Elaine M. Frenette, CPPM, CF NES 2011 Las Vegas, NV Reader’s Digest Version The Yellow Book 1.

Elaine M. Frenette, CPPM, CF

NES 2011

Las Vegas, NV

Reader’s Digest Version

The Yellow Book

1

Objective

Provide a brief ‘snapshot’ of the Government Auditing Standards (Yellow Book) for Performance Audits

(not meant to be ‘end-all’ and ‘be-all’ – you MUST read and assimilate GAGAS)

2

Objective

3

Take a slightly smaller bite of the elephant rather than

trying to swallow the elephant

whole!

Generally Accepted Government Auditing Standards (GAGAS)

Yellow Book - July 2007 Revision

2010 Exposure Draft issued August 2010

– Invited comments through 22 November 2010

Issued in Final Form – 2011

– Will supersede July 2007 revision

– Effective date – established when issued

4

•Major developments in the accountability & audit profession

•Emphasize specific considerations applicable to government environment

http://www.gao.gov/govaud/ybk01.htm

5


Performance Audits

Chapters 1 – 2 – 3

Chapters 7 and 8

Apply when performing performance audits in accordance with GAGAS

6

Performance Audits

Chapter 1

Use and Application of GAGAS

Chapter 2

Ethical Principles in Government Auditing

Chapter 3

General Standards

7

Chapter 1Use and Application of GAGAS

• “Provide a framework for performing high-quality audit work with – Competence– Integrity– Objectivity– Independence”

• Standards help accomplish this– If properly applied

8

Vocabulary

Auditor

“Individuals performing work under GAGAS…and, therefore, individuals who may have the titles auditor, analyst, evaluator, inspector, or other similar titles”

GAO-07-731G, p. 6

9

Vocabulary

Audit Organization

“Government audit organizations as well as public accounting firms that perform audits using GAGAS”

GAO-07-731G, p.6

10

Use and Application

• GAGAS (Yellow Book)

– Provide guidance & requirements in performing audits in an ethical manner

– Assist in “objectively acquiring and evaluating sufficient, appropriate evidence and reporting the results.”

GAO-07-731G, p.6

11

Professional Requirements

Professional requirements identified through use of language –

Two Categories– Describe degree of responsibility imposed on

auditors & organizations

Unconditional Requirements Presumptively Mandatory Requirements

12

Unconditional

• Dictionary.com:– Not limited by conditions; absolute;

complete

• GAGAS will use terms– MUST or IS Required

IF audit based on GAGAS – REQUIRED to comply with unconditional requirement where it applies

13

Presumptively Mandatory

• Presumptive• Synonyms:

ProspectiveLikelyCircumstantial

• GAGAS terminology• “should” instead of ‘must’ or ‘is

required’

14

Presumptively Mandatory

15

Explanatory Material

• Language is considered– ‘guidance’

– Further explanation of professional requirements

• Government expects ‘professional judgment’ to be used

16


• GAGAS terminology

MayMightCould

17


• Provides information in exercising professional judgment

• Does NOT mandate auditor to perform suggested procedures or actions

18

Compliance Statements

• If required or choose to use GAGAS

– Must comply with the standards

– Make reference in final report

• Two types of Statements– Unmodified

– Modified

19

Unmodified Statement

• Unmodified

– Followed ALL requirements in GAGAS

• Both unconditional & presumptively mandatory

OR

• Justified any ‘departure’ from presumptively mandatory requirements

– Documenting HOW objective of requirement was still achieved

20

Modified Statement

• When is MODIFIED statement used?

– Depends on significance of departure from requirement

• Scope of audit– Access unavailable to certain

records/individuals (Special Programs)

– Document reason for not performing audit in accordance with GAGAS

21

Modified Statement

• Assess significance of the noncompliance to audit objective

• DOCUMENT assessment (reasons for not following requirement)

• Determine type of GAGAS compliance statement

22

Other Professional Standards

• Authoritatively approved

– International Standards for the Professional Practice of Internal Auditing, The Institute of Internal Auditors, Inc. (www.theiia.org)

– Guiding Principles for Evaluators, American Evaluation Association

(www.eval.org)

23

http://www.theiia.org/

http://www.eval.org/

Other Professional Standards

GAGAS should be used if conflict between the two

24

Objectives

• ALL audits begin with objectivesLooking for an opinion

Clear and specific

Or

Multiple or overlapping objectives

25

Objectives

“What is the ultimate outcome of this exercise?”

“What are you trying to accomplish with this audit?”

“Auditing an organization’s performance, compliance with regulations, etc.?”

26

Performance Audits

• “Engagements that provide assurance or conclusions based on an evaluation of sufficient, appropriate evidence against stated criteria, such as specific requirements, measures, or defined business practices.”

