McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.

Chapter

11Auditing of Governmental and Not-for-

Profit Organizations

11-2

Learning Objectives

After studying Chapter 11, you should be able to: Explain the essential elements of financial audits by

independent CPAs, including: The objective(s) of financial audits The source and content of GAAS Audit report formats and opinions The audit process

11-3

Learning Objectives (Cont’d)

Explain what is meant by GAGAS, the source of GAGAS, and why and how GAGAS are broader than GAAS

Explain the types of audits performed under GAGAS, including financial audits, attestation engagements and performance audits

11-4

Learning Objectives (Cont’d)

Explain the essentials of a single audit, including: The purpose and scope Major program identification Audit work required Reports that must be submitted

Describe the implications of the Sarbanes-Oxley Act of 2002 on governments and not-for-profit organizations

11-5

Objective of a Financial Audit

The independent auditor’s objective is to render a report expressing an opinion that the financial statements present fairly the financial position, changes in financial position, and, where applicable, cash flows of the organization “Present fairly” means in conformity with appropriate

generally accepted accounting principles (GAAP) Opinions are based on reasonable assurance that the

statements are free from material misstatements

11-6

Auditors performing financial audits follow GAAS, reflected in Statements of Auditing Standards (SASs) issued by the AICPA

10 standards (expanded on by more than 120 SASs)3 general standards 3 field work standards4 reporting standards

See Ill. 11-1

Generally Accepted Auditing Standards (GAAS)

11-7

Paragraphs in a standard audit report (see Ill. 11-2):

Opening Identifies the financial statements being audited

Scope Describes the nature of the audit

Opinion Expresses the auditor’s opinion about the fairness of the financial statements

Explanatory Used in most governmental audits, usuallyrelated to the auditor’s role in reviewingsupplementary information

Auditor’s Standard Report

11-8

Unqualified (clean)—Statements present fairly the financial position and changes in position (and cash flows, if applicable) according to GAAP. See Ill. 11-2

Qualified opinion—Statements contain a material departure from GAAP or there is a material change between periods in GAAP. See Ill. 11-3

Adverse opinion—Financial statements do not present fairly in conformity with GAAP

Disclaimer of opinion—Often due to inability to examine records

Types of Auditor’s Opinions

GAAP Hierarchy— Ill. 11-4

Category State and Local Governments

Federal Governmental Entities

a GASB Statements and Interpretations

FASAB Statements and Interpretations

b GASB Technical Bulletins, AICPA pronouncementsspecifically for SLG…

FASAB Technical Bulletins and AICPA pronouncementsspecifically for federal entities…

c AICPA Practice Bulletins... Technical Releases of theFASAB Accounting and Auditing Policy Committee

d GASB Implementation Guides (Q&As...)

FASAB Implementation Guides.

11-9

11-10

GAAP for Nongovernmental Entities

The FASB Accounting Standards Codification is the source of authoritative GAAP to be applied by nongovernmental entities. Rules and interpretive releases of the SEC under authority of federal securities laws are also sources of authoritative GAAP for SEC registrants.

11-11

Materiality

Definition: In the auditor’s judgment, the level at which the quantitative or qualitative effects of misstatements will have a significant impact on users’ evaluations

AICPA Audit and Accounting Guide State and Local Governments requires auditors to make separate materiality determinations for each opinion unit. These are: Governmental activities Business-type activities Aggregate discretely presented component units Each major governmental and enterprise fund The aggregate remaining fund information

11-12

Auditing Required Supplementary Information (RSI)

RSI, such as MD&A and budgetary comparison schedules, are outside the scope of the financial statement audit

Auditors apply certain limited procedures in connection to RSI to provide assurance that they are fairly presented in relation to the basic financial statements

11-13

Financial—Provides an opinion about whether an entity’s financial statements are presented fairly in all material respects in conformity with an applicable financial reporting framework

