New Internal Control Documentation Requirements
Effective Immediately for FY 2006/07
Auditing Standards No. 112 "Communicating Internal Control Related Matters Identified in an Audit" was issued in May 2006 and became effective immediately. As a result, this standard will be incorporated into our external financial audit conducted by PricewaterhouseCoopers (PwC) for the fiscal year 2006-07 and the future.
SAS 112 requires a lower threshold for reporting internal control deficiencies to the Chancellor and The Regents. Control deficiencies could subject the University to greater scrutiny by the federal government and may even impact the University’s ability to obtain research funding.
The Controller’s Office has been working with our PwC audit team to identify our existing internal controls that support financial reporting. Additionally, there have been a series of meetings with central offices to document our key controls. The goal is to ensure that these existing key controls are in place and we can demonstrate through documentation that they are operating as intended.
SAS 112 has important implications for all campus departments, not just those in the central offices. While campus departments should already be incorporating these reviews and controls in their financial processes, effective immediately, departments are responsible for documenting key controls in the following areas:
General Ledger Reconciliation and Approval
Distribution of Payroll Expense Review
Effort Reporting (PARS)
Physical Inventory
Purchasing and Payables Invoices
Departments need to review the key processes and controls within their organization, the amount of existing documentation, and the steps that might be taken to improve the control environment in their area. Departments need to ensure that they maintain sufficient evidence of review for the key controls. A review is NOT considered a key control, unless it has been signed and dated.
NOTE: These key controls identified for the preparation of the financial statements are not the only controls that departments need to monitor. Other controls exist for governance and regulatory compliance.
