470 likes | 641 Views
Chapter. 11. Auditing of Governmental and Not-for-Profit Organizations. Learning Objectives. After studying Chapter 11, you should be able to: Explain the essential elements of financial audits by independent CPAs, including: The objective(s) of financial audits
E N D
Chapter 11 Auditing of Governmental and Not-for-Profit Organizations
Learning Objectives After studying Chapter 11, you should be able to: • Explain the essential elements of financial audits by independent CPAs, including: • The objective(s) of financial audits • The source and content of GAAS • Audit report formats and opinions • The audit process
Learning Objectives (Cont’d) • Explain what is meant by GAGAS, the source of GAGAS, and why and how GAGAS are broader than GAAS • Explain the types of audits performed under GAGAS, including financial audits, attestation engagements and performance audits
Learning Objectives (Cont’d) • Explain the essentials of a single audit, including: • The purpose and scope • Major program identification • Audit work required • Reports that must be submitted • Describe the implications of the Sarbanes-Oxley Act of 2002 on governments and not-for-profit organizations
Objective of a Financial Audit The independent auditor’s objective is to render a report expressing an opinion that the financial statements present fairly the financial position, changes in financial position, and, where applicable, cash flows of the organization • “Present fairly” means in conformity with appropriate generally accepted accounting principles (GAAP) • Opinions are based on reasonable assurance that the statements are free from material misstatements
Generally Accepted Auditing Standards (GAAS) • Auditors performing financial audits follow GAAS, reflected in Statements of Auditing Standards (SASs) issued by the AICPA • 10 standards (expanded on by more than 120 SASs) 3 general standards 3 field work standards 4 reporting standards • See Ill. 11-1
Auditor’s Standard Report Paragraphs in a standard audit report (see Ill. 11-2): • Opening Identifies the financial statements being audited • Scope Describes the nature of the audit • Opinion Expresses the auditor’s opinion about the fairness of the financial statements • Explanatory Used in most governmental audits, usually related to the auditor’s role in reviewing supplementary information
Types of Auditor’s Opinions • Unqualified (clean)—Statements present fairly the financial position and changes in position (and cash flows, if applicable) according to GAAP. See Ill. 11-2 • Qualified opinion—Statements contain a material departure from GAAP or there is a material change between periods in GAAP. See Ill. 11-3 • Adverse opinion—Financial statements do not present fairly in conformity with GAAP • Disclaimer of opinion—Often due to inability to examine records
GAAP for Nongovernmental Entities The FASB Accounting Standards Codification is the source of authoritative GAAP to be applied by nongovernmental entities. Rules and interpretive releases of the SEC under authority of federal securities laws are also sources of authoritative GAAP for SEC registrants.
Materiality • Definition: In the auditor’s judgment, the level at which the quantitative or qualitative effects of misstatements will have a significant impact on users’ evaluations • AICPA Audit and Accounting Guide State and Local Governments requires auditors to make separate materiality determinations for each opinion unit. These are: • Governmental activities • Business-type activities • Aggregate discretely presented component units • Each major governmental and enterprise fund • The aggregate remaining fund information
Auditing Required Supplementary Information (RSI) • RSI, such as MD&A and budgetary comparison schedules, are outside the scope of the financial statement audit • Auditors apply certain limited procedures in connection to RSI to provide assurance that they are fairly presented in relation to the basic financial statements
Types of Governmental Audits Ill. 11-5 Financial—Provides an opinion about whether an entity’s financial statements are presented fairly in all material respects in conformity with an applicable financial reporting framework Attestation engagement—Provides a report and assertion about subject matter that is the responsibility of another party; e.g., internal controls, compliance, MD&A, contract amounts, performance measures Performance—Provides findings or conclusions based on an evaluation of sufficient, appropriate evidence against criteria
Generally Accepted Government Auditing Standards (GAGAS) • Standards issued by the U.S. Government Accountability Office in its “yellow book” • Required of auditors in a Single Audit of organizations that expend more than $500,000 in federal resources in any year • States may also require “yellow book” audits of their local governments
GAGAS Financial Audit Standards • There are 4 general standards • GAGAS incorporates the GAAS fieldwork standards and adds 5 additional standards for performing financial audits • GAGAS incorporates the GAAS reporting standards and adds 6 additional standards for reporting financial audits
GAGAS General Standards General Standards • 1. Independence standard: In all matters relating to audit work, the audit organization and the individual auditor must be independent in mind and in appearance. • 2. Professional judgment: Auditors must use professional judgment in planning and performing audits and in reporting the results.
GAGAS General Standards (Cont’d) General Standards • 3. Competence: The staff assigned to perform the audit must collectively possess adequate professional competence needed to address the audit objectives and perform the work in accordance with GAGAS. • 4. Quality control and assurance: The audit organization must establish and maintain a system of quality control and have an external peer review at least once every 3 years.
GAGAS Requirements for Performing Financial Audits • 1. Pertinent information should be communicated to individuals contracting for or requesting the audit. • 2. During audit planning, the auditors should evaluate whether the audited entity has taken appropriate corrective action to address findings and recommendations from previous engagements that could have a material effect on the financial statements.
GAGAS Requirements for Performing Financial Audits (Cont’d) • 3. Auditors should extend the AICPA requirements pertaining to the auditors’ responsibilities for laws and regulations to also apply to compliance with provisions of contracts or grant agreements. • 4. When audit findings involve deficiencies in internal control; noncompliance; fraud; or abuse, auditors should plan and perform procedures to develop the elements (criteria, condition, cause and effect) of the findings that are relevant and necessary to achieve the audit objectives.
GAGAS Requirements for Performing Financial Audits (Cont’d) • 5. Documentation should be provided concerning evidence of supervisory review of work performed. For any departures from the GAGAS requirements, auditors should document the impact on the audit and on the auditors’ conclusions.
GAGAS Requirements for Reporting on Financial Audits • 1. When audits are conducted in accordance with GAGAS, a reference to GAGAS should be made in the audit report. • 2. When the financial statement audit report contains an opinion or a disclaimer of opinion, a report on internal control over financial reporting and on compliance with laws, regulations, and provisions of contracts and grants must be provided as part of the report or as a separate report.
GAGAS Requirements for Reporting on Financial Audits (Cont’d) • 3. Based on the audit work performed, a report should be made on significant deficiencies and material weaknesses in internal control, and instances of fraud; noncompliance with provisions of laws and regulations; or violations and abuse that are material. • 4. When reporting deficiencies in internal control, the views of responsible officials concerning the audit report and any plans for corrective action should be included.
GAGAS Requirements for Reporting on Financial Audits (Cont’d) • 5. When applicable, the report should indicate that confidential or sensitive information has been omitted from the report and the reason that such an omission is necessary. • 6. Submission of reports should be made to appropriate officials, and audits should be made available to the public. Auditors should document any limitation on report distribution.
Unique Aspects of GAGAS • GAGAS standards place much more emphasis on compliance with laws and regulations than do GAAS
Unique Aspects of GAGAS (Cont’d) • The competence standard requires, among other things, that auditors have: • A thorough knowledge of governmental auditing standards and the specific or unique environment in which the audited entity operates • At least 80 hours of CE (CPE) every two years of which • At least 20 hours must be completed in each of the two years • At least 24 hours must be related directly to governmental auditing or the unique environment in which the audited entity operates
Independence Standards • Independence is covered in 4 sections: (1) a conceptual framework; (2) guidance for internal audit organizations (not covered in text); (3) guidance when performing nonaudit services; and (4) requirements and guidance on documentation to support consideration of auditor independence • GAGAS establish a conceptual framework that requires auditors to identify, evaluate, and apply safeguards to appropriately address threats to independence. See Ill 11-7
GAO Independence Standards–Conceptual Framework • Threats to independence are circumstances that could impair independence. They include self-interest threat, self-review threat, bias threat, familiarity threat, undue influence threat, management participation threat, and structural threat • Safeguards are controls designed to eliminate or reduce threats to independence • If threats to independence are not at an acceptable level, the auditors should document the threats identified and the safeguards applied to eliminate the threats or reduce them to an acceptable level.
GAO Independence Standards–Nonaudit Work DEFINITION: Work solely performed for the benefit of the entity requesting the work and which does not provide for a basis for conclusions, recommendations, or opinions as would a financial audit, attestation engagement, or performance audit • Auditors are prohibited from assuming a management responsibility (i.e., making significant decisions regarding the acquisition, deployment, and control of resources), because the management participation threat would be so severe that no safeguards could reduce the threats to an acceptable level
GAO Independence Standards–Nonaudit Work (Cont’d) • GAGAS identify examples of nonaudit services that could potentially impair the auditors’ independence in the government environment: preparing accounting records and financial statements, internal audit services, internal control monitoring and assessments, information technology systems services, and valuation services • Auditors should use the conceptual framework to assess independence for services not specifically addressed by these categories
GAO Independence Standards–Documentation • The auditor is required to document conclusions regarding compliance with independence, including: • Discussion of threats identified and safeguards in place or applied that eliminated the threat or reduced it to an acceptable level • Safeguards required for an audit organization that is structurally located within a government entity • Consideration of audited entity management’s ability to effectively oversee a nonaudit service to be provided by the auditor • The auditor’s understanding with an audited entity for which the auditor will perform a nonaudit service
What is the Purpose of a Single Audit? • Improve the efficiency and effectiveness of governmental audit effort • Replace a multitude of grant-by-grant audits with a single, comprehensive, entity-wide audit • Provide all federal awarding agencies a single report of a recipient of federal awards to satisfy a program’s audit requirements
