590 likes | 882 Views
Yellow Book Update: 2010 Exposure Draft. CIGIE/GAO 2011 Financial Statement Audit Conference Jim Dalkin March 30, 2011. Session Objectives. Review why Government Auditing Standards (the Yellow Book) is being revised Highlight areas that GAO expects to be revised in the next Yellow Book
E N D
Yellow Book Update: 2010 Exposure Draft CIGIE/GAO 2011 Financial Statement Audit Conference Jim Dalkin March 30, 2011
Session Objectives Review why Government Auditing Standards (the Yellow Book) is being revised Highlight areas that GAO expects to be revised in the next Yellow Book Discuss the anticipated timeline for the Yellow Book revision
Disclaimer Required to Receive a Preview The revisions discussed are preliminary and subject to change based on feedback from the Comptroller General’s Advisory Council on Government Auditing Standards and comments received on the Exposure Draft
Why the Yellow Book is being revised Promote the modernization of auditing standards Streamline with standard setters Address issues GAO has observed Respond to needs of the auditing community
2011 Yellow BookProjected Dates • August 23, 2010: • Issued Exposure Draft of 2011 Revision of GAGAS • November 22, 2010: • Comments received on Exposure Draft • June-August 2011: • Issue 2011 Revision of GAGAS • Effective date to be determined
Comment Count by Chapter Appendix, 41, 3% Other, 72, 5% Chapter 7, 47, 3% Chapter 1, 138, 9% Chapter 6, 180, 12% Chapter 2, 75, 5% Chapter 5, 180, 12% Chapter 3, 513, 34% Chapter 4, 247, 17%
Significant Changes in ED Realigned Chapters 1 and 2 • Chapter 1 includes the foundation and ethical principles of government auditing • Chapter 2 includes the use and application of GAGAS • Defines when to cite GAGAS • Relates GAGAS to other standards Chapter 3 • Revised independence standard
Significant Changes in ED Chapter 4 • The former Chapters 4 and 5 were combined into one chapter on financial audits Chapter 5 • Clarified proper use of attestation engagements Chapters 6 and 7 • Clarified requirement for reporting fraud
Areas of Significant Comment • Independence • Preparing financial statements • Assessing internal controls and monitoring • Determining period of impairment for nonaudit services • Assessing management’s skill, knowledge, and/or experience • Clarifying peer review periods • Incorporating conceptual framework flowchart • Clarifying CPE requirements
Other Considerations • Documenting independence for nonaudit services • Assessing independence in appearance • Aggregate nonaudit services • Determining the cooling-off period • Assessing the cleansing audit • Adding a more comprehensive list of prohibited and permitted services
Chapter 1 Government Auditing: Foundation and Ethical Principles
Chapter 1 – Government Auditing: Foundation and Ethical Principles Recognizes broad definitions of • Auditor • Audit organizations
Chapter 1 – Government Auditing: Foundation and Ethical Principles Clarifies the audit function’s structural location relative to the audited entity • External audit organizations report to third parties externally • Internal audit organizations are accountable to senior management and do not usually report externally • Government auditors who report to both third parties and senior management are considered external auditors
Chapter 1 – Government Auditing: Foundation and Ethical Principles Contains concepts and ethical principles that serve as the foundation for the requirements and guidance for GAGAS • Purpose and applicability of GAGAS (no major changes) • Ethical principles (no major changes)
Chapter 2 Standards for the Use and Application of GAGAS
Chapter 2 – Standards for the Use and Application of GAGAS • Recognizes the terms that define professional requirements, which are consistent with terminology used in the AICPA’s Statements on Auditing Standards • Recognizes the longstanding GAGAS financial audit requirements to report on deficiencies in internal control; and on fraud, noncompliance with provisions of laws, regulations, contracts, and grant agreements, and abuse
Chapter 2 – Standards for the Use and Application of GAGAS Clarified citing compliance with GAGAS • Determining appropriate GAGAS compliance statement is a matter of professional judgment • Departures from presumptively mandatory requirements • Using GAGAS with other standards
Chapter 3 General Standards Independence Professional Judgment Competence Quality Control and Assurance
Revising Independence 20 • New framework combines rules (prohibitions) with a conceptual framework. • Generally consistent with IFAC and AICPA • Certain prohibitions remain • Generally consistent with Rule 101 AICPA • Beyond a prohibition • Apply the conceptual framework
Chapter 3 – General Standards: Independence Conceptual Framework Allows the auditor to assess unique circumstances Adaptable Replaces categories of independence Personal External Organizational Defines independence of mind and in appearance
Chapter 3 – General Standards: Independence GAO will retire current Government Auditing Standards: Questions andAnswers to Independence Standard Questions guidance
Chapter 3 – General Standards: Independence Threatscould impair independence • Do not necessarily result in an independence impairment Safeguards could mitigate threats • Eliminate or reduce to an acceptable level
Chapter 3 – General Standards: Independence The Conceptual Framework Steps • Identify threats • Evaluate significance • Apply safeguards • Determine threat level is acceptable
Assess condition or activity for threats to independence NO Threat identified? YES Assess threat for significance NO Is threat significant? Proceed YES Identify and apply appropriate safeguard(s) Assess safeguard effectiveness Is threat eliminated or reduced to an acceptable level? YES Potential independence impairment; do not proceed NO
Chapter 3 – General Standards: Independence Seven Categories of Threats Self-interest threat Self-review threat Bias threat Familiarity threat Undue influence threat Management participation threat Structural threat
Safeguard Examples • Safeguards in the work environment • Select non-impaired auditor • Separate engagement teams • Secondary reviews • Nonaudit services • Management responsibility • Sufficient skills, knowledge, or experience • Safeguards created by the profession, legislation, or regulation • External review by a third party • Monitoring and disciplinary procedures
