The Yellow Book Readers Digest Version Elaine M
The Yellow Book Reader’s Digest Version Elaine M. Frenette, CPPM, CF NES 2011 Las Vegas, NV 1
Objective Provide a brief ‘snapshot’ of the Government Auditing Standards (Yellow Book) for Performance Audits (not meant to be ‘end-all’ and ‘be-all’ – you MUST read and assimilate GAGAS) 2
Objective Take a slightly smaller bite of the elephant rather than trying to swallow the elephant whole! 3
Generally Accepted Government Auditing Standards (GAGAS) ü Yellow Book - July 2007 Revision ü 2010 Exposure Draft issued August 2010 – Invited comments through 22 November 2010 ü Issued in Final Form – 2011 – Will supersede July 2007 revision – Effective date – established when issued 4
• Major develo pments in the accountab ility & audit profession • Emphasize s pecific consideration s applicable to governmen t environment http: //www. gao. gov/govaud/ybk 01. htm 5
Performance Audits üChapters 1 – 2 – 3 üChapters 7 and 8 Apply when performing performance audits in accordance with GAGAS 6
Performance Audits Chapter 1 Use and Application of GAGAS Chapter 2 Ethical Principles in Government Auditing Chapter 3 General Standards 7
Chapter 1 Use and Application of GAGAS • “Provide a framework for performing highquality audit work with – – Competence Integrity Objectivity Independence” • Standards help accomplish this – If properly applied 8
Vocabulary Auditor “Individuals performing work under GAGAS…and, therefore, individuals who may have the titles auditor, analyst, evaluator, inspector, or other similar titles” GAO-07 -731 G, p. 6 9
Vocabulary Audit Organization “Government audit organizations as well as public accounting firms that perform audits using GAGAS” GAO-07 -731 G, p. 6 10
Use and Application • GAGAS (Yellow Book) – Provide guidance & requirements in performing audits in an ethical manner – Assist in “objectively acquiring and evaluating sufficient, appropriate evidence and reporting the results. ” GAO-07 -731 G, p. 6 11
Professional Requirements Professional requirements identified through use of language – Two Categories – Describe degree of responsibility imposed on auditors & organizations Ø Unconditional Requirements Ø Presumptively Mandatory Requirements 12
Unconditional • Dictionary. com: – Not limited by conditions; absolute; complete • GAGAS will use terms – MUST or IS Required ØIF audit based on GAGAS – REQUIRED to comply with unconditional requirement where it applies 13
Presumptively Mandatory • Presumptive • Synonyms: üProspective üLikely üCircumstantial • GAGAS terminology • “should” instead of ‘must’ or ‘is required’ 14
Presumptively Mandatory § Auditors “required to comply” BUT “rare circumstances whereby an auditor may forego that particular requirement provided they document their justification for the departure and how the alternative procedures performed in the circumstances were sufficient to achieve the objectives of the presumptively mandatory requirement. ” GAO-07 -731 G, p. 8 15
Explanatory Material • Language is considered – ‘guidance’ – Further explanation of professional requirements • Government expects ‘professional judgment’ to be used 16
Explanatory Material • GAGAS terminology üMay üMight üCould 17
Explanatory Material • Provides information in exercising professional judgment • Does NOT mandate auditor to perform suggested procedures or actions 18
Compliance Statements • If required or choose to use GAGAS – Must comply with the standards – Make reference in final report • Two types of Statements – Unmodified – Modified 19
Unmodified Statement • Unmodified – Followed ALL requirements in GAGAS • Both unconditional & presumptively mandatory OR • Justified any ‘departure’ from presumptively mandatory requirements – Documenting HOW objective of requirement was still achieved 20
Modified Statement • When is MODIFIED statement used? – Depends on significance of departure from requirement • Scope of audit – Access unavailable to certain records/individuals (Special Programs) – Document reason for not performing audit in accordance with GAGAS 21
Modified Statement • Assess significance of the noncompliance to audit objective • DOCUMENT assessment (reasons for not following requirement) • Determine type of GAGAS compliance statement 22
