Financial Audit Manual: Update to Part II--Tools (01-APR-03,	 
GAO-03-466G).							 
                                                                 
In July 2001, the U.S. General Accounting Office (GAO) and the	 
President's Council on Integrity and Efficiency (PCIE) issued the
GAO/PCIE Financial Audit Manual (FAM). The FAM provides guidance 
for financial audits conducted by the Inspector General 	 
community, GAO, and their contractors. The FAM is a key part in  
enhancing accountability over taxpayer-provided resources. GAO	 
and the PCIE are committed to keeping the FAM current and intend 
to prepare updates as needed. With this goal in mind, a GAO/PCIE 
task force prepared this update to volume II of the FAM, which	 
provides tools to assist the auditor in complying with audit	 
standards .							 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-03-466G					        
    ACCNO:   A06738						        
  TITLE:     Financial Audit Manual: Update to Part II--Tools	      
     DATE:   04/01/2003 
  SUBJECT:   Audits						 
	     Financial management				 
	     Financial statement audits 			 
	     Auditing procedures				 
	     Auditing standards 				 
	     Auditors						 
	     Financial records					 
	     Internal audits					 
	     Internal controls					 
	     Reporting requirements				 
	     Standards evaluation				 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-03-466G

United States General Accounting Office President*s Council on Integrity
and Efficiency GAO/ PCIE Financial

Audit Manual

Update to Part II - Tools Update to Part II GAO- 03- 466G

[This page intentionally left blank]

April 2003 Dear Colleague: In July 2001, the U. S. General Accounting
Office (GAO) and the President*s Council on Integrity and Efficiency
(PCIE) issued the GAO/ PCIE Financial Audit Manual (FAM). The FAM provides
guidance for financial audits conducted by the Inspector General
community, GAO, and their contractors. The FAM is a key part in enhancing
accountability over taxpayer- provided resources. GAO and the PCIE are
committed to keeping the FAM current and intend to prepare

updates as needed. With this goal in mind, a GAO/ PCIE task force prepared
this update to volume II of the FAM, which provides tools to assist the
auditor in complying with audit standards . The new or updated sections
are highlighted in the table of contents for volume II. It was issued as
an exposure draft on the internet in September 2002, and we incorporated
changes based on comments received. The original GAO/ PCIE FAM, which will
be updated by having these additional sections incorporated, and this
April 2003 update are available on the internet at www. GAO. gov or www.
ignet. gov/ pande/ audit. html

If you have comments or suggestions for additional projects for further
FAM updates, please e- mail them to

FAM_ Comments@ oig. doi. gov We extend our thanks to the many individuals
and organizations that provided comments and insights to make the manual
stronger. The task force assembled by GAO and the PCIE also deserves much
credit for its dedication to completing this project. Jeffrey C. Steinhoff
The Honorable Gregory H. Friedman Managing Director Chair, President*s
Council on Integrity U. S. General Accounting Office and Efficiency Audit
Committee

Filing instructions for April 2003 FAM Volume II * Tools update: Retain
from original

July 2001 version Insert from April 2003

update Delete from original July 2001 version

Cover to volume II Contents * Part II (including title page) Contents *
Part II

(including title page) Section 600 (including title

page and sections 601, 650, 650 A, B, and C, 660, 660 A, B, C, and D)

Section 600 title page Section 700 (including title

page and sections 701 and 701 A and B)

Section 700 title page Section 800 (including title

page and sections 802, 803, 808, 809, 810, 812, 813, 814, 816, and 817)
Section 800 title page Section 900 (including title

page and sections 902, 902 A, B, and C, 903, 921, 921 A, B, C, and D)

Section 900 title page Section 1000 title page Sections 1001 and 1001 A
Sections 1002 and 1002 A,

B, C, and D Section 1002 title page Sections 1003, 1004, and

1005 Section 1006 title page Section 1006

Changes affecting volume I

Glossary title page Glossary (22 pages) Glossary (17 pages) Abbreviations
title page Abbreviations (3 pages) Abbreviations (2 pages)

[This page intentionally left blank.]

CONTENTS * PART II * TOOLS April 2003 GAO/ PCIE Financial Audit Manual -
Part II Contents- 1

600 PLANNING AND GENERAL 601 Introduction to Part II * Tools 650 650 A 650
B 650 C

Using the Work of Others Summary of Audit Procedures and Documentation for
Review of Other Auditors' Work Example Audit Procedures for Using the Work
of Others Example Reports When Using the Work of Others 660 660 A 660 B

660 C 660 D

Agreed- Upon Procedures Example Agreed- Upon Procedures Engagement Letter
Example Representation Letter from Responsible Entity on Agreed- Upon
Procedures Engagement Agreed- Upon Procedures Completion Checklist Example
Agreed- Upon Procedures Report 700 INTERNAL CONTROL (See also section 900)

701 701 A 701 B

Assessing Compliance of Agency Systems with the Federal Financial
Management Improvement Act (FFMIA) Example Audit Procedures for Testing
Compliance with FFMIA Summary Schedule of Instances of Noncompliance with
FFMIA 800 COMPLIANCE 801 Reserved

802 General Compliance Checklist 803 Antideficiency Act 804 Reserved 805
Reserved 806 Reserved 807 Reserved 808 Federal Credit Reform Act of 1990
809 Provisions Governing Claims of the U. S. Government (31 U. S. C. 3711-

3720E) (Including the Debt Collection Improvement Act of 1996) (DCIA) 810
Prompt Payment Act 811 Reserved 812 Pay and Allowance System for Civilian
Employees, as Provided Primarily

in Chapters 51- 59 of Title 31, U. S. Code

Contents - Part II - Tools April 2003 GAO/ PCIE Financial Audit Manual -
Part II Contents- 2 813 Civil Service Retirement Act 814 Federal Employees
Health Benefits Act 815 Reserved 816 Federal Employees' Compensation Act
817 Federal Employees' Retirement System Act of 1986

900 SUBSTANTIVE TESTING 901 Reserved 902 902 A

902 B 902 C

Related Parties, Including Intragovernmental Activity and Balances Example
Account Risk Analysis for Intragovernmental Activity and Balances Example
Specific Control Evaluation for Intragovernmental Accounts Example Audit
Procedures for Intragovernmental and Other Related

Parties' Activity and Balances 903 Auditing Cost Information 921

921 A 921 B 921 C 921 D

Auditing Fund Balance with Treasury (FBWT) Treasury Processes and Reports
Related to FBWT Reconciliation Example Account Risk Analysis for Fund
Balance with Treasury Example Specific Control Evaluation for Fund Balance
with Treasury Example Audit Procedures for Fund Balance with Treasury

1000 REPORTING 1001 Management Representations 1001 A Example Management
Representation Letter 1002 1002 A 1002 B 1002 C 1002 D

Inquiries of Legal Counsel Example Audit Procedures for Inquiries of Legal
Counsel Example Legal Letter Request Example Legal Representation Letter
Example Management Summary Schedule 1003 Financial Statement Audit
Completion Checklist 1004 Checklist for Reports Prepared Under the CFO Act
1005 Subsequent Events Review 1006 Reserved. (For Related Parties, see
section 902)

[This page intentionally left blank.]

Planning and General 601 - INTRODUCTION TO PART II * TOOLS

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 601- 1 .01 Part
II of the GAO/ PCIE Financial Audit Manual (FAM) consists of tools to
assist the auditor 1 in performing a financial statement audit. These
tools are generally

organized according to the phases of the audit: tools in section 600 deal
with the planning phase and general issues; section 700, the internal
control phase; section 800, compliance; section 900, substantive testing;
and section 1000, the reporting phase.

.02 Many of the tools in the various sections include activities that
would be performed during other phases of the audit. Thus, the auditor
should refer to the sections in part II early in the audit. For example,
section 701, Assessing Compliance of Agency Systems with the Federal
Financial Management Improvement Act, includes procedures that would be
performed throughout the audit, not just during the internal control
phase, although many of them would be performed then. Also, section 902,
Related Parties, Including Intragovernmental Activity and Balances, has
procedures that the auditor may decide to perform in the planning and
internal control phases of the audit as well as during the testing phase.

.03 The audit procedures presented in the examples in this and other
sections of part II (tools) of the GAO/ PCIE FAM are examples of some of
the audit steps typically performed in each area. They should be used in
conjunction with the appropriate FAM sections. In using these procedures,
the auditor should use judgment to add additional procedures, delete
irrelevant procedures, modify procedures, indicate the extent and timing
of procedures, and change the terminology to that used by the audited
entity. The auditor may integrate these steps with the audit programs for
related line items. For example, tests of intragovernmental activity and
balances (section 902) may be integrated with tests of accounts receivable
and payable, and, to improve efficiency, the auditor may coordinate those
tests with related nonintragovernmental activity and balances.

1 The term "auditor," throughout the FAM includes individuals who may be
titled auditor, analyst, evaluator, or have a similar position
description.

[This page intentionally left blank.]

Planning and General 650 - USING THE WORK OF OTHERS April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 650- 1 .01 In many audits, the
auditor uses the work and reports of other auditors and specialists. Other
auditors include CPA firms, Inspectors General, state auditors, and
internal auditors. Specialists include actuaries and information systems
auditors. The audit organization may contract with a CPA firm to perform
parts of or the entire audit. The audit organization should use FAM 650 to
design and perform appropriate oversight and other procedures to use the
work of other auditors and specialists. (The audit organization using the
work of other auditors and specialists is referred to below as "the
auditor.") This section provides

guidance on using the work of other auditors and specialists and the
nature and extent of procedures the auditor should perform. .02 Various
professional standards provide guidance in this area. These standards

include AU 543, "Part of Audit Performed by Other Independent Auditors";
AU 322, "The Auditor's Consideration of the Internal Audit Function in an
Audit of Financial Statements"; AU 336, "Using the Work of a Specialist";
1 and AU 315 (SAS No. 84), "Communication Between Predecessor and
Successor Auditors." These standards have different requirements depending
on whether the other organization is an independent auditor, an internal
auditor, or a specialist.

.03 The auditor may use the work of other auditors and specialists in
various situations, for example:

audits by Inspectors General or CPA firms in accordance with the GAO/ PCIE
FAM;

CPA firms or specialists hired to do parts of an audit (for example,
review information systems controls, review actuarial calculations, test
specific accounts);

single audits or audits of federal funds performed by state auditors and
CPA firms;

work performed by internal auditors; and

internal audit staff who provide direct assistance to the auditor. .04 AU
543.13 states: "In some circumstances the principal auditor may consider
it

appropriate to participate in discussions regarding the accounts with 1
The AICPA also issued Practice Alert 2002- 02, Use of Specialists.

Planning and General 650 - Using the Work of Others April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 650- 2 management personnel of the
component whose financial statements are being

audited by other auditors and/ or to make supplemental tests of such
accounts. The determination of the extent of additional procedures, if
any, to be applied rests with the principal auditor alone in the exercise
of his professional judgment and in no way constitutes a reflection on the
adequacy of the other auditor's work. Because the principal auditor in
this case assumes responsibility for his opinion on the financial
statements on which he is reporting without making reference to the audit
performed by the other auditor, his judgment must govern as to the extent
of procedures to be undertaken." .05 The above paragraph makes clear that
the principal auditor exercises

considerable judgment in deciding what procedures are necessary to use the
work of the other auditor. FAM 650 provides guidance in making the
judgments necessary to use the work of others. These judgments include

the type of reporting (see paragraphs 650.09-. 10),

the auditor's evaluation of the other auditors' or specialists'
independence and objectivity (see paragraphs 650.11-. 24),

the auditor's evaluation of the other auditors' or specialists'
qualifications (see paragraphs 650.25-. 35), and

the auditor's determination of the level of review (see paragraphs
650.36-. 41). .06 The auditor should coordinate with other auditors whose
work he or she wishes to use. In turn, the other auditor should consider
the needs of auditors who plan

to use the work being performed so that the judgments exercised by both
auditors could satisfy the needs of both. This is best done before major
work is started. For example, auditors of a consolidated entity (such as
the U. S.

government or an entire department or agency) are likely to plan to use
the work of auditors of subsidiary entities (such as individual
departments and agencies or bureaus and components of a department). This
coordination can result in more economy, efficiency, and effectiveness of
government audits in general and avoid duplication of effort. In addition,
the coordination needs to be ongoing throughout the audit so that the
timing needs of both the auditor and the other auditors are met. The other
auditors should make their audit documentation available for review by the
auditor on an ongoing basis during the audit. .07 In this coordination,
the auditor should inform the other auditor how his or her

work and report will be used. AU 543.07 indicates that if the auditor's
report will name the other auditor, the auditor should obtain permission
to do so and should present the other auditor's report together with the
principal auditor's report. For CPA firms, this permission may be obtained
through the contracting process. The auditor also should provide the other
auditors a draft of the report as a

courtesy.

Planning and General 650 - Using the Work of Others April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 650- 3 .08 When there is a
difference of opinion between the two auditors, the principal

auditor generally should confer with the other auditor to reach agreement
with him or her as to the procedures necessary to satisfy both auditors'
professional judgments. If both auditors are unable to reach agreement,
see paragraphs 650.54 to .56. Section 650 B contains example audit
procedures for using the work of others, which depend on the judgments
made.

TYPES OF REPORTING .09 There are various types of reporting when using the
work of other auditors and specialists. The type of reporting depends on
the degree of responsibility the auditor accepts and the work performed by
the auditor. Factors for the auditor to consider in deciding which type of
reporting to use include the amount of assurance the auditor wishes to
provide, legal requirements, and cost- benefit

considerations. The degree of resources required varies by type of report
and generally increases in the order presented below. The type of
reporting should be decided in planning the job and generally should be
discussed with the other auditors or specialists. In deciding the type of
reporting, the auditor should consider AU 504.03, which states that an
auditor is "associated with financial statements when he has consented to
the use of his name in a report, document, or written communication
containing the statements." (Section 650 C contains examples of wording
for two types of reporting.) The types of reporting are as follows.

a. No association with report* In this situation, the other auditors' or
specialists' report is provided directly to the auditee and/ or to
significant users. The auditor may use this method when the auditor merely
procures the audit but is not acting as "the auditor." For example, if
there is no legal requirement for a separate report by the auditor, the
user does not need a separate report from the auditor, and a separate
report would provide no additional information. When the auditor is
required by law to perform the audit, he or she should not use this option
since he or she is associated with the report.

b. Auditor transmittal letter* There are two types of transmittal letters,
one expressing no assurance and one expressing negative assurance on the
other auditors' work. For either type, the auditor is associated with the
financial statements as described in AU 504. The fourth standard of
reporting states, (in the last sentence) "where an auditor's name is
associated with financial statements, the report should contain a clear-
cut indication of the character of the auditor's work, if any, and the
degree of responsibility the auditor is taking." Because the auditor did
not perform an audit, the auditor should

Planning and General 650 - Using the Work of Others April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 650- 4 disclaim an opinion and
should not express concurrence with the other

auditors' opinion. The auditor may use this approach when there is no
legal requirement for the auditor to express an opinion or concurrence but
the auditor is required to or wants to issue a report or letter. The
auditor may expand the letter to highlight certain findings or information
or to indicate that certain procedures were performed. See example 1 of
section 650 C for

wording for both types of transmittal letters. * Auditor transmittal
letter expressing no assurance* For this letter,

the auditor issues a transmittal letter without reviewing the other
auditors' documentation. In these situations, the transmittal should be
clear as to the limitations of the auditor's work. The auditor still has
the responsibility to monitor any contract and meet the requirements of
the IG Act, as amended, CFO Act, and Accountability of Tax Dollars Act of
2002, if applicable.  Auditor transmittal letter expressing negative
assurance* This

letter indicates that the auditor reviewed the other auditors' or
specialists' report and related documentation and inquired of their
representatives and states that the auditor found no instances where the
other auditors did not comply, in all material respects, with Government
Auditing Standards (GAGAS).

c. The auditor issues a report that refers to other auditors' reports and
indicates a division of responsibilities* To use this approach, the
auditor has two decisions to make: (1) whether the auditor may serve as
the principal auditor (AU 543.01-. 03) and (2) whether the auditor should
refer to the work of the other auditors (AU 543.01-. 10). The auditor
should exercise considerable judgment in making these decisions and should
document the basis for the decisions. One consideration the auditor may
use in deciding whether the auditor is the principal auditor is whether
the auditor has sufficient knowledge of the entire entity, including
portions audited by other auditors. Another consideration is the
materiality and importance of the consolidated assets, liabilities,
expenses, revenues, or net position he or she has not audited. The auditor
may issue a report that refers to other auditors when (1) the other
auditors have reported on financial statements for a component entity that
is part of the entity whose financial statements the auditor is reporting
on and

(2) the auditor does not wish to take responsibility for the other
auditors' work. (See AU 543.09 for example wording. This approach may be
used only for CPA firms or for other auditors who are organizationally
independent [see paragraph 650.14]; it may not be used for internal
auditors or specialists.) However, if the reader of the report could
question the basis for the principal auditor issuing the opinion because
of the significant materiality and

Planning and General 650 - Using the Work of Others April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 650- 5 importance of the portion of
the financial statements audited by the other

auditors, the auditor should consider whether there is a need to issue a
report that does not mention the other auditors' work, which may require
additional work (see 650.09 e below). d. The auditor issues a report that
expresses concurrence with the other

auditors' report and conclusions* The auditor may use this approach when
other auditors have reported on financial statements and the auditor needs
or wants to provide more assurance than what is provided by the
transmittal letter. 2 Expressing concurrence means that the auditor would
have reached the same opinion or conclusion had he or she done the audit.
Therefore, the auditor needs to do the same level of work as he or she
would have done to take responsibility for the other auditor's work. 3 The
auditor usually accomplishes this by (1) reviewing the audit documentation
and (2) having discussions with entity management and/ or performing
supplemental tests. See example 2 in section 650 C for report wording.
This approach may be

used only for CPA firms or for other auditors who are organizationally
independent (see paragraph 650.14). This report should not be used for
specialists, since AU 336.15 prohibits reference to a specialist's report
unless the auditor issues a qualified or adverse opinion or a disclaimer
of opinion based on the specialist's work. This approach also should not
be used for internal auditors. AU 322.19 notes that the responsibility to
report on the

2 For example, a certain audit may be required by law, in which the
auditor, although allowed to hire other auditors to do the work, is
required to give his or her own opinion. In the absence of such a
requirement, a report expressing concurrence is generally not cost-
effective because of the resources required.

3 In this instance both the other auditor and the auditor that expresses
concurrence are principal auditors because both have sufficient knowledge
of the overall financial statements and the important issues, and the
concurring auditor, by reason of the level of work done, has also audited
the financial statements.

Planning and General 650 - Using the Work of Others April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 650- 6 financial statements rests
with the auditor and cannot be shared with internal

auditors. 4 e. The auditor issues a report that does not mention the other
auditors' or specialists' work* In this situation, the auditor issues the
report in section 595 A and/ or B (as if no other auditors or specialists
were involved). This means the auditor takes responsibility for the other
auditors' or specialists' work. (See 650.09 c above for a discussion of
principal auditor issues.) The auditor may use this approach when the
other auditors have done part of the audit; the approach also may be used
when the other auditors have done substantially the entire audit. 5 The
auditor usually accomplishes this by (1) reviewing the audit documentation
and (2) having discussions with entity management and/ or performing
supplemental tests. The auditor also should

use this approach when using the work of specialists and internal
auditors, because professional standards do not permit referring to
specialists' or internal auditors' work (unless, for specialists, the
auditor issues a qualified or adverse opinion or a disclaimer of opinion
based on the specialist's work). GAO uses this approach in the audit of
the consolidated financial statements of the United States Government.

4 There may be situations where the auditor is asked to provide a separate
opinion in addition to presenting the other auditors' report. In these
situations, the auditor should follow the wording in section 595 A and/ or
B and should add the following in lieu of the introduction to the first
paragraph on page 595 A- 5:

"To help fulfill these responsibilities, we contracted with the
independent certified public accounting firm of [insert firm name] to
perform a financial statement audit in accordance with U. S. generally
accepted government auditing standards,

OMB's bulletin, Audit Requirements for Federal Financial Statements, and
the GAO/ PCIE Financial Audit Manual. The report of [name of CPA firm]
dated [date] is attached. We evaluated the nature, timing, and extent of
the work, monitored progress throughout the audit, reviewed the
documentation of [name of CPA firm], met with partners and staff members
of [name of firm], evaluated the key judgments, met with officials of
[entity being audited], performed independent tests of the accounting
records [if applicable], and performed other procedures we deemed
appropriate in the circumstances. Our opinions expressed above are

consistent with the opinions of [name of CPA firm]. Thus, in this audit,
we:" (continue with numbered items). 5 For example, a number of other
auditors may have audited individual components

of an entity and the auditor may audit the consolidation process. The
auditor may choose to use this approach if the auditor has sufficient
knowledge of the entire entity and does additional work (see paragraph
650.10).

Planning and General 650 - Using the Work of Others April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 650- 7 .10 The following chart
presents an overview of the work the auditor generally

should perform for each type of report or letter. "Yes" means some of that
category of work generally should be performed. "No" means that the
category is generally not required for the report or letter. The extent of
work in each

category depends on the auditor's judgment. See paragraph 650.36 for
discussion on level of review.

Type of reporting Evaluate the other auditors' independence

and objectivity (paragraphs

650.11-. 24) Evaluate

the other auditors' qualifications

(paragraphs 650.25- .35)

Level of Review (paragraphs

650.36- .42)

Hold discussions and/ or perform supplemental tests (paragraphs

650.43- .47)

No association with report (paragraph 650.09 a) No 6 No None No

Auditor transmittal letter expressing no assurance (paragraph 650.09 b,
first bullet) Yes Yes Low or none No

Auditor transmittal letter expressing negative assurance (paragraph 650.09
b, second bullet) Yes Yes Moderate or low

No

Report refers to the other auditors' re port and indicates a division of
responsibilities (paragraph 650.09 c) Yes Yes Low or none No

6 If the auditor contracts with the other auditors, the contracting
process generally will require the auditor to evaluate the other auditors'
independence, objectivity, and qualifications and to monitor performance
under the contract.

Planning and General 650 - Using the Work of Others April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 650- 8 Type of reporting Evaluate

the other auditors' independence

and objectivity (paragraphs

650.11-. 24) Evaluate

the other auditors' qualifications

(paragraphs 650.25- .35)

Level of Review (paragraphs

650.36- .42)

Hold discussions and/ or perform supplemental tests (paragraphs

650.43- .47)

Report concurs with the other auditors' report or does not mention the
other auditors' work (paragraph 650.09 d

and e) Yes Yes High, moderate,

or low Yes for internal

auditors' work (should include supplemental tests). Yes for auditors' work
for high level of review. No for auditor's work for moderate or low level
of review EVALUATING THE OTHER AUDITORS' OR SPECIALISTS'

INDEPENDENCE AND OBJECTIVITY .11 Unless the auditor has no association
with the report, the auditor should evaluate the other auditors' or
specialists' independence and objectivity. Where the auditor has
previously used the work of the same other auditors, the auditor generally
should update the previous evaluation. GAGAS 3.11 indicates that audit
organizations and individual auditors should be free from personal and
external impairments to independence, should be organizationally
independent, and should maintain an independent attitude and appearance.
The auditor should first evaluate organizational independence. Different
standards apply to CPA firms, other organizationally independent auditors,
internal auditors, and specialists.

.12 For CPA firms and specialists, the contracting process is designed to
select a firm that is independent and objective. The statement of work or
request for proposal should ask the firms to represent that they are
independent and objective with respect to the auditee and should request
the firms to describe in their proposals all work, including nonaudit
services, they have done for the auditee in the last several years (see
GAGAS Amendment No. 3, Independence, and Answers to Independence
Questions). The technical evaluation panel should evaluate

Planning and General 650 - Using the Work of Others April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 650- 9 whether the nature and extent
of this work or other factors cause an

independence or objectivity issue. In this evaluation, the panel may
consider, for example, whether (1) the other auditors will need to audit
their own work or (2) whether the other auditors made management decisions
or performed management functions.

.13 If possible, 7 the auditor should have a role in contracting for the
CPA firm or specialist. When the auditor does not participate in
contracting for the CPA firm or specialist, the auditor generally should
obtain an overview of the contracting process; this generally should
include reading the statement of work or request for proposal and the
proposal of the firm selected, and understanding the

evaluations of the panel selecting the firm. The auditor should determine
whether the firm provided a representation as to independence and
objectivity (usually in its proposal). If the firm has not provided a
representation as to independence and objectivity, the auditor should
obtain a representation from the firm. If the auditor is not familiar with
the firm, the auditor should inquire of professional organizations (such
as the American Institute of Certified Public

Accountants or the Public Company Accounting Oversight Board established
by the Sarbanes- Oxley Act of 2002) as to the firm's professional
reputation and standing.

.14 For government auditors, the auditor should decide whether the other
audit organization is organizationally independent to report externally or
whether it should be considered an internal audit organization. The
auditor may refer to the work of organizationally independent government
auditors but should not refer to the work of internal audit organizations
in the audit report; generally more extensive review and supervision are
necessary when dealing with internal auditors. The auditor should obtain
written representations from the head of the government audit organization
that to the best of his or her knowledge, the organization and the
individual auditors doing the work are independent of the entity being
audited. This means that the individual auditors are free of personal
impairments to independence and maintain an independent attitude and
appearance; it also means that the organization is free from external
impairments and is organizationally independent (see GAGAS 3.11). The
representation letter may indicate the general criteria for determining
independence, such as "under the criteria in GAGAS." The representations
should be for the period of the financial statements to the date of the
other auditors' report. Since the decision on the independence and
objectivity of the other auditors is needed to plan the

7 Under the CFO Act and the Government Management Reform Act, if the IG is
not doing the audit, he or she is required to determine the CPA firm that
will do the work.

Planning and General 650 - Using the Work of Others April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 650- 10 auditor's work, the auditor
generally should obtain oral representations early in

the audit, with written representations at the end of the audit. 8 .15
Government auditors may be presumed to be free from organizational
impairments to independence when reporting externally to third parties if
their audit organization is organizationally independent of the audited
entity. Government audit organizations may meet the requirement for
organizational independence in a number of ways. There is a presumption
that a government audit organization is organizationally independent
(GAGAS 3.30.1) if the audit organization is

a. "assigned to a level of government other than the one to which the
audited entity is assigned (federal, state, or local), for example, a
federal auditor auditing a state government program, or b. "assigned to a
different branch of government within the same level of

government as the audited entity, for example, a legislative auditor
auditing an executive branch program."

.16 There is also a presumption of organizational independence if the head
of the audit organization (GAGAS 3.30.2) meets one of the following:

a. "is directly elected by voters of the jurisdiction being audited, b.
"is elected or appointed by a legislative body, subject to removal by a

legislative body, and reports the results of audits to and is accountable
to a legislative body,

c. "is appointed by someone other than a legislative body, so long as the
appointment is confirmed by a legislative body and removal from the
position is subject to oversight or approval by a legislative body, and
reports the results of audits to and is accountable to a legislative body,
or

d. "is appointed by, accountable to, reports to, and can only be removed
by a statutorily created governing body, the majority of whose members are
independently elected or appointed and come from outside the organization
being audited." .17 If the other audit organization or its head meets one
of the above criteria, the

auditor need not perform any procedures concerning organizational 8
Obtaining a representation from the head of the audit organization is
similar to

the procedure for CPA firms under AU 543.10b.

Planning and General 650 - Using the Work of Others April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 650- 11 independence other than to
obtain a representation letter from the head of the

audit organization as noted in paragraph 650.14 (see paragraph 650.23 for
tests of personal independence). However, if the auditor encounters
evidence that the audit organization might not be organizationally
independent, the auditor should consider the need for inquiries and other
procedures; the auditor should then evaluate the results of these
procedures.

.18 In addition to the presumptive criteria, GAGAS recognize that there
may be other organizational structures under which a government audit
organization could be free from organizational impairments. These other
structures should provide sufficient safeguards to prevent the audited
entity from interfering with the audit organization's ability to perform
the work and report the results impartially. For the audit organization to
be considered free from organizational impairments to report externally
under a structure different from the ones listed above, the audit
organization (GAGAS 3.30.3) should have all of the following safeguards:

a. "statutory protections that prevent the abolishment of the audit
organization by the audited entity,

b. "statutory protections that require that if the head of the audit
organization is removed from office, the head of the agency should report
this fact and the reasons for the removal to the legislative body,

c. "statutory protections that prevent the audited entity from interfering
with the initiation, scope, timing, and completion of any audit, d.
"statutory protections that prevent the audited entity from interfering
with the

reporting on any audit, including the findings, conclusions, and
recommendations, or the manner, means, or timing of the audit
organization's reports,

e. "statutory protections that require the audit organization to report to
a legislative body or other independent governing body on a recurring
basis, f. "statutory protections that give the audit organization sole
authority over the

selection, retention, and dismissal of its staff, and g. "statutory access
to records and documents that relate to the agency,

program, or function being audited." .19 If the head of the audit
organization concludes that the organization has all the safeguards listed
above, the audit organization may be considered free from organizational
impairments to independence when reporting externally. The

Planning and General 650 - Using the Work of Others April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 650- 12 audit organization should
document the statutory provisions in place that provide

these safeguards. The external quality assurance reviewer will review
these provisions to determine whether the necessary safeguards are
present.

.20 The auditor using the work of other auditors who meets these
requirements should request a representation letter (see paragraph 650.14)
from the head of the audit organization; the auditor should review the
above documentation and discuss it with the head of the audit
organization. He or she also may discuss the matter with the external
quality assurance reviewer, legal counsel for the audit organization, and
his or her own legal counsel.

.21 If the auditor decides that the government audit organization is not
organizationally independent to report externally (either because it does
not meet the criteria in GAGAS or for another reason), the auditor should
determine whether the other auditors are organizationally independent to
report internally. These auditors are internal auditors. The Institute of
Internal Auditors' (IIA) Standards for the Professional Practice of
Internal Auditing defines internal auditing as "an independent, objective
assurance and consulting activity designed to add value and improve an
organization's operations. It helps an organization accomplish its
objectives by bringing a systematic, disciplined approach to evaluate and
improve the effectiveness of risk management, control, and governance
processes." GAGAS contain guidance on organizational independence for
government internal auditors. For example, internal auditors should be
outside the staff or line management function of the unit under audit.
They should report their results and be accountable to the head or deputy
of their agency. IIA standards require internal auditors to be objective
for the activities they audit. These GAGAS and IIA standards of
independence for internal auditors differ from independence under the
AICPA Code of Professional Conduct or independence for external auditors
under GAGAS. The auditor generally should determine whether the internal
auditors whose work is to be used are independent of the activities they
audit. The auditor also should consider the organizational status of the
head of the audit organization, including (GAGAS 3.30.5) whether the head:

"is accountable to the head or deputy head of the government entity;

"is required to report the results of the audit organization's work to the
head or deputy head of the government entity, and

"is located organizationally outside the staff or line management function
of the unit under audit."

Planning and General 650 - Using the Work of Others April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 650- 13 .22 If the auditor concludes
that the internal auditors are not independent under

GAGAS and IIA standards, the auditor should treat the work as if the
auditee prepared it. If the auditor concludes that the internal auditors
are independent under GAGAS and IIA standards, the auditor may use their
work to the extent permitted by AU 322. In either case, the auditor may
not issue a report referring

to or concurring with the work of internal auditors. .23 In addition to
evaluating the other auditors' organizational independence, the

auditor should evaluate whether the audit team has any personal
impairments. For both internal auditors and organizationally independent
government audit organizations, the auditor generally should ask how the
other auditors monitor the personal independence of individual staff
members, especially those doing the work the auditor would like to use.

.24 The auditor should document the work performed and the conclusions
reached as to independence and objectivity. The documentation should
indicate the auditor's conclusion as to whether the other auditors are
independent and objective and the basis for that conclusion. The auditor
should consult with the Reviewer if there are questions about the other
auditors' independence or objectivity.

EVALUATING THE OTHER AUDITORS' OR SPECIALISTS' QUALIFICATIONS .25 After
evaluating the other auditors' or specialists' independence and
objectivity,

the auditor should evaluate the other auditors' or specialists'
qualifications to perform the specific tasks required. This involves
evaluating the qualifications of the firm or audit organization and
evaluating the qualifications of the specific audit team. Where the
auditor has previously used the work of the same other auditors, the
auditor generally should update the previous evaluation.

.26 For CPA firms and specialists, qualifications are generally evaluated
through the contracting process. The firm submits resumes for the audit
team and demonstrates why its team is qualified to do the work. CPA firms
should be asked to submit their latest peer review report (or inspection
report specified by the Public Company Accounting Oversight Board), letter
of comments, and response to the peer review report. The firm generally
submits its plan for doing the work. The purpose of the technical
evaluation panel under the contracting process is to select a qualified
firm.

.27 Where the auditor did not participate in the contracting process, the
auditor should consider how the qualifications of the firm were evaluated.
For example, did the evaluation panel review resumes of the team; review
the audit approach;

Planning and General 650 - Using the Work of Others April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 650- 14 and read the peer review
report, the related letter of comments, and the firm's

response to the peer review report? The auditor should read these
documents and reach a conclusion as to qualifications. .28 For auditors
other than CPA firms, the auditor should ask whether the audit
organization had a peer review and the date of that review. IGs have peer

reviews performed every 3 years by other IGs. Most state auditors also
have peer reviews every 3 years. To comply with GAGAS, the audit
organization should have a peer review every 3 years. The IIA standards
indicate that, "[ e] xternal assessments, such as quality assurance
reviews, should be conducted at least once every five years by a
qualified, independent reviewer or review team from

outside the organization.". While reviews under the IIA standard are not
designed to report whether the audit organization's quality control
adheres to GAGAS, they do provide evidence about whether the work adheres
to a recognized set of professional standards. The auditor should read the
peer review report, the letter

of comments, and the audit organization's response. Where the audit
organization has received an unqualified peer review report recently
(usually less than 1 year ago), further review of the audit organization's
qualifications is generally not required.

.29 Where the peer review report is not recent, the auditor also should
review the results of the audit organization's internal inspection
program. If the peer review is not recent, the inspection is important in
highlighting new quality control issues. The inspection generally should
include reviews of documentation, interviews of staff members, and tests
of functional areas. Where the inspection is recent (usually within the
past year) and the inspection report is unqualified, further review of the
audit organization's qualifications is generally not required.

.30 Where the peer review or inspection report is qualified or adverse,
the auditor should evaluate whether the quality control system has since
been strengthened to allow the auditor to use the other auditors' work.
The auditor may review the organization's action plan for improving
quality controls. Inspection results are helpful in determining whether
quality controls have improved since the peer review. The auditor should
consider the effect of the remaining weaknesses in determining the nature
and extent of procedures the auditor will perform.

.31 Where the peer review is not recent and there is no inspection
program, the auditor generally should obtain an overview of the important
policies and procedures in the functional areas:

independence, integrity, and objectivity (see above);

Planning and General 650 - Using the Work of Others April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 650- 15 personnel management
(includes recruiting and hiring, advancement,

professional development and training, and assigning personnel to
assignments);

audit performance (includes supervision and consultation);

acceptance and continuance of assignments; and

monitoring programs. .32 This information usually is obtained through
interviews of the audit

organization's management and staff and through reading the audit
organization's quality control summary document, if one has been written.
The auditor also may read the organization's manuals and other guidance
for conducting audits.

.33 In addition to evaluating the audit organization's qualifications, the
auditor also should evaluate the overall qualifications of the other
auditors' team assigned to do the work. Reviewing resumes of key team
members may accomplish this. The auditor should consider the specific
education, training, certifications, and experience of key team members.
In evaluating qualifications, the auditor should consider the specific
role of staff members on the job. When the auditor has knowledge of
qualifications from prior experience with key team members, the auditor
should inquire about experience in the time since the last audit. .34
Where the auditor is not fully satisfied as to the other auditors'
qualifications, the

auditor generally should perform a more detailed review of the
documentation and/ or perform supplemental tests of key line items (see
paragraph 650.36). The auditor also may help the other auditors improve
future audits.

.35 If the auditor has significant concerns about the other auditors'
independence, objectivity, or qualifications, the auditor should revise
the audit approach. For example, the auditor may:

contract with another firm,

ask the other auditors to substitute more highly qualified or objective
staff members,

do the audit without using the other auditors' work, treating any work
done by the other auditors as prepared by the auditee,

divide the work so that the other auditors test the areas where they are
qualified, and the auditor does the rest of the audit, or

issue a disclaimer of opinion.

Planning and General 650 - Using the Work of Others April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 650- 16 PLANNING THE REVIEW AND
TESTING OF THE OTHER AUDITORS'

OR SPECIALISTS' WORK

.36 After evaluating the other auditors' or specialists' independence,
objectivity, and qualifications, the auditor should develop a written plan
for reviewing and, if necessary, testing the work done. This plan
documents the level of review the auditor believes necessary. The level of
review is high, 9 moderate, or low. 10 The plan should be reconsidered as
the work progresses. The level of review is a judgment the auditor makes;
this judgment generally should be made for each material line item and
should consider the following factors: a. The type of report or letter the
auditor will issue (less review is needed for a

transmittal letter than for reports in which the auditor takes
responsibility for the other auditors' work). (See paragraph 650.10.)

b. Whether the other auditors issue a disclaimer of opinion because of a
scope limitation (less work is needed to concur with a scope limitation
than to concur with an unqualified opinion). (See paragraph 650.37.)

c. Whether the auditor's report might contain a disclaimer because of a
scope limitation (less work is needed if the auditor's report will contain
a scope limitation). (See paragraph 650.39.)

d. The other auditors' independence, objectivity, and integrity (both for
the audit team and for the other audit organization) including whether the
other audit organization is an independent auditor or an internal auditor
(the level of review increases as independence, objectivity, and integrity
decreases).

e. The other auditors' qualifications to perform the work the auditor
wishes to use (both for the audit team and for the other audit
organization) (the level of review increases as the other auditors'
qualifications decrease).

9 Some situations may require significantly more work than the work shown
for the high level. In those situations, the auditor generally should
perform significant supplemental tests; in some cases, the audit may be a
joint audit. 10 In some situations, the auditor may decide less review or
no review is necessary.

These situations typically involve entities or line items that are very
small in relation to the financial statements taken as a whole. In these
situations the auditor may decide to read the other auditors' report and
the financial statements and ask questions if anything seems unusual.

Planning and General 650 - Using the Work of Others April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 650- 17 f. The auditors' prior
experience with the other auditors (both for the audit team and for the
other audit organization) (the level of review decreases as

the auditor has favorable experience in working with the other auditors).
g. The materiality of the line item in relation to the financial
statements the

auditor is reporting on, taken as a whole (the level of review increases
as the line item becomes more material).

h. The combined risk (combination of inherent risk and control risk) and
the risk of material fraud for the line item and assertion in the
financial statements the other auditors are auditing (the level of review
increases as the combined risk and the risk of material fraud increase).

.37 If the other auditors' work had a scope limitation, this generally
affects the level of review (except for transmittal letters with no
assurance). If the other auditors disclaim an opinion on the financial
statements because of a scope limitation, the auditor should issue a
disclaimer of opinion (unless the financial statements the other auditors
audited are not material to the financial statements the auditor is
auditing). It will not take much review to be satisfied that the
disclaimer is appropriate. Discussions with entity management and/ or
supplemental tests are

not required in this situation, and the review of documentation may be
limited to summary documentation. Thus, the level of review is usually low
or no review (see footnote 6). However, the auditor may decide to do
additional work to learn about the entity, to help the other auditor plan
future audits, or to help management correct the causes of the scope
limitation.

.38 If the other auditors' work had a scope limitation that results in a
qualified opinion, this generally needs a moderate or high level of review
to determine whether the other auditors should have disclaimed an opinion
and that the only issues are those relating to the qualification.

.39 A scope limitation on the auditor's work that results in a disclaimer
also may affect the level of review. Since the auditor has already decided
that not enough work can be done on the overall financial statements, no
amount of review of the other auditors' work is likely to change that
conclusion. Thus, as in the situation above, discussions with entity
management and/ or supplemental tests are not required, the review of the
other auditors' documentation may be limited to summary documentation, and
the level of review is usually low or no review (see footnote 6). However,
the auditor may decide to do additional work to learn about the entity, to
help the other auditor plan future audits, or to help management correct
the causes of the scope limitation.

Planning and General 650 - Using the Work of Others April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 650- 18 .40 A scope limitation on
the auditor's work that results in a qualified opinion needs a

similar amount of work as an unqualified opinion. .41 Section 650 A
illustrates the work that generally should be performed for each

level of review for each significant line item as well as what to retain
in the documentation.

REVIEW OF DOCUMENTATION .42 The extent of the auditor's review of the
other auditors' or specialists' documentation depends on the level of
review and is a judgment based on the factors in paragraph 650.36. For the
low level of review, the review of documentation may be limited to key
summary planning and completion documentation. For the moderate level, the
auditor generally should review more of the other auditors' or
specialists' documentation, especially those evidencing important
decisions. For financial statement audits, these include the General Risk
Analysis (GRA) or audit plan or equivalent documents; the Account Risk
Analysis (ARA) (or equivalent documentation) for significant accounts; the

Specific Control Evaluations (SCE) (or equivalent documentation) for
significant applications; the documentation for high- risk accounts,
estimates, and judgments; the analytical procedures; the audit completion
checklist (or equivalent documentation); the audit summary memorandum; and
the summary of possible adjustments. For the high level of review, the
auditor generally should review all of the items for the moderate level of
review plus the important detailed documentation.

DISCUSSIONS AND/ OR SUPPLEMENTAL TESTS WHERE LEVEL OF REVIEW IS HIGH .43
AU 543.13 states: "In some circumstances the principal auditor may
consider it

appropriate to participate in discussions regarding the accounts with
management personnel of the component whose financial statements are being
audited by other auditors and/ or to make supplemental tests of such
accounts." "In some circumstances" is interpreted to mean when the level
of review is high. Thus, where the level of review is high, the auditor
should (1) review audit documentation and (2) hold discussions with
auditee management and/ or perform tests of original documents. The
objective of these additional procedures is for the auditor to obtain
additional evidence about whether key items are properly handled and well
supported. For example, the auditor generally should discuss key items
with auditee management, especially estimates and judgments; this
discussion generally should be with the other auditors present. The
auditor generally should attend the entrance and exit conferences and
other key meetings held by other auditors or specialists. The

Planning and General 650 - Using the Work of Others April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 650- 19 auditor should consider that
for key items that are high risk, discussions with

management may not provide sufficient evidence and supplemental tests may
need to be performed.

.44 Supplemental tests may be a selection of the other auditors' work,
additional tests of the accounting records, or both. To perform
supplemental tests, the auditor should have access to the entity's
personnel and their books and records. The auditor may coordinate access
to the entity's personnel and records through

the other auditor. The auditor and the other auditor also may jointly
perform parts of a test, where the sample is planned jointly and the
results are evaluated jointly. Although supplemental tests are usually
performed only when the level of review is high, the auditor may decide to
perform supplemental tests in other situations to learn about the entity,
to help the other auditor plan future audits, or to help management
correct problems.

.45 Where the other auditor is an internal auditor, the auditor should
perform supplemental tests. Accordingly, for internal auditors,
supplemental tests generally should be of greater scope (see AU 322.26).

.46 The auditor generally should limit discussions with entity management
and/ or supplemental tests to line items that are both high combined risk
and material to the financial statements the auditor is reporting on,
especially in areas involving

estimates and judgments or in areas on which users place extensive
reliance. The auditor's supplemental tests generally should include some
items that the other auditor tested that appear to be exceptions to
determine whether they were appropriately considered in formulating an
opinion. The auditor should consider performing supplemental tests while
the other auditors are at the auditee location and have access to records;
this can minimize the inconvenience to the auditee.

.47 It is not necessary to perform supplemental tests of the work of
specialists. As indicated in AU 336.12, the auditor should understand the
methods and assumptions used by the specialists, test the data provided to
the specialists (extent of testing is based on risk and materiality), and
evaluate whether the specialists' findings support the financial statement
assertions. If the auditor believes the findings are unreasonable, the
auditor should apply additional procedures and/ or consider the need to
obtain another specialist.

SUBSEQUENT EVENTS REVIEW AND DATING OF THE AUDITOR'S REPORT .48 The
auditor's report should be dated when the auditor completes fieldwork. If
the other auditors' or specialists' report is dated earlier and the
auditor's report

Planning and General 650 - Using the Work of Others April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 650- 20 does not mention the other
auditors' report or concurs with the other auditors' report (example 2 of
section 650 C), the subsequent events review should be

updated to the date of the auditor's report. The auditor may ask the other
auditors to update the subsequent events work to the required date, or the
auditor may update the subsequent events review. Since this requires
additional work, the auditor should attempt to complete fieldwork when the
other auditors complete fieldwork. This issue should be considered in
planning. It is not necessary to update the subsequent events review when
the auditor issues a

transmittal letter (example 1 of section 650 C).

STAFFING THE REVIEW OF THE OTHER AUDITORS' OR SPECIALISTS' WORK .49 When
staffing the review, the auditor should consider that the other auditors
or

specialists may already have reviewed the work at several levels. The
auditor's staff reviewing the work generally should have enough experience
in financial statement auditing to understand the judgments that need to
be made and to interact with the higher levels of the other audit
organization. Most of the review

generally should be done by or under the direction of an assistant
director or a manager who has significant experience in performing and
reviewing financial statement audit work. Supplemental tests may be done
by less experienced staff members and supervised by an assistant director
or an experienced audit

manager. Primary review of the experienced audit manager's or assistant
director's documentation should be performed by the audit director or an
assistant director designated by the audit director. However, the
assistant director or audit manager should review the documentation of
supplemental tests performed by the less experienced staff members.
Because of the high level of financial statement auditing experience of
staff members doing and reviewing this work, secondary review should be
performed only in very high- risk situations.

.50 When the other auditors' work involves the review of computer
controls, an information systems auditor in a management role generally
should do the auditor's review. An audit assistant director should review
the information systems auditor's documentation to determine that related
audit objectives were achieved.

EVALUATING THE WORK

.51 After the auditor has completed the review of the other auditors'
work, and, if necessary, the supplemental testing, the auditor should
determine whether the work is sufficient and acceptable for the auditors'
use. The auditor should summarize the evaluation in the audit summary
memorandum.

Planning and General 650 - Using the Work of Others April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 650- 21 .52 Sometimes, the other
auditors use methodologies or audit approaches that are

different from those the auditor would have used. The auditor should
recognize that auditing requires a great deal of professional judgment and
that there often are alternative ways to achieve audit objectives. Thus,
the auditor should first understand the basis for the nature, timing, and
extent of the other auditors' procedures. The auditor should evaluate
whether sufficient evidence has been

obtained to meet the auditor's objectives; usually the auditor should
consider materiality and combined risk for the particular line item in
this evaluation. If the auditor has concerns about whether the other
auditors' work provides sufficient evidence, the auditor should discuss
the matter with the audit director and the

Reviewer before formally discussing the issue with the other auditors. .53
The auditor should consider the significance of the test results to the
audit of the

financial statements the auditor is reporting on. As an example, the other
auditors might have selected a nonstatistical sample and/ or the sample
size might be smaller than the sample size the auditor would have
selected. The auditor might decide that this provides sufficient evidence
in an area that is less material or is not risky. However, if the area is
material or risk is high, the auditor might conclude that sufficient
evidence has not been obtained and that additional work is needed. In this
case, after consulting with the audit director and the Reviewer, the
auditor generally should either ask the other auditors to perform
additional tests or perform the additional tests; if the additional
testing is not done, the auditor should consider the effect of this scope
limitation on the auditor's report. Since reaching this conclusion after
the work is performed is inefficient, when

the level of review is high, the auditor generally should coordinate or
concur with major planning decisions before audit work is started.

.54 Sometimes, the auditor may disagree with the conclusions or judgments
of the other auditors. In this case, the auditor should consider the other
auditors' work as well as any other evidence necessary to determine the
appropriate conclusion.

.55 The auditor should then discuss the issue with the other auditors to
attempt to resolve the disagreement. It is important to attempt to resolve
disagreements to reduce confusion that may arise from differing auditor
views. In planning the audit, the auditor should try to identify potential
disagreements early. Once identified, the auditor should discuss the
issues with the other auditors as early as possible so that they can be
resolved timely.

.56 If the auditor does not reach agreement with the other auditors, the
auditor should consider how to report. For very material disagreements,
the auditor may decide not to transmit the other auditors' report, instead
issuing a disclaimer of opinion due to a scope limitation or doing
additional work, if necessary, to issue

Planning and General 650 - Using the Work of Others April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 650- 22 an appropriate opinion. In
less material disagreements, the auditor may transmit

the other auditors' report, issue the transmittal letter or report, and
describe the disagreement and the basis for the auditor's conclusions.

DOCUMENTING THE REVIEW OF OTHER AUDITORS' OR SPECIALISTS' WORK .57
Regardless of the type of reporting or the level of review, the auditor's

documentation should contain the items listed in section 650 A under
"documentation." .58 In addition, where the auditor performs supplemental
tests of the accounting

records, the auditor's documentation should contain a description of the
work (this may be a list of the documents the auditor examined or tick
marks on a copy of the other auditors' documentation if that is the basis
for the selection) and the auditor's conclusion. It is not necessary to
retain copies of the documents examined.

.59 It is important to distinguish between the auditor's responsibilities
to review the documentation of other auditors versus what the auditor
might copy and retain from that documentation. The auditor should use
judgment in deciding which of the other auditors' or specialists'
documents to copy and retain. Copies of documents readily available from
the other auditors or the auditee (such as

invoices and contracts) need not be retained. Section 650 A indicates what
documentation the auditor generally should retain.

.60 The auditor may decide to retain other documentation if it might be
useful in understanding the entity, training staff members, planning
future audits, reviewing the documentation, or writing the report.
Documentation in this category includes the entity profile (or
equivalent), the general risk analysis or audit plan, the audit programs,
the ARA and SCE forms (or equivalent), the trial balance or lead
schedules, the management representation letter, and the attorney
representation letter. Auditors often find it helpful to keep copies of
documents in case questions are raised in review but not to include those
copies

in the documentation unless they are needed to document the work
performed. Documents should not be retained if they are no longer needed.
The audit plan or audit program may indicate which documents to retain.

USING INTERNAL AUDIT STAFF TO PROVIDE DIRECT ASSISTANCE TO THE AUDITOR .61
Sometimes the auditor or the auditee requests that internal auditors
provide

direct assistance to the auditor. Before this is done, the auditor should
be

Planning and General 650 - Using the Work of Others April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 650- 23 satisfied with the
independence, objectivity, and qualifications of the staff

assigned to do the work requested. AU 322.27 indicates that in these
situations "the auditor should inform the internal auditors of their
responsibilities, the objectives of the procedures they are to perform,
and matters that may affect the nature, timing, and extent of
procedures.... The auditor should also inform the internal auditors that
all significant accounting and auditing issues identified during the audit
should be brought to the auditor's attention." The auditor should direct,
review, test, and evaluate the work done by internal auditors to the
extent appropriate based on the auditor's evaluation of risk, materiality,
objectivity, and qualifications.

USING AGENCY SPECIALISTS .62 Many agencies have actuaries, security
specialists, statistical specialists, and other specialists whose work the
auditor would like to use. Unless these specialists are part of an
organization that is organizationally independent or under contract to
such an organization, the auditor should evaluate their work as the work
of any auditee employee. The auditor generally should use specialists in
the audit organization or contract for outside specialists to develop and

implement appropriate tests. MULTIPLE LEVELS OF OTHER AUDITORS .63
Sometimes there are several levels of other auditors. For example, the IG
might hire a CPA firm to do an audit. The IG may issue a report concurring
with the CPA's report or a letter transmitting the CPA's report; GAO may
then use the work of the IG.

.64 In these situations, each audit organization should follow the
guidance in section 650. The IG should evaluate the independence (see
paragraphs 650.11-. 24) and qualifications of the other auditors (see
paragraphs 650.25-. 35), should review the audit documentation (see
paragraph 650.42), and may need to have discussions with entity management
and/ or perform supplemental tests of key accounts (see paragraphs
650.43-. 47) (depending on the level of review deemed appropriate). GAO
should evaluate the qualifications of the IG organization (by reading the
peer review report, the letter of comments, and the audit organization's
response as described in paragraph 650.25) and the team doing the
monitoring, should review the IG's documentation, and may perform
supplemental tests. When GAO finds that the IG has done and documented

adequate work including discussions with management and/ or supplemental
tests, GAO's discussions and/ or supplemental tests would be quite
limited* perhaps a walk- through of work done in high- risk and material
areas. Often, GAO may attend fewer meetings than the IG staff attends and
would concentrate

Planning and General 650 - Using the Work of Others April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 650- 24 the review on the IG's
documentation. GAO may then issue a report on the

financial statements. .65 Because of the potential for inefficiency, there
should be close coordination

between the various auditors. The IG and GAO may perform the review
jointly. Sometimes, a memorandum of understanding might be useful in
documenting responsibilities. A chart that describes the review to be done
by each organization may be useful. The following is a useful format for
this chart (with more detail added as necessary under each phase):

Procedures Phase Other auditor IG review GAO review Planning Internal
control Testing Reporting REPORTS ON OTHER AUDITORS' WORK .66 The auditor
may be asked to issue a report evaluating work done by other

auditors in a situation where the auditor is not using the work of the
other auditors. For example, the auditor might be asked to evaluate an
audit done by a CPA firm. While AU 543, 322, and 336 are not directed
towards these situations, the guidance in FAM 650 is helpful in planning
and reporting on these assignments.

Planning and General 650 A - SUMMARY OF AUDIT PROCEDURES AND

DOCUMENTATION FOR REVIEW OF OTHER AUDITORS' WORK

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 650 A- 1 .01
The table in this section indicates the work that generally should be
performed for each level of review, as well as what generally should be
retained in the

documentation. The table does not include work on other auditor's
independence, objectivity, and qualifications. (See paragraphs 650.11-. 35
for a discussion of that work.) Where the other auditor uses equivalent
documents, review those documents.

