Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications

SAS 112 and Auditing Update SAS 112 and Auditing Update

advertisement 
SAS 112 and Auditing
Update
Recent Auditing Standards’ Impact on
the Audited
Agenda
1.
1.Internal
InternalControl
ControlDeficiencies
Deficiencies
2.
2.Other
OtherNew
NewAuditing
AuditingStandards
Standards
3.
3.Potential
PotentialImpact
Impacton
onAudits
Audits
SAS Agenda
• SAS 112 – Communicating Internal Control
• SAS 103 – Audit Documentation
• SAS 114 – Communication with Those
Charged with Governance
• SAS 104 to 111 – Audit Risk Standards
Statements on Auditing Standards
(SAS)
• Issued by the Auditing Standards Board of
the AICPA
• Apply to all industries, including state and
local governments
• Deal with the way audits are conducted,
not accounting issues
SAS 112 Communicating Internal
Control Related Matters in an Audit
• Effective for audits of December 31, 2006,
and beyond
• New definitions for internal control
weaknesses
• New reporting requirements of control
deficiencies
• Auditors will need to evaluate deficiencies
and their impact
Auditor’s Responsibility
• If during the audit a control deficiency is
identified, the auditor must communicate
to the entity in writing
• Not responsible
– To perform procedures to identify deficiencies
in internal control over financial reporting
– To express an opinion on the effectiveness of
the entity’s internal controls over financial
reporting
Definition
• Internal Control over Financial Reporting –
a process effected by those charged with
governance, management, and other
personnel designed to provide reasonable
assurance about the achievement of the
entity’s objectives with regard to the
reliability of financial reporting,
effectiveness and efficiency of operations,
and compliance with applicable laws and
regulations
New Definitions
• Control deficiency
• Significant deficiency
• Material weakness
Control Deficiency
• A control deficiency exists when the
design or operation of a control does not
allow management or employees, in the
normal course of performing their
assigned functions, to prevent or detect
misstatements of the financial statements
in a timely manner
Significant Deficiency
• A significant deficiency is a control deficiency or
combination of control deficiencies, that
adversely affects the entity’s ability to initiate,
authorize, record, process, or report financial
data reliably in accordance with generally
accepted accounting principles such that there is
more than a remote likelihood that a
misstatement of the entity’s financial statements
that is more than inconsequential will not be
prevented or detected.
Material Weakness
• A material weakness is a significant
deficiency, or combination of significant
deficiencies, that results in more than a
remote likelihood that a material
misstatement of the financial statements
will not be prevented or detected.
More Definitions
• FASB Statement #5 provides the basis for
the following definitions:
– Probable – likely to occur
– Reasonably possible – more than remote, but
less than likely
– Remote – the chance of occurrence is slight
– More than inconsequential – describes the
magnitude of potential misstatement and
serves as a threshold for determining a
significant deficiency.
Evaluating Control Deficiencies
• Evaluate to determine if significant or
material weakness.
• Significance depends on the potential for
misstatement not on whether a
misstatement has occurred.
• Auditor considers the mitigating effect of
compensating controls that limit the
severity
• Compensating controls do not eliminate
control deficiencies.
At Least Significant Deficiencies
• Deficiencies in the following areas are at
least significant deficiencies:
– Control over the selection and application of
accounting principles
– Antifraud programs and controls
– Controls over non-routine and nonsystematic
transactions
– Controls over the year end financial reporting
process
Strong Indicators of Material
Weaknesses
• The following are at least significant
deficiencies and a strong indicator of a
material weakness:
– Ineffective oversight of the entity’s financial
reporting and internal control by those
charged with governance
– Restatement (correction of an error) of
previously issued financial statements
– Identification of fraud of any magnitude on the
part of senior management
Strong Indicators of Material
Weaknesses
• The following are at least significant deficiencies
and a strong indicator of a material weakness:
(Continued)
– Failure by management or those charged with
governance to assess the effect of a significant
deficiency previously communicated to them and
either correct it or conclude that it will not be
corrected.
– An ineffective control environment.
– Identification by the auditor of a material
misstatement in the financial statements for the
period under audit that was not initially identified by
the entity’s internal control.
Factors Auditor Considers
• Two factors considered when evaluating
control deficiencies:
– Likelihood
– Magnitude
Likelihood
• Refers to the probability that a control, or
combination of controls, could have failed
to prevent or detect a misstatement in the
financial statements being audited.
• If in the auditor’s judgment, it is
reasonably possible that a misstatement
could have occurred because of a missing
control, than the likelihood is more than
remote.
Magnitude
• Refers to the extent of the misstatement
that could have occurred or actually did
occur.
