STATEMENT OF AUDITING STANDARDS 112 SAS112

1
STATEMENT OF AUDITING STANDARDS 112
(SAS112) Communicating Internal Control Matters
Identified in an Audit UC Riverside Spring 2007
2
" Today's  audit environment   encourages 
transparency and accountability. Therefore, an
integrated campuswide effort is  needed 
to  effectively steward the funds entrusted to
UCR.
Chancellor Córdova
3

AGENDA
1- Why SAS112 2- What is SAS112 3- Impact of
SAS112 4- Minimizing risk in CG area 5-
What to do?
Sponsored Project Administration

4
- United States Federal Law and SEC For
Public Companies -SarbanesOxley
(SOX) Requires conducting an assessment of the
effectiveness of internal controls by
management, to be audited and approved by the
companys independent accountants
WorldCom Enron
Why SAS112?
SAS112 is our SOX
- American Institute of Certified
Public Accountants For
non-profit organizations (UCR) - SAS
112
5
Non-Compliance Fine
University of California (2002). Fine 1.8 m
Northwestern University (2003). Fine 5.5m
Harvard University (2004). Fine 2.6m
Mayo Foundation/Mayo Clinics(2005). Fine 6.5m
Florida International University (2005). Fine
11.5m
University of Alabama Birmingham (2005). Fine
3.4 m
6
What is SAS112?

• Establishes standards for communicating internal
  control issues relating to
• integrity of financial reporting
• compliance with applicable laws and regulation
• Establishes standards that classify
  communicated control issues as
• - control deficiencies
• - significant deficiencies
• - material weaknesses

SAS112 standards have been adopted by the federal
agencies and the Government Audit Standards has
been updated to incorporate SAS112
7
Impact of SAS 112 on UCR Due to significant
changes in the evaluation of control exceptions
and more stringent audit standards, UCR is more
likely to encounter control issues being
identified and reported - Increased scrutiny -
Larger audit samples - More audit evidence and
documentation - Lower audit materiality
thresholds SAS 112 requires disclosure of
deficiencies to Regents and others
8
impact of deficiencies and weaknesses
disclosures -negative impact on sponsored
program funding -negative impact on
reputation -increase external audits -audit
disallowances -fines and penalties
9
Generally, internal controls at UCR are in order
and adequate, but there are departments, function
s and areas where we noted.
Control Issues with - Review and
reconciliation of CG expenditures
- Certified effort reports - Cost Transfers
-Expenditure monitoring
10
INTERNAL CONTROL

• Internal Control
• Internal control is broadly defined as a process,
  effected by the UC Regents, management and other
  personnel, designed to provide reasonable
  assurance regarding the achievement of objectives
  in the following categories
• Effectiveness and efficiency of operations.
• Reliability of financial reporting.
• Compliance with applicable laws and regulations.

11
Who is responsible for internal controls?
12
PARTNERSHIP
Principal Investigator Project Personnel
Central Offices (Office of Research, Accounting,
Audit Advisory Services, etc.)
College Dean, Department Chair, MSO Staff
13
(a)
(a) 26 increase from FY03/04
14
UCRs Challenge

• Increase extramural support while managing risk

Our Goal
Facilitating Faculty Success!
15
sub-recipient monitoring
award close-out
cost sharing
effort reporting
cost transfers
POTENTIAL RISKS IN CG AREA
physical inventory
review of monthly statements
overdraft
16
FALL 2006
17
Area of Risk Effort Reports

• Symptoms of deficiencies
• Incomplete or missing reports
• Late reporting
• Major area of concern for Federal Government
• Current Efforts
• New on-line system coming
• Resolution of deficiency
• Remove unsubstantiated costs

18
Area of Risk Cost Transfers

• Symptom of Deficiency
• High volume
• Late transfers (may require revised effort
  reports)
• Improper documentation and/or allocation
  methodology
• Major area of concern for Feds
• Current Efforts
• Enhancing Business Rules
• Resolution of deficiency
• Reversal of charges

19
Area of Risk Award Closeout

• Symptom of Deficiency
• Delinquent Financial Reports
• Delinquent Technical Reports
• Area of concern for Feds
• Current Efforts
• Improving notification process
• Resolution
• Future funding withheld for specific awards
• Funding to institution withheld

20
Minimizing the Risks

• Training
• CG Workshops (to be expanded)
• Ethics Awareness
• Tools
• Enterprise Reporting System
• Ledger Recon/Review System (coming soon)
• Policies
• CG Manual
• UCR Research Administration Roles
  Responsibilities (in development)

21
Minimizing the Risks

• Timely review of monthly statements
• Budget to Actual
• Anticipate unspent balances or overdrafts
• Review payroll transactions
• Regularly meetings/discussion between PIs
  administrative staff
• Immediately report discrepancies
• Communication
• Timely resolution

22
Minimizing the Risk

• Timely return of certifications
• Effort Reports
• Cost sharing Reports
• Impacts Financial Reports and Award Close-Out
• Monitor Sub-recipients progress on project
  compared to billing statements
• Potential impact on award close-out
• Timely submission of Technical Reports

23
What to do
1- Department Assessment
2- Training
When issues are identified
1 - Self-reporting
2 - Request Assistance
3 Remediate/Escalate
4 - Proactive Approach
When control issues or policy non-compliance are
recurring and systemic
Everyone is responsible
It will be transparent and there will be
consequences
24
Contacts

• Gretchen Bolar, Vice Chancellor-Academic Planning
  Budget gretchen.bolar_at_ucr.edu
• Bobbi McCracken, Asst. Vice Chancellor-Financial
  Services bobbi.mccracken_at_ucr.edu
• Mike Jenson, Director-Audit Advisory Services
• michael.jenson_at_ucr.edu
• Bruce Morgan, Asst. Vice Chancellor-Office of
  Research bruce.morgan_at_ucr.edu
• Toffee Jeturian, Asst. Director-Audit Advisory
  Services rodolfo.jeturian_at_ucr.edu
• Marc Guerra, Director-Financial Control
  Accountability marc.guerra_at_ucr.edu