Auditor/Accountant Communications: SAS Nos. 112 & 115 and Other Critical Requirements

• Chapter 0 - Course Overview
  • SAS No. 115
• Part - - SAS Nos. 112 and 115, Communicating Internal Control Related Matters Identified in an Audit
• Chapter 1 - An Overview of SAS Nos. 112 and 115, Communicating Internal Control Related Matters Identified in an Audit
  • Learning Objectives
  • SAS Nos. 112 and 115
  • What Has Changed, What Has Stayed the Same?
    • SAS No. 112
    • SAS No. 115
    • Key Differences between SAS Nos. 112 and 115
    • Revised Definitions
    • Other Revisions in SAS No. 115
    • Why SAS No. 112 Was Issued
    • Why SAS No. 115 Was Issued
    • Unconditional Requirements in SAS Nos. 112 and 115
    • Effective Dates
    • Application
    • Effects on Audits
  • Comparison of SAS Nos. 112 and 115 with SAS No. 60
    • Points of Comparison
  • Questions
• Chapter 2 - Identifying Deficiencies in Internal Control
  • Learning Objectives
  • Introduction
  • Key Concepts
  • COSO's Five Interrelated Components of Internal Control
    • Viewing Internal Control as an Integrated Process
    • The Totality of Internal Control
    • Applying Principles in Achieving Effective Internal Control over Financial Reporting
  • Definitions
    • SAS No. 112
    • SAS No. 115
  • Identifying Deficiencies in Internal Control
    • The Auditor's Responsibility for Indentifying Deficiencies in Internal Control
    • Components of - Deficiency in Internal Control
    • Does Not Allow
    • Management or Employees
    • Normal Course of Performing Assigned Functions
    • Timely Basis
  • Evaluating Deficiencies Identified as Part of the Audit
  • Types of Control Deficiencies
    • Deficiency in Design
    • Deficiency in Operation
    • Examples of Deficiencies in Design and Operation
  • Practice Exercise
    • Suggested Solutions
  • Summary
  • Questions
  • Appendix - Internal Control Over Financial Reporting - Guidance for Smaller Public Companies
    • Characteristics of "Smaller" Companies
    • Costs and Benefits
    • Meeting Challenges in Attaining Cost-Effective Internal Control
    • Achieving Further Efficiencies
    • Applying Principles in Achieving Effective Internal Control over Financial Reporting
    • Using this Guidance
• Chapter 3 - Evaluating Deficiencies in Internal Control
  • Learning Objectives
  • Introduction
  • Magnitude of Misstatement
  • Probability of Occurrence (Likelihood)
    • SAS No. 115
    • SAS No. 112
    • Assessing the Probability of Occurrence (Likelihood) of - Misstatement
    • Multiple Control Deficiencies
  • Mitigating Effects of Compensating Controls
  • The Prudent Official Test
  • Material Weaknesses and Significant Deficiencies
    • Evaluation Questions
    • Deficiencies in Internal Control that are Indicators of - Material Weakness
    • Control Deficiencies Ordinarily Considered At Least Significant Deficiencies
  • Case Studies - Deficiencies in Internal Control
    • Lack of Segregation of Duties
    • Lack of Client Expertise in Financial Accounting and Reporting
    • Inventory-Related Deficiencies in Internal Control
    • Failure to Review Modifications of Standard Sales Contracts to Evaluate Their Effect on the Timing and Amount of Revenue Recognition
    • Fraud Involving Cash
    • Control Testing Exceptions
  • Summary
  • Appendix - Solutions to Case Studies
    • Situation 1 Suggested Solution
    • Situation 2 Suggested Solution
    • Situation 3 Suggested Solution
    • Situation 4 Suggested Solution
    • Situation 5 Suggested Solution
    • Situation 6 Suggested Solution
    • Situation 7 Suggested Solution
    • Situation 8 Suggested Solution
    • Situation 9 Suggested Solution
    • Situation 10 Suggested Solution
    • Situation 11 Suggested Solution
  • Questions
• Chapter 4 - Communicating Deficiencies in Internal Control
  • Learning Objectives
  • Introduction
  • Communication Requirements
    • Management and Those Charged with Governance
  • Communication - Form, Content, and Timing
    • Form of Communication
    • Content of Communication
    • Timing of Communication
  • Other Communication Issues
    • Early Communications
    • Matters Not Remediated Due to Cost Benefit Decisions
    • Prohibition against Issuing - "No Significant Deficiency" Communication
    • Issuing - "No Material Weaknesses" Communication
    • Management's Written Response to Auditor's Communication
    • Communicating Other Matters
  • How SAS Nos. 112 and 115 Will Affect Practice
    • Discussions with Management and Others
    • Issues for Audits of Smaller Entities
  • Summary
    • SAS Nos. 112 and 115 Dos and Don'ts
  • Questions
• Chapter 5 - Practice Issues
  • Learning Objectives
  • Nonattest Services, Internal Control over Financial Reporting, and Auditor Independence
    • Overview
    • Practical Guidance for Private Company Auditors
    • Analysis
    • Responses to Consider
  • The Need for Planning and Communication with the Client
  • The Effect of SAS No. 112 on the Audit
    • The Challenge
    • Areas Demanding - High Degree of Judgment
    • Other Challenges
    • Challenges and Opportunities for Practitioners
    • Changing the Client's Perception
    • Changing the Auditor's Perception
  • Private Companies Practice Section - SAS No. 112 Frequently Asked Questions
    • What Is SAS No. 112?
    • What Is Changing as - Result of SAS No. 112?
    • What Is Internal Control over Financial Reporting?
    • What Other Concepts Does - Member Need to Understand in Order to Implement SAS No. 112?
    • What Has Changed for Those Performing Governmental Audits?
    • Why Is It Necessary to Reiterate Deficiencies from Prior Years?
    • Will SAS No. 112 Cause an Increase of Time and Fees on an Engagement?
    • What Additional Client Communications or Services May Result from Applying this Standard?
    • How Does an Auditor Determine Any Potential Cost Increase to Their Client?
