Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Yellow Book Update: 2010 Exposure Draft NASACT Middle Management Conference Marcia B. Buchanan Oklahoma City, Oklahoma April 19, 2010.

Similar presentations


Presentation on theme: "1 Yellow Book Update: 2010 Exposure Draft NASACT Middle Management Conference Marcia B. Buchanan Oklahoma City, Oklahoma April 19, 2010."— Presentation transcript:

1 1 Yellow Book Update: 2010 Exposure Draft NASACT Middle Management Conference Marcia B. Buchanan Oklahoma City, Oklahoma April 19, 2010

2 2 Session Objectives Review why Government Auditing Standards (the Yellow Book) is being revised Highlight areas that GAO expects to be revised in the next Yellow Book Discuss the anticipated timeline for the Yellow Book revision

3 3 Disclaimer Required to Receive a Preview The revisions discussed are preliminary and subject to change based on feedback from the Comptroller Generals Advisory Council on Government Auditing Standards and others

4 4 Why the Yellow Book is being revised Continue to promulgate high quality Government Auditing Standards Promote the modernization of auditing standards Streamline with standard setters Encourage development of consistent, core auditing standards

5 5 Why the Yellow Book is being revised (Continued) Address issues GAO has observed Questions sent to Yellow Book Technical Assistance GAOs work on the oversight of the American Recovery and Reinvestment Act

6 6 Movements Towards Clarity Key aspects of the clarity conventions were incorporated in the 2007 Yellow Book Must, is required, and should designate requirements Uses active sentences Footnotes will now be used only to reference other standards or paragraphs within GAGAS Footnotes were either: Moved into the text of the GAGAS standard Moved to the GAGAS Appendix Removed from the Yellow Book

7 7 Use of terminology Standardized language to define auditor requirements Consistent with SAS No. 102: Must and is required indicate an unconditional requirement Should indicates a presumptively mandatory requirement Text not using the above conventions is considered explanatory material

8 8 Must & Should Word Count Chapter 2007 YB2011 YB MustShouldMustShould 1 0000 2 311312 3 1760584 4 1288068 5 9 062 6 667668 7 159161 Appendix 0101 TOTALS4835415356

9 9 Yellow Book: Revisions Under Consideration Realigned chapters 1 and 2 Chapter 1 – concepts and ethics Chapter 2 – requirements for the use and application of GAGAS Defined reasonable assurance Clarification of GAGAS attestation engagements Other definitions and clarifications

10 10 Yellow Book: Revisions Under Consideration (Continued) Revised Independence Replace current standards with conceptual framework Promote consistency with AICPA and IFAC, particularly non-audit services

11 11 Yellow Book: Revisions Under Consideration (Continued) Clarified CPE requirements for Specialists Clarified requirements for being considered an internal specialist

12 12 Yellow Book: Revisions Under Consideration (Continued) Expanded discussion of quality control and assurance for the audit organization New types of peer review opinions

13 13 Yellow Book: Revisions Under Consideration (Continued) Financial Audits Consolidated requirements previously in chapters 4 and 5, into a new chapter 4 Streamlined with AICPA standards Enhanced wording consistency with AICPA

14 14 Yellow Book: Revisions Under Consideration (Continued) Attestation engagements Incorporates examination-level engagements Limits use of GAGAS for review-level engagements and agreed-upon procedures to attestation engagements which are required by law or regulation

15 15 Yellow Book: Revisions Under Consideration (Continued) Performance audits Added definition of waste and related auditor requirements Revised requirement for reporting on fraud Added requirement for reporting instances of waste

16 16 Chapters 1 and 2

17 17 Reorganization of Chapters 1 and 2 Realigned Chapters 1 and 2 Chapter 1 - concepts and ethics that serve as the foundation for the requirements and guidance for GAGAS Chapter 2 - requirements for the use and application of GAGAS

18 18 Definition of Reasonable Assurance Reasonable Assurance Is a high level of assurance, not absolute assurance Supports the auditors reported findings and conclusions within the context of the audit objectives For all audits under GAGAS, the auditor obtains reasonable assurance

