Deficiencies and Material Weaknesses
|
Companies reporting "material weaknesses" in their internal controls are appearing over corporate America. In terms of Sarbanes-Oxley compliance, when does a deficiency become a material weakness? The three levels of deficiency are on an escalating scale. All failures or potential failures in internal controls are are a deficiency. Next, some deficiencies are considered to be significant. A material weakness at the top level effectively means that part of the financial statements can not be trusted to not have been affected by fraud or errors. Note that for Sarbanes-Oxley purposes we only need consider deficiencies in internal controls related to financial reporting. Internal control deficiency Internal control deficiencies related to financial reporting, could adversely affect the entity's ability to initiate, record, process and report financial data, consistent with the management in the financial statements. Deficiencies break down into two types, design deficiencies and operating deficiencies. A design deficiency occurs where the internal control is non-existent or it does it exist, but when operating as designed it does not meet the control objective. An example of a control objective is to ensure requests for large cheques are investigated. The internal control for this might be to investigate after the cheque has been printed. The control is working as designed, however would be defective in that it does not hold up the printing. An operating deficiency occurs where a properly designed control does exist but is not operating as it should. Typically these occur, because the responsible employee does not have the required permissions or qualifications. Alternatively there may be a technical fault. Continuing the cheque example above. The control might be altered so that the investigation takes place before the cheques are printed. The deficiency might occur if the employee responsible is not told about some of the cheques. He then signs off authorisation to print. Significant deficiencies are those that could result in a misstatement of the financial statements, that is more than inconsequential. They can be single or aggregated together to become significant. Thus in the cheque example, the employee not having the required permissions and the failure to notify might not be significant in themselves. Aggregated together they pose a significant threat to the assurance the company has over large cheques and consequently cashflow. A singl significant deficiency or aggretated significant deficiencies can be deemed to be a material weakness. The base is that the design or operation of a control, does not reduce to a relatively low level the risk that errors or fraud, in material amounts in relation to financial statements may occur. Additionally they will not be found by employees in a timely fashion, in the course of their normal duties. Consequently, internal control reviewers (whether auditors or company executives) are not able to give assurance about prevention of fraud or errors. If follows that responsible parties (principally auditors) are precluded from given unqualifiend assurance that internal control is effective.
|
Related Articles
Similar Areas Selected Books Keywords
|