority to take appropriate remedial action.
ISA (UK) 265 9 Communication of Significant Deficiencies in Internal Control to Management (Ref: Para. 10(a)) A20. Certain identified significant deficiencies in internal control may call into question the integrity or competence of management. For example, there may be evidence of fraud or intentional non-compliance with laws and regulations by management, or management may exhibit an inability to oversee the preparation of adequate financial statements that may raise doubt about management’s competence. Accordingly, it may not be appropriate to communicate such deficiencies directly to management. A21. ISA (UK) 250 (Revised December 2017) establishes requirements and provides guidance on the reporting of identified or suspected non-compliance with laws and regulations, including when those charged with governance are themselves involved in such non-compliance.9 ISA (UK) 240 (Revised June 2016) establishes requirements and provides guidance regarding communication to those charged with governance when the auditor has identified fraud or suspected fraud involving management.10 Communication of Other Deficiencies in Internal Control to Management (Ref: Para. 10(b)) A22. During the audit, the auditor may identify other deficiencies in internal control that are not significant deficiencies but that may be of sufficient importance to merit management’s attention. The determination as to which other deficiencies in internal control merit management’s attention is a matter of professional judgment in the circumstances, taking into account the likelihood and potential magnitude of misstatements that may arise in the financial statements as a result of those deficiencies. A23. The communication of other deficiencies in internal control that merit management’s attention need not be in writing but may be oral. Where the auditor has discussed the facts and circumstances of the auditor’s findings with management, the auditor may consider an oral communication of the other deficiencies to have been made to management at the time of these discussions. Accordingly, a formal communication need not be made subsequently. A24. If the auditor has communicated deficiencies in internal control other than significant deficiencies to management in a prior period and management has chosen not to remedy them for cost or other reasons, the auditor need not repeat the communication in the current period. The auditor is also not required to repeat information about such deficiencies if it has been previously communicated to management by other parties, such as the internal audit function or regulators. It may, however, be appropriate for the auditor to re-communicate these other deficiencies if there has been a change of management, or if new information has come to the auditor’s attention that alters the prior understanding of the auditor and management regarding the deficiencies. Nevertheless, the failure of management to remedy other deficiencies in internal control that were previously communicated may become a significant deficiency requiring communication with those charged with governance. Whether this is the case depends on the auditor’s judgment in the circumstances. 9 ISA (UK) 250 (Revised December 2017), Section A—Consideration of Laws and Regulations in an Audit of Financial Statements, paragraphs 22–28. 10 ISA (UK) 240 (Revised June 2016), The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, paragraph 41.
ISA (UK) 265 10 A25. In some circumstances, those charged with governance may wish to be made aware of the details of other deficiencies in internal control the auditor has communicated to management, or be briefly informed of the nature of the other deficiencies. Alternatively, the auditor may consider it appropriate to inform those charged with governance of the communication of the other deficiencies to management. In either case, the auditor may report orally or in writing to those charged with governance as appropriate. A26. ISA (UK) 260 (Revised June 2016) establishes relevant considerations regarding communication with those charged with governance when all of them are involved in managing the entity.11 Considerations Specific to Public Sector Entities (Ref: Para. 9–10) A27. Public sector auditors may have additional responsibilities to communicate deficiencies in internal control that the auditor has identified during the audit, in ways, at a level of detail and to parties not envisaged in this ISA (UK). For example, significant deficiencies may have to be communicated to the legislature or other governing body. Law, regulation or other authority may also mandate that public sector auditors report deficiencies in internal control, irrespective of the significance of the potential effects of those deficiencies. Further, legislation may require public sector auditors to report on broader internal control-related matters than the deficiencies in internal control required to be communicated by this ISA (UK), for example, controls related to compliance with legislative authorities, regulations, or provisions of contracts or grant agreements. Content of Written Communication of Significant Deficiencies in Internal Control (Ref: Para. 11) A28. In explaining the potential effects of the significant deficiencies, the auditor need not quantify those effects. The significant deficiencies may be grouped together for reporting purposes where it is appropriate to do so. The auditor may also include in the written communication suggestions for remedial action on the deficiencies, management’s actual or proposed responses, and a statement as to whether or not the auditor has undertaken any steps to verify whether management’s responses have been implemented. A29. The auditor may consider it appropriate to include the following information as additional context for the communication:  An indication that if the auditor had performed more extensive procedures on internal control, the auditor might have identified more deficiencies to be reported, or concluded that some of the reported deficiencies need not, in fact, have been reported.  An indication that such communication has been provided for the purposes of those charged with governance, and that it may not be suitable for other purposes. A30. Law or regulation may require the auditor or management to furnish a copy of the auditor’s written communication on significant deficiencies to appropriate regulatory 11 ISA (UK) 260 (Revised June 2016), paragraph 13.
ISA (UK) 265 11 authorities. Where this is the case, the auditor’s written communication may identify such regulatory authorities.
Financial Reporting Council 8th Floor 125 London Wall London EC2Y 5AS +44 (0)20 7492 2300 www.frc.org.uk

Recommended

Contemporary Issues in auditing.pptx
Contemporary Issues in auditing.pptxContemporary Issues in auditing.pptx
Contemporary Issues in auditing.pptx
Padum Chetry
 
A STUDY ON FDI ON BSE STOCK MARKET
A STUDY ON FDI ON BSE STOCK MARKETA STUDY ON FDI ON BSE STOCK MARKET
A STUDY ON FDI ON BSE STOCK MARKET
Vasant Prabu
 
Credit Rating: Impact & Assessment - Need, Function and Assesstment of Credit...
Credit Rating: Impact & Assessment - Need, Function and Assesstment of Credit...Credit Rating: Impact & Assessment - Need, Function and Assesstment of Credit...
Credit Rating: Impact & Assessment - Need, Function and Assesstment of Credit...
Resurgent India
 
ISA 580 Written Representations
ISA 580 Written RepresentationsISA 580 Written Representations
ISA 580 Written Representations
Sazzad Hossain, ITP, MBA, CSCA™
 
Credit Risk Management on Bank of Baroda.docx
Credit Risk Management on Bank of Baroda.docxCredit Risk Management on Bank of Baroda.docx
Credit Risk Management on Bank of Baroda.docx
Vishal Doke
 
TAX TREATMENT ON ISLAMIC FINANCE IN MALAYSIA
TAX TREATMENT ON ISLAMIC FINANCE IN MALAYSIATAX TREATMENT ON ISLAMIC FINANCE IN MALAYSIA
TAX TREATMENT ON ISLAMIC FINANCE IN MALAYSIA
Izzuddin Norrahman
 
