2011 Yellow Book: What You Need to Know

italiansaucyΛογισμικό & κατασκευή λογ/κού

13 Δεκ 2013 (πριν από 3 χρόνια και 8 μήνες)

89 εμφανίσεις

1


2011 Yellow Book: What You
Need to Know




West Virginia AGA
Spring Training


MOV AGA Chapter

Parkersburg, WV

May 14, 2013

Nicole M. Burkart



2

Session Objectives

The 2011 revision of
Government Auditing
Standards

represents a modernized version of the
standards. During this session, we will:


Highlight major changes from the 2007 revision,
focusing on independence


Conceptual framework for independence added


New documentation requirements


Highlight changes made for financial audits and
attestation engagements


Highlight changes made for performance audits



3

3


Primary Yellow Book Changes


Conceptual framework for independence added


Identify, evaluate, and apply safeguards to address
threats to independence


Can be applied to many variations in circumstances


New documentation requirements


Focus on
nonaudit

services


Changes made for financial audits and
attestation engagements


Focused on converging standards where practical


Changes made for performance audits


Clarified definition of validity




4

4

4

2011 Yellow Book

Applicability


Chapters 1, 2, and 3 apply to all GAGAS
engagements


Chapter 1: Government Auditing: Foundation and
Ethical Principles


Chapter 2: Standards for Use and Application of
GAGAS


Chapter 3: General Standards


Chapter 4: Standards for Financial Audits


applies only to financial audits


Chapter 5: Standards for Attestation
Engagements


applies only to attestation
engagements



5

5

5

2011 Yellow Book

Applicability (Continued)


Chapters 6 and 7 apply only to performance
audits


Chapter 6: Field Work Standards for Performance
Audits


Chapter 7: Reporting Standards for Performance Audits


Appendix I: Provides supplemental guidance (not
requirements) for all GAGAS engagements


Available on the Yellow Book webpage:


Interpretations


Supplemental guidance (not requirements) for areas of
particular interest or sensitivity





2011 Yellow Book

Effective Dates



Effective for financial audit periods ending on
or after December 15, 2012


Effective for attestation periods ending on or
after December 15, 2012


Effective for performance audits starting on
or after December 15, 2011



Independence may be impacted
before

the
beginning of an engagement

6

7

7

7

Chapter 1:

Purpose and Applicability of GAGAS


GAGAS provides a framework for conducting
high quality audits with competence, integrity,
objectivity, and independence.


For use by auditors of government entities and entities
that receive government awards



Provisions of laws, regulations, contracts, grant
agreements, or policies frequently require audits
to be conducted in accordance with GAGAS.



8

8

8

Chapter 2:

Types of GAGAS Engagements


All audits begin with objectives and those
objectives determine the type of audit to be
performed and the applicable standards to be
followed.


The types of audits that are covered by GAGAS,
as defined by their objectives, are classified in
the Yellow Book as:


financial audits,


attestation engagements, and


performance audits.

9

9

Chapter 2:

Financial Audits


Financial audits provide an independent
assessment of whether an entity’s reported
financial information is presented fairly in
accordance with recognized criteria.


Reasonable assurance


Financial audits performed in accordance with
GAGAS include:


Financial statement audits


Other types of financial audits


GAGAS incorporates by reference AICPA SASs
and includes additional requirements


10

10

Chapter 2:

Attestation Engagements


Attestation engagements can cover a broad
range of financial or nonfinancial objectives
about the subject matter or assertion depending
on the users’ needs.


GAGAS incorporates by reference AICPA
SSAEs and includes additional requirements


The three types of attestation engagements are:


Examination


Review


Agreed
-
Upon Procedures

11

11

Chapter 2:

Attestation Engagements (Continued)


Examination


Opinion


Reasonable assurance


Review


Conclusion


Limited assurance


Auditors should not perform review
-
level work for
reporting on internal control or compliance with
provisions of laws or regulations.


Agreed
-
Upon Procedures


Findings (NOT an Opinion or Conclusion)

12

Chapter 2:

Performance Audits


Performance audits are defined as audits that
provide findings or conclusions based on an
evaluation of sufficient, appropriate evidence
against criteria.


Performance audits provide objective analysis
to assist management and those charged with
governance and oversight in using the
information to:


improve program performance and operations,


reduce costs,


facilitate decision making, and


contribute to public accountability.

13

Chapter 2:

Nonaudit

Services


GAGAS does not cover
nonaudit

services,
which are defined as professional services other
than audits or attestation engagements.


When audit organizations provide
nonaudit

services to entities for which they also provide
GAGAS audits, they should assess the impact
that providing those
nonaudit

services may
have on auditor and audit organization
independence and respond to any identified
threats to independence in accordance with the
GAGAS independence standard.

14


Chapter 2:

Use of Terminology



Requirements are identified through the use of
specific language.


