Skip to main content

Information-Communication Principle 17: Evaluating and Reporting Deficiencies

Principle 17: Evaluate and Report Deficiencies

The organization evaluates the internal control deficiencies it detects. It reports them promptly to the parties responsible for taking the necessary corrective measures, including senior management and the board of directors, as appropriate.

Focus Points

The following focal points highlight essential features of this principle.

Evaluate Results – As appropriate, management and the Board evaluate the results of ongoing and separate evaluations.

While conducting monitoring actions, the organization may detect significant problems. Problems that can affect the organization’s achievement of its objectives negatively and indicate a possible or actual inadequacy encountered in some stages of the internal control system is called internal control system deficiencies. Additionally, the organization can identify opportunities to improve the effectiveness of internal control and areas where changes to the internal control system could increase the likelihood of achieving the organization’s objectives. Deficiencies in an organization’s internal control components and underlying principles may arise from various sources.

Reports Deficiencies – Identified deficiencies are reported to the parties responsible for taking corrective measures and, as the case may be, to senior management and the board of directors.

Reporting on internal control deficiencies: It is based on criteria determined by regulatory authorities, standard-setting organizations, and, if relevant, management and the board of directors. Results from continuous and discrete assessments are evaluated against criteria to determine who to report to and what to report. Additionally, all requirements set by the board of directors or management are based on the facts and circumstances of the organization and applicable laws, rules, regulations, and standards.

To determine what needs to be communicated, it is necessary to look at the implications of the findings and the organization’s reporting instructions. Not only the particular transaction or event need to be re-evaluated, but also the faulty procedures associated with those transactions and events. Alternative communication channels must be available for reporting sensitive information, such as illegal or irregular actions. It may also be necessary to report deficiencies through external reporting, depending on the type of organization and compliance requirements of regulatory authorities, industry, or other legislation to which the organization is subject.

Monitors Corrective Actions – Management determines whether deficiencies are being remedied promptly.

After internal control deficiencies are evaluated and communicated to the parties responsible for taking corrective measures, management monitors whether improvement efforts are implemented promptly. 

Often, the people who take corrective actions are not the same people who take follow-up steps. The organization applies judgment in determining how to improve identified deficiencies, and this judgment is exercised by those responsible for selecting, developing, and implementing controls to affect policies.

As with initial reporting of internal control deficiencies, deficiencies that are not remedied promptly are generally reported to management, one level hierarchically above the person responsible for taking corrective action, additionally, the selection and placement of monitoring actions may need to be reconsidered, including a combination of ongoing and separate evaluations by management, until corrective actions ameliorate the internal control deficiencies.

Internal Control Article Resources

  • International Internal Auditing Standards, International Institute of Internal Auditors
  • Dr. Davut Pehlivanlı, Current Internal Audit Practices, Beta 2010
  • Prof. Dr. Nejat Bozkurt, Accounting Audit, Alfa 1998
  • Prof.Dr.Nejat Bozkurt, TÜRMOB Independent Audit Training Lecture Notes, 2012
  • Dr.Özgür Çatıkkaş, KGK, Marmara University. Corporate Governance Lecture Notes, 2013
  • İSMMMO-Practical Information for Internal Audit in SMEs, 2013
  • Turkish Internal Audit Institute,
  • Alp Buluch, Article, Internal Control, Hurses, 19 March 2013
  • Turkish Commercial Code No. 6102
  • International Internal Auditing Standards,

Bu gönderi şu adreste de mevcuttur: Türkçe