2011 yellow book what you need to know
1 / 39

2011 Yellow Book: What You Need to Know - PowerPoint PPT Presentation

  • Uploaded on

2011 Yellow Book: What You Need to Know. West Virginia AGA Spring Training MOV AGA Chapter Parkersburg, WV May 14, 2013 Nicole M. Burkart. Session Objectives.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' 2011 Yellow Book: What You Need to Know' - keiki

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
2011 yellow book what you need to know

2011 Yellow Book: What You Need to Know

West Virginia AGA Spring Training

MOV AGA Chapter

Parkersburg, WV

May 14, 2013

Nicole M. Burkart

Session objectives
Session Objectives

The 2011 revision of Government Auditing Standards represents a modernized version of the standards. During this session, we will:

  • Highlight major changes from the 2007 revision, focusing on independence

  • Conceptual framework for independence added

  • New documentation requirements

  • Highlight changes made for financial audits and attestation engagements

  • Highlight changes made for performance audits

Primary yellow book changes
Primary Yellow Book Changes

Conceptual framework for independence added

Identify, evaluate, and apply safeguards to address threats to independence

Can be applied to many variations in circumstances

New documentation requirements

Focus on nonaudit services

Changes made for financial audits and attestation engagements

Focused on converging standards where practical

Changes made for performance audits

Clarified definition of validity


2011 yellow book applicability
2011 Yellow BookApplicability

Chapters 1, 2, and 3 apply to all GAGAS engagements

Chapter 1: Government Auditing: Foundation and Ethical Principles

Chapter 2: Standards for Use and Application of GAGAS

Chapter 3: General Standards

Chapter 4: Standards for Financial Audits – applies only to financial audits

Chapter 5: Standards for Attestation Engagements – applies only to attestation engagements



2011 yellow book applicability continued
2011 Yellow BookApplicability (Continued)

Chapters 6 and 7 apply only to performance audits

Chapter 6: Field Work Standards for Performance Audits

Chapter 7: Reporting Standards for Performance Audits

Appendix I: Provides supplemental guidance (not requirements) for all GAGAS engagements

Available on the Yellow Book webpage:


Supplemental guidance (not requirements) for areas of particular interest or sensitivity



2011 yellow book effective dates
2011 Yellow BookEffective Dates

  • Effective for financial audit periods ending on or after December 15, 2012

  • Effective for attestation periods ending on or after December 15, 2012

  • Effective for performance audits starting on or after December 15, 2011

  • Independence may be impacted before the beginning of an engagement

Chapter 1 purpose and applicability of gagas
Chapter 1:Purpose and Applicability of GAGAS

GAGAS provides a framework for conducting high quality audits with competence, integrity, objectivity, and independence.

For use by auditors of government entities and entities that receive government awards

Provisions of laws, regulations, contracts, grant agreements, or policies frequently require audits to be conducted in accordance with GAGAS.



Chapter 2 types of gagas engagements
Chapter 2: Types of GAGAS Engagements

All audits begin with objectives and those objectives determine the type of audit to be performed and the applicable standards to be followed.

The types of audits that are covered by GAGAS, as defined by their objectives, are classified in the Yellow Book as:

financial audits,

attestation engagements, and

performance audits.



Chapter 2 financial audits
Chapter 2: Financial Audits

Financial audits provide an independent assessment of whether an entity’s reported financial information is presented fairly in accordance with recognized criteria.

Reasonable assurance

Financial audits performed in accordance with GAGAS include:

Financial statement audits

Other types of financial audits

GAGAS incorporates by reference AICPA SASs and includes additional requirements


Chapter 2 attestation engagements
Chapter 2: Attestation Engagements

Attestation engagements can cover a broad range of financial or nonfinancial objectives about the subject matter or assertion depending on the users’ needs.

GAGAS incorporates by reference AICPA SSAEs and includes additional requirements

The three types of attestation engagements are:



Agreed-Upon Procedures


Chapter 2 attestation engagements continued
Chapter 2: Attestation Engagements (Continued)



Reasonable assurance



Limited assurance

Auditors should not perform review-level work for reporting on internal control or compliance with provisions of laws or regulations.

Agreed-Upon Procedures

Findings (NOT an Opinion or Conclusion)


Chapter 2 performance audits
Chapter 2: Performance Audits

  • Performance audits are defined as audits that provide findings or conclusions based on an evaluation of sufficient, appropriate evidence against criteria.

  • Performance audits provide objective analysis to assist management and those charged with governance and oversight in using the information to:

    • improve program performance and operations,

    • reduce costs,

    • facilitate decision making, and

    • contribute to public accountability.

Chapter 2 nonaudit services
Chapter 2: Nonaudit Services

  • GAGAS does not cover nonaudit services, which are defined as professional services other than audits or attestation engagements.

  • When audit organizations provide nonaudit services to entities for which they also provide GAGAS audits, they should assess the impact that providing those nonaudit services may have on auditor and audit organization independence and respond to any identified threats to independence in accordance with the GAGAS independence standard.

