This is the accessible text file for GAO report number GAO-08-586G
entitled 'Financial Audit Manual: Volume 2: June 2008' which was
released on July 28, 2008.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Financial Audit Manual:
Volume 2:
July 2008:
United States Government Accountability Office:
GAO-08-586G:
July 2008:
To Audit Officials, Agency Cfos, And Others Interested In Federal
Financial Auditing And Reporting:
This letter transmits the revised Financial Audit Manual (FAM) Volume 2
of the Government Accountability Office (GAO) and the President’s
Council on Integrity and Efficiency (PCIE). GAO and the PCIE issued the
joint FAM in July 2001. The FAM presents a methodology to perform
financial statement audits of federal entities in accordance with
professional standards. We have updated the FAM for significant changes
that have occurred in auditing financial statements in the U.S.
government since the last major revisions to the FAM were issued in
July 2004.
To help the FAM continue to meet the needs of the federal audit
community and the public it serves, GAO and the PCIE created a joint
FAM Working Group. The Group is comprised of auditors from GAO and
several Offices of the Inspectors General experienced in conducting
audits of federal entity financial statements. Through a collaborative
effort, the FAM Working Group prepared a revised FAM Volume 2 that
contains audit tools. A revised FAM Volume 1 that contains the audit
methodology is being issued separately. FAM Volume 3, which contains
checklists for Federal Accounting (FAM 2010) and Federal Reporting and
Disclosures (FAM 2020), was issued on August 28, 2007 (GAO-07-1173G).
On October 5, 2007, we issued exposure drafts of FAM Volumes 1 and 2
for an extended public comment period that ended on January 31, 2008.
We received 15 letters of comment which have been considered in this
issued version of FAM Volume 2, as well as FAM Volume 1.
The revisions to the FAM are primarily due to changes in (1)
professional auditing and attestation standards of the Auditing
Standards Board of the American Institute of Certified Public
Accountants (AICPA); (2) Government Auditing Standards issued by GAO;
(3) audit and reporting guidance issued by the Office of Management and
Budget (OMB); (4) accounting standards issued by the Federal Accounting
Standards Advisory Board (FASAB); and (5) laws.
Summary of Major Revisions and Improvements for FAM Volume 2:
FAM Volume 2 incorporates changes based on (1) AICPA Statement of
Auditing Standards (SAS) No. 100 through 114, which include the audit
risk standards (SAS Nos. 104 through 111); (2) Government Auditing
Standards (July 2007 Revision); (3) audit guidance in OMB Bulletin No.
07-04, Audit Requirements for Federal Financial Statements (September
4, 2007); and (4) financial reporting guidance in revised OMB Circular
No. A-136, Financial Reporting Requirements (June 29, 2007).
FAM Volume 2 also includes the effects on financial audits of FASAB
accounting concepts and standards issued through May 31, 2007. This
includes accounting, reporting, and disclosure requirements for social
insurance, heritage assets and stewardship land, and earmarked funds.
Finally, throughout the updated FAM Volume 2, revisions were made for
new terminology, changes in the federal audit environment, and effects
of applicable laws. A table of major changes to FAM Volume 2 is
presented in attachment 1 to this letter.
This FAM Volume 2 supersedes previously issued versions of FAM Volume 2
through July 2004 and can be used to audit federal entity financial
statements for the fiscal year ended September 30, 2008.
Should you need additional information, please contact us at
fam@gao.gov or call GAO’s Financial Management and Assurance Assistant
Directors Roger Stoltz, at (202) 512-9408; or Janet Krell, at (202) 512-
4716; Director Steve Sebastian at (202) 512-9521; or PCIE FAM Working
Group Leaders Alex Biggs, at (202) 693-5258; or Joel Grover, at (202)
927-5768. Other GAO FAM Project Team and PCIE FAM Working Group members
are presented in attachment 2 of this letter.
Sincerely yours,
/Signed/:
McCoy Williams:
Managing Director:
Financial Management and Assurance:
The Honorable Jon T. Rymer:
Chairman, Audit Committee:
President’s Council on Integrity U.S. Government Accountability Office
and Efficiency:
Attachments and enclosures:
Attachment I: Table of Major Changes to FAM Volume 2:
FAM section: Various;
Major change: SAS references, particularly the audit risk standards
(SAS No.104 through No. 111) have been codified in the appropriate AU
section.
