Government Auditing Standards, 2010 Exposure Draft (GAO-10-853G, August 2010)
|
Please send your comments electronically to yellowbook@gao.gov
This is the accessible text file for GAO report number GAO-10-853G
entitled 'Government Auditing Standards: 2010 Exposure Draft' which
was released on August 23, 2010.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as
part of a longer term project to improve GAO products' accessibility.
Every attempt has been made to maintain the structural and data
integrity of the original printed product. Accessibility features,
such as text descriptions of tables, consecutively numbered footnotes
placed at the end of the file, and the text of agency comment letters,
are provided but may not exactly duplicate the presentation or format
of the printed version. The portable document format (PDF) file is an
exact electronic replica of the printed version. We welcome your
feedback. Please E-mail your comments regarding the contents or
accessibility features of this document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
United States Government Accountability Office:
GAO:
By the Comptroller General of the United States:
August 2010:
Government Auditing Standards:
2010 Exposure Draft:
GAO-10-853G
United States Government Accountability Office:
Washington, DC 20548:
August 2010:
To Audit Officials And Others Interested In Government Auditing
Standards:
GAO invites your comments on the accompanying proposed changes to
Government Auditing Standards (GAGAS), commonly known as the "Yellow
Book." This letter describes the process used by GAO for revising
GAGAS, summarizes the proposed major changes, discusses proposed
effective dates, and provides instructions for submitting comments on
the proposed standards.
Process for Revising GAGAS:
To help ensure that the standards continue to meet the needs of the
audit community and the public it serves, the Comptroller General of
the United States appointed the Advisory Council on Government
Auditing Standards to review the standards and recommend necessary
changes. The Advisory Council includes experts in financial and
performance auditing drawn from federal, state, and local government,
the private sector, public accounting, and academia. This exposure
draft includes the Advisory Council's input regarding the proposed
changes. We are currently requesting public comments on the proposed
revisions in the exposure draft.
Summary of Major Changes:
The proposed revision to GAGAS will be the sixth since GAO first
issued the standards in 1972. The proposed changes contained in the
2010 Exposure Draft update GAGAS to reflect major developments in the
accountability and audit profession and emphasize specific
considerations applicable to the government environment. The major
changes in the proposed revision were made to:
* consolidate and reorganize the foundation and ethical principles for
government audits and the standards for use and application of GAGAS
(chapters 1 and 2);
* add a conceptual framework approach for independence (chapter 3);
* update the financial audit standards to (1) reflect recent updates
to the auditing standards issued by the American Institute of
Certified Public Accountants (AICPA), where applicable, (2) more
clearly identify the GAGAS requirements and guidance that supplement
AICPA requirements for financial audits, and (3) consolidate the
financial audit standards into a single chapter (chapter 4);
* further clarify application of the attestation engagement standards
to clearly distinguish the requirements related to each type of
attestation work (chapter 5);
* update the performance audit standards to (1) limit the fraud
reporting requirement to occurrences that are significant within the
context of the audit objectives, with a requirement to communicate
other instances of fraud in writing to those charged with governance,
and (2) revise the discussion of validity as an aspect of the quality
of evidence (chapters 6 and 7); and;
* clarify language throughout the document.
Enclosure 1 to this letter contains a more comprehensive listing of
the major changes.
Effective Dates:
When issued in final form, the 2011 revision will supersede the July
2007 revision of the standards and the guidance provided in Government
Auditing Standards: Answers to Independence Standard Questions (GAO-02-
870G). The effective date for the 2011 revision of GAGAS will be
established when the standards are issued in final form.
Instructions for Commenting:
The draft of the proposed changes to Government Auditing Standards,
2010 Exposure Draft, is only available in electronic format and can be
downloaded from GAO's Yellow Book Web Page at [hyperlink,
http://www.gao.gov/govaud/ybk01.htm].
We are requesting comments on this draft from audit officials and
financial management at all levels of government, the public
accounting profession, academia, professional organizations, public
interest groups, and other interested parties. To assist you in
developing your comments, specific issues are presented in enclosure 2
to this letter. We encourage you to comment on these issues and any
additional issues that you note. Please associate your comments with
specific references to question numbers in the enclosure and/or
paragraph numbers in the proposed standards and provide your rationale
for any suggested changes, along with suggested revised language.
Please send your comments electronically to yellowbook@gao.gov no
later than November 22, 2010.
If you need additional information please call Michael Hrapsky,
Specialist, Auditing Standards, at (202) 512-9535, or Jim Dalkin,
Director, at (202) 512-3133.
Sincerely yours,
Signed by:
Jeanette M. Franzel:
Managing Director:
Financial Management and Assurance:
Enclosures:
Enclosure 1:
Government Auditing Standards 2010 Exposure Draft:
Summary of Major Changes:
Unless otherwise noted, numbers in parentheses refer to paragraphs in
the 2010 Exposure Draft.
Change to Guidance for Government Auditing Standards:
The guidance provided in Government Auditing Standards: Answers to
Independence Standard Questions (Report number GAO-02-870G) will be
superseded by the revised GAGAS General Standards contained in chapter
3 when they become effective.
Overall Changes:
Chapters 1 and 2 have been realigned. Along with the introduction,
chapter 1 now includes the foundation and ethical principles of
government auditing. The discussion of the use and application of
GAGAS is now in chapter 2.
All financial audit standards are now in chapter 4. The chapters on
financial audit performance and reporting, formerly chapters 4 and 5,
have been combined into one chapter.
Terminology has been updated for consistency with other standards. For
financial audits only, the term "field work" has been replaced by
"performance." (For attestation engagements and performance audits,
GAGAS continues to use the term "field work." This terminology is
consistent with AICPA standards.)
Consistency of the use of footnotes has been improved. Footnotes now
are used strictly to refer to other sections of GAGAS and to other
audit standards. Other information that was in footnotes in previous
GAGAS editions has been either moved into the GAGAS text itself or
eliminated.
Chapter 1 - Government Auditing: Foundation and Ethical Principles Two
definitions were incorporated into the text: (1.07)
* "Auditor" describes individuals performing work under GAGAS
(including audits and attestation engagements) regardless of job title.
* "Audit organization" refers to government audit organizations as
well as public accounting or other firms that perform audits and
attestation engagements using GAGAS.
Structural location of the audit function relative to the audited
entity is discussed. (1.08-1.09)
* External audit organizations report to third parties externally.