    • How Does an Auditor Convey the Benefits of SAS No. 112?
    • What Concerns Does SAS No. 112 Raise Regarding the Potential Loss of Services a Practitioner Can Perform for His or Her Client (i.e., Preparation of Financial Statements, Making Recommendations for Adjusting Journal Entries, Managing - Client's Fixed Assets Schedule and Making Recommendations on the Depreciation Schedules and Adjustments, Etc.)?
    • What Are the Guidelines to Determine Whether - Client Has Sufficient Accounting Competence and Knowledge to Detect or Prevent - Misstatement or Mistake (i.e., in the Case of Calculating the Depreciation Adjustment, Preparing Financials, etc)?
    • The Client Has Designated - Person on Staff to Review the Financial Reports, Adjustments, etc., that the Auditor is Providing. Is This Considered an Internal Control?
    • What Does the Auditor Need To Do Once - Control Deficiency is Identified?
    • Can the Auditor Modify the Report in SAS No. 112?
    • The Auditor Discusses - Draft Report of Deficiencies or Weaknesses with Management and Management Responds that They Have Sufficient Controls or Compensating Controls in Place. Should the Auditor Test the Controls or the Compensating Controls?
    • I Still Have Questions. Where Can - Go for Additional Information?
    • I Have Read All the Materials Suggested and Still Have Questions, Who Can I Contact?
  • Summary
  • Questions
• Part 2 - Other Types of Auditor and Accountant Communications
• Chapter 6 - Engagement Letters
  • Learning Objectives
  • Introduction
  • Audit Engagement Letters
    • The Overall Audit Strategy
  • Compilation and Review Engagement Letters
    • Accountant's Communication with the Client When the Compiled Financial Statements Are Not Expected to be Used by - Third Party
    • Compilation of Specified Elements, Accounts, or Items of a Financial Statement
    • Compilation of Pro Forma Financial Information
    • Compilation of Financial Statements Included in Certain Prescribed Forms
  • Summary
  • Questions
• Chapter 7 - Confirmations
  • Learning Objectives
  • Introduction
  • Confirmation Procedures and the Risk Assessment Standards
    • The Confirmation Process
    • Selecting Items to Confirm
    • Designing the Confirmation Request
    • Communicating Confirmation Requests to Appropriate Third Parties
    • Obtaining the Response
    • Evaluating Information (or Lack Thereof) Provided by Third Parties
    • Electronic Confirmations
  • Attorney Inquiry Letters
  • Summary
  • Questions
  • Appendix - Practice Alert 03-1, Audit Confirmations
• Chapter 8 - Management Representation Letters
  • Learning Objectives
  • Introduction
  • Management Representations
    • General Representations
    • Assertion Specific Representations
    • Additional Representations
    • Date of the Management Representation Letter
    • Scope Limitations
    • Sample Management Representation Letter
  • Review Engagements
    • Sample Management Representation Letters
  • Summary
  • Questions
• Chapter 9 - Audit, Compilation, and Review Engagement Reports
  • Learning Objectives
  • Introduction
  • Reports on Audited Financial Statements
    • The Auditor's Standard Report
    • Report Modifications
    • Qualified Opinions
    • Individual Financial Statement Audit
    • GAAP Departures
    • Adverse Opinion
    • Disclaimer of Opinion
  • Reports on Compilation and Review Engagements
    • Basic Elements of a Compilation Report
    • Basic Elements of a Review Report
    • Reporting on Comparative Financial Statements - Continuing Accountant
    • Reporting on Comparative Financial Statements - Predecessor Accountant
    • Comparative Financial Statement - Predecessor Financial Statements Are Restated
    • Restricting the Use of an Accountant's Compilation or Review Report
    • Reporting When Supplementary Information Is Included
    • Financial Statements Covered
    • Reporting on Financial Statements That Omit Substantially All Disclosures
    • Reporting on Financial Statements That Are Presented in Conformity with an Other Comprehensive Basis of Accounting (OCBOA)
    • Reporting When the Accountant Is Not Independent
    • Departures from Generally Accepted Accounting Principles
    • Reporting When Performing Controllership or Other Management Services
    • Reporting on Compiled Specified Elements, Accounts, or Items of a Financial Statement
    • Reporting on Compiled Pro Forma Financial Information
    • Reporting on Compiled Financial Statements Included in Certain Prescribed Forms
  • Summary
  • Questions
• Chapter 10 - Communications between Predecessor and Successor Auditors and Accountants
  • Learning Objectives
  • Introduction
  • Communications between Predecessor and Successor Auditors
    • Required Communications
    • Review of Workpapers
    • Successor's Audit Opinion
    • Discovery of Possible Misstatements in Financial Statements Reported on by a Predecessor Auditor
  • Communications between Predecessor and Successor Accountants
    • Inquiries Regarding Acceptance of an Engagement
    • Permission for the Successor Accountant to Review the Working Papers of the Predecessor
    • Communications Regarding Financial Statements Reported on by the Predecessor Accountant
  • Summary
  • Questions
• Chapter 11 - SAS No. 114, The Auditor's Communication With Those Charged With Governance
  • Learning Objectives
  • Introduction
  • The Role of Communication
    • The Importance of Communication
    • Matters to be Communicated
  • The Communication Process
    • Those Charged With Governance
    • Management Discussions
    • When All of Those Charged with Governance are Involved in Managing the Entity
    • Form of Communication
    • Timing of the Communications
  • Summary
  • Questions
• Chapter 12 - Latest Developments
• Appendix A - SAS No. 112
• Appendix B - Audit Risk Alert SAS No. 112
• Appendix C - SAS No. 115
• Appendix D - Audit Risk Alert SAS No. 115
• Appendix E - SAS No. 114