19 19 Chapter 1 - Clarifications and Other Definitions Clarified or added definitions of Auditor Audit organization Audit team Audit period Transparency

20 20 Chapter 2 - Clarifications Overall discussion of audit documentation Clarified citing compliance with GAGAS Departures from presumptively mandatory requirements Using GAGAS with other standards Attestation engagements Additional objective for GAGAS financial audits

21 21 Attestation Engagements Auditors may cite compliance with GAGAS Examination-level attestation engagements or If a law or regulation requires auditors to perform a review-level or an agreed-upon procedures engagement in accordance with GAGAS and the auditor follows AICPA SSAEs applicable to review-level or agreed-upon procedures and GAGAS general standards in Chapter 3

22 22 GAGAS statement for Agreed-Upon Procedures Attestation Engagement that cites GAGAS This agreed-upon procedures engagement was conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants and generally accepted government auditing standards, issued by the Comptroller General of the United States. Adopt similar language for review-level engagements

23 23 Chapter 3, General Standards (Independence)

24 24 Conceptual Framework Approach for Independence Current rules-based approach to independence Does not provide needed flexibility to deal with the diverse facts and circumstances that exist in practice AICPA and IFAC both have frameworks GAGAS framework will: Provide consistent results when compared with AICPA / IFAC Address unique governmental structural issues

25 25 Conceptual Framework Approach for Independence Under the proposed GAGAS Conceptual Framework approach, auditors identify threats to independence; evaluate the significance of the threats identified; and apply safeguards, when necessary, to eliminate the threats or reduce them to an acceptable level GAO will retire current Questions and Answers to Independence Standard Questions guidance

26 26 Assess condition or activity for threats to independence Is threat significant?Proceed Identify and apply appropriate safeguard(s) Is threat eliminated or reduced to an acceptable level? Potential independence impairment; do not proceed YES NO YES NO Assess safeguard effectiveness Assess threat for significance Threat identified? NO YES

27 27 Broad Categories of Threats Seven categories of threats: Self-interest threat Self-review threat Bias threat Familiarity threat Undue influence threat Management participation threat Structural threat

28 28 Overarching Principles and Supplemental Safeguards from 2007 Yellow Book Incorporated into the Conceptual Framework approach to independence Covered by two threat categories in the conceptual framework Management participation threat Audit organizations must not provide nonaudit services that involve performing management functions or making management decisions Self-review threat Audit organizations must not audit their own work or provide nonaudit services in situations in which the nonaudit services are significant or material to the subject matter of the audits

29 29 Threat Categories Self-interesta financial or other interest will inappropriately influence the auditors judgment or behavior Self-reviewan auditor will not appropriately evaluate the results of a previous judgment or service of the auditor or audit organization, on which the auditor will rely as part of providing a current service

30 30 Threat Categories (continued) Biasan auditor will, as a result of political, ideological, social, or other convictions, promote a position to the point that the auditors objectivity is compromised Familiaritydue to a long or close relationship with an audited entity or employer, an auditor will be too sympathetic to their interests or too accepting of their work

31 31 Threat Categories (continued) Undue influencean auditor will be deterred from acting objectively because of actual or perceived pressures from individuals or groups (external impairments) Management participationresults when an auditor takes on a management role or otherwise performs management functions on behalf of and audited entity

32 32 Threat Categories (continued) Structuralan audit organizations placement within a government entity will impact the ability to perform work and report objectively (organizational impairments) Applies only to audit organizations that are organizationally located within government entities

33 33 Safeguards Controls that mitigate or eliminate threats to independence Effective controls eliminate the threat or reduce to an acceptable level the threats potential to impair independence

34 34 Safeguards (Continued) Two broad categories: Safeguards created by the profession, legislation, or regulation Safeguards in the work environment

35 35 Safeguards Created by the Profession, Legislation or Regulation Regulations designed to ensure appropriate management of public resources Professional standards Professional or regulatory monitoring and disciplinary procedures External review by a legally empowered third party of the reports, communications or other information produced by the auditor

36 36 Safeguards in the Work Environment Documented policies regarding the need to: Identify threats to independence, Evaluate the significance of those threats, Apply safeguards to eliminate or reduce the threats to an acceptable level, and when appropriate safeguards are not available or cannot be applied, terminate or decline the relevant engagement

