2009 Governmental Audit Quality Center Annual Update Webcast April 28, 2009

1. 2009 Governmental Audit Quality Center Annual Update WebcastApril 28, 2009

2. Program Objectives This program is designed to help you: • Get an update on Center activities and membership • Learn about the latest technical matters relating to your 2009 audits • Get the latest news on how the American Recovery and Reinvestment Act of 2009 (Recovery Act) may affect your single audits. • Get an update on audit quality including the GAQC response to the federal study on single audit quality (PCIE report). • Learn about resources to help you maintain or improve audit quality

3. Corey Arvizu, CPA Partner Heinfeld, Meech & Co., PC ___ Mary Foelster, CPA Director AICPA Governmental Auditing and Accounting Amanda Nelson, CPA Partner KPMG LLP ___ John Hudson, CPA Moderator & President Hudson Consulting Group, LLC Today’s Speakers

4. What We Will Cover • Webcast Rules and Protocols • GAQC Update • Technical Update (including practice tips) • OMB, GAO, FAC, Single Audit Quality, HUD, AICPA, FASAB, FASB, and GASB • Resources Available to You

5. Webcast Rules and Protocol • Membership requirement for GAQC designated audit quality partner • Executive Committee believes that it is important to get leaders of governmental audit practices together at least once a year • Ask questions…even if we cannot address them all today, we will summarize and post to GAQC Member Discussion Forum Web site (http://gaqc.aicpa.org/Community/Member+Discussion+Forum.htm) • Webcast will be archived – encourage staff to view • CPE available for viewing of live Webcast only

6. GAQC Update

7. GAQC Update • Current Membership Statistics • Almost 1,200 member firms representing 50 states, Puerto Rico, and US Virgin Islands • 83% of 2006 federal $$$ audited in Clearinghouse by firms • 47% of number of 2006 single audits performed by firms in the Clearinghouse • New stats will be generated using 2008 information when FAC database complete

8. GAQC Update • Recap Activities Since the Last Webcast • Significant increase in membership • Increased recognition as a valuable resource by regulators • Timely GAQC Alerts and GAQC Update Newsletters • More conference calls and CPE • Technical guidance • Web site improvements (including resources such as dedicated HUD Information page) • Updated resources such as illustrative reports, peer review checklists, links, etc. • Member Discussion Forum • Continuing to market Center to non-member firms • Interacting with regulators and other stakeholders (Single audit Roundtable and PCIE Task Forces) • Membership compliance verification questionnaire

9. GAQC Update • Future Initiatives • Completion of Task Force activities relating to PCIE report • Continued advocacy efforts with federal agencies • Help members understand the effects of the Recovery Act • Tools to help members address deficiencies noted in PCIE Report • Exploration of State Auditor membership • Additional member-only conference calls on audit quality topics • Continued CPE for member calls • Improve audit quality!

10. Technical Update

11. OMB Federal Audit Clearinghouse (FAC) GAO Single Audit Quality Update HUD AICPA Update FASAB FASB GASB Technical Update

12. Technical Update - OMB • 2009 Compliance Supplement (CS) will be available at http://www.whitehouse.gov/omb/grants_circulars/ • Appendix V will list changes – You should review in detail • Visit http://gaqc.aicpa.org/Resources/OMB+Circular+A-133/OMB+Circular+A-133+2009+Compliance+Supplement.htm for details on the programs that OMB had previously proposed adding, deleting, and significantly revising • OMB has stated that 2009 CS will be released in April • Impact of Recovery Act • 2009 CS likely to include an appendix with high-level descriptions of ARRA requirements and instructions to auditors • Periodic updates • Watch for GAQC Alert when CS is released

