SAS No. 115 was issued by the Auditing Standards Board to provide guidance to auditors with respect to what should be communicated to management and those charged with governance in an organization. SAS No. 115 requires the auditor make communications, in writing, to management and those charged with governance regarding significant deficiencies and material weaknesses in internal controls that you note in your audits.
Resources
The Center and the AICPA have taken a number of steps to compile and develop resources to assist auditors in implementing this new standard. Those resources can be accessed through the following links:
This Audit Risk Alert provides a detailed discussion of the requirements and guidance contained in SAS No. 115. It also addresses emerging practice issues and contains updated case studies to further illustrate the principles contained in SAS No. 115.
Examples of Internal Control Communications for Employee Benefit Plans
This non-authoritative document was prepared to assist Center members in preparing internal control communications to their employee benefit plan clients. It contains example comments that may be useful in preparing SAS No. 115 communications, management letters, and other internal control communications.
Summary of SAS No. 115 Requirements
This document provides a summary of the requirements of SAS No. 115.
SAS No. 115 Frequently Asked Questions
This SAS No. 115 FAQ document is intended to address the most common practitioner questions and concerns related to applying SAS No. 115.
SAS No. 115 Web Forum Presented by Chuck Landes and Steve Bodine (sponsored by the AICPA PCPS Firm Practice Center)
This Forum, "SAS No. 115 Amends and Replaces SAS No. 112", covers the requirements of SAS No. 115.