.02 In the table, steps to be performed and documents to be retained at
the low level of review are indicated by regular font. The moderate level
of review includes the low level plus those in bold letters. The high
level of review includes the moderate level plus those in BOLD CAPITALS.

Planning and General 650 A - Summary of Audit Procedures and Documentation
for Review of

Other Auditors' Work April 2003 GAO/ PCIE Financial Audit Manual - Part II
Page 650 A- 2 AUDIT PROCEDURES At entity level For significant line items,
accounts, or applications - Communicate with the other auditors: - as to
the objectives of the work - discuss their procedures and

results - Attend key entrance and exit meetings - COORDINATE OR CONCUR IN
SIGNIFICANT PLANNING DECISIONS BEFORE MAJOR WORK IS STARTED - Review:

- general risk analysis - audit plan - scope of work - audit summary
memorandum - summary of unadjusted

misstatements - analytical procedures - completion checklist -
determination of planning and design materiality - information systems

background - general and application

controls documentation (done by information systems auditor)

- representation letters - key documentation - Read: - other auditor's
report - financial statements and notes - stewardship report and required

supplementary information - other accompanying information - management's
response

- Review: - audit program - conclusions about significant issues and their
resolution (often

in audit summary) - account risk analysis (ARA) - specific control
evaluations

(SCE) - cycle memo - flowcharts - determination of test materiality -
sampling plan - other auditors' key documentation - documentation for
high- risk accounts, estimates, and judgments - analytical procedures -
evaluation of sample results - summary of possible adjustments

- PARTICIPATE IN DISCUSSIONS WITH MANAGEMENT PERSONNEL AND/ OR PERFORM
SUPPLEMENTAL TESTS OF THE LINE ITEMS (ESPECIALLY KEY ITEMS, ESTIMATES AND
JUDGMENTS); COMPARE CONCLUSIONS

Planning and General 650 A - Summary of Audit Procedures and Documentation
for Review of

Other Auditors' Work April 2003 GAO/ PCIE Financial Audit Manual - Part II
Page 650 A- 3 DOCUMENTATION Retain Optional Auditor prepared: - audit plan
- audit program - memo documenting entrance and exit conference - MEMOS
DOCUMENTING KEY

MEETINGS ATTENDED AND DISCUSSIONS WITH AUDITEE MANAGEMENT - results of
review of

documentation - SUPPLEMENTAL TEST DOCUMENTATION - summary memo Other
auditor prepared:

At entity level: - other auditor's report - final financial statements and
notes - stewardship report - management letter - other auditor's
unadjusted

misstatements, estimate of the imprecision of audit procedures, and
comparison with materiality - audit completion checklist - other auditor's
audit summary memo At line item level:

- documentation that supports exceptions - other auditor's documentation

evidencing significant judgments and conclusions - entity profile

- general risk analysis - other auditor's audit plan - other auditor's
audit program - account risk analyses - specific control evaluations

- sampling plan - trial balance - lead schedules

- evaluation of sample results - management representation letter - legal
representation letter

[This page intentionally left blank.]

Planning and General 650 B - EXAMPLE AUDIT PROCEDURES FOR USING

THE WORK OF OTHERS April 2003 GAO/ PCIE Financial Audit Manual - Part II
Page 650 B- 1 This program is appropriate when using the work of other
auditors or the work of specialists to perform a full or partial audit of
financial statements. The steps should be tailored to the circumstances
and the planned level of review by deleting inapplicable steps, modifying
the steps, and adding additional steps. When the other auditors or
specialists have done only part of an audit, many of the steps below may
be deleted. Many of the steps also may be deleted for the low level of
review or when the auditor plans to issue a transmittal letter. The
program consists of three sections: evaluating independence, objectivity,
and qualifications for CPA firms and specialists; evaluating independence,
objectivity, and qualifications for government auditors; and monitoring
the work (for all types of other auditors and for specialists). The
auditor generally should use one of the first two sections and the third
section. A separate form generally should be used for each other auditor
or specialist.

Entity:________________________________________________________________
Job code:_____________________________________________________________
Period of audit:________________________________________________________

Step Done by/ date

W/ P ref

EVALUATING INDEPENDENCE, OBJECTIVITY, AND QUALIFICATIONS FOR CPA FIRMS AND
SPECIALISTS 1. Read the statement of work or request for proposal

to determine whether this contracting document provides sufficient
background on the auditee and indicates the objectives of the work, what
the contractor should include in its proposal, how proposals will be
evaluated, and how the report will be used.

Planning and General 650 B - Example Audit Procedures for Using the Work
of Others April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 650
B- 2 Step Done

by/ date W/ P

ref

Independence and objectivity: 2. Determine whether proposal of selected
firm includes a representation as to the firm's

independence and objectivity. 3. If proposal does not include a
representation as to independence and objectivity, obtain written
representation from firm. Qualifications: 4. Read proposal of selected
firm. In reviewing

proposal, evaluate the overall qualifications of the team performing the
work. Review resumes and consider for key team members their educational
level, professional certifications, and professional experience (including
whether key team members have current knowledge and experience in the type
of work done). 5. If the auditor does not know the qualifications of the
selected firm, review peer review report, letter

of comments, and response letter. 6. Communicate orally or in writing with
the other auditors to be satisfied that they understand the requirements,
the timetable, and the report or letter the auditor expects to issue.

Planning and General 650 B - Example Audit Procedures for Using the Work
of Others April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 650
B- 3 Step Done

by/ date W/ P

ref EVALUATING INDEPENDENCE, OBJECTIVITY, AND QUALIFICATIONS FOR
GOVERNMENT AUDITORS Independence and objectivity:

1. For all government audit organizations, obtain written representation
from the head of the audit organization that the audit organization and
the individual auditors are independent of the entity being audited. 2.
Determine whether the audit organization meets

ONE of the criteria in paragraph 650.15, or the head meets ONE of the
criteria in paragraph 650.16.

If the organization (or its head) meets one of these criteria, no further
work is needed unless the auditor finds contrary evidence as to
independence and objectivity in other parts of the audit. Indicate which
criterion is met; document the evaluation of any other evidence obtained.
(Go to step 6.) 3. If the audit organization (or its head) does not meet

any of the criteria in step 2, determine whether it meets ALL of the
criteria in paragraph 650.18. 4. Review the audit organization's
documentation of

how it meets the requirements of step 3. Discuss with head of audit
organization (consider discussing with external quality control reviewer,
legal counsel for audit organization, and auditor's legal counsel). (Go to
step 6.)

Planning and General 650 B - Example Audit Procedures for Using the Work
of Others April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 650
B- 4 Step Done

by/ date W/ P

ref

5. If the audit organization does not meet the criteria for organizational
independence to report externally, determine whether the organization is

an independent internal audit organization under GAGAS and IIA standards.
Determine whether the internal auditors are objective for the activities
they audit. Consider the organizational status of the head of the audit
organization, including whether the head

is accountable to the head or deputy head of the government entity,

is required to report the results of the audit organization's work to the
head or deputy head of the government entity, and

is located organizationally outside the staff or line management function
of the unit under audit. 6. For all government audit organizations, obtain
an

understanding of organization's policies to enhance the objectivity of
individual auditors, including

policies to prohibit auditors from auditing areas where relatives are
employed,

policies to prohibit auditors from auditing areas where they were recently
assigned or are scheduled to be assigned after they complete their tour of
duty in auditing, and

policies to require representations as to objectivity and lack of
conflicts of interest from each auditor. 7. Prepare memorandum documenting
work

performed and conclusions as to independence and objectivity.

Planning and General 650 B - Example Audit Procedures for Using the Work
of Others April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 650
B- 5 Step Done

by/ date W/ P

ref

Qualifications: 8. Read the latest peer review report, letter of

comments, and the audit organization's response. Note date of report and
whether it is unqualified. If report is recent (usually within the past
year) and

unqualified, go to step 12. 9. If the peer review is not recent, review
the latest inspection report, if any, and the organization's response.
Note date of report and whether it is unqualified. If the inspection is
recent (usually

within the past year) and unqualified, go to step 12. 10. If the
organization has not had a recent peer review or inspection, obtain an
overview of the important policies and procedures in the functional areas
(through interviews of management and staff and

through reading the summary quality control document, if any). Consult
with Reviewer before performing this step. 11. If the peer review or
inspection report was qualified

or adverse, determine whether the quality control system has since been
strengthened. Review the organization's action plan for strengthening its
quality control system. Consider the effect of remaining weaknesses in
determining the level of review.

Planning and General 650 B - Example Audit Procedures for Using the Work
of Others April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 650
B- 6 Step Done

by/ date W/ P

ref

12. Inquire how the audit organization determined the staffing for the
audit. Evaluate the overall qualifications of the team performing the
work. Review resumes and consider for key team members:

educational level, professional certifications, and professional
experience;

continuing professional education, especially whether key team members
have received training and have current knowledge in the type of work
done;

supervision and review of work;

whether the audit team has adequate sources for consultation and use of
specialists, especially for audit sampling, audit methodology, and review
of computer controls; and

quality of documentation, reports, and recommendations. 13. If the auditor
has significant concerns about the

audit organization's or team's objectivity or qualifications, the auditor,
in developing the audit plan, may either

ask the audit organization to substitute more objective or highly
qualified staff members;

do the work, treating any work done by the other auditors as prepared by
the auditee;

divide the work so that the other auditors test the areas where they are
qualified and the auditor does the rest of the audit; or

issue a disclaimer of opinion.

Planning and General 650 B - Example Audit Procedures for Using the Work
of Others April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 650
B- 7 Step Done

by/ date W/ P

ref MONITORING THE WORK (FOR ALL TYPES OF OTHER AUDITORS AND FOR
SPECIALISTS) 1. Develop a plan for reviewing the other auditors' or

specialists' work and, if necessary, performing supplemental tests of the
accounting records. Determine the level of review for each line item. 2.
Monitor the planning of the audit (FOR MODERATE

AND HIGH LEVEL OF REVIEW).

Attend entrance meeting and key planning meetings.

Review the entity profile.

Review the General Risk Analysis or equivalent document (and audit plan if
prepared as a separate document) (FOR ALL LEVELS OF REVIEW).

Review the determination of planning materiality and design materiality.

Have an information systems auditor review the information resource
management background information and the documentation for review of
general and application controls.

Document line items and applications to be reviewed.

For each such line item, review the Account Risk Analyses, the Specific
Control Analyses, the cycle flowcharts, the cycle memoranda, the
determination of test materiality, and the audit program or equivalent
documents.

Planning and General 650 B - Example Audit Procedures for Using the Work
of Others April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 650
B- 8 Step Done

by/ date W/ P

ref

3. Monitor the execution of the audit (for reports following example 2 of
section 650 C or section 595 A and/ or B WHERE LEVEL OF REVIEW IS HIGH).

Attend key meetings, especially those discussing high- risk areas,
significant estimates and judgments, and the other auditors' conclusions.

Discuss key items with auditee management, especially significant
estimates and judgments.

Perform supplemental tests of the accounting records.

 Generally do for high risk and material line items, especially in areas
involving estimates and judgments or ones that users rely on extensively.

 Generally do while the other auditors are at the auditee location and
have access to the records.

 Examine some of the same documents the other auditors examined or make
own selection or both.

 Compare results of other auditors' work to results of supplemental
tests.  Document scope of supplemental testing and conclusions reached.

Planning and General 650 B - Example Audit Procedures for Using the Work
of Others April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 650
B- 9 Step Done

by/ date W/ P

ref

4. Monitor the completion of the audit (items with * are usually not
necessary for LOW level of review)

Review the overall analytical procedures.

*Review the key documentation for the line item and for completing the
audit; consider evaluations of sample results. (For example, were
projections appropriate? Was appropriate action taken based on sample
results?) *Determine whether the subsequent events

review was updated to the date of the auditor's report. Review the audit
summary memorandum, conclusions about line items, and summary of possible
adjustments. Review the audit completion checklist (or equivalent
document).

Review the management representation letter and the legal representation
letter.

*Attend key exit conference( s).

Read the other auditors' report, the financial statements, the notes, the
other accompanying information, and management's response. 5. Prepare
summary memorandum. 6. Write the auditor's report or transmittal letter.

[This page intentionally left blank.]

Planning and General 650 C - EXAMPLE REPORTS WHEN USING THE

WORK OF OTHERS April 2003 GAO/ PCIE Financial Audit Manual - Part II Page
650 C- 1 EXAMPLE 1 * TRANSMITTAL LETTER We contracted with the independent
certified public accounting firm of [name of firm] to audit the financial
statements of [name of entity] as of [date] and for the year then ended.
The contract required that the audit be done in accordance with U. S.
generally accepted government auditing standards; OMB's bulletin, Audit
Requirements for Federal Financial Statements; and the GAO/ PCIE Financial

Audit Manual. In its audit of [name of entity], [name of CPA firm] found

the financial statements were fairly presented, in all material respects,
in conformity with U. S. generally accepted accounting principles,

[entity] had effective 1 internal control over financial reporting
(including safeguarding assets) and compliance with laws and regulations,

[entity's] financial management systems substantially complied 2 with the
requirements of the Federal Financial Management Improvement Act of 1996
(FFMIA), and no reportable noncompliance with laws and regulations it
tested.

[Name of CPA firm] also described the following significant matters:
[Discuss significant matters].

1 If the other auditors did not provide an opinion on internal control,
change this to "there were no material weaknesses in internal control"
(and include a definition of material weakness in a footnote). 2 If the
other auditors did not provide an opinion (i. e., did not give positive

assurance) on whether the entity's systems complied with FFMIA, change
this to "no instances in which entity's financial management systems did
not substantially comply" (i. e., negative assurance).

Planning and General 650 C - Example Reports When Using the Work of Others
April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 650 C- 2 [For
transmittal letters expressing no assurance, use the following paragraph:]

[Name of CPA firm] is responsible for the attached auditor's report dated
[date] and the conclusions expressed in the report. We do not express
opinions on [name of entity] 's financial statements or internal control
or on whether [entity] 's financial management systems substantially
complied with FFMIA; or conclusions on compliance with laws and
regulations.

[For transmittal letters expressing negative assurance, use the following
paragraph:] In connection with the contract, we reviewed [name of CPA
firm] 's report and

related documentation and inquired of its representatives. Our review, as
differentiated from an audit in accordance with U. S. generally accepted
government auditing standards, was not intended to enable us to express,
and we do not express, opinions on [name of entity] 's financial
statements or internal control 3 or on whether [entity] 's financial
management systems substantially complied with FFMIA; 4 or conclusions on
compliance with laws and regulations. [Name of CPA firm] is responsible
for the attached auditor's report dated [date] and the conclusions
expressed in the report. However, our review disclosed no

instances where [name of CPA firm] did not comply, in all material
respects, with U. S. generally accepted government auditing standards. 5 3
If the other auditors did not provide an opinion on internal control,
change this to read "conclusions about the effectiveness of internal
control." 4 If the other auditors did not provide an opinion on FFMIA,
change "opinion" to "conclusions." 5 If the auditor found that the other
auditors did not comply with GAGAS, or if the

auditor disagrees with the other auditors' conclusions, see paragraphs
650.54-. 56.

Planning and General 650 C - Example Reports When Using the Work of Others
April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 650 C- 3
EXAMPLE 2 * REPORT CONCURRING WITH OTHER AUDITORS'

OPINION (PRESENTING REPORT OF OTHER AUDITORS AFTER THE AUDITOR'S REPORT) 6
Under [citation of statute], we are responsible for auditing [name of
entity]. To

help fulfill these responsibilities, we contracted with [name of firm], an
independent certified public accounting firm. [Name of firm] 's report
dated [date] is attached.

We concur 7 with [name of firm] 's report that indicated:

the financial statements were fairly presented, in all material respects,
in conformity with U. S. generally accepted accounting principles,

[entity] had effective internal control over financial reporting
(including safeguarding assets) and compliance with laws and regulations,

[entity's] financial management systems substantially complied with the
requirements of the Federal Financial Management Improvement Act of 1996
(FFMIA), and no reportable noncompliance with laws and regulations it
tested.

Details of their conclusions are in their report. OBJECTIVES, SCOPE, AND
METHODOLOGY Management is responsible for (1) preparing the financial
statements in

conformity with U. S. generally accepted accounting principles, (2)
establishing, maintaining, and assessing internal control to provide
reasonable assurance that the broad control objectives of 31 U. S. C. 3512
(c), (d) (Federal Managers' Financial Integrity Act) are met, (3) ensuring
that [entity] 's financial management systems substantially comply with
FFMIA requirements, and (4) complying with applicable laws and
regulations.

6 This example assumes the other auditors opined on internal control and
on whether the financial management systems substantially complied with
FFMIA. If the other auditors provided negative assurance, appropriate
changes should be made.

7 If the auditor does not concur with the other auditors' report, see
paragraphs 650.54-. 56.

Planning and General 650 C - Example Reports When Using the Work of Others
April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 650 C- 4 We are
responsible for obtaining reasonable assurance about whether (1) the

financial statements are presented fairly, in all material respects, in
conformity with U. S. generally accepted accounting principles, and (2)
management maintained effective internal control, the objectives of which
are the following:

Financial reporting: Transactions are properly recorded, processed, and
summarized to permit the preparation of financial statements and
stewardship information in conformity with U. S. generally accepted
accounting principles, and assets are safeguarded against loss from
unauthorized acquisition, use, or disposition.

Compliance with laws and regulations: Transactions are executed in
accordance with laws governing the use of budget authority and with other
laws and regulations that could have a direct and material effect on the
financial statements and any other laws, regulations, and governmentwide
policies identified by OMB audit guidance.

We are also responsible for (1) testing whether [entity's] financial
management systems substantially comply with the three FFMIA requirements,
(2) testing compliance with selected provisions of laws and regulations
that have a direct and material effect on the financial statements and
laws for which OMB audit guidance requires testing, and (3) performing
limited procedures with respect to certain other information appearing in
the Accountability Report. To help fulfill these responsibilities, we
contracted with the independent certified

public accounting (CPA) firm of [name of firm] to perform a financial
statement audit in accordance with U. S. generally accepted government
auditing standards; OMB's bulletin, Audit Requirements for Federal
Financial Statements; and the GAO/ PCIE Financial Audit Manual. We
evaluated the nature, timing, and extent of the work, monitored progress
throughout the audit, reviewed the documentation of the CPA firm, met with
partners and staff members, evaluated the key judgments, met with
officials of [entity being audited], performed independent tests of the
accounting records, and performed other procedures we deemed appropriate
in the circumstances. We conducted our work in accordance with U. S.
generally accepted government auditing standards.

Planning and General 660 * AGREED- UPON PROCEDURES

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 660- 1 .01 In
an engagement to apply agreed- upon procedures, a client engages an
auditor to perform specific procedures on subject matter and report on the
results to assist users in evaluating subject matter or an assertion.
Agreed- upon procedures should be performed in accordance with the
Statements on Standards for

Attestation Engagements (SSAE). The auditor should read appropriate
sections (e. g., AT 101, Attest Engagements, and AT 201, Agreed- Upon
Procedures Engagements) and thoroughly understand them before performing
agreed- upon procedures. .02 An agreed- upon procedures engagement may be
applied to a variety of subject

matter. The engagement will vary depending on the needs of the user. The
engagement may assist entity management by providing information for
making decisions and give report users information on important areas.
Examples of agreed- upon procedures are:

compare payroll information reported to the Office of Personnel Management
with the entity's payroll records and general ledger;

compare entity reconciliations of intragovernmental activity and balances
with supporting documentation and compare amounts with the financial
statements and with reports to the Department of the Treasury (Treasury);

trace tax collections from the master file to deposit confirmations,
determine whether they were recorded in the appropriate period and in the
correct tax class;

trace amounts on the entity's financial statements to an "account grouping
worksheet," foot the worksheet, read the CFO's explanation for any
differences, and compare the explanation with supporting documentation;
and

examine official receipt documents to determine whether they were included
in the weekly deposit; compare deposit amounts to amounts reported on the
statement of funding.

.03 In agreed- upon procedures engagements, all parties involved, which
include the report users, the entity responsible for the subject matter
(which may or may not be the same as the user), and the auditor, should
clearly understand the

procedures to be applied. Since users may have different needs, the
nature, timing, and extent of the agreed- upon procedures also may differ.
Therefore, the users, and not the auditor, assume the responsibility for
the sufficiency of the

Planning and General 660 * Agreed- Upon Procedures April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 660- 2 design and extent of the
procedures since they best understand their own needs, although the
auditor may assist the user in designing the procedures.

.04 The auditor should establish and document an understanding with the
users regarding the nature, timing, and extent of the agreed- upon
procedures to be performed. The auditor may document this understanding
using an engagement letter to the users. (See example in section 660 A.)

.05 The subject matter should be capable of evaluation against criteria
that are suitable and available to users. Suitable criteria should have
objectivity, measurability, completeness, and relevance. The procedures
should be subject to reasonably consistent measurement and the criteria
should be agreed upon. The auditor should not perform overly subjective
procedures or use terms with uncertain meaning unless they are defined
within the agreed- upon procedures.

.06 The auditor need not perform additional procedures beyond the agreed-
upon procedures. If matters come to the auditor's attention by other means
that significantly contradict the subject matter (or assertion), the
auditor should include these matters in the report. For example, if during
the course of applying agreed- upon procedures regarding an entity's
operation, the auditor becomes aware of a material weakness related to the
assertion by means other than the

agreed- upon procedures, the auditor should include this matter in the
report. This may be done by mentioning the material weakness with a
footnote reference to another report where it is described in detail. .07
Where circumstances impose restrictions on the performance of the agreed-
upon

procedures, the auditor should attempt to obtain agreement from the users
of the report to modify the agreed- upon procedures. When agreement cannot
be obtained (for example, when the agreed- upon procedures are published
by a regulatory agency that will not modify the procedures), the auditor
should describe restrictions in the report or withdraw from the
engagement.

WRITTEN REPRESENTATIONS .08 The auditor should determine if a
representation letter is necessary. The auditor may determine that a
representation letter is necessary, for example, if (1) the responsible
entity is so large there is a risk as to whether one person knows whether
pertinent information has been made available to the auditor, (2) the

subject matter depends on estimates, judgments, or future events (i. e.,
whether the subject matter is less objective and fact- based and more
subjective), or (3) the user of the report believes written
representations should be obtained. Although generally not required
(unless specifically required by another attestation standard, such as in
a compliance engagement) a representation letter

Planning and General 660 * Agreed- Upon Procedures April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 660- 3 may nonetheless be a useful
means of documenting the responsible entity's representations. (See FAM
section 660 B for an example representation letter for

an agreed- upon procedures engagement.) .09 The responsible entity's
refusal to furnish written representations determined by

the auditor to be necessary constitutes a scope limitation. In such
circumstances, the auditor should do one of the following:

disclose in the report the inability to obtain representations from the
responsible entity,

withdraw from the engagement, or

change the engagement to another form of engagement (e. g., a performance
audit).

DOCUMENTATION

.10 In accordance with GAGAS, the auditor should prepare and maintain
documentation in connection with an agreed- upon procedures engagement
that is appropriate for the engagement. They should contain sufficient
information to enable an experienced auditor having no previous connection
with the engagement to ascertain from them the evidence that supports the
auditors' agreed- upon procedures report. .11 Although the quantity, type,
and content of documentation varies with the

circumstances, ordinarily it should be sufficient to demonstrate that the
work was adequately planned and supervised and sufficient evidential
matter was obtained to provide a reasonable basis for the report. .12 The
auditor generally should prepare a summary memorandum that recaps the

work performed and refers to the detailed documentation. This memorandum
generally should include the auditor's conclusion on whether the work was
performed in accordance with GAGAS, including the attestation standards,
and the GAO/ PCIE FAM and whether the report is appropriate. (See FAM
section 660 C for an agreed- upon procedures completion checklist.)

REPORTING

.13 An auditor should report on the agreed- upon procedures in the form of
results. The auditor should not provide any opinion or negative assurance
about whether the subject matter or the assertion is fairly stated based
on the criteria. The report should include information such as the
identification of the entities that

Planning and General 660 * Agreed- Upon Procedures April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 660- 4 agreed to the procedures and
took responsibility for the sufficiency of the design

and extent of the procedures for their purposes, as shown in the example
report in FAM section 660 D.

.14 The auditor should report all results arising from application of the
agreed- upon procedures. The concept of materiality does not apply to
results to be reported in an agreed- upon procedures engagement unless the
users of the report agree to the definition of materiality. This could be
included in the engagement letter. Any agreed- upon materiality limits
should be described in the report. .15 The auditor should include a
statement indicating that the report is intended for

the specified users who have agreed upon the procedures performed and
taken responsibility for the sufficiency of the design and extent of the
procedures for their needs. However, since governmental reports are
generally a matter of public record, the distribution of the report is not
limited.

.16 The auditor may have performed agreed- upon procedures on an element,
account, or item of financial statements and also audited the same
financial statements. If the audit report on the financial statements
includes a departure from a standard report, the auditor generally should
include a reference to the audit report and the departure from the
standard report in the agreed- upon procedures report. .17 The auditor
also may include explanatory language about such matters as the

following:

stipulated facts, assumptions, or interpretations (including the source);

description of the condition of records, controls, or data to which the
procedures were applied;

explanation that the auditor has no responsibility to update the report;
or

explanation of sampling risk. .18 The auditor should state the results in
definitive, rather than qualified, language and avoid vague or ambiguous
language. The following table provides examples of appropriate and
inappropriate descriptions of findings.

Planning and General 660 * Agreed- Upon Procedures April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 660- 5 Examples of appropriate/
inappropriate description of findings

Description of findings Procedures agreed- upon Appropriate Inappropriate

Based on the total tax liability, select and recompute the 50 largest
excise tax returns from the quarter ended September 30 and compare these
amounts with the certified audit file.

Recomputed amounts for the selected excise tax returns agreed with the
amounts in the certified audit file.

Nothing came to our attention as a result of applying this procedure.

Select a random sample of 45 Treasury SF- 224 reconciliations; determine
if XYZ reported revenue receipts were properly classified and reconciled
to Treasury FMS records.

Revenue receipts selected randomly from the monthly Treasury SF- 224
reconciliation process were properly classified

and agreed with Treasury FMS records.

The revenue receipts approximated the amount shown in the Treasury FMS
records.

Examine personnel files of 40 individuals randomly selected from the
timekeeping records for the year; determine if all the selected files
contain a current and approved Notification of Personnel Action.

Thirty of the selected files contained a current and approved Notification
of Personnel Action. Ten

files did not contain a current and approved Notification of Personnel
Action (list and identify exceptions).

Some of the personnel files did not contain a current and approved
Notification of Personnel Action.

Other Report Issues

.19 The report should be addressed to the users who have agreed upon the
procedures to be performed (see paragraph 660.03). The date of completion
of the agreed- upon procedures should be used as the date of the agreed-
upon procedures report. If the audit organization's procedure is to date
reports with the issue date, the date of completion of fieldwork may be
stated in the report (e. g., "We completed the agreed- upon procedures on
[date].").

.20 Agency comments should be obtained from the entity responsible for the
subject matter. If time constraints present problems, oral comments may be
obtained.

[This page intentionally left blank.]

Planning and General 660 A - EXAMPLE AGREED- UPON PROCEDURES

ENGAGEMENT LETTER April 2003 GAO/ PCIE Financial Audit Manual - Part II
Page 660 A- 1 [Date] Management of ABC Agency Subject: Fiscal Year 20X1
Agreed- Upon Procedures for the Tax Trust Fund Dear Management Official:
Based on our discussions, we agree to perform agreed- upon procedures to
assist ABC Agency in determining the completeness and accuracy of receipts
transferred to the tax trust fund. XYZ Agency is responsible for the
information

to which these procedures will be applied. This letter documents our
agreement to perform these agreed- upon procedures related to fiscal year
20X1. We will perform these procedures in accordance with U. S. generally
accepted government auditing standards, which incorporate the financial
audit and attestation standards established by the American Institute of
Certified Public Accountants (AICPA). The procedures are included in the

enclosure to this letter. We will meet with you as needed to discuss the
agreedupon procedures, results, and other issues that may arise.

We are not engaged to perform, and will not perform, an examination, the
objective of which would be to express an opinion on the amount of
receipts transferred to the tax trust fund. Accordingly, we will not
express such an

opinion. Were we to perform additional procedures, other matters might
come to our attention that we would report to you. Our report will be
intended solely for your information and use and should not be used by
those who have not agreed to the procedures or taken responsibility for
the sufficiency of the procedures for their purposes. However, the report
will be a matter of public record and its distribution will not be
limited.

Planning and General 660 A - Example Agreed- Upon Procedures Engagement
Letter April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 660 A- 2
Unless we hear from you, we will assume your concurrence with these

procedures and their sufficiency for your purposes. 1 Please contact me at
[telephone number] if you or your staff have any questions.

Sincerely yours, [Name of Director] Director

Enclosure cc: XYZ Agency

1 The auditor may request the users to document their agreement with the
procedures and their sufficiency for their purposes by signing the
engagement letter and returning it to the auditor.

Planning and General 660 A - Example Agreed- Upon Procedures Engagement
Letter April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 660 A- 3
Agreed- Upon Procedures for Tax Receipts and Refunds

General

Compare fiscal year 20X1 tax collections for the ABC tax trust fund per
XYZ's Statement of Custodial Activity with * the trust fund's accounting
records and  ABC's consolidated financial statements.

Obtain explanations and examine supporting documentation for differences.

Sampling A. Use dollar unit sampling (DUS) and an 80- percent confidence
level to select a sample of ABC tax trust fund tax revenue receipts and
refunds for fiscal year 20X1. Use $300 million as the test materiality,
which is 1 percent of the total revenue collected. Use an expected
aggregate misstatement of $100 million, or one- third of test materiality.
The projected sample size for this population is expected to be 40
transactions.

For the sample items selected:

Receipts testing * Compare tax receipts transactions (for example cash
receipts, federal tax deposit (FTD) receipts, reversals, and adjustments)
with source documents to determine whether the amounts agree, the
transactions are recorded in the appropriate period based on the
transaction date, and they

are properly categorized as ABC tax trust fund receipts. Refunds testing *
Compare refund transactions with the source documents (for example,
payment vouchers, FTD coupons, tax returns) to determine whether the
amounts agree, the transactions are recorded in the appropriate period
based on the transaction date, and they are properly categorized as ABC
tax trust fund refunds.

B. Use DUS and the same sampling parameters as above to extract
statistical samples of total XYZ revenue receipts and refunds for fiscal
year 20X1.

For the sample items selected:

Test whether the tax receipt or refund amounts and tax category from
source documentation agrees with amounts recorded for each of the revenue
receipts or refunds sample items.

[This page intentionally left blank.]

Planning and General 660 B - EXAMPLE REPRESENTATION LETTER FROM
RESPONSIBLE ENTITY ON AGREED- UPON

PROCEDURES ENGAGEMENT

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 660 B- 1 [XYZ
Agency letterhead] [Date]

Dear Auditor: In connection with the agreed- upon procedures engagement
for XYZ's budget execution process for the period from October 1, 20X0
through September 30, 20X1, we confirm to the best of our knowledge and
belief, the following representations made to you in performing these
agreed- upon procedures.

We acknowledge responsibility for XYZ's budget execution process. We
acknowledge responsibility for selecting the criteria [state criteria] and
for determining the appropriateness of the criteria for our purposes.

Our budget execution process is [state assertion about budget execution
process based on the criteria selected].

We know of no matters that would contradict our assertion about our budget
execution process.

There have been no communications from regulatory or oversight agencies
concerning our budget execution process or noncompliance with budgetary
laws or the Antideficiency Act.

We have made available to you all records and related data pertaining to
our budget execution process during the period from October 1, 20X0
through September 30, 20X1.

XYZ's budget execution process is designed to meet the requirements of the
Antideficiency Act.

The accounting records and fund status reports are checked quarterly to
determine whether all source documents that affect the appropriation and
fund balance have been recorded properly, accurately, and on a timely
basis.

Planning and General 660 B * Example Representation Letter from
Responsible Entity on

Agreed- Upon Procedures Engagement April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 660 B- 2 The agency's accounting system provides
timely disclosure of total valid obligations incurred to date and total
budgetary resources available for obligations within each apportionment.

The system also provides timely disclosure of the authorization or
creation of commitments, obligations, or expenditures that exceed
apportionments and allotments. We are not aware of instances of
noncompliance with the above- stated

procedures.

There has been no fraud involving management, employees, or contractor
staff who have significant roles in the operation of our budget execution
process. We have no plans or intentions that would materially affect our
budgetary

process or operations. Sincerely yours,

Management, XYZ Agency

Planning and General 660 C - AGREED- UPON PROCEDURES COMPLETION

CHECKLIST

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 660 C- 1
Entity:_________________________________________________________________
Job code:______________________________________________________________

Principal report:________________________________________________________
.01 This checklist is a tool to help auditors comply with the requirements
for agreedupon procedures engagements. No specific signatures are required
on the

checklist in the planning phase. .02 Several of the last questions include
steps in GAO's quality control process,

including the GAO workpaper set, second partner review, and review by the
Technical Accounting and Auditing Expert (Chief Accountant at GAO) when
that person is not the second partner. GAO auditors should complete these
questions and forms. IG auditors and other auditors may use these
questions and forms or

may substitute questions and forms that consider their reporting style and
quality control.

Step N/ A Yes No W/ P ref

1. Has the audit team documented an understanding with the users? 2. Does
the documentation cover the following?

The nature of the engagement.

Identification of the subject matter, the responsible entity, and the
criteria.

Identification of the users of the report.

Auditor's responsibilities. Reference to GAGAS and the attestation
standards.

Agreement on procedures.

Disclaimers expected.

Any involvement of a specialist. Materiality limits.

Planning and General 660 C * Agreed- Upon Procedures Completion Checklist
April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 660 C- 2 Step
N/ A Yes No W/ P ref

3. Was an entrance conference held with the responsible entity? 4. Has the
auditor determined whether a letter of

representation from the responsible entity is necessary? (Note: This is
not a requirement.) 5. Were applicable laws and regulations

documented if part of the procedures? 6. Were review responsibilities
communicated to individuals on the assignment? 7. Does the documentation
contain the following? a. The scope and methodology, including any

sampling criteria used. b. Documentation of the work performed to support
reported results. c. Descriptions of transactions and records

examined. d. Evidence of supervisory review.

8. Does the documentation record that the applicable standards were
followed (AT 201 and AT 101)?

9. Does the documentation record a reasonable basis for the results of the
agreed- upon procedures? 10. Does the summary memorandum summarize the
results of the procedures and refer to the documentation?

Planning and General 660 C * Agreed- Upon Procedures Completion Checklist
April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 660 C- 3 Step
N/ A Yes No W/ P ref

11. Were any deviations from the standard reporting elements documented
and the basis approved by the assistant director with copies

of the documentation sent to the audit director and Reviewer (AT 201.31)?

12. Was the report referenced? 13. Did the assistant director review the
following? a. Understanding with the client. b. Memorandum of entrance
conference with

the responsible entity. c. Completed work programs. d. Memorandums on key
engagement issues. e. Summary of the results of the procedures. f.
Memorandum of exit conference with the

responsible entity. g. Deviations from standard reporting

language. h. Financial schedules/ statements. i. Agreed- upon procedures
report. j. GAO workpaper set (or equivalent).

14. Did the audit director review the following? a. Understanding with the
client. b. Summary of results of the procedures. c. Memorandum of exit
conference with

responsible entity. d. Deviations from standard reporting

language. e. Agreed- upon procedures report. f. GAO workpaper set (or
equivalent).

15. Did the assistant director or the auditor in charge determine that all
significant review notes were resolved appropriately?

Planning and General 660 C * Agreed- Upon Procedures Completion Checklist
April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 660 C- 4 Step
N/ A Yes No W/ P ref

16. Did the assistant director initial all documentation bundle covers to
indicate that all documentation was sufficiently reviewed?

17. Is the report appropriate as to the following? a. Wording. b. Scope of
work. c. GAGAS. d. Explanatory paragraphs.

18. Was the report reviewed by the following? a. Office of the General
Counsel. b. Technical Accounting and Auditing Expert. c. Second partner
(or equivalent), if not Technical Accounting and Auditing Expert.

19. Is the agreed- upon procedures report dated appropriately or does the
report indicate when the auditor completed fieldwork? (AT 201)

Planning and General 660 C * Agreed- Upon Procedures Completion Checklist
April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 660 C- 5 SECOND
PARTNER'S (OR EQUIVALENT) CONCURRENCE ON

AGREED- UPON PROCEDURES WORK Objective of second partner (or equivalent)
review: To objectively review significant engagement matters to conclude,
based on all facts the second partner (or equivalent) has knowledge of,
that no matters were found that caused the second partner (or equivalent)
to believe that (1) the procedures were not performed in accordance with
GAGAS, which incorporate financial audit and attestation standards
established by the American Institute of Certified Public Accountants and
(2) the report does not meet professional standards and audit organization
policies. Procedures: Before the report was issued, I performed the
following

procedures:

as necessary, discussed significant engagement issues with the audit
director;

read documentation of key decisions and consultations;

read the agreed- upon procedures report; and

confirmed with the audit director that there are no unresolved issues.

Conclusions: Based on all the relevant facts of which I have knowledge, I
found no matters that caused me to believe that (1) the agreed- upon
procedures were not performed in accordance with GAGAS and the AICPA's
attestation standards related to agreed- upon procedures engagements and
(2) the report is not in accordance with professional standards and audit
organization policies.
____________________________________________________________________ Title
Signature Date

Planning and General 660 C * Agreed- Upon Procedures Completion Checklist
April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 660 C- 6
TECHNICAL ACCOUNTING AND AUDITING EXPERT'S

CONCURRENCE ON AGREED- UPON PROCEDURES WORK Objective of review: When the
Technical Accounting and Auditing Expert is not the second partner (or
equivalent), the Technical Accounting and Auditing Expert should read the
report. The Technical Accounting and Auditing Expert should then sign the
conclusions below.

Conclusions: Based on my reading of the report, I found no matters that
caused me to believe that (1) the agreed- upon procedures were not
performed in accordance with GAGAS and the AICPA's attestation standards
related to agreed- upon procedures engagements and (2) the report is not
in accordance with professional standards and audit organization policies.
____________________________________________________________________

Title Signature Date

Planning and General 660 D - EXAMPLE AGREED- UPON PROCEDURES

REPORT

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 660 D- 1 [Date]
Management of ABC Agency

Subject: Applying Agreed- Upon Procedures: Count of Cash and Related Items
Dear Management Official: We have performed the procedures contained in
the enclosure to this letter, which we agreed to perform and with which
you concurred, solely to meet your needs for an independent count of cash
and cash- related items as of September 30, 20X1.

We conducted our work in accordance with U. S generally accepted
government auditing standards, which incorporate financial audit and
attestation standards established by the American Institute of Certified
Public Accountants. These

standards also provide guidance when performing and reporting the results
of agreed- upon procedures.

You are responsible for the adequacy of the procedures to meet your
objectives and we make no representation in that respect. The procedures
we agreed to perform consist of counting amounts for cash and related
receipts and comparing combined totals to the authorized amounts. The
enclosure contains the agreedupon procedures and our results. We were not
engaged to perform, and did not perform, an examination, the

objective of which would have been to express an opinion on the amount of
cash on hand. Accordingly, we do not express such an opinion. Had we
performed additional procedures, other matters might have come to our
attention that we would have reported to you. We completed our agreed-
upon procedures on [date of completion].

We provided a draft of this letter, along with the enclosure, to your
representatives for review and comment. They agreed with the results
presented in this letter and its enclosure.

Planning and General 660 D - Example Agreed- Upon Procedures Report April
2003 GAO/ PCIE Financial Audit Manual - Part II Page 660 D- 2 This letter
is intended solely for the use of the management of ABC Agency and

should not be used by those who have not agreed to the procedures or have
not taken responsibility for the sufficiency of the procedures for their
purposes. However, the report is a matter of public record and its
distribution is not limited.

If you have any questions, please call [name, title, and telephone
number]. Sincerely yours,

[Name of Director] Director

Enclosure

Planning and General 660 D * Example Agreed- Upon Procedures Report April
2003 GAO/ PCIE Financial Audit Manual - Part II Page 660 D- 3 RESULTS OF
CASH COUNTS

Procedures We counted and totaled cash on hand for the petty cash fund as
of [date]. We also listed and totaled the receipts on hand evidencing
disbursements from the fund. Finally, we compared the combined total of
cash and receipts available to the amount authorized for the fund ($ 500).

Results We counted cash totaling $258.96 and scheduled 14 receipts
totaling $174.85. The combined total of cash and receipts on hand
accounted for $433.81 of the $500 in authorized petty cash funds. In
addition, the custodian provided us two separate Expense Summary Report
and Petty Cash Itemization Sheets and related receipts for an additional
$65.09, which had been submitted for reimbursement to the fund. Thus, the
unexplained difference between the authorized amount and the total cash
and receipts evidencing petty cash fund disbursements was $1.10.

[This page intentionally left blank.]

[This page intentionally left blank.]

Internal Control 701 * ASSESSING COMPLIANCE OF AGENCY SYSTEMS WITH THE
FEDERAL FINANCIAL MANAGEMENT IMPROVEMENT ACT (FFMIA) April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 701- 1 .01 FFMIA emphasizes the need
for agencies to have systems that can generate

timely, reliable, and useful information with which to make informed
decisions and to ensure ongoing accountability. FFMIA requires the 24 CFO
Act departments and agencies 1 to implement and maintain financial
management systems that comply substantially with (1) federal financial
management systems requirements, (2) applicable federal accounting
standards, and (3) the U. S. Government Standard General Ledger (SGL) at
the transaction level. The law also requires auditors to report whether
agency financial management systems comply with the FFMIA requirements.
OMB has provided FFMIA implementation guidance to help agencies and their
auditors determine compliance. This section

also provides guidance for assessing agency systems' compliance with
FFMIA. It explains FFMIA's requirements and discusses audit issues related
to testing for compliance with the act. An example audit program is
included as section 701 A.

FFMIA REQUIREMENTS

.02 OMB Circular A- 127, Federal Financial Systems, 2 also addresses the
three FFMIA requirements. OMB Circular A- 127 prescribes policies and
standards for executive branch departments and agencies to follow in
developing, operating, evaluating, and reporting on financial management
systems (see www. whitehouse. gov/ omb/ financial). In its FFMIA
implementation guidance, OMB identifies the applicable requirements from
Circular A- 127 that should be assessed when making an FFMIA compliance
determination. 3 OMB, in Circular A- 127, refers to the federal financial
management systems requirements, a series of publications issued by the
Joint Financial Management Improvement Program (JFMIP), as the source of
governmentwide requirements for financial management systems software
functionality. JFMIP has developed a framework to describe the basic
elements of an integrated financial management system,

1 OMB also requires certain designated entities to determine FFMIA
compliance. 2 OMB is considering revising this guidance. 3 OMB did not
include certain elements of Circular A- 127, section 7, in its FFMIA

implementation guidance because some of the elements are not essential to
satisfying the requirements of FFMIA and to the ability of an agency's
systems to provide reliable, timely, and useful information necessary for
federal managers' responsibilities. Accordingly, those elements are not
included in this section.

Internal Control 701 * Assessing Compliance of Agency Systems with the
Federal Financial

Management Improvement Act (FFMIA) April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 701- 2 including the core financial system. Agency
financial management systems fall into four categories: core financial
systems, other financial and mixed systems 4 (such as procurement,
property, budget, payroll, and travel systems), shared

systems, 5 and departmental executive information systems (systems to
provide information to all levels of management.)

.03 JFMIP has developed publications of systems requirements for the core
financial system and for some of the mixed or feeder systems (see www.
jfmip. gov). The systems requirements in the publications are stated as
either mandatory (required) or value- added (optional). Agencies should
use the mandatory functional and technical requirements in planning system
improvement projects, whereas value- added requirements should be used as
needed. The core financial management system affects all financial event
transaction processing because it maintains reference tables used for
editing and classifying data, controls transactions, and maintains
security. The core financial management system consists of six functional
areas: general ledger management, funds management,

payment management, receivable management, cost management, and reporting.
OMB Circular A- 127 requires agencies to use for agency core financial
management systems commercial- off- the- shelf (COTS) software that has
been tested and certified through the JFMIP software certification
process. According to JFMIP, core financial management system
certification does not mean that agencies that install qualified software
packages will have financial systems that are in compliance with FFMIA.
Many other factors can affect the capability of the systems to comply with
FFMIA, including modifications made to the JFMIPcertified core financial
management system software, and the validity and completeness of data from
feeder systems. JFMIP's certification process does not eliminate or
significantly reduce the need for agencies to develop and conduct a
comprehensive testing effort to ensure that the software product meets
their requirements

.04 The federal accounting standards, the second requirement of FFMIA, are
promulgated by the Federal Accounting Standards Advisory Board (FASAB).
FASAB develops accounting standards after considering the financial and
budgetary information needs of Congress, executive agencies, and other
users of federal financial information as well as comments from the public
(see www. fasab. gov). FAM section 560 describes the relationship of the
FASAB standards to the hierarchy of accounting principles.

4 Mixed systems are any information systems that support both financial
and nonfinancial functions of the federal government. Mixed systems can
also be feeder systems.

5 Shared systems are governmentwide systems used by agencies with
information and data definitions common to all users.

Internal Control 701 * Assessing Compliance of Agency Systems with the
Federal Financial

Management Improvement Act (FFMIA) April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 701- 3 .05 Implementing the SGL at the transaction
level is also a requirement of FFMIA.

The SGL provides a uniform chart of accounts and guidance for use in
standardizing federal agency accounting and supports the preparation of
standard external reports required by OMB and Treasury (see www. fms.
treas. gov/ ussgl). The SGL is defined in the latest supplement, which is
released annually, to the Department of the Treasury's Treasury Financial
Manual (TFM). The supplement is composed of five major sections (1) chart
of accounts, (2) account descriptions, (3) accounting transactions, (4)
SGL attributes, and (5)

report crosswalks. Each agency should implement a chart of accounts that
is consistent with the SGL and meets the agency's information needs. OMB
Circular A- 127 states that application of the SGL at the transaction
level means that financial management systems will process transactions
following the definitions and defined uses of the general ledger accounts
as described in the SGL. Transaction detail supporting SGL accounts are
required to be available in the financial management systems and directly
traceable to specific SGL account

codes. In addition, the criteria for recording financial events in all
financial management systems should be consistent with accounting
transaction definitions and processing rules defined in the SGL.

.06 OMB's FFMIA implementation guidance requires the CFO act agency
auditors to perform tests of the compliance of the entity's systems with
FFMIA. Auditors who are reporting that agency financial management systems
do not substantially comply with FFMIA requirements are to include in
their reports (1) the entity or organization responsible for the financial
management systems that have been found not to be substantially compliant
and all pertinent facts relating to the noncompliance, (2) the nature and
extent of the noncompliance including areas in which there is substantial
but not full compliance, (3) the primary reason or

cause of the noncompliance, (4) the entity or organization responsible for
the noncompliance, (5) any relevant comments from any responsible officer
or employee, and (6) a statement with respect to the recommended remedial
actions for each instance of noncompliance and the time frames for
implementing these actions. FFMIA as well as OMB's FFMIA implementation
guidance require agencies to report whether the agencies' financial
management systems comply with FFMIA's requirements and prepare
remediation plans that include resources, remedies, and intermediate
target dates necessary to bring the agency's financial management systems
into substantial compliance. .07 According to OMB's FFMIA implementation
guidance, auditors are to plan and

perform their audit work in sufficient detail to enable them to determine
the degree of compliance and report on instances of noncompliance for all
of the applicable FFMIA requirements. The guidance describes specific
minimum requirements from Circular A- 127 that agency systems should meet
to achieve compliance and provides indicators of compliance. The
indicators included in

Internal Control 701 * Assessing Compliance of Agency Systems with the
Federal Financial

Management Improvement Act (FFMIA) April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 701- 4 OMB's implementation guidance are
characterized as examples and are not allinclusive. The four primary
factors OMB identifies as critical to assessing compliance with FFMIA are
determining whether agencies can: 6 Prepare financial statements and other
required financial and budget reports

using information generated by the financial management system( s);
Provide reliable and timely financial information for managing current
operations; Account for their assets reliably, so that they can be
properly protected from loss, misappropriation, or destruction; and,

Do all of the above in a way that is consistent with federal accounting
standards and the Standard General Ledger.

AUDIT ISSUES

.08 While financial statement audits will offer some assurances regarding
FFMIA compliance, auditors should design and implement additional testing
to satisfy the criteria in FFMIA. For example, in performing financial
statement audits, auditors generally focus on the capability of the
financial management systems to process and summarize financial
information that flows into agency financial statements. In contrast,
FFMIA requires auditors to assess whether an agency's financial management
systems comply with systems requirements. To do this, auditors need to
consider whether agency systems provide complete, accurate, and timely
information for managing day- to- day operations. This is based on
Congress' expectation, in enacting FFMIA, that agency managers would have
any necessary information to measure performance on an ongoing basis
rather than just at year- end. Financial statement auditors generally
review performance measure information for consistency with the financial
statements, but do not assess whether managers have the performance-
related information to manage

during the fiscal year. .09 As a result of the overlapping scope and
nature of FFMIA assessments and

financial statements audits, the auditor should use, where appropriate,
the audit work performed as part of the financial statement audit. In the
example audit program (FAM 701 A) for testing compliance with FFMIA,
several procedures indicate that the auditor may have performed the
procedure as part of the financial statement audit; whereas, other
procedures needed to assess FFMIA compliance require additional work not
normally contemplated by financial statement auditors. The determination
of FFMIA compliance need not be performed simultaneously with the
financial statement audit. The determination of FFMIA compliance may be
performed by different staff or staggered

6 OMB is considering revising this guidance.

Internal Control 701 * Assessing Compliance of Agency Systems with the
Federal Financial

Management Improvement Act (FFMIA) April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 701- 5 throughout the assessment time frame. While
the example audit program provides steps the auditor should perform, the
auditor may tailor the steps to satisfy the objectives or intent of the
step if the step cannot be completed as described. Because of the broad
scope of federal operations and the many

variations that can and do flow from such a broad scope, the degree of
specificity in the example audit program varies. For example, each agency
will likely need and use a variety of internal reports for managing
current operations. These

reports may be on line or in hard copy. Auditors will need to use their
skills and professional judgment to assess the adequacy of these reports
that are essential to having FFMIA compliance. Auditors may also rely on
other work products that address the objectives of the example audit
procedures.

.10 As discussed in FAM section 350, the auditor need not perform specific
tests of the systems compliance with FFMIA requirements for agencies with
longstanding, well- documented financial management systems weaknesses
that severely affect the systems' ability to comply with FFMIA
requirements. The auditor should understand management's process for
determining whether its systems comply with FFMIA requirements and report
any deficiencies in management's process along with previously identified
problems.

.11 FAM paragraphs 580.62 through .66 and FAM section 595 A provide FFMIA
reporting guidance. When reporting a lack of substantial compliance, the
auditor should refer to FAM 595 B for suggested modifications to the
report. FAM Part III, section 1603, provides guidance that GAO will use to
provide an affirmative statement when reporting on compliance with FFMIA.

[This page intentionally left blank.]

Internal Control 701 A * EXAMPLE AUDIT PROCEDURES FOR TESTING

COMPLIANCE WITH FFMIA

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 701 A- 1 Entity
__________________________________________________________________

Date of review __________________________________________________________
Job code _______________________________________________________________
Objective: FFMIA requires the 24 major departments and agencies covered by
the CFO Act to implement and maintain financial management systems that
comply substantially with (1) federal financial management systems
requirements, (2) applicable federal accounting standards, and (3) the U.
S. Government Standard General Ledger (SGL) at the transaction level. OMB
also requires

certain designated entities to determine FFMIA compliance. The objective
of this audit program is to assess whether agencies' systems' comply with
FFMIA.

FFMIA example audit procedures: Description of Procedure

Done by/ date

W/ P ref.

I. Planning (May be combined with the work to plan the financial statement
audit)

A. To understand the FFMIA requirements, read:

Federal Financial Management Improvement Act, P. L. 104- 208.

Audit Requirements for Federal Financial Statements (OMB Bulletin). OMB
Memorandum, January 4, 2001, Revised Implementation Guidance for the
Federal Financial

Management Improvement Act. JFMIP Publications of Federal Financial
Management System Requirements including the Framework and Core Financial
System Requirements.

Form and Content of Agency Financial Statements (OMB Bulletin) FASAB
Standards. Treasury Financial Manual (TFM) sections related to the SGL
(see transmittal letter S2- 01- 02 and TFM Part 2, Chapter 4000).

Internal Control 701 A * Example Audit Procedures for Testing Compliance
with FFMIA

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 701 A- 2 FFMIA
example audit procedures:

Description of Procedure Done

by/ date W/ P

ref.

OMB Circular No. A- 123, Management Accountability and Control.

OMB Circular No. A- 127, Financial Management Systems.

OMB Circular No. A- 130, Management of Federal Information Resources.

Government Information Security Reform (GISR) legislation, Floyd D. Spence
National Defense Authorization Act for Fiscal Year 2001, Pub. L. 106- 398.
B. Read the prior year's workpapers and audit report to

identify (1) the auditors' FFMIA determinations, (2) reported instances of
noncompliance with FFMIA, and (3) material weaknesses and reportable
conditions related to the agency's financial management systems.

Prepare a schedule of the previously identified problems to follow up on
the status of these specific problems. See section 701 B for an example of
the schedule.

C. Read the most recent FMFIA report, IG reports, GAO reports, internal
control workpapers from the financial statement audit or other reports
related to financial systems and consider the impact of any reported
weaknesses on the FFMIA assessment.