13. Technical Update - OMB • Recovery Act Overview • Federal government funneling billions of dollars to state and local governments, much of which will be subject to single audit • Unprecedented Oversight and Transparency Mandated • www.Recovery.gov (announcements, agreements, program managers, governors, mayors) • Recovery Board, GAO, Inspectors, whistleblowers • Significant federal scrutiny via Quality Control Reviews (QCRs) of single audits performed on entities receiving Recovery Act money (primarily in 2010 – 2011 timeframe) – results to be placed on Recovery.gov • Single audit reporting packages to be made available on the Internet • Speed in grant awarding

14. Technical Update - OMB • Recovery Act • Read the Initial Implementing Guidance at (issued February 18, 2009): http://www.recovery.gov/files/Initial%20Recovery%20Act%20Implementing%20Guidance.pdf • Also see GAQC Alert#106 • Read the Follow-Up OMB Implementing Guidance at (issued April 3, 2009): http://www.recovery.gov/sites/default/files/m09-15.pdf

15. Technical Update - OMB • Impact of Recovery Act going forward • Some June 30, 2009, audits impacted • Bigger impact likely on June 30, 2010, audits • Consideration of changes that could impact major program determination process • Non-static Compliance Supplement • Watch GAQC communications for further updates and developments

16. Technical Update - OMB • Recovery Act – Practice Tips • Read OMB implementing guidance and related GAQC Alerts • Prepare talking-points for clients with following items: • Need process for accepting Recovery Act funds (should be a conscious management decision) • Segregation of funds • Appoint Recovery Act “Czar” • Entire organization must be aware • Be prepared to report back on spending

17. Technical Update - OMB • Message Points to Clients Regarding Recovery Act Internal Control Considerations • Consider whether control procedures in place over federal expenditures are appropriate, working properly, and designed to prevent unallowable expenditures • Consider whether additional controls and system requirements will be needed to ensure that Recovery Act funds are able to separately identified and tracked • If applicable, consider whether new controls needed to meet the stringent reporting requirements back to federal agencies • If Recovery Act funds will be passed down to subrecipients, that controls are in place to ensure appropriate subrecipient monitoring and also whether any new controls will need to be established related to new subrecipient reporting responsibilities

18. Technical Update – FAC • New Data Collection Form & Electronic Filing • Intended to be used for audit periods ending in 2008, 2009, and 2010 • Includes internal control terminology updates for significant deficiency • Secondary Auditor information can be entered into new form for up to 12 additional auditors • Reporting package can only be submitted electronically via Internet Data Entry System (IDES), no more paper submissions will be accepted • Reporting package submission must be in one PDF file format (locked or unlocked) • Paper submissions for fiscal year end between 2002 and 2007 will still be accepted by FAC • Instructions for new electronic submission process are located at http://harvester.census.gov/fac/collect08/main_instruct.pdf

19. Technical Update – FAC • New Data Collection Form & Electronic Submission Process – Practice Tips • No longer can access PDF of the actual DCF 2008 - 2010. Must us a worksheet available at http://harvester.census.gov/fac/collect08/2008Worksheet.pdf. • Coordinate the electronic signature process early within your firm and with the client. • Submission is not complete until both the client & auditor hit the “submit” button. • Listen to GAQC Archived Member Conference Call on The Revised 2008-2010 Data Collection Form & New Electronic Submission Process

20. Technical Update - GAO • Single Audit Study Results • Recovery Act Activities • SAS 115 Interim Guidance • Potential Future Revisions to Independence Standards and Corresponding Q&A Guidance • Nothing final expected during the next year

21. Technical Update - GAO • GAO single audit study • Follow-up to PCIE study; although broader • Issued in April 2009; included 3 recommendations • Report titled, Single Audit: Opportunities Exist to Improve the Single Audit Process and Oversight, and can be found at: http://www.gao.gov/new.items/d09307r.pdf?source=ra

22. Technical Update - GAO • Designate an entity or group to (1) evaluate and comprehensively monitor the single audit process government-wide, (2) assess the efficiency and effectiveness of how agencies carry out their single audit responsibilities, and (3) identify additional guidance and resources needed to carry out single audit requirements; • Designate a federal workgroup to evaluate the current single audit process to identify simplified alternatives for meeting the accountability objectives of the Single Audit Act for the audits of small entities, while achieving the proper balance between risk and cost-effective accountability for the smallest to the largest entities; and • Monitor the status of OMB workgroups, AICPA task forces, and NASBA referral project activities, and evaluate completed actions and their impact on addressing the PCIE report recommendations to improve single audit quality.

