Financial Audit Manual: Volume Two, Exposure Draft--October 2007
(01-OCT-07, GAO-08-82G).
The U.S. Government Accountability Office (GAO) and the
President's Council on Integrity and Efficiency (PCIE) maintain
the GAO/PCIE Financial Audit Manual (FAM). The FAM provides
guidance for performing financial statement audits of federal
entities. The FAM is a key tool for enhancing accountability over
taxpayer-provided resources.
-------------------------Indexing Terms-------------------------
REPORTNUM: GAO-08-82G
ACCNO: A77128
TITLE: Financial Audit Manual: Volume Two, Exposure
Draft--October 2007
DATE: 10/01/2007
SUBJECT: Auditing procedures
Auditing standards
Auditors
Audits
Financial statement audits
Federal agencies
Internal auditors
Internal audits
******************************************************************
** This file contains an ASCII representation of the text of a **
** GAO Product. **
** **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced. Tables are included, but **
** may not resemble those in the printed version. **
** **
** Please see the PDF (Portable Document Format) file, when **
** available, for a complete electronic file of the printed **
** document's contents. **
** **
******************************************************************
GAO-08-82G
* [1]GAOHQ-1807469-v5-FAM_601.pdf
* [2]601 - Introduction to Part II - Tools
* [3]GAOHQ-1739135-v5-FAM_650.pdf
* [4]650 - Using the Work of Others
* [5]Types of Reporting
* [6]Evaluating the Other Auditors' or Specialists'
Independence
* [7]Evaluating Other Auditors' or Specialists' Qualifications
* [8]Planning the Review and Testing of Other Auditors' or
Specia
* [9]Review of Audit Documentation
* [10]Discussions and/or Supplemental Tests for a High Level
of Re
* [11]Subsequent Events Review and Dating of the Auditor's
Report
* [12]Staffing the Review of the Other Auditors' or
Specialists' W
* [13]Evaluating the Work of Other Auditors or Specialists
* [14]Documenting the Review of Other Auditors' or
Specialists' Wo
* [15]Using Internal Audit Staff to Provide Direct Assistance
to t
* [16]Using Federal Entity Specialists
* [17]Multiple Levels of Other Auditors
* [18]Reports on Other Auditors' Work
* [19]GAOHQ-1739327-v5-FAM_650_A.pdf
* [20]650 A - Summary of Audit Procedures and Documentation for Re
* [21]GAOHQ-1739338-v5-FAM_650_B.pdf
* [22]650 B - Example Audit Procedures for Using the Work of Other
* [23]1. EVALUATING INDEPENDENCE, OBJECTIVITY, AND
QUALIFICATIONS
* [24]General
* [25]Independence and objectivity:
* [26]Qualifications:
* [27]2. EVALUATING INDEPENDENCE, OBJECTIVITY, AND
QUALIFICATIONS
* [28]Independence And Objectivity:
* [29]Qualifications:
* [30]3. MONITORING THE WORK (FOR ALL TYPES OF OTHER AUDITORS
AND
* [31]GAOHQ-1739466-v5-FAM_650_C.pdf
* [32]650 C - Example Reports when Using the Work of Others
* [33]Example 1 - Transmittal Letters
* [34]Example 2 - Report Concurring with Other Auditors'
Opinion (
* [35]Objectives, Scope, and Methodology
* [36]GAOHQ-1809309-v5-FAM_660.pdf
* [37]660 - Agreed-Upon Procedures
* [38]Written Representations
* [39]Documentation
* [40]Reporting
* [41]Other Report Issues
* [42]GAOHQ-1809352-v5-FAM_660_A.pdf
* [43]660 A - Example Agreed-Upon Procedures Engagement Letter
* [44]Agreed-Upon Procedures for Tax Receipts and Refunds
(Enclosu
* [45]General
* [46]Sampling
* [47]GAOHQ-1809372-v5-FAM_660_B.pdf
* [48]660 B - Example Representation Letter from Responsible Entit
* [49]GAOHQ-1809394-v5-FAM_660_C.pdf
* [50]660 C - Agreed-Upon Procedures Completion Checklist
* [51]SECOND PARTNER'S (OR EQUIVALENT) CONCURRENCE ON
AGREED-UPON
* [52]TECHNICAL ACCOUNTING AND AUDITING EXPERT'S CONCURRENCE
ON AG
* [53]GAOHQ-1809401-v5-FAM_660_D.pdf
* [54]660 D - Example Agreed-Upon Procedures Report
* [55]Procedures
* [56]Results
* [57]GAOHQ-1797774-v5-FAM_701.pdf
* [58]701 - Assessing Compliance of Agency Systems with the Federa
* [59]FFMIA Requirements
* [60]Audit Issues
* [61]GAOHQ-1798018-v5-FAM_701_A.pdf
* [62]701 A - Example Audit Procedures for Testing Compliance with
* [63]III. Testing for Compliance with the Federal� Account
* [64]IV. Testing for Compliance with the SGL
* [65]V. Summary
* [66]GAOHQ-1798482-v5-FAM_701_B.pdf
* [67]701 B - Summary Schedule of Instances of Noncompliance with
* [68]GAOHQ-1813629-v5-FAM_802.pdf
* [69]802 - General Compliance Checklist
* [70]Instructions For General Compliance Checklist
* [71]Other Laws
* [72]Instructions For Compliance Supplements
* [73]Compliance Summary
* [74]Compliance Audit Program
* [75]GAOHQ-1764101-v5-FAM_803_.pdf
* [76]803 - Antideficiency Act
* [77]GAOHQ-1773824-v5-FAM_808.pdf
* [78]808 - Federal Credit Reform Act of 1990
* [79]GAOHQ-1813732-v5-FAM_809.pdf
* [80]809 - Provisions Governing Claims of the U.S. Government (31
* [81]GAOHQ-1773897-v5-FAM_810.pdf
* [82]810 - Prompt Payment Act
* [83]GAOHQ-1773899-v5-FAM_812.pdf
* [84]812 - Pay and Allowance System for Civilian Employees, as Pr
* [85]GAOHQ-1813743-v5-FAM_813.pdf
* [86]813 - Civil Service Retirement Act, 5 U.S.C. Chapter 83
* [87]GAOHQ-1773903-v5-FAM_814.pdf
* [88]814 - Federal Employees Health Benefits Act, 5 U.S.C. Chapte
* [89]GAOHQ-1773905-v5-FAM_816.pdf
* [90]816 - Federal Employees' Compensation Act (FECA), 5 U.S.C. C
* [91]GAOHQ-1773915-v5-FAM_817.pdf
* [92]817 - Federal Employees' Retirement System Act of 1986 (FERS
* [93]GAOHQ-1964524-v5-FAM_902.pdf
* [94]902 - Related Parties, Including Intragovernmental Activity
* [95]Intragovernmental Activity and Balances
* [96]Accounting and Reporting Guidance
* [97]Continuing Issues from Prior Year Audits
* [98]Intragovernmental Payment and Collection (IPAC) System
* [99]Audit Procedures
* [100]Other Related Parties
* [101]Practice Aids
* [102]GAOHQ-1964530-v5-FAM_902_A.pdf
* [103]902 A - Example Account Risk Analysis for Intragovernmental
* [104]Cycles
* [105]GAOHQ-1969301-v5-FAM_902_B.pdf
* [106]902 B - Example Specific Control Evaluation for Intragovernm
* [107]GAOHQ-1964537-v5-FAM_902_C.pdf
* [108]902 C - Example Audit Procedures for Intragovernmental and O
* [109]Audit Procedures for Intragovernmental and Other
Related Par
* [110]I. Planning Phase
* [111]II. Internal Control Phase
* [112]III. Testing Phase
* [113]A. Intragovernmental accounts
* [114]Reconciliation/confirmation (existence,
completeness, valuat
* [115]Reconciliation adjustments and
differences (all intragovernm
* [116]B. Intragovernmental activity and balances
* [117]Cut off test (existence and
completeness)
* [118]C. Control and substantive tests of
details--other related pa
* [119]D. Substantive analytical procedures (FAM
475)
* [120]E. Elimination (existence, completeness, and
valuation)
* [121]IV. Reporting Phase
* [122]GAOHQ-1964541-v5-FAM_903.pdf
* [123]903 - Auditing Cost Information
* [124]The Impact of SFFAS No. 4 and SFFAS No. 30
* [125]Audit Procedures for Financial Statement Opinion
* [126]Federal Financial Management Improvement Act of 1996 (FFMIA)
* [127]Management's Discussion and Analysis (MD&A)
* [128]GAOHQ-1967628-v5-FAM_921.pdf
* [129]921- Auditing Fund Balance with Treasury (FBWT)
* [130]GAOHQ-2010989-v5-FAM_921_A.pdf
* [131]921 A - Treasury Processes and Reports Related to FBWT Recon
* [132]A. Verification of Collections and EFT Disbursements
* [133]Reporting of FBWT accounts activity and balances
* [134]B. Verification of Disbursement Data
* [135]1. Verification of Treasury Disbursement Office
entity disbu
* [136]Reporting of FBWT accounts activity and
balances
* [137]2. Verification of Non-Treasury Disbursing Office
(NTDO) en
* [138]Verification of interagency transactions:
* [139]Verification of checks paid
* [140]Verification of checks issued:
* [141]Reporting of FBWT accounts activity and
balances
* [142]GAOHQ-2011015-v5-FAM_921_B.pdf
* [143]921 B - Example Account Risk Analysis for Fund Balance with
* [144]GAOHQ-2011025-v5-FAM_921_C.pdf
* [145]921 C - Example Specific Control Evaluation for Fund Balance
* [146]GAOHQ-1964543-v5-FAM_931.pdf
* [147]931 - Auditing Heritage Assets and Stewardship Land
* [148]GAOHQ-1964545-v5-FAM_941.pdf
* [149]941 - Auditing the Statement of Social Insurance
* [150]GAOHQ-1773918-v5-FAM_1001.pdf
* [151]1001 - Management Representations
* [152]Representations Relating to the Financial Statements
* [153]General
* [154]Cash
* [155]Financial instruments
* [156]Receivables
* [157]Inventories
* [158]Deferred charges and unearned revenues
* [159]Debt
* [160]Contingencies
* [161]Pension and postretirement benefits
* [162]Sales
* [163]Representations Relating to Internal Control
* [164]Representations Relating to Financial Management
Systems' Su
* [165]Representations Relating to Compliance with Laws and
Regulat
* [166]Effect of Change in Management on Representation Letter
* [167]GAOHQ-1773955-v5-FAM_1001_A.pdf
* [168]1001 A - Example Management Representation Letter
* [169]GAOHQ-1773957-v5-FAM_1002.pdf
* [170]1002 - Inquiries of Legal Counsel
* [171]Accounting and Reporting Guidance
* [172]Audit Procedures
* [173]Timing of Legal Letter Request and Responses
* [174]Determining a Materiality Level
* [175]Legal Counsels from Whom Information Should be
Requested
* [176]Evaluation of Responses
* [177]Possible Limitations on the Scope of Legal Counsel's
Respons
* [178]Lack of Sufficient Opinion on the Resolution of a Case
* [179]Example Legal Letter Request
* [180]Example Legal Counsel's Responses and Management's
Schedule
* [181]Practice Aids
* [182]GAOHQ-1825413-v5-FAM_1002_A.pdf
* [183]1002 A - Example Audit Procedures for Inquiries of Legal Cou
* [184]Example Audit Procedures
* [185]I. Testing Procedures
* [186]Example Audit Procedures
* [187]Example Audit Procedures
* [188]II. Reporting Procedures
* [189]GAOHQ-1773962-v5-FAM_1002_B.pdf
* [190]1002 B - Example Legal Letter Request
* [191]GAOHQ-1773967-v5-FAM_1002_C.pdf
* [192]1002 C - Example Legal Representation Letter
* [193]Pending or Threatened Litigation
* [194](Excluding unasserted claims and assessments, which are
disc
* [195]1002 D - Example Management Summary Schedule
* [196]GAOHQ-2023208-v5-FAM_1003.pdf
* [197]1003 - Financial Statement Audit Completion Checklist
* [198]Instructions
* [199]GAOHQ-1821808-v5-FAM_1005.pdf
* [200]1005 - Subsequent Events Review
* [201]Audit Procedures
* [202]Subsequent Events Review Program --�Audit Procedures
* [203]I. Read Interim Financial Statements
* [204]II. Make Inquiries of Management as to:
* [205]III. Read Minutes
* [206]IV. Cover in Lawyers' Letters
* [207]V. Cover in Management Representation Letter
* [208]VI. Other
October 2007
TO AUDIT OFFICIALS, AGENCY CFOS, AND OTHERS INTERESTED IN FEDERAL
FINANCIAL AUDITING AND REPORTING
This letter transmits the exposure draft of Volume 2 of the Government
Accountability Office (GAO) and the President's Council on Integrity and
Efficiency (PCIE) Financial Audit Manual (FAM) for your review and
comment. The FAM presents a methodology for performing financial statement
audits of federal entities in accordance with professional standards, and
was originally issued in July 2001. We have updated the FAM for
significant changes affecting audits of financial statements in the
federal government since the last major changes to the FAM in July 2004.
To continue to meet the needs of the federal audit community and the
public it serves, GAO and the PCIE created a joint FAM Working Group. The
group comprises auditors from GAO and several offices of the inspectors
general experienced in conducting audits of federal entity financial
statements. Through a highly collaborative effort, the FAM Working Group
prepared the enclosed exposure draft for FAM Volume 2 which contains audit
tools. The exposure draft for FAM Volume 1 is being issued separately. A
new FAM Volume 3 containing checklists for Federal Accounting (FAM 2010)
and Federal Reporting and Disclosures (FAM 2020) was issued on August 24,
2007 (GAO-07-1173G) for use in the fiscal year 2007 audits of federal
financial statements.
Summary of Major Revisions to FAM Volume 2
The exposure draft includes changes based on (1) AICPA Statement of
Auditing Standards (SAS) Nos. 100 through 114, which include the audit
risk standards; (2) Government Auditing Standards (July 2007 edition); (3)
audit guidance in Office of Management and Budget (OMB) Bulletin No.
07-04, Audit Requirements for Federal Financial Statements (September 4,
2007); and (4) financial reporting guidance in OMB Circular No. A-136,
Financial Reporting Requirements (June 29, 2007). The exposure draft also
includes the effects of Federal Accounting Standards Advisory Board
(FASAB) accounting concepts and standards issued through May 31, 2007, on
financial audits, particularly with respect to accounting, reporting, and
disclosure requirements for social insurance, heritage assets and
stewardship land, and earmarked funds. Finally, throughout the updated FAM
Volume 2, revisions were made for new terminology, changes in the federal
audit environment, and effects of applicable laws and regulations. A table
of major changes to FAM Volume 2 is presented in an attachment to this
letter.
Instructions for Commenting on the Exposure Draft
The exposure draft of FAM Volume 2 is available only in electronic form on
GAO's Web page at [209]http://www.gao.gov/special.pubs/gaopcie/. We
request comments from federal audit officials, CFOs, financial managers,
the public accounting profession, and other interested parties. Please
associate your comments with specific references to section, paragraph,
and page number. Also, please provide the rationale for your comments and
proposed changes, along with suggested revised language. Please send your
comments electronically to [210][email protected] no later than January 31,
2008. This exposure period is expected to provide adequate time for review
and comment after auditors have completed fiscal year 2007 financial
statement audits for federal agencies and the consolidated U.S.
government. We anticipate that the final version of FAM Volume 2 will be
issued in the early spring of 2008 for use in conducting fiscal year 2008
federal financial statement audits.
Should you need additional information, please call GAO's Financial
Management and Assurance Assistant Directors Roger Stoltz, at (202)
512-9408; or Janet Krell, at (202) 512-4716; Director Steve Sebastian at
(202) 512-9521; or PCIE Working Group Leaders Alex Biggs, at (202)
693-5258; or Joel Grover, at (202) 927-5768.
Sincerely yours,
Jeffrey C. Steinhoff The Honorable John P. Higgins, Jr.
Managing Director Chairman, Audit Committee
Financial Management and Assurance President's Council on Integrity
U.S. Government Accountability Office and Efficiency
Attachment and enclosures
Attachment
Table of Major Changes to FAM Volume 2
FAM section Major change
650 Some clarifications and new terminology were added for using
the work of others.
802 The general compliance checklist in FAM 802.06 lists five
general laws for compliance consistent with OMB audit guidance
while four other laws commonly assessed by auditors are now
presented in FAM 802.07.
803 FAM 803 was revised to add new audit procedures for checking
on Antideficiency Act violations.
903 FAM 903.02 expanded the discussion of full costing per SFFAS
No. 30.
921 New FAM 921.11-.12 discuss Treasury development and
implementation of a new Government Wide Accounting system that
will have a significant impact on auditing Fund Balance with
Treasury (FBWT). A new FAM 921.13 discusses Treasury plans to
discontinue use of certain suspense accounts. Because these
changes are to occur over several years, auditors should
reevaluate FBWT audit procedures, some examples of which are
now presented in FAM 921.17-.22. The FAM 921 D audit program
has been eliminated.
931 This new section provides guidance on auditing heritage assets
and stewardship land as a result of SFFAS No. 29.
941 This new section provides guidance on auditing the Statement
of Social Insurance as a result of SFFAS Nos. 17, 25, 26, and
28.
1001 FAM 1001 on management representation letters has been revised
to be consistent with changes in professional standards, and a
new FAM 1001.19 was added to discuss the effect of a change in
management on representation letters.
1001 A The example management representation letter was changed to
group representations by category (financial statements,
internal control, fraud, etc.) and added representations for
Antideficency Act violations (FAM 1001 A.27), Statement of
Social Insurance (FAM 1001 A.28-.36), consistency of budget
information required by OMB audit guidance (FAM 1001 A.37),
and earmarked funds (FAM 1001 A.38).
Attachment
FAM section Major change
1002 A table for analyzing contingent losses was added to FAM
1002.06 and a new FAM 1002.12 was added for legal claims where
no monetary damages are being sought. FAM 1002.16
expands the discussion and timing of interim and final legal
letters.
1003 The audit completion checklist was revised to be consistent
with the revised FAM and new professional standards.
CONTENTS - PART II
[This page intentionally left blank.]
CONTENTS - PART II - TOOLS
600 PLANNING AND GENERAL
601 Introduction to Part II - Tools
650 Using the Work of Others
650 A Summary of Audit Procedures and Documentation for Review of Other
Auditors' Work
650 B Example Audit Procedures for Using the Work of Others
650 C Example Reports When Using the Work of Others
660 Agreed-Upon Procedures
660 A Example Agreed-Upon Procedures Engagement Letter
660 B Example Representation Letter from Responsible Entity on Agreed-Upon
Procedures Engagement
660 C Agreed-Upon Procedures Completion Checklist
660 D Example Agreed-Upon Procedures Report
700 INTERNAL CONTROL (See also section 900)
701 Assessing Compliance of Agency Systems with the Federal Financial
Management Improvement Act (FFMIA)
701 A Example Audit Procedures for Testing Compliance with FFMIA
701 B Summary Schedule of Instances of Noncompliance with FFMIA
800 COMPLIANCE
802 General Compliance Checklist
803 Antideficiency Act
808 Federal Credit Reform Act of 1990
809 Provisions Governing Claims of the U.S. Government (31 U.S.C.
37113720E) (Including the Debt Collection Improvement Act of 1996) (DCIA)
810 Prompt Payment Act
813 Civil Service Retirement Act, 5 U.S.C. Chapter 83
814 Federal Employees Health Benefits Act, 5 U.S.C. Chapter 89
816 Federal Employees' Compensation Act, 5 U.S.C. Chapter 81
817 Federal Employees' Retirement System Act of 1986 (FERS), 5 U.S.C.
Chapter 84
Contents -Part II - Tools
900 SUBSTANTIVE TESTING
902 Related Parties, Including Intragovernmental Activity and Balances 902
A Example Account Risk Analysis for Intragovernmental Activity and
Balances 902 B Example Specific Control Evaluation for Intragovernmental
Accounts 902 C Example Audit Procedures for Intragovernmental and Other
Related
Parties' Activity and Balances 903 Auditing Cost Information 921 Auditing
Fund Balance with Treasury (FBWT) 921 A Treasury Processes and Reports
Related to FBWT Reconciliation 921 B Example Account Risk Analysis for
Fund Balance with Treasury 921 C Example Specific Control Evaluation for
Fund Balance with Treasury 931 Auditing Heritage Assets and Stewardship
Land 941 Auditing the Statement of Social Insurance
1000 REPORTING
1001 Management Representations 1001 A Example Management Representation
Letter 1002 Inquiries of Legal Counsel 1002 A Example Audit Procedures for
Inquiries of Legal Counsel 1002 B Example Legal Letter Request 1002 C
Example Legal Representation Letter 1002 D Example Management Summary
Schedule 1003 Financial Statement Audit Completion Checklist 1005
Subsequent Events Review
SECTION 600
Planning and General
650 - Using the Work of Others
.01 In many financial statement audits, the auditor uses the work and
reports of other auditors and specialists that may include CPA firms,
inspectors general ^[211]1 (IG), state auditors, and internal auditors.
Specialists include actuaries and information technology (IT) personnel.
The auditor may contract with a CPA firm to perform parts of an audit, or
to perform the entire audit. The auditor expressing the opinion on the
financial statements is usually "the principal auditor" as defined by AU
543.02, but this is a matter of professional judgment.
.02 FAM 650 provides guidance to auditors on designing and performing
oversight and other procedures when using the work of other auditors and
specialists. Various professional standards also provide guidance in this
area. These standards include AU 543, "Part of Audit Performed by Other
Independent Auditors;" AU 322, "The Auditor's Consideration of the
Internal Audit Function in an Audit of Financial Statements;" AU 336,
"Using the Work of a Specialist;" ^[212]2 and AU 315 "Communications
Between Predecessor and Successor Auditors." These standards have
different requirements depending on whether the auditor is using the work
of an independent auditor, an internal auditor, or a specialist.
.03 In the federal environment, the auditor may use the work of other
auditors and specialists in various situations. For example:
o Audits of federal entity financial statements, either consolidated or
individual bureaus, agencies, funds, or other components, by IGs or
CPA firms in accordance with GAGAS (which includes U.S. GAAS) and OMB
audit guidance.
o CPA firms, IGs, or specialists engaged to do parts of an audit (for
example, review IT systems controls, review actuarial calculations, or
test specific accounts).
o Reports on the processing of transactions by service organizations
(i.e. SAS No. 70 reviews under AU 324).
o Single audits or audits of federal funds provided to units of state
and local governments performed by state auditors and CPA firms.
o Work performed by internal auditors (or equivalent, such as a program
review office or those performing A-123 internal control reviews).
o Work performed by internal audit staff who provide direct assistance
to the auditor.
When IG audits are used by GAO as principal auditor of the U.S. government
consolidated financial statements. For the GAO audit of the Bureau of
Public Debt (BPD), GAO is the other auditor and the Treasury IG is the
principal auditor when it includes BPD into the Treasury Department
consolidation. ^2 The AICPA also issued Practice Alert 2002-02, Use of
Specialists.
.04 AU 543.13 states that in some circumstances the auditor may find it
appropriate to participate in discussions regarding the accounts with
management personnel of the component whose financial statements are being
audited by other auditors and/or to make supplemental tests of such
accounts. The determination of the extent of additional procedures, if
any, to be applied rests with the auditor alone in the exercise of
professional judgment and in no way constitutes a reflection on the
adequacy of the other auditor's work.
An auditor transmitting the other auditor's opinion is not a principal
auditor; neither is the auditor expressing negative assurance on the other
auditor's work. However, if the auditor assumes responsibility for the
opinion on the financial statements on which the auditor reports without
making reference to the audit performed by the other auditor, the
professional judgment of the auditor must determine the extent of
procedures to be undertaken.
.05 FAM 650 provides guidance in making the judgments necessary for the
auditor to use the work of others, including
o the type of reporting (FAM 650.09-.10),
o the evaluation of the other auditors' or specialists' independence and
objectivity (FAM 650.11-.24),
o the evaluation of the other auditors' or specialists' qualifications
(FAM 650.25-.35), and
o the auditor's determination of the level of review (FAM 650.36-.41 and
FAM 650 A).
.06 The auditor should coordinate with the other auditor whose work is to
be used. In turn, the other auditor should determine the needs of the
auditor who plans to use the work being performed so that the professional
judgments exercised by both auditors can satisfy the needs of both. This
is best done before major work is started. For example, auditors of a
consolidated entity (such as the U.S. government or an entire department
or federal entity) are likely to plan to use the work of other auditors of
subsidiary entities (such as individual departments, agencies, bureaus,
funds, or other components). This coordination can result in more economy,
efficiency, and effectiveness of government audits and avoid duplication
of effort.
In addition, both auditors should coordinate throughout the audit so that
the timing needs of the auditor and the other auditor are met. The auditor
should provide instructions on audit procedures to be performed,
materiality considerations, reporting format, and any other information
deemed appropriate. The other auditor should perform the requested
procedures in accordance with these instructions and report the findings
solely for use by the auditor (AU 9543.03). The other auditor should also
provide full and timely access to appropriate individuals and audit
documentation for review by the auditor on an ongoing basis during the
audit (GAGAS par. 4.23), although this work may not be completely
reviewed.
.07 In this coordination, the auditor should inform other auditors on how
their work and report will be used. AU 543.07 indicates that if the
auditor's report will name the other auditor, the principal auditor should
obtain permission to do so and should present the other auditor's report
together with its report. For CPA firms, this permission may be obtained
as part of the contracting process. As a professional courtesy, the
auditor generally should also provide other auditors with a draft of its
report to avoid surprises before final issuance.
.08 When there is a difference of opinion, the auditor should confer with
the other auditor in an attempt to reach an agreement as to the procedures
that would be necessary to satisfy both auditors' professional judgments.
If both auditors are unable to reach agreement, see FAM 650.54-.56. FAM
650 B contains example audit procedures for using the work of others,
which depend on the professional judgments made.
Types of Reporting
.09 There are various types of reporting when using the work of other
auditors and specialists. The type of reporting depends on the degree of
responsibility the auditor accepts and the work the other auditors and
specialists will perform. Factors for the auditor to evaluate in deciding
which type of reporting to use include the degree of assurance to provide,
legal requirements, and cost-benefit considerations. The amount of
resources required varies by type of report and generally increases in the
order presented below.
The auditor generally should decide the type of reporting in planning the
engagement. The auditor generally should discuss type of reporting with
the other auditors or specialists early in the audit. The auditor
exercises professional judgment in making these decisions and should
document the basis for the decisions. AU 504.03 indicates that an auditor
is associated with financial statements when the auditor has consented to
the use of its name in a report, document, or written communication
containing the financial statements. The type of reporting will depend on
the auditor's association with the report:
a.
No association with report. In this situation, the other auditors
or specialists provide the report directly to the audited entity
and/or to significant users. The auditor may use this method when
procuring the audit but not acting as "the auditor." Examples are
when there is no legal requirement for a separate audit report, or
the user does not need a separate audit report, or a separate
audit report would provide no additional information. When the
auditor is required by law to perform the audit, the auditor
should not use this option as the auditor is associated with the
report.
b.
Association with report. In this situation, there are two possible
types of transmittal letters: one expressing no assurance and one
expressing negative assurance on the other auditors' work. For
either type, the auditor is associated with the financial
statements as described in AU 504. The fourth standard of
reporting was amended by SAS No. 113 to state "In all cases where
an auditor's name is associated with financial statements, the
auditor should clearly indicate the character of the auditor's
work, if any, and the degree of responsibility the auditor is
taking, in the auditor's report."
Because the auditor did not perform the audit, the auditor should disclaim
an opinion and should not express its concurrence with the other auditors'
opinion. The auditor may use this approach when the auditor did not
perform the audit but wants to issue a report or letter. The auditor may
also want to expand the letter to highlight certain findings or
information or to indicate that certain procedures were performed. See
example 1 of FAM 650 C for wording for both types of transmittal letters
which
o Express no assurance. For this letter, the auditor issues a
transmittal letter without reviewing the other auditors' audit
documentation. In these situations, the transmittal should be clear as
to the limitations of the work of the auditor who generally has the
responsibility to monitor audit contracts, as applicable, to meet the
requirements of the IG Act, CFO Act, or Accountability of Tax Dollars
Act of 2002.
o Express negative assurance. This letter indicates that the auditor
reviewed the other auditors' or specialists' report and related audit
documentation, inquired of their representatives, and found no
instances where the other auditors did not comply, in all material
respects, with U.S. GAAS or GAGAS.
c. The auditor issues a report that refers to other auditors' reports and
indicates a division of responsibilities. To use this approach, the
auditor has two decisions to make: (1) whether the auditor may serve as
the principal auditor (AU 543.01-.03) and (2) whether the auditor will
refer to the work of the other auditors (AU 543.01-.10). For [213]audits
of federal entities, auditors may be designated by law. ^3 The auditor
exercises professional judgment in making these decisions and should
document the basis for the decisions. One consideration in deciding
whether the auditor is the principal auditor is sufficient knowledge of
the entire entity, including portions audited by other auditors. Another
consideration is the materiality and importance of the consolidated
assets, liabilities, expenses, revenues, or net position the auditor has
not audited.
IGs are designated by the CFO Act to audit their agencies, but may use
contract authority to perform the audits. Likewise, GAO is mandated by 31
U.S.C. 331(e) to audit the U.S. government's consolidated financial
statements.