Sebi lodr (1) (2)
Sebi lodr (1) (2)Sebi lodr (1) (2)
Sebi lodr (1) (2)
New Corporate Laws Treatise(NCLT)
 
islamic bank ijarah
islamic bank ijarahislamic bank ijarah
islamic bank ijarah
waleed92
 

Recommended

Contemporary Issues in auditing.pptx
Contemporary Issues in auditing.pptxContemporary Issues in auditing.pptx
Contemporary Issues in auditing.pptx
Padum Chetry
 
A STUDY ON FDI ON BSE STOCK MARKET
A STUDY ON FDI ON BSE STOCK MARKETA STUDY ON FDI ON BSE STOCK MARKET
A STUDY ON FDI ON BSE STOCK MARKET
Vasant Prabu
 
Credit Rating: Impact & Assessment - Need, Function and Assesstment of Credit...
Credit Rating: Impact & Assessment - Need, Function and Assesstment of Credit...Credit Rating: Impact & Assessment - Need, Function and Assesstment of Credit...
Credit Rating: Impact & Assessment - Need, Function and Assesstment of Credit...
Resurgent India
 
ISA 580 Written Representations
ISA 580 Written RepresentationsISA 580 Written Representations
ISA 580 Written Representations
Sazzad Hossain, ITP, MBA, CSCA™
 
Credit Risk Management on Bank of Baroda.docx
Credit Risk Management on Bank of Baroda.docxCredit Risk Management on Bank of Baroda.docx
Credit Risk Management on Bank of Baroda.docx
Vishal Doke
 
TAX TREATMENT ON ISLAMIC FINANCE IN MALAYSIA
TAX TREATMENT ON ISLAMIC FINANCE IN MALAYSIATAX TREATMENT ON ISLAMIC FINANCE IN MALAYSIA
TAX TREATMENT ON ISLAMIC FINANCE IN MALAYSIA
Izzuddin Norrahman
 
Sebi lodr (1) (2)
Sebi lodr (1) (2)Sebi lodr (1) (2)
Sebi lodr (1) (2)
New Corporate Laws Treatise(NCLT)
 
islamic bank ijarah
islamic bank ijarahislamic bank ijarah
islamic bank ijarah
waleed92
 
Basel iii presentation
Basel iii presentationBasel iii presentation
Basel iii presentation
ReadingLLMlegaleagles
 
punjab national bank
punjab national bankpunjab national bank
punjab national bank
A S
 
AUDITOR'S REPORT AND TYPES OF OPINIONS
AUDITOR'S REPORT AND TYPES OF OPINIONS AUDITOR'S REPORT AND TYPES OF OPINIONS
AUDITOR'S REPORT AND TYPES OF OPINIONS
MUHAMMAD HUZAIFA CHAUDHARY
 
IFRS 7
IFRS 7IFRS 7
IFRS 7
KLAX RUKATO
 
ISA 230 (Revised) Audit Documentation
ISA 230 (Revised) Audit DocumentationISA 230 (Revised) Audit Documentation
ISA 230 (Revised) Audit Documentation
Sazzad Hossain, ITP, MBA, CSCA™
 
The importance of shari’ah governance
The importance of shari’ah governanceThe importance of shari’ah governance
The importance of shari’ah governance
NATIONAL UNIVERSITY OF MALAYSIA
 
SME BANK
SME BANKSME BANK
SME BANK
Rafe Azsnal
 
Board report Under Companies Act, 2013
Board report Under Companies Act, 2013Board report Under Companies Act, 2013
Board report Under Companies Act, 2013
ANSHUL KUMAR JAIN
 
A Report on the Punjab National Bank Scam (Nirav Modi)
A Report on the Punjab National Bank Scam (Nirav Modi)A Report on the Punjab National Bank Scam (Nirav Modi)
A Report on the Punjab National Bank Scam (Nirav Modi)
Yohan DSouza
 
Asset Liability Management
Asset Liability ManagementAsset Liability Management
Asset Liability Management
Vikram Sankhala IIT, IIM, Ex IRS, FRM, Fin.Engr
 
Audit report
Audit reportAudit report
Audit report
CS S Dhanapal B.Com B.A.B.L F.C.S
 
Insights of Insider Trading
Insights of Insider Trading Insights of Insider Trading
Insights of Insider Trading
Pavan Kumar Vijay
 
Corporate Finance Thesis Topics
Corporate Finance Thesis TopicsCorporate Finance Thesis Topics
Corporate Finance Thesis Topics
Bachelor Thesis
 
Non-current assets
Non-current assetsNon-current assets
Non-current assets
AiraRebuyon
 
Basel-2
Basel-2Basel-2
Basel-2
Chaitanya Lakshmi Vallapuneni
 
Basel iii capital adequacy accord
Basel iii capital adequacy accordBasel iii capital adequacy accord
Basel iii capital adequacy accord
Pankaj Baid
 
FEMA & Money Laundering Including cases
FEMA & Money Laundering Including cases FEMA & Money Laundering Including cases
FEMA & Money Laundering Including cases
Gokul K Prasad
 
Regulatory approaches to Islamic banking
Regulatory approaches to Islamic bankingRegulatory approaches to Islamic banking
Regulatory approaches to Islamic banking
Tariqullah Khan
 
Iist of finance projects
Iist of finance projectsIist of finance projects
Iist of finance projects
Babasab Patil
 
Bab 5 - Balance Sheet and Statement of Cash Flows
Bab 5 - Balance Sheet and Statement of Cash FlowsBab 5 - Balance Sheet and Statement of Cash Flows
Bab 5 - Balance Sheet and Statement of Cash Flows
msahuleka
 
Psa 265
Psa 265Psa 265
Psa 265
RS NAVARRO
 
A015 2010-iaasb-handbook-isa-265
A015 2010-iaasb-handbook-isa-265A015 2010-iaasb-handbook-isa-265
A015 2010-iaasb-handbook-isa-265
RS NAVARRO
 

More Related Content

What's hot

Board report Under Companies Act, 2013
Board report Under Companies Act, 2013Board report Under Companies Act, 2013
Board report Under Companies Act, 2013
ANSHUL KUMAR JAIN
 
Insights of Insider Trading
Insights of Insider Trading Insights of Insider Trading
Insights of Insider Trading
Pavan Kumar Vijay
 
