In this lesson, the process of internal control design, testing, and identification of deficiencies is explored. A critical part of audit engagements, it is ultimately management's responsibility to design, implement, and maintain internal controls. The lesson highlights common deficiencies such as inadequate segregation of duties, insufficient documentation, and weak controls over access to sensitive information. Auditors must have a thorough understanding of the client's business and its environment to properly design and test internal controls. The various methods of testing internal controls, including interviews, observation, and documentation review, are discussed. The lesson also elaborates on the objectives of internal controls, which aim to provide reliable financial reporting, efficient operations, compliance with laws and regulations, and safeguarding of assets. The design and formality of an entity's internal control system can vary based on multiple factors, making it essential for auditors to adapt their approach accordingly.