2011 Yellow Book: What You Need to Know. West Virginia AGA Spring Training MOV AGA Chapter Parkersburg, WV May 14, 2013 Nicole M. Burkart. Session Objectives.
2011 Yellow Book: What You Need to Know
West Virginia AGA Spring Training
MOV AGA Chapter
May 14, 2013
Nicole M. Burkart
The 2011 revision of Government Auditing Standards represents a modernized version of the standards. During this session, we will:
Conceptual framework for independence added
Identify, evaluate, and apply safeguards to address threats to independence
Can be applied to many variations in circumstances
New documentation requirements
Focus on nonaudit services
Changes made for financial audits and attestation engagements
Focused on converging standards where practical
Changes made for performance audits
Clarified definition of validity
Chapters 1, 2, and 3 apply to all GAGAS engagements
Chapter 1: Government Auditing: Foundation and Ethical Principles
Chapter 2: Standards for Use and Application of GAGAS
Chapter 3: General Standards
Chapter 4: Standards for Financial Audits – applies only to financial audits
Chapter 5: Standards for Attestation Engagements – applies only to attestation engagements
Chapters 6 and 7 apply only to performance audits
Chapter 6: Field Work Standards for Performance Audits
Chapter 7: Reporting Standards for Performance Audits
Appendix I: Provides supplemental guidance (not requirements) for all GAGAS engagements
Available on the Yellow Book webpage:
Supplemental guidance (not requirements) for areas of particular interest or sensitivity
GAGAS provides a framework for conducting high quality audits with competence, integrity, objectivity, and independence.
For use by auditors of government entities and entities that receive government awards
Provisions of laws, regulations, contracts, grant agreements, or policies frequently require audits to be conducted in accordance with GAGAS.
All audits begin with objectives and those objectives determine the type of audit to be performed and the applicable standards to be followed.
The types of audits that are covered by GAGAS, as defined by their objectives, are classified in the Yellow Book as:
attestation engagements, and
Financial audits provide an independent assessment of whether an entity’s reported financial information is presented fairly in accordance with recognized criteria.
Financial audits performed in accordance with GAGAS include:
Financial statement audits
Other types of financial audits
GAGAS incorporates by reference AICPA SASs and includes additional requirements
Attestation engagements can cover a broad range of financial or nonfinancial objectives about the subject matter or assertion depending on the users’ needs.
GAGAS incorporates by reference AICPA SSAEs and includes additional requirements
The three types of attestation engagements are:
Auditors should not perform review-level work for reporting on internal control or compliance with provisions of laws or regulations.
Findings (NOT an Opinion or Conclusion)
Auditors should include one of the following types of GAGAS compliance statements in reports on GAGAS audits:
Determining the appropriate GAGAS compliance statement is a matter of professional judgment.
Auditors may also cite the use of other standards in reports on GAGAS audits when they have met the requirements of those standards, as well as GAGAS.
General standards, along with the overarching ethical principles presented in Chapter 1, establish a foundation for the credibility of auditors’ work.
Chapter 3 is comprised of four sections:
Quality Control and Assurance
Nonaudit Services versus Routine Activities
Nonaudit services are consistent with auditors’ skills and expertise, but do not relate directly to the performance of an audit.
Providing nonaudit services may create threats to independence.
Routine activities related directly to the performance of an audit are not considered nonaudit services under GAGAS.
Routine activities generally involve providing advice or assistance on an informal basis as part of an audit.
Routine activities are typically insignificant in terms of time incurred or resources expended.
Nonaudit Service Documentation Requirements
Document consideration of audited entity management’s ability to effectively oversee a nonaudit service to be provided by the auditor
Document the auditor’s understanding with an audited entity for which the auditor will perform a nonaudit service
Before providing nonaudit services, the auditor should determine that the audited entity has designated an individual who possesses suitable skill, knowledge, or experience, and that the individual understands the services to be performed sufficiently to oversee them.
Assuming Management Responsibilities
Setting policies and strategic direction for the audited entity
Directing and accepting responsibility for the actions of the audited entity’s employees in the performance of their routine, recurring activities
Having custody of an audited entity’s assets
Reporting to those charged with governance on behalf of management
Deciding which of the auditor’s or outside third party’s recommendations to implement
Accepting responsibility for the management of an audited entity’s project
Accepting responsibility for designing, implementing, or maintaining internal control
Assuming Management Responsibilities (Continued)
Providing services that are intended to be used as management’s primary basis for making decisions that are significant to the subject matter of the audit
Developing an audited entity’s performance measurement system when that system is material or significant to the subject matter of the audit
Serving as a voting member of an audited entity’s management committee or board of directors
Performing ongoing monitoring procedures on behalf of management
Complete List of Prohibited Nonaudit Services:
Paragraphs 3.36 and 3.49 – 3.58
No revision to overall requirements:
Minimum of 24 hours of CPE every 2 years
Government auditing or the government environment
Specific or unique environment in which the audited entity operates
Additional 56 hours of CPE for auditors:
Involved in any amount of planning, directing, or reporting on GAGAS audits, or
Charging 20 percent or more of their time annually to GAGAS audits.
Minimum of 20 hours of CPE each year
Changes Related to CPE:
Clearer distinction between internal and external specialists
External specialists assisting in performing a GAGAS audit are not required to meet GAGAS CPE requirements, but should be qualified and competent in their areas of specialization
Internal specialists who are not involved in directing or performing audit procedures or reporting on a GAGAS audit are also not required to meet GAGAS CPE requirements, but should be qualified and competent in their areas of specialization
The auditor organization should analyze and summarize the results of its monitoring process at least annually, with identification of any systemic or repetitive issues needing improvement, along with recommendations for corrective action.
The audit organization should communicate to appropriate personnel any deficiencies noted during the monitoring process and make recommendations for appropriate remedial action.
The audit organization should obtain an external peer review at least once every 3 years.
The peer review team uses professional judgment in determining the type of peer review report. The following are the types of peer review reports:
Peer review rating of pass
Peer review rating of pass with deficiencies
Peer review rating of fail
Eliminated redundancy with AICPA standards
Clarified additional GAGAS requirements
Performing Financial Audits
Reporting on Financial Audits
Additional GAGAS considerations
Early Communication of Deficiencies
Combined 2007 GAGAS Chapters 4 and 5 into one chapter (2011 GAGAS Chapter 4)
No new requirements were added for financial audits.
Separated attestation engagement requirements by category of engagement
Agreed-Upon Procedures Engagements
Within each category, emphasized:
Additional GAGAS reporting requirements
Required elements of AICPA reporting
No new requirements were added for attestation engagements.
The discussion of validity as an aspect of the quality of evidence has been revised to indicate that it is the extent to which evidence is a meaningful or reasonable basis for measuring what is being evaluated.
In other words, validity refers to the extent to which evidence represents what it is purported to represent.
The fraud reporting requirement is now limited to occurrences that are significant within the context of the audit objectives, with a requirement to communicate in writing other instances of fraud that warrant the attention of those charged with governance.
The Yellow Book is available on GAO’s website at:
For technical assistance, contact us at: