web analytics

Auditing standards provide measures of quality that can be used to judge the effectiveness of the tests and procedures used to meet the audit objectives. Standards for traditional financial audits are known as generally accepted auditing standards (GAAS) and are promulgated by the AICPA through the Auditing Standards Board. Supplemental standards for financial audits of governments have been established by the U. S. General Accounting Office (GAO) in its publication Government Auditing Standards (2011 revision), commonly referred to as the Yellow Book. These standards differ from generally accepted government auditing standards (GAGAS). (GAGAS 2018 revision applicable to FYE June 30, 2020)

While GAAS and GAGAS are fundamentally similar, GAGAS goes beyond GAAS in setting additional standards for public sector audits. Auditors must follow GAAS when conducting a financial audit. The following discussion outlines GAAS and highlights the additional requirements of GAGAS.

The AICPA sets three general standards for audits that are to be performed in accordance with GAAS:

  • The audit is to be performed by a person or persons having adequate technical training and proficiency as an auditor.
  • In all matters relating to the assignment and independence in mental attitude is to be maintained by the auditor or auditors.
  • Due professional care is to be exercised in the performance of the audit and the preparation of the report.

    Above: A visual representation of key words in the AICPA’s

GAGAS provides a separate set of general standards that apply to Yellow Book engagements. Those standards address qualifications, independence, due professional care and quality control. The primary differences from GAAS involve the standards concerning qualifications and quality control.

  • GAGAS Qualifications – The staff assigned to conduct the audit should collectively possess adequate professional proficiency for the tasks required. Unlike GAAS, GAGAS requires auditors to participate in specific types of continuing education and training to maintain their professional proficiency.
  • General Staff Qualifications – The qualification standard places responsibility on the audit organization to ensure that the audit is conducted by staff who collectively have the knowledge and the skills necessary for the audit to be conducted. Staff conducting the audit shall collectively possess a thorough knowledge of the public sector environment and of auditing requirements applicable to governments. The qualifications mentioned here apply to the knowledge and skills of the audit organization and not necessarily to each individual auditor.
  • Continuing Education -To comply with the qualification standard, the audit organization should have a program to ensure that its staff maintains professional proficiency through continuing education and training. Starting April 1, 2005, auditors must complete at least 80 hours of continuing education and training every two years. All 80 hours of this training must contribute to the auditor’s professional proficiency. At least 20 hours should be completed in any one year of the two-year period. For individuals responsible for planning, directing, conducting substantial portions of the fieldwork or reporting on the audit, at least 24 of the 80 hours should relate directly to the government environment and to government auditing. The auditor or audit organization should maintain documentation of the education and training completed.
  • Licensing Requirements -For financial audits that lead to the expression of an opinion, the auditor should be proficient in the appropriate accounting principles and standards and in governmental auditing. The public accountants engaged to conduct audits should be licensed certified public accountants or persons working for a licensed certified public accounting firm.

 

Audit organizations conducting governmental audits should have an appropriate internal quality control system in place and participate in an external quality control review program. GAGAS goes beyond GAAS in requiring auditors. to participate in an external quality control review (peer review) program at least once every three years, beginning January 1, 1989. Audit organizations seeking to enter into a contract to perform an audit in accordance with GAGAS should provide their most recent external quality control review to the entity contracting for the audit.

The AlCPA’s GAAS established three standards for fieldwork to guide auditors in planning and performing the audit:

  • The work is to be adequately planned and assistants, if any, are to be properly supervised.

    GAAS – Generally Accepted Audit Standards acronym

  • A sufficient understanding of the internal controls is to be obtained to plan the audit and to determine the nature, timing and extent of tests to be performed.
  • Sufficient, competent evidentiary matter is to be obtained through inspection, observation, inquiries, and confirmations to afford a reasonable basis for an opinion regarding the financial statements under examination.

The fieldwork standards of GAGAS incorporate the AlCPA standards. However, to meet the special needs and interests of the public sector, the Yellow Book also sets forth certain supplemental standards for planning, irregularities, illegal acts and other noncompliance, internal controls, and financial-related audits. The primary differences from GAAS involve materiality, audit follow up, noncompliance other than illegal acts, safeguarding controls, working papers and financial-related audits.