FAM section: 650;
Major change: Some clarifications and new terminology throughout were
added for using the work of others.
FAM section: 701A;
Major change: Consistent with OMB audit guidance, performance measures
are excluded from internal control definitions effective starting in
fiscal year 2008 at FAM 701 A-8, II H.
FAM section: 802;
Major change: The general compliance checklist in FAM 802.06 lists five
general laws for compliance consistent with OMB audit guidance while
four other laws commonly assessed by auditors are now presented in FAM
802.07.
FAM section: 803;
Major change: New audit procedures for checking on Antideficiency Act
violations were added at FAM 803-6, steps 7 and 8.
FAM section: 902;
Major change: Auditing related parties and intragovernmental activity
and balances have been revised to be consistent with OMB auditing
guidance.
FAM section: 903;
Major change: The discussion of full costing per SFFAS No. 30 was
expanded at FAM 903.02.
FAM section: 921;
Major change: Treasury’s development and implementation of a new
Government Wide Accounting (GWA) system that will have a significant
impact on auditing Fund Balance with Treasury (FBWT) is discussed at
FAM 921.11-.12. Treasury’s plan to discontinue use of certain suspense
accounts is discussed at FAM 921.13. Because these changes are to occur
over several years, auditors should reevaluate their FBWT audit
procedures, some examples of which are now presented in FAM 921.17-.22.
FAM section: 921A;
Major change: Treasury processes and reports are being substantially
revised as a result of the implementation of the GWA system and other
changes.
FAM section: 921D;
Major change: The audit program was eliminated.
FAM section: 931;
Major change: This new section provides guidance on auditing heritage
assets and stewardship land as a result of SFFAS No. 29.
FAM section: 941;
Major change: This new section provides guidance on auditing the
Statement of Social Insurance as a result of SFFAS Nos. 17, 25, 26, and
28.
FAM section: 1001;
Major change: This section on management representation letters has
been revised to be consistent with changes in professional standards.
The effect of a change in management on representation letters was
added at FAM 1001.19.
FAM section: 1001A;
Major change: The example management representation letter was changed
to group representations by category (financial statements, internal
control, fraud, etc.) Representations were added for Antideficency Act
violations at FAM 1001 A.27, Statement of Social Insurance at FAM 1001
A.28-.36, consistency of budget information required by OMB audit
guidance at FAM 1001 A.37, and earmarked funds at FAM 1001 A.38.
“Government-wide polices” was deleted at FAM 1001 A.13 b.
FAM section: 1002;
Major change: A table for analyzing contingent losses was added to FAM
1002.06 and a new FAM 1002.12 was added for certain legal claims where
no monetary damages are being sought. FAM 1002.16 expanded the
discussion and timing of interim and final legal letters.
FAM section: 1003;
Major change: The audit completion checklist was revised to be
consistent with new professional standards and the revised FAM.
[End of table]
Attachment 2:
GAO FAM Project Team:
McCoy Williams, Managing Director: Steven J. Sebastian, Director:
Robert F. Dacey, Chief Accountant: Abraham D. Akresh, Senior Level
Expert for Auditing Standards: Roger R. Stoltz, Assistant Director:
Janet M. Krell, Assistant Director: Corinne P. Robertson, Senior
Auditor and Project Manager: William E. Boutboul, Project Manager:
Charles R. Fox, Project Manager: Suzanne Murphy, Project Manager: Vera
M. Seekins, Senior Auditor: Sharon O. Byrd, Audit Sampling Specialist:
Francis L. Dymond, Assistant General Counsel: Jacquelyn N. Hamilton,
Deputy Assistant General Counsel:
PCIE FAM Working Group Members:
The Honorable John P. Higgins, Jr., Chairman, Audit Committee, PCIE:
Alex Biggs, PCIE Working Group Leader, Office of Inspector General,
U.S. Department of Labor: Joel Grover, PCIE Working Group Leader,
Office of Inspector General, U.S. Department of Treasury: Debra Alford,
Office of Inspector General, U.S. Department of Defense: Morgan
Aronson, Office of Inspector General, U.S. Department of Interior: Ade
Bankole, Office of Inspector General, U.S. Department of Treasury:
Susan Barron, Office of Inspector General, U.S. Department of Treasury:
Paul Curtis, Office of Inspector General, Environmental Protection
Agency: Mary Harmison, Office of Inspector General, Federal Trade
Commission: Mark L. Hayes, Office of Inspector General, U.S. Department
of Justice: David S. Laun, Office of Inspector General, U.S. Department
of Justice: Marie Maguire, Office of Inspector General, National
Science Foundation: Kelly A. McFadden, Office of Inspector General,
U.S. Department of Justice: Joon Park, Office of Inspector General,
U.S. Department of Labor: Kieu Rubb, Office of Inspector General, U.S.