37 37 Safeguards in the Work Environment (Continued) Policies and procedures that will enable the identification interest or relationships between the audited entities and: The audit organization Members of engagement teams

38 38 Safeguards in the Work Environment (continued) Using different management and engagement teams Timely communication of an audit organizations policies and procedures Designating a member of senior management to oversee the adequate functioning of the audit organizations quality control system

39 39 Independence Framework Example Payroll Accruals Client requests auditor to assist with payroll accruals for financial statements prepared using GASB accounting standards Threatself-review threat Safeguard-Knowledgeable staff at client that is able to review and check reasonableness of numbers based on analytical calculation Safeguard-Staff assigned are not connected to the audit team

40 40 Assess condition or activity for threats to independence Is threat significant?(material)Proceed Identify and apply appropriate safeguard(s) (Knowledgeable management) Is threat eliminated or reduced to an acceptable level? Potential independence impairment; do not proceed YES NO YES NO Assess safeguard effectiveness- depends on confidence on managements knowledge Assess threat for significance Threat identified? (self-review threat) NO YES Payroll Accruals example

41 41 Independence Framework Example Slaughterhouse Auditor, who is a vegetarian, is asked to work on an audit of a slaughterhouse Threat – bias threat Significance of the threat Why is the auditor a vegetarian? (Health or personal views) Safeguards Role and responsibilities of the auditor on the engagement Activity being audited (Payroll or slaughter operations)

42 42 Assess condition or activity for threats to independence Is threat significant?(material)Proceed Identify and apply appropriate safeguard(s) (level of the auditor, subject of the audit) Is threat eliminated or reduced to an acceptable level? Potential independence impairment; do not proceed YES NO YES NO Assess safeguard effectiveness Assess threat for significance (reason for being vegetarian) Threat identified? (bias threat) NO YES Slaughterhouse example

43 43 Chapter 3, General Standards (Professional Judgment, Competence and Quality Control and Assurance)

44 44 Professional Judgment Added discussion on using professional judgment in applying the conceptual framework for independence

45 45 Continuing Professional Education (CPE) 2007 Revision of GAGAS incorporated the revised CPE requirements that were issued in April 2005 (GAO-05-568G) No revision to overall requirements 24 hours of CPE every 2 years directly related to GAGAS engagements Additional 56 hours of CPE, involved in planning, directing, or reporting on GAGAS assignments or charge 20 percent or more of time annually to GAGAS assignments 20 hours of CPE each year

46 46 Prorating CPE Clarified prorating required CPE hours for auditors hired or assigned to a GAGAS engagement after the beginning of the CPE period

47 47 Clarified CPE Requirements for Specialists External specialists Internal specialists Internal consultants

48 48 System of Quality Control Expanded discussion of quality control and assurance for the audit organization Policies and procedures for each element of the system of quality control, but do not have to be separate Audit organization may establish overall policies and procedures that collectively address multiple elements of the system of quality control

49 49 Peer Review Aligned the types of peer review opinions with the new types of opinions used in the AICPA peer review program Some peer review programs may still use the prior terminology

50 50 Chapters 4 and 5 Financial Audits and Attestation Engagements

51 51 Financial Audits and Attestation Engagements Informally adopted a tiered writing approach to Chapters 4 and 5 Retain linkage between AICPA standards and GAGAS Clearly note additional requirements beyond the AICPA to address the accountability and transparency needs of governments No new requirements added in this revision

52 52 Financial Audits Emphasized governmental considerations for AICPA standards Materiality Ongoing investigations or legal proceedings Early communication of deficiencies

53 53 Financial Audits Deleted the following: Requirement for reporting on restatements Requirement for the audit organization to develop policies to deal with requests by outside parties to obtain access to audit documentation Requirement on documentation for terminated engagements Definitions of internal control deficiencies, since definitions of material weakness and significant deficiency are incorporated by reference in SAS 115

54 54 Reporting on Restatements GAO staff proposes removal of requirement for reporting on restatement AICPA issued an exposure draft, Subsequent Events and Subsequently Discovered Facts GAO staff will continue to monitor the language of the proposed SAS and any revisions made from the exposure draft