The auditor may issue a report that refers to other auditors when
(1) the other auditors have reported on financial statements for a
component entity that is part of the entity whose financial statements the
principal auditor is reporting on and (2) the principal auditor does not
wish to take responsibility for the other auditors' work. (See AU 543.09
for example wording. This approach may be used only for CPA firms or for
other auditors that are organizationally independent [see FAM 650.14] and
should not be used for internal auditors or specialists.)
However, a reader of the report could question the basis for the principal
auditor issuing the opinion because of the significant materiality and
importance of the portion of the financial statements audited by the other
auditors. In this case, the principal auditor should determine whether
there is a need to issue a report that does not mention the other
auditors' work, which may require additional work (see FAM 650.09 e).
d. The auditor issues a report that expresses concurrence with the other
auditors' report and conclusions. The auditor may use this approach when
other auditors have reported on financial statements and the principal
auditor needs or wants to provide more assurance than what is provided in
the transmittal letter. For example, a certain audit may be required by
law, in which the auditor, although allowed to hire other auditors to do
the work, is required to give its opinion. In the absence of such a
requirement, a report expressing concurrence is generally not
cost-effective because of the resources required.
Expressing concurrence means that the auditor would have reached the same
opinion or conclusion had it done the audit. Therefore, the auditor should
do the same level of work it would have done to take responsibility for
the other auditor's work. In this instance both the other auditor and the
auditor that expresses concurrence are principal auditors because both
have sufficient knowledge of the overall financial statements and the
important issues, and the concurring auditor, by reason of the level of
work done, has also audited the financial statements.
The auditor usually accomplishes this by reviewing the audit documentation
of the other auditor, having discussions with entity management, and/or
performing supplemental tests, (see example 2 in FAM 650 C for report
wording).
This approach may be used only for CPA firms or for other auditors who are
organizationally independent (see FAM 650.14). The auditor should not use
this report for specialists, since AU 336.15 prohibits reference to a
specialist's report unless the auditor issues a qualified or adverse
opinion or a disclaimer of opinion based on the specialist's work. The
auditor also should not use this approach for internal auditors. AU 322.19
states that the responsibility to report on the financial statements rests
with the auditor and cannot be shared with internal auditors. ^[214]4
e. The auditor issues a report that does not mention the other auditors'
or specialists' work. In this situation, the auditor issues the example
report in FAM 595 A and/or FAM 595 B (as if no other auditors or
specialists were involved). This means the auditor takes responsibility
for the other auditors' or specialists' work. (See FAM 650.09 c for a
discussion of principal auditor issues.) The auditor may use this approach
when the other auditors have done part of the audit. (This approach also
may be used when the other auditors have done substantially the entire
audit.) For example, a number of other auditors may have audited
individual components of an entity and the auditor may audit the
consolidation process. The auditor may use this approach if the auditor
has sufficient knowledge of the entire entity and does additional work
(see FAM 650.10).
The auditor generally should accomplish this by reviewing the audit
documentation, having discussions with entity management, and/or
performing supplemental tests. The auditor also should use this approach
when using the work of specialists and internal auditors because
professional standards do not permit referring to specialists' or internal
auditors' work (unless, for specialists, the auditor issues a qualified or
adverse opinion or a disclaimer of opinion based on the specialists'
work). GAO uses this approach in the audit of the consolidated financial
statements of the U.S. government.
.10 Table 650.1 presents an overview of the work the auditor generally
should perform for each type of report or letter. "Yes" means that the
auditor should perform some of that category of work. "No" means that the
auditor need not perform that category of work. The extent of work in each
category depends on the auditor's professional judgment. See FAM 650.36
for discussion on the level of review.
There may be situations where the auditor is asked to provide a separate
opinion in addition to presenting the other auditors' report, or serves as
the contracting officer's technical representative (COTR). In these
situations, the auditor should follow the wording in FAM 595 A and/or FAM
595 B, and should add the following in lieu of the introduction to the
first paragraph on FAM 595 A-5: "To help fulfill these responsibilities,
we contracted with the independent certified public accounting firm of
[insert firm name] to perform a financial statement audit in accordance
with U.S. generally accepted government auditing standards, OMB's
bulletin, Audit Requirements for Federal Financial Statements, and the
GAO/PCIE Financial Audit Manual. The report of [name of CPA firm] dated
[date] is attached. We evaluated the nature, extent, and timing of the
work, monitored progress throughout the audit, reviewed the audit
documentation of [name of CPA firm], met with partners and staff members
of [name of firm], evaluated the key judgments, met with officials of
[entity being audited], performed independent tests of the accounting
records [if applicable], and performed other procedures we deemed
appropriate in the circumstances. Our opinions expressed above are
consistent with the opinions of [name of CPA firm]. Thus, in this audit,
we (continue with numbered items)."
Table 650.1: Overview of Work Performed for Each Type of Reporting
Hold
Type of Evaluate the Evaluate the Level of discussions
reporting other other auditors' review (FAM and/or
auditors' qualifications 650.36-.42) perform
independence (FAM supplemental
and 650.25-.35) tests (FAM
objectivity 650.43-.47)
(FAM
650.11-.24)
No association Noa No None No
with report
(FAM 650.09 a)
Auditor Yes Yes Low or none No
transmittal
letter expresses
no assurance
(FAM 650.09 b,
first bullet)
Auditor Yes Yes Moderate or No
transmittal low
letter expresses
negative
assurance (FAM
650.09 b, second
bullet)
Yes Yes Low or none No
Report refers to
the other
auditors' report
and indicates a
division of
responsibilities
(FAM 650.09 c)
Report concurs Yes Yes High, Yes for
internal
with the other moderate, or auditors'
work
auditors' report low (should
include
or does not supplemental
tests);
mention the yes for
auditors'
other auditors' work for high
level
work (FAM of review; no
for
650.09 d and e) auditor's
work for
moderate or
low
level of
review
a
If the auditor contracts with the other auditors or serves as the COTR,
the contracting process generally will require the auditor to evaluate the
other auditors' independence, objectivity, and qualifications and to
monitor performance under the contract.
Evaluating the Other Auditors' or Specialists' Independence and Objectivity
.11 Unless the auditor has no association with the report, the auditor
should evaluate the other auditors' or specialists' independence and
objectivity. Where the auditor has previously used the work of the same
other auditor, the auditor generally should update the previous
evaluation. Under GAGAS, chapter 3, audit organizations and individual
auditors should be free both in fact and appearance from personal,
external, and organizational impairments to independence. The auditor
should first evaluate organizational independence. Different standards
apply to CPA firms, other organizationally independent auditors, internal
auditors, and specialists.
.12 For CPA firms and specialists, the auditor may use a contracting
process that is part of its organization or a procurement function within
the entity to be audited. The auditor should determine whether the firm
selected represented [in the statement of work (SOW) or request for
proposal (RFP)] that it (and the assigned engagement team)
o is independent and objective with respect to the audited entity;
o will remain independent throughout the audit;
o will disclose any independence issues discovered; and
o will immediately notify the COTR if it considers submitting a proposal
on any contracts involving the audited entity to permit evaluation of
whether their auditors' independence could be impaired.
Firms should be asked to describe in their proposals all work, including
nonaudit services, they have done for the audited entity in the last
several years. See GAGAS, chapter 3, and Government Auditing Standards:
Answers to Independence Questions (GAO-02-870G, July 2002).
The auditor generally should determine whether the SOW or RFP indicate
that "The government will determine whether a firm is independent for the
purpose of performing an audit of financial statements of the federal
entity." This avoids a potential argument where, for example, the firm
does substantial nonaudit work for the entity to be audited that the
auditor views as a conflict. The technical evaluation panel should
evaluate whether the nature and extent of nonaudit services or other
factors causes an independence or objectivity issue, either in fact or in
appearance. In this evaluation, the panel generally should determine
whether (1) the other auditors will need to audit their own work or (2)
whether the other auditors made management decisions or performed
management functions.
.13 The auditor generally should have a role in contracting for the CPA
firm or specialist. ^[215]5 When the auditor does not participate in
contracting for the CPA firm or specialist, the auditor generally should
obtain an overview of the contracting process, including
o reading the SOW or RFP,
o reviewing the proposal of the firm selected, and
o understanding the evaluations of the panel selecting the firm.
The auditor should determine whether the firm provided a representation as
to independence and objectivity (usually in its proposal). If the firm has
not provided a representation as to independence and objectivity, the
auditor should obtain a representation from the firm. If the auditor is
not familiar with the firm, the auditor should inquire of professional
organizations, such as the AICPA or the Public Company Accounting
Oversight Board (PCAOB), as to the firm's professional reputation and
standing.
.14 For government auditors, the auditor should decide whether the other
auditor is organizationally independent to report externally or whether to
consider it as an internal audit organization. The auditor may refer to
the work of organizationally independent government auditors but should
not refer to the work of internal audit organizations in the audit report.
The auditor generally should perform more extensive review and supervision
when dealing with internal auditors. The auditor should obtain written
representations from appropriate officials ^[216]6 of the government audit
organization that to the best of their knowledge, the organization and the
individual auditors doing the work are independent of the entity being
audited. This means that the individual auditors are free of personal
impairments to independence and maintain an independent attitude and
appearance. It also means that the auditor is free from external
impairments and is organizationally independent (see GAGAS, chapter 3).
The representation letter may indicate the general criteria for
determining independence, such as "under the criteria in GAGAS." The
auditor should obtain representations for the period of the financial
statements to the date of the other auditors' report. Since the auditor
decides on the independence and objectivity of the other auditors to plan
its work, the auditor generally should obtain oral representations early
in the audit and written representations at the end of the audit.
.15 Government auditors may be presumed to be free from organizational
impairments to independence when reporting externally to third parties if
they are organizationally independent of the audited entity. Government
auditors may meet the requirement for organizational independence in a
number of ways. There is a presumption that a government auditor is
5
Under the CFO Act, if the IG is not doing the audit, it is required to
determine the independent external auditor (CPA firm) that will do the
work.
6
Obtaining a representation from an appropriate official of the audit
organization is similar to the procedure for CPA firms under AU 543.10b.
organizationally independent (GAGAS, chapter 3) if the auditor is assigned
to
a.
a level of government other than the one to which the audited
entity is assigned (federal, state, or local), for example, a
federal auditor auditing a state government program, or
b.
a different branch of government within the same level of
government as the audited entity, for example, a legislative
auditor auditing an executive branch program.
.16 There is also a presumption of organizational independence if the head
of the government audit organization (GAGAS, chapter 3) meets one of the
following criteria:
a.
directly elected by voters of the jurisdiction being audited;
b.
elected or appointed by a legislative body, subject to removal by
a legislative body, and reports the results of audits to and is
accountable to a legislative body;
c.
appointed by someone other than a legislative body, so long as the
appointment is confirmed by a legislative body and removal from
the position is subject to oversight or approval by a legislative
body, and reports the results of audits to and is accountable to a
legislative body; or
d.
appointed by, accountable to, reports to, and can only be removed
by a statutorily created governing body, the majority of whose
members are independently elected or appointed and come from
outside the organization being audited.
.17 If the other auditor or its head meets one of the above criteria, the
auditor need not perform any procedures concerning organizational
independence other than to obtain a representation letter from an
appropriate official of the government audit organization as noted in FAM
650.14 (see FAM 650.23 for tests of personal independence). However, if
the auditor encounters evidence that the other auditor might not be
organizationally independent, the auditor should determine the need for
inquiries and other procedures, and then evaluate the results of these
procedures.
.18 In addition to the presumptive criteria, GAGAS recognizes that there
may be other organizational structures under which a government audit
organization could be free from organizational impairments. The auditor
should determine whether these other structures provide sufficient
safeguards to prevent the audited entity from interfering with the
government auditor's ability to perform the work and report the results
impartially. For the auditor to determine that the government audit
organization is free from organizational impairments to report externally
under a structure different from the ones listed above, the auditor
(GAGAS, chapter 3) should have all of the following safeguards:
a.
statutory protections that prevent the audited entity from
abolishing the government audit organization;
b.
statutory protections that require that if the head of the
government audit organization is removed from office, the head of
the federal entity report this fact and the reasons for the
removal to the legislative body;
c.
statutory protections that prevent the audited entity from
interfering with the initiation, scope, timing, and completion of
any audit;
d.
statutory protections that prevent the audited entity from
interfering with the reporting on any audit, including the
findings, conclusions, and recommendations, or the manner, means,
or timing of the government audit organization's reports;
e.
statutory protections that require the government audit
organization to report to a legislative body or other independent
governing body on a recurring basis;
f.
statutory protections that give the government audit organization
sole authority over the selection, retention, and dismissal of its
staff; and
g.
statutory access to records and documents related to the federal
entity, program, or function being audited, and access to
government officials or other individuals as needed to conduct the
audit.
.19 If the auditor concludes that the government audit organization has
all the safeguards listed in FAM 650.18, the auditor may determine that
the governmental auditor is free from organizational impairments to
independence when reporting externally. The auditor should document the
statutory provisions in place that provide these safeguards.
.20 When using the work of other government auditors that meet these
requirements, the auditor should request a representation letter (see FAM
650.14) from an appropriate official of the audit organization. The
auditor should review this document and as necessary discuss it with
appropriate officials of the audit organization, the external quality
assurance reviewer, legal counsel for the audit organization, and the
auditor's legal counsel.
.21 If the auditor decides that the government audit organization is not
organizationally independent to report externally (either because it does
not meet the criteria in GAGAS or for another reason), the auditor should
determine whether the other auditor is organizationally independent to
report internally. Such auditors are internal auditors. The Institute of
Internal Auditors' (IIA), International Standards for the Professional
Practice of Internal Auditing defines internal auditing as "an
independent, objective assurance and consulting activity designed to add
value and improve an organization's operations. It helps an organization
accomplish its objectives by bringing a systematic, disciplined approach
to evaluate and improve the effectiveness of risk management, control, and
governance processes."
GAGAS contain guidance on organizational independence for government
internal auditors. For example, internal auditors should be outside the
staff or line management function of the unit under audit. They should
report their results and be accountable to the head or deputy of their
federal entity. IIA standards require internal auditors to be objective
for the activities they audit. These GAGAS and IIA standards of
independence for internal auditors differ from independence under the
AICPA Code of Professional Conduct or independence for external auditors
under GAGAS.
The auditor generally should determine whether the internal auditors whose
work is to be used are independent of the activities they audit. The
auditor also should determine the organizational status of the head of the
audit organization. For the audit organization to be considered free from
organizational impairments to report internally to management, the head of
the audit organization (GAGAS, chapter 3) should meet all criteria:
a.
accountable to the head or deputy head of the government entity,
or those charged with governance;
b.
required to report the results of the audit organization's work to
the head or deputy head of the government entity and those charged
with governance;
c.
located organizationally outside the staff or line management
function of the unit under audit;
d.
accessible to those charged with governance; and
e.
sufficiently removed from political pressures to conduct audits
and report findings, opinions, and conclusions objectively without
fear of political reprisal.
.22 If the auditor concludes that the internal auditors are not
independent under GAGAS and IIA standards, the auditor should treat the
work as if the audited entity prepared it. If the auditor concludes that
the internal auditors are independent under GAGAS and IIA standards, the
auditor may use their work to the extent permitted by AU 322. In either
case, the auditor should not issue a report referring to or concurring
with the work of internal auditors.
.23 In addition to evaluating the other auditors' organizational
independence, the auditor should evaluate whether the audit team has any
personal impairments. For both internal auditors and organizationally
independent government audit organizations, the auditor generally should
ask how the other auditors monitor the personal independence of individual
staff members, especially those doing the work the auditor would like to
use.
.24 The auditor should document the work performed and the conclusions
reached as to independence and objectivity. The documentation should
indicate the auditor's conclusion as to whether the other auditors are
independent and objective and the basis for that conclusion. The auditor
should consult with the reviewer if there are questions about the other
auditors' independence or objectivity.
.25 After evaluating the other auditors' or specialists' independence and
objectivity, the auditor should evaluate their qualifications to perform
the specific tasks required. This involves evaluating the qualifications
of the firm or audit organization and evaluating the qualifications of the
specific audit team. Where the auditor has previously used the work of the
same other auditors, the auditor generally should update the previous
evaluation.
.26 For CPA firms and specialists, the auditor generally should evaluate
qualifications through the contracting process, usually by using a
technical evaluation panel to select a qualified firm. A firm submits
resumes for its audit team members, demonstrates why its team is qualified
to do the work, and submits its plan for doing the audit. Each CPA firm
should submit its latest peer review report, letter of comments, and
response to the peer review report. The firm should also agree to submit
updated peer review reports during the period of the contract. If the peer
review report was issued more than three years earlier, the evaluation
panel may obtain documentation relating to the internal quality control
policies and procedures of the selected firm, or read the firm's
inspection report and
[217]7
response.
A CPA firm may also be asked to submit its latest public inspection report
prepared by the PCAOB, but these reports pertain to audits of publicly
traded companies and related quality controls. However, to the extent they
raise issues about quality controls or methodology, they may be applicable
to audits of federal entities. ^[218]8
.27 Where the auditor did not participate in the contracting process, the
auditor should determine how the qualifications of a firm were evaluated.
For example, did the technical evaluation panel review:
o Resumes of the team members?
o The audit approach?
o The peer review report and related letter of comments (if any)?
o The firm's response to the peer review report?
The auditor should read these documents and reach a conclusion as to
qualifications.
.28 For auditors other than CPA firms, the auditor should ask whether the
audit organization had a peer review and the date of that review. IGs have
peer reviews performed every 3 years by other IGs. Most state auditors
also have peer reviews every 3 years. To comply with GAGAS, the audit
organization should have a peer review every 3 years. The IIA standards
indicate that "[e]xternal assessments, such as quality assurance reviews,
^7 Some CPA firms consider internal inspection reports as proprietary
documents not subject to auditor
review. This issue can be resolved by either allowing the auditor access
to inspection reports or providing
the auditor with a summary or representation about inspection results as a
condition of the contract. Further information on the PCAOB inspection
report process is available at www.pcaobus.org.
should be conducted at least once every five years by a qualified,
independent reviewer or review team from outside the organization."
While reviews under the IIA standard are not designed to report whether
the audit organization's quality control adheres to GAGAS, they do provide
evidence about whether the work adheres to a recognized set of
professional standards. The auditor should read the peer review report,
the letter of comments, and the audit organization's response. Where the
audit organization has received an unqualified peer review report recently
(usually less than 2 years ago), the auditor generally need not perform
further review of the audit organization's qualifications.
.29 Where the peer review report is not recent, the auditor generally
should review the results of the audit organization's internal inspection
program for any new quality control issues. The inspection generally
should include reviews of audit documentation, interviews of staff
members, and tests of functional areas. Where the inspection is recent
(usually within the past year) and the inspection report is unqualified,
the auditor generally need not perform further review of the audit
organization's qualifications.
.30 Where the peer review or inspection report is qualified or adverse,
the auditor should evaluate whether the quality control system has since
been strengthened to allow the auditor to use the other auditors' work.
The auditor may review the organization's action plan for improving
quality controls and inspection results in determining whether quality
controls have improved since the peer review. The auditor should evaluate
the effect of remaining weaknesses in determining the nature and extent of
procedures to be performed.
.31 Where the latest peer review was completed more than 3 years earlier
and there is no inspection program, the auditor should obtain an overview
of the important quality control policies and procedures of the other
auditor. The overview generally should cover the functional areas of
o independence, integrity, and objectivity (FAM 650.11-.24);
o personnel management (includes recruiting and hiring, advancement,
professional development and training, and assigning personnel to
assignments);
o audit performance (includes supervision and consultation);
o acceptance and continuance of assignments; and
o monitoring programs.
.32 The auditor may obtain this information through interviews of the
other auditor's management and staff and through reading its quality
control summary document. The auditor also may read the other auditor's
manuals and other guidance for conducting audits.
.33 In addition to evaluating the other auditor's qualifications, the
auditor also should evaluate the overall qualifications of the team
assigned to do the work. The auditor may review resumes of key team
members to accomplish this. The auditor should review the specific
education, training, certifications, and experience of key team members.
In evaluating qualifications, the auditor should review the specific role
of staff members on the job. When the auditor has knowledge of
qualifications from prior experience for key team members, the auditor
should inquire about their experience in the time since the last audit.
.34 Where the auditor is not satisfied as to the qualifications of the
other auditor, the auditor generally should perform a more detailed review
of the documentation and/or perform supplemental tests of key line items
(see FAM 650.36).
The auditor should document the work performed and the conclusions reached
as to the other auditors' qualifications. The documentation should
indicate the auditor's conclusion as to whether the other auditors are
qualified to perform the tasks required and the basis for that conclusion.
The auditor should consult with the reviewer if there are questions about
the other auditors' qualifications.
.35 If the auditor has significant concerns about the other auditors'
independence, objectivity, or qualifications, the auditor should revise
its audit strategy. For example, the auditor may
o contract with another firm;
o ask the other auditors to substitute more highly qualified or
objective staff members;
o do the audit without using the other auditors' work, treating any work
done by the other auditors as prepared by the audited entity;
o divide the work so that the other auditors test the areas where they
are qualified, and the auditor does the rest of the audit; or
o issue a disclaimer of opinion.
Planning the Review and Testing of Other Auditors' or Specialists' Work
.36 After evaluating the other auditors' or specialists' independence,
objectivity, and qualifications, the auditor should develop an audit
strategy and audit plan for reviewing and, if necessary, testing the work
done. In this strategy, the auditor generally should document the level of
review as high, moderate, or low. In some situations, the auditor should
perform significantly more work than the work shown for the high level to
include performing significant supplemental tests. In other situations,
the auditor may decide less review or no review is necessary. These
situations typically involve entities or line items that are very small in
relation to the financial statements taken as a whole. In these
situations, the auditor may decide to read the other auditors' report and
the financial statements and ask questions if anything seems unusual.
The auditor should reevaluate the audit strategy and plan as the work
progresses. If serving as the COTR, the auditor should determine whether
the terms and conditions of the contract are complied with. In addition,
the IG Act requires that the IG determine whether work performed by
nonfederal auditors complies with GAGAS. The level of review is a
professional judgment the auditor generally should make for each material
line item considering the following factors:
a.
The type of report or letter the auditor will issue, as less
review is needed for a transmittal letter than for reports in
which the auditor takes responsibility for the other auditors'
work (see FAM 650.10).
b.
Whether the other auditors issue a disclaimer of opinion because
of a scope limitation, as less work is needed to concur with a
scope limitation than to concur with an unqualified opinion (see
FAM 650.37).
c.
Whether the auditor's report might contain a disclaimer because of
a scope limitation, as less work is needed if the auditor's report
will contain a scope limitation (see FAM 650.39).
d.
The other auditors' independence, objectivity, and integrity (both
for the audit organization and its audit team) are impaired, as
the level of review increases as independence, objectivity, and
integrity decreases.
e.
The other auditors' qualifications (both for the audit
organization and its audit team) to perform the work the auditor
wishes to use, as the level of review increases as the other
auditors' qualifications decrease.
f.
The auditors' prior experience with the other auditors (both for
its audit organization and its audit team), as the level of review
tends to decrease as the auditor's confidence increases from
working with the other auditors.
g.
The materiality of the line item in relation to the financial
statements the auditor is reporting on, taken as a whole, as the
level of review increases as the line item becomes more material.
h.
The risk of material misstatement, including the risk of material
fraud for the line item and assertion in the financial statements
the other auditors are auditing, as the level of review increases
as the risk of material misstatement increases.
.37 If the other auditors' work has a scope limitation, this generally
affects the level of review, except for transmittal letters with no
assurance. If the other auditors disclaim an opinion on the financial
statements because of a scope limitation, the auditor should also issue a
disclaimer of opinion, unless the financial statements the other auditors
audited are not material to the financial statements the auditor is
auditing. The auditor generally need not perform extensive procedures to
be satisfied that this disclaimer is appropriate. Additionally, the
auditor generally need not hold discussions with entity management and/or
perform supplemental tests in this situation, and may limit the review of
documentation to summary documentation. Thus, the level of review is
usually low or no review (see FAM 650.10). However, the auditor may do
additional work to learn about the entity, to help the other auditor plan
future audits, or to help entity management correct the causes of the
scope limitation.
.38 If the other auditors' work had a scope limitation that results in a
qualified opinion, the auditor generally should perform a moderate or high
level of review to determine whether the other auditors should have
disclaimed an opinion and that the only issues are those relating to the
qualification.
.39 A scope limitation on the auditor's work that results in a disclaimer
also may affect the level of review. Since the auditor has already decided
that not enough work can be done on the overall financial statements, no
amount of review of the other auditors' work is likely to change that
conclusion. Thus, as in FAM 650.37, discussions with entity management
and/or supplemental tests are not required, the review of the other
auditors' documentation may be limited to summary documentation; and the
level of review is usually low or no review (see FAM 650.10). However, the
auditor may do additional work to learn about the entity, to help the
other auditor plan future audits, or to help entity management correct the
causes of the scope limitation.
.40 If there is a scope limitation on the auditor's work that results in a
qualified opinion, the auditor should perform a similar amount of work as
for an unqualified opinion.
.41 FAM 650 A illustrates the audit work that the auditor generally should
perform for each level of review on each significant line item, as well as
what to retain in audit documentation.
Review of Audit Documentation
.42 The extent of the auditor's review of the other auditors' or
specialists' documentation depends on the level of review and is a
professional judgment based on the factors in FAM 650.36.
o For a low level of review, the auditor may limit the review of
documentation to key summary planning and completion documentation.
o For a moderate level of review, the auditor generally should review
more of the other auditors' or specialists' documentation, especially
those evidencing important decisions. For financial statement audits,
this includes the audit strategy and audit procedures (or equivalent
documents); the ARA (or equivalent documentation) for significant
accounts; the SCE (or equivalent documentation) for significant
applications; the documentation for accounts, estimates, and judgments
with high risk of material misstatment; the analytical procedures; the
audit completion checklist at FAM 1003 (or equivalent documentation);
the audit summary memorandum; and the summary of uncorrected
misstatements (see FAM 595 C).
o For a high level of review, the auditor generally should review all of
the items for the moderate level of review plus the important detailed
documentation.
Discussions and/or Supplemental Tests for a High Level of Review
.43 AU 543.13 states that "In some circumstances the principal auditor may
consider it appropriate to participate in discussions regarding the
accounts with management personnel of the component whose financial
statements are being audited by other auditors and/or to make supplemental
tests of such accounts." The auditor may interpret "in some circumstances"
to mean when the level of review is high. Thus, where the level of review
is high, the auditor generally should (1) review audit documentation, and
(2) hold discussions with audited entity management and/or perform tests
of original documents.
The objective of these additional procedures is for the auditor to obtain
additional evidence about whether key items are properly handled and
supported by sufficient appropriate evidence. For example, the auditor
generally should discuss key items with entity management, especially
estimates and judgments. This discussion generally should be with the
other auditors present. The auditor generally should attend the entrance
and exit conferences and other key meetings held by other auditors or
specialists. For key items that have high risk of material misstatement,
discussions with entity management may not provide sufficient evidence,
and the auditor should perform supplemental tests.
.44 The auditor may perform supplemental tests on a selection of the other
auditors' work, additional tests of the accounting records, or both. To
perform supplemental tests, the auditor should obtain access to the
entity's personnel and its books and records. The auditor may coordinate
access to the entity's personnel and records through the other auditor.
The auditor and the other auditor also may jointly perform parts of a
test, where the sample is planned jointly and the results are evaluated
jointly. Although supplemental tests are usually performed only when the
level of review is high, the auditor may perform supplemental tests in
other situations to learn about the entity, to help the other auditor plan
future audits, or to help entity management correct problems.
.45 Where the other auditor is an internal auditor, the auditor should
perform supplemental tests. The extent of this testing depends on
circumstances and should be sufficient for the auditor to make an
evaluation of the overall quality and effectiveness of the internal
control work done by the internal auditor (see AU 322.26).
.46 The auditor generally should limit discussions with entity management
and/or supplemental tests to line items that have a high risk of material
misstatement. This is especially true in areas involving estimates and
judgments or in areas on which users place extensive reliance. The
auditor's supplemental tests generally should include some items tested by
the other auditor, particularly any that appear to be exceptions, in order
to determine whether they were appropriately evaluated in formulating an
opinion. The auditor generally should plan to perform supplemental tests
while the other auditors are at the entity and have access to records, as
this can minimize the inconvenience for everyone.
.47 It is not necessary to perform supplemental tests of the work of
specialists. As indicated in AU 336.12, the auditor should understand the
methods and assumptions used by the specialists, test the data provided to
the specialists (extent of testing is based on risk and materiality), and
evaluate whether the specialists' findings support the financial statement
assertions. If the auditor believes the findings are unreasonable, the
auditor should apply additional procedures and/or determine the need to
obtain another specialist.
Subsequent Events Review and Dating of the Auditor's Report
.48 The auditor should date the report when the auditor has obtained
sufficient appropriate audit evidence to support the opinion on the
financial statements (SAS No. 103.23 and SAS No. 113.07). If the other
auditors' or specialists' report is dated earlier and the auditor's report
does not mention the other auditors' report or concurs with the other
auditors' report as in example 2 of FAM 650 C, the auditor should update
the subsequent events review to the date of the auditor's report.
