AICPA Statement on Auditing Standards No. 112, Communicating Internal Control Matters Identified in an Audit - PowerPoint PPT Presentation

Loading...

PPT – AICPA Statement on Auditing Standards No. 112, Communicating Internal Control Matters Identified in an Audit PowerPoint presentation | free to view - id: 259655-Y2IxZ



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

AICPA Statement on Auditing Standards No. 112, Communicating Internal Control Matters Identified in an Audit

Description:

... communications ... Difference between government audits and other audits. Others 2 ' ... may need to gather more information to make the SAS No. 112 ... – PowerPoint PPT presentation

Number of Views:102
Avg rating:3.0/5.0
Slides: 49
Provided by: RandyR59
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: AICPA Statement on Auditing Standards No. 112, Communicating Internal Control Matters Identified in an Audit


1
AICPA Statement on Auditing Standards No. 112,
Communicating Internal Control Matters Identified
in an Audit
  • NASACT Audio Conference
  • October 19, 2006

2
Objectives
  • Know the key concepts for this recently issued
    audit standard
  • Identify the issues associated with implementing
    the standard (auditors)
  • Identify the issues associated with those
    responsible for internal controls (preparers)

3
SAS No. 112, Communicating Internal Control
Matters Identified in an Audit
4
About SAS No. 112
  • Issued May 2006
  • Supersedes SAS No. 60
  • Effective for audits of financial statements for
    periods ending on or after December 15, 2006
  • Fairly short brief Appendix

5
The Quick Snapshot
  • Requires auditor to communicate, in writing,
    significant deficiencies and material weaknesses
    to management and those charged with governance

6
Definitions
  • Control deficiency
  • Design or operation of a control that does not
    prevent or detect misstatements

7
Definitions
  • Significant deficiencyControl deficiency(ies)
    that adversely affects the entitys financial
    reporting process such that there is more than a
    remote likelihood that a misstatement in the
    financial statements that is more than
    inconsequential will not be prevented or detected

8
Definitions
  • Material weaknessSignificant deficiency(ies)
    that results in more than a remote likelihood
    that a material misstatement of the financial
    statements will not be prevented or detected

9
Definitions
  • Those charged with governanceThe person(s) with
    responsibility for the entitys strategic
    direction and accountability, including the
    financial reporting process

10
Evaluating Control Deficiencies
  • The significance depends on the potential for a
    misstatement, not an actual misstatement
  • The absence of an identified misstatement does
    not provide evidence that a deficiency is not
    significant or material

11
EvaluatingFactors Affecting Likelihood
  • Nature of accounts, disclosures, and assertions
  • Susceptibility to loss or fraud
  • Subjectivity and complexity
  • Cause and frequency of detected exceptions

12
EvaluatingFactors Affecting Likelihood
  • Interaction or relationship of the control with
    other controls
  • Interaction of deficiency with other deficiencies
  • Possible future consequences of the deficiency

13
EvaluatingFactors Affecting Magnitude
  • Financial statement amounts or total transactions
    exposed
  • Volume of activity in account balance or class of
    transactions affecting current or future periods

14
EvaluatingOther Considerations
  • Multiple control deficiencies that affect the
    same financial statement account balance or
    disclosure
  • Mitigating effects of effective compensating
    controls
  • Results of tests of controls

15
ExamplesDeficiencies That Are at Least
Significant
  • Deficiencies in controls over
  • Selection and application of GAAP
  • Antifraud programs
  • Nonroutine and nonsystematic transactions
  • Period-end financial reporting process

16
ExamplesStrong Indicators of Material Weaknesses
  • Presumptive requirementsignificant deficiencies
  • Ineffective oversight by those charged with
    governance
  • Restatement of previously issued financial
    statements
  • Material misstatement identified by the auditor

17
ExamplesStrong Indicators of Material Weaknesses
  • Presumptive requirementsignificant deficiencies
  • Ineffective internal audit or risk assessment
    functions
  • Ineffective regulatory compliance function, when
    applicable
  • Any fraud by senior management