733741

Course Overview

Auditor/Accountant Communications: SASs 112 & 115 and Other Critical Requirements presents a two-part overview of the authoritative standards and guidance on the auditor and accountant communication process. This course is intended to provide you the opportunity to understand how to implement these standards as well as other types of professional communications including engagement letters, confirmations, management representation letters, audit and accounting reports, and communications between predecessor and successor auditors and accountants. The course also includes the following value aids: SAS No. 112, SAS No. 114, SAS No. 115 and the AICPA Audit Risk Alerts - Understanding SAS No. 112 and Evaluating Control Deficiencies: A Companion to SAS No. 112 and Communicating Internal Control Related Matters in an Audit-Understanding SAS No. 115. The course is structured as follows:

• Part 1 - SAS Nos. 112 and 115, Communicating Internal Control Related Matters Identified in an Audit

- Chapter 1: An Overview of SAS Nos. 112 and 115

- Chapter 2: Identifying Deficiencies in Internal Control

- Chapter 3: Evaluating Deficiencies in Internal Control

- Chapter 4: Communicating Deficiencies in Internal Control

- Chapter 5: Practice Issues

• Part 2 - Other Types of Auditor and Accountant Communications

- Chapter 6: Engagement Letters

- Chapter 7: Confirmations

- Chapter 8: Management Representations Letters

- Chapter 9: Audit, Compilation, and Review Engagement Reports

- Chapter 10: Communications between Predecessor and Successor Auditors and Accountants

- Chapter 11: SAS No. 114, The Auditor's Communication With Those Charged With Governance

In October 2008, the Auditing Standards Board issued SAS No. 115, Communicating Internal Control Related Matters Identified in an Audit, which is effective for audits of financial statements for periods ending on or after December 15, 2009 (earlier implementation is permitted). SAS No. 115 supersedes SAS No. 112 and was issued to eliminate differences within the AICPA's Audit and Attest Standards resulting from the issuance of SSAE No. 15, An Examination of an Entity's Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements. SSAE No. 15 establishes standards and provides guidance to practitioners performing an examination of a nonissuer's internal control over financial reporting in the context of an integrated audit. SSAE No. 15 aligns the definitions of the various kinds of deficiencies in internal control and the related guidance for evaluating such deficiencies with the definitions and guidance in PCAOB No. 5, An Audit of Internal Control That is Integrated with an Audit of Financial Statements. SAS No. 115, in turn, aligns the definitions and related guidance for evaluating deficiencies in internal control with the definitions and guidance in SSAE No. 15.