Department of Treasury: Gregory Spencer, Office of Inspector General,
U.S. Department of Education:
Contents-FAM Volume 2-Tools:
Planning And General:
Introduction to FAM Volume 2 – Tools: Using the Work of Others: Summary
of Audit Procedures and Documentation for Review of Other Auditors’
Work: Example Audit Procedures for Using the Work of Others: Example
Reports When Using the Work of Others: Agreed-Upon Procedures: Example
Agreed-Upon Procedures Engagement Letter: Example Representation Letter
from Responsible Entity on Agreed-Upon Procedures Engagement: Agreed-
Upon Procedures Engagement Completion Checklist: Example Agreed-Upon
Procedures Report:
Internal Control (See also FAM 900):
Assessing Agency Systems with the Federal Financial Management
Improvement Act (FFMIA): Example Audit Procedures for Testing Systems
Compliance with FFMIA: Summary Schedule of Instances of Systems
Noncompliance with FFMIA:
Compliance:
General Compliance Checklist:
Antideficiency Act:
Federal Credit Reform Act of 1990: Provisions Governing Claims of the
U.S. Government (31 U.S.C. 3711- 3720E) (Including the Debt Collection
Improvement Act of 1996) (DCIA): Prompt Payment Act: Pay and Allowance
System for Civilian Employees, as Provided Primarily in Chapters 51-59
of Title 5, U.S. Code: Civil Service Retirement Act, 5 U.S.C. Chapter
83: Federal Employees Health Benefits Act, 5 U.S.C. Chapter 89: Federal
Employees’ Compensation Act (FECA), 5 U.S.C. Chapter 81: Federal
Employees’ Retirement System Act of 1986 (FERS), 5 U.S.C.: Chapter 84:
Substantive Testing:
Related Parties, Including Intragovernmental Activity and Balances:
Example Account Risk Analysis for Intragovernmental Activity and
Balances: Example Specific Control Evaluation for Intragovernmental
Accounts: Example Audit Procedures for Intragovernmental and Other
Related Parties’ Activity and Balances: Auditing Cost Information:
Auditing Fund Balance with Treasury (FBWT): Treasury Processes and
Reports Related to FBWT Reconciliation: Example Account Risk Analysis
for Fund Balance with Treasury: Example Specific Control Evaluation for
Fund Balance with Treasury: Auditing Heritage Assets and Stewardship
Land: Auditing the Statement of Social Insurance:
Reporting:
Management Representations:
A Example Management Representation Letter: Inquiries of Legal Counsel:
Example Audit Procedures for Inquiries of Legal Counsel: Example Legal
Letter Request: Example Legal Representation Letter: Example Management
Summary Schedule: Financial Statement Audit Completion Checklist:
Subsequent Events Review:
Section 600:
Planning and General:
601 – Introduction to FAM Volume 2 – Tools:
.01: Volume 2 of the GAO/PCIE Financial Audit Manual (FAM) consists of
tools to assist the auditorp[Footnote 1] in performing a financial
statement audit of a federal entity. These tools are generally
organized according to the phases of the audit and are presented in
* FAM 600, the planning phase and general issues;
* FAM 700, the internal control phase;
* FAM 800, compliance;
* FAM 900, substantive testing; and
* FAM 1000, the reporting phase.