The auditor may ask the other auditors to update the subsequent events
review to the required date, or the auditor may update the subsequent
events review. However, since this requires additional work, the auditor
should attempt to complete audit work when the other auditors complete
their work. The auditor should evaluate this issue and coordinate with the
other auditor when planning the audit. The auditor need not update the
subsequent events review when the auditor issues a transmittal letter, as
in example 1 of FAM 650 C.
Staffing the Review of the Other Auditors' or Specialists' Work
.49 When staffing the review, the auditor should determine the extent to
which the other auditors or specialists have reviewed their work. The
other auditor should have performed at least one level of review for all
audit work, with more material or sensitive areas having multiple reviews.
In some cases, before the audit is complete, the other auditor may not
have completed all levels of review, particularly at its top level, and
may be reluctant for the auditor to access the audit documentation before
these reviews are done.
The auditor's staff reviewing the work generally should have enough
experience in financial statement auditing to understand the professional
judgments that need to be made and to interact with the higher levels of
the other auditor. An assistant director or a senior manager who has
significant experience in performing and reviewing financial statement
audit work should perform most of the review. Less qualified staff members
may perform supplemental tests when supervised by more qualified auditors.
The assistant director, audit manager, or auditor-in-charge should review
the documentation of any supplemental tests performed by less experienced
staff members. Except for key areas or issues, the audit director may
designate another qualified auditor to perform the primary review of audit
documentation prepared by the assistant director.
.50 When the other auditors' work involves the review of IT controls, an
IT specialist should participate in the auditor's review. This team should
determine if IT controls were adequate, audit work was properly
documented, and related audit objectives were achieved.
Evaluating the Work of Other Auditors or Specialists
.51 After the auditor has completed the review of the other auditors' or
specialists' work, and, if necessary, any supplemental testing, the
auditor should determine whether the work is sufficient and acceptable for
the auditors' use. The auditor should document this evaluation.
.52 Sometimes, other auditors use methodologies or audit approaches that
are different from those the auditor would have used. Auditing requires a
great deal of professional judgment and there often are alternative ways
to achieve audit objectives. Many CPA firms have developed, at
considerable expense, proprietary audit methodologies to use on a wide
range of public and private sector clients. Many of these audit
methodologies utilize electronic technology where the entire audit
documentation exists on a CD ROM. Thus, the auditor should understand the
other auditors' audit methodology and basis for the nature, extent, and
timing of audit procedures. This may require obtaining permission to use
proprietary software to review the audit work performed. Additionally,
where the CPA software is retained, the auditor should develop a process
to maintain the operability of the software to access the audit
documentation in the future.
The auditor should evaluate whether sufficient appropriate evidence
^[219]9 has been obtained to meet the audit objectives, particularly for
line items with a high risk of material misstatement. If the auditor has
concerns about whether the other auditors' work provides sufficient
appropriate evidence, the auditor generally should discuss the matter with
the audit director and the reviewer before formally discussing the issue
with the other auditors.
.53 The auditor should determine the significance of the test results to
the audit of the financial statements the auditor is reporting on. As an
example, the other auditors may have selected a nonstatistical sample
and/or the sample size may be smaller than the sample size the auditor
would have selected. The auditor may decide that this provides sufficient
evidence in an area that is less material or has low or moderate risk of
material
In accordance with AICPA SAS No. 106, Audit Evidence, sufficiency is the
measure of the quantity of evidence. Appropriateness is the measure of the
quality of audit evidence, that is, its relevance and reliability in
providing support for, or detecting misstatements in, the classes of
transactions, account balances, and disclosures and related assertions.
SAS No. 106 supersedes SAS No. 31, Evidential Matter, and will be included
in the AICPA Professional Standards at AU 326. SAS No. 106 is effective
for audits of financial statements for periods beginning on or after
December 25, 2006.
misstatement. However, if the risk of material misstatement is high, the
auditor may conclude that sufficient appropriate evidence has not been
obtained and that additional work is needed.
In this case, after consulting with the audit director and the reviewer,
the auditor generally should either ask the other auditors to perform
additional tests or perform the additional tests. If this additional
testing is not done, the auditor should determine the effect on the
auditor's report of the scope limitation. Since reaching this conclusion
after the work is performed is inefficient, especially when the level of
review is high, the auditor generally should coordinate or concur with
major planning decisions of the other auditor before audit work is
started.
.54 Sometimes, the auditor may disagree with the conclusions or judgments
of the other auditors. In this case, the auditor should evaluate the other
auditors' work as well as any other evidence or testing necessary to
determine the appropriate conclusion.
.55 The auditor should discuss any issues of disagreement with the other
auditors to attempt to resolve the disagreement. The auditor should
attempt to resolve professional disagreements early to reduce confusion
that may arise from differing auditor views. Once identified, the auditor
should discuss the issues with the other auditors to resolve them in a
timely manner and before the completion of the audit.
.56 If the auditor does not reach agreement with the other auditors, the
auditor should determine how to report. For very material disagreements,
the auditor may decide not to transmit the other auditors' report, instead
issuing a disclaimer of opinion due to a scope limitation or doing
additional work, if necessary, to issue an appropriate opinion. For less
material disagreements, the auditor may transmit the other auditors'
report, issue the transmittal letter or report, and describe the
disagreement and the basis for the auditor's conclusions.
Documenting the Review of Other Auditors' or Specialists' Work
.57 Regardless of the type of reporting or the level of review, the
auditor's documentation generally should contain the items listed in FAM
650 A under "documentation," either electronically or in hard copy.
.58 In addition, where the auditor performs supplemental tests of the
accounting records, the auditor's documentation should contain a
description of the work (this may be a list of the documents the auditor
examined or tick marks on a copy of the other auditors' documentation if
that is the basis for the selection) and the auditor's conclusion. It is
not necessary to retain copies of the documents examined.
.59 There is a difference between the auditor's responsibilities to review
the documentation of other auditors and what the auditor may copy and
retain from that documentation. The auditor uses professional judgment in
deciding which of the other auditors' or specialists' documents to copy
and retain. However, many audits utilize electronic technology to retain
documentation for the entire audit on a CD-ROM. The auditor may cite this
documentation as part of the review to include any supplemental testing
performed on the other auditors' work. The auditor may print out any
documents as necessary.
.60 The auditor may retain other documentation if it might be useful in
understanding the entity, training staff members, planning future audits,
reviewing the documentation, or writing the report. Documentation in this
category includes the entity profile (or equivalent), audit strategy,
audit procedures, ARA and SCE forms (or equivalent), trial balance or lead
schedules, management representation letter, and attorney representation
letter. Auditors often find it helpful to keep copies of documents (either
electronically or in hard copy) in case questions are raised in review but
not to include those copies in the audit documentation unless they are
needed to document the work performed.
The auditor should retain documents in accordance with the contract or
other legal requirements, but not less than 5 years from the report
release date (SAS No. 103.32). Audit procedures may indicate which
documents to retain. The auditor may not discard documents after 60 days
from the report release date (SAS No. 103.27-.30). In documenting the
review, auditors may indicate the document number or index number used by
the other auditor in order to locate the document at a later date.
Ownership and confidentiality of audit documentation is determined by
contract and legal requirements (see SAS No. 103.31).
Using Internal Audit Staff to Provide Direct Assistance to the Auditor
.61 Sometimes, the auditor or the audited entity requests that internal
auditors provide direct assistance to the auditor. Before this is done,
the auditor should be satisfied with the independence, objectivity, and
qualifications of the staff assigned to do the work requested. AU 322.27
indicates that in these situations, "The auditor should inform the
internal auditors of their responsibilities, the objectives of the
procedures they are to perform, and matters that may affect the nature,
timing, and extent of procedures, such as possible accounting and auditing
issues."
The auditor should direct, review, test, and evaluate the work done by
internal auditors to the extent appropriate based on the auditor's
evaluation of risk, materiality, objectivity, and qualifications.
Using Federal Entity Specialists
.62 Many federal entities have actuaries, security specialists,
statistical specialists, and other specialists whose work the auditor
would like to use. However, unless these specialists are part of an entity
that is organizationally independent or are under contract to such an
entity, the auditor should evaluate their work as the work of an employee
of the entity under audit. The auditor should use the specialists of other
auditors or contract for outside specialists to develop and implement
appropriate tests.
Multiple Levels of Other Auditors
.63 Sometimes there are several levels of other auditors. For example, an
IG may hire a CPA firm to perform an audit of a federal entity's financial
statements. The IG may issue a report concurring with the firm's report or
a letter transmitting the firm's report. GAO auditors may then use the
work of the IG as part of the consolidated audit of the U.S. government.
.64 When there are multiple levels of other auditors, each audit
organization should follow the guidance in FAM 650. IG auditors should
evaluate the independence (see FAM 650.11-.24) and qualifications of the
CPA firm (see FAM 650.25-.35); should review the audit documentation (see
FAM 650.42); and may need to have discussions with entity management
and/or perform supplemental tests of key accounts depending on the level
of review deemed appropriate (see FAM 650.43-.47).
GAO auditors should evaluate the qualifications of the IG organization (by
reading the peer review report, the letter of comments, and the audit
organization's response as described in FAM 650.25) and the qualifications
of the IG team doing the monitoring of the CPA firm. GAO auditors should
also review the IG auditor's documentation of its review of the CPA firm
work and may perform supplemental tests as deemed necessary. If GAO
auditors find that the IG auditor has completed and documented adequate
work, including discussions with entity management and/or supplemental
tests, further discussions and/or supplemental tests would be quite
limited, perhaps a walk-through of work done in areas with high-risk of
material misstatement. Often, GAO auditors will attend fewer meetings than
the IG auditor attends and would concentrate the review on the IG
auditor's documentation. GAO auditors may then issue a report on the
financial statements.
.65 Because of the potential for inefficiency, there generally should be
close coordination between the various auditors. The IG and GAO may
perform the review jointly. Sometimes, a memorandum of understanding may
be useful in documenting responsibilities. A chart that describes the
review to be done by each organization may be useful. The following is a
useful format for this chart (with more detail added as necessary under
each phase of the audit).
Procedures
Phase of the audit Other auditor IG review GAO review
Planning
Internal control
Testing
Reporting
Reports on Other Auditors' Work
.66 The auditor may be asked to issue a report evaluating work done by
other auditors in a situation where the auditor is not using the work of
the other auditors. For example, the auditor may be asked to evaluate an
audit done by a CPA firm. While AU 543, 322, and 336 are not directed
toward these situations, the guidance in FAM 650 is helpful in planning
and reporting on these assignments.
650 A - Summary of Audit Procedures and Documentation for Review of Other
Auditors' Work
650 A - Summary of Audit Procedures and Documentation for Review of Other
Auditors' Work
650 B - Example Audit Procedures for Using the Work of Others
These example procedures are appropriate when using the work of other
auditors or the work of specialists to perform a full or partial audit of
financial statements and are applicable to GAO financial statement audits.
Auditors may use these procedures or a monitoring tool for financial
audits developed by the Federal Audit Executive Council, a subcommittee of
the President's Council on Integrity and Efficiency that can be found at
[220]www.ignet.gov/pande/faec/fsan0906.xls.
As stated in FAM 650.08, these procedures depend upon the professional
judgments that the auditor makes. The auditor should tailor the procedures
to the circumstances and the planned level of review (high, moderate, or
low) as discussed in FAM 650.36. The auditor should modify or add
procedures as necessary, and delete them if not applicable. When other
auditors or specialists have done only part of an audit, the auditor may
delete many of the procedures below. The auditor may also delete
procedures for the low level of review or when the auditor plans to issue
only a transmittal letter as discussed in FAM 650.09 b.
The audit procedures are presented in three sections: (1) evaluating
independence, objectivity, and qualifications for CPA firms and
specialists; (2) evaluating independence, objectivity, and qualifications
for government audit organizations; and (3) monitoring the work (for all
types of other auditors and for specialists). The auditor should use the
applicable one of the first two sections and the third section. The
auditor generally should use a separate form for each other auditor or
specialist.
Entity:________________________________________________________________
Job code:_____________________________________________________________
Period of audit:________________________________________________________
Step Done by/date W/P ref
1. EVALUATING INDEPENDENCE, OBJECTIVITY, AND
QUALIFICATIONS FOR CPA FIRMS AND SPECIALISTS General
1. Read the statement of work or request for proposal
to determine whether this contracting document
provides sufficient background on the audited entity
and indicates the objectives of the work, what the
contractor should include in its proposal, how
proposals will be evaluated, and how the report will
be used.
Independence and objectivity: 2. Determine whether
proposal of selected firm includes a representation
as to the firm's independence and objectivity.
3. If proposal does not include a representation as
to independence and objectivity, obtain written
representation from firm.
Qualifications: 4. Read proposal of selected firm. In
reviewing proposal, evaluate the overall
qualifications of the team performing the work.
Review resumes and determine for key team members
their educational level, professional certifications,
and professional experience, including whether key
team members have current knowledge and experience in
the type of work done.
5. Review the selected firm's peer review report,
letter of comments, and response letter. If the peer
review report was issued more than three years
earlier, obtain documentation relating to the firm's
internal quality control policies and procedures or
review the firm's inspection program.
6. Communicate orally or in writing with the other
auditors to be satisfied that they understand the
requirements, the timetable, and the report or letter
the auditor expects to issue.
Step Done by/date W/P ref
2. EVALUATING INDEPENDENCE, OBJECTIVITY, AND
QUALIFICATIONS FOR GOVERNMENT AUDITORS Independence
And Objectivity: 1. For all government audit
organizations, obtain written representation from an
appropriate official that the organization and its
individual auditors are independent of the entity
being audited.
2. Determine whether the government audit
organization meets ONE of the criteria in FAM 650.15,
or the head meets ONE of the criteria in FAM 650.16.
If the organization (or its head) meets one of these
criteria, no further work is needed unless the
auditor finds contrary evidence as to independence
and objectivity in other parts of the audit. Indicate
the criteria met and document the evaluation of any
other evidence obtained. (Go to step 6.)
3. If the government audit organization (or its head)
does not meet any of the criteria in step 2,
determine whether it meets ALL of the criteria in FAM
650.18.
4. Review the government audit organization's
documentation of how it meets the requirements of
step 3. Discuss with an appropriate official of the
organization and consider discussions with peer
control reviewer, legal counsel for the organization,
and auditor's legal counsel. (Go to step 6.)
5. If the government audit organization does not meet
the criteria for organizational independence to
report externally, determine whether the organization
is an independent internal audit organization under
GAGAS and IIA standards. Determine whether the
internal auditors are objective for the activities
they audit. For the audit organization to be
considered free from organizational impairments,
determine if the head of the audit organization meets
all of the criteria indicated in FAM 650.21.
Step Done by/date W/P ref
6. For government auditors, obtain an understanding
of the organization's policies to enhance the
objectivity of individual auditors as discussed in
FAM 650.23, including o policies to prohibit
auditors from auditing areas where relatives are
employed, o policies to prohibit auditors from
auditing areas where they were recently assigned or
are scheduled to be assigned after they complete
their tour of duty in auditing, and o policies to
require representations as to objectivity and lack of
conflicts of interest from each auditor.
7. Prepare a memorandum documenting work performed
and conclusions reached as to government audit
organization's independence and objectivity.
Qualifications: 8. Read the latest peer review
report, letter of comments, and the audit
organization's response as discussed in FAM 650.28.
Note the date of the report and whether it is
unqualified. If the report is recent (usually within
the past year) and unqualified, go to step 12.
9. If the peer review is not recent, review the
latest inspection report, if any, and the
organization's response as discussed in FAM 650.29.
Note the date of the report and whether it is
unqualified. If the inspection is recent (usually in
the past year) and unqualified, go to step 12.
10. If the organization has not had a recent peer
review or inspection as discussed in FAM 650.31,
obtain an overview of the important policies and
procedures in the functional areas through interviews
of management and staff and through reading the
summary quality control document, if any. Consult
with the reviewer on the potential effect of using
work with no recent peer review or inspection before
performing this step.
11. If the peer review or inspection report was
qualified or adverse, determine whether the quality
control system has since been strengthened as
discussed in FAM 650.30. Review the organization's
action plan for strengthening its quality control
system. Evaluate the effect of remaining weaknesses
in determining the level of review.
Step Done W/P ref
by/date
12. Inquire how the government audit organization
determined staffing of the audit. Evaluate the overall
qualifications of the team performing the work as
discussed in FAM 650.33. Review resumes for key team
members and consider:
o educational level, professional certifications, and
professional experience;
o continuing professional education, especially training
and current knowledge in the type of work done;
o supervision and review of work;
o whether the audit team has adequate sources for
consultation and use of specialists, especially for audit
sampling, audit methodology, and review of computer
controls; and
o quality of documentation, reports, and
recommendations.
13. As discussed in FAM 650.35, if the auditor has
significant
concerns about the government audit organization or its
team's objectivity or qualifications, the auditor, in
developing the audit plan, may either
o ask the other auditors to substitute more objective or
highly qualified staff members;
o do the work, treating any work done by the other
auditors as prepared by the audited entity;
o divide the work so that the other auditors test the
areas where they are qualified and the auditor does the
rest of the audit; or
o issue a disclaimer of opinion.
Step Done by/date W/P ref
3. MONITORING THE WORK (FOR ALL TYPES OF OTHER
AUDITORS AND SPECIALISTS) 1. As discussed in FAM
650.36, develop a strategy and a plan for reviewing
the other auditors' or specialists' work and, if
necessary, performing supplemental tests of the
accounting records. Determine the level of review for
each line item.
2. Monitor the planning of the audit (FOR ALL LEVELS
OF REVIEW) o Review the entity profile. o Review
the audit strategy or equivalent document and audit
plan. (FOR MODERATE AND HIGH LEVEL OF REVIEW) o
Attend entrance meeting and key planning meetings. o
Review the determination of planning materiality and
design materiality. o Have an IT specialist
participate with the auditor in reviewing the
information resource management background
information and the documentation for review of
general and application controls. o Document line
items and applications to be reviewed. o For each
such line item, review the Account Risk Analyses, the
Specific Control Analyses, the cycle flowcharts, the
cycle memoranda, the determination of tolerable
misstatement, and the audit plan or equivalent
documents.
3. Monitor the execution of the audit for reports
following example 2 of FAM 650 C or FAM 595 A and/or
FAM 595 B WHERE LEVEL OF REVIEW IS HIGH. o Attend
key meetings, especially those discussing highrisk
areas, significant estimates and judgments, fraud
brainstorming, and the other auditors' conclusions.
o Discuss key items with audited entity management,
especially significant estimates and judgments. o
Perform supplemental tests of the accounting records:
-- Generally for high risk and material line items,
especially in areas involving estimates and judgments
or ones which users rely on extensively. -- Generally
while the other auditors are at the audited entity
location and have access to the records.
Step Done by/date W/P ref
-- Examine some of the same documents the other
auditors examined or make own selection or both. --
Compare results of other auditors' work to results of
supplemental tests. -- Document scope of supplemental
testing and conclusions reached.
4. Monitor the completion of the audit (items with *
are usually not necessary for LOW level of review) :
o *Review the overall analytical procedures. o
*Review the key documentation for the line item and
for completing the audit; consider evaluations of
sample results. (For example, were projections
appropriate? Was appropriate action taken based on
sample results?) o *Determine whether the subsequent
events review was updated to the date of the
auditor's report. o Review the audit summary
memorandum, conclusions about line items, and the
summary of uncorrected misstatements. o *Review the
audit completion checklist (or equivalent document).
o Review the management representation letter and the
legal representation letter. o *Attend key exit
conference(s). o Read the other auditors' report,
the financial statements, the notes, the other
accompanying information, and management's response.
5. Prepare a summary memorandum.
6. Write the auditor's report or transmittal letter.
[This page intentionally left blank.]
660 - Agreed-Upon Procedures
.01 In an engagement to apply agreed-upon procedures, a client engages an
auditor to perform specific procedures on a subject matter and report on
the results to assist users in evaluating a subject matter or an
assertion. Agreed-upon procedures should be performed in accordance with
GAGAS which incorporates the financial audit and attestation standards
established by the AICPA. The auditor should read appropriate sections of
the AICPA Standards for Attestation Engagements (SSAE), specifically AT
101, Attest Engagements, and AT 201, Agreed-Upon Procedures Engagements,
and thoroughly understand them before performing agreedupon procedures.
.02 An agreed-upon procedures engagement may be applied to a variety of
subject matters. The engagement will vary depending on the needs of the
user. The engagement may assist entity management by providing information
for making decisions and give report users information on important areas.
Examples of agreed-upon procedures are:
o compare the Retirement, Health Benefits, and Life Insurance
Withholdings/Contributions and Supplemental Semiannual Head Count
Report Submitted to the Office of Personnel Management with the
entity's payroll records and general ledger; (refer to OMB audit
guidance for additional information);
o compare entity reconciliations of intragovernmental activity and
balances with supporting documentation and compare amounts with the
financial statements and with reports to the Department of the
Treasury (Treasury); (refer to OMB audit guidance for additional
information);
o trace tax collections from the master file to deposit confirmations,
determine whether they were recorded in the appropriate period, and in
the correct tax class;
o trace amounts on the entity's financial statements to an "account
grouping worksheet," foot the worksheet, read the CFO's explanation
for any differences, and compare the explanation with supporting
documentation; and
o examine official receipt documents to determine whether they were
included in the weekly deposit; compare deposit amounts to amounts
reported on the statement of funding.
.03 In agreed-upon procedures engagements, all parties involved, which
include the report users, the entity responsible for the subject matter
(which may or may not be the same as the user), and the auditor, should
clearly understand the procedures to be applied. Since users may have
different needs, the nature, extent, and timing of agreed-upon procedures
also may differ. Therefore, the users, and not the auditor, assume the
responsibility for the sufficiency of the design and extent of the
procedures
since they best understand their own needs, although the auditor may
assist the user in designing the procedures.
.04 The auditor should establish and document an understanding with the
users regarding the nature, extent, and timing of agreed-upon
procedures
to be performed. The auditor may document this understanding using an
engagement letter to the users, an example of which is provided in FAM
660 A.
.05 The subject matter should be capable of evaluation against criteria
that are
suitable and available to users. Suitable criteria should have
objectivity,
measurability, completeness, and relevance. The procedures should be
subject to reasonably consistent measurement and the criteria should
be
agreed upon. The auditor should not perform overly subjective
procedures
or use terms with uncertain meaning unless they are defined within the
agreed-upon procedures.
.06 The auditor need not perform additional procedures beyond the agreed
upon procedures. If matters come to the auditor's attention by other
means
that significantly contradict the subject matter (or assertion), the
auditor
should include these matters in the report. For example, if during the
course of applying agreed-upon procedures regarding an entity's
operation,
the auditor becomes aware of a material weakness related to the
assertion
by means other than the agreed-upon procedures, the auditor should
include this matter in the report. This may be done by mentioning the
material weakness with a footnote reference to another report where it
is
described in detail.
.07 Where circumstances impose restrictions on the performance of the
agreed-upon procedures, the auditor should attempt to obtain agreement
from the users of the report to modify the agreed-upon procedures.
When
agreement cannot be obtained (for example, when the agreed-upon
procedures are published by a regulatory entity that will not modify
the
procedures), the auditor should describe restrictions in the report or
withdraw from the engagement.
Written Representations
.08 The auditor should determine if a representation letter is necessary.
The auditor may determine that a representation letter is necessary, for
example, if (1) the responsible entity is so large there is a risk as to
whether one person knows whether pertinent information has been made
available to the auditor, (2) the subject matter depends on estimates,
judgments, or future events (such as whether the subject matter is less
objective and fact-based and more subjective), or (3) the user of the
report believes written representations should be obtained. Although
generally not required (unless specifically required by another
attestation standard, such as in a compliance engagement) a representation
letter may nonetheless be a useful means of documenting the responsible
entity's representations. FAM 660 B provides an example representation
letter for an agreed-upon procedures engagement.
.09 The responsible entity's refusal to furnish written representations
determined by the auditor to be necessary constitutes a scope limitation.
In such circumstances, the auditor should do one of the following:
o disclose in the report the inability to obtain representations from
the responsible entity,
o withdraw from the engagement, or
o change the engagement to another form of engagement (such as to a
performance audit).
Documentation
.10 In accordance with GAGAS, the auditor should prepare and maintain
documentation in connection with an agreed-upon procedures engagement that
is appropriate for the engagement. The documentation should contain
sufficient information to enable an experienced auditor having no previous
connection with the engagement to ascertain from the documentation the
nature, extent, timing, and results of procedures performed and the
evidence that supports the auditors' agreed-upon procedures report,
including its sources and the auditors' conclusions.
.11 Although the quantity, type, and content of documentation varies with
the circumstances, it should be sufficient to demonstrate that the work
was adequately planned and supervised and the evidential matter that
provides a reasonable basis for the report as discussed in GAGAS chapter
6.
.12 The auditor generally should prepare a summary memorandum that recaps
the work performed and refers to the detailed documentation. This
memorandum generally should include the auditor's conclusion on whether
the work was performed in accordance with GAGAS, including the attestation
standards, and the GAO/PCIE FAM and whether the report is appropriate. FAM
660 C provides an agreed-upon procedures completion checklist.
Reporting
.13 An auditor should report on the agreed-upon procedures in the form of
results. The auditor should not provide any opinion or negative assurance
about whether the subject matter or the assertion is fairly stated based
on the criteria. The report should include information such as the
identification of the entities that agreed to the procedures and took
responsibility for the sufficiency of the design and extent of the
procedures for their purposes, as shown in the example report in FAM 660
D.
.14 The auditor should report all results arising from application of the
agreedupon procedures. The concept of materiality does not apply to
results to be reported in an agreed-upon procedures engagement unless the
users of the report agree to the definition of materiality. This could be
included in the engagement letter at FAM 660 A. Any agreed-upon
materiality limits should be described in the report.
.15 The auditor should include a statement indicating that the report is
intended for the specified users who have agreed upon the procedures
performed and taken responsibility for the sufficiency of the design and
extent of the procedures for their needs. However, since governmental
reports are generally a matter of public record, the distribution of the
report is not limited.
.16 The auditor may have performed agreed-upon procedures on an element,
account, or item of financial statements and also audited the same
financial statements. If the audit report on the financial statements
includes a departure from a standard report, the auditor generally should
include a reference to the audit report and the departure from the
standard report in the agreed-upon procedures report.
.17 The auditor also may include explanatory language about such matters
as the following:
o stipulated facts, assumptions, or interpretations (including the
source);
o description of the condition of records, controls, or data to which
the procedures were applied;
o explanation that the auditor has no responsibility to update the
report; and
o explanation of sampling risk.
.18 The auditor should state the results in definitive, rather than
qualified, language and avoid vague or ambiguous language. The following
table provides examples of appropriate and inappropriate descriptions of
findings.
Examples of appropriate/inappropriate description of findings
Description of findings
Procedures agreedupon Appropriate Inappropriate
Based on the total tax Recomputed amounts for Nothing came to our
liability, select and the selected excise tax attention as a result of
recompute the 50 returns agreed with the applying this procedure.
largest excise tax amounts in the certified
returns from the audit file.
quarter ended September
30, 20XX, and compare
these amounts with the
certified audit file.
Examples of appropriate/inappropriate description of findings
Description of findings
Procedures agreedupon Appropriate Inappropriate
Select a random sample of Revenue receipts The revenue receipts
45 Treasury SF-224 selected randomly from approximated the
reconciliations; determine the monthly Treasury amount shown in the
if XYZ reported revenue SF-224 reconciliation Treasury FMS records.
receipts were properly process were properly
classified and reconciled classified and agreed
to Treasury FMS records. with Treasury FMS
records.
Examine personnel files of Thirty of the selected Some of the personnel
40 individuals randomly files contained a files did not contain
selected from the current and approved a current and approved
timekeeping records for the Notification of Notification of
year; determine if all the Personnel Action. Ten Personnel Action.
selected files contain a files did not contain a
current and approved current and approved
Notification of Personnel Notification of
Action (SF-50). Personnel Action (list
and identify
exceptions).
Other Report Issues
.19 The report should be addressed to the users who have agreed upon the
procedures to be performed (see FAM 660.03). The date of completion of
the agreed-upon procedures should be used as the date of the
agreed-upon
procedures report. If the audit organization's procedure is to date
reports
with the issue date, the date of completion of the engagement may be
stated in the report (such as "We completed the agreed-upon procedures
on [date].").
.20 Entity comments should be obtained from the entity responsible for the
subject matter. If time constraints present problems, oral comments
may
be obtained and documented in a memo.
[This page intentionally left blank.]
SECTION 700
Internal Control
DRAFT GAO/PCIE Financial Audit Manual Page 701 B-1 DRAFT GAO/PCIE Financial
Audit Manual Page 701 B-2 DRAFT GAO/PCIE Financial Audit Manual Page 701 B-3
DRAFT GAO/PCIE Financial Audit Manual Page 701 B-4 DRAFT GAO/PCIE Financial
Audit Manual Page 701 B-5 DRAFT GAO/PCIE Financial Audit Manual Page 701 B-6
SECTION 800
Compliance
802 - General Compliance Checklist
.01 The compliance testing section consists of a General Compliance
Checklist (questionnaire) for identifying laws and regulations for
compliance testing and supplements for the laws OMB requires auditors of
executive departments, agencies and government corporations to test for
(see FAM 295.01 H) and other laws of general applicability auditors may
consider during federal financial audits (see FAM 295.02 H). The
compliance supplements provide detailed guidance for assessing the
effectiveness of compliance controls and testing compliance with the
significant provisions of each law.