* Internal audit organizations are accountable to top management and
those charged with governance and do not generally issue reports to
third parties externally.
* Government audit organizations that report to both third parties and
top management are considered external audit organizations.
Chapter 2 - Standards for the Use and Application of GAGAS:
The role of professional judgment in determining the appropriate type
of GAGAS compliance statement is emphasized. (2.22)
The requirement that auditors use GAGAS as the prevailing standard if
inconsistencies exist between GAGAS and other standards cited was
removed. (2007 GAGAS, 1.14), and clarification was made for citing
both GAGAS and the use of other standards in their audit report. (2.19)
Chapter 3 - General Standards:
A conceptual framework for independence was added to provide a means
for auditors to assess auditor independence in light of the unique
circumstances that may apply to these determinations and are not
expressly prohibited. (3.02-3.52) The proposed conceptual framework
achieves further harmonization with AICPA and international standards,
with additional considerations for government audits.
* A conceptual framework for making independence determinations based
on facts and circumstances that are often unique to specific audit
environments (3.06-3.26);
* Guidance for auditors considering independence issues as they relate
to audit organizations that are structurally located within the
governments they audit (3.273.42;
* Independence requirements when performing nonaudit services,
including indication of specific nonaudit services that would impair
independence (3.43-3.51); and;
* Guidance on documentation necessary to support adequate
consideration of auditor independence (3.52).
Requirements for continuing professional education (CPE) were
clarified. The distinction between internal and external specialists
was highlighted, and the CPE requirements for internal specialists
were specified. (3.72-3.75)
* External specialists assisting in performing a GAGAS audit should be
qualified and maintain professional competence in their areas of
specialization but are not required to meet the GAGAS CPE requirements.
* Internal specialists who are performing work under GAGAS should
comply with GAGAS, including the CPE requirements.
* For internal specialists, training in areas of specialization
qualifies under the requirement for 24 hours of CPE.
Chapter 4- Standards for Financial Audits:
Certain AICPA standards have been emphasized. For financial audits,
GAGAS incorporates the AICPA standards; however, AICPA standards that
may have unique considerations in the government environment have been
emphasized regarding:
* Materiality. (4.50)
* Early communication of deficiencies. (4.51)
Deleted the following paragraphs from GAGAS to eliminate redundancy
with the AICPA standards:
* Requirements on reporting on restatements. (2007 GAGAS, 5.26)
* Communication of significant matters. (2007 GAGAS, 4.58)
* Consideration of fraud and illegal acts. (2007 GAGAS, 4.27-4.28)
The discussion of reasonable assurance as it pertains to financial
audits has been revised to concur with revisions to the AICPA
standards.
Deleted the requirement to document the results of the work to the
date of termination and why the audit was terminated. Facts and
circumstances surrounding the termination of audits differ, and the
requirement is not always relevant or meaningful. (2007 GAGAS, 4.08)
The requirement that audit organizations develop policies to address
requests by outside parties to obtain access to audit documentation
has been removed in response to indications that the requirement is of
limited value on those rare occasions when the circumstances described
occur. (2007 GAGAS, 4.24)
Chapter 5- Standards for Attestation Engagements:
Early communication of deficiencies has been added as a consideration
auditors may follow in the course of an examination engagement. (5.45b
and 5.47)
Guidance on reporting deficiencies in internal control was revised.
* Auditors should include in the examination report deficiencies, even
those communicated early, that are considered significant deficiencies
or material weaknesses. (5.22)
Several sections of the chapter have been removed, including:
* The AICPA general and field work standards for attestation
engagements. The AICPA attestation standards are incorporated into
GAGAS by reference. (2007 GAGAS, 6.03 and 6.04)
* The section on the role of an entity's internal control in planning
an examination-level engagement. (2007 GAGAS, 6.10-6.12)
* Documentation requirements for several aspects of audit planning.
(2007 GAGAS, 6.22d)
* The requirement that audit organizations develop policies to address
requests by outside parties to obtain access to audit documentation.
This was removed in response to indications that the requirement is of
limited value on those rare occasions when the circumstances described
occur. (2007 GAGAS, 6.26)
* The AICPA reporting standards for attestation engagements. The AICPA
attestation standards are incorporated into GAGAS by reference. (2007
GAGAS, 6.30)
* The definitions of deficiencies in internal control. These are
incorporated by reference to the AICPA attestation standards. (2007
GAGAS, 6.34)
Review-level and agreed-upon procedures engagements are separately
discussed. The new sections include specific requirements and
considerations that apply to the type of engagement, depending on the
level of service provided. Auditors are not permitted to deviate from
the reporting elements prescribed by the AICPA. For each type of
engagement, additional considerations have been added, which relate to:
* Establishing an understanding regarding services to be performed
(5.54-5.55 and 5.64-5.65)
* Reporting in accordance with AICPA standards (5.56-5.57 and 5.66-
5.67)
Chapter 6 - Field Work Standards for Performance Audits:
The discussion of validity as an aspect of the quality of evidence has
been revised to indicate that it is the extent to which evidence is a
meaningful or reasonable basis for measuring what is being evaluated.
(6.58)
The discussion of the sufficiency and appropriateness of computer-
processed information now indicates that the assessment of the
sufficiency and appropriateness of computer-processed information
includes considerations regarding the completeness and accuracy of the
data for the intended purposes. (6.64)
The requirement that audit organizations develop policies to address
requests by outside parties to obtain access to audit documentation
has been removed in response to indications that the requirement is of
limited value on those rare occasions when the circumstances described
occur. (2007 GAGAS, 7.84)
Chapter 7 - Reporting Standards for Performance Audits:
The fraud reporting requirement is now limited to occurrences that are
significant within the context of the audit (7.21), with a requirement
to communicate in writing other instances of fraud to those charged
with governance (7.22).
[End of Enclosure I]
Enclosure 2:
Government Auditing Standards 2010 Exposure Draft:
Questions for Commenters:
The following discussion and questions are provided to guide users in
commenting on the 2010 Exposure Draft of Government Auditing
Standards. We encourage you to comment on these issues and any
additional issues that you note. Please associate your comments with
specific references to issue numbers and/or paragraph numbers in the
proposed standards and provide your rationale for any proposed
changes, along with suggested revised language.