GAO-07-731G Government Auditing Standards, p. 17

27

Performance Audits

Reasonably assured– appropriate type & amount of

information was obtained to support final audit report

Sufficiency & appropriateness– depends on audit objectives &

conclusions

28

Performance Audits

• “Dynamic Process”– Objective & procedure continually

reviewed

– To assure ‘sufficient, appropriate evidence against the stated criteria’

29

Performance Audits

• Goals & Objectives (audits/self assessments)

– Examples: (not limited to these)

• Determine organization

– Is in compliance with legislative, regulatory or organizational goals & objectives

– Is in compliance with sound procurement practices

– Has performance measures that are reliable, valid, relevant and effective in relation to their contractual obligations

30

Chapter 2Ethical Principles

• Provides fundamental principles

– Public Interest• acceptance of responsibility to serve the

public interest

– Integrity• fact-based, nonpartisan, honest

– Objectivity• Maintain attitude of impartiality

31

Ethical Principles

• Proper use of government info, resources, position

• Proper handling of sensitive/classified information or resources

• Exercising discretion• not using position for personal gain

• Professional behavior• Compliance with laws & regulations

32

Chapter 3General Standards

• Independence• Free from personal, external,

organizational impairments to independence – must remain impartial

• Avoid appearance of partiality

• Professional Judgment• Professional skepticism (management is

neither dishonest nor of unquestioned honesty)

– Questioning mind– Critical assessment of evidence

33

General Standards

“Believing that management is honest is not a reason to accept less than sufficient, appropriate evidence.”


34

General Standards

• Technical Knowledge/Competence • Blending of education and experience

• Commitment to continued learning and development

35

General Standards

• Continuing Professional Education (CPE)

• 24 hours of CPE every 2 years (directly relating to government auditing, government environment, or specific/unique environment of entity being audited)

• 56 additional

• TOTAL = 80

GAO-07-731G Government Auditing Standards pp. 53-54

36

General Standards

• Audit organization– MUST establish system of Quality

Control

• To provide assurance personnel comply with professional standards & legal/regulatory requirements

and

• External Peer Review

– At least once every 3 years (example: DCMA MICR)

37

Chapter 7Field Work Standards for Performance Audits

PlanningSupervising staffObtaining sufficient, appropriate

evidencePreparing audit documentation

38

Field Work Standards

Form framework for applying standards

Reasonable Assurance

Significance

Audit Risk

39

Reasonable Assurance

Evidence is sufficient and appropriate to support findings and conclusions

Sufficiency/appropriateness will varyAudit objectives

Findings

Conclusions

40

Significance

“Relative importance of a matter within the context in which it is being considered, including quantitative and qualitative factors.”

GAO-07-731G Government Auditing Standards p.123

41

Significance

SignificanceImpact of the matter to the overall

programRelevance of the matter

Professional Judgment

42

Audit Risk

Possibility auditor’s findings, conclusions, recommendations, assurance may beImproper or incomplete

WHY?Evidence NOT sufficient/appropriateInadequate audit processIntentional omissions/misleading info

due to misrepresentation/fraud

43

Audit Risk

Qualitative & Quantitative considerations – impact riskTime framesComplexitySize of program ($)Adequacy of audited system/processes

to detect inconsistencies, significant errors

Auditor’s access to records

44

Audit Risk

• Auditor will not detect Significant errorsInconsistencies

• Reduce RiskIncrease scope of workadd expertsChange methodology – obtain

additional evidence

45

Planning

• Must adequately plan and document the planning

– Reduces audit risk to provide reasonable assurance evidence is sufficient and appropriate to support findings and conclusions

46

Planning

• Define ObjectivesQuestions about the organization/function,

etc. that need to be answered

• Ex: How adequate is their acquisition system, maintenance or disposition program?

47

Planning

• Determine

– Scope (boundary)

• Subject matter to be assessed/reported on

• Ex: necessary documents/records, period of time, locations, etc.

– Methodology

• Specific steps used to gather information

• Includes nature and extent of procedures used

48

Planning

• Continuous Process

– SHOULD Assess Risk and significance

HOW??

49

Planning• Understand the following:

Nature of program being audited

Internal Controls (management control)

Information Systems

Legal/regulatory requirements/contract provisions/grant agreements

Results of previous audits

50

Planning

• Identify

– Criteria

• Ex: Policies & procedures; contract requirements

– Sources of audit evidence

• Determine amount/type

• If need to modify scope/methodology

• Evaluate

– Use work of others (auditors/experts)

51

Planning

• MUST Prepare written audit plan

– Form/Content – varies

– Includes:

Strategy

Key decisions about objectives/scope/methodology

Basis of decisions

52

Planning

• Written Audit Plan

– Provides supervisors opportunity to review work of auditors

Proposed objectives – produce useful report?

Plan addresses relevant risks?

Scope/methodology – adequately addresses objectives?

Evidence will likely be sufficient & appropriate?

53




54

SupervisionMUST properly supervise staff

Provide sufficient guidance/direction

Stay informed – significant problems

Review work performed

On-the-job training

55




56

Evidence

Sufficient and Appropriate

Integral to audit

57

Evidence

Appropriateness

“…measure of the quality of evidence that encompasses its relevance, validity, and reliability in providing support for findings and conclusions related to the audit objectives.”

