In this post, I provide an overview of the internal control reporting requirements when no significant deficiencies or material weaknesses are noted in an audit of the financial statements. I also provide guidance for when such an engagement is subject to the Government Auditing Standards (i.e., Yellow Book). You’ll see a video that shows you what the audit opinion and Yellow Book reports look like when both are in play, and there are no issues.
There are two sets of rules when you perform an audit that is subject to the Yellow Book requirements:
And only one set of rules if the audit is not subject to the Yellow Book requirements:
Consider two scenarios.
If you perform an audit (not subject to Yellow Book) and have no significant deficiencies or material weaknesses, then no internal control letter is required (for anyone). I refer to this letter as the “SAS 115 letter” since that’s where the original generally accepted auditing rule came from. Some people opt to issue one anyway. But again, this is not required.
In this scenario, you issue one report:
Audit opinion (and no internal control letter is issued)
If you perform an audit that is subject to Yellow Book and have no significant deficiencies or material weaknesses, then no SAS 115 internal control letter is required. Some people opt to issue one anyway.
A Yellow Book report is required (even though there are no significant deficiencies or material weaknesses) and is included in the audited financial statements, usually after the notes to the financial statement.
You do not need to send this report to anyone separately (i.e., the government) since it’s included in the bound audit report.
So, in this scenario, you issue two reports:
But what do these reports look like?
Here is a video that shows you what a Yellow Book reports looks like when there are no significant deficiencies or material weaknesses.
I also show you how to amend your standard audit opinion (governmental example) when the Yellow Book report is provided.
See my related article about capturing and reporting control deficiencies. I define significant deficiencies and material weaknesses in another post.
Charles Hall is a practicing CPA and Certified Fraud Examiner. For the last thirty-five years, he has primarily audited governments, nonprofits, and small businesses. He is the author of The Little Book of Local Government Fraud Prevention, The Why and How of Auditing, Audit Risk Assessment Made Easy, and Preparation of Financial Statements & Compilation Engagements. He frequently speaks at continuing education events. Charles consults with other CPA firms, assisting them with auditing and accounting issues.