[Verse 1] When auditors discover flaws within the client's guard They measure two dimensions to determine if it's scarred Likelihood and magnitude create the sorting test Deficiency's the baseline where all problems start their quest [Chorus] Rate the risk, weigh the harm Likelihood times magnitude's alarm Small defect, major breach, weakness most severe Control gaps sorted crystal clear From minor flaw to fatal flaw This framework separates them all [Verse 2] A simple gap that's reasonably possible to breach With compensating controls still within the client's reach Gets labeled basic deficiency, noted but not feared The lowest tier of problems that the audit has revealed [Chorus] Rate the risk, weigh the harm Likelihood times magnitude's alarm Small defect, major breach, weakness most severe Control gaps sorted crystal clear From minor flaw to fatal flaw This framework separates them all [Verse 3] Significant deficiency demands much more attention Remote but huge potential or probable dimension Less than material weakness but exceeds the minor grade Management and governance both must be relayed [Bridge] Material weakness tops the scale When reasonable possibility prevails That misstatements could be material Before controls catch what's ethereal Board notification's required here The gravest finding auditors fear [Chorus] Rate the risk, weigh the harm Likelihood times magnitude's alarm Small defect, major breach, weakness most severe Control gaps sorted crystal clear From minor flaw to fatal flaw This framework separates them all [Outro] Three tiers ascending up the chain Each level matches risk with pain Control deficiency evaluation Protects financial information
← Walkthrough Procedures | Professional Standards and Ethics →