18
ExamplesStrong Indicators of Material Weaknesses
  • Presumptive requirementsignificant deficiencies
  • Managements failure to assess previously
    reported significant deficiencies
  • Ineffective control environment

19
Communicating Deficiencies
  • In writing
  • To management/governance
  • All significant deficiencies and material
    weaknesses
  • Items reported in prior years, not yet remediated
  • Within 60 days of report release date

20
Communicating Deficiencies
  • Importance of early communications
  • Managements cost-benefit decisions does not
    relieve auditor responsibility
  • Permits other matters to be communicated

21
Communicating Deficiencies
  • Content
  • Required elements
  • Illustrative samples
  • Management's written responses may be included

22
The Auditors Perspective
23
Impact on Auditors
  • Timing
  • Observations
  • Concerns/Issues

24
TimingPre-SAS 112
Auditors report on financial statements
Single Audit reports
Management letters
Points for discussion
25
TimingUsing SAS 112
  • All of these must now be communicated to
    management within 60 days after release date of
    our report on the CAFR/Basic Financial Statements

26
TimingUsing SAS 112
  • Yellow Book report issued soon after CAFR, and
    not in our single audit report
  • Management letter will also need to be issued
    within 60 days after our report on CAFR released

27
Our Experiment
  • Take all the financial statement audits issued
    last year
  • Summarize all findings into their four buckets
  • Re-categorize the findings under the new criteria
    of SAS No. 112

28
Our Experiment
  • Pre-SAS 112

29
Our ExperimentResults
30
Our ExperimentResults
31
Observations
  • Difference between government audits and other
    audits
  • Others2 vehicles for reporting
  • Govt.3 vehicles for reporting

32
Observations
  • We noticed overlap with
  • SAS No. 103
  • Risk Assessment Suite of Standards
  • Independence Standards
  • Government Auditing Standards

33
Observations
  • Auditors need to make a clear change in their
    thought process
  • Auditors may need to gather more information to
    make the SAS No. 112 determinations

34
Observations
  • This will be a fresh look

35
Concerns/Issues
  • Changing our process for Yellow Book reports and
    management letters
  • When to begin writing process
  • Sharing time for audit and writing
  • Getting auditee responses

36
Concerns/Issues
  • Developing clear understanding to assist in
    applying
  • More than inconsequential
  • Reasonable person

37
Concerns/Issues
  • For Yellow Book audits, determining what goes in
    the management letter

38
Concerns/Issues
  • Determining auditees inability to apply GAAP or
    prepare statements vs. choosing to have someone
    else do so (and other similar determinations)

39
Concerns/Issues
  • Educating auditee (whos job is it?)
  • Preparers
  • Management
  • Governing bodies
  • Employees responsible for performing control
    activities

40
Managements Perspective
41
Change in Perspective
  • Former Points for Discussion now in Management
    Letter
  • Former Reportable Conditions may now result in
    Qualified Opinion
  • All without any change in operations

42
Change in Perspective
  • Proposed Audit Adjustments
  • Does this mean that Internal Controls were not
    effective in fairly presenting financial
    information?
  • Sometimes methodology and approach differs

43
Application to Arizona
  • Decentralized Environment
  • 135 State agencies
  • Some agencies have own system
  • Some agencies have own financial statements

44
Application to Arizona
  • Internal Controls combination of Statewide and
    Agency
  • Reliance on Policies, Procedures, Communications

45
Application to Arizona
  • Primary Concern an Internal Control problem at
    a large agency or combination of agencies could
    now become a statewide Opinion Qualification
  • Perception and Understanding of Importance of
    Internal Controls

46
Application to Arizona
  • Planning and Preparation Essential
  • Discuss with Auditors
  • Coordinate with Agencies/CFOs
  • Communication and Relationships Key
  • Manage Expectations

47
Application to Arizona
  • Follow Common Project Cycle
  • Plan
  • Implement
  • Evaluate
  • Adjust as needed

48
Questions and Discussion
About PowerShow.com