Elaine M. Frenette, CPPM, CF NES 2011 Las Vegas, NV Reader’s Digest Version The Yellow Book 1.
-
Upload
randolph-butler -
Category
Documents
-
view
216 -
download
0
Transcript of Elaine M. Frenette, CPPM, CF NES 2011 Las Vegas, NV Reader’s Digest Version The Yellow Book 1.
Objective
Provide a brief ‘snapshot’ of the Government Auditing Standards (Yellow Book) for Performance Audits
(not meant to be ‘end-all’ and ‘be-all’ – you MUST read and assimilate GAGAS)
2
Objective
3
Take a slightly smaller bite of the elephant rather than
trying to swallow the elephant
whole!
Generally Accepted Government Auditing Standards (GAGAS)
Yellow Book - July 2007 Revision
2010 Exposure Draft issued August 2010
– Invited comments through 22 November 2010
Issued in Final Form – 2011
– Will supersede July 2007 revision
– Effective date – established when issued
4
•Major developments in the accountability & audit profession
•Emphasize specific considerations applicable to government environment
http://www.gao.gov/govaud/ybk01.htm
5
Performance Audits
Chapters 1 – 2 – 3
Chapters 7 and 8
Apply when performing performance audits in accordance with GAGAS
6
Performance Audits
Chapter 1
Use and Application of GAGAS
Chapter 2
Ethical Principles in Government Auditing
Chapter 3
General Standards
7
Chapter 1Use and Application of GAGAS
• “Provide a framework for performing high-quality audit work with – Competence– Integrity– Objectivity– Independence”
• Standards help accomplish this– If properly applied
8
Vocabulary
Auditor
“Individuals performing work under GAGAS…and, therefore, individuals who may have the titles auditor, analyst, evaluator, inspector, or other similar titles”
GAO-07-731G, p. 6
9
Vocabulary
Audit Organization
“Government audit organizations as well as public accounting firms that perform audits using GAGAS”
GAO-07-731G, p.6
10
Use and Application
• GAGAS (Yellow Book)
– Provide guidance & requirements in performing audits in an ethical manner
– Assist in “objectively acquiring and evaluating sufficient, appropriate evidence and reporting the results.”
GAO-07-731G, p.6
11
Professional Requirements
Professional requirements identified through use of language –
Two Categories– Describe degree of responsibility imposed on
auditors & organizations
Unconditional Requirements Presumptively Mandatory Requirements
12
Unconditional
• Dictionary.com:– Not limited by conditions; absolute;
complete
• GAGAS will use terms– MUST or IS Required
IF audit based on GAGAS – REQUIRED to comply with unconditional requirement where it applies
13
Presumptively Mandatory
• Presumptive• Synonyms:
ProspectiveLikelyCircumstantial
• GAGAS terminology• “should” instead of ‘must’ or ‘is
required’
14
Explanatory Material
• Language is considered– ‘guidance’
– Further explanation of professional requirements
• Government expects ‘professional judgment’ to be used
16
Explanatory Material
• Provides information in exercising professional judgment
• Does NOT mandate auditor to perform suggested procedures or actions
18
Compliance Statements
• If required or choose to use GAGAS
– Must comply with the standards
– Make reference in final report
• Two types of Statements– Unmodified
– Modified
19
Unmodified Statement
• Unmodified
– Followed ALL requirements in GAGAS
• Both unconditional & presumptively mandatory
OR
• Justified any ‘departure’ from presumptively mandatory requirements
– Documenting HOW objective of requirement was still achieved
20
Modified Statement
• When is MODIFIED statement used?
– Depends on significance of departure from requirement
• Scope of audit– Access unavailable to certain
records/individuals (Special Programs)
– Document reason for not performing audit in accordance with GAGAS
21
Modified Statement
• Assess significance of the noncompliance to audit objective
• DOCUMENT assessment (reasons for not following requirement)
• Determine type of GAGAS compliance statement
22
Other Professional Standards
• Authoritatively approved
– International Standards for the Professional Practice of Internal Auditing, The Institute of Internal Auditors, Inc. (www.theiia.org)
– Guiding Principles for Evaluators, American Evaluation Association
(www.eval.org)
23
Objectives
• ALL audits begin with objectivesLooking for an opinion
Clear and specific
Or
Multiple or overlapping objectives
25
Objectives
“What is the ultimate outcome of this exercise?”
“What are you trying to accomplish with this audit?”
“Auditing an organization’s performance, compliance with regulations, etc.?”
26
Performance Audits
• “Engagements that provide assurance or conclusions based on an evaluation of sufficient, appropriate evidence against stated criteria, such as specific requirements, measures, or defined business practices.”