Attestation engagement—Provides a report and assertion about subject matter that is the responsibility of another party; e.g., internal controls, compliance, MD&A, contract amounts, performance measures

Performance—Provides findings or conclusions based on an evaluation of sufficient, appropriate evidence against criteria

Types of Governmental Audits Ill. 11-5

11-14

Standards issued by the U.S. Government Accountability Office in its “yellow book”

Required of auditors in a Single Audit of organizations that expend more than $500,000 in federal resources in any year

States may also require “yellow book” audits of their local governments

Generally Accepted Government Auditing Standards (GAGAS)

11-15

GAGAS Financial Audit Standards

There are 4 general standardsGAGAS incorporates the GAAS fieldwork standards

and adds 5 additional standards for performing financial audits

GAGAS incorporates the GAAS reporting standards and adds 6 additional standards for reporting financial audits

11-16

General Standards 1. Independence standard: In all matters

relating to audit work, the audit organization and the individual auditor must be independent in mind and in appearance.

2. Professional judgment: Auditors must use professional judgment in planning and

performing audits and in reporting the results.

GAGAS General Standards

11-17

General Standards 3. Competence: The staff assigned to perform

the audit must collectively possess adequate professional competence needed to address the

audit objectives and perform the work in accordance with GAGAS.

4. Quality control and assurance: The audit organization must establish and maintain a system of quality control and have an external peer review at least once every 3 years.

GAGAS General Standards (Cont’d)

11-18

1. Pertinent information should be communicated to individuals contracting for or requesting the audit.

2. During audit planning, the auditors should evaluate whether the audited entity has

taken appropriate corrective action to address findings and recommendations from previous engagements that could have a material effect on the financial statements.

GAGAS Requirements for Performing Financial Audits

11-19

3. Auditors should extend the AICPA requirements pertaining to the auditors’ responsibilities for

laws and regulations to also apply to compliance with provisions of contracts or grant agreements.

4. When audit findings involve deficiencies in internal control; noncompliance; fraud; or abuse, auditors should plan and perform procedures to develop the elements (criteria, condition, cause and effect) of the findings that are relevant and necessary to achieve the audit objectives.

GAGAS Requirements for Performing Financial Audits (Cont’d)

11-20

5. Documentation should be provided concerning evidence of supervisory review of work performed. For any departures from the GAGAS requirements, auditors should document the impact on the audit and on the auditors’ conclusions.

GAGAS Requirements for Performing Financial Audits (Cont’d)

11-21

1. When audits are conducted in accordance with GAGAS, a reference to GAGAS should be made in the audit report.

2. When the financial statement audit report contains an opinion or a disclaimer of opinion, a

report on internal control over financial reporting and on compliance with laws, regulations, and provisions of contracts and grants must be provided as part of the report or as a separate report.

GAGAS Requirements for Reporting on Financial Audits

11-22

3. Based on the audit work performed, a report should be made on significant deficiencies and material weaknesses in internal control, and instances of fraud; noncompliance with

provisions of laws and regulations; or violations and abuse that are material.

4. When reporting deficiencies in internal control, the views of responsible officials concerning

the audit report and any plans for corrective action should be included.

GAGAS Requirements for Reporting on Financial Audits (Cont’d)

11-23

5. When applicable, the report should indicate that confidential or sensitive information has been

omitted from the report and the reason that such an omission is necessary.

6. Submission of reports should be made to appropriate officials, and audits should be made

available to the public. Auditors should document any limitation on report distribution.