• The magnitude of the misstatement or
potential misstatement may be
inconsequential, more than
inconsequential, but less than material, or
material.
Likelihood and Magnitude
Magnitude of
Misstatement That
Occurred or Could have
Occurred
Quantitatively or qualitatively
material
Likelihood of Misstatement
More than
remote
Material weakness
Remote
Control deficiency, but
not a significant
deficiency or a
material weakness
More than inconsequential, but less Significant deficiency,
than material
but not a material
weakness
Control deficiency, but
not a significant
deficiency or a
material weakness
Inconsequential
(i.e. clearly immaterial)
Control deficiency, but
not a significant
deficiency or a
material weakness
Control deficiency, but
not a significant
deficiency or a material
weakness
Prudent Official Test
• In evaluating the significance of a
deficiency, the last step in the auditor’s
evaluation is to conclude whether a
prudent official having knowledge of the
same facts and circumstances would
agree with the classification of the
deficiency.
Communicating
• Control deficiencies considered significant
deficiencies or material weaknesses must
be communicated in writing to
management and those charged with
governance, including previous comments
that have not been resolved. (The
auditor’s responsibility to communicate
significant deficiencies and material
weaknesses exists regardless of
management’s decisions.)
Communicating
• The written communication is best made
by the report (auditor’s opinion on the
financial statements) release date, but
should be made no later than 60 days
following the opinion date.
• The auditor should not issue a written
communication stating that no significant
deficiencies were identified during the
audit, because of the potential for
misinterpretation.
Management’s Responses
• Management may want to include their
responses to the auditor’s communication
containing significant deficiencies and/or
material weaknesses.
– OSA has had as a standard option
• If responses included, auditor will add a
paragraph disclaiming an opinion on the
responses.
Auditor’s Communication
• The written communication should include:
– Purpose of the audit is to express an opinion on the
financial statements and not to opine on the
effectiveness of internal control over financial
reporting
– State that the auditor is not expressing an opinion on
internal control
– Define the terms significant deficiency and material
weakness
– Identify which matters are significant deficiencies and
which are material weaknesses
– Indicate the restricted use of the document by
management and those charged with governance
SAS 112 Issues
• Only the entity’s management or personnel can correct
control deficiencies
• External auditors cannot be part of the internal control
over financial reporting
– Lose independence
– GAO—next project is revising independence Q&A, especially
question of whether preparation of financial statements by the
auditor impairs the auditor’s independence.
• Even if the auditor communicated significant deficiencies
and material weaknesses in previous years, as long as
those deficiencies continue to exist, the auditor must
continue to communicate them
SAS 112 Issues
• Those charged with governance may need to obtain
training on understanding financial statements
– State Auditor’s Office will be offering training
• May need to consider hiring a firm to prepare financial
statements
• Auditor may still issue unqualified (clean) opinion even if
material weaknesses in internal control exist.
• Could impact the amount of testing required for the
Single Audit
– Likelihood for more reported deficiencies means fewer entities
will be low risk auditees
– SAS 112 has been incorporated into both Government Auditing
Standards and OMB A-133
Additional Information
• What is “SAS 112”?
• OSA Website – www.auditor.state.mn.us
• “Educational Materials”
SAS 103 –Audit Documentation
• Currently effective
• Various requirements related to documentation
– Sufficiently detailed
– What should be documented
– Oral explanations not sufficient
• Auditor’s Report (Opinion date)
– Eliminates end of fieldwork
– New date is when auditor has obtained sufficient
appropriate evidence to support opinion
• Implications regarding timing of letters from auditee
Sufficient Audit Evidence
• Audit documentation should be reviewed
• Final statements, including notes and
management’s discussion and analysis
(MD&A) have been prepared
• Management has taken responsibility for
financial statements
– Management representation letter
Implications to Auditee
• Shortens the time frame between opinion date
and release date
– Release date is when report is sent
• Puts some time constraints on final procedures
– Client rep letter should be dated the same date as
opinion
– Attorney letters may require updating
– Shorter amount of time to submit responses to
findings
• May require additional procedures for
subsequent events
SAS 114 – The Auditor’s
Communication with Those Charged
with Governance
• Effective for audits of December 31, 2007,
and beyond
• Defines those charged with governance
and management
• Communications between auditor and
auditee during the conduct of the audit
• Follow up to SAS 112
Definitions
• Those with the Power of Governance – the persons with
responsibility for overseeing the strategic direction of the
entity and obligations related to the accountability of the
entity. This includes overseeing the financial reporting
process.
• Management – the persons responsible for achieving the
objectives of the entity and who have the authority to
establish policies and make decisions by which those
objectives are to be pursued. Management is
responsible for the financial statements, including
designing, implementing, and maintaining effective
internal control over financial reporting.