Basel iii capital adequacy accord
Basel iii capital adequacy accordBasel iii capital adequacy accord
Basel iii capital adequacy accord
Pankaj Baid
 
Bab 5 - Balance Sheet and Statement of Cash Flows
Bab 5 - Balance Sheet and Statement of Cash FlowsBab 5 - Balance Sheet and Statement of Cash Flows
Bab 5 - Balance Sheet and Statement of Cash Flows
msahuleka
 

What's hot (20)

Basel iii presentation
Basel iii presentationBasel iii presentation
Basel iii presentation
 
punjab national bank
punjab national bankpunjab national bank
punjab national bank
 
AUDITOR'S REPORT AND TYPES OF OPINIONS
AUDITOR'S REPORT AND TYPES OF OPINIONS AUDITOR'S REPORT AND TYPES OF OPINIONS
AUDITOR'S REPORT AND TYPES OF OPINIONS
 
IFRS 7
IFRS 7IFRS 7
IFRS 7
 
ISA 230 (Revised) Audit Documentation
ISA 230 (Revised) Audit DocumentationISA 230 (Revised) Audit Documentation
ISA 230 (Revised) Audit Documentation
 
The importance of shari’ah governance
The importance of shari’ah governanceThe importance of shari’ah governance
The importance of shari’ah governance
 
SME BANK
SME BANKSME BANK
SME BANK
 
Board report Under Companies Act, 2013
Board report Under Companies Act, 2013Board report Under Companies Act, 2013
Board report Under Companies Act, 2013
 
A Report on the Punjab National Bank Scam (Nirav Modi)
A Report on the Punjab National Bank Scam (Nirav Modi)A Report on the Punjab National Bank Scam (Nirav Modi)
A Report on the Punjab National Bank Scam (Nirav Modi)
 
Asset Liability Management
Asset Liability ManagementAsset Liability Management
Asset Liability Management
 
Audit report
Audit reportAudit report
Audit report
 
Insights of Insider Trading
Insights of Insider Trading Insights of Insider Trading
Insights of Insider Trading
 
Corporate Finance Thesis Topics
Corporate Finance Thesis TopicsCorporate Finance Thesis Topics
Corporate Finance Thesis Topics
 
Non-current assets
Non-current assetsNon-current assets
Non-current assets
 
Basel-2
Basel-2Basel-2
Basel-2
 
Basel iii capital adequacy accord
Basel iii capital adequacy accordBasel iii capital adequacy accord
Basel iii capital adequacy accord
 
FEMA & Money Laundering Including cases
FEMA & Money Laundering Including cases FEMA & Money Laundering Including cases
FEMA & Money Laundering Including cases
 
Regulatory approaches to Islamic banking
Regulatory approaches to Islamic bankingRegulatory approaches to Islamic banking
Regulatory approaches to Islamic banking
 
Iist of finance projects
Iist of finance projectsIist of finance projects
Iist of finance projects
 
Bab 5 - Balance Sheet and Statement of Cash Flows
Bab 5 - Balance Sheet and Statement of Cash FlowsBab 5 - Balance Sheet and Statement of Cash Flows
Bab 5 - Balance Sheet and Statement of Cash Flows
 

Similar to ISA 265 Communicating Deficiencies in Internal Control to Those Charged With Governance and Management

Similar to ISA 265 Communicating Deficiencies in Internal Control to Those Charged With Governance and Management (20)

Psa 265
Psa 265Psa 265
Psa 265
 
A015 2010-iaasb-handbook-isa-265
A015 2010-iaasb-handbook-isa-265A015 2010-iaasb-handbook-isa-265
A015 2010-iaasb-handbook-isa-265
 
Isa (uk)-450 revised-june-2016-updated-july-2017 Evaluation of Misstatements ...
Isa (uk)-450 revised-june-2016-updated-july-2017 Evaluation of Misstatements ...Isa (uk)-450 revised-june-2016-updated-july-2017 Evaluation of Misstatements ...
Isa (uk)-450 revised-june-2016-updated-july-2017 Evaluation of Misstatements ...
 
Isa (uk)-705 revised-june-2016 Modifications to the Opinion in the Independen...
Isa (uk)-705 revised-june-2016 Modifications to the Opinion in the Independen...Isa (uk)-705 revised-june-2016 Modifications to the Opinion in the Independen...
Isa (uk)-705 revised-june-2016 Modifications to the Opinion in the Independen...
 
Isa (uk)-320 revised-june-2016 Materiality in Planning and Performing an Audit
Isa (uk)-320 revised-june-2016 Materiality in Planning and Performing an AuditIsa (uk)-320 revised-june-2016 Materiality in Planning and Performing an Audit
Isa (uk)-320 revised-june-2016 Materiality in Planning and Performing an Audit
 
Isa (uk)-501 Audit Evidence – Specific Considerations for Selected Items
Isa (uk)-501 Audit Evidence – Specific Considerations for Selected ItemsIsa (uk)-501 Audit Evidence – Specific Considerations for Selected Items
Isa (uk)-501 Audit Evidence – Specific Considerations for Selected Items
 
Isa (uk)-701 Communicating Key Audit Matters in the Independent Auditor’s Report
Isa (uk)-701 Communicating Key Audit Matters in the Independent Auditor’s ReportIsa (uk)-701 Communicating Key Audit Matters in the Independent Auditor’s Report
Isa (uk)-701 Communicating Key Audit Matters in the Independent Auditor’s Report
 
ISA 510 (Revised) Initial Audit Engagements – Opening Balances
ISA 510 (Revised) Initial Audit Engagements – Opening BalancesISA 510 (Revised) Initial Audit Engagements – Opening Balances
ISA 510 (Revised) Initial Audit Engagements – Opening Balances
 
Isa (uk)-200 revised-june-2016 Overall Objectives of the Independent Auditor ...
Isa (uk)-200 revised-june-2016 Overall Objectives of the Independent Auditor ...Isa (uk)-200 revised-june-2016 Overall Objectives of the Independent Auditor ...
Isa (uk)-200 revised-june-2016 Overall Objectives of the Independent Auditor ...
 