GAO-07-731G Government Auditing Standards, p. 17
27
Performance Audits
Reasonably assured– appropriate type & amount of
information was obtained to support final audit report
Sufficiency & appropriateness– depends on audit objectives &
conclusions
28
Performance Audits
• “Dynamic Process”– Objective & procedure continually
reviewed
– To assure ‘sufficient, appropriate evidence against the stated criteria’
29
Performance Audits
• Goals & Objectives (audits/self assessments)
– Examples: (not limited to these)
• Determine organization
– Is in compliance with legislative, regulatory or organizational goals & objectives
– Is in compliance with sound procurement practices
– Has performance measures that are reliable, valid, relevant and effective in relation to their contractual obligations
30
Chapter 2Ethical Principles
• Provides fundamental principles
– Public Interest• acceptance of responsibility to serve the
public interest
– Integrity• fact-based, nonpartisan, honest
– Objectivity• Maintain attitude of impartiality
31
Ethical Principles
• Proper use of government info, resources, position
• Proper handling of sensitive/classified information or resources
• Exercising discretion• not using position for personal gain
• Professional behavior• Compliance with laws & regulations
32
Chapter 3General Standards
• Independence• Free from personal, external,
organizational impairments to independence – must remain impartial
• Avoid appearance of partiality
• Professional Judgment• Professional skepticism (management is
neither dishonest nor of unquestioned honesty)
– Questioning mind– Critical assessment of evidence
33
General Standards
“Believing that management is honest is not a reason to accept less than sufficient, appropriate evidence.”
GAO-07-731G Government Auditing Standards, p. 49
34
General Standards
• Technical Knowledge/Competence • Blending of education and experience
• Commitment to continued learning and development
35
General Standards
• Continuing Professional Education (CPE)
• 24 hours of CPE every 2 years (directly relating to government auditing, government environment, or specific/unique environment of entity being audited)
• 56 additional
• TOTAL = 80
GAO-07-731G Government Auditing Standards pp. 53-54
36
General Standards
• Audit organization– MUST establish system of Quality
Control
• To provide assurance personnel comply with professional standards & legal/regulatory requirements
and
• External Peer Review
– At least once every 3 years (example: DCMA MICR)
37
Chapter 7Field Work Standards for Performance Audits
PlanningSupervising staffObtaining sufficient, appropriate
evidencePreparing audit documentation
38
Field Work Standards
Form framework for applying standards
Reasonable Assurance
Significance
Audit Risk
39
Reasonable Assurance
Evidence is sufficient and appropriate to support findings and conclusions
Sufficiency/appropriateness will varyAudit objectives
Findings
Conclusions
40
Significance
“Relative importance of a matter within the context in which it is being considered, including quantitative and qualitative factors.”
GAO-07-731G Government Auditing Standards p.123
41
Significance
SignificanceImpact of the matter to the overall
programRelevance of the matter
Professional Judgment
42
Audit Risk
Possibility auditor’s findings, conclusions, recommendations, assurance may beImproper or incomplete
WHY?Evidence NOT sufficient/appropriateInadequate audit processIntentional omissions/misleading info
due to misrepresentation/fraud
43
Audit Risk
Qualitative & Quantitative considerations – impact riskTime framesComplexitySize of program ($)Adequacy of audited system/processes
to detect inconsistencies, significant errors
Auditor’s access to records
44
Audit Risk
• Auditor will not detect Significant errorsInconsistencies
• Reduce RiskIncrease scope of workadd expertsChange methodology – obtain
additional evidence
45
Planning
• Must adequately plan and document the planning
– Reduces audit risk to provide reasonable assurance evidence is sufficient and appropriate to support findings and conclusions
46
Planning
• Define ObjectivesQuestions about the organization/function,
etc. that need to be answered
• Ex: How adequate is their acquisition system, maintenance or disposition program?
47
Planning
• Determine
– Scope (boundary)
• Subject matter to be assessed/reported on
• Ex: necessary documents/records, period of time, locations, etc.
– Methodology
• Specific steps used to gather information
• Includes nature and extent of procedures used
48
Planning• Understand the following:
Nature of program being audited
Internal Controls (management control)
Information Systems
Legal/regulatory requirements/contract provisions/grant agreements
Results of previous audits
50
Planning
• Identify
– Criteria
• Ex: Policies & procedures; contract requirements
– Sources of audit evidence
• Determine amount/type
• If need to modify scope/methodology
• Evaluate
– Use work of others (auditors/experts)
51
Planning
• MUST Prepare written audit plan
– Form/Content – varies
– Includes:
Strategy
Key decisions about objectives/scope/methodology
Basis of decisions
52
Planning
• Written Audit Plan
– Provides supervisors opportunity to review work of auditors
Proposed objectives – produce useful report?
Plan addresses relevant risks?
Scope/methodology – adequately addresses objectives?
Evidence will likely be sufficient & appropriate?
53
Chapter 7Field Work Standards for Performance Audits
PlanningSupervising staffObtaining sufficient, appropriate
evidencePreparing audit documentation
54
SupervisionMUST properly supervise staff
Provide sufficient guidance/direction
Stay informed – significant problems
Review work performed
On-the-job training
55
Chapter 7Field Work Standards for Performance Audits
PlanningSupervising staffObtaining sufficient, appropriate
evidencePreparing audit documentation
56
Evidence
Appropriateness
“…measure of the quality of evidence that encompasses its relevance, validity, and reliability in providing support for findings and conclusions related to the audit objectives.”
