...Internal Control 1843 AU Section 325 Communicating Internal Control Related Matters Identified in an Audit (Supersedes SAS No. 112.) Source: SAS No. 115. Effective for audits of financial statements for periods ending on or after December 15, 2009. Earlier implementation is permitted. Applicability .01 This section establishes standards and provides guidance on communicating matters related to an entity's internal control over financial reporting identified in an audit of financial statements. It is applicable whenever an auditor expresses or disclaims an opinion on financial statements. In particular, this section • • • defines the terms deficiency in internal control, significant deficiency, and material weakness. provides guidance on evaluating the severity of deficiencies in internal control identified in an audit of financial statements. requires the auditor to communicate, in writing, to management and those charged with governance,1 significant deficiencies and material weaknesses identified in an audit. .02 This section is not applicable if the auditor is engaged to examine the design and operating effectiveness of an entity's internal control over financial reporting that is integrated with an audit of the entity's financial statements under AT section 501, An Examination of an Entity's Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements. Introduction .03 Internal control is a process—effected by those charged with...
Words: 4151 - Pages: 17
...regarding imperative deficiencies and material weakness in internal controls that are noted in audit reports. It clarifies standards and provides guidance on communicating matters related to an entity’s internal control over financial reporting identified in an audit of financial statements. The new SAS No. 115 is going to affect this department in three different ways: 1. It defines three categories of control deficiencies that may be identified during the external audit of the financial statements: control deficiencies, significant deficiencies and material weakness. 2. It provides guidance on evaluating the severity of the deficiencies identified. 3. It requires the auditor to communicate in writing to managements and those charged with governance any significant deficiencies or material weaknesses that were identified. SAS No. 115 includes much of what was outlined in SAS No. 112 as it provides guidance to enhance the auditor's ability to evaluate deficiencies in internal control identified during an audit, and then communicate those deficiencies that the auditor believes are significant deficiencies or material weaknesses to management and those charged with governance. The key differences between SAS No. 115 and SAS No. 112 are in the definitions of material weaknesses and significant deficiencies so they are aligned with the PCAOB Auditing Standard No. 5, with the most significant change being to the definition of significant deficiencies. Additional...
Words: 476 - Pages: 2
...auditor make communications, in writing, to management regarding significant deficiencies and material weaknesses in internal controls that you note in your audits SAS No. 115 supersedes SAS No. 112 because it clarifies standards and provides guidance on communicating matters related to an entity’s internal control over financial reporting (internal control) identified in an audit of financial statements. The new SAS No. 115 is going to affect us in three different ways: 1. It defines three categories of control deficiencies that may be identified during the external audit of the financial statements: control deficiencies, significant deficiencies and material weakness. 2. It provides guidance on evaluating the severity of the deficiencies identified 3. It requires the auditor to communicate in writing to managements and those charged with governance any significant deficiencies or material weaknesses that were identified SAS No. 115 includes much of what was outlined in SAS No. 112 as it provides guidance to enhance the auditor's ability to evaluate deficiencies in internal control identified during an audit, and then communicate those deficiencies that the auditor believes are significant deficiencies or material weaknesses to management and those charged with governance. The key differences between SAS No. 115 and SAS No. 112 are in the definitions of material weaknesses and significant deficiencies so they are aligned with the PCAOB...
Words: 527 - Pages: 3
...Number 112. Going forward, auditors are to use rule SAS 115 when performing internal control audits. The rules have some similarities. However, the key differences in the rules are the definitions for control deficiency, significant deficiency, and material weaknesses. The change in rules also creates more opportunities for accounting firms to offer services. Similarities between SAS 112 and SAS 115: Similarities exist between SAS 115 and SAS 112. The rules require auditors to look at deficiencies found during an audit. The auditor must continue to identify the deficiencies found as significant deficiencies or material weaknesses.1 SAS 112 and SAS 115 require auditors to determine if internal controls can prevent and detect errors. Management receives written communication of the findings, as before. Both rules require management to become more aware of the weaknesses in the organizational internal controls. The differences in rules SAS 112 and SAS 115 are as significant as the similarities. Differences between SAS 112 and SAS 115: The differences between SAS 112 and SAS 115 are subtle but important. The major difference between the two rules is the definition of control deficiency, significant deficiency, and material weakness.1 Quoting from the AICPA website,1 listed below are the definitions with the differences highlighted as follows: SAS 112 Control Deficiency – A control deficiency exists when the design or operation of a control does not allow management or employees, in...