ISA 200 by Sazzad Hossain ITP CSCA
ISA 200 by Sazzad Hossain ITP CSCAISA 200 by Sazzad Hossain ITP CSCA
ISA 200 by Sazzad Hossain ITP CSCA
 
EXAMINABLE SUPPLEMENT
EXAMINABLE SUPPLEMENT EXAMINABLE SUPPLEMENT
EXAMINABLE SUPPLEMENT
 
Isa (uk)-710 Comparative Information – Corresponding Figures and Comparative ...
Isa (uk)-710 Comparative Information – Corresponding Figures and Comparative ...Isa (uk)-710 Comparative Information – Corresponding Figures and Comparative ...
Isa (uk)-710 Comparative Information – Corresponding Figures and Comparative ...
 
Isa (uk)-600 revised-june-2016 Special Considerations – Audits of Group Finan...
Isa (uk)-600 revised-june-2016 Special Considerations – Audits of Group Finan...Isa (uk)-600 revised-june-2016 Special Considerations – Audits of Group Finan...
Isa (uk)-600 revised-june-2016 Special Considerations – Audits of Group Finan...
 
Isa (uk)-620 revised-june-2016 Using the Work of an Auditor’s Expert
Isa (uk)-620 revised-june-2016 Using the Work of an Auditor’s ExpertIsa (uk)-620 revised-june-2016 Using the Work of an Auditor’s Expert
Isa (uk)-620 revised-june-2016 Using the Work of an Auditor’s Expert
 
ISA 260 (Revised) Communication With Those Charged With Governance
ISA 260 (Revised) Communication With Those Charged With GovernanceISA 260 (Revised) Communication With Those Charged With Governance
ISA 260 (Revised) Communication With Those Charged With Governance
 
Lecture slide ,chapter 6, Overview of the audit of financial reports
Lecture slide ,chapter 6, Overview of the audit of financial reportsLecture slide ,chapter 6, Overview of the audit of financial reports
Lecture slide ,chapter 6, Overview of the audit of financial reports
 
Advanced Auditing and assurance chapter two
Advanced Auditing and assurance chapter twoAdvanced Auditing and assurance chapter two
Advanced Auditing and assurance chapter two
 
Isa (uk)-720 revised-june-2016 The Auditor’s Responsibilities Relating to Oth...
Isa (uk)-720 revised-june-2016 The Auditor’s Responsibilities Relating to Oth...Isa (uk)-720 revised-june-2016 The Auditor’s Responsibilities Relating to Oth...
Isa (uk)-720 revised-june-2016 The Auditor’s Responsibilities Relating to Oth...
 
Ranska. Karkea käännös. Small entity audit standard NP 2010
Ranska. Karkea käännös. Small entity audit standard NP 2010 Ranska. Karkea käännös. Small entity audit standard NP 2010
Ranska. Karkea käännös. Small entity audit standard NP 2010
 
Isa (uk)-700 revised-june-2016 Forming an Opinion and Reporting on Financial ...
Isa (uk)-700 revised-june-2016 Forming an Opinion and Reporting on Financial ...Isa (uk)-700 revised-june-2016 Forming an Opinion and Reporting on Financial ...
Isa (uk)-700 revised-june-2016 Forming an Opinion and Reporting on Financial ...
 

More from Sazzad Hossain, ITP, MBA, CSCA™

More from Sazzad Hossain, ITP, MBA, CSCA™ (20)

ITP CIRCULAR 2017 Income Tax Bangladesh - NBR
ITP CIRCULAR 2017 Income Tax Bangladesh - NBRITP CIRCULAR 2017 Income Tax Bangladesh - NBR
ITP CIRCULAR 2017 Income Tax Bangladesh - NBR
 
Auditors Tor for Cash incentive audit of BB
Auditors Tor for Cash incentive audit of BBAuditors Tor for Cash incentive audit of BB
Auditors Tor for Cash incentive audit of BB
 
Tax year 2024 Advance Taxation book by Khalid Petiwala
Tax year 2024 Advance Taxation book by Khalid PetiwalaTax year 2024 Advance Taxation book by Khalid Petiwala
Tax year 2024 Advance Taxation book by Khalid Petiwala
 
All CA Firms 23 October 2023
All CA Firms 23 October 2023All CA Firms 23 October 2023
All CA Firms 23 October 2023
 
আয়কর পরিপত্র ২০২৩-২৪
আয়কর পরিপত্র ২০২৩-২৪ আয়কর পরিপত্র ২০২৩-২৪
আয়কর পরিপত্র ২০২৩-২৪
 
সর্বজনীন পেনশন স্কীম বিধিমালা সংক্রান্ত গেজেট (আগস্ট ২০২৩)
সর্বজনীন পেনশন স্কীম বিধিমালা সংক্রান্ত গেজেট (আগস্ট ২০২৩) সর্বজনীন পেনশন স্কীম বিধিমালা সংক্রান্ত গেজেট (আগস্ট ২০২৩)
সর্বজনীন পেনশন স্কীম বিধিমালা সংক্রান্ত গেজেট (আগস্ট ২০২৩)
 
VAT Deduction at Source
VAT Deduction at SourceVAT Deduction at Source
VAT Deduction at Source
 
জীবনকে কয়েক ধাপ এগিয়ে নিতে চাইলে
জীবনকে কয়েক ধাপ এগিয়ে নিতে চাইলে জীবনকে কয়েক ধাপ এগিয়ে নিতে চাইলে
জীবনকে কয়েক ধাপ এগিয়ে নিতে চাইলে
 
Jun-2023 এস.আর.ও. নং- ১৯৫-২০১-আইন-২০২৩ Customs Act 1969
Jun-2023 এস.আর.ও. নং- ১৯৫-২০১-আইন-২০২৩ Customs Act 1969Jun-2023 এস.আর.ও. নং- ১৯৫-২০১-আইন-২০২৩ Customs Act 1969
Jun-2023 এস.আর.ও. নং- ১৯৫-২০১-আইন-২০২৩ Customs Act 1969
 
TDS Tax Deducted at Source Rule 2023 এস.আর.ও. নং ২০৬-২১০-আইন-২০২৩
TDS Tax Deducted at Source Rule 2023 এস.আর.ও. নং ২০৬-২১০-আইন-২০২৩TDS Tax Deducted at Source Rule 2023 এস.আর.ও. নং ২০৬-২১০-আইন-২০২৩
TDS Tax Deducted at Source Rule 2023 এস.আর.ও. নং ২০৬-২১০-আইন-২০২৩
 
