Add to collection(s) Add to saved
  1. Business
  2. Management

Client Communication on Deficiencies

advertisement 
Communication Regarding Material Weaknesses and Significant Deficiencies (Adapted from SAS
No. 115)
Your Firm’s Logo
Date
Client Organization
Client Contact
Address
City, State and Zip
Dear Client Contact:
We appreciate the opportunity to have conducted your audit this year. As previously discussed, we are writing
to you to communicate deficiencies in internal control that we identified during the audit of your financial
statements that we determined to be significant deficiencies or material weaknesses. This communication is a
requirement of Statement on Auditing Standards (SAS) No. 115, Communicating Internal Control Related Matters
Identified in an Audit, which supersedes SAS No. 112 of the same name. SAS No. 115 applies to audits of
financial statements for periods ending on or after December 15, 2009. As we previously discussed, early
implementation of SAS No. 115 is permitted and we will be implementing SAS No. 115 in the audit of your
financial statements this year.
In planning and performing our audit of your financial statements for the period ending Month XX, 20XX, we
considered your internal control over financial reporting (internal control) as a basis for designing our auditing
procedures, in accordance with generally accepted auditing standards (GAAS). We did this for the purpose of
expressing our opinion on the financial statements, but not for the purpose of expressing an opinion on the
effectiveness of ABC Company’s (Company) internal control. Accordingly, as a part of your audit, we are not
expressing an opinion on the effectiveness of the Company’s internal control.
Our consideration of internal control was for the limited purpose of conducting your organization’s audit and
would not necessarily identify all deficiencies in internal control that might be considered material weaknesses
{or significant deficiencies}. However, we did identify certain deficiencies in internal control that we consider to
be material weaknesses [and other deficiencies that we consider to be significant deficiencies] that are discussed below.
A deficiency in internal control exists when the design or operation of a control does not allow management or
employees, in the normal course of performing their assigned functions, to prevent, or detect, and correct
misstatements on a timely basis. It is important to note that control deficiencies are problems that you will not
necessarily choose to address; however, they do represent potential risks. Our job as your financial statement
auditor is to make you aware of and assist you in understanding these material weaknesses [and significant
deficiencies], assist you in understanding them, and thereby enable you to make informed business decisions
about how best to respond to the potential risks. In this year’s audit, we identified the following:
Materials Weaknesses
A material weakness is a deficiency, or a combination of deficiencies, in internal control, such that there is a
reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or
detected and corrected on a timely basis. We believe that the following deficiencies constitute material
weaknesses:
[Describe the material weaknesses that were identified]
Communication Regarding Material Weaknesses and Significant Deficiencies (Adapted from SAS
No. 115)
Significant Deficiencies
A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than
a material weakness, yet important enough to merit attention by those charged with governance. We consider
the following deficiencies to be significant deficiencies in internal control:
[Describe the significant deficiencies that were identified.
[Examples of circumstances that may be deficiencies, significant deficiencies, or material weaknesses are presented in
Exhibit B of SAS No. 115. Examples of significant deficiencies and material weaknesses are presented in the AICPA Risk
Alert, Communicating Internal Control Related Matters in an Audit – Understanding SAS No. 115.]
This written communication related to the material weaknesses [and significant deficiencies] identified during this
year’s audit is intended solely for the information of and use by management of ABC Company, those charged
with the Company’s governance, others you deem appropriate within your organization, and any governmental
authorities that require you to submit this information. It is not intended for use by anyone other than these
specified parties. {You may identify the body or individuals charged with governance or any specified
governmental authorities.}
We are available to answer any questions you may have related to the [material weaknesses] [significant
deficiencies] we identified during your audit or to discuss the benefits and associated costs of options for
remedying them, if you would like to do so. If you wish to set up a meeting to discuss this communication or
your organization’s internal control, please feel free to contact me at insert your contact information here.
We appreciate the opportunity to have conducted your organization’s audit.
Sincerely,
Name
Audit Partner or Managing Partner
Communication Regarding Material Weaknesses and Significant Deficiencies (Adapted from SAS
No. 115)
Examples of Significant Deficiencies and Material Weaknesses
The following descriptions of material weaknesses and significant deficiencies are illustrative and are intended to provide
examples of what you may find in your client audits. They are not intended to be used verbatim as each client situation will
be unique. Once you identify any control deficiencies, you will need to evaluate them based on the parameters outlined in
SAS No. 115 to determine if they are significant deficiencies or material weaknesses, and then list them under the
appropriate sections of the communication. The findings you include in your communication will need to be specific to the
organization you are auditing.