Chapter 1 - Government Auditing: Foundation and Ethical Principles:
Chapter 2 - Standards for Use and Application:
1. Chapters 1 and 2 of GAGAS were revised to address basic concepts of
the standards and the ethical principles in Chapter 1 and to identify
requirements for the use and application of the standards in Chapter
2. This realignment adds definitions of common terminology to Chapter
1 along with the ethical principles. Chapter 2 now contains
professional requirements that are applicable to all types of work
performed in accordance with GAGAS along with a description of audit
and attestation engagements that can be performed in accordance with
GAGAS. This realignment is intended to distinguish between basic
concepts and definitions and professional requirements that apply to
all GAGAS audits and attestation engagements.
Please comment on whether the realigned structure of chapters 1 and 2
improve the organization of GAGAS.
Chapter 3 - General Standards:
2. The independence section has been revised to add a conceptual
framework for independence. Other standard-setters, such as both the
International Federation of Accountants (IFAC) and the American
Institute of Certified Public Accountants (AICPA), have adopted a
similar conceptual framework for independence. Under the proposed
framework, auditors identify the threats to independence, evaluate the
significance of the threats identified, and apply safeguards, when
necessary, to eliminate the threats or reduce them to an acceptable
level.
Please comment on the conceptual framework discussed in this section.
3. The independence section also identifies six nonaudit services that
would impair the auditors' independence in the government environment.
These nonaudit services include certain activities under the following
categories of activities:
* Bookkeeping and preparing accounting records-—See para. 3.44
* Preparing financial statements-—See para. 3.46
* Internal audit services-—See para. 3.47
* Internal control monitoring and assessments-—See para. 3.49
* Information technology systems services-—See para. 3.50
* Valuation services-—See para. 3.51
Please comment on whether the exposure draft has clearly defined
specific nonaudit services that would impair the auditors'
independence in the government environment and whether the specific
nonaudit services identified are the appropriate activities to be
included in the prohibited category.
Chapter 4 - Standards for Financial Audits:
4. This chapter has been modified to clearly identify the additional
GAGAS requirements beyond the AICPA and highlighted government
considerations for applying certain AICPA standards in a GAGAS
financial audit. In clarifying the additional GAGAS requirements,
duplication between GAGAS and AICPA standards was reduced.
Please comment on whether this chapter sufficiently and clearly
explains what is required under GAGAS.
5. The current AICPA standard on auditor communication (SAS 115) and
GAGAS require auditors to communicate to management and those charged
with governance, in writing, significant internal control deficiencies
and material weaknesses identified during the audit, even if the
deficiencies or weaknesses are remediated during the audit.
Please comment on whether you believe GAGAS should add a requirement
that the written communication pertaining to remediated internal
control deficiencies and material weaknesses be included in the
auditors' report on internal control.
Chapter 5 - Standards for Attestation Engagements:
6. This chapter has been updated to more clearly address attestation
engagements that provide more limited level of assurance (review-level
engagements and agreed-upon procedures engagements). This modification
was proposed to address a common practice issue that some users do not
fully understand the need to follow all the applicable Statements on
Standards for Attestation Engagements (SSAEs) issued by the AICPA.
Please comment on whether the proposed revisions have clarified the
use and the reporting of review-level and agreed-upon procedures
engagements.
7. The AICPA attestation standard for performing an examination of
internal control over financial reporting (SSAE 15) and GAGAS require
auditors to communicate to management and those charged with
governance, in writing, significant internal control deficiencies and
material weaknesses identified during the examination, even if the
deficiencies or weaknesses are remediated during the examination.
Please comment on whether GAGAS should add a requirement that the
written communication pertaining to remediated internal control
deficiencies and material weaknesses be included in the auditors'
report. Also, please comment on whether the communication requirement
should be extended to all types of examination engagements, such as to
an examination of compliance with laws and regulations.
Chapters 6 & 7 - Field Work and Reporting Standards for Performance
Audits:
8. Please comment on the proposed revisions to chapters 6 and 7.
[End of Enclosure II]
Contents:
Letter:
Summary Of Major Changes:
Questions For Commenters:
Chapter 1:
Government Auditing: Foundation And Ethical Principles:
Introduction:
Purpose and Applicability of GAGAS:
Ethical Principles:
The Public Interest:
Integrity:
Objectivity:
Proper Use of Government Information, Resources, and Positions:
Professional Behavior:
Chapter 2:
Standards For Use And Application:
Introduction:
Types of GAGAS Audits and Attestation Engagements:
Financial Audits:
Attestation Engagements:
Performance Audits:
Nonaudit Services Provided by Audit Organizations:
Use of Terminology to Define GAGAS Requirements:
Relationship between GAGAS and Other Professional Standards:
Stating Compliance with GAGAS in the Auditors' Report:
Chapter 3:
General Standards:
Introduction:
Independence:
GAGAS Conceptual Framework Approach to Independence:
Threats:
Safeguards:
Application of the Conceptual Framework:
Government Auditors and Audit Organizational Structure:
External Auditor Independence:
Internal Auditor Independence:
Provision of Nonaudit Services to Audited Entities:
General Requirements for Performing Nonaudit Services:
Nonaudit Services that Impair Audit Independence:
Bookkeeping and Preparing Accounting Records:
Preparing Financial Statements:
Internal Audit Assistance Services:
Internal Control Monitoring and Assessments:
Information Technology Systems Services:
Valuation Services:
Documentation:
Professional Judgment:
Competence:
Technical Knowledge:
Additional Qualifications for Financial Audits and Attestation
Engagements:
Continuing Professional Education:
CPE Requirements for Specialists:
Quality Control and Assurance:
System of Quality Control:
Leadership Responsibilities for Quality within the Audit Organization:
Independence, Legal, and Ethical Requirements:
Initiation, Acceptance, and Continuance of Audit and Attestation
Engagements:
Human Resources:
Audit and Attestation Engagement Performance, Documentation, and
Reporting:
Monitoring of Quality:
External Peer Review:
Chapter 4:
Standards For Financial Audits:
Introduction:
Additional GAGAS Requirements for Performing Financial Audits:
Auditor Communication:
Previous Audits and Attestation Engagements:
Fraud, Noncompliance with Provisions of Laws, Regulations, Contracts,
and Grant Agreements, and Abuse:
Developing Elements of a Finding:
Audit Documentation:
Additional GAGAS Reporting Requirements for Financial Audits:
Reporting Auditors' Compliance with GAGAS:
Reporting on Internal Control, Compliance with Provisions of Laws,
Regulations, Contracts, and Grant Agreements, and Other Matters:
Deficiencies in Internal Control:
Fraud, Noncompliance with Provisions of Laws, Regulations, Contracts,
and Grant Agreements, and Abuse:
Presenting Findings in the Auditors' Report:
Reporting Findings Directly to Parties Outside the Audited Entity:
Reporting Views of Responsible Officials:
Reporting Confidential or Sensitive Information:
Distributing Reports:
Additional GAGAS Considerations for Financial Audits:
Materiality in GAGAS Financial Audits:
Early Communication of Deficiencies:
Chapter 5:
Standards For Attestation Engagements:
Introduction:
Examination Engagements:
Additional Field Work Requirements for Examination Engagements:
Auditor Communication:
Previous Audits and Attestation Engagements:
Fraud, Noncompliance with Provisions of Laws, Regulations, Contracts,
and Grant Agreements, and Abuse:
Developing Elements of a Finding:
Attest Documentation:
Additional GAGAS Reporting Requirements for Examination Engagements:
Reporting Auditors' Compliance with GAGAS:
Reporting Deficiencies in Internal Control, Fraud, Noncompliance with
Provisions of Laws, Regulations, Contracts, and Grant Agreements, and
Abuse:
Deficiencies in Internal Control:
Fraud, Noncompliance with Provisions of Laws, Regulations, Contracts,
and Grant Agreements, and Abuse:
Presenting Findings in the Examination Report:
Reporting Findings Directly to Parties Outside the Entity:
Reporting Views of Responsible Officials:
Reporting Confidential or Sensitive Information:
GAO-10-853G Government Auditing Standards Exposure Draft
Distributing Reports:
Additional GAGAS Considerations for Examination Engagements:
Materiality in GAGAS Examination Engagements:
Early Communication of Deficiencies:
Review Engagements:
Additional GAGAS Field Work Requirements for Review Engagements:
Communicating Significant Deficiencies, Material Weaknesses, Instances
of Fraud, Noncompliance with Provisions of Laws, Regulations,
Contracts, and Grant Agreements, and Abuse:
Additional GAGAS Reporting Requirements for Review Engagements:
Reporting Auditors' Compliance with GAGAS:
Distributing Reports:
Additional GAGAS Considerations for Review Engagements:
Establishing an Understanding Regarding Services to be Performed:
Reporting on Review Engagements:
Agreed-Upon Procedures Engagements:
Additional GAGAS Field Work Requirements for Agreed-Upon Procedures
Engagements:
Communicating Significant Deficiencies, Material Weaknesses, Instances
of Fraud, Noncompliance with Provisions of Laws, Regulations,
Contracts, and Grant Agreements, and Abuse:
Additional GAGAS Reporting Requirements for Agreed-Upon Procedures
Engagements:
Reporting Auditors' Compliance with GAGAS:
Distributing Reports:
Additional GAGAS Considerations for Agreed-Upon Procedures Engagements:
Establishing an Understanding Regarding Services to be Performed:
Reporting on Agreed-Upon Procedures Engagements:
Chapter 6:
Field Work Standards For Performance Audits:
Introduction:
Reasonable Assurance:
Significance in a Performance Audit:
Audit Risk:
Planning:
Nature and Profile of the Program and User Needs:
Internal Control:
Information Systems Controls:
Provisions of Laws, Regulations, Contracts, and Grant Agreements,
Fraud, and Abuse:
Provisions of Laws, Regulations, Contracts, and Grant Agreements:
Fraud:
Abuse:
Ongoing Investigations or Legal Proceedings:
Previous Audits and Attestation Engagements:
Identifying Audit Criteria:
Identifying Sources of Evidence and the Amount and Type of Evidence
Required:
Using the Work of Others:
Assigning Staff and Other Resources:
Communicating with Management, Those Charged with Governance, and
Others:
Preparing a Written Audit Plan:
Supervision:
Obtaining Sufficient, Appropriate Evidence:
Appropriateness:
Sufficiency:
Overall Assessment of Evidence:
Developing Elements of a Finding:
Early Communication of Deficiencies:
Audit Documentation:
Chapter 7:
Reporting Standards For Performance Audits:
Introduction:
Reporting:
Report Contents:
Objectives, Scope, and Methodology:
Reporting Findings:
Deficiencies in Internal Control:
Fraud, Noncompliance with Provisions of Laws, Regulations, Contracts,
and Grant Agreements, and Abuse:
Reporting Findings Directly to Parties Outside the Audited Entity:
Conclusions:
Recommendations:
Reporting Auditors' Compliance with GAGAS:
Reporting Views of Responsible Officials:
Reporting Confidential or Sensitive Information:
Appendix I:
Supplemental Guidance:
Introduction:
Overall Supplemental Guidance:
Internal Control:
Examples of Deficiencies in Internal Control:
Examples of Abuse:
Examples of Indicators of Fraud Risk:
Determining Whether Laws, Regulations, or Provisions of Contracts or
Grant Agreements Are Significant within the Context of the Audit
Objectives:
Information to Accompany Chapter 1:
Laws, Regulations, and Guidelines That Require Use of GAGAS:
The Role of Those Charged with Governance in Accountability:
Management's Role in Accountability:
Information to Accompany Chapter 2:
Attestation Engagements:
Performance Audit Objectives:
Information to Accompany Chapter 3:
Threats to Independence:
System of Quality Control:
Peer Review:
Information to Accompany Chapter 6:
Types of Criteria:
Types of Evidence:
Appropriateness of Evidence in Relation to the Audit Objectives 182
Findings:
Information to Accompany Chapter 7:
Report Quality Elements:
Appendix II:
Comptroller General's Advisory Council On Government Auditing
Standards:
Advisory Council Members:
GAO Project Team:
[End of section]
Chapter 1:
Government Auditing: Foundation and Ethical Principles:
Introduction:
1.01. The concept of accountability for use of public resources and
government authority is key to our nation's governing processes.
Management and officials entrusted with public resources are
responsible for carrying out public functions and providing service to
the public legally, effectively, efficiently, economically, ethically,
and equitably within the context of the statutory boundaries of the
specific government program.