58

GAO-07-731G Government Auditing Standards p. 147

Evidence

Sufficiency

“…measure of the quantity of evidence used to support the findings and conclusions related to the audit objectives.”

Has enough evidence been gathered?

GAO-07-731G Government Auditing Standards pp. 147

59

Evidence

• Professional Judgment

– Interpret

– Summarize

– Analyze

To determine sufficiency & appropriateness

Reporting results

60

Appropriate Evidence

• “…measure of the quality of evidence that encompasses its relevance, validity, and reliability in providing support for findings and conclusions related to the audit objectives.”

GAO-07-731G Government Auditing Standards p. 174

61

Appropriate EvidenceRelevance

– Logical relationship with/importance to issue being addressed – function being audited

Validity– Evidence based on sound

reasoning/accurate information

Reliability– Consistency of results– Verifiable/supported

Appendix I – additional guidance

62

Evidence

• Different types/sources

– Depends on audit objectives

Observation

Inquiry

Inspection

– Each with own strengths/weaknesses

• Which to choose???


63

Sufficient Evidence• Useful Presumptions

Greater the audit risk – greater the quantity & quality required

Stronger evidence – MAY allow less evidence to be used

Large volume of evidence – DOES NOT compensate for lack of relevance, validity, or reliability

64

Evidence

• Appendix I

– Additional guidance regarding TYPES of evidence

– Examples

• Internal Controls –

– Effective vs. Weak/nonexistent

• Examination of Original Documents vs. copies


65

Findings

• Elements of a Finding

Condition

Cause

Effect

66

Findings

Condition

“a situation that exists”

determined and documented during audit

67

Findings• Cause

– Reason for the condition

Could serve as basis for recommendations for corrective actions

Is evidence convincing enough – reasonable to explain WHY ‘condition’ exists

Many factors involved

Evidence needs to clearly demonstrate link between problem and cause

68

Effect

“A clear, logical link to establish the impact or potential impact of the difference between the situation that exists (condition) and the required or desired state (criteria)– Identifies the outcomes or consequences

of the condition”


69




70

Audit Documentation

MUST prepare audit Documentation

Planning

Conducting

Reporting

71

Audit Documentation

• Other experienced auditorUnderstands timing

How audit performed – results

How/what/source evidence obtained

Conclusions reached & supporting evidence

72

Audit Documentation

• Essential element of audit quality

– SHOULD document

Objectives, scope, methodology

Work performed – supports significant judgments

– Includes descriptions of transactions and records examined

73

Audit Documentation


»Unmodified

»Modified

74

Chapter 8Reporting Standards for Performance Audits

Form

Content

Issuance

75

Reporting

“Auditors MUST issue audit reports communicating the results of each completed performance audit.”


76

Report Form

• Appropriate for intended useElectronic

Written

Letters

Briefing slides

Other presentation materials

77

Report Content

• Objectives, scope, methodology

• Audit results (findings, conclusions, recommendations)

• Compliance statement

• Nature of any confidential/sensitive information omitted (if applicable)

78

Report Content

• Objectives

Clear, Specific, Neutral, Unbiased

Why audit performed (IAW FAR, DFARS, Company Procedures, etc.)

79

Report Content

• Scope Work conductedIssues, limitations (denials of access)Relationship between population and

items testedIdentify organization (audited entity)Geographic locationsPeriod coveredKinds/sources of evidence

80

Report Content

• Methodology

– How work supports objectives

Gathering of evidence

Analysis techniques (random sampling, purposive, etc.)

Any specific assumptions made

Criteria used

81

Report Findings

• Clearly developed

– Elements of a Finding

Condition

Cause

Effect

• Provides understanding for need of corrective actions

82

Report Findings

• Place findings in perspectiveRelate instances to population

Number of cases examined

• Quantify results

Dollar value, etc.

83

Reporting Conclusions

• Not merely summary of findings

Logical inference of overall status of program

Stronger when conclusions lead to recommendations, convincing audited entity that action is needed

84

Reporting Recommendations

• Effective RecommendationsEncourages improvements

Specific, practical, cost effective, measurable

Addressed to those with authority to act

85

Reporting Compliance


86

Reporting

• Views of Responsible OfficialsOf audited entity

• Any disagreements

• Mutual agreements

• Confidential or Sensitive InformationAuditors may consult with legal counsel

87

Distributing Report

• Those charged with governance

• Other appropriate officialsOrganizations requiring audit (ex: NASA)

Other officials responsible for acting on audit findings/recommendations

88

Appendix ISupplemental Guidance

• Doesn’t establish requirementsExplanatory Material

– Helps auditor implement standards

• Provides

Examples of situationsInformation to accompany

Chapters

89

U.S. Government Accountability Office


Previous versions

2010 Exposure Draft

Lots of other information

90

Questions

91

Elaine M. Frenette, CPPM, CF NES 2011 Las Vegas, NV Reader’s Digest Version The Yellow Book 1.

Documents

Transcript of Elaine M. Frenette, CPPM, CF NES 2011 Las Vegas, NV Reader’s Digest Version The Yellow Book 1.