Office of the Controller

SAS 115 (Formally SAS 112) Definitions

Under SAS 115 (formally SAS 112), there are three categories of deficiencies that may be identified during the external audit of the financial statements:

Control deficiencies

A control deficiency exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis. An example of a control deficiency is the lack of review and reconciliation of departmental expenditures.

Significant deficiencies

A significant deficiency is a control deficiency, or combination of control deficiencies, that adversely affects the entity’s ability to initiate, authorize, record, process, or report financial data reliably in accordance with generally accepted accounting principles (GAAP) such that there is more than a remote likelihood that a misstatement of the entity’s financial statements that is more than inconsequential will not be prevented or detected.

Material weaknesses

A material weakness is a significant deficiency, or combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement of the financial statements will not be prevented or detected.

SAS 115 (formally SAS 112) introduces new definitions of significant deficiency and material weakness that will lower the threshold for reportable control deficiencies at UC Santa Barbara. The result is likely to be an increase in the number of reportable findings during the course of the external financial statement audit. The materiality of the control deficiency is determined based on what potentially could go wrong, not just on the amount of actual misstatements. We will all have to work together to protect our institution with controls that support financial reporting and ensure that key controls are in place and they are operating as intended.