Obtain an update on the status of the issues and document problems
identified in the schedule in section 701 B.

D. Read the cycle memoranda for each of the audit cycles completed for the
current year audit. Document issues related to FFMIA compliance in the
schedule in section 701 B.

Internal Control 701 A * Example Audit Procedures for Testing Compliance
with FFMIA

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 701 A- 3 FFMIA
example audit procedures:

Description of Procedure Done

by/ date W/ P

ref. E. From the work performed in part I (planning), decide

whether it is necessary to perform the remaining test steps. If the
information gathered indicates "longstanding, well- documented financial
management systems weaknesses" that preclude compliance with FFMIA
requirements, then:

1. Document recognition of longstanding, welldocumented financial
management systems weaknesses and identify the source for this conclusion.
2. Obtain and document an understanding of management's process for
determining whether its

systems comply with FFMIA requirements. Report any deficiencies identified
in management's process. 3. Complete step V (summary), except for
completion

of the schedule in FAM section 701 B.

II. Testing for Compliance with Federal Financial Management Systems
Requirements

A. Ask whether the agency has an agencywide inventory of its systems. If
so, obtain the inventory and any supporting documentation.

B. From the agency's inventory of systems, identify the core financial
management systems and the feeder systems.

1. Document the key internal controls and the information flows between
the core financial systems and the feeder systems in a flowchart or
narrative. (This step may be performed as part of the internal control
phase). a. Determine whether the feeder systems are

integrated or interfaced with the core financial system. Note: Feeder
systems that are integrated with the core financial system share data
tables. Therefore, reconciliations should not be necessary.

Internal Control 701 A * Example Audit Procedures for Testing Compliance
with FFMIA

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 701 A- 4 FFMIA
example audit procedures:

Description of Procedure Done

by/ date W/ P

ref. b. If the feeder systems interface with the core

systems, determine whether reconciliations are performed between the
systems. If reconciliations are performed, determine how

often and by whom; assess the adequacy of the reconciliation, including
follow- up activities and supervisory review. c. Through interviews with
agency management

and reading of systems documentation, determine if the agency's systems
have detective controls (i. e., batch control or hash totals or
supervisory reviews) and preventive controls (i. e. segregated duties,
appropriate authorizations, or access controls) to process transactions
properly and timely. (May be performed as part of the internal control
phase). 2. Using the documentation prepared in step II. B. 1

above, identify those JFMIP financial management systems requirements that
are applicable to the agency's operations. For example, for those agencies
that do not have grant or loan programs, the auditor would not need to
assess whether JFMIP requirements related to grants or loans are
applicable. Document the results.

C. Determine whether the agency's core financial management system and the
financial portions of its applicable feeder systems, as identified in step
II. B. 2 above, conform to JFMIP's federal financial management systems
requirements.

Ask whether the agency's core financial management system is a JFMIP-
certified COTS system. If so, ask which version of the software is

being used and obtain the agency's JFMIP certification for that software
version. [Agencies replacing software to meet core financial system
requirements must use JFMIP- certified core financial management systems
as required by OMB Circular A- 127, but it is not a noncompliance issue
for FFMIA purposes.]

Internal Control 701 A * Example Audit Procedures for Testing Compliance
with FFMIA

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 701 A- 5 FFMIA
example audit procedures:

Description of Procedure Done

by/ date W/ P

ref. 1. Ask whether there have been significant changes in

the agency's automated business processes since compliance testing with
JFMIP requirements was last performed. If so, ask whether the agency has
performed an assessment of any new functionality using the JFMIP system
requirements documents, GAO checklists, or similar tools. Document the
results. 2. For those agencies with a core financial

management system that is not a JFMIP- certified COTS and for any feeder
systems, obtain any analyses performed by agency management to support its
FFMIA and FMFIA assessments that document how the agency's systems conform
to the

applicable JFMIP systems requirements. If management has not performed an
analysis of systems functionality, go to step C. 5.

3. Select several important functions that management has reported as
complying with the systems requirements and determine if management's
assessment can be relied upon. 4. If management's results cannot be relied
upon for

each system, perform an assessment of the functionality of the applicable
systems using JFMIP system requirement documents, GAO checklists or other
similar tools. 5. Document in section 701 B, the instances and related
impact in which the agency's systems did

not comply with JFMIP requirements.

Internal Control 701 A * Example Audit Procedures for Testing Compliance
with FFMIA

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 701 A- 6 FFMIA
example audit procedures:

Description of Procedure Done

by/ date W/ P

ref. D. Ask if management receives appropriate reports that

are significant to performing day- to- day management operations. 1.
Determine the adequacy of reports used to manage

day- to- day operations. a. For reports that are produced by the agency's
financial management systems, ask

knowledgeable users, read the agency's financial management systems
documentation, and from other audit work, use professional judgment to
determine if the reports produced by the systems are timely, useful,
reliable,

complete, and appropriately summarized for the management level receiving
the report. Use professional judgment, agency policy, and/ or criteria
evident from each report to determine its timeliness and accuracy; i. e.,
if a report is due by the 10 th of each month, verify it was provided by
the 10 th of each month. If only online access is provided for important
internal reports, through observation, documentation, and inquiry* such as
obtaining systems logs and

asking key managers about their work habits* assess whether the reports
were available and accessed. Through inquiry and observation,

assess if management uses the reports to manage operations. Ask management
what improvements are needed in the current reporting methods. Document
the results. b. If the reports were not produced by the agency's

financial management systems, ask how the reports were prepared and
perform a similar assessment as described in step D. 1. a.

Internal Control 701 A * Example Audit Procedures for Testing Compliance
with FFMIA

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 701 A- 7 FFMIA
example audit procedures:

Description of Procedure Done

by/ date W/ P

ref. 2. Determine whether appropriate levels of

management are receiving adequate and timely management information. See
FAM paragraph 903.12 for questions related to determining FFMIA compliance
with SFFAS No. 4. a. Using professional judgment and industry best
practices, identify internal management

performance- related information that should be available for managing
day- to- day operations. b. Determine whether appropriate levels of

management are receiving the information identified in step D. 2. a. c. If
full costing is not used in these management reports, assess whether the
lack of full cost

information affects the usefulness of the information. Review management's
justification that full costing would not be beneficial for the internal
reports. This may need to be assessed on a case- by- case basis. 3.
Include any deficiencies identified and related impact in the schedule
shown in section 701 B. E. Identify the agency's external reports that are
related

to financial management such as those used for budget formulation and
execution, fiscal management of agency programs, funds management,
payments and receipts management, and to support the legal, regulatory,
and other special requirements of the agency.

1. Through interviews with knowledgeable users and reading of the agency's
financial management system documentation, determine if the reports are
produced by the systems. a. For external reports that are tested as part
of

the financial statement audit, include any deficiencies identified and the
related impact in section 701 B. b. For external reports that are not
tested as part

of the financial statement audit, using professional judgment select
several reports and assess whether the reports are reliable, timely,

Internal Control 701 A * Example Audit Procedures for Testing Compliance
with FFMIA

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 701 A- 8 FFMIA
example audit procedures:

Description of Procedure Done

by/ date W/ P

ref. and complete. Include any deficiencies identified and the related
impact in section 701 B. 2. As an indicator of systems deficiencies,
determine

the magnitude and type of adjustments made by both management and the
auditors to derive financial statements after the end of the accounting
period.

F. Determine if the agency's financial management systems track financial
events and summarize information to facilitate the preparation of
auditable financial statements. This determination can result from work
performed as part of the financial statement audit. Document the
deficiencies and the related

impact in the schedule shown in section 701 B. G. Determine if the
financial management systems enable the agency to prepare, execute, and
report on the agency's budget in accordance with the requirements of OMB
Circular No. A- 11. This determination can

result from work performed as part of the financial statement audit.
Document the deficiencies and the related impact in the schedule shown in
section 701 B.

H. Determine if the agency's financial management systems capture and
produce the financial information required to measure program performance.

1. Identify the agency's performance measures from its most recent
accountability report that include data from the agency's financial
management systems. 2. Ask agency management whether an assessment

was performed of the validity of the financial data used to derive the
performance measures. If so, obtain and review the assessment and any
supporting documentation. 3. If agency management has not assessed the
validity

of the financial data used to derive the agency's performance measures,
include this deficiency in section 701 B.

Internal Control 701 A * Example Audit Procedures for Testing Compliance
with FFMIA

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 701 A- 9 FFMIA
example audit procedures:

Description of Procedure Done

by/ date W/ P

ref. 4. Determine if recent GAO or IG reports have

addressed the validity of financial data used to derive performance
measures. 5. If any deficiencies were identified, include them

along with the related impact in the schedule shown in FAM section 701 B.

I. Coordinate with the Information Security (IS) auditors to determine if
the agency has implemented and maintains a program to provide adequate
security for all agency information that is collected, processed,
transmitted, stored, or disseminated in financial management systems. 1.
Have the IS auditors review the annual

management evaluation and the annual independent evaluation conducted in
accordance with the Government Information Security Reform (GISR)
legislation. 2. Document the deficiencies and related impact identified by
the IS auditors in the schedule shown

in section 701 B. J. Determine if the financial management systems include
internal control to safeguard resources against waste,

loss, and misuse, and whether reliable data are obtained, maintained, and
disclosed in system generated reports. Some of the information needed to

make this determination may be obtained from the work performed in the
internal control phase of the financial statement audit, and other systems
internal control weaknesses may be identified from other audit reports
reviewed and steps performed in this program. Document the results in
section 701 B.

Internal Control 701 A * Example Audit Procedures for Testing Compliance
with FFMIA

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 701 A- 10 FFMIA
example audit procedures:

Description of Procedure Done

by/ date W/ P

ref.

III. Testing for Compliance with the Federal Accounting Standards

A. Determine if the agency's financial statements are compiled in
accordance with applicable accounting standards.

1. Ask agency management and review financial statement audit results to
determine whether any FASAB standards are not applicable. Document the
results. Analyze the resultant list of applicable/ inapplicable FASAB
standards for reasonableness and use the list as a reference in performing
these steps. 2. Determine if any issues reported as part of the financial
statement audit were related to the lack

of the agency's implementation of the accounting standards in their
systems or the standards were not properly applied because of inadequate
or improperly implemented manual procedures. Document the results in the
schedule shown in section 701 B.

B. Perform tests to determine if the agency's cost accounting systems use
the agency's accounting classification elements

to identify and establish unique cost objects to capture, accumulate, and
report costs and revenues;

allocate and distribute the full cost and revenue of cost objects as
defined by OMB including services provided by one federal entity to
another for external reporting; and transfer cost data directly to and
from other cost

systems/ applications that produce or allocate cost information. Also, see
step II. D. 2 of this audit program.

Internal Control 701 A * Example Audit Procedures for Testing Compliance
with FFMIA

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 701 A- 11 FFMIA
example audit procedures:

Description of Procedure Done

by/ date W/ P

ref. C. From the deficiencies identified in performing steps in

part II (testing for compliance with federal financial management systems
requirements) and from tests conducted as part of the financial statement
audit, determine if the financial systems record and

summarize transactions in accordance with applicable accounting standards.
Note that the systems functionality assessments performed in step II. B.

should have determined any compliance issues related to accounting
standards since the accounting standards are used as a source for systems
functionality requirements. Document the results and the related impact in
the schedule shown in section 701 B.

IV. Testing for Compliance with the SGL

A. Determine whether the agency financial management systems use financial
data that can be traced directly to SGL accounts to produce reports
providing financial information for both internal and external reporting.

1. Ask agency management and from the documentation prepared in step II.
B. 1 above, determine how financial transaction data are summarized from
the financial systems to the core financial system. 2. Compare the
agency's chart of accounts to the SGL

accounts and identify any deviations. 3. Review all of the standard
entries allowed by the

core financial system to determine if these entries conform to the SGL
posting rules. 4. Document any deficiencies and the related impact

in the schedule shown in section 701 B. B. Ask whether the agency uses a
crosswalk from its

chart of accounts for its core financial management system to the SGL. If
so, perform tests to determine the accuracy of the crosswalk. 1. Trace all
SGL accounts to the crosswalk.

Internal Control 701 A * Example Audit Procedures for Testing Compliance
with FFMIA

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 701 A- 12 FFMIA
example audit procedures:

Description of Procedure Done

by/ date W/ P

ref. 2. Identify any SGL accounts that are not included in

the crosswalk. Identify any agency accounts not associated with an SGL
account in the crosswalk. 3. Compare the posting rules used by the system
to

those included in the SGL to determine whether the posting rules used by
the system conform to the SGL. 4. Document deficiencies and the related
impact in

the schedule shown in section 701 B. V. Summary

A. Summarize the results of the work performed above and assess the
agency's compliance with the federal financial management systems
requirement of FFMIA.

1. Finalize the schedule of the FFMIA noncompliances identified in the
schedule prepared in FAM section 701 B. 2. Read the agency's management
representation

letter covering the fiscal year under audit to obtain the agency
management's FFMIA determination. a. Document the entity or organization
responsible

for the financial management systems that have been found not to comply.
b. Document all facts pertaining to the:

i. nature and extent of the noncompliance and areas where there is
substantial but not full compliance;

ii. primary reason or cause of the noncompliance; iii. impact of the
noncompliance; iv. entity or organization responsible for the

noncompliance; and v. relevant comments from any responsible

officer or employee. c. Assess the recommended remedial actions for

each instance of noncompliance and the time frames for implementing these
actions. Include this assessment in the schedule in section 701 B.

Internal Control 701 A * Example Audit Procedures for Testing Compliance
with FFMIA

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 701 A- 13 FFMIA
example audit procedures:

Description of Procedure Done

by/ date W/ P

ref. 3. After reviewing the nature and extent of

deficiencies identified, conclude whether the systems deficiencies
identified constitute lack of substantial compliance with FFMIA. Consider
the four factors in paragraph 701.07 from OMB's FFMIA implementation
guidance when drawing this conclusion. 4. Prepare the FFMIA section of the
report. See FAM

paragraphs 580.62 through .66 and sections 595 A, 595 B, and 1603, as
appropriate.

[This page intentionally left blank.]

Internal Control 701 B * SUMMARY SCHEDULE OF INSTANCES OF NONCOMPLIANCE
WITH FFMIA

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 701 B- 1

Source of information used in identifying

deficiencies in agency systems Nature and

extent of noncom pliance

Substan tial but not

full com pliance? (Y or N)

Applicable criteria (JFMIP,

FASAB citation)

Respon sible

entity Primary reason or cause of noncom pliance

Impact of noncom

pliance Agency comments

on noncom

pliance Corrective action in remediation plan?

(Y or N) Assessment of corrective

actions and time frames W/ P refer

ence Com ments Prior year's reported instances of noncompliance

(Step I. B.) Prior year's material weak

nesses and reportable

conditions that affect FFMIA determination (Step I. B.)

Internal Control 701 B * Summary Schedule of Instances of Noncompliance
with FFMIA April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 701
B- 2

Source of information used in identifying

deficiencies in agency systems Nature and

extent of noncom pliance

Substan tial but not

full com pliance? (Y or N)

Applicable criteria (JFMIP,

FASAB citation)

Respon sible

entity Primary reason or cause of noncom pliance

Impact of noncom

pliance Agency comments

on noncom

pliance Corrective action in remediation plan?

(Y or N) Assessment of corrective

actions and time frames W/ P refer

ence Com ments Weaknesses in the agency's most recent FMFIA report that

affect FFMIA determination (Step I. C.)

Weaknesses in Recent IG and GAO reports that affect FFMIA determination

(Step I. C.) Cycle memo

randa for the current year's audit (Step I. D.)

Internal Control 701 B * Summary Schedule of Instances of Noncompliance
with FFMIA April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 701
B- 3

Source of information used in identifying

deficiencies in agency systems Nature and

extent of noncom pliance

Substan tial but not

full com pliance? (Y or N)

Applicable criteria (JFMIP,

FASAB citation)

Respon sible

entity Primary reason or cause of noncom pliance

Impact of noncom

pliance Agency comments

on noncom

pliance Corrective action in remediation plan?

(Y or N) Assessment of corrective

actions and time frames W/ P refer

ence Com ments Instances in which the agen cy's systems did

not comply with JFMIP's

functional requirements (Step II. C.)

Preparation of internal manage ment reports (Step II. D.)

Preparation of external agency reports (Step II. E.)

Internal Control 701 B * Summary Schedule of Instances of Noncompliance
with FFMIA April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 701
B- 4

Source of information used in identifying

deficiencies in agency systems Nature and

extent of noncom pliance

Substan tial but not

full com pliance? (Y or N)

Applicable criteria (JFMIP,

FASAB citation)

Respon sible

entity Primary reason or cause of noncom pliance

Impact of noncom

pliance Agency comments

on noncom

pliance Corrective action in remediation plan?

(Y or N) Assessment of corrective

actions and time frames W/ P refer

ence Com ments Preparation of auditable

financial statements (Step II. F.)

Preparation, execution, and

reporting on agency budget in accordance with OMB require

ments (Step II. G.) Management's assessment of the validity of information
used

to derive perfor mance measures (Step II. H.)

Internal Control 701 B * Summary Schedule of Instances of Noncompliance
with FFMIA April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 701
B- 5

Source of information used in identifying

deficiencies in agency systems Nature and

extent of noncom pliance

Substan tial but not

full com pliance? (Y or N)

Applicable criteria (JFMIP,

FASAB citation)

Respon sible

entity Primary reason or cause of noncom pliance

Impact of noncom

pliance Agency comments

on noncom

pliance Corrective action in remediation plan?

(Y or N) Assessment of corrective

actions and time frames W/ P refer

ence Com ments Implementation

and maintenance of an information security program (Step II. I.) Internal
controls as part of finan cial management

(Step II. J.) Preparation of agency financial statements in

accordance with applicable ac

counting stan dards (Step III. A.)

Internal Control 701 B * Summary Schedule of Instances of Noncompliance
with FFMIA April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 701
B- 6

Source of information used in identifying

deficiencies in agency systems Nature and

extent of noncom pliance

Substan tial but not

full com pliance? (Y or N)

Applicable criteria (JFMIP,

FASAB citation)

Respon sible

entity Primary reason or cause of noncom pliance

Impact of noncom

pliance Agency comments

on noncom

pliance Corrective action in remediation plan?

(Y or N) Assessment of corrective

actions and time frames W/ P refer

ence Com ments Compliance

issues related to the implemen

tation of applic able accounting standards (Step III. C.)

Agency financial systems' imple

mentation of the SGL accounts (Step IV. A.)

Agency use of a crosswalk from its core financial

management system to the SGL (Step IV. B.)

[This page intentionally left blank.]

Compliance 802 - General Compliance Checklist April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 802- 1 .01 The compliance testing
section consists of a General Compliance Checklist

(questionnaire) for identifying laws and regulations for compliance
testing and supplements for the laws OMB requires auditors of CFO Act
agencies to test for (see section 295 H) and other laws of general
applicability auditors may consider during federal financial audits. The
compliance supplements provide detailed guidance for assessing the
effectiveness of compliance controls and testing compliance with the
significant provisions of each law.

.02 The General Compliance Checklist (Form 802), or equivalent, generally
should be completed for federal financial audits. If an individual law is
considered to be significant for purposes of compliance testing, the
related supplement should be completed. Supplements should be completed
only for laws required to be tested for CFO Act agencies and for other
laws identified for compliance testing on the General Compliance
Checklist. Use of these documents is described below.

.03 To understand and evaluate compliance controls, the auditor also
should follow the guidance in FAM 260 on identifying risk factors and in
FAM 320 on understanding information systems. The FAM also provides
additional guidance on compliance considerations for all audit phases.
INSTRUCTIONS FOR GENERAL COMPLIANCE CHECKLIST .04 The checklist contains a
summary of each law. The auditor generally should use

this checklist or equivalent to determine which of these laws are
considered to be significant for purposes of testing compliance, as
discussed in FAM 245. The auditor should indicate whether each law meets
the criteria for significance by placing a check mark in the appropriate
column (yes or no). OMB audit guidance requires auditors of CFO Act
agencies to test for five of the laws, as noted in section 295 H. Auditors
also may test for the other four laws if they have determined they are
material to the financial statements being audited.

.05 The auditor may need to use estimates or interim information in the
preliminary column. The final amounts (based on the audited amounts or the
final amounts of available budget authority) are used to determine whether
all laws that would

be significant in quantitative terms have been identified for control and
compliance testing. The sources of all amounts included in this checklist
should be documented. If the law is considered to be significant from a
qualitative standpoint, the reasons for this conclusion should be
documented.

Compliance 802 - General Compliance Checklist April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 802- 2 .06 Supplements to the
General Compliance Checklist (Form 802)

Law _ Supplement number Antideficiency Act (required for CFO Act agencies)
803 Federal Credit Reform Act of 1990 (required for CFO

Act agencies) 808

Provisions Governing Claims of the U. S. Government as provided primarily
in 31 U. S. C. 3711- 3720E (Including the Debt Collection Improvement Act
of 1996 (DCIA)) (required for CFO Act agencies)

809 Prompt Payment Act (required for CFO Act agencies) 810 Pay and
Allowance System for Civilian Employees as

Provided Primarily in Chapters 51- 59 of Title 5, U. S. Code (required for
CFO Act agencies)

812 Civil Service Retirement Act 813 Federal Employees Health Benefits Act
814 Federal Employees' Compensation Act 816 Federal Employees' Retirement
System Act of 1986 817

Compliance 802 - General Compliance Checklist April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 802- 3 Entity
_________________________________________________________________ Period
of financial statements ____________________________________________ Job
code _______________________________________________________________
Description of Law Yes No Antideficiency Act - 31 U. S. C. 1341, 1342,
1514, 1517

This law imposes restrictions on the amounts of budgetary authority that
may be obligated or expended. As discussed in FAM 250, the auditor should
obtain information on the entity's budget authority, from sources such as
appropriation

legislation, and identify all legally binding restrictions on budget
execution.

Do the amounts of any legally binding budget execution restrictions on
budget authority in effect during the audit period exceed planning
materiality or are provisions of the Antideficiency Act otherwise
considered to be significant?

(OMB audit guidance requires auditors of CFO Act agencies to test for
compliance with this law.)

Preliminary Final Individual appropriations budget authority Planning
materiality If yes, complete compliance supplement 803. ____ ____

Compliance 802 - General Compliance Checklist April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 802- 4 Description of Law Yes No
Federal Credit Reform Act of 1990 (FCRA), 2 U. S. C. 661- 661f This law
contains numerous provisions relating to the recording

of activity related to direct loans, loan guarantees, and related
modifications for budget accounting purposes. The law provides that after
October 1, 1991, an agency may incur new direct loan obligations or make
new loan guarantee commitments only to the extent that Congress has
provided budget authority to cover the costs of the loan or loan
guarantee.

Does the entity's budget authority available during the audit period for
direct loan obligations, loan guarantee commitments, or any related
modifications exceed planning materiality or are provisions of the FCRA of
1990 otherwise considered to be significant?

(OMB audit guidance requires auditors of CFO Act agencies to test for
compliance with this law.)

Preliminary Final Total appropriations or other budget authority available
during the fiscal year for costs of FCRA activities (direct loans, loan
guarantees, and related modifications) Planning materiality If yes,
complete compliance supplement 808.

____ ____

Compliance 802 - General Compliance Checklist April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 802- 5 Description of Law Yes No
Provisions Governing Claims of the U. S. Government, Including the Debt
Collection Improvement Act of 1996 (DCIA) These provisions address the
collection of amounts owed to the federal government. Interest generally
accrues from the date that a notice stating the amount due and the
interest policies is first mailed to the debtor. Interest generally
accrues at a rate

established by the Secretary of the Treasury. Administrative costs and
penalties shall also be charged.

The provisions also require the entity to take all appropriate steps to
collect the debt before discharging it and to notify Treasury about
delinquent debt for administrative offset, collection by a debt collection
center, or tax refund offset. Entities shall also participate in a
computer match of delinquent debt with federal employees, and when
collection actions are terminated, the entity holding delinquent debt
shall sell it. Provisions also require the entity (or entities making
loans the government guarantees) to notify credit- reporting agencies
about delinquent debt and not make or guarantee loans to persons who owe
delinquent debt.

Does the cumulative amount of receivables created during the audit period
that are subject to provisions governing claims of the U. S. government,
including DCIA, exceed planning materiality; does the amount of
receivables at the end of the audit period that are subject to provisions
governing claims of the U. S. government, including DCIA, exceed planning
materiality; or are provisions governing claims of the U. S. government,
including the DCIA, otherwise considered to be significant?

(OMB audit guidance requires auditors of CFO Act agencies to test for
compliance with this law.)

(continued on next page) ____ ____

Compliance 802 - General Compliance Checklist April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 802- 6 Description of Law Yes No
Provisions Governing Claims of the U. S. Government, Including the Debt
Collection Improvement Act of 1996 (DCIA) (continued)

Preliminary Final Cumulative amount of receivables created during the
audit period that are subject to provisions governing claims of the U. S.
government, including

DCIA or: Amount of receivables at the end of the audit period that are
subject to provisions governing claims of the U. S. government, including
DCIA Planning materiality If yes, complete compliance supplement 809.

Note: These provisions of the law generally do not apply to amounts
payable to the entity under the Internal Revenue Code, the Social Security
Act, or tariff laws. Those laws contain specific provisions for these
amounts.

Compliance 802 - General Compliance Checklist April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 802- 7 Description of Law Yes No
Prompt Payment Act, 31 U. S. C. 3901 et seq. The Prompt Payment Act
requires federal entities to make payments for property or services by the
due date specified in the related contract or, if a payment date is not
specified in the contract, generally 30 days after the invoice for the
amount due is received. If payments are not made within the appropriate
period, the entity shall pay an interest penalty. Also, discounts offered
by vendors may be taken only during the specified

period. If they are taken after the time period has expired, an interest
penalty shall be paid.

Do the entity's payments for property or services subject to the Prompt
Payment Act for the audit period exceed planning materiality or are
provisions of the Prompt Payment Act otherwise considered to be
significant?

(OMB audit guidance requires auditors of CFO Act agencies to test for
compliance with this law.)

Preliminary Final Amount of payments made for property and services
subject to the Prompt Payment Act Planning materiality If yes, complete
compliance supplement 810.

____ ____

Compliance 802 - General Compliance Checklist April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 802- 8 Description of Law Yes No Pay
and Allowance System for Civilian Employees as Provided Primarily in
Chapters 51- 59 of Title 5, U. S. Code These laws require that employees
be paid at the appropriate

rates established by law, including general pay increases, and that
employees be paid at least minimum wage.

Does the entity's payroll expense for the audit period exceed planning
materiality or are related provisions of the Pay and Allowance System for
Civilian Employees (as provided primarily in Chapters 51- 59 of Title 5,
U. S. Code) otherwise considered to be significant?

(OMB audit guidance requires auditors of CFO Act agencies to test for
compliance with this law.)

Preliminary Final Payroll expense Planning materiality If yes, complete
compliance supplement 812. It is not expected that the entity's expense
for performance awards, cash awards, overtime, travel, transportation,
subsistence, or allowances for the audit period would exceed planning
materiality. However, if these items or related provisions of the Pay and
Allowance System for Civilian Employees are otherwise considered to be
significant, the auditor should consult with the Office of General Counsel
(OGC) for specific provisions to be considered for compliance testing.

____ ____

Compliance 802 - General Compliance Checklist April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 802- 9 Description of Law Yes No
Civil Service Retirement Act, 5 U. S. C. 8331 et seq. This law provides
retirement benefits to employees who were hired prior to January 1, 1984.
For each employee, the entity withholds a percentage of basic pay from the
employee's compensation and contributes an equal amount for retirement.

The employee and entity amounts are remitted to Treasury. Does the
entity's expense for retirement costs under the Civil Service Retirement
Act for the audit period exceed planning materiality or are provisions of
the Civil Service Retirement Act otherwise considered to be significant?

Preliminary Final Expense for retirement contributions Planning
materiality If yes, complete compliance supplement 813. ____ ____

Compliance 802 - General Compliance Checklist April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 802- 10 Description of Law Yes No
Federal Employees Health Benefits Act, 5 U. S. C. 8901 et seq. This law
provides health insurance coverage to employees who

elect health insurance benefits. For each employee who elects coverage,
the entity pays an amount set by OPM for insurance costs. The entity
portion cannot exceed 75 percent of the insurance cost. The employee pays
the remainder of the total cost. Information on the employee and entity
cost of the insurance is published by OPM. The entity withholds the amount
of the employee's portion of the cost from the employee's pay and remits
this amount, along with its own contribution, to Treasury.

Does the entity's expense for health insurance costs for the audit period
exceed planning materiality or are provisions of the Federal Employees
Health Benefits Act otherwise considered to be significant?

Preliminary Final Expense for health insurance Planning materiality If
yes, complete compliance supplement 814. ____ ____

Compliance 802 - General Compliance Checklist April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 802- 11 Description of Law Yes No
Federal Employees' Compensation Act, 5 U. S. C. 8101 et seq. This law
provides for the compensation of employees injured or

disabled while performing their duties. Claims are paid out of the Federal
Employees' Compensation Fund. Federal entities are billed annually by the
fund for claims paid on their behalf. Does the entity's expense for the
audit period for benefits paid by the Federal Employees' Compensation Fund
on the entity's behalf exceed planning materiality or are provisions of
the

Federal Employees' Compensation Act otherwise considered to be
significant?

Preliminary Final Expense for Compensation Fund claims Planning
materiality If yes, complete compliance supplement 816.

____ ____

Compliance 802 - General Compliance Checklist April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 802- 12 Description of Law Yes No
Federal Employees' Retirement System Act of 1986, 5 U. S. C. 8401 et seq.
This law provides retirement benefits for employees who were

hired after December 31, 1983. For each employee, the entity withholds a
percentage of basic pay from the employee's compensation and contributes
an amount equal to the

employing agency's applicable normal cost percentage less the employee
deduction rate for retirement. The employee and entity amounts are
remitted to Treasury.

Does the entity's expense for retirement costs under the Federal
Employees' Retirement System Act for the audit period exceed planning
materiality or are provisions of the Federal Employees' Retirement System
Act of 1986 otherwise considered to be significant?

Preliminary Final Expense for retirement contributions Planning
materiality If yes, complete compliance supplement 817. ____ ____

Compliance 802 - General Compliance Checklist April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 802- 13 Description of Law Yes No
Other laws

Perform the following procedures and include references to supporting
documentation:

1. As described in FAM 245.02, read the list of laws and regulations
identified by the entity as significant to others. (See .)

2. With OGC assistance, identify any other laws or regulations that have a
direct effect on determining financial statement amounts. Determine
whether any such laws or regulations are material to the financial
statements. (See .)

3. Consider whether to test compliance with any indirect laws or
regulations and make inquiries of management as discussed in FAM 245.04-.
06. (See .)

4. For all laws or regulations identified for testing above, identify
significant provisions using the criteria in FAM 245.02. Test compliance
controls and compliance as described in FAM 300 and 460.

Are any other laws or regulations identified for compliance testing?

If yes, attach a list of the laws or regulations identified to this form
and reference it to control and compliance work performed.

____ ____

Compliance 802 - General Compliance Checklist April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 802- 14

INSTRUCTIONS FOR COMPLIANCE SUPPLEMENTS .07 Each compliance supplement
consists of (1) a compliance summary, (2) a compliance audit program, and
(3) notes.

Compliance Summary .08 For each law identified for compliance testing on
the General Compliance Checklist, the auditor generally should complete
the related compliance summary or equivalent. The compliance summary is
designed to assist the auditor in planning compliance control tests and
summarizing the results of compliance control tests and compliance tests
for reporting the results of the

work performed. .09 The first column contains a description of the
specific provisions of the law that

have been identified for compliance testing, the type of provision, and
the reference to the law.

.10 The second column contains the objective related to the specific
provision to be used for both compliance control and compliance testing.

.11 The auditor should identify the control activities that the entity has
in place to achieve each objective and document the control activity in
the third column. If the entity does not have a control activity that
achieves the objective, the auditor should document this condition in the
third column.

.12 The fourth column is used to indicate whether the control activity is
information system (IS)- related as described in FAM 270.04. IS controls
are those the effectiveness of which depends on computer processing. They
can generally be classified into general, application, and user controls.
Testing of IS controls generally should be performed by an IS auditor,
although the audit team may assist the IS auditor.

.13 The auditor should design control tests to determine whether the
control activities that have been identified in the third column are in
place and operating effectively. A control activity is considered to be
effective if it achieves the control objective. The control testing
program and the control tests should be recorded in the documentation. The
results of these tests and the auditor's conclusions on the effectiveness
of the compliance controls should be documented in the fifth column of the
Compliance Summary. A reference to supporting documentation should be
included in this column.

Compliance 802 - General Compliance Checklist April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 802- 15 .14 Compliance tests should
be performed using the related Compliance Audit

Program as described below. The results of the compliance tests should be
indicated in the last column of the Compliance Summary along with a
reference to the supporting documentation.

Compliance Audit Program

.15 A compliance audit program has been developed for the provisions
identified on the related compliance summary for each law. For each law
identified for compliance testing on the General Compliance Checklist, the
auditor generally should perform each step of the related compliance audit
program. Because the subject matter of some laws is closely related to
matters the auditor will be planning to test for other parts of the audit,
the auditor should consider coordinating with that other testing and
designing multipurpose tests. For example, payroll compliance testing
could be performed using multipurpose tests of payroll controls and/ or
substantive payroll testing. The auditor generally

should initial in the "performed by" column of the compliance audit
program when he or she performs the procedure. A reference to the
documentation recording the work performed for each step generally should
be included in the last column of the compliance audit program.

[This page intentionally left blank.]

Compliance 803 - ANTIDEFICIENCY ACT April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 803- 1

Note: Complete this compliance summary or prepare equivalent documentation
only if provisions of the Antideficiency Act are considered to be
significant as indicated on Form 802 - General Compliance Checklist.

OMB guidance on budget execution, including the Antideficiency Act, is
included in OMB Circular A- 11, Part 4. Name of entity: Compliance Summary
Prepared by: Audit period: Reviewed by: Provision description

Objective Control activities

IS (Y/ N) Effective

compliance controls?

Instances of noncompliance noted? 1. The entity shall not make
expenditures or

obligations that exceed the amount available for expenditure or obligation
in

an appropriation or fund. Type: Quantitative- based Ref: 31 U. S. C. 1341(
a)( 1)( A) and (C) 1. Expenditures or

obligations do not exceed the amount available for expenditure or
obligation in an appropriation or

fund. [Document the control

activities used by the entity to achieve the

objective.] (See note 2.) [Is

con trol depen dent on

com puter pro ces

sing?] [Indicate

yes or no; include reference to supporting documenta tion.] [Indicate yes
or no; include reference to supporting documentation.] See Compliance

Audit Program 803 Step 3.

Compliance 803 - Antideficiency Act April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 803- 2 Name of entity: Compliance Summary Prepared
by: Audit period: Reviewed by: Provision description

Objective Control activities

IS (Y/ N) Effective

compliance controls?

Instances of noncompliance noted? 2. The entity shall not make
expenditures or

obligations that exceed (1) the amount of an apportionment; or (2) a
lesser amount, if any, established by agency regulations (such as the

allotment level). See note 1. Type: Quantitative- based Ref: 31 U. S. C.
1517( a) 2. Expenditures or

obligations do not exceed the legally binding limit on the entity's budget

authority. (The amount of the apportionment or a lesser amount, if any,
established by the entity's regulations.) See note 1. (See note 2.) See
Compliance

Audit Program 803 Step 4.

Compliance 803 - Antideficiency Act April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 803- 3 Note: Complete this program or prepare
equivalent documentation only if provisions of the Antideficiency Act are
considered to be significant as indicated on Form 802 - General Compliance
Checklist. The procedures in this program are designed to test compliance
with the provisions listed on the Compliance Summary for this law.

Name of entity: Audit period: Reviewed by: Audit Procedures Done by/ date

W/ P ref 1. List the appropriations or other budget authority and

the related budget accounts that were identified for compliance testing on
Form 802 - General Compliance Checklist. Per page 802- 3, the auditor
should identify all legally binding restrictions on budget execution, from
sources such as appropriation legislation.

(The following tests for compliance with the Antideficiency Act should be
coordinated with tests of the Statement of Budgetary Resources and with
tests of

expenses.)

Compliance 803 - Antideficiency Act April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 803- 4 Name of entity: Audit period: Reviewed by:
Audit Procedures Done

by/ date W/ P ref

2. As discussed in FAM 460.03, the auditor needs assurance that the
summarized budget information (obligations and expenditures) used for
compliance tests is reasonably accurate and complete. This assurance may
be provided through effective controls (usually the budget controls) or,
if the controls are not effective, through substantive testing of budget
amounts for validity, completeness, cutoff, recording, classification, and
summarization as described in FAM 495 B.

For the accounts listed in step 1, document if this assurance is provided
through effective controls (as indicated on Form 803 - Compliance Summary)
or if substantive tests of the budget information are necessary. If the
controls are not considered to be effective in

meeting some or all of the budget control objectives listed in FAM 395 F,
perform substantive tests of the budget amounts (obligations and
expenditures) as discussed in FAM 495 B. These substantive tests

should be performed only for those potential misstatements for which the
entity does not have effective budget controls.

After the auditor is satisfied as to the reasonableness of the budget
amounts to be used for the compliance tests, perform the compliance tests
in steps 3 and 4. 3. Compare the actual amounts of budget obligations and

expenditures with the related appropriation or other budget authority
listed in step 1. If the entity does not appear to have complied with the
provision, perform step 5. (31 U. S. C. 1341( a)( 1)( A) and (C))

Compliance 803 - Antideficiency Act April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 803- 5 Name of entity: Audit period: Reviewed by:
Audit Procedures Done

by/ date W/ P ref

4. Determine the entity's legally binding level of budget authority (below
the appropriation level) that was identified during the planning phase.
This level is usually the apportionment level unless the entity has
elected a lower level, such as allotments.

Compare the amount of actual obligations and expenditures to the legally
binding level of restrictions on budget authority identified for
compliance testing (the apportionment or allotment level). If the entity
does not appear to have complied with the provision, perform step 5. (31
U. S. C. 1517( a)) 5. If the entity does not appear to be in compliance
based

on the results of tests performed, discuss these matters with OGC and,
when appropriate, the Special Investigator Unit to conclude if
noncompliance actually has occurred and the implications of such
noncompliance.

For any noncompliance noted, the auditor should

identify the weakness in controls that allowed the noncompliance to occur,
if not previously identified during control testing;

report the nature of any weakness in controls and consider modification of
the opinion on internal control as appropriate (see FAM 580.32-. 61);

consider the implications of any instances of noncompliance on the
financial statements; and

report instances of noncompliance, as appropriate (see FAM 580.67-. 75.).

Compliance 803 - Antideficiency Act April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 803- 6 Name of entity: Audit period: Reviewed by:
Audit Procedures Done

by/ date W/ P ref

6. Document conclusions on compliance with each provision on Form 803 -
Compliance Summary.

Compliance 803 - Antideficiency Act April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 803- 7 Note 1: Entities are required to establish
regulations that provide for a system of

administrative controls over their execution of budget authority (31 U. S.
C. 1514( a)). As discussed in FAM 250.03, the entity may elect to lower
the level at which budget limitations are legally binding in these
regulations. For example, the entity may elect to reduce the legally
binding limit on the obligation and expenditure of budget funds from the
apportionment to the allotment level. The auditor should determine the
level at which the entity's legally binding limit has been established.

Note 2: The auditor should consider the results of the evaluation and
testing of budget controls. These controls relate to the execution of
budget authority and usually are the same controls that are used to comply
with the Antideficiency Act. Accordingly, additional consideration of
controls that achieve the compliance objective generally is not necessary
if the auditor has assessed whether the entity achieves all of the budget
control objectives listed in FAM 395 F. The auditor should reference this
compliance summary

to the budget control evaluation and testing and perform any additional
procedures considered necessary to conclude if compliance controls are
effective.

[This page intentionally left blank.]

Compliance 808 - FEDERAL CREDIT REFORM ACT OF 1990

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 808- 1 Note:
Complete this compliance summary or prepare equivalent documentation only
if provisions of the Federal Credit Reform Act of 1990 (FCRA) are
considered to be significant as indicated on Form 802 - General Compliance
Checklist.

OMB guidance on FCRA is included in OMB Circular A- 11, part 5, Federal
Credit Programs. Name of entity: Compliance Summary Prepared by: Audit
period: Reviewed by: Provision description

Objective Control activities

IS (Y/ N) Effective

compliance controls?

Instances of noncompliance noted? 1. Direct loan obligations may be
incurred on or after October 1, 1991, only to the extent that an
appropriation or other budget authority is available to cover these costs.

(See notes 1, 2, and 5- 7.) Type: Quantitative- based Ref: 2 U. S. C.
661c( b) 1. Direct loan obligations made on or after October 1, 1991, do
not exceed the available appropriation or

other budget authority. (See notes 1, 2, and 5- 7.) [Document the control
activities used by the entity to achieve the objective.]

(See note 10.) [Is con trol depen dent on

com puter pro ces

sing?] [Indicate yes

or no; include reference to supporting documenta tion.]

[Indicate yes or no; include reference to supporting documenta tion.]

See Compliance Audit Program

808 Steps 3 and 4.

Compliance 808 - Federal Credit Reform Act of 1990

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 808- 2 Name of
entity: Compliance Summary Prepared by: Audit period: Reviewed by:
Provision description

Objective Control activities

IS (Y/ N) Effective

compliance controls?

Instances of noncompliance noted? 2. A direct loan obligation or
outstanding direct loan shall not be modified in a manner that increases
its cost unless

budget authority for the additional cost is available. (See notes 5 and
8.) (See note

9 for matters to discuss with OGC prior to testing.) Type: Quantitative-
based Ref: 2 U. S. C. 661c( e) 2. Modifications made to direct loan
obligations or outstanding direct loans do

not exceed the available budget authority. (See

notes 5, 8, and 9.) (See note 10.) See Compliance Audit Program

808 Step 3. 3. Loan guarantee commitments may be made on or after October
1, 1991, only to the extent that an appropriation or other

budget authority is available to cover these costs. (See notes 3 to 7.)
Type: Quantitative- based Ref: 2 U. S. C. 661c( b) 3. Obligations for new
loan guarantee commitments made on or after October 1, 1991, do not exceed
the

available appropriation or other budget authority. (See notes 3 to 7.)
(See note 10.) See

Compliance Audit Program 808 Steps 3 and 4.

Compliance 808 - Federal Credit Reform Act of 1990

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 808- 3 Name of
entity: Compliance Summary Prepared by: Audit period: Reviewed by:
Provision description

Objective Control activities

IS (Y/ N) Effective

compliance controls?

Instances of noncompliance noted? 4. A loan guarantee commitment or
outstanding loan guarantee shall not be modified in a manner that
increases its

cost unless budget authority for the additional cost is available. (See
notes 5

and 8.) (See note 9 for matters to discuss with OGC prior to testing.)
Type: Quantitative- based Ref: 2 U. S. C. 661c( e) 4. Modifications made
to loan guarantee commitments or outstanding loan guarantees

do not exceed the available budget authority. (See

notes 5, 8, and 9.) (See note 10.) See Compliance Audit Program

808 Step 3.

Compliance 808 - Federal Credit Reform Act of 1990 April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 808- 4 Note: Complete this program
or prepare equivalent documentation only if provisions of the Federal
Credit Reform Act (FCRA) are considered to be significant as indicated on
Form 802 - General Compliance Checklist. The procedures in this program
are designed to test compliance with the provisions listed on the
Compliance Summary.

OMB guidance on FCRA is included in OMB Circular A- 11, part 5, Federal
Credit Programs.

Name of entity: Audit period: Reviewed by: Audit Procedures Done by/ date

W/ P ref 1. List the appropriations or other budget authority and

the related budget accounts that were identified for compliance testing on
Form 802 - General Compliance Checklist.

Compliance 808 - Federal Credit Reform Act of 1990 April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 808- 5 Name of entity: Audit period:
Reviewed by: Audit Procedures Done

by/ date W/ P ref

2. As discussed in FAM 460.03, the auditor needs assurance that the
summarized budget information (obligations and expenditures) used for
compliance tests is reasonably accurate and complete. This assurance may
be provided through effective controls (usually the budget controls) or,
if the controls are not effective, through substantive testing of budget
amounts for validity, completeness, cutoff, recording, classification, and
summarization as

described in FAM 495 B. For the accounts listed in step 1, document
whether this assurance is provided through effective controls (as
indicated on Form 808 - Compliance Summary) or whether substantive tests
of the budget information are necessary.

If the controls are not considered to be effective in meeting some or all
of the budget control objectives listed in FAM 395 F, plus the
supplemental objectives for FCRA listed in FAM 395 F Sup, perform

substantive tests of the budget amounts (obligations and expenditures) as
discussed in FAM 495 B. These substantive tests should be performed only
for those potential misstatements for which the entity does not have
effective budget controls.

After the auditor is satisfied as to the reasonableness of the budget
amounts to be used for the compliance tests, perform the compliance tests
in steps 3 and 4.

Compliance 808 - Federal Credit Reform Act of 1990 April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 808- 6 Name of entity: Audit period:
Reviewed by: Audit Procedures Done

by/ date W/ P ref

3. For each appropriation account or other budget authority listed in step
1, perform the following procedures that are applicable for direct and
guaranteed loan programs that have a positive subsidy (i. e., cash
outflows exceed cash inflows); (for direct and guaranteed loan programs
that have a negative subsidy (i. e., cash inflows exceed cash outflows),
perform step 4):

(a) Compare the amount of obligations for direct loans to the amount of
the available appropriation or other budget authority. (Note: This budget
restriction is applicable only to obligations for direct loans made on or
after October 1, 1991.) 3. (b) Compare the amount of obligations for

modifications of direct loan obligations or outstanding direct loans to
the amount of available budget authority. (Note: The sale of a

direct loan is considered a modification. Discuss applicability of this
budget restriction to direct loans and direct loan obligations that were

outstanding prior to October 1, 1991, with OGC prior to performing
compliance test.)

3. (c) Compare the amount of obligations for loan guarantee commitments to
the amount of the available appropriation or other budget authority.
(Note: This budget restriction is only

applicable to obligations for loan guarantee commitments made on or after
October 1, 1991.)

Compliance 808 - Federal Credit Reform Act of 1990 April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 808- 7 Name of entity: Audit period:
Reviewed by: Audit Procedures Done

by/ date W/ P ref

3. (d) Compare the amount of obligations for modifications of loan
guarantee commitments or outstanding loan guarantees to the amount of
available budget authority. (Note: Discuss

applicability of this budget restriction to loan guarantees and loan
guarantee commitments that were outstanding prior to October 1, 1991, with
OGC prior to performing compliance test.) (2 U. S. C. 661c( b) and (e))

If the amounts of obligations in any of these comparisons exceed the
available budget authority, the entity may not be in compliance. Perform
step 5. 4. Direct and guaranteed loan programs that have a

negative subsidy (cash inflows exceed cash outflows) do not receive an
appropriation. However, such programs have a loan limit that cannot be
exceeded, i. e., a maximum number of loans that can be made or guaranteed.
For these programs, compare the total number and dollar volume of loans
made to the loan limit in the applicable Presidents' Budget. Perform step
5.

Compliance 808 - Federal Credit Reform Act of 1990 April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 808- 8 Name of entity: Audit period:
Reviewed by: Audit Procedures Done

by/ date W/ P ref

5. If the entity does not appear to be in compliance based on the results
of tests performed, discuss these matters with OGC and, when appropriate,
the Special Investigator Unit to conclude if noncompliance actually has
occurred and the implications of such noncompliance.

For any noncompliance noted, the auditor should

identify the weakness in controls that allowed the noncompliance to occur,
if not previously identified during control testing;

report the nature of any weakness in controls and consider modification of
the report on internal control as appropriate (see FAM 580.32-. 61);

consider the implications of any instances of noncompliance on the
financial statements; and

report instances of noncompliance, as appropriate (see FAM 580.67-. 75).
6. Document conclusions on compliance with each

provision on Form 808 - Compliance Summary.

Compliance 808 - Federal Credit Reform Act of 1990 April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 808- 9 Note 1: A direct loan is a
disbursement of funds by the government to a nonfederal borrower under a
contract that requires the repayment of such

funds with or without interest. The term also includes the purchase of, or
participation in, a loan made by another lender. The term does not include
the acquisition of a federally guaranteed loan in satisfaction of

default claims or the price support loans of the Commodity Credit
Corporation. (2 U. S. C. 661a( 1)) Note 2: A direct loan obligation is a
binding agreement by a federal agency to

make a direct loan when specified conditions are fulfilled by the
borrower. (2 U. S. C. 661a( 2))

Note 3: A loan guarantee is any guarantee, insurance, or other pledge with
respect to the payment of all or a part of the principal or interest on
any debt obligation of a nonfederal borrower to a nonfederal lender, but
does not include the insurance of deposits, shares, or other

withdrawable accounts in financial institutions. (2 U. S. C. 661a( 3))
Note 4: A loan guarantee commitment is a binding agreement by a federal

agency to make a loan guarantee when specified conditions are fulfilled by
the borrower, the lender, or any other party to the guarantee agreement.
(2 U. S. C. 661a( 4))

Note 5: Appropriations or other budget authority to cover the cost of
budget obligations for direct loan obligations and loan guarantee
commitments must be made in advance by Congress. For revolving or other
funds that otherwise would be available for these budget obligations,
Congress must enact a limit on the use of such funds for these purposes to
make

them available for use. (2 U. S. C. 661c( b)) Note 6: Costs are defined as
the estimated long- term cost to the government of a

direct loan or loan guarantee, calculated on a net present value basis,
excluding administrative costs and any incidental effects on governmental
receipts or outlays. These calculations are described in further detail
under the valuation control objective for obligations in FAM 395 F. (2 U.
S. C. 661a( 5))

Note 7: There is an exemption from this requirement for entitlements
(mandatory programs such as the guaranteed student loan program and the VA
home loan guaranty program) and credit programs of the Commodity Credit
Corporation existing on the date of enactment of the act (November 5,
1990). (2 U. S. C. 661c( c))

Compliance 808 - Federal Credit Reform Act of 1990 April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 808- 10 Note 8: Modifications are
government actions that alter the estimated net

present value of a direct loan or loan guarantee for which an obligation
has been recorded, for example, the sale of a direct loan, per SFFAS No.
2, paragraph 53, or a policy change affecting the repayment period or
interest rate for a group of existing loans. (Changes within the terms of
existing contracts or through other existing authorities are not
considered to be modifications. Also, "work outs" of individual loans,
such as a change in the amount or timing of payments to be made, are

not considered modifications.) The effects of these changes should be
included in the annual reestimates of the estimated net present value of
the obligations. Permanent indefinite authority is provided by FCRA for

these reestimates. Note 9: Discuss applicability of this budget
restriction to direct loans, direct loan

obligations, loan guarantees, or loan guarantee commitments that were
outstanding prior to October 1, 1991, with OGC prior to performing control
or compliance tests.

Note 10: The auditor should consider the results of the evaluation and
testing of budget controls and testing of the Statement of Budgetary
Resources. These controls relate to the execution of budget authority and
usually are the same controls that are used to comply with the
Antideficiency Act and the Federal Credit Reform Act. Accordingly,
additional consideration of controls that achieve the compliance objective
generally is not necessary if the auditor has assessed whether the entity
achieves all of the budget control objectives listed in FAM 395 F,
including the supplemental control objectives for the Federal Credit
Reform Act. The auditor should reference to the budget control

evaluation and testing and perform any additional procedures considered
necessary to conclude if compliance controls are effective.

Compliance 809 - PROVISIONS GOVERNING CLAIMS OF THE U. S. GOVERNMENT (31
U. S. C. 3711 3720E) (INCLUDING THE DEBT COLLECTION IMPROVEMENT ACT OF
1996

(DCIA)) April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 809- 1
Note: Complete this compliance summary or prepare equivalent documentation
only if provisions governing claims of the U. S. government, as provided
primarily in sections 3711- 3720E of Title 31, U. S. Code (including
provisions of the Debt Collection Improvement Act of 1996), are considered
significant, as

indicated on Form 802 - General Compliance Checklist. Name of entity:
Compliance Summary Prepared by: Audit period: Reviewed by: Provision
description Objective

Control activities IS (Y/ N) Effective

compliance controls?

Instances of noncompliance noted? 1. Interest shall be charged on an
outstanding debt (or claim) owed to the entity. Interest accrues from the
date the

notice of the amount due and interest policies is first mailed to the
debtor. Interest is charged at the rate established by the Secretary of
the Treasury that is in effect on that date. The rate remains fixed

at that rate for the duration of the indebtedness.

(See notes 1, 2, and 3.) Type: Transaction- based Ref: 31 U. S. C. 3717(
a), (b), and (c) 1. Interest is properly calculated and charged on past
due amounts owed to the entity at the correct

rates. (See notes 1, 2, and 3.) [Document the control activities

used by the entity to achieve the objective.]

[Is con

trol depen dent on

com puter pro ces

sing?] [Indicate

yes or no; include reference to supporting documenta tion.] [Indicate yes
or no; include reference to supporting documentation.] See Compliance

Audit Program 809 Steps 3 (a), (b), and (c).

Compliance 809 - Provisions Governing Claims of the U. S. Government (31
U. S. C. 3711- 3720E) (Including the Debt Collection

Improvement Act of 1996 (DCIA))

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 809- 2 Name of
entity: Compliance Summary Prepared by: Audit period: Reviewed by:
Provision description

Objective Control activities

IS (Y/ N) Effective

compliance controls?