Words: 1974 - Pages: 8
...assessment of the effectiveness of the entity’s ICFR as of the end of the entity’s most recent fiscal year. Auditor’s Responsibilities • The auditor must plan and perform the audit to obtain reasonable assurance about whether the entity maintained, in all material respects, effective internal control as of the date specified in management's assessment. • The audit of internal control should be “integrated” with the financial statement audit, and should express an opinion on the effectiveness of the entity’s ICFR. 7-2 “Likelihood” refers to the probability that a misstatement will not be prevented or detected. For a significant deficiency or a material weakness to exist, the likelihood of such an occurrence must be either “reasonably possible” or “probable.” “Magnitude” refers to the significance that the control deficiency could have on the financial statements according to the judgment of a prudent official who considers the possibility of further, undetected, misstatements. If the auditor’s likelihood assessment is “reasonably possible” and if the magnitude of the deficiency is assessed as “significant,” then either a significant deficiency or material weakness exists depending on the magnitude of the potential effects of the deficiency on the entity’s financial statements. 7-3...
Words: 5977 - Pages: 24
...Memorandum To: Internal Accountants From: Team B Date: November 02, 2015 Subject: Enhanced Formal Communication The American Institute of Certified Public Accountant Board (AICPB) establishes SAS 112 and SAS 115 to provide policies that outline the description of material weakness and significant deficiencies with principles to communicating materials concerning the internal controls of an establishment. SAS 112 makes it easier for an auditor to locate discoveries that could not have been reportable before can now be reportable as there is the possibility of misstatement. The SAS explains that the importance of a control deficiency is reliant on the possibility of misstatement, not if a misstatement transpires. The SAS 112 forms...
Words: 560 - Pages: 3
...Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting that is Integrated with an Audit of Financial Statements Provided for use with Auditing and Assurance Services: An Integrated Approach, 12th edition Alvin A. Arens, Randal J. Elder, Mark A. Beasley Pearson Prentice Hall, Inc. INTRODUCTION The 12th Edition of Auditing and Assurance Services: An Integrated Approach, includes extensive coverage of key provisions of the Sarbanes-Oxley Act (the Act) and related Public Company Accounting Oversight Board (PCAOB) standards and rules applicable to the audits of financial statements and internal control over financial reporting for public companies. At the time the 12th Edition was released in March 2007, the PCAOB had issued Auditing Standard Nos. 1-4. On May 24, 2007, the PCAOB issued Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting that is Integrated with an Audit of Financial Statements (AS5). Subject to SEC approval, AS5 is effective for audits of fiscal years ending on or after November 15, 2007. AS5 supersedes PCAOB Auditing Standard No. 2 (AS2), An Audit of Internal Control Over Financial Reporting Performed in Conjunction with an Audit of Financial Statements, which was issued in June 2004. The PCAOB and the Securities and Exchange Commission (SEC) have closely monitored the implementation of AS2 to evaluate the effectiveness of public company auditors in applying the provisions to audits of large public companies...
