The Effects of SAS No. 112
advertisement
The Effects of SAS No. 112 By WALDA WILDMAN CPA Effective Now SAS 102 – Defining Professional Requirements SAS 103 – Audit Documentation SAS 112 – Communicating Internal Control Matters Identified in an Audit 1 For Audits of Financial Statements for Years Beginning on or After 12/15/06 104 – Due Professional Care 105 - GAAS 106 - Audit Evidence 107 – Audit Risk and Materiality 108 – Planning and Supervision 109 – Understanding the Entity and Its Environment and Assessing Risks of Material Misstatement 110 – Performing Audit Procedures in Response to Assessed Risks and Evaluating Audit Evidence Obtained 111- Audit Sampling Two Categories of Professional Requirements (SAS 102) Unconditional – indicated by “must” or “is required to” Presumptively mandatory Indicated by “should” Rare departures Document sufficient alternative work 2 Audit Report Date (SAS 103) Should not be dated earlier than date on which sufficient appropriate evidence has been collected, including Evidence that audit documentation has been reviewed, and Management has asserted responsibility for the financial statements Cost of Evidence (SAS 106) Old standard: Cost and difficulty not by themselves valid basis for omitting New standard: Cost and difficulty not valid for omitting a procedure for which there is no appropriate alternative 3 Old Assertions Existence Completeness Valuation Rights and Obligations Presentation and Disclosure New Assertions (SAS 106) A. Assertions about classes of transactions and events 1. Occurrence 2. Completeness 3. Accuracy 4. Cutoff 5. Classification B. Assertions about account balances at period end 6. Existence 7. Rights and obligations 8. Completeness 9. Valuation and allocation C. Assertions about presentation and disclosure 10. Occurrence and rights and obligations 11. Completeness 12. Classification and understandabiltiy 13. Accuracy and valuation 4 Risk Assessment (SAS 106) Determine relevance of each assertion for each significant Class of transactions Account balance Presentation and disclosure Use relevant assertions in sufficient detail to assess risk of material misstatement and design additional procedures Required Procedures (SAS 106) Risk assessment Understanding of ENTITY AND ITS ENVIRONMENT Includes understanding of internal control At relevant assertion level More in SAS 109 Test controls if you expect they work and you will rely on them and when substantive procedures aren’t enough Substantive procedures (more in SAS 110) 5 Discussion Among Audit Team (SAS 109) Discuss susceptibility of financials to material misstatement so staff Better understands possible misstatements Understands how their work impacts other work being done Similar to requirement in fraud standard Must include auditor with final responsibility In General… Lots more detail Clarity regarding what is required Lots more checklists Link audit procedures to risk assessment Clients should prepare financial statements Lots more management letter findings 6 What is SAS No. 112? Statement on Auditing Standards (SAS) No. 112, Communication of Internal Control Related Matters Identified in an Audit Supersedes SAS No. 60 Establishes standards and provides guidance on communicating matters related to an entity's internal control over financial reporting identified in an audit of financial statements Overview of SAS 112 Replaces “Reportable Condition” with “Significant Deficiency” Requires written communication with “those charged with governance” Provides guidance on severity of deficiencies Based on COSO model of internal control 7 Those Charged With Governance Footnote 5 to paragraph 15, SAS 103 “…person(s) with responsibility for overseeing the strategic directions of the entity and obligations related to the accountability of the entity.” Replaces board of directors and audit committee perhaps to broaden concept to accommodate smaller entities COSO Cube 8 Components of SAS No. 112 The auditor must evaluate identified control deficiencies Then determine whether those deficiencies, individually or in combination, are significant deficiencies or material weaknesses The auditor must communicate, in writing, significant deficiencies and material weaknesses to management and those charged with governance Types Deficiencies Control Deficiency: “design or operation of a control does not allow management or employees, in normal course of performing duties, to prevent or detect misstatements on a timely basis” Design Deficiency: improperly designed or missing control Deficiency in Operation: properly designed control isn’t working as planned or person responsible for it isn’t properly trained or hasn’t been granted adequate authority 9 Significant Deficiency A single deficiency or combination Adversely affects ability to Initiate, authorize, record, process or report financial data In accordance with GAAP “More than remote possibility” “More than inconsequential