.02 The auditor generally should complete the General Compliance Checklist
(Form 802), or equivalent, for federal financial audits. With the
exception of the Antideficiency Act which has no materiality limit, if an
auditor considers an individual law to have a direct and material effect
on the financial statements it is significant for purposes of compliance
testing and the auditor should complete the related compliance supplement.
The auditor should complete compliance supplements only for laws required
to be tested (FAM 802.06) and for other laws (FAM 802.07) identified for
compliance testing on the General Compliance Checklist. Use of these
documents is described below.
.03 To understand and evaluate compliance controls, the auditor also
should follow the guidance in FAM 260 on identifying risk factors and in
FAM 320 on understanding information systems. The FAM also provides
additional guidance on compliance considerations for all audit phases.
Instructions For General Compliance Checklist
.04 The checklist contains a summary of each law. The auditor generally
should use this checklist or equivalent to determine which of these laws
are considered to have a direct and material effect on the financial
statements for purposes of testing compliance, as discussed in FAM 245.
The auditor should indicate whether each law meets the criteria for direct
and material by placing a check mark in the appropriate column (yes or
no). As noted in FAM 295 H, auditors are required to test certain laws and
may also test for other laws if they have determined they are direct and
material to the financial statements being audited.
.05 The auditor may need to use estimates or interim information in the
preliminary column. The final amounts (based on the audited amounts or the
final amounts of available budget authority) are used to determine whether
all laws that would be significant in quantitative terms have been
identified for control and compliance testing. The sources of all amounts
included in this checklist should be documented. If the law is considered
to be significant from a qualitative standpoint, the reasons for this
conclusion should be documented.
.06 Laws required for testing (if applicable) ^[221]1 contained in
supplements to the General Compliance Checklist (Form 802) are:
Law Supplement
number
Antideficiency Act FAM 803
Federal Credit Reform Act of 1990 (FCRA) FAM 808
Provisions Governing Claims of the U.S. FAM 809
Government as provided primarily in 31 U.S.C.
3711-3720E (Including the Debt Collection
Improvement Act of 1996 (DCIA)
Prompt Payment Act FAM 810
Pay and Allowance System for Civilian Employees FAM 812
as Provided Primarily in Chapters 51-59 of Title 5,
U.S. Code
.07 Other frequently encountered laws contained in supplements to the
General Compliance Checklist (Form 802) that the auditor may test are:
Law Supplement
number
Civil Service Retirement Act FAM 813
Federal Employees Health Benefits Act FAM 814
Federal Employees' Compensation Act FAM 816
Federal Employees' Retirement System Act of FAM 817
1986
^1 FFMIA is discussed in FAM 701.
Entity _________________________________________________________________ Period
of financial statements ____________________________________________
Job code _______________________________________________________________
Description of Law Yes No
Civil Service Retirement Act,
5 U.S.C. Chapter 83
This law provides retirement benefits to employees who were
hired prior to January 1, 1984. For each employee, the entity
withholds a percentage of basic pay from the employee's
compensation and contributes an equal amount for retirement.
The employee and entity amounts are remitted to Treasury.
Does the entity's expense for retirement costs under the Civil
Service Retirement Act for the audit period exceed planning
materiality or are provisions of the Civil Service Retirement Act
otherwise determined to be significant?
Preliminary Final
Expense for retirement
contributions Planning materiality
If yes, complete compliance supplement FAM 813.
Federal Employees Health Benefits Act,
5 U.S.C. Chapter 89
This law provides health insurance coverage to employees who
elect health insurance benefits. For each employee who elects
coverage, the entity pays an amount set by OPM for insurance
costs. The entity portion cannot exceed 75 percent of the
insurance cost. The employee pays the remainder of the total
cost. Information on the employee and entity cost of the
insurance is published by OPM. The entity withholds the
amount of the employee's portion of the cost from the
employee's pay and remits this amount, along with its own
contribution, to Treasury.
Does the entity's expense for health insurance costs for the
audit period exceed planning materiality or are provisions of
the Federal Employees Health Benefits Act otherwise
determined to be significant?
Preliminary Final
Expense for health insurance
Planning materiality
If yes, complete compliance supplement FAM 814.
Description of Law Yes No
Federal Employees' Compensation Act (FECA),
5 U.S.C. Chapter 81
This law provides for the compensation of employees injured
while performing their duties. Claims are paid out of the
Federal Employees' Compensation Fund. Federal entities are
billed annually by the fund for claims paid on their behalf.
Does the entity's expense for the audit period for benefits paid
by the Federal Employees' Compensation Fund on the entity's
behalf exceed planning materiality or are provisions of FECA
otherwise determined to be significant?
Preliminary Final
Expense for Compensation
Fund claims Planning materiality
If yes, complete compliance supplement FAM 816.
Federal Employees' Retirement System Act of 1986
(FERS), 5 U.S.C. Chapter 84
This law provides retirement benefits for employees who were
hired after December 31, 1983. For each employee, the entity
withholds a percentage of basic pay from the employee's
compensation and contributes an amount equal to the
employing agency's applicable normal cost percentage less the
employee deduction rate for retirement. The employee and
entity amounts are remitted to Treasury.
Does the entity's expense for retirement costs under the FERS
Act for the audit period exceed planning materiality or are
provisions of the FERS Act otherwise determined to be
significant?
Preliminary Final
Expense for retirement
contributions _ Planning materiality _
If yes, complete compliance supplement FAM 817.
Instructions For Compliance Supplements
.08 Each compliance supplement in FAM 803-817 consists of (1) a compliance
summary, (2) a compliance audit program, and (3) notes.
Compliance Summary Compliance Audit Program
.09 For each law identified for compliance testing on the General
Compliance
Checklist, the auditor generally should complete the related
compliance
summary or prepare equivalent documentation. The compliance summary
is designed to assist the auditor in planning compliance control tests
and
summarizing the results of compliance control tests and compliance
tests
for reporting the results of the work performed.
.10 The first column contains a description of the specific provisions of
the law
that have been identified for compliance testing, the type of
provision, and
the reference to the law.
.11 The second column contains the objective related to the specific
provision
to be used for both compliance control and compliance testing.
.12 The auditor should identify the control activities that the entity has
in place
to achieve each objective and document the control activity in the
third
column. If the entity does not have a control activity that achieves
the
objective, the auditor should document this condition in the third
column.
.13 The fourth column is used to indicate (Yes or No) whether the control
activity is information technology (IT) system related as described in
FAM
270.04. IT system controls are those the effectiveness of which
depends on
computer processing. They can generally be classified into general,
application, and user controls. Testing of IT system controls
generally
should be performed with assistance from an IT specialist.
.14 The auditor should design control tests to determine whether the
control
activities that have been identified in the third column are in place
and
operating effectively. A control activity is considered to be
effective if it
achieves the control objective. The control testing program and the
control
tests should be recorded in the documentation. The results of these
tests
and the auditor's conclusions on the effectiveness of the compliance
controls should be documented in the fifth column of the Compliance
Summary. A reference to supporting documentation should be included in
this column.
.15 Compliance tests should be performed using the related Compliance
Audit
Program as described below. The results of the compliance tests should
be
indicated in the sixth and last column of the Compliance Summary along
with a reference to the supporting documentation.
.16 A compliance audit program has been developed for the provisions
identified on the related compliance summary for each law. For each law
identified for compliance testing on the General Compliance Checklist, the
auditor generally should perform each step of the related compliance audit
program in column 1. Because the subject matter of some laws is closely
related to matters the auditor will be planning to test for other parts of
the audit, the auditor should coordinate with that other testing and
design multipurpose tests. For example, payroll compliance testing could
be performed using multipurpose tests of payroll controls and/or
substantive payroll testing.
The auditor should initial and date in column 2 of the compliance audit
program when the procedure is performed. A reference to the documentation
recording the work performed for each step should be included in the third
and last column of the compliance audit program.
Notes
.17 Notes are provided for each compliance supplement to assist the
auditor in understanding criteria, definitions, exemptions, and
restrictions of law. The notes also provide guidance to the auditor in
testing and evaluating controls to achieve the compliance objective.
[This page intentionally left blank.]
Compliance 803 - Antideficiency Act
803 - Antideficiency Act
Note: Complete this compliance summary or prepare equivalent documentation
as provisions of the Antideficiency Act are applicable to entities
receiving federal funds. with no limit on materiality.
OMB guidance on budget execution, including the Antideficiency Act, is
included in OMB Circular A-11, Part 4.
Name of entity: Compliance Summary Prepared by:
Audit period: Reviewed by:
_____
Provision Control
description Objective activities IT Effective Instances of
(Y/N) compliance noncompliance
controls? noted?
1. The entity 1.
shall not make Expenditures [Document [Indicate yes
expenditures or the [Is control [Indicate or
or obligations obligations control dependent no; include
that exceed the do not activities yes or no;
amount
available for exceed the used by the include reference to
expenditure or amount entity to on computer
obligation
in an available for achieve the processing?] reference to supporting
appropriation or expenditure objective.] supporting documentation.]
fund. or obligation
in an
Type: appropriation (See note documenta- See Compliance
Quantitative-based or fund. 2.)
Ref: 31 U.S.C. tion.] Audit Program
1341(a)(1)(A) and
(C)
FAM 803 Step 3
2. The entity 2. Legal [Document [Is control [Indicate yes
shall not involve obligations the control dependent on or no; include
the government in do not occur activities computer reference to
a contract or before an used by the processing?] supporting
obligation for the appropriation entity to [Indicate yes documentation.]
payment of money is made or achieve the or no; include See Compliance
before an otherwise objective.] reference to Audit Program
appropriation is authorized by (See note supporting FAM 803 Step 3.
made unless law. 2.) documentation.]
authorized by law.
Type:
Quantitative-based
Ref:31 U.S.C
1341(a)(1)(B)
DRAFT GAO/PCIE Financial Audit Manual Page 803-1
Compliance 803 - Antideficiency Act
Name of entity: Compliance Summary Prepared by: Reviewed
Audit period: by:
_____
Provision Control
description Objective activities IT Effective Instances of
(Y/N) compliance noncompliance
controls? noted?
3. (See note
Expenditures 2.)
3. The entity or
shall not make obligations See
expenditures or do not exceed Compliance
obligations that the legally Audit Program
exceed (1) the binding limit FAM 803 Step
amount of an on the 4.
apportionment; or entity's
budget
authority.
(2) a lesser (The amount
amount, if any, of the
established by apportionment
agency regulations or a lesser
(such as the amount, if
allotment level). any,
See note 1. established
by the
Type: entity's
Quantitative-based regulations.)
Ref: 31 U.S.C. See note 1.
1517(a)
DRAFT GAO/PCIE Financial Audit Manual Page 803-2
Compliance 803 - Antideficiency Act
Note: Complete this program or prepare equivalent documentation only if
provisions of the Antideficiency Act are considered to be significant as
indicated on Form 802 - General Compliance Checklist at FAM 802-3. The
procedures in this program are designed to test compliance with the
provisions listed on the Compliance Summary for this law.
Name of entity:
Audit period:
Reviewed by:
Audit Procedures Done W/P ref
by/date
1. List the appropriations or other budget authority and
the related budget accounts that were identified for
compliance testing on Form 802 - General Compliance
Checklist. Per FAM 802-3, the auditor should identify all
legally binding restrictions on budget execution, from
sources such as appropriation legislation.
(The following tests for compliance with the
Antideficiency Act should be coordinated with tests of the
Statement of Budgetary Resources and with tests of
expenses.)
Compliance 803 - Antideficiency Act Compliance 803 - Antideficiency Act
Compliance 803 - Antideficiency Act
Name of entity:
Audit period:
Reviewed by:
Audit Procedures Done W/P ref
by/date
2. As discussed in FAM 460.03, the auditor should
determine assurance that the summarized budget information
(obligations and expenditures) used for compliance tests
are reasonably accurate and complete. This assurance may
be provided through effective controls (usually the budget
controls) or, if the controls are not effective, through
substantive testing of budget amounts for validity,
completeness, cutoff, recording, classification, and
summarization as described in FAM 495 B.
For the accounts listed in step 1, document if this
assurance is provided through effective controls (as
indicated on Form 803 - Compliance Summary) or if
substantive tests of the budget information are necessary.
If the controls are not considered to be effective in
meeting some or all of the budget control objectives
listed in FAM 395 F, perform substantive tests of the
budget amounts (obligations and expenditures) as discussed
in FAM 495 B. These substantive tests should be performed
only for those potential misstatements for which the
entity does not have effective budget controls.
After the auditor is satisfied as to the reasonableness of
the budget amounts to be used for the compliance tests,
perform the compliance tests in steps 3 and 4.
3. Compare the actual amounts of budget obligations and
expenditures with the related appropriation or other
budget authority listed in step 1. If the entity does not
appear to have complied with the provision, perform step
6. (31 U.S.C. 1341(a)(1)(A) .
Name of entity:
Audit period:
Reviewed by:
Audit Procedures Done W/P ref
by/date
4. Compare timing of legal obligations (contractual or
otherwise) with available appropriation or other budget
authority listed in step 1. If the entity does not appear
to
have complied with the provision, perform step 6 (31
U.S.C. 1341(a)(1)(B).
5. Determine the entity's legally binding level of budget
authority (below the appropriation level) that was
identified during the planning phase. This level is
usually
the apportionment level unless the entity has elected a
lower level, such as allotments. Compare the amount of
actual obligations and expenditures to the legally binding
level of restrictions on budget authority identified for
compliance testing (the apportionment or allotment level).
If the entity does not appear to have complied with the
provision, perform step 5. (31 U.S.C. 1517(a))
6. If the entity does not appear to be in compliance based
on the results of tests performed, discuss these matters
with OGC and, when appropriate, the Special Investigator
Unit to conclude if noncompliance actually has occurred
and the implications of such noncompliance. For any
noncompliance noted, the auditor should
o identify the weakness in controls that allowed the
noncompliance to occur, if not previously identified
during control testing;
o report the nature of any weakness in controls and
consider modification of the opinion on internal control
as appropriate (see FAM 580.32-.61);
o consider the implications of any instances of
noncompliance on the financial statements; and
o report instances of noncompliance, as appropriate (see
FAM 580.67-.75.).
Name of entity:
Audit period:
Reviewed by:
Audit Procedures Done W/P ref
by/date
7. Contact the entity office responsible for submitting
ADA violations to the President, Congress, and GAO and:
o Obtain a listing of violations for the year under audit.
o Inquire if all known violations have been included on
the list and reported.
o For each ADA violation determine if it was reported to
the President, the Congress, and GAO.
8. Check GAO'S ADA reporting website :
http:/www.gap.gov/ada/antideficiencyrpts.htm to identify
and obtain background about ADA violations reported by
the entity and compare audit evidence with what the entity
reported in ADA violation reports. Be aware that there may
be time lags as to when violations are reported,
particularly at year end.
9. Document conclusions on compliance with each provision
on Form 803 - Compliance Summary.
Note 1: Entities are required to establish regulations that provide for a
system of administrative controls over their execution of budget authority
(31 U.S.C. 1514(a)). As discussed in FAM 250.03, the entity may elect to
lower the level at which budget limitations are legally binding in these
regulations. For example, the entity may elect to reduce the legally
binding limit on the obligation and expenditure of budget funds from the
apportionment to the allotment level. The auditor should determine the
level at which the entity's legally binding limit has been established.
Note 2: The auditor should consider the results of the evaluation and
testing of budget controls (FAM 370.11). These controls relate to the
execution of budget authority and usually are the same controls that are
used to comply with the Antideficiency Act. Accordingly, additional
determinations of controls that achieve the compliance objective generally
is not necessary if the auditor has assessed whether the entity achieves
all of the budget control objectives listed in FAM 395 F. The auditor
should reference this compliance summary to the budget control evaluation
and testing and perform any additional procedures determined to be
necessary to conclude if compliance controls are effective.
DRAFT GAO/PCIE Financial Audit Manual Page 808-1 DRAFT GAO/PCIE Financial Audit
Manual Page 808-2
Compliance 808 - Federal Credit Reform Act of 1990
Compliance 808 - Federal Credit Reform Act of 1990
DRAFT GAO/PCIE Financial Audit Manual Page 809-1 DRAFT GAO/PCIE Financial Audit
Manual Page 809-2 DRAFT GAO/PCIE Financial Audit Manual Page 809-3 DRAFT
GAO/PCIE Financial Audit Manual Page 810-1
DRAFT GAO/PCIE Financial Audit Manual Page 810-2
DRAFT GAO/PCIE Financial Audit Manual Page 812-1 DRAFT GAO/PCIE Financial Audit
Manual Page 813-1 DRAFT GAO/PCIE Financial Audit Manual Page 813-2 DRAFT
GAO/PCIE Financial Audit Manual Page 814-1
DRAFT GAO/PCIE Financial Audit Manual Page 814-2
DRAFT GAO/PCIE Financial Audit Manual Page 814-3
DRAFT GAO/PCIE Financial Audit Manual Page 814-4
Compliance
816 - Federal Employees' Compensation Act (FECA), 5 U.S.C. Chapter 81
DRAFT GAO/PCIE Financial Audit Manual Page 816-1
Compliance
816 - Federal Employees' Compensation Act (FECA), 5 U.S.C. Chapter 81
DRAFT GAO/PCIE Financial Audit Manual Page 816-2
DRAFT GAO/PCIE Financial Audit Manual Page 817-1 DRAFT GAO/PCIE Financial Audit
Manual Page 817-2
817 - Federal Employees' Retirement System Act of 1986 (FERS), 5 U.S.C.
Chapter 84
Note 1: Employees may be covered by the Civil Service Retirement Act
(CSRS) or the Federal Employees' Retirement System Act (FERS), generally
depending on their employment dates. Employees hired after January 1, 1984
are in FERS.
Note 2: For most employees, the percentage to be withheld is 0.8 percent
(7 percent less the Social Security tax rate). For congressional
employees, Members of Congress, and law enforcement officers,
firefighters, air traffic controllers, and nuclear materials couriers, the
withholding rates are higher. (See 5 U.S.C. 8422(a)(1).).
Note 3: The Office of Personnel Management (OPM) computes the normal cost
percentage. For example: for FY 2006 it is 11.2 percent for regular
employees. OPM lists the percentages in its Benefits Administration
Letters, accessible on its Internet site,
[222]http://www.opm.gov/asd/htm/bal06.htm (where the 2 digits after "bal"
represent the calendar year of the letters). (5 U.S.C. 8401(23))
Note 4: If multipurpose testing is used for the compliance test and/or
compliance control test and a substantive test of payroll expense details,
the sample items for the compliance test and/or compliance control test
should be selected using the sampling method used for the substantive
test. Otherwise, the items should be selected using attribute sampling, as
discussed in FAM 460.02.
As with all sampling applications, the auditor should consider the
completeness of the test population. For efficiency, the auditor should
consider using records that were tested for validity and completeness (as
well as the other financial statement assertions) in conjunction with
substantive tests of payroll or other payroll related compliance tests.
Note 5: If the entity outsources payroll processing, the entity remains
responsible for compliance. Dividing responsibility for payroll processing
activities between the entity and the service organization could make
payroll testing more complicated, although the same testing should be
performed. The auditor may accomplish that testing with the assistance of
the service organization's auditor, who may issue an internal control
report on the service organization under AU 324 (SAS 70). Or the service
organization's auditor may assist the entity auditor by performing
agreed-upon procedures at the service organization (e.g., substantive
testing) under AT 201 (see FAM 660).
SECTION 900
Substantive Testing
902 - Related Parties, Including Intragovernmental Activity and Balances
.01 This section provides detailed guidance on the procedures that the
auditor should perform with respect to related parties, as described in
FAM 280 and FAM 550. Additionally, in determining whether related party
activities are properly accounted for and disclosed in the financial
statements, the auditor should consult AU 334, which provides general
guidance on related parties relationships and transactions. Further, the
American Institute of Certified Public Accountants (AICPA) has issued a
toolkit for accountants and auditors titled Accounting and Auditing for
Related Parties and Related Party Transactions ^[223]1. This toolkit
includes selected authoritative accounting and auditing literature, an
illustrative audit program, disclosure checklist, confirmation letter, and
letter to other auditors and is available at the AICPA's website at
http://www.aicpa.org.
.02 The U.S. government in its entirety is an economic entity and federal
entities are components of the U.S. government. Therefore, transactions
between federal entities are considered intragovernmental (Note: Federal
Accounting Standards Board's (FASAB) Statements of Financial Accounting
Standards (SFFAS) refers broadly to the cost of goods and services between
federal entities as "inter-entity" costs). Within the U.S. government,
many reporting entities rely on other federal entities to help them
achieve their missions and fulfill their operating objectives. These
arrangements may be voluntary, stipulated by law, or established by mutual
agreement of the entities involved and may not be carried out on an
arm's-length basis.
In many cases, the entity receiving goods or services reimburses the
providing entity in accordance with an agreed-upon price, which may or may
not represent market value. However, frequently one entity provides goods
or services to another entity free of charge (without reimbursement) and
the cost of such activity is paid by appropriated funds of the providing
entity. For example, the General Services Administration (GSA) routinely
provides property management services and contract award and
administration to other entities without charge.
.03 In addition, certain federal entities can significantly influence the
operating policies of the transacting entities. For example, the Office of
Management and Budget (OMB) provides budget, policy and/or general
management guidance to other federal entities. The Office of Personnel
Management (OPM) helps federal civilian entities recruit nationwide; sets
human resources management rules with the federal entities' involvement;
administers systems for setting federal compensation and benefits; manages
federal employee health and life insurance programs; and operates
retirement programs for federal employees.
These tools are based on the best practices guidance received from the
participating accounting and auditing firms and the AICPA publication,
Practice Alert No. 95-3, Auditing Related Parties and Related Party
Transactions.
.04 In the U.S. government, the most significant related parties are other
governmental entities. Other possible related parties outside of the
federal government include states, members of entity's management, and
individuals and companies with which members of management may be related.
.05 The auditor should make inquiries about the possible existence of
related parties with material activity and balances that could affect the
financial statements, including intragovernmental activity and balances.
The auditor should also inquire about the possible existence of related
parties involving members of management that usually are not material to
the financial statements, but may be a sensitive conflict-of-interest
issue involving potential misuse of government assets.
The identification of related parties and activity and balances is
important because (1) U.S. GAAP requires disclosure of material
related-party transactions and certain control relationships, (2)
fraudulent financial reporting and misappropriation of assets have been
facilitated by the use of an undisclosed related party, and (3) distorted
or misleading financial statements may result in the absence of adequate
disclosure.
.06 Financial statement users need related party information to make
informed judgments. If parties are related, the transactions between them
may not be based on an arm's-length relationship. For example, certain
goods or services may be donated or be at an amount that does not
represent market value, thus affecting the cost of the receiving entity's
operations. In addition, an entity may have transactions with another
entity based on a common control situation, such as when the entity
controls or can significantly influence the management or operating
policies of the transacting entity. In these cases, users of financial
statements should be aware of the nature of the relationship since this
control relationship could result in operating results or financial
positions significantly different from those that would have been achieved
in the absence of such relationship.
.07 Disclosures include the nature of the relationship between the entity
and its related parties, a description of the transactions, including
donations, dollar amounts of transactions that occurred during the period,
and amounts due to or from related parties as of the end of the period.
Disclosures may aggregate similar transactions by type. In cases of common
control relationships, the nature of the control relationship is disclosed
even if there are no transactions between the entities. Related party
transactions between components of the audited entity that are eliminated
in consolidation are disclosed. However, if separate statements of the
components are issued, the disclosures are presented in the separate
component statements.
.08 The following sections discuss intragovernmental activity and
balances, and other related parties.
Intragovernmental Activity and Balances
.09 Intragovernmental amounts represent activity and balances within or
between federal entities. Intradepartmental amounts are activity and
balances within the same department (a department here means any
department, agency, administration or other entity designated by OMB as a
financial reporting entity that is not part of a larger financial
reporting entity other than the government as a whole). Interdepartmental
amounts are activity and balances between two different departments. The
intradepartmental and interdepartmental amounts are subsets of
intragovernmental activity and balances.
FASAB uses various terms to define intragovernmental activities. As
discussed in FAM 902.02, SFFAS No. 4 refers to these activities broadly as
inter-entity costs. SFFAS No. 30 refers to intra-departmental inter-entity
costs to describe activities within the same department, while activities
between two different departments are inter-departmental inter-entity
costs. FASAB Interpretation No. 6 uses "department" to refer to any
department, agency or other financial reporting entity that is not part of
a larger reporting entity other than the government as a whole. The
terminology used in FAM 902 is consistent with FASAB usage of the terms
intra-departmental and inter-departmental activities.
.10 Common examples of intragovernmental activities include:
a.
Goods and services provided from one federal entity to another
(trade transactions), costs incurred, and reimbursable costs
(including both interdepartmental and intradepartmental activity).
b.
Transfers between entities based on agreements or legislative
authority, expended appropriations, taxes and fees collected,
collections for others, accounts receivable from appropriations,
transfers payable, and custodial revenue (including both
interdepartmental and intradepartmental activity).
c.
Investments in federal securities issued by Treasury's Bureau of
the Public Debt, including interest accruals, interest income and
expense, and amortization of premiums and discounts.
d.
Borrowings from the Treasury and the Federal Financing Bank,
including interest accruals, interest income, and expenses.
e.
Costs of litigation paid by the Treasury Judgment Fund (including
both interdepartmental and intradepartmental activity).
f.
Transactions with OPM relating to employee benefit programs such
as Federal Employees' Retirement System, Civil Service Retirement
System, and federal employees' life insurance and health benefits
programs, that include routine payments, imputed financing, and
accruals.
g.
Transactions with the Department of Labor (Labor) relating to the
Federal Employee's Compensation Act (FECA) that include routine
payments to Labor.
.11 Intradepartmental activities and balances (within the same department)
are eliminated at the department's consolidated financial statements
level. Interdepartmental activities and balances (between federal
entities) are eliminated at the U.S. government's consolidated financial
statements level.
Accounting and Reporting Guidance
.12 In accounting for and reporting of related parties, including
intragovernmental activity and balances, the auditor and the entity should
refer to FASAB accounting standards, the Financial Standards Accounting
Board (FASB) financial accounting standards (FAS), OMB guidance contained
in OMB Circular No. A-136, and Treasury guidance contained in the Treasury
Financial Manual (TFM). FAM 902.14-.20 illustrate these relevant documents
in more detail.
.13 SFFAS No. 4, Managerial Cost Accounting Concepts and Standards, and
related interpretations, address the accounting standards for inter-entity
cost activities. SFFAS No. 5, Accounting for Liabilities of the Federal
Government, addresses inter-entity liabilities, including federal debt,
pensions and retirement benefits. Also, SFFAS No. 7, Accounting for
Revenue and Other Financing Sources and Concepts for Reconciling Budgetary
and Financial Accounting, as amended, addresses inter-entity revenue and
requires disclosure of the nature of intragovernmental exchange
transactions in which an entity provides goods or services at a price less
than full cost or does not charge a price at all.
In accordance with SFFAS No. 4, as amended by SFFAS No. 30, effective for
periods beginning after September 30, 2008, the costs of program outputs
include the costs of services provided by other entities whether or not
the providing entity is fully reimbursed. Additionally, each entity's full
cost is to incorporate the full cost of goods and services that it
receives from other entities. The entity providing the goods or services
has the responsibility to provide the receiving entity with information on
the full cost of services either through billing or other advice. The
reporting entities also is to consult with the funding and administering
agencies, such as OPM, for information needed to properly record
inter-entity costs. SFFAS No. 4 directs OMB to designate the costs of
goods and services received from other entities that are to be recognized
and to issue guidance identifying these costs. ^[224]2
2 In accordance with OMB Circular No. A-136, examples of unreimbursed
costs that reporting entities are required to recognize include (but are
not limited to): (1) employees' pension, post-retirement health and life
insurance benefits, (2) other post-employment benefits for retired,
terminated, and inactive employees, which includes unemployment and
workers compensation under the Federal Employees' Compensation Act (Pub.
L. No. 103-3), and (3) losses in litigation proceedings (see FASAB
Interpretation No. 2, Accounting for Treasury Judgment Fund Transactions).
In the case of employee benefits, the imputed amount is the difference
between employer/employee contributions and the total cost of the benefit.
.14 FASB FAS No. 57, Related Party Disclosures, defines related parties
and provides examples of related party transactions and general guidance
on disclosures of transactions between related parties. Footnote
disclosures generally should include disclosure of the nature of the
relationship between the entity and its related parties, a description of
the transactions, including donations, dollar amounts of transactions that
occurred during the period, and amounts due to or from related parties as
of the end of the period.
.15 OMB Circular No. A-136, Financial Reporting Requirements, states that
federal entities are to
o report intragovernmental assets separately from transactions with
non-Federal entities (entities outside the federal government) on the
balance sheet,; disclose intragovernmental assets separately from
other non-entity assets; identify intragovernmental liabilities
covered by budgetary resources and those not covered by budgetary
resources (such as accrued annual leave); and separately report
intragovernmental liabilities,
o disclose intragovernmental costs and revenue transactions separately
from those made with the public and describe the criteria used for the
cost/revenue classification. Disclosure is to include an explanation
that makes it clear to the reader that the intragovernmental expenses
relate to the source of goods and services purchased by the reporting
entity and not to the classification of related revenue, and
o reconcile intragovernmental balances and transactions at least
quarterly and submit intragovernmental balance information as a note
disclosure.
OMB also has issued a memorandum titled Business Rules for
Intragovernmental Transactions that requires agencies to use the same
methodology in accounting for certain intragovernmental transactions,
which should help in reconciliation.
