1 The Impact of SAS 112 on Governmental Financial Statement Audits GAQC Member Conference Call January 4, 2007 Presented by Chuck Landes, CPA

2 What We Will Cover The requirements of SAS No.112 How relates to changes being made in the Yellow Book Implication on single audits and other compliance audits

3 SAS No. 112

4 In a Nutshell, SAS No. 112… Defines the terms significant deficiencies and material weaknesses Provides guidance on evaluating the severity of control deficiencies Requires the auditor to communicate, in writing, to management and those charged with governance Effective date = audits of periods ending on or after December 15, 2006

5 SAS No. 112 Those charged with governance = the persons with responsibility for overseeing the strategic direction of the entity and the entity’s financial reporting and disclosure process. Recognizes that body to whom communication is made may take different forms Board of Directors Committee of management Single owner

6 Old Versus New Old DefinitionsNew Definitions Material weakness Reportable condition Significant deficiency Management letter comment (under Yellow Book only) Other matters related to internal control

7 Old Definitions Reportable conditions involve matters coming to the auditors attention relating to significant deficiencies in the design or operation of the internal control that, in our judgment, could adversely affect the organization’s ability to initiate, record, process, and report financial data consistent with the assertions of management in the financial statements. A material weakness is a reportable condition in which the design or operation of one or more of the internal control components does not reduce to a relatively low level the risk that misstatements caused by error or fraud in amounts that would be material in relation to the financial statements being audited may occur and not be detected within a timely period by employees in the normal course of performing their assigned functions.

8 SAS No. 112 Conforms definitions of control deficiency, significant deficiency, and material weakness to those in PCAOB AS#2. The term significant deficiency replaces the term reportable condition Requires written communication of significant deficiencies and material weaknesses to management and those charged with governance. Should be communicated even if they were communicated in connection with previous audits

9 SAS No. 112 A control deficiency exists when the design or operation of a control does not allow management or employees, in the course of performing their assigned functions, to prevent or detect misstatements on a timely basis. Control deficiencies may involve one or more of the five interrelated components of internal control

10 SAS No. 112 A significant deficiency is a control deficiency, or combination of control deficiencies … such that there is more than a remote likelihood that a misstatement of the entity’s financial statements that is more than inconsequential will not be prevented or detected. A material weakness is a significant deficiency, or combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement of the financial statements will not be prevented or detected.

11 Remote Likelihood Remote likelihood has the same meaning as in FASB Statement No. 5 Remote is defined such that the chance of the future events or events occurring is slight Therefore, the likelihood of an event is “more than remote” when it is at least possible

12 More Than Inconsequential More than inconsequential describes the magnitude of potential misstatement that could occur as a result of a significant deficiency Misstatement is “inconsequential” if a reasonable person would conclude would clearly be immaterial to the financial statements In determining whether potential misstatement would be more than inconsequential, auditor should consider qualitative and quantitative factors A potential misstatement that is less than 20% of overall financial statement materiality may be inconsequential

13 Evaluating Deficiencies Provides guidance in evaluating: Deviations in the design or operation of controls and whether those deviations constitute control deficiencies The severity of control deficiencies Based on nature, likelihood, and magnitude Whether misstatements or potential misstatements are “more than inconsequential” Examples of factors that may affect the likelihood that a control could fail to prevent or detect a misstatement Susceptibility to loss or fraud Subjectivity and complexity of the amount involved Cause and frequency of any known or detected exceptions related to the operating effectiveness of a control

14 Evaluating Deficiencies Several factors affect the magnitude of a misstatement that could result from a deficiency including the following: F/S amounts or total of transactions exposed to the deficiency Volume of activity in the account balance or class of transactions exposed to the deficiency Auditor should also evaluate compensating controls

15 Evaluating Deficiencies SAS identifies control deficiencies that ordinarily would be considered at least significant deficiencies Also identifies circumstances that should be regarded as at least a significant deficiency and a strong indicator of a material weakness After concluding on severity of deficiency (control deficiency, significant deficiency, material weakness), to consider whether “prudent individuals” having knowledge of facts and circumstances would come to same conclusion.

16 SAS No. 112 Written communication required no later than 60 days following issuance of audit report (including deficiencies that were communicated in previous audits) Auditor may decide communicate certain deficiencies during the audit Provides illustrative written communications Includes an appendix containing examples of circumstances that may be control deficiencies, significant deficiencies, or material weaknesses

17 SAS No. 112 Also states that nothing precludes the auditor from communicating to management and those charged with governance other matters that the auditor: Believes to be of potential benefit to the entity Has been requested to communicate Such a communication can be done orally or in writing

18 SAS No. 112 Management may wish to, or be required to, prepare a written response to the auditor’s communication Such response may include a description of corrective actions, the entity’s plans to implement new controls, or a statement indicating that the cost of correcting would exceed the benefit If such a response is included in a document with the auditor’s written communication the auditor should add a paragraph to the communication disclaiming an opinion on such information

19 What about Government Auditing Standards?

20 Proposed Yellow Book Changes Yellow Book is adopting new terminology All significant deficiencies and material weaknesses proposed to be included in the Yellow Book report Deficiencies in internal control that are not significant deficiencies would go in management letter unless clearly inconsequential

21 Other Yellow Book Requirements Audit findings relating to internal control deficiencies would need to include the required elements defined by the Yellow Book as: Criteria Condition Cause Effect or potential effect Recommendations for corrective action if able Views of responsible officials, including planned corrective action

22 What About Single Audits and Other Federal Compliance Audits?

23 Single Audits The big question is what action OMB will take with regard to single audits A-133 requires report to include reportable conditions and material weaknesses that relate to federal programs Type A program can not be considered low-risk if it had a reportable condition Entity is not able to be a low-risk auditee if it had deficiencies in I/C over financial reporting that would be considered material weaknesses or if any of the federal programs had material weaknesses (in either of the 2 preceding years)

24 Single Audits Current Status - definitions ASB (working with a task force of practitioners that do these audits) has developed a draft audit interpretation that would provide updated definitions and terminology for control deficiencies in a single audit environment that are consistent with SAS No. 112 OMB has the interpretation for review If approved, the plan would be for OMB to issue a notice on its Web site in the near future pointing auditors to the new auditing interpretation that would be issued on the AICPA Web site concurrently with the OMB notice

25 Single Audits Current Status – Definitions Watch GAQC Web site for developments in this area GAQC will schedule a member conference call to discuss SAS 112 implications on single audits as soon as we have a final answer (which should be in the near future)

26 Single Audits Current Status – Scope issues OMB has yet to determine whether any changes will be made to address the scope issues (i.e., type A program determination issues and low-risk auditees) Likely would entail a formal revision to A-133

27 Other Compliance Audits The other big question is what action the numerous federal agencies with audit guides (for example, HUD and Education) will take? Will be a challenge! GAQC staff will be working to encourage federal agencies with Guides to address this issue directly and soon

28 Questions ?????