Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Yellow Book: What You Need to Know

Published byHilda Ward Modified over 8 years ago

Similar presentations

Presentation on theme: "The Yellow Book: What You Need to Know"— Presentation transcript:

1 The Yellow Book: What You Need to Know
AASHTO Audit Subcommittee Portland, Oregon July 2015 Drummond Kahn, City of Portland Advisory Council on Government Auditing Standards

2 Session Objective Provide a general overview of the Yellow Book

3 Yellow Book = “GAGAS” GAGAS—Generally Accepted Government Auditing Standards Broad statements of auditors’ responsibilities An overall framework for ensuring that auditors have the competence, integrity, objectivity, and independence in planning, conducting, and reporting on their work For financial audits and attestation engagements, incorporates and builds on the AICPA standards (SASs and SSAEs) 3

4 The 2011 Yellow Book: Applicability
Chapters 1, 2, and 3 apply to all GAGAS engagements Chapter 1: Government Auditing: Foundation and Ethical Principles Chapter 2: Standards for Use and Application of GAGAS Chapter 3: General Standards Chapter 4: Standards for Financial Audits – applies only to financial audits Chapter 5: Standards for Attestation Engagements - applies only to attestation engagements

5 The 2011 Yellow Book Applicability (Continued)
Chapters 6 and 7 apply only to performance audits Chapter 6: Field Work Standards for Performance Audits Chapter 7: Reporting Standards for Performance Audits Appendix: Provides additional guidance (not requirements) for all GAGAS engagements Interpretations: Available on the Yellow Book web page. Provide additional guidance (not requirements) for areas of particular interest or sensitivity.

6 Chapter 2: Types of GAGAS Engagements
All audits begin with objectives, and those objectives determine the type of audit to be performed and the applicable standards to be followed. The types of audits that are covered by GAGAS, as defined by their objectives, are classified in the Yellow Book as Financial audits, Attestation engagements, and Performance audits. 6

7 Chapter 2: Attestation Engagements
Attestation engagements can cover a broad range of financial or non-financial objectives and may provide different levels of assurance about the subject matter or assertion depending on the users’ needs. The three types of attestation engagements are: Examination Review Agreed-Upon Procedures

8 Chapter 2: Performance Audits
Performance audits are defined as audits that provide findings or conclusions based on an evaluation of sufficient, appropriate evidence against criteria Performance audits provide objective analysis to assist management and those charged with governance and oversight in using the information to Improve program performance and operations Reduce costs Facilitate decision making, and Contribute to public accountability

9 Chapter 2: Use of Terminology
Standardized language to define the auditor requirements Consistent with AU-C 200: Must indicates an unconditional requirement Should indicates a presumptively mandatory requirement Text not using the above conventions is considered explanatory material

10 Chapter 3: General Standards
Independence Conceptual framework Provision of nonaudit services to auditees Professional judgment Competence Technical knowledge Continuing Professional Education Quality Assurance System of quality assurance Peer review 10

11 Chapter 3: Independence
In all matters relating to the audit work, the audit organization and the individual auditor, whether government or public, must be independent. Independence comprises: Independence of Mind Independence in Appearance

12 Independence Conceptual Framework
Allows the auditor to assess unique circumstances Adaptable Consistent with AICPA and IFAC frameworks Significant differences from ET-101-3 Entry point for independence assessment Emphasis on services “in aggregate” Documentation requirements 12

13 Applying the Framework
Conceptual Framework: Identify threats to independence Evaluate the significance of the threats identified, both individually and in the aggregate Apply safeguards as necessary to eliminate the threats or reduce them to an acceptable level Evaluate whether the safeguard is effective Documentation Requirement: Para 3.24: When threats are not at an acceptable level and require application of safeguards, auditors should document the safeguards applied.

14 Applying the Framework
Threats could impair independence Do not necessarily result in an independence impairment Safeguards could mitigate threats Eliminate or reduce to an acceptable level

15 GAGAS Conceptual Framework for Independence

16 Applying the Framework: Categories of Threats
Management participation threat Self-review threat Bias threat Familiarity threat Undue influence threat Self interest threat Structural threat 16

17 Applying the Framework: Examples of Safeguards
Reassign individual staff members who may have a threat to independence. Have separate staff perform the non-audit and audit services. Have professional staff from outside of the team review the work. Use or consult with an independent third party. Involve another audit organization. Decline to do the requested scope of the non-audit service.

