This Auditing Standard deals with the auditor’s responsibility to communicate appropriately to those charged with governance and management deficiencies in internal control[1] that the auditor has identified in an audit of a financial report.  This Auditing Standard does not impose additional responsibilities on the auditor regarding obtaining an understanding of the entity's system of internal control and designing and performing tests of controls over and above the requirements of ASA 315 and ASA 330.[2]  ASA 260[3] establishes further requirements and provides guidance regarding the auditor’s responsibility to communicate with those charged with governance in relation to the audit.

The auditor is required to obtain an understanding of the entity's system of internal control when identifying and assessing the risks of material misstatement.[4]  In making those risk assessments, the auditor considers the entity's system of internal control in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of internal control.  The auditor may identify control deficiencies in internal control not only during this risk assessment process but also at any other stage of the audit.  This Auditing Standard specifies which identified deficiencies the auditor is required to communicate to those charged with governance and management. 

Nothing in this Auditing Standard precludes the auditor from communicating to those charged with governance and management other internal control matters that the auditor has identified during the audit. 

[Deleted by the AUASB.  Refer Aus 0.3]