1 / 67

Introduction: SAS 112

Introduction: SAS 112. What does SAS 112 do?. Establishes new requirements: For auditors to communicate internal control matters. What does SAS 112 do?. Defines the terms: “Control Deficiency” “Significant deficiency” “Material weakness”. What does SAS 112 do?.

nevin
Download Presentation

Introduction: SAS 112

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction: SAS 112

  2. What does SAS 112 do? Establishes new requirements: For auditors to communicate internal control matters

  3. What does SAS 112 do? Defines the terms: “Control Deficiency” “Significant deficiency” “Material weakness”

  4. What does SAS 112 do? Provides guidance for evaluating the severity of control deficiencies

  5. What does SAS 112 do? Requires auditors to communicate in writing with those responsible for organizational governance

  6. When is it applicable? Effective for audits of periods ending on or after December 15, 2006

  7. SAS 112: Governance

  8. Who provides governance? • Persons responsible for: • Overseeing strategic direction • The entity’s financial reporting and disclosure process Board of Directors and Committees Management

  9. SAS 112 Control Deficiencies

  10. Deficiency in “Design” • Exists when: • A control necessary to meet the control objective is missing, or • 2. A control is not designed to achieve the control objective

  11. Deficiency in “Design” • SAS 112 Identified Significant or Material Deficiency • InadequateDocumentation • COMPONENTS • OFINTERNALCONTROL • Control Environment • Risk Assessment (including Fraud) • Control Activities • Information and Communication • Monitoring

  12. COMPONENTS OFINTERNALCONTROL Internal Control - Integrated Framework Defined 1st by “COSO” 1992, 2004 Committee of Sponsoring Organizations the TREADWAY COMMISSION Formed in 1985 Sponsor National Commission on Fraudulent Financial Reporting Treadway was former SEC Commissioner AICPA, AAA, IIA, NAA, FEI Industry, Public, Investment Firms, NYSE

  13. InternalControlComponents as per the IntegratedFramework Common Language in Audit Standards and Regulatory Guidance AICPA (Auditing Standards Board) Generally Accepted Auditing Standards (GAAS) SAS #112 “Communicating Internal Control Related Matters Identified in an Audit” Effective for Audits of Financial Statements Periods Ending On or After December 15, 2006

  14. InternalControlComponents as per the IntegratedFramework Common Language in Audit Standards and Regulatory Guidance GAO “Yellow Book” Government Auditing Standards (GAS) 2007 Revision Effective for Engagements Periods Beginning On or After January 1, 2008 OMB Circular A-133 Implementation Circular for Single Audit Act and Amendments And Requires Audits in Accordance with “GAS”

  15. Deficiency in “Design” Other Examples: Absent or inadequate segregation of duties within a significant account or process Failure to perform reconciliations of significant accounts Inadequate design of internal control over the preparation of financial statements

  16. Deficiency in “Design” Other Examples: Employees or management who lack the qualifications and training to fulfill their assigned functions Restatement of previously issued financial statements Identification by auditor of material misstatements during audit not identified by entity internal control

  17. Deficiency in Design Other Examples: Ineffective oversight of the entity’s financial reporting and internal control by “those charged with governance.”

  18. Deficiency in “Operation” • Exists when: • 1. Control does not operate as it was “designed” • Responsible staff “do not actually perform the control”

  19. Important Note! You can outsource controls but your auditor cannot be used as a control

  20. SAS 112 Definitions: • Deficiency • Significant Deficiency • Material Weaknesses

  21. TERMINOLOGY Old Versus New

  22. SAS 112 / Yellow Book Definitions “Control Deficiency”

  23. SAS 112 / Yellow Book Definitions “Significant Deficiency”

  24. SAS 112 / Yellow Book Definitions “Material Weakness”

  25. SAS 112 Classification Factors: • Likelihood • Magnitude

  26. CLASSIFCATIONS “Likelihood”and “Magnitude” (Of a Potential Misstatement of the Financial Statements)

  27. “Likelihood”

  28. “Magnitude”

  29. Significant Deficiencies • Controls over selection and application of GAAP principles • Antifraud programs and controls

  30. Significant Deficiencies • Non-routine and non-systematic transactions • Period-end financial reporting processes including year-end adjusting journal entries

  31. Evaluating Deficiencies General Considerations

  32. Evaluating Deficiencies • Factors affecting magnitude of misstatement resulting from deficiency: • F/S amounts or transactions exposed to deficiency • Volume of activity in account balance • Class of transactions exposed to deficiency • Compensating controls

  33. Evaluating Deficiencies Factors affecting magnitude of misstatement resulting from deficiency Nature of accounts, disclosures, and assertions involved

  34. Evaluating Deficiencies Factors affecting magnitude of misstatement resulting from deficiency: Susceptibility of related assets or liabilities to loss or fraud

  35. Evaluating Deficiencies Factors affecting magnitude of misstatement resulting from deficiency Subjectivity-complexity of amounts and extent of judgment involved.

  36. Important Note! The auditor must consider whether “prudent individuals,” having knowledge of facts and circumstances, would come to the same conclusion.

  37. Evaluating Deficiencies Other Strong Indicators of Significant Deficiencies

  38. Significant Deficiency Strong indicators: Ineffective internal audit, risk assessment, or regulatory compliance functions

  39. Significant Deficiency Strong indicators: Identified fraud of any magnitude by senior management.

  40. Significant Deficiency Strong indicators: Failure to assess and correct the effect of a previous significant deficiency (or conclude it will not be corrected).

  41. The Communication Requirement

  42. Communication Illustrative written communications: 1. Audit Risk Alert – Understanding SAS 112 2. Evaluating Control Deficiencies – A Companion to SAS 112

  43. Communication Written communication is required no later than 60 days following the issuance of the audit report.

  44. Communication Verbal communication is not an option. All required communication under SAS 112 must be in writing.

  45. Communication Should include all significant deficiencies and material weaknesses (even if communicated previously)

  46. Communication Nothing precludes the auditor from communicating other matters of potential benefit to the entity

  47. Communication Client may ask auditor to issue a communication indicating no material weaknesses were identified

  48. Important Note! Auditor should not issue a written communication stating no significant deficiencies were identified Potential for misinterpretation Provides limited assurance

  49. Communication Management can prepare a written response to the auditor’s communication

  50. Important Note! Existence of deficiencies may be known to management and the BOD May represent a conscious decision by management to accept a degree of risk because of cost or other considerations.

More Related