Question

What is the auditor's responsibility for communicating control deficiencies that are severe enough to be considered significant deficiencies or material weaknesses?

The auditor responsibility is to report significant deficiencies and material weakness to management and the board of director in writing. Can anyone expound on this matter? Thanks!

Answer 1

Ans:Communications to Management and with Those Charged with Governance
If the auditor has identified a fraud or has obtained information that indicates that a fraud may exist, the
auditor shall communicate these matters on a timely basis to the appropriate level of management in order to
inform those with primary responsibility for the prevention and detection of fraud of matters relevant to their
responsibilities.
Unless all of those charged with governance are involved in managing the entity, if the auditor has
identified or suspects fraud involving:
(a) Management;
(b) Employees who have significant roles in internal control; or
(c) Others where the fraud results in a material misstatement in the financial statements.

The auditor shall communicate these matters to those charged with governance on a timely basis. If the
auditor suspects fraud involving management, the auditor shall communicate these suspicions to those
charged with governance and discuss with them the nature, timing and extent of audit procedures necessary
to complete the audit.
In accordance with SA 260, Communication with Those Charged with Governance13, the auditor shall
communicate with those charged with governance any other matters related to fraud that are, in the auditor’s
judgment, relevant to their responsibilities. (Ref: Para. A63)
Communications to Regulatory and Enforcement Authorities
If the auditor has identified or suspects a fraud, the auditor shall determine whether there is a
responsibility to report the occurrence or suspicion to a party outside the entity. Although the auditor’s
professional duty to maintain the confidentiality of client information may preclude such reporting, the
auditor’s legal responsibilities may override the duty of confidentiality in some circumstances.
Documentation
The auditor’s documentation of the understanding of the entity and its environment and the
assessment of the risks of material misstatement required by SA shall include:
(a) The significant decisions reached during the discussion among the engagement team regarding the
susceptibility of the entity’s financial statements to material misstatement due to fraud; and
(b) The identified and assessed risks of material misstatement due to fraud at the financial statement level
and at the assertion level.
The auditor’s documentation of the responses to the assessed risks of material misstatement required
by SA shall include:
(a) The overall responses to the assessed risks of material misstatement due to fraud at the financial
statement level and the nature, timing and extent of audit procedures, and the linkage of those
procedures with the assessed risks of material misstatement due to fraud at the assertion level; and
(b) The results of the audit procedures, including those designed to address the risk of management
override of controls.
The auditor shall document communications about fraud made to management, those charged with
governance, regulators and others.
When the auditor has concluded that the presumption that there is a risk of material misstatement due
to fraud related to revenue recognition is not applicable in the circumstances of the engagement, the auditor
shall document the reasons for that conclusion.

Note* Fraud refers to deficiencies or material weaknesses

2.Those charged with governance includes Board of directors.