Other Professional Standards • Authoritatively approved – International Standards for the Professional Practice of Internal Auditing, The Institute of Internal Auditors, Inc. (www. theiia. org) – Guiding Principles for Evaluators, American Evaluation Association (www. eval. org) 23
Other Professional Standards ØGAGAS should be used if conflict between the two 24
Objectives • ALL audits begin with objectives ØLooking for an opinion Clear and specific Or Multiple or overlapping objectives 25
Objectives Ø“What is the ultimate outcome of this exercise? ” Ø“What are you trying to accomplish with this audit? ” Ø“Auditing an organization’s performance, compliance with regulations, etc. ? ” 26
Performance Audits • “Engagements that provide assurance or conclusions based on an evaluation of sufficient, appropriate evidence against stated criteria, such as specific requirements, measures, or defined business practices. ” GAO-07 -731 G Government Auditing Standards, p. 17 27
Performance Audits ü Reasonably assured – appropriate type & amount of information was obtained to support final audit report ü Sufficiency & appropriateness – depends on audit objectives & conclusions 28
Performance Audits • “Dynamic Process” – Objective & procedure continually reviewed – To assure ‘sufficient, appropriate evidence against the stated criteria’ 29
Performance Audits • Goals & Objectives (audits/self assessments) – Examples: (not limited to these) • Determine organization – Is in compliance with legislative, regulatory or organizational goals & objectives – Is in compliance with sound procurement practices – Has performance measures that are reliable, valid, relevant and effective in relation to their contractual obligations 30
Chapter 2 Ethical Principles • Provides fundamental principles – Public Interest • acceptance of responsibility to serve the public interest – Integrity • fact-based, nonpartisan, honest – Objectivity • Maintain attitude of impartiality 31
Ethical Principles • Proper use of government info, resources, position • Proper handling of sensitive/classified information or resources • Exercising discretion • not using position for personal gain • Professional behavior • Compliance with laws & regulations 32
Chapter 3 General Standards • Independence • Free from personal, external, organizational impairments to independence – must remain impartial • Avoid appearance of partiality • Professional Judgment • Professional skepticism (management is neither dishonest nor of unquestioned honesty) – Questioning mind – Critical assessment of evidence 33
General Standards “Believing that management is honest is not a reason to accept less than sufficient, appropriate evidence. ” GAO-07 -731 G Government Auditing Standards, p. 49 34
General Standards • Technical Knowledge/Competence • Blending of education and experience • Commitment to continued learning and development 35
General Standards • Continuing Professional Education (CPE) • 24 hours of CPE every 2 years (directly relating to government auditing, government environment, or specific/unique environment of entity being audited) • 56 additional • TOTAL = 80 GAO-07 -731 G Government Auditing Standards pp. 53 -54 36
General Standards • Audit organization – MUST establish system of Quality Control • To provide assurance personnel comply with professional standards & legal/regulatory requirements and • External Peer Review – At least once every 3 years (example: DCMA MICR) 37
Chapter 7 Field Work Standards for Performance Audits üPlanning üSupervising staff üObtaining sufficient, appropriate evidence üPreparing audit documentation 38
Field Work Standards Form framework for applying standards ØReasonable Assurance ØSignificance ØAudit Risk 39
Reasonable Assurance Ø Evidence is sufficient and appropriate to support findings and conclusions Ø Sufficiency/appropriateness will vary üAudit objectives üFindings üConclusions 40
Significance “Relative importance of a matter within the context in which it is being considered, including quantitative and qualitative factors. ” GAO-07 -731 G Government Auditing Standards p. 123 41
Significance ØSignificance üImpact of the matter to the overall program üRelevance of the matter Professional Judgment 42