23. Technical Update - GAO • SAS No. 115 Implications • GAO has issued interim guidance on its Web site saying that new definitions can be used in Yellow Book reporting (http://www.gao.gov/govaud/icguidance0811.pdf) • Actual standards to be updated later • See GAQC Alert No. 93 • Governmental Audit Quality Center (GAQC) developing updated Yellow Book report illustrations – Watch for GAQC Alert

24. Technical Update - GAO • Recovery Act Activities • The Recovery Act tasks GAO with a range of responsibilities to help promote accountability and transparency and ensure that these funds are used as specified. Among other efforts, GAO will be: • conducting bimonthly reviews on how funds are used by selected states and localities (their focus is on16 states and the District of Columbia, which contain about 65 percent of the U.S. population and are estimated to receive about two-thirds of the intergovernmental grants funds available through the Recovery Act) • reviewing specific areas, such as trade, education, small business, and health care; and • commenting on reports filed by fund recipients. • GAO's oversight work on the Recovery Act will be published on its Web site at: http://www.gao.gov/recovery/ • Testifying at numerous Senate hearings

25. Technical Update – Single Audit Quality • PCIE Report Update – AICPA Response • Archived Center call, An Overview of the Results of the National Single Audit Sampling Project, can be found on GAQC Web site under the Resources tab • Task Forces formed to examine the study's detailed findings and recommendations for the AICPA as follows: • Sampling Issues In A Single Audit Environment • Internal Control And Compliance Responsibilities In A Single Audit Environment • Schedule Of Expenditures Federal Awards Reporting Issues • Reporting Audit Findings In A Single Audit • Single Audit Training Needs And Continuing Professional Education Evaluation • Peer Review • SAS 74

26. Technical Update – Single Audit Quality • The latest on the Sampling TF: • New Sampling chapter getting closer • In review process and expected to be included in the 2009 AICPA GAS/A-133 Guide • Topics include: • Statistical vs. nonstatistical approach • Attribute vs. monetary sampling • Population considerations • Sample sizes and tables • Dual-purpose testing • Deviations • Effective date?

27. Sample Sizes • Controls Testing • 90-95% confidence • Plan for zero exceptions • Significance/risk of deviation of control • What is potential risk is to the compliance requirement • Complexity of the control

28. Sample Sizes Minimum samples for populations >250 - CONTROLS

29. Sample Sizes • Compliance Testing for each Direct and Material Compliance Requirement • Other evidence obtained • Risk assessment procedures • Important item testing • Determine the risk of material noncompliance • Inherent risk assessment • Controls testing results—control risk assessment

30. Sample Sizes Minimum samples for populations >250 – COMPLIANCE 30

31. Sample Sizes Small Populations 31

32. Technical Update – Single Audit Quality • Sampling TF – Practice Tips • Listen to the archived GAQC Member Call on Sampling in a Single Audit Environment • Do not wait for final single audit sampling guidance to re-look at your sample sizes • Use general AICPA Sampling Audit Guide as a resource • Document rationale • Properly identify the population • Sampling is NOT a default

33. Technical Update – Single Audit Quality • The latest on the Internal Control and Compliance TF: • Revised 2008 GAS/A133 Audit Guide chapter on internal control to clarify auditor responsibility and more closely align with risk assessment standards • Reordered chapters in the GAS/A133 Guide to mirror workflow • Clarified definition and use of “applicable” compliance requirement vs. “direct and material” compliance requirement • Will re-look at chapter on internal control and compliance for 2009 to determine if additional changes needed to further improve the guidance