Instances of noncompliance noted? 2. The entity shall assess, on a claim
owed to it, a charge to cover the cost of processing and handling a
delinquent claim plus a penalty charge (of not more than 6

percent a year) for failure to pay a part of a claim more than 90 days
past due. These additional charges do not accrue interest. (See note 3.)
Type: Transaction- based

Ref: 31 U. S. C. 3717( e) and (f) 2. Administrative charges and late
payment penalties are properly calculated and

charged on past due amounts. (See note 3.) See Compliance

Audit Program 809 Step 3( d).

3. The entity may compromise, terminate, or suspend claims that are not
more than $100,000. Claims of more than $100,000 (excluding interest,
penalties, and

administrative costs) shall be referred to the Justice Department for
compromise,

termination, or suspension. (See note 4.) Type: Procedural- based Ref: 31
U. S. C. 3711( a) 3. Claims of more than $100,000 (excluding interest,
penalties, and administrative costs) are

referred to the Justice Department for compromise, termination,

or suspension. (See note 4.) See Compliance

Audit Program 809 Step 5( a).

Compliance 809 - Provisions Governing Claims of the U. S. Government (31
U. S. C. 3711- 3720E) (Including the Debt Collection

Improvement Act of 1996 (DCIA))

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 809- 3 Name of
entity: Compliance Summary Prepared by: Audit period: Reviewed by:
Provision description

Objective Control activities

IS (Y/ N) Effective

compliance controls?

Instances of noncompliance noted? 4. If the entity is owed a valid and
legally enforceable, nontax debt delinquent over 180 days, and there are
no bars to collection, it shall notify Treasury about the debt for
administrative offset and refer the debt to Treasury or a Treasury
designated debt collection center for collection action. (See notes 5, 6,
and 7.) Type: Procedural- based Ref: 31 U. S. C. 3711( g)( 1) and (9), 31

U. S. C. 3716( c)( 6), 31 U. S. C. 3719 (a), 31 U. S. C. 3720A( a), and 5
U. S. C. 5514( a)( 1). 4. When nontax debt becomes delinquent over 180
days, it is referred to Treasury for

administrative offset and collection. (See notes 5, 6, and 7.) See
Compliance

Audit Program 809 Step 5( b).

5. Unless waived by the entity, a person may not obtain any loan (other
than a disaster loan) or loan insurance or guarantee

administered by the entity if the person has outstanding nontax delinquent
federal debt. (Delinquency is determined by Treasury regulations.) Type:
Transaction- based

Ref: 31 U. S. C. 3720B 5. Loans and loan insurance or guarantees are not
granted to persons with delinquent nontax debt. See Compliance

Audit Program 809 Step 4( b).

Compliance 809 - Provisions Governing Claims of the U. S. Government (31
U. S. C. 3711- 3720E) (Including the Debt Collection Improvement Act of

1996 (DCIA)) April 2003 GAO/ PCIE Financial Audit Manual - Part II Page
809- 4 Note: Complete this program or prepare equivalent documentation
only if provisions governing claims of the United States government as
provided primarily in sections 3711- 3720E of Title 31, U. S. Code
(including provisions of the Debt Collection Act of 1996) are considered
significant, as indicated on Form 802 - General Compliance Checklist. The
procedures in this program are designed to test compliance with the
provisions listed on the Compliance Summary.

Name of entity: Audit period: Reviewed by: Audit Procedures Done by/ date

W/ P ref 1. Based on the preliminary assessment of compliance

control effectiveness (as documented on Form 809 - Compliance Summary),
select a sample of amounts owed to the entity during or at the end of the
audit

period. (The sample size will vary based on the expected effectiveness of
compliance controls, as discussed in FAM 460.02). Document the sampling
approach using the documentation in FAM section 495 E. See note 8
regarding sampling efficiencies and completeness of the sample population.
Sample size Sample selection method

Compliance 809 - Provisions Governing Claims of the U. S. Government (31
U. S. C. 3711- 3720E) (Including the Debt Collection Improvement Act of

1996 (DCIA)) April 2003 GAO/ PCIE Financial Audit Manual - Part II Page
809- 5 Name of entity: Audit period: Reviewed by: Audit Procedures Done

by/ date W/ P ref

2. For each item selected in step 1 obtain the loan file or other
supporting documentation and note the following information as of the date
selected for

testing:

due date of debt;

amount owed;

date the notice of the amount due and the interest policies is first
mailed to the debtor;

amount of interest accrued and other administrative charges and penalties
charged, if any; and

number of days the debt is past due, if any. Perform step 3 if the debt is
past due. Perform step 4 if the debt is not past due. 3. If the amount
selected is past due:

(a) Calculate the number of days that interest should be accrued on the
debt as of the date selected for testing. Interest generally accrues from
the date that the notice of the amount due is first mailed to the debtor.
(See note 1.) Compare the auditor's calculation with the calculation
performed by the entity and obtain explanation and examine support for any
differences. (31 U. S. C. 3717( b))

Compliance 809 - Provisions Governing Claims of the U. S. Government (31
U. S. C. 3711- 3720E) (Including the Debt Collection Improvement Act of

1996 (DCIA)) April 2003 GAO/ PCIE Financial Audit Manual - Part II Page
809- 6 Name of entity: Audit period: Reviewed by: Audit Procedures Done

by/ date W/ P ref

3. (b) Determine the interest rate that should be used to accrue interest
on the debt. The rate is published in the Federal Register and should be
the rate that was in effect on the date that the notice of the amount due
is first mailed to the

debtor. (The web site for the Federal Register is: http:// www. access.
gpo. gov/ su_ docs/ aces/ aces14 0. html.) Compare the auditor's
determination of the rate to the rate used by the entity and obtain
explanation and examine support for any differences. (31 U. S. C. 3717( a)
and (c)) 3. (c) Calculate the amount of interest that should be owed as of
the date selected for testing using the

number of days tested in (a) and the interest rate tested in (b). Compare
the auditor's calculation to the amount calculated by the entity and
obtain explanation and examine support for any differences. See notes 2
and 3 regarding the waiver of interest. 3. (d) Obtain the entity's
schedule of administrative

charges and late payment penalties and determine if the appropriate
amounts were charged to the debtor. See note 3 regarding the waiver of
these charges. (31 U. S. C. 3717( e) and (f))

Compliance 809 - Provisions Governing Claims of the U. S. Government (31
U. S. C. 3711- 3720E) (Including the Debt Collection Improvement Act of

1996 (DCIA)) April 2003 GAO/ PCIE Financial Audit Manual - Part II Page
809- 7 Name of entity: Audit period: Reviewed by: Audit Procedures Done

by/ date W/ P ref

4. If the debt is not past due, determine through examination of the
entity's records whether

(a) interest, administrative charges, or penalties are not being charged;
and (b) the debtor had no outstanding nontax delinquent federal debt at
the time the loan was obtained. (31 U. S. C. 3720 B) 5. The objectives
listed below relate to procedural- based

provisions. As discussed in FAM 460.06, sufficient procedures usually are
performed in conjunction with tests of compliance controls for these
proceduralbased provisions to conclude on the entity's compliance without
performing additional

procedures. Additional procedures should not be performed to obtain
evidence regarding compliance with the provisions related to the following
objectives unless sufficient evidence regarding compliance was not
obtained during compliance control tests documented on Form 809 -
Compliance Summary.

(a) Claims of more than $100,000 (excluding interest, penalties, and
administrative costs) are referred to the Justice Department for
compromise, termination, or suspension. See note 4. (31 U. S. C. 3711 )

(b) Claims delinquent for a period of 180 days have been referred to
Treasury for collection. See notes 5, 6, and 7. (31 U. S. C. 3711 (g))

Compliance 809 - Provisions Governing Claims of the U. S. Government (31
U. S. C. 3711- 3720E) (Including the Debt Collection Improvement Act of

1996 (DCIA)) April 2003 GAO/ PCIE Financial Audit Manual - Part II Page
809- 8 Name of entity: Audit period: Reviewed by: Audit Procedures Done

by/ date W/ P ref

6. If the entity does not appear to be in compliance based on the results
of tests performed, discuss these matters with OGC and, when appropriate,
the Special Investigator Unit to conclude if noncompliance actually has
occurred and the implications of such noncompliance.

For any noncompliance noted, the auditor should

identify the weakness in compliance controls that allowed the
noncompliance to occur, if not previously identified during compliance
control

testing;

report the nature of any weakness in compliance controls and consider
modification of the conclusion on internal control as appropriate (see FAM
580.32-. 61);

consider the implications of any instances of noncompliance on the
financial statements; and

report instances of noncompliance, as appropriate (see FAM 580.67-. 75).
7. Document conclusions on compliance with each

provision on Form 809 - Compliance Summary.

Compliance 809 - Provisions Governing Claims of the U. S. Government (31
U. S. C. 3711- 3720E) (Including the Debt Collection Improvement Act of

1996 (DCIA)) April 2003 GAO/ PCIE Financial Audit Manual - Part II Page
809- 9 Note 1: Claims are amounts owed to the government, including
amounts owed

for loans insured or guaranteed by the government. The term "claim" is
used interchangeably with the term "debt" in this law. (31 U. S. C. 3701(
b))

Interest normally accrues from the date that notice of the debt and the
agency's interest policies is first mailed to the debtor. If the agency
sends a bill to the debtor in advance of the due date and that bill states
the interest policies, interest would accrue from the due date specified
in

the bill. The provisions regarding accrual of interest and other charges
do not apply to the extent that a statute, related regulation, loan
agreement, or contract provides otherwise, or if a claim is under a
contract executed before October 25, 1982, that is in effect on October
25, 1982. (31 U. S. C. 3717( g)) Accrual of interest and penalties under
this law does not apply to amounts owed by other agencies of the federal
government, a state government or a unit of general local government or to
amounts payable to the entity under the Internal Revenue Code, the Social
Security Act, or tariff laws. (31 U. S. C. 3701 (c) and (d)) This law,
however, does not preclude the charging of interest to state and local
governments under authority provided under other laws.

Note 2: The entity shall waive the collection of interest on a claim (or
any portion of the claim) that is paid within 30 days after the date on
which interest began to accrue. The agency may extend this 30- day period.
(31 U. S. C. 3717( d)) Interest that is either accrued or collected on
claims that are paid within the 30- day period would usually not be
material or otherwise significant for purposes of compliance testing. If
the auditor considers this provision to be significant for compliance
testing, this form should be tailored to include the appropriate testing
procedures.

Note 3: The entity has the authority to waive the collection of interest,
penalties, and administrative charges. The entity should follow its own
regulations when determining whether a waiver is appropriate. Such
regulations

should be in conformity with the standards set jointly by the Comptroller
General, the Attorney General, and the Secretary of the Treasury described
in 31 CFR 901.9. (31 U. S. C. 3717( h))

The entity may increase an administrative claim (debt not based on an
extension of government credit through direct loans, guarantees, or
insurance, including fines, penalties, and overpayments) annually by the

Compliance 809 - Provisions Governing Claims of the U. S. Government (31
U. S. C. 3711- 3720E) (Including the Debt Collection Improvement Act of

1996 (DCIA)) April 2003 GAO/ PCIE Financial Audit Manual - Part II Page
809- 10 cost of living adjustment in lieu of charging interest and
penalties. (31 U. S. C. 3717( i))

Note 4: Compromise is the term used when an amount less than the total
amount of the claim is accepted by the entity as payment in full.
Suspension refers to the temporary deferral of collection activities until
collection activity is expected to be more successful. Termination refers
to stopping of collection activities. Only the Justice Department has the
authority to compromise, terminate,

or suspend collection on claims that are greater than $100,000 (excluding
interest, penalties, and administrative charges). Pursuant to 31 CFR Parts
902.1 and 903.1, entities generally should use a Claims Collection
Litigation Report (CCLR) to refer such matters to the Justice Department.

Note 5: Exceptions to the requirement to transfer nontax debt delinquent
for a period of 180 days to Treasury for collection are

(a) a debt or claim that (1) is in litigation or foreclosure; (2) will be
disposed of under an asset sales program within 1 year

after becoming eligible for sale, or later than 1 year if consistent with
an asset sales program and a schedule established by the entity and
approved by OMB; (3) has been referred to a private collection contractor
for

collection for a period determined by Treasury; (4) has been referred by,
or with the consent of, Treasury to a debt

collection center for a period determined by Treasury; or (5) will be
collected under internal offset, if such offset is sufficient to collect
the claim within 3 years after the date the

debt or claim is first delinquent; and (b) to any other specific class of
debt or claim, as determined by

Treasury at the request of an entity. (31 U. S. C. 3711( g)( 2)) Examples
include (1) debts in bankruptcy meeting the criteria for an automatic stay

(11 U. S. C. 362), (2) foreign debt considered uncollectable by Treasury
due to foreign diplomacy considerations and affairs of state,

(3) debts in forbearance or appeals. Note 6: Exceptions to the requirement
to notify Treasury of nontax debt

delinquent over 180 days for administrative offset are a claim that has

Compliance 809 - Provisions Governing Claims of the U. S. Government (31
U. S. C. 3711- 3720E) (Including the Debt Collection Improvement Act of

1996 (DCIA)) April 2003 GAO/ PCIE Financial Audit Manual - Part II Page
809- 11 been outstanding for more than 10 years or when a statute
explicitly prohibits using administrative offset or setoff to collect the
type of claim involved. (31 U. S. C. 3716( e)) Also, this section does not
prohibit the use of any other administrative offset authority existing.
(31 U. S. C. 3716 (d))

Prior to referring debts to Treasury, an agency shall inform the debtor of
the amount and nature of the debt (such as overpayment, etc.), and actions
which may be taken to enforce recovery of a delinquent debt. These include

(a) offset of any payments which the debtor is due, including tax refunds,
and salary; (b) referral of the debt to a private collection agency; (c)
referral of the debt to the Department of Justice or agency counsel

for litigation; (d) reporting of the debt to a credit bureau; (e)
reporting of the debt, if discharged, to IRS as a potential taxable

income. In the future, the agency also will need to inform the debtor that
the debt may be subject to administrative wage garnishment, his/ her
identity may be published or publicly disseminated, and/ or the debt may
be sold.

The notice must tell the debtor that he/ she has the opportunity (a) to
inspect and copy records relating to the debt, (b) for a review by the
agency; and (c) to enter into a written repayment agreement.

Note 7: Before an entity refers past- due debt to Treasury for reduction
of tax refund, it must (a) notify the person incurring such debt that the
entity proposes to

refer to Treasury for tax refund offset, (b) give such person at least 60
days to present evidence that all or

part of the debt is not past due or not legally enforceable, (c) consider
any evidence presented by such person and determine

that an amount of such debt is past due and legally enforceable, (d)
satisfy such other conditions Treasury may prescribe to ensure the

above determination is valid and that the entity has made reasonable
efforts to obtain payment, and

Compliance 809 - Provisions Governing Claims of the U. S. Government (31
U. S. C. 3711- 3720E) (Including the Debt Collection Improvement Act of

1996 (DCIA)) April 2003 GAO/ PCIE Financial Audit Manual - Part II Page
809- 12 (e) certify that reasonable efforts have been made by the entity
to

obtain payment. (31 U. S. C. 3720A (b)) Treasury issues regulations
prescribing the times at which entities shall submit notices of past- due
legally enforceable debts, the manner of submitting them, and the
information to be contained in them. The regulations also specify the
minimum amount of debt that may be referred for tax refund offset and the
fee the entity shall pay to reimburse Treasury for its costs.

Note 8: If multipurpose testing is used for the compliance test and/ or
compliance control test and/ or a substantive test of accounts or loans
receivable details, the sample items for the compliance test and/ or

compliance control test should be selected using the sampling method used
for the substantive test as described in FAM 430. Otherwise, the items
should be selected using attribute sampling as discussed in FAM 460.02.

As with all sampling applications, the auditor should consider the
completeness of the test population. For efficiency, the auditor should
consider using records that were tested for validity, accuracy, and
completeness (as well as the other financial statement assertions) in
conjunction with substantive tests of the population.

Compliance 810 - PROMPT PAYMENT ACT

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 810- 1 Note:
Complete this compliance summary or prepare equivalent documentation only
if provisions of the Prompt Payment Act are considered to be significant

as indicated on Form 802 - General Compliance Checklist. OMB guidance on
the Prompt Payment Act is included in 5 CFR Part 1315.

Name of entity: Compliance Summary Prepared by: Audit period: Reviewed by:
Provision description Objective

Control activities IS (Y/ N) Effective

compliance controls?

Instances of noncompliance noted? 1. If payment for property or services
from a

business concern is not made by the required due date, an interest penalty
shall be paid to the concern on the amount of the payment due. The
interest penalty shall be paid for the period beginning on

the day after the required payment date and ending on the date on which
payment is made. (See notes 1, 2, 3, 4, and 5.) Type: Transaction- based

Ref: 31 U. S. C. 3902( a) and (b) 1a. All payments for property or
services that are not made by the payment due date are identified. (See

note 1.) 1b. Interest penalties are calculated and paid on the past due
amount using the appropriate interest rate and period. (See notes 2, 3, 4,
and 5.) [Document the control activities

used by the entity to achieve the objective.]

[Is con

trol depen dent on

com puter pro ces

sing?] [Indicate

yes or no; include reference to supporting documenta tion.] [Indicate yes
or no; include reference to supporting documentation.] See Compliance

Audit Program 810 Step 4( a) and (b).

Compliance 810 - Prompt Payment Act April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 810- 2 Name of entity: Compliance Summary Prepared
by: Audit period: Reviewed by: Provision description

Objective Control activities

IS (Y/ N) Effective

compliance controls?

Instances of noncompliance noted? 2. Penalties shall be paid out of
amounts

made available to carry out the program for which the penalty is incurred.

Type: Transaction- based Ref: 31 U. S. C. 3902( f) 2. Interest penalties
are paid out of the appropriation

used to pay related program expenditures.

See Compliance Audit Program

810 Steps 4( c), 5( c), and 6.

3. Discounts offered by a business concern may be taken only if payment is
made within the specified time as determined from the date of the invoice.
An interest

penalty shall be paid on improperly taken discounts.

Type: Transaction- based Ref: 31 U. S. C. 3904

3a. Discounts taken after the specified time period are identified.

3b. Interest penalties are properly calculated and

paid on the amount of any improperly taken discounts using the appropriate
interest rate and period.

See Compliance Audit Program 810 Step 5( a) and (b).

Compliance 810 - Prompt Payment Act April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 810- 3 Note: Complete this program or prepare
equivalent documentation only if provisions of the Prompt Payment Act are
considered to be significant as indicated on Form 802 - General Compliance
Checklist. The procedures in this program are designed to test compliance
with the provisions listed on the Compliance Summary.

OMB Guidance on the Prompt Payment Act is included in 5 CFR Part 1315.
Name of entity: Audit period: Reviewed by: Audit Procedures Done

by/ date W/ P ref

1. Based on the preliminary assessment of compliance control effectiveness
(as documented on Form 810 - Compliance Summary), select a sample of
payments from throughout the audit period. (The sample size will vary
based on the expected effectiveness of

compliance controls as discussed in FAM 460.02.) Document the sampling
approach using the documentation in FAM section 495 E. See note 6
regarding sampling efficiencies and completeness of the population. Sample
size Sample selection method

Compliance 810 - Prompt Payment Act April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 810- 4 Name of entity: Audit period: Reviewed by:
Audit Procedures Done

by/ date W/ P ref

2. For each item selected in step 1, obtain the supporting documentation
for the payment such as the invoice voucher package.

(a) Document the following items in the documentation:

invoice number;

payee;

invoice amount;

invoice date;

invoice receipt date (or other date used for determining compliance with
this law - see step 2 (b));

payment date;

amount of interest penalty paid, if any;

amount of discount taken, if any; and

appropriation account( s) charged for the expenditure and interest
penalty, if any.

Compliance 810 - Prompt Payment Act April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 810- 5 Name of entity: Audit period: Reviewed by:
Audit Procedures Done

by/ date W/ P ref

2. (b) For each item selected, note whether the payment was made by the
required due date. The required due date may be the date specified in the
contract or, if a date is not specified, 30 days after receipt of the
invoice (31 U. S. C. 3903( a)( 1)( A) and (B)). If payment is for meat or
meat food products, perishable agricultural products, dairy products or
construction contracts, consult with OGC to determine payment due date.
Specific payment due dates to avoid interest penalties are established by
law for these items. (31 U. S. C. 3903( a)( 2), (3), (4), and (6))

The invoice receipt date is the later of (1) the date the entity's
designated representative or office actually receives a proper invoice or
(2) the 7th day after the date on which, in accordance with the terms and
conditions of the contract, the property is actually delivered or
performance of the services is actually completed (unless the entity
accepted the property or services before the 7th day or a longer
acceptance period is specified in the contract). If the date of actual
invoice receipt is not indicated, the entity must use the invoice date.
(31 U. S. C. 3901( a)( 4)( A) and (B))

If the payment was made prior to the payment due date, perform step 3.

If the payment was made after the payment due date, perform step 4.

If a discount was taken, perform step 5.

Compliance 810 - Prompt Payment Act April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 810- 6 Name of entity: Audit period: Reviewed by:
Audit Procedures Done

by/ date W/ P ref

3. If the payment was made prior to the payment due date, and no discount
was taken, determine that no interest penalty was paid.

(Note: If the entity did not take advantage of a discount for which it was
eligible or if an interest penalty was paid when it was not owed, the
auditor

generally should determine the cause of these items for purposes of
reporting findings.)

Compliance 810 - Prompt Payment Act April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 810- 7 Name of entity: Audit period: Reviewed by:
Audit Procedures Done

by/ date W/ P ref

4. If the payment was made after the payment due date, determine whether

(a) an interest penalty was paid; (b) the amount of the interest penalty
was properly

calculated; and (c) the interest penalty was paid out of the

appropriation used to pay the related expenditures. Review the accounting
codes indicated on the

expense voucher. Determine whether the accounting codes used to record the
interest penalty are the same as those used for the

related expenditure and whether the codes and amounts agree with those
recorded in the budgetary accounting records. (See step 6 regarding proper
summarization of amounts.) (31 U. S. C. 3902 (a), (b), and (f))

Investigate any differences between the amount of interest penalty
calculated by the auditor and the amount paid by the entity, including any
instances when an interest penalty was owed but not paid. See note 5.
Investigate any instances when the proper appropriation account was not
charged.

See note 2 regarding the interest rate to be used. See notes 3 and 4
regarding the period the penalty should cover.

Compliance 810 - Prompt Payment Act April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 810- 8 Name of entity: Audit period: Reviewed by:
Audit Procedures Done

by/ date W/ P ref

5. If a discount was taken, determine whether it was taken during the
specified period the discount was available. If the discount was taken
during the specified period, further consideration is not necessary. If
any discounts are taken after the appropriate time period, determine
whether (a) an interest penalty was paid, (b) the amount of the interest
penalty was properly

calculated, and (c) the interest penalty was charged against the

appropriation used for the related expenditures. Review the budget
accounting codes indicated on the expense voucher. Determine whether the
budget accounting codes indicated on the voucher for the interest penalty
are the same as those used for the related expenditure. Determine whether
the codes and amounts on the voucher agree with those recorded in the
budgetary accounting records. (See step 6 regarding proper summarization
of the budgetary amounts.) (31 U. S. C. 3902 (a), (b), and (f), and 31 U.
S. C. 3904)

Interest penalties should be calculated on the amount of the discount. The
penalty accrues on the amount of the discount from the last date specified
that the discounted amount may be paid (31 U. S. C. 3904). See note 2
regarding the interest rate to be used to calculate the interest penalty.

(continued)

Compliance 810 - Prompt Payment Act April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 810- 9 Name of entity: Audit period: Reviewed by:
Audit Procedures Done

by/ date W/ P ref

5. (continued) Investigate any differences between the amount of interest
penalty calculated by the auditor and the amount paid by the entity,
including any instances when an interest penalty was owed but not paid.
Investigate any instances when the proper appropriation account was not
charged. 6. Consider the procedures performed on the entity's budget
controls over summarization of expenditure

balances as discussed in FAM 395 F. If the auditor has assessed the
entity's controls as effective in achieving the control objective of
summarization of expenditure balances, further procedures are not
necessary to obtain assurance as to whether interest penalties are paid
out of the proper appropriation account.

If the auditor has assessed the controls as ineffective, the auditor
should perform procedures to determine if the entity has properly
summarized the expenditure balances as described in FAM 495 B.

Compliance 810 - Prompt Payment Act April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 810- 10 Name of entity: Audit period: Reviewed by:
Audit Procedures Done

by/ date W/ P ref

7. If the entity does not appear to be in compliance based on the results
of tests performed, discuss these matters with OGC and, when appropriate,
the Special Investigator Unit to conclude if noncompliance actually has
occurred and the implications of such noncompliance.

For any noncompliance noted, the auditor should

identify the weakness in compliance controls that allowed the
noncompliance to occur, if not previously identified during compliance
control

testing;

report the nature of any weakness in compliance controls and consider
modification of the opinion on internal control as appropriate (see FAM
580.32-. 61);

consider the implications of any instances of noncompliance on the
financial statements; and

report instances of noncompliance, as appropriate (see FAM 580.67-. 75).
8. Document conclusions on compliance with each

provision on Form 810 - Compliance Summary.

Compliance 810 - Prompt Payment Act April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 810- 11 Note 1: The required due date is generally
the date specified in the contract or, if

a date is not specified, 30 days after receipt of the invoice (31 U. S. C.
3903( a)( 1)( A) and (B)) If payment is for meat or meat food products,
perishable agricultural products, dairy products or construction
contracts, consult with OGC to determine payment due date. Specific
payment due dates to avoid interest penalties are established by law for
these items. (31 U. S. C. 3903( a)( 2), (3), (4), and (6))

The invoice receipt date is established as the later of (1) the date the
entity's designated representative or office actually receives a proper
invoice or (2) the 7th day after the date on which, in accordance with the
terms and conditions of the contract, the property is actually delivered
or performance of the services is actually completed, unless the entity
accepted the property or services before the 7th day or a longer
acceptance date is specified in the contract. If the date of actual
invoice receipt is not indicated, the entity must use the invoice date.
(31 U. S. C. 3901( a)( 4)( A) and (B))

Note 2: Interest shall be calculated at the rate set by the Secretary of
the Treasury under section 12 of the Contract Disputes Act of 1978 (41 U.
S. C. 611) that is in effect at the time the entity accrues the obligation
to pay a late payment interest penalty. The rates are published in the
Federal Register. (31 U. S. C. 3902( a))

Note 3: The interest penalty shall be paid for the period beginning on the
day after the required payment date and ending on the date on which
payment is made. (31 U. S. C. 3902( b))

An interest penalty not paid after any 30- day period shall be added to
the principal amount of the debt, and a penalty accrues thereafter on the
combined amount of principal and interest. (31 U. S. C. 3902( e))

Note 4: A payment is deemed to be made on the date a check for payment is
dated or an electronic transfer is made. (31 U. S. C. 3901 (a)( 5))

Note 5: The temporary unavailability of funds to make a timely payment due
for property or services does not relieve the entity head of the
obligation to pay interest penalties under this law. (31 U. S. C. 3902
(d))

Note 6: If multipurpose testing is used for the compliance test and/ or
compliance control test and/ or a substantive test of payments details,
the sample items for the compliance test and/ or compliance control test
should be selected using the sampling method used for the substantive

Compliance 810 - Prompt Payment Act April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 810- 12 test as described in FAM 430. Otherwise, the
items should be selected using attribute sampling as discussed in FAM
460.02.

As with all sampling applications, the auditor should consider the
completeness of the test population. For efficiency, the auditor should
consider using records that were tested for validity, accuracy, and
completeness (as well as the other financial statement assertions) in
conjunction with substantive tests of the population.

Compliance 812 - PAY AND ALLOWANCE SYSTEM FOR CIVILIAN EMPLOYEES, AS
PROVIDED

PRIMARILY IN CHAPTERS 51- 59 OF TITLE 5, U. S. CODE

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 812- 1 Note:
Complete this compliance summary or prepare equivalent documentation only
if provisions of the Pay and Allowance System for Civilian Employees, as

provided primarily in Chapters 51- 59 of Title 5, U. S. Code, are
considered to be significant as indicated on Form 802 - General Compliance
Checklist. Name of entity: Compliance Summary Prepared by: Audit period:
Reviewed by: Provision description

Objective Control activities

IS (Y/ N) Effective

compliance controls?

Instances of noncompliance noted? 1. Pay for a specific position should be
based

on the appropriate pay schedule or pay rate. Type: Transaction- based Ref:
5 U. S. C. 5332, 5343, and 5383

1. Employees are paid at appropriate rates.

[Document the control activities used by the entity to achieve the

objective.] [Is

con trol depen dent on

com puter pro ces

sing?] [Indicate

yes or no; include reference to supporting documenta tion.] [Indicate yes
or no; include reference to supporting documentation.] See Compliance

Audit Program 812 Step 4( b).

2. Employer shall pay employees at least minimum wage. (See note 1.) Type:
Transaction- based

Ref: 29 U. S. C. 206 2. Employees are paid at least

minimum wage. (See note 1.) See Compliance

Audit Program 812 Step 4( b).

Compliance 812 - Pay and Allowance System for Civilian Employees, as
Provided Primarily in Chapters 51- 59 of Title 5, U. S. Code April 2003
GAO/ PCIE Financial Audit Manual - Part II Page 812- 2 Note: Complete this
program or prepare equivalent documentation only if provisions of the Pay
and Allowance System for Civilian Employees, as provided primarily in
Chapters 51- 59 of Title 5, U. S. Code, are considered to be significant
as indicated on Form 802 - General Compliance Checklist. The procedures in
this program are designed to test compliance with the provisions listed on
the Compliance Summary.

Name of entity: Audit period: Reviewed by: Audit Procedures Done by/ date

W/ P ref Note: These tests are closely related to procedures

performed for substantive tests of payroll expense details. Use of
multipurpose testing in this situation is strongly encouraged. 1. Based on
the preliminary assessment of compliance

control effectiveness (as documented on Form 812 - Compliance Summary),
select an appropriate sample of disbursements from the payroll records
throughout the audit period. (The sample size will

vary based on the expected effectiveness of compliance controls as
discussed in FAM 460.02). Document the sampling approach using the
documentation in FAM section 495 E. See note 2 regarding sampling
efficiencies and completeness of the population. Sample size Sample
selection method

Compliance 812 - Pay and Allowance System for Civilian Employees, as
Provided Primarily in Chapters 51- 59 of Title 5, U. S. Code April 2003
GAO/ PCIE Financial Audit Manual - Part II Page 812- 3

Name of entity: Audit period: Reviewed by: Audit Procedures Done by/ date

W/ P ref 2. For each item selected in 1, note the following

information:

employee name;

pay period (number and dates);

amount of gross pay for the period;

pay rate;

total hours worked; and

number of hours worked at regular pay and other pay (i. e., overtime,
premium pay, etc.). 3. For each item selected in 1, obtain the employee's

personnel file and note the following in effect for the pay period
selected:

the employee's grade and step and

the employee's pay rate. 4. For each item selected in 1, (a) Calculate the
amount of gross pay using the

hours worked and the employee's pay rate indicated on the payroll records.
Compare the amount of gross pay calculated by the auditor to the amount
shown on the payroll records for the

selected pay period and obtain explanation and examine support for any
differences.

Note: To convert basic annual amount to a daily, weekly or biweekly
amount, divide the annual rate by 2,087 for an hourly rate. Multiply the
hourly rate by number of either daily hours, 40 for weekly, or 80 for
biweekly amounts. (5 U. S. C. 5504)

Compliance 812 - Pay and Allowance System for Civilian Employees, as
Provided Primarily in Chapters 51- 59 of Title 5, U. S. Code April 2003
GAO/ PCIE Financial Audit Manual - Part II Page 812- 4

Name of entity: Audit period: Reviewed by: Audit Procedures Done by/ date

W/ P ref 4. (b) Compare the employee's pay rate in the payroll

records to the appropriate pay rate for the employee's approved grade and
step on the pay schedules established by executive order. (Use the
approved grade and step indicated in the employee's personnel records for
this test.) Obtain explanation and examine support for any differences
between the actual pay rate for the period selected and the authorized
amounts. (5 U. S. C. 5332, 5343, and 5383)

If the employee's pay is not set by these pay schedules, determine whether
the amount paid is properly authorized and whether the pay rate is at
least minimum wage. (29 U. S. C. 206)

Compliance 812 - Pay and Allowance System for Civilian Employees, as
Provided Primarily in Chapters 51- 59 of Title 5, U. S. Code April 2003
GAO/ PCIE Financial Audit Manual - Part II Page 812- 5

Name of entity: Audit period: Reviewed by: Audit Procedures Done by/ date

W/ P ref 5. If the entity does not appear to be in compliance

based on the results of tests performed, discuss these matters with OGC
and, when appropriate, the Special Investigator Unit to conclude if
noncompliance actually has occurred and the implications of such
noncompliance.

For any noncompliance noted, the auditor should

identify the weakness in compliance controls that allowed the
noncompliance to occur, if not previously identified during compliance
control

testing;

report the nature of any weakness in compliance controls and consider
modification of the opinion on internal control as appropriate (see FAM
580.32-. 61);

consider the implications of any instances of noncompliance on the
financial statements; and

report instances of noncompliance, as appropriate (see FAM 580.67-. 75).
6. Document conclusions on compliance with each

provision on Form 812 - Compliance Summary.

Compliance 812 - Pay and Allowance System for Civilian Employees, as
Provided Primarily in Chapters 51- 59 of Title 5, U. S. Code April 2003
GAO/ PCIE Financial Audit Manual - Part II Page 812- 6 Note 1: To convert
basic annual amount to a daily, weekly, or biweekly amount,

divide the annual rate by 2,087 for an hourly rate. Multiply the hourly
rate by number of either daily hours, 40 for weekly, or 80 for biweekly
amounts. (5 U. S. C. 5504)

Note 2: If multipurpose testing is used for the compliance test and/ or
compliance control test and a substantive test of payroll expense details,
the sample items for the compliance test and/ or compliance control test
should be selected using the sampling method used for the substantive
test. Otherwise, the items should be selected using attribute sampling, as
discussed in FAM 460.02.

As with all sampling applications, the auditor should consider the
completeness of the population. For efficiency, the auditor should
consider using records that were tested for validity and completeness (as
well as the other financial statement assertions) in conjunction with
substantive tests of payroll or other payroll related compliance tests.
Note 3: If the entity outsources payroll processing, the entity remains

responsible for compliance. Dividing responsibility for payroll processing
activities between the entity and the service organization could make
payroll testing more complicated, although the same testing should be
performed. The auditor may accomplish that testing with the assistance of
the service organization's auditor, who may issue an internal control
report on the service organization under AU 324 (SAS 70). Or the service
organization's auditor may assist the entity auditor by performing agreed-
upon procedures at the service organization (e. g., substantive testing)
under AT 201 (see FAM 660).

Compliance 813 - CIVIL SERVICE RETIREMENT ACT

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 813- 1 Note:
Complete this compliance summary or prepare equivalent documentation only
if provisions of the Civil Service Retirement Act are considered to be
significant as indicated on Form 802 - General Compliance Checklist.

Name of entity: Compliance Summary Prepared by: Audit period: Reviewed by:
Provision description Objective

Control activities IS (Y/ N) Effective

compliance controls?

Instances of noncompliance noted? 1. For each employee employed prior to
January 1, 1984, the entity shall withhold a

percent of the basic pay of the employee. (See notes 1 and 2.) Type:
Transaction- based

Ref: 5 U. S. C. 8334( a)( 1) 1. The appropriate amount is withheld from
employee's

pay. (See notes 1 and 2.) [Document the control activities used by the
entity to achieve the

objective.] [Is

con trol depen dent on

com puter pro ces

sing?] [Indicate

yes or no; include reference to supporting documenta tion.] [Indicate yes
or no; include reference to supporting documentation.] See Compliance

Audit Program 813 Step 4( b).

Compliance 813 - Civil Service Retirement Act April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 813- 2 Name of entity: Compliance
Summary Prepared by: Audit period: Reviewed by: Provision description

Objective Control activities

IS (Y/ N) Effective

compliance controls?

Instances of noncompliance noted? 2. An amount equal to the amount
withheld

from the employee's pay shall be contributed by the entity from the
appropriation or fund used to pay the employee. Type: Transaction- based
and

Quantitative- based Ref: U. S. C. 5 U. S. C. 8334( a)( 1) 2. The entity
contribution for employee retirement is calculated properly, summarized
properly, and

charged to the proper appropriation account or fund.

See Compliance Audit Program

813 Steps 4( c) and 5. 3. Amounts withheld from employees and the sum
contributed by the entity for

retirement benefits shall be deposited in the Treasury to the credit of
the Civil Service Retirement and Disability Fund.

Type: Procedural- based and Quantitative based

Ref: 5 U. S. C. 8334( a)( 2) 3. Withholdings from employees and entity

contributions for retirement benefits are properly summarized and
deposited in the Treasury to the credit of the Civil Service Retirement
and Disability Fund.

See Compliance Audit Program

813 Steps 6 and 7.

Compliance 813 - Civil Service Retirement Act April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 813- 3 Note: Complete this program
or prepare equivalent documentation only if provisions of the Civil
Service Retirement Act are considered to be significant as indicated on
Form 802 - General Compliance Checklist. The procedures in this program
are designed to test compliance with the provisions listed on the
Compliance Summary.

Name of entity: Audit period: Reviewed by: Audit Procedures Done by/ date

W/ P ref 1. Based on the preliminary assessment of compliance

control effectiveness (as documented on Form 813 - Compliance Summary),
select a sample of expense amounts for individuals' gross pay from the
payroll disbursement records for the audit period for employees covered by
the Civil Service Retirement Act system (CSRS). (See note 1.)

(The sample size will vary based on the expected effectiveness of
compliance controls, as discussed in FAM 460.02). Document the sampling
approach using the documentation in FAM section 495 E. See note 3
regarding sampling efficiencies and completeness of the population.

These tests should be coordinated with other tests of payroll- related
expenses and with the agreed- upon procedures agency auditors perform for
the Office of Personnel Management (OPM), per OMB audit guidance, if
performed. Sample size Sample selection method

Compliance 813 - Civil Service Retirement Act April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 813- 4 Name of entity: Audit period:
Reviewed by: Audit Procedures Done

by/ date W/ P ref

2. For each selection made in 1, document the following for the pay period
selected:

the amount withheld for the cost of retirement benefits;

the amount of basic pay; and

if indicated in the payroll disbursement records, document the retirement
plan under which the withholdings were made (CSRS or FERS). (Only
employees covered by CSRS should be included in this compliance test. See
FAM 817 for the FERS compliance test.) 3. For each item selected in 1,
obtain the employee's

personnel file and note the following:

employee hire date,

amount of basic pay, and

the retirement plan under which the employee is covered. 4. For each
selection made in 1, (a) Compare the amount of basic pay indicated in

the employee's personnel file with the amount indicated in the payroll
records and obtain an explanation and examine support for any differences.
(This procedure would be performed only if not already performed as part
of other testing.)

Compliance 813 - Civil Service Retirement Act April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 813- 5 Name of entity: Audit period:
Reviewed by: Audit Procedures Done

by/ date W/ P ref

4. (b) Calculate the amount of the withholdings for retirement costs based
on 7 percent of basic pay for executive branch employees (see note 2 for
percentages for other employees) for the selected pay period and document
the amount in the documentation. Compare to the actual amount withheld for
the selected pay period and

obtain an explanation and examine support for any differences. (5 U. S. C.
8334( a)( 1)) 4. (c) Determine whether the entity contributed an

equal amount for the employee's retirement for the selected pay period.
Obtain explanation and examine support for any differences between the
employee and entity contributions. (5 U. S. C. 8334( a)( 1)) 5. Determine
whether amounts contributed by the entity are charged to the appropriation
or fund used to pay

the employee for the selected pay period by performing the following
procedures:

(a) Review the accounting codes indicated on the supporting documentation.

(b) Determine whether the accounting codes used to record the entity
contribution are the same as those used for the related payroll
expenditure and whether the codes and amounts agree with those recorded in
the budgetary accounting records. (This step assumes other payroll testing
would have included checking that the codes represent the proper
appropriation.)

Compliance 813 - Civil Service Retirement Act April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 813- 6 Name of entity: Audit period:
Reviewed by: Audit Procedures Done

by/ date W/ P ref

5. (c) Consider the procedures performed on the entity's budget controls
over summarization of expenditure balances as discussed in FAM 395 F.

If the auditor has assessed the entity's controls as effective in
achieving the control objective of summarization of expenditure balances,
further procedures are not necessary to obtain assurance as to whether the
entity's contributions are paid out of the proper appropriation account.

If the auditor has assessed the controls as ineffective, the auditor
should perform procedures to determine whether the entity has

properly summarized the expenditure balances as described in FAM 495 B. (5
U. S. C. 8334 (a)( 1)) 6. Determine whether the entity has effective
controls

over the proper summarization of (a) the amounts withheld from employees
for retirement costs under this law and (b) the entity contributions for
remittance to Treasury. If the entity does not have effective controls for
summarization, test the summarization of the totals that include the items
selected for testing in step 1. 7. Compare the combined totals of employee

withholdings and entity contributions that include each selection made in
step 1 to the deposit made to Treasury and the remittance sent to OPM and
obtain an explanation and examine support for any differences. The funds
should be deposited in the Treasury to the credit of the Civil Service
Retirement and Disability Fund. (5 U. S. C. 8334( a)( 2))

Compliance 813 - Civil Service Retirement Act April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 813- 7 Name of entity: Audit period:
Reviewed by: Audit Procedures Done

by/ date W/ P ref

8. If the entity does not appear to be in compliance based on the results
of tests performed, discuss these matters with OGC and, when appropriate,
the Special Investigator Unit to conclude if noncompliance actually has
occurred and the implications of such noncompliance.

For any noncompliance noted, the auditor should

identify the weakness in compliance controls that allowed the
noncompliance to occur, if not previously identified during compliance
control

testing;

report the nature of any weakness in compliance controls and consider
modification of the opinion on internal control as appropriate (see FAM
580.32-. 61);

consider the implications of any instances of noncompliance on the
financial statements; and

report instances of noncompliance, as appropriate (see FAM 580.67-. 75).
9. Document conclusions on compliance with each provision on Form 813 -
Compliance Summary.

Compliance 813 - Civil Service Retirement Act April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 813- 8 Note 1: Employees may be
covered by the Civil Service Retirement Act (CSRS)

or the Federal Employees' Retirement System Act (FERS), generally
depending on their employment date.

Note 2: The percentage to be withheld for the service period after
December 31, 2000, for (1) executive branch employees is 7 percent and (2)
Congressional employees is 7.5 percent. The percentage to be withheld for
the service period between January 1, 2001 and December 31, 2002, for
Members of Congress is 8.5 percent. The percentage withheld for service
after December 31, 2002, for Members of Congress is 8 percent. (5 U. S. C.
8334( a)( 1))

Note 3: If multipurpose testing is used for the compliance test and/ or
compliance control test and a substantive test of payroll expense details,
the sample items for the compliance test and/ or compliance control test
should be selected using the sampling method used for the substantive
test. Otherwise, the items should be selected using attribute sampling, as
discussed in FAM 460.02.

As with all sampling applications, the auditor should consider the
completeness of the population. For efficiency, the auditor should
consider using records that were tested for validity and completeness (as
well as the other financial statement assertions) in conjunction with
substantive tests of payroll or other payroll related compliance tests.
Note 4: If the entity outsources payroll processing, the entity remains

responsible for compliance. Dividing responsibility for payroll processing
activities between the entity and the service organization could make
payroll testing more complicated, although the same testing should be
performed. The auditor may accomplish that testing with the assistance of
the service organization's auditor, who may issue an internal control
report on the service organization under AU 324 (SAS 70). Or the service
organization's auditor may assist the entity auditor by performing agreed-
upon procedures at the service organization (e. g., substantive testing)
under AT 201 (see FAM 660).

Compliance 814 - FEDERAL EMPLOYEES HEALTH BENEFITS ACT

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 814- 1 Note:
Complete this compliance summary or prepare equivalent documentation only
if provisions of the Federal Employees Health Benefits Act are considered
to be significant as indicated on Form 802 - General Compliance Checklist.

Name of entity: Compliance Summary Prepared by: Audit period: Reviewed by:
Provision description Objective

Control activities IS (Y/ N) Effective

compliance controls?

Instances of noncompliance noted? 1. For each full- time employee enrolled
in a

health benefits plan, a biweekly contribution shall be made by the entity
in an amount determined by OPM for each

type of insurance plan. (See note 1 for part- time career employees.)
Type: Transaction- based Ref: 5 U. S. C. 8906( b)( 1) 1. The amount of the
entity contribution for health insurance benefits is

calculated properly for employees who elect to enroll in a health benefits

plan. [Document the control activities

used by the entity to achieve the objective.]

[Is con

trol depen dent on

com puter pro ces

sing?] [Indicate

yes or no; include reference to supporting documenta tion.] [Indicate yes
or no; include reference to supporting documentation.] See Compliance

Audit Program 814 Step 4( b).

2. For employees generally, the entity contribution for the cost of health
insurance shall be paid from the appropriation or fund that is used to pay
the employee.

Type: Transaction- based and Quantitative- based Ref: 5 U. S. C. 8906( f)
2. Entity contributions for the cost of employee health insurance are
summarized properly and charged to the

proper appropriation account or fund.

See Compliance Audit Program

814 Step 4( c).

Compliance 814 - Federal Employees Health Benefits Act April 2003 GAO/
PCIE Financial Audit Manual - Part II Page 814- 2 Name of entity:
Compliance Summary Prepared by: Audit period: Reviewed by: Provision
description

Objective Control activities

IS (Y/ N) Effective

compliance controls?

Instances of noncompliance noted? 3. An amount shall be withheld from the
employee's pay to cover the total cost of enrollment in the health benefit
plan selected by the employee after the amount

of the entity contribution is subtracted. Type: Transaction- based

Ref: 5 U. S. C. 8906( d) 3. Withholdings are made for the employee's share
of the

cost of health insurance and are calculated properly. See Compliance

Audit Program 814 Step 4( a).

4. Amounts withheld from employees and the sum contributed by the entity
for health insurance costs shall be deposited in the

Treasury to the credit of the Employees Health Benefits Fund.

Type: Procedural- based and Quantitative- based Ref: 5 U. S. C. 8909

4. Withholdings from employees and entity

contributions for health insurance costs are properly summarized and

deposited in the Treasury to the credit of the Employees Health Benefits
Fund.

See Compliance Audit Program

814 Steps 5 and 6.

Compliance 814 - Federal Employees Health Benefits Act April 2003 GAO/
PCIE Financial Audit Manual - Part II Page 814- 3 Note: Complete this
program or prepare equivalent documentation only if provisions of the
Federal Employees Health Benefits Act are considered to be significant as
indicated on Form 802 - General Compliance Checklist. The procedures in
this program are designed to test compliance with the provisions listed on
the Compliance Summary. Name of entity: Audit period: Reviewed by: Audit
Procedures Done

by/ date W/ P ref

1. Based on the preliminary assessment of compliance control effectiveness
(as documented on Form 814 - Compliance Summary), select a sample of
expense amounts for individuals' gross pay from the payroll disbursement
records for the audit period.

(The sample size will vary based on the expected effectiveness of
compliance controls, as discussed in FAM 460.02). Document the sampling
approach using the documentation in FAM section 495 E. See note 2
regarding sampling efficiencies and completeness of the population.

These tests should be coordinated with other tests of payroll- related
expenses and with the agreed- upon procedures agency auditors perform for
OPM, per OMB audit guidance, if performed.

Sample size Sample selection method 2. For each selection made in step 1,
document the employee, the pay period selected, and the amount withheld
for the pay period selected, if any, for the cost of health insurance. If
available, document the health plan enrollment code.

Compliance 814 - Federal Employees Health Benefits Act April 2003 GAO/
PCIE Financial Audit Manual - Part II Page 814- 4 Name of entity: Audit
period: Reviewed by: Audit Procedures Done

by/ date W/ P ref

3. For each selection made in step 1, obtain the employee's personnel file
and note whether the employee elected health insurance coverage for the
period to which payroll disbursement relates. Such coverage should be
indicated on OPM form SF 2809.

If the employee did not elect health insurance coverage, ask why amounts
are being withheld for the cost of insurance and determine whether any
entity contributions are being made inappropriately as well. 4. If the
employee identified in step 3 elected coverage,

perform the following steps: (a) Obtain the schedule of health insurance
costs

for all plans published by OPM. Using the enrollment code for the plan
selected by the employee on OPM form SF 2809, calculate the employee's
portion of the health insurance cost and record it in the documentation.
Compare it to the amount actually withheld for the selected pay period and
obtain an explanation and examine support for any differences. (5 U. S. C.
8906( d)) 4. (b) For each employee in (a), determine the

appropriate amount of the entity's contribution for its share of health
insurance costs by using the OPM schedule of costs. Compare it to the
amount actually contributed by the entity for the employee's health
insurance for the selected pay period and obtain an explanation and
examine support for any differences. (See note 1 for part- time career
employees.) (5 U. S. C. 8906( b)( 1))

Compliance 814 - Federal Employees Health Benefits Act April 2003 GAO/
PCIE Financial Audit Manual - Part II Page 814- 5 Name of entity: Audit
period: Reviewed by: Audit Procedures Done

by/ date W/ P ref

4. (c) For each employee in (b), determine if amounts contributed by the
entity are charged to the appropriation or fund that is used to pay the
employee for the selected pay period by performing the following
procedures:

(1) Review the accounting codes indicated on the supporting documentation.

(2) Determine whether the accounting codes used to record the entity
contribution are the same as those used for the related payroll
expenditure and whether the codes and amounts agree with those recorded in

the budgetary accounting records. (This step assumes other payroll testing
would have included checking that the codes represent the proper
appropriation.)

Compliance 814 - Federal Employees Health Benefits Act April 2003 GAO/
PCIE Financial Audit Manual - Part II Page 814- 6 Name of entity: Audit
period: Reviewed by: Audit Procedures Done

by/ date W/ P ref

4. (c) (3) Consider the procedures performed on the entity's budget
controls over summarization of expenditure balances as discussed in FAM
395 F.

If the auditor has assessed the entity's controls as effective in
achieving the control objective of summarization of expenditure balances,
further procedures are not necessary to obtain assurance as to

whether the entity's contributions are paid out of the proper
appropriation account.

If the auditor has assessed the controls as ineffective, the auditor
should perform procedures to determine whether the entity

has properly summarized the expenditure balances as described in FAM 495
B. (5 U. S. C. 8906( f))

5. Determine whether the entity has effective controls over the proper
summarization of the amounts withheld from employees for health insurance
costs

under this law and the entity contributions for remittance to Treasury. If
the entity does not have effective controls for summarization, test the
summarization of the totals that include the items selected for testing in
step 1. 6. Compare the total cost of health insurance on the

entity's records (employee and employer portions) for the selected pay
period to the deposit made to Treasury and the documentation sent to OPM
and obtain an explanation and examine support for any differences. The
funds should be deposited in the Treasury to the credit of the Employees
Health Benefits Fund. (5 U. S. C. 8909)

Compliance 814 - Federal Employees Health Benefits Act April 2003 GAO/
PCIE Financial Audit Manual - Part II Page 814- 7 Name of entity: Audit
period: Reviewed by: Audit Procedures Done

by/ date W/ P ref

7. If the entity does not appear to be in compliance based on the results
of tests performed, discuss these matters with OGC and, when appropriate,
the Special Investigator Unit to conclude if noncompliance actually has
occurred and the implications of such noncompliance.

For any noncompliance noted, the auditor should

identify the weakness in compliance controls that allowed the
noncompliance to occur, if not previously identified during compliance
control

testing;

report the nature of any weakness in compliance controls and consider
modification of the opinion on internal control as appropriate (see FAM
580.32-. 61);

consider the implications of any instances of noncompliance on the
financial statements; and

report instances of noncompliance, as appropriate (see FAM 580.67-. 75).
8. Document conclusions on compliance with each provision on Form 814 -
Compliance Summary.

Compliance 814 - Federal Employees Health Benefits Act April 2003 GAO/
PCIE Financial Audit Manual - Part II Page 814- 8 Note 1: For part- time
career employees, the biweekly entity contribution shall be

calculated on a prorata basis based on the ratio of number of scheduled
part- time hours to the number of scheduled regular hours for an employee
serving in a comparable position on a full- time basis. (5 U. S. C. 8906(
b)( 3))

Note 2: If multipurpose testing is used for the compliance test and/ or
compliance control test and a substantive test of payroll expense details,
the sample items for the compliance test and/ or compliance control test
should be selected using the sampling method used for the substantive
test. Otherwise, the items should be selected using attribute sampling, as
discussed in FAM 460.02.

As with all sampling applications, the auditor should consider the
completeness of the test population. For efficiency, the auditor should
consider using records that were tested for validity and completeness (as
well as the other financial statement assertions) in conjunction with
substantive tests of payroll or other payroll related compliance tests.
Note 3: If the entity outsources payroll processing, the entity remains

responsible for compliance. Dividing responsibility for payroll processing
activities between the entity and the service organization could make
payroll testing more complicated, although the same testing should be
performed. The auditor may accomplish that testing with the assistance of
the service organization's auditor, who may issue an internal control
report on the service organization under AU 324 (SAS 70). Or the service
organization's auditor may assist the entity auditor by performing agreed-
upon procedures at the service organization (e. g., substantive testing)
under AT 201 (see FAM 660).

Compliance 816 - FEDERAL EMPLOYEES' COMPENSATION ACT

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 816- 1 Note:
Complete this compliance summary or prepare equivalent documentation only
if provisions of the Federal Employees' Compensation Act are considered to
be significant as indicated on Form 802 - General Compliance Checklist.

Name of entity: Compliance Summary Prepared by: Audit period: Reviewed by:
Provision description Objective

Control activities IS (Y/ N) Effective

compliance controls?