Chapter 2 use of terminology
Chapter 2: Use of Terminology

  • Requirements are identified through the use of specific language.

    • Must indicates an unconditional requirement

    • Should indicates a presumptively mandatory requirement

    • Text not using the above conventions is considered explanatory material

  • Auditors have a responsibility to consider the entire text of GAGAS in carrying out their work and in understanding and applying the requirements in GAGAS.

  • Chapter 2 stating compliance with gagas
    Chapter 2: Stating Compliance with GAGAS

    Auditors should include one of the following types of GAGAS compliance statements in reports on GAGAS audits:



    Determining the appropriate GAGAS compliance statement is a matter of professional judgment.

    Auditors may also cite the use of other standards in reports on GAGAS audits when they have met the requirements of those standards, as well as GAGAS.


    Chapter 3 general standards
    Chapter 3: General Standards

    General standards, along with the overarching ethical principles presented in Chapter 1, establish a foundation for the credibility of auditors’ work.

    Chapter 3 is comprised of four sections:


    Professional Judgment


    Quality Control and Assurance



    Chapter 3 independence
    Chapter 3:Independence

    • In all matters relating to the audit work, the audit organization and the individual auditor, whether government or public, must be independent.

    • Independence comprises:

      • Independence of Mind – state of mind that permits the performance of an audit without being affected by influences that compromise professional judgment

      • Independence in Appearance – absence of circumstances that would cause a reasonable and informed third party to conclude that integrity, objectivity, or professional skepticism had been compromised

    Chapter 3 independence continued
    Chapter 3:Independence (Continued)

    Chapter 3 independence continued1
    Chapter 3:Independence (Continued)

    • Independence Timeframes

      • Any period of time that falls within the period covered by the financial statements or subject matter of the audit (i.e. the period of time covered by the audit)

      • The period of the professional engagement

    • The period of the professional engagement lasts for the entire duration of the professional relationship (which, for recurring audits, could cover many periods).

    Chapter 3 conceptual framework
    Chapter 3:Conceptual Framework



    • GAGAS establishes a conceptual framework that auditors use to identify, evaluate, and apply safeguards to address threats to independence

      • Can be applied to many variations in circumstances that create threats to independence

      • Allows auditors to address threats to independence that result from activities that are not specifically prohibited by GAGAS

      • Serves as a hybrid framework that balances principle and rules based standards

    Chapter 3 conceptual framework continued
    Chapter 3:Conceptual Framework (Continued)

    Chapter 3 conceptual framework continued1
    Chapter 3:Conceptual Framework (Continued)

    • Threats to independence are circumstances that could impair independence.

      • Nature

      • Significance

      • Safeguards

    • Threats are conditions to be evaluated using the conceptual framework.

    • Safeguards are controls designed to eliminate or reduce to an acceptable level threats to independence.

    Chapter 3 conceptual framework continued2
    Chapter 3:Conceptual Framework (Continued)

    • Applying the Conceptual Framework

      • Identify threats to independence

      • Evaluate the significance of the threats identified, both individually and in the aggregate

      • Apply safeguards as necessary to eliminate the threats or reduce them to an acceptable level

    • Safeguards need to be effective in order address threats to independence.

    • If it is necessary to apply safeguards, auditors should document the threats identified and the safeguards applied to eliminate the threats or reduce them to an acceptable level.

    Chapter 3 conceptual framework continued3
    Chapter 3:Conceptual Framework (Continued)

    • Categories of Threats

      • Self-Interest

      • Self-Review

      • Bias

      • Familiarity

      • Undue Influence

      • Management Participation

      • Structural

    Chapter 3 conceptual framework continued4
    Chapter 3:Conceptual Framework (Continued)

    • Examples of safeguards include:

      • consulting an independent third party, such as a professional organization, a professional regulatory body, or another auditor;

      • involving another audit organization to perform or re-perform part of the audit;

      • having a professional staff member who was not a member of the audit team review the work performed; and

      • removing an individual from an audit team when that individual’s financial or other interests or relationships pose a threat to independence.

    Chapter 3 documenting threats and safeguards
    Chapter 3:Documenting Threats and Safeguards

    • Threat and Safeguard Documentation Requirements

      • Document threats to independence that require the application of safeguards (i.e. threats that are not at an acceptable level), along with safeguards applied, in accordance with the conceptual framework

      • Document how safeguards were applied (i.e. appropriately designed and implemented) to ensure that an audit organization structurally located within a government entity is independent

    Chapter 3 provision of nonaudit services
    Chapter 3:Provision of Nonaudit Services

    Nonaudit Services versus Routine Activities

    Nonaudit services are consistent with auditors’ skills and expertise, but do not relate directly to the performance of an audit.

    Providing nonaudit services may create threats to independence.

    Routine activities related directly to the performance of an audit are not considered nonaudit services under GAGAS.

    Routine activities generally involve providing advice or assistance on an informal basis as part of an audit.

