SlideShare a Scribd company logo

SAS 112 What's it all about? - Understanding internal control deficiencies

H
himetro

This document provides an overview and examples of SAS 112, which establishes requirements for communicating internal control deficiencies identified during an audit. It defines key terms like control deficiency, significant deficiency, and material weakness. It discusses how auditors evaluate the severity of control deficiencies based on factors like potential misstatement, likelihood, and magnitude. Examples are provided of common control deficiencies as well as indicators of material weaknesses. Methods for strengthening internal controls over areas like cash, payroll, purchases are also outlined.

TechnologyBusiness
1 of 66
SAS 112 What’s it all about? Communicating Internal Control Related Matters Identified in an Audit Effective audit years ending after 12/15/06
The Auditing Relationship This is what I send to audit clients every year after the audit is complete. 2 www.metrometro.com
Metro Metro & Associates We are auditors of small nonprofits 7 Senior staff Olney, Maryland Love the summer work 3 www.metrometro.com
4 www.metrometro.com
Objectives Define SAS 112 (Boring) Explain SAS 112, the nuts and bolts – Lots of examples Raise awareness within your organization What will the auditors’ areas of concern be? – Get the answers to the test before the test – All of these points are available on the internet, through – books, consultants, etc. Don’t reinvent the wheel when presenting to your organization. Google “SAS 112 summary” Reduce your audit fees 5 www.metrometro.com
Sas 112 - What does it do? SAS 112 provides guidance to enhance your ability to identify and evaluate control deficiencies during an audit and then communicate to management and those charged with governance those deficiencies that you believe are significant deficiencies or material weaknesses. 6 www.metrometro.com
What does it really do? defines the terms quot;significant deficiencyquot; and quot;material weaknessquot; provides guidance on evaluating the severity of control deficiencies identified in an audit of financial statements; and requires the auditor to communicate, in writing, to management and those charged with governance (e.g., Board of Directors), significant deficiencies and material weaknesses identified in an audit 7 www.metrometro.com
Two Unconditional Requirements The auditor must evaluate identified 1. control deficiencies and determine whether those deficiencies, individually or in combination, are significant deficiencies or material weaknesses. and… 8 www.metrometro.com
Two Unconditional Requirements 2. The auditor must communicate, in writing, significant deficiencies and material weaknesses to management and those charged with governance. Including those found in prior audits but not yet fixed. 9 www.metrometro.com
What is an Internal Control The accounting profession, collaborating in a body known as COSO (Committee on Sponsoring Organizations) has adopted a definition of internal controls: A process, effected by the entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Reliability of financial reporting – Effectiveness and efficiency of operations – Compliance with applicable laws and regulations – 10 www.metrometro.com
Reliability of financial reporting … refers to the published financial statements. While this is primarily the responsibility of an organization’s accounting group, all transactions within the organization are affected since transactions and financial results emanate from all activities of an organization. 11 www.metrometro.com
Operations and Compliance The other two bullets (Operations and Compliance) also have significance for all organization activities. Within any department or organization, the goals of internal controls are: To control the financial, operational and managerial activities of a – department To comply with federal, state and local laws, rules and regulations – and organization policies To prevent fraud – To highlight positive and negative aspects of an operation or – function To alert management and other concerned parties of relevant – required courses of action 12 www.metrometro.com
The Meat of SAS 112 Definition 1 – Control Deficiency When the design or implementation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis. Two categories: Design Deficiency – Operation Deficiency – 13 www.metrometro.com
Definition 2 – Significant Deficiency A significant deficiency is a control deficiency, or combination of control deficiencies, that adversely affects the entity’s ability to initiate, authorize, record, process, or report financial data reliably in accordance with GAAP such that there is more than a remote likelihood that a misstatement of the entity’s financial statements that is more than inconsequential will not be prevented or detected. 14 www.metrometro.com
Definition 3 – Material Weakness A material weakness is a significant deficiency, or combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement of the financial statements will not be prevented or detected. 15 www.metrometro.com
HOW DO WE DETERMINE SEVERITY? 16 www.metrometro.com
Evaluation of a Control Deficiency (3 considerations) Potential for misstatement - Not just “did” it occur, but “will” it occur. Likelihood – probability that a misstatement will occur. “reasonably possible” Magnitude – extent of the misstatement that could occur. 17 www.metrometro.com
Magnitude Inconsequential More than inconsequential Material 18 www.metrometro.com
“Prudent Official” Test When evaluating the significance of a deficiency, auditors are to step back and consider whether a prudent official with the same knowledge of the situation would agree with our classification of the deficiency. 19 www.metrometro.com
Form and Timing of Communication Significant deficiencies and material weaknesses must be communicated in writing within 60 days from the issuance of the report to management AND those charged with – governance. If communicated last year but not fixed, – communicate again. 20 www.metrometro.com
EXAMPLES We’ll tackle some general and specific examples of control deficiencies, significant deficiencies and material weaknesses. 21 www.metrometro.com
Examples of Control Deficiencies lack of review and reconciliation of departmental expenditures no supervisor signature required on travel expenditure same person able to request and approve an expenditure same person does billing, opens mail, receives and deposits checks same person initiates and approves payroll 22 www.metrometro.com
Case Study One of the most discussed deficiencies is the Auditor preparing the client’s financial statements. Must this be reported as a material weakness in internal control? Under what circumstances can an auditor prepare statements and not have to report a material weakness? Let’s see…. 23 www.metrometro.com
Clients Accountant Is Capable The client’s accountant is capable of preparing the financial statements but is too busy. The auditor knows the accountant is capable because he/she prepared last year and did a good job. Accountant provides adjusted trial balance = Not a control deficiency 24 www.metrometro.com
Clients Accountant is Capable but does less work Similar situation as last slide. This time, accountant does not have enough time to prepare year end closing entries, accruals and adjusted trial balance. Instead, auditor is given the task of preparing accruals, closing entries, draft statements and notes. Accountant will review all entries and auditor prepared documents and trace entries back to source documents… What do you think? Control Deficiency or no? 25 www.metrometro.com
The Old “Professional Judgment” Excuse Although the accountant is capable of doing the work and seems to have controls in place to prevent and detect misstatements it could be argued that the client does not take the closing process seriously. If the preparation of the financial statements is a low priority and this is an annual event, could be a strong indicator of a material weakness. 26 www.metrometro.com
Clients Accountant is Not Capable The staff accountant/bookkeeper is unable to either adjust the trial balance or evaluate the auditors adjustments. Neither the accountant nor anyone else in the organization is capable of evaluating whether the financial statements are fairly presented in accordance with GAAP…. Control Deficiency and Material Weakness 27 www.metrometro.com
Some Slam Dunks (Strong indicator of material weakness) Ineffective oversight by those charged with governance of the entity’s financial reporting and internal control, or an ineffective overall governance structure. Restatement of previously issued financial statements to reflect the correction of a material misstatement. Auditor finds a material misstatement that was not picked up by the internal control system. 28 www.metrometro.com
Slam Dunks An ineffective internal audit function or risk assessment function when such functions are important to the monitoring of internal controls such as for large or complex entities. Identification of fraud of any magnitude on the part of senior management. Failure to assess the effect of a significant deficiency previously communicated. 29 www.metrometro.com
Case Study – Lack of segregation of duties Small Nonprofit 30 www.metrometro.com
Audit Adjustments Q- In reading the definition of significant deficiency and material weakness, it seems that if the auditor discovers material audit adjustments during the audit, there is one or more material weaknesses? True or False 31 www.metrometro.com
Audit Adjustments A - If the auditor discovers a material misstatement and proposes an audit adjustment, then obviously, the client’s system of internal control did not prevent or detect the misstatement. Accordingly, the auditor would have identified a control deficiency that must be evaluated. Since the amount is material, the only remaining question is whether the likelihood is more than remote. If yes, then by definition, there is a material weakness. 32 www.metrometro.com
Audit Adjustment Consideration Q - A client knows there are significant audit issues that need to be addressed in the financial records but does not make adjustments for those issues until he can discuss them with the auditor as to an appropriate resolution during the audit. Once discussed, a significant audit adjustment is then proposed by the auditor and accepted by the company. Would this result in the reporting of a material weakness? 33 www.metrometro.com
Audit Adjustment Consideration A - The fact that a client is aware that there is a financial statement matter that needs attention or clarification indicates that the preparer could be sufficiently knowledgeable about accounting standards. That awareness and follow up is one element of effective internal controls over financial reporting. 34 www.metrometro.com
Clean Opinion? Q - Can the auditor still justify issuing a clean opinion on the financial statements if the client has significant deficiencies or material weaknesses? 35 www.metrometro.com
Clean Opinion? A - Yes, the role of the auditor is to obtain a sufficient understanding of the entity’s internal control sufficient to plan and conduct his or her audit. When there are material weaknesses, the auditor responds to those control risks by adjusting the nature, timing and extent of the audit procedures. 36 www.metrometro.com
Strengthening Internal Control Control Environment Specific Controls 37 www.metrometro.com
Control Environment The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. Control environment factors include the integrity, ethical values and competence of the entity's people; management's philosophy and operating style; the way management assigns authority and responsibility, and organizes and develops its people; and the attention and direction provided by the board of directors. 38 www.metrometro.com
Control Environment Examples Does management communicate to employees its views on business practices and ethical behavior either orally or by example? 39 www.metrometro.com
Control Environment Examples Has the nonprofit organization adopted and communicated to employees and board members a specific policy on conflict of interest that specifies that personnel in a position of trust are not related to each other; employees are prohibited from having business dealings with companies affiliated with, or who act as major customers or suppliers of, the nonprofit organization; transactions with officials of the nonprofit organization are adequately controlled and disclosed in the records; and such transactions occur only in the normal course of business and are approved by the governing board? 40 www.metrometro.com
Control Environment Example Is management satisfied that all employees are honest? Does management consider the competence levels that are necessary for various jobs and the skills and knowledge that are required for reliable accounting and financial reporting. Do human resource policies and practices include background and reference checks for new employees, adequate training, and regular performance evaluations, especially for accounting and IT personnel? 41 www.metrometro.com
Cash Controls Mail is opened and a list of daily receipts is prepared by two or more people independent of the cashier and accounts receivable bookkeeping. Cash receipts from special events are counted by at least two people and no more than one volunteer. A separate imprest payroll bank account is used. 42 www.metrometro.com
Cash Controls Checks are not to be returned to the preparer after signing. Stale checks are followed up on periodically by individuals independent of accounts payable and cash disbursement functions. Collectors issue prenumbered receipts for canister collections and the contents are counted in the presence of two persons. Prenumbered bid sheets from silent auctions are reconciled to cash receipts. 43 www.metrometro.com
Cash Controls Bank accounts are reconciled by individuals independent of cash receipts and disbursements functions. Checks are prepared only after proper matching of supporting documentation (vendor’s invoice, receiving report, purchase order, etc.). How does all of this relate to online bill pay? We hardly write any checks in our office. Soon we won’t write checks or receive checks. 44 www.metrometro.com
Payroll Controls There is restricted access to: Blank payroll checks – Mechanical check signers or signature plates (if – used) Personnel records – Payroll computer files used to calculate payroll – 45 www.metrometro.com
Payroll controls when using outside service If payroll is processed by an outside service organization, procedures are in place to ensure that: Time records submitted for processing are complete and – accurate and appropriate control totals are maintained for subsequent reconciliation to payroll registers. All other payroll information provided to the service – organization (pay rates, withholdings, etc.) is authorized, and all authorized information is communicated. Payroll registers produced by the service organization are – reviewed after processing, reconciled to control totals, and approved prior to distribution of paychecks. Total of paychecks and/or direct deposits agrees with – payroll registers. 46 www.metrometro.com
Controls over purchases and payables A current purchasing manual defines restrictions on purchases of goods or services from governing board members, employees, or other suppliers that would create a conflict of interest. (Related party) Program managers periodically compare actual expenses to budgeted expenses and investigate unanticipated variances. 47 www.metrometro.com
Controls over purchases and payables There is an approved vendors list. The appropriate level of management or another appropriate person periodically compares actual expenditures to budgeted expenditures and follows up on significant variances. 48 www.metrometro.com
Controls over donated materials, facilities and services The organization has established procedures for the supervision of volunteers. The organization maintains time sheets or other records to substantiate the date of donated services, nature of the services, and time; and those records are reviewed and approved by responsible personnel. 49 www.metrometro.com
Controls over revenue and receivables The organization publishes the names of donors in its journals, newsletters, programs, etc., and someone independent of accounting investigates complaints of errors or omissions. The organization periodically sends statements to service recipients, members, etc. 50 www.metrometro.com
Controls over revenue and receivables Customer/member/donor complaint follow-up is independent of accounts receivable, bookkeeping, and cash handling. Monthly statements of customer/member accounts are mailed by someone other than the person responsible for accounts receivable bookkeeping. The organization prohibits loans to employees and governing board members. 51 www.metrometro.com
Controls over revenue and receivables Employees with receivable responsibilities are required to take vacations and other employees are required to perform those functions when an employee is absent. The organization uses prenumbered contribution acknowledgement forms. 52 www.metrometro.com
Fraud Assesment Incentives or pressures for management to intentionally misstate the financial statements. The organization is experiencing a shortfall in unrestricted contributions that may create an incentive to use restricted net assets to cover the shortfall. The organization has donors, grantors, or other providers who set up restrictions or conditions based on reported financial statement amounts. 53 www.metrometro.com
Fraud Assessment Conditions that indicate management’s personal net worth may be threatened by the organization’s financial performance, such as: A significant portion of management’s compensation – depends on bonuses, or other incentives, the value of which is dependent on the organization meeting aggressive performance targets (for example, program accomplishments, budget, fund-raising targets, financial position, cash flow, or other financial or operating goals). The organization is experiencing a poor or deteriorating – financial condition and board members or management have personally guaranteed significant debts of the organization. 54 www.metrometro.com
Fraud Assessment The organization engages in significant related-party transactions not in the ordinary course of business. Management fails to effectively define, communicate, implement, support, or enforce the organization’s values or ethics. 55 www.metrometro.com
Communication and enforcement of ethical values Are members of the organization’s governing body (board of directors, board of trustees, committees of the board, etc.) elected to their positions? Is the governing board sufficiently independent from management so that necessary questions are raised? Does the governing board meet in regularly scheduled meetings, and are clear, written minutes kept of all meetings? Does the governing board (or audit committee) hold frequent and timely meetings with the chief financial and/or accounting personnel and external auditors? Does the governing board (or audit committee) approve the appointment of auditors? Does the governing board take an active interest in the financial affairs of the organization and in the reports available to them? Does the governing board include outside members with business experience? Is sufficient information provided to the governing board (or audit committee) in a manner that allows adequate and timely monitoring? Does the governing board (or audit committee) meet with the auditors to discuss the auditor’s report, the communication of internal control related matters, the Single Audit reports (if the organization receives federal awards and is required to have a Single Audit), and other matters related to the audit? 56 www.metrometro.com
Conclusion 57 www.metrometro.com
Take Control - Make Your Audit Easier Make less journal entries - Audit standards require that we review journal entries for unusual activities. The more entries, the longer the audit takes. You can cut down on journal entries by recording bank charges, debits and manual checks as you would any other cash disbursement. Record bank account interest earned like you would a deposit. 58 www.metrometro.com
Take Control - Make Your Audit Easier Be ready for us - Make sure your auditor has provided you with a long Client Assistance List (CAL) or PBC (Provided by Client) list. The longer the better so that you can do the work at your schedule instead of scurrying during the audit fieldwork. Number the list and have a folder, notebook tab, or pile for each number. Impress the auditor, be organized, that's what we're looking for. 59 www.metrometro.com
Take Control - Make Your Audit Easier Be consistent and predictable - We like ordinary and boring. If you have a group of month end journal entries for depreciation, accrued payroll, etc., make them all on one entry that looks the same each month. Keep entries as ordinary and routine as possible. Record deposits the same. Record invoices the same. Make the transactions as easily identifiable as possible. 60 www.metrometro.com
Take Control - Make Your Audit Easier Support, Support, Support - Every transaction requires support. Checks, deposits, journal entries. Be consistent by including the same support on each type of transaction. Make sure every transaction has the required approvals. 61 www.metrometro.com
Take Control - Make Your Audit Easier Document your approval processes and follow them - If a disbursement requires a board signature, make sure it has a board signature. Make sure your approval processes will pass the auditor's tests. 62 www.metrometro.com
Take Control - Make Your Audit Easier Don't turn the audit engagement into an accounting engagement. Get the accounting work done first. Post accruals, depreciation, make sure everything ties in, etc. We don't want to do accounting work at the audit. Auditors like to tick and tie to get comfort that the numbers are right. Every time we have to make an entry, you lose credibility and it takes longer for us to get comfortable. Your auditors don't have to be your accountants, you can hire an accountant to do a monthly or quarterly review so that you'll be more prepared for your audit. 63 www.metrometro.com
Take Control - Make Your Audit Easier Insist on consistency from your audit team. Ask ahead of time, who will be coming. Are they the same auditors as last year? If not, push back a little bit. The more consistency, the less learning curve and the less interruptions. 64 www.metrometro.com
From RSM McGladry Educate your board on the new requirements of SAS No. 112 and the possible findings. Ensure internal controls over financial reporting are formally documented. Monitor and test these internal controls for accuracy on a semi-annual or annual basis. Reconcile the general ledger to the amounts reported in the financial statements (including disclosures) and apply analytical review procedures to the financial statements. Begin taking inventory of your significant controls over your most guarded assets (or financial reporting process) and start documenting those critical aspects of internal controls. Assess your reliance on external auditors to draft your financials. At least for this year, formally designate a person responsible for reviewing and approving the financial statements and design checklists to document this review. 65 www.metrometro.com
Don’t reinvent the wheel – web resources If you want to make a powerpoint presentation on SAS 112 to your organization and/or its board, then google “SAS 112 powerpoint” and several presentations will come up. Communicate, communicate, communicate 66 www.metrometro.com