1.02. As reflected in applicable laws, regulations, agreements, and
standards, management and officials of government programs are
responsible for providing reliable, useful, and timely information for
transparency and accountability of these programs and their
operations.[Footnote 1] Legislators, oversight bodies, those charged
with governance,[Footnote 2] and the public need to know whether (1)
entities manage government resources and use their authority properly
and in compliance with laws and regulations; (2) government programs
are achieving their objectives and desired outcomes; and (3)
government services are provided effectively, efficiently,
economically, ethically, and equitably.
1.03. Government auditing is essential in providing government
accountability to legislators, oversight bodies, those charged with
governance, and the public. Audits and attestation engagements provide
an independent, objective, nonpartisan assessment of the stewardship,
performance, or cost of government policies, programs, or operations,
depending upon the type and scope of the audit.
Purpose and Applicability of GAGAS:
1.04. The professional standards and guidance contained in this
document, commonly referred to as generally accepted government
auditing standards (GAGAS), provide a framework for conducting high
quality audits with competence, integrity, objectivity, and
independence. These standards are for use by auditors of government
entities and entities that receive government awards and audit
organizations performing GAGAS audits. Overall, this document contains
auditing standards, which are comprised of individual requirements
that are defined by terminology as discussed in paragraphs 2.13
through 2.15. GAGAS contain requirements and guidance dealing with
ethics, independence, auditors' professional judgment and competence,
quality control, performance of the audit, and reporting.
1.05. Audits performed under GAGAS provide information used for
oversight, accountability, transparency, and improvements of
government programs and operations. GAGAS contain requirements and
guidance to assist auditors in objectively acquiring and evaluating
sufficient, appropriate evidence and reporting the results. When
auditors perform their work in this manner and comply with GAGAS in
reporting the results, their work can lead to improved government
management, better decision making and oversight, effective and
efficient operations, and accountability and transparency for
resources and results.
1.06. Provisions of laws, regulations, contracts, grant agreements,
and policies frequently require audits in accordance with GAGAS. In
addition, many auditors and audit organizations voluntarily choose to
perform their work in accordance with GAGAS. The requirements and
guidance in this document apply to audits and attestation engagements
of government entities, programs, activities, and functions, and of
government assistance administered by contractors, nonprofit entities,
and other nongovernmental entities when the use of GAGAS is required
or is voluntarily followed.
1.07. This paragraph describes the usage of the following terms under
GAGAS.
a. The term "auditor" as it is used throughout GAGAS describes
individuals performing work under GAGAS (including audits and
attestation engagements) regardless of job title. Therefore,
individuals who may have the titles auditor, analyst, practitioner,
evaluator, inspector, or other similar titles are considered auditors
in GAGAS.
b. The term "audit organizations" as it is used throughout the
standards refers to government audit organizations as well as public
accounting or other firms that perform audits and attestation
engagements using GAGAS.
1.08. A government audit organization can be structurally located
within or outside the audited entity.[Footnote 3] Audit organizations
that report to third parties external to the entity under audit are
considered to be external audit organizations. Audit organizations
that are accountable to top management and those charged with
governance of the audited entity, and do not generally issue their
reports to third parties external to the entity under audit, are
considered internal audit organizations.
1.09. Some government audit organizations represent a unique hybrid of
external auditing and internal auditing in their oversight role for
the entities they audit. These audit organizations have external
reporting requirements consistent with the reporting requirements for
external auditors while at the same time being part of their
respective agencies. These audit organizations often have a dual
reporting responsibility to their legislative body as well as to the
agency head and management. For purposes of GAGAS these organizations
are considered external audit organizations.
Ethical Principles:
1.10. The ethical principles presented in this section provide the
foundation, discipline, and structure as well as the climate which
influence the application of GAGAS. This section sets forth
fundamental principles rather than establishing specific standards or
requirements.
1.11. Because auditing is essential to government accountability to
the public, the public expects audit organizations and auditors who
conduct their work in accordance with GAGAS to follow ethical
principles. Management of the audit organization sets the tone for
ethical behavior throughout the organization by maintaining an ethical
culture, clearly communicating acceptable behavior and expectations to
each employee, and creating an environment that reinforces and
encourages ethical behavior throughout all levels of the organization.
The ethical tone maintained and demonstrated by management and staff
is an essential element of a positive ethical environment for the
audit organization.
1.12. Conducting audit work in accordance with ethical principles is a
matter of personal and organizational responsibility. Ethical
principles apply in preserving auditor independence,[Footnote 4]
taking on only work that the auditor is competent to perform,
performing high-quality work, and following the applicable standards
cited in the audit report. Integrity and objectivity are maintained
when auditors perform their work and make decisions that are
consistent with the broader interest of those relying on the auditors'
report, including the public.
1.13 Other ethical requirements or codes of professional conduct may
also be applicable to auditors who conduct audits in accordance with
GAGAS. For example, individual auditors who are members of
professional organizations or are licensed or certified professionals
may also be subject to ethical requirements of those professional
organizations or licensing bodies. Auditors in government entities may
also be subject to government ethics laws and regulations.
1.14. The ethical principles that guide the work of auditors who
conduct audits in accordance with GAGAS are:
a. the public interest;
b. integrity;
c. objectivity;
d. proper use of government information, resources, and positions; and
e. professional behavior.
The Public Interest:
1.15. The public interest is defined as the collective well-being of
the community of people and entities the auditors serve. Observing
integrity, objectivity, and independence in discharging their
professional responsibilities assists auditors in meeting the
principle of serving the public interest and honoring the public
trust. These principles are fundamental to the responsibilities of
auditors and critical in the government environment.
1.16. A distinguishing mark of an auditor is acceptance of
responsibility to serve the public interest. This responsibility is
critical when auditing in the government environment. GAGAS embody the
concept of accountability for public resources, which is fundamental
to serving the public interest.
Integrity:
1.17. Public confidence in government is maintained and strengthened
by auditors' performing their professional responsibilities with
integrity. Integrity includes auditors' conducting their work with an
attitude that is objective, fact-based, nonpartisan, and
nonideological with regard to audited entities and users of the
auditors' reports. Within the constraints of applicable
confidentiality laws, rules, or policies, communications with the
audited entity, those charged with governance, and the individuals
contracting for or requesting the audit are expected to be honest,
candid, and constructive.
1.18. Making decisions consistent with the public interest of the
program or activity under audit is an important part of the principle
of integrity. In discharging their professional responsibilities,
auditors may encounter conflicting pressures from management of the
audited entity, various levels of government, and other likely users.