Audit Risk Ø Possibility auditor’s findings, conclusions, recommendations, assurance may be üImproper or incomplete Ø WHY? üEvidence NOT sufficient/appropriate üInadequate audit process üIntentional omissions/misleading info due to misrepresentation/fraud 43
Audit Risk Ø Qualitative & Quantitative considerations – impact risk üTime frames üComplexity üSize of program ($) üAdequacy of audited system/processes to detect inconsistencies, significant errors üAuditor’s access to records 44
Audit Risk • Auditor will not detect üSignificant errors üInconsistencies • Reduce Risk üIncrease scope of work üadd experts üChange methodology – obtain additional evidence 45
Planning • Must adequately plan and document the planning – Reduces audit risk to provide reasonable assurance evidence is sufficient and appropriate to support findings and conclusions 46
Planning • Define Objectives ü Questions about the organization/function, etc. that need to be answered • Ex: How adequate is their acquisition system, maintenance or disposition program? 47
Planning • Determine – Scope (boundary) • Subject matter to be assessed/reported on • Ex: necessary documents/records, period of time, locations, etc. – Methodology • Specific steps used to gather information • Includes nature and extent of procedures used 48
Planning • Continuous Process – SHOULD Assess Risk and significance HOW? ? 49
Planning • Understand the following: ü Nature of program being audited ü Internal Controls (management control) ü Information Systems ü Legal/regulatory requirements/contract provisions/grant agreements ü Results of previous audits 50
Planning • Identify – Criteria • Ex: Policies & procedures; contract requirements – Sources of audit evidence • Determine amount/type • If need to modify scope/methodology • Evaluate – Use work of others (auditors/experts) 51
Planning • MUST Prepare written audit plan – Form/Content – varies – Includes: ü Strategy ü Key decisions about objectives/scope/methodology ü Basis of decisions 52
Planning • Written Audit Plan – Provides supervisors opportunity to review work of auditors ü Proposed objectives – produce useful report? ü Plan addresses relevant risks? ü Scope/methodology – adequately addresses objectives? ü Evidence will likely be sufficient & appropriate? 53
Chapter 7 Field Work Standards for Performance Audits üPlanning üSupervising staff üObtaining sufficient, appropriate evidence üPreparing audit documentation 54
Supervision üMUST properly supervise staff üProvide sufficient guidance/direction üStay informed – significant problems üReview work performed üOn-the-job training 55
Chapter 7 Field Work Standards for Performance Audits üPlanning üSupervising staff üObtaining sufficient, appropriate evidence üPreparing audit documentation 56
Evidence Sufficient and Appropriate Integral to audit 57
Evidence Appropriateness “…measure of the quality of evidence that encompasses its relevance, validity, and reliability in providing support for findings and conclusions related to the audit objectives. ” GAO-07 -731 G Government Auditing Standards p. 147 58
Evidence Sufficiency “…measure of the quantity of evidence used to support the findings and conclusions related to the audit objectives. ” Has enough evidence been gathered? GAO-07 -731 G Government Auditing Standards pp. 147 59
Evidence • Professional Judgment – Interpret – Summarize – Analyze ü To determine sufficiency & appropriateness ü Reporting results 60
Appropriate Evidence • “…measure of the quality of evidence that encompasses its relevance, validity, and reliability in providing support for findings and conclusions related to the audit objectives. ” GAO-07 -731 G Government Auditing Standards p. 174 61
Appropriate Evidence ü Relevance – Logical relationship with/importance to issue being addressed – function being audited ü Validity – Evidence based on sound reasoning/accurate information ü Reliability – Consistency of results – Verifiable/supported Appendix I – additional guidance 62
Evidence • Different types/sources – Depends on audit objectives ü Observation ü Inquiry ü Inspection – Each with own strengths/weaknesses • Which to choose? ? ? Professional Judgment 63
Sufficient Evidence • Useful Presumptions ü Greater the audit risk – greater the quantity & quality required ü Stronger evidence – MAY allow less evidence to be used ü Large volume of evidence – DOES NOT compensate for lack of relevance, validity, or reliability 64
