What is a System Weakness?

A system weakness is a deficiency in an organization's internal controls. A significant system weakness can result in a higher risk that transactions will be incorrectly recorded and reported. A weakness can also be exploited by an outside party to gain access to an organization’s systems in order to steal data or disrupt its systems. The concept applies to any type of system, such as a software application or a manual process.

System Weakness Causes

There are many issues that can cause system weaknesses. Here are some of the more common ones:

Infrequent system updates. The IT department does not update computer systems when software patches are issued, resulting in known vulnerabilities giving hackers access to a company’s systems.
Missing authentications. There are no authentications to ensure that only authorized persons can access a company’s systems. This may be due to weak password control, or not shutting down user access after someone has left the company.
Missing security features. A business might not have basic system security features installed, such as firewalls and anti-virus software.
Open access. It is easy for intruders to enter a company’s physical space, or to access its computer systems.
Poor processes. A company’s processes may not have been updated to match changes in the operations of the business, resulting in poor or missing controls.

Impact of System Weaknesses on Audits

When auditors find a system weakness, they will likely expand their audit procedures to gain comfort that a client's financial statements fairly represent its financial results, position, and cash flows. This means that system weaknesses will result in a more expensive audit.