Auditor’s Responsibility
• Need to identify those charged with
governance; could be a subgroup such as
an audit committee
• If not clearly identified, agreement must be
reached
• Identify the matters to be communicated
• Evaluate the effectiveness of
communication
Purpose of Communication
• Communicate the responsibilities of the auditor
in relation to the financial statement audit (an
overview of the scope and timing of the audit)
• Obtain from those charged with governance
information relevant to the audit
• Provide timely observations arising from the
audit that are relevant to their responsibility in
overseeing the financial reporting process
(significant findings from the audit)
• Communications regarding significant findings
are generally in writing.
Matters Communicated
• How the auditor proposes to address
significant risks due to fraud or error
• The auditor’s approach relating to internal
control
• The concept of materiality
• The extent of reliance on an internal audit
effort
SAS 114 Issue
• Ineffective oversight of the entity’s
financial reporting and internal control by
those charged with governance is an
indicator of a control deficiency that should
be regarded as at least a significant
deficiency and a strong indicator of a
material weakness in internal control.
– Audit communication process is part of the
oversight
SAS 114 Issue
• If auditor believes the two-way
communication is inadequate, he/she
should consider:
– Modifying the auditor’s opinion on the basis of
a scope limitation
– Obtaining legal advice about the
consequences of different courses of action
– Withdrawing from the engagement
Risk-Based Set of Audit Standards
SAS
109
SAS
110
SAS
111
Risk
Assessment
Standards
SAS
106
SAS
104
SAS
105
SAS
108
SAS
107
SAS 104-108
• SAS 104 – Amendment to Statement on
Auditing Standards No.1, Codification of Auditing
Standards and Procedures (“Due Professional
Care in Performance of Work”)
• SAS 105 – Amendment to Statement on
Auditing Standards No. 95, Generally Accepted
Auditing Standards
• SAS 106 – Audit Evidence
• SAS 107 – Audit Risk and Materiality in
Conducting an Audit
• SAS 108 – Planning and Supervision
SAS 109-111
• SAS 109 – Understanding the Entity and
its Environment and Assessing the Risks
of Material Misstatements
• SAS 110 – Performing Audit Procedures in
Response to Assessed Risks in Evaluating
the Audit Evidence Obtained
• SAS 111 – Amendment to Statement of
Auditing Standards No. 39 Audit Sampling
Objectives of Standards
• More in-depth understanding of the entity and its
environment, including its internal control, to
identify the risks of material misstatement in the
financial statements and what the entity is doing
to mitigate them
• More rigorous assessment of the risks of
material misstatement of the financial
statements based on that understanding
• Improved linkage between the assessed risks
and the nature, timing, and extent of audit
procedures performed in response to those risks
Implications to Auditees
• Could impact level and type of audit
procedures required
– However, may balance out
• Riskier areas more coverage vs. less risky areas
receiving less coverage
• OSA has starting implementing some
requirements in 2006 audits
Effective Years for Audits of
2006
2006 Financials
Financials
SAS 103
SAS 112
SAS 113 ¶
1-6
2007
2007 Financials
Financials
SAS 104111
SAS 114
SAS 113
¶ 7-14
2008
2008 Financials
Financials
Nothing
Yet, but
give it
time
Summary of New Audit Standards
•
SAS 103
– New documentation requirements
– New report date may impose time constraints
•
SAS 112
– New definitions on control deficiencies
– Increased likelihood of reported items
– Required communication in writing
•
SAS 114
– Defines those charged with governance and management
– Defines the audit communication process
•
SASs 104-111
– Define the audit process
– Risk effects that nature, timing and extent of procedures
– Expectations are that riskier audit environment requires additional procedures
•
SAS 113 – Omnibus 2006
– Cleans up other audit standards because of the language and changes of above
new standards
Contact Information
• Greg Hierlinger
– Greg.Hierlinger@state.mn.us
– (651) 296-7003
• David Kenney
– David.Kenney@state.mn.us
– (651) 297-3671
Related documents
IET Virtual Computer Lab SAS 9.3
IET Virtual Computer Lab SAS 9.3
2011-03 - North Carolina State Treasurer
2011-03 - North Carolina State Treasurer
Using SAS and JMP to check if x and y ~ N
Using SAS and JMP to check if x and y ~ N
State of...Examples of Control Deficiencies
State of...Examples of Control Deficiencies
STATEMENT ON AUDITING STANDARDS No. 104—No. 111 RISK
STATEMENT ON AUDITING STANDARDS No. 104—No. 111 RISK
Chapter 9
Chapter 9
Senior / Principal Statistical Programmer
Senior / Principal Statistical Programmer
Certificate
Certificate
Download
advertisement