No. These key controls are not the only controls that departments need to monitor. Other controls exist for governance and to comply with University Policy, Laws and Regulations. These are the key controls identified for the preparation of the financial statements and are subject to review under SAS 115 (formally SAS 112). Departments should not eliminate existing controls based on SAS 115 (formally SAS 112).
- General Ledger Reconciliation – Each month actual revenues and expenses are monitored against budgets General Ledger is reconciled by the department.
SAS 115 (formally SAS 112) is effective for fiscal year 2006/07. Although effective for this fiscal year, departments should not go back and create documents. Going forward, departments should be document all reviews as suggested in the checklist, if they haven’t been already.
No. Departments should have the key processes and controls in place within their organization. Departments will need to ensure that they maintain sufficient evidence of review for the key controls, which has not been required prior to SAS 115 (formally SAS 112).
Departments should review the key processes and controls within their organization, the amount of existing documentation and training, and the steps that might be taken to improve the control environment in their area. Departments should already have the key processes and controls in place. However, they may not document that they are following these controls.
SAS 115 (formally SAS 112) changes the process for evaluating deficiencies that come to auditors’ attention and brings the thresholds for reporting control deficiencies in line with the thresholds required for public companies. As these revised thresholds effectively lower the bar, it is expected that the reporting of what are now defined as either significant deficiencies or material weaknesses will be become increasingly more prevalent.
Statement on Auditing Standards No. 115 (formally SAS 112) “Communicating Internal Control Related Matters Identified in an Audit” establishes standards and provides guidance on communicating matters related to an entity’s internal control over financial reporting identified in an audit of financial statements. It is applicable whenever an auditor expresses an opinion on financial statements (including a disclaimer of opinion).