Annual Audit Manual
COPYRIGHT NOTICE — This document is intended for internal use. It cannot be distributed to or reproduced by third parties without prior written permission from the Copyright Coordinator for the Office of the Auditor General of Canada. This includes email, fax, mail and hand delivery, or use of any other method of distribution or reproduction. CPA Canada Handbook sections and excerpts are reproduced herein for your non-commercial use with the permission of The Chartered Professional Accountants of Canada (“CPA Canada”). These may not be modified, copied or distributed in any form as this would infringe CPA Canada’s copyright. Reproduced, with permission, from the CPA Canada Handbook, The Chartered Professional Accountants of Canada, Toronto, Canada.
2221 Introduction
Jul-2017
In This Section
Overview
This section discusses:
-
CAS objective related to Communicating Deficiencies in Internal Control to Those Charged with Governance and Management
-
Relationship with other CASs
CAS Objective
The objective of the auditor is to communicate appropriately to those charged with governance and management deficiencies in internal control that the auditor has identified during the audit and that, in the auditor’s professional judgment, are of sufficient importance to merit their respective attentions (CAS 265.5).
CAS Guidance
This Canadian Standard on Auditing (CAS) deals with the auditor’s responsibility to communicate appropriately to those charged with governance and management deficiencies in internal control that the auditor has identified in an audit of financial statements. This CAS does not impose additional responsibilities on the auditor regarding obtaining an understanding of the entity’s system of internal control and designing and performing tests of controls over and above the requirements of CAS 315 and CAS 330. CAS 260 establishes further requirements and provides guidance regarding the auditor’s responsibility to communicate with those charged with governance in relation to the audit (CAS 265.1).
The auditor is required to obtain an understanding of the entity’s system of internal control when identifying and assessing the risks of material misstatement. In making those risk assessments, the auditor considers the entity’s system of internal control in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of internal control. The auditor may identify control deficiencies in the entity’s system of internal control not only during this risk assessment process but also at any other stage of the audit. This CAS specifies which identified deficiencies the auditor is required to communicate to those charged with governance and management. (CAS 265.2)
For purposes of the CASs, the following terms have the meanings attributed below (CAS 265.6):
-
(a) Deficiency in internal control—This exists when:
- (i) a control is designed, implemented or operated in such a way that it is unable to prevent, or detect and correct, misstatements in the financial statements on a timely basis; or
- (ii) a control necessary to prevent, or detect and correct, misstatements in the financial statements on a timely basis is missing.
-
(b) Significant deficiency in internal control—A deficiency or combination of deficiencies in internal control that, in the auditor’s professional judgment, is of sufficient importance to merit the attention of those charged with governance. (Ref: Para. A5)