Auditors may also encounter pressures to violate ethical principles to
inappropriately achieve personal or organizational gain. In resolving
those conflicts and pressures, acting with integrity means that
auditors place priority on their responsibilities to the public
interest.
Objectivity:
1.19. The credibility of auditing in the government sector is based on
auditors' objectivity in discharging their professional
responsibilities. Objectivity includes being independent of mind and
appearance when providing audit and attestation engagements,
maintaining an attitude of impartiality, having intellectual honesty.
Maintaining objectivity includes a continuing assessment of
relationships with audited entities and other stakeholders in
the context of the auditors' responsibility to the public. The
concepts of objectivity and independence are closely related.
Independence impairments may impair objectivity.[Footnote 5]
Proper Use of Government Information, Resources, and Positions:
1.20. Government information, resources, and positions are to be used
for official purposes and not inappropriately for the auditor's
personal gain or in a manner contrary to law or detrimental to the
legitimate interests of the audited entity or the audit organization.
This concept includes the proper handling of sensitive or classified
information or resources.
1.21. In the government environment, the public's right to the
transparency of government information has to be balanced with the
proper use of that information. In addition, many government programs
are subject to laws and regulations dealing with the disclosure of
information. To accomplish this balance, exercising discretion in the
use of information acquired in the course of auditors' duties is an
important part in achieving this goal. Improperly disclosing any such
information to third parties is not an acceptable practice.
1.22. As accountability professionals, accountability to the public
for the proper use and prudent management of government resources is
an essential part of auditors' responsibilities. Protecting and
conserving government resources and using them appropriately for
authorized activities is an important element in the public's
expectations for auditors.
1.23. Misusing the position of an auditor for personal gain violates
an auditor's fundamental responsibilities. An auditor's credibility
can be damaged by actions that could be perceived by an objective
third party with knowledge of the relevant information as improperly
benefiting an auditor's personal financial interests or those of an
immediate or close family member; a general partner; an organization
for which the auditor serves as an officer, director, trustee, or
employee; or an organization with which the auditor is negotiating
concerning future employment.
Professional Behavior:
1.24. High expectations for the auditing profession include compliance
with laws and regulations and avoidance of any conduct that might
bring discredit to auditors' work, including actions that would cause
an objective third party with knowledge of the relevant information to
conclude that the auditors' work was professionally deficient.
Professional behavior includes auditors putting forth an honest effort
in performance of their duties and professional services in accordance
with the relevant technical and professional standards.
[End of Chapter 1]
Chapter 2:
Standards for Use and Application:
Introduction:
2.01. This chapter establishes requirements and provides guidance for
audits performed in accordance with generally accepted government
auditing standards (GAGAS). This chapter also identifies the types of
audits that may be performed in accordance with GAGAS, explains the
terminology that GAGAS uses to identify requirements, explains the
relationship between GAGAS and other professional standards, and
provides requirements for stating compliance with GAGAS in the
auditors' report.
Types of GAGAS Audits and Attestation Engagements:
2.02. This section describes the types of audits and attestation
engagements that audit organizations may perform under GAGAS. This
description is not intended to limit or require the types of audits or
attestation engagements that may be performed under GAGAS.
2.03. All audits and attestation engagements begin with objectives,
and those objectives determine the type of audit to be performed and
the applicable standards to be followed. The types of audits that are
covered by GAGAS, as defined by their objectives, are classified in
this document as financial audits, attestation engagements, and
performance audits.
2.04. In some audits and attestation engagements, the standards
applicable to the specific audit objective will be apparent. For
example, if the audit objective is to express an opinion on financial
statements, the standards for financial audits apply. However, some
engagements may have multiple or overlapping objectives. For example,
if the objectives are to determine the reliability of performance
measures, this work can be done in accordance with either the
standards for attestation engagements or for performance audits. In
cases in which there is a choice between applicable standards,
auditors should evaluate users' needs and the auditors' knowledge,
skills, and experience in deciding which standards to follow.
2.05. GAGAS requirements apply to the types of audit and attestation
engagements that may be performed under GAGAS as follows:
a. Financial audits: the requirements and guidance in chapters 2
through 4 apply.
b. Attestation engagements: the requirements and guidance in chapters
2, 3 and 5 apply.
c. Performance audits: the requirements and guidance in chapters 2, 3,
6 and 7 apply.
2.06. Appendix I includes supplemental guidance for auditors and the
audited entities to assist in the implementation of GAGAS. Appendix I
does not establish auditor requirements but instead is intended to
facilitate auditor implementation of the standards contained in
chapters 2 through 7.
Financial Audits:
2.07. Financial audits provide an independent assessment of whether an
entity's reported financial information (e.g., financial condition,
results, and use of resources) are presented fairly in accordance with
recognized criteria. Financial audits performed under GAGAS include
financial statement audits and other related financial audits:
a. Financial statement audits: The primary purpose of a financial
statement audit is to provide an opinion (or disclaim an opinion)
about whether an entity's financial statements are presented fairly in
all material respects in conformity with U.S. generally accepted
accounting principles (GAAP) or with an applicable financial reporting
framework. In order to achieve accountability, GAGAS contain
additional requirements for auditors to report on deficiencies in
internal control, compliance with provisions of laws, regulations,
contracts, and grant agreements as they relate to financial
transactions, systems, and processes.
b. Other types of financial audits: Other types of financial audits
under GAGAS entail various scopes of work, including: (1) obtaining
sufficient, appropriate evidence to form an opinion on financial
statements prepared in accordance with a special purpose framework or
on specified elements, accounts, or items of a financial statement;
[Footnote 6] (2) issuing letters for underwriters and certain other
requesting parties;[Footnote 7] and (3) auditing compliance with
regulations relating to federal award expenditures and other
governmental financial assistance in conjunction with a financial
statement audit.[Footnote 8]
Attestation Engagements:
2.08. Attestation engagements can cover a broad range of financial or
nonfinancial objectives about the subject matter or assertion
depending on the users' needs.[Footnote 9] The American Institute of
Certified Public Accountants (AICPA) standards recognize attestation
engagements that result in an examination, a review, or an agreed-upon
procedures report on a subject matter or on an assertion about a
subject matter that is the responsibility of another party.[Footnote
10] The three types of attestation engagements are:
a. Examination: Consists of obtaining sufficient, appropriate evidence
to express an opinion on whether the subject matter is based on (or in
conformity with) the criteria in all material respects or the
assertion is presented (or fairly stated), in all material respects,
based on the criteria.
b. Review: Consists of sufficient testing to express a conclusion
about whether any information came to the auditors' attention on the
basis of the work performed that indicates the subject matter is not
based on (or not in conformity with) the criteria or the assertion is
not presented (or not fairly stated) in all material respects based on
the criteria. Auditors should not perform review-level work for
reporting on internal control or compliance with provisions of laws
and regulations.
c. Agreed-Upon Procedures: Consists of auditors performing specific
procedures on the subject matter and issuing a report of findings
based on the agreed-upon procedures. In an agreed-upon procedures
engagement, the auditor does not express an opinion or conclusion, but
only reports on agreed-upon procedures in the form of procedures and
findings related to the specific procedures applied.
