Presentation is loading. Please wait.

Presentation is loading. Please wait.

What’s New in Government Auditing and Internal Control Standards? AGA/ASMC Professional Development Training March 24, 2015 Page 1.

Published byJerome Robbins Modified over 8 years ago

Similar presentations

Presentation on theme: "What’s New in Government Auditing and Internal Control Standards? AGA/ASMC Professional Development Training March 24, 2015 Page 1."— Presentation transcript:

1 What’s New in Government Auditing and Internal Control Standards? AGA/ASMC Professional Development Training March 24, 2015 Page 1

2 Session Objectives To discuss recent developments in Government Auditing Standards (Yellow Book) To discuss GAO’s revision to the Standards for Internal Control in the Federal Government (Green Book) Page 2

3 Government Auditing Standards Yellow Book Update Page 3

4 Yellow Book = “GAGAS” GAGAS—Generally Accepted Government Auditing Standards: Broad statements of auditors’ responsibilities An overall framework for ensuring that auditors have the competence, integrity, objectivity, and independence in planning, conducting, and reporting on their work For financial audits and attestation engagements, incorporates and builds on the AICPA standards (SASs and SSAEs) Page 4

5 The 2011 Yellow Book: Applicability Chapters 1, 2, and 3 apply to all GAGAS engagements: Chapter 1: Government Auditing: Foundation and Ethical Principles Chapter 2: Standards for Use and Application of GAGAS Chapter 3: General Standards Chapter 4: Standards for Financial Audits – applies only to financial audits Chapter 5: Standards for Attestation Engagements – applies only to attestation engagements Page 5

6 The 2011 Yellow Book: Applicability (cont.) Chapters 6 and 7 apply only to performance audits: Chapter 6: Field Work Standards for Performance Audits Chapter 7: Reporting Standards for Performance Audit Appendix: Provides additional guidance (not requirements) for all GAGAS engagements Interpretations: Available on the Yellow Book web page. Provide additional guidance (not requirements) for areas of particular interest or sensitivity Page 6

7 Yellow Book Update Commonly Discussed Sections New Interpretation Future Plans for Revision Page 7

8 Commonly Discussed Sections Independence – Nonaudit services and assessment of skill, knowledge and experience (SKE) Continuing Profession Education (CPE) Peer Review Page 8

9 Applying the Independence Framework Conceptual Framework: 1.Identify threats to independence 2.Evaluate the significance of the threats identified, both individually and in the aggregate 3.Apply safeguards as necessary to eliminate the threats or reduce them to an acceptable level 4.Evaluate whether the safeguard is effective Documentation Requirement: Para 3.24: When threats are not at an acceptable level and require application of safeguards, auditors should document the safeguards applied. Page 9

10 Independence Conceptual Framew ork Applying The Framework Threats could impair independence Do not necessarily result in an independence impairment Safeguards could mitigate threats Eliminate or reduce to an acceptable level Page 10

11 Additional Documentation Requirements 1.Auditors must document application of safeguards in place 2.Auditors must document assessment of skill, knowledge, and experience (SKE) Page 11

12 Safeguards: Nonaudit Services Auditors should document safeguards when significant threats are identified: Auditor has responsibility to perform the assessment, this cannot be a management assertion Assessment should be in writing and indicate actions the auditor has taken to mitigate the threat Assessment should include a conclusion Auditor should document actions taken to mitigate the threat (safeguards) An example of safeguards for nonaudit services may include actions taken by the auditor to preserve independence such as an extra level of review or secondary review Page 12

13 Assessing Management’s Skill, Knowledge, and Experience Factors to document include management’s: Understanding of the nature of the nonaudit service Knowledge of the audited entity’s mission and operations General business knowledge Education Position at the audited entity Some factors may be given more weight than others GAGAS does not require that management have the ability to perform or reperform the service Page 13

14 Sufficiency of Skills, Knowledge and Experience Sufficient skills, knowledge and experience may be judged based in part on: Ability of the responsible audited entity personnel to understand the nature and results of the nonaudit service Ability of the responsible person to identify material errors or misstatements in a nonaudit service work product Ability and willingness and of the responsible person to take meaningful action in the event of identification of a problem with the nonaudit service Client prepared material in poor condition may indicate the client is not capable of taking responsibility for the service. Significant audit findings and adjustments may also be indicative of this issue. Page 14

15 Continuing Professional Education (CPE) No revision to overall requirements Minimum of 24 hours of CPE every 2 years Government Specific or unique environment Auditing standards and applicable accounting principles Additional 56 hours of CPE for auditors involved in Planning, directing, or reporting on GAGAS assignments or Charge 20 percent or more of time annually to GAGAS assignments Minimum of 20 hours of CPE each year Page 15

16 Peer Review Ratings The peer review team uses professional judgment in deciding the type of peer review report Types of peer review ratings: Page 16

17 New Interpretation: Peer Review Ratings GAO developed interpretive guidance on assessing and reporting on the results of peer reviews in government environment: New report ratings do not change the thresholds for deficiency reporting Matters identified during peer review that are not included in report may be communicated orally or in writing Page 17