Recommended

SAS 104-111 for Nonprofit Execs
SAS 104-111 for Nonprofit ExecsSAS 104-111 for Nonprofit Execs
SAS 104-111 for Nonprofit Execshimetro
 
Auditing 304 part3
Auditing 304 part3Auditing 304 part3
Auditing 304 part3Jose Cintron
 
Intergrated Audit
Intergrated AuditIntergrated Audit
Intergrated AuditDarryl Woolley
 
Operational risk & incident reporting
Operational risk & incident reportingOperational risk & incident reporting
Operational risk & incident reportingShivaLeela Choudary
 
The Importance of Internal Controls in Fraud Prevention
The Importance of Internal Controls in Fraud Prevention The Importance of Internal Controls in Fraud Prevention
The Importance of Internal Controls in Fraud Prevention Rea & Associates
 
SOX 404 Power Point
SOX 404 Power PointSOX 404 Power Point
SOX 404 Power PointJim Gremillion Jr
 
Operational risk (by ms.sweta vijuraj)
Operational risk (by ms.sweta vijuraj)Operational risk (by ms.sweta vijuraj)
Operational risk (by ms.sweta vijuraj)Saras Singh
 
Embedding compliance: how to integrate sarbanes-oxley in your projects
Embedding compliance: how to integrate sarbanes-oxley in your projectsEmbedding compliance: how to integrate sarbanes-oxley in your projects
Embedding compliance: how to integrate sarbanes-oxley in your projects3gamma
 

Recommended

SAS 104-111 for Nonprofit Execs
SAS 104-111 for Nonprofit ExecsSAS 104-111 for Nonprofit Execs
SAS 104-111 for Nonprofit Execshimetro
 
Auditing 304 part3
Auditing 304 part3Auditing 304 part3
Auditing 304 part3Jose Cintron
 
Intergrated Audit
Intergrated AuditIntergrated Audit
Intergrated AuditDarryl Woolley
 
Operational risk & incident reporting
Operational risk & incident reportingOperational risk & incident reporting
Operational risk & incident reportingShivaLeela Choudary
 
The Importance of Internal Controls in Fraud Prevention
The Importance of Internal Controls in Fraud Prevention The Importance of Internal Controls in Fraud Prevention
The Importance of Internal Controls in Fraud Prevention Rea & Associates
 
SOX 404 Power Point
SOX 404 Power PointSOX 404 Power Point
SOX 404 Power PointJim Gremillion Jr
 
Operational risk (by ms.sweta vijuraj)
Operational risk (by ms.sweta vijuraj)Operational risk (by ms.sweta vijuraj)
Operational risk (by ms.sweta vijuraj)Saras Singh
 
Embedding compliance: how to integrate sarbanes-oxley in your projects
Embedding compliance: how to integrate sarbanes-oxley in your projectsEmbedding compliance: how to integrate sarbanes-oxley in your projects
Embedding compliance: how to integrate sarbanes-oxley in your projects3gamma
 
Operational Risk Management Under Basel II & Basel III
Operational Risk Management Under Basel II & Basel IIIOperational Risk Management Under Basel II & Basel III
Operational Risk Management Under Basel II & Basel IIIEneni Oduwole
 