Performance Audits:
2.09. Performance audits are defined as engagements that provide
findings or conclusions based on an evaluation of sufficient,
appropriate evidence against criteria.[Footnote 11] Performance audits
provide objective analysis to assist management and those charged with
governance and oversight in using the information to improve program
performance and operations, reduce costs, facilitate decision making
by parties with responsibility to oversee or initiate corrective
action, and contribute to public accountability. The term "program" is
used in this document to include government entities, organizations,
programs, activities, and functions.
2.10. Performance audit objectives may vary widely and include
assessments of program effectiveness, economy, and efficiency;
internal control; compliance; and prospective analyses. These overall
objectives are not mutually exclusive. Thus, a performance audit may
have more than one overall objective. For example, a performance audit
with an initial objective of program effectiveness may also involve an
underlying objective of evaluating internal controls to determine the
reasons for a program's lack of effectiveness or how effectiveness can
be improved. Examples of the various types of the performance audit
objectives discussed below are included in Appendix I.[Footnote 12]
a. Program effectiveness and results audit objectives are frequently
interrelated with economy and efficiency objectives. Audit objectives
that focus on program effectiveness and results typically measure the
extent to which a program is achieving its goals and objectives. Audit
objectives that focus on economy and efficiency address the costs and
resources used to achieve program results.
b. Internal control audit objectives relate to an assessment of one or
more components of an organization's system of internal control that
is designed to provide reasonable assurance of achieving effective and
efficient operations, reliable financial and performance reporting, or
compliance with applicable laws and regulations. Internal control
objectives also may be relevant when determining the cause of
unsatisfactory program performance. Internal control comprises the
plans, policies, methods, and procedures used to meet the
organization's mission, goals, and objectives. Internal control
includes the processes and procedures for planning, organizing,
directing, and controlling program operations, and management's system
for measuring, reporting, and monitoring program performance.
c. Compliance audit objectives relate to an assessment of compliance
with criteria established by provisions of laws, regulations,
contracts, and grant agreements, and other requirements that could
affect the acquisition, protection, use, and disposition of the
entity's resources and the quantity, quality, timeliness, and cost of
services the entity produces and delivers. Compliance requirements can
be either financial or nonfinancial.
d. Prospective analysis audit objectives provide analysis or
conclusions, about information that is based on assumptions about
events that may occur in the future along with possible actions that
the audited entity may take in response to the future events.
Nonaudit Services Provided by Audit Organizations:
2.11. GAGAS do not cover nonaudit services, which are defined as
professional services other than audits or attestation engagements.
Therefore, auditors must not report that the nonaudit services were
conducted in accordance with GAGAS. When performing nonaudit services
for an entity for which the audit organization performs a GAGAS audit
or attestation engagement, audit organizations should communicate with
requestors and those charged with governance to clarify that the work
performed does not constitute an audit, attestation engagement, or
audit procedures under GAGAS.
2.12. Audit organizations that provide nonaudit services to entities
they audit should assess the impact that providing those services may
have on auditor independence and respond to any identified threats to
independence in accordance with the GAGAS independence standard.
[Footnote 13]
Use of Terminology to Define GAGAS Requirements:
2.13. GAGAS contain requirements together with related guidance in the
form of explanatory material. The terminology is consistent with the
terminology defined in the AICPA's Codification of Statements on
Auditing Standards.[Footnote 14] Auditors have a responsibility to
consider the entire text of GAGAS in carrying out their work and in
understanding and applying the requirements in GAGAS. Not every
paragraph of GAGAS carries a requirement that auditors and audit
organizations are expected to fulfill Rather, the requirements are
identified through use of specific language.
2.14. GAGAS use two categories of requirements, identified by specific
terms, to describe the degree of responsibility they impose on
auditors and audit organizations, as follows:
a. Unconditional requirements: Auditors and audit organizations are
required to comply with an unconditional requirement in all cases in
which the circumstances exist to which the unconditional requirement
applies. GAGAS use the words must or is required to specify an
unconditional requirement.
b. Presumptively mandatory requirements: Auditors and audit
organizations are also required to comply with a presumptively
mandatory requirement in all cases in which the circumstances exist to
which the presumptively mandatory requirement applies; however, in
rare circumstances, auditors and audit organizations may depart from a
presumptively mandatory requirement provided they document their
justification for the departure and how the alternative procedures
performed in the circumstances were sufficient to achieve the
objectives of the presumptively mandatory requirement. GAGAS use the
word should to specify a presumptively mandatory requirement.
2.15. Additional considerations and guidance within GAGAS (including
appendix I) are intended to be descriptive rather than required as
defined in paragraph 2.14. The words may, might, and could are used to
provide additional considerations and guidance on the requirements or
to identify and describe other procedures or actions relating to
auditors' or audit organizations' activities.
Relationship between GAGAS and Other Professional Standards:
2.16. Auditors may use GAGAS in conjunction with professional
standards issued by other authoritative bodies.