misstatement” Reasonable person wouldn’t consider the misstatement material taking into account other possible misstatements Would not be prevented or detected Significant Deficiencies SAS 112 identifies areas in which deficiencies ordinarily are considered to be at least significant deficiencies and the two that are most likely to occur are: Controls over the selection and application of accounting principles in conformity with GAAP Controls over the period-end financial reporting process Includes controls over procedures for entering totals into the General Ledger; initiating, authorizing, recording, and processing journal entries into the General Ledger; and recording recurring and nonrecurring adjustments to the financial statements 10 Material Weakness One or more significant deficiencies “More than a remote likelihood” Same as definition in FASB No. 5 on loss contingencies = “slight”; remotely possible “Material misstatement of financial statements will not be prevented or detected” Material Weaknesses SAS 112 identifies indicators of deficiencies that are at least significant deficiencies and strong indicators of a material weakness and the two that are most likely to occur are: Ineffective oversight of financial reporting and internal control by those charged with governance Identification by the auditor of a material misstatement in financial statements not initially identified by the entity’s internal control 11 Examples of deficiencies Inadequate design of internal control over preparation of financial statements Insufficient control consciousness Lack of segregation of duties Lack of IT controls Staff who lack qualifications and training to do their jobs Inadequate monitoring of controls Lack of timely information Failure to reconcile accounts Controls over non-routine transactions and period end process Fraud on the part of management Significant deficiency or material weakness? Potential for misstatement not actual misstatement Interaction with other controls Possible consequences of deficiency Complexity of accounts or estimates to which control applies Possible mitigating effects 12 An Illustrative Example - #1 You have requested that we perform the functions necessary to prepare your financial statements since you do not have the resources with the adequate knowledge to prepare your organization’s financial statements according to generally accepted accounting principles 13 An Illustrative Example - #2 The controller asks the auditor to calculate the year-end depreciation adjustment and gain or loss on sale adjustment The adjustment is a material adjustment The controller did not have the skill to determine the adjustment An Illustrative Example - #3 The bookkeeper, who maintains the company’s general ledger, is unable to record the investments and related investment activity because he does not understand the broker’s statement. 14 Evaluating the Illustrations These illustrations may be control deficiencies As the auditor, we would then determine the likelihood and magnitude of a mis-statement to determine if it is a significient deficiency or material weakness These are only three of many examples of potential control deficiencies and are intended to be for illustrative purposes only and not comprehensive or specific to your client audits Communicating Deficiencies As the auditor, we are only required to communicate in writing those control deficiencies we identify during the audit and determine to be significant deficiencies or material weaknesses We will include significant deficiencies or material weaknesses we may identify during this audit that we may have previously communicated, whether verbally or in writing, that are not yet remedied 15 Impact on Your Audit What’s changing in your audit engagement is that we’ll be: Evaluating identified control deficiencies during the audit to determine if they are significant deficiencies or material weaknesses Communicating significant deficiencies or material weaknesses in writing to management and those charged with governance Potentially requesting additional information from you as we evaluate identified control deficiencies Must address status of prior year findings 16 Evaluating Options (per AICPA) As a result of your audit, you may wish to have us help you: Educate your management team and those charged with governance on internal controls as it relates to your organization’s financial reporting Help you understand the costs and benefits of implementing appropriate controls Assist in testing current controls or developing and implementing appropriate controls for clients Engagement Scope and Fees (per AICPA) As a result of the potential time it will take to evaluate whether control deficiencies are significant deficiencies or material weaknesses and communicating those in writing, our audit fees may increase We will communicate any changes in fees to you as we become aware of them 17
