UC San Diego SearchMenu

SAS 112 Categories of Control Deficiencies

Learn about the 3 categories of deficiencies that may be identified during an external audit under SAS 112 requirements.

Statement of Auditing Standards No. 112 (SAS 112) introduces new definitions of significant deficiency and material weakness that will lower the threshold for reportable control deficiencies at UCSD. The result is likely to be an increase in the number of reportable findings during the course of the external financial statement audit.

Read about the 3 categories of deficiencies that may be identified during the external audit of the financial statements under SAS 12:

1. Control deficiencies

These exist when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements in a timely manner. Materiality of the control deficiency is not just determined by the actual misstatement (i.e., dollar amount of the error), but by the potential dollars that could also be incorrect.

Examples of control deficiencies include:

  • Lack of timeliness of cash deposits and account reconciliation
  • Lack of review and reconciliation of departmental expenditures
  • Lack of overdraft funds monitoring
  • Lack of physical inventory

2. Significant deficiencies

Significant deficiencies are a control deficiency, or combination of control deficiencies, that adversely affect the entity's ability to initiate, authorize, record, process, or report financial data reliably in accordance with Generally Accepted Accounting Principles (GAAP) such that there is more than a remote likelihood that a misstatement of the entity's financial statements (that is more than inconsequential) will not be prevented or detected.

3. Material weakness

Material weakness is a significant deficiency, or combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement of the financial statements will not be prevented or detected.

All university departments must work together to protect UCSD with controls that support financial reporting and ensure that key controls are in place and operating as intended.