Title: STATEMENT OF AUDITING STANDARDS 112 SAS112
1STATEMENT OF AUDITING STANDARDS 112
(SAS112) Communicating Internal Control Matters
Identified in an Audit UC Riverside June 2007
2" Today's audit environment encourages
transparency and accountability. Therefore, an
integrated campuswide effort is needed
to effectively steward the funds entrusted to
UCR.
Chancellor Córdova
3AGENDA
1- Why SAS112 2- What is SAS112 3- Impact of
SAS112 4- Internal Control 5- Minimizing risk
in dept. operations 6- What to do?
4- United States Federal Law and SEC For
Public Companies -SarbanesOxley
(SOX) Requires conducting an assessment of the
effectiveness of internal controls by
management, to be audited and approved by the
companys independent accountants
WorldCom Enron
Why SAS112?
SAS112 is our SOX
- American Institute of Certified
Public Accountants For
non-profit organizations (UCR) - SAS
112
5Non-Compliance Fine - Contract Grants
University of California (2002). Fine 1.8 m
Northwestern University (2003). Fine 5.5m
Harvard University (2004). Fine 2.6m
Mayo Foundation (Mayo Clinics). Fine 6.5m
Florida International University (2005). Fine
11.5m
University of Alabama Birmingham (2005). Fine
3.4 m
6What is SAS112?
- Establishes standards for communicating internal
control issues relating to - integrity of financial reporting
- compliance with applicable laws and regulation
- Establishes standards that classifies
communicated control issues as - - control deficiencies
- - significant deficiencies
- - material weaknesses
SAS112 standards have been adopted by the federal
agencies and the Government Audit Standards has
been updated to incorporate SAS112
7Impact of SAS 112 on UCR Due to significant
changes in the evaluation of control exceptions
and more stringent audit standards, UCR is more
likely to encounter control issues being
identified and reported - Increased scrutiny -
Larger audit samples - More evidence and
documentation required during audits - Lower
audit materiality thresholds
8Impact of SAS 112 on UCR SAS 112 requires UCR to
disclose deficiencies to 3rd parties Regents Spo
nsors (Federal, State Private) 3rd party
creditors Accrediting agencies Rating
agencies Insurers
9Impacts of deficiencies and weaknesses
disclosures -negative impact on reputation for
UC, UCR, VCA, and Department -increased internal
and external audits -audit disallowances, fines
and penalties -potential negative impact on
resource allocation
10Generally, internal controls at UCR are in order
and adequate, but there are departments, function
s and areas where we noted.
Control Issues with - Ledger reconciliation
review - Budget variance analysis -
Revenue monitoring - Cash handling -
Payroll processing - Timekeeping billing
- Cost Transfers - Fiscal Year End
Processes - PAN Reviews
The campus goals, related to SAS112, are to
- Enhance understanding of Internal Controls
- Minimize Control Issues
11INTERNAL CONTROL
- Internal Control
- Internal control is broadly defined as a process,
effected by the UC Regents, management and other
personnel, designed to provide reasonable
assurance regarding the achievement of objectives
in the following categories - Effectiveness and efficiency of operations.
- Reliability of financial reporting.
- Compliance with applicable laws and regulations.
12Who is responsible for implementing internal
controls?
13PARTNERSHIP
Central Offices (Accounting, Audit Advisory
Services, APB, OR, etc.)
Executive Management
Departments (Chair/ Director, MSO, Staff)
Control Units (Deans/VC CFAO)
14Minimizing the Risks
- Department Head
- Oversees and is integrated into the financial
management process - Ensures proper controls and monitoring procedures
are in place - Ensures financial reports are accurate and
meaningful - Ensure SAAs, transactors and reviewers are
appropriately trained and supported in their key
business process roles
15Minimizing the Risks
- Timely reconciliation and review of monthly
ledgers - Budget to Actual review
- Analysis of causes for variances
- Review of payroll transactions by financial staff
and responsible manager - Regular review of financial reports by
department manager and business officer - Evidence of ledger reconciliation and review
- New Ledger Recon Tool-coming soon
16Minimizing the Risk
- Timely resolution of errors
- Frequent and late cost transfers can be a symptom
of a deficiency - Ensure sufficient segregation of duties
- No one person should have complete control over
the key processing functions for financial
transactions - Provides for prevention and detection
- Errors
- Inappropriate activities
- Post Audit Notification (PAN) Reviews
- Payroll/Personnel System and UCRFS transactions
- Timely
- Adequate
17What to do
When issues are identified
1- Self-report
2-Assistance
3-Escalate/Remediate
4-Proactive Approach
When control issues or policy non-compliance are
recurring and systemic
Everyone is responsible
It will be transparent and there will be
consequences
18Contacts
- Gretchen Bolar, Vice Chancellor-Academic Planning
Budget gretchen.bolar_at_ucr.edu - Bobbi McCracken, Asst. Vice Chancellor-Financial
Services bobbi.mccracken_at_ucr.edu - Mike Jenson, Director-Audit Advisory Services
- michael.jenson_at_ucr.edu
- Bruce Morgan, Asst. Vice Chancellor-Office of
Research bruce.morgan_at_ucr.edu - Toffee Jeturian, Asst. Director-Audit Advisory
Services rodolfo.jeturian_at_ucr.edu - Marc Guerra, Director-Financial Control
Accountability marc.guerra_at_ucr.edu