2.17. The relationship between GAGAS and other professional standards
for financial audits and attestation engagements is as follows:
a. The AICPA has established professional standards that apply to
financial audits and attestation engagements for nonissuers[Footnote
15] performed by certified public accountants (CPA). For financial
audits, GAGAS incorporate by reference the AICPA performance and
reporting standards and the corresponding Statements on Auditing
Standards (SAS) unless specifically excluded or modified by GAGAS. For
attestation engagements, GAGAS incorporate by reference the AICPA's
general standard on criteria, and the field work and reporting
standards and the corresponding Statements on Standards for
Attestation Engagements (SSAE), unless specifically excluded or
modified by GAGAS. To date the Comptroller General has not excluded
any performance or reporting standards or corresponding SASs for
financial audits or fieldwork or reporting standards or corresponding
SSAEs for attestation engagements.
b. The International Auditing and Assurance Standards Board (IAASB)
has established professional standards that apply to financial audits
and assurance engagements. Auditors may elect to use the IAASB
standards and the related International Standards on Auditing (ISA)
and International Standards on Assurance Engagements (ISAE) in
conjunction with GAGAS.
c. The Public Company Accounting Oversight Board (PCAOB) has
established professional standards that apply to financial audits and
attestation engagements for issuers. Auditors may elect to use the
PCAOB standards in conjunction with GAGAS.
2.18. For performance audits, GAGAS does not incorporate other
standards by reference, but recognizes that auditors may use or may be
required to use other professional standards in conjunction with
GAGAS, such as the following:
a. International Standards for the Professional Practice of Internal
Auditing, The Institute of Internal Auditors, Inc.;
b. Guiding Principles for Evaluators, American Evaluation Association;
c. The Program Evaluation Standards, Joint Committee on Standards for
Education Evaluation; and;
d. Standards for Educational and Psychological Testing, American
Psychological Association.
2.19. When auditors cite compliance with both GAGAS and another set of
standards, such as those listed in paragraphs 2.17 and 2.18, auditors
should refer to paragraph 2.21 for the requirements for citing
compliance with GAGAS. In addition to citing GAGAS, auditors may also
cite the use of other standards in their audit reports, as
appropriate.[Footnote 16] Auditors should refer to the other set of
standards for the basis for citing compliance with those standards.
Stating Compliance with GAGAS in the Auditors' Report:
2.20. When auditors are required to perform an audit or attestation
engagement in accordance with GAGAS or are representing to others that
they did so, they should cite compliance with GAGAS in the auditors'
report as set forth in paragraphs 2.21 through 2.22.
2.21. Auditors should include one of the following types of GAGAS
compliance statements in reports on GAGAS audits and attestation
engagements, as appropriate.[Footnote 17]
a. Unmodified GAGAS compliance statement: Stating that the auditor
performed the audit or attestation engagement in accordance with
GAGAS. Auditors should include an unmodified GAGAS compliance
statement in the audit report when they have (1) followed
unconditional and applicable presumptively mandatory GAGAS
requirements, or (2) have followed unconditional requirements, and
documented justification for any departures from applicable
presumptively mandatory requirements and have achieved the objectives
of those requirements through other means.
b. Modified GAGAS compliance statement: Stating either that (1) the
auditor performed the audit or attestation engagement in accordance
with GAGAS, except for specific applicable requirements that were not
followed, or (2) because of the significance of the departure(s) from
the requirements, the auditor was unable to and did not perform the
audit or attestation engagement in accordance with GAGAS. Situations
when auditors use modified compliance statements include scope
limitations, such as restrictions on access to records, government
officials, or other individuals needed to conduct the audit. When
auditors use a modified GAGAS statement, they should disclose in the
report the applicable requirement(s) not followed, the reasons for not
following the requirement(s), and how not following the requirement(s)
affected, or could have affected, the audit and the assurance provided.
2.22. When auditors do not comply with applicable requirement(s), they
should (1) assess the significance of the noncompliance to the audit
objectives, (2) document the assessment, along with their reasons for
not following the requirement(s), and (3) determine the type of GAGAS
compliance statement. The auditors' determination is a matter of
professional judgment, which is affected by the significance of the
requirement(s) not followed in relation to the audit objectives.
[End of Chapter 2]
Chapter 3:
General Standards:
Introduction:
3.01. This chapter establishes general standards and provides guidance
for performing financial audits, attestation engagements,[Footnote 18]
and performance audits under generally accepted government auditing
standards (GAGAS). These general standards, along with the overarching
ethical principles presented in chapter 1, establish a foundation for
credibility of auditors' work. These general standards emphasize the
importance of the independence of the audit organization and its
individual auditors; the exercise of professional judgment in the
performance of work and the preparation of related reports; the
competence of audit staff; and audit quality control and assurance.
Independence:
3.02. In all matters relating to the audit work, the audit
organization and the individual auditor, whether government or public,
must be independent.[Footnote 19]
3.03. Independence comprises:
a. Independence of Mind:
The state of mind that permits the expression of a conclusion without
being affected by influences that compromise professional judgment,
thereby allowing an individual to act with integrity and exercise
objectivity and professional skepticism.
b. Independence in Appearance:
The avoidance of facts and circumstances that are so significant that
a reasonable and informed third party would be likely to conclude,
weighing all the specific facts and circumstances, that an audit
organization's, or a member of the audit team's, integrity,
objectivity or professional skepticism has been compromised.
3.04. Auditors and audit organizations maintain independence so that
their opinions, findings, conclusions, judgments, and recommendations
will be impartial and viewed as impartial by objective third parties
with knowledge of the relevant information. Auditors should avoid
situations that could lead objective third parties with knowledge of
the relevant information to conclude that the auditors are not
independent and thus are not capable of exercising objective and
impartial judgment on all issues associated with conducting the audit
and reporting on the work.
3.05. GAGAS's practical consideration of independence consists of four
interrelated sections, providing:
a. a conceptual framework for making independence determinations based
on facts and circumstances that are often unique to specific audit
environments;
b. guidance for auditors considering independence issues as they
relate to audit organizations that are structurally located within the
governments they audit;
c. independence requirements when performing nonaudit services,
including indication of specific nonaudit services that would normally
impair independence; and;
d. guidance on documentation necessary to support adequate
consideration of auditor independence.
GAGAS Conceptual Framework Approach to Independence:
3.06. Many different circumstances, or combinations of circumstances,
are relevant in assessing threats to independence. It is impossible to
define every situation that creates threats to independence and to
specify the appropriate action. Therefore, GAGAS establish a
conceptual framework that requires auditors to identify, evaluate, and
apply safeguards to appropriately address threats to independence. The
conceptual framework assists auditors in maintaining both independence
of mind and independence in appearance. It can be applied to many
|
|
|
Senator Claire McCaskill
|
|
|
|
Senator Claire, Auditor/Legislator Beyond Compare
|
|
|
|