55 55 Update terminology AICPA will eliminate the ten standards, and replace these standards as part of clarity Revision to the AICPA standards will cause the GAGAS incorporation to be out of date

56 56 SAS 115 - Revised Definitions for Internal Control Deficiencies Defines the terms deficiency in internal control, significant deficiency, and material weakness Provides guidance on evaluating the severity of deficiencies in internal control No change in practice since likelihood and magnitude are used as criteria to determine whether control deficiencies should be reported

57 57 SAS 115 - Revised Definitions for Internal Control Deficiencies (Continued) Requires the auditor to communicate, in writing, to management and those charged with governance, significant deficiencies and material weaknesses identified in an audit Current proposal does not include the definitions in GAGAS, since they are already incorporated through the AICPA standards

58 58 New vs. Old Internal Control Deficiency Definitions New Definition - SAS 1152007 GAGAS Definition (SAS 112) Significant Deficiency A deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance A deficiency in internal control or combination of deficiencies, that adversely affects the entitys ability to initiate, authorize, record, process, or report financial data reliably in accordance with GAAP such that there is more than a remote likelihood that a misstatement of the entitys financial statements that is more than inconsequential will not be prevented or detected. Material Weakness A deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entitys financial statements will not be prevented, or detected and corrected on a timely basis A significant deficiency, or combination of significant deficiencies, that results in more than a remote likelihood that material misstatement of the financial statements will not be prevented or detected

59 59 Early Communication of Internal Control and Compliance Deficiencies No new standard but emphasizing requirement in SAS No. 115 Discuss the public interest of early communication Allow corrective action to start before the report is issued

60 60 GAO Interim Guidance on Reporting Deficiencies in Internal Control Issued November 2008 to assist auditors in complying with SAS No. 115, Communicating Internal Control Related Matters Identified in an Audit (effective for periods ending on or after December 15, 2009) SSAE No. 15, An Examination of an Entitys Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements Revised AICPA standards have different definitions of material weaknesses and significant deficiencies than GAGAS Pending the revision, auditors may use the AICPAs new definition for GAGAS purposes

61 61 Chapters 6 and 7 Performance Audits

62 62 Fraud and Waste Added a definition of waste Same auditor responsibility as for abuse Reporting requirements Instances of fraud that are significant within the context of the audit objectives, rather than all fraud Instances of waste that are significant within the context of the audit objectives

63 63 Performance Audits Deleted the following: Discussion of reasonable assurance, defined for all types of audits in chapter 1 Requirement for the audit organization to develop policies to deal with requests by outside parties to obtain access to audit documentation

64 64 2011 Yellow Book Projected Dates June 2010: Issue Exposure Draft of 2011 Revision of GAGAS September 2010: Comments due on Exposure Draft January – February 2011: Issue 2011 Revision of GAGAS AICPA proposed date of clarified standards is December 15, 2011: GAO staff will propose an effective date based on final AICPA date

65 65 Yellow Book Team: Jim Dalkin (202) 512-3133 Marcia Buchanan (202) 512-9321 Cheryl Clark (202) 512-9377 Kristen Kociolek (202) 512-2989 Gail Vallieres (202) 512-9370 Michael Hrapsky (202) 512-9535 Heather Keister (202) 512-2943 Theresa Phipps (202) 512-2574 Tom Hackney (303) 572-7304 Eric Holbrook (202) 512-5232 Mark Kaufman (202) 512-9341 Andrew Seehusen (202) 512-4896 We also get lots of help from: Bob Dacey, GAO Chief Accountant Jennifer Allison, Advisory Council Administrator Contact us at yellowbook@gao.gov GAOs Accountability & Standards Team

66 66 Where to Find the Yellow Book The Yellow Book is available on GAOs website at: www.gao.gov/govaud/ybk01.htm For technical assistance, contact us at yellowbook@gao.gov


Download ppt "1 Yellow Book Update: 2010 Exposure Draft NASACT Middle Management Conference Marcia B. Buchanan Oklahoma City, Oklahoma April 19, 2010."

Similar presentations


Ads by Google