Must

indicates an unconditional requirement


Should

indicates a presumptively mandatory
requirement


Text not using the above conventions is considered
explanatory material


Auditors have a responsibility to consider the
entire text of GAGAS in carrying out their work
and in understanding and applying the
requirements in GAGAS.

15

15

Chapter 2:

Stating Compliance with GAGAS



Auditors should include one of the following
types of GAGAS compliance statements in
reports on GAGAS audits:


Unmodified


Modified


Determining the appropriate GAGAS compliance
statement is a matter of professional judgment.


Auditors may also cite the use of other standards
in reports on GAGAS audits when they have met
the requirements of those standards, as well as
GAGAS.

16

16

16

Chapter 3:

General Standards


General standards, along with the overarching
ethical principles presented in Chapter 1,
establish a foundation for the credibility of
auditors’ work.


Chapter 3 is comprised of four sections:


Independence


Professional Judgment


Competence


Quality Control and Assurance


17

Chapter 3:

Independence


In all matters relating to the audit work, the audit
organization and the individual auditor, whether
government or public, must be independent.


Independence comprises:


Independence of Mind


state of mind that permits the
performance of an audit without being affected by
influences that compromise professional judgment


Independence in Appearance


absence of
circumstances that would cause a reasonable and
informed third party to conclude that integrity,
objectivity, or professional skepticism had been
compromised

18

Chapter 3:

Independence (Continued)

19

Chapter 3:

Independence (Continued)


Independence Timeframes


Any period of time that falls within the period covered
by the financial statements or subject matter of the
audit (i.e. the period of time covered by the audit)


The period of the professional engagement


The period of the professional engagement lasts
for the entire duration of the professional
relationship (which, for recurring audits, could
cover many periods).


20

20


Chapter 3:

Conceptual Framework



GAGAS establishes a conceptual framework that
auditors use to identify, evaluate, and apply
safeguards to address threats to independence


Can be applied to many variations in circumstances
that create threats to independence


Allows auditors to address threats to independence
that result from activities that are not specifically
prohibited by GAGAS


Serves as a hybrid framework that balances principle
and rules based standards






20

21

Chapter 3:

Conceptual Framework (Continued)

Assess condition or activity for
threats to independence
Assess safeguard
(
s
)
effectiveness
Identify and apply safeguard
(
s
)
Assess threat for significance
Is threat significant
?
Threat identified
?
Is threat eliminated or reduced to
an acceptable level
?
Yes
Yes
Document nature of threat and
any safeguards applied
Yes
No
Independence
impairment
;
do
not proceed
No
Is threat related to a nonaudit
service
?
Is the nonaudit service specifically
prohibited in GAGAS paragraphs
3
.
36
or
3
.
49
through
3
.
58
?
No
No
Yes
Yes
Proceed
Proceed
Proceed
No
22

Chapter 3:

Conceptual Framework (Continued)


Threats to independence are circumstances that
could impair independence.


Nature


Significance


Safeguards


Threats are conditions to be evaluated using the
conceptual framework.


Safeguards are controls designed to eliminate or
reduce to an acceptable level threats to
independence.

23

Chapter 3:

Conceptual Framework (Continued)


Applying the Conceptual Framework


Identify threats to independence


Evaluate the significance of the threats identified, both
individually and in the aggregate


Apply safeguards as necessary to eliminate the
threats or reduce them to an acceptable level


Safeguards need to be effective in order address
threats to independence.


If it is necessary to apply safeguards, auditors
should document the threats identified and the
safeguards applied to eliminate the threats or
reduce them to an acceptable level.

24

Chapter 3:

Conceptual Framework (Continued)


Categories of Threats


Self
-
Interest


Self
-
Review


Bias


Familiarity


Undue Influence


Management Participation


Structural

25

Chapter 3:

Conceptual Framework (Continued)


Examples of safeguards include:


consulting an independent third party, such as a
professional organization, a professional regulatory
body, or another auditor;


involving another audit organization to perform or re
-
perform part of the audit;


having a professional staff member who was not a
member of the audit team review the work performed;
and


removing an individual from an audit team when that
individual’s financial or other interests or relationships
pose a threat to independence.

26

Chapter 3:


Documenting Threats and Safeguards


Threat and Safeguard Documentation
Requirements


Document threats to independence that require the
application of safeguards (i.e. threats that are not at
an acceptable level), along with safeguards applied,
in accordance with the conceptual framework


Document how safeguards were applied (i.e.
appropriately designed and implemented) to ensure
that an audit organization structurally located within a
government entity is independent

27

27

Chapter 3:

Provision of
Nonaudit

Services

Nonaudit

Services versus Routine Activities


Nonaudit

services are consistent with auditors’
skills and expertise, but do not relate directly to
the performance of an audit.


Providing
nonaudit

services may create threats to
independence.


Routine activities related directly to the
performance of an audit are not considered
nonaudit

services under GAGAS.