InternalControls Article-Baer-Meeusen
InternalControls Article-Baer-MeeusenInternalControls Article-Baer-Meeusen
InternalControls Article-Baer-MeeusenPaul Meeusen
 
Operation Risk Management 03
Operation Risk Management 03Operation Risk Management 03
Operation Risk Management 03Institute of Mgt. and Information Science
 
Audit.planning
Audit.planningAudit.planning
Audit.planningKhalid Aziz
 
Audit Fraud & error p7
Audit Fraud & error p7Audit Fraud & error p7
Audit Fraud & error p7Richard Clarke Academy
 
Audit+risk+risk+chapt+7+&+8
Audit+risk+risk+chapt+7+&+8Audit+risk+risk+chapt+7+&+8
Audit+risk+risk+chapt+7+&+8Gorani & Associates
 
Test of control
Test of controlTest of control
Test of controlVadivelM9
 
Chapter 4
Chapter 4Chapter 4
Chapter 4Nur Dalila Zamri
 
Anti fraud program
Anti fraud programAnti fraud program
Anti fraud programchris75308
 
Outsourcing GIA Accounting whitepaper 2016
Outsourcing GIA Accounting whitepaper 2016Outsourcing GIA Accounting whitepaper 2016
Outsourcing GIA Accounting whitepaper 2016Rich Lawrence
 
Types of audit
Types of auditTypes of audit
Types of auditVadivelM9
 
Crowe AML Model Risk Management Whitepaper
Crowe AML Model Risk Management WhitepaperCrowe AML Model Risk Management Whitepaper
Crowe AML Model Risk Management WhitepaperBrett Rosynek
 
Shilts Fraud Risk Assessment Deck
Shilts Fraud Risk Assessment DeckShilts Fraud Risk Assessment Deck
Shilts Fraud Risk Assessment Deckchris75308
 
Audit Practice Manual ICAEW ICAB - APM
Audit Practice Manual ICAEW ICAB - APMAudit Practice Manual ICAEW ICAB - APM
Audit Practice Manual ICAEW ICAB - APMSazzad Hossain, ITP, MBA, CSCA™
 
June event - Operational risk management - IT Career
June event - Operational risk management - IT CareerJune event - Operational risk management - IT Career
June event - Operational risk management - IT CareerFriends4Growth Group
 
Forensic accounting session
Forensic accounting sessionForensic accounting session
Forensic accounting sessionJim Kaplan CIA CFE
 
Brennan, Niamh [2003] Accounting in crisis: A story of auditing, accounting, ...
Brennan, Niamh [2003] Accounting in crisis: A story of auditing, accounting, ...Brennan, Niamh [2003] Accounting in crisis: A story of auditing, accounting, ...
Brennan, Niamh [2003] Accounting in crisis: A story of auditing, accounting, ...Prof Niamh M. Brennan
 
1209 Auditor Withdrawal
1209 Auditor Withdrawal1209 Auditor Withdrawal
1209 Auditor WithdrawalZowie Murray
 
Binary Scam Watch Monitor | Restriction Of Online Scam
Binary Scam Watch Monitor | Restriction Of Online ScamBinary Scam Watch Monitor | Restriction Of Online Scam
Binary Scam Watch Monitor | Restriction Of Online ScamBinaryScamWatchMonitor
 
11. materiality and audit risk
11. materiality and audit risk11. materiality and audit risk
11. materiality and audit riskSyed Osama Rizvi
 
Anytime, Anywhere Approach To Social Media
Anytime, Anywhere Approach To Social MediaAnytime, Anywhere Approach To Social Media
Anytime, Anywhere Approach To Social Mediaguest8143e
 
01 Symbianosbasics Introducao
01 Symbianosbasics Introducao01 Symbianosbasics Introducao
01 Symbianosbasics IntroducaoTiago Romão
 

More Related Content

What's hot

Operational Risk Management Under Basel II & Basel III
Operational Risk Management Under Basel II & Basel IIIOperational Risk Management Under Basel II & Basel III
Operational Risk Management Under Basel II & Basel IIIEneni Oduwole
 
InternalControls Article-Baer-Meeusen
InternalControls Article-Baer-MeeusenInternalControls Article-Baer-Meeusen
InternalControls Article-Baer-MeeusenPaul Meeusen
 
Test of control
Test of controlTest of control
Test of controlVadivelM9
 
Anti fraud program
Anti fraud programAnti fraud program
Anti fraud programchris75308
 
Outsourcing GIA Accounting whitepaper 2016
Outsourcing GIA Accounting whitepaper 2016Outsourcing GIA Accounting whitepaper 2016
Outsourcing GIA Accounting whitepaper 2016Rich Lawrence
 
Types of audit
Types of auditTypes of audit
Types of auditVadivelM9
 
Crowe AML Model Risk Management Whitepaper
Crowe AML Model Risk Management WhitepaperCrowe AML Model Risk Management Whitepaper
Crowe AML Model Risk Management WhitepaperBrett Rosynek
 
Shilts Fraud Risk Assessment Deck
Shilts Fraud Risk Assessment DeckShilts Fraud Risk Assessment Deck
Shilts Fraud Risk Assessment Deckchris75308
 
June event - Operational risk management - IT Career
June event - Operational risk management - IT CareerJune event - Operational risk management - IT Career
June event - Operational risk management - IT CareerFriends4Growth Group
 
Brennan, Niamh [2003] Accounting in crisis: A story of auditing, accounting, ...
Brennan, Niamh [2003] Accounting in crisis: A story of auditing, accounting, ...Brennan, Niamh [2003] Accounting in crisis: A story of auditing, accounting, ...
Brennan, Niamh [2003] Accounting in crisis: A story of auditing, accounting, ...Prof Niamh M. Brennan
 
1209 Auditor Withdrawal
1209 Auditor Withdrawal1209 Auditor Withdrawal
1209 Auditor WithdrawalZowie Murray
 
Binary Scam Watch Monitor | Restriction Of Online Scam
Binary Scam Watch Monitor | Restriction Of Online ScamBinary Scam Watch Monitor | Restriction Of Online Scam
Binary Scam Watch Monitor | Restriction Of Online ScamBinaryScamWatchMonitor
 
11. materiality and audit risk
11. materiality and audit risk11. materiality and audit risk
11. materiality and audit riskSyed Osama Rizvi
 

What's hot (20)

Operational Risk Management Under Basel II & Basel III
Operational Risk Management Under Basel II & Basel IIIOperational Risk Management Under Basel II & Basel III
Operational Risk Management Under Basel II & Basel III
 
InternalControls Article-Baer-Meeusen
InternalControls Article-Baer-MeeusenInternalControls Article-Baer-Meeusen
InternalControls Article-Baer-Meeusen
 
Operation Risk Management 03
Operation Risk Management 03Operation Risk Management 03
Operation Risk Management 03
 
Audit.planning
Audit.planningAudit.planning
Audit.planning
 
Audit Fraud & error p7
Audit Fraud & error p7Audit Fraud & error p7
Audit Fraud & error p7
 
Audit+risk+risk+chapt+7+&+8
Audit+risk+risk+chapt+7+&+8Audit+risk+risk+chapt+7+&+8
Audit+risk+risk+chapt+7+&+8
 
Test of control
Test of controlTest of control
Test of control
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
 
