Understanding SAS No. 112 and Evaluating Control Deficiencies – Audit Risk Alert [Download]

This Audit Risk Alert provides an overview of the requirements of SAS No. 112, Communicating Internal Control Related Matters Identified in an Audit, how this SAS differs from SAS No. 60. Plus, this risk alert offers several case studies that highlight a particular control deficiency. Each case study contains a description of the control deficiencies, and an analysis of the assessment of the severity of the control deficiency to help you better understand and evaluate control deficiencies. The control deficiencies found in these case studies are:

• Lack of segregation of duties
• Lack of client expertise in financial accounting and reporting
• Inventory-related control deficiencies
• Modifications of standard sales contracts are not reviewed to evaluate their effect on the timing and amount of revenue recognition
• Fraud involving cash
• Control testing exceptions

Note: This product is an electronic PDF file that will be accessible immediately after completing your purchase. Access to this file expires 90 days from purchase date. Be sure to save a copy of the file to your hard drive. The content of the PDF file is copywritten by the AICPA. For multiple copy reprint permission, log onto https://util.aicpa.org/feedback/cpyright.htm.

Introduction

In May 2006, the AICPA Auditing Standards Board (ASB) issued Statement on Auditing Standards (SAS) No. 112, Communicating Internal Control Related Matters Identified in an Audit (AICPA, Professional Standards, vol. 1, sec. 325). SAS No. 112 establishes standards and provides guidance on communicating matters related to an entity’s internal control over financial re-porting (internal control) identified in an audit of financial statements. SAS No. 112 supersedes SAS No. 60, Communication of Internal Control Related Matters Noted in an Audit (AICPA, Professional Standards, vol. 1, AU sec. 325), as amended.

The new SAS is applicable whenever an auditor expresses an opinion on financial statements (including a disclaimer of opinion) and is effective for audits of financial statements for periods ending on or after December 15, 2006. This Audit Risk Alert provides an overview of the requirements of SAS No. 112 as well as case studies that illustrate how control deficiencies may be evaluated for severity.