Evidence • Appendix I – Additional guidance regarding TYPES of evidence – Examples • Internal Controls – – Effective vs. Weak/nonexistent • Examination of Original Documents vs. copies Professional Judgment 65
Findings • Elements of a Finding üCondition üCause üEffect 66
Findings Condition ü“a situation that exists” üdetermined and documented during audit 67
Findings • Cause – Reason for the condition ü Could serve as basis for recommendations for corrective actions ü Is evidence convincing enough – reasonable to explain WHY ‘condition’ exists ü Many factors involved Evidence needs to clearly demonstrate link between problem and cause 68
Effect “A clear, logical link to establish the impact or potential impact of the difference between the situation that exists (condition) and the required or desired state (criteria) – Identifies the outcomes or consequences of the condition” GAO-07 -731 G Government Auditing Standards, p. 156 69
Chapter 7 Field Work Standards for Performance Audits üPlanning üSupervising staff üObtaining sufficient, appropriate evidence üPreparing audit documentation 70
Audit Documentation MUST prepare audit Documentation üPlanning üConducting üReporting 71
Audit Documentation • Other experienced auditor ü Understands timing ü How audit performed – results ü How/what/source evidence obtained ü Conclusions reached & supporting evidence 72
Audit Documentation • Essential element of audit quality – SHOULD document üObjectives, scope, methodology üWork performed – supports significant judgments – Includes descriptions of transactions and records examined 73
Audit Documentation ØCompliance Statements » Unmodified » Modified 74
Chapter 8 Reporting Standards for Performance Audits ØForm ØContent ØIssuance 75
Reporting “Auditors MUST issue audit reports communicating the results of each completed performance audit. ” GAO-07 -731 G Government Auditing Standards, p. 160 76
Report Form • Appropriate for intended use üElectronic üWritten üLetters üBriefing slides üOther presentation materials 77
Report Content • Objectives, scope, methodology • Audit results (findings, conclusions, recommendations) • Compliance statement • Nature of any confidential/sensitive information omitted (if applicable) 78
Report Content • Objectives ü Clear, Specific, Neutral, Unbiased ü Why audit performed (IAW FAR, DFARS, Company Procedures, etc. ) 79
Report Content • Scope üWork conducted üIssues, limitations (denials of access) üRelationship between population and items tested üIdentify organization (audited entity) üGeographic locations üPeriod covered üKinds/sources of evidence 80
Report Content • Methodology – How work supports objectives ü Gathering of evidence ü Analysis techniques (random sampling, purposive, etc. ) ü Any specific assumptions made ü Criteria used 81
Report Findings • Clearly developed – Elements of a Finding üCondition üCause üEffect • Provides understanding for need of corrective actions 82
Report Findings • Place findings in perspective ü Relate instances to population ü Number of cases examined • Quantify results ü Dollar value, etc. 83
Reporting Conclusions • Not merely summary of findings üLogical inference of overall status of program üStronger when conclusions lead to recommendations, convincing audited entity that action is needed 84
Reporting Recommendations • Effective Recommendations üEncourages improvements üSpecific, practical, cost effective, measurable üAddressed to those with authority to act 85
Reporting Compliance Statements 86
Reporting • Views of Responsible Officials ü Of audited entity • Any disagreements • Mutual agreements • Confidential or Sensitive Information ü Auditors may consult with legal counsel 87
Distributing Report • Those charged with governance • Other appropriate officials ü Organizations requiring audit (ex: NASA) ü Other officials responsible for acting on audit findings/recommendations 88
Appendix I Supplemental Guidance • Doesn’t establish requirements üExplanatory Material – Helps auditor implement standards • Provides üExamples of situations üInformation to accompany Chapters 89
U. S. Government Accountability Office http: //www. gao. gov/govaud/ybk 01. htm ØPrevious versions Ø 2010 Exposure Draft ØLots of other information 90
Questions 91
- Slides: 91