AICPA ISSUES NEW RISK ASSESSMENT AUDITING STANDARD SAS 115
TO SUPERCEDE SAS 112
Statement on Auditing Standards No. 115, Communicating Internal Control Related Matters Identified in an Audit
Issue Date: October 2008
Effective Date: This SAS is effective for audits of financial statements for periods ending on or after December 15, 2009.
Earlier implementation is permitted.
The Auditing Standards Board has issued Statement on Auditing Standards (SAS) No. 115, Communicating Internal Control Related
Matters Identified in an Audit. SAS No. 115 supersedes SAS No. 112 of the same title and was issued to eliminate differences
within the AICPA’s Audit and Attest Standards resulting from the issuance of Statement on Standards for Attestation Engagements
(SSAE) No. 15, An Examination of an Entity’s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its
Financial Statements. SSAE No. 15 establishes standards and provides guidance to practitioners performing an examination of a
nonissuer’s internal control over financial reporting in the context of an integrated audit. SSAE No. 15 aligns the definitions
of the various kinds of deficiencies in internal control and the related guidance for evaluating such deficiencies with the definitions
and guidance in Public Company Accounting Oversight Board Auditing Standards No. 5, An Audit of Internal Control That is Integrated
with an Audit of Financial Statements. SAS No. 115, in turn, aligns the definitions and related guidance for evaluating deficiencies
in internal control with the definitions and guidance in SSAE No. 15.
SAS No. 115:
- contains the following revised definitions of the terms material weakness and significant deficiency:
- A material weakness is a deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility1
that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected on a timely
- A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than
a material weakness, yet important enough to merit attention by those charged with governance.
- revises the list of deficiencies in internal control that are indicators of material weaknesses to consist of
- identification of fraud, whether or not material, on the part of senior management;
AICPA ISSUES NEW RISK ASSESSMENT AUDITING STANDARDS - FEBRUARY 22, 2006
"Enhances connection between risk of misstatement and audit procedures"
NEW YORK (February 22, 2006) - The Auditing Standards Board (ASB) of the American Institute of Certified
Public Accountants (AICPA) has approved eight new Statements on Auditing Standards (SASs) - collectively
referred to as the Risk Assessment Standards which apply in years beginning after December 16, 2006.
The Risk Assessment Standards establish standards and provide guidance concerning the auditor’s
assessment of the risks of material misstatement (whether caused by fraud or error) in a non-issuer financial
Areas contained within the standards and guidance include:
- Design and performance of tailored audit procedures to address financial reporting risks
- Audit risk and materiality
- Planning and supervision
- Audit evidence
In developing the Risk Assessment Standards, the ASB, which sets auditing standards for audits of privately held
businesses and other “non-issuer” entities, had three objectives:
- A more in-depth understanding of the audited entity and its environment, including its internal control;
- A more rigorous assessment of the risks of where and how the financial statements could be materially
- Improved linkage between the auditor’s assessed risks and the nature, timing and extent of audit
procedures performed in response to those risks
New Statements on Auditing Standards
"Referred to as the Risk Assessment Standards"
To go to the AICPA Store to purchase the original pronouncements or guidance click here
|SAS No. 104
|| Amendment to Statement on Auditing Standards No. 1, Codification of
Auditing Standards and Procedures (“Due Professional Care in the Performance of Work”)
|SAS No. 105
|| Amendment to Statement
on Auditing Standards No. 95, Generally Accepted Auditing Standards
|SAS No. 106
|| Audit Evidence
|SAS No. 107
|| Audit Risk and Materiality in Conducting an Audit
|SAS No. 108
|| Planning and Supervision
|SAS No. 109
|| Understanding the Entity and Its Environment and Assessing the Risks of
|SAS No. 110
|| Performing Audit Procedures in Response to Assessed Risks and
Evaluating the Audit Evidence Obtained
|SAS No. 111
|| Amendment to Statement
on Auditing Standards No. 39, Audit Sampling
|SAS No. 112
|| Communicating Internal
Control Related Matters Identified in an Audit. See below
August 1, 2006
Conforming Amendments to Chapter 5, “Reporting on an Entity’s Internal Control Over Financial Reporting,” (AT 501) of Statement on Standards for Attestation Engagements (SSAE) No. 10, Attestation Standards: Revision and Recodification
Chapter 5 of Statements on Standards for Attestation Engagements (SSAE) No. 10,
Reporting on an Entity’s Internal Control Over Financial Reporting (AT 501), has been
conformed to reflect the new terms, related definitions, and guidance on identifying and evaluating control
deficiencies, and communicating significant deficiencies and material weaknesses, introduced in May 2006 by
the issuance of Statement on Auditing Standards (SAS) No. 112, Communicating Internal Control Related Matters
Identified in an Audit.
On January 19, 2006, the Auditing Standards Board (ASB) issued an exposure draft (ED) of a
proposed SSAE entitled Reporting on an Entity’s Internal Control Over Financial Reporting
that would supersede existing AT 501. The ED incorporates elements of Public Company Accounting
Oversight Board (PCAOB) Auditing Standard No. 2 (AS2) that are relevant to examinations of the internal
control of nonissuers.
On May 17, 2006 the PCAOB announced plans to amend certain aspects of AS2 to improve its
implementation. Because the forthcoming changes to AS2 will be relevant to the revision of AT 501,
the ASB has decided to defer the issuance of a final revised AT 501 until the PCAOB issues their amendments
and the ASB has time to consider them. In the interim, to avoid inconsistencies between AT 501 and
SAS No. 112, AT 501 has been conformed to incorporate the relevant terms, definitions, and guidance in
SAS No. 112.
The following changes have been made to AT 501 to bring that standard into conformity with corresponding
aspects of SAS No. 112:
- Deleting the term reportable condition and its definition.
- Replacing the definition of the term material weakness.
- Introducing the terms control deficiency and significant deficiency and their related definitions.
- Replacing the guidance on evaluating control deficiencies with the relevant guidance from SAS No. 112.
- Replacing the term audit committee with the term those charged with governance (defined in SAS No. 103, Audit Documentation) to describe the party to whom the practitioner must communicate significant deficiencies and material weaknesses.
- Identifying areas in which a control deficiency ordinarily is at least a significant deficiency in internal control.
- Identifying indicators of a control deficiency that should be regarded as at least a significant deficiency and a strong indicator of a material weakness in internal control.
- Requiring the practitioner to communicate to management and those charged with governance, in writing, significant deficiencies and material weaknesses.
To coincide with SAS No. 112’s effective date, these conforming changes are effective when the subject matter or assertion is as of or for a period ending on or after December 15, 2006. Early application is permitted.
View Conformed AT 501>