Anti fraud program
Anti fraud programAnti fraud program
Anti fraud program
 
Outsourcing GIA Accounting whitepaper 2016
Outsourcing GIA Accounting whitepaper 2016Outsourcing GIA Accounting whitepaper 2016
Outsourcing GIA Accounting whitepaper 2016
 
Types of audit
Types of auditTypes of audit
Types of audit
 
Crowe AML Model Risk Management Whitepaper
Crowe AML Model Risk Management WhitepaperCrowe AML Model Risk Management Whitepaper
Crowe AML Model Risk Management Whitepaper
 
Shilts Fraud Risk Assessment Deck
Shilts Fraud Risk Assessment DeckShilts Fraud Risk Assessment Deck
Shilts Fraud Risk Assessment Deck
 
Audit Practice Manual ICAEW ICAB - APM
Audit Practice Manual ICAEW ICAB - APMAudit Practice Manual ICAEW ICAB - APM
Audit Practice Manual ICAEW ICAB - APM
 
June event - Operational risk management - IT Career
June event - Operational risk management - IT CareerJune event - Operational risk management - IT Career
June event - Operational risk management - IT Career
 
Forensic accounting session
Forensic accounting sessionForensic accounting session
Forensic accounting session
 
Brennan, Niamh [2003] Accounting in crisis: A story of auditing, accounting, ...
Brennan, Niamh [2003] Accounting in crisis: A story of auditing, accounting, ...Brennan, Niamh [2003] Accounting in crisis: A story of auditing, accounting, ...
Brennan, Niamh [2003] Accounting in crisis: A story of auditing, accounting, ...
 
1209 Auditor Withdrawal
1209 Auditor Withdrawal1209 Auditor Withdrawal
1209 Auditor Withdrawal
 
Binary Scam Watch Monitor | Restriction Of Online Scam
Binary Scam Watch Monitor | Restriction Of Online ScamBinary Scam Watch Monitor | Restriction Of Online Scam
Binary Scam Watch Monitor | Restriction Of Online Scam
 
11. materiality and audit risk
11. materiality and audit risk11. materiality and audit risk
11. materiality and audit risk
 

Viewers also liked

Anytime, Anywhere Approach To Social Media
Anytime, Anywhere Approach To Social MediaAnytime, Anywhere Approach To Social Media
Anytime, Anywhere Approach To Social Mediaguest8143e
 
01 Symbianosbasics Introducao
01 Symbianosbasics Introducao01 Symbianosbasics Introducao
01 Symbianosbasics IntroducaoTiago Romão
 
Sas 104 111 Impact On Auditors
Sas 104 111 Impact On Auditors Sas 104 111 Impact On Auditors
Sas 104 111 Impact On Auditors himetro
 
02 Symbian Os Basics Tipos De Dados
02 Symbian Os Basics Tipos De Dados02 Symbian Os Basics Tipos De Dados
02 Symbian Os Basics Tipos De DadosTiago Romão
 
Acceleo - Let's start with an Android example
Acceleo - Let's start with an Android exampleAcceleo - Let's start with an Android example
Acceleo - Let's start with an Android exampleJonathan Musset
 
Jr Special Life Insurance Policy
Jr Special Life Insurance PolicyJr Special Life Insurance Policy
Jr Special Life Insurance PolicyKyle Lear
 

Viewers also liked (7)

Anytime, Anywhere Approach To Social Media
Anytime, Anywhere Approach To Social MediaAnytime, Anywhere Approach To Social Media
Anytime, Anywhere Approach To Social Media
 
01 Symbianosbasics Introducao
01 Symbianosbasics Introducao01 Symbianosbasics Introducao
01 Symbianosbasics Introducao
 
Sas 104 111 Impact On Auditors
Sas 104 111 Impact On Auditors Sas 104 111 Impact On Auditors
Sas 104 111 Impact On Auditors
 
02 Symbian Os Basics Tipos De Dados
02 Symbian Os Basics Tipos De Dados02 Symbian Os Basics Tipos De Dados
02 Symbian Os Basics Tipos De Dados
 
Digital Ninjas Wanted
Digital Ninjas WantedDigital Ninjas Wanted
Digital Ninjas Wanted
 
Acceleo - Let's start with an Android example
Acceleo - Let's start with an Android exampleAcceleo - Let's start with an Android example
Acceleo - Let's start with an Android example
 
Jr Special Life Insurance Policy
Jr Special Life Insurance PolicyJr Special Life Insurance Policy
Jr Special Life Insurance Policy
 

Similar to SAS 112 What's it all about? - Understanding internal control deficiencies

Ch7 Quiz Questions And Solutions
Ch7 Quiz Questions And SolutionsCh7 Quiz Questions And Solutions
Ch7 Quiz Questions And SolutionsSamantha Caldwell
 
Texas Trial Lawyers Association Commercial Litigation Semi.docx
Texas Trial Lawyers Association Commercial Litigation Semi.docxTexas Trial Lawyers Association Commercial Litigation Semi.docx
Texas Trial Lawyers Association Commercial Litigation Semi.docxtodd191
 
Assessing risks and internal controls training
Assessing risks and internal controls trainingAssessing risks and internal controls training
Assessing risks and internal controls trainingshifataraislam
 
Evaluation of process level control deficiencies 5 20-2016
Evaluation of process level control deficiencies 5 20-2016Evaluation of process level control deficiencies 5 20-2016
Evaluation of process level control deficiencies 5 20-2016leschaney
 
Bba ii auditing 12
Bba ii auditing 12Bba ii auditing 12
Bba ii auditing 12nsbhoyar
 
introduction to internal control in a financial statement audit
introduction to internal control in a financial statement auditintroduction to internal control in a financial statement audit
introduction to internal control in a financial statement auditMengsongNguon
 
Auditor Independence And Financial Statements
Auditor Independence And Financial StatementsAuditor Independence And Financial Statements
Auditor Independence And Financial StatementsNatasha Barnett
 
Essay About Surfer Dude Duds, Inc
Essay About Surfer Dude Duds, IncEssay About Surfer Dude Duds, Inc
Essay About Surfer Dude Duds, IncSharon Lee
 
2 of 2--Internal Controls Sp 2010
2 of 2--Internal Controls Sp 20102 of 2--Internal Controls Sp 2010
2 of 2--Internal Controls Sp 2010alfredo99
 
DEPARTMENT OF ACCOUNTING, TAXATION, AND LEGAL STUDIES IN...
DEPARTMENT OF ACCOUNTING, TAXATION, AND LEGAL STUDIES IN...DEPARTMENT OF ACCOUNTING, TAXATION, AND LEGAL STUDIES IN...
DEPARTMENT OF ACCOUNTING, TAXATION, AND LEGAL STUDIES IN...Beth Hall
 
Audit planning and risk assessment
Audit planning and risk assessmentAudit planning and risk assessment
Audit planning and risk assessmentcasahiljain1992
 
Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...
Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...
Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...Taufir Alam
 

Similar to SAS 112 What's it all about? - Understanding internal control deficiencies (20)

Ch7 Quiz Questions And Solutions
Ch7 Quiz Questions And SolutionsCh7 Quiz Questions And Solutions
Ch7 Quiz Questions And Solutions
 
Texas Trial Lawyers Association Commercial Litigation Semi.docx
Texas Trial Lawyers Association Commercial Litigation Semi.docxTexas Trial Lawyers Association Commercial Litigation Semi.docx
Texas Trial Lawyers Association Commercial Litigation Semi.docx
 
Assessing risks and internal controls training
Assessing risks and internal controls trainingAssessing risks and internal controls training
Assessing risks and internal controls training
 
Fice Of Internal Audit
Fice Of Internal AuditFice Of Internal Audit
Fice Of Internal Audit
 
Evaluation of process level control deficiencies 5 20-2016
Evaluation of process level control deficiencies 5 20-2016Evaluation of process level control deficiencies 5 20-2016
Evaluation of process level control deficiencies 5 20-2016
 
Bba ii auditing 12
Bba ii auditing 12Bba ii auditing 12
Bba ii auditing 12
 
Chapter 6
Chapter 6Chapter 6
Chapter 6
 
Audit Fee
Audit FeeAudit Fee
Audit Fee
 
Audit Engagment Letter
Audit Engagment LetterAudit Engagment Letter
Audit Engagment Letter
 
introduction to internal control in a financial statement audit
introduction to internal control in a financial statement auditintroduction to internal control in a financial statement audit
introduction to internal control in a financial statement audit
 
Auditor Independence And Financial Statements
Auditor Independence And Financial StatementsAuditor Independence And Financial Statements
Auditor Independence And Financial Statements
 
Essay About Surfer Dude Duds, Inc
Essay About Surfer Dude Duds, IncEssay About Surfer Dude Duds, Inc
Essay About Surfer Dude Duds, Inc
 
2 of 2--Internal Controls Sp 2010
2 of 2--Internal Controls Sp 20102 of 2--Internal Controls Sp 2010
2 of 2--Internal Controls Sp 2010
 
DEPARTMENT OF ACCOUNTING, TAXATION, AND LEGAL STUDIES IN...
DEPARTMENT OF ACCOUNTING, TAXATION, AND LEGAL STUDIES IN...DEPARTMENT OF ACCOUNTING, TAXATION, AND LEGAL STUDIES IN...
DEPARTMENT OF ACCOUNTING, TAXATION, AND LEGAL STUDIES IN...
 
Audit planning and risk assessment
Audit planning and risk assessmentAudit planning and risk assessment
Audit planning and risk assessment
 
Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...
Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...
Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...
 
North Face
North FaceNorth Face
North Face
 
Mcclain Plastics
Mcclain PlasticsMcclain Plastics
Mcclain Plastics
 
COSO 2013 and The Auditor
COSO 2013 and The AuditorCOSO 2013 and The Auditor
COSO 2013 and The Auditor
 
SOX 2016 - PART I - COSO 2013
SOX 2016 - PART I - COSO 2013SOX 2016 - PART I - COSO 2013
SOX 2016 - PART I - COSO 2013
 

Recently uploaded

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 

Recently uploaded (20)