Words: 3261 - Pages: 14
...FASB Codification Case 10-6 Care For Kids Inc. In the Care for Kids Inc. case the auditor should consider the likelihood and magnitude of a misstatement to determine if a deficiency, significant deficiency, or material weakness exists. According to SAS 115 (2011), “If the likelihood is more than remote, then consideration as a significant deficiency is triggered, again assuming that the effect of the deficiency is more than inconsequential. A material weakness is a deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity's financial statements will not be prevented, or detected and corrected on a timely basis.” If the auditor does determine that there is a misstatement he or she must inform the client in writing. Once a control deficiency is identified, the auditor must determine whether the deficiency is a significant deficiency or material weakness. According to SAS 112 and the AICPA’s Audit Risk Alert (2011), defines the factors to consider, including the likelihood that a deficiency will continue and the magnitude of the misstatement or potential misstatement. Additional information that will be needed in the Care for Kids cases would be; (1) the nature of the financial statement accounts, disclosures, and assertions involved. (2) The susceptibility of the related assets or liabilities to loss or fraud. (3) The interaction or relationship of the control with other controls...
Words: 474 - Pages: 2
...Communicating Internal Control Related Matters Identified in an Audit. Per the American Institute of CPAs website, “SAS 115 requires the auditor to make communications, in writing, to management and those charged with governance regarding significant deficiencies and material weaknesses in internal controls that you note in your audits.” What changed? SAS 115 amends and replaces SAS 112. Noteworthy changes in SAS 115 include new definitions of material weaknesses and significant deficiency. The new definitions as described in SAS 115 are listed below. Material Weaknesses: “A deficiency, or combination of deficiencies, in internal control such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected on a timely basis.” In SAS No.112 material weakness’ definition stated “more than a remote likelihood” that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected on a timely basis. This has changed as it distinguishes that a reasonable possibility exists, rather than “more than a remote likelihood”. Significant Deficiency: “A deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance.” The change in the definition of Significant Deficiency...
Words: 458 - Pages: 2
...would you consider to determine if a deficiency, significant deficiency, or material weakness exists? A control deficiency exists when the design or operation of a control does not prevent or detect misstatements on a timely basis. • A deficiency in design exists when a control necessary to meet the control objective is missing or an existing control is not properly designed so that, even if the control operates as designed, the control objective is not always met. • A deficiency in operation exists when a properly designed control does not operate as designed or when the person performing the control does not possess the necessary authority or qualifications to perform the control effectively. A significant deficiency is a control deficiency, or combination of control deficiencies, that affects the company's ability to initiate, authorize, record, process, or report external financial data reliably in accordance with GAAP such that there is more than a remote likelihood that a misstatement that is more than inconsequential will not be prevented or detected. A misstatement is inconsequential if a reasonable person would conclude, after considering the possibility of further undetected misstatements, that the misstatement, either individually or when aggregated with other misstatements, would clearly be immaterial to the financial statements. A material weakness is a significant deficiency, or combination of significant deficiencies, that results in more than a remote likelihood...
Words: 359 - Pages: 2
...CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT Answers to Review Questions 6-1 From management's perspective, the internal control provides a way to meet its stewardship or agency responsibilities. Management also needs a control system that generates reliable information for decision-making purposes. The importance of internal control to the auditor is rooted in the second standard of fieldwork. The controls that are relevant to the entity's ability to initiate, record, process, and report financial data consistent with management's assertions are the auditor's main concern. The auditor needs assurances about the reliability of the data generated within the entity's internal control system in terms of how it affects the fairness of the financial statements and how well the assets and records of the entity are safeguarded. 6-2 The potential benefits and risks to an entity’s internal control from information technology include (see Table 6-1): Benefits: • Consistent application of predefined business rules and performance of complex calculations in processing large volumes of transactions or data. • Enhancement of the timeliness, availability, and accuracy of information. • Facilitation of additional analysis of information. • Enhancement of the ability to monitor the performance of the entity's activities and its policies and procedures. • Reduction in the risk that controls will be circumvented. ...
