1 / 24

SAS 112: The New Auditing Standard

SAS 112: The New Auditing Standard. Jim Corkill Controller Accounting Services & Controls. Agenda. Background What is SAS 112 Impacts on UC and the Campus Key Controls Roles & Responsibilities Q & A. Background. Sarbanes-Oxley Act of 2002 Stronger Controls for Public Companies

cstout
Download Presentation

SAS 112: The New Auditing Standard

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SAS 112:The New Auditing Standard Jim Corkill Controller Accounting Services & Controls

  2. Agenda • Background • What is SAS 112 • Impacts on UC and the Campus • Key Controls • Roles & Responsibilities • Q & A

  3. Background • Sarbanes-Oxley Act of 2002 • Stronger Controls for Public Companies • Created a new federal oversight board, the Public Company Accounting Oversight Board (PCAOB) • In May 2006, AICPA issued SAS 112 which substantially incorporates the PCAOB’s AS 2.

  4. What is SAS 112? • Statement on Auditing Standard 112 (SAS 112): • “Communicating Internal Control Related Matters Identified in an Audit” – Effective May 2006 • SAS 112 develops a framework for reporting control weaknesses over financial reporting, not designed to address other controls, such as operational controls.

  5. Purpose of SAS 112 • Ensure effectiveness of internal controls that impact financial statements • Establish a standard for determining seriousness of a control issue and classifying it into three categories: • Control Deficiency • Significant Deficiency • Material Weakness

  6. Examples of Control Deficiencies • Lack of review and reconciliation of departmental expenditures • Lack of overdraft funds monitoring • Lack of physical inventory • Lack of timeliness of cash deposit and account reconciliation

  7. Significant Deficiency and Material Weakness A control deficiency, or combination of control deficiencies with more than a remote chance of not preventing or detecting: • An inconsequential misstatement of the financial statements = Significant Deficiency • A material misstatement of the campus financial statements = Material Weakness • The materiality of the control deficiency is determined based on what potentially could go wrong, not just on the amount of actual misstatements.

  8. What does this mean for UC? • The new definitions lower the bar for reporting internal control deficiencies to the Chancellor and the Regents • In addition, SAS 112 requires UC to disclose deficiencies to 3rd parties such as: • Federal sponsors • 3rd party creditors • Accrediting agencies, Rating agencies • Insurers

  9. Additional Impacts of SAS 112 • Negative impact on sponsored project funding • Negative impact on credit rating • Additional federal audits • Negative impact on reputation Any findings could result in increased review by the federal government and/or impact the University’s ability to obtain research funding

  10. How to Reduce Potential Findings • Place “key controls” in our operation to minimize control deficiency and risk by preventing or detecting errors and frauds in a timely manner

  11. UC Response to SAS 112 • Identify financial key controls. • Controls must be documented or they are not considered controls. • Some of these key controls reside in departments. • UC Website with documentation of all of our key controls: http://www.ucop.edu/SAS112

  12. UCSB Response to SAS 112 • Work with Accounting and central departments to identify key controls for our financial processes • Describe & document key controls • Identify Roles, Responsibility, and Accountability • Identify sufficient evidence of review • Discussions with Campus

  13. Key Controls What is a Key Control? A set of critical processes to prevent or detect errors and frauds in the financial statements

  14. Department Key Controls Examples • General Ledger Reconciliation – Each month actual revenues and expenses are reviewed and reconciled to supporting documentation. • Overdraft Funds – Department reviews funds in overdraft status and takes follow-up action. • Distribution of Payroll Expense Reconciliation – Detailed payroll expenses reviewed each month by the department for general propriety and to validate the accuracy of the charges.

  15. Department Key Controls Examples • Purchasing and Accounts Payable Invoices –Requisitions, Purchase Orders, and Invoices are reviewed and approved at the department level.Invoices must be approved by the person with signature authorization. • Effort reports ( PARS) – PAR reports are approved each quarter by responsible official with first hand knowledge of the work performed. PARS are certified for employees who are paid directly from a federal or federal flow through award.

  16. Department Key Controls Examples • Physical Inventory – Physical Inventory is conducted by the department custodian/PI every two years. Equipment Management ensures the inventory is conducted every two years. Records are reconciled to the physical inventory results.

  17. Key Control Process Example: General Ledger Reconciliation Key Control: Department Reconciles their General Ledger Monthly Process: • Departments review and reconcile, annotate exceptions, and follow-up with corrective actions, i.e, submitting a journal entry, contacting a recharge unit or other dept. as appropriate, or submitting a transfer of expense. • Maintain evidence of review and reconciliation that is easily accessible for audit, i.e. use On-Line General Ledger approval function that records user, time, date stamp

  18. Role and Responsibilities of the Department • Implement departmental key controls • Ensure the key controls are in place • Document evidence of review for all levels (signature, email and/or sign checklist) • Correct and follow-up timely, when control deficiency or weakness is identified • Document evidence of corrective action taken

  19. Role and Responsibilities of the Office of the Controller • Update university procedures and best practices for Key Controls • Act as a liaison between external auditors and departments • Provide guidance, key controls framework, and communication for SAS-112 implementation • Serve as a resource for campus departments

  20. Tools for Departments • UCSB SAS 112 Web Site –http://www.controller.ucsb.edu/SAS112 • UC Web Site – http://www.ucop.edu/sas112/index.php • Department Checklist

  21. Other Controls • These key controls are not the only controls that departments need to monitor. • Other controls exist for governance and to comply with University Policy, Laws and Regulations. • Departments should not eliminate existing controls based on SAS 112.

  22. Important Notes • SAS 112 Effective Date – May 1, 2006 • Entire Fiscal Year (2007-08) is subject to review and testing • DO NOT go back and create documents or back date reviews • BEGIN documenting key control processes (if you are not already) effective immediately

  23. Resources Sandra Featherson Associate Director of Controls x7667 Sandra.featherson@accounting.ucsb.edu Jim Corkill Controller x5882 Jim.Corkill@accounting.ucsb.edu

  24. Questions?

More Related