Impact on Those Conducting Government Financial Audits

HEADNOTE: The requirements of the 1988 revision of the Yellow Book are now effective and have important consequences for auditors of government organizations. The authors discuss major revisions to the government standards and their relationship to the auditing standards of the AICPA. Auditors undertaking this work must, in particular, be aware of requirements for continuing education, quality control, and reporting on a variety of topics. Inherent in our nation's governing process is the notion that public officials are accountable for the resources provided to carry out government programs and services. Government officials are expected to apply the resources properly, efficiently, and effectively and report on the financial and operational performance of the programs and services they manage. Auditing is an integral element of this process, as it provides an independent assessment of government accounting and performance.

Public accountants participate in this process when engaged to conduct audits in the government sector. In undertaking such engagements, public accountants may be required to follow the Government Auditing Standards.(1) These standards, issued by the Comptroller General of the United States and often referred to as the "Yellow Book," provide auditors with standards for conducting audits of government organizations, programs, activities, and functions. The standards help ensure that an audit is a fair, objective, reliable assessment of a government organization's performance.

A New Revision

The Government Auditing Standards were updated in August 1988, superseding the 1981 edition. The reasons for the revision were threefold:

* Expand and clarify explanations of certain standards;

* Expand and clarify the responsibilities of the auditors;

* Add requirements to improve audit quality.

Who Must Follow the Standards?

The standards must be followed when required by law or regulation, contract or agreement, or audit organization policy. Federal auditors must follow the standards as a matter of law or regulation. All auditors are required to follow the standards when conducting audits under the Single Audit Act. Public accountants conducting other types of government audits may, as a provision of their engagement, be required to follow the Yellow Book.

The Effective Date

The new standards, with three exceptions, became effective for audits beginning January 1, 1989. The new Yellow Book requirement for continuing education and training is phased in over two years and the requirement for an external quality control review is phased in over three years. The AICPA auditing standards for field work and reporting are incorporated in the Yellow Book and are effective on the dates established by the AICPA in each standard. These will be discussed later.

Major Revisions

The major revisions to the standards discussed herein are the following:

* Incorporation of references to the Single Audit Act;

* Guidance on procuring audit services;

* Clarification of the types of government audits;

* Requirements for continuing education and training;

* Standards on quality control;

* Supplemental standards of field work and reporting for financial audits.

Single Audit Act

The Single Audit Act of 1984 established requirements for financial audits of state and local governments that receive federal financial assistance. It requires that such audits be made in accordance with the Government Auditing Standards issued by the Comptroller General. The act, however, includes specific audit requirements that exceed the audit requirements set forth in the Yellow Book and the AICPA standards in the areas of internal control over federal programs and compliance with laws and regulations over each major federal program. To assist auditors conducting single audits, the Yellow Book includes footnote references to the Act's requirements under the standards for financial audits.

Procuring Audit Services

The revised Yellow Book includes a discussion on the importance of following sound procurement practices when contracting for audit services. While not an audit standard, the guidance points out that sound contract award, approval, and performance monitoring procedures should be in place and the objectives and scope of the audit should be clear in the request for proposal. Cited factors to be considered about the bidder in awarding the contract are: responsiveness to the request for proposal, past experience, availability of qualified staff, participation in an external quality control review program, and price.

Types of Government Audits

The revised Yellow Book describes the types of audits that audit organizations conduct, and that government organizations arrange to have performed. This description is not an audit standard itself and does not limit or require the types of audits that may be conducted or arranged.

The types of government audits are classified as financial and performance audits. Financial audits include financial statement and related audits. Performance audits include economy and efficiency audits and program audits.

The comprehensive nature of government auditing makes it important that those contracting to perform a government audit have a clear understanding of the audit objectives, the scope of the audit work and the reporting requirements.

Continuing Education and Training

The 1988 revision established a minimum number of hours of continuing education and training (CET), that auditors should complete every two years, and places responsibility on the audit organization to establish and implement a program to ensure that their auditors meet the CET requirements and to maintain documentation of the CET completed.

The CET requirements apply to all auditors who work on audits made in accordance with the Yellow Book. The requirement to complete at least 80 hours of CET every two years, that contributes to the auditor's professional proficiency, applies to each auditor responsible for planning, directing, conducting, or reporting on government audits. At least 20 of the 80 hours should be completed in any one year of the two- year period. Each auditor responsible for planning, directing, conducting substantial portions of the field work, or reporting on government audits, should complete at least 24 of the 80 hours in subjects directly related to the government environment and to government auditing. Auditors of entities that operate in a specific or unique environment, such as colleges and universities or hospitals, should receive training related to that environment. As previously stated, the new CET requirement is phased in over two years and must be completed before January 1, 1991.