.16 To emphasize entity management's responsibility for identifying
intragovernmental transactions and balances and reconciling data with
other entities, specific representations are included in the management
representation letter for intragovernmental activity. These
representations include intradepartmental eliminations, proper accounting
and disclosure of transactions, and reconciliation (or inability to
reconcile) with entities providing the goods or services (see FAM 1001).
If such disclosure is included in the financial statements and the auditor
believes that the disclosure is either not supported by management, or if
management refuses to disclose related party transactions, the auditor
generally should express a qualified or adverse opinion because of the
inadequate disclosure, depending on materiality, and include the necessary
disclosures in a separate paragraph of the audit report.
.17 TFM section "Federal Intragovernmental Transactions Process" and
Treasury's Federal Intragovernmental Transactions Accounting Policies
Guide (Treasury Guide) provides governmentwide procedures for federal
entities to account for and reconcile transactions occurring within and
between each other. The procedures in this guidance does not apply to
transactions between federal entities and nonfederal entities. Further
information is available at the Treasury/Financial Management Service's
(FMS) web site at [225]http://www.fms.treas.gov.
.18 The TFM also includes procedures for CFO Act departments to reconcile
and confirm intragovernmental activity and balances as of and for the
fiscal year ended September 30. Each department's CFO is to provide the
department's Inspector General (IG) with representations indicating
whether the department completed the reconciliation. In addition, the
department is to describe noncompliance with the reconciliation
requirements. The auditor should include this representation in the
management representation letter (see FAM 1001).
.19 The Treasury Guide provides detailed information on accounting and
reconciling intragovernmental balances. According to the guide, entities
are to identify trading partners ^[226]3 for all intragovernmental
transactions and accumulate detail and summary information for each
activity by trading partner from their accounting records. The trading
partner code may be incorporated (1) as part of account coding
classification, or (2) in the customer/vendor identification code in
accounts receivable and payable systems. These codes are the same as the
Treasury index agency code used by the Treasury to prepare the
governmentwide consolidated financial statements. If the two-digit
Treasury index agency code is not adequate to identify the trading
partner, entities may expand the partner code to components below the
department level and communicate these codes to their trading partners.
.20 The Treasury Guide also indicates that federal entities are to use the
Standard General Ledger (SGL) account attributes to indicate the nature of
account balances and to identify intragovernmental transactions. For
example, the federal "F" and nonfederal "N" attributes used in conjunction
with an SGL account in the Federal Agencies' Centralized Trial Balance
System (FACTS) I submissions enable Treasury/FMS to prepare elimination
entries for the governmentwide financial statements. When the federal
attribute "F" is used with an SGL account, a trading partner is to be
designated for each transaction posted to the account.
Continuing Issues from Prior Year Audits
.21 Prior year audits of federal entity financial statements have
identified numerous instances where entities did not identify, summarize,
or reconcile intragovernmental activity and balances by trading partner.
Controls over the intragovernmental transactions were not adequate. For
Trading partners are federal agencies, bureaus, programs or other entities
(within or between entities) participating in transactions with each
other.
example, one department instructed its components to make buyer's
intragovernmental transaction amounts agree with seller's information
without requiring an adequate reconciliation or verification if goods or
services were provided. Similar issues were also identified concerning
activity and balances within the same entity (intradepartmental).
Accordingly, there is no assurance that the entity records contained
balances that are fairly presented. This has been a material weakness at
the
U.S. government consolidated financial statement level in that entity
intragovernmental accounts do not completely eliminate in consolidation.
Intragovernmental Payment and Collection (IPAC) System
.22 IPAC is the primary method used by most federal entities to
electronically bill and/or pay for services and supplies within the U.S.
government. IPAC is used to communicate to Treasury and the trading
partner agency that the online billing and/or payment for services and
supplies has occurred. IPAC, however, is not intended to be a control over
the intragovernmental transactions (reciprocal accounts). The auditor
should understand that IPAC was not designed as an accounting system and
does not require trading partners to record transactions at the same time
or in the same amounts. In addition, unreconciled IPAC differences could
affect the existence and completeness of intragovernmental activity and
balances.
.23 The IPAC billing entity initiates an IPAC transaction either as a
collection or a payment. The IPAC customer entity receives an IPAC
transaction either as a payment or a collection. Monthly, the Treasury
compares the customer and billing amounts from Statement of Transactions
(FMS 224) reported by the entity with the IPAC data. If there is a
difference, a Statement of Differences (SOD) ^[227]4 , including a
detailed list of all transactions charged or credited to a particular
agency location code, is generated monthly. The SOD is an Internet
application of the Government On-Line Accounting Link Information Access
System II (GOALS II/IAS). Entities are to investigate the differences and
make any necessary corrections on their next Statement of Transactions.
.24 The auditor generally should examine the entity's IPAC reconciliation
procedures to determine if the entity performs the reconciliation and
researches and resolves differences reflected on the statement of
differences properly and timely. The auditor may coordinate these
procedures with Fund Balance with Treasury (FBWT) audit procedures to
assess the effectiveness of the entity's IPAC reconciliation (see FAM
921).
.25 The auditor generally should also design audit procedures to
understand whether the entity uses other systems (EFT, check, standard
forms used to transfer funds between appropriations, credit cards, etc) in
addition to the IPAC system to process intragovernmental activity and
balances. The auditor generally should determine whether these systems
affect the
The Government Wide Accounting (GWA) system is being implemented over the
next several years and the SOD is scheduled to be eliminated (see FAM
921.11-.12).
fairness of intragovernmental activity and balances. (See audit procedures
below and FAM 902 C.)
Audit Procedures
.26 The auditor should identify audit risk and materiality in determining
the nature, extent, and timing of procedures for auditing
intragovernmental activity and balances and in evaluating the results of
these procedures. Throughout the audit, the auditor evaluates the possible
existence of material intragovernmental activity and balances that could
affect the financial statements. The auditor also evaluates information
available concerning material intragovernmental activity and balances to
determine the adequacy and appropriateness of financial statement
disclosures.
.27 During the planning phase, the auditor should assess inherent, fraud,
and control risk. The auditor evaluates several conditions to assess
inherent risk related to intragovernmental activity and balances. For
example, inherent risk may exist because of the nature of the
intragovernmental activity, such as a significant volume or dollar amount
of transactions, number of trading partners, or complexity of
transactions. The auditor should also assess the impact of inherent and
control risk on control testing and substantive procedures. The auditor
should determine whether similar conditions continue to exist and should
understand management's response to such conditions.
.28 In assessing inherent and control risk, the auditor should obtain an
understanding of management responsibilities and the relationship of each
component to the total department and of each department to other
departments. The auditor should also obtain an understanding of the
entity's operations to identify, respond to, and resolve accounting and
auditing problems early in the audit. This includes:
a.
knowledge of the entity's trading partners,
b.
the nature of intragovernmental transactions that occur,
c.
the volume and dollar amount of transactions, and
d.
management's attitude and awareness with respect to
reconciliations of intragovernmental activity and balances.
.29 The auditor should determine the effectiveness of the entity's
internal control over intragovernmental activity and balances. This begins
with the auditor identification of policies and procedures that pertain to
the entity's ability to record, process, summarize, and report
intragovernmental activity and balances by trading partner. The entity
generally should emphasize the importance of identifying and classifying
intragovernmental transactions by trading partner when they are initiated
and on all documentation thereafter. Without this initial identification,
the entity's accounting system may not be able to adequately track
intragovernmental activity and balances.
.30 Without proper and timely reconciliation of intragovernmental activity
and balances, misstatements in these account balances at the component
and/or department level could materially affect the balances at the
governmentwide level (as well as at the department or component level). In
addition, when preparing consolidated financial statements, the preparer
must eliminate intragovernmental activity and balances within and between
departments or components. Because the amounts reported for entity trading
partners for certain intragovernmental accounts could be significantly out
of balance, the preparer would not be able to eliminate these accounts in
the consolidated financial statements. The auditor may advise the entity
about the need for monthly confirmation and reconciliation of these
transactions with trading partners, as annual or quarterly reconciliations
may not be sufficient to detect and resolve misstatements promptly.
.31 If the auditor determines that the entity's reconciliation control for
intragovernmental transactions is not effectively designed and placed in
operation, the auditor should consider the effect on the financial
statements. Where intragovernmental transactions are or could be material,
significant additional work is usually necessary to express an unqualified
opinion. In those cases where the auditor finds significant deficiencies
or material weaknesses in the intragovernmental reconciliation control and
no other mitigating controls exist, the auditor must disclose this in the
report or opinion on internal controls (FAM 580).
.32 TFM contains agreed-upon procedures to perform for federal
intragovernmental activity and balances. These procedures are intended to
assist with accounting for and eliminating intragovernmental activity and
balances in the preparation of department and governmentwide financial
statements and reports. These procedures should be performed regardless of
the effect on the entity's consolidated financial statements or internal
control report.
.33 To avoid duplicate procedures, the auditor should consider the
agreedupon procedures contained in the TFM when designing the tests for
intragovernmental activity and balances. Examples of the account risk
analysis (ARA), specific control evaluation (SCE), and audit procedures
for the audit of intragovernmental activity and balances are in FAM 902 A,
FAM 902 B, and FAM 902 C, respectively. The ARA, SCE(s), and audit
procedures generally are customized by the auditor for the particular
entity. For example, if the auditor determines that the intragovernmental
accounts receivable line item is significant, the auditor generally should
prepare a separate ARA, SCE(s), and audit procedures for the
intragovernmental accounts receivable account and its related accounting
applications. (Note that a single SCE for a line-item/account-related
accounting application is presented. There are likely transaction-related
accounting applications listed on the ARA that also would have SCEs.) In
addition, to improve efficiency, the auditor may coordinate tests of
intragovernmental activity and balances with tests of nonfederal activity
and balances.
Other Related Parties
.34 To effectively plan and perform an audit, the auditor generally should
understand the entity's organization and its characteristics. The auditor
generally should identify the possible existence of other related parties
and other related party transactions throughout the audit to ensure that
they are properly accounted for and disclosed (see FAM 902.07). Other
related parties may include states that federal entities made payments to
in carrying out or executing their federal programs. Examples of these
programs are Department of Health and Human Services grants to states for
Medicaid; ^[228]5 Department of Transportation, Federal Highway
Administration, programs such as federal aid for highways and highway
safety construction programs; and Department of Labor, State Unemployment
Insurance, and Employment Service Operations.
As indicated at FAM 902.04-.05, the auditor should also be alert to other
related party transactions involving members of entity's management, and
individuals and companies with which members of management may be related.
While these transactions are usually not material to the entity's
financial statements, there may be a sensitive conflict-of-interest issue
involving the potential misuse of government assets.
.35 The auditor should attempt to detect these other relationships by
inquiring of management, reviewing major contracts/agreements, and reading
financial disclosure statements. The auditor should document the names of
related parties so audit staff are aware of them as they conduct the
audit. Work done to test transactions with such parties may be coordinated
with sensitive payments work, as discussed in FAM 280.05.
.36 In addition to the procedures on related parties, the auditor also
generally should inquire about other parties that may not be related
parties, but that the entity may wish to disclose because of a public
perception that they might be related, although professional standards do
not require disclosure if the parties are not related (as defined in AU
334). FAM 902 C provides examples of audit procedures for other related
parties as well as for intragovernmental activity and balances. The
auditor should customize the steps for the particular audited entity.
Practice Aids
.37 The following practice aids are presented as appendixes:
o FAM 902 A - Example Account Risk Analysis (ARA),
o FAM 902 B - Example Specific Control Evaluation (SCE), and
o FAM 902 C - Example Audit Procedures
Medicaid assists states in providing medical care to their low-income
populations by granting federal matching payments under the Social
Security Act to states with approved plans.
DRAFT GAO/PCIE Financial Audit Manual Page 902 A-1 DRAFT GAO/PCIE Financial
Audit Manual Page 902 A-2 DRAFT GAO/PCIE Financial Audit Manual Page 902 A-3
DRAFT GAO/PCIE Financial Audit Manual Page 902 A-4
Substantive Testing 902 A - Example Account Risk Analysis for
Intragovernmental Activity and Balances
DRAFT GAO/PCIE Financial Audit Manual Page 902 A-5
DRAFT GAO/PCIE Financial Audit Manual Page 902 A-6 DRAFT GAO/PCIE Financial
Audit Manual Page 902 A-7 DRAFT GAO/PCIE Financial Audit Manual Page 902 A-8
Substantive Testing
902 B - Example Specific Control Evaluation for Intragovernmental Accounts
Accounting Relevant Potential misstatements in
Control objectives
Internal control activities IT Effective-W/P ref, application assertions
in line accounting application
(Y/N) ness of control assertions items assertions
control testing activities step various various
Existence or various various Substantiation occurrence 1. Recorded 1.
Quarterly, intragovernmental N II.1.g-i
1a. Recorded intragovernmental balances recorded in the entity's assets
and liabilities do ^intragovernmental general ledgers are confirmed
assets and liabilities
not exist at a given date. [should exist at a given] and reconciled with
trading [date.] partners.
1. The entity and trading partners ^N II.1.g-i work together to exchange
data/ correct errors promptly concerning the intragovernmental
balances.
2. Reconciliation adjustments and N supporting documents are ^III.A.1-7
reviewed and approved by authorized personnel before being entered in
the general ledgers.
3. Reconciliation between Y [III.A.1-7] intragovernmental general ledger
balances and subsidiary ledger balances are performed quarterly and
reviewed by supervisory personnel.
DRAFT GAO/PCIE Financial Audit Manual Page 902 B-1 Substantive Testing
Accounting Relevant Potential Control Internal IT Effective- W/P ref,
misstatements objectives control
in activities
application assertions in accounting (Y/N) ness of control
line application
assertions items assertions control testing
activities step
various various
Same as 1a.
1b. Recorded 1. above. Same as
intragovernmental above.
assets and
liabilities of
the entity, at a 2. The entity Y II.1.l
given date, maintains the
should be transaction
supported by logs and
appropriate detailed
detailed records records of
that are transactions
accurately to facilitate
summarized and the
reconciled to the reconciliation
process and to
provide
sufficient
information
for the
location of
the supporting
documents.
account balance.
The entity's
critical forms
1c. Access to 1. and Y Example
intragovernmental records are control
protected by
safes
assets, critical and locks, tests
forms, guards, are
cameras, alarm
records, and systems, and omitted
backup of
electronic
processing and data. from the
storage areas example
should
be permitted only 2. Changes made Y audit
in to the trading
accordance with partner codes
laws, file are pro
restricted
regulations, and to authorized cedures.
accounting
management's personnel.
policy.
DRAFT GAO/PCIE Financial Audit Manual Page 902 B-2
Substantive Testing
Accounting Relevant Potential misstatements in
Control objectives
Internal control activities IT Effective-W/P ref, application assertions
in line accounting application
(Y/N) ness of control assertions items assertions
control testing activities step various various
Completevarious various Account Completeness ness
2. Intragovernmental ^2. All intragovernmental 1. Same as existence above.
Same as assets and liabilities of ^accounts that belong above. the entity
exist but are ^in the financial state
[omitted from the] ments should be so [financial statements.] included.
There should 2. The entity reviews all transacY II.1.a-f be no undisclosed
tions to identify and properly assets or liabilities. code
intragovernmental transactions.
1. The entity reconciles and Y II.2 & resolves IPAC differences (and
III.B.1.c differences from other systems/ methods, if any, used to
process intragovernmental transactions) promptly and records
adjustments properly.
2. Supervisory personnel review and Y II.1.m approve monthly account
analyses of intragovernmental accounts and examine budget-to-actual
and trend analyses.
DRAFT GAO/PCIE Financial Audit Manual Page 902 B-3
Substantive Testing 902 B - Example Specific Control Evaluation for
Intragovernmental Accounts
Accounting application assertions
Valuation or allocation
Relevant assertions in line items
various various
Valua-Valua-tion or tion or allocaalloca
Potential misstatements in
Control objectives
Internal control activities accounting application assertions
1. Elimination journal entries and supporting documentation are reviewed
and approved by authorized personnel.
2. Elimination entries are supported by schedules summarizing the SGL
accounts that are combined to total the amounts eliminated.
Valuation
3. Intragovernmental ^3. Intragovernmental 1. Same as existence and
^assets and liabilities completeness above. above.
assets and liabilities W/P ref, control testing step
IT Effective-
(Y/N) ness of
control
activities
N
Y
II.1.k
& III.E
II.1.k
&
III.E
Same as
tion tion
included in the ^included in the
financial statements ^2.
The entity periodically evaluates N I.4.a.ii &
financial statements
are valued on an
[should be valued on] the condition and marketability
[appropriate valuation] of intragovernmental assets, for
inappropriate basis.
bases. example, receivables are
evaluated for collectibility.
3. The entity accounting records are compared with the I.4.a.ii & iii
assessed N
values such as independent
appraisals or assets.
DRAFT GAO/PCIE Financial Audit Manual Page 902 B-4 Substantive Testing
Accounting Relevant Potential Control Internal IT Effective- W/P
misstatements in objectives control ref,
activities
application assertions in accounting (Y/N) ness of control
line application
assertions items assertions control testing
activities step
various various
Measurement 4. 4. Intragovernmental 1. Same as Same as
Intragovernmental revenues and existence above.
revenues and expenses included and
expenses included in the financial completeness
in the financial statements should above.
statements are be properly
measured measured.
improperly.
Rights and Rights Rights Ownership
obligations and and 5. Recorded 5. Recorded 1. Same as Same as
existence
and
obliga obliga intragovernmental intragovernmental completeness above.
above.
tions tions assets are owned assets should be
by
others because of owned by the
sale, entity.
or other
contractual
arrangements.
Rights
6. The entity 6. Intragovernmental 1. Same as Same as
does not existence
and
have certain assets should be completeness above.
rights to the above.
recorded entity's rights
at a
intragovernmental given date.
assets because of
certain
restrictions.
DRAFT GAO/PCIE Financial Audit Manual Page 902 B-5
Substantive Testing 902 B - Example Specific Control Evaluation for
Intragovernmental Accounts
Accounting Relevant Potential misstatements in
Control objectives
Internal control activities IT EffectiveW/P ref, application assertions in
line accounting application
(Y/N) ness of control assertions items assertions
control testing activities step various various
Obligations
7. The entity does not 7. Intragovernmental 1. Same as existence and Same
as have an obligation for liabilities should be completeness above. above.
recorded the entity's obligations intragovernmental at a given date.
liabilities at a given date.
DRAFT GAO/PCIE Financial Audit Manual Page 902 B-6 Substantive Testing
Accounting Relevant Potential Control Internal control IT Effective- W/P
misstatements in objectives activities ref,
application assertions in line accounting (Y/N) ness of control
application
assertions items assertions control testing
activities step
various various
Account
Presentation Presen- Presen- classification
and tation and tation and 8. 8. 1. The entity uses Y II.1
disclosure disclosure disclosure Intragovernmental Intragovernmental trading partner
accounts are not accounts should codes to identify
properly be properly and track trading
classified and classified and partners when the
described in the described in the intragovernmental
transactions
financial financial are initiated and
statements. statements. on all
documentation
thereafter.
The entity uses
2. SGL account Y II.1
attributes to
identify the
nature
of account
balances and to
identify
intragovernmental
transactions by
trading partner.
The entity
classifies,
3. summarizes, Y IV.1
and reports
intragovernmental
accounts by
trading partner
and
presents them in
the notes to the
special-purpose
financial
statements.
DRAFT GAO/PCIE Financial Audit Manual Page 902 B-7 Substantive Testing
Accounting Relevant Potential Control Internal control IT Effective- W/P
misstatements objectives activities ref,
in
application assertions in accounting (Y/N) ness of control
line application
assertions items assertions control testing
activities step
various various
The CFO staff
4. checks that the N IV.1
intragovernmental
asset and
liability
categories
reported as
notes in the
special-purpose
financial
statements agree
with
the
intragovernmental
asset and
liability line
items reported on
the
balance sheet.
The entity
discloses
5. intragovern Y IV.1
mental gross cost
and earned
revenue by budget
functional
classification as
required by OMB
Consistency
9. The 9. The 1. Intragovernmental Same as
financial financial accounts are
statement
components statement properly above.
are based components classified and
described
on accounting should be in the financial
based on statements.
principles accounting
different principles
from those that are
used in applied
prior consistently
periods. from
period to
period.
DRAFT GAO/PCIE Financial Audit Manual Page 902 B-8
Substantive Testing 902 B - Example Specific Control Evaluation for
Intragovernmental Accounts
Accounting Relevant Potential Control Internal control IT Effective- W/P
misstatements objectives activities ref,
in
application assertions in accounting (Y/N) ness of control
line application
assertions items assertions control testing
activities step
various various
Disclosure
10. Required 10. The 1. Intragovernmental Same as
information financial accounts are
is not statements properly above.
disclosed in or notes classified and
the described
financial should in the financial
statements or contain all statements.
in the notes information
thereto. required
to be
disclosed.
DRAFT GAO/PCIE Financial Audit Manual Page 902 B-9
Substantive Testing 902 B - Example Specific Control Evaluation for
Intragovernmental Accounts
[This page intentionally left blank.]
DRAFT GAO/PCIE Financial Audit Manual Page 902 B-10
902 C - Example Audit Procedures for Intragovernmental and Other Related
Parties' Activity and Balances
921 A - Treasury Processes and Reports Related to FBWT Reconciliation
A. Verification of Collections and EFT Disbursements
These FBWT processes and reports are subject to change by the
implementation of the GWA system discussed in FAM 921.11-.12.
*CASHLINK is effective through September 30, 2007, when it is scheduled to
become part of the Government Wide Accounting (GWA) system (see FAM
921.11-.12). DRAFT GAO/PCIE Financial Audit Manual Page 921 A-1
B. Verification of Disbursement Data
DRAFT GAO/PCIE Financial Audit Manual Page 921 B-1 DRAFT GAO/PCIE Financial
Audit Manual Page 921 B-2 DRAFT GAO/PCIE Financial Audit Manual Page 921 B-3
DRAFT GAO/PCIE Financial Audit Manual Page 921 B-4 DRAFT GAO/PCIE Financial
Audit Manual Page 921 B-5 DRAFT GAO/PCIE Financial Audit Manual Page 921 B-6
Substantive Testing
921 C - Example Specific Control Evaluation for Fund Balance with Treasury
Relevant assertions in line
Potential
Accounting items
misstatements in Control objectives Internal control activities IT
Effectiveness W/P ref. & application
accounting application (Y/N) of control control assertions FBWT Various
assertions activities testing step
Existence or Existence Existence
Substantiation (See note 1.) Occurrence
1. Recorded FBWT 1a. Recorded FBWT 1. Entity staff performs Y (insert)
does not exist as of amounts should monthly reconciliation a given date.
exist as of a between entity general
given date. ledger (G/L) and Treasury records (appropriation and receipt
account ledgers via GWA).
2. Entity staff resolves receipt N (insert) and disbursement differences
reported by Treasury statements of differences via GWA for collections and
disbursements.
DRAFT GAO/PCIE Financial Audit Manual Page 921 C-1
Substantive Testing 921 C - Example Specific Control Evaluation for Fund
Balance with Treasury
DRAFT GAO/PCIE Financial Audit Manual Page 921 C-2
Substantive Testing 921 C - Example Specific Control Evaluation for Fund
Balance with Treasury
DRAFT GAO/PCIE Financial Audit Manual Page 921 C-3
Substantive Testing 921 C - Example Specific Control Evaluation for Fund
Balance with Treasury
DRAFT GAO/PCIE Financial Audit Manual Page 921 C-4
Substantive Testing 921 C - Example Specific Control Evaluation for Fund
Balance with Treasury
DRAFT GAO/PCIE Financial Audit Manual Page 921 C-5
Substantive Testing 921 C - Example Specific Control Evaluation for Fund
Balance with Treasury
DRAFT GAO/PCIE Financial Audit Manual Page 921 C-6
941 - Auditing the Statement of Social Insurance
.01 The Statement of Social Insurance (SOSI) has grown in prominence as it
presents trillions of dollars of future federal expenditures over future
federal revenues. Beginning with fiscal year 2006, the SOSI is required to
be audited, along with certain social insurance disclosure information,
while other social insurance information is to be presented as unaudited
required supplemental information (RSI). Because most of the information
is based on actuarial projections up to 75 years into the future, it
presents a challenge to the federal entity responsible for its
preparation, as well as to the auditor. FAM 941 provides auditors with
some guidance in auditing the SOSI in accordance with U.S. GAGAS.
.02 FASAB has established accounting requirements for the SOSI through
various SFFAS. The financial statements affected are those of federal
entities responsible for Social Security, Medicare, Railroad Retirement,
and Black Lung programs, as well as the consolidated financial statements
of the federal government. For periods beginning after September 30, 2005,
the SOSI is to be presented as a basic financial statement with the
underlying significant assumptions included in notes that are presented as
an integral part of the financial statements.
.03 FASAB standards for social insurance programs require entities and the
consolidated federal financial statements to report:
a.
The estimated present value of the income to be received from
or on behalf of the following groups during a projection
period sufficient to illustrate the long-term sustainability
of the social insurance programs for:
o current participants who have not yet attained
retirement age,
o current participants who have attained retirement age,
and
o individuals expected to become participants.
b.
The estimated present value of the benefit payments to be made
during that same period to or on behalf of the groups listed in
item (a) above.
c.
The estimated net present value of the cash flows during the
projection period [the income described in item (a) above over the
expenditures described in item (b) above, or the expenditures
described in item (b) above over the income described in item (a)
above].
d.
In notes to the SOSI:
1. The accumulated excess of all past cash
receipts, including interest on investments,
over all past cash disbursements within the
social insurance program, represented by the
fund balance at the valuation date.
2. An explanation of how the net present value
referred to in item (c) above is calculated for
the closed group. ^[229]1
3. Comparative financial information for items (a),
(b), (c), and d (1) above for the current year
and for each of the four preceding years.
4. The significant assumptions used in preparing
the estimates.
Accounting and Reporting Information
.04 FASAB has issued standards for reporting on social insurance programs
of federal entities as follows:
* SFFAS No. 17 - Accounting for Social Insurance, effective for
periods beginning after September 30, 1999, presents accounting
standards for federal social insurance programs covering Social
Security (Old-Age, Survivors, and Disability Insurance), Medicare
(Hospital Insurance [Part A] and Supplementary Medical Insurance
[Part B]), ^[230]2 Railroad Retirement, and Black Lung benefits,
and Unemployment Insurance. Social insurance programs covered by
SFFAS No. 17 have five common characteristics:
1. financing from participants or their employers;
2. eligibility from taxes or fees paid and time worked in covered
employment;
3. benefits not directly related to taxes or fees paid;
4. benefits prescribed in law; and
5. programs intended for the general public.
o SFFAS No. 25 - Reclassification of Stewardship Responsibilities and
Eliminating the Current Services Assessment requires the Statement of
Social Insurance to become a basic audited financial statement. It
also provides that certain information about social insurance programs
required by SFFAS No. 17 be reported in audited notes or as unaudited
RSI, rather than as unaudited RSSI. In accordance with SFFAS No. 28,
the effective period was deferred one year from fiscal year 2005 to
fiscal year 2006.
o SFFAS No. 26 - Presentation of Significant Assumptions for the
Statement of Social Insurance: Amending SFFAS No. 25 requires that the
underlying significant assumptions relating to the Statement of Social
Insurance shall be included in audited notes with other information
required by SFFAS No. 17 - including the sensitivity analysis - to be
presented as RSI, except to the extent that the preparer elects to
include some or all of that information in audited notes. In
accordance with SFFAS No. 28, the effective period was deferred one
year from fiscal year 2005 to fiscal year 2006.
^1 The closed group is defined as those persons who, as of a valuation
date, are participants in a social insurance program as beneficiaries,
covered workers, or payers of earmarked taxes or premiums.
The Medicare Prescription Drug, Improvement, and Modernization Act of
2003, Public Law 108-173, created a new prescription drug benefit under
Medicare Part D, which is also covered by SFFAS No. 17.
o SFFAS No. 28 - Deferral of the Effective Date of Reclassification of the
Statement of Social Insurance: Amending SFFAS Nos. 25 and 26
deferred the effective dates of SFFAS No. 25 and SFFAS No. 26 for one year
to the fiscal year ended September 30, 2006.
.05 Auditors generally should follow the FAM methodology contained in the
planning, internal control, testing, and reporting phases in FAM 200-500
and the audit guidance included in the AICPA's Statement of Position (SOP)
04-1, Auditing the Statement of Social Insurance. SOP 04-1 provides
guidance to auditors in auditing the Statement of Social Insurance.
.06 As permitted by AU 543, a principal auditor may fulfill the
requirements of SOP 04-1 by using work that other independent auditors
have performed in conformity with the provisions of SOP 04-1. For example,
for the OASDI program, the auditor of the consolidated financial
statements of the U. S. government may use the work and report of the
auditor of the Social Security Administration's Statement of Social
Insurance.
.07 In AU 342.10, the auditor should obtain an understanding of how
management develops estimates. Based on that understanding, the auditor
generally should evaluate the reasonableness of an estimate by:
o reviewing and testing the process used by management to develop the
estimate;
o developing an independent expectation of the estimate to corroborate
the reasonableness of management's estimate; and
o reviewing subsequent events or transactions occurring prior to audit
completion.
