Presentation on theme: "What You Need to Know About the 2010 Yellow Book Exposure Draft"— Presentation transcript:
1What You Need to Know About the 2010 Yellow Book Exposure Draft A Governmental Audit Quality Center Web EventSeptember 22, 20101
2Administrative NotesIf you encounter any technical difficulties (e.g., audio issues) during this event please take the following steps:Press the F5 key on your computer to refreshClose and re-start your browserCheck your speakers, ensure they are not on muteTurn off your pop-up blockerRe-start you computerCall InterCall Genesys Tech support , Conf ID#If none of the above work, submit a request for help on the “Send a Question Box” located on the left hand side of your screen.If are unable to get assistance from Genesys for some reason, or call
3Administrative NotesWe encourage you to submit your technical questions – please limit your questions on the content of today’s programTo submit a question, type it into the “Send a Question” box on left side of your screen; we will answer as many as possibleYou can also submit questions to the GAQC member forum for consideration by other membersThis event is being recorded and will be posted in an archive format to the GAQC Web site
4Continuing Professional Education Must have registered for CPE credit prior to this event; a link to the CPE Credit Approval Form was ed to youListen for announcement of 4 CPE codes (7 digit codes: ALL_ _ _ _ ) and 4 polling questions during the eventRecord CPE Codes on CPE Credit Approval Form and return completed form (by fax or mail) to AICPA Service Center for record of attendance; keep a copy for your recordsIf you are not receiving CPE for this call, ignore the CPE codes that we announce, but please answer the polling questions
5PresentersJames Dalkin Government Accountability Office Nancy Miller Miller Foley Group Lisa Snyder American Institute of CPAs
6What we will cover?Why the Government Auditing Standards (the Yellow Book) is being revisedAnticipated timeline for the Yellow Book revisionDiscussion on specific areas that GAO expects to be revised in the next Yellow Book, to include the AICPA and practitioner’s perspectiveWe will talk about adding value to the reviewed firm as a peer reviewer – no matter what type of report is issuedWe will cover some tips for adding to the profitability of your peer review -- including charging your full billing rateMike will talk to you about serving as a peer review committee member – how to get involved and how that benefits you and your practiceOur final topic will cover the Team Captain Packages and provide you an outlet for submitting your suggestions for these.We’ll wrap up the call with a question and answer session, however that session is not for giving feedback on the team captain packages as those are best handled by the address we will provide you.
7Disclaimer Required to Receive a Preview The revisions discussed are preliminaryand subject to change based onfeedback from the Comptroller General’s Advisory Council on GovernmentAuditing Standards and comments received on the Exposure Draft7
9Why the Yellow Book is being revised Promote the modernization of auditing standardsStreamline with standard settersAddress issues GAO has observedStreamline with standard settersEncourage development of consistent, core auditing standardsAddress issues GAO has observedQuestions sent to Yellow Book Technical AssistanceGAO’s work on the oversight of the American Recovery and Reinvestment ActExample of GAO work on oversight of Recovery Act having an impact on GAGAS: Early communication of internal control and compliance deficiencies-No new standard but emphasizing requirement in SAS No. 115 to discuss the public interest of early communication so corrective action can start before the report is issued. (and in the case of single audit this report is due 9 months after the end of the entity’s fiscal year end.)