18 Nonaudit Services Determine if there is a specific prohibition. Unless specifically prohibited, nonaudit services MAY be permitted but should be documented. If not prohibited, assess the nonaudit service’s impact on independence using the conceptual framework. If the auditor assesses any identified threat to independence as higher than insignificant, assess the sufficiency of audited entity management’s skill, knowledge, and experience to oversee the nonaudit service. And…

19 Nonaudit Services (Continued)
If the auditor concludes that performance of the nonaudit service will not impair independence, document assessments in relation to both: safeguards applied in accordance with the conceptual framework and the auditor’s assessment of sufficiency of audited entity managements’ skill, knowledge or experience to oversee the nonaudit service.

20 Assessing Management’s Skill, Knowledge, and Experience
Factors to document include management’s: Understanding of the nature of the nonaudit service Knowledge of the audited entity’s mission and operations General business knowledge Education Position at the audited entity Some factors may be given more weight than others GAGAS does not require that management have the ability to perform or reperform the service

21 Prohibited Nonaudit Services
Management responsibilities (not a comprehensive list): Setting policies and strategic direction for the audited entity Directing and accepting responsibility for the actions of the audited entity’s employees in the performance of their routine, recurring activities Having custody of an audited entity’s assets Reporting to those charged with governance on behalf of management Deciding which of the auditor’s or outside third party’s recommendations to implement

22 Independence: Documentation Requirements
Para 3.59 summarizes documentation requirements for independence: Threats that require the application of safeguards along with the safeguards applied Safeguards in place if an audit organization is structurally located within a government entity Consideration of sufficiency of audited entity management’s skill, knowledge, and experience to take responsibility for and effectively oversee the nonaudit services The auditor’s understanding with an audited entity regarding nonaudit services to be provided

23 Chapter 3 – General Standards: Continuing Professional Education (CPE)
No revision to overall requirements: Minimum of 24 hours of CPE every 2 years Government Specific or unique environment Auditing standards and applicable accounting principles Additional 56 hours of CPE for auditors involved in Planning, directing, or reporting on GAGAS assignments; or Charge 20 percent or more of time annually to GAGAS assignments Minimum of 20 hours of CPE each year 23

24 Chapter 3 - General Standards: System of Quality Control
Each audit organization must document its quality control policies and procedures and communicate those policies and procedures to its personnel. 24

25 Chapter 3: General Standards- System of Quality Control
Added a requirement that the quality control policies and procedures collectively address: Leadership responsibilities for quality within the audit organization Independence, legal, and ethical requirements Initiation, acceptance, and continuance of audit and attestation engagements Human resources Audit and attestation engagement performance, documentation, and reporting Monitoring of quality 25

26 Chapter 3: Changes to Quality Control Monitoring Procedures
Audit organizations should analyze and summarize, in writing, the results of monitoring procedures at least annually: Include identification of any systemic issues needing improvement Include recommendations for corrective action Communicate deficiencies noted to appropriate personnel and make recommendations for remedial action

27 Chapter 3: Peer Review Each audit organization performing audits in accordance with GAGAS must have an external peer review performed by reviewers independent of the audit organization being reviewed at least once every three years.

28 Chapter 3: Peer Review Scope
Review of the audit organization’s quality control policies and procedures Consideration of the adequacy and results of the audit organization’s internal monitoring procedures Review of selected auditors’ reports and related documentation

29 Chapter 3: Peer Review Scope (continued)
Review of other documents necessary for assessing compliance with standards, for example, independence documentation, CPE records, and relevant human resource management files Interviews with a selection of the reviewed audit organization’s professional staff at various levels to assess their understanding of and compliance with relevant quality control policies and procedures

30 Chapter 3: Changes Related to Peer Reviews
The peer review team uses professional judgment in deciding the type of peer review report. The following are the types of peer review reports: Peer review rating of pass Peer review rating of pass with deficiencies Peer review rating of fail 30

31 Chapter 4: Financial Audits
Incorporate by reference AICPA Statements on Auditing Standards Additive requirements (performing and reporting) for financial audits Additional considerations for financial audits

32 Chapter 4: Additional Requirements for Performing Financial Audits
Additional requirements relate to Auditor communication Previous audits and attestation engagements Noncompliance with provisions of contracts or grant agreements, or abuse Developing elements of a finding Audit Documentation

33 Chapter 4: Additional Requirements for Reporting on Financial Audits
Additional requirements relate to Reporting auditors’ compliance with GAGAS Reporting on internal control, compliance with provisions of laws, regulations, contracts, and grant agreements Communicating deficiencies in internal control, fraud, noncompliance with provisions of laws, regulations, contracts, and grant agreements, and abuse Reporting views of responsible officials Reporting confidential or sensitive information Distributing reports

