finance and business operations symposium n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Finance and Business Operations Symposium PowerPoint Presentation
Download Presentation
Finance and Business Operations Symposium

Loading in 2 Seconds...

play fullscreen
1 / 36

Finance and Business Operations Symposium - PowerPoint PPT Presentation


  • 122 Views
  • Uploaded on

Finance and Business Operations Symposium. Understanding SAS No. 115: “Communicating Internal Control Related Matters Identified in an Audit”. Gelman, Rosenberg & Freedman, CPAs Ms. Terri McKnight, CPA, Director Mr. Jim Larson, CPA, Director. Connecting Great Ideas and Great People.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Finance and Business Operations Symposium' - tocho


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
finance and business operations symposium

Finance and Business Operations Symposium

Understanding SAS No. 115:

“Communicating Internal Control Related Matters Identified in an Audit”

Gelman, Rosenberg & Freedman, CPAs

Ms. Terri McKnight, CPA, Director

Mr. Jim Larson, CPA, Director

Connecting Great Ideas and Great People

May 6, 2010

agenda
Agenda
  • Topic 1 - Definitions
  • Topic 2 – Risk Assessment Standards
  • Topic 3 – Key Concepts
  • Topic 4 – Deficiencies in Design & Operation
  • Topic 5 – Evaluating Deficiencies
  • Topic 6 – Communication & Responsibility
  • Topic 7 - Scenarios

Presentation derived from AICPA

sas no 115

On October 2008, ASB issued SAS No. 115.

Effective for all audits of financial statements for the periods ending on or after December 15, 2009.

Supersedes SAS No. 112.

This statement was issued to converge definitions for the various kinds of deficiencies in internal control with PCAOB standards.

SAS No. 115
key differences sas no 112 vs sas no 115

A change in definitions in determining significant deficiencies, material weaknesses, AND the process for making that determination.

SAS No. 112 - Auditor applies the criteria of likelihoodand magnitude.

SAS No. 115 - Same criteria; however more judgment is allowed in determining a significant deficiency.

Key Differences: SAS No. 112 vs. SAS No. 115
revised definitions
Revised Definitions

SIGNIFICANT DEFICIENCIES:

SAS No. 112:

A control deficiency, or combination of control deficiencies, that adversely affects the entity’s ability to initiate, authorize, record, process, or report financial data in accordance with GAAP such that there is more than a REMOTE LIKELIHOOD that aMISSTATEMENTof the entity’s financial statements that is more than inconsequential will not be prevented or detected.

SAS No. 115:

A deficiency or a combination of deficiencies in internal controlthat is less severethan a material weakness yet important enough to merit attention by those charged with governance.

revised definitions1
Revised Definitions

MATERIAL WEAKNESS:

SAS No. 112:

A significant deficiency, or combination of significant deficiencies, that results in more than a REMOTE LIKELIHOOD that a material misstatement of the financial statements will not be prevented or detected.

SAS No. 115:

  • One or combination of deficiencies such that there is a reasonable possibility (reasonably possible or probable) that a material misstatement will not be PREVENTED OR DETECTED AND CORRECTEDon a timely basis.
other revisions in sas no 115

Indicators of Material Weakness consist of:

Identification of fraud, whether or not material, on the part of senior management;

Restatement of previously-issued financial statements to reflect the correction of a material misstatement due to error or fraud;

Identification by an auditor of a material misstatement of the financial statements, in circumstances that indicate that the misstatement would not have been detected by the entity’s internal control;

Ineffective oversight of the entity’s financial reporting and internal control by those charged with governance;

No longer includes a list of deficiencies that ordinarily would be

considered at least significant deficiencies; and

Contains a revised illustrative written communication to management and those charged with governance.

Other Revisions in SAS No. 115
risk assessment standards

Risk Assessment Standards are the key to understanding SAS No.115:

SAS Nos. 104-111

Effective for audits of financial statements for periods beginning on or after December 15, 2006.

Establishes standards and provides guidance on planning and supervision, the nature of audit evidence, and evaluation whether the audit evidence obtained affords a reasonable basis for an option regarding the financial statements under audit.

Provides guidance concerning the auditor’s assessment of the risk of MATERIAL MISSTATEMENT (whether caused by error or fraud) in a financial statement audit.

