Presentation on theme: "SAS 112: The New Auditing Standard Jim Corkill Controller Accounting Services & Controls."— Presentation transcript:
SAS 112: The New Auditing Standard Jim Corkill Controller Accounting Services & Controls
Agenda Background What is SAS 112 Impacts on UC and the Campus Key Controls Roles & Responsibilities Q & A
Background Sarbanes-Oxley Act of 2002 Stronger Controls for Public Companies Created a new federal oversight board, the Public Company Accounting Oversight Board (PCAOB) In May 2006, AICPA issued SAS 112 which substantially incorporates the PCAOB’s AS 2.
What is SAS 112 What is SAS 112? Statement on Auditing Standard 112 (SAS 112): “Communicating Internal Control Related Matters Identified in an Audit” – Effective May 2006 SAS 112 develops a framework for reporting control weaknesses over financial reporting, not designed to address other controls, such as operational controls.
Purpose of SAS 112 Ensure effectiveness of internal controls that impact financial statements Establish a standard for determining seriousness of a control issue and classifying it into three categories: Control Deficiency Significant Deficiency Material Weakness
Examples of Control Deficiencies Lack of review and reconciliation of departmental expenditures Lack of overdraft funds monitoring Lack of physical inventory Lack of timeliness of cash deposit and account reconciliation
Significant Deficiency and Material Weakness A control deficiency, or combination of control deficiencies with more than a remote chance of not preventing or detecting: An inconsequential misstatement of the financial statements = Significant Deficiency A material misstatement of the campus financial statements = Material Weakness The materiality of the control deficiency is determined based on what potentially could go wrong, not just on the amount of actual misstatements.
What does this mean for UC? The new definitions lower the bar for reporting internal control deficiencies to the Chancellor and the Regents In addition, SAS 112 requires UC to disclose deficiencies to 3 rd parties such as: Federal sponsors 3 rd party creditors Accrediting agencies, Rating agencies Insurers
Additional Impacts of SAS 112 Negative impact on sponsored project funding Negative impact on credit rating Additional federal audits Negative impact on reputation Any findings could result in increased review by the federal government and/or impact the University’s ability to obtain research funding
How to Reduce Potential Findings Place “key controls” in our operation to minimize control deficiency and risk by preventing or detecting errors and frauds in a timely manner
UC Response to SAS 112 Identify financial key controls. Controls must be documented or they are not considered controls. Some of these key controls reside in departments. UC Website with documentation of all of our key controls: http://www.ucop.edu/SAS112
UCSB Response to SAS 112 UCSB Response to SAS 112 Work with Accounting and central departments to identify key controls for our financial processes Describe & document key controls Identify Roles, Responsibility, and Accountability Identify sufficient evidence of review Discussions with Campus
Key Controls What is a Key Control? A set of critical processes to prevent or detect errors and frauds in the financial statements
Department Key Controls Examples General Ledger Reconciliation – Each month actual revenues and expenses are reviewed and reconciled to supporting documentation. Overdraft Funds – Department reviews funds in overdraft status and takes follow-up action. Distribution of Payroll Expense Reconciliation – Detailed payroll expenses reviewed each month by the department for general propriety and to validate the accuracy of the charges.
Department Key Controls Examples Purchasing and Accounts Payable Invoices – Requisitions, Purchase Orders, and Invoices are reviewed and approved at the department level. Invoices must be approved by the person with signature authorization. Effort reports ( PARS) – PAR reports are approved each quarter by responsible official with first hand knowledge of the work performed. PARS are certified for employees who are paid directly from a federal or federal flow through award.
Department Key Controls Examples Physical Inventory – Physical Inventory is conducted by the department custodian/PI every two years. Equipment Management ensures the inventory is conducted every two years. Records are reconciled to the physical inventory results.
Key Control Process Example: General Ledger Reconciliation Key Control:Department Reconciles their General Ledger Monthly Process: Departments review and reconcile, annotate exceptions, and follow-up with corrective actions, i.e, submitting a journal entry, contacting a recharge unit or other dept. as appropriate, or submitting a transfer of expense. Maintain evidence of review and reconciliation that is easily accessible for audit, i.e. use On-Line General Ledger approval function that records user, time, date stamp
Role and Responsibilities of the Department Implement departmental key controls Ensure the key controls are in place Document evidence of review for all levels (signature, email and/or sign checklist) Correct and follow-up timely, when control deficiency or weakness is identified Document evidence of corrective action taken
Role and Responsibilities of the Office of the Controller Update university procedures and best practices for Key Controls Act as a liaison between external auditors and departments Provide guidance, key controls framework, and communication for SAS-112 implementation Serve as a resource for campus departments
Tools for Departments UCSB SAS 112 Web Site – http://www.controller.ucsb.edu/SAS112 UC Web Site – http://www.ucop.edu/sas112/index.php Department Checklist
Other Controls These key controls are not the only controls that departments need to monitor. Other controls exist for governance and to comply with University Policy, Laws and Regulations. Departments should not eliminate existing controls based on SAS 112.
Important Notes SAS 112 Effective Date – May 1, 2006 Entire Fiscal Year (2007-08) is subject to review and testing DO NOT go back and create documents or back date reviews BEGIN documenting key control processes (if you are not already) effective immediately
Resources Sandra Featherson Associate Director of Controls x7667 Sandra.email@example.com Jim Corkill Controller x5882 Jim.Corkill@accounting.ucsb.edu