GAGAS Requirements for Reporting on Financial Audits (Cont’d)

11-24

GAGAS standards place much more emphasis on compliance with laws and regulations than do GAAS

Unique Aspects of GAGAS

11-25

The competence standard requires, among other things, that auditors have: A thorough knowledge of governmental auditing

standards and the specific or unique environment in which the audited entity operates

At least 80 hours of CE (CPE) every two years of which

At least 20 hours must be completed in each of the two years

At least 24 hours must be related directly to governmental auditing or the unique environment in which the audited entity operates

Unique Aspects of GAGAS (Cont’d)

11-26

Independence Standards

Independence is covered in 4 sections: (1) a conceptual framework; (2) guidance for internal audit organizations (not covered in text); (3) guidance when performing nonaudit services; and (4) requirements and guidance on documentation to support consideration of auditor independence

GAGAS establish a conceptual framework that requires auditors to identify, evaluate, and apply safeguards to appropriately address threats to independence. See Ill 11-7

11-27

GAO Independence Standards–Conceptual Framework

Threats to independence are circumstances that could impair independence. They include self-interest threat, self-review threat, bias threat, familiarity threat, undue influence threat, management participation threat, and structural threat

Safeguards are controls designed to eliminate or reduce threats to independence

If threats to independence are not at an acceptable level, the auditors should document the threats identified and the safeguards applied to eliminate the threats or reduce them to an acceptable level.

11-28

GAO Independence Standards–Nonaudit Work

DEFINITION: Work solely performed for the benefit of the entity requesting the work and which does not provide for a basis for conclusions, recommendations, or opinions as would a financial audit, attestation engagement, or performance audit

Auditors are prohibited from assuming a management responsibility (i.e., making significant decisions regarding the acquisition, deployment, and control of resources), because the management participation threat would be so severe that no safeguards could reduce the threats to an acceptable level

11-29

GAO Independence Standards–Nonaudit Work (Cont’d)

GAGAS identify examples of nonaudit services that could potentially impair the auditors’ independence in the government environment: preparing accounting records and financial statements, internal audit services, internal control monitoring and assessments, information technology systems services, and valuation services

Auditors should use the conceptual framework to assess independence for services not specifically addressed by these categories

11-30

GAO Independence Standards–Documentation

The auditor is required to document conclusions regarding compliance with independence, including:Discussion of threats identified and safeguards in place or

applied that eliminated the threat or reduced it to an acceptable level

Safeguards required for an audit organization that is structurally located within a government entity

Consideration of audited entity management’s ability to effectively oversee a nonaudit service to be provided by the auditor

The auditor’s understanding with an audited entity for which the auditor will perform a nonaudit service

11-31

Improve the efficiency and effectiveness of governmental audit effort

Replace a multitude of grant-by-grant audits with a single, comprehensive, entity-wide audit

Provide all federal awarding agencies a single report of a recipient of federal awards to satisfy a program’s audit requirements

What is the Purpose of a Single Audit?

11-32

State and local governments, not-for-profit organizations, including colleges and hospitals, that expend more than $500,000 in federal financial assistance in a year

If expended only for one program or one program cluster, the entity may have a program audit, otherwise the audit must be a single audit

Determining Who Must Have a Single Audit

11-33

1996 Single Audit Act Amendments: Establishes a risk-based approach for audit testing,

thus placing greater audit coverage on high risk programs

Improves the contents and timeliness of single audit reporting

Permits the Office of Management and Budget (OMB) to administratively revise Single Audit requirements without requiring additional legislation

See OMB Circular A-133 and the related Compliance Supplement for implementation guidance

Single Audit (Cont’d)

11-34

Calculation of amount of federal awards expended

Calculation can be complex Basic rule is that a federal award has been

expended when the federal agency has become at risk and the nonfederal recipient has a duty of accountability

See Ill. 11-8

Single Audit (Cont’d)

11-35

Annual audit encompassing the entity’s financial statements and schedule of expenditures of federal awards

Audit must be conducted by an independent auditor Auditors must follow GAGAS (yellow book

standards) Auditor must determine whether financial statements

present fairly in conformity with GAAP and the schedule of federal financial awards is presented fairly in relation to the financial statements

Single Audit Requirements

11-36

Auditor must obtain an understanding of internal controls pertaining to the compliance requirements for each major program, and assess control risk and perform tests of control