Assess condition or activity for threats to independence Payroll Accrual example NO Threat identified? (self-review threat) YES Assess threat for significance Is threat significant?(material) Proceed NO YES Identify and apply appropriate safeguard(s) (Knowledgeable management) Assess safeguard effectiveness-depends on confidence on managements knowledge YES Is threat eliminated or reduced to an acceptable level? Potential independence impairment; do not proceed NO
Assess condition or activity for threats to independence Slaughterhouse example NO Threat identified? (bias threat) YES Assess threat for significance (reason for being vegetarian) NO Is threat significant?(material) Proceed YES Identify and apply appropriate safeguard(s) (level of the auditor, subject of the audit) Assess safeguard effectiveness YES Is threat eliminated or reduced to an acceptable level? Potential independence impairment; do not proceed NO
Nonaudit Services Certain services may be permitted • First, determine if there is a specific prohibition • If not, the auditor should apply the conceptual framework Prohibitions are generally consistent with AICPA rules • Management must possess suitable skill, knowledge or experience
Differences Between GAGAS ED and AICPA Ethics Standards Additional documentation requirement • Document substantive discussions
Financial Statements Preparation Otherwise no safeguard could reduce the threat to an acceptable level May be permissible provided • Management possesses suitable • Skill, • Knowledge, or • Experience To evaluate the adequacy and results of the services performed Consistent with AICPA ET 101–3
Bookkeeping Services May be performed provided the auditor does not • Determine or change journal entries, account codings or classifications for transactions, or other accounting records without obtaining client approval • Authorize or approve transactions • Prepare source documents • Make changes to source documents without client approval Consistent with AICPA ET 101-3
Prohibitions within Internal Audit Services provided by external auditors • Setting internal audit policies or the strategic direction • Deciding which recommendations resulting from internal audit activities to implement • Taking responsibility for designing, implementing and maintaining internal control
Prohibitions Related to Internal Control Monitoring • Management is responsible for designing, implementing and maintaining internal control External auditors • May not provide ongoing monitoring services • May not design the system of internal controls and then assess its effectiveness • May evaluate the effectiveness of controls
Prohibitions within IT Services External auditors may not • Design or develop an IT system that would be subject to or part of an audit • Make significant modifications to an IT system’s source code • Operate or supervise an IT system
Prohibitions within Valuation Services External auditors may not provide valuation services that • Would have a material effect, • Involve a significant degree of subjectivity, and • Are the subject of an audit
Nonaudit Services Audit Period Possible Safeguard: One audit cycle performed by another audit organization after the nonaudit service completion date provide a safeguard • Impairment exists during • The period of the audit • The professional engagement • Other potential considerations • Independence in appearance for subsequent periods • Subsequent material weaknesses and significant deficiencies from the nonaudit service
Chapter 3 – General Standards: Continuing ProfessionalEducation (CPE) No revision to overall requirements: Minimum of 24 hours of CPE every 2 years Government Specific or unique environment Auditing standards and applicable accounting principles Additional 56 hours of CPE for auditors involved in Planning, directing, or reporting on GAGAS assignments; or Charge 20 percent or more of time annually to GAGAS assignments Minimum of 20 hours of CPE each year
Chapter 3 – General Standards: Competence CPE requirements for external specialists: • External specialists are not required to meet GAGAS CPE requirements, but should be qualified and maintain professional competence
Chapter 3 – General Standards: Competence CPE requirements for internal specialists: • Internal specialists serving as auditors are subject to all CPE requirements • Specialized CPE count towards the required 24 hours • Internal consulting specialists are not required to meet GAGAS CPE requirements, but should be qualified and maintain professional competence
Chapter 3 – General Standards: Quality Control and Assurance Harmonized quality control system with AICPA standards Additional requirements for consistency with AICPA • Communicate deficiencies noted • Recommend remedial action
Overall Changes for Field Work (Performance) and Reporting • Considered Clarity Project conventions • Streamlined language to harmonize with AICPA • Clarified additive requirements No new field work/reporting requirements were added for any GAGAS engagement
Field Work Requirements Beyond AICPA Additional requirements relate to • Auditor communication • Previous audits and attestation engagements • Noncompliance with provisions of contracts or grant agreements, or abuse • Developing elements of a finding • Documentation For attestation engagements, this applies only at the examination level
Reporting Requirements Beyond AICPA Additional requirements relate to • Reporting auditors’ compliance with GAGAS • Reporting on internal control, compliance with provisions of laws, regulations, contracts, and grant agreements, and other matters • Reporting views of responsible officials • Reporting confidential or sensitive information • Distributing reports
Special Considerations for Government Engagements Applying certain AICPA standards • Materiality • Early communication of deficiencies (SAS No. 115)
Removed Duplicative Requirements Financial Audits • Restatements • Internal control deficiency definitions • Communication of significant matters • Consideration of fraud and illegal acts Attestation Engagements • Internal control deficiency definitions
Deleted Requirements Covered by the Quality Control system • Develop policies to address requests by outside parties to obtain access to audit documentation Covered by AICPA Standards • Document terminated engagements • Retained requirement for performance audits
Chapter 4 Financial Audits