Quality Control

The 1988 revision adds a new general standard, "quality control." To meet this standard, organizations conducting government audits should participate in an external quality control review program at least once every three years.

An external quality control review must be conducted by an unaffiliated organization, and the review program should determine: 1) the audit organization's internal quality control system is in place and operating effectively, and 2) established policies and procedures and applicable auditing standards are being followed for all audit work. However, review procedures should take into account the size and nature of the organization's audit work.

A number of quality control review programs are acceptable. Public accountants should participate in the AICPA practice-monitoring program or an equivalent program. Audit organizations should have an external quality control review completed before January 1, 1992.

Supplemental Field Work Standards

The Yellow Book incorporates the AICPA standards for field work and prescribes supplemental standards for financial audits. The following sections highlight the key aspects of these supplemental standards.

Consider Audit Needs of Other Governments

* Planning should include consideration of the audit

requirements of all levels of government.

Different levels of government share common interests in, and jointly fund, many programs and services. Often, the interests of individual governments cannot be isolated at the entity under audit because the contributed funds have been commingled. Where this situation exists, the Yellow Book requires that(2) auditors: 1) ascertain which governments are to be served by the audit, and 2) to the extent practicable, plan the audit so that it will help fulfill the legal and regulatory needs of identified potential users.

Testing Compliance

The revised Yellow Book prescribes supplemental standards for testing compliance with laws and regulations, as did the 1981 edition.

* A test should be made of compliance with applicable

laws and regulations.

Applicable laws and regulations are those that have a direct and material effect on the financial statements or the results of financial related audits.

If testing of compliance with laws and regulations is required to satisfy the audit objective:

* The auditor should design audit steps and procedures

to provide reasonable assurance of detecting errors,

irregularities, and illegal acts that could have a direct and

material effect on the financial statement amounts or the

results of financial related audits.

* The auditor should also be aware of the possibility of

illegal acts that could have an indirect and material effect

on the financial statements or results of financial related

audits.

In fulfilling these requirements, the auditor should follow the guidance contained in the following AICPA standards:

SAS 63. Compliance Auditing Applicable to Governmental Entities and Other Specified Recipients of Governmental Financial Assistance.

SAS 53. The Auditor's Responsibility to Detect and Report Errors and Irregularities.

SAS 54. Illegal Acts by Clients.

These SASs are effective for audits of financial statements for periods beginning on or after January 1, 1989. Earlier application is permissible. This effective date is in accordance with Government Auditing Standards.

Internal Controls

The Yellow Book and the AICPA standards require that:

* A sufficient understanding of the internal control

structure is to be obtained to plan the audit and to

determine the nature, timing, and extent of tests to be

performed.

The Yellow Book directs auditors to follow SAS 55, Consideration of the Internal Control Structure in a Financial Statement Audit, when fulfilling the above standard.

SAS 55 is effective for audits of financial statements for periods beginning on or after January 1, 1990. Earlier application is permissible. This effective date is in accordance with Government Auditing Standards.

Working Paper Requirements

The Yellow Book and the AICPA standards require that:

* A record of the auditors' work be retained in the form

of working papers.

Working papers are that vital link between the field work and the auditor's report. They serve as a record of the audit results, and thus, should be clear, well organized, complete, and accurate.

The revised Yellow Book adds several supplemental requirements for working papers. They should:

1. Contain the objective, scope, methodology, and results of the audit.

2. Contain a written audit program cross-referenced to the working papers.

3. Include summaries and lead schedules, as appropriate.

4. Contain sufficient information so that supplementary oral explanations are not needed.

5. Be legible, with adequate indexing and cross-referencing.

6. Restrict information to matters that are materially important and relevant to the objectives of the audit.

7. Contain evidence of supervisory review.

Supplemental Reporting Standards

The Yellow Book incorporates the AICPA standards for reporting and prescribes supplemental reporting standards for financial audits.

Reporting on Compliance

* The auditors should prepare a written report on their tests of compliance with applicable laws and regulations. This report, which may be included in either the report on the financial audit or a separate report, should contain a statement of positive assurance on those items which were tested for compliance, and negative assurance on those items not tested. It should include all material instances of noncompliance, and all instances or indications of illegal acts which could result in criminal prosecution.

Positive and Negative Assurances

Positive assurance consists of a statement by the auditors that the tested items were in compliance with applicable laws and regulations. Negative assurance is a statement that nothing came to the auditors' attention as a result of specified procedures that caused them to believe the untested items were not in compliance with applicable laws and regulations. When the financial audit did not require tests of compliance with laws and regulations, the report should contain a statement that the auditor did not test for such compliance.

