The document discusses internal control as defined by COSO, including its components of control environment, risk assessment, control activities, information and communication, and monitoring. It explains how auditors obtain an understanding of a company's internal controls in order to assess control risk and determine the nature, timing and extent of substantive audit tests. Auditors evaluate control deficiencies and may issue an opinion on the effectiveness of internal controls over financial reporting.