Instances of noncompliance noted? 1. If the agency receives a statement
showing

the costs of amounts paid from the Employees' Compensation Fund (the
Fund), the agency shall include a request

for an appropriation to cover such amounts during the next fiscal year
when submitting its budget request. (See note

1.) Type: Procedural- based Ref: 5 U. S. C. 8147 1. The entity's budget
request

includes a request for an appropriation for any amounts paid by the Fund
on the entity's behalf for the prior fiscal year.

[Document the control activities used by the entity to achieve the

objective.] [Is

con trol depen dent on

com puter pro ces

sing?] [Indicate

yes or no; include reference to supporting documenta tion.] [Indicate yes
or no; include reference to supporting documentation.] See Compliance

Audit Program 816 Step 1.

Compliance 816 - Federal Employees' Compensation Act April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 816- 2 Name of entity: Compliance
Summary Prepared by: Audit period: Reviewed by: Provision description

Objective Control activities

IS (Y/ N) Effective

compliance controls?

Instances of noncompliance noted? 2. Amounts appropriated pursuant to the
request (described in 1 above) shall be credited to the Fund within 30
days after

they are available. (See note 2 for entities that are not dependent on
annual

appropriations.) Type: Procedural- based Ref: 5 U. S. C. 8147

2. Appropriations received for the costs of amounts paid out of the Fund
on behalf of the entity are credited to the Fund within 30 days after they
are available.

See Compliance Audit Program

816 Step 1.

Compliance 816 - Federal Employees' Compensation Act April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 816- 3 Note: Complete this program
or prepare equivalent documentation only if provisions of the Federal
Employees' Compensation Act are considered to be significant as indicated
on Form 802 - General Compliance Checklist. The procedures in this program
are designed to test compliance with the provisions listed on the
Compliance Summary for this law.

Name of entity: Audit period: Reviewed by: Audit Procedures Done by/ date

W/ P ref Note: The provisions identified for testing are

procedural- based provisions. As discussed in FAM 460.06, sufficient
procedures usually are performed in conjunction with tests of compliance
controls for these procedural- based provisions to conclude on the
entity's compliance without performing additional procedures. Additional

procedures should not be performed to obtain evidence regarding compliance
with the provisions related to the following objectives unless sufficient
evidence regarding compliance was not obtained during compliance control
tests documented on Form 816 - Compliance Summary. 1. Reference to
conclusions on compliance controls on

Form 816 - Compliance Summary and indicate whether any additional
procedures are necessary.

Compliance 816 - Federal Employees' Compensation Act April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 816- 4 Name of entity: Audit period:
Reviewed by: Audit Procedures Done

by/ date W/ P ref

2. If the entity does not appear to be in compliance based on the results
of tests performed, discuss these matters with OGC and, when appropriate,
the Special Investigator Unit to conclude if noncompliance actually has
occurred and the implications of such noncompliance.

For any noncompliance noted, the auditor should

identify the weakness in compliance controls that allowed the
noncompliance to occur, if not previously identified during compliance
control

testing;

report the nature of any weakness in compliance controls and consider
modification of the opinion on internal control as appropriate (see FAM
580.32-. 61);

consider the implications of any instances of noncompliance on the
financial statements; and

report instances of noncompliance, as appropriate (see FAM 580.67-. 75).
3. Document conclusions on compliance with each

provision on Form 816 - Compliance Summary.

Compliance 816 - Federal Employees' Compensation Act April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 816- 5 Note 1: A statement showing
the total cost of benefits and other payments made

from the Employees' Compensation Fund during the preceding July 1 through
June 30 expense period on account of the injury or death of employees or
individuals under the jurisdiction of the entity is required

to be provided by the Secretary of Labor to the entity by August 15 of
each year. (5 U. S. C. 8147)

Note 2: Entities not dependent on an annual appropriation shall make the
required deposit to Treasury from funds under its control during the first
15 days of October after receipt of the statement showing the costs paid

on the entity's behalf. (5 U. S. C. 8147)

[This page intentionally left blank.]

Compliance 817 * FEDERAL EMPLOYEES' RETIREMENT SYSTEM ACT OF 1986

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 817- 1 Note:
Complete this compliance summary or prepare equivalent documentation only
if provisions of the Federal Employees' Retirement System Act of 1986 are

considered significant as indicated on Form 802 - General Compliance
Checklist. Name of entity: Compliance Summary Prepared by: Audit period:
Reviewed by: Provision description

Objective Control activities

IS (Y/ N) Effective

compliance controls?

Instances of noncompliance noted? 1. For each employee employed after
December 31, 1983, the entity shall withhold 0. 8% of the basic pay of the
employee. (See notes 1 and 2.) Type: Transaction- based

Ref: 5 U. S. C. 8401( 11), 5U. S. C. 8422( a)( 1) 1. The appropriate
amount is withheld from employee's

pay. (See notes 1 and 2.) [Document the control techniques used by the

entity to achieve the objective.]

[Is con

trol depen dent on

com puter pro ces

sing?] [Indicate yes

or no; include reference to supporting documenta tion.] [Indicate yes or
no; include reference to supporting documenta

tion.] See

Compliance Audit Program 817 Step 4( b).

Compliance 817 * Federal Employees' Retirement System Act of 1986

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 817- 2 Name of
entity: Compliance Summary Prepared by: Audit period: Reviewed by:
Provision description

Objective Control activities

IS (Y/ N) Effective

compliance controls?

Instances of noncompliance noted? 2. An amount equal to the employing
agency's

applicable normal cost percentage less the employee deduction rate shall
be contributed by the entity from the appropriation or fund used to pay
the employee. (See note 3.) Type: Transaction- based and

Quantitative- based Ref: 5 U. S. C. 8423( a)( 1) and 5 U. S. C. 8401( 23)
2. The entity contribution for employee retirement is calculated properly,
summarized properly, and

charged to proper appropriation account or fund. (See note 3.)

See Compliance Audit Program

817 Steps 4( c) and 5. 3. Amounts withheld from employees and the sum
contributed by the entity for

retirement benefits shall be deposited in the Treasury to the credit of
the Civil Service Retirement and Disability Fund.

Type: Procedural- based and Quantitative based Ref: 5 U. S. C. 8422( c) 3.
Withholdings from

employees and entity contributions for retirement benefits are properly
summarized and deposited in the Treasury to the credit of the Civil
Service

Retirement and Disability Fund. See

Compliance Audit Program 817 Steps 6 and 7.

Compliance 817 - Federal Employees' Retirement System Act of 1986 April
2003 GAO/ PCIE Financial Audit Manual - Part II Page 817- 3 Note: Complete
this program or prepare equivalent documentation only if provisions of the
Federal Employees' Retirement System Act of 1986 are considered
significant as indicated on Form 802 - General Compliance Checklist. The
procedures in this program are designed to test compliance with the
provisions listed on the Compliance Summary.

Name of entity: Audit period: Reviewed by: Audit Procedures Done by/ date

W/ P ref 1. Based on the preliminary assessment of compliance

control effectiveness (as documented on form 817 - Compliance Summary),
select a sample of expense amounts for individuals' gross pay from the
payroll disbursement records for the audit period for employees covered by
the Federal Employees' Retirement System (FERS). (See note 1.)

(The sample size will vary based on the expected effectiveness of
compliance controls as discussed in FAM 460.02). Document the sampling
approach using the documentation in FAM section 495 E. See note 4
regarding sampling efficiencies and completeness of the sample population.

These tests should be coordinated with other tests of payroll- related
expenses and with the agreed- upon procedures agency auditors perform for
OPM, per OMB audit guidance, if performed. Sample size Sample selection
method

Compliance 817 - Federal Employees' Retirement System Act of 1986 April
2003 GAO/ PCIE Financial Audit Manual - Part II Page 817- 4 Name of
entity: Audit period: Reviewed by: Audit Procedures Done by/ date

W/ P ref 2. For each selection made in 1, document the following

for the pay period selected:

the amount withheld for the cost of retirement benefits,

the amount of basic pay, and

if indicated in the payroll disbursement records, document the retirement
plan under which the withholdings were made (CSRS or FERS). (Only
employees covered by FERS should be included in this compliance test. See
FAM 813 for the CSRS compliance test.)

3. For each item selected in 1, obtain the employee's personnel file and
note the following:

employee hire date,

amount of basic pay, and

the retirement plan under which the employee is covered. 4. For each
selection made in 1,

(a) Compare the amount of basic pay indicated in the employee's personnel
file with the amount indicated in the payroll records and obtain an
explanation and examine support for any differences. (This procedure would
be performed only if not already performed as part of other testing.)

Compliance 817 - Federal Employees' Retirement System Act of 1986 April
2003 GAO/ PCIE Financial Audit Manual - Part II Page 817- 5 Name of
entity: Audit period: Reviewed by: Audit Procedures Done

by/ date W/ P ref

4. (b) Calculate the amount of the withholdings for retirement costs based
on 0.8% of basic pay for most employees (see note 2 for percentages for
certain employees) for the selected pay period and record the amount in
the documentation. Compare to the actual amount withheld for the selected
pay period and obtain an explanation and examine support for any
differences. (5 U. S. C. 8422( a)( 1))

4. (c) Determine whether the entity contributed the correct amount for the
employee's retirement for the selected pay period. Obtain an explanation
and examine support for any differences between the entity contributions
and the amount calculated using OPM's normal cost percentage. (5 U. S. C.
8423( a)( 1) and 5 U. S. C. 8401( 23))

Compliance 817 - Federal Employees' Retirement System Act of 1986 April
2003 GAO/ PCIE Financial Audit Manual - Part II Page 817- 6 Name of
entity: Audit period: Reviewed by: Audit Procedures Done by/ date

W/ P ref 5. Determine if amounts contributed by the entity are

charged to the appropriation or fund used to pay the employee for the
selected pay period by performing the following procedures:

(a) Review the accounting codes indicated on the supporting documentation.

(b) Determine whether the accounting codes used to record the entity
contribution are the same as those used for the related payroll
expenditure and whether the codes and amounts agree to those recorded in
the budgetary accounting records. (This step assumes other payroll testing
would

have included checking that the codes represent the proper appropriation.)

(c) Consider the procedures performed on the entity's budget controls over
summarization of expenditure balances as discussed in FAM 395 F. If the
auditor has assessed the entity's controls as effective in achieving the
control objective of summarization of expenditure balances, further
procedures are not necessary to obtain assurance as to whether the
entity's contributions are paid out of the proper appropriation account.

If the auditor has assessed the controls as ineffective, the auditor
should perform procedures to determine whether the entity has properly

summarized the expenditure balances as described in FAM 495 B. (5 U. S. C.
8423( a)( 1))

Compliance 817 - Federal Employees' Retirement System Act of 1986 April
2003 GAO/ PCIE Financial Audit Manual - Part II Page 817- 7 Name of
entity: Audit period: Reviewed by: Audit Procedures Done

by/ date W/ P ref

6. Determine whether the entity has effective controls over the proper
summarization of the amounts withheld from employees for retirement costs
under this law and the entity contributions for remittance to Treasury. If
the entity does not have effective controls for summarization, test the
summarization of the totals that include the items selected for testing in
step 1.

7. Compare the combined totals of employee withholdings and entity
contributions that include each selection made in step 1 to the deposit
made to Treasury and the remittance sent to OPM and obtain explanation and
examine support for any differences. The funds should be deposited in the
Treasury to the credit of the Civil Service Retirement and Disability
Fund. (5 U. S. C. 8422( c) and 5 U. S. C. 8401( 6))

Compliance 817 - Federal Employees' Retirement System Act of 1986 April
2003 GAO/ PCIE Financial Audit Manual - Part II Page 817- 8 Name of
entity: Audit period: Reviewed by: Audit Procedures Done by/ date

W/ P ref 8. If the entity does not appear to be in compliance based

on the results of tests performed, discuss these matters with OGC and,
when appropriate, the Special Investigator Unit to conclude if
noncompliance actually has occurred and the implications of such
noncompliance.

For any noncompliance noted, the auditor should

identify the weakness in compliance controls that allowed the
noncompliance to occur, if not previously identified during compliance
control

testing;

report the nature of any weakness in compliance controls and consider
modification of the conclusion on internal control as appropriate (see FAM
580.32- .61);

consider the implications of any instances of noncompliance on the
financial statements; and

report instances of noncompliance, as appropriate (see FAM 580.67-. 75).

9. Document conclusions on compliance with each provision on Form 813 -
Compliance Summary.

Compliance 817 - Federal Employees' Retirement System Act of 1986 April
2003 GAO/ PCIE Financial Audit Manual - Part II Page 817- 9 Note 1:
Employees may be covered by the Civil Service Retirement Act

(CSRS) or the Federal Employees' Retirement System Act (FERS), generally
depending on their employment dates. Note 2: For most employees, the
percentage to be withheld is 0.8 percent (7

percent less the Social Security tax rate). For congressional employees,
Members of Congress, and law enforcement officers, firefighters, air
traffic controllers, and nuclear materials couriers, the withholding rates
are higher. (See 5 U. S. C. 8422( a)( 1).).

Note 3: The Office of Personnel Management (OPM) computes the normal cost
percentage. For FY 2002, it is 11.5 percent for regular employees. For
congressional employees, Members of Congress, and law enforcement
officers, firefighters, air traffic controllers, and nuclear materials
couriers, the normal cost percentages are higher. OPM lists the
percentages in its Benefits Administration Letters, accessible on its
Internet site, http:// www. opm. gov/ asd/ htm/ bal01. htm (where the 2
digits after "bal" represent the calendar year of the

letters). (5 U. S. C. 8401( 23)) Note 4: If multipurpose testing is used
for the compliance test and/ or

compliance control test and a substantive test of payroll expense details,
the sample items for the compliance test and/ or compliance control test
should be selected using the sampling method used for the substantive
test. Otherwise, the items should be selected using attribute sampling, as
discussed in FAM 460.02.

As with all sampling applications, the auditor should consider the
completeness of the test population. For efficiency, the auditor should
consider using records that were tested for validity and completeness (as
well as the other financial statement assertions) in conjunction with
substantive tests of payroll or other payroll related compliance tests.

Note 5: If the entity outsources payroll processing, the entity remains
responsible for compliance. Dividing responsibility for payroll processing
activities between the entity and the service organization could make
payroll testing more complicated, although the same testing should be
performed. The auditor may accomplish that

testing with the assistance of the service organization's auditor, who may
issue an internal control report on the service organization under AU 324
(SAS 70). Or the service organization's auditor may assist the entity
auditor by performing agreed- upon procedures at the

Compliance 817 - Federal Employees' Retirement System Act of 1986 April
2003 GAO/ PCIE Financial Audit Manual - Part II Page 817- 10 service
organization (e. g., substantive testing) under AT 201 (see FAM 660).

[This page intentionally left blank.]

Substantive Testing 902 - RELATED PARTIES, INCLUDING

INTRAGOVERNMENTAL ACTIVITY AND BALANCES

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 902- 1 .01 This
section provides detailed guidance on the procedures that the auditor
should

perform with respect to related parties, as described in FAM sections 280
and 550. AU 334 (SAS No. 45) provides general guidance on the procedures
that should be performed to identify related party relationships and
transactions so that the auditor may satisfy him or herself that they are
appropriately accounted for and disclosed. In addition, the American
Institute of Certified Public Accountants (AICPA) has issued a toolkit for
accountants and auditors titled , Accounting and

Auditing for Related Parties and Related Party Transactions 1 . This
toolkit includes selected authoritative accounting and auditing
literature, an illustrative audit program, disclosure checklist,
confirmation letter, and letter to other auditors and is available at the
AICPA's website: http:// www. aicpa. org/ news/ relpty1. htm.

.02 The federal government in its entirety is an economic entity. Federal
entities are components of the U. S. government; therefore, transactions
between federal entities are considered intragovernmental. Within the
federal government, many reporting entities rely on other federal entities
to help them achieve their missions and fulfill their operating
objectives. These arrangements may be voluntary, stipulated by law, or
established by mutual agreement of the entities involved and may not be
carried out on an arm's- length basis. In many cases, the entity receiving
goods or services will reimburse the providing entity in accordance with
some agreed- upon price, which may or may not represent market value.
Often, however, one entity provides goods or services to another entity
free of charge (without reimbursement). For example, the General Services
Administration, in some cases, provides property management services and
contract award and administration to other entities without charge.

.03 In addition, certain federal entities can significantly influence the
operating policies of the transacting entities. For example, the Office of
Management and Budget (OMB) provides policy and/ or general management
guidance to other federal entities, and the Office of Personnel Management
(OPM) helps federal entities recruit nationwide and sets human resources
management rules with the

1 These tools are based on the best practices guidance received from the
participating accounting and auditing firms and the AICPA publication,
Practice Alert No. 95- 3, Auditing Related Parties and Related Party
Transactions, which is available at http:// www. aicpa. org/ members/ div/
secps/ lit/ practice/ 953. htm .

Substantive Testing 902 - Related Parties, Including Intragovernmental
Activity and Balances

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 902- 2 federal
entities' involvement; administers the systems for setting federal

compensation and benefits; manages federal employee health and life
insurance programs; and operates the retirement program for federal
employees. .04 Thus, in the federal government, the most significant
related parties are other

federal government entities. Other possible related parties outside of the
federal government include states, members of the entity's management, and
individuals and firms with which members of management may be related.

.05 The auditor should consider the possible existence of related parties
with material activity and balances that could affect the financial
statements, including intragovernmental activity and balances. The
identification of related parties and activity and balances is important
because of (1) the requirement under U. S. generally accepted accounting
principles to disclose material related- party transactions and certain
control relationships, (2) the instances of fraudulent financial reporting
and misappropriation of assets that have been facilitated by

the use of an undisclosed related party, and (3) the potential for
distorted or misleading financial statements in the absence of adequate
disclosure.

.06 The reason for disclosing related party information is that financial
statement users may need that information to make informed judgments. As
stated above, if parties are related, the transactions between them may
not be based on an arm'slength relationship. For example, certain goods or
services may be donated or be at an amount that does not represent market
value, thus affecting the cost of the receiving entity's operations. In
addition, if the entity has transactions with another entity based on a
common control situation, such as when the entity controls or can
significantly influence the management or operating policies of the
transacting entity, the users of financial statements should know the
nature of the relationship since this control relationship could result in
operating results or

financial positions significantly different from those that would have
been achieved in the absence of such relationship.

.07 Disclosures generally should include the nature of the relationship
between the entity and its related parties, a description of the
transactions, including donations, dollar amounts of transactions that
occurred during the period, and amounts due to or from related parties as
of the end of the period. Disclosures could include aggregation of similar
transactions by type. In cases of common

control relationships, the nature of the control relationship generally
should be disclosed even if there are no transactions between the
entities. Disclosure of related party transactions is not required for
transactions between components of the audited entity that are eliminated
in consolidation. However, if separate

statements of the components are issued, the disclosures should be
presented in the separate component statements.

Substantive Testing 902 - Related Parties, Including Intragovernmental
Activity and Balances

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 902- 3 .08 The
following paragraphs discuss intragovernmental activity and balances, then

other related parties. INTRAGOVERNMENTAL ACTIVITY AND BALANCES

.09 Intragovernmental amounts represent activity and balances within or
between federal entities. Intradepartmental amounts are activity and
balances within the same department (a department here means any
department, agency, administration or other entity designated by OMB as a
financial reporting entity that is not part of a larger financial
reporting entity other than the government as

a whole). Interdepartmental amounts are activity and balances between two
different departments. The intradepartmental and interdepartmental amounts
are subsets of intragovernmental activity and balances.

.10 Intragovernmental activity includes:

Intragovernmental fiduciary transactions such as * Transactions with the
Department of Labor (Labor) relating to the Federal

Employee's Compensation Act, including routine payments to Labor; 
Transactions with the OPM relating to employee benefit programs (the

Federal Employees' Retirement System, the Civil Service Retirement System,
and federal employees' life insurance and health benefits programs)
including routine payments, imputed financing, and accruals;

 Investments in federal securities issued by Treasury's Bureau of the
Public Debt, including interest accruals, interest income and expense, and
amortization of premiums and discounts; and

 Borrowings from the Treasury and the Federal Financing Bank, including
interest accruals, interest income, and expenses;

Goods and services provided from one federal entity to another (trade
transactions) including any related revenues earned, costs incurred, and
reimbursable costs (including both interdepartmental and intradepartmental
activity);

Transfers between entities based on agreements or legislative authority,
expended appropriations, taxes and fees collected, collections for others,
accounts receivable from appropriations, transfers payable, and custodial

Substantive Testing 902 - Related Parties, Including Intragovernmental
Activity and Balances

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 902- 4 revenue
(including both interdepartmental and intradepartmental activity);

and

Imputed costs such as fiduciary transactions with OPM and Labor mentioned
above and costs of litigation paid by the judgment fund (including both
interdepartmental and intradepartmental activity).

.11 Activity and balances between federal entities (interdepartmental
transactions) should be eliminated at the U. S. Government's Consolidated
Financial Statements level, while the activity and balances within the
same department

(intradepartmental) should be eliminated at the department's consolidated
financial statements level.

Accounting and Reporting Guidance .12 In accounting for and reporting of
related parties, including intragovernmental activity and balances, the
entity should refer to Statements of Federal Financial Accounting
Standards (SFFAS), Statements of Financial Accounting Standards, OMB
guidance, and Treasury guidance. The following paragraphs illustrate these

relevant documents. .13 SFFAS No. 4, Managerial Cost Accounting Concepts
and Standards, and related

interpretations address the accounting standards for interentity cost
activities. SFFAS No. 5, Accounting for Liabilities of the Federal
Government, addresses interentity liabilities, including federal debt,
pensions and retirement benefits. Also, SFFAS No. 7, Accounting for
Revenue and Other Financing Sources and Concepts for Reconciling Budgetary
and Financial Accounting, addresses interentity revenue and requires
disclosure of the nature of intragovernmental exchange transactions in
which an entity provides goods or services at a price less than full cost
or does not charge a price at all. The reporting entities should also
consult with the funding and administering agencies, such as OPM, for
information needed to properly record interentity costs. Note that SFFAS
No. 4 directs OMB to designate the costs of goods and services received
from other departments that should be recognized, which it has done in the
guidance mentioned below.

.14 Statement of Financial Accounting Standards No. 57, Related Party
Disclosures, defines related parties and provides examples of related
party transactions and general guidance on disclosures of transactions
between related parties. Footnote disclosures generally should include
disclosure of the nature of the relationship between the entity and its
related parties, a description of the transactions, including donations,
dollar amounts of transactions that occurred during the period, and
amounts due to or from related parties as of the end of the period.

Substantive Testing 902 - Related Parties, Including Intragovernmental
Activity and Balances

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 902- 5 .15 The
OMB bulletin titled Form and Content of Agency Financial Statements
indicates that federal entities should:

Present intragovernmental amounts by trading partner (reciprocal federal
entity) as required supplementary information (RSI). Intragovernmental
asset and liability categories reported as RSI should agree with the

intragovernmental asset and liability line items reported on the balance
sheet. The intragovernmental RSI may be limited to the consolidated
departmentwide financial statements of the Chief Financial Officers (CFO)
Act departments and agencies covered by the form and content bulletin. The

intragovernmental RSI reporting requirement does not extend to federal
components that are required to prepare financial statements. All amounts
should be net of intraentity transactions.

Reconcile intragovernmental asset, liability, and revenue amounts reported
as RSI with their trading partners; and

Report intragovernmental gross cost to generate earned revenue from trade
transactions, as well as total entity gross cost and earned revenue, by
budget functional classification.

OMB also has issued a memorandum titled Business Rules for
Intragovernmental Transactions that requires agencies to use the same
methodology in accounting for certain intragovernmental transactions,
which should help in reconciliation.

.16 To emphasize the agency management's responsibility for identifying
intragovernmental activity and balances and reconciling data with relevant
trading partners, the entity should include specific representations in
the management representation letter that intragovernmental, including
intradepartmental, transactions have been properly accounted for,
reconciled with trading partners, and disclosed (see FAM section 1001). If
such disclosure is included in the financial statements and the auditor
believes that the disclosure is not supported by management, or if
management refuses to disclose related party transactions, the auditor
generally should give a qualified or adverse opinion because of the
inadequate disclosure, depending on materiality, and include the necessary
disclosures in a separate paragraph in the audit report.

.17 Treasury Financial Manual (TFM) section "Federal Intragovernmental
Transactions Process" and the Federal Intragovernmental Transactions
Accounting Policies Guide (Guide) provide governmentwide procedures for
federal entities to account for and reconcile transactions occurring
within and between each other. The procedures in these guides do not apply
to transactions

Substantive Testing 902 - Related Parties, Including Intragovernmental
Activity and Balances

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 902- 6 between
federal entities and nonfederal entities. The TFM and the Guide are

available at the Treasury/ Financial Management Service's (FMS) websites
(http:// fms. treas. gov/ tfm/ vol1/ v1p2c400. html and http:// www. fms.
treas. gov/ cfs/ dev/ index. html).

.18 The TFM includes procedures for CFO Act departments to reconcile and
confirm with their trading partners intragovernmental activity and
balances as of and for the fiscal year ended September 30. Each
department's CFO is to provide the department Inspector General (IG) with
representations indicating whether the department completed the
reconciliation. In addition, the department is to describe noncompliance
with the reconciliation requirements. (See TFM.) These CFO representations
should be included in the management representation letter (see above).

.19 The Guide provides detailed guidance on accounting and reconciling
intragovernmental balances. According to the Guide, federal entities
should identify trading partners 2 for all intragovernmental transactions
and accumulate detail and summary information for each activity by trading
partner from their accounting records. The trading partner code may be
incorporated (1) as part of account coding classification or (2) in the
customer/ vendor identification code in

accounts receivable and payable systems. These codes are the same as the
Treasury index agency code used by the Treasury to prepare the
governmentwide consolidated financial statements. If the two- digit
Treasury index agency code is not adequate to identify the trading
partner, entities may expand the partner code to components below the
department level and communicate these codes to their trading partners.

.20 Federal entities also should use Standard General Ledger (SGL) account
attributes to indicate the nature of account balances and to identify
intragovernmental transactions. For example, the federal "F" and
nonfederal "N" attributes used in conjunction with an SGL account in the
Federal Agencies' Centralized Trial Balance System (FACTS) I submissions
enable Treasury/ FMS to prepare elimination entries for the governmentwide
financial statements. When the federal attribute "F" is used with an SGL
account, a trading partner should be designated for each transaction
posted to the account.

Audit History .21 Prior years' audits of several federal entities'
financial statements have identified instances where entities did not
identify, summarize, or reconcile 2 Trading partners are agencies,
bureaus, programs or other entities (within or

between entities) participating in transactions with each other.

Substantive Testing 902 - Related Parties, Including Intragovernmental
Activity and Balances

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 902- 7
intragovernmental activity and balances by trading partner. Controls over
the

intragovernmental transactions were not adequate. For example, one
department instructed its components to make buyer's intragovernmental
transaction amounts agree with seller's information without requiring an
adequate reconciliation or verification if goods or services were
provided. Similar issues were also identified concerning activity and
balances within the same entity

(intradepartmental). Accordingly, there was no assurance that the entity
records contained fairly stated balances.

Intragovernmental Payment and Collection (IPAC) System 3 .22 IPAC is the
primary method used by most federal entities to electronically bill and/
or pay for services and supplies within the government, and to communicate
to the Treasury and the trading partner agency that the online billing
and/ or payment for services and supplies has occurred. IPAC, however, is
not intended to be a control over the intragovernmental transactions
(reciprocal accounts). The auditor should understand that IPAC was not
designed as an accounting system and does not require trading partners to
record transactions at the same time or in the same amounts. In addition,
unreconciled IPAC differences could affect the existence and completeness
of intragovernmental activity and balances.

.23 The IPAC billing entity initiates an IPAC transaction either as a
collection or a payment. The IPAC customer entity receives an IPAC
transaction either as a payment or a collection. Monthly, the Treasury
compares the customer and billing entities' Statement of Transactions with
the IPAC data. If there is a difference, a Statement of Differences,
including a detailed list of all transactions charged or credited to a
particular agency location code, is generated monthly. Entities should
investigate the differences and make any necessary corrections on their
next Statement of Transactions.

.24 The auditor should examine the entity's IPAC reconciliation procedures
to determine if the entity performs the reconciliation and researches and
resolves differences reflected on the statement of differences properly
and timely. The

auditor may coordinate with the Fund Balance with Treasury (FBWT)
procedures to assess the effectiveness of the entity's IPAC
reconciliation. .25 The auditor should also design procedures to
understand whether the entity uses other systems (standard forms used to
transfer funds between appropriations,

credit cards, and others) in addition to the IPAC system to process
intragovernmental activity and balances. The auditor should determine
whether

3 The Intragovernmental Payment and Collection (IPAC) system replaced the
Online Payment and Collection (OPAC) system in December 2001.

Substantive Testing 902 - Related Parties, Including Intragovernmental
Activity and Balances

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 902- 8 these
systems affect the fairness of intragovernmental activity and balances.
(See

audit procedures below and FAM section 902 C.)

Audit Procedures .26 The auditor should consider audit risk and
materiality in determining the nature, timing, and extent of procedures
for auditing intragovernmental activity and balances and in evaluating the
results of these procedures. Throughout the audit, the auditor should
consider the possible existence of material intragovernmental activity and
balances that could affect the financial statements. The auditor should
evaluate all the information available concerning material
intragovernmental activity and balances and determine that the financial
statement disclosures are adequate and appropriate.

.27 During the planning phase, the auditor should assess inherent, fraud,
and control risk. In assessing the inherent risk related to
intragovernmental activity and balances, there are several conditions that
the auditor should consider. For example, inherent risk may exist because
of the nature of the intragovernmental activity, such as a significant
volume of transactions and number of trading partners or complex
transactions. The auditor should assess the impact of inherent and control
risk on control testing and substantive testing. The auditor

should determine whether similar conditions continue to exist and
understand management's response to such conditions.

.28 In assessing inherent and control risk, the auditor should obtain an
understanding of management responsibilities and the relationship of each
component to the total department and of each department to other
departments. The auditor should obtain an understanding of the entity's
operations to identify, respond to, and resolve accounting and auditing
problems early in the audit. For example, the auditor should know what
trading partners the entity has, the nature of intragovernmental
transactions that occur, the volume and dollar amount of transactions, and
management's attitude and awareness with respect to

reconciliations of intragovernmental activity and balances. .29 The
auditor should assess the effectiveness of the entity's internal control
over

intragovernmental activity and balances. The auditor should identify the
policies and procedures that pertain to the entity's ability to record,
process, summarize, and report intragovernmental activity and balances by
trading partner. The agency should emphasize the importance of identifying
and classifying intragovernmental transactions by trading partner when
they are initiated and on all documentation thereafter; without this
initial identification, the system will not be able to keep track of them.

Substantive Testing 902 - Related Parties, Including Intragovernmental
Activity and Balances

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 902- 9 .30
Without proper and timely reconciliation of intragovernmental activity and

balances, misstatements in these account balances at the component and/ or
department level could materially affect the balances at the
governmentwide level (as well as at the department or component level). In
addition, when preparing consolidated financial statements, the preparer
must eliminate intragovernmental activity and balances within and between
departments or components. Because the amounts reported for entity trading
partners for certain intragovernmental

accounts could be significantly out of balance, the preparer would not be
able to eliminate these accounts in the consolidated financial statements.
The auditor may advise the entity about the need for monthly confirmation
and reconciliation of these transactions with trading partners. Annual or
quarterly reconciliations are generally not sufficient to detect and
resolve misstatements promptly.

.31 If the auditor determines that the entity's reconciliation control for
intragovernmental transactions is not effectively designed and placed in
operation, the auditor should consider the effect on the financial
statements. Where intragovernmental transactions are or could be material,
significant additional work is usually necessary to express an unqualified
opinion. In some cases where the auditor finds material weaknesses in the
intragovernmental

reconciliation control and no other mitigating controls exist, the auditor
may decide to modify the audit opinion (see FAM section 580).

.32 The TFM contains agreed- upon procedures for the department inspectors
general to perform for federal intragovernmental activity and balances.
These procedures are intended to assist with accounting for and
eliminating intragovernmental activity and balances in the preparation of
department and governmentwide financial statements and reports. The IG
should perform these procedures regardless of the opinion on the
department consolidated financial statements.

.33 To avoid duplicate procedures, the auditor should consider the agreed-
upon procedures contained in the TFM when designing the tests for
intragovernmental activity and balances. Examples of the account risk
analysis (ARA), specific control evaluation (SCE), and audit procedures
for the audit of intragovernmental activity and balances are in sections
902 A, 902 B, and 902 C. The ARA, SCE( s), and audit procedures generally
should be customized for the particular entity. For example, if the
auditor determines that the intragovernmental accounts receivable line
item is significant, the auditor generally should prepare a separate

ARA, SCE( s), and audit procedures for the intragovernmental accounts
receivable account and its related accounting applications. (Note that a
single SCE for a line- item/ account- related accounting application is
presented. There are likely transaction- related accounting applications
listed on the ARA that also would have SCEs.) In addition, to improve
efficiency, the auditor may coordinate tests

Substantive Testing 902 - Related Parties, Including Intragovernmental
Activity and Balances

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 902- 10 of
intragovernmental activity and balances with tests of nonfederal activity
and

balances.

OTHER RELATED PARTIES

.34 To effectively plan and perform an audit, the auditor should
understand the entity's organization and its characteristics. The auditor
should consider the possible existence of other related parties and other
related party transactions throughout the audit to satisfy him or herself
that they are properly accounted for

and disclosed (see paragraph 902.07). Other related parties may include
states that federal entities made payments to in carrying out or executing
their federal programs. Examples of these programs are Department of
Health and Human Services grants to states for Medicaid, 4 Department of
Transportation Federal Highway Administration programs such as federal aid
for highways and highway safety construction programs, and Department of
Labor State Unemployment Insurance and Employment Service Operations.

.35 The auditor may attempt to detect these relationships by inquiry of
management, reviewing major contracts/ agreements, and reading financial
disclosure statements. The documentation generally should include the
names of related parties so all audit staff may become aware of
transactions with them. Work done to test transactions with such parties
may be coordinated with sensitive payments work, as discussed in paragraph
280.05.

.36 In addition to the procedures on related parties, the auditor also
generally should inquire about other parties that may not be related
parties, but that the agency may wish to disclose because of a public
perception that they might be related, although professional standards do
not require disclosure if the parties are not related (as defined in AU
334). Section 902 C shows examples of audit

procedures for other related parties as well as for intragovernmental
activity and balances. The steps should be customized for the particular
audited entity.

PRACTICE AIDS

.37 The following practice aids are appended:

Section 902 A * Example Account Risk Analysis (ARA),

Section 902 B * Example Specific Control Evaluation (SCE), and

Section 902 C * Example Audit Procedures 4 Medicaid assists states in
providing medical care to their low- income populations by granting
federal matching payments under the Social Security Act to states with
approved plans.

Substantive Testing 902 A - EXAMPLE ACCOUNT RISK ANALYSIS FOR
INTRAGOVERNMENTAL ACTIVITY AND

BALANCES

Entity: Agency Date of Financial Statements: September 30, 20xx

Line Item: Intragovernmental balances Preparer: . ACCOUNT RISK ANALYSIS
FORM

Region: .

File: Date: Page 1 of 7 April 2003 GAO/ PCIE Financial Audit Manual - Part
II Page 902 A- 1

PLANNING PHASE INTERNAL CONTROL PHASE TESTING PHASE Account Financial
statement

assertions / risks Inherent, fraud, and control

risk factors Cycle/ accounting application Effective- ness of control

activities Con trol risk Com

bined risk Tim- ing I/ F

Nature & extent W/ P

ref.& audit step

Name Balance Intragov ernmental assets,

liabilities, revenues,

expenses Existence or occurrence Recorded intragovernmental balances do
not exist. Inherent risk arises from (1) the nature of intra governmental
transactions,

which is susceptible to errors because of the signi ficant high volume of
trans

actions (and dollar amounts) and number of multiple reporting entities/

trading partners, and (2) prior years' significant

Cycles Revenues,

Expenses, various Accounting applications Receipts,

Disburse ments,

Accounts Receivable,

F Confirm balances with trading partners.

Review the reconciliation of intragovernmen tal accounts by trading
partners and reconciling items. Verify that

III. A & B. 1. c III. A

Substantive Testing 902 A - Example Account Risk Analysis for
Intragovernmental Activity and Balances Entity: Agency

Date of Financial Statements: September 30, 20xx Line Item:
Intragovernmental balances

Preparer: .

ACCOUNT RISK ANALYSIS FORM

Region: . File: Date: Page 2 of 7 April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 902 A- 2

PLANNING PHASE INTERNAL CONTROL PHASE TESTING PHASE Account Financial
statement

assertions / risks Inherent, fraud, and control

risk factors Cycle/ accounting application Effective- ness of control

activities Con trol risk Com

bined risk Tim- ing I/ F

Nature & extent W/ P

ref.& audit step

Name Balance audit adjustments relating to intragovernmental transactions.
Control risk arises from

(1) prior years' material weaknesses in accounting and reporting where the
agency was not able to identify, classify, and summarize intragovern
mental transactions by trading partners, and (2) management's attitude in
not enforcing the recon

ciliation procedures. Accounts

Payable, various the reconciliation

was reviewed. Determine if adjustments

made to accounts are proper and

timely. Review

elimination entries and verify

that they were reviewed. Review pre

arranged trading partner

agreements. III. E I. 4

Substantive Testing 902 A - Example Account Risk Analysis for
Intragovernmental Activity and Balances Entity: Agency

Date of Financial Statements: September 30, 20xx Line Item:
Intragovernmental balances

Preparer: .

ACCOUNT RISK ANALYSIS FORM

Region: . File: Date: Page 3 of 7 April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 902 A- 3

PLANNING PHASE INTERNAL CONTROL PHASE TESTING PHASE Account Financial
statement

assertions / risks Inherent, fraud, and control

risk factors Cycle/ accounting application Effective- ness of control

activities Con trol risk Com

bined risk Tim- ing I/ F

Nature & extent W/ P

ref.& audit step

Name Balance Completeness

Same as existence above, and control risk also arises

from the lack of management's oversight relating to the

intragovernmental transactions and balances adjustments made to the
financial statements and required supplementary information.

Same as existence above

F Same as existence above.

Review customer and vendor files and receipt/ disbursement records for

related parties. Test cut- off:

search for unre corded trans

actions (e. g., review trans

actions after yearend to Same as above.

I. 4 & III. B to D

III. B. 1. d

Substantive Testing 902 A - Example Account Risk Analysis for
Intragovernmental Activity and Balances Entity: Agency

Date of Financial Statements: September 30, 20xx Line Item:
Intragovernmental balances

Preparer: .

ACCOUNT RISK ANALYSIS FORM

Region: . File: Date: Page 4 of 7 April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 902 A- 4

PLANNING PHASE INTERNAL CONTROL PHASE TESTING PHASE Account Financial
statement

assertions / risks Inherent, fraud, and control

risk factors Cycle/ accounting application Effective- ness of control

activities Con trol risk Com

bined risk Tim- ing I/ F

Nature & extent W/ P

ref.& audit step

Name Balance determine if they were recorded in

the correct fiscal year). Review the results of FBWT

accounts recon ciliation, specifi

cally with unre conciled IPAC

transactions and suspense accounts.

Review results of AUP related to III. B. 1. d

IV. 5

Substantive Testing 902 A - Example Account Risk Analysis for
Intragovernmental Activity and Balances Entity: Agency

Date of Financial Statements: September 30, 20xx Line Item:
Intragovernmental balances

Preparer: .

ACCOUNT RISK ANALYSIS FORM

Region: . File: Date: Page 5 of 7 April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 902 A- 5

PLANNING PHASE INTERNAL CONTROL PHASE TESTING PHASE Account Financial
statement

assertions / risks Inherent, fraud, and control

risk factors Cycle/ accounting application Effective- ness of control

activities Con trol risk Com

bined risk Tim- ing I/ F

Nature & extent W/ P

ref.& audit step

Name Balance employee benefits and

FACTS I verification. Valuation or allocation Intragovernmental balances
are not valued accurately or on an appropriate basis in the financial
statements.

Same as existence above Same as existence

above F Same as

existence and completeness. Review basis of pricing signifi

cant intragovern mental transac

tions for approp riate disclosure.

Same as above.

I. 4. a. ii & iii & IV. 1 &

2

Substantive Testing 902 A - Example Account Risk Analysis for
Intragovernmental Activity and Balances Entity: Agency

Date of Financial Statements: September 30, 20xx Line Item:
Intragovernmental balances

Preparer: .

ACCOUNT RISK ANALYSIS FORM

Region: . File: Date: Page 6 of 7 April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 902 A- 6

PLANNING PHASE INTERNAL CONTROL PHASE TESTING PHASE Account Financial
statement

assertions / risks Inherent, fraud, and control

risk factors Cycle/ accounting application Effective- ness of control

activities Con trol risk Com

bined risk Tim- ing I/ F

Nature & extent W/ P

ref.& audit step

Name Balance Rights and obligations

The agency does not have rights to recorded intragovernmental balances.
Same as existence above Same as existence

above F Review confirma tions for indica

tion of any disputes. Review pre

arranged agree ments between trading partners.

Review manage ment and legal representation

letters to determine if any obligations are

not properly disclosed. I. 4. a. ii & III. A B

I. 4. a. iv IV. 3

Substantive Testing 902 A - Example Account Risk Analysis for
Intragovernmental Activity and Balances Entity: Agency

Date of Financial Statements: September 30, 20xx Line Item:
Intragovernmental balances

Preparer: .

ACCOUNT RISK ANALYSIS FORM

Region: . File: Date: Page 7 of 7 April 2003 GAO/ PCIE Financial Audit
Manual - Part II Page 902 A- 7

PLANNING PHASE INTERNAL CONTROL PHASE TESTING PHASE Account Financial
statement

assertions / risks Inherent, fraud, and control

risk factors Cycle/ accounting application Effective- ness of control

activities Con trol risk Com

bined risk Tim- ing I/ F

Nature & extent W/ P

ref.& audit step

Name Balance Presentation and disclosure Intragovernmental balances are
not properly classified or disclosed in the

financial statements, or based on a consistent application

of accounting guidance. Same as existence and completeness above Same as
existence

above F Determine if the agency approp riately classifies,

summarizes, and discloses, intra

governmental accounts in finan cial statements,

related disclo sures, and RSI, in

accordance with SFFAS (GAAP) and OMB and

Treasury gui dance for intra

governmental accounting. I. 2 & IV

[This page intentionally left blank.]

Substantive Testing 902 B - EXAMPLE SPECIFIC CONTROL EVALUATION FOR
INTRAGOVERNMENTAL

ACCOUNTS

Entity: Agency Date of Financial Statements:

September 30, 20xx Accounting application:

Intragovernmental accounts

SPECIFIC CONTROL EVALUATION

Preparer: . (Line Item/ Account- Related) Region: . File:

Date: Page 1 of 11 April 2003 GAO/ PCIE Financial Audit Manual - Part II
Page 902 B- 1 Accounting application

assertions Relevant

assertions in line items Potential misstatements in accounting application

assertions Control objectives Internal control activities IS (Y/ N)
Effective ness of control

activities W/ P ref,

control testing

step various various Existence or occurrence

various various Substantiation

1. Recorded intragovernmental assets and liabilities do not exist at a
given date.

1a. Recorded intragovernmental assets and liabilities should exist at a
given date.

1. Quarterly, intragovernmental balances recorded in the agency's general
ledgers are confirmed and reconciled with trading partners.

2. The agency and trading partners work together to exchange data/ correct
errors promptly concerning the intragovernmental balances. N

N II. 1. g- i

II. 1. g- i

Substantive Testing 902 B - Example Specific Control Evaluation for
Intragovernmental Accounts

Entity: Agency Date of Financial Statements:

September 30, 20xx Accounting application:

Intragovernmental accounts

SPECIFIC CONTROL EVALUATION

Preparer: . (Line Item/ Account- Related) Region: . File:

Date: Page 2 of 11 April 2003 GAO/ PCIE Financial Audit Manual - Part II
Page 902 B- 2 Accounting application

assertions Relevant

assertions in line items Potential misstatements in accounting application

assertions Control objectives Internal control activities IS (Y/ N)
Effective ness of control

activities W/ P ref,

control testing

step various various 3. Reconciliation adjustments and

supporting documents are reviewed and approved by authorized personnel
before being entered in the general ledgers. 4. Reconciliation between
intragovernmental general ledger balances and subsidiary ledger balances
are performed quarterly

and reviewed by supervisory personnel. N

Y III. A. 1- 7

III. A. 1- 7

Substantive Testing 902 B - Example Specific Control Evaluation for
Intragovernmental Accounts

Entity: Agency Date of Financial Statements:

September 30, 20xx Accounting application:

Intragovernmental accounts

SPECIFIC CONTROL EVALUATION

Preparer: . (Line Item/ Account- Related) Region: . File:

Date: Page 3 of 11 April 2003 GAO/ PCIE Financial Audit Manual - Part II
Page 902 B- 3 Accounting application

assertions Relevant

assertions in line items Potential misstatements in accounting application

assertions Control objectives Internal control activities IS (Y/ N)
Effective ness of control

activities W/ P ref,

control testing

step various various 1b. Recorded intragovernmental assets and liabilities
of the entity, at a given date, should be supported by appropriate
detailed

records that are accurately summarized and reconciled to the account
balance. 1. Same as 1a. above.

2. The agency maintains the transaction logs and detailed

records of transactions to facilitate the reconciliation process and to
provide sufficient information for the location of the supporting
documents.

Y Same as above.

II. 1. l 1c. Access to intragovernmental assets, critical forms,

records, and processing and storage areas should be permitted only in

accordance with laws, regulations, and

management's policy. 1. The agency's critical forms and records are
protected by safes

and locks, guards, cameras, alarm systems, and backup of electronic data.
2. Changes made to the trading

partner codes file are restricted to authorized accounting personnel. Y

Y Example

control tests are

omitted from the

example audit pro cedures.

Substantive Testing 902 B - Example Specific Control Evaluation for
Intragovernmental Accounts

Entity: Agency Date of Financial Statements:

September 30, 20xx Accounting application:

Intragovernmental accounts

SPECIFIC CONTROL EVALUATION

Preparer: . (Line Item/ Account- Related) Region: . File:

Date: Page 4 of 11 April 2003 GAO/ PCIE Financial Audit Manual - Part II
Page 902 B- 4 Accounting application

assertions Relevant

assertions in line items Potential misstatements in accounting application

assertions Control objectives Internal control activities IS (Y/ N)
Effective ness of control

activities W/ P ref,

control testing

step various various Complete ness

various various Account Completeness

2. Intragovernmental assets and liabilities of the entity exist but are
omitted from the

financial statements. 2. All intragovernmental accounts that belong in the
financial state ments should be so

included. There should be no undisclosed

assets or liabilities. Same as existence above.

1. The agency reviews all transac tions to identify and properly code
intragovernmental transactions.

2. The agency reconciles and resolves IPAC differences (and differences
from other systems/ methods, if any, used to process intragovernmental
transactions) promptly and records

adjustments properly. 3. Supervisory personnel review and approve monthly
account analyses of intragovernmental accounts and examine budget- to

actual and trend analyses. Y

Y Y

Same as above. II. 1. a- f

II. 2 & III. B. 1. c

II. 1. m

Substantive Testing 902 B - Example Specific Control Evaluation for
Intragovernmental Accounts

Entity: Agency Date of Financial Statements:

September 30, 20xx Accounting application:

Intragovernmental accounts

SPECIFIC CONTROL EVALUATION

Preparer: . (Line Item/ Account- Related) Region: . File:

Date: Page 5 of 11 April 2003 GAO/ PCIE Financial Audit Manual - Part II
Page 902 B- 5 Accounting application

assertions Relevant

assertions in line items Potential misstatements in accounting application

assertions Control objectives Internal control activities IS (Y/ N)
Effective ness of control

activities W/ P ref,

control testing

step various various 4. Elimination journal entries and

supporting documentation are reviewed and approved by authorized
personnel. 5. Elimination entries are supported

by schedules summarizing the SGL accounts that are combined to total the
amounts eliminated. N

Y II. 1. k &

III. E II. 1. k & III. E

Substantive Testing 902 B - Example Specific Control Evaluation for
Intragovernmental Accounts

Entity: Agency Date of Financial Statements:

September 30, 20xx Accounting application:

Intragovernmental accounts

SPECIFIC CONTROL EVALUATION

Preparer: . (Line Item/ Account- Related) Region: . File:

Date: Page 6 of 11 April 2003 GAO/ PCIE Financial Audit Manual - Part II
Page 902 B- 6 Accounting application

assertions Relevant

assertions in line items Potential misstatements in accounting application

assertions Control objectives Internal control activities IS (Y/ N)
Effective ness of control

activities W/ P ref,

control testing

step various various Valuation or

allocation Valua tion or

alloca tion

Valua tion or

alloca tion

Valuation

3. Intragovernmental assets and liabilities included in the financial
statements

are valued on an inappropriate basis. 3. Intragovernmental assets and
liabilities

included in the financial statements should be valued on

appropriate valuation bases.

Same as existence and completeness above.

1. The agency periodically evaluates the condition and marketability of
intragovernmental assets, for example receivables are

evaluated for collectibility. 2. The agency accounting records

are compared with the assessed values such as independent appraisals or
assets. N

N Same as above.

I. 4. a. ii & iii I. 4. a. ii & iii

Substantive Testing 902 B - Example Specific Control Evaluation for
Intragovernmental Accounts

Entity: Agency Date of Financial Statements:

September 30, 20xx Accounting application:

Intragovernmental accounts

SPECIFIC CONTROL EVALUATION

Preparer: . (Line Item/ Account- Related) Region: . File:

Date: Page 7 of 11 April 2003 GAO/ PCIE Financial Audit Manual - Part II
Page 902 B- 7 Accounting application

assertions Relevant

assertions in line items Potential misstatements in accounting application

assertions Control objectives Internal control activities IS (Y/ N)
Effective ness of control

activities W/ P ref,

control testing

step various various Measurement

4. Intragovernmental revenues and expenses included in

the financial statements are measured improperly. 4. Intragovernmental
revenues and

expenses included in the financial

statements should be properly measured. Same as existence and completeness

above. Same as above.

Rights and obligations Rights and

obliga tions

Rights and obliga

tions

Ownership

5. Recorded intragovernmental assets are owned by others because of sale,
or other contractual

arrangements. 5. Recorded intragovernmental assets should be owned by the
entity. Same as existence and completeness

above. Same as above.

Substantive Testing 902 B - Example Specific Control Evaluation for
Intragovernmental Accounts

Entity: Agency Date of Financial Statements:

September 30, 20xx Accounting application:

Intragovernmental accounts

SPECIFIC CONTROL EVALUATION

Preparer: . (Line Item/ Account- Related) Region: . File:

Date: Page 8 of 11 April 2003 GAO/ PCIE Financial Audit Manual - Part II
Page 902 B- 8 Accounting application

assertions Relevant

assertions in line items Potential misstatements in accounting application

assertions Control objectives Internal control activities IS (Y/ N)
Effective ness of control

activities W/ P ref,

control testing

step various various Rights

6. The entity does not have certain rights to recorded intragovernmental
assets because of certain restrictions. 6. Intragovernmental assets should
be the entity's rights at a

given date. Same as existence and completeness

above. Same as above.

Obligations

7. The entity does not have an obligation for recorded intragovernmental
liabilities at a given date. 7. Intragovernmental liabilities should be
the entity's obligations at a given date.

Same as existence and completeness above.

Same as above.

Substantive Testing 902 B - Example Specific Control Evaluation for
Intragovernmental Accounts

Entity: Agency Date of Financial Statements:

September 30, 20xx Accounting application:

Intragovernmental accounts

SPECIFIC CONTROL EVALUATION

Preparer: . (Line Item/ Account- Related) Region: . File:

Date: Page 9 of 11 April 2003 GAO/ PCIE Financial Audit Manual - Part II
Page 902 B- 9 Accounting application

assertions Relevant

assertions in line items Potential misstatements in accounting application

assertions Control objectives Internal control activities IS (Y/ N)
Effective ness of control

activities W/ P ref,

control testing

step various various Presentation and

disclosure Presen tation and dis closure Presen

tation and dis closure Account classification

8. Intragovernmental accounts are not properly classified and described in
the financial statements. 8. Intragovernmental accounts should be properly
classified and described in the financial statements.

1. The agency uses trading partner codes to identify and track trading
partners when the intragovernmental transactions are initiated and on all

documentation thereafter. 2. The agency uses SGL account

attributes to identify the nature of account balances and to identify
intragovernmental transactions by trading partner. 3. The agency
classifies, summarizes, and reports

intragovernmental accounts by trading partner and presents them as
required supplementary information (RSI). Y Y

Y II. 1

II. 1 IV. 1

Substantive Testing 902 B - Example Specific Control Evaluation for
Intragovernmental Accounts

Entity: Agency Date of Financial Statements:

September 30, 20xx Accounting application:

Intragovernmental accounts

SPECIFIC CONTROL EVALUATION

Preparer: . (Line Item/ Account- Related) Region: . File:

Date: Page 10 of 11 April 2003 GAO/ PCIE Financial Audit Manual - Part II
Page 902 B- 10 Accounting application

assertions Relevant

assertions in line items Potential misstatements in accounting application

assertions Control objectives Internal control activities IS (Y/ N)
Effective ness of control

activities W/ P ref,

control testing

step various various 4. The CFO staff checks that the

intragovernmental asset and liability categories reported as RSI agree
with the intragovern mental asset and liability line items reported on the
balance sheet.

5. The agency discloses intragovern mental gross cost and earned revenue
by budget functional

classification as required by OMB N Y

IV. 1 IV. 1

Consistency

9. The financial state ment components are based on accounting principles
different from those used in

prior periods. 9. The financial statement

components should be based on accounting principles that are applied
consistently from period to period.

See # 8 above. Same as above.

