Skip to main content

System Status: 

SAS 115 Overview

Learn about the Statement of Auditing Standards No. 115 (SAS 115) and how it affects your department and UC San Diego.

The Auditing Standards Board has issued a statement on Auditing Standards (SAS) No. 115, 'Communicating Internal Control Related Matters Identified in an Audit.' SAS No. 115 supersedes SAS No.112 of the same title and was issued to eliminate differences within AICPA’s Audit and Attest Standards resulting from the issuance of Statement on Standards for Attestation Engagements (SSAE) No. 15.

Statement of Auditing Standards No. 115 (SAS 115)

"Communicating Internal Control Related Matters Identified in an Audit," is an accounting standard that establishes guidelines for determining the seriousness of internal control issues. SAS 115 is applied to UCSD's external financial audit conducted by PricewaterhouseCoopers (PwC).

SAS 115 establishes standards and provides guidance on communicating matters related to an entity's internal control over financial reporting identified in an audit of financial statements. It is applicable whenever an auditor expresses an opinion on financial statements (including a disclaimer of opinion).

In particular, SAS 115

  • Defines the terms "significant deficiency" and "material weakness," incorporating the definitions already in use for public companies
  • Provides guidance on evaluating the severity of control deficiencies identified in an audit of financial statements
  • Requires the auditor to communicate in writing, to management and those charged with governance such as the University Board of Regents, significant deficiencies and material weaknesses identified in an audit

Why is SAS 115 considered significant?

SAS 115 changes the process for evaluating deficiencies that come to the attention of auditors and brings the thresholds for reporting control deficiencies in line with the thresholds required for public companies. As these revised thresholds effectively lower the bar, it is expected that the reporting of what are now defined as either significant deficiencies or material weaknesses will become increasingly prevalent.

There is a possibility that items not previously identified as control deficiencies could rise to what has now been defined as a significant deficiency or a material weakness simply as a result of imposing a new definition on the auditor, not as a result of any deterioration in the University's system of internal control. The materiality of the control deficiency is determined based on what potentially could go wrong, not just on the number of actual misstatements.

What does this mean to us?

SAS 115 requires a lower threshold for reporting internal control deficiencies to the Chancellor and the UC Regents. This closer scrutiny of controls and reporting of matters not previously considered significant could concern the University and its stakeholders unnecessarily.

The Controller's Office has worked with campus external auditors to identify existing internal controls that support the financial reporting process. The goal is to ensure that existing key controls are in place and that our University can demonstrate, through documentation, that they are operating as intended. Consequently, new and more stringent requirements for internal control documentation will impact all campus departments.

Key controls currently identified for the preparation of the financial statements are not the only controls that need to be monitored. Other controls exist for governance and regulatory compliance, and they also must be followed. Consequently, SAS 115 has important implications for all campus departments, not just those in the central business offices.

We highly recommend departments:

  • Implement departmental key controls, and ensure the control is working.
  • Document evidence of review for all levels (signature, e-mail, and/ or sign checklist).
  • Fix and follow-up when a control deficiency or weakness is identified.
  • Document corrective action.
The Controller's office will continue to act as a liaison between the external auditors and the departments, providing guidance, key controls framework, and communication for control activities.

Learn more about SAS 115

Find answers, request services, or get help from our team at the UC San Diego Services & Support portal.