    Routine activities are typically insignificant in terms of time incurred or resources expended.


    Chapter 3 documenting nonaudit services
    Chapter 3:Documenting Nonaudit Services

    Nonaudit Service Documentation Requirements

    Document consideration of audited entity management’s ability to effectively oversee a nonaudit service to be provided by the auditor

    Document the auditor’s understanding with an audited entity for which the auditor will perform a nonaudit service

    Before providing nonaudit services, the auditor should determine that the audited entity has designated an individual who possesses suitable skill, knowledge, or experience, and that the individual understands the services to be performed sufficiently to oversee them.


    Chapter 3 prohibited nonaudit services
    Chapter 3:Prohibited Nonaudit Services

    Assuming Management Responsibilities

    Setting policies and strategic direction for the audited entity

    Directing and accepting responsibility for the actions of the audited entity’s employees in the performance of their routine, recurring activities

    Having custody of an audited entity’s assets

    Reporting to those charged with governance on behalf of management

    Deciding which of the auditor’s or outside third party’s recommendations to implement

    Accepting responsibility for the management of an audited entity’s project

    Accepting responsibility for designing, implementing, or maintaining internal control


    Chapter 3 prohibited nonaudit services1
    Chapter 3:Prohibited Nonaudit Services

    Assuming Management Responsibilities (Continued)

    Providing services that are intended to be used as management’s primary basis for making decisions that are significant to the subject matter of the audit

    Developing an audited entity’s performance measurement system when that system is material or significant to the subject matter of the audit

    Serving as a voting member of an audited entity’s management committee or board of directors

    Performing ongoing monitoring procedures on behalf of management

    Complete List of Prohibited Nonaudit Services:

    Paragraphs 3.36 and 3.49 – 3.58


    Chapter 3 continuing professional education
    Chapter 3:Continuing Professional Education

    No revision to overall requirements:

    Minimum of 24 hours of CPE every 2 years

    Government auditing or the government environment

    Specific or unique environment in which the audited entity operates

    Additional 56 hours of CPE for auditors:

    Involved in any amount of planning, directing, or reporting on GAGAS audits, or

    Charging 20 percent or more of their time annually to GAGAS audits.

    Minimum of 20 hours of CPE each year


    Chapter 3 continuing professional education1
    Chapter 3:Continuing Professional Education

    Changes Related to CPE:

    Clearer distinction between internal and external specialists

    External specialists assisting in performing a GAGAS audit are not required to meet GAGAS CPE requirements, but should be qualified and competent in their areas of specialization

    Internal specialists who are not involved in directing or performing audit procedures or reporting on a GAGAS audit are also not required to meet GAGAS CPE requirements, but should be qualified and competent in their areas of specialization


    Chapter 3 monitoring of quality
    Chapter 3:Monitoring of Quality

    The auditor organization should analyze and summarize the results of its monitoring process at least annually, with identification of any systemic or repetitive issues needing improvement, along with recommendations for corrective action.

    The audit organization should communicate to appropriate personnel any deficiencies noted during the monitoring process and make recommendations for appropriate remedial action.


    Chapter 3 external peer review
    Chapter 3:External Peer Review

    The audit organization should obtain an external peer review at least once every 3 years.

    The peer review team uses professional judgment in determining the type of peer review report. The following are the types of peer review reports:

    Peer review rating of pass

    Peer review rating of pass with deficiencies

    Peer review rating of fail


    Chapter 4 standards for financial audits
    Chapter 4:Standards for Financial Audits

    Eliminated redundancy with AICPA standards

    Clarified additional GAGAS requirements

    Performing Financial Audits

    Reporting on Financial Audits

    Additional GAGAS considerations


    Early Communication of Deficiencies

    Combined 2007 GAGAS Chapters 4 and 5 into one chapter (2011 GAGAS Chapter 4)

    No new requirements were added for financial audits.


    Chapter 5 standards for attestation engagements
    Chapter 5:Standards for Attestation Engagements

    Separated attestation engagement requirements by category of engagement

    Examination Engagements

    Review Engagements

    Agreed-Upon Procedures Engagements

    Within each category, emphasized:

    Additional GAGAS reporting requirements

    Required elements of AICPA reporting

    No new requirements were added for attestation engagements.


    Chapters 6 and 7 performance audits
    Chapters 6 and 7:Performance Audits

    The discussion of validity as an aspect of the quality of evidence has been revised to indicate that it is the extent to which evidence is a meaningful or reasonable basis for measuring what is being evaluated.

    In other words, validity refers to the extent to which evidence represents what it is purported to represent.


    Chapters 6 and 7 performance audits continued
    Chapters 6 and 7:Performance Audits (Continued)

    The fraud reporting requirement is now limited to occurrences that are significant within the context of the audit objectives, with a requirement to communicate in writing other instances of fraud that warrant the attention of those charged with governance.



    The Yellow Book is available on GAO’s website at:


    For technical assistance, contact us at:

    [email protected]

    (202) 512-9535