  • Materiality – Auditors’ consideration of materiality is a matter of professional judgment and is influenced by their perception of the needs of a reasonable person who will rely on the financial statements. Materiality judgments are made in light of surrounding circumstances and necessarily involve both quantitative and qualitative considerations. In an audit of the financial statements of a governmental entity or an entity that receives government assistance, auditors may set lower materiality levels than in an audit in the private sector because of the public accountability of the entity, visibility and sensitivity of government programs, activities, and functions.
  • Audit Follow-up – Auditors should follow up on known material findings and recommendations from previous audits and should report the status of uncorrected material findings and recommendations from prior audits that affect the financial statement audit.
  • Noncompliance Other than Illegal Acts – Noncompliance includes not only illegal acts, but also violations of provisions of contracts or grant agreements. Under GAGAS, auditors have the same responsibilities for detecting material misstatements arising from other types of noncompliance as they do for detecting those arising from illegal acts. Auditors should design the audit to provide reasonable assurance of detecting material misstatements resulting from direct and material noncompliance with provisions of contracts and grant agreements. A financial statement audit provides no assurance that indirect noncompliance with provisions of contracts or grant agreements will be detected. If specific information comes to the auditor’s attention that provides evidence concerning the existence of possible noncompliance that has a material indirect effect on the financial statements, auditors should apply audit procedures specifically directed to ascertaining whether that noncompliance has occurred.
  • Safeguarding Controls – Safeguarding controls relates to the prevention or timely detection of unauthorized transactions and unauthorized access to assets that could result in losses that are material to the financial statements. Such controls also help prevent or detect other material losses that could result from unauthorized acquisition, use or disposition of assets. Because preventing or detecting material misappropriations is an objective of safeguarding controls, understanding those controls can be essential to planning the audit.
  • Working Papers – A record of the auditor’s work should be retained in the form of working papers. Working papers should contain sufficient information to enable an experienced auditor having no previous connection with the audit to ascertain from them the evidence that supports the auditor’s significant conclusions and judgments. Supplemental working paper requirements for financial audits are that working papers should contain:
    • The objectives, scope, and methodology including any sampling criteria used,
    • Documentation of the work performed to support significant conclusions and judgments, including descriptions of transactions and records examined that would enable an experienced auditor to examine the same transactions and records; and
    • Evidence of supervisory review of the work performed.
  • Working Papers Retention -Audit organizations should establish policies and procedures to ensure the safe custody and retention of working papers for a time sufficient to satisfy legal and administrative requirements. Although the working papers are subject to review by applicable governmental agencies, they are not otherwise considered as records open to the general public.
  • Financial-Related Audits -Financial-related audits include determining whether;
    • Financial information is presented in accordance with established or stated criteria,
    • The entity has adhered to specific financial compliance requirements, or the entity’s internal controls over financial reporting, and
    • Safeguarding assets is suitably designed and implemented to achieve the control objectives.

Such audits may include audits of the following items: segments of the financial statements, internal controls over compliance with laws and regulations, internal controls over financial reporting and/or safeguarding assets, compliance with laws and regulations and allegations of fraud. GAGAS incorporates certain AICPA Statements on Auditing Standards and Statements on Standards for Attestation Engagements that address specific types of financial-related audits.

The AICPA’s GAAS prescribe four standards of reporting:

  • The report shall state whether the financial statements are presented in accordance with generally accepted accounting principles.
  • The report shall identify those circumstances in which such principles have not been consistently observed in the current period in relation to the preceding period.
  • Informative disclosures in the financial statements are to be regarded as reasonably adequate unless otherwise stated in the report.
  • The report shall either contain an expression of opinion regarding the financial statements, taken as a whole, or an assertion to the effect that an opinion cannot be expressed. When an overall opinion cannot be expressed, the reasons therefore should be stated. In all cases where an auditor’s name is associated with financial statements, the report should contain a clear-cut indication of the character of the auditor’s examination, if any, and the degree of responsibility taken.

In addition to the GAAS guidance on reporting, GAGAS provides additional reporting standards to meet the special needs and interests of the public sector.

  • Communication with Audit Committees and Others -Auditors should communicate certain information relating the performance of the audit and the resulting reports to the audit committee or to the individuals with whom they have contracted for the audit. The information to be communicated should include: (1) the auditor’s responsibilities for testing and reporting on internal controls, (2) compliance with laws and regulations, and (3) the nature of additional testing of internal controls and compliance required by laws and regulations.
  • Reporting on Compliance with Generally Accepted Government Auditing Standards -A statement should be included in the auditor’s report that the audit was made in accordance with generally accepted government auditing standards. GAGAS do not prohibit auditors from issuing a separate report that conforms only to the AI CPA standards.
  • Report on Compliance with Laws and Regulations and on Internal Controls -The report on the financial statements should either describe the scope of the auditor’s testing of compliance with laws and regulations and internal controls and present the results of those tests or refer to separate reports containing that information. In presenting the results of those tests, auditors should report irregularities, illegal acts, other material noncompliance and significant deficiencies in internal controls. In some circumstances, auditors should report irregularities and illegal acts directly to parties external to the audited entity.
  • Privileged and Confidential Information -If certain information prohibited from general disclosure is omitted, the report should state the nature of the information omitted and the requirement that makes the omission necessary.
  • Report Distribution -Written audit reports are submitted by the audit organization to the appropriate officials of the organization audited and to the appropriate officials of the organizations requiring or arranging for the audits, including external funding organizations unless legal restrictions, ethical considerations or other arrangements prevent it. Copies of the report should also be sent to other officials who have legal oversight authority or who may be responsible for taking action and to others authorized to receive such. reports. Unless restricted by law or regulation, copies should be made available for public inspection. When public accountants are engaged, the engaging organization must ensure that appropriate distribution is made. If public accountants are to make the distribution, the engagement agreement should indicate what officials or organizations are to receive the report. Internal auditors should follow their entity’s own arrangements and statutory requirements for distribution.