Federal and nonfederal “pass-through” agencies are assigned certain responsibilities for compliance

Single Audit Requirements (Cont’d)

11-37

For each major program the auditor must test whether the program:

Was administered in conformity with the appropriate OMB Circular (A-102 or A-110)

Complied with detailed requirements in the A-133 Compliance Supplement and other specified requirements

Compliance Audits (as Part of Single Audit)

11-38

Use the sliding scale shown in Chapter 11 andfollow the steps in Ill. 11-9 Identify Type A programs Identify low-risk programs (based on no audit

findings in the most recent audit and absence of certain risk factors)

Assess risk of Type B programs (major programs that are not Type A programs)

Selection of Programs for Single Audit

11-39

At a minimum, audit all high risk Type A programs and either

Half of the high-risk Type B programs or One high-risk Type B program for each low-risk

Type A program Audit enough major programs to ensure that at

least 50% of total federal award expenditures are audited

Selection of Programs for Single Audit (Cont’d)

11-40

Both auditee and auditor have responsibilities for the “reporting package” that must be filed electronically and sent to the single audit clearinghouse

Reporting package consists of: Financial statements and schedule of expenditures

of federal awards Summary schedule of prior audit findings Auditor’s reports (see Ill. 11-10) Corrective action plan

Required Reporting Under Single Audit

11-41

Schedule of findings and questioned costsDescribes such matters as internal control weaknesses,

instances of noncompliance, questioned costs, fraud, and material misrepresentations by the auditee

Internal control weaknesses are reported as either: material weaknesses (a deficiency such that there is a reasonable possibility that a material misstatement of the entity's financial statements will not be prevented on a timely basis), or significant deficiencies (a deficiency that is less severe than a material weakness, yet important enough to merit attention by those charged with governance)

Required Reporting Under Single Audit (Cont’d)

11-42

Required Reporting Under Single Audit (Cont’d)

Schedule of Findings and Questioned Costs (Cont’d)A questioned cost usually involves an instance of

noncompliance with a law or regulation where the costs are either not allowable, are unreasonable, or are not supported by adequate documentation

Known questioned costs greater than $10,000 or likely costs greater than $10,000 must be reported in the schedule of findings and questioned costs

11-43

To promote quality control, nonfederal entities expending more than $50 million in federal awards are assigned a cognizant agency—usually the agency providing the predominant amount of support

The cognizant agency provides technical advice and serves as a liaison, conducts quality control reviews, refers substandard audits for disciplinary action, and facilitates communication

Cognizant Agencies

11-44

Nonfederal entities expending less than $50 million are assigned an oversight agency rather than a cognizant agency

Oversight agencies have similar but less extensive responsibilities than oversight agencies

Oversight Agencies

11-45

Single Audit Quality

The President’s Council on Integrity and Efficiency’s 2007 report on the national single audit sampling project found48.6% of single audits were of acceptable quality16.0% were of limited reliability35.5% were of unacceptable quality

Recommendations on improving single audit quality Improve the single audit standards and guidanceEstablish minimum training requirementsEstablish consequences for submitting unacceptable

audits

11-46

Impact of Sarbanes-Oxley Act

SOX applies to publicly-held companies, but many governments are adapting some “best practices” in the areas of:

Audit Committees–subsets of the governing council that appoint, oversee, and work with the external auditor throughout the year

Internal Controls–OMB Circular A-123 Management’s Responsibility for Internal Control is one example of a review and tightening of internal controls in the government sector

11-47

Auditors add value to information by being independent and conforming to professional auditing standards (GAAS or GAGAS)

GAGAS applies to audits of nonfederal entities that expend at least $500,000 of federal awards

GAGAS are broader than GAAS in that they include standards for financial and performance audits and attestation engagements

The single audit improves both the efficiency and effectiveness of audits of nonfederal entities with significant expenditures of federal awards

END

Concluding Comments