18 Yellow Book Interpretations Same authority as Yellow Book Presented to Advisory Council Addressed with key stakeholders Posted to GAO website Page 18

19 Future Plans for Revision Plans for the next Yellow Book revision are underway Areas being considered for revision include: CPE Competence Further clarify updates Updates for ASB attest section modifications Peer review Page 19

20 Standards for Internal Control in the Federal Government Page 20 Going Green

21 1983Present Green Book Through the Years Page 21

22 What’s in Green Book for the Federal Government? Reflects federal internal control standards required per Federal Managers’ Financial Integrity Act (FMFIA) Serves as a base for OMB Circular A-123 Written for government Leverages the COSO Framework Uses government terms Page 22

23 What’s in Green Book for State and Local Governments? May be an acceptable framework for internal control on the state and local government level under OMB Uniform Guidance for Federal Awards Written for government Leverages the COSO Framework Uses government terms Page 23

24 What’s in Green Book for Management and Auditors? Provides standards for management Provides criteria for auditors Can be used in conjunction with other standards, e.g. Yellow Book Page 24

25 Updated COSO Framework Released May 14, 2013 Page 25

26 The COSO Framework Relationship of Objectives and Components Direct relationship between objectives (which are what an entity strives to achieve) and the components (which represent what is needed to achieve the objectives) COSO depicts the relationship in the form of a cube: Three objectives: columns Five components: rows Organizational structure: third dimension Source: COSO Page 26

27 From COSO to Green Book: Harmonization COSO Green Book Page 27

28 Revised Green Book: Standards for Internal Control in the Federal Government Page 28 Overview Standards

29 Revised Green Book: Overview Explains fundamental concepts of internal control Addresses how components, principles, and attributes relate to an entity’s objectives Discusses management evaluation of internal control Overview Standards Page 29

30 Fundamental Concepts What is internal control in Green Book? OV1.01 Internal control is a process effected by an entity’s oversight body, management, and other personnel that provides reasonable assurance that the objectives of an entity will be achieved. What is an internal control system in Green Book? OV1.04 An internal control system is a continuous built-in component of operations, effected by people, that provides reasonable assurance, not absolute assurance, that an entity’s objectives will be achieved. Page 30

31 Fundamental Concepts (cont.) Put simply, internal control is a process to help entities achieve objectives. Page 31

32 Overview: Components, Principles, and Attributes Achieve ObjectivesComponentsPrinciplesAttributes Overview Standards Page 32

33 Revised Green Book: Principles Page 33

34 Components and Principles Page 34

35 Component, Principle, Attribute Page 35

36 Overview: Principles and Attributes Overview Standards In general, all components and principles are required for an effective internal control system Principles and Attributes: Entity should implement relevant principles If a principle is not relevant, document the rationale of how, in the absence of that principle, the associated component could be designed, implemented, and operated effectively Attributes are considerations that can contribute to the design, implementation, and operating effectiveness of principles Page 36

37 Overview: Principles and Attributes (cont.) OV2.05: The 17 principles support the effective design, implementation, and operation of the associated components and represent requirements necessary to establish an effective internal control system. OV2.07 excerpt: The Green Book contains additional information in the form of attributes... Attributes provide further explanation of the principle and documentation requirements and may explain more precisely what a requirement means and what it is intended to cover, or include examples of procedures that may be appropriate for an entity. Page 37

38 Overview: Management Evaluation An effective internal control system requires that each of the five components are: Effectively designed, implemented, and operating Operating together in an integrated manner Management evaluates the effect of deficiencies on the internal control system A component is not effective if related principles are not effective Overview Standards Overview Standards Page 38

39 Overview: Additional Considerations The impact of service organizations on an entity’s internal control system Discussion of documentation requirements in the Green Book Applicability to state, local, and quasi-governmental entities as well as not-for-profits Cost/Benefit and Large/Small Entity Considerations Overview Standards Overview Standards Page 39

40 Revised Green Book: Standards Control Environment Risk Assessment Control Activities Information and Communication Monitoring Overview Standards Page 40

41 Revised Green Book: Standards Explains principles for each component Includes further discussion of considerations for principles in the form of attributes Overview Standards Page 41

42 Control Environment Page 42

43 Risk Assessment Page 43

44 Control Activities Page 44

45 Information & Communication Page 45

46 Monitoring Page 46

47 Controls Across Components Page 47

48 Other Key Considerations Standards vs. Framework Documentation Requirements Overview lists in OV4.08 the documentation requirements found in the principles which represent the minimum level of documentation necessary for an effective internal control system Page 48

49 Documentation Requirements Excerpt from OV2.06: If management determines a principle is not relevant, management supports that determination with documentation that includes the rationale of how, in the absence of that principle, the associated component could be designed, implemented, and operated effectively. Page 49

50 Documentation Requirements (cont.) Control Environment 3.09: Management develops and maintains documentation of its internal control system. Control Activities 12.02: Management documents in policies the internal control responsibilities of the organization. Page 50