34 Chapter 5: Attestation Engagements
Separated attest requirements Examination Review Agreed-Upon Procedures Update considerations Clarified distinctions between engagement types Emphasized AICPA reporting requirements

35 Chapter 5: Attestation Engagements
Incorporate by reference AICPA Statements on Standards for Attestation Engagements (SSAEs) Additive requirements (performing and reporting) for financial audits Additional considerations for GAGAS attestations 35

36 Chapter 5: Additional Requirements for Performing Attestations
Additional requirements relate to Auditor communication Previous audits and attestation engagements Fraud, noncompliance with provisions of contracts or grant agreements, or abuse Developing elements of a finding Documentation

37 Chapter 5: Additional Requirements for Reporting on Attestations
Additional requirements relate to Reporting auditors’ compliance with GAGAS Reporting deficiencies in internal control, fraud, noncompliance with provisions of laws, regulations, contracts, and grant agreements, and abuse Reporting views of responsible officials Reporting confidential or sensitive information Distributing reports

38 Chapter 6: Performance Audit Fieldwork
Reasonable assurance Significance Audit Risk Planning Supervision Obtaining sufficient, appropriate evidence Audit documentation

39 Chapter 6: Performance Audits Level of Assurance
Performance audits that comply with GAGAS provide reasonable assurance that the evidence is sufficient and appropriate to support the auditors’ findings and conclusions.

40 Chapter 6: Performance Audits Concept of Significance
Significance: The relative importance of a matter within the context in which it is being considered, including quantitative and qualitative factors, including the: magnitude of the matter in relation to the subject matter of the audit nature and effect of the matter, relevance of the matter, needs and interests of an objective third party, and impact of the matter on the audited program or activity.

41 Chapter 6: Performance Audits Audit Risk
Auditors must plan the audit to reduce audit risk to an appropriate level for the auditors to provide reasonable assurance that the evidence is sufficient and appropriate to support the auditors’ findings and conclusions.

42 Chapter 6: Performance Audits Audit Risk
Audit risk is the possibility that the auditors’ findings, conclusions, recommendations, or assurance may be improper or incomplete, as a result of factors such as evidence that is not sufficient and/or appropriate, an inadequate audit process, or intentional omissions or misleading information due to misrepresentation or fraud.

43 Chapter 6: Performance Audits Planning
Auditors must adequately plan and document the planning of the work necessary to address the audit objectives Auditors should assess audit risk and significance by gaining an understanding of: Nature and profile of the program and user needs Internal control Information systems controls Legal and regulatory requirements, contract provisions or grant agreements, fraud, or abuse Previous audits

44 Chapter 6: Performance Audits Internal Control
Auditors should obtain an understanding of internal control that is significant within the context of the audit objectives. For those internal controls that are significant within the context of the audit objectives, auditors should: assess whether the internal controls have been properly designed and implemented. plan to obtain sufficient, appropriate evidence to support their assessment about the effectiveness of those controls.

45 Chapter 6: Performance Audits Fraud
In planning the audit, auditors should assess risks of fraud occurring that is significant within the context of the audit objectives. Auditors should Discuss fraud risks among the audit team Gather and assess information to identify risk of fraud that are significant within the scope of the audit objectives or that could affect the findings and conclusions

46 Chapter 6: Performance Audits Fraud
When auditors identify factors or risks related to fraud that has occurred or is likely to have occurred that are significant within the context of the audit objectives, they should design procedures to provide reasonable assurance of detecting such fraud.

47 Chapter 6: Performance Audits Abuse
If auditors become aware of indications of abuse that could be quantitatively or qualitatively significant to the program under audit, auditors should apply audit procedures specifically directed to ascertain the potential effect on the program under audit within the context of the audit objectives. However, because the determination of abuse is subjective, auditors are not required to provide reasonable assurance of detecting abuse. After performing additional work, auditors may discover that the abuse represents potential illegal acts.

48 Chapter 6: Performance Audits Criteria
Represent the laws, regulations, contracts, grant agreements, standards, measures, expected performance, defined business practices, and benchmarks against which performance is compared or evaluated. 48

49 Chapter 6: Performance Audits Criteria
Examples of criteria: purpose or goals prescribed by law or regulation or set by officials of the audited entity, policies and procedures established by officials of the audited entity, technically developed standards or norms, expert opinions 49

50 Chapter 6: Performance Audits Sufficient, Appropriate Evidence
Appropriateness is defined as a measure of quality of evidence that encompasses the relevance, validity, and reliability of evidence used for addressing the audit objectives and supporting findings and conclusions. Sufficiency is defined as a measure of quantity of evidence used for addressing the audit objectives and supporting findings and conclusions.