.02: Many of the tools in the various FAM sections include activities
that would be performed during other phases of the audit. Thus, the
auditor may refer to the FAM sections in volume 2 early in the audit.
For example, FAM 701, Assessing Compliance of Agency Systems with the
Federal Financial Management Improvement Act, includes procedures that
would be performed throughout the audit, not just during the internal
control phase, although many of them would be performed then. Also, FAM
902, Related Parties, Including Intragovernmental Activity and
Balances, has procedures that the auditor may decide to perform in the
planning and internal control phases of the audit as well as during the
testing phase.
.03: The audit procedures presented in the examples in this and other
FAM sections of volume 2 are examples of some of the audit steps
typically performed in each area. They are used in conjunction with the
appropriate FAM sections. In using these procedures, the auditor uses
professional judgment to add additional procedures, delete irrelevant
procedures, modify procedures, indicate the extent and timing of
procedures, and change the terminology to that used by the federal
entity to be audited. The auditor may integrate these steps with the
audit programs for related line items. For example, tests of
intragovernmental activity and balances in FAM 902 may be integrated
with tests of accounts receivable and payable, and, to improve
effectiveness, the auditor may coordinate those tests with related
nonintragovernmental activity and balances.
650 - Using the Work of Others:
.01: In many financial statement audits, the auditor uses the work and
reports of other auditors and specialists that may include CPA firms,
inspectors general[Footnote 2] (IG), state auditors, and internal
auditors. Specialists include actuaries and information systems (IS)
personnel. The auditor may contract with a CPA firm to perform parts of
an audit, or to perform the entire audit. The auditor expressing the
opinion on the financial statements is usually “the principal auditor”
as defined by AU 543.02, but this is a matter of professional judgment.
.02: FAM 650 provides guidance to auditors on designing and performing
oversight and other procedures when using the work of other auditors
and specialists. Various professional standards also provide guidance
in this area. These standards include AU 543, “Part of Audit Performed
by Other Independent Auditors;” AU 322, “The Auditor’s Consideration of
the Internal Audit Function in an Audit of Financial Statements;” AU
336, “Using the Work of a Specialist;”[Footnote 3] and AU 315
“Communications Between Predecessor and Successor Auditors.” These
standards have different requirements depending on whether the auditor
is using the work of an independent auditor, an internal auditor, or a
specialist.
.03: In the federal environment, the auditor may use the work of other
auditors and specialists in various situations. For example:
* Audits of federal entity financial statements, either consolidated or
individual bureaus, agencies, funds, or other components, by IGs or CPA
firms in accordance with GAGAS (which includes U.S. GAAS) and OMB audit
guidance.
* CPA firms, IGs, or specialists engaged to do parts of an audit (for
example, review information system (IS) controls, review actuarial
calculations, or test specific accounts).
* Reports on the processing of transactions by service organizations
(i.e. SAS No. 70 reviews under AU 324).
* Single audits or audits of federal funds provided to units of state
and local governments performed by state auditors and CPA firms.
* Work performed by internal audit functions (or equivalent, such as a
program review office or those performing A-123 internal control
reviews).
* Work performed by internal audit staff who provide direct assistance
to the auditor.
.04: AU 543.13 states that in some circumstances the auditor may find
it appropriate to participate in discussions regarding the accounts
with management personnel of the component whose financial statements
are being audited by other auditors and/or to make supplemental tests
of such accounts. The determination of the extent of additional
procedures, if any, to be applied rests with the principal auditor
alone in the exercise of professional judgment and in no way
constitutes a reflection on the adequacy of the other auditor’s work.
An auditor transmitting the other auditor’s opinion is not a principal
auditor; neither is the auditor expressing negative assurance on the
other auditor’s work. However, if the auditor assumes responsibility
for the opinion on the financial statements on which the auditor
reports without making reference to the audit performed by the other
auditor, the auditor taking responsibility should determine the extent
of procedures to be undertaken.
.05: FAM 650 provides guidance in making the judgments necessary for
the auditor to use the work of others, including the:
* type of reporting (FAM 650.09-.10);
* evaluation of the other auditors’ or specialists’ independence and
objectivity (FAM 650.11-.24);
* evaluation of the other auditors’ or specialists’ qualifications (FAM
650.25-.35); and:
* determination by the auditor on the level of review (FAM 650.36-.42
and: FAM 650 A).