.08 In auditing the Statement of Social Insurance, if the auditor has
assessed management's controls over the estimation process to be
effective, the auditor may determine that the most practicable and
efficient approach is to test management's process. However, if the
auditor finds that controls over the estimation process are ineffective,
the auditor should consider whether it is practicable to:
o develop an independent expectation of the estimate, or portions of the
estimate, to corroborate management's estimate, or
o obtain competent evidence from outside the audited entity's process that
would be sufficient to support the assertions in the Statement of Social
Insurance. If it is not practicable to mitigate the effects of the
ineffective controls through substantive procedures such as these, the
auditor's report on the Statement of Social Insurance should be modified
(SOP 04-1, paragraph 9).
.09 The auditor's objective when auditing the Statement of Social
Insurance is to obtain sufficient, competent, evidential matter to provide
reasonable assurance that:
o the estimates presented in the Statement of Social Insurance are
reasonable in the circumstances, and
o the Statement of Social Insurance is presented fairly, in all material
respects, in conformity with U.S. GAAP, including adequate disclosure.
.10 If the auditor does not possess the level of competence in actuarial
science to qualify as an actuary, the auditor generally should obtain the
services of an independent actuary^3 to assist the auditor in planning and
performing auditing procedures. Generally, the auditor will need the
assistance of an independent actuary in performing various procedures
during all phases of the audit and related to all elements of the
estimates (SOP 04-1, paragraph 10).
Key Implementation Issues
Determining Materiality
.11 In FAM 230, materiality is one of several tools the auditor uses to
determine that the planned nature, extent, and timing of procedures are
appropriate. Materiality represents the magnitude of an omission or
misstatement of an item in a financial report that, in light of
surrounding circumstances, makes it probable that the judgment of a
reasonable person relying on the information would have been changed or
influenced by the inclusion or correction of the item. Materiality has
both quantitative and qualitative aspects. Even though quantitatively
immaterial, certain types of misstatements could have a material impact on
or warrant disclosure in the financial statements for qualitative reasons.
.12 Auditors should use professional judgment in determining the
appropriate element of the financial statements to use as a materiality
base. Auditors generally consider materiality in the context of the
financial statements taken as a whole, taking into account both
quantitative as well as qualitative attributes of the financial
statements. Auditors should exercise due professional care when setting
the materiality base, carefully assessing the information gained during
the planning phase of the audit and the needs of a reasonable person
relying on the financial statements (SOP 04-1, paragraph 21).
.13 For certain federal entities, amounts reported in the Statement of
Social Insurance may vary significantly from the amounts reported in the
other basic financial statements, or may differ significantly on a
qualitative basis. In such cases, it may not be appropriate to establish a
single materiality threshold for the entire set of financial statements.
Instead, the auditor should use a separate materiality level(s) when
planning and performing the audit of the Statement of Social Insurance and
related disclosures (SOP 04-1, paragraph 22).
The actuary can either be under contract with the independent auditor or
employed by the independent audit organization. In either case, the
actuary performing services for the auditor would need to meet the
independence standards of GAGAS, which are applicable to audits of
Statements of Social Insurance.
.14 The auditor generally should establish planning materiality in
relation to the element of the financial statements that is most
significant to the primary users of the statements (the materiality base -
see FAM 230.08). The auditor uses professional judgment in determining the
appropriate element of the financial statements to use as the materiality
base. Also, since the materiality base may be based on unaudited
preliminary information determined in the planning phase, the auditor may
estimate the year-end balance(s) of the materiality base(s). To provide
reasonable assurance that sufficient audit procedures are performed, any
estimate of the materiality base(s) should use the low end of the range of
estimated materiality so that sufficient testing is performed.
.15 SFFAS No. 17 includes a discussion of SFFAC No. 1, Objectives of
Federal Financial Reporting, which established four major reporting
objectives in applying accounting standards:
1. budgetary integrity,
2. operating performance,
3. stewardship, and
4. systems and controls.
SFFAC No. 1 provides useful information to assist the auditor in
determining an appropriate materiality base. For example, while all four
of the objectives are important, SFFAS No. 17 states that objectives No. 2
and No. 3 directly impact the social insurance standards.
.16 Objective No. 2 of SFFAC No. 1 states that federal financial reporting
should assist report users to evaluate:
o service efforts, costs, and accomplishments of the reporting entity,
o the manner in which these efforts and accomplishments have been
financed, and
o the management of the entity's assets and liabilities.
SFFAS No. 17 indicates that information about social insurance that is
relevant to this objective includes the cost of the program as well as
longrange estimates (and ranges of estimates) of future costs and other
obligations. Estimates of future costs highlight the cost impact of
changes in benefit levels as well as changes in economic and demographic
conditions, such as the cost of health care and life expectancies.
.17 Objective No. 3 of SFFAC No. 1 states that federal financial reporting
should assist report users in assessing the impact on the country of the
government's operations and investments for the period and how, as a
result, the government's and the nation's financial condition has changed
and may change in the future. Thus, federal financial reporting should
provide information that helps the reader to determine whether:
o the government's financial position has improved or deteriorated over
the period,
o future budgetary resources will likely to be sufficient to sustain
public services and to meet obligations as they come due, and
o government operations have contributed to the nation's current and
future well being.
.18 Fundamental questions about social insurance programs that can be
addressed by accounting standards include whether:
o programs are sustainable as currently constructed,
o the government's financial condition has improved or deteriorated as a
result of its efforts to provide for these and other programs, and
o the likelihood that these programs will be able to provide benefits at
current levels to those who are planning on receiving them.
The information required by this standard, taken as a whole, will help
users make this assessment while acknowledging the complexity of the
programs and the uncertainty of long-term projections.
.19 In determining the materiality base for planning and performing audits
of an entity's Statement of Social Insurance, the auditor should evaluate
the actuarial present value of the estimated future:
a.
[231]revenue (excluding interest^4) received from or on behalf of
all current and future participants (estimated future revenue),
b.
expenditures for or on behalf of all current and future
participants (estimated future expenditures), and
c.
balance of estimated future revenue (excluding interest)
over/(under) estimated future expenditures (actuarial balance).
.20 The auditor may determine that the actuarial balances are the most
significant element of the Statement of Social Insurance to users of the
financial statements. If so, the materiality base would be the actuarial
balance. However, the auditor has the option of selecting a materiality
base of either the estimated future revenues, or the estimated future
expenditures. Regardless of which materiality base is selected, the
auditor generally should select the materiality base that provides
reasonable assurance that sufficient audit procedures are performed.
The auditor's basis for the selection of the materiality base(s) generally
should be documented, including consideration given to other possible
measures or separate bases for estimated future revenue and estimated
future expenditures. Auditors generally should follow the guidance in FAM
230.11-.13 in determining materiality for planning and performing audits
of entity Statements of Social Insurance.
Income (excluding interest) consists of payroll taxes from employers,
employees, and self-employed persons, revenue from federal income taxation
of scheduled OASDI benefits, and miscellaneous reimbursements from the
General Fund of the Treasury.
Obtaining Management's Representations
.21 Entity management is responsible for preparing the Statement of Social
Insurance and underlying estimates in conformity with U.S. GAAP.
Management is also responsible for the accuracy and completeness of the
Statement of Social Insurance (SOP 04-1, paragraph 5). Therefore,
management should determine its best estimate^5 of the economic and
demographic conditions that will exist in the future. Because estimates in
the Statement of Social Insurance are based on subjective as well as
objective factors, management should use judgment to estimate amounts
included in the Statement of Social Insurance. Management's judgment may
be based on its knowledge and experience about past and current events and
its assumptions about conditions it expects to exist.
.22 Consistent with FAM 1001, the auditor should obtain specific
representations relating to the Statement of Social Insurance. For an
audit of an entity's Statement of Social Insurance, the representation
letter should include, as applicable, representations included in FAM 1001
A, example management representation letter.
Planning Considerations for the Consolidated Government-wide Report
.23 Pursuant to statutory requirements of the Government Management Reform
Act (GMRA) of 1994, GAO serves as the principal auditor of the
consolidated financial statements (CFS) of the U. S. government. GMRA also
requires the Secretary of the Treasury to annually prepare and submit to
the President and the Congress an audited financial statement, or
Financial Report (FR) of the United States Government, for the preceding
fiscal year. The Chief Financial Officer (CFO) of each of the verifying
[232]agencies ^6 submits their financial data using the closing package^7
process via the Governmentwide Financial Report System (GFRS) and the
Federal Agencies' Centralized Trial-Balance System (FACTS I).
All nonverifying agencies must submit FACTS I adjusted trial-balance (ATB)
data and must complete GFRS Notes and Other FR Data. The Inspector General
(IG) of each verifying agency, except those agencies with a fiscal
year-end other than September 30, opines on the closing package data,
(also referred to as the "special purpose financial statements, or
"special purpose closing package") entered by the CFO into
5
Paragraph 25 of SFFAS No. 17, Accounting for Social Insurance, states, in
part, "The projections and estimates used should be based on the entity's
best estimates of demographic and economic assumptions, taking each factor
individually and incorporating future changes mandated by current law."
Certain entities prepare social insurance information using assumptions
prepared by a board of trustees. Auditors should consider such assumptions
to represent the entity's "best estimates" if the trustees have
characterized them as such, and entity management has determined them to
be reasonable. With respect to these assumptions, the auditor should
perform audit procedures that are consistent with the guidance in
paragraphs 9 through 36 of SOP 04-1.
6
The verifying agencies are the 24 CFO Act agencies and 11 other federal
agencies.
7
The closing package process is a methodology designed to link agencies'
comparative, audited consolidated, department-level financial statements
to the FR. The closing package is the data submitted by each verifying
agency for inclusion in the FR.
GFRS, as to its consistency with the comparative, audited consolidated,
department-level financial statements.
.24 According to OMB audit guidance, the auditor should determine whether
the special purpose financial statements and accompanying notes are fairly
presented, in all material respects, in conformity with U.S. GAAP and the
presentation requirements set forth in the Treasury Financial Manual
(TFM), Part 2-Chapter 4700 (TFM 2-4700), Agency Reporting Requirements for
the Financial Report of the United States Government. Beginning with
fiscal year 2006, the Statement of Social Insurance is to be presented as
a basic financial statement in accordance with SFFAS Nos. 25, 26, and 28.
.25 TFM 2-4700 requires entities to provide the Statement of Social
Insurance data and the underlying key assumptions in the FR Notes module
in GFRS. All remaining social insurance information is to be submitted
through the Other FR Data (Stewardship and Supplemental Information)
module in GFRS^8 [233]. The auditor generally should
o perform the procedures described in AU 558 for the Other FR Data
information as required and defined in TFM 2-4700, And
o assess whether the Other FR Data is materially consistent with the
information in the special purpose financial statements.
.26 Actuarial projections of the annual cash inflow from all sources
exclude net interest on intragovernmental borrowing/lending for both the
[234]component entity's Statement of Social Insurance ^9 and the U.S.
government's consolidated Statement of Social Insurance.^10 In addition,
because paragraph 32 (1)(a) of SFFAS No. 17 only permits cash inflow from
the public to be included in the long-range actuarial projection of cash
inflow presented in the U.S. government's consolidated Statements of
Social Insurance, TFM 2-4700 requires the (1) General Fund transfers for
the Federal Supplementary Medical Insurance (SMI - Medicare Part B)
program, (2) General Fund transfers for the Federal Supplementary Medical
Insurance (SMI - Medicare Part D) program, and (3) financial
interchange^11 income for the Railroad Retirement benefits program to be
excluded from the present value of the long-range actuarial projections.
SFFAS No. 17 states that expense and liability recognition for the
8
Beginning in fiscal year 2006, TFM 2-4700 included these requirements. The
process and modules used by FMS to prepare the consolidated Statements of
Social Insurance and accompanying notes, and supplemental information
included in the FR may change in future years, based on changes that may
be made by FMS to TFM 2-4700.
9
SFFAS No. 17, paragraph 27 (a)(1).
10
SFFAS No. 17, paragraph 32 (a)(1).
11
Financial interchange (FI) income consists of transfers from the social
security trust funds under a financial interchange between the railroad
retirement and the social security systems. While the railroad retirement
system has remained separate from the social security system, the two
systems were closely coordinated with regard to earnings credits, benefit
payments, and taxes. The purpose of this financial coordination is to
place the Social Security Old-Age Survivors and Disability Insurance
(OASDI) and Hospital Insurance (HI) trust funds in the same position they
would have been in if railroad services were covered by the Social
Security and Federal Insurance Contribution Acts.
consolidated governmentwide entity are the same as for the component
entities.^12
Consequently, auditors responsible for these programs generally should
determine the impact of the TFM requirement, which excludes the General
Fund transfers and the financial interchange income from the present value
of the long range actuarial projections on their auditing procedures.
Auditors should plan and perform their department-level social insurance
related audit procedures to obtain a reasonable basis for expressing an
opinion on the Statement of Social Insurance.
SFFAS No. 17, paragraph 30.
[This page intentionally left blank.}
SECTION 1000
Reporting
1001 A - Example Management Representation Letter
[Entity Letterhead]
[Date of auditor's report and completion of the audit]
The Honorable [name of Inspector General or Comptroller General]
[Title as Inspector General or Comptroller General of the United States]
[Name of IG entity or U.S. Government Accountability Office]
[Also, include the independent external auditor as an addressee, if
appropriate.]
Address
Dear [name(s)]:
We are providing this letter in connection with your audit of the
[entity's] balance sheet as of September 30, 20X6 and 20X5, [or dates of
audited financial statements] and the related statements of net costs,
changes in net position, budgetary resources, financing, social insurance
[if applicable] and custodial activity [if applicable], for the years then
ended (hereinafter referred to as the "financial statements").
You conducted your audit to (1) express an opinion as to whether the
financial statements are presented fairly, in all material respects, in
conformity with U.S. generally accepted accounting principles, (2) report
[or express an opinion] on the entity's internal control over financial
reporting and compliance with laws and regulations as of September 30,
20X6 [or date of latest audited financial statements], (3) (For CFO Act
agencies) report whether the [entity's] financial management systems
substantially comply with federal financial management systems
requirements, applicable federal accounting standards (U.S. generally
accepted accounting principles), and the U.S. Government Standard General
Ledger at the transaction level as of September 30, 20X6, and (4) test for
compliance with applicable laws and regulations. In addition, you have
performed certain audit procedures with respect to the [entity's] 20X6
Management's Discussion and Analysis (MD&A) and other supplementary
information, which is included as part of the 20X6 financial statements of
the [entity].
(Recommended paragraph) Certain representations in this letter are
described as being limited to matters that are material. For purposes of
this letter, matters are considered material if they involve $XX or more.
Items also are considered material, regardless of size, if they involve an
omission or misstatement of accounting information that, in the light of
surrounding circumstances, makes it probable that the judgment of a
reasonable person relying on the information would be changed or
influenced by the omission or misstatement. (OMB Bulletin 06-03 states
that the management representation letter shall specify management's
materiality threshold used for reporting items in the management
representation letter.)
We confirm, to the best of our knowledge and belief, the following
representations made to you during the audits. These representations
pertain to both years' financial statements, and update the
representations we provided in the prior year:
1. We are responsible for the fair presentation of the financial
statements in conformity with U.S. generally accepted accounting
principles. We are also responsible for the preparation of the MD&A,
and (if any): required supplementary information (RSI), required
supplementary stewardship information (RSSI), and other supplementary
information.
2. The financial statements are fairly presented in conformity with U.S.
generally accepted accounting principles. The MD&A, and (if any) RSI,
RSSI, and other supplementary information are fairly presented and are
consistent with the financial statements
1. We have made available to you all
1. financial records and related data;
2. where applicable, minutes of meetings of the Board of
Directors [or other similar bodies of those charged with
governance] or summaries of actions of recent meetings for
which minutes have not been prepared; and
3. any communications from the Office of Management and Budget
(OMB) concerning noncompliance with or deficiencies in
financial reporting practices.
1. There are no material transactions that have not been properly
recorded in the accounting records underlying the financial statements
or disclosed in the notes to the financial statements.
2. There are no uncorrected financial statement misstatements as we have
adjusted the financial statements for all known and likely
misstatements you have informed us of (or) We believe that the effects
of uncorrected financial statement misstatements summarized in the
attached summary are immaterial, both individually and in the
aggregate, to the financial statements taken as a whole. (An example
summary is provided in FAM 595 C.) [If management believes that
certain of the identified items are not misstatements, management's
belief may be acknowledged by adding to the representation, for
example, "We believe that items XX and XX do not constitute
misstatements because (description of reason)."]
3. The [entity] has satisfactory title to all owned assets, including
stewardship property, plant, and equipment. There are no liens or
encumbrances on these assets and no assets have been pledged.
4. We have no plans or intentions that may materially affect the carrying
value or classification of assets and liabilities or that we are
required to disclose in the financial statements.
5. There are no guarantees under which the [entity] is contingently
liable that require reporting or disclosure in the financial
statements.
6. Related party transactions including related accounts receivable or
payable, revenues, expenditures, loans, transfers, leasing
arrangements, assessments, and guarantees have been properly recorded
and disclosed in the financial statements.
7. No material events or transactions have occurred subsequent to
September 30, 20X6 [or date of latest audited financial statements],
that have not been properly recorded in the financial statements or
disclosed in the notes.
Intra-governmental Activities
11. All inter-entity transactions and balances have been appropriately
identified and eliminated for financial reporting purposes. All
intra-governmental transactions and activities have been appropriately
identified, recorded, and disclosed in the financial statements. We have
reconciled [or have been unable to reconcile] intragovernmental
transactions and balances with the federal entity providing the goods or
services.
Internal Control
1. We are responsible for establishing and maintaining a system of
internal control.
1. Pursuant to 31 U.S.C. 3512(c), (d) (commonly known as the Federal
Managers' Financial Integrity Act), we have assessed the
effectiveness of the [entity's] internal control in achieving the
following objectives:
1. reliability of financial reporting: Transactions are
properly recorded, processed, and summarized to permit the
preparation of the financial statements and supplementary
information in accordance with U.S. generally accepted
accounting principles, and assets are safeguarded against
loss from unauthorized acquisition, use, or disposition.
2. compliance with applicable laws and regulations:
Transactions are executed in accordance with laws governing
the use of budget authority; other laws and regulations that
could have a direct and material effect on the financial
statements, and any other laws, regulations, and
government-wide policies identified in OMB audit guidance.
3. reliability of performance reporting: Transactions and other
data that support reported performance measures in the MD&A
are properly recorded, processed, and summarized to permit
the preparation of performance information in accordance
with criteria stated by management.
[This item is optional if the auditor is not opining on internal control.
Also, if the agency bases its internal control assessment on suitable
criteria other than 31 U.S.C. 3512(c), (d), cite the criteria used (for
example, Internal Control--Integrated Framework issued by the Committee of
Sponsoring Organizations (COSO) of the Treadway Commission).]
14. Those controls in place on September 30, 20X6 [or date of latest
audited financial statements], and during the years ended 20X6 and 20X5,
provided reasonable assurance that the foregoing objectives are met.
[Delete this item if the auditor is not opining on internal control.]
[If there are material weaknesses:
Those controls in place on September 30, 20X6, and during the years ended
20X6 and 20X5, were not effective to provide reasonable assurance that the
foregoing objectives were met because of the effects of the material
weaknesses discussed below or in an attachment.]
1. We have disclosed to you all significant deficiencies in the design or
operation of internal control that could adversely affect the
[entity's] ability to meet the internal control objectives and
identified those we believe to be material weaknesses (or determined
that none is a material weakness). [This item is optional if the
auditor is not opining on internal control.]
2. There have been no changes to internal control subsequent to September
30, 20X6 [or date of latest audited financial statements], or other
factors that might significantly affect the effectiveness of internal
control. [If there were changes, describe them, including any
corrective actions taken with regard to any significant deficiencies
or material weaknesses.] [This item is not required if the auditor is
not opining on internal control.]
Fraud
1. We acknowledge our responsibility for the design and implementation of
programs and controls to prevent and detect fraud (intentional
misstatements or omissions of amounts or disclosures in financial
statements and misappropriation of assets that could have a material
effect on the financial statements).
1. We have no knowledge of any fraud or suspected fraud affecting
the [entity] involving:
1. management,
2. employees who have significant roles in internal control, or
3. others where the fraud could have a material effect on the
financial statements.
[If there is knowledge of any instances, describe them.]
19. We have no knowledge of any allegations of fraud or suspected fraud
affecting the [entity] received in communications from employees, former
employees, or others. [If there is knowledge of any such allegations, they
should be described.]
Compliance of Systems with FFMIA
[For CFO Act agencies subject to the Federal Financial Management
Improvement Act of 1996 (FFMIA)]
1. We are responsible for implementing and maintaining financial
management systems that substantially comply with federal financial
management systems requirements, federal accounting standards (U.S.
generally accepted accounting principles), and the U.S. Government
Standard General Ledger at the transaction level.
2. We have assessed the financial management systems to determine whether
they substantially comply with those federal financial management
systems requirements. Our assessment was based on guidance issued by
OMB.
3. The financial management systems substantially complied with federal
financial management systems requirements, federal accounting
standards, and the U.S. Government Standard General Ledger at the
transaction level as of [date of the latest financial statements].
[If the financial management systems substantially comply with only one or
two of the above elements, modify as follows:
As of [date of financial statements], the [agency's] financial management
systems substantially comply with [specify which of the three elements for
which there is substantial compliance (e.g., federal accounting standards
and the SGL at the transaction level)], but did not substantially comply
with [specify which of the elements for which there was a lack of
substantial compliance (e.g., federal financial management systems
requirements)], as described below (or in an attachment).]
[If the financial management systems do not substantially comply with any
of these three elements, use the following paragraph:
As of [date of financial statements], the [agency's] financial management
systems do not substantially comply with the federal financial management
systems requirements.]
[If there is a lack of substantial compliance with one or more of the
three requirements, identify all the facts pertaining to the
noncompliance, including the nature and extent of the noncompliance and
the primary reason or cause of the noncompliance.]
Laws and Regulations
1. We are responsible for the [entity's] compliance with applicable laws
and regulations.
2. We have identified and disclosed to you all laws and regulations that
have a direct and material effect on the determination of financial
statement amounts [may list laws and regulations].
1. There are no
1. violations or possible violations of laws or regulations
whose effects we should evaluate for disclosure in the
financial statements or as a basis for recording a loss
contingency,
2. material liabilities or gain or loss contingencies that are
required to be accrued or disclosed that have not been
accrued or disclosed, or
3. unasserted claims or assessments that are probable of
assertion and must be disclosed that have not been
disclosed.
[When there is no general counsel and management has not consulted legal
counsel regarding contingencies, the auditor should obtain a written
representation from management that legal counsel has not been consulted.
Example wording is: "We are not aware of any pending or threatened
litigation, claims, or assessments or unasserted claims or assessments
that are required to be accrued or disclosed in the financial statements
in accordance with SFFAS No. 5. We have not consulted legal counsel
concerning litigation, claims, or assessments." (See FAM 1002.24)
1. We have complied with all aspects of contractual agreements that would
have a material effect on the financial statements in the event of
noncompliance.
2. We are not aware of any violations of the Antideficiency Act that we
must report to the Congress and the President for the year ended
September 30, 20x6, (or, we have reported all known violations of the
Antideficiency Act) and through the date of this letter.
Statement of Social Insurance
[For entities presenting a Statement of Social Insurance (SOSI) see AICPA
publication SOP 04-1, Auditing the Statement of Social Insurance, (SOP
04-1 S36) which suggests the following management representations.]
1. Management is responsible for the assumptions and methods used in the
preparation of the SOSI. Management agrees with the actuarial methods
and assumptions used by the entity's actuary and have no knowledge or
belief that would make such methods or assumptions inappropriate in
the circumstances. Management did not give any instructions, nor cause
any instructions to be given to the entity's actuary with respect to
values or amounts derived, and is not aware of any matters that have
affected the objectivity of the entity's actuary. Management believes
that the actuarial assumptions and methods used to measure the amounts
in the SOSI for financial accounting purposes are appropriate in the
circumstances.
2. Actuarial assumptions and methods used to measure the amounts in the
SOSI for financial accounting and disclosure purposes represent
management's best estimates regarding future events based on
demographic and economic assumptions and future changes mandated by
law.
3. There were no material omissions from the data provided to the
entity's actuary for the purpose of determining the actuarial present
value of the estimated future income to be received and estimated
future expenditures to be paid during the projection period sufficient
to illustrate the long-term sustainability of (name of the social
insurance program) as of (dates of SOSI presented).
4. The SOSI covers a projection period sufficient to illustrate the
long-term sustainability of the social insurance program.
5. Management provided the auditor with all the reports developed by
external review groups appointed by the entity or the program's
trustees related to estimates in the SOSI.
1. The following matters relating to the SOSI have been disclosed
properly in the notes to the financial statements:
1. The accumulated excess of all past cash receipts, including
interest on investments, over all past cash disbursements
within the social insurance program represented by the fund
balance at the valuation date.
2. An explanation of how the net present value is calculated
for the closed group.
3. Comparative financial information for items in paragraphs
2a, 2b 2c and 2d (1) of SOP 04-1, for the current year and
for each of the preceding four years. (Note any preceding
years that are unaudited).
4. Significant assumptions used in preparing estimates
34. There have been no changes in (or, changes in the following have been
properly recorded or disclosed in) the actuarial methods or assumptions
used to calculate amounts recorded or disclosed in the financial
statements between
a.
the valuation dates (for example: of January 1, 20x6 and January
1, 20x5) or changes in the method of collecting data, and
b.
the valuation date (for example: of January 1, 20x6), and the
financial reporting date (of September 30, 20x6) or changes in the
method of collecting data.
35. There have been no changes in (or, changes in the following have been
properly recorded or disclosed in) laws and regulations affecting social
insurance program income and benefits between
a.
the valuation dates (for example: January 1, 20x6 and January 1,
20x5)
b.
the valuation date (for example: January 1, 20x6) and the
financial reporting date (of September 30, 20x6).
36. Accounting estimates applicable to the financial information of the
entity included in the SOSI are based on management's best estimate, after
considering past and current events and assumptions about future events.
Budgetary and Restricted Funds
[OMB audit guidance includes a representation by management on the
consistency of budgetary data in the following paragraph.]
1. The information presented in the (entity's) Statement of Budgetary
Resources (materially - defined in paragraph 2 on page 1001 A-1)
agrees with information submitted in its year-end Reports on Budget
Execution and Budgetary Resources (SF-133s). The information will be
used as input for fiscal year 20x6 actual column of the Program and
Financing Schedules reported in the fiscal year 20x8 Budget of the U.S
Government. This information is supported by the related financial
records and data.
2. We have disclosed in the financial statements all earmarked funds as
defined by FASAB SFFAS No. #27 and all restricted funds that are
material.
[Name of Head of Entity]
[Title]
[Name of Chief Financial Officer]
[Title]
Attachment
[This page intentionally left blank.]
1002 - Inquiries of Legal Counsel
.01 FAM 1002 provides guidance on procedures to obtain evidence that the
financial accounting and reporting of contingencies ^[235]1 regarding
litigation, claims, and assessments conform with U.S. generally accepted
accounting principles (U.S. GAAP). FAM 1002 discusses the accounting and
reporting guidance and audit procedures for inquiries of legal counsel
concerning litigation, claims, and assessments, and includes an example
audit program at FAM 1002 A; an example legal representation letter
request at FAM 1002 B; and a legal representation letter response at FAM
1002 C.
Accounting and Reporting Guidance
.02 Entity management is responsible for implementing policies and
procedures to identify, evaluate, account for, and disclose litigation,
claims, and assessments as a basis for the preparation of financial
statements in conformity with U.S. GAAP.
.03 Statement of Federal Financial Accounting Standards (SFFAS) No. 5,
Accounting for Liabilities of the Federal Government, as amended by SFFAS
No. 12, Recognition of Contingent Liabilities Arising from Litigation,
contains accounting and reporting standards for loss contingencies,
including those arising from litigation, claims, and assessments. ^[236]2
The Federal Accounting Standards Advisory Board (FASAB) Interpretation No.
2, Accounting for Treasury Judgment Fund Transactions, provides additional
guidance related to claims to be paid through the Treasury Judgment Fund.
^[237]3 Statement of Financial Accounting Standards (FAS) No. 5,
Accounting for Contingencies, also provides guidance for financial
accounting and reporting for loss and gain contingencies for government
corporations and entities following U.S. GAAP for the private-sector
promulgated by the Financial Accounting Standards Board (FASB). The
definition of probable for legal contingencies is essentially the same in
FAS No. 5 and SFFAS No. 5.
.04 A contingency is an existing condition, situation, or set of
circumstances involving uncertainty as to possible gain or loss to an
entity. The uncertainty will ultimately be resolved when one or more
future events occur or fail to occur. When a loss contingency exists, the
likelihood that the future event or events will confirm the loss or
impairment of an asset or the incurrence of a liability can range from
remote to probable. SFFAS
1
Including environmental and disposal liabilities that are a type of
contingency that is often a significant issue for the federal government.
2
SFFAS No. 7 has guidance for reporting claims for tax refunds. Rather than
recognizing probable claims
and disclosing other claims in the notes to the financial statements,
SFFAS No. 7 indicates that other
claims for refunds that are probable should be included as supplementary
information.
3
A permanent, indefinite appropriation, commonly known as the Judgment Fund, is
available to pay final
judgments, settlement agreements, and certain types of administrative
awards against the United States
when payment is not otherwise provided for. The Secretary of the Treasury
certifies all payments from the
fund. (See 31 U.S.C. 1304, Judgments, awards, and compromise settlements.)
