1 / 18

Statement on Auditing Standards (SAS) 112

Statement on Auditing Standards (SAS) 112. Communicating Internal Control Related Matters Identified in an Audit. SAS 112. Effective date – June 30, 2007 Issued in May 2006 Objectives Define internal control deficiencies Define the auditor’s reporting requirements Impact. SAS 112 – Impact.

latifah-pugh
Download Presentation

Statement on Auditing Standards (SAS) 112

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Statement on Auditing Standards (SAS) 112 Communicating Internal Control Related Matters Identified in an Audit

  2. SAS 112 • Effective date – June 30, 2007 • Issued in May 2006 • Objectives • Define internal control deficiencies • Define the auditor’s reporting requirements • Impact

  3. SAS 112 – Impact • Internal Control • Process • Reasonable assurance of financial reporting • Safeguarding assets • Consists of 5 interrelated components (COSO)

  4. SAS 112 – Impact • COSO

  5. SAS 112 – Impact • Auditor Scope of Internal Control (I/C) • No expression of an opinion • Must consider the internal control in the nature, timing and extent of audit procedures • May place reliance on the I/C • Must test controls of major federal program under the single audit

  6. SAS 112 – Type of Deficiencies • Material Weakness • Significant Deficiency • Control Deficiency

  7. SAS 112 – Type of Deficiencies • Control Deficiency • “exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis.” • Design deficiency • Operation deficiency

  8. SAS 112 – Type of Deficiencies • Significant Deficiency • “a control deficiency or combination of deficiencies that adversely affects the entity’s ability to initiate, authorize, record, process, or report financial data reliably in accordance with GAAP such that there is more than a remote likelihood that a misstatement of the f/s that is more than inconsequential will not be prevented or detected.”

  9. SAS 112 – Type of Deficiencies • Significant Deficiency, cont’d • More than remote likelihood – • Chance of an event occurring is more than slight but less than likely • Reasonably possible • More than inconsequential – • “Prudent official, reasonable person” concept • Quantitative and qualitative assessment • Approximately 20% of tolerable misstatement

  10. SAS 112 – Type of Deficiencies • Material Weakness • A significant deficiency, or combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement of the f/s will not be prevented or detected.

  11. SAS 112 – Previous Definitions • Material Weakness (SAS 60) • A reportable condition in which the design or operation of one or more of the internal control components does not reduce to a relatively low level the risk that misstatements caused by error or fraud in amounts that would be material in relation to the financial statements being audited may occur and not be detected within a timely period by employees in the normal course of performing their assigned functions.

  12. SAS 112 vs. SAS 60 SAS 112 SAS 60

  13. Evaluating Control Deficiencies • Evaluation: • Depends on the potential for misstatement • Management Acceptance: • Conscious decisions on the part of management to accept a degree of risk does not preclude auditor communication

  14. Evaluating Control Deficiencies Examples of significant deficiencies: • Inadequate selection and application of GAAP • Lack of antifraud programs and controls • Lack of controls over non-routine transactions • Lack of controls over period end financial reporting

  15. Evaluating Control Deficiencies • Examples of material weaknesses: • Restatement of previously issued financial statements or prior-period adjustments • Identification of a misstatement by the auditor (not initially detected by I/C) • Ineffective risk assessment function • Ineffective compliance monitoring • Failure to assess previous deficiencies

  16. Auditor Reporting • Significant deficiencies and material weaknesses must be reported to “those charged with governance” • Communication is best made by the report release date but should be made no later than 60 days following the release date

  17. Concluding Remarks • SAS 112 is not just an Auditor-Controller (A/C) issue • Good internal control is a County-wide responsibility • Timely coordination with departments and A/C office is key

  18. Questions?

More Related