.06: The auditor should coordinate with the other auditor whose work is
to be used. In turn, the other auditor should determine the needs of
the auditor who plans to use the work being performed so that the
professional judgments exercised by both auditors can satisfy the needs
of both. This is best done before major work is started. For example,
auditors of a consolidated entity (such as the U.S. government or an
entire department or federal entity) are likely to plan to use the work
of other auditors of subsidiary entities (such as individual
departments, agencies, bureaus, funds, or other components). This
coordination can result in more efficient and effective government
audits and avoid duplication of effort.
In addition, both auditors should coordinate throughout the audit so
that the timing needs of the auditor and the other auditor are met. The
auditor should provide instructions on audit procedures to be
performed, materiality considerations, reporting format, and any other
information deemed appropriate. The other auditor should perform the
requested procedures in accordance with these instructions and report
the findings solely for use by the auditor (AU 9543.03). The other
auditor should also provide full and timely access to appropriate
individuals and audit documentation for review by the auditor (GAGAS
par. 4.23). This may occur on an ongoing basis during the audit,
although this work may not be completely reviewed.
.07: In this coordination, the auditor should inform other auditors on
how their work and report will be used. AU 543.07 indicates that if the
auditor’s report will name the other auditor, the principal auditor
should obtain permission to do so and should present the other
auditor’s report together with its report. For CPA firms, this
permission may be obtained as part of the contracting process. As a
professional courtesy, the auditor generally should also provide other
auditors with a draft of its report to avoid surprises before final
issuance.
.08: When there is a difference of opinion, the auditor should confer
with the other auditor in an attempt to reach an agreement as to the
procedures that would be necessary to satisfy both auditors’
professional judgments. If both auditors are unable to reach agreement,
see FAM 650.54-.56. FAM 650 B contains example audit procedures for
using the work of others, which depend on the professional judgments
made.
Types of Reporting:
.09: There are various types of reporting when using the work of other
auditors and specialists. The type of reporting depends on the degree
of responsibility the auditor accepts and the work the other auditors
and specialists will perform. Factors for the auditor to evaluate in
deciding which type of reporting to use include the degree of assurance
to provide, legal requirements, and cost-benefit considerations. The
amount of resources required varies by type of report and generally
increases in the order presented below.
The auditor generally should decide the type of reporting in planning
the engagement. The auditor generally should discuss the type of
reporting with the other auditors or specialists early in the audit.
The auditor exercises professional judgment in making these decisions
and should document the basis for the decisions. AU 504.03 indicates
that an auditor is associated with financial statements when the
auditor has consented to the use of its name in a report, document, or
written communication containing the financial statements. The type of
reporting will depend on the auditor’s association with the report:
a. No association with report. In this situation, the other auditors or
specialists provide the report directly to the audited entity and/or to
significant users. The auditor may use this method when procuring the
audit but not acting as “the auditor.” Examples are when there is no
legal requirement for a separate audit report, or the user does not
need a separate audit report, or a separate audit report would provide
no additional information. When the auditor is required by law to
perform the audit, the auditor should not use this option as the
auditor is associated with the report.
b. Association with report. In this situation, there are two possible
types of transmittal letters: one expressing no assurance and one
expressing negative assurance on the other auditors’ work. For either
type, the auditor is associated with the financial statements as
described in AU 504. The fourth standard of reporting was amended by
SAS No. 113 in AU 150.02 to state “In all cases where an auditor’s name
is associated with financial statements, the auditor should clearly
indicate the character of the auditor’s work, if any, and the degree of
responsibility the auditor is taking, in the auditor’s report.”
Because the auditor did not perform the audit, the auditor should
disclaim an opinion and should not express its concurrence with the
other auditors’ opinion. The auditor may use this approach when the
auditor did not perform the audit but wants to issue a report or
letter. The auditor may also expand the letter to highlight certain
findings or information or to indicate that certain procedures were
performed. See example 1 of FAM 650 C for wording for both types of
transmittal letters which:
* Express no assurance. For this letter, the auditor issues a
transmittal letter without reviewing the other auditors’ audit
documentation. In these situations, the transmittal should be clear as
to the limitations of the work of the auditor who generally has the
responsibility to monitor audit contracts, as applicable, to meet the
requirements of statutory audit provisions, such as in the IG Act, CFO
Act, or Accountability of Tax Dollars Act of 2002.