Routine activities generally involve providing advice or
assistance on an informal basis as part of an audit.


Routine activities are typically insignificant in terms of
time incurred or resources expended.


28

28

Chapter 3:

Documenting
Nonaudit

Services


Nonaudit

Service Documentation Requirements


Document consideration of audited entity
management’s ability to effectively oversee a
nonaudit

service to be provided by the auditor


Document the auditor’s understanding with an audited
entity for which the auditor will perform a
nonaudit

service


Before providing
nonaudit

services, the auditor
should determine that the audited entity has
designated an individual who possesses suitable
skill, knowledge, or experience, and that the
individual understands the services to be
performed sufficiently to oversee them.

29

29

Chapter 3:

Prohibited
Nonaudit

Services

Assuming Management Responsibilities


Setting policies and strategic direction for the audited entity


Directing and accepting responsibility for the actions of the
audited entity’s employees in the performance of their
routine, recurring activities


Having custody of an audited entity’s assets


Reporting to those charged with governance on behalf of
management


Deciding which of the auditor’s or outside third party’s
recommendations to implement


Accepting responsibility for the management of an audited
entity’s project


Accepting responsibility for designing, implementing, or
maintaining internal control




30

30

Chapter 3:

Prohibited
Nonaudit

Services

Assuming Management Responsibilities (Continued)


Providing services that are intended to be used as
management’s primary basis for making decisions that are
significant to the subject matter of the audit


Developing an audited entity’s performance measurement
system when that system is material or significant to the
subject matter of the audit


Serving as a voting member of an audited entity’s
management committee or board of directors


Performing ongoing monitoring procedures on behalf of
management


Complete List of Prohibited
Nonaudit

Services:

Paragraphs 3.36 and 3.49


3.58


31

31

Chapter 3:

Continuing Professional Education

No revision to overall requirements:


Minimum of 24 hours of CPE every 2 years


Government auditing or the government environment


Specific or unique environment in which the audited
entity operates


Additional 56 hours of CPE for auditors:


Involved in any amount of planning, directing, or
reporting on GAGAS audits, or


Charging 20 percent or more of their time annually to
GAGAS audits.


Minimum of 20 hours of CPE each year

32

32

Chapter 3:

Continuing Professional Education

Changes Related to CPE:


Clearer distinction between internal and external
specialists


External specialists assisting in performing a GAGAS
audit are not required to meet GAGAS CPE
requirements, but should be qualified and competent in
their areas of specialization


Internal specialists who are not involved in directing or
performing audit procedures or reporting on a GAGAS
audit are also not required to meet GAGAS CPE
requirements, but should be qualified and competent in
their areas of specialization

33

33

Chapter 3:

Monitoring of Quality


The auditor organization should analyze and
summarize the results of its monitoring process at
least annually, with identification of any systemic
or repetitive issues needing improvement, along
with recommendations for corrective action.


The audit organization should communicate to
appropriate personnel any deficiencies noted
during the monitoring process and make
recommendations for appropriate remedial action.

34

34

Chapter 3:

External Peer Review


The audit organization should obtain an external
peer review at least once every 3 years.


The peer review team uses professional judgment
in determining the type of peer review report. The
following are the types of peer review reports:


Peer review rating of pass


Peer review rating of pass with deficiencies


Peer review rating of fail



35

35

Chapter 4:

Standards for Financial Audits


Eliminated redundancy with AICPA standards


Clarified additional GAGAS requirements


Performing Financial Audits


Reporting on Financial Audits


Additional GAGAS considerations


Materiality


Early Communication of Deficiencies


Combined 2007 GAGAS Chapters 4 and 5 into
one chapter (2011 GAGAS Chapter 4)


No new requirements were added for financial audits.




36

36

Chapter 5:

Standards for Attestation Engagements


Separated attestation engagement requirements
by category of engagement


Examination Engagements


Review Engagements


Agreed
-
Upon Procedures Engagements


Within each category, emphasized:


Additional GAGAS reporting requirements


Required elements of AICPA reporting


No new requirements were added for attestation
engagements.




37

37

Chapters 6 and 7:

Performance Audits


The discussion of validity as an aspect of the
quality of evidence has been revised to indicate
that it is the extent to which evidence is a
meaningful or reasonable basis for measuring
what is being evaluated.


In other words, validity refers to the extent to which
evidence represents what it is purported to represent.





38

38

Chapters 6 and 7:

Performance Audits (Continued)


The fraud reporting requirement is now limited to
occurrences that are significant within the context
of the audit objectives, with a requirement to
communicate in writing other instances of fraud
that warrant the attention of those charged with
governance.





39



Questions?


The Yellow Book is available on GAO’s website at:


www.gao.gov/yellowbook



For technical assistance, contact us at:


yellowbook@gao.gov


(202) 512
-
9535