Substantive Testing 902 B - Example Specific Control Evaluation for
Intragovernmental Accounts

Entity: Agency Date of Financial Statements:

September 30, 20xx Accounting application:

Intragovernmental accounts

SPECIFIC CONTROL EVALUATION

Preparer: . (Line Item/ Account- Related) Region: . File:

Date: Page 11 of 11 April 2003 GAO/ PCIE Financial Audit Manual - Part II
Page 902 B- 11 Accounting application

assertions Relevant

assertions in line items Potential misstatements in accounting application

assertions Control objectives Internal control activities IS (Y/ N)
Effective ness of control

activities W/ P ref,

control testing

step various various Disclosure

10. Required information is not disclosed in the financial statements or
in the notes thereto. 10. The financial statements or notes

should contain all information required to be disclosed.

See # 8 above. Same as above.

[This page intentionally left blank.]

Substantive Testing 902 C - EXAMPLE AUDIT PROCEDURES FOR INTRAGOVERNMENTAL
AND OTHER RELATED

PARTIES' ACTIVITY AND BALANCES April 2003 GAO/ PCIE Financial Audit Manual
- Part II Page 902 C- 1 Entity
__________________________________________________________________ Period
of financial statements ____________________________________________ Job
code _______________________________________________________________ Audit
Procedures 1 Done

by/ date W/ P ref. I. Planning Phase

Obtain an understanding of the entity's operations that are significant to
the audit of intragovernmental and other related party activity and
balances (see FAM section 220). 1. To obtain an understanding of
significant accounting

and auditing issues, read the entity's prior year's accountability and
auditors' reports. 2. To identify the entity's accounting and reporting

requirements and applicable auditing standards for intragovernmental and
other related party activity and balances, read the following: a. SFFAS
No. 4, Managerial Cost Accounting Concepts

and Standards; SFFAS No. 5, Accounting for Liabilities of the Federal
Government; SFFAS No. 7, Accounting for Revenue and Other Financing

Sources and Concepts for Reconciling Budgetary and Financial Accounting;
Statement of Financial Accounting Standards No. 57, Related Party
Disclosures; AU Section 334, Related Parties; AU Section 558, Required
Supplementary Information; OMB bulletin on Form and Content of Agency
Financial Statements; Treasury/ Financial

Management Service's (FMS) Federal Intragovernmental Transactions
Accounting Policies Guide; and Treasury Financial Manual section "Federal
Intragovernmental Transactions Process."

1 These procedures are applicable for intragovernmental (including
interdepartmental and intradepartmental) and other related parties'
activity and balances.

Substantive Testing 902 C * Example Audit Procedures for Intragovernmental
and Other Related Parties' Activity and Balances April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 902 C- 2

Audit Procedures 1 Done by/ date

W/ P ref. b. The entity's internal procedures for identifying,

accounting, reconciling and reporting intragovernmental and other related
party activity and balances. c. The entity's process for identifying,
classifying, and

reporting intragovernmental activity and balances requiring elimination at
the consolidated departmentwide or governmentwide level. 3. To identify
the impact of systems/ methods for

processing, accounting and financial reporting of intragovernmental and
other related party activity and balances, a. Interview the entity's key
management about, for

example, the systems/ methods that are used to process intragovernmental
and other related party activity and balances (e. g., IPAC, credit cards,
standard forms used to transfer funds between appropriations, and others).
b. Obtain estimates of the approximate number and

dollar amount of intragovernmental and other related party activity and
balances (this could be based on the prior year) that are processed by
each significant system/ method (see FAM section 270). c. Consider
coordinating this work with the audit of like nonfederal activity and
balances (i. e., similar

transactions by the entity with parties other than other federal
entities). 4. To identify the intragovernmental and other related

party activity and balances a. Ask the entity management:

i. Names of all related parties (intragovernmental and others) and whether
there were transactions with them during the period. Other possible
related parties outside of government might be states, management, and
individuals and firms

with which members of management may be related or otherwise be able to
significantly influence the management or operating policies.

Substantive Testing 902 C * Example Audit Procedures for Intragovernmental
and Other Related Parties' Activity and Balances April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 902 C- 3

Audit Procedures 1 Done by/ date

W/ P ref. ii. The nature and terms of all significant activities

and balances. For example,

for a seller entity, * Obtain information on the types of significant
revenues, any markup

percentage( s) over full cost, and the settlement/ payment due date. 
Inquire as to how the full cost of products

and services sold is determined.

for a buyer entity,  Inquire about the minimum requirements

(business rules) that must be met before an intragovernmental trading
partner may provide goods or services.

Inquire as to amounts, if any, that are in dispute at year- end. iii.
Whether the audited entity receives services

without reimbursement or for less than full reimbursement, for example,
donated services, such as space or detailed employees. If so, ask if the
entity is complying with GAAP and/ or OMB requirements with respect to
accounting and reporting treatment of these transactions. Also, if
applicable, ask about the approximate fair value and/ or financial
statement disclosure for such goods and/ or services. iv. Whether the
entity centrally maintains contracts,

agreements, and support for the terms of all significant transactions with
related parties. b. Review, if any:

i. The entity policy for advance approval of related party transactions by
senior management. ii. The entity policy for requiring disclosure by

employees to appropriate officials of potential conflicts of interest,
such as related party transactions by employees of the entity. Also
determine if summaries of such transactions are communicated to financial
management for its consideration.

Substantive Testing 902 C * Example Audit Procedures for Intragovernmental
and Other Related Parties' Activity and Balances April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 902 C- 4

Audit Procedures 1 Done by/ date

W/ P ref. iii. Vendor and customer master file listings, major

contracts, and IPAC activity for intragovernmental or other related
parties. c. Ask Treasury/ FMS regarding entities historically

reporting intragovernmental transactions with the audited entity. 5.
Provide audit staff with the names of known

intragovernmental and other related party trading partners, a description
of the nature of significant transactions with each, and such other
information as

considered necessary to assist them in planning and performing other
sections of the audit. 6. Summarize the results. 7. Document the auditor's
preliminary assessment of risks

related to the intragovernmental and other related party activity and
balances in the ARA form or equivalent. II. Internal Control Phase
Understand the internal control the entity has in place for

identifying, accounting for, eliminating, and reporting intragovernmental
and other related party activity and balances (existence, completeness,
valuation, rights and obligations, presentation and disclosure) (see FAM
section 320). 1. Determine through inquiry of management,

walkthroughs, review of prior years' documentation and other means, how
and when the entity identifies intragovernmental and other related party
transactions. a. Whether the entity identifies the transactions by

trading partner when they are initiated and on all documentation
thereafter. b. If the entity uses trading partner codes, the

relationship of such codes to other document identifiers such as vendor
codes. For example, trading partner codes may be integral to each vendor
code, or it may be necessary to crosswalk vendor codes to a file of
trading partner codes.

Substantive Testing 902 C * Example Audit Procedures for Intragovernmental
and Other Related Parties' Activity and Balances April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 902 C- 5

Audit Procedures 1 Done by/ date

W/ P ref. c. If the entity does not use trading partner codes,

determine how the entity identifies, analyzes, and accumulates
intragovernmental activity and balances. For example, the entity may
derive such amounts through off- line manual processes after the fact. d.
When the entity recognizes each significant category

of intragovernmental and other related party transactions. For example,
when an invoice is received, when processed through IPAC, 2 when goods or
services are received, when notified by the seller that an agreed- upon
stage of completion has been achieved. Consider whether the entity's
policy

in recording intragovernmental and other related party transactions is
appropriate. e. Whether the entity and its trading partners use consistent
reciprocal ledger accounts 3 and

categories of activity and balances for recording and reconciling such
amounts. If so, ask what processes are in place to provide management with
reasonable assurance that trading partners are recognizing reciprocal
transactions in the same period, for the same amount, and by consistent or
compatible accounting methods.

2 Intragovernmental Payment and Collection (IPAC) system replaced the
Online Payment and Collection (OPAC) system in December 2001. 3 Reciprocal
accounts are corresponding SGL accounts that should be used by seller

and buyer entities to record like intragovernmental transactions. For
example, the seller entity's accounts receivable would normally be
reconciled to the reciprocal account, accounts payable, on the buyer
entity's records. Examples of these accounts are in FMS' Federal
Intragovernmental Transactions Accounting Policies Guide.

Substantive Testing 902 C * Example Audit Procedures for Intragovernmental
and Other Related Parties' Activity and Balances April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 902 C- 6

Audit Procedures 1 Done by/ date

W/ P ref. f. If the entity complies substantially with the SGL at

the transaction level as it applies to intragovernmental activity and
balances. (Note: The SGL accounts used should include attributes for
intragovernmental activity and balances that identify (a) that these
accounts contain intragovernmental transactions (e. g., attribute "F") and
(b) the trading partner (e. g., Treasury trading partner code "20").) g.
Policies and procedures for confirming

intragovernmental and other related party activity and balances with
trading partners. h. How often the entity reconciles its related party

activity and balances with its trading partners. Also inquire as to
whether adjustments identified as necessary through the reconciliation
process have

been properly recognized in the financial records. If not, ask why. If the
entity did not perform reconciliations, ask why not. i. Whether the
selling and buying entities have

established processes to facilitate the timely reconciliation of activity
and balances. (Note: The selling entity is typically responsible for
furnishing detailed transaction information to facilitate reconciliation.)
j. What the entity's year- end cut- off procedures related

to the intragovernmental and other related party activity are. Determine
if procedures provide assurance that intragovernmental activities
occurring in the current period are recorded in the current period. (Since
the reconciliation process should detect cutoff errors, see above for

reconciliation procedures with trading partners.) k. What the entity's
policies and procedures are for

intraentity elimination. l. Whether the entity maintains transaction logs
or detailed records of transactions to identify the postings to SGL
accounts and to facilitate the reconciliation process. The logs should
include sufficient information to enable identification and location of
the supporting documents.

Substantive Testing 902 C * Example Audit Procedures for Intragovernmental
and Other Related Parties' Activity and Balances April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 902 C- 7

Audit Procedures 1 Done by/ date

W/ P ref. m. Whether the entity reviews and approves monthly

account analyses of intragovernmental accounts and examines budget- to-
actual and trend analyses. 2. Coordinate with the results of audit
procedures for

other cycles to determine if the entity has internal control issues
related to intragovernmental and other related party activity and
balances. For example, to determine if the entity has control issues
related to intragovernmental activity and balances, coordinate with the
results of FBWT audit procedures to determine if the entity has issues on
its FBWT/ IPAC reconciliation such as material unreconciled amounts and
aged

unreconciled IPAC differences. 3. Perform walk- throughs of processes for
identifying,

accounting, reconciling, confirming, eliminating, and reporting
intragovernmental and other related party activity and balances to obtain
or update the auditor's understanding of these procedures and
preliminarily

assess the effectiveness of these controls. a. Walkthrough the process
from initiation to recording in the general ledger and inclusion in the

financial statements or elimination for each significant type of
intragovernmental and other related party activity and balances. b. Walk
through the management/ entity approval process of payments to trading
partners. (Note:

Prior audits have identified instances where payment controls for
intragovernmental transactions were not sufficient, for example, the
seller entity made payments to trading partners without verifying whether
goods or services were provided.) c. Identify and document differences in
process for

nonfederal and intragovernmental and other related party activities and
balances. d. If the entity performs reconciliations of

intragovernmental activity and balances with trading partners during the
year, the auditor should walk through both interim and year- end
reconciliation processes.

Substantive Testing 902 C * Example Audit Procedures for Intragovernmental
and Other Related Parties' Activity and Balances April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 902 C- 8

Audit Procedures 1 Done by/ date

W/ P ref. 4. Prepare or update the cycle memorandum, flowchart,

and ARA and SCE forms (See FAM sections 390, 395 H and I, and 902 A and B)
or equivalents.

III. Testing Phase

A. For intragovernmental accounts, if the auditor preliminarily determines
that the entity's reconciliation and confirmation controls with trading
partners are effectively designed and placed in operation, test the
entity's policies and procedures to determine if the reconciliation and
confirmation controls are effective and if intragovernmental balances
appear reasonable. 1. Obtain final yearend reconciliations/ confirmations
of

intragovernmental activity and balances for each trading partner and
supporting documentation; or obtain the entity CFO responses for
intragovernmental activity and balances and the supporting documentation
for the final reconciliation/ confirmations. (See the Treasury Financial
Manual (TFM) sections on CFO procedures/ representations and on IG Agreed-
Upon Procedures for Federal Intragovernmental Activity and Balances) 2.
Compare the amounts in the reconciliations to

supporting documentation. 3. Trace the adjustments, if any, identified in
the

reconciliation process to the entity's financial records. 4. Compare the
amounts, excluding intra- departmental activity and balances, in the
audited department consolidated financial statements to such amounts in
the department's final FACTS I or FACTS Notes reports to FMS. 5. Prepare
an agreed- upon procedures report. (Note: The

procedures in steps 1 to 4 above are agreed- upon procedures for
intragovernmental activity and balances. See the TFM, volume 1, section on
IG Agreed- Upon Procedures for Federal Intragovernmental Activity and
Balances. Also see FAM section 660.)

Substantive Testing 902 C * Example Audit Procedures for Intragovernmental
and Other Related Parties' Activity and Balances April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 902 C- 9

Audit Procedures 1 Done by/ date

W/ P ref. 6. Consider whether these agreed- upon procedures are

sufficient to achieve financial statement audit objectives. For example,
whether the agreed upon procedures are applied to all significant
assertions for all significant intragovernmental activity and balances.
Typically these procedures alone will not be sufficient for financial
statement audit purposes. 7. If the agreed- upon procedures are not
sufficient, then

design additional procedures that in combination with the agreed- upon
procedures will be sufficient. For example:

Reconciliation/ confirmation (existence, completeness, valuations, rights
and obligations, and classification) OMB's bulletin on Form and Content of
Agency

Financial Statements requires an entity to reconcile and confirm
intragovernmental activity and balances with trading partners
semiannually, beginning with the six- month period ending March 31, 2002
and quarterly, beginning with the three- month period ending December 31,
2002. If the entity performed monthly, quarterly, or semiannual
reconciliations, test reconciliations to determine if the entity's
reconciliation control

is effective throughout the year.

There should be a separate reconciliation/ confirmation for each trading
partner.

This reconciliation/ confirmation also may be used for within entity
reconciliation/ confirmation (intraentity).

a. Determine the completeness of population: Determine if the entity
performed reconciliations and confirmations for all trading partners by

comparing the trading partners on the reconciliations and confirmation
forms to subsidiary records or the entity's trading partner list obtained
during the planning phase. b. For each reconciliation/ confirmation:

i. Determine if the reconciliation/ confirmation was reviewed and approved
by the appropriate personnel.

Substantive Testing 902 C * Example Audit Procedures for Intragovernmental
and Other Related Parties' Activity and Balances April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 902 C- 10

Audit Procedures 1 Done by/ date

W/ P ref. ii. Compare the total amounts and SGL accounts of the activity
and balances reported on the

reconciliation/ confirmation form with the general and subsidiary ledger
accounts, and the total amounts to audited financial statements and
footnote disclosures. If differences are

found, document each such difference. Consider potential impact on
financial statements and post the differences identified to summary of
unadjusted misstatements.

iii. Test whether the entity used appropriate SGL accounts and whether
these SGL accounts include the proper attribute( s) to indicate that

they result from intragovernmental transactions. (Note: For example, when
the federal attribute "F" is used with an SGL account, a trading partner
should be designated for each transaction posted to the account.) Entities
can modify SGL accounts listed on the form to be more specific. iv.
Consider whether the entity is using the

reciprocal accounts delineated in the FMS Guide. Entities should use these
accounts to account for intragovernmental activity and balances in the
specified categories. Use of these reciprocal accounts will facilitate the
reconciliation and confirmation process.

Substantive Testing 902 C * Example Audit Procedures for Intragovernmental
and Other Related Parties' Activity and Balances April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 902 C- 11

Audit Procedures 1 Done by/ date

W/ P ref. v. For fiduciary activity and balances, compare

amounts on the reconciliation forms to amounts on the Intragovernmental
Fiduciary Confirmation System. (Note: Fiduciary activity and balances
include loans from the Federal Financing Bank and Bureau of Public Debt,
investments with Bureau of Public Debt, Federal Employees Compensation Act
transactions with Labor, and employee benefit transactions with OPM. The
seller entity* Bureau of Public Debt, Treasury, Federal Financing Bank,
Labor, and OPM* will make balances information and other

details available through the Intragovernmental Fiduciary Confirmation
System for the buyer entities' use in reconciling amounts to their
records. The Intragovernmental Fiduciary Confirmation System is the
official confirmation system for federal entities that engage in fiduciary
intragovernmental transactions with Bureau of Public Debt, Federal
Financing Bank,

OPM, and Labor.) vi. For transfers, test whether

the classification of transfers as expenditure or nonexpenditure is
proper, and

the accounting and reporting are appropriate. vii. For trust fund
transfers such as highway and airport trust funds, also test whether the
trust fund amounts are properly accounted for and maintained in accordance
with laws that established these funds. (Note: Test either by the trust
fund auditor or as agreed- upon procedures by the auditor who audits the
entity that collects the revenue for it.)

Substantive Testing 902 C * Example Audit Procedures for Intragovernmental
and Other Related Parties' Activity and Balances April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 902 C- 12

Audit Procedures 1 Done by/ date

W/ P ref. Reconciliation adjustments and differences (all

intragovernmental categories) (Note: Exhibit I to FAM 902 C provides an
illustration of a reconciliation tool that may be used to summarize
reconciling items and prove amounts between a buyer and a seller entity.)

c. Determine whether adjustments, if any, are supported and timely: i.
Trace the adjustments and reconciling items

identified in the reconciliation process to the entity general and
subsidiary ledgers. ii. Examine the adjustments and supporting

documents to determine if The entity timely and properly performed the
research and identified causes for differences.

The adjustments are agreed upon by both entities and made to proper SGL
accounts. (Note: Examples of adjustments and

reconciling items are:

 Adjustments in estimated accruals: For example, the seller entity has
recorded unbilled revenue and the buyer entity was not timely advised of
the estimated

accrual.

 Adjustments due to timing differences: For example, timing differences
caused by a buyer entity's delay in recording IPAC transactions into
proper SGL accounts.

 Reconciling item for capitalization of assets: For example, the buyer
entity purchased property and equipment or inventory and recorded them as
assets.) iii. Obtain or prepare aging of outstanding

unadjusted reconciling amounts for all significant intragovernmental
balance sheet accounts. Identify old and/ or unusual reconciling items and
obtain explanations from the entity.

Substantive Testing 902 C * Example Audit Procedures for Intragovernmental
and Other Related Parties' Activity and Balances April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 902 C- 13

Audit Procedures 1 Done by/ date

W/ P ref. iv. Review final yearend reconciliation for any

accounting policy differences and determine if the entity explains the
causes of these differences on the final reconciliation. The causes of
these differences might be differences in accounting standard
requirements, for example, amortization methods for discounts and
premiums. For example, one trading partner

uses the interest method and the other trading partner uses the straight-
line method to amortize discounts/ premiums. (Note: There should be no
material unresolved differences on the final yearend reconciliation forms.
The entity should resolve all differences with trading partners.) v.
Determine the extent of unadjusted differences at year- end. Assess their
materiality on the

financial statement line item and the overall financial statements. vi. If
adjustments are made subsequent to the

completion of the confirmations (during the audit period), determine if
the entity revised the reconciliation and confirmation and submitted the
updated data to FMS.

8. Summarize the results of testing: (1) conclude on the effectiveness of
the entity's reconciliation and confirmation controls and (2) propose
adjustments, if necessary.

9. Determine whether the results of testing and the nature of
misstatements indicate that combined risk should be assessed differently
and whether the audit procedures should be revised.

Substantive Testing 902 C * Example Audit Procedures for Intragovernmental
and Other Related Parties' Activity and Balances April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 902 C- 14

Audit Procedures 1 Done by/ date

W/ P ref. B. For intragovernmental activity and balances, if the auditor

preliminarily determines that the entity's reconciliation/ confirmation
control with trading partners is not effective, or if the reconciliations
and/ or confirmations are not performed by the entity, the auditor should
consider the effect on substantive tests and on the audit report. In some
cases, the auditor may decide to modify the audit opinion

when no reconciliation and other mitigating controls existed. However,
when intragovernmental activity and balances are material, significant
additional work may be necessary to express an unqualified opinion such
as: 1. Coordinate work with other related line items to test existence,
completeness, valuation, rights and

obligations, and classification of intragovernmental activity and
balances. For example, a. In conjunction with cash receipts, revenues, and

accounts receivable testing, determine if intragovernmental accounts
receivable were collected subsequent to test date. Examine supporting
documentation for the posting of collections to the cash records;
determine if

intragovernmental revenues and receivables are included in nonfederal
balances. b. Test completeness of intragovernmental activity and

balances by reviewing vendor and customer master files to determine if
intragovernmental vendors and customers are properly included in
intragovernmental accounts. c. Consider sending confirmation requests to
trading

partners for both balance sheet and net cost activity and balances.
Especially if combined risk is assessed as high, consider applying similar
confirmation procedures as to the nonfederal accounts.

Substantive Testing 902 C * Example Audit Procedures for Intragovernmental
and Other Related Parties' Activity and Balances April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 902 C- 15

Audit Procedures 1 Done by/ date

W/ P ref. Cut off test (existence and completeness) d. Determine if there
are unrecorded transactions and

if the transactions are recorded in the correct period. i. Coordinate with
the FBWT audit team to review

results of the FBWT reconciliation tests. For example, review IPAC
transactions reconciliations and the recording of IPAC transactions in
accounting systems; consider how timely and whether appropriate; review
IPAC transactions after 9/ 30* subsequent billing and collecting
transactions* to determine unrecorded transactions as of 9/ 30. ii. Search
for unrecorded sales revenue, accounts receivable, purchases, and accounts
payable

(completeness). For example,

To search for unrecorded sales revenue and accounts receivable, select
sales invoices for trading partners recorded in the xx- day period
subsequent to year- end. Trace the selected invoices to shipping records
or evidence of service performance. Determine whether the sales revenue
and accounts receivable were recorded in the correct period.
Alternatively, select from shipping records to trading partners prior to
year- end and trace to sales invoices.

To test the completeness of amounts recorded as accounts payable at the
balancesheet date, select disbursements after the end of the audit period
and test if the amounts were recorded in accounts payable.

2. Review the test results of other related line items to determine if
there are issues related to existence, completeness, valuation, rights and
obligations, and classification in the tested accounts and transactions
and the impact on the intragovernmental activity and

balances. In testing these other accounts, consider whether items tested
were from trading partners.

Substantive Testing 902 C * Example Audit Procedures for Intragovernmental
and Other Related Parties' Activity and Balances April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 902 C- 16

Audit Procedures 1 Done by/ date

W/ P ref. 3. Summarize the results and propose adjustments, if necessary.
4. Determine if the results of testing and the nature of

misstatements indicate that combined risk should be assessed differently
and whether the audit procedures should be revised.

Control and substantive tests of details* other related parties C. Attain
satisfaction about the purpose, nature, and extent of material other
related party transactions and their effect on the financial statements.
Coordinate with sensitive payments work, including the review of executive
compensation, travel, official entertainment funds, unvouchered expenses,
and consulting services (see FAM section 280.05). 1. Based on the work
performed during the planning and

internal control phases, determine and document the methodology used to
select the transactions for testing.

Examine all transactions,

Dollar unit sampling (DUS),

Classical variables estimation sampling, or

Other (describe). 2. For the selected transactions,

a. examine documentation such as invoices, contracts, agreements, and
receiving and shipping reports; b. determine whether the transactions have
been properly approved;

c. confirm transaction terms and amounts with the other party to the
transaction; and d. test the compilation of amounts that may be

disclosed in the financial statements for reasonableness. 3. Summarize the
results. 4. Determine if the results of testing and the nature of

misstatements indicate that combined risk should be assessed differently
and if the audit procedures should be revised.

Substantive Testing 902 C * Example Audit Procedures for Intragovernmental
and Other Related Parties' Activity and Balances April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 902 C- 17

Audit Procedures 1 Done by/ date

W/ P ref. Substantive analytical procedures (FAM 475) D. Substantive
analytical procedures: Perform analytical

procedures to assess whether balances are reasonable and reflect
appropriate activities (existence and completeness). If the entity
performs reconciliation and confirmation of intragovernmental activity and
balances and the auditor places reliance on those tests of details, less
rigorous, supplemental analytical procedures may be used to increase the
auditor's understanding of intragovernmental

activity and balances after performing tests of details in Testing, step
III. A, above. However, in the absence of adequate reconciliation and
confirmation controls, some or

all of these procedures may be necessary to obtain sufficient evidence, if
possible. For example, 1. Develop expectations of the accounts payable and

receivable balances overall or for all significant trading partners in
light of the payment cycle during the year. Then, compare the recorded
balance overall or by trading partner to the expected amount and
investigate differences in the recorded balance if differences exceed
______ (insert an amount such that the total uninvestigated difference for
all trading partners, including those not selected, does not exceed the
limit). 2. Develop expectations of recorded intragovernmental

sales overall or for all significant trading partners based on independent
data; for example, consider using trading partners' orders. Then compare
the expectations to the recorded sales amounts and investigate differences
in the recorded balance if differences exceed ______ (insert an amount
such that the total uninvestigated difference for all trading partners,
including those not selected, does not exceed the limit).

Substantive Testing 902 C * Example Audit Procedures for Intragovernmental
and Other Related Parties' Activity and Balances April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 902 C- 18

Audit Procedures 1 Done by/ date

W/ P ref. 3. Examine accounting records, for example, accounts receivable
and payable, for large, unusual, or

nonrecurring activity or balances. For example, consider expectations as
to the types of intragovernmental activity and balances and trading
partners based on the planning work. Then, examine significant unexpected/
unusual intragovernmental activity and balances and intragovernmental
activity or balances with unexpected trading partners. Document the
definition of significant. 4. Summarize the results of testing and
determine if

adjustments are necessary. Elimination (existence, completeness, and
valuation) E. Test consolidation/ elimination for transactions occurring
within the entity (intraentity) to determine whether the elimination is
appropriate and supportable. 1. Obtain a list of each component entity's
intraentity

transactions identified for elimination and each component entity's
reconciliation of its intraentity activity and balances with its
respective trading partners. This step may be done in conjunction with the
test of reconciliation (see step III. A above). 2. Review the entity's
eliminating journal entries and

supporting documentation for elimination entries of the entitywide
consolidated financial statements. Determine whether elimination journal
entries are a. approved by management and b. supported by schedules
summarizing the SGL

accounts that are combined to total the amounts eliminated. 3. Summarize
the results. 4. Determine if the results of testing and the nature of

misstatements indicate that combined risk should be assessed differently
and if the audit procedures should be revised.

Substantive Testing 902 C * Example Audit Procedures for Intragovernmental
and Other Related Parties' Activity and Balances April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 902 C- 19

Audit Procedures 1 Done by/ date

W/ P ref. IV. Reporting Phase

To determine if the presentation and disclosures of intragovernmental and
other related party balances comply with GAAP and OMB requirements: 1.
Determine whether financial reports are prepared in

accordance with the OMB bulletin on Form and Content of Agency Financial
Statements. For example, a. Review the balance sheet and determine whether
it

is properly classified and line items are correctly reported as
intragovernmental or nonfederal. b. Read the required supplementary
information (RSI)

to determine if intragovernmental amounts and the related federal trading
partners for assets, liabilities, earned revenue from trade (buy/ sell)
transactions

and nonexchange revenue are presented as RSI. The gross cost to generate
earned revenue from trade transactions should be presented by budget
functional classification in the notes to the financial

statements. c. Read disclosures for the Statement of Net Cost in

the notes to the departmentwide financial statements and determine if the
department includes a separate disclosure of intragovernmental gross cost
and earned revenue by budget functional classification as required by
OMB's form and content bulletin. Gross cost and earned revenue should be
net of intradepartment transactions (consolidated).

2. Read the entitywide financial statements, notes, and RSI; compare the
reported intragovernmental and other related party (if any) activity and
balances with the test results. 3. Request that the entity's management
include, in the

representation letter, representations related to intragovernmental and
other related party activity and balances. (See FAM section 1001 for
guidance.) 4. Communicate with trading partner entities' auditors

(with auditee's permission) to consider whether issues identified by the
other auditors affect the auditor' s conclusions on intragovernmental
transactions.

Substantive Testing 902 C * Example Audit Procedures for Intragovernmental
and Other Related Parties' Activity and Balances April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 902 C- 20

Audit Procedures 1 Done by/ date

W/ P ref. 5. Read the various current period Agreed- Upon Procedures (AUP)
reports to consider whether the

findings will affect the auditor's conclusion and/ or if additional
procedures need to be performed. For example, a. The AUP report on
employee withholdings and

employer contributions that are reported on the Report of Withholdings and
Contributions for Heath Benefits, Life Insurance and Retirements. This AUP
report is to assist OPM in assessing the reasonableness of the Retirement,
Health Benefits, and Life Insurance Withholdings/ Contributions and
Supplemental Semiannual Headcount report submitted to OPM (see OMB audit
guidance). b. The AUP report on FACTS I verification. This AUP

report is to evaluate the department's management assertion that it
compared the department's summarized FACTS I data to its consolidated
financial statements and to determine whether such data is in agreement.
6. Summarize the results and determine if adjustments are

necessary. 7. Conclude whether intragovernmental and other related

party activity and balances have been adequately accounted for and
properly disclosed in the financial statements.

Substantive Testing 902 C - Example Audit Procedures for Intragovernmnetal
and Other Related Parties' Activity and Balances

Exhibit I Seller Entity - Trading Partner 1

200,000 Less adjustment for timing difference Cash received but revenue
unearned at end of the current year (20,000)

Add adjustment for timing difference Earned revenue recognized on unbilled
work at the end of the current year 50,000

230,000 Buyer Entity - Trading Partner 2

190,000 Add:

10,000 Adjustment for completed but unbilled work at the end of the
current year 50,000

Less: Cash paid in the current year, but amount prepaid at end of current
year (20,000)

General ledger after adjustment for Trading Partner 1 230,000

Less: Reconciling item for purchases inventoried at end of the current
year (50,000)

180,000 Reconciliation of Seller Entity Intragovernmental

Earned Revenue with Buyer Entity Cost

Adjustment for cutoff error identified during reconciliation process [Cash
sent to Trading Partner 1, but not recorded]

Intragovernmental purchases included in cost - accrual basis, FY 200X,
from Trading Partner 1 Intragovernmental earned revenue - accrual basis,
FY 200X, from

Trading Partner 2 (General ledger after adjustment) Intragovernmental cash
received for earned revenue, FY 200X, from

Trading Partner 2 (General ledger before adjustment) Intragovernmental
purchases - cash basis, FY 200X, from Trading Partner 1 (General ledger
before adjustment)

When reconciled, Seller Revenue and Buyer Cost must agree after
adjustments are recorded to correct for errors.

When reconciled and adjusted, Seller Revenue and Buyer Cost may not agree
because of timing differences. Here, the Buyer has inventoried a portion
of the purchases for the year.

The contra accounts for timing items should also reconcile.

The Seller's unearned revenue account (liability) should reconcile with
the Buyer's prepaid (asset) account.

Seller's earned but unbilled receivable (asset) should reconcile with the
Buyer's accounts payable for unbilled work (liability) account.

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 902 C- 21

[This page intentionally left blank.]

Substantive Testing 903 - AUDITING COST INFORMATION

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 903- 1 .01 This
section provides general guidance for considering cost information and

planning audit procedures. The auditor should coordinate these procedures
with procedures on auditing various line items and accounts. The auditor
is concerned about cost information for a number of reasons. First, the
auditor

should obtain sufficient evidence to determine whether the costs are
fairly stated in the financial statements and appropriately classified.
Proper classification at the agency level also contributes to proper
classification of costs in the consolidated financial statements of the U.
S. government. Second, for CFO Act agencies and components designated by
OMB, the auditor is concerned about the entity's financial management
systems' substantial compliance with the three requirements of FFMIA.
Third, cost information is important to the MD& A, although the auditor
does not opine on the MD& A. The most relevant accounting standard for
cost information is Statement of Federal Financial Accounting Standards
(SFFAS) No. 4, Managerial Cost Accounting. This standard has relevance
both to external financial reporting and to cost information for internal
management reporting. STATEMENT OF FEDERAL FINANCIAL ACCOUNTING STANDARDS

NO. 4, MANAGERIAL COST ACCOUNTING .02 SFFAS No. 4 establishes the concepts
and standards for providing reliable and timely information on the full
cost of federal programs, their activities, and outputs. The objectives of
managerial cost information specified in SFFAS No. 4 are:

To provide program managers with relevant and reliable information
relating costs to outputs and activities. With this information, program
managers should understand the costs of the activities they manage. The
cost information should assist them in improving operational efficiency.

To provide relevant and reliable cost information to assist Congress and
executives in making decisions about allocating federal resources,
authorizing and modifying programs, and evaluating program performance.

To provide consistency between costs reported in general purpose financial
reports and costs reported to program managers. This includes
standardizing terminology to improve communication among federal
organizations and users of cost information.

.03 The first two objectives primarily address the managerial use of cost
information in improving operating efficiency and cost effectiveness,
making planning and

Substantive Testing 903 - Auditing Cost Information

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 903- 2
budgeting decisions, and measuring performance. The third objective
primarily

addresses external financial reporting. That objective can be achieved by
reporting cost information in financial statements that is consistent with
costs generated by the cost accounting process. Because of the differences
in the three objectives, some requirements in SFFAS No. 4 are relevant to
managerial decision making and operations improvement, while some
requirements are relevant to external financial reporting.

.04 The cost accounting concepts section of SFFAS No. 4 (paragraphs 41-
66) establishes the overall goals of cost accounting for federal agencies.
Managerial cost accounting should be a fundamental part of the financial
management system and, to the extent practicable, be integrated with the
other parts of the

system. Managerial costing should use a basis of accounting, recognition,
and measurement that is appropriate for the intended purpose. Cost
information developed for various purposes should be drawn from a common
data source, and output reports should be reconcilable to each other.

.05 The five fundamental standards for managerial cost accounting set
forth in SFFAS No. 4 (paragraphs 67- 162) are important for the auditor.
These standards will lead to the development of accurate and consistent
cost information for internal and external reporting by federal agencies.
The five standards are:

Requirement for cost accounting: Each reporting entity should accumulate
and regularly report the cost of its activities for management
information.

Responsibility segments: Management of each reporting entity should define
and establish responsibility segments and report the costs of each
segment's outputs. Full costs: Reporting entities should report the full
costs of outputs, which is the total amount of resources used to produce
the output, including direct and indirect costs.

Interentity costs: Each entity's costs should incorporate the full cost of
goods and services received from other entities. As directed by SFFAS No.
4, paragraph 110, OMB has designated, in its bulletin, Form and Content of
Agency Financial Statements, the costs of goods and services received from
other entities that should be recognized.

Costing methodology: The costs of resources that directly or indirectly
contribute to the production of outputs should be accumulated and assigned
to outputs using appropriate methodologies. (See paragraph 903.07.)

Substantive Testing 903 - Auditing Cost Information

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 903- 3

AUDIT PROCEDURES FOR FINANCIAL STATEMENT OPINION .06 As part of
understanding the entity's operations, the auditor should obtain an
overview of how the entity meets these standards. This may be done by
inquiry, observation, and walkthrough procedures. Substantive tests of the
cost accounting system are usually necessary. The auditor should consider
coordinating tests with other control and substantive tests. Based on the
auditor's understanding of the agency's operations, the auditor should
determine whether the statement of net costs is designed to include all
the costs of the agency's programs. Also, in testing the statement of net
costs, the auditor should test the financial statement assertions related
to costs including whether expenses are properly classified in the
statement of net costs, and in the notes by budget functional
classification, as required by OMB's form and content guidance. The
following (see FAM section 395 B) are examples of subassertions related to
costs:

Existence or occurrence: * Validity*( 1) Recorded costs, underlying goods
and services used, and

related processing procedures are authorized by federal laws, regulations,
and management policy. (2) Recorded costs are approved by appropriate
individuals in accordance with management's general or specific criteria.
(3) Recorded costs represent goods and services that were actually used
and are properly classified.  Cutoff* Costs recorded in the current
period represent goods and

services used during the current period.  Summarization*( 1) The
summarization of recorded costs is not overstated. (2) Costs are assigned
to appropriate classifications in the

financial statements.

Completeness:  Transaction completeness* All valid costs are recorded
and properly classified.  Cutoff* All goods and services used in the
current period should be

recorded in the current period.  Summarization* The summarization of
recorded costs is not understated.

Valuation or allocation:  Accuracy*( 1) Costs are recorded at correct
amounts. (2) Costs are recorded using appropriate assignment
methodologies.  Measurement* Costs included in the financial statements
are properly measured.

Substantive Testing 903 - Auditing Cost Information

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 903- 4

Presentation and disclosure:

 Account classification* Cost accounts are properly classified and
described in the financial statements.

 Consistency* The financial statement costs are based on accounting
principles that are applied consistently from period to period.

 Disclosure* The financial statements and footnotes contain all
information required to be disclosed.

.07 SFFAS No. 4 discusses three methods of assigning costs: directly
tracing costs, assigning costs on a cause- and- effect basis, and
allocating costs on a reasonable and consistent basis. Although the
standard discusses these three methods in relation to assigning costs to
responsibility segments and outputs, the methods are also applicable to
assigning costs to financial statement line items in the

statement of net costs, generally by program, and in the notes by budget
functional classification. The different methods of assigning costs may
require different auditing procedures for determining whether costs are
properly classified in the statement of net costs by program and in the
notes by budget functional classification.

.08 For example, for directly traced costs (such as materials used in
production or employees who worked on an output), the auditor generally
should test whether costs were assigned to the appropriate program and/ or
budget functional classification.

.09 Costs may be assigned on a cause- and- effect basis, by grouping costs
into cost pools where an intermediate activity may be a link between the
cause and the effect. For example, an information technology department
may provide support to other departments. The information technology
department may assign costs to other departments on a cause- and- effect
basis by first assigning costs to an intermediate activity, such as
hardware installation or software design. Then the costs in these pools
may be further assigned to other departments based on their use of these
technical services. In auditing these types of costs, the auditor should
test whether costs are assigned to the appropriate cost pool (hardware
installation, software design), but also whether the costs are
appropriately summarized in the pool. Then, when costs are assigned to
other departments, the auditor should test whether costs assigned are
based on appropriate usage information, whether the cost assignments are
reasonable and consistent, and whether they are mathematically accurate.

.10 Costs may be allocated if it is not economically feasible to directly
trace or assign costs on a cause- and- effect basis. This is commonly done
with costs such as general management, depreciation, rent, maintenance,
security, and utilities used in common by various segments. These costs
are generally accumulated in cost

Substantive Testing 903 - Auditing Cost Information

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 903- 5 pools
and allocated to segments or outputs (or programs or budget functional

classifications) based on a relevant common denominator such as number of
employees, square footage of office space, or amount of direct costs
incurred in segments. In auditing these allocated costs, the auditor
should test whether the costs are assigned to the appropriate cost pool
and summarized appropriately. The auditor also should determine whether
the allocation basis is reasonable and consistent and test the
mathematical allocation. In addition, the auditor should determine whether
an allocation rather that directly tracing costs or assigning them on a
cause- and- effect basis is appropriate in the circumstances.

.11 The entity exercises judgment in determining the line item/ programs
included in its statement of net costs. The auditor should consider
whether classifications are reasonable in the circumstances.

FEDERAL FINANCIAL MANAGEMENT IMPROVEMENT ACT OF 1996 (FFMIA)

.12 For audits of the CFO Act agencies and components identified by OMB
audit guidance, the auditor should determine whether the agency's
financial management systems comply substantially with the three
requirements of FFMIA (see paragraph 100.02 and FAM section 701). To
determine compliance with SFFAS No. 4 for the purposes of FFMIA, the
auditor should ask these questions, which relate to the standards
discussed in paragraph 903.05:

Does the agency regularly accumulate and report the costs of its
activities to management?

Has the agency defined its major programs and responsibility segments for
the purpose of delineating costs?

Does the agency properly accumulate costs by those programs and segments?

Has the agency accounted for the full costs (including interentity costs)
of products, services, or outputs to be externally reported at the
entitywide level?

Has the agency accounted for the costs of resources that contribute to the
production of outputs by individual responsibility segment using
appropriate costing methodologies? Has the agency reported those costs in
the year- end financial statements on the accrual basis of accounting?

Substantive Testing 903 - Auditing Cost Information

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 903- 6

Are the costs reported for external financial reporting and those reported
for internal management reporting consistent and reconcilable?

Is the reported management cost information consistent, timely, and
comprehensive?

Is the cost information reported in such a manner that management can
determine answers to appropriate questions about costs of outputs?

How does management determine whether costs are appropriate?

How does management determine the entity's compliance with FFMIA? This
inquiry is frequently combined with the procedures in paragraph 903.06,
the outcome of which should be considered in concluding about the entity's
compliance with the cost accounting requirements under FFMIA. Also, the

auditor should review evidence supporting management's assertions in
response to these questions, as further discussed in section 701,
Assessing Compliance of Agency Systems with the Federal Financial
Management Improvement Act (FFMIA).

MANAGEMENT'S DISCUSSION AND ANALYSIS (MD& A)

.13 The auditor does not provide an opinion on the MD& A. Thus, the main
concern is consistency of information, rather than testing the reliability
of the cost data in the MD& A. The auditor should read the MD& A for
consistency with the financial statements and with the auditor's knowledge
of the entity. Testing generally should be limited to data in the
financial statements, as discussed in paragraph 903.06, not the MD& A.
Analytical procedures may be used to consider the reasonableness of cost
data in the MD& A. Based on this comparison, the auditor should consider
whether additional testing is needed.

.14 Although costs reported in internal and external reports should be
consistent, they may differ in the degree of detail and reporting
frequency. Cost information for management may require more frequent and
timely reporting. It also may require more specific and detailed
information regarding the costs of specific activities or outputs. By
comparison, external reports could be less frequent, and the cost
information more aggregated, such as on a suborganization or program
basis.

Substantive Testing 921 - AUDITING FUND BALANCE WITH TREASURY (FBWT) April
2003 GAO/ PCIE Financial Audit Manual - Part II Page 921- 1 .01 This
section provides guidance in auditing the Fund Balance with Treasury

(FBWT) account. It explains key agency and Treasury processes and
procedures related to FBWT accounts and discusses audit issues. Practice
aids, including example Account Risk Analysis (ARA) and Specific Control
Evaluation (SCE) forms and suggested audit procedures for the FBWT line
item, are included in appendices.

.02 The FBWT account (SGL account 1010) is an asset account representing
the unexpended spending authority in agencies' appropriations. Federal
agencies record their budget spending authority in FBWT accounts and
increase or decrease these accounts as they collect or disburse funds.
Most agencies maintain several fund balance accounts funded by different
types of

appropriations, such as annual 1- year appropriations and/ or multiyear
appropriations that are included in the financial statement FBWT line
item. The FBWT account also serves as one of several mechanisms to prevent
agencies' disbursements from exceeding appropriated amounts. .03 In the
federal government, Treasury serves as the central banker. Most agencies

use the banking services provided by Treasury's Financial Management
Service (FMS) and do not keep cash in separate bank accounts. Some
agencies have authority to disburse funds on their own behalf. These
agencies still maintain FBWT accounts and follow Treasury's reporting and
reconciliation requirements.

.04 Unlike commercial banking institutions, Treasury does not keep
independent accounting records of each agency's FBWT accounts. Instead,
Treasury uses monthly data reported by the agencies to calculate agencies'
FBWT balances and

requires agencies to perform detailed reconciliations of FBWT accounts to
maintain the accuracy and reliability of agencies' fund balance records.
Effective reconciliations also serve as a detection control for
identifying

unauthorized and unrecorded transactions at the agencies and Treasury. .05
Treasury requires agencies to maintain FBWT accounts and to perform a
twopart reconciliation process each month.

First, agencies should reconcile differences identified by Treasury
between cash receipts and disbursements transactions reported by agencies
to those reported by other sources of financial data, such as the Federal
Reserve,

Substantive Testing 921 * Auditing Fund Balance with Treasury (FBWT) April
2003 GAO/ PCIE Financial Audit Manual - Part II Page 921- 2

commercial banks, other federal agencies, and the FMS regional financial
centers. Treasury reports differences identified to agencies each month on
"Statements of Differences." 1 Second, agencies should reconcile
differences between their records and

Treasury records of the monthly activity recorded in the FBWT accounts.
Each month Treasury provides appropriation, fund, and receipt account
ledgers, which include a rollforward of the previous month's balance, the
current month's cash activity reported by the agency and other account
activity (supplemental appropriations, recissions, nonexpenditure
transfers, entries reported by other agencies) to compare to their
records.

Differences remain until reconciled by the agencies and represent
potential misstatements in agencies' financial statements and budget
execution reports.

AUDIT ISSUES

.06 Many agencies have problems in reconciling the transaction activity in
their FBWT accounts. Ineffective FBWT reconciliations contribute to
agencies' inability to prepare auditable financial statements. Without
effective agency reconciliations of receipt and disbursement activity, the
agency FBWT balance * the amount of funds available to it for expenditure
in each appropriation * may contain material misstatements, and auditors
generally would be unable to determine whether FBWT is fairly stated.

.07 Prior audits of agencies' financial statements identified instances in
which agencies were not timely reconciling their FBWT accounts. Instead,
some agencies adjusted their accounts to show the amounts reported by
Treasury and/ or recorded differences in suspense accounts without
adequately researching the causes of the differences. Unreconciled
differences recorded in suspense accounts could represent transactions
that have not been recorded by the agency to the appropriate accounts.
Only after researching its accounting records and reports can an agency
determine the cause of the problem and make the proper adjustments to its
FBWT accounts (and related asset, liability, expense, or revenue accounts)
or advise Treasury to correct its records. .08 There were instances in
which agencies did not receive Statements of

Differences from Treasury, even though unreconciled differences existed.
Some 1 The banking system data is reported via CASHLINK, other federal
agencies via

IPAC (which replaced OPAC in December 2001), and FMS regional financial
centers via GOALS. See FAM section 921 A for more detail on the Treasury
processes and reports related to FBWT reconciliation.

Substantive Testing 921 * Auditing Fund Balance with Treasury (FBWT) April
2003 GAO/ PCIE Financial Audit Manual - Part II Page 921- 3

agencies did not use their accounting records to prepare monthly reports
to Treasury. Instead, they reported the same amounts recorded in OPAC and
CASHLINK to avoid Statements of Differences; generally these agencies
tracked differences in suspense accounts. Because Treasury uses these
sources to compare with the amounts reported by the agency, Treasury did
not identify differences; thus, no Statements of Differences were issued.
Also, some agencies cleared Statements of Differences by reporting
adjustments to Treasury before researching and resolving differences.
Therefore, amounts reported on Statements of Differences might not always
be an adequate indicator of reconciliation problems or an adequate measure
of the extent of outstanding unreconciled differences. Auditors should
design tests to obtain an understanding of the agency's reconciliation
procedures in order to assess the effect of its reconciliation process on
the financial statements and to determine the level of audit procedures
required after considering the materiality of unreconciled differences.

.09 Because Treasury's record of an agency's FBWT is the result of the
activity reported to Treasury by the agency itself, and is not obtained
from another source, the reconciliation process is a key control over FBWT
accounts. .10 One year's successful audit of the reconciliation of FBWT
activity will generally

not result in an auditable balance because the auditor faces the issue of
auditing the beginning balance. Except for the first year of an
appropriation, the balances in most FBWT accounts are included in the FBWT
line item rollforward from year to year until the account is closed, which
can be 5 years or more, depending on the type of appropriation.

.11 In an initial audit, the auditor should design tests to obtain
assurance on the FBWT beginning balance. This may require testing of FBWT
reconciliations performed in prior years or other audit procedures that
provide assurance on the FBWT line item. For example, in some instances
detailed audit procedures over beginning balances related to other
financial statement accounts that affect FBWT could provide assurance. In
tests of other account balances, the auditor

may be able to determine that old errors were written off or other
appropriate adjustments were made to FBWT and that the fund balances from
prior years and remaining unadjusted reconciling differences are
immaterial.

AUDIT APPROACH

.12 Because Treasury relies on the monthly data reported by the agencies
to calculate agencies' FBWT balances, confirmation of FBWT account
balances with Treasury does not provide competent evidence. Therefore, the
auditor

Substantive Testing 921 * Auditing Fund Balance with Treasury (FBWT) April
2003 GAO/ PCIE Financial Audit Manual - Part II Page 921- 4

needs to obtain competent evidence through tests of the agency's FBWT
reconciliation process. .13 Since most assets, liabilities, revenues, and
expenses stem from or result in cash

transactions, misstatements in the receipt or disbursement activity
recorded in the FBWT accounts affect the balances of various financial
statement accounts. Even though net FBWT account balances may be
immaterial as of the date of the

financial statements, the gross receipt and disbursement transactions
flowing through the FBWT account during the fiscal year are usually
material. Therefore, the auditor should test the reconciliation of the
transaction activity flowing through the account. In addition, the auditor
should assess the impact of gross unreconciled differences on the FBWT and
other financial statement line items. .14 The auditor should design an
audit program that includes steps to determine

whether the agency

prepares monthly reports to Treasury using the same detailed accounting
records of collection and disbursement transactions that are used to
prepare the agency's financial statements;

researches and resolves the underlying causes of differences between
amounts reported by Treasury and agency records each month and makes the
proper adjustments; and

monitors suspense account activity * including maintaining detailed
records of unreconciled differences charged to the account and maintaining
records that age the differences * and performs procedures to timely and
properly clear the account. .15 The auditor also should design procedures
to determine the magnitude of the

agency's gross unreconciled differences at year- end by analyzing the
Treasury Statements of Differences reports and agency suspense account
items in terms of their aggregate absolute values and resulting impact on
the financial

statements. (Since each difference represents a potential misstatement,
the rollup and netting of charges and credits can significantly understate
the total outstanding differences.)

Substantive Testing 921 * Auditing Fund Balance with Treasury (FBWT) April
2003 GAO/ PCIE Financial Audit Manual - Part II Page 921- 5

PRACTICE AIDS

.16 The following practice aids are appended to this section:

Section 921 A * Treasury Processes and Reports Related to FBWT
Reconciliation.

Section 921 B * Example Account Risk Analysis (ARA).

Section 921 C - Example Specific Control Evaluation (SCE). (Note that a
single SCE of the line item/ account- related accounting application for
FBWT is presented. There are transaction- related accounting applications
listed on the ARA that affect FBWT, such as cash receipts and cash
disbursements, that would require transaction related SCEs.)

Section 921 D - Example Audit Procedures. .17 These aids are not all
inclusive. They do not include tests of other accounts, such as Other Cash
on Deposit bank accounts and Imprest Funds. Also, for

agencies that write their own checks, the aids do not discuss or include
tests of controls over check stock. If material, the auditor should apply
appropriate additional tests. The aids provide the auditor with a
framework for designing

tests of FBWT accounts. Auditors should use professional judgment in
designing audit programs for their particular agency after considering
materiality, audit risks, and internal control.

.18 The auditor should use judgment in determining the most effective and
efficient method to achieve the audit objectives. When possible, the FBWT
audit procedures should be coordinated with other tests. For example, many
procedures may be performed in conjunction with tests of agency cash
receipts and cash disbursements. Others may be included as part of
compliance testing.

[This page intentionally left blank.]

Substantive Testing 921 A - TREASURY PROCESSES AND REPORTS

RELATED TO FBWT RECONCILIATION April 2003 GAO/ PCIE Financial Audit Manual
- Part II Page 921 A- 1

A. Verification of Collections and EFT Disbursements Reports submitted by
agencies

Reports/ data submitted by other sources

Treasury FMS action Resulting

Treasury reports to agencies

Agencies report collections monthly on Statements of

Transactions (SF 224) or Statements of Accountability/ Transactions (SF
1218/ 1221 or 1219/ 1220) by ALC.

Note: For agencies which report on SF 1218 or 1219, electronic
disbursements are netted against collections.

CASHLINK system data (CASHLINK is used by the

banking system to report collections and EFTs received from and on behalf
of government agencies). Note: In CASHLINK, electronic disbursements are
reported as

"negative collections," or debit vouchers.

FMS compares monthly collection totals reported on agency SF 224s,

SF 1218/ 1221s, or SF 1219/ 1220s to transaction data available in
CASHLINK.

Month- end Statements of Differences (FMS 6652) via GOALS

for each month until the difference is cleared.

Monthly detailed support list of transactions

reported in CASHLINK. Reporting of FBWT accounts activity and balances FMS
reports agency FBWT

accounts activity and balances based on data reported by

agencies. Monthly

appropriation and receipt account ledgers (FMS 6653 and 6655) showing
account activity and net balances for each

appropriation, fund, and receipt account.

Monthly appropriation and receipt account trial balances (FMS 6654/ 6655)
by department.

Substantive Testing 921 A * Treasury Processes and Reports Related to FBWT
Reconciliation April 2003 GAO/ PCIE Financial Audit Manual - Part II Page
921 A- 2

B. Verification of Disbursement Data Reports submitted by agencies

Reports/ data submitted by other sources

Treasury FMS action Resulting

Treasury reports to agencies

1. Verification of Treasury Disbursement Office agency disbursements
Agencies for which FMS regional financial centers disburse money submit
monthly

Statements of Transactions (SF 224) by ALC.

Agencies for which FMS regional finance centers disburse money report net
interagency

transactions on SF 224.

FMS regional finance center Agency Confirmation Reports (include checks
issued and electronic disbursements accomplished on

behalf of the agency).

The Interagency Payment and Collection system (IPAC) data are used by

agencies and FMS to accomplish interagency transactions).

FMS compares monthly disbursement totals reported on agency SF

224s to disbursement data on regional

finance center reports or IPAC.

