Statement on Auditing Standards No 115 (Formerly SAS 112)*
Auditing Standards No. 115 (formerly SAS 112) "Communicating Internal Control Related Matters Identified in an Audit" was issued in May 2006 and became effective immediately. As a result, this standard will be incorporated into our external financial audit conducted by PricewaterhouseCoopers (PwC) for the fiscal year 2006-07 and the future.
SAS 115 (formerly SAS 112) requires a lower threshold for reporting internal control deficiencies to the Chancellor and The Regents. Control deficiencies could subject the University to greater scrutiny by the federal government and may even impact the University’s ability to obtain research funding.
The Controller’s Office has been working with our PwC audit team to identify our existing internal controls that support financial reporting. Additionally, there have been a series of meetings with central offices to document our key controls. The goal is to ensure that these existing key controls are in place and we can demonstrate through documentation that they are operating as intended.
SAS 115 (formerly SAS 112) has important implications for all campus departments, not just those in the central offices. While campus departments should already be incorporating these reviews and controls in their financial processes, effective immediately, departments are responsible for documenting key controls in the following areas:
- General Ledger Reconciliation and Approval
- Distribution of Payroll Expense Review
- Effort Reporting (PARS)
- Physical Inventory
- Purchasing and Payables Invoices
Departments need to review the key processes and controls within their organization, the amount of existing documentation, and the steps that might be taken to improve the control environment in their area. Departments need to ensure that they maintain sufficient evidence of review for the key controls. A review is NOT considered a key control, unless it has been signed and dated.
NOTE: These key controls identified for the preparation of the financial statements are not the only controls that departments need to monitor. Other controls exist for governance and regulatory compliance.
* SAS115-The Auditing Standards Board has issued a statement on Auditing Standards (SAS) No. 115, 'Communicating Internal Control Related Matters Identified in an Audit.' SAS No. 115 supersedes SAS No.112 of the same title and was issued to eliminate differences within AICPA’s Audit and Attest Standards resulting from the issuance of Statement on Standards for Attestation Engagements (SSAE) No. 15.