Words: 3770 - Pages: 16
...Auditing Standards (SAS) No. 112 and the superseding SAS No. 115 is extremely important as they may affect our audit results and findings. This internal memo is being distributed to all accountants in our office to provide information related to the new changes in standards and to show how the changes my affect you (AICPA, 2009). SAS No. 115 has replaced SAS No. 112 effective on or after December 15, 2009. SAS No. 115 was designed to bring awareness of deficiencies in internal controls and to assist in reducing the risks of financial statement misstatements. SAS No. 115 also provides guidance on how to assess whether a deficiency in internal controls is a compelling deficiency or materials weakness. The auditor will evaluate the identified controlled deficiencies and decide if the deficiencies are significant or material. The main difference between SAS No. 112 and SAS No. 115 are the definitions of significant deficiency and material weakness (AICPA, 2009). SAS No. 112 defined significant deficiencies as "more than a remote likelihood that a misstatement of the entity's financial statements that is more than inconsequential will not be prevented or detected" This has been removed from SAS No. 115, allowing auditors the ability to use more professional judgment in determining whether a deficiency is a significant deficiency and merits attention. A significant deficiency in the internal controls is not as severe as material...
Words: 1241 - Pages: 5
...Care For Kids Case 1. Factors an auditor should consider to determine if a deficiency, significant deficiency, or material weakness exists include: * The significance of the risk * The likelihood that a material misstatement will occur * The characteristics of the class of transactions, account balance, or disclosure involved * The nature of the specific controls used by the entity, in particular, whether they are manual or automated * Whether the auditor expects to obtain audit evidence to determine if the entity’s controls are effective in preventing or detecting material misstatements. 2. Additional information needed to complete an assessment: * The nature of further audit procedures * The timing of further audit procedures * The extent of further audit procedures * The nature of tests of controls * The timing of tests of controls * The extent of tests of controls * The nature of substantive procedures * The timing of substantive procedures * The extent of substantive procedures 3. Communications required to be made to those charged with governance: * A statement that the purpose of the auditor’s consideration of internal control was to express an opinion on the financial statements and not to express and opinion on the effectiveness of the entity’s internal controls * A statement that the auditor does not express an opinion on the effectiveness of...
Words: 297 - Pages: 2
...112 Changes have been made regarding the rules auditors must follow. The purpose of this memo is to inform all the accountants about the new Statement of Accounting Standard (SAS) No. 112,Communicating Internal Control Related Matters Identified in an Audit issued by the American Institute of Certified Public Accountants (AICPA). Management considers SAS No. 112 an imperative accounting standard to know, understand, and communicate effectively and efficiently. SAS No. 112 establishes standards and provides guidance on communicating matters related to an entity’s internal control over financial reporting identified in an audit of financial statements (American Institute of Certified Public Accountants, 2011). SAS No. 112 replaces SAS No. 60 and is effective for periods ending on or after December 15, 2006. Consequently, the term “reportable condition” will become extinct. The terms “significant deficiency” and “material weaknesses” are used to describe control deficiencies that must be communicated to management and those charged with governance during audits. The underlying principle deals with identified control deficiencies and determines whether these deficiencies, individually or in combination, are significant deficiencies or material weaknesses (American Institute of Certified Public Accountants, 2011). Auditors are required to provide clients with an understanding of the meaning and significance of these terms. Therefore, in communicating to our clients, auditors...
Words: 508 - Pages: 3
...A major step in the direction towards improving the audit quality and at the same time ensuring that Australia’s regulatory framework is in line with international best practice; is the proposed Corporations Legislation Amendment (Audit Enhancement) Bill 2012. Various measures and reforms have been drafted in the legislation with a view to achieve this purpose and also to ensure that the audit regulation framework is in line with the dynamic environment Australia is operating in. Let us discuss these measures to see what they mean and refer to, and form an opinion as to why were these introduced. The first measure requires the audit firms to publish an annual transparency report in the event that they conduct audit of 10 or more significant entities. This is applicable to those audit firms which carry out an audit of 10 or more than 10 significant entities in an year. These entities may be listed companies or other listed registered schemes. The auditor in such a case is required to publish an annual transparency report on the auditor’s website as well as with the ASIC. The contents of the transparency report are required to be as per the provisions of Sec 332B of the Corporations Act and other regulations. These mainly contain information about the ownership, structure, governance and other factual information relating to such audit firms. The idea is that information regarding such audit firms who are carrying audit of large entities is available to their existing as well...
Words: 1274 - Pages: 6