Monthly Statements of Differences (FMS 6652) for each month until the
difference is cleared.

Monthly detailed support listings of transactions

reported by regional finance centers, and IPAC.

Reporting of FBWT accounts activity and balances FMS reports agency FBWT
accounts activity and balances based on

monthly data reported by agencies.

Monthly appropriation account ledgers (FMS 6653)

showing account activity and net balances for each appropriation and fund
account.

Monthly appropriation account trial balances (FMS 6654) by department.

Substantive Testing 921 A * Treasury Processes and Reports Related to FBWT
Reconciliation April 2003 GAO/ PCIE Financial Audit Manual - Part II Page
921 A- 3

B. Verification of Disbursement Data Reports submitted by agencies

Reports/ data submitted by other sources

Treasury FMS action Resulting

Treasury reports to agencies

2. Verification of Non- Treasury Disbursing Office (NTDO) agency
disbursements

Verification of interagency transactions: NTDO agencies report net
interagency

transactions on SF 1218/ 1221 or SF 1219/ 1220 by ALC.

Interagency payment and collection system data.

FMS compares monthly net disbursement totals reported on

agency SF 1218/ 1221s or SF 1219/ 1220s to disbursement data in IPAC.
Monthly

Statements of Differences (FMS 6652) for each

month until the difference is cleared.

Monthly detailed support lists of transactions

reported by IPAC. Verification of checks paid

NTDOs submit tapes detailing checks issued and Month- end Checks Issued
Summary reports (SF 1179).

Federal Reserve Banks submit tapes detailing

checks paid. FMS performs a

check by check comparison of checks issued to

checks paid by the banking system (dollar amount).

Advice of Check Issue Discrepancies (FMS 5206).

Verification of checks issued: NTDOs submit monthly Statements of
Accountability/ Transactions (SF 1218/ 1221 or SF 1219/ 1220).

SF 1179, MonthEnd Checks Issued Summary

report submitted by NTDO agencies and checks paid by the banking system.

FMS compares SF 1179 data (adjusted for FMS 5206 dollar differences) to
the agency

disbursements reported on SF 1218/ 1221 or SF 1219/ 1220 (total checks
issued to total checks paid).

Two-, 4-, 6-, & 8- month letters notifying agencies

of any outstanding discrepancies over $50.

Substantive Testing 921 A * Treasury Processes and Reports Related to FBWT
Reconciliation April 2003 GAO/ PCIE Financial Audit Manual - Part II Page
921 A- 4

B. Verification of Disbursement Data Reports submitted by agencies

Reports/ data submitted by other sources

Treasury FMS action Resulting

Treasury reports to agencies

2. Verification of Non- Treasury Disbursing Office (NTDO) agency
disbursements

Reporting of FBWT accounts activity and balances FMS reports agency FBWT
accounts activity and balances based on monthly

data reported by agencies.

Monthly appropriation account ledger (FMS 6653)

showing account activity and net balances for each appropriation and fund
account.

Monthly appropriation trial balance (FMS 6654) by department.

Substantive Testing 921 B - EXAMPLE ACCOUNT RISK ANALYSIS FOR FUND BALANCE
WITH TREASURY

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 921 B- 1

Entity: Agency Date of Financial Statements: September 30, 20xx Line Item:
Fund Balance with Treasury Preparer: .

ACCOUNT RISK ANALYSIS FORM Region: .

File: Date: . PLANNING PHASE INTERNAL CONTROL PHASE TESTING PHASE Account

Name Balance Financial statement assertions / risks Inherent, fraud, and

control risk factors Cycle/ accounting application

Effectiveness of control

activities 1

Control risk Combined risk Tim

ing I/ F Nature &

extent W/ P ref & audit step Fund Balance with Treasury $xx, xxx m
Existence or occurrence

Recorded Fund Balance with Treasury (FBWT) does not

exist. Control risk arises from the (1) highly decentralized structure of
the agency, which reduces management's knowledge of and control

over operations, (2) signifi cant weaknesses in general controls over the
automated

systems the agency relies extensively upon to process transactions and (3)
lack of adequate management over sight of the reconciliation

process. Inherent risk arises from the high volume of transactions flowing
through the account.

Cycles :

Revenue Payroll Budget Treasury Applications:

FBWT Cash receipts Cash disbursements I/ F

Test FBWT reconciliations.

Analyze impact of unresolved reconciling items at year- end. FBWT program
FB- 1

through FB- 7

1 Omitted from this example.

Substantive Testing 921 B - Example Account Risk Analysis for Fund Balance
with Treasury

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 921 B- 2

Entity: Agency Date of Financial Statements: September 30, 20xx Line Item:
Fund Balance with Treasury Preparer: .

ACCOUNT RISK ANALYSIS FORM Region: .

File: Date: . PLANNING PHASE INTERNAL CONTROL PHASE TESTING PHASE Account

Name Balance Financial statement assertions / risks Inherent, fraud, and

control risk factors Cycle/ accounting application

Effectiveness of control

activities 1

Control risk Combined risk Tim

ing I/ F Nature &

extent W/ P ref & audit step Completeness FBWT is omitted from the
financial statements or is incomplete.

Control risk arises from the (1) highly decentralized structure of the
agency, which reduces management's knowledge of and control over
operations, (2) signifi

cant weaknesses in general controls over the automated systems the agency
relies

extensively upon to process transactions and (3) lack of adequate
management over sight of the reconciliation

process. Inherent risk arises from the high volume of transactions flowing
through the account. Cycles :

Revenue Payroll Budget Treasury Applications:

FBWT Cash receipts Cash disbursements I/ F

Test FBWT reconciliations.

Analyze impact of unresolved reconciling items at year- end. Prepare lead
schedule of GL accounts that constitute FBWT,

analytically review with prior- year data, and resolve reasons for
unexpected changes. FBWT program FB- 1

through FB- 7

FB- 2 and FB- 10

Substantive Testing 921 B - Example Account Risk Analysis for Fund Balance
with Treasury

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 921 B- 3

Entity: Agency Date of Financial Statements: September 30, 20xx Line Item:
Fund Balance with Treasury Preparer: .

ACCOUNT RISK ANALYSIS FORM Region: .

File: Date: . PLANNING PHASE INTERNAL CONTROL PHASE TESTING PHASE Account

Name Balance Financial statement assertions / risks Inherent, fraud, and

control risk factors Cycle/ accounting application

Effectiveness of control

activities 1

Control risk Combined risk Tim

ing I/ F Nature &

extent W/ P ref & audit step Valuation/ Accuracy Fund Balance with
Treasury is not recorded accurately. No significant inherent, fraud or
control risk factors identified.

Cycles :

Revenue Payroll Budget Treasury Applications:

FBWT Cash receipts Cash disbursements I/ F

Test FBWT reconciliations.

Analyze impact of unresolved reconciling items at year- end. FBWT program
FB- 1

through FB- 7

Substantive Testing 921 B - Example Account Risk Analysis for Fund Balance
with Treasury

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 921 B- 4

Entity: Agency Date of Financial Statements: September 30, 20xx Line Item:
Fund Balance with Treasury Preparer: .

ACCOUNT RISK ANALYSIS FORM Region: .

File: Date: . PLANNING PHASE INTERNAL CONTROL PHASE TESTING PHASE Account

Name Balance Financial statement assertions / risks Inherent, fraud, and

control risk factors Cycle/ accounting application

Effectiveness of control

activities 1

Control risk Combined risk Tim

ing I/ F Nature &

extent W/ P ref & audit step Rights Agency does not have certain rights to
Fund Balance with

Treasury because of transfers, rescissions, and restrictions. Inherent
risk arises from the high number of appropriation, fund and

receipt accounts, including certain special funds and trust funds that do
not

belong to the agency. Because these nonentity accounts are maintained
within the same system used to maintain entity accounts and financial
activity, there is a risk that these accounts will be inappropriately
charged and be included in the FBWT line item. Same control risks as for

existence and completeness. Treasury F Review support for recorded
appropriation, fund,

and receipt accounts included in the FBWT line item. Review footnote
disclosure. FBWT program FB- 8 and FB- 10

Substantive Testing 921 B - Example Account Risk Analysis for Fund Balance
with Treasury

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 921 B- 5

Entity: Agency Date of Financial Statements: September 30, 20xx Line Item:
Fund Balance with Treasury Preparer: .

ACCOUNT RISK ANALYSIS FORM Region: .

File: Date: . PLANNING PHASE INTERNAL CONTROL PHASE TESTING PHASE Account

Name Balance Financial statement assertions / risks Inherent, fraud, and

control risk factors Cycle/ accounting application

Effectiveness of control

activities 1

Control risk Combined risk Tim

ing I/ F Nature &

extent W/ P ref & audit step Presentation and disclosure Fund Balance with
Treasury is not properly classified and disclosed in the financial

statements. No significant inherent or fraud risk factors identified. Same
control risks as for

existence and completeness. Treasury F Review FBWT related financial

statement line item and footnote disclosures for conformance with

applicable standards, and trace amounts reported in financial statement

line items and footnote disclosures to general ledger and supporting
detailed records.

FBWT program FB- 9 and FB- 10

[This page intentionally left blank.]

Substantive Testing 921 C - EXAMPLE SPECIFIC CONTROL EVALUATION FOR FUND
BALANCE WITH TREASURY

Entity: Agency Date of Financial Statements:

September 30, 20xx Accounting application: Fund

Balance with Treasury

SPECIFIC CONTROL EVALUATION

Preparer: . (Line Item/ Account- Related) Region: . File:

Date: Page 1 of 7 April 2003 GAO/ PCIE Financial Audit Manual - Part II
Page 921 C- 1 Relevant assertions in line

items Accounting application assertions

FBWT Various Potential misstatements in accounting application

assertions Control objectives Internal control activities IS (Y/ N)
Effectiveness

of control activities

W/ P ref. & control

testing step Existence or Occurrence

Existence Existence Substantiation

1. Recorded FBWT

does not exist as of a given date. 1a. Recorded FBWT

amounts should exist as of a

given date. (See note 1.) 1.

Agency staff performs monthly reconciliation between agency general ledger
(G/ L) and Treasury

records (appropriation and receipt account ledgers,

FMS 6653 and FMS 6655). Y FB- 5

& FB- 6

2. Agency staff resolves receipt and disbursement differences reported by
Treasury via the FMS 6652,

Statements of Differences for collections and disbursements.

N FB- 4 & FB- 6

Substantive Testing 921 C * Example Specific Control Evaluation for Fund
Balance with Treasury Entity: Agency

Date of Financial Statements: September 30, 20xx

Accounting application: Fund Balance with Treasury

SPECIFIC CONTROL EVALUATION

Preparer: . (Line Item/ Account- Related) Region: . File:

Date: Page 2 of 7 April 2003 GAO/ PCIE Financial Audit Manual - Part II
Page 921 C- 2 Relevant assertions in line

items Accounting application assertions

FBWT Various Potential misstatements in accounting application

assertions Control objectives Internal control activities IS (Y/ N)
Effectiveness

of control activities

W/ P ref. & control

testing step 3.

Agency staff resolves disbursement differences reported by Treasury via
the

Advice of Check Issued Discrepancy Report (FMS 5206) and Difference

Notification to the Disbursing Office (NTDO

agencies). N FB- 4 & FB- 6

1b. Recorded FBWT, at a given date,

should be supported by appropriate detailed records that are

accurately summarized and reconciled to the account balance. 1. Agency
staff reconciles the

monthly Statement of Transactions (SF 224) submitted to Treasury, to the
applicable G/ L accounts. 2. Agency staff reconciles the

monthly Statement of Ac countability/ transactions

(SF1219/ 1220 or SF1218/ 1221) submitted to Treasury, to the applicable G/
L accounts (NTDO agencies). 3. Same as 1.1a. 1

Y N

FB- 3 FB- 3

Substantive Testing 921 C * Example Specific Control Evaluation for Fund
Balance with Treasury Entity: Agency

Date of Financial Statements: September 30, 20xx

Accounting application: Fund Balance with Treasury

SPECIFIC CONTROL EVALUATION

Preparer: . (Line Item/ Account- Related) Region: . File:

Date: Page 3 of 7 April 2003 GAO/ PCIE Financial Audit Manual - Part II
Page 921 C- 3 Relevant assertions in line

items Accounting application assertions

FBWT Various Potential misstatements in accounting application

assertions Control objectives Internal control activities IS (Y/ N)
Effectiveness

of control activities

W/ P ref. & control

testing step 1c. Access to FBWT,

critical forms, records, and processing and

storage areas should be permitted only in

accordance with laws, regulations, and management

policy. 1. Not covered in this example.

Note: For agencies that disburse funds on their own behalf (NTDOs), and
maintain cash

and/ or check stock on hand, auditors will need to document and test the
effectiveness of the

control activities in place. Completeness Complete

ness Complete ness

Account completeness

2. FBWT balance exists but is omitted

from the financial statements. 2a. FBWT balance

should be included in the financial statements.

1. Same as 1.1a. 1, 1.1a. 2, 1.1a. 3. 2. Agency staff reconciles the

FBWT line item crosswalk that includes all G/ L FBWT accounts to the
Treasury Appropriation and Receipt Trial Balances.

N FB- 8

FB- 9

Substantive Testing 921 C * Example Specific Control Evaluation for Fund
Balance with Treasury Entity: Agency

Date of Financial Statements: September 30, 20xx

Accounting application: Fund Balance with Treasury

SPECIFIC CONTROL EVALUATION

Preparer: . (Line Item/ Account- Related) Region: . File:

Date: Page 4 of 7 April 2003 GAO/ PCIE Financial Audit Manual - Part II
Page 921 C- 4 Relevant assertions in line

items Accounting application assertions

FBWT Various Potential misstatements in accounting application

assertions Control objectives Internal control activities IS (Y/ N)
Effectiveness

of control activities

W/ P ref. & control

testing step Valuation or

allocation Valuation Valuation

Accuracy

3. FBWT receipt and disbursement transactions are

recorded incorrectly. 3a. FBWT

transactions should be recorded accurately. 1. Same as 1.1a. 1.

2. Same as 1.1a. 2. 3. Same as 1.1a. 3.

N N

FB- 4 FB- 5 &

FB- 6 Rights and obligations:

Rights Rights Ownership 4. Recorded FBWT is owned by others. 4a. Agency
should

own recorded FBWT. 1. Agency staff reconciles

Treasury appropriation warrants, appropriation

recissions, and nonexpenditure transfers to FBWT accounts.

2. Agency staff reconciles expenditure (cash receipts

and disbursements) activity to the FBWT accounts. N FB- 8

FB- 4, FB- 5,

FB- 6

Substantive Testing 921 C * Example Specific Control Evaluation for Fund
Balance with Treasury Entity: Agency

Date of Financial Statements: September 30, 20xx

Accounting application: Fund Balance with Treasury

SPECIFIC CONTROL EVALUATION

Preparer: . (Line Item/ Account- Related) Region: . File:

Date: Page 5 of 7 April 2003 GAO/ PCIE Financial Audit Manual - Part II
Page 921 C- 5 Relevant assertions in line

items Accounting application assertions

FBWT Various Potential misstatements in accounting application

assertions Control objectives Internal control activities IS (Y/ N)
Effectiveness

of control activities

W/ P ref. & control

testing step

Rights 5. Agency does not have certain rights to recorded FBWT

because of appropriation restrictions. 5a. Recorded FBWT

should be agencies' rights at a given date.

1. Same as 4.4a. 1. N

FB- 8

Substantive Testing 921 C * Example Specific Control Evaluation for Fund
Balance with Treasury Entity: Agency

Date of Financial Statements: September 30, 20xx

Accounting application: Fund Balance with Treasury

SPECIFIC CONTROL EVALUATION

Preparer: . (Line Item/ Account- Related) Region: . File:

Date: Page 6 of 7 April 2003 GAO/ PCIE Financial Audit Manual - Part II
Page 921 C- 6 Relevant assertions in line

items Accounting application assertions

FBWT Various Potential misstatements in accounting application

assertions Control objectives Internal control activities IS (Y/ N)
Effectiveness

of control activities

W/ P ref. & control

testing step Presentation and disclosure Disclosure Disclosure Account
classification 6. FBWT is not properly classified and described in the
financial

statements. 6a. FBWT should be properly classified and described in the
financial

statements. 1. Agency staff reconciles

Treasury Undisbursed Appropriation Account and

Receipt Account trial balances to the G/ L accounts.

2. The Chief Accountant reviews the FBWT account analysis and crosswalk to
the FS against the Treasury Financial Management

Supplement* U. S. Government Standard

General Ledger (section V). N FB- 6

FB- 9

Substantive Testing 921 C * Example Specific Control Evaluation for Fund
Balance with Treasury Entity: Agency

Date of Financial Statements: September 30, 20xx

Accounting application: Fund Balance with Treasury

SPECIFIC CONTROL EVALUATION

Preparer: . (Line Item/ Account- Related) Region: . File:

Date: Page 7 of 7 April 2003 GAO/ PCIE Financial Audit Manual - Part II
Page 921 C- 7 Relevant assertions in line

items Accounting application assertions

FBWT Various Potential misstatements in accounting application

assertions Control objectives Internal control activities IS (Y/ N)
Effectiveness

of control activities

W/ P ref. & control

testing step Presentation Presentation Consistency

7. The financial state ments components

of FBWT are based on accounting principles different from those used in

prior periods. 7a. FBWT should be based on

accounting principles that are applied consistently from

period to period. 1. The CFO, Reports and

Analysis Branch Chief, and the Chief Accountant review the financial
statements for consistently applied accounting principles.

N FB- 10

Disclosure Disclosure Disclosure 8. Required information is not disclosed
in the financial statements

or in the footnotes thereto. 8a. The financial statements or footnotes
thereto should contain

all information required to be disclosed.

1. The CFO, Reports and Analysis Branch Chief, and the Chief Accountant
review the financial statements for consistently applied

accounting principles and required disclosure.

N FB- 10

Note 1: The internal control activities 1.1a. 1 and 1.1b. 1 generally rely
on system outputs that are dependent on IS general controls, which may be
ineffective at some agencies. (Tests of controls over agencies' general
ledger systems should be included as part of computer control tests.) The
control activity 1.1a. 2 validates receipt and disbursement balances with
Treasury records that are obtained from third parties (banks, Treasury
regional finance centers, other agencies).

[This page intentionally left blank.]

Substantive Testing 921 D - EXAMPLE AUDIT PROCEDURES FOR FUND

BALANCE WITH TREASURY April 2003 GAO/ PCIE Financial Audit Manual - Part
II Page 921 D- 1 Entity
_______________________________________________________________ Period of
financial statements ____________________________________________ Job code
_____________________________________________________________

FBWT Example Audit Procedures: Description of Procedure Done by/ date W/ P

ref I. Planning Phase FB- 1 A. To obtain an understanding of the agency's
accounting

and reporting requirements for Fund Balance with Treasury (FBWT) accounts,
read the following documents:

Treasury Financial Manual, Volume I, part 2, chapter 5100 - Reconciling
Fund Balance with Treasury accounts, http:// fms. treas. gov/ fundbalance.

Current OMB bulletin, Form and Content of Agency Financial Statements.
Statements of Federal Financial Accounting Standards (SFFAS No. 1).

Agency accounting policies and procedures for the Fund Balance with
Treasury Accounts.

B. Read prior year documentation, financial statements, and related
auditor's reports to determine if there were any audit issues/ reportable
conditions related to FBWT.

Substantive Testing 921 D * Example Audit Procedures for Fund Balance with
Treasury April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 921 D-
2

FBWT Example Audit Procedures: Description of Procedure Done by/ date W/ P

ref II. Internal Control Phase FB- 2 A. To obtain an understanding of the
agency's internal

controls over FBWT accounts, perform the following: 1. Interview key
agency staff about the FBWT

procedures and controls in place at the agency. a. Determine what method
the agency uses to

disburse funds (FMS regional finance centers, on its own behalf, and/ or
both methods). b. Obtain an understanding of the significant

accounting systems and controls used in reporting and accounting for FBWT
transactions. c. Identify FBWT line item general ledger accounts. d.
Obtain an understanding of the agency's FBWT reconciliation procedures.
Ask

if and how the agency tracks differences between the agency's and Treasury
FBWT records;

what suspense accounts, if any, are used by the agency to track
unreconciled differences;

if the agency has a process/ system for aging unreconciled differences;
and

how the agency reports and handles differences.

B. Walk through the FBWT reconciliation process and determine whether
reconciliation controls have been placed in operation.

Substantive Testing 921 D * Example Audit Procedures for Fund Balance with
Treasury April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 921 D-
3

FBWT Example Audit Procedures: Description of Procedure Done by/ date W/ P

ref III. Testing Phase FB- 3 A. To determine whether the agency's
reconciliation of the

monthly SF 224, 1219/ 1220 or 1218/ 1221 Statement of Transactions/
Accountability report submitted to Treasury, to the applicable general
ledger (G/ L) accounts is effective (existence): 1. Obtain a list of the
agency's Agency Location Codes

(ALCs). Agency ALCs can be obtained through the GOALS. ALCs indicate the
agency*s method of disbursement. Four digit ALCs indicate a nonTreasury

disbursing agency. Eight digit ALCs indicate a Treasury disbursing agency.
2. Obtain the monthly Statements of Transactions (SF

224) or Statements of Accountability/ Transactions (SF 1219/ 1220 or 1218/
1221) for each ALC for the fiscal year, or for the period being audited if
testing at an interim date. 3. Select the individual Statements of
Transactions (SF

224) or Statements of Accountability/ Transactions (SF 1219/ 1220 or 1218/
1221) to be tested (use separate forms to document the sampling plan).
Indicate selection method.

Dollar unit sampling (DUS),

Classical Variables Estimation Sampling, or

Other (describe) ___________________________

For each statement selected: a. Compare the ALC on the SF 224 or SF 1219/
1220

or 1218/ 1221 to the agency's list of ALCs. b. Trace monthly collection
and disbursement

amounts reported on the SF 224, SF 1219/ 1220 or SF 1218/ 1221 to amounts
recorded in the agency's official accounting records (G/ L). c. Trace any
prior period adjustment amounts reported on the SF 224, SF 1219/ 1220 or
SF

1218/ 1221 to supporting documentation and the agency's G/ L. d. Examine
supporting documentation for any

differences.

Substantive Testing 921 D * Example Audit Procedures for Fund Balance with
Treasury April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 921 D-
4

FBWT Example Audit Procedures: Description of Procedure Done by/ date W/ P

ref

B. Summarize the results of testing. C. Determine whether the results of
testing indicate that combined risk should be assessed differently and
whether the audit procedures should be revised.

FB- 4 A. To determine whether the agency is properly reconciling
collection and disbursement differences identified by Treasury (existence
and completeness): 1. Obtain the following Treasury reports for each ALC

for each month of the fiscal year, or for the period being audited if
testing at an interim date.

Final month- end Statements of Differences (FMS 6652). Note: To obtain the
population of Statements of Differences, obtain the initial month- end
Statements of Differences issued by Treasury. Treasury issues month- end
Statements of Differences for each accounting month (when differences are
identified) and continues to send statements for that month until the
difference is cleared. To obtain the initial differences reports for the
period being audited, obtain the reports that show the same

accounting date and audit date on the statement, indicating that this is
the initial statement of differences issued for that month.

Advice of Check Issued Discrepancy reports (FMS 5206). (Note: This step
applies only for agencies that disburse their own funds * NonTreasury
Disbursing Offices (NTDO) agencies.) Treasury letters notifying the agency
of

outstanding differences between amounts reported on the SF 1219/ 1220 or
SF 1218/ 1221 and its check issued summary reports. (Note: This step
applies only for NTDO agencies.)

Substantive Testing 921 D * Example Audit Procedures for Fund Balance with
Treasury April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 921 D-
5

FBWT Example Audit Procedures: Description of Procedure Done by/ date W/ P

ref

Select the individual statements/ letters to be tested (use separate forms
to document the sampling plan). Indicate selection method:

Dollar unit sampling (DUS),

Classical variables estimation sampling, or

Other (describe). _____________________________ For each statement/ letter
selected: a. Compare the ALC number on the

statement/ report to the agency's list of ALCs. b. Examine the agency's
reconciliation

files/ documentation supporting the reconciliation of the difference, and
determine if differences were adequately researched and resolved. c. Trace
resulting adjustments, if any, to

subsequent month Treasury reporting (SF 224, 1219/ 1220, or 1218/ 1221)
and/ or the agency general ledger accounts to determine if adjustments
were properly recorded. (Note: reconciling items do not always result in
adjustments to the G/ L and/ or Treasury records. The resulting
adjustment, if any, depends on the cause of the difference. For example,
an adjustment to the agency's G/ L is not necessary when a bank error
caused the difference. The bank is responsible for reporting the
adjustment to Treasury.)

B. Summarize the results of testing and conclude on the effectiveness of
the agency's reconciliation controls. C. Determine if the results of
testing indicate that

combined risk should be assessed differently and if the audit procedures
should be revised.

Substantive Testing 921 D * Example Audit Procedures for Fund Balance with
Treasury April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 921 D-
6

FBWT Example Audit Procedures: Description of Procedure Done by/ date W/ P

ref FB- 5 A. To determine if the agency's monthly reconciliation of

its G/ L to Treasury records is effective (existence and completeness): 1.
For the months that correspond to the Statements of Differences selected
above, obtain the

Undisbursed Appropriation Account ledgers (FMS 6653) and Receipt Account
ledgers (FMS 6655) sent by Treasury and the agency's reconciliation.

Trace the FMS 6653/ 6655 balance per the agency reconciliation to the FMS
6653/ 6655 reports sent by Treasury.

Trace the G/ L account balances per the reconciliation to the appropriate
G/ L accounts.

Trace account activity per the FMS 6653/ 6655 to the agency G/ L. (Note:
Typical activity, other than agency disbursements and receipts, may

include supplemental appropriations, nonexpenditure transfers, and entries
reported by other agencies.)

Examine supporting documentation for reconciling items.

Determine if the appropriate adjustments were made to the general ledger
or that Treasury had been notified of needed corrections.

B. Summarize the results of testing and conclude on the effectiveness of
the agency's reconciliation controls. C. Determine if the results of
testing indicate that

combined risk should be assessed differently and if the audit procedures
should be revised.

Substantive Testing 921 D * Example Audit Procedures for Fund Balance with
Treasury April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 921 D-
7

FBWT Example Audit Procedures: Description of Procedure Done by/ date W/ P

ref FB- 6 A. To determine whether the agency's year- end

(September) reconciliation of FBWT accounts is effective (existence and
completeness): 1. Obtain the Agency's year- end (September) FBWT

reconciliation and Treasury's September Undistributed Appropriation
Account Ledger (FMS 6653) and Receipt Account Ledger (FMS 6655).

Trace appropriation, fund, and receipt account balances reported on the
Treasury account ledgers to the agency's reconciliation.

Trace the appropriation, fund, and receipt account balances reported on
the Treasury account ledgers to the agency general ledger. Examine
supporting documentation for

reconciling items.

Determine if appropriate adjustments were made to the G/ L and/ or
reported to Treasury. 2. Obtain the year- end (September) Statements of

Differences reports issued by Treasury (FMS 6652, and/ or FMS 5206 and
Treasury notification letters).

Trace reported differences to the agency's reconciliation to determine if
all differences were included in the FBWT reconciliation.

Examine supporting documentation and determine if differences were
adequately resolved.

Trace resulting adjustments to supplemental Statements of Transactions/
Accountability or subsequent month Treasury reporting (SF 224, 1219/ 1220,
or 1218/ 1221) and/ or the agency general ledger. 3. Summarize the results
of testing.

Substantive Testing 921 D * Example Audit Procedures for Fund Balance with
Treasury April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 921 D-
8

FBWT Example Audit Procedures: Description of Procedure Done by/ date W/ P

ref FB- 7 A. To determine the extent of unreconciled differences at

year- end and the potential impact on the agency FBWT account balance: 1.
Determine if unresolved differences reported by

Treasury on Statements of Differences as of September 30 for the fiscal
year being audited were subsequently resolved and properly accounted for.

Obtain the Statements of Differences for the months subsequent to year-
end (October through end of fieldwork).

Identify unreconciled differences outstanding at 9/ 30 that were
subsequently resolved.

Determine if the differences were adequately researched and resolved.

Determine if the appropriate adjustments were made to the agency FBWT
accounts or that Treasury had been notified of needed corrections.

2. Determine the extent of unreconciled differences included in suspense
accounts that are not included on Statements of Differences.

Obtain suspense account transaction detail report as of 9/ 30 for the year
being audited.

Obtain suspense account transaction detail report for months subsequent to
year- end (October through end of fieldwork).

Identify unreconciled differences outstanding at 9/ 30 that were
subsequently resolved.

Determine if the differences were adequately researched and resolved.

Determine if the appropriate adjustments were made to the agency FBWT
accounts or that Treasury had been notified of needed corrections.

3. Assess the materiality of all unreconciled differences outstanding (at
absolute value).

Substantive Testing 921 D * Example Audit Procedures for Fund Balance with
Treasury April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 921 D-
9

FBWT Example Audit Procedures: Description of Procedure Done by/ date W/ P

ref

4. Summarize test results. 5. Document the potential effect of material
unreconciled differences on the FBWT line item and other financial
statement accounts. FB- 8 A. To determine if the agency recorded warrants,

appropriation transfers, and rescissions properly, perform the following
(rights and obligations): 1. For first year appropriations, obtain copies
of the

appropriation legislation and U. S. Treasury Appropriation Warrants (FMS
6200) for the fiscal year.

Compare the warrants to the appropriation legislation.

Trace amounts reported on the appropriation warrants to beginning
appropriation balances recorded in the general ledger FBWT accounts.

Examine supporting documentation for any differences/ reconciling items.

2. For other than first year appropriations, trace the beginning balances
recorded in the general ledger to audited ending balances of the prior
fiscal year financial statements. (Note: If this is a first year audit,
additional work may be necessary to substantiate the beginning FBWT
account balance. For example, the auditor may need to consider if the
reconciliation process has been effective over the life of the
appropriations. This may require review of prior year reconciliations.)

Substantive Testing 921 D * Example Audit Procedures for Fund Balance with
Treasury April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 921 D-
10

FBWT Example Audit Procedures: Description of Procedure Done by/ date W/ P

ref

3. For appropriation activity occurring during the fiscal year being
audited (supplemental appropriations, rescissions, and nonexpenditure
transfers), obtain copies of related legislation for supplemental
appropriation and rescission warrants and U. S. Treasury Non- Expenditure
Transfer

Authorizations form (FMS 1151) for the fiscal year.

Compare supplemental appropriations and rescissions recorded in the
agencies' FBWT account to appropriation legislation and to U. S. Treasury
warrants.

Compare non- expenditure transfer amounts recorded in the agencies' FBWT
account to approved Non- Expenditure Transfer Authorizations form (FMS
1151).

4. Examine supporting documentation for any differences/ reconciling
items.

FB- 9 A. To determine the existence and completeness of the appropriation,
fund, and receipt accounts included in the FBWT financial statement
balance (existence, completeness, presentation and disclosure): 1. Obtain
the agency "crosswalk" of G/ L accounts included in the FBWT line item and
the September

Treasury Undisbursed Appropriation Account Trial Balance and Receipt
Account Trial Balance.

Trace account balances listed on the Treasury trial balances to the agency
crosswalk of G/ L accounts included in the FBWT line item.

Determine the status of accounts (i. e., open, expired, canceled) and
assess whether the account is appropriately included in the FBWT line
item.

Obtain an explanation and determine the appropriateness of accounts
omitted from or included in the crosswalk that were not included in the
Treasury trial balance.

Substantive Testing 921 D * Example Audit Procedures for Fund Balance with
Treasury April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 921 D-
11

FBWT Example Audit Procedures: Description of Procedure Done by/ date W/ P

ref IV. Reporting Phase FB- 10

A. To determine if the FBWT balance appears reasonable (analytical
procedure): 1. Compare the G/ L accounts that constitute the FBWT

with expectations and obtain explanation for any unexpected changes (e.
g., credit balances, new accounts, closed accounts) or the absence of
expected changes. 2. Determine if additional testing is necessary. B. To
assess whether the presentation of the financial

statements and footnote disclosures for the FBWT line item are in
accordance with U. S. generally accepted accounting principles (SFFAS No.
1) (presentation and disclosure) (see GAO/ PCIE FAM, Part II, section
1004- Financial Reporting: Checklist for Reports Prepared under the CFO
Act): 1. Determine if the agency has presented and disclosed FBWT in the
notes to the financial statements in

accordance with U. S. generally accepted accounting principles. 2.
Determine if material unreconciled differences are

disclosed and explained in the notes to the financial statements. 3.
Determine if material unreconciled differences that

were written off by the agency during the fiscal year being audited are
disclosed in the notes to the financial statements. 4. Determine if
material restrictions, if any, have been

properly disclosed.

FB- 11

A. Prepare proposed audit adjustments, if any. B. Conclude if the FBWT
line item is fairly stated and if the controls over FBWT are effective.

[This page intentionally left blank.]

Reporting 1002 * INQUIRIES OF LEGAL COUNSEL

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 1002- 1 .01
This section provides guidance on procedures for the auditor to perform to

obtain evidence that the financial accounting and reporting of
contingencies 1 regarding litigation, claims, and assessments conform with
U. S. generally accepted accounting principles (GAAP), as described in FAM
sections 280 and 550. This section discusses the accounting and reporting
guidance and audit procedures for inquiries of legal counsel concerning
litigation, claims, and assessments, and includes examples of a legal
representation letter request, a legal representation letter response,
including the Department of Justice's standard forms for legal
contingencies, and management's schedule for

summarizing the information contained in the legal response.

ACCOUNTING AND REPORTING GUIDANCE

.02 Entity management is responsible for implementing policies and
procedures to identify, evaluate, account for, and disclose litigation,
claims, and assessments as a basis for the preparation of financial
statements in conformity with GAAP.

.03 Statement of Federal Financial Accounting Standards (SFFAS) No. 5,
Accounting for Liabilities of the Federal Government, as amended by SFFAS
No. 12, Recognition of Contingent Liabilities Arising from Litigation: An
Amendment of SFFAS No. 5, Accounting for Liabilities of the Federal
Government, contains accounting and reporting standards for loss
contingencies, including those

arising from litigation, claims, and assessments. 2 The Federal Accounting
Standards Advisory Board (FASAB) Interpretation No. 2, Accounting for
Treasury Judgment Fund Transactions, clarifies GAAP related to claims to
be

1 Environmental and disposal liabilities are a type of contingency that is
often a significant issue. 2 SFFAS No. 7 has guidance for reporting claims
for tax refunds. Rather than

recognizing probable claims and disclosing other claims in the notes to
the financial statements, SFFAS No. 7 indicates that other claims for
refunds that are probable should be included as supplementary information.

Reporting 1002 - Inquiries of Legal Counsel

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 1002- 2 paid
through the Treasury Judgment Fund. 3 Statement of Financial Accounting

Standards No. 5, Accounting for Contingencies, also provides guidance for
financial accounting and reporting for loss and gain contingencies for
those entities following GAAP for nongovernmental entities. The definition
of probable for legal contingencies is now essentially the same in
Statement of Financial Accounting Standard No. 5 and SFFAS No. 5, since
SFFAS No. 12 has amended the latter.

.04 A contingency is an existing condition, situation, or set of
circumstances involving uncertainty as to possible gain or loss to an
entity. The uncertainty will ultimately be resolved when one or more
future events occur or fail to occur. When a loss contingency exists, the
likelihood that the future event or events will confirm the loss or
impairment of an asset or the incurrence of a liability can range from
probable to remote. SFFAS Nos. 5 and 12 use the terms probable, reasonably
possible, and remote to identify three areas within the range of potential
loss, as follows:

Probable* For pending or threatened litigation and unasserted claims, the
future confirming event or events are likely to occur. (For other
contingencies, the future event or events are more likely than not to
occur.)

Reasonably possible* The chance of the future event or events occurring is
more than remote but less than probable.

Remote* The chance of the future event or events occurring is slight. 3 A
permanent, indefinite appropriation, commonly known as the Judgment Fund,

is available to pay final judgments, settlement agreements, and certain
types of administrative awards against the United States when payment is
not otherwise provided for. The Secretary of the Treasury certifies all
payments from the fund. (See 31 U. S. C. 1304, Judgments, awards, and
compromise settlements.) FASAB Interpretation No. 2 clarifies how federal
entities should report the costs and liabilities arising from claims to be
paid by the Judgment Fund and how the Judgment Fund should account for the
amounts that it is required to pay on behalf of federal entities.

Reporting 1002 - Inquiries of Legal Counsel

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 1002- 3 .05 A
liability and the related cost for an estimated loss from a loss
contingency

should be recognized (accrued by a charge to income) when 4 a. a past
event or exchange transaction has occurred, b. a future outflow or other
sacrifice of resources is probable, and c. the future outflow or sacrifice
of resources is measurable. .06 Disclosure of the nature of an accrued
liability for loss contingencies, including

the amount accrued, may be necessary for the financial statements not to
be misleading. For example, if the amount recognized is large or unusual,
disclosure should be considered. However, if no accrual is made for a loss
contingency because one or more of the conditions in paragraph 1002.05 are
not

met, disclosure of the contingency should be made when there is at least a
reasonable possibility that a loss has been incurred. The disclosure
should include the nature of the contingency, and an estimate of the
possible liability or range of possible liability, if estimable, or a
statement that such an estimate cannot be made. In addition, if the
Judgment Fund might be involved in the payment of the possible loss, the
federal entity involved in the litigation should discuss the Judgment
Fund's role in a note to the financial statements.

.07 Although management often relies on advice of legal counsel about the
(a) likelihood of an unfavorable outcome and (b) estimates of the amount
or range of potential loss for litigation, claims, and assessments,
management is ultimately responsible for determining whether these
contingencies are probable, reasonably possible, or remote. Management
does this to decide whether they should be recognized as liabilities and/
or disclosed in the notes to the financial statements. Thus, the Office of
Management and Budget's (OMB) audit guidance requires CFO Act agency
management to prepare a schedule summarizing legal contingencies including
whether they are probable, reasonably possible, or remote, and whether
(and in what amounts) they have been accrued or disclosed in the financial
statements (see example summary schedule in FAM section 1002 D).

4 If the Judgment Fund will pay the claim, the entity should still
recognize the liability and cost at this time. Once the claim is settled
or a court judgment is assessed and the Judgment Fund is determined to be
the appropriate source for

payment, the entity should reduce the liability by recognizing an
(imputed) financing source. Note that for Judgment Fund payments made
under the Contract Disputes Act and in employment discrimination cases,
the entity should instead establish a payable to reimburse the Judgment
Fund.

Reporting 1002 - Inquiries of Legal Counsel

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 1002- 4

AUDIT PROCEDURES

.08 The auditor should design procedures to test the entity's accounting
for and disclosure of litigation, claims, and assessments. AU 337 (SAS 12)
provides guidance on the procedures to identify litigation, claims, and
assessments so that the auditor may obtain evidence that they are
appropriately accounted for and disclosed. AU 9337 provides auditing
interpretations of AU 337. OMB guidance for audits of federal financial
statements also contains procedures for inquiries of legal counsel. (See
FAM section 1002 A for example audit procedures.)

.09 The auditor should obtain evidence relevant to the following factors
with respect to litigation, claims, and assessments:

a. The existence of a condition, situation, or set of circumstances
indicating uncertainty as to the possible loss to an entity arising from
litigation, claims, and assessments.

b. The period in which the underlying causes for legal action occurred. c.
The likelihood of an unfavorable outcome (probable, reasonably possible,
or

remote). d. The amount or range of potential loss, if estimable. .10 The
auditor should discuss with management the events or conditions that
should

be considered in the accounting for and reporting of litigation, claims,
and assessments. The auditor should perform audit procedures to
corroborate the information provided by management, including requesting
that management send a legal letter request to the entity's legal counsel.
An example audit program is in FAM section 1002 A. The audit procedures
should be modified, as appropriate, for the particular entity.

.11 A letter from legal counsel to the auditor, in response to a legal
letter request from management to legal counsel, is the auditor's primary
means of corroborating the information furnished by management concerning
the accuracy and completeness of litigation, claims, and assessments. The
legal letter request may include a list of pending or threatened
litigation, claims, and assessments or a request by management that legal
counsel prepare the list. The legal letter request also may include a list
of unasserted claims and assessments considered probable of assertion, and
that, if asserted, would have at least a reasonable possibility of an
unfavorable outcome, to which legal counsel has devoted substantive
attention on the entity's behalf in the form of legal

consultation or representation (or a statement that management is not
aware of

Reporting 1002 - Inquiries of Legal Counsel

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 1002- 5 any
matters meeting the criteria). Legal counsel then would supplement

management's information about those unasserted claims and assessments,
including an explanation of matters where his or her views differ from
those expressed by management in the legal letter request. In the federal
government, where the general counsel may be part of management, the
general counsel may instead provide the list of unasserted claims or
assessments meeting the above criteria. The legal letter request should
also include a request for legal counsel to make a statement that he or
she will advise management about unasserted claims and assessments that
should be considered for disclosure. (See the example

request and response in FAM sections 1002 B and 1002 C.)

Timing of Legal Letter Request and Responses .12 The audit procedures for
inquiries of legal counsel concerning litigation, claims, and assessments
should be performed on a timely basis to give priority to the resolution
of potential problem areas and to complete other procedures. To meet
deadlines, the auditor, entity management, and legal counsel should
coordinate the timing of legal letter requests, responses (including
interim responses), and related management schedules. The auditor and the
entity management should consider the due dates for providing legal letter
responses for the entity financial statements as well as for the U. S.
Government's

Consolidated Financial Statements. (OMB sometimes provides these dates for
the governmentwide audit.) The due dates should enable the auditors to
timely complete their work, including the potential need for management to
inquire of Department of Justice legal counsels on a case- specific basis.
.13 In addition, when an entitywide audit team uses the work of entity
component

audit teams, the entitywide and component audit teams should coordinate
the timing of legal letter requests, responses, and management schedules
and consider the due dates for the component financial statements as well
as the entitywide financial statements. The entitywide team generally
should receive copies of the component letters.

.14 The legal counsel's response should include matters that existed at
the balance sheet date and through the end of fieldwork. The effective
date (the latest date covered by the legal counsel's review) should be as
close as feasible to the

completion of fieldwork. If the effective date is substantially in advance
of the end of fieldwork (for example, earlier than 2 weeks before end of
fieldwork), the auditor should contact the legal counsel for an updated
response. To avoid this situation, the legal letter request should clearly
specify the period the legal

counsel's response should cover and the date the auditor should receive
the response.

Reporting 1002 - Inquiries of Legal Counsel

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 1002- 6 .15 To
assist the auditor in completing the review of legal matters in a timely
manner

(and to assist management in preparing the financial statements), the
auditor may ask management to request legal counsel to submit a
preliminary or interim response covering matters that existed at the
balance sheet date and through a point in time reasonably before the end
of fieldwork so that a preliminary evaluation of the significance of
material legal matters can be made. Then, the legal counsel should submit
a final or updated response covering matters through the end of fieldwork.
The updated response generally should contain only changes or a statement
indicating there are no changes from the interim response. (See FAM
section 1002 B for an example legal letter request that includes requests
for interim and updated responses from legal counsel.)

Determining a Materiality Level .16 The auditor may limit the inquiry to
matters that are considered individually or collectively material to the
financial statements, provided the entity and the auditor have reached an
understanding and agreement on the materiality level. The materiality
level, if used, should be documented in the legal letter request and in
the response.

.17 In determining a materiality level for the legal letter, the auditor
should set the level sufficiently low that the cases not included in the
legal letter would not be material to the financial statements taken as a
whole when aggregated with (1) other cases not included in the letter, (2)
all other types of contingencies, (3) all other items that would not be
adjusted because they are judged immaterial (unadjusted misstatements),
(4) all other amounts in the financial statements that would not be tested
directly because they were judged to be immaterial, and

(5) all other items resolved on the basis of materiality considerations.
For example, 2.5 percent of design materiality is used for individual
cases in the U. S Government's Consolidated Financial Statements and 5
percent of design materiality is used for the aggregate of all cases.

.18 In aggregating cases, the auditor and the entity may use two levels of
aggregation. First, similar cases (such as employment discrimination
cases, harbor maintenance fee cases, spent nuclear fuel cases, or military
promotion board challenges) should be aggregated and treated as a group
and compared with the individual materiality level. The aggregation
generally should include a list of the individual cases that are
aggregated and a discussion of the items of information requested to be
included in the legal letter for the aggregated cases (see FAM sections
1002 B and 1002 C). Second, all cases not included in the legal letter
individually or as part of a group of similar cases should be aggregated.
A higher materiality level may be used for such an aggregation; however,
this higher materiality level should be set sufficiently low that the
cases not included in the

Reporting 1002 - Inquiries of Legal Counsel

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 1002- 7 legal
letter would not be material to the financial statements taken as a whole

when aggregated with the other items listed in the previous paragraph. .19
Where the entity engages more than one legal counsel, the auditor should

exercise caution so that matters considered not material individually
would not, when aggregated, exceed the materiality limit. In addition,
when separate legal representation letters are issued on individual
components/ bureaus of a consolidated entity because of individual
component audits, the auditor may determine materiality levels for each
component/ bureau.

Legal Counsels from Whom Information Should Be Requested

.20 Most federal agencies have a general counsel who has primary
responsibility for and knowledge about the entity's litigation, claims,
and assessments. The auditor should request entity management to send a
legal letter request to the general counsel. In addition, the auditor
should ask the management and/ or general counsel whether the entity used
outside legal counsel whose engagement may be limited to particular
matters (e. g., specific litigation).

.21 In the federal government, the main legal counsel outside of the
entity is the Department of Justice. 5 The entity's management, its legal
counsel, or the auditor may consult with Justice as well as other outside
legal counsel to assure completeness and accuracy of the presentation of
matters related to litigation, claims, and assessments. Such consultation
may include requesting a list of pending litigation, claims, and
assessments from Justice or other outside legal counsel, or discussion of
specific cases.

.22 The legal response should cover all litigation, claims, and
assessments pertaining to the federal reporting entity, including matters
handled by Justice and other outside legal counsel on behalf of the
entity. If the general counsel has overall responsibility for handling and
evaluating litigation, claims, and assessments, his or her evaluation and
responses ordinarily would be considered adequate.

5 The Accounting and Auditing Policy Committee (AAPC) guidance (Technical
Release No. 1) clarifies FASAB Interpretation No. 2, with respect to the
Department of Justice's role related to legal letters in cases in which
Justice's legal counsels are handling legal matters on behalf of other
federal reporting entities. The letter from the entity's general counsel
may provide sufficient evidence for the auditor. If the auditor determines
that additional evidence is

needed about a specific case, the auditor may request entity management
and legal counsel to send a legal letter request to Justice, directed to
the lead Justice legal counsel handling the case, asking that person to
provide a description and evaluation directly to the auditor.

Reporting 1002 - Inquiries of Legal Counsel

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 1002- 8
However, evidential matter obtained from inside legal counsel is not a
substitute

for information that outside legal counsel refuses to furnish to the
auditor. .23 Where there is no general counsel and management has not
consulted legal

counsel, the auditor should obtain a written representation from
management that legal counsel has not been consulted. Such representation
may be incorporated as an item in the management representation letter.
(See FAM sections 550 and 1001.) (An example item is: "We are not aware of
any pending or threatened litigation, claims, or assessments or unasserted
claims or assessments that are required to be accrued or disclosed in the
financial statements in accordance with SFFAS No. 5. We have not consulted
legal counsel concerning litigation, claims, or assessments.")

Evaluation of Responses

.24 Written responses from legal counsel will vary considerably in the
scope of information provided and in the opinion expressed. In preparing
the responses, legal counsels should consider the guidance contained in
the American Bar Association's Statement of Policy Regarding Lawyers'
Responses to Auditors' Requests for Information (ABA Policy Statement)
(included in its entirety in AU 337 C). If legal counsel does not follow
the ABA Policy Statement in responding to the auditor, the legal counsel's
response nevertheless should meet the requirements of AU 337.

.25 The response should cover all components included in the financial
statements being audited. Legal counsel generally should indicate the
disposition of cases included in the prior year's letter that are no
longer contingencies. .26 The auditor should evaluate each response in
terms of sufficiency as evidence

and consider (a) the possible limitations on the scope of legal counsel's
responses and (b) the lack of sufficient opinion on the resolution of a
case. AU 9337 provides guidance in evaluating legal counsel's responses.
The auditor also should consider the legal counsel's response in light of
any other information that comes to the auditor's attention. Possible
Limitations on the Scope of Legal Counsel's Responses .27 When legal
counsel limits his/ her responses, the auditor should determine

whether the limitation affects the auditor's report. A legal counsel may
appropriately limit responses to certain matters; for example, to matters
that (a) the legal counsel has given substantive attention to in the form
of legal

consultation or representation and (b) are considered individually or
collectively material to the financial statements, provided the entity and
the auditor have

Reporting 1002 - Inquiries of Legal Counsel

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 1002- 9 reached
an understanding on materiality levels. These limitations are acceptable

and not limitations on the scope of the audit. .28 The following are
examples of limitations on legal counsel's responses that are not
acceptable to the auditor and that would ordinarily result in a scope
limitation:

a. Legal counsel refuses to furnish the requested information. When legal
counsel refuses to furnish the information requested in the legal letter
request, the auditor should consider this matter as a scope limitation
sufficient to preclude an unqualified opinion.

b. Legal counsel excludes matters requested. The legal counsel's responses
may not address all information requested. The auditor should compare
legal counsel's response with the legal letter request and determine
whether legal counsel has addressed all the information requested. If
legal counsel excluded any of the requested matters, the auditor should
obtain responses for those matters from legal counsel. If the auditor is
unable to obtain all the information needed, the auditor should consider
this a scope limitation that could be sufficient to preclude an
unqualified opinion.

c. Legal counsel indicates that certain information is being withheld due
to attorney- client privilege. Under the American Bar Association (ABA)
Code of Professional Responsibility, legal counsel is required to preserve
the confidences and secrets of the client. Legal counsel may disclose
confidences to the auditor only with the consent of the client. If the
legal letter request is

prepared in accordance with AU 337, the auditor should expect that legal
counsel would be responsive; otherwise the scope of the audit would be
restricted. (On the other hand, explanatory language in the legal letter
request or in legal counsel's response emphasizing that management or
legal counsel does not intend to waive attorney- client privilege or
attorney work- product privilege does not result in a scope limitation.)

Lack of Sufficient Opinion on the Resolution of a Case .29 The following
are examples of the legal counsel's responses that lack sufficient opinion
on the resolution of a case. a. Uncertainties. A legal counsel may be
unable to respond concerning the

likelihood of an unfavorable outcome of litigation, claims, and
assessments or the amount or range of potential loss, because of inherent
uncertainties. In these circumstances, the auditor ordinarily will
conclude that the financial statements are affected by an uncertainty
concerning the outcome of a future

Reporting 1002 - Inquiries of Legal Counsel

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 1002- 10 event,
which is not susceptible to reasonable estimation. The auditor should

follow the guidance in FAM section 580 for reporting on uncertainties. b.
Unclear responses. Legal counsels sometimes use general terms to indicate

their evaluation of the outcome of a case. The ABA Policy Statement states
that legal counsel may, in the appropriate circumstances, communicate to
the auditor his/ her view that an unfavorable outcome is "probable" or
"remote." The legal letter responses may include phrases that mean remote
or probable. The phrases below are examples of opinions that provide
sufficient clarity that the likelihood of an unfavorable outcome is
remote:

"We are of the opinion that this action will not result in any liability
to the entity."

"We believe that the plaintiff's case against the entity is without
merit." The following are examples of opinions that indicate significant
uncertainty as to whether the entity will prevail:

"In our opinion, the entity has a substantial chance of prevailing in this
action." (A "substantial chance," a "reasonable opportunity," and similar
terms indicate more uncertainty than an opinion that the entity will
prevail.)

"It is our opinion that the entity will be able to assert meritorious
defenses to this action." (The term "meritorious defenses" indicates that
the court will not summarily dismiss the entity's defenses; it does not
indicate legal counsel's opinion that the entity will prevail.)

.30 To avoid unclear and incomplete responses, the auditor generally
should ask management to request legal counsel to use Justice's standard
forms to describe legal contingencies (see pages 1002 C- 4 to 6 for
examples of these forms). When legal counsel does not indicate whether the
unfavorable outcome is probable or remote, management and the auditor
should conclude that the outcome is reasonably possible and the case
should be considered for disclosure.

(Management, with legal counsel's advice, determines whether cases are
probable, reasonably possible, or remote, to decide whether they should be
recognized as liabilities and/ or disclosed in the notes to the financial
statements.)

.31 If the auditor is not certain about the legal counsel's evaluation,
the auditor should discuss the matters with the legal counsel and entity
management (and document the oral discussion) and/ or obtain written
clarification in a follow- up letter. Sometimes legal counsel may give a
clearer indication of likelihood orally. If legal counsel is unable to
give a clear evaluation of the likelihood of an

Reporting 1002 - Inquiries of Legal Counsel

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 1002- 11
unfavorable outcome, management should disclose the uncertainty and the

auditor should consider the uncertainty's effect on the audit report.
Example Legal Letter Request

.32 The legal letter request, which the auditor may assist management to
draft, should be on the audited entity's letterhead, signed by the Chief
Financial Officer (CFO), or equivalent, and request a reply directly to
the auditor and a copy to management by specified due dates. FAM section
1002 B shows an example legal letter request that includes requests for
interim and updated responses from legal counsel and matters that should
be covered in the letter.