1 - Material weakness regarding the design of controls over the preparation of financial statements:
The Committee of Sponsoring Organizations (COSO) framework for effective internal control over financial reporting
involves the identification and analysis of the risks of material misstatement of the company’s audited financial statements.
Management of ABC Company is responsible for determining how those identified risks should be managed. However,
management has not identified risks related to the preparation of reliable financial statements and as a result has failed to
design effective controls over the preparation of the financial statements to prevent or detect and correct material
misstatements of the financial statements, including footnote disclosures.
1a – Material weakness regarding the operation of controls over the preparation of financial statements
The COSO framework for effective internal control over financial reporting states that management should select and
develop control activities that mitigate risks to the achievement of financial reporting objectives; which include
appropriate financial statement disclosures required by generally accepted accounting principles (GAAP). ABC
Company’s policies and procedures require that the drafted financial statements be reviewed and compared to a current
GAAP checklist to evaluate whether the financial statements are reliable and in accordance with GAAP. This year, these
procedures were performed by an employee of ABC Company who did not have current GAAP knowledge. As a result, we
identified material disclosure and classification misstatements that were not prevented or detected and corrected by
management prior to our audit.
2 - Material weakness related to the design of controls over accounting for fixed assets and leases (this could apply to
controls over estimates as well)
The COSO framework for effective internal control over financial reporting involves the identification and analysis of the
risks of material misstatement of the company’s financial statements. Management has not identified or analyzed financial
reporting risks in the area of fixed assets and lease accounting and as a result has failed to design effective controls over the
accounting for fixed assets and leases to prevent or detect, and correct material misstatements of the financial statements.
3 – Significant deficiency related to a lack of segregation of duties – design deficiency
The COSO framework for effective internal control over financial reporting indicates that, to the extent possible, no single
individual should have control over two or more phases of a transaction or operation. Assigning different people the
responsibilities of authorizing transactions, recording transactions, and maintaining custody of assets is intended to reduce
the opportunities for any one person to be in a position to both perpetrate and conceal errors or fraud in the normal course
of his or her duties. In the course of our audit we noted that the employee who opens the mail containing cash receipts also
makes bank deposits, records these payments, and reconciles the bank account. Management has not separated
incompatible activities of company personnel, thereby creating risks to the safeguarding of cash.
4 – Significant deficiency related to controls over the preparation and review of bank reconciliation – operating
effectiveness
Communication Regarding Material Weaknesses and Significant Deficiencies (Adapted from SAS
No. 115)
The COSO framework for effective internal control over financial reporting states that control activities relating to reliable
financial reporting should be established and communicated to personnel throughout the organization with corresponding
procedures established to ensure that these control activities are operating effectively, resulting in management directives
being carried out. Although ABC Company has established procedures and controls related to bank reconciliations, we
found that these procedures and controls are not being followed. As a result, material misstatements of the cash account
and the misappropriation of cash may occur and not be prevented or detected and corrected on a timely basis.
5- Material weakness regarding monitoring of controls – design deficiency
The COSO framework for effective internal control over financial reporting states that monitoring should be performed to
assess the quality of the company’s system of internal control. Management has not performed either ongoing or separate
evaluations of the Company’s internal control. As a result, the company’s controls may not be designed or operating
effectively to provide reasonable assurance that controls will prevent or detect and correct material misstatements in a
timely manner. Additionally, management has not established a process to identify or communicate corrective actions to
improve controls.
DISCLAIMER: This publication has not been approved, disapproved or otherwise acted upon by any senior
technical committees of, and does not represent an official position of, the American Institute of Certified Public
Accountants. It is distributed with the understanding that the contributing authors and editors, and the
Communication Regarding Material Weaknesses and Significant Deficiencies (Adapted from SAS
No. 115)
publisher, are not rendering legal, accounting, or other professional services in this publication. If legal advice
or other expert assistance is required, the services of a competent professional should be sought.
Related documents
LIAISON REPORT - Story County ASSET
LIAISON REPORT - Story County ASSET
No:009/2014 Deficiencies / Observations found during MLC
No:009/2014 Deficiencies / Observations found during MLC
Exam 4 Questions Team E
Exam 4 Questions Team E
Sample Internal Control Deficiencies
Sample Internal Control Deficiencies
Handout - Reading Horizons
Handout - Reading Horizons
Finance & Investment Day-Audit Panel
Finance & Investment Day-Audit Panel
RB 230212 learning from gmp inspections
RB 230212 learning from gmp inspections
Download
advertisement