1 / 48

AICPA Statement on Auditing Standards No. 112, Communicating Internal Control Matters Identified in an Audit

AICPA Statement on Auditing Standards No. 112, Communicating Internal Control Matters Identified in an Audit. NASACT Audio Conference October 19, 2006. Objectives. Know the key concepts for this recently issued audit standard

moses
Download Presentation

AICPA Statement on Auditing Standards No. 112, Communicating Internal Control Matters Identified in an Audit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. AICPA Statement on Auditing Standards No. 112, Communicating Internal Control Matters Identified in an Audit NASACT Audio Conference October 19, 2006

  2. Objectives • Know the key concepts for this recently issued audit standard • Identify the issues associated with implementing the standard (auditors) • Identify the issues associated with those responsible for internal controls (preparers)

  3. SAS No. 112, Communicating Internal Control Matters Identified in an Audit

  4. About SAS No. 112 • Issued May 2006 • Supersedes SAS No. 60 • Effective for audits of financial statements for periods ending on or after December 15, 2006 • Fairly short; brief Appendix

  5. The Quick Snapshot • Requires auditor to communicate, in writing, significant deficiencies and material weaknesses to management and those charged with governance

  6. Definitions • Control deficiency • Design or operation of a control that does not prevent or detect misstatements

  7. Definitions • Significant deficiency—Control deficiency(ies) that adversely affects the entity’s financial reporting process such that there is more than a remote likelihood that a misstatement in the financial statements that is more than inconsequential will not be prevented or detected

  8. Definitions • Material weakness—Significant deficiency(ies) that results in more than a remote likelihood that a material misstatement of the financial statements will not be prevented or detected

  9. Definitions • Those charged with governance—The person(s) with responsibility for the entity’s strategic direction and accountability, including the financial reporting process

  10. Evaluating Control Deficiencies • The significance depends on the potential for a misstatement, not an actual misstatement • The absence of an identified misstatement does not provide evidence that a deficiency is not significant or material

  11. Evaluating—Factors Affecting Likelihood • Nature of accounts, disclosures, and assertions • Susceptibility to loss or fraud • Subjectivity and complexity • Cause and frequency of detected exceptions

  12. Evaluating—Factors Affecting Likelihood • Interaction or relationship of the control with other controls • Interaction of deficiency with other deficiencies • Possible future consequences of the deficiency

  13. Evaluating—Factors Affecting Magnitude • Financial statement amounts or total transactions exposed • Volume of activity in account balance or class of transactions affecting current or future periods

  14. Evaluating—Other Considerations • Multiple control deficiencies that affect the same financial statement account balance or disclosure • Mitigating effects of effective compensating controls • Results of tests of controls

  15. Examples—Deficiencies That Are at Least Significant Deficiencies in controls over: • Selection and application of GAAP • Antifraud programs • Nonroutine and nonsystematic transactions • Period-end financial reporting process

  16. Examples—Strong Indicators of Material Weaknesses Presumptive requirement—significant deficiencies • Ineffective oversight by those charged with governance • Restatement of previously issued financial statements • Material misstatement identified by the auditor

  17. Examples—Strong Indicators of Material Weaknesses Presumptive requirement—significant deficiencies • Ineffective internal audit or risk assessment functions • Ineffective regulatory compliance function, when applicable • Any fraud by senior management

  18. Examples—Strong Indicators of Material Weaknesses Presumptive requirement—significant deficiencies • Management’s failure to assess previously reported significant deficiencies • Ineffective control environment

  19. Communicating Deficiencies • In writing • To management/governance • All significant deficiencies and material weaknesses • Items reported in prior years, not yet remediated • Within 60 days of report release date

  20. Communicating Deficiencies • Importance of early communications • Management’s cost-benefit decisions does not relieve auditor responsibility • Permits other matters to be communicated

  21. Communicating Deficiencies Content: • Required elements • Illustrative samples • Management's written responses may be included

  22. The Auditor’s Perspective

  23. Impact on Auditors • Timing • Observations • Concerns/Issues

  24. Timing—Pre-SAS 112 Auditor’s report on financial statements Single Audit reports Points for discussion Management letters

  25. Timing—Using SAS 112 • All of these must now be communicated to management within 60 days after release date of our report on the CAFR/Basic Financial Statements

  26. Timing—Using SAS 112 • Yellow Book report issued soon after CAFR, and not in our single audit report • Management letter will also need to be issued within 60 days after our report on CAFR released

  27. Our Experiment • Take all the financial statement audits issued last year • Summarize all findings into their four “buckets” • Re-categorize the findings under the new criteria of SAS No. 112

  28. Our Experiment • Pre-SAS 112:

  29. 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Pre-SAS 112 Using SAS 112 Points for discussion Management letter items Reportable conditions/significant deficiencies Material weaknesses Our Experiment—Results

  30. Using SAS 112 Pre-SAS 112 0 50 100 150 200 250 300 350 400 Pre-SAS 112 Using SAS 112 3 32 Material weaknesses 11 156 Reportable conditions/significant deficiencies 65 78 Management letter items 340 185 Points for discussion Our Experiment—Results

  31. Observations • Difference between government audits and other audits • Others—2 “vehicles” for reporting • Govt.—3 “vehicles” for reporting

  32. Observations • We noticed overlap with: • SAS No. 103 • Risk Assessment Suite of Standards • Independence Standards • Government Auditing Standards

  33. Observations • Auditors need to make a clear change in their thought process • Auditors may need to gather more information to make the SAS No. 112 determinations

  34. Observations • This willbe a fresh look

  35. Concerns/Issues • Changing our process for Yellow Book reports and management letters • When to begin writing process • Sharing time for audit and writing • Getting auditee responses

  36. Concerns/Issues • Developing clear understanding to assist in applying: • More than inconsequential • “Reasonable” person

  37. Concerns/Issues • For Yellow Book audits, determining what goes in the management letter

  38. Concerns/Issues • Determining auditee’s inability to apply GAAP or prepare statements vs. choosing to have someone else do so (and other similar determinations)

  39. Concerns/Issues • Educating auditee (who’s job is it?) • Preparers • Management • Governing bodies • Employees responsible for performing control activities

  40. Management’s Perspective

  41. Change in Perspective • Former Points for Discussion now in Management Letter • Former Reportable Conditions may now result in Qualified Opinion • All without any change in operations

  42. Change in Perspective • Proposed Audit Adjustments • Does this mean that Internal Controls were not effective in fairly presenting financial information? • Sometimes methodology and approach differs

  43. Application to Arizona • Decentralized Environment • 135 State agencies • Some agencies have own system • Some agencies have own financial statements

  44. Application to Arizona • Internal Controls combination of Statewide and Agency • Reliance on Policies, Procedures, Communications

  45. Application to Arizona • Primary Concern: an Internal Control problem at a large agency or combination of agencies could now become a statewide Opinion Qualification • Perception and Understanding of Importance of Internal Controls

  46. Application to Arizona • Planning and Preparation Essential • Discuss with Auditors • Coordinate with Agencies/CFOs • Communication and Relationships Key • Manage Expectations

  47. Application to Arizona Follow Common Project Cycle • Plan • Implement • Evaluate • Adjust as needed

  48. Questions and Discussion

More Related