One of the requirements when performing an audit of an entity's financial statements is to write what is commonly called a "management letter." Technically, it is more the required communications of significant deficiencies and material weaknesses in an entity's system of internal controls as required by SAS No. 112.
You have to approach these letters very individually. Some entity's frankly don't care all that much. They are going to do things they way they are going to do things and that is all there is to it. Other's may be very small and there is a statutory reason for the audit, like a small franchisor. There isn't much of a point to say go for greater segregation of duties when the entity consists of one person.
I just completed a first draft on a management letter. I was discussing aspects of it this morning with the controller, and I told him that their letter is always the most fun for me to write. That is because they actually are very interested in it. This entity has a strong commitment to ethical behaviour and is always looking for ways to improve. Right now, they are in the midst of putting together a disaster recovery plan (something I had mentioned a couple of years ago). I said that their letter is the most fun to write because I can explore different areas of suggestions, like coming up with a succession plan, that many other companies would just ignore.
I don't know the reception yet on the draft I will submit after lunch, but it is bound to be interesting.