২০২৩ সনের ১৩ নং আইন ব্যাংক- কোম্পানি (সংশোধন) আইন, ২০২৩
২০২৩ সনের ১৩ নং আইন ব্যাংক- কোম্পানি (সংশোধন) আইন, ২০২৩২০২৩ সনের ১৩ নং আইন ব্যাংক- কোম্পানি (সংশোধন) আইন, ২০২৩
২০২৩ সনের ১৩ নং আইন ব্যাংক- কোম্পানি (সংশোধন) আইন, ২০২৩
 
২০২৩ সনের ২২ নং আইন বাংলাদেশ শিল্প-নকশা আইন, ২০২৩
২০২৩ সনের ২২ নং আইন বাংলাদেশ শিল্প-নকশা আইন, ২০২৩২০২৩ সনের ২২ নং আইন বাংলাদেশ শিল্প-নকশা আইন, ২০২৩
২০২৩ সনের ২২ নং আইন বাংলাদেশ শিল্প-নকশা আইন, ২০২৩
 
২০২৩ সনের ২০ নং আইন এজেন্সি টু ইনোভেট (এটুআই) আইন, ২০২৩
২০২৩ সনের ২০ নং আইন এজেন্সি টু ইনোভেট (এটুআই) আইন, ২০২৩২০২৩ সনের ২০ নং আইন এজেন্সি টু ইনোভেট (এটুআই) আইন, ২০২৩
২০২৩ সনের ২০ নং আইন এজেন্সি টু ইনোভেট (এটুআই) আইন, ২০২৩
 
২০২৩ সনের ১৯ নং আইন বাংলাদেশ সরকারি-বেসরকারি অংশীদারিত্ব (সংশোধন) আইন, ২০২৩
২০২৩ সনের ১৯ নং আইন বাংলাদেশ সরকারি-বেসরকারি অংশীদারিত্ব (সংশোধন) আইন, ২০২৩২০২৩ সনের ১৯ নং আইন বাংলাদেশ সরকারি-বেসরকারি অংশীদারিত্ব (সংশোধন) আইন, ২০২৩
২০২৩ সনের ১৯ নং আইন বাংলাদেশ সরকারি-বেসরকারি অংশীদারিত্ব (সংশোধন) আইন, ২০২৩
 
এস.আর.ও নং ২২৪আইন-আয়কর-২০২৩
এস.আর.ও নং ২২৪আইন-আয়কর-২০২৩এস.আর.ও নং ২২৪আইন-আয়কর-২০২৩
এস.আর.ও নং ২২৪আইন-আয়কর-২০২৩
 
Govt Employee Taxation Rules এস.আর.ও নং ২২৫-আইন-আয়কর-৭-২০২৩.pdf
Govt Employee Taxation Rules এস.আর.ও নং ২২৫-আইন-আয়কর-৭-২০২৩.pdfGovt Employee Taxation Rules এস.আর.ও নং ২২৫-আইন-আয়কর-৭-২০২৩.pdf
Govt Employee Taxation Rules এস.আর.ও নং ২২৫-আইন-আয়কর-৭-২০২৩.pdf
 
TDS Rules, 2023 উৎসে কর বিধিমালা, ২০২৩
TDS Rules, 2023 উৎসে কর বিধিমালা, ২০২৩ TDS Rules, 2023 উৎসে কর বিধিমালা, ২০২৩
TDS Rules, 2023 উৎসে কর বিধিমালা, ২০২৩
 
২০২৩-২৪ অর্থবছরে ভ্যাট হার
২০২৩-২৪ অর্থবছরে ভ্যাট হার২০২৩-২৪ অর্থবছরে ভ্যাট হার
২০২৩-২৪ অর্থবছরে ভ্যাট হার
 
TDS on ITA 2023
TDS on ITA 2023 TDS on ITA 2023
TDS on ITA 2023
 
Mapping of ITA 2023 with ITO 1984
Mapping of ITA 2023 with ITO 1984Mapping of ITA 2023 with ITO 1984
Mapping of ITA 2023 with ITO 1984
 

Recently uploaded

1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
kauryashika82
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 

Recently uploaded (20)

Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptx
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 

ISA 265 Communicating Deficiencies in Internal Control to Those Charged With Governance and Management