51 Chapter 6: Performance Audits Elements of a Finding
Auditors should plan and perform procedures to develop the elements of a finding necessary to address the audit objectives: Criteria Condition Cause Effect or potential effect 51 51

52 Chapter 7: Performance Audits Reporting
Auditors must issue audit reports communicating the results of each completed performance audit. Auditors should use a form of the audit report that is appropriate for its intended use and is in writing or in some other retrievable form.

53 Chapter 7: Performance Audits Report Contents
Auditors should prepare audit reports that contain: objectives, scope, and methodology of the audit; audit results, including findings, conclusions, and recommendations, as appropriate; statement about the auditors’ compliance with GAGAS; summary of the views of responsible officials; and nature of any confidential or sensitive information omitted.

54 Chapter 7: Performance Audits Reporting Views of Responsible Officials
Auditors should obtain and report views of responsible officials concerning findings, conclusions, recommendations, and planned corrective actions include in report an evaluation of the comments, as appropriate 54 54

55 Chapter 7: Performance Audits Issuing and Distributing Reports
Distribution of reports depends on The relationship of the auditors to the audited organization The nature of the information contained in the report GAGAS establishes different requirements for Government audit organizations (external) Internal audit organizations in government Public accounting firms 55 55

56 The Yellow Book: What You Need to Know
Questions ?

57 Where to Find the Yellow Book
The Yellow Book is available on GAO’s website at: For technical assistance, contact: or call (202) 57 57

Download ppt "The Yellow Book: What You Need to Know"

Similar presentations

1 2011 Yellow Book: Changes You Need to Know NASACT Training Webinar Marcia Buchanan May 4, 2011.

Yellow Book: Changes You Need to Know NASACT Training Webinar Marcia Buchanan May 4, 2011.
Code of Ethics for Professional Accountants

Code of Ethics for Professional Accountants
©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley 2 - 1 The CPA Profession Chapter 2.

©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley The CPA Profession Chapter 2.
Appendix B – Checklist for Review of Adherence to General Standards Peer Review Training – National Science Foundation August 16, 2012 Kieu Rubb, Treasury.

Appendix B – Checklist for Review of Adherence to General Standards Peer Review Training – National Science Foundation August 16, 2012 Kieu Rubb, Treasury.
ACCOUNTING ETHICS Lect. Victor-Octavian Müller, Ph.D.

ACCOUNTING ETHICS Lect. Victor-Octavian Müller, Ph.D.
Discussion on SA-500 – AUDIT EVIDENCE

Discussion on SA-500 – AUDIT EVIDENCE
Assurance Services and Auditing Research Chapter 8.

Assurance Services and Auditing Research Chapter 8.
GAO Standards Brian M. Leighton Virginia Department of Motor Vehicles.

GAO Standards Brian M. Leighton Virginia Department of Motor Vehicles.
1 Yellow Book: What You Need to Know AASHTO Accounting and Auditing Subcommittee Meeting Grand Hyatt Denver Tom Hackney July 27, 2011.

1 Yellow Book: What You Need to Know AASHTO Accounting and Auditing Subcommittee Meeting Grand Hyatt Denver Tom Hackney July 27, 2011.
Appendix D Attestation Engagements. Attestation Engagements Review GAGAS Chapter 6 AICPA Statements on Standards for Attestation Engagements –For additional.

Appendix D Attestation Engagements. Attestation Engagements Review GAGAS Chapter 6 AICPA Statements on Standards for Attestation Engagements –For additional.
Assurance Services and Auditing Research Chapter 8.

Assurance Services and Auditing Research Chapter 8.
Government Auditing Standards

Government Auditing Standards
Going “GAGAS” for the GAO Yellow Book

Going “GAGAS” for the GAO Yellow Book
1 2011 Yellow Book: What You Need to Know West Virginia AGA Spring Training MOV AGA Chapter Parkersburg, WV May 14, 2013 Nicole M. Burkart.

Yellow Book: What You Need to Know West Virginia AGA Spring Training MOV AGA Chapter Parkersburg, WV May 14, 2013 Nicole M. Burkart.
IS Audit Function Knowledge

IS Audit Function Knowledge
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.

Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
AICPA Governmental Audit Quality Center Member Conference Call on The New Standards on Quality Control and Practical Implementation Tips May 14, 2009.

AICPA Governmental Audit Quality Center Member Conference Call on The New Standards on Quality Control and Practical Implementation Tips May 14, 2009.
SAFA- IFAC Regional SMP Forum

SAFA- IFAC Regional SMP Forum
Purpose of the Standards

Purpose of the Standards

Similar presentations

Ads by Google