Note. Since SAS No. 112 is still effective at the time this course is being produced, and SAS No. 115 permits early implementation during the same timeframe, this course will include references to and discussions of both standards throughout the material where applicable.

Chapter 1 - An Overview of SAS Nos. 112 and 115, Communicating Internal Control Related Matters Identified in an Audit

Learning Objectives

After completing this chapter, the participant should

• Be familiar with the key differences between SAS Nos. 112 and 115, Communicating Internal Control Related Matters Identified in an Audit.

• Understand the unconditional requirements in SAS Nos. 112 and 115.

• Be able to identify the primary changes from the previous internal control communications auditing standard - SAS No. 60, Communication of Internal Control Related Matters Noted in an Audit.

SAS Nos. 112 and 115 What Has Changed, What Has Stayed the Same?

In May 2006, the AICPA's Auditing Standards Board (ASB) issued SAS No. 112, Communicating Internal Control Related Matters Identified in an Audit (AICPA, Professional Standards, vol. 1, AU sec. 325) which establishes standards and provides guidance on communicating matters related to an entity's internal control over financial reporting (internal control) identified in an audit of financial statements.

The ASB believes SAS No. 112 strengthens the quality of auditor communications concerning internal control matters noted in a financial statement audit. In particular, SAS No. 112

• Defines the terms significant deficiency and material weakness.

• Provides guidance on evaluating the severity of control deficiencies identified in an audit of financial statements.

• Requires the auditor to communicate, in writing, to management and those charged with governance, significant deficiencies and material weaknesses identified in an audit.

The AICPA also issued the Audit Risk Alert, Understanding SAS No. 112 and Evaluating Control Deficiencies-A Companion to SAS No. 112, Communicating Internal Control Related Matters Identified in an Audit, with the intent to help users understand and implement the requirements of SAS No. 112.

SAS No. 112 is included as Appendix A, and its Audit Risk Alert is included as Appendix B to this course material. Excerpts and examples from both are included throughout the course.

In October 2008, the ASB issued SAS No. 115, Communicating Internal Control Related Matters Identified in an Audit. SAS No. 115 supersedes SAS No. 112 and was issued to eliminate differences within the AICPA's Audit and Attest Standards resulting from the issuance of Statement on Standards for Attestation Engagements (SSAE) No. 15, An Examination of an Entity's Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements. SSAE No. 15 establishes standards and provides guidance to practitioners performing an examination of a nonissuer's internal control over financial reporting in the context of an integrated audit. SSAE No. 15 aligns the definitions of the various kinds of deficiencies in internal control and the related guidance for evaluating such deficiencies with the definitions and guidance in Public Company Accounting Oversight Board Auditing Standards No. 5, An Audit of Internal Control That is Integrated with an Audit of Financial Statements. SAS No. 115, in turn, aligns the definitions and related guidance for evaluating deficiencies in internal control with the definitions and guidance in SSAE No. 15.

The AICPA has also issued the Audit Risk Alert, Communicating Internal Control Related Matters in an Audit - Understanding SAS No. 115, which is intended to help users understand and implement the requirements of SAS No. 115.

SAS No. 115 is included as Appendix C, and its Audit Risk Alert is included as Appendix D to this course material. Excerpts and examples from both are included throughout the course.

In general, SAS No. 115 retains many of the provisions of SAS No. 112; it provides guidance to enhance the auditor's ability to identify and evaluate deficiencies in internal control during an audit, and then communicate to management and those charged with governance those deficiencies that the auditor believes are significant deficiencies or material weaknesses.

The key differences between SAS No. 112 and SAS No. 115 lie in the definitions of significant deficiencies and material weaknesses and the process for making that determination. Under SAS No. 112, the auditor applies the criteria of likelihood and magnitude described in the standard to determine if a control deficiency reached the threshold of a significant deficiency or material weakness. Under SAS No. 115, the same criteria are used; however, more judgment is allowed for in determining whether a control deficiency is a significant deficiency.

SAS No. 112 defines a significant deficiency as

A control deficiency, or combination of control deficiencies, that adversely affects the entity's ability to initiate, authorize, record, process, or report financial in accordance with generally accepted accounting principles such that there is more than a remote likelihood that a misstatement of the entity's financial statements that is more than inconsequential will not be prevented or detected.

SAS No. 115 contains the following revised definition of a significant deficiency:

A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance.

733741