34. Technical Update – Single Audit Quality • The latest on the Internal Control (IC) and Compliance TF: • Practice Aids for: • Documenting direct and material compliance requirements • Documenting IC (narrative & checklist) • Dual-purpose testing of IC and Compliance • Examples of completed Practice Aids of several of the 14 types of compliance requirements • Getting ready to put Practice Aids into review with Auditing Standards Board (ASB) team • Federal review after that • Draft of Practice Aids for documenting I/C available at: http://gaqc.aicpa.org/NR/rdonlyres/9D61BDFB-DDF4-4DD1-BE88-DDBCA2443B0D/0/Handouts.pdf

35. Technical Update – Single Audit Quality • Internal Control and Compliance TF – Practice Tips • Listen to GAQC Member Call on Internal Control Considerations in Single Audits • Testing compliance gives indirect evidence on controls, but cannot serve as the basis for assessing controls as operating effectively • Controls: What did entity do to ensure compliance? • Compliance: Did entity comply? • Ensure dual-purpose testing is properly documented • Properly identify compliance tests & controls tests • Internal control must be continually reevaluated throughout the audit process • Tickmark/Procedure Description for an Allowability Test • Watch for GAQC Alert announcing availability of the final Practice Aids

36. Technical Update – Single Audit Quality • The latest on the Schedule of Expenditures of Federal Awards (SEFA) TF: • Made revisions to Chapter 7 of the 2008 GAS/A133 Guide to clarify the auditor’s responsibilities as it relates to the SEFA • Developed the following Practice Aids for auditors: • Illustrative SEFA Audit Program • Illustrative SEFA Disclosure Checklist • Developed the following Practice Aids for clients: • Illustrative SEFA Disclosure Checklist • Illustrative form to assist clients in gathering needed information for each federal program they receive • Practice Aids reviewed and cleared by AICPA ASB team • Next step is final federal review

37. Technical Update – Single Audit Quality • SEFA Practice Tips • Communicate with clients who have difficulty in preparing the SEFA early in the planning process about potential control deficiencies associated with not being able to prepare the SEFA • Document any control deficiencies identified during the audit and conclude whether they are required to be reported • Document your procedures • Make sure SEFA includes all required elements • Recovery Act considerations • Listen to the archived GAQC Member Call on Schedule of Expenditures of Federal Awards Reporting Issues & Suggested Procedures • Watch for GAQC Alert announcing availability of the Practice Aids

38. Technical Update – Single Audit Quality • The latest on the Findings TF: • Preparing illustrative findings Practice Aids to help ensure all required elements captured: • Yellow Book findings • A-133 findings • Both internal control and compliance related findings • Examples of actual completed findings write-ups • Upon completion of Practice Aid development, ASB team and federal clearance needed

39. Technical Update – Single Audit Quality • Findings TF – Practice Tips • Document reasons if decide not to report documented exceptions (they should be good ones) • Emphasis on questioned costs • Educate staff and partners about the importance of the Schedule of Findings and Questioned Costs (SFQC) • Include a “cold” review as part of the reporting process to review the SFQC and major program work to ensure they tie out • Start with a blank “pro forma” of the SFQC • Ensure your findings don’t include private information (particularly important with changes that will make reporting packages public on Clearinghouse Web site)

40. Technical Update – Single Audit Quality • The latest on the Training and CPE TF: • Discussed the PCIE recommendation for prerequisite single audit training to determine best practice training • Developed a best practice training curriculum along with a related white paper and submitted it to OMB for its consideration in developing any future training requirement • Paper submitted to OMB includes detail on hours needed at each staff level, a suggested "grandfathering" provision, delivery guidance, question and answer format implementation guidance, and an introductory narrative