Design and performance of audit procedures whose nature, timing,

and extent are responsive for those assessed risks.

Risk Assessment Standards
primary objective of risk assessment standards

To enhance the auditor’s application of the audit risk model in practice by specifying, among other things:

More in-depth understanding of the entity and its environment, including its internal control, to identify the risks of material misstatement in the financial statements, and what the entity is doing to mitigate them.

More rigorous assessment of the risks of material misstatement of the financial statements based on that understanding.

Improved linkage between the assessed risks and the nature,

timing, and extent of audit procedures performed in response to

those risks.

Primary Objective of Risk Assessment Standards
key concepts sas no 115

Auditors must evaluate identified deficiencies in internal control anddetermine individually or in combination, which are significant deficiencies or material weaknesses.

Deficiencies indentified as significant deficiencies and material weaknesses must be communicated in writing to management and those charged with governance.

Key Concepts: SAS No.115
key definition of a deficiency

A deficiency in internal control exists when the design or operation of a control does not allowmanagement or employees, in the normal course of performing their assigned functions, to prevent or detect and correct misstatements on a timely basis.

Key Definition of a Deficiency
key concepts does not allow
Key Concepts: Does Not Allow
  • Auditors do not have to find an actual misstatement.
  • Judged on the potentialto cause misstatement.
key concepts management or employees
Key Concepts: Management or Employees
  • Prevention, detection & correction of misstatements are the responsibility of the company’s management, employees, and those charged with governance – not the auditor.
  • Auditors can recommend, but we cannot implement.
key concepts normal course of performing their assigned functions
Key Concepts: Normal Course of Performing Their Assigned Functions
  • Day-to-Day operations.
  • On-going activity.
  • Internal control is a process.

Ultimate Goal is “to have reliable financial statements”

key concepts timely b asis
Key Concepts: Timely Basis
  • Before the release of financial statements, including their disclosures.
types of deficiencies
Types of Deficiencies
  • Deficiency in Design.
  • Deficiency in Operation.
deficiency in design
Deficiency in Design
  • Deficiency in Design
  • A deficiency in design exists when:
  • a control necessary to meet the control objective is missing or;
  • an existing control is not properly designed, so that even if the control operates as designed, the control objective is not always met.
examples of deficiencies in design
Examples of Deficiencies in Design
  • Inadequate design of controls over the preparation of financial statements.
  • Inadequate design of controls over a significant account or process.
  • Insufficient control consciousness (tone at the top).
  • Inadequate segregation of duties.
  • Inadequate controls over the safeguarding of assets.
  • Inadequate design of IT general and application controls.
  • Employees or management who lack the qualification and training to fulfill their assigned functions.
  • Inadequate monitoring of controls.

18

deficiency in operation
Deficiency in Operation
  • Deficiency in Operation
  • A deficiency in operation exists when:
  • a properly designed control does not operate as designed; or
  • when the person performing the control does not possess the necessary authority or qualifications to perform the control effectively.
examples of deficiencies in operation
Examples of Deficiencies in Operation
  • Failure in the operation of controls over a significant account or process.
    • (i.e., dual authorization for significant purchases)
  • Failure of the information and communication component of internal control (not receiving accurate or timely information for remote locations in order to prepare financial statements).
  • Failure to perform reconciliations of significant accounts.
  • Undue bias or lack of objectivity of those responsible for accounting decisions.
  • Misrepresentation by entity personnel to auditor.
  • Failure of an application control caused by a deficiency in the design or

operation of an IT general control.

20

where are they
Where Are They?
  • In the five interrelated components of internal control (COSO).
  • At the financial statement level.
  • On the level of relevant assertions.
  • In areas of significant risks.
  • In areas of risk for which substantive procedures
  • alone do not provide sufficient appropriate audit evidence.
evaluating deficiencies

Evaluate the severity of the deficiency.

Severity depends on:

Magnitude of potential misstatement; and

Whether there is a reasonable possibility that the controls will fail to prevent, or detect and correct a misstatement of an account balance or disclosure.

Evaluating Deficiencies

NOTE: The severity does not depend on whether a misstatement actually occurred.

evaluating deficiencies cont

Factors that affect the magnitude:

Amounts or total of transactions.

Generally the maximum amount of an account balance or total of transactions that can be overstated is the recorded amount (understatements could be larger).