10Anticipated Timeline for the Yellow Book Revision
11Anticipated timeline for the Yellow Book Revision August 2010:Exposured Draft of 2011 Revision of GAGASNovember 22, 2010:Comments due on Exposure DraftFebruary – March 2011:Issue 2011 Revision of GAGASEffective date to be determined
13Realigned Chapters 1 and 2 Significant ChangesRealigned Chapters 1 and 2Along with the introduction, Chapter 1 now includes the foundation and ethical principles of government auditingThe overall discussion on the use and application of GAGAS is now in Chapter 2Chapter 3Revised independence standard
14Significant Changes Chapter 4 Chapter 5 Chapters 6 and 7 The chapters on financial audit performance and reporting, formerly Chapters 4 and 5 respectively, have been combined into one chapterChapter 5Clarified proper use of attest engagementsChapters 6 and 7Clarified obligation for reporting fraud
15Use of footnotes is more consistent. Format ChangesUse of footnotes is more consistent.Footnotes are now used strictly to refer to other sections of GAGAS and to other audit standardsOther information that was in footnotes in previous GAGAS editions has either been moved into the GAGAS text itself or eliminated
16Government Auditing: Foundation and Ethical Principles Chapter 1Government Auditing: Foundation and Ethical Principles
17Chapter 1 – Government Auditing: Foundation and Ethical Principles Clarified or added definitions ofAuditorAudit organizationsa
18Chapter 1 – Government Auditing: Foundation and Ethical Principles The audit function’s structural location relative to the audited entity.External audit organizations report to third parties externallyInternal audit organizations are accountable to top management and usually don’t report externallyGovernment auditors who report to both third parties and top management are considered external auditorsa
19Chapter 1 – Government Auditing: Foundation and Ethical Principles Contains concepts and ethical principles that serve as the foundation for the requirements and guidance for GAGAS.Purpose and applicability of GAGAS (no major changes)Ethical principles (no major changes)
20Standards for the Use and Application of GAGAS Chapter 2Standards for the Use and Application of GAGAS
21Chapter 2 – Standards for the Use and Application of GAGAS Recognizes the terms that define professional requirements, which are consistent with terminology used in the AICPA’s Statements on Auditing StandardsRecognizes the longstanding GAGAS financial audit requirements to report on deficiencies in internal control; and on fraud, noncompliance with provisions of laws, regulations, contracts, and grant agreements, and abuse
22Chapter 2 – Standards for the Use and Application of GAGAS Clarified citing compliance with GAGASDetermination of appropriate GAGAS compliance statement is a matter of professional judgmentDepartures from presumptively mandatory requirementsUsing GAGAS with other standards
23Chapter 3 General Standards IndependenceProfessional JudgmentCompetenceQuality Control and Assurance
24Chapter 3 – General Standards: Independence GAGAS is adopting a conceptual framework approach to independence determinationsProvides a means for auditors to assess auditor independence in light of the unique circumstances that often apply to these determinationsApproach replaces consideration of independence in terms of the three categories of independence – personal, external, and organizational – included in previous editions of GAGASThe framework includes definitions of both independence of mind and independence in appearance
25Chapter 3 – General Standards: Independence The conceptual framework for independence requires that auditors:Identify threats to independenceEvaluate the significance of the threats identifiedApply safeguards, when necessary, to eliminate the threats or reduce them to an acceptable level
26Considering Independence New framework will combine rules (prohibitions) with a conceptual framework.Certain prohibitions will remainGenerally consistent with Rule 101 AICPABeyond a prohibitionApply the conceptual framework
27Chapter 3 – General Standards: Independence GAGAS framework will:Provide consistent results when compared with AICPA and IFACAddress unique governmental structural issuesGAO will retire current Questions and Answers to Independence Standard Questions guidance
28Chapter 3 – General Standards: Independence Threats to independence are circumstances that could impair independenceUsually, a threat to independence does not result in an independence impairment!Safeguards are controls that eliminate or reduce to an acceptable level a threat’s potential to impair independence
29Chapter 3 – General Standards: Independence Seven categories of threats:Self-interest threatSelf-review threatBias threatFamiliarity threatUndue influence threatManagement participation threatStructural threat
30SafeguardsSafeguards created by the profession, legislation, or regulationProfessional or regulatory monitoring and disciplinary proceduresExternal review by a third party of the reports, communications or other information produced by the auditorSafeguards in the work environmentUsing different management and engagement teams with separate reporting lines for the provision of nonaudit services to and audited entityHaving additional review of the nonaudit service or the audit by staff who was not involved in providing the service/working on the engagementThe audited entity provides appropriate oversight and communication regarding the nonaudit service and the audit engagement
31Assess condition or activity for threats to independence Threat identified?YESAssess threat for significanceNOIs threat significant?ProceedYESIdentify and apply appropriate safeguard(s)Assess safeguard effectivenessIs threat eliminated or reduced to an acceptable level?YESPotential independence impairment; do not proceedNO31
32Independence Framework Example Payroll Accruals Client requests auditor to assist with payroll accruals for financial statements prepared using GASB accounting standardsThreat—self-review threatSafeguard-Knowledgeable staff at client that is able to review and check reasonableness of numbers based on analytical calculationSafeguard-Staff assigned are not connected to the audit team
33Assess condition or activity for threats to independence Payroll Accruals exampleNOThreat identified? (self-review threat)YESAssess threat for significanceIs threat significant?(material)ProceedNOYESIdentify and apply appropriate safeguard(s) (Knowledgeable management)Assess safeguard effectiveness-depends on confidence on managements knowledgeThe auditors might note that in the previous year the client has a significant deficiency in internal control over financial reporting. Consequently the client’s internal controls are probably not sufficient to safeguard against the threat to independence that would result from the auditors’ participation in preparing the financials. The auditors would then have to decide whether they will perform the audit or the nonaudit service.GAGAS could adopt the pre-defined categories that would best serve government audit, and add new categories that apply specific to government audits.In particular, we think Self-review, Familiarity, Self-interest, and Management participation threats are major threat categories in government auditing. We would propose adding another threat, “Bias threat.”While preconceived ideas and biases can degrade the quality of any audit, the need to guard against these threats in government audits is especially important due to the sensitive and public nature of many government audits, and the qualitative nature of some performance audits.YESIs threat eliminated or reduced to an acceptable level?Potential independence impairment; do not proceedNO33
34Nonaudit ServicesCertain Non Audit Services may be permitted. For Yellow Book the auditor shouldFirst, determine if there is a specific prohibitionIf not, the auditor should apply the conceptual frameworkThe auditor should alsoBe aware of existing AICPA guidanceGeneral CommentNon audit service prohibitions in this Exposure Draft are generally consistent with AICPA requirements.