  • 1. Standard Audit and Assurance June 2016 International Standard on Auditing (UK) 265 Communicating Deficiencies in Internal Control to Those Charged With Governance and Management Financial Reporting Council
  • 2. The FRC’s mission is to promote transparency and integrity in business. The FRC sets the UK Corporate Governance and Stewardship Codes and UK standards for accounting and actuarial work; monitors and takes action to promote the quality of corporate reporting; and operates independent enforcement arrangements for accountants and actuaries. As the Competent Authority for audit in the UK the FRC sets auditing and ethical standards and monitors and enforces audit quality. The FRC does not accept any liability to any party for any loss, damage or costs howsoever arising, whether directly or indirectly, whether in contract, tort or otherwise from any action or decision taken (or not taken) as a result of any person relying on or otherwise using this document or arising from any omission from it. © The Financial Reporting Council Limited 2018 The Financial Reporting Council Limited is a company limited by guarantee. Registered in England number 2486368. Registered Office: 8th Floor, 125 London Wall, London EC2Y 5AS
  • 3. 1 INTERNATIONAL STANDARD ON AUDITING (UK) 265 COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT (Effective for audits of financial statements for periods ending on or after 15 December 2010) CONTENTS Paragraph Introduction Scope of this ISA (UK) ............................................................................................ 1–3 Effective Date .......................................................................................................... 4 Objective ................................................................................................................ 5 Definitions ............................................................................................................. 6 Requirements ........................................................................................................ 7–11 Application and Other Explanatory Material Determination of Whether Deficiencies in Internal Control Have Been Identified ... A1–A4 Significant Deficiencies in Internal Control .............................................................. A5–A11 Communication of Deficiencies in Internal Control ................................................. A12–A30 International Standard on Auditing (UK) (ISA (UK)) 265, Communicating Deficiencies in Internal Control to Those Charged with Governance and Management, should be read in conjunction with ISA (UK) 200 (Revised June 2016), Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with International Standards on Auditing (UK).
  • 4. ISA (UK) 265 2 Introduction Scope of this ISA (UK) 1. This International Standard on Auditing (UK) (ISA (UK)) deals with the auditor’s responsibility to communicate appropriately to those charged with governance and management deficiencies in internal control 1 that the auditor has identified in an audit of financial statements. This ISA (UK) does not impose additional responsibilities on the auditor regarding obtaining an understanding of internal control and designing and performing tests of controls over and above the requirements of ISA (UK) 315 (Revised June 2016) and ISA (UK) 330 (Revised July 2017).2 ISA (UK) 260 (Revised June 2016)3 establishes further requirements and provides guidance regarding the auditor’s responsibility to communicate with those charged with governance in relation to the audit. 2. The auditor is required to obtain an understanding of internal control relevant to the audit when identifying and assessing the risks of material misstatement.4 In making those risk assessments, the auditor considers internal control in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of internal control. The auditor may identify deficiencies in internal control not only during this risk assessment process but also at any other stage of the audit. This ISA (UK) specifies which identified deficiencies the auditor is required to communicate to those charged with governance and management. 3. Nothing in this ISA (UK) precludes the auditor from communicating to those charged with governance and management other internal control matters that the auditor has identified during the audit. Effective Date 4. This ISA (UK) is effective for audits of financial statements for periods ending on or after 15 December 2010. Objective 5. The objective of the auditor is to communicate appropriately to those charged with governance and management deficiencies in internal control that the auditor has identified during the audit and that, in the auditor’s professional judgment, are of sufficient importance to merit their respective attentions. Definitions 6. For purposes of the ISAs (UK), the following terms have the meanings attributed below: (a) Deficiency in internal control – This exists when: 1 ISA (UK) 315 (Revised June 2016), Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment, paragraphs 4 and 12. 2 ISA (UK) 330 (Revised July 2017), The Auditor’s Responses to Assessed Risks. 3 ISA (UK) 260 (Revised June 2016), Communication with Those Charged with Governance. 4 ISA (UK) 315 (Revised June 2016), paragraph 12. Paragraphs A68–A73 provide guidance on controls relevant to the audit.
  • 5. ISA (UK) 265 3 (i) A control is designed, implemented or operated in such a way that it is unable to prevent, or detect and correct, misstatements in the financial statements on a timely basis; or (ii) A control necessary to prevent, or detect and correct, misstatements in the financial statements on a timely basis is missing. (b) Significant deficiency in internal control – A deficiency or combination of deficiencies in internal control that, in the auditor’s professional judgment, is of sufficient importance to merit the attention of those charged with governance. (Ref: Para. A5) Requirements 7. The auditor shall determine whether, on the basis of the audit work performed, the auditor has identified one or more deficiencies in internal control. (Ref: Para. A1–A4) 8. If the auditor has identified one or more deficiencies in internal control, the auditor shall determine, on the basis of the audit work performed, whether, individually or in combination, they constitute significant deficiencies. (Ref: Para. A5–A11) 9. The auditor shall communicate in writing significant deficiencies in internal control identified during the audit to those charged with governance on a timely basis. (Ref: Para. A12–A18, A27) 10. The auditor shall also communicate to management at an appropriate level of responsibility on a timely basis: (Ref: Para. A19, A27) (a) In writing, significant deficiencies in internal control that the auditor has communicated or intends to communicate to those charged with governance, unless it would be inappropriate to communicate directly to management in the circumstances; and (Ref: Para. A14, A20–A21) (b) Other deficiencies in internal control identified during the audit that have not been communicated to management by other parties and that, in the auditor’s professional judgment, are of sufficient importance to merit management’s attention. (Ref: Para. A22–A26) 11. The auditor shall include in the written communication of significant deficiencies in internal control: (a) A description of the deficiencies and an explanation of their potential effects; and (Ref: Para. A28) (b) Sufficient information to enable those charged with governance and management to understand the context of the communication. In particular, the auditor shall explain that: (Ref: Para. A29–A30) (i) The purpose of the audit was for the auditor to express an opinion on the financial statements; (ii) The audit included consideration of internal control relevant to the preparation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of internal control; and
  • 6. ISA (UK) 265 4 (iii) The matters being reported are limited to those deficiencies that the auditor has identified during the audit and that the auditor has concluded are of sufficient importance to merit being reported to those charged with governance. *** Application and Other Explanatory Material Determination of Whether Deficiencies in Internal Control Have Been Identified (Ref: Para. 7) A1. In determining whether the auditor has identified one or more deficiencies in internal control, the auditor may discuss the relevant facts and circumstances of the auditor’s findings with the appropriate level of management. This discussion provides an opportunity for the auditor to alert management on a timely basis to the existence of deficiencies of which management may not have been previously aware. The level of management with whom it is appropriate to discuss the findings is one that is familiar with the internal control area concerned and that has the authority to take remedial action on any identified deficiencies in internal control. In some circumstances, it may not be appropriate for the auditor to discuss the auditor’s findings directly with management, for example, if the findings appear to call management’s integrity or competence into question (see paragraph A20). A2. In discussing the facts and circumstances of the auditor’s findings with management, the auditor may obtain other relevant information for further consideration, such as:  Management’s understanding of the actual or suspected causes of the deficiencies.  Exceptions arising from the deficiencies that management may have noted, for example, misstatements that were not prevented by the relevant information technology (IT) controls.  A preliminary indication from management of its response to the findings. Considerations Specific to Smaller Entities A3. While the concepts underlying control activities in smaller entities are likely to be similar to those in larger entities, the formality with which they operate will vary. Further, smaller entities may find that certain types of control activities are not necessary because of controls applied by management. For example, management’s sole authority for granting credit to customers and approving significant purchases can provide effective control over important account balances and transactions, lessening or removing the need for more detailed control activities. A4. Also, smaller entities often have fewer employees which may limit the extent to which segregation of duties is practicable. However, in a small owner-managed entity, the owner-manager may be able to exercise more effective oversight than in a larger entity. This higher level of management oversight needs to be balanced against the greater potential for management override of controls. Significant Deficiencies in Internal Control (Ref: Para. 6(b), 8) A5. The significance of a deficiency or a combination of deficiencies in internal control depends not only on whether a misstatement has actually occurred, but also on the