* Express negative assurance. This letter indicates that the auditor
reviewed the other auditors’ or specialists’ report and related audit
documentation, inquired of their representatives, and found no
instances where the other auditors did not comply, in all material
respects, with U.S. GAAS or GAGAS.
c. The auditor issues a report that refers to other auditors’ reports
and indicates a division of responsibilities. To use this approach, the
auditor has two decisions to make: (1) whether the auditor may serve as
the principal auditor (AU 543.01-.03) and (2) whether the auditor will
refer to the work of the other auditors (AU 543.01-.10). For audits of
federal entities, auditors may be designated by law.[Footnote 4] The
auditor exercises professional judgment in making these decisions and
should document the basis for the decisions. One consideration in
deciding whether the auditor is the principal auditor is sufficient
knowledge of the entire entity, including portions audited by other
auditors. Another consideration is the materiality and importance of
the consolidated assets, liabilities, expenses, revenues, or net
position the auditor has not audited.
The auditor may issue a report that refers to other auditors when (1)
the other auditors have reported on financial statements for a
component entity that is part of the entity whose financial statements
the principal auditor is reporting on and (2) the principal auditor
does not wish to take responsibility for the other auditors’ work. (See
AU 543.09 for example wording.) This approach may be used only for CPA
firms or for other auditors that are organizationally independent (see
FAM 650.14) and should not be used for internal auditors or
specialists.
However, a reader of the report could question the basis for the
principal auditor issuing the opinion because of the significant
materiality and importance of the portion of the financial statements
audited by the other auditors. In this case, the principal auditor
should determine whether there is a need to issue a report that does
not mention the other auditors’ work, which may require additional work
(see FAM 650.09 e).
d. The auditor issues a report that expresses concurrence with the
other auditors’ report and conclusions. The auditor may use this
approach when other auditors have reported on financial statements and
the principal auditor needs or wants to provide more assurance than
what is provided in the transmittal letter. For example, a certain
audit may be required by law, in which the auditor, although allowed to
hire other auditors to do the work, is required to give its opinion. In
the absence of such a requirement, a report expressing concurrence is
generally not cost-effective because of the resources required.
Expressing concurrence means that the auditor would have reached the
same opinion or conclusion had it done the audit. Therefore, the
auditor should do the same level of work it would have done to take
responsibility for the other auditor’s work. In this instance both the
other auditor and the auditor that expresses concurrence are principal
auditors because both have sufficient knowledge of the overall
financial statements and the important issues, and the concurring
auditor, by reason of the level of work done, has also audited the
financial statements.
The auditor usually accomplishes this by reviewing the audit
documentation of the other auditor, having discussions with entity
management, and/or performing supplemental tests, (see example 2 in FAM
650 C for report wording).
This approach may be used only for CPA firms or for other auditors who
are organizationally independent (see FAM 650.14). The auditor should
not use this report for specialists, since AU 336.15 prohibits
reference to a specialist’s report unless the auditor issues a
qualified or adverse opinion or a disclaimer of opinion based on the
specialist’s work. The auditor also should not use this approach for
internal auditors. AU 322.19 states that the responsibility to report
on the financial statements rests with the auditor and cannot be shared
with internal auditors.[Footnote 5]
e. The auditor issues a report that does not mention the other
auditors’ or specialists’ work. In this situation, the auditor issues
the example report in FAM 595 A and/or FAM 595 B (as if no other
auditors or specialists were involved). This means the auditor takes
responsibility for the other auditors’ or specialists’ work. (See FAM
650.09 c for a discussion of principal auditor issues.) The auditor may
use this approach when the other auditors have done part of the audit.
(This approach also may be used when the other auditors have done
substantially the entire audit.) For example, a number of other
auditors may have audited individual components of an entity and the
auditor may audit the consolidation process. The auditor may use this
approach if the auditor has sufficient knowledge of the entire entity
and does additional work (see FAM 650.10).