35Financial Statements Preparation May be permissible providedAudit entity managers charged with overseeing the nonaudit service must possess suitable skill, knowledge, and/or experience to evaluate the adequacy and results of the services performedThis requirement has is consistent with an existing AICPA requirement in ET 101 – 3 “Performance of non attest services”For CPAs all the requirements of AICPA ET 101 – Independence applyOtherwise no safeguard could reduce the threat to an acceptable level
36Bookkeeping ServicesBookkeeping Services may be performed provided the auditor does not…Determine or change journal entries, account codings or classifications for transactions, or other accounting records without obtaining client approvalAuthorize or approve transactionsPrepare source documentsMake changes to source documents without client approvalThe Yellow Book’s position on bookkeeping services is consistent with existing AICPA requirements in ET 101.
37Prohibitions within Internal Audit Certain internal audit services provided by external auditorsSetting internal audit policies or the strategic direction of internal audit activitiesDeciding which recommendations resulting from internal audit activities to implementTaking responsibility for designing, implementing and maintaining internal control
38Prohibitions Related to Internal Control Assessments Internal control monitoringAuditors are prohibited from providing ongoing monitoring servicesManagement is responsible for designing, implementing and maintaining internal control.Auditors may evaluate the effectiveness of controls, but may not design the system of internal controls and then assess its effectiveness
39Prohibitions within IT Services Certain IT servicesDesign or development of a financial or other IT system that would be subject to or part of an auditServices that entail making other than insignificant modifications to the source code underlying such a systemOperating or supervising the operation of such a system
40Prohibitions within Valuation Services Certain valuation servicesIf the valuation services would have a material effect, separately, or in the aggregate, on the financial statements or other information that is the subject of an audit, and the valuation involves a significant degree of subjectivity
41Nonaudit Services Audit Period Technical RequirementThe impairment to independence resulting to the provision of nonaudit services applies duringthe period of the audit,the professional engagement, andone audit cycle performed by another audit organization after the nonaudit service completion date provide a safeguardOther Potential ImpactIndependence for subsequent periods of audit and professional engagementIndependence for reporting material weaknesses and significant deficiencies resulting from the nonaudit service
42Chapter 3 – General Standards: Professional Judgment Emphasized that auditors use professional judgment in applying the conceptual framework for independence
43Non Audit Services AICPA Perspective Lisa Snyder willProvide her perspective on the Yellow Book exposure draft in light of the AICPA’s independence rules.Discuss a comparison of the GAO proposal and AICPA rules.Please refer to the handout provided with this presentation.
44Non Audit Services Practitioner Perspective Documentation requirementsNot documented = not performedDocumentation required for non performance of presumptively mandatory requirements.Assessment of risks and safeguards required when an independence threat is determined.Peer reviewer’s will be looking for documentation of independence threat assessments
45Non Audit Services Practitioner Perspective IndependenceIf not specifically prohibited, apply conceptual frameworkNon audit servicesGenerally similar to 101-3Evaluate self-review threat where auditor isPreparing workpapersProposing entriesPreparing financial statements
46Non Audit Services Practitioner Perspective IndependenceNon audit services Con’tDefine safeguards (examples, not inclusive)Performance by staff not on audit teamReview by staff not on audit teamReview by client personnel competent to evaluate services renderedOutsourced reviewProhibited activity – taking on management responsibilities.Prohibited under as wellAssess management competency to accept responsibilityIf management can’t or won’t take responsibility – auditor is not independent.