The volume of activity.

Risk factors that affect whether there is a reasonable possibility of a misstatement include:

The nature of the accounts.

The susceptibility of the asset or liability to loss or fraud.

The extent of judgment in determining the amount.

Evaluating Deficiencies (cont.)
evaluating deficiencies cont1

Materiality

Matter of professional judgment.

Influenced by the auditor’s perception of the needs of users of the financial statements.

Two levels of materiality.

Financial statement level; and

Particular items in (or based upon) the financial statements.

Evaluating Deficiencies (cont.)
evaluating deficiencies cont2

If the auditor determines that a deficiency is not a material weakness, the auditor should consider whether a prudent official would agree with the auditor’s conclusion.

Because a prudent official is cautious, this test is used to increase the severity, not to justify a decrease in severity.

Evaluating Deficiencies (cont.)
communication

Communication should be in writing.

Best if made by report release date, but no later than 60 days following release date.

Can be communicated earlier if warranted.

Must be communicated even if management has accepted the risk associated with the deficiency.

Auditor cannot issue written communication

that no significant deficiencies were identified during the audit.

Communication
what are your responsibilities

Evaluate financial statement risks.

Evaluate whether internal controls are adequate.

What Are Your Responsibilities?
scenario one

A small nonprofit organization has only one person in charge of the accounting and reporting function. The processing, recording, and implementation of accounting transactions is preformed by this employee.

Questions

Is this a deficiency?

Is this a significant deficiency?

Is this a material weakness?

Scenario One
scenario one additional facts

The employee sends the Treasurer the checks and related invoices for review.

Through discussions with the Treasurer, he/she only reviews checks over $2,000.

The Treasurer sends all documents back to the accounting professional.

Questions

Is this a deficiency?

Is this a significant deficiency?

Is this a material weakness?

Scenario One: Additional Facts
scenario one additional facts cont

The Treasurer receives the bank statement directly from the bank.

The Treasurer reviews all transactions, including those below $2,000, for reasonableness. Then, he/she gives the bank statement to the employee for reconciliation.

The Treasurer also reviews the bank reconciliation when complete.

Questions

Is this a deficiency?

Is this a significant deficiency?

Is this a material weakness?

Scenario One: Additional Facts (cont.)
scenario two

An auditor is auditing a small Association that has only one person in charge of the accounting and reporting function. The bookkeeper has been with the company for many years and it is common for the Executive Director to leave signed, blank checks with the bookkeeper in case of an emergency.

The Executive Director or Treasurer does not perform any oversight.

Questions

Is this a deficiency?

Is this a significant deficiency?

Is this a material weakness?

Scenario Two
scenario two additional facts

The Executive Director hired the auditor to perform quarterly interim procedures. The Executive Director believes the auditor is a substitution for his/her lack of oversight. One of the auditor’s quarterly procedures is to review the bank reconciliation, which is prepared by the bookkeeper, as well as propose adjusting journal entries for other account reconciliations.

Questions

Is this a deficiency?

Is this a significant deficiency?

Is this a material weakness?

Scenario Two: Additional Facts
scenario three

At the end of audit, the auditor always prepares the financial statements and required disclosures because the Association’s Controller is unable to do so.

Questions

Is this a deficiency?

Is this a significant deficiency?

Is this a material weakness?

Scenario Three
scenario three additional facts

Prior to signing the representation letter, the Controller:

Obtains the financial statement grouping schedules.

Obtains the schedules documenting the calculation of amounts included in the notes.

Reviews and approves these schedules.

In addition, the Controller obtains a current disclosure checklist from the AICPA;

Reviews and answers the checklist to ensure propriety and completeness of the footnotes.

Reads, revises and approves financial statements with the Executive Director.

Questions

Is this a deficiency?

Is this a significant deficiency?

Is this a material weakness?

Scenario Three: Additional Facts
slide36

Gelman Rosenberg & Freedman, CPAs

4550 Montgomery Avenue, Suite 650 N

Bethesda, MD 20814

  • Ms. Terri McKnight, CPA, Director
  • Mr. Jim Larson, CPA, Director

Phone: 301-951-9090

E-mail: tmcknight@grfcpa.com

jlarson@grfcpa.com

Websites:www.asaecenter.org

www.grfcpa.com

Connecting Great Ideas and Great People