41. Technical Update – Single Audit Quality • Training & CPE TF - Practice Tips • Ensure your single audit staff gets appropriate level single audit and Yellow Book training • Review the PCIE report with special emphasis on the deficiencies noted • As a team, review the Compliance Supplement • Review any archived events on the GAQC website that are applicable to your audit engagements • Ensure that Managers, Partners and “cold” reviewers on single audit engagements view the 2009 Webcast • Share the GAQC alerts and newsletters with single audit staff • If your clients receive Recovery Act funding, be sure staff appropriately trained in any new requirements

42. Technical Update – Single Audit Quality • The latest on remaining TFs: • Peer Review TF • Meeting held with multiple federal agencies • Follow-up steps • Possible enhancements to the related peer review checklists • SAS No. 74 TF (to be discussed in AICPA Auditing Standards section)

43. Technical Update – Single Audit Quality • Other Practice Tips • Invite your clients to listen to an archived GAQC Call on Preparing for Your Single Audit: An Auditee Perspective • Stay current and communicate with staff • Take fresh look at documentation policies • Develop standard documentation for areas that are known to be problem areas • Keep up with what happening on Recovery Act initiatives • Consider concurring partner review • If you do this, ensure partner has GAS/A133 experience • Use peer review checklists as a tool

44. Federal Workgroups Revisions to A-133 and AICPA Guidelines to report audit findings Revisions to A-133, AICPA Audit Guide and OMB Compliance Supplement to document the required compliance testing Revisions to A-133 and AICPA for audit testing and sampling Revisions to A-133 to require SA training.  Development of training curriculum Review of suspension & debarment process and identify alternative methods to address unacceptable audits Coordination with other SA constituencies for sanctions and punitive actions for substandard audits.  Revisions to A-133 to any proposed sanction language Coordination with PCIE to issue uniform standards on QCRs The New and Improved Single Audit Process

45. Technical Update - HUD • Consolidated Audit Guide Revisions in Process • GAQC Alert No. 96, Guidance on PHA Completion of the FDS and Related Auditor Reporting • GAQC Alert No. 104, Additional Guidance on PHA Completion of the FDS and GAQC Releases Related Illustrative Auditor Reporting Guidance • See GAQC HUD Information page (under the Resources tab on GAQC Web site) for details on FDS guidance and completed audit guide chapters • Proposed IPA Roster - Update • HUD staff announced that they are holding the proposed rule in abeyance. • Listen to an archived GAQC Member Call on the New Multifamily Housing Chapter of the HUD Consolidated Audit Guide

46. Technical Update - AICPA • Auditing Standards • SAS 115 • Clarity Project • Proposed changes SAS 74 • Exposure drafts on Supplementary Information • SQCS 7 • SLG, NPO, and GAS/A-133 Guides

47. Technical Update - AICPA • SAS 115 - Communicating Internal Control Related Matters Identified in an Audit • Effective for audits of financial statements for periods ending on or after December 15, 2009. • GAO issued interim guidance (http://www.gao.gov/govaud/icguidance0811.pdf) • OMB has not changed definitions yet; don’t update your single audit reporting • GAQC working with OMB to resolve • See GAQC Alert Nos. 92 and 93

48. Technical Update - AICPA • SAS 115 - Communicating Internal Control Related Matters Identified in an Audit • New definitions: • A material weakness is a deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity's financial statements will not be prevented, or detected and corrected on a timely basis. • A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance.

49. Technical Update - AICPA Clarity Background Discussion paper issued March 2007 ASB considered comments received and approved direction forward August 2007 Goals: Address concerns over length and complexity of standards Make standards easier to read, understand and implement Will lead to enhancements in audit quality

50. Technical Update - AICPA Clarity Project will take 3 years to complete During this period, few new standards will be issued Only those that are needed to respond to emerging issues (e.g. SAS 74) “Clarified standards” will be exposed over the next few years and finalized Target date for final approval June 2010