SAS 112: The New Auditing Standard Jim Corkill Controller Accounting Services & Controls.
-
Upload
laurence-cox -
Category
Documents
-
view
231 -
download
1
Transcript of SAS 112: The New Auditing Standard Jim Corkill Controller Accounting Services & Controls.
SAS 112:SAS 112:The New Auditing StandardThe New Auditing Standard
Jim CorkillControllerAccounting Services & Controls
AgendaAgenda
Background What is SAS 112 Impacts on UC and the Campus Key Controls Roles & Responsibilities Q & A
BackgroundBackground
Sarbanes-Oxley Act of 2002 Stronger Controls for Public Companies Created a new federal oversight board, the Public
Company Accounting Oversight Board (PCAOB)
In May 2006, AICPA issued SAS 112 which substantially incorporates the PCAOB’s AS 2.
What is SAS 112What is SAS 112?
Statement on Auditing Standard 112 (SAS 112):“Communicating Internal Control Related Matters Identified in an Audit” – Effective May 2006
SAS 112 develops a framework for reporting control weaknesses over financial reporting, not designed to address other controls, such as operational controls.
Purpose of SAS 112Purpose of SAS 112
Ensure effectiveness of internal controls that impact financial statements
Establish a standard for determining seriousness of a control issue and classifying it into three categories: Control Deficiency Significant Deficiency Material Weakness
Examples of Control Examples of Control DeficienciesDeficiencies
Lack of review and reconciliation of departmental expenditures
Lack of overdraft funds monitoring Lack of physical inventory Lack of timeliness of cash deposit and
account reconciliation
Significant Deficiency and Significant Deficiency and Material WeaknessMaterial Weakness
A control deficiency, or combination of control deficiencies with more than a remote chance of not preventing or detecting:
An inconsequential misstatement of the financial statements = Significant Deficiency
A material misstatement of the campus financial statements = Material Weakness
The materiality of the control deficiency is determined based on what potentially could go wrong, not just on the amount of actual misstatements.
What does this mean for UC?What does this mean for UC?
The new definitions lower the bar for reporting internal control deficiencies to the Chancellor and the Regents
In addition, SAS 112 requires UC to disclose deficiencies to 3rd parties such as: Federal sponsors 3rd party creditors Accrediting agencies, Rating agencies Insurers
Additional Impacts of SAS 112Additional Impacts of SAS 112
Negative impact on sponsored project funding Negative impact on credit rating Additional federal audits Negative impact on reputation
Any findings could result in increased review by the federal government and/or impact the University’s ability to obtain research funding
How to Reduce Potential FindingsHow to Reduce Potential Findings
Place “key controls” in our operation to minimize control deficiency and risk by preventing or detecting errors and frauds in a timely manner
UC Response to SAS 112UC Response to SAS 112
Identify financial key controls. Controls must be documented or they are not
considered controls. Some of these key controls reside in
departments. UC Website with documentation of all of our
key controls: http://www.ucop.edu/SAS112
UCSB Response to SAS 112UCSB Response to SAS 112
Work with Accounting and central departments to identify key controls for our financial processes
Describe & document key controls Identify Roles, Responsibility, and
Accountability
Identify sufficient evidence of review Discussions with Campus
Key ControlsKey Controls
What is a Key Control?
A set of critical processes to prevent or detect errors and frauds in the financial statements
Department Key ControlsDepartment Key Controls
Examples General Ledger Reconciliation – Each month
actual revenues and expenses are reviewed and reconciled to supporting documentation.
Overdraft Funds – Department reviews funds in overdraft status and takes follow-up action.
Distribution of Payroll Expense Reconciliation – Detailed payroll expenses reviewed each month by the department for general propriety and to validate the accuracy of the charges.
Department Key ControlsDepartment Key Controls
Examples
Purchasing and Accounts Payable Invoices – Requisitions, Purchase Orders, and Invoices are reviewed and approved at the department level. Invoices must be approved by the person with signature authorization.
Effort reports ( PARS) – PAR reports are approved each quarter by responsible official with first hand knowledge of the work performed. PARS are certified for employees who are paid directly from a federal or federal flow through award.
Department Key ControlsDepartment Key ControlsExamples
Physical Inventory – Physical Inventory is conducted by the department custodian/PI every two years. Equipment Management ensures the inventory is conducted every two years. Records are reconciled to the physical inventory results.
Key Control Process Key Control Process Example: Example:
General Ledger ReconciliationGeneral Ledger ReconciliationKey Control: Department Reconciles their General Ledger
Monthly
Process: Departments review and reconcile, annotate exceptions, and
follow-up with corrective actions, i.e, submitting a journal entry, contacting a recharge unit or other dept. as appropriate, or submitting a transfer of expense.
Maintain evidence of review and reconciliation that is easily accessible for audit, i.e. use On-Line General Ledger approval function that records user, time, date stamp
Role and Responsibilities of Role and Responsibilities of the Departmentthe Department
Implement departmental key controls Ensure the key controls are in place
Document evidence of review for all levels (signature, email and/or sign checklist)
Correct and follow-up timely, when control deficiency or weakness is identified
Document evidence of corrective action taken
Role and Responsibilities of theRole and Responsibilities of the Office of the Controller Office of the Controller
Update university procedures and best practices for Key Controls
Act as a liaison between external auditors and departments
Provide guidance, key controls framework, and communication for SAS-112 implementation
Serve as a resource for campus departments
Tools for DepartmentsTools for Departments
UCSB SAS 112 Web Site –http://www.controller.ucsb.edu/SAS112
UC Web Site – http://www.ucop.edu/sas112/index.php
Department Checklist
Other ControlsOther Controls
These key controls are not the only controls that departments need to monitor.
Other controls exist for governance and to comply with University Policy, Laws and Regulations.
Departments should not eliminate existing controls based on SAS 112.
Important NotesImportant Notes SAS 112 Effective Date – May 1, 2006
Entire Fiscal Year (2007-08) is subject to review and testing
DO NOT go back and create documents or back date reviews
BEGIN documenting key control processes (if you are not already) effective immediately
Questions?Questions?