Noncompliance

All material instances of noncompliance related to the entity's financial statements or the program, award, claim, fund, or group of accounts being audited should be reported. Further, several instances of noncompliance that may not be material separately, but that cumulatively could have a material effect on the financial statements or results of the financial related audit, should be reported. All instances of illegal acts that could result in the audited entity, or an officer or employee of the audited entity, being subject to criminal prosecution, should also be reported.

In reporting material noncompliance, the auditors should place their findings in proper perspective. The extent of noncompliance should be related to the number of cases examined to give the reader a basis for judging the prevalence of noncompliance. In presenting the findings, the auditor should follow the appropriate report contents standards and the report presentation standards for performances audits.

Other nonmaterial instances of noncompliance need not be disclosed in the compliance report but should be reported in a separate communication to the audited entity, preferably in writing. All communications should be documented in the working papers.

Reporting Illegal Acts

Public accountants conducting audits of government entities will discharge their responsibilities for reporting illegal acts, or indications of such acts found during or in connection with an audit, by promptly reporting to the top official of the entity arranging for the audit (including audit committees or others with equivalent authority). The auditor should also consider reporting to the appropriate oversight body. If the audited entity and the top official are believed to be party to such acts or are otherwise suspect, the auditor should report to the appropriate oversight body in all cases. Also, when the illegal acts involve funds received from other government entities, the audited entity should report to the proper officials, including those at the audit organization, of those entities. If the audited entity does not do so within a reasonable time or was unable to because the top official was involved, the auditor should report to the officials of those other government entities. Illustrative reports for reporting on compliance are included in SAS 63.

Reporting on the Internal Controls

The standard for reporting on internal controls is revised as follows.

* The auditors should prepare a written report on their

understanding of the entity's internal control structure

and the assessment of control risk made as part of a

financial statement audit, or a financial related audit.

This report may be included in either the auditor's report

on the financial audit or a separate report. The auditor's

report should include as a minimum: 1) the scope of the

auditor's work in obtaining an understanding of the

internal control structure and in assessing the control

risk; 2) the entity's significant internal controls or control

structure, including the controls established to ensure

compliance with laws and regulations that have a

material impact on the financial statements and results of

the financial related audit; and 3) the reportable

condition, including the identification of material weaknesses,

identified as a result of the auditor's work in

understanding and assessing the control risk.

The auditor's report should describe the extent of work done in obtaining and understanding of the internal control structure and in assessing the control risk.

Alternative ways for identifying the entity's significant internal controls are provided. Four examples are cited: cycles of activity, financial statement captions, accounting applications, and controls used in administering compliance with laws and regulations. In describing reportable conditions, auditors are required to indicate those they consider to be material weaknesses. Illustrative reports for reporting on internal control are included in SAS 63.

Reporting on Financial Related Audits

The revised Yellow Book includes a new standard for reporting on financial related audits.

* Written audit reports are to be prepared giving the

results of each financial related audit.

Three sources of guidance are cited for use, as appropriate, in preparing the report. These are the AICPA reporting standards, the Yellow Book supplemental reporting standards for financial audits, and if neither of these is relevant, the Yellow Book reporting standards for performance audits.

Concluding comments

Auditing has become a vital element of the accountability process in government. Public accountants who conduct government audits become part of this process.

The comprehensive nature of government auditing requires that auditors have a thorough knowledge of the government environment and government auditing relative to the objectives of the audit being conducted. In doing so, it is important that when conducting audits in accordance with the Government Auditing Standards, the auditor have a thorough understanding of the 1988 revision of the Yellow Book, the AICPA field work and reporting standards, and other audit requirements that may exist for government audits. This understanding is essential to help ensure the quality of government audits. (1)The 1988 revision of the Government Auditing Standards is for sale by the Superintendent of Documents, U.S. Government Printing Office, Washington, DC 20401, stock number 020-000-00243-3. (2)See also discussion in the Yellow Book, page 1-5(h).

William J. Anderson Jr., is a Project Manager in the Accounting and Financial Management Division of the U.S. General Accounting Office in Washington, DC. His duties and responsibilities include auditing and audit policy matters. He is a member of the Association of Government Accountants. W.A. Broadus Jr., CPA, is an Assistant Director in the U.S. General Accounting Office, Washington, DC, and is responsible for audit policy in the Accounting and Financial Management Division. He is a member of the Virginia Society of CPAs and the AICPA. He is currently on the VSCPA Board of Directors, the AICPA CPE Executive Committee and the AICPA Auditing Standards Board. He has authored and co-authored articles published in professional publications. Mr. Broadus is an adjunct accounting professor at the American University. Ronell B. Raaum is an Assistant Director in the Accounting and Financial Management Division of the U.S. General Accounting Office in Washington, DC. He has authored and co-authored articles on accounting and auditing, and a book, "Operational Auditing." He is a member of the Association of Government Accountants, and has served on various national committees and boards.