Example Legal Counsel's Responses and Management's Schedule

.33 The General Counsel should respond on General Counsel letterhead to
the auditor with a copy to management by the agreed- upon due dates. The
response should indicate that it is provided for the auditor's use in
connection with the audit. .34 FAM section 1002 C shows an example of a
legal counsel response, including the

legal representation letter and Justice's legal contingency standard forms
for each case or group of cases, respectively. Justice's forms (pages 1002
C- 4 to 6) are on Justice's website: http:// www. usdoj. gov/ civil/
forms/ forms. htm.

.35 FAM section 1002 D shows an example of management's schedule that
documents how the information contained in the legal counsel's responses
was considered in preparing the financial statements. Management should
include

each case discussed in the legal letter and indicate (1) the amount
accrued for probable cases and (2) note disclosure for reasonably possible
cases, probable cases where the amount cannot be estimated, and probable
cases where a range of amounts above the accrued amount is estimated. The
electronic templates for FAM sections 1002 C (pages 1002 C- 1 to 3) and
1002 D are on OMB's website: http:// www. whitehouse. gov/ omb/ bulletins/
index. html.

PRACTICE AIDS

.36 The following practice aids are appended: Section 1002 A * Example
Audit Procedures; Section 1002 B * Example Legal Letter Request; Section
1002 C * Example Legal Representation Letter, including Justice's

Example Legal Contingencies Forms; and Section 1002 D * Example Management
Summary Schedule.

[This page intentionally left blank.]

Reporting 1002 A * EXAMPLE AUDIT PROCEDURES FOR

INQUIRIES OF LEGAL COUNSEL

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 1002 A- 1
Entity ______________________________________________________________

Period of financial statements _________________________________________
Job code ___________________________________________________________

Example Audit Procedures Done by/ date W/ P ref I. Testing Procedures 1.
Ask management about the entity's policies and

procedures for identifying, evaluating, and accounting for litigation,
claims, and assessment.

2. Obtain from management a description and evaluation of litigation,
claims, and assessments existing as of the balance sheet date and through
the date of management's response (which should be near the end of
fieldwork). (This may instead be obtained from the entity's legal
counsel.)

3. To determine whether an outside legal counsel is performing services
for the entity, inquire of management whether outside legal counsel has
been used by the entity and matters handled. Ask management for a list of
pending litigation, claims, and assessments from the Department of Justice
and/ or examine correspondence and invoices from other outside legal
counsel (e. g., for legal fees), if any.

Reporting 1002 A * Example Audit Procedures for Inquiries of Legal Counsel

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 1002 A- 2

Example Audit Procedures Done by/ date W/ P ref

4. Ask whether the entity has changed its general counsel or outside legal
counsel or the general counsel or outside legal counsel has resigned or
has indicated an intention to resign. If so, determine if there are
matters that may affect the financial statements. For example, in
appropriate circumstances, a legal counsel may be

required by the ABA Code of Professional Responsibility to resign the
engagement if the legal counsel's advice concerning disclosures is
disregarded by the entity.

5. To identify litigation, claims, and assessments read minutes of
management meetings, contracts, loan agreements, leases, and
correspondence from other government entities and discuss pertinent items
with management.

6. If information comes to the auditor' s attention that may indicate a
potential contingency with respect to litigation, claims, or assessments
that may require adjustment to or disclosure in the financial statements,
discuss with the entity its possible need to consult legal counsel.
Depending on the severity of the matter, refusal by the entity to consult
legal counsel in those circumstances may result in a scope limitation.
Consider the effect of such a limitation on the auditor's report.

Reporting 1002 A * Example Audit Procedures for Inquiries of Legal Counsel

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 1002 A- 3

Example Audit Procedures Done by/ date W/ P ref

7. Request entity management to send a legal letter request to the general
counsel asking counsel to respond directly to the auditor. (Obtain a copy
of the legal letter request.) Consider whether to also request legal
letters from any outside legal counsel. The legal letter should cover
litigation, claims, and assessments pertaining to the reporting entity,
including matters handled by the Department of Justice or other outside
legal counsel. (See Sections 1002 B for an example legal letter request.)
Coordinate with management and legal counsel to

determine the timing of legal letter requests and responses and related
management's summary/ schedules of information contained in legal

responses and

determine a materiality level to be included in the legal representation
letter.

8. Read the legal letter responses and management's schedules to identify
litigation, claims, and assessments. 9. Compare the description and
evaluation of the current

year's legal letter responses to the prior year's audit documentation. If
this comparison indicates that certain legal matters in the prior year are
no longer included, discuss these matters with management or legal counsel
to obtain an understanding of the reasons for the changes.

10. Determine whether the information in the legal representation letter
is consistent with management's schedule summarizing the information in
the letter and

related supporting documentation. 11. Discuss with legal counsel if the
information obtained is

not complete, clear, or consistent. 12. Evaluate legal counsel's responses
and determine the

effects of the responses on liabilities and related note disclosures in
the financial statements and on the auditor's report.

Reporting 1002 A * Example Audit Procedures for Inquiries of Legal Counsel

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 1002 A- 4

Example Audit Procedures Done by/ date W/ P ref

13. If a response date is substantially in advance of the audit report
date, for example, earlier than 2 weeks prior to date of auditors' report,
obtain a written or oral update response. (The longer the period between
the legal letter

and the audit report date, the more important a written update becomes.)

II. Reporting Procedures Obtain a representation from management in the
management representation letter (see FAM sections 550 and 1001) that the
entity has disclosed all unasserted claims that legal counsel has advised
are probable of assertion that, if asserted, would have at least a
reasonable possibility of an unfavorable outcome and must be disclosed. 1.
Discuss the description and evaluation of litigation,

claims, and assessments obtained with management to determine if,
subsequent to the date of legal counsel's response, there have been any
changes in status of the matters, changes in management's evaluation of
the outcome, or additional matters to be considered.

2. If there are significant changes in the status of the matters or new
matters, obtain a written confirmation or updated response from legal
counsel.

3. Have management include in the management representation letter
representations related to contingencies and determine if they are
appropriately

accrued and disclosed as required by SFFAS No. 5, as amended. If
management has not consulted legal counsel, obtain a written
representation from management that legal counsel has not been consulted.

This representation may be incorporated in the management representation
letter (see FAM sections 550 and 1001).

Reporting 1002 A * Example Audit Procedures for Inquiries of Legal Counsel

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 1002 A- 5

Example Audit Procedures Done by/ date W/ P ref

4. Read the entity's financial statements and notes and a. consider the
adequacy of financial statement

disclosure for contingencies with respect to litigation, claims, and
assessments;

b. determine if the financial statement disclosures for contingencies with
respect to litigation, claims, and assessments are prepared in accordance
with the OMB guidance on form and content of agency financial statements;
and

c. for federal entities involved in litigation for which the Judgment Fund
is a likely source of judgment or settlement, determine if a note to the
financial statements discusses the Judgment Fund's role in the

payment of a possible loss, as required by FASAB Interpretation No. 2,
Accounting for Treasury Judgment Fund Transactions.

5. Document conclusions reached concerning the accounting for and
disclosure of litigation, claims, and assessments, determine if
adjustments are necessary, and consider whether modification of the
auditor's report is appropriate (see FAM section 580).

[This page intentionally left blank.]

Reporting 1002 B * EXAMPLE LEGAL LETTER REQUEST

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 1002 B- 1
[Audited Entity Letterhead]

Date: [date] To: General Counsel From: Chief Financial Officer [signed]
Subject: [Auditor 's] Audits of the Fiscal Years 20X1 and 20X0 Financial

Statements Pursuant to 31 U. S. C. 3515, [Auditor name] is performing
audits of the financial statements of [entity] as of and for the fiscal
years ended September 30, 20X1, and 20X0. In performing audits of
government entities, auditors comply with Government Auditing Standards,
issued by the Comptroller General of the United

States (the "yellow book"). For financial statement audits, Government
Auditing Standards incorporate the fieldwork and reporting standards of
the American Institute of Certified Public Accountants (AICPA) and the
Statements on Auditing Standards that interpret them. Consistent with the
procedures contained in AU 337 of the AICPA's Codification of Statements
on Auditing Standards, [Auditor]

has inquired about litigation, claims, and assessments to obtain evidence
as to the financial accounting and reporting of such matters with respect
to the financial statements. The purpose of this letter is to request your
assistance in responding to that inquiry. The American Bar Association
Statement of Policy Regarding Lawyers' Responses to Auditors' Request for
Information (December 1975)

provides relevant guidance for the lawyer 's response to the auditor 's
request. In accordance with Statement of Federal Financial Accounting
Standards (SFFAS) Number 5, Accounting for Liabilities of the Federal
Government, as amended by SFFAS Number 12, and Interpretation Number 2 of
SFFAS Numbers 4 and 5, [entity] reports certain information in its
financial statements and notes concerning contingent liabilities for
litigation, claims, and assessments. We request that you provide [Auditor]
(with a copy to me) with information on matters with respect to which you
have been engaged and to which you have

devoted substantive attention on behalf of the [entity] in the form of
legal consultation or representation. You should furnish an interim
response by [agreed- upon date], including matters that existed as of
September 30, 20X1, and from that date through at least [interim date].
You should furnish an updated response by [agreed- upon date], that is
effective no earlier than [agreed- upon date], that includes any changes
from the interim response or furnish a statement that there are no
changes.

Reporting 1002 B * Example Legal Letter Request April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 1002 B- 2 Include any cases with
respect to which you have been engaged and to which you have devoted
substantive attention on behalf of the [entity] in the form of legal
consultation or representation, even those cases for which you believe the
Judgment Fund or some financing source other than [entity] 's budgetary
resources will pay any potential loss. Under generally accepted accounting
principles, these amounts should be included as liabilities or disclosure
items in the [entity] 's financial statements. Cases similar in nature
should be aggregated where appropriate. It would be helpful if you could
list the matters in order of the amount of potential loss, starting with
the largest. Pending or Threatened Litigation (excluding unasserted
claims)

We and [Auditor] have determined that any matters for which the amount of
potential loss exceeds $XX, individually or in the aggregate, could be
material to the financial statements. Please provide to [Auditor] the
information described below about pending or threatened litigation where
the amount of potential loss exceeds $XX:

1. The nature of the matter. Include a description of the case or cases
and amount claimed, if specified. 2. The progress of the case to date. 3.
The government's response or planned response (for example, to contest the

case vigorously or to seek an out- of- court settlement). 4. An evaluation
of the likelihood of unfavorable outcome. Please categorize

likelihood as probable (an unfavorable outcome is likely to occur),
reasonably possible (the chance of an unfavorable outcome is less than
probable but more than remote), or remote (the chance of an unfavorable
outcome is slight). 5. An estimate of the amount or range of potential
loss, if one can be made, for

losses considered to be probable or reasonably possible. 6. The name of
the [entity] 's legal counsel handling the case and names of any

outside legal counsel/ other lawyers representing or advising the
government in the matter (Department of Justice or outside law firms).

Unasserted Claims and Assessments

[If legal counsel is a part of management use this paragraph.] Please
provide the following information for all unasserted claims and
assessments that you consider to be probable of assertion and which, if
asserted, would have at least a reasonable possibility (more that remote)
of an unfavorable outcome in an amount over $XX, individually or in the
aggregate, involving matters to which you have devoted substantive
attention.

[If the legal letter request will be sent to a legal counsel that is not
part of management, such as an outside legal counsel, use this paragraph.]
We have

Reporting 1002 B * Example Legal Letter Request April 2003 GAO/ PCIE
Financial Audit Manual - Part II Page 1002 B- 3 provided an attachment to
this request that lists the unasserted claims and assessments that we
believe are probable of assertion and which, if asserted, would have at
least a reasonable possibility (more than remote) of an unfavorable
outcome in an amount over $XX, individually or in the aggregate, involving
matters to which you have devoted substantive attention. Please provide
the following information for each matter and for any additional matters
that you believe meet these criteria.

1. A description of the nature of the matter. 2. The government's planned
response if the claim is asserted. 3. An evaluation of the likelihood of
an unfavorable outcome. (Categorize

likelihood as probable (likely to occur) or reasonably possible (less than
probable but more than remote).) 4. An estimate of the amount or range of
potential loss, if one can be made.

Please specifically confirm to [Auditor] that our understanding of the
following is correct: Whenever, in the course of performing legal services
for us, with respect to a matter recognized to involve an unasserted
possible claim or assessment that may call for financial statement
disclosure, if you have formed a professional conclusion that we should
disclose or consider disclosure concerning such possible claim or
assessment, as a matter of professional responsibility to us, you will (1)
advise us of your conclusion and (2) consult with us concerning the
question of such disclosure and the applicable requirements of SFFAS No.
5, as amended.

Please separately identify any cases with respect to which you have been
engaged and to which you have devoted substantive attention on behalf of
the [entity] in the form of legal consultation or representation for which
you believe another government entity will be responsible for any
potential liability.

Please specifically identify the nature of and reasons for any limitations
on your response to this request. Please address your reply to [Auditor],
and contact him/ her at (phone number),

when your reply is available for pick up, and send a copy of your reply to
me. Do not hesitate to contact me or [Auditor] if you have any questions
about this request.

[This page intentionally left blank.]

Reporting 1002 C * EXAMPLE LEGAL REPRESENTATION

LETTER

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 1002 C- 1
[General Counsel Letterhead]

[Date] [Auditor] [Title] [Agency or Firm Name] [City]

Subject: Legal Response in Connection with the Fiscal Years 20X1 and 20X0
Financial Statement Audits of [entity name] Dear [Auditor]:

As General Counsel of [entity], I am writing in response to the legal
letter request from the [entity] 's Chief Financial Officer (CFO) dated
[date], in connection with the audit of [entity] 's financial statements
as of and for the fiscal years ended September 30, 20X1 and 20X0. [In an
interim response, add "I will, as further requested by the CFO, provide an
updated response by [date]."] I call your attention to the fact that as
General Counsel for [entity], I have general

supervision of [entity] 's legal affairs. [If the general legal
supervisory responsibilities of the person signing the letter are limited,
set forth a clear description of those legal matters over which such
person exercises general supervision, indicating exceptions to such
supervision and situations where primary reliance should be placed on
other sources.] In such capacity, I have reviewed litigation and claims
threatened or asserted involving [entity] and have consulted with outside
legal counsel about them when I have deemed appropriate.

Subject to the foregoing and to the last paragraph of this letter, I
advise you that since [insert date of beginning of fiscal year period
under audit] neither I, nor any of the lawyers over whom I exercise
general legal supervision, have given substantive attention to, or
represented [entity] in connection with loss contingencies [over the
amount of (state materiality level agreed to with auditor

and stated in request letter)] coming within the scope of clause (a) of
Paragraph 5 of the Statement of Policy referred to in the last paragraph
of this letter, except as follows:

[Describe litigation and claims that fit the foregoing criteria as follows
(it is recommended that general counsels use the attached Department of
Justice forms

Reporting 1002 C * Example Legal Representation Letter April 2003 GAO/
PCIE Financial Audit Manual - Part II Page 1002 C- 2 (one for pending or
threatened litigation, another for unasserted claims) to describe the
cases):] 1 Pending or Threatened Litigation (excluding unasserted claims)
1. Nature of the matter (include a description of the case or cases and
amount claimed, if specified).

2. Progress of the case to date. 3. Current or intended response. 4.
Evaluation of the likelihood of an unfavorable outcome (categorize
likelihood

as probable, reasonably possible, or remote). 5. Estimated amount or range
of potential loss, if determinable, for losses considered to be probable
or reasonably possible. 6. Name of [entity] 's legal counsel handling the
case and names of any outside

legal counsel representing or advising the government in the matter. With
respect to matters that have been specifically identified as contemplated
by clauses (b) or (c) of paragraph 5 of the ABA Statement of Policy, I
advise you, subject to the last paragraph of this letter, as follows:

Unasserted Claims and Assessments (considered to be probable of assertion
and which, if asserted, would have at least a reasonable possibility of an
unfavorable outcome) 1. Nature of the matter.

2. Intended response if claim would be asserted. 3. Evaluation of the
likelihood of an unfavorable outcome. (Categorize

likelihood as probable or reasonably possible.) 4. Estimated amount or
range of potential loss, if determinable.

The information set forth herein is [( as of the date of this letter) or
(as of (insert date), the date on which we commenced our internal review
procedures for purposes of preparing this response)], except as otherwise
noted. [If an interim response, add "Upon submission of the updated
response, which is due on [date],"] I disclaim any undertaking to advise
you of changes that, thereafter, may be brought to my attention or the
attention of our lawyers over whom I exercise general legal supervision.

This response is limited by, and in accordance with, the ABA Statement of
Policy Regarding Lawyers' Responses to Auditors' Requests for Information
(December 1975); without limiting the generality of the foregoing, the
limitations set forth in such statement on the scope and use of this
response (Paragraphs 2 and 7) are specifically incorporated herein by
reference, and any description herein of any

1 It is expected that cases or matters will be aggregated where
appropriate.

Reporting 1002 C * Example Legal Representation Letter April 2003 GAO/
PCIE Financial Audit Manual - Part II Page 1002 C- 3 "loss contingencies"
is qualified in its entirety by Paragraph 5 of the statement and the
accompanying commentary (which is an integral part of the statement).
Consistent with the last sentence of Paragraph 6 of the ABA Statement of
Policy, this will confirm as correct [entity] 's understanding that
whenever, in the course of performing legal services for [entity] with
respect to a matter recognized to

involve an unasserted possible claim or assessment that may call for
financial statement disclosure, I have formed a professional conclusion
that the entity must disclose or consider disclosure concerning such
possible claim or assessment, I, as a matter of professional
responsibility to [entity], will so advise [entity] and will consult with
[entity] concerning the question of such disclosure and the applicable
requirements of Statement of Federal Financial Accounting Standards
(SFFAS) Number 5, Accounting for Liabilities of the Federal Government, as
amended by SFFAS Number 12, and Interpretation Number 2 of SFFAS Numbers 4
and 5. [Describe any other or additional limitation as indicated by
Paragraph 4 of the statement.]

Sincerely yours, _______________________________________ [Name of General
Counsel] [Title]

cc: Chief Financial Officer

Reporting 1002 C * Example Legal Representation Letter April 2003 GAO/
PCIE Financial Audit Manual - Part II Page 1002 C- 4

SUGGESTED DEPARTMENT OF JUSTICE FORM PENDING OR THREATENED LITIGATION
AGENCY/ COMPONENT: _____________________________ Amount of potential loss
exceeds the agency/ component materiality

threshold of: _____________________________ 1. Case name. (Include case
citation, case number, and other names by

which the case or group of cases is commonly known.) 2. Nature of matter.
(Include a description of the case or cases and

amount claimed, if specified.) 3. Progress of the case. 4. The
government's response or planned response. (For example, to contest the
case vigorously or to seek an out- of- court settlement.) 5. An evaluation
of the likelihood of unfavorable outcome. (Choose one.) _______ PROBABLE *
An unfavorable outcome is likely to occur. _______ REASONABLY POSSIBLE *
the chance of an unfavorable outcome is less than probable but more than
remote. _______ REMOTE * the chance of an unfavorable outcome is slight.

6. An estimate of the amount or range of potential loss (if one can be
made, for losses considered to be probable or reasonably possible).

Reporting 1002 C * Example Legal Representation Letter April 2003 GAO/
PCIE Financial Audit Manual - Part II Page 1002 C- 5

7. The name and phone number of the government attorney handling the case
(and names and phone numbers of any outside legal counsel/ other lawyers
representing or advising the government in the matter.) 8. The sequence
number (based on the total number of pending or

threatened cases in litigation, claims, and assessments the agency/
component is submitting. e. g., Number ___ of ___) (#) (total)

Reporting 1002 C * Example Legal Representation Letter April 2003 GAO/
PCIE Financial Audit Manual - Part II Page 1002 C- 6

SUGGESTED DEPARTMENT OF JUSTICE FORM UNASSERTED CLAIMS AND ASSESSMENTS
AGENCY/ COMPONENT: _____________________ Amount of Potential Loss Exceeds
the agency/ component materiality threshold of: _____________________

1. Name of Matter. (Include name by which the matter is commonly known.)
2. Nature of the Matter. (Include a description of the matter.) 3. The
Government's Planned Response (if the claim is asserted). 4. An Evaluation
of the likelihood of Unfavorable Outcome. (Choose one.) _______ PROBABLE *
(An unfavorable outcome is likely to occur.)

_______ REASONABLY POSSIBLE * (the chance of an unfavorable outcome is
less than probable but more than remote.)

5. An Estimate of the Amount or Range of Potential Loss (if one can be
made, for losses considered to be probable or reasonably possible).

6. The Name and phone number of the Government Attorney Handling the
Matter (and names and phone numbers of any outside legal counsel/ other
lawyers representing or advising the government in the matter).

7. The Sequence Number (based on the total number of Unasserted Claims and
Assessments the agency/ component is submitting. e. g., Number ___ of
____). (#) (total)

Reporting 1002 D - Example Management Summary Schedule

Management should prepare this schedule (or equivalent) summarizing the
information contained in the legal letters. In particular, management
should conclude as to the likelihood of loss about each case to determine
whether an amount should be recorded in

the financial statements and/ or if note disclosure is necessary for the
financial statements to conform with GAAP. Although most information comes
directly from the legal letter, the financial staff should add the
information in the last two columns

to indicate the disposition of each case in the financial statements.

Management's Schedule of Information Contained in Legal Letter Responses
for Financial Reporting Purposes

Amounts in thousands

1 2 3 4 5 6 7 (a) P (b) R/ P (c) Upper Amt. recorded Note disclosure

**** insert rows here as necessary**** *** insert rows here as
necessary*** *** insert rows here as necessary***

TOTALS - $ - $ - $ - $ - $ - $ Guidance for Preparation:

1. Matters should be listed on this schedule in order of the amount or
range of potential loss, starting with the largest. 2. The level of
aggregation should generally be at the same level as in the general
counsel's letter. However, there may be instances

where the level of aggregation is too high to be able to prepare this
schedule in a way that is meaningful. In such cases, the CFO should work
with legal counsel to provide further disaggregation of dissimilar cases.
There may also be other instances in which a

higher level of aggregation is desirable. CFOs should use professional
judgment, considering the purpose of this schedule when determining the
level of aggregation.

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 1002 D- 1

Reference key

Amount claimed

Name of case/ related cases

Likelihood of loss

Amount or range of potential l

oss Disposition in

financial statements

Reporting 1002 D - Example Management Summary Schedule

Column: 1

Reference key:

Page number of legal representation letter obtained from General Counsel
discussing the case, or other reference information.

2 Amount claimed:

Amount claimed in the litigation, claim, or assessment (if specified)

3 Name of case or related cases:

Where appropriate, provide name of case or aggregated cases which meet
materiality threshold.

4 Likelihood of loss:

Indicate management's evaluation of the likelihood of loss on individual
or aggregated cases. Options:

P:

probable (loss likely to occur);

R/ P:

reasonably possible (the chance of loss is less than probable, but more
than remote); or

R:

remote (the chance of loss is slight).

5 Amount or range of potential loss:

Options:

5a:

Probable (P) -- Provide single estimate or lower end of range, if known.
Enter "U" if unknown. (Also provide column totals.)

5b:

Reasonably possible (R/ P) -- Provide single estimate or lower end of
range, if provided. Enter "U" if unknown. Also provide column totals.

5c:

If amounts in P or R/ P are ranges, provide upper end of range; otherwise,
enter "n/ a."

6 Disposition in financial statements - amount recorded:

If applicable, provide corresponding dollar amount recorded as a liability
in the financial statements. (Also provide column totals.)

7 Disposition in financial statements - note disclosure:

If applicable, indicate by note reference number where case information is
separately disclosed or included in amounts disclosed in notes to the
financial statements.

(Also provide column totals.) April 2003 GAO/ PCIE Financial Audit Manual
- Part II Page 1002 D- 2

Reporting 1006 - RESERVED

April 2003 GAO/ PCIE Financial Audit Manual - Part II Page 1006- 1 [For
related parties, see FAM section 902]

[This page intentionally left blank.]

GLOSSARY April 2003 GAO/ PCIE Financial Audit Manual Glossary- 1

Accountability report An agency*s accountability report integrates the (1)
Federal Managers* Financial Integrity Act (FMFIA) Report; (2) Chief
Financial Officers* (CFO) Act Annual Report, including audited financial
statements; (3) Management*s Report on Final Action as required by the
Inspector General Act; (4) the Debt Collection Improvement Act, Civil
Monetary Penalty Act and Prompt Payment Act reports; and (5) available

information on agency performance compared with the agency*s stated goal
and objectives. Accounting

applications The procedures and records used to identify, record, process,
summarize, and report a class of trans

actions. Common accounting applications are (1) billings, (2) accounts
receivable, (3) cash receipts, (4) purchasing and receiving, (5) accounts
payable,

(6) cash disbursements, (7) payroll, (8) inventory control, and (9)
property and equipment.

Accounting system The methods and records established to identify,
assemble, analyze, classify, record, and report an entity's transactions
and to maintain accountability for the related assets and liabilities.
Activity In cost accounting, an activity is the actual work task or step
performed in producing and delivering

products and services. An aggregation of actions performed within an
organization that is useful for purposes of activity- based costing.

Analytical procedures The comparison of recorded account balances with
expectations developed by the auditor, based on an analysis and
understanding of the relationships between the recorded amounts and other
data, to form a conclusion on the recorded amount. A basic

premise underlying the application of analytical procedures is that
plausible relationships among data may reasonably be expected to continue
unless there

are known conditions that would change the relationships.

Glossary April 2003 GAO/ PCIE Financial Audit Manual Glossary- 2

Annual financial statement As defined by OMB, the annual financial
statement comprises

an overview of the reporting entity (or Management*s Discussion and
Analysis, MD& A),

the financial statements and related notes,

required supplementary stewardship information,

required supplementary information, and

other accompanying information.

Application controls Management*s control activities that are incorporated
directly into individual computer applications to provide reasonable
assurance of accurate and reliable procession. Application controls
address (1) data input, (2) data processing, and (3) data output.

FISCAM categories of application controls that more closely tie into the
FAM methodology are (1) authorization control, (2) completeness control,
(3) accuracy control, and (4) control over integrity of processing and
data files. Appropriation The most common form of budget authority; an

authorization by an act of the Congress that permits federal agencies to
incur obligations and to make payments out of the Treasury for specified
purposes. Appropriations do not represent cash actually set aside in the
Treasury for purposes specified in the

appropriation acts. They represent limitations of amounts that agencies
may obligate during the period specified in the appropriation acts.

Assertions Management's representations that are embodied in the account
balance, transaction class, and disclosure components of the financial
statements. The primary assertions (described in paragraph 235.02) are

Existence or occurrence

Completeness

Rights and obligations Valuation or allocation

Presentation and disclosure

Glossary April 2003 GAO/ PCIE Financial Audit Manual Glossary- 3

Assessing control risk The process of evaluating the effectiveness of an
entity's internal control in preventing or detecting misstatements in
financial statement assertions.

Assurance, level of The complement of audit risk, which is an auditor
judgment. This is not the same as confidence level, which relates to an
individual sample.

Attributes sampling Statistical sampling that reaches a conclusion about
the population in terms of a rate of occurrence.

Audit risk The overall risk that the auditor may unknowingly fail to
appropriately modify his or her opinion on financial statements that are
materially misstated. This is an auditor judgment.

Back door authority Any type of budget authority that is provided by
legislation outside the normal appropriations process. (See contract
authority.)

Base data Data used to develop the expectation in an analytical procedure.

Borrowing authority Statutory authority that permits obligations to be
incurred but requires that funds be borrowed to liquidate the obligations
(see title 7 of the GAO Policies and Procedures Manual for Guidance of
Federal

Agencies). Usually, the amount that may be borrowed and the purposes for
which the borrowed funds must be used are stipulated by the authorizing
statute.

Borrowing authority sometimes is referred to as back door authority.

Glossary April 2003 GAO/ PCIE Financial Audit Manual Glossary- 4

Budget authority Authority provided by law (1) to enter into obligations
that will result in immediate or future outlays involving government funds
or (2) to collect offsetting receipts (2 U. S. C. 622( 2)). The Congress
provides an entity with budget authority and may place restrictions on the
amount, purpose, and timing of the obligation or expenditure of such
authority. The three forms of budget authority are

appropriations borrowing authority

contract authority

Budget controls Management's policies and procedures to manage and control
the use of appropriated funds and other forms of budget authority. (These
are considered part of

financial reporting and compliance controls.)

Budget functional classification A way of grouping budgetary resources so
that all budget authority and outlays of on- budget and off budget federal
entities and tax expenditures can be presented according to national needs
being addressed. To the extent feasible, functional classifications are
made without regard to entity or organizational distinctions.

Case study See nonsampling selection.

Cause and effect basis In cost accounting, a way to group costs into cost
pools in which an intermediate activity may be a link between the cause
and the effect.

Classical probability proportional to size sampling A sampling approach
where the sample is selected proportional to the size (usually dollar
amount) of an item and the evaluation is performed using variables methods
(not dollar unit sampling).

Classical variables estimation sampling A sampling approach that measures
precision using

the variation of the underlying characteristic of interest. This method
includes mean per unit sampling, difference estimation, ratio estimation,
and regression estimation.

Glossary April 2003 GAO/ PCIE Financial Audit Manual Glossary- 5

Closed account A budget account for which the expired budget authority has
been canceled.

Combined precision A judgment of precision for all tests in the audit.
Used at the end of the audit to evaluate the results of all tests.

Combined risk The auditor*s judgment of the combined inherent and control
risk (high, moderate, or low); the risk that the financial statements
contain material misstatements before audit. Common data source In cost
accounting, this includes all financial and nonfinancial

data, such as environmental data, that are necessary for budgeting and
financial reporting, as well as evaluation and decision information
developed as a result of prior reporting and feedback.

Compliance control A process, effected by management and other personnel,
designed to provide reasonable assurance that transactions are executed in
accordance with (1) laws governing the use of budget authority and other
laws and regulations that could have a direct and material effect on the
financial statements or

required supplementary stewardship information and (2) any other laws,
regulations, and governmentwide policies identified in OMB audit guidance.

Compliance tests Tests to obtain evidence on the entity's compliance with
significant laws and regulations.

Confidence interval The projected misstatement or point estimate plus or
minus precision at the desired confidence level.

Confidence level The probability associated with the precision; the
probability that the true misstatement is within the confidence interval.
This is not the same as level of assurance.

Glossary April 2003 GAO/ PCIE Financial Audit Manual Glossary- 6

Contingency An existing condition, situation, or set of circumstances
involving uncertainty as to possible gain or loss.

Contract authority Statutory authority that permits obligations to be
incurred before appropriations or in anticipation of receipts to be
credited to a revolving fund or other

account (offsetting collections). By definition, contract authority is
unfunded and must subsequently be funded by an appropriation to liquidate
the obligations incurred under the contract authority or by the collection
and use of receipts.

Control environment A component of internal control, in addition to risk
assessment, monitoring, information and communication, and control
activities. The control environment sets the tone of an organization,
influencing the control consciousness of its people. It is the foundation
for all other components of internal

control, providing discipline and structure. The control environment
represents the collective effect of various factors on establishing,
enhancing, or mitigating the effectiveness of specific control activities.
Such factors include (1) integrity and ethical values, (2) commitment to
competence, (3) management's philosophy and operating style, (4)
organizational structure, (5) assignment of authority and responsibility,
(6) human resource policies and practices, (7) control methods over budget
formulation and execution, (8) control methods over compliance with laws
and regulations, and (9) oversight groups.

Control risk The risk that a material misstatement that could occur in an
assertion will not be prevented or detected on a timely basis by the
entity's internal controls (classified as high, moderate, or low). This is
an auditor judgment.

Glossary April 2003 GAO/ PCIE Financial Audit Manual Glossary- 7

Control activities (techniques) A component of internal control, in
addition to the control environment, risk assessment, monitoring, and
information and communication. The policies and procedures that help
ensure that management directives are carried out.

Control tests Tests of a specific control activity to assess its
effectiveness in achieving control objectives.

Core financial management system (CFMS) As developed by JFMIP, a system
that consists of six

functional areas: general ledger management, funds management, payment
management, receivable management, cost management, and reporting, and
affects all financial event transaction processing because it maintains
reference tables used for editing and classifying data, controls
transactions, and maintains security.

Cost The monetary value of resources used or sacrificed or liabilities
incurred to achieve an objective, such as to acquire or produce a good or
to perform an activity or service.

Costing methodology Methodology for accumulating the costs of resources
that directly or indirectly contribute to the production of outputs and
assigning those costs to outputs. Department (per FASAB Interpretation No.
6)

Any department, agency, administration, or other financial reporting
entity (see SFFAC No. 2) that is not part of a larger financial reporting
entity other than the government as a whole. Used in distinguishing inter-
and intradepartmental activity and balances.

Design materiality The portion of planning materiality that the auditor
allocates to line items or accounts. This amount should be the same for
all line items or accounts (except for certain offsetting balances as
discussed in

paragraph 230.10). The auditor should set design materiality for the audit
as one- third of planning materiality. (See discussion in paragraph
230.12.)

Glossary April 2003 GAO/ PCIE Financial Audit Manual Glossary- 8

Detection risk The risk that audit procedures will not detect a material
misstatement that exists in the financial statements. The auditor
determines the desired detection risk based on combined risk and audit
risk. (In statistical terms, beta risk or type II risk.)

Errors Unintentional misstatements or omissions of amounts or disclosures
in financial statements.

Expectation The auditor's estimate of an account balance in an analytical
procedure.

Expected misstatement The dollar amount of misstatements the auditor
expects in a population.

Expired account A budgetary account in which the balances are no longer
available for incurring new obligations because the time available for
incurring such obligations has expired. After 5 years, these accounts are
canceled and are then considered to be closed accounts. Federal financial

management systems requirements One of the three requirements of FFMIA.
They

include the requirements of OMB Circulars A- 127, A- 123, and A- 130 and
the JFMIP Federal Financial Management Systems Requirements series.

Financial reporting control A process, effected by management and other
personnel, designed to provide reasonable assurance that transactions are
properly recorded, processed, and summarized to permit the preparation of
the financial statements and required supplementary stewardship
information in accordance with GAAP, and that assets are safeguarded
against loss from unauthorized acquisition, use, or disposition.

Glossary April 2003 GAO/ PCIE Financial Audit Manual Glossary- 9

Financial statements (also called principal statements) The components of
a federal entity's annual financial

statement (also referred to as the Accountability report), which are

Balance Sheet

Statement of Net Cost

Statement of Changes in Net Position

Statement of Budgetary Resources

Statement of Financing

Statement of Custodial Activity (if applicable)

Related Notes

Fraud Although fraud is a broad legal concept, the auditor is interested
in fraudulent acts that cause a material misstatement of financial
statements. Fraud is distinguished from error because fraud is intentional
whereas error is unintentional. Two relevant types of misstatements are
those arising from fraudulent financial reporting and those arising from
misappropriation of assets.

Fraudulent financial reporting Intentional misstatements or omissions of
amounts or

disclosures in financial statements to deceive financial statement users.
This may involve acts such as manipulation, falsification, or alteration
of accounting records or supporting documents; misrepresentation or
intentional omission of events, transactions, or other significant
information in the financial statements; or intentional misapplication of
accounting principles relating to amounts, classification, manner of
presentation, or disclosure.

Full cost In cost accounting, the sum of all costs required by a cost
object including the costs of activities performed by other entities
regardless of funding sources.

Fund Balance with Treasury account (FBWT) An asset account representing
the unexpended

spending authority in agencies' appropriations. Also serves as a mechanism
to prevent agencies' disbursements from exceeding appropriated amounts.

Glossary April 2003 GAO/ PCIE Financial Audit Manual Glossary- 10

General controls Management*s policies and procedures that apply to an
entity*s overall computer operations and that create the environment in
which application controls and certain user controls (which are control
activities) operate. They are classified in the FISCAM as (1) entitywide
security management program, (2) access control, (3) application software
development and change control, (4) system software, (5) segregation of
duties, and (6) service continuity control.

Generally accepted accounting principles (GAAP)

The accounting principles that the entity should use. For federal
executive agencies, these are federal accounting standards following the
hierarchy listed in SAS 91. The standards issued by FASAB are the first
level of the hierarchy. For government corporations, generally accepted
accounting principles are commercial generally accepted accounting
principles issued by FASB. Haphazard sample A sample consisting of
sampling units selected

without any conscious bias, that is, without any special reason for
including or omitting items from the sample. It does not consist of
sampling units selected in a careless manner, but is selected in a manner
that can be expected to be representative of the population. Information
and

communication A component of internal control in addition to the control
environment, risk assessment, monitoring, and

control activities. The identification, capture, and exchange of
information in a form and time frame that enable people to carry out their
responsibilities. The accounting system and accounting manuals are
examples of this component.

Information systems (IS) auditor A person with specialized technical
knowledge and

skills who can understand the IS concepts discussed in the manual and
apply them to the audit.

Glossary April 2003 GAO/ PCIE Financial Audit Manual Glossary- 11

IS controls Controls whose effectiveness depends on computer processing,
including general, application, and user controls (described in section
295 F).

Inherent risk The susceptibility of an assertion to a material
misstatement, assuming there are no related specific control activities.
This is an auditor judgment.

Interdepartmental amounts

Activity and balances between two different departments. (See department.)
The intradepartmental and interdepartmental amounts are subsets of
intragovernmental activity and balances.

Interentity Activities or balances between two or more agencies,
departments, or bureaus. (See inter- and intradepartmental.)

Internal control A process, effected by an entity's management and other
personnel, to provide reasonable assurance that the entity's specific
objectives are achieved.

Following are the types of internal controls:

financial reporting (including safeguarding and budget)

compliance (including budget)

operations Intradepartmental amounts

Activity and balances within the same department. (See department.) The
intradepartmental and interdepartmental amounts are subsets of
intragovernmental activity and balances.

Intragovernmental amounts

Activity and balances occurring within or between federal departments.
Intragovernmental Payment and Collection System (IPAC) The primary method
used by most federal agencies to

electronically bill and/ or pay for services and supplies within the
government. Used to communicate to the Treasury and the trading partner
agency that the online billing and/ or payment for services and supplies
has occurred.

Glossary April 2003 GAO/ PCIE Financial Audit Manual Glossary- 12

Joint Financial Management Improvement Program (JFMIP) The joint
undertaking of the U. S. Department of the

Treasury, the U. S. General Accounting Office, the Office of Management
and Budget, and the Office of Personnel Management to improve financial
management in the federal government. The source of governmentwide
requirements for financial

management systems software functionality that describes the basic
elements of an integrated financial management system (including the core
financial system).

Judgment fund A permanent and indefinite appropriation that is available
to pay final judgments, settlement agreements, and certain types of
administrative awards against the United States when payment is not
otherwise provided for. The Secretary of the Treasury certifies all
payments from the fund.

Known misstatement The amount of misstatement found by the auditor.

Likely misstatement The auditor's best estimate of the amount of the
misstatement in the tested population (including known misstatement). For
sampling applications, this amount is the projected misstatement. Limit
Used in performing substantive analytical procedures,

the limit is the amount of difference between the expectation and the
recorded amount that the auditor will accept without investigation.
Therefore, the auditor should investigate amounts that exceed the limit
during analytical procedures.

Materiality The magnitude of an item's omission or misstatement in a
financial statement that, in the light of surrounding circumstances, makes
it probable that the judgment of a reasonable person relying on the
information would have been changed or influenced by the inclusion or
correction of the item (FASB Statement of Financial Concepts No. 2). See
planning materiality, design materiality, and test materiality.

Glossary April 2003 GAO/ PCIE Financial Audit Manual Glossary- 13

Misappropriation of assets Theft of an entity's assets causing the
financial

statements not to be presented in conformity with GAAP.

Monitoring A component of internal control in addition to the control
environment, risk assessment, information and communication, and control
activities. The process by which management assesses internal control
performance over time. It may include ongoing activities, separate
evaluations, or a combination of both.

Multipurpose testing Performing several tests, such as control tests,
compliance tests, and substantive tests, on a common selection, usually a
sample.

Nonsampling selection A selection of items to reach a conclusion only on
the items selected. Sometimes called a case study, the auditor using a
nonsampling selection may not project the results to the population, but
should be satisfied

that there is a low risk of material misstatement in the untested items.
Obligation ceiling A limit set by the Congress on the amount of
obligations and expenditures the entity may incur

even though the budget authority (such as an appropriation) is greater
than this limit.

Offsetting collections Collections of a business- or market- oriented
nature and intragovernmental transactions. If, pursuant to law, they are
deposited to receipts accounts and are available for obligation, they are
considered budget authority and referred to as offsetting receipts.
Contract authority and immediate availability of offsetting receipts for
use are the usual forms of budget authority for revolving funds.

Operations controls Management's policies and procedures to carry out
organizational objectives, such as planning, productivity, programmatic,
quality, economy, efficiency, and effectiveness objectives.

Glossary April 2003 GAO/ PCIE Financial Audit Manual Glossary- 14

Output Any product or service generated from the consumption of resources.
This can include information generated by the completion of a task or
activity.

Overall analytical procedures Analytical procedures performed as an
overall financial statement review during the audit reporting phase.

Performance measures controls Policies and procedures management uses to
assure

data that support performance measures reported in the MD& A of the
Accountability report are properly recorded, processed, and summarized to
permit preparation of performance information in accordance with criteria
stated by management.

Planning materiality The auditor's judgment of the total amount of
misstatements that would be material in relation to the financial
statements to be audited; used for planning the audit scope. The auditor
determines an appropriate base (usually the greater of assets,
liabilities, revenues, or expenses); then the auditor multiplies by a
percent, usually 3 percent.

Point estimate Most likely amount of the population characteristic based
on the sample.

Population The items comprising a financial statement line item, account
balance, or class of transactions from which selections are made for audit
testing.

Precision The difference between the point estimate and the upper or lower
limit. Thus, precision tells the auditor how close the point estimate
could be from the true population amount.

Preliminary analytical procedures Analytical procedures performed during
the audit planning phase.

Principal statements See financial statements.

Glossary April 2003 GAO/ PCIE Financial Audit Manual Glossary- 15

Probable The chance of the future confirming event( s) occurring is
likely, for pending or threatened litigation and unasserted claims. (For
other contingencies, the future event or events are more likely than not
to occur.)

Projected misstatement An estimate of the misstatement in a population,
based on the misstatements found in the examined sample items; represents
misstatements that are probable. The projected misstatement includes the
known misstatement. Providing agency The agency providing services,
products, goods,

transfer funds, investments, debt, and/ or incurring the reimbursable
costs. This includes bureaus, departments, and/ or programs within
agencies. The providing agency is the seller. The providing agency is the
agency transferring out funds to another agency (transfers- out) when
appropriations are transferred without the exchange of goods or services.

Random sample A sample selected so that every combination of the same
number of items in the population has an equal chance of selection. A
random sample should be selected by using computer software or a random
number table. A systematic sample with a random start, although not
technically meeting the definition,

may generally be evaluated as if it were a random sample.

Reasonably possible The chance of the future event or events occurring is
more than remote but less than probable.

Receiving agency The agency receiving services, products, goods, transfer
funds, purchasing investments, and/ or borrowing from Treasury (or other
agency). This includes bureaus, departments, and/ or programs within
agencies. The receiving agency is the

purchaser. The receiving agency is the agency receiving transfers of funds
(transfers in) when appropriations are transferred without the exchange of
goods or services.

Glossary April 2003 GAO/ PCIE Financial Audit Manual Glossary- 16

Reciprocal accounts Corresponding SGL accounts that should be used by a
providing and receiving agency to record like intragovernmental
transactions. For example, the providing entity's accounts receivable
would normally be reconciled to the reciprocal account, accounts payable,
on the receiving entity's records.

Recorded amount The financial statement amount being tested by the auditor
in the specific application of substantive tests.

Reimbursable activity In intragovernmental activity, similar to goods or
services, except the amounts billed to the receiving entity by the
providing entity are based on actual costs incurred instead of on fees.

Related parties Affiliates, management of the entity, their immediate
families, and other parties the entity deals with if one party controls or
can significantly influence the management or operating policies of the
other to an extent that one of the parties might be prevented from fully
pursuing its own separate interests.

Remote The chance of the future event or events occurring is slight.

Responsibility segment In cost accounting, a significant organizational,
operational, functional, or process component that has the following
characteristics: (a) its manager

reports to the entity's top management, (b) it is responsible for carrying
out a mission, performing a line of activities or services, or producing
one or a group of products, and (c) for financial reporting and cost
management purposes, its resources and results of operations can be
clearly distinguished, physically and operationally, from those of other
segments of the entity.

Risk See audit risk, inherent risk, control risk, detection risk.

Glossary April 2003 GAO/ PCIE Financial Audit Manual Glossary- 17

Risk assessment A component of internal control in addition to the control
environment, monitoring, information and communication, and control
activities. The entity's identification and analysis of relevant risks to
achievement of its objectives, forming a basis for determining how the
risks should be managed.

Safeguarding controls Internal controls to protect assets from loss from
unauthorized acquisition, use, or disposition arising from misstatements
in processing transactions and handling the related assets. Safeguarding
controls are considered part of financial reporting controls. Some
safeguarding controls are operations controls.

Sample Items selected from a population to reach a conclusion about the
population as a whole. (Compare with nonsampling selection.)

Sampling The application of audit procedures to fewer than all items
composing a population to reach a conclusion about the entire population.
The auditor selects sample items in such a way that the sample and its

results are expected to be representative of the population. Each item
must have an opportunity to be selected, and the results of the procedures
performed must be projected to the entire population. Sampling interval
The amount between two consecutive sample items, used in selecting the
items in systematic sampling. In

dollar- unit sampling, this amount may be determined by dividing the test
materiality by a statistical risk factor.

Sampling risk The risk that the auditor's conclusion based on a sample
might differ from the conclusion that would be reached by applying the
test in the same way to the entire population.

Specific control evaluation (SCE) Evaluating the effectiveness of the
design and

operation of specific control activities. This process is documented on
the SCE worksheet.

Glossary April 2003 GAO/ PCIE Financial Audit Manual Glossary- 18

Standard General Ledger (SGL) A uniform chart of accounts and guidance for

standardizing federal agency accounting. Composed of five major sections:
(1) chart of accounts, (2) account descriptions, (3) accounting
transactions,

(4) SGL attributes, and (5) report crosswalks. Prescribed by the
Department of the Treasury in its Treasury Financial Manual. Standard
General

Ledger (SGL) at the transaction level One of the three requirements of
FFMIA.

Implementing the SGL at the transaction level means that the entity's
general ledger is in full compliance with the SGL chart of accounts
descriptions and posting rules, that transactions from feeder systems are
fed into the general ledger following SGL requirements through an
automated or, in certain cases, a manual interface, that detail supporting
these transactions can be traced back to the source transactions in the
feeder systems, and that the feeder systems process transactions
consistent with SGL account descriptions and posting rules. Statistical
sampling Sampling that uses the laws of probability for

selecting and evaluating a sample from a population for the purpose of
reaching a conclusion about the population.

Glossary April 2003 GAO/ PCIE Financial Audit Manual Glossary- 19

Stewardship information

Required supplementary stewardship information includes (1) stewardship
property, plant, and equipment (property owned by the federal government
including: heritage assets [PP& E of historical, natural, cultural,
educational, or artistic significance], national defense PP& E [weapons
systems and vessels], and stewardship land [land

other than that acquired for, or in connection with, general PP& E]), (2)
stewardship investments (items treated as expenses in calculating net cost
but meriting special treatment to highlight their substantial investment
and long- term- benefit nature, including: nonfederal physical property
[grants provided for properties financed by the federal

government but owned by the state and local governments], human capital
[education and training programs financed by the federal government for
the benefit of the public], and research and development [basic and
applied]), (3) stewardship responsibilities (current services assessment
showing receipt and

outlay data on the basis of projections of future activities* required in
the consolidated statements of the U. S. government only* and social
insurance information), and (4) risk- assumed information on insurance and
guarantee programs (generally, the present value of unpaid expected losses
net of associated premiums).

Stratification Separation of a population into what the auditor believes
are relatively homogeneous groups, each of which is referred to as a
stratum, usually to improve sampling efficiency in a classical variables
estimation sample.

Stratified sample A classical variables estimation sample where the
auditor first stratifies the population then selects a random sample from
each stratum.

Substantive analytical procedures Analytical procedures used as
substantive tests.

Glossary April 2003 GAO/ PCIE Financial Audit Manual Glossary- 20

Substantive assurance The auditor*s judgment that the assurance provided
by all substantive tests of an assertion will detect misstatements that
exceed materiality. Not the same as confidence level.

Substantive tests Specific tests to detect material misstatements in an
assertion relating to the account balance, transaction class, and
disclosure components of financial statements.

Suitable criteria In agreed upon procedures engagements, suitable
standards that have the attributes of objectivity, measurability,
completeness, and relevance.

Supplemental analytical procedures Analytical procedures to increase the
auditor's understanding of account balances and transactions when detail
tests are used as the sole source of substantive

assurance.

Systematic sampling A method of selecting a sample in which every nth item
is selected. See random sample.

Test materiality (tolerable misstatement) The maximum misstatement that
the auditor can tolerate in a population. This materiality is used in
determining the extent of a specific substantive test. (In statistical
terms, margin or bound of error.) Test materiality is design materiality,
reduced when

the audit is being performed at some, but not all, entity locations
(requiring increased audit assurance for those locations visited);

the area tested is deemed to be sensitive to the users of the financial
statements; or

the auditor expects to find a significant amount of misstatements

Tolerable misstatement See test materiality.

Glossary April 2003 GAO/ PCIE Financial Audit Manual Glossary- 21

Tolerable rate In attribute sampling for control testing, the maximum rate
of deviation from a prescribed control that the auditor would be willing
to accept without altering the assessment of the effectiveness of the
control. For tests of compliance with laws and regulations, the tolerable
rate is the maximum rate of noncompliance that the auditor would accept in
the population without reporting the noncompliance. (In statistical terms,
margin or bound of error.)

Top stratum item An item in a dollar- unit sample that equals or exceeds
the amount of the sampling interval or implicit sampling interval. Top
stratum items are tested

100 percent.

Trading partner code As assigned by the U. S. Department of the Treasury,
trading partner code is the attribute defined within the accounting for a
transaction used to identify the trading partner entity. The trading
partner code is illustrated next to the SGL account and is a two- digit
number.

Trading partners As defined by the U. S. Department of the Treasury,
trading partners are agencies, bureaus, programs, or other entities
(within or between agencies/ departments) participating in transactions
with each other.

Transfers Funding moved from one entity to another based on an agreement
between the providing entity and the receiving entity

Treasury Financial Manual (TFM) The Treasury Financial Manual (TFM) is
Treasury's

official publication for financial accounting and reporting of all
receipts and disbursements of the federal government. Provides procedures
for federal agencies to account for and reconcile transactions occurring
within and between each other. Includes

procedures for CFO Act agencies to reconcile and confirm with their
trading partners intragovernmental activity and balances.

Glossary April 2003 GAO/ PCIE Financial Audit Manual Glossary- 22

Universe See population.

User controls Manual comparisons of computer output (generally totals) to
source documents or other input (including control totals). Walkthroughs
Audit procedures to help the auditor understand the

actual operation of significant aspects of accounting system processing
and control techniques. Walkthroughs of financial reporting controls
consist of tracing one or more transactions from initiation,

through all processing, to inclusion in the general ledger; observing the
processing and applicable controls in operation; making inquiries of
personnel applying the controls; and examining related documents.

FISCAM has a glossary of IS terms.

ABBREVIATIONS

April 2003 GAO/ PCIE Financial Audit Manual Abbrev- 1

AAPC Accounting and Auditing Policy Committee

ABA American Bar Association

AcSEC Accounting Standards Executive Committee of the AICPA

AICPA American Institute of Certified Public Accountants ALC agency
locator code

ARA Account Risk Analysis AT Reference to Statements on Standards for
Attestation Engagements in the sections of the Codification of Statements
on Auditing Standards AU Reference to Statements on Auditing Standards in
the sections of the Codification of Statements on Auditing Standards AUP
agreed- upon procedures CFO Chief Financial Officer

COSO Committee of Sponsoring Organizations of the Treadway Commission CSRS
Civil Service Retirement System

DUS dollar- unit sampling

DCIA Debt Collection Improvement Act

FACTS Federal Agencies' Centralized Trial Balance System

FAM GAO/ PCIE Financial Audit Manual FASAB Federal Accounting Standards
Advisory Board

FASB Financial Accounting Standards Board

FBWT fund balance with Treasury

Abbreviations

April 2003 GAO/ PCIE Financial Audit Manual Abbrev- 2

FCRA Federal Credit Reform Act FERS Federal Employees' Retirement System

FISCAM Federal Information System Controls Audit Manual

FFMIA Federal Financial Management Improvement Act of 1996

FMFIA Federal Managers' Financial Integrity Act of 1982

FMS Financial Management Service

GAAP generally accepted accounting principles GAAS generally accepted
auditing standards

GAGAS generally accepted government auditing standards

GAO General Accounting Office

G/ L general ledger

GRA General Risk Analysis

IG Inspector General

IPAC Intragovernmental Payments and Collection System

IS Information Systems JFMIP Joint Financial Management Improvement
Program

MD& A management*s discussion and analysis

NTDO Non- Treasury Disbursing Office

OGC Office of General Counsel

OMB Office of Management and Budget

OPM Office of Personnel Management PCIE President*s Council on Integrity
and Efficiency

Abbreviations

April 2003 GAO/ PCIE Financial Audit Manual Abbrev- 3

PP& E property, plant, and equipment RSI required supplementary
information

RSSI required supplementary stewardship information

SAS Statement on Auditing Standards SCE Specific Control Evaluation

SF standard form

SFFAC Statement of Federal Financial Accounting Concepts SFFAS Statement
of Federal Financial Accounting Standards SGL U. S. Government Standard
General Ledger

SSAE Statement on Standards for Attestation Engagements

TFM Treasury Financial Manual

W/ P workpaper

[This page intentionally left blank.] (195006)
*** End of document. ***