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 

SAS 112 What's it all about? - Understanding internal control deficiencies

  • 1. SAS 112 What’s it all about? Communicating Internal Control Related Matters Identified in an Audit Effective audit years ending after 12/15/06
  • 2. The Auditing Relationship This is what I send to audit clients every year after the audit is complete. 2 www.metrometro.com
  • 3. Metro Metro & Associates We are auditors of small nonprofits 7 Senior staff Olney, Maryland Love the summer work 3 www.metrometro.com
  • 4. 4 www.metrometro.com
  • 5. Objectives Define SAS 112 (Boring) Explain SAS 112, the nuts and bolts – Lots of examples Raise awareness within your organization What will the auditors’ areas of concern be? – Get the answers to the test before the test – All of these points are available on the internet, through – books, consultants, etc. Don’t reinvent the wheel when presenting to your organization. Google “SAS 112 summary” Reduce your audit fees 5 www.metrometro.com
  • 6. Sas 112 - What does it do? SAS 112 provides guidance to enhance your ability to identify and evaluate control deficiencies during an audit and then communicate to management and those charged with governance those deficiencies that you believe are significant deficiencies or material weaknesses. 6 www.metrometro.com
  • 7. What does it really do? defines the terms quot;significant deficiencyquot; and quot;material weaknessquot; provides guidance on evaluating the severity of control deficiencies identified in an audit of financial statements; and requires the auditor to communicate, in writing, to management and those charged with governance (e.g., Board of Directors), significant deficiencies and material weaknesses identified in an audit 7 www.metrometro.com
  • 8. Two Unconditional Requirements The auditor must evaluate identified 1. control deficiencies and determine whether those deficiencies, individually or in combination, are significant deficiencies or material weaknesses. and… 8 www.metrometro.com
  • 9. Two Unconditional Requirements 2. The auditor must communicate, in writing, significant deficiencies and material weaknesses to management and those charged with governance. Including those found in prior audits but not yet fixed. 9 www.metrometro.com
  • 10. What is an Internal Control The accounting profession, collaborating in a body known as COSO (Committee on Sponsoring Organizations) has adopted a definition of internal controls: A process, effected by the entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Reliability of financial reporting – Effectiveness and efficiency of operations – Compliance with applicable laws and regulations – 10 www.metrometro.com
  • 11. Reliability of financial reporting … refers to the published financial statements. While this is primarily the responsibility of an organization’s accounting group, all transactions within the organization are affected since transactions and financial results emanate from all activities of an organization. 11 www.metrometro.com
  • 12. Operations and Compliance The other two bullets (Operations and Compliance) also have significance for all organization activities. Within any department or organization, the goals of internal controls are: To control the financial, operational and managerial activities of a – department To comply with federal, state and local laws, rules and regulations – and organization policies To prevent fraud – To highlight positive and negative aspects of an operation or – function To alert management and other concerned parties of relevant – required courses of action 12 www.metrometro.com
  • 13. The Meat of SAS 112 Definition 1 – Control Deficiency When the design or implementation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis. Two categories: Design Deficiency – Operation Deficiency – 13 www.metrometro.com
  • 14. Definition 2 – Significant Deficiency A significant deficiency is a control deficiency, or combination of control deficiencies, that adversely affects the entity’s ability to initiate, authorize, record, process, or report financial data reliably in accordance with GAAP such that there is more than a remote likelihood that a misstatement of the entity’s financial statements that is more than inconsequential will not be prevented or detected. 14 www.metrometro.com
  • 15. Definition 3 – Material Weakness A material weakness is a significant deficiency, or combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement of the financial statements will not be prevented or detected. 15 www.metrometro.com
  • 16. HOW DO WE DETERMINE SEVERITY? 16 www.metrometro.com
  • 17. Evaluation of a Control Deficiency (3 considerations) Potential for misstatement - Not just “did” it occur, but “will” it occur. Likelihood – probability that a misstatement will occur. “reasonably possible” Magnitude – extent of the misstatement that could occur. 17 www.metrometro.com
  • 18. Magnitude Inconsequential More than inconsequential Material 18 www.metrometro.com
  • 19. “Prudent Official” Test When evaluating the significance of a deficiency, auditors are to step back and consider whether a prudent official with the same knowledge of the situation would agree with our classification of the deficiency. 19 www.metrometro.com
  • 20. Form and Timing of Communication Significant deficiencies and material weaknesses must be communicated in writing within 60 days from the issuance of the report to management AND those charged with – governance. If communicated last year but not fixed, – communicate again. 20 www.metrometro.com
  • 21. EXAMPLES We’ll tackle some general and specific examples of control deficiencies, significant deficiencies and material weaknesses. 21 www.metrometro.com
  • 22. Examples of Control Deficiencies lack of review and reconciliation of departmental expenditures no supervisor signature required on travel expenditure same person able to request and approve an expenditure same person does billing, opens mail, receives and deposits checks same person initiates and approves payroll 22 www.metrometro.com
  • 23. Case Study One of the most discussed deficiencies is the Auditor preparing the client’s financial statements. Must this be reported as a material weakness in internal control? Under what circumstances can an auditor prepare statements and not have to report a material weakness? Let’s see…. 23 www.metrometro.com
  • 24. Clients Accountant Is Capable The client’s accountant is capable of preparing the financial statements but is too busy. The auditor knows the accountant is capable because he/she prepared last year and did a good job. Accountant provides adjusted trial balance = Not a control deficiency 24 www.metrometro.com
  • 25. Clients Accountant is Capable but does less work Similar situation as last slide. This time, accountant does not have enough time to prepare year end closing entries, accruals and adjusted trial balance. Instead, auditor is given the task of preparing accruals, closing entries, draft statements and notes. Accountant will review all entries and auditor prepared documents and trace entries back to source documents… What do you think? Control Deficiency or no? 25 www.metrometro.com
  • 26. The Old “Professional Judgment” Excuse Although the accountant is capable of doing the work and seems to have controls in place to prevent and detect misstatements it could be argued that the client does not take the closing process seriously. If the preparation of the financial statements is a low priority and this is an annual event, could be a strong indicator of a material weakness. 26 www.metrometro.com
  • 27. Clients Accountant is Not Capable The staff accountant/bookkeeper is unable to either adjust the trial balance or evaluate the auditors adjustments. Neither the accountant nor anyone else in the organization is capable of evaluating whether the financial statements are fairly presented in accordance with GAAP…. Control Deficiency and Material Weakness 27 www.metrometro.com
  • 28. Some Slam Dunks (Strong indicator of material weakness) Ineffective oversight by those charged with governance of the entity’s financial reporting and internal control, or an ineffective overall governance structure. Restatement of previously issued financial statements to reflect the correction of a material misstatement. Auditor finds a material misstatement that was not picked up by the internal control system. 28 www.metrometro.com
  • 29. Slam Dunks An ineffective internal audit function or risk assessment function when such functions are important to the monitoring of internal controls such as for large or complex entities. Identification of fraud of any magnitude on the part of senior management. Failure to assess the effect of a significant deficiency previously communicated. 29 www.metrometro.com
  • 30. Case Study – Lack of segregation of duties Small Nonprofit 30 www.metrometro.com
  • 31. Audit Adjustments Q- In reading the definition of significant deficiency and material weakness, it seems that if the auditor discovers material audit adjustments during the audit, there is one or more material weaknesses? True or False 31 www.metrometro.com
  • 32. Audit Adjustments A - If the auditor discovers a material misstatement and proposes an audit adjustment, then obviously, the client’s system of internal control did not prevent or detect the misstatement. Accordingly, the auditor would have identified a control deficiency that must be evaluated. Since the amount is material, the only remaining question is whether the likelihood is more than remote. If yes, then by definition, there is a material weakness. 32 www.metrometro.com
  • 33. Audit Adjustment Consideration Q - A client knows there are significant audit issues that need to be addressed in the financial records but does not make adjustments for those issues until he can discuss them with the auditor as to an appropriate resolution during the audit. Once discussed, a significant audit adjustment is then proposed by the auditor and accepted by the company. Would this result in the reporting of a material weakness? 33 www.metrometro.com
  • 34. Audit Adjustment Consideration A - The fact that a client is aware that there is a financial statement matter that needs attention or clarification indicates that the preparer could be sufficiently knowledgeable about accounting standards. That awareness and follow up is one element of effective internal controls over financial reporting. 34 www.metrometro.com
  • 35. Clean Opinion? Q - Can the auditor still justify issuing a clean opinion on the financial statements if the client has significant deficiencies or material weaknesses? 35 www.metrometro.com
  • 36. Clean Opinion? A - Yes, the role of the auditor is to obtain a sufficient understanding of the entity’s internal control sufficient to plan and conduct his or her audit. When there are material weaknesses, the auditor responds to those control risks by adjusting the nature, timing and extent of the audit procedures. 36 www.metrometro.com
  • 37. Strengthening Internal Control Control Environment Specific Controls 37 www.metrometro.com
  • 38. Control Environment The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. Control environment factors include the integrity, ethical values and competence of the entity's people; management's philosophy and operating style; the way management assigns authority and responsibility, and organizes and develops its people; and the attention and direction provided by the board of directors. 38 www.metrometro.com
  • 39. Control Environment Examples Does management communicate to employees its views on business practices and ethical behavior either orally or by example? 39 www.metrometro.com