48Chapter 3 – General Standards: Competence Continuing professional education: The distinction between internal and external specialists was highlightedExternal specialists should be qualified and maintain professional competence, but are not required to meet GAGAS CPE requirementsInternal specialists performing GAGAS work should comply with CPE requirements. Training in areas of specialization counts towards the required 24 hours of CPE that relate to their area of expertise or government auditing
49Chapter 3 – General Standards: Continuing Professional Education (CPE) 2007 Revision of GAGAS incorporated the revised CPE requirements that were issued in April 2005 (GAO G)No revision to overall requirements24 hours of CPE every 2 years directly related to GAGAS engagementsAdditional 56 hours of CPE, involved in planning, directing, or reporting on GAGAS assignments or charge 20 percent or more of time annually to GAGAS assignments20 hours of CPE each year49
50Chapter 3 – General Standards: Quality Control and Assurance Harmonize Quality Control with AICPA standardsCommunicate deficiencies noted during the monitoring processMake recommendations for appropriate remedial action
52Chapter 4 - Financial Audits Change in Terminology When referring to financial audits, terminology has been updated for consistency with other standards.The term “field work” has been replaced with “performance”GAGAS still uses “field work” when discussing attestation engagements and performance audits
53Chapter 4 - Financial Audits No new requirements were added for financial auditsThe additional government auditing standards requirements for government auditing relate to:
54Chapter 4 - Financial Audits GAGAS Requirements Beyond AICPA Clearly identified the additional GAGAS requirements beyond the AICPA. As in previous editions, the additional requirements relate to:auditor communicationprevious audits and attestation engagementsfraud, noncompliance with provisions of laws, regulations, contracts, and grant agreements, and abusedeveloping elements of a findingaudit documentation
55Chapter 4 - Financial Audits Removal of Duplication with AICPA Referenced the AICPA standards when applicable, allowing removal of duplication between GAGAS and AICPA standards in the areas of:RestatementsDefinitions of internal control deficienciesCommunication of significant mattersConsideration of fraud and illegal acts
56“New” vs. “Old” Definition of a Material Weakness New Definition- SAS No. 115:A deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected on a timely basis2007 GAGAS-SAS No. 112:A significant deficiency, or combination of significant deficiencies, that results in more than a remote likelihood that material misstatement of the financial statements will not be prevented or detected
57“New” vs. “Old” Definition of a Significant Deficiency New Definition- SAS No. 115:A deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance2007 GAGAS-SAS No. 112:A deficiency in internal control or combination of deficiencies, that adversely affects the entity’s ability to initiate, authorize, record, process, or report financial data reliably in accordance with GAAP such that there is more than a remote likelihood that a misstatement of the entity’s financial statements that is more than inconsequential will not be prevented or detected
58Chapter 4 - Financial Audits AICPA Standards: Special Considerations for Government Audits Highlighted considerations for applying certain AICPA standards in a GAGAS financial auditMaterialityAuditors may find it appropriate to use a lower materiality level in a governmental environmentEarly communication of control deficiencies in a GAGAS financial auditFor some matters, early communication is important because of significance and the urgency of corrective actionMay communicate orally to management, and when appropriate those charged with governance, so timely remedial action can be taken to minimize risk of material misstatement
59Chapter 4 - Financial Audits: Deleted Requirements Deleted GAGAS requirements that were adequately covered by AICPA or elsewhere in GAGAS:Document terminated engagementsDevelop policies to address requests by outside parties to obtain access to audit documentation
61Chapter 5 - Attestation Engagements No new requirements were added for attestation engagements Language was modified to clearly identify the additional GAGAS requirements beyond the AICPA and to reference the AICPA standards when applicableThe additional requirements for government auditing relate to:a. auditor communication;b. previous audits and attestation engagementsc. fraud, illegal acts, violations of provisions of contracts or grant agreements, or abuse that could have a material effect on the subject matter or an assertion about the subject matterd. developing elements of a finding; ande. attest documentation. See paragraphs 5.06 through 5.23 for additional discussion of 5.05 a-e.
62Chapter 5 - Attestation Engagements The Three Levels of Service Realigned the chapter to place emphasis on the three levels of attestation engagements in accordance with the AICPA, and introduced separate sections for type of attestation engagementExaminationReviewAgreed-Upon proceduresThe additional requirements for government auditing relate to:a. auditor communication;b. previous audits and attestation engagementsc. fraud, illegal acts, violations of provisions of contracts or grant agreements, or abuse that could have a material effect on the subject matter or an assertion about the subject matterd. developing elements of a finding; ande. attest documentation. See paragraphs 5.06 through 5.23 for additional discussion of 5.05 a-e.