FASAB Interpretation No. 2
clarifies how federal entities report the costs and liabilities arising
from claims to be paid by the Judgment
Fund and how the Judgment Fund accounts for the amounts that it is
required to pay on behalf of federal
entities.
Nos. 5 and 12 use the terms remote, reasonably possible, and probable to
identify three areas within the range of probability, as follows:
o Remote--The chance of the future event or events occurring is slight.
o Reasonably possible--The chance of the future event or events
occurring is more than remote but less than probable.
o Probable--For pending or threatened litigation and unasserted claims,
the future confirming event or events are likely to occur. (For other
contingencies, the future event or events are more likely than not to
occur.)
.05 The entity should recognize a liability and a related charge to
expense for an estimated loss from a loss contingency only when ^[238]4
a.
a past event or exchange transaction has occurred,
b.
a future outflow or other sacrifice of resources is probable, and
c.
the future outflow or sacrifice of resources is measurable.
.06 Disclosure of the nature of an accrued liability for loss
contingencies, including the amount accrued, may be necessary for the
financial statements not to be misleading. For example, if the amount
recognized is large or unusual, the entity should determine whether to
disclose the contingency. However, if no accrual is made for a loss
contingency because one or more of the conditions in FAM 1002.05 are not
met, the federal government and its entities should report contingent
losses that involve situations where there is at least a reasonable
possibility that a loss has been incurred.
The entity should disclose the nature of the contingency, and an estimate
of the possible liability or range of possible liability, if estimable, or
a statement that such an estimate cannot be made. The reporting of
contingent losses depends on the likelihood that a future event or events
will confirm the loss or impairment of an asset or the incurrence of a
liability. Terms used to assess the likelihood of loss are remote,
reasonably possible, and probable as discussed in FAM 1002.04.
Contingent losses that are assessed as probable and measurable are accrued
in the financial statements. Losses that are assessed to be at least
reasonable possible are disclosed in the notes. For an overview of the
standards that provide criteria for how federal agencies are to account
for contingent losses based on the likelihood of the loss and the
measurability, see table 1 below:
If the Judgment Fund will pay the claim, the entity still recognizes the
liability and cost at this time. Once the claim is settled or a court
judgment is assessed and the Judgment Fund is determined to be the
appropriate source for payment, the entity reduces the liability by
recognizing an (imputed) financing source. Note that for Judgment Fund
payments made under the Contract Disputes Act and in employment
discrimination cases, the entity establishes a payable to reimburse the
Judgment Fund.
Likelihood of
future Loss amount can be Loss range can be Loss amount range
outflow or other reasonably reasonably measured cannot be
measured reasonably
sacrifice of measured
resources
Accrue the Disclose nature
Probable: Future liability Accrue liability of of contingency
confirming best estimate or and include a
event(s) are minimum amount in statement that an
likely to occur loss range if there estimate cannot
is no best be
estimate, and made
disclose
nature of
contingency and
range of estimated
liability
Reasonably Disclose nature
possible: Disclose nature of Disclose nature of of
Possibility of contingency and contingency and contingency and
future include
confirming estimated amount. estimated loss a statement that
event(s) range. an
occurring is more estimate cannot
than be
remote and less made
than
likely
Remote: No action is No action is No action is
Possibility of required required required
future event(s)
occurring is
slight
Management decides what to report. The auditor evaluates whether
management's reporting is in accordance with U.S. GAAP.
In addition, if the Judgment Fund might be involved in the payment of the
possible loss, the federal entity involved in the litigation should
discuss the Judgment Fund's role in a note to the financial statements.
.07 Although management often relies on advice of legal counsel about the
(a) likelihood of an unfavorable outcome and (b) estimates of the amount
or range of potential loss for litigation, claims, and assessments,
management is ultimately responsible for determining whether these
contingencies are probable, reasonably possible, or remote. Management
does this to decide whether they should be recognized as liabilities
and/or disclosed in the notes to the financial statements. Thus, the
Office of Management and Budget's (OMB) audit guidance requires CFO Act
entity management to prepare a schedule summarizing legal contingencies
including whether they are probable, reasonably possible, or remote, and
whether (and in what amounts) they have been accrued or disclosed in the
financial statements. An Example Management Summary Schedule is provided
at FAM 1002 D.
Audit Procedures
.08 The auditor should design procedures to test the entity's accounting
for and disclosure of litigation, claims, and assessments. AU 337 (SAS
#12) provides guidance on the procedures to identify litigation, claims,
and assessments to evidence that they are appropriately accounted for and
disclosed. AU 9337 provides auditing interpretations of AU 337. OMB audit
guidance also contains procedures for inquiries of legal counsel. (See FAM
1002 A for example audit procedures.)
.09 The auditor should obtain evidence relevant to the following factors
with respect to litigation, claims, and assessments:
a.
The existence of a condition, situation, or set of circumstances
indicating uncertainty as to the possible loss to an entity
arising from litigation, claims, and assessments.
b.
The period in which the underlying causes for legal action
occurred.
c.
The likelihood of an unfavorable outcome (probable, reasonably
possible, or remote).
d.
The amount or range of potential loss, if estimable.
.10 The auditor may discuss with management the events or conditions in
accounting for and reporting of litigation, claims, and assessments. The
auditor should perform audit procedures to corroborate the information
provided by management, including requesting that management send a legal
letter request to the entity's legal counsel.
.11 A letter from legal counsel to the auditor, in response to a legal
letter request from management to legal counsel, is the auditor's primary
means of corroborating the information furnished by management concerning
the accuracy and completeness of litigation, claims, and assessments. The
auditor should ask management to have the legal letter request include
either (1) a list of pending or threatened litigation, claims, and
assessments, or (2) a request by management that legal counsel prepare the
list. The auditor should also ask management to have the legal letter
request include a list of unasserted claims and assessments the lawyer
determined probable of assertion, and that, if asserted, would have at
least a reasonable possibility of an unfavorable outcome, to which legal
counsel has devoted substantive attention on the entity's behalf in the
form of legal consultation or representation (or a statement that
management is not aware of any matters meeting the criteria). The auditor
should obtain assurance from management, ordinarily in writing, that it
has disclosed all unasserted claims when it is considered probable that a
claim will be asserted and there is a reasonable possibility that the
outcome will be unfavorable.
Legal counsel then would supplement management's information about those
unasserted claims and assessments, including an explanation of any matters
where their views differ from those expressed by management in the legal
letter request. In the federal government, where the general counsel may
be part of management, the general counsel may instead provide the list of
unasserted claims or assessments meeting the above criteria.
The auditor should ask management to have the legal letter request include
a request for legal counsel to make a statement that they will advise
management about unasserted claims and assessments that management should
evaluate for disclosure. See the example request at FAM 1002 B and example
response at FAM 1002 C.
.12 The auditor should also perform procedures to learn about legal claims
against the government where no monetary damages are being sought,
commonly referred to as non-monetary cases. In these cases, plaintiffs
seek that the government either take or cease a particular action, which
if successful, could cost the government significant amounts of money to
comply. An example is a claim regarding the Department of Energy's
classification of radioactive waste for disposal, which if successful
could result in considerable environmental expense and liability. Auditors
should make inquiries of management and legal counsel to determine if such
nonmonetary cases exist. Management should determine the effect of losing
the case, if any, on the entity's financial statements.
Timing of Legal Letter Request and Responses
.13 The auditor generally should perform procedures for inquiries of legal
counsel concerning litigation, claims, and assessments on a timely basis
to give priority to the resolution of potential problem areas and to
complete other procedures. To meet deadlines, the auditor, entity
management, and legal counsel generally should coordinate the timing of
legal letter requests, responses (including interim responses), and
related management schedules. The auditor and the entity management should
determine the due dates for obtaining responses from component units to
provide legal letter responses for the entity's financial statements as
well as for the U. S. Government's Consolidated Financial Statements. In
setting the due dates, the auditor and entity management generally should
allow for management to inquire of Department of Justice legal counsel on
a case-specific basis.
.14 In addition, when an entitywide audit team uses the work of entity
component audit teams, the entitywide and component audit teams generally
should coordinate the timing of legal letter requests, responses, and
management schedules and determine the due dates for the component
financial statements as well as the entitywide financial statements. The
entitywide team generally should receive copies of the component letters
from the component audit teams by the due dates.
.15 The legal counsel's response should include matters that existed at
the balance sheet date and through a date near the completion of the
audit. If the effective date is substantially in advance of the completion
of the audit (for example, earlier than 2 weeks before the completion of
the audit), the auditor should contact the legal counsel for an updated
response. To avoid this situation, the legal letter request may specify
the period the legal counsel's response is to cover and the date the
auditor expects to receive the response.
.16 To assist the auditor in completing the review of legal matters in a
timely manner (and to assist management in preparing the financial
statements), the auditor may ask management to request legal counsel to
submit a preliminary or interim response covering matters that existed at
the current date and through a point in time reasonably before the
completion of the audit so that a preliminary evaluation of the
significance of material legal matters can be made. This is particularly
applicable to large federal agencies with numerous and complex cases.
^[239]5
If an interim letter is used, the auditor should ask the entity to request
that legal counsel submit a final or updated response covering matters
from the interim date through the date of audit completion. The entity
should request that the updated response contain only changes or a
statement indicating there are no changes from the interim response and
any new matters from the interim date through the completion of the audit.
The auditor should ask the entity to request that legal counsel date and
submit the final legal representation letter to coordinate with the
management representation letter in FAM 1001.
However, in some cases, the legal representation letters are ready first
so entity management may rely upon them before signing the management
representation letters. In theses cases, the auditor should make oral
inquiries of legal counsel and document whether material changes had
occurred from the date of the legal representation letter to the date of
audit completion. The auditor should plan to receive letters to meet the
reporting deadline in accordance with OMB Financial Reporting
Requirements. See FAM 1002 B for an example legal letter request that
includes requests for interim and updated responses from legal counsel.
Determining a Materiality Level
.17 The auditor and the entity may agree to limit the legal inquiry to
matters that are considered individually or collectively material to the
financial statements, provided that the entity and the auditor have agreed
on the materiality level. The auditor should ask the entity to indicate
the materiality level, if used, in the legal letter request and the entity
should ask the lawyer to include the materiality in the response.
.18 In determining a materiality level for the legal letter, the auditor
and the entity should set the level sufficiently low that the cases not
included in the legal letter would not be material to the financial
statements taken as a whole when aggregated with
(1)
other cases not included in the letter,
(2)
all other types of contingencies,
(3)
all other items that would not be adjusted because they are judged
immaterial (unadjusted misstatements),
For example, for its fiscal year 2006 audit, the Department of Justice
asked its components to submit interim representations by July 11, 2006,
for contingencies that existed through June 30, 2006. This was to allow
review of cases before external issuance.
(4)
all other amounts in the financial statements that would not be
tested directly because they were judged to be immaterial, and
(5)
all other items resolved on the basis of materiality
considerations. (For example, the auditor of the U.S Government's
Consolidated Financial Statements used 2.5 percent of design
materiality for individual cases and 5 percent of design
materiality for the aggregate of all cases.)
.19 In aggregating cases, the auditor and the entity may use two levels of
aggregation. First, similar cases are aggregated (such as employment
discrimination cases, harbor maintenance fee cases, spent nuclear fuel
cases, or military promotion board challenges), treated as a group and the
auditor should compare the total with the individual materiality level.
The aggregation generally includes a list of the individual cases and a
discussion of the items of information included in the legal letter for
the aggregated cases (see FAM 1002 B and FAM 1002 C).
Second, cases not included in the legal letter individually or as part of
a group of similar cases are aggregated. The auditor may use a higher
materiality level for such an aggregation. However, the auditor may set
this higher materiality level sufficiently low that the cases not included
in the legal letter would not be material to the financial statements
taken as a whole when aggregated with the other items listed in the
previous paragraph.
.20 Where the entity engages more than one legal counsel, the entity and
the auditor should determine whether matters considered not material
individually would exceed the materiality limit when aggregated. In
addition, when separate legal representation letters are requested on
individual components (such as bureaus or offices) of a consolidated
entity because of individual component audits, the auditor may determine
materiality levels for each component.
Legal Counsels from Whom Information Should be Requested
.21 Most federal entities have a general counsel who has primary
responsibility for and knowledge about the entity's litigation, claims,
and assessments. The auditor should request entity management to send a
legal letter request to the general counsel. In addition, the auditor
should ask the management and/or general counsel whether the entity used
outside legal counsel whose engagement may be limited to particular
matters (e.g., specific litigation).
.22 In the federal government, the main legal counsel outside of the
entity is the Department of Justice. ^[240]6 The entity's management, its
legal counsel, or the auditor may consult with Justice as well as other
outside legal counsel to assure completeness and accuracy of the
presentation of matters related to litigation, claims, and assessments.
Such consultation may include requesting a list of pending litigation,
claims, and assessments from Justice or other outside legal counsel, or
discussion of specific cases.
.23 The auditor should ask the entity to request that legal counsel cover
all litigation, claims, and assessments pertaining to the federal
reporting entity, including matters handled by Justice and other outside
legal counsel on behalf of the entity. If the general counsel has overall
responsibility for handling and evaluating litigation, claims, and
assessments, the evaluation and responses by general counsel ordinarily
are adequate evidence. However, evidential matter obtained from general
counsel is not a substitute for information that outside legal counsel
refuses to furnish to the auditor.
.24 Where there is no general counsel and management has not consulted
legal counsel, the auditor should obtain a written representation from
management that legal counsel has not been consulted. Such representation
may be incorporated as an item in the management representation letter.
(See FAM 550 and 1001.) An example item is: "We are not aware of any
pending or threatened litigation, claims, or assessments or unasserted
claims or assessments that are required to be accrued or disclosed in the
financial statements in accordance with SFFAS No. 5. We have not consulted
legal counsel concerning litigation, claims, or assessments."
Evaluation of Responses
.25 Written responses from legal counsel will vary considerably in the
scope of information provided and in the opinion expressed. In preparing
the responses, legal counsel uses the guidance contained in the American
Bar Association's Statement of Policy Regarding Lawyers' Responses to
Auditors' Requests for Information (ABA Policy Statement) (included in its
entirety in AU 337 C).
.26 The auditor should ask the entity to request that legal counsel cover
all entity components included in the financial statements being audited.
Additionally, legal counsel generally should indicate the disposition of
cases included in the prior year's letter that are no longer
contingencies.
The Accounting and Auditing Policy Committee (AAPC) guidance (Technical Release
No. 1) clarifies
FASAB Interpretation No. 2, with respect to the Department of Justice's
role related to legal letters in
cases in which Justice's legal counsels are handling legal matters on
behalf of other federal reporting
entities. The letter from the entity's general counsel may provide
sufficient evidence for the auditor. If the
auditor determines that additional evidence is needed about a specific
case, the auditor may request entity
management and legal counsel to send a legal letter request to Justice,
directed to the lead Justice legal
counsel handling the case, asking that person to provide a description and
evaluation directly to the
auditor.
.27 The auditor should evaluate each response in terms of sufficiency as
evidence and consider (a) the possible limitations on the scope of legal
counsel's responses and (b) the lack of sufficient opinion on the
resolution of a case. AU 9337 provides guidance in evaluating legal
counsel's responses. The auditor should evaluate any "unable to determine"
and vague and unclear responses. The auditor also should evaluate the
legal counsel's response in light of any other information that comes to
the auditor's attention.
Possible Limitations on the Scope of Legal Counsel's Responses
.28 When legal counsel limits the response, the auditor should determine
whether the limitation affects the auditor's report. Legal counsel may
appropriately limit their response to certain matters. For example, to
matters that (a) legal counsel has given substantive attention to in the
form of legal consultation or representation, and (b) are determined to be
individually or collectively material to the financial statements,
provided the entity and the auditor have reached an understanding on
materiality levels. These limitations are acceptable and are not
limitations on the scope of the audit.
.29 The following are examples of limitations on legal counsel's responses
that the auditor should not accept and that would ordinarily result in a
scope limitation:
a.
Legal counsel refuses to furnish the requested information. When
legal counsel refuses to furnish the information requested in the
legal letter request, the auditor should evaluate this matter as a
scope limitation sufficient to preclude an unqualified opinion.
b.
Legal counsel excludes matters requested. The legal counsel's
responses may not address all information requested. The auditor
should compare legal counsel's response with the legal letter
request and determine whether legal counsel has addressed all the
information requested. If legal counsel has excluded any of the
requested matters, the auditor should obtain responses for those
matters from legal counsel. If the auditor is unable to obtain all
the information needed, the auditor should evaluate this as a
scope limitation that could be sufficient to preclude an
unqualified opinion.
c.
Legal counsel indicates that certain information is being withheld
due to attorney-client privilege. Under the American Bar
Association (ABA) Code of Professional Responsibility, legal
counsel is required to preserve the confidences and secrets of the
client. Legal counsel may disclose confidences to the auditor only
with the consent of the client. If the legal letter request is
prepared in accordance with AU 337, the auditor should expect that
legal counsel would be responsive; otherwise the scope of the
audit would be restricted. On the other hand, explanatory language
in the legal letter request or in legal counsel's response
emphasizing that management or legal counsel does not intend to
waive attorney-client privilege or attorney work-product privilege
does not result in a scope limitation.
Lack of Sufficient Opinion on the Resolution of a Case
.30 The following are examples of legal counsel responses that lack
sufficient opinion on the resolution of a case:
a.
Uncertainties. Legal counsel may be unable to respond concerning
the likelihood of an unfavorable outcome of litigation, claims,
and assessments or the amount or range of potential loss, because
of inherent uncertainties. In these circumstances, the auditor
generally should conclude that the financial statements are
affected by an uncertainty concerning the outcome of a future
event, which is not susceptible to reasonable estimation. See FAM
580 for reporting on uncertainties.
b.
Unclear responses. Legal counsel sometimes use
general terms to indicate their evaluation of the
outcome of a case. The ABA Policy Statement states
that legal counsel may, in the appropriate
circumstances, communicate to the auditor their view
that an unfavorable outcome is "probable" or
"remote." The legal letter responses may include
phrases that mean remote or probable. The phrases
below are examples of opinions that provide
sufficient clarity that the likelihood of an
unfavorable outcome is remote:
o "We are of the opinion that this action will not
result in any liability to the entity."
* "We believe that the plaintiff's case
against the entity is without merit."
* The following are examples of opinions that
indicate significant uncertainty as to
whether the entity will prevail:
o "In our opinion, the entity has a substantial
chance of prevailing in this action." (A
"substantial chance," a "reasonable
opportunity," and similar terms indicate more
uncertainty than an opinion that the entity will
prevail.)
o "It is our opinion that the entity will be able
to assert meritorious defenses to this action."
(The term "meritorious defenses" indicates that
the court will not summarily dismiss the
entity's defenses; it does not indicate legal
counsel's opinion that the entity will prevail.)
.31 To avoid unclear and incomplete responses, the auditor generally
should ask management to request legal counsel to use Justice's standard
forms to describe legal contingencies (see FAM 1002 C-4 to C-6 for
examples of these forms). When legal counsel does not indicate whether the
unfavorable outcome is probable or remote, management and the auditor
should conclude that the outcome is reasonably possible, management should
determine the disclosure. Management, with legal counsel's advice,
determines whether cases are probable, reasonably possible, or remote, to
decide whether to recognize them as liabilities and/or disclosed them in
the notes to the financial statements.
.32 If the auditor is not certain about legal counsel's evaluation, the
auditor should discuss the matters with legal counsel and entity
management (and document the oral discussion) and/or obtain written
clarification in a follow-up letter. Sometimes legal counsel may give a
clearer indication of likelihood orally. If legal counsel is unable to
give a clear evaluation of the likelihood of an unfavorable outcome,
management should disclose the uncertainty and the auditor should evaluate
the uncertainty's effect on the audit report.
Example Legal Letter Request
.33 The legal letter request, which the auditor may assist management to
draft, should be on the audited entity's letterhead, signed by the Chief
Financial Officer (CFO), or equivalent, and ask that the reply be sent
directly to the auditor with a copy to management by specified due dates.
FAM 1002 B provides an example legal letter request that includes requests
for interim and updated responses from legal counsel and matters that
should be covered in the letter.
Example Legal Counsel's Responses and Management's Schedule
.34 The General Counsel's response on General Counsel letterhead is sent
to the auditor with a copy to management by the agreed-upon due dates. The
counsel may indicate that the response is provided for the auditor's use
in connection with the audit.
.35 FAM 1002 C shows an example of a legal counsel response, including the
legal representation letter that should include Justice's legal
contingency standard forms for each case or group of cases. Forms can be
obtained on Justice's website at
[241]http://www.usdoj.gov/civil/forms/forms.htm and auditors should check
that current forms were used.
.36 FAM 1002 D shows an example of management's schedule that documents
how the information contained in the legal counsel's responses was used in
preparing the financial statements. Management should include each case
discussed in the legal letter and indicate (1) the amount accrued for
probable cases and (2) note disclosure for reasonably possible cases,
probable cases where the amount cannot be estimated, and probable cases
where a range of amounts above the accrued amount is estimated.
Practice Aids
.37 The following practice aids are provided at:
FAM 1002 A - Example Audit Procedures for Inquiries of Legal Counsel;
FAM 1002 B - Example Legal Letter Request;
FAM 1002 C - Example Legal Representation Letter, and
FAM 1002 D - Example Management Summary Schedule.
[This page intentionally left blank.]
1002 C - Example Legal Representation Letter
[General Counsel Letterhead]
[Date]
[Auditor]
[Title]
[Agency or Firm Name]
[City]
Subject: Legal Response in Connection with the 20X6 and 20X5 Financial
Statement Audits of [entity name]
Dear [Auditor]:
As General Counsel of [entity], I am writing in response to the legal
letter request from the [entity]'s Chief Financial Officer (CFO) dated
[date], in connection with the audit of [entity]'s financial statements as
of and for the years ended September 30, 20X6 and 20X5 [see FAM 1002 B].
[In an interim response, add "I will, as further requested by the CFO,
provide an updated response by [date]."]
I call your attention to the fact that as General Counsel for [entity], I
have general supervision of [entity]'s legal affairs. [If the general
legal supervisory responsibilities of the person signing the letter are
limited, set forth a clear description of those legal matters over which
the signer exercises general supervision, indicating exceptions to such
supervision and situations where the auditor may primary rely on other
sources.] In such capacity, I have reviewed litigation and claims
threatened or asserted involving [entity] and have consulted with outside
legal counsel about them when I have deemed appropriate.
Subject to the foregoing and to the last paragraph of this letter, I
advise you that since [insert date of beginning of period under audit]
neither I, nor any of the lawyers over whom I exercise general legal
supervision, have given substantive attention to, or represented [entity]
in connection with (1) loss contingencies [over the amount of (state
materiality level agreed to with auditor and stated in request letter, for
example $1 million)], or (2) loss contingencies that are less than or
equal to [for example, $1 million] but in the aggregate exceed, [for
example, $5 million] coming within the scope of clause
(a) of Paragraph 5 of the Statement of Policy referred to in the last
paragraph of this letter, except as follows:
[Describe litigation and claims that fit the foregoing criteria as
follows. General Counsel may use current Department of Justice forms to
describe the cases (one for pending or threatened litigation, another for
unasserted claims); see the DOJ website at
[242]http://www.usdoj.gov/civil/forms/forms.htm. ] ^[243]1
It is expected that cases or matters will be aggregated where appropriate.
(Excluding unasserted claims and assessments, which are discussed below)
1. Nature of the matter (include a description of the case or cases and
amount claimed, if specified).
2. Progress of the case to date.
3. Current or intended response.
4. Evaluation of the likelihood of an unfavorable outcome (categorize
likelihood as probable, reasonably possible, or remote).
5. Estimated amount or range of potential loss, if determinable, for
losses considered to be probable or reasonably possible.
6. Name of [entity]'s legal counsel handling the case and names of any
outside legal
counsel representing or advising the government in the matter. Pending or
threatened litigation that was reported in the prior year's legal
representation letter, which is no longer pending or threatened is as
follows
[Identification of litigation with a short description of its
disposition.] With respect to matters that have been specifically
identified as contemplated by clauses
(b) or (c) of paragraph 5 of the ABA Statement of Policy, I advise you,
subject to the last paragraph of this letter, as follows:
Unasserted Claims and Assessments
(considered to be probable of assertion and which, if asserted, would have
at least a reasonable possibility of an unfavorable outcome)
1. Nature of the matter.
2. Intended response if claim would be asserted.
3. Evaluation of the likelihood of an unfavorable outcome. (Categorize
likelihood as probable or reasonably possible.)
4. Estimated amount or range of potential loss, if determinable.
There are no potential claims against the government where no monetary
damages are being sought but plaintiffs are seeking that the government
either take or cease a particular action, which if successful, could cost
the government an amount management has determined will exceed $XX to
comply. [or describe potential claims and amounts.]
* * * * *
The information set forth herein is [(as of the date of this letter) or
(as of (insert date), the date on which we commenced our internal review
procedures for purposes of preparing this response)], except as otherwise
noted. [If an interim response, add "Upon receipt of a request to update
the response, I will provide an updated response, which is due on
[date],"] {If a final response: I disclaim any undertaking to advise you
of changes that, after the date of this letter, may be brought to my
attention or the attention of our lawyers over whom I exercise general
legal supervision.}
This response is limited by, and in accordance with, the ABA Statement of
Policy Regarding Lawyers' Responses to Auditors' Requests for Information
(December 1975); without limiting the generality of the foregoing, the
limitations set forth in such statement on the scope and use of this
response (Paragraphs 2 and 7) are specifically incorporated herein by
reference, and any description herein of any "loss contingencies" is
qualified in its entirety by Paragraph 5 of the statement and the
accompanying commentary (which is an integral part of the statement).
Consistent with the last sentence of Paragraph 6 of the ABA Statement of
Policy, this will confirm as correct the [entity]'s understanding that
whenever, in the course of performing legal services for the [entity] with
respect to a matter recognized to involve an unasserted possible claim or
assessment that may call for financial statement disclosure, I have formed
a professional conclusion that the [entity] must disclose or consider
disclosure concerning such possible claim or assessment, I, as a matter of
professional responsibility to [entity], will so advise the [entity] and
will consult with the [entity] concerning the question of such disclosure
and the applicable requirements of Statement of Federal Financial
Accounting Standards (SFFAS) No. 5, Accounting for Liabilities of the
Federal Government, as amended by SFFAS No. 12, and Interpretation Number
2 of SFFAS No. 4 and 5.
[Describe any other or additional limitation as indicated by Paragraph 4
of the statement.]
Sincerely yours,
[Name of General Counsel]
[Title]
cc: Chief Financial Officer
attachments (DOJ forms or other case information)
[This page intentionally left blank.]
Reporting 1002 D - Example Management Summary Schedule
The auditor should see that management prepare this schedule (or
equivalent) summarizing the information contained in the legal letters. In
particular, the auditor should determine that management has concluded as
to the likelihood of loss about each case to determine whether an amount
should be recorded in the financial statements and/or if note disclosure
is necessary for the financial statements to conform with U.S. GAAP.
Although most information comes directly from the legal letter, the
auditor should determine that financial staff have accurately added the
information in the last two columns to indicate the disposition of each
case in the financial statements.
Management's Schedule of Information Contained in Legal Letter Responses
for Financial Reporting Purposes
Amounts in thousands
1 2 3
4
5
6 7
Amount or Disposition in
Name of range of financial
Reference Amount case/ Likelihood potential statements
key claimed related of loss loss
cases (a) P (b) R/P (c) Upper Amt.
recorded Note disclosure
****insert rows here as necessary**** ***insert rows here as necessary***
***insert rows here as necessary***
TOTALS $ -$ -$ -$
$ -$ -
Guidance for Preparation:
1. Matters should be listed on this schedule in order of the amount or
range of potential loss, starting with the largest.
2. The level of aggregation should generally be at the same level as in
the general counsel's letter. However, there may be instances where
the level of aggregation is too high to be able to prepare this
schedule in a way that is meaningful. In such cases, the auditor
should request that the CFO work with legal counsel to provide further
disaggregation of dissimilar cases. There may also be other instances
in which ahigher level of aggregation is desirable. The auditor should
request that CFOs use professional judgment,
considering the purpose of this schedule when determining the level of
aggregation.
DRAFT GAO/PCIE Financial Audit Manual Page 1002 D-1
Column:
1 Reference key: Page number of legal representation letter obtained
from General Counsel discussing the case, or
other reference information.
2 Amount claimed: Amount claimed in the litigation, claim, or
assessment (if specified)
3 Name of case or related cases: Where appropriate, provide name of
case or aggregated cases which meet
materiality threshold.
4 Likelihood of loss: Indicate management's evaluation of the
likelihood of loss on individual or aggregated cases.
Options: P: probable (loss likely to occur);
R/P: reasonably possible (the chance of loss is less than probable,
but more than remote); or
R: remote (the chance of loss is slight).
5 Amount or range of potential loss:
Options: 5a: Probable (P) -- Provide single estimate or lower
end of range, if known. Enter "U" if unknown. (Also
provide column totals.)
5b: Reasonably possible (R/P) -- Provide single estimate or lower
end of range, if provided. Enter "U" if
unknown. Also provide column totals.
5c: If amounts in P or R/P are ranges,
provide upper end of range; otherwise,
enter "n/a."