  • 7. ISA (UK) 265 5 likelihood that a misstatement could occur and the potential magnitude of the misstatement. Significant deficiencies may therefore exist even though the auditor has not identified misstatements during the audit. A6. Examples of matters that the auditor may consider in determining whether a deficiency or combination of deficiencies in internal control constitutes a significant deficiency include:  The likelihood of the deficiencies leading to material misstatements in the financial statements in the future.  The susceptibility to loss or fraud of the related asset or liability.  The subjectivity and complexity of determining estimated amounts, such as fair value accounting estimates.  The financial statement amounts exposed to the deficiencies.  The volume of activity that has occurred or could occur in the account balance or class of transactions exposed to the deficiency or deficiencies.  The importance of the controls to the financial reporting process; for example: o General monitoring controls (such as oversight of management). o Controls over the prevention and detection of fraud. o Controls over the selection and application of significant accounting policies. o Controls over significant transactions with related parties. o Controls over significant transactions outside the entity’s normal course of business. o Controls over the period-end financial reporting process (such as controls over non-recurring journal entries).  The cause and frequency of the exceptions detected as a result of the deficiencies in the controls.  The interaction of the deficiency with other deficiencies in internal control. A7. Indicators of significant deficiencies in internal control include, for example:  Evidence of ineffective aspects of the control environment, such as: o Indications that significant transactions in which management is financially interested are not being appropriately scrutinized by those charged with governance. o Identification of management fraud, whether or not material, that was not prevented by the entity’s internal control. o Management’s failure to implement appropriate remedial action on significant deficiencies previously communicated.  Absence of a risk assessment process within the entity where such a process would ordinarily be expected to have been established.
  • 8. ISA (UK) 265 6  Evidence of an ineffective entity risk assessment process, such as management’s failure to identify a risk of material misstatement that the auditor would expect the entity’s risk assessment process to have identified.  Evidence of an ineffective response to identified significant risks (for example, absence of controls over such a risk).  Misstatements detected by the auditor’s procedures that were not prevented, or detected and corrected, by the entity’s internal control.  Restatement of previously issued financial statements to reflect the correction of a material misstatement due to error or fraud.  Evidence of management’s inability to oversee the preparation of the financial statements. A8. Controls may be designed to operate individually or in combination to effectively prevent, or detect and correct, misstatements.5 For example, controls over accounts receivable may consist of both automated and manual controls designed to operate together to prevent, or detect and correct, misstatements in the account balance. A deficiency in internal control on its own may not be sufficiently important to constitute a significant deficiency. However, a combination of deficiencies affecting the same account balance or disclosure, relevant assertion, or component of internal control may increase the risks of misstatement to such an extent as to give rise to a significant deficiency. A9. Law or regulation in some jurisdictions may establish a requirement (particularly for audits of listed entities) for the auditor to communicate to those charged with governance or to other relevant parties (such as regulators) one or more specific types of deficiency in internal control that the auditor has identified during the audit. Where law or regulation has established specific terms and definitions for these types of deficiency and requires the auditor to use these terms and definitions for the purpose of the communication, the auditor uses such terms and definitions when communicating in accordance with the legal or regulatory requirement. A10. Where the jurisdiction has established specific terms for the types of deficiency in internal control to be communicated but has not defined such terms, it may be necessary for the auditor to use judgment to determine the matters to be communicated further to the legal or regulatory requirement. In doing so, the auditor may consider it appropriate to have regard to the requirements and guidance in this ISA (UK). For example, if the purpose of the legal or regulatory requirement is to bring to the attention of those charged with governance certain internal control matters of which they should be aware, it may be appropriate to regard such matters as being generally equivalent to the significant deficiencies required by this ISA (UK) to be communicated to those charged with governance. A11. The requirements of this ISA (UK) remain applicable notwithstanding that law or regulation may require the auditor to use specific terms or definitions. 5 ISA (UK) 315 (Revised June 2016), paragraph A74.
  • 9. ISA (UK) 265 7 Communication of Deficiencies in Internal Control Communication of Significant Deficiencies in Internal Control to Those Charged with Governance (Ref: Para. 9) A12. Communicating significant deficiencies in writing to those charged with governance reflects the importance of these matters, and assists those charged with governance in fulfilling their oversight responsibilities. ISA (UK) 260 (Revised June 2016) establishes relevant considerations regarding communication with those charged with governance when all of them are involved in managing the entity.6 A12-1. In the UK, where applicable, timely communication of significant deficiencies, in writing, to directors of listed entities can assist them to comply with the provisions of the UK Corporate Governance Code relating to internal control and reporting to shareholders. A13. In determining when to issue the written communication, the auditor may consider whether receipt of such communication would be an important factor in enabling those charged with governance to discharge their oversight responsibilities. In addition, for listed entities in certain jurisdictions, those charged with governance may need to receive the auditor’s written communication before the date of approval of the financial statements in order to discharge specific responsibilities in relation to internal control for regulatory or other purposes. For other entities, the auditor may issue the written communication at a later date. Nevertheless, in the latter case, as the auditor’s written communication of significant deficiencies forms part of the final audit file, the written communication is subject to the overriding requirement 7 for the auditor to complete the assembly of the final audit file on a timely basis. ISA (UK) 230 (Revised June 2016) states that an appropriate time limit within which to complete the assembly of the final audit file is ordinarily not more than 60 days after the date of the auditor’s report.8 A13-1. For audits of financial statements of public interest entities, ISA (UK) 260 (Revised June 2016)8a requires the auditor to communicate in the additional report to the audit committee any significant deficiencies in the entity’s internal financial control system or in the accounting system, and whether or not the deficiencies reported have been resolved by management. A14. Regardless of the timing of the written communication of significant deficiencies, the auditor may communicate these orally in the first instance to management and, when appropriate, to those charged with governance to assist them in taking timely remedial action to minimize the risks of material misstatement. Doing so, however, does not relieve the auditor of the responsibility to communicate the significant deficiencies in writing, as this ISA (UK) requires. A15. The level of detail at which to communicate significant deficiencies is a matter of the auditor’s professional judgment in the circumstances. Factors that the auditor may consider in determining an appropriate level of detail for the communication include, for example: 6 ISA (UK) 260 (Revised June 2016), paragraph 13. 7 ISA (UK) 230 (Revised June 2016), Audit Documentation, paragraph 14. 8 ISA (UK) 230 (Revised June 2016), paragraph A21. 8a ISA (UK) 260 (Revised June 2016), paragraph 16R-2(j).