58
GAO-07-731G Government Auditing Standards p. 147
Evidence
Sufficiency
“…measure of the quantity of evidence used to support the findings and conclusions related to the audit objectives.”
Has enough evidence been gathered?
GAO-07-731G Government Auditing Standards pp. 147
59
Evidence
• Professional Judgment
– Interpret
– Summarize
– Analyze
To determine sufficiency & appropriateness
Reporting results
60
Appropriate Evidence
• “…measure of the quality of evidence that encompasses its relevance, validity, and reliability in providing support for findings and conclusions related to the audit objectives.”
GAO-07-731G Government Auditing Standards p. 174
61
Appropriate EvidenceRelevance
– Logical relationship with/importance to issue being addressed – function being audited
Validity– Evidence based on sound
reasoning/accurate information
Reliability– Consistency of results– Verifiable/supported
Appendix I – additional guidance
62
Evidence
• Different types/sources
– Depends on audit objectives
Observation
Inquiry
Inspection
– Each with own strengths/weaknesses
• Which to choose???
Professional Judgment
63
Sufficient Evidence• Useful Presumptions
Greater the audit risk – greater the quantity & quality required
Stronger evidence – MAY allow less evidence to be used
Large volume of evidence – DOES NOT compensate for lack of relevance, validity, or reliability
64
Evidence
• Appendix I
– Additional guidance regarding TYPES of evidence
– Examples
• Internal Controls –
– Effective vs. Weak/nonexistent
• Examination of Original Documents vs. copies
Professional Judgment
65
Findings• Cause
– Reason for the condition
Could serve as basis for recommendations for corrective actions
Is evidence convincing enough – reasonable to explain WHY ‘condition’ exists
Many factors involved
Evidence needs to clearly demonstrate link between problem and cause
68
Effect
“A clear, logical link to establish the impact or potential impact of the difference between the situation that exists (condition) and the required or desired state (criteria)– Identifies the outcomes or consequences
of the condition”
GAO-07-731G Government Auditing Standards, p. 156
69
Chapter 7Field Work Standards for Performance Audits
PlanningSupervising staffObtaining sufficient, appropriate
evidencePreparing audit documentation
70
Audit Documentation
• Other experienced auditorUnderstands timing
How audit performed – results
How/what/source evidence obtained
Conclusions reached & supporting evidence
72
Audit Documentation
• Essential element of audit quality
– SHOULD document
Objectives, scope, methodology
Work performed – supports significant judgments
– Includes descriptions of transactions and records examined
73
Reporting
“Auditors MUST issue audit reports communicating the results of each completed performance audit.”
GAO-07-731G Government Auditing Standards, p. 160
76
Report Form
• Appropriate for intended useElectronic
Written
Letters
Briefing slides
Other presentation materials
77
Report Content
• Objectives, scope, methodology
• Audit results (findings, conclusions, recommendations)
• Compliance statement
• Nature of any confidential/sensitive information omitted (if applicable)
78
Report Content
• Objectives
Clear, Specific, Neutral, Unbiased
Why audit performed (IAW FAR, DFARS, Company Procedures, etc.)
79
Report Content
• Scope Work conductedIssues, limitations (denials of access)Relationship between population and
items testedIdentify organization (audited entity)Geographic locationsPeriod coveredKinds/sources of evidence
80
Report Content
• Methodology
– How work supports objectives
Gathering of evidence
Analysis techniques (random sampling, purposive, etc.)
Any specific assumptions made
Criteria used
81
Report Findings
• Clearly developed
– Elements of a Finding
Condition
Cause
Effect
• Provides understanding for need of corrective actions
82
Report Findings
• Place findings in perspectiveRelate instances to population
Number of cases examined
• Quantify results
Dollar value, etc.
83
Reporting Conclusions
• Not merely summary of findings
Logical inference of overall status of program
Stronger when conclusions lead to recommendations, convincing audited entity that action is needed
84
Reporting Recommendations
• Effective RecommendationsEncourages improvements
Specific, practical, cost effective, measurable
Addressed to those with authority to act
85
Reporting
• Views of Responsible OfficialsOf audited entity
• Any disagreements
• Mutual agreements
• Confidential or Sensitive InformationAuditors may consult with legal counsel
87
Distributing Report
• Those charged with governance
• Other appropriate officialsOrganizations requiring audit (ex: NASA)
Other officials responsible for acting on audit findings/recommendations
88
Appendix ISupplemental Guidance
• Doesn’t establish requirementsExplanatory Material
– Helps auditor implement standards
• Provides
Examples of situationsInformation to accompany
Chapters
89
U.S. Government Accountability Office
http://www.gao.gov/govaud/ybk01.htm
Previous versions
2010 Exposure Draft
Lots of other information
90