1 / 14

SAS 112 – The Year After Presented by Chris Ray Partner - KPMG LLP KPMG LLP

SAS 112 – The Year After Presented by Chris Ray Partner - KPMG LLP KPMG LLP. SAS No. 112. Was implemented during the CSU’s June 30, 2007 campus and auxiliary audits SAS 112 established standards and provided guidance on communicating matters related to internal control

emery-waller
Download Presentation

SAS 112 – The Year After Presented by Chris Ray Partner - KPMG LLP KPMG LLP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SAS 112 – The Year AfterPresented by Chris RayPartner - KPMG LLPKPMG LLP

  2. SAS No. 112 • Was implemented during the CSU’s June 30, 2007 campus and auxiliary audits • SAS 112 established standards and provided guidance on communicating matters related to internal control • SAS 112 defined control deficiencies as either: • Control deficiencies • Significant deficiencies • Material weaknesses

  3. Examples of GAS Significant Deficiencies Noted During the June 30, 2007 CSU Auxiliary Audits • Accounting for property and equipment • Accounting for accounts payable/expenses • Accounting for pledge receivables • Journal entries not being reviewed • Trust/depository accounts outside of the foundation being maintained by the foundation • Selected parent files in early education center had incomplete information • Attendance tracking system was not reset at the beginning of the year • Unrecorded gift to the University of $4.5 million and $1.65 million of cash and investments had not been included • Lack of proper elimination of interfund transactions

  4. Examples of Significant Deficiencies and Material Weaknesses noted during CSU’s June 30, 2007 Campus Audits Financial Reporting • Issues were noted related to the conversion of legal basis accounting records to the accrual basis of accounting in accordance with U.S. generally accepted accounting principles (GAAP). • The following are examples of the issues noted: • Incomplete account reconciliations • Lack of support of components comprising financial statement amounts • Detailed listings and support ledgers that do not support amounts reflected in the financial statements • Inaccurate completion of the required financial reporting packages requiring various audit adjustments and reclassification entries not initially identified by management • Inaccurate completion of the respective entities financial statements requiring various audit adjustments and reclassification entries not initially identified by management

  5. Examples of Other Significant Deficiencies noted during CSU’s June 30, 2007 Campus Audits Information Technology – Segregation of Duties • We noted a situation where all payroll department employees have access to both Personal Information Management System (PIMS) and Common Management System (CMS)/Financial Reporting System (FRS). Thus all employees can add/delete/change employee pay, while also submitting changed files to State Controller's Office. • We also noted that the respective campus management (IT or Business Process Management) does not perform a periodic review to help ensure proper segregation of duties exists among critical business functions within the PeopleSoft Finance and HR modules.

  6. Examples of Other Significant Deficiencies noted during CSU’s June 30, 2007 Campus Audits Information Technology – User Access • Based on our review of security and access privileges in-scope applications and systems at the campuses, we observed that certain obsolete, inactive, or otherwise inappropriate user profiles have not been disabled. Below is the list of the issues we encountered during our review which were present in varying degrees at each of the campuses tested in the current year: • Users have inappropriate system administrative access to the PeopleSoft Finance and HCM applications and the PeopleSoft database, • Users had inappropriate access to override the matching rules within the PeopleSoft Finance application. • Users had inappropriate access to enter and modify grades within PeopleSoft application. • Users with system administrative access to PeopleSoft FIN application had inappropriate access rights.

  7. SAS 112 Definitions of Significant Deficiency and Material Weakness • Significant deficiency: a control deficiency, or combination of control deficiencies, that adversely affects the entity's ability to initiate, authorize, record, process, or report financial data reliably in accordance with generally accepted accounting principles (GAAP) such that there is more than a remote likelihood that a misstatement of the entity's financial statements that is more than inconsequential will not be prevented or detected. • Material weakness: a significant deficiency, or combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement of the financial statements will not be prevented or detected.

  8. Significant Deficiency Indicators Noted in SAS 112 • Controls over the selection and application of GAAP accounting principles • Antifraud programs and controls • Controls over non-routine and nonsystematic transactions • Controls over period-end financial reporting process, including controls over procedures used to enter transaction totals in the general ledger; initiate, authorize, record, and process journal entries into the general ledger; and record recurring and nonrecurring adjustments to the financial statements.

  9. SAS 112 Significant Deficiency Indicators (Continued) • Examples of situations which indicate the controls over the period-end financial reporting process were either not designed appropriately or were not operating effectively: • When adjustments and/or financial statement reclassifications are identified by the auditor which were not originally identified by management, these represent factors that indicate the controls over the financial reporting process were either not designedappropriately or were not operating effectively.

  10. SAS 112 Significant Deficiency Indicators (Continued) • The quantitative and qualitative nature of the adjustments and/reclassifications are then required to be evaluated to determine if the amounts are either more than inconsequential or material to the respective financial statements. In addition to the actual amounts of the adjustments or reclassifications identified, the auditor is also required to consider the potential for unrecorded amounts. • Multiple control deficiencies that affect the same financial statement account balance or disclosure increase the likelihood of misstatement and may, in combination, constitute a significant deficiency or material weakness, even though such deficiencies are individually insignificant.

  11. Material Weakness Indicators • Ineffective oversight of the entity’s financial reporting process and internal control by those charged with governance • Restatement of previously issued financial statements • Identification by the auditor of a material misstatement in the financial statements not initially identified by the entity’s internal control • An ineffective internal audit function or risk assessment function • Identification of fraud of any magnitude on the part of senior management • Failure by management or those charged with governance to assess the effect of a significant deficiency previously communicated to them or either correct it or conclude that it will not be corrected.

  12. Magnitude/ Likelihood

  13. The Prudent Official Test The last step in the evaluation is to conclude the following: • Would a prudent official consider an identified control deficiency to be at least a significant deficiency? If yes, would the prudent official consider the same to be a material weakness? • The prudent official test is used only to increase the severity of a control deficiency and NOT to justify a decrease in the severity.

  14. Questions?

More Related