Determining Who Must Have a Single Audit • State and local governments, not-for-profit organizations, including colleges and hospitals, that expend more than $500,000 in federal financial assistance in a year • If expended only for one program or one program cluster, the entity may have a program audit, otherwise the audit must be a single audit
Single Audit (Cont’d) 1996 Single Audit Act Amendments: • Establishes a risk-based approach for audit testing, thus placing greater audit coverage on high risk programs • Improves the contents and timeliness of single audit reporting • Permits the Office of Management and Budget (OMB) to administratively revise Single Audit requirements without requiring additional legislation • See OMB Circular A-133 and the related Compliance Supplement for implementation guidance
Single Audit (Cont’d) • Calculation of amount of federal awards expended • Calculation can be complex • Basic rule is that a federal award has been expended when the federal agency has become at risk and the nonfederal recipient has a duty of accountability • See Ill. 11-8
Single Audit Requirements • Annual audit encompassing the entity’s financial statements and schedule of expenditures of federal awards • Audit must be conducted by an independent auditor • Auditors must follow GAGAS (yellow book standards) • Auditor must determine whether financial statements present fairly in conformity with GAAP and the schedule of federal financial awards is presented fairly in relation to the financial statements
Single Audit Requirements (Cont’d) • Auditor must obtain an understanding of internal controls pertaining to the compliance requirements for each major program, and assess control risk and perform tests of control • Federal and nonfederal “pass-through” agencies are assigned certain responsibilities for compliance
Compliance Audits (as Part of Single Audit) For each major program the auditor must test whether the program: • Was administered in conformity with the appropriate OMB Circular (A-102 or A-110) • Complied with detailed requirements in the A-133 Compliance Supplement and other specified requirements
Selection of Programs for Single Audit Use the sliding scale shown in Chapter 11 and follow the steps in Ill. 11-9 • Identify Type A programs • Identify low-risk programs (based on no audit findings in the most recent audit and absence of certain risk factors) • Assess risk of Type B programs (major programs that are not Type A programs)
Selection of Programs for Single Audit (Cont’d) • At a minimum, audit all high risk Type A programs and either • Half of the high-risk Type B programs or • One high-risk Type B program for each low-risk Type A program • Audit enough major programs to ensure that at least 50% of total federal award expenditures are audited
Required Reporting Under Single Audit • Both auditee and auditor have responsibilities for the “reporting package” that must be filed electronically and sent to the single audit clearinghouse • Reporting package consists of: • Financial statements and schedule of expenditures of federal awards • Summary schedule of prior audit findings • Auditor’s reports (see Ill. 11-10) • Corrective action plan
Required Reporting Under Single Audit (Cont’d) • Schedule of findings and questioned costs • Describes such matters as internal control weaknesses, instances of noncompliance, questioned costs, fraud, and material misrepresentations by the auditee • Internal control weaknesses are reported as either: material weaknesses (a deficiency such that there is a reasonable possibility that a material misstatement of the entity's financial statements will not be prevented on a timely basis), orsignificant deficiencies (a deficiency that is less severe than a material weakness, yet important enough to merit attention by those charged with governance)
Required Reporting Under Single Audit (Cont’d) • Schedule of Findings and Questioned Costs (Cont’d) • A questioned cost usually involves an instance of noncompliance with a law or regulation where the costs are either not allowable, are unreasonable, or are not supported by adequate documentation • Known questioned costs greater than $10,000 or likely costs greater than $10,000 must be reported in the schedule of findings and questioned costs
Cognizant Agencies • To promote quality control, nonfederal entities expending more than $50 million in federal awards are assigned a cognizant agency—usually the agency providing the predominant amount of support • The cognizant agency provides technical advice and serves as a liaison, conducts quality control reviews, refers substandard audits for disciplinary action, and facilitates communication
Oversight Agencies • Nonfederal entities expending less than $50 million are assigned an oversight agency rather than a cognizant agency • Oversight agencies have similar but less extensive responsibilities than oversight agencies
Single Audit Quality • The President’s Council on Integrity and Efficiency’s 2007 report on the national single audit sampling project found • 48.6% of single audits were of acceptable quality • 16.0% were of limited reliability • 35.5% were of unacceptable quality • Recommendations on improving single audit quality • Improve the single audit standards and guidance • Establish minimum training requirements • Establish consequences for submitting unacceptable audits
Impact of Sarbanes-Oxley Act SOX applies to publicly-held companies, but many governments are adapting some “best practices” in the areas of: • Audit Committees–subsets of the governing council that appoint, oversee, and work with the external auditor throughout the year • Internal Controls–OMB Circular A-123 Management’s Responsibility for Internal Control is one example of a review and tightening of internal controls in the government sector
Concluding Comments • Auditors add value to information by being independent and conforming to professional auditing standards (GAAS or GAGAS) • GAGAS applies to audits of nonfederal entities that expend at least $500,000 of federal awards • GAGAS are broader than GAAS in that they include standards for financial and performance audits and attestation engagements • The single audit improves both the efficiency and effectiveness of audits of nonfederal entities with significant expenditures of federal awards END