AICPA’s Employee Benefit Plan Audit Quality Center sheds light on SAS 103 and 112: Recent Changes Impact Employee Benefit Audits
Two new Statements on Auditing Standards (SAS)—No. 112, Communicating Internal Control Related Matters Identified in an Audit and No. 103, Audit Documentation—were recently implemented and will affect how we conduct your Employee Benefit Plan audits in the coming years. These new standards were designed to enhance auditor performance and improve audit effectiveness and will pertain to all financial statement audits for periods ending on or after December 15, 2006.
So what do they mean for how we conduct your audits? Let’s look at these new standards on an individual level, beginning with SAS No. 112.
SAS No. 112 will require us to evaluate identified internal audit controls upon reviewing your financial statements and determine whether those deficiencies, either individually or in combination, result in significant deficiencies or material weaknesses. No. 112 then requires us to communicate our findings in writing to you, management, and those charged with financial governance. This new standard will work in conjunction with other new Risk Assessment Standards being implemented this year. Together, they stress the importance of internal control over financial reporting. These standards will enable us to balance the costs and benefits of enforcing adequate controls over the auditing process and are designed to minimize the risk of financial misstatements during the financial reporting process.
How do I know if I have a significant deficiency or material weakness?
That’s a good question. As part of the auditing process, we’ll determine, define, and communicate your situation for you. In the meantime, please consider the following definitions provided by American Institute of Certified Public Accountants.
Control Deficiency — A control deficiency exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis.
Significant Deficiency — A significant deficiency is a control deficiency, or combination of control deficiencies, that adversely affects the entity’s ability to initiate, authorize, record, process, or report financial data reliably in accordance with generally accepted accounting principles such that there is more than a remote likelihood that a misstatement of the entity’s financial statements that is more than inconsequential will not be prevented or detected by the entity’s internal control.