It establishes the procedures and process of communicating internal control related matters identified in an audit and provides guidelines to external auditors about communicating an entity’s internal control-related matter identified during the audit. It permits management to prevent, detect, and correct misstatements. It addresses three categories of deficiencies, which may exist in the external audit of a company’s financial statements.
Types of Deficiencies
The first is control deficiency, which applies when the design of the entity’s control does not allow management or employees to detect or prevent misstatements in a timely manner. In this scenario, misstatements will not be prevented, detected or corrected on time because of procedural deficiencies
Significant deficiency is a combination of defects that call for attention of those charged with governance. This is of a lesser magnitude than material deficiency but serious enough for it to require attention
The third is material deficiency, which deals with:
• Identification of fraud by management
• Restatements of old or previous financial statements to reflect correction of misstatements because of fraud,
• Identification of misstatements under such circumstances showing it would not have been detected by internal control an
• Ineffective oversight of the organizations financial reporting by those charged with management.
Function of SAS 115
• It establishes standards and provides guidance on communicating matters that relate to an entity internal control of its financial reporting