Professional Documents
Culture Documents
AU Section 325
Communicating Internal Control Related
Matters Identied in an Audit
(Supersedes SAS No. 112.)
Source: SAS No. 115.
Effective for audits of nancial statements for periods ending on or after
December 15, 2009. Earlier implementation is permitted.
Applicability
.01 This section establishes standards and provides guidance on commu-
nicating matters related to an entity's internal control over nancial reporting
identied in an audit of nancial statements. It is applicable whenever an au-
ditor expresses or disclaims an opinion on nancial statements. In particular,
this section
the person performing the control does not possess the necessary au-
thority or competence to perform the control effectively.
.06 A material weakness is a deciency, or combination of deciencies, in
internal control, such that there is a reasonable possibility
5
that a material
misstatement of the entity's nancial statements will not be prevented, or de-
tected and corrected on a timely basis.
.07 A signicant deciency is a deciency, or a combination of deciencies,
in internal control that is less severe than a material weakness, yet important
enough to merit attention by those charged with governance.
2
Reference to generally accepted accounting principles includes, where applicable, a comprehen-
sive basis of accounting other than generally accepted accounting principles, as that term is dened
in paragraph .04 of section 623, Special Reports, as amended.
3
Hereinafter in this section, the term internal control means internal control over nancial
reporting.
4
Section 314, Understanding the Entity and its Environment and Assessing the Risks of Material
Misstatement, contains a detailed discussion of internal control and identies the following ve inter-
related components of internal control: (a) the control environment, (b) the entity's risk assessment,
(c) information and communication systems, (d) control activities, and (e) monitoring.
5
In this section, a reasonable possibility exists when the likelihood of the event is either reason-
ably possible or probable as those terms are dened in the Financial Accounting Standards Board Ac-
counting Standards Codication glossary. [Footnote revised, June 2009, to reect conforming changes
necessary due to the issuance of FASB ASC.]
AU 325.04
Communicating Internal Control 289
Evaluating Deciencies Identied as Part
of the Audit
.08 The auditor should evaluate the severity of each deciency in internal
control
6
identied during the audit to determine whether the deciency, indi-
vidually or in combination, is a signicant deciency or a material weakness.
The severity of a deciency depends on
include the denition of the term material weakness and, where rele-
vant, the denition of the term signicant deciency.