SESSION 2: Testing Controls and Reporting Deficiencies: Practical Audit Application
This advanced session builds on Session 1 by focusing on testing internal controls, evaluating deficiencies, and documenting audit responses. Participants will learn how to design and perform tests of controls, respond to control failures and communicate deficiencies to management and those charged with governance in accordance with ISA 330 and ISA 265. Real audit case studies and sample working papers will be used to demonstrate best practice documentation.
The session provides a practical framework for selecting controls to test, determining sample sizes, and evaluating test results. It explains how internal control findings affect the nature, timing and extent of substantive testing. Delegates will also learn how to draft management letters, report significant deficiencies and meet ISA documentation requirements, including internal control memoranda.
Key Topics Covered:
• ISA 330 – responses to assessed risks
• Selecting controls to test and when testing is required
• Nature and types of control tests
• Sampling methods for control testing
• Evaluating control deficiencies
• Management letters and governance communication
• ISA 265 – communicating deficiencies in internal control
• Linking control test results to audit evidence
• Working paper documentation requirements
• Real-world challenges in auditing controls
• Internal audit leaders
• External auditors
• Quality reviewers
• Compliance and governance officers
• Professional accountants performing assurance work