63Chapter 5 - Attestation Engagements Requirements Beyond AICPA For examination-level engagements, clearly identified the additional GAGAS requirements beyond the AICPA. As in previous editions, the additional requirements relate toAuditor communicationPrevious audits and attestation engagementsFraud, illegal acts, violations of provisions of contracts or grant agreements, or abuse that could have a material effect on the subject matter or an assertion about the subject matterDeveloping elements of a findingDocumentationThe additional requirements for government auditing relate to:a. auditor communication;b. previous audits and attestation engagementsc. fraud, illegal acts, violations of provisions of contracts or grant agreements, or abuse that could have a material effect on the subject matter or an assertion about the subject matterd. developing elements of a finding; ande. attest documentation. See paragraphs 5.06 through 5.23 for additional discussion of 5.05 a-e.
64Chapter 5 - Attestation Engagements For each level of service provided by attestation engagements, added language onAdditional GAGAS requirements on citing compliance with GAGASThe importance of the required elements of AICPA reporting under each level of attestation engagementsEstablishing an understanding with the entity regarding the services to be performedThe additional requirements for government auditing relate to:a. auditor communication;b. previous audits and attestation engagementsc. fraud, illegal acts, violations of provisions of contracts or grant agreements, or abuse that could have a material effect on the subject matter or an assertion about the subject matterd. developing elements of a finding; ande. attest documentation. See paragraphs 5.06 through 5.23 for additional discussion of 5.05 a-e.
65Chapter 5 - Attestation Engagements Removal of Duplication with AICPA Removed duplicate definitions of internal control deficiencies between GAGAS and AICPA standardsSignificant deficiencyMaterial weakness
66Chapter 5 - Attestation Engagements Clarifications on Reporting Deficiencies For examination engagements, added language on reporting deficiencies in internal controlAuditors should include in the examination report all deficiencies, even those communicated early, that are considered significant deficiencies or material weaknessesDeficiencies remediated before the examination report is issued should be reported, along with notification of the remediation
67Chapter 5 - Attestation Engagements AICPA Standards: Special Considerations for Government EngagementsHighlighted considerations for applying certain AICPA standards in a GAGAS attestation engagement (consistent with Financial Audits)MaterialityEarly communication of deficiencies
68Chapter 5 - Attestation Engagements Deleted Requirements Deleted GAGAS requirements that were adequately covered by AICPA or elsewhere in GAGASDocument terminated engagementsDevelop policies to address requests by outside parties to obtain access to audit documentation
69Chapter 6 Field Work Standards for Performance Audits
70Chapter 6 - Performance Audits: Field Work - Deletion Deleted the requirement that the audit organization develop policies to address requests by outside parties to obtain access to audit documentation since covered by Quality Control requirements of GAGAS
71Chapter 6 - Performance Audits: Field Work Retained the documentation requirement pertaining to termination of an audit(We are proposing deleting this requirement for financial audits and attestation engagements)
72Chapter 7 Reporting Standards for Performance Audits
73Chapter 7 - Performance Audits: Reporting - Modifications Modified the reporting requirementsThe discussion of requirements for reporting deficiencies in internal control, on noncompliance with provisions of laws, regulations, contracts, and grant agreements, and on abuse, noting that professional judgment is required in making reporting determinationsThe fraud reporting requirement is now limited to occurrences that are significant within the context of the audit
74Chapter 7 - Performance Audits: Reporting – Modifications Modified the reporting requirements (continued)Added a requirement that auditors obtain and report views of responsible officials concerning the findings, conclusions, and recommendations included in the auditors’ report, as well as planned corrective actions, has been added, consistent with the other GAGAS reporting standards
75We also get lots of help from: Yellow Book Team:Jim Dalkin (202)Marcia Buchanan (202)Cheryl Clark (202)Kristen Kociolek (202)Gail Vallieres (202)Michael Hrapsky (202)Heather Keister (202)Theresa Phipps (202)Tom Hackney (303)Eric Holbrook (202)Mark Kaufman (202)Andrew Seehusen (202)We also get lots of help from:Bob Dacey, GAO Chief AccountantJennifer Allison, Advisory Council AdministratorContact us atChallenges to Government and Not-For-Profit CommunityFiscal condition of government grantor organizations (federal, state, and local governments) may impact long-term grant revenues and design of programsNeed for services is increasingExpectations for an unprecedented level of transparency and accountabilityQualified personnel needed to implement proper controls and accountability at all levels of governmentClose and ongoing coordination needed among federal, state and local governments, and the grantee organizationsEvolving standards and requirements75
76Where to Find the Yellow Book The Yellow Book is available on GAO’s website at:For technical assistance, contact us at76
77How to provide comments on the GAO proposal The GAQC encourages members to provide GAO with comments.Submit your comments electronically directly to GAO atDue date is November 22, 2010Please submit copy to GAQC atACIAP/GAQC will be providing comments.77