51 Documentation Requirements (cont.) Monitoring 16.09: Management evaluates and documents the results of ongoing monitoring and separate evaluations to identify internal control issues. 17.05: Management evaluates and documents internal control issues and determines appropriate corrective actions for internal control deficiencies on a timely basis. 17.06: Management completes and documents corrective actions to remediate internal control deficiencies on a timely basis. Page 51

52 Accessibility of Green Book Comments raised during exposure identified new need: How do we make the Green Book more accessible to our user community? Page 52

53 The Green Book Layout Changed the layout of the Green Book itself to make it more user friendly: Introduced a highlights page Facsimile page Graphics throughout the overview and standards Page 53

54 Highlights Page Page 54

55 Facsimile Page Page 55

56 Cube as Navigation Aid Page 56

57 The Green Book in Action Relationship between the Green Book and Yellow Book Page 57

58 Green Book and Yellow Book Can be used by management to understand requirements Can be used by auditors to understand criteria Page 58

59 The Yellow Book: Framework for Audits Findings are composed of: Condition (What is) Criteria (What should be) Cause Effect (Result) Recommendation (as applicable) Page 59

60 Linkage Between Criteria (Yellow Book) and Internal Control (Green Book) Green Book provides criteria for the design, implementation, and operating effectiveness of an effective internal control system Page 60

61 The Yellow Book: Framework for Audits Findings are composed of: Condition (What is) Criteria (What should be) Cause Effect (Result) Recommendation (as applicable) Page 61

62 Linkage Between Findings (Yellow Book) and Internal Control (Green Book) Findings may have causes that relate to internal control deficiencies Page 62

63 Effective Date Green Book effective beginning fiscal year 2016 and for the FMFIA reports covering that year Management, at its discretion, may elect early adoption of the Green Book Page 63

64 Where to Find Us The Yellow Book is available on GAO’s website at: www.gao.gov/yellowbook The Green Book is available on GAO’s website at: www.gao.gov/greenbook For technical assistance, contact us at: yellowbook@gao.govyellowbook@gao.gov or greenbook@gao.govgreenbook@gao.gov or call (202) 512-9535 Page 64

65 Thank You Questions? Page 65

Download ppt "What’s New in Government Auditing and Internal Control Standards? AGA/ASMC Professional Development Training March 24, 2015 Page 1."

Similar presentations

1 2011 Yellow Book: Changes You Need to Know NASACT Training Webinar Marcia Buchanan May 4, 2011.

Yellow Book: Changes You Need to Know NASACT Training Webinar Marcia Buchanan May 4, 2011.
Internal Control–Integrated Framework

Internal Control–Integrated Framework
PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
Federal Audit Executive Council (FAEC) June 2012 Bi-Monthly Meeting Heather I. Keister Doris G. Yanger June 14, 2012 Green Book Update.

Federal Audit Executive Council (FAEC) June 2012 Bi-Monthly Meeting Heather I. Keister Doris G. Yanger June 14, 2012 Green Book Update.
Appendix B – Checklist for Review of Adherence to General Standards Peer Review Training – National Science Foundation August 16, 2012 Kieu Rubb, Treasury.

Appendix B – Checklist for Review of Adherence to General Standards Peer Review Training – National Science Foundation August 16, 2012 Kieu Rubb, Treasury.
Assurance Services and Auditing Research Chapter 8.

Assurance Services and Auditing Research Chapter 8.
1 Yellow Book: What You Need to Know AASHTO Accounting and Auditing Subcommittee Meeting Grand Hyatt Denver Tom Hackney July 27, 2011.

1 Yellow Book: What You Need to Know AASHTO Accounting and Auditing Subcommittee Meeting Grand Hyatt Denver Tom Hackney July 27, 2011.
Assurance Services and Auditing Research Chapter 8.

Assurance Services and Auditing Research Chapter 8.
Government Auditing Standards

Government Auditing Standards
Going “GAGAS” for the GAO Yellow Book

Going “GAGAS” for the GAO Yellow Book
Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.

Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.
1 2011 Yellow Book: What You Need to Know West Virginia AGA Spring Training MOV AGA Chapter Parkersburg, WV May 14, 2013 Nicole M. Burkart.

Yellow Book: What You Need to Know West Virginia AGA Spring Training MOV AGA Chapter Parkersburg, WV May 14, 2013 Nicole M. Burkart.
What’s New in Government Internal Control Standards?

What’s New in Government Internal Control Standards?
Standards for Internal Control in the Government Going Green Standards for Internal Control in the Federal Government 1.

Standards for Internal Control in the Government Going Green Standards for Internal Control in the Federal Government 1.
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.

Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
AICPA Governmental Audit Quality Center Member Conference Call on The New Standards on Quality Control and Practical Implementation Tips May 14, 2009.

AICPA Governmental Audit Quality Center Member Conference Call on The New Standards on Quality Control and Practical Implementation Tips May 14, 2009.
SAFA- IFAC Regional SMP Forum

SAFA- IFAC Regional SMP Forum
Purpose of the Standards

Purpose of the Standards
ISA 220 – Quality Control for Audits of Historical Financial Information

ISA 220 – Quality Control for Audits of Historical Financial Information

Similar presentations

Ads by Google