This toolkit provides guidance on the implementation of SAS No. 115 and tools to assist you in educating and communicating the impact of SAS No. 115 with your clients. While these tools and resources were developed to support you in the implementation and communication of SAS No. 115 in your firm and with your clients, they are not meant to replace the guidance and direction outlined in SAS No. 115 and in the Risk Alert on SAS No. 115. Please refer to the AICPA’s Communicating Internal Control Related Matters Identified in an Audit - SAS No. 115.
Frequently Asked Questions
The FAQs document is intended to address the most common practitioner questions related to applying SAS No. 115. In addition, it provides links to additional resources that may help you in understanding and applying SAS No. 115.
SAS No. 115 Newsletter/Web site Template
This document is designed for practitioners to communicate the impact of SAS No. 115 to their clients via the member’s newsletter, Web site, or other marketing communications.
SAS No. 115 Educate Your Client Communication Letter
This template document is designed for practitioners to update and educate each client directly on the new SAS No. 115 requirements.
SAS No. 115 Overview PowerPoint
This presentation provides an overview of SAS No. 115, the impact to a client’s audit, and definitions and examples of significant deficiencies and material weaknesses. The presentation is designed for use by practitioners to educate their staff and clients about SAS No. 115 and can be tailored to address specific client issues.
SAS No. 115 Client Letter Communicating Identified Significant Deficiencies or Material Weaknesses
This template document is intended for you to use to communicate identified significant deficiencies or material weaknesses that are based on the sample communication outlined in the SAS No. 115. It can be tailored for your client’s specific issues that you identify during the audit and need to communicate to them in writing.
SAS No. 115 Sample Findings Accumulation Worksheet
This sample template document is designed for practitioners use to accumulate their findings in implementing SAS 115.
Considerations in Risk-Based Auditing
Considerations in Risk-Based Auditing is a strategic overview intended to provide readers with detailed, practical, specific and non-authoritative guidance when implementing the technology-related aspects of the eight Statements of Auditing Standards (SAS 104 through SAS 111).
IT Control Objectives for Sarbanes-Oxley
The IT Governance Institute released a research document focusing on Sarbanes-Oxley, using COSO as the overall framework on which the supplementary IT guidance was based, and COBIT as the initial IT controls baseline to develop a control objective template.
Understanding Internal Control and Internal Control Services Whitepaper
In response to confusion among practitioners, the AICPA has prepared a white paper explaining the concepts of internal control -- specifically over financial reporting -- and discussing the types of related services that may be performed by practitioners in public practice.
Performing an Audit of Internal Control in an Integrated Audit
The AICPA’s Center for Audit Quality (CAQ) recently issued a publication entitled, CAQ Lessons Learned - Performing an Audit of Internal Control in an Integrated Audit (Lessons Learned), which was developed by a task force consisting of professionals from various member firms.
Segregation of Duties
Segregation of Duties (SOD) is a basic building block of sustainable risk management and internal controls for a business.
How CAATTs Identifies Potentially Fraudulent Activities
Fraud happens! Maybe it is accomplished by someone in the accounting department making a journal entry to affect revenue recognition for certain transactions. Or, perhaps it occurs when someone enters transactions for fictitious customers or vendors, or alters timecards. While auditors do not have a specific requirement to detect all fraud, we can turn to the auditing standards for guidance.