Disposition in financial statements - amount recorded: If
6 applicable, provide corresponding dollar amount
recorded as a liability in the financial statements. (Also provide
column totals.)
7 Disposition in financial statements - note disclosure: If
applicable, indicate by note reference number
where case information is separately disclosed or included in
amounts disclosed in notes to the financial statements.
(Also provide column totals.)
DRAFT GAO/PCIE Financial Audit Manual Page 1002 D-2
1003 - Financial Statement Audit Completion Checklist
Entity:
Job Code:
Principal Report:
Other Reports (including management reports and testimonies):
Instructions
.01 This checklist is a tool to help auditors of financial statements
determine whether they have complied with GAGAS, OMB audit guidance, and
the FAM. The auditor-in-charge (AIC), audit senior, or audit manager
should prepare this checklist before the audit completion date and sign in
section VIII. The assistant director and first partner (audit director)
should review this checklist before the audit completion date and also
sign in section VIII. For GAO audits, the chief accountant or second
partner should review the checklist and sign in section IX when engagement
quality control review (previously called a second partner review) is
completed before the audit completion date. If the audit is conducted at
multiple sites, the site supervisor may complete parts of the checklist
for each site (with the AIC, audit senior, or audit manager completing the
overall checklist). While parts of the checklist are useful in audit
planning, no signatures are required on the checklist in the planning
phase.
.02 The detailed questions in this checklist are to be answered "Yes",
"No", or "N/A (not applicable)". For most questions, "No" answers indicate
departures from professional standards or from auditor policies. The
auditor should explain all "No" answers in section VII of this checklist
and determine the effects and significance of "No" answers, including any
effects on the auditor's report. Auditors should check "N/A" when the item
does not exist or when the item exists but is judged to be not material.
Because the checklist is designed for a wide range of financial statement
audits, there may be many "N/A" answers. If the reason why a question is
not applicable is not obvious, the auditor should document the reason on
the checklist or in an attachment. It is not necessary to create
additional documentation to support the "Yes" answers, but a column is
provided to insert a reference to related audit documentation ("Ref.").
The questions are summarized. For most questions, there is a reference to
professional literature that provides more detail.
.03 Section V has questions on GAO's report considerations and section VI
has questions on GAO's quality control. GAO auditors should complete these
sections. IG auditors and other auditors may use these sections or may
substitute forms that conform to their reporting style and quality
controls.
.04 See FAM 650 related to reviewing this checklist (or equivalent) when
using the work of others.
.05 FAM Volume 3 has two checklists, Checklist for Federal Accounting (FAM
2010), and Checklist for Federal Reporting and Disclosures, (FAM 2020),
which superseded the July 2004 FAM 1050 checklist. The two checklists
cover accounting, financial reporting, and disclosure requirements related
to federal financial statements prepared using U.S. GAAP promulgated by
FASAB and includes form and content presentation contained in OMB Circular
No. A-136 (June 29, 2007). The AICPA publishes a disclosure checklist for
financial statements prepared using U.S. GAAP promulgated by FASB.
Preparers of entity financial statements may document their conformity
with U.S. GAAP by either
o completing the FAM 2010 and FAM 2020 checklists, or
o completing the AICPA disclosure checklist, as applicable, and a
supplemental checklist for FASAB requirements, or
o completing an equivalent checklist that addresses applicable
accounting, financial reporting, and disclosure requirements.
Preparers should tailor checklists to the needs of their individual entity
financial statements and auditors should review finished checklists for
completeness and accuracy. If the preparer does not complete the
checklists, the auditor should complete FAM 2010 and FAM 2020 or
equivalent to document the conformity of the entity's financial statements
with U. S. GAAP as discussed in FAM 560.
.06 For GAO's financial audits, this checklist incorporates, by reference,
additional job-related documentation requirements.
.07 For GAO's financial audits, the chief accountant or second partner
should perform an engagement quality control review. This review should be
documented on FAM 1003-29. IG auditors and other auditors should determine
the need for a similar review as part of their system of quality control
under GAGAS.
Reporting 1003 - Financial Statement Audit Completion Checklist
CONTENTS Section Topic Page
Planning and Concluding the
Audit.............................................................................
4
Key Audit Areas
...........................................................................................................
10
Consultation
.................................................................................................................
17
Report...........................................................................................................................
18
GAO's Report Considerations
....................................................................................
23
GAO's Quality
Control.................................................................................................
24
Explanation of "No" Answers and Other
Comments.............................................. 27
Conclusions
.................................................................................................................
28
Engagement Quality Control Review (Second Partner
Review)........................... 29
References:
AICPA Professional Standards (vol. 1, Auditing)
............................................................. AU GAO/PCIE
Financial Audit
Manual..................................................................................FAM
Government Auditing Standards (2007 edition)
........................................................GAGAS
Reporting 1003 - Financial Statement Audit Completion Checklist Reporting
1003 - Financial Statement Audit Completion Checklist Reporting 1003 -
Financial Statement Audit Completion Checklist Reporting 1003 - Financial
Statement Audit Completion Checklist Reporting 1003 - Financial Statement
Audit Completion Checklist Reporting 1003 - Financial Statement Audit
Completion Checklist Reporting 1003 - Financial Statement Audit Completion
Checklist Reporting 1003 - Financial Statement Audit Completion Checklist
Reporting 1003 - Financial Statement Audit Completion Checklist Reporting
1003 - Financial Statement Audit Completion Checklist Reporting 1003 -
Financial Statement Audit Completion Checklist Reporting 1003 - Financial
Statement Audit Completion Checklist Reporting 1003 - Financial Statement
Audit Completion Checklist Reporting 1003 - Financial Statement Audit
Completion Checklist Reporting 1003 - Financial Statement Audit Completion
Checklist Reporting 1003 - Financial Statement Audit Completion Checklist
Reporting 1003 - Financial Statement Audit Completion Checklist Reporting
1003 - Financial Statement Audit Completion Checklist Reporting 1003 -
Financial Statement Audit Completion Checklist Reporting 1003 - Financial
Statement Audit Completion Checklist Reporting 1003 - Financial Statement
Audit Completion Checklist Reporting 1003 - Financial Statement Audit
Completion Checklist Reporting 1003 - Financial Statement Audit Completion
Checklist Reporting 1003 - Financial Statement Audit Completion Checklist
Reporting 1003 - Financial Statement Audit Completion Checklist
Section I: Planning and Concluding the Audit N/A Yes No* Ref.
1. Has the audit team documented that it has
a. established an understanding with those contracting
for the audit, officials of the entity, or others defined
as the client and those charged with governance as to the
objectives of the work; management's responsibilities;
auditors' responsibilities; an overview of the nature,
extent, and timing of planned audit procedures, the form,
general content, and timing of communications; planned
reporting on the financial statements, internal control,
and compliance; the planned level of assurance; any
limitations of the work and any potential restrictions on
the auditor's reports; and
b. issued an engagement letter, contract, or other
written communication to describe the terms of
the engagement?
(FAM 215 and GAGAS, par. 4.06)
2. Was an entrance conference held? (FAM 215 A)
3. Does audit documentation contain an understanding of
the entity, its operations, and its internal controls
sufficient to assess risk and plan the audit? (FAM
290.03-.04)
4. Does the audit documentation contain an adequate
audit strategy and audit plan? (FAM 290.05 and FAM
290.09)
Section I: Planning and Concluding the Audit N/A Yes No* Ref.
5. Did the audit team adequately perform and document
planning steps (FAM 290.05) to include
a. Perform preliminary analytical procedures? (FAM
225)
b. Determine planning and design materiality and
tolerable misstatement? (FAM 230)
c. Identify and justify methodology used to assess
computer-related controls if other than the
FISCAM? (FAM 240)
d. Identify significant laws and regulations? (FAM
245)
e. Identify relevant budget restrictions? (FAM 250)
f. Design the audit to achieve an acceptable level of
audit assurance that the financial statements are
not materially misstated? (GAO uses 95 percent.)
(FAM 260)
g. Discuss the susceptibility of the entity's financial
statements to material misstatement? (FAM 260)
h. Assess inherent risk and the overall effectiveness
of the control environment, risk assessment,
communication, and monitoring, including
whether weaknesses in the control environment,
risk assessment, communication, and monitoring
preclude the effectiveness of specific control
activities? (FAM 260)
i. Assess fraud risks, including any related to
revenue and to management override of controls,
and exercise professional skepticism throughout
the audit? (FAM 260 and FAM 290.08)
j. Brainstorm risk of material misstatement
including fraud risk and error risk? (FAM 260)
k. Consider the effects of information technology,
including service centers? (FAM 270)
l. Consider operations controls to be tested? (FAM
275)
m. Plan other procedures (representation letters,
related party transactions, sensitive payments)? (FAM
280)
Section I: Planning and Concluding the Audit N/A Yes No* Ref.
5. (continued)
n. Determine locations to be visited? (FAM 285)
o. Determine staffing requirements? (FAM 290.05)
p. Determine timing of procedures and milestones?
(FAM 290.05)
q. Determine extent of assistance from entity
personnel? (FAM 290.05)
6. Does the audit strategy consider findings and
recommendations from previous audits that could
affect the current audit objectives? (GAGAS, par. 4.09)
7. Did the audit team identify budget controls for each
relevant budget restriction and perform sufficient work
to support the conclusions on internal control?
(FAM 250, 310.06, 330.09)
8. Did the audit team identify compliance controls and
perform sufficient work to support the conclusions on
internal control? (FAM 245, 310.05, 330.10)
9. Did the audit team use the work of others (CPA firms,
IGs, internal auditors, or specialists)? (FAM 650)
10. Did the audit team perform overall analytical
procedures, including documentation of
a. expectations,
b. data/sources,
c. parameters,
d. explanations/corroboration, and
e. conclusions?
(FAM 590.04)
Section I: Planning and Concluding the Audit N/A Yes No* Ref.
11. Does the documentation indicate that the audit team
properly performed procedures in the reporting phase of
the audit (FAM 590) as follows:
a. Evaluate misstatements, including considering whether
any misstatements are indicative of fraud? (FAM 540)
b. Bring all uncorrected known and likely misstatements
to the attention of entity management and those charged
with governance? (FAM 540.07)
c Obtain attorneys' representations? (FAM 550.02 and FAM
1002)
d. Review subsequent events? (FAM 550.04 and FAM 1005)
e. Obtain management representations? (FAM 550.07 and FAM
1001)
f. Identify and evaluate related party transactions? (FAM
550.12 and FAM 1006)
g. Communicate with those charged with governance? (FAM
550.13)
h. Review the consistency of other information in the
Annual Financial Report? (FAM 580.77)
Section I: Planning and Concluding the Audit N/A Yes No* Ref.
12. Does the audit summary memorandum or equivalent
properly summarize or refer to documentation (FAM
590.02-.03) addressing the following? a. Any changes from
original assessments of the risk of material
misstatement, materiality, or tolerable misstatement? b.
Additional fraud risks or other conditions identified
during the audit calling for an additional response and
the related response? c. The basis for conclusions on
significant auditing, accounting, and reporting issues?
d. Conclusions on adequacy of procedures and sufficiency
of evidence? e. The effects of uncorrected misstatements
(known and likely) on the financial statements? f.
Conclusions on financial statements? g. Conclusions on
internal control? h. Conclusions on whether the entity's
financial management systems meet the requirements of
FFMIA? i. Conclusions on compliance with laws and
regulations? j. Conclusions on the consistency of
accompanying information with the financial statements?
13. Has the audit director determined that communications
have occurred among the audit team members
regarding fraud risks and error risks? (FAM 540.19)
Section I: Planning and Concluding the Audit N/A Yes No* Ref.
14. Is there documentation that
a. The director approved deviations from the "should"
procedures in the FAM and the basis for the deviations?
(FAM 110.28)
b. The auditor complied with "must" procedures of
professional auditing standards as noted in the FAM? (FAM
110.28 and Appendix B)
Section II: Key Audit Areas N/A Yes No* Ref.
Answer the questions below for each key audit area or
cycle. The key audit areas and cycles to which these
questions apply are
____________________________ 1. Did the audit team
prepare the documentation
summarizing considerations in planning and performing the
work in the key audit areas and cycles
for
a. Cycle Matrix or an equivalent (or documentation in
Account Risk Analysis or an equivalent)
showing links between accounts, cycles,
applications and line items? (FAM 290.06)
b. Account Risk Analysis or an equivalent? (FAM 290.07)
c. Cycle Memorandum and/or flowchart or equivalents? (FAM
390.05)
d. Specific Control Evaluation or an equivalent? (FAM
390.07)
e. Written audit plan and procedures? (FAM 390.01)
2. If conditions changed during the course of the audit,
were the audit strategy, audit plans, and procedures
modified as appropriate in the circumstances, including
evidence of first partner/director approval?
(AU 311.05)
Section II: Key Audit Areas N/A Yes No* Ref.
3. When the audit team performed sampling, did it
properly determine and document the
a. method used in relation to test objectives,
b. sample size and the method of determining the sample
size,
c. tests performed,
d. results (misstatements and deviations found),
e. evaluation (including projection to the population),
and
f. conclusions? (FAM 490.05)
4. When the audit team performed substantive analytical
procedures, did it properly document a. expectations and
the method used to develop them, b. data
sources/reliability, c. limit/criteria, d. client
explanations and corroborating evidence, e. additional
procedures, if any and f. conclusions? (FAM 490.07)
5. When the audit team performed interim testing, did it
a. test the rollforward period,
b. properly document the
i. basis for using interim testing and the line items/
accounts and assertions tested,
ii. procedures performed, and
iii. effects of any misstatements found? (FAM 495 C.06)
6. Did the audit team evaluate the reasonableness of
significant accounting estimates made by
management? (AU 342)
Section II: Key Audit Areas N/A Yes No* Ref.
7. Were known and likely misstatements identified in the
testing of the key area carried forward to the Schedule
of Uncorrected Misstatements? (FAM 540.04 and FAM 595 C)
8. Did an IT specialist review the specific control
evaluation to evaluate the audit team's decision on which
controls are computer-related (including controls
relating to service-center-produced records)? (FAM
350.10)
Section II: Key Audit Areas N/A Yes No* Ref.
Based on the risk of material misstatement, did the audit
team perform adequate substantive audit procedures for
line items/accounts on the following pages? (If not a key
area, check the N/A box.)
Fund Balance with Treasury (FBWT)
Consider these issues:
o Did the audit team test the entity's year-end
reconciliation of Fund Balances with Treasury to
Treasury accounts?
o Did the audit team determine if the entity
a. researched and resolved differences before
making adjustments,
b. recorded any necessary adjustments in the
entity's FBWT accounts,
c. reported the adjustments to Treasury, if
applicable, and
d. disclosed in the notes to the financial
statements material unreconciled differences
and budget clearing account differences at
year-end, and material unreconciled
differences written off by the entity during
the year?
o Did the audit team assess (at absolute value) the
materiality of unreconciled differences, including
those in budget clearing accounts?
Receivables
Consider these issues:
o If substantive audit procedures were performed
prior to year-end, was there an adequate review of
transactions from the interim date to the balance
sheet date? (AU 313.08-.09)
o Were receivables confirmed and appropriate
follow-up steps taken, including second requests
and subsequent collections? (AU 330.30-.32)
o Are receivables stated at net realizable value after
allowance for uncollectible accounts? (AU 342.02)
Section II: Key Audit Areas N/A Yes No* Ref.
Inventories
Consider these issues:
o Were physical inventories observed at locations
where material amounts were located? (AU 331)
o If perpetual inventory records are maintained,
does the documentation indicate that differences
disclosed by the physical inventory (or cycle
counts) are properly reflected in the financial
statements? (AU 331)
o When the physical inventory is taken at a date
other than the balance sheet date (or where
rotating procedures are used), did the auditor
consider inventory transactions between the
inventory date(s) and the balance sheet date?
(AU 313.08-.09)
o Does the documentation contain evidence that
counts were correctly made and recorded (was
control over inventory tags or count sheets
maintained) and test count quantities were
reconciled with the counts reflected in the final
inventory? (AU 331)
o Were there adequate tests of
a. clerical accuracy of the inventory,
b. costing methods and substantiation of costs
used in pricing all elements of the inventory,
and
c. cutoff?
o Were analytical procedures used to test the
overall valuation of inventories?
Investments
Consider these issues:
o Was a summary schedule prepared (or obtained)
and details tested with respect to the description,
purchase price and date, changes during the
period, income, market value, etc. of investments?
o Were securities either examined or confirmed?
(AU 332)
Section II: Key Audit Areas N/A Yes No* Ref.
Property, Plant, and Equipment
Consider these issues:
o Was a summary schedule prepared (or obtained)
to show beginning balances, changes during the
period, and ending balances for
a. property, plant, and equipment, and
b. accumulated depreciation
and were significant activity and balances tested,
particularly for existence and other significant
assertions?
o Were property items capitalized or expensed in
accordance with consistent capitalization limits?
o Did the audit team perform tests of completeness,
such as testing from disbursements to property
records?
o Do the tests appear adequate and were proper
conclusions drawn?
Liabilities
Consider these issues:
o Did the audit team perform an adequate search
for unrecorded liabilities?
o Did the audit team consider expenses that might
require accrual (e.g., pensions, compensated
absences, other postretirement benefits, or
postemployment benefits provided to former or
inactive employees prior to retirement), and
whether accrued expenses were reasonably
stated?
Section II: Key Audit Areas N/A Yes No* Ref.
Revenue and Expenses
Consider these issues:
o Did the audit team compare revenue and
expenses for the period to expectations, based on
the budget and the results of the preceding
period? (AU 329)
o For significant variances and fluctuations from
expectations, were management's explanations
corroborated with other audit evidence or if
explanations could not be obtained, were other
audit procedures performed to determine
whether the variance is a misstatement? (AU 329)
o Did the audit team consider
a. the entity's revenue recognition policy,
b. unusual transactions, and
c. fraud risks?
o Do tests appear adequate, and were proper
conclusions drawn?
Statement of Budgetary Resources
Consider these issues:
o Were appropriate procedures applied, such as
a. understanding and testing the budget
execution controls,
b. tests of the process of preparing the
statement,
c. tests of undelivered orders, and
d. review of reconciliation to the President's
Budget?
Section III: Consultation N/A Yes No* Ref.
1. Where warranted by the complexity or unusual nature
of an issue (for example, issues where the FAM requires
consultation, issues not discussed in the FAM
or professional standards, going concern issues,
economic dependency issues, issues arising after
report issuance), was there appropriate consultation with
specialists, including the
o Reviewer,
o Statistician,
o Office of General Counsel, and
o Technical Accounting and Auditing Expert?
(FAM 100.26 and FAM Appendix A)
2. Were significant consultations appropriately
documented? (FAM 100.26)
3. Were the persons consulted made aware of all relevant
facts and circumstances?
Section IV: Report N/A Yes No* Ref.
1. Does the auditor's report or document containing the
auditor's report (FAM 580.04, 580.77) include
a. highlights page or executive summary (for GAO
reports);
b. transmittal letter (if appropriate);
c. conclusions on:
i. financial statements,
ii. internal control,
iii. whether the entity's financial management
systems substantially complied with the
requirements of the Federal Financial
Management Improvement Act of 1996
(FFMIA) for CFO act agencies,
iv. compliance with laws and regulations, and
v. consistency of other information with
financial statements?
d. objectives, scope, and methodology, including
description of instances where GAGAS and OMB
audit guidance were not followed; and
e. entity comments and auditor evaluation?
2. Is the auditor's report (FAM 580) appropriate as to
a. wording,
b. scope of work,
c. U.S. GAAP,
d. explanatory paragraphs,
e. opinion/disclaimer on financial statements,
f. opinion/conclusions on internal control,
g. conclusions on whether the entity's financial
management systems substantially comply with
the requirements of FFMIA (for CFO Act
agencies), and
h. reporting on compliance with laws and
regulations?
Section IV: Report N/A Yes No* Ref.
3. Is background material (purpose, authority, and
functions of programs/activities) limited to what is
necessary?
4. Is the auditor's report dated when all appropriate,
sufficient audit evidence is obtained to support the
opinion and all significant issues are resolved? (AU
530, FAM 580)
5. Does the auditor's report cover all periods for which
financial statements are presented? (AU 508.65)
6. If the financial statements of a prior period are
presented and have been audited by a predecessor
auditor whose report is not presented, does the auditor's
report refer to the predecessor auditor's
report? (AU 508.74)
7. Does the auditor's report describe the responsibility
the auditor is taking for supplementary information,
including stewardship information? (AU 551; FAM
580.78-.81)
8. When illegal acts involve funds received from other
governmental entities, did the audit team
a. satisfy itself that the audited entity notified the
proper officials of those entities within a reasonable
time?
b. If the entity did not, or was unable to do so because
the top official was involved, did the audit team report
these acts to the officials of those other governmental
entities? (GAGAS, par. 5.15-.18)
Section IV: Report N/A Yes No* Ref.
9. Does the auditor's report include
a. identification of which matters are significant
deficiencies and which are material weaknesses
(GAGAS, par. 5.11), and b. presentation of all identified
(1) instances of fraud and illegal acts that are more
than inconsequential, (2) material violations of
provisions of contracts or grant agreements, and (3)
material abuse? (GAGAS, par. 5.15)
10. When appropriate, did the audit team report directly
to outside parties on fraud, illegal acts, violations of
provisions of contracts or grant agreements, or
significant abuse? (GAGAS, par. 5.18)
11. Did the auditor consider the status of all known
significant findings and recommendations from prior
audits that affect the current year report, including
whether any failure to correct previously identified
deficiencies in internal control is a significant
deficiency or material weakness? (GAGAS pars. 5.11-.14.)
12. Did the auditor document the basis to support
(FAM 580.01) the
a. opinion about whether the financial statements
and disclosures comply in all material respects
with U.S. GAAP (FAM 560),
b. opinion/conclusion on internal control,
c. conclusion on whether the entity's financial
management systems substantially comply with
the requirements of FFMIA, (for CFO act
agencies), and
d. conclusion on compliance with laws and
regulations?
Section IV: Report N/A Yes No* Ref.
13. Did the auditor document the basis for reported
findings on
a. internal control deficiencies, including
classification of control deficiencies as material
weaknesses, other significant deficiencies, or other
control deficiencies (FAM 590.05),
b. entity's financial management systems lack of
substantial compliance with the requirements of FFMIA for
CFO act agencies (FAM 590.06), and
c. noncompliance with laws and regulations (FAM 590.07),
if any?
14. Did the auditor develop the elements of audit
findings to include (where appropriate and known) the
a. condition (describe the existing situation),
b. criteria (state what we are comparing to),
c. cause (reflect reason or reasons why the condition and
criteria differ), and
d. effect (describe the result of the difference between
the condition and criteria)?
(GAGAS paragraphs 4.14-.18)
15. Are recommendations and suggestions reasonable,
doable, and cost-effective?
Section IV: Report N/A Yes No* Ref.
16. Does the report obtain the views of responsible
officials in agency comments to include
a. either oral or written comments,
b. titles of senior official(s) involved,
c. accurate characterization of general agreement or
disagreement with the report,
d. description of the substance of the comments, and
e. auditor evaluation of the comments, particularly if
they disagree, are inconsistent, or conflict with the
report findings, conclusions, or recommendations.
(GAGAS paragraphs 5.32-.37)
17. Are there control deficiencies that do not meet the
criteria for significant deficiencies and do not affect
the
auditor's conclusions as to the effectiveness of internal
controls which the auditor may communicate orally or
in a separate management report? If so, did the auditor
document any oral communications? (FAM 580.49,
FAM 590.05, and GAGAS par. 5.14)
Section VI: GAO's Quality Control N/A Yes No* Ref.
1. Was the GAO report reviewed by the
a. audit director (first partner),
b. engagement quality control reviewer (second
partner),
c. Office of the General Counsel (form 124A),
d. Applied Research & Methods (form 124C), and
e. other stakeholders (form124C).
2. Did the audit director (first partner) review the
a. audit strategy (SAS 108.13-.14) or equivalent,
including sampling approach (FAM 290.05),
b. account risk analyses or equivalent for material areas
with high or moderate risk of material misstatement (FAM
290.07),
c. audit summary memorandum (FAM 590.02-.03),
d. management representation letter (FAM 1001),
e. legal representation letter (FAM 1002),
f. schedule of uncorrected misstatements (FAM 595 C),
g. exit conference memorandum (FAM 590.10),
h. GAO report with entity financial statements and
related disclosures,
i. referencing review sheet (GAO form 92),
j. GAO abbreviated audit documentation set (GAO form
419A), and
k. this audit completion checklist (FAM 1003)?
(FAM 1301.17)
Section VI: GAO's Quality Control N/A Yes No* Ref.
3. Did the assistant director review the
a. entity profile or equivalent (FAM 290.04),
b. audit strategy (SAS 108.13-.14) or equivalent,
including sampling approach (FAM 290.05),
c. account risk analyses or equivalent (FAM 290.07),
d. initial audit plan with procedures (FAM 290.09),
e. line item/account lead schedules,
f. completed audit plan with procedures (FAM 290.09),
g. specific control evaluations (FAM 330.07),
h. audit summary memorandum (FAM 590.02-.03),
i. Checklist for Federal Accounting (FAM 2010) and
Checklist for Federal Reporting and Disclosures (FAM
2020) for statements using U.S. GAAP promulgated by
FASAB,
j. financial reporting and disclosure checklist for
statements using GAAP promulgated by FASB,
k. management representation letter (FAM 1001),
l. legal representation letter (FAM 1002),
m. schedule of uncorrected misstatements (FAM 595 C),
n. exit conference memorandum (FAM 590.10),
o. GAO report with entity financial statements and
related disclosures,
p. referencing review sheet (GAO form 92),
q. GAO abbreviated audit documentation set (GAO form
419A), and
r. this audit completion checklist (FAM 1003)?
(FAM 1301.17)
4. Did the assistant director determine that all
significant
review notes were resolved appropriately? (FAM
1301.27-.28)
Section VI: GAO's Quality Control N/A Yes No* Ref.
5. Did the assistant director indicate that all
documentation was sufficiently reviewed? (FAM 1301.05)
6. Were review notes, superseded versions of
documentation, and draft reports (except the referenced
draft and the draft sent to the entity for comment),
including review notes and superseded versions in
electronic form, placed in a separate folder to be
retained until the report is released, after which they
may be destroyed or deleted electronically up to 60 days
after the report release date? (FAM 1301.28)
7. Were review responsibilities documented and
communicated to all individuals on the assignment? (FAM
1301.23)
8. Was documentation prepared by an IT specialist
reviewed by an IT manager or IT assistant director for
technical content and by a member of the audit team to
determine that related audit objectives were achieved?
(FAM 1301.24)
9. For areas that are both material and have high risk of
material misstatement, did the audit director or
assistant director perform secondary reviews of the
documentation? (FAM 1301.12)
10. Was all documentation prepared by the audit director
or assistant directors read by the auditor-in-charge to
determine its consistency with any related documentation?
(FAM 1301.15)
11. If the documentation indicated a difference of
opinion between engagement personnel or between
engagement personnel and a specialist or other person
consulted, was the difference resolved appropriately and
was the basis of the resolution documented? (FAM 1302)
Section VII: Explanation of "No*" Answers and Other Comments
The page below is provided for comments on all "No*" answers or to expand
upon any of the "Yes" and "N/A" answers as needed, and may be modified as
necessary. * For some questions, "No" answers may indicate departures from
professional standards or from auditor policies. The auditor should
explain all "No" answers below and determine the effects and significance
of "No" answers, including any effect on the auditor's report.
Page no. Question no. Explanatory comments Conclusion
Section VIII: Conclusions Yes No**
Based on your review and knowledge, do you believe
1. The audit team performed the engagement, in all material
respects,
in accordance with GAGAS (which include U.S. GAAS) and
applicable OMB guidance, or the auditor's report was
appropriately modified?
2. The financial statements conformed, in all material respects,
with
U.S. GAAP, or the auditor's report was appropriately modified?
3. The auditor's report was appropriate in the circumstances?
4. The documentation on this engagement supports the auditor's
o opinion on the financial statements,
o opinion/conclusions on internal control,
o conclusions on whether the entity's financial management
systems substantially comply with the requirements of FFMIA (for
CFO act agencies), and
o conclusions on compliance with laws and regulations.
5. The audit team complied, in all material respects, with the
audit
organization's policies and procedures.
** If any of the above 5 statements have "No" responses, please describe
the response in a memorandum to the reviewer. Date of audit completion
___________________________________
Auditor-In-Charge_________________________________________ Date
_______________ Audit Manager ___________________________________________
Date _______________
Assistant Director ________________________________________ Date
_______________ Audit Director ___________________________________________
Date _______________
Reporting 1003 - Financial Statement Audit Completion Checklist
For GAO financial audits this is the chief accountant or another director
who is a CPA and an experienced financial statement auditor.
Reporting 1003 - Financial Statement Audit Completion Checklist
[This page intentionally left blank.]
Reporting 1005 - Subsequent Events Review Entity
______________________________________________________________ Period of
financial statements __________________________________________ Job code
____________________________________________________________
References
Visible links
209. http://www.gao.gov/special.pubs/gaopcie/
210. fmailto:[email protected]
220. http://www.ignet.gov/pande/faec/fsan0906.xls
222. http://www.opm.gov/asd/htm/bal06.htm
225. http://www.fms.treas.gov/
241. http://www.usdoj.gov/civil/forms/forms.htm
242. http://www.usdoj.gov/civil/forms/forms.htm
*** End of document. ***