  • 10. ISA (UK) 265 8  The nature of the entity. For instance, the communication required for a public interest entity may be different from that for a non-public interest entity.  The size and complexity of the entity. For instance, the communication required for a complex entity may be different from that for an entity operating a simple business.  The nature of significant deficiencies that the auditor has identified.  The entity’s governance composition. For instance, more detail may be needed if those charged with governance include members who do not have significant experience in the entity’s industry or in the affected areas.  Legal or regulatory requirements regarding the communication of specific types of deficiency in internal control. A16. Management and those charged with governance may already be aware of significant deficiencies that the auditor has identified during the audit and may have chosen not to remedy them because of cost or other considerations. The responsibility for evaluating the costs and benefits of implementing remedial action rests with management and those charged with governance. Accordingly, the requirement in paragraph 9 applies regardless of cost or other considerations that management and those charged with governance may consider relevant in determining whether to remedy such deficiencies. A17. The fact that the auditor communicated a significant deficiency to those charged with governance and management in a previous audit does not eliminate the need for the auditor to repeat the communication if remedial action has not yet been taken. If a previously communicated significant deficiency remains, the current year’s communication may repeat the description from the previous communication, or simply reference the previous communication. The auditor may ask management or, where appropriate, those charged with governance, why the significant deficiency has not yet been remedied. A failure to act, in the absence of a rational explanation, may in itself represent a significant deficiency. Considerations Specific to Smaller Entities A18. In the case of audits of smaller entities, the auditor may communicate in a less structured manner with those charged with governance than in the case of larger entities. Communication of Deficiencies in Internal Control to Management (Ref: Para. 10) A19. Ordinarily, the appropriate level of management is the one that has responsibility and authority to evaluate the deficiencies in internal control and to take the necessary remedial action. For significant deficiencies, the appropriate level is likely to be the chief executive officer or chief financial officer (or equivalent) as these matters are also required to be communicated to those charged with governance. For other deficiencies in internal control, the appropriate level may be operational management with more direct involvement in the control areas affected and with the authority to take appropriate remedial action.
  • 11. ISA (UK) 265 9 Communication of Significant Deficiencies in Internal Control to Management (Ref: Para. 10(a)) A20. Certain identified significant deficiencies in internal control may call into question the integrity or competence of management. For example, there may be evidence of fraud or intentional non-compliance with laws and regulations by management, or management may exhibit an inability to oversee the preparation of adequate financial statements that may raise doubt about management’s competence. Accordingly, it may not be appropriate to communicate such deficiencies directly to management. A21. ISA (UK) 250 (Revised December 2017) establishes requirements and provides guidance on the reporting of identified or suspected non-compliance with laws and regulations, including when those charged with governance are themselves involved in such non-compliance.9 ISA (UK) 240 (Revised June 2016) establishes requirements and provides guidance regarding communication to those charged with governance when the auditor has identified fraud or suspected fraud involving management.10 Communication of Other Deficiencies in Internal Control to Management (Ref: Para. 10(b)) A22. During the audit, the auditor may identify other deficiencies in internal control that are not significant deficiencies but that may be of sufficient importance to merit management’s attention. The determination as to which other deficiencies in internal control merit management’s attention is a matter of professional judgment in the circumstances, taking into account the likelihood and potential magnitude of misstatements that may arise in the financial statements as a result of those deficiencies. A23. The communication of other deficiencies in internal control that merit management’s attention need not be in writing but may be oral. Where the auditor has discussed the facts and circumstances of the auditor’s findings with management, the auditor may consider an oral communication of the other deficiencies to have been made to management at the time of these discussions. Accordingly, a formal communication need not be made subsequently. A24. If the auditor has communicated deficiencies in internal control other than significant deficiencies to management in a prior period and management has chosen not to remedy them for cost or other reasons, the auditor need not repeat the communication in the current period. The auditor is also not required to repeat information about such deficiencies if it has been previously communicated to management by other parties, such as the internal audit function or regulators. It may, however, be appropriate for the auditor to re-communicate these other deficiencies if there has been a change of management, or if new information has come to the auditor’s attention that alters the prior understanding of the auditor and management regarding the deficiencies. Nevertheless, the failure of management to remedy other deficiencies in internal control that were previously communicated may become a significant deficiency requiring communication with those charged with governance. Whether this is the case depends on the auditor’s judgment in the circumstances. 9 ISA (UK) 250 (Revised December 2017), Section A—Consideration of Laws and Regulations in an Audit of Financial Statements, paragraphs 22–28. 10 ISA (UK) 240 (Revised June 2016), The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, paragraph 41.
  • 12. ISA (UK) 265 10 A25. In some circumstances, those charged with governance may wish to be made aware of the details of other deficiencies in internal control the auditor has communicated to management, or be briefly informed of the nature of the other deficiencies. Alternatively, the auditor may consider it appropriate to inform those charged with governance of the communication of the other deficiencies to management. In either case, the auditor may report orally or in writing to those charged with governance as appropriate. A26. ISA (UK) 260 (Revised June 2016) establishes relevant considerations regarding communication with those charged with governance when all of them are involved in managing the entity.11 Considerations Specific to Public Sector Entities (Ref: Para. 9–10) A27. Public sector auditors may have additional responsibilities to communicate deficiencies in internal control that the auditor has identified during the audit, in ways, at a level of detail and to parties not envisaged in this ISA (UK). For example, significant deficiencies may have to be communicated to the legislature or other governing body. Law, regulation or other authority may also mandate that public sector auditors report deficiencies in internal control, irrespective of the significance of the potential effects of those deficiencies. Further, legislation may require public sector auditors to report on broader internal control-related matters than the deficiencies in internal control required to be communicated by this ISA (UK), for example, controls related to compliance with legislative authorities, regulations, or provisions of contracts or grant agreements. Content of Written Communication of Significant Deficiencies in Internal Control (Ref: Para. 11) A28. In explaining the potential effects of the significant deficiencies, the auditor need not quantify those effects. The significant deficiencies may be grouped together for reporting purposes where it is appropriate to do so. The auditor may also include in the written communication suggestions for remedial action on the deficiencies, management’s actual or proposed responses, and a statement as to whether or not the auditor has undertaken any steps to verify whether management’s responses have been implemented. A29. The auditor may consider it appropriate to include the following information as additional context for the communication:  An indication that if the auditor had performed more extensive procedures on internal control, the auditor might have identified more deficiencies to be reported, or concluded that some of the reported deficiencies need not, in fact, have been reported.  An indication that such communication has been provided for the purposes of those charged with governance, and that it may not be suitable for other purposes. A30. Law or regulation may require the auditor or management to furnish a copy of the auditor’s written communication on significant deficiencies to appropriate regulatory 11 ISA (UK) 260 (Revised June 2016), paragraph 13.
  • 13. ISA (UK) 265 11 authorities. Where this is the case, the auditor’s written communication may identify such regulatory authorities.
  • 14. Financial Reporting Council 8th Floor 125 London Wall London EC2Y 5AS +44 (0)20 7492 2300 www.frc.org.uk