  • 40. Control Environment Examples Has the nonprofit organization adopted and communicated to employees and board members a specific policy on conflict of interest that specifies that personnel in a position of trust are not related to each other; employees are prohibited from having business dealings with companies affiliated with, or who act as major customers or suppliers of, the nonprofit organization; transactions with officials of the nonprofit organization are adequately controlled and disclosed in the records; and such transactions occur only in the normal course of business and are approved by the governing board? 40 www.metrometro.com
  • 41. Control Environment Example Is management satisfied that all employees are honest? Does management consider the competence levels that are necessary for various jobs and the skills and knowledge that are required for reliable accounting and financial reporting. Do human resource policies and practices include background and reference checks for new employees, adequate training, and regular performance evaluations, especially for accounting and IT personnel? 41 www.metrometro.com
  • 42. Cash Controls Mail is opened and a list of daily receipts is prepared by two or more people independent of the cashier and accounts receivable bookkeeping. Cash receipts from special events are counted by at least two people and no more than one volunteer. A separate imprest payroll bank account is used. 42 www.metrometro.com
  • 43. Cash Controls Checks are not to be returned to the preparer after signing. Stale checks are followed up on periodically by individuals independent of accounts payable and cash disbursement functions. Collectors issue prenumbered receipts for canister collections and the contents are counted in the presence of two persons. Prenumbered bid sheets from silent auctions are reconciled to cash receipts. 43 www.metrometro.com
  • 44. Cash Controls Bank accounts are reconciled by individuals independent of cash receipts and disbursements functions. Checks are prepared only after proper matching of supporting documentation (vendor’s invoice, receiving report, purchase order, etc.). How does all of this relate to online bill pay? We hardly write any checks in our office. Soon we won’t write checks or receive checks. 44 www.metrometro.com
  • 45. Payroll Controls There is restricted access to: Blank payroll checks – Mechanical check signers or signature plates (if – used) Personnel records – Payroll computer files used to calculate payroll – 45 www.metrometro.com
  • 46. Payroll controls when using outside service If payroll is processed by an outside service organization, procedures are in place to ensure that: Time records submitted for processing are complete and – accurate and appropriate control totals are maintained for subsequent reconciliation to payroll registers. All other payroll information provided to the service – organization (pay rates, withholdings, etc.) is authorized, and all authorized information is communicated. Payroll registers produced by the service organization are – reviewed after processing, reconciled to control totals, and approved prior to distribution of paychecks. Total of paychecks and/or direct deposits agrees with – payroll registers. 46 www.metrometro.com
  • 47. Controls over purchases and payables A current purchasing manual defines restrictions on purchases of goods or services from governing board members, employees, or other suppliers that would create a conflict of interest. (Related party) Program managers periodically compare actual expenses to budgeted expenses and investigate unanticipated variances. 47 www.metrometro.com
  • 48. Controls over purchases and payables There is an approved vendors list. The appropriate level of management or another appropriate person periodically compares actual expenditures to budgeted expenditures and follows up on significant variances. 48 www.metrometro.com
  • 49. Controls over donated materials, facilities and services The organization has established procedures for the supervision of volunteers. The organization maintains time sheets or other records to substantiate the date of donated services, nature of the services, and time; and those records are reviewed and approved by responsible personnel. 49 www.metrometro.com
  • 50. Controls over revenue and receivables The organization publishes the names of donors in its journals, newsletters, programs, etc., and someone independent of accounting investigates complaints of errors or omissions. The organization periodically sends statements to service recipients, members, etc. 50 www.metrometro.com
  • 51. Controls over revenue and receivables Customer/member/donor complaint follow-up is independent of accounts receivable, bookkeeping, and cash handling. Monthly statements of customer/member accounts are mailed by someone other than the person responsible for accounts receivable bookkeeping. The organization prohibits loans to employees and governing board members. 51 www.metrometro.com
  • 52. Controls over revenue and receivables Employees with receivable responsibilities are required to take vacations and other employees are required to perform those functions when an employee is absent. The organization uses prenumbered contribution acknowledgement forms. 52 www.metrometro.com
  • 53. Fraud Assesment Incentives or pressures for management to intentionally misstate the financial statements. The organization is experiencing a shortfall in unrestricted contributions that may create an incentive to use restricted net assets to cover the shortfall. The organization has donors, grantors, or other providers who set up restrictions or conditions based on reported financial statement amounts. 53 www.metrometro.com
  • 54. Fraud Assessment Conditions that indicate management’s personal net worth may be threatened by the organization’s financial performance, such as: A significant portion of management’s compensation – depends on bonuses, or other incentives, the value of which is dependent on the organization meeting aggressive performance targets (for example, program accomplishments, budget, fund-raising targets, financial position, cash flow, or other financial or operating goals). The organization is experiencing a poor or deteriorating – financial condition and board members or management have personally guaranteed significant debts of the organization. 54 www.metrometro.com
  • 55. Fraud Assessment The organization engages in significant related-party transactions not in the ordinary course of business. Management fails to effectively define, communicate, implement, support, or enforce the organization’s values or ethics. 55 www.metrometro.com
  • 56. Communication and enforcement of ethical values Are members of the organization’s governing body (board of directors, board of trustees, committees of the board, etc.) elected to their positions? Is the governing board sufficiently independent from management so that necessary questions are raised? Does the governing board meet in regularly scheduled meetings, and are clear, written minutes kept of all meetings? Does the governing board (or audit committee) hold frequent and timely meetings with the chief financial and/or accounting personnel and external auditors? Does the governing board (or audit committee) approve the appointment of auditors? Does the governing board take an active interest in the financial affairs of the organization and in the reports available to them? Does the governing board include outside members with business experience? Is sufficient information provided to the governing board (or audit committee) in a manner that allows adequate and timely monitoring? Does the governing board (or audit committee) meet with the auditors to discuss the auditor’s report, the communication of internal control related matters, the Single Audit reports (if the organization receives federal awards and is required to have a Single Audit), and other matters related to the audit? 56 www.metrometro.com
  • 57. Conclusion 57 www.metrometro.com
  • 58. Take Control - Make Your Audit Easier Make less journal entries - Audit standards require that we review journal entries for unusual activities. The more entries, the longer the audit takes. You can cut down on journal entries by recording bank charges, debits and manual checks as you would any other cash disbursement. Record bank account interest earned like you would a deposit. 58 www.metrometro.com
  • 59. Take Control - Make Your Audit Easier Be ready for us - Make sure your auditor has provided you with a long Client Assistance List (CAL) or PBC (Provided by Client) list. The longer the better so that you can do the work at your schedule instead of scurrying during the audit fieldwork. Number the list and have a folder, notebook tab, or pile for each number. Impress the auditor, be organized, that's what we're looking for. 59 www.metrometro.com
  • 60. Take Control - Make Your Audit Easier Be consistent and predictable - We like ordinary and boring. If you have a group of month end journal entries for depreciation, accrued payroll, etc., make them all on one entry that looks the same each month. Keep entries as ordinary and routine as possible. Record deposits the same. Record invoices the same. Make the transactions as easily identifiable as possible. 60 www.metrometro.com
  • 61. Take Control - Make Your Audit Easier Support, Support, Support - Every transaction requires support. Checks, deposits, journal entries. Be consistent by including the same support on each type of transaction. Make sure every transaction has the required approvals. 61 www.metrometro.com
  • 62. Take Control - Make Your Audit Easier Document your approval processes and follow them - If a disbursement requires a board signature, make sure it has a board signature. Make sure your approval processes will pass the auditor's tests. 62 www.metrometro.com
  • 63. Take Control - Make Your Audit Easier Don't turn the audit engagement into an accounting engagement. Get the accounting work done first. Post accruals, depreciation, make sure everything ties in, etc. We don't want to do accounting work at the audit. Auditors like to tick and tie to get comfort that the numbers are right. Every time we have to make an entry, you lose credibility and it takes longer for us to get comfortable. Your auditors don't have to be your accountants, you can hire an accountant to do a monthly or quarterly review so that you'll be more prepared for your audit. 63 www.metrometro.com
  • 64. Take Control - Make Your Audit Easier Insist on consistency from your audit team. Ask ahead of time, who will be coming. Are they the same auditors as last year? If not, push back a little bit. The more consistency, the less learning curve and the less interruptions. 64 www.metrometro.com
  • 65. From RSM McGladry Educate your board on the new requirements of SAS No. 112 and the possible findings. Ensure internal controls over financial reporting are formally documented. Monitor and test these internal controls for accuracy on a semi-annual or annual basis. Reconcile the general ledger to the amounts reported in the financial statements (including disclosures) and apply analytical review procedures to the financial statements. Begin taking inventory of your significant controls over your most guarded assets (or financial reporting process) and start documenting those critical aspects of internal controls. Assess your reliance on external auditors to draft your financials. At least for this year, formally designate a person responsible for reviewing and approving the financial statements and design checklists to document this review. 65 www.metrometro.com
  • 66. Don’t reinvent the wheel – web resources If you want to make a powerpoint presentation on SAS 112 to your organization and/or its board, then google “SAS 112 powerpoint” and several presentations will come up. Communicate, communicate, communicate 66 www.metrometro.com