The auditor generally should accomplish this by reviewing the audit
documentation, having discussions with entity management, and/or
performing supplemental tests. The auditor also should use this
approach when using the work of specialists and internal auditors
because professional standards do not permit referring to specialists’
or internal auditors’ work (unless, for specialists, the auditor issues
a qualified or adverse opinion or a disclaimer of opinion based on the
specialists’ work). GAO uses this approach in the audit of the
consolidated financial statements of the U.S. government.
.10: Table 650.1 presents an overview of the work the auditor generally
shouldperform for each type of report or letter. “Yes” means that the
auditor should perform some of that category of work. “No” means that
the auditor need not perform that category of work. The extent of work
in each category depends on the auditor’s professional judgment. See
FAM 650.36 for discussion on the level of review.
Table 650-1: Overview of Work Performed for Each Type of Reporting:
Type of reporting: No association with report (FAM 650.09 a);
Evaluate the other auditors' independence and objectivity (FAM 650.22-
.24): No[A];
Evaluate the other auditors' qualifications (FAM 650.25-.35): No;
Level of review (FAM 650.36-.42): None;
Hold discussions and/or perform supplemental tests (FAM 650.43-.47):
No.
Type of reporting: Auditor transmittal letter expresses no assurance
(FAM 650.09 b, first bullet);
Evaluate the other auditors' independence and objectivity (FAM 650.22-
.24): Yes;
Evaluate the other auditors' qualifications (FAM 650.25-.35): Yes;
Level of review (FAM 650.36-.42): Low or none;
Hold discussions and/or perform supplemental tests (FAM 650.43-.47):
No.
Type of reporting: Auditor transmittal letter expresses negative
assurance (FAM 650.09 b, second bullet);
Evaluate the other auditors' independence and objectivity (FAM 650.22-
.24): Yes;
Evaluate the other auditors' qualifications (FAM 650.25-.35): Yes;
Level of review (FAM 650.36-.42): Moderate or low;
Hold discussions and/or perform supplemental tests (FAM 650.43-.47):
No.
Type of reporting: Report refers to the other auditors’ report and
indicates a division of responsibilities (FAM 650.09 c);
Evaluate the other auditors' independence and objectivity (FAM 650.22-
.24): Yes;
Evaluate the other auditors' qualifications (FAM 650.25-.35): Yes;
Level of review (FAM 650.36-.42): Low or none;
Hold discussions and/or perform supplemental tests (FAM 650.43-.47):
No.
Type of reporting: Report concurs with the other auditors’ report or
does not mention the other auditors’ work (FAM 650.09 d and e);
Evaluate the other auditors' independence and objectivity (FAM 650.22-
.24): Yes;
Evaluate the other auditors' qualifications (FAM 650.25-.35): Yes;
Level of review (FAM 650.36-.42): High, moderate, or low;
Hold discussions and/or perform supplemental tests (FAM 650.43-.47):
Yes for internal auditors’ work (should include supplemental tests);
yes for auditors’ work for high level of review;
no for auditor’s work for moderate or low level of review.
[End of table]
Evaluating the Other Auditors’ or Specialists’ Independence and
Objectivity:
.11: Unless the auditor has no association with the report, the auditor
should evaluate the other auditors’ or specialists’ independence and
objectivity. Where the auditor has previously used the work of the same
other auditor, the auditor generally should update the previous
evaluation. Under GAGAS, chapter 3, audit organizations and individual
auditors should be free both in fact and appearance from personal,
external, and organizational impairments to independence. The auditor
should first evaluate organizational independence. Different standards
apply to CPA firms, other organizationally independent auditors,
internal auditors, and specialists.
.12: For CPA firms and specialists, the auditor may use a contracting
process that is part of its organization or a procurement function
within the entity to be audited. The auditor should determine whether
the firm selected represented [in the statement of work (SOW) or
request for proposal (RFP)] that it (and the assigned engagement team)
* is independent and objective with respect to the audited entity;
* will remain independent throughout the audit;
* will disclose any independence issues discovered;
and
* will immediately notify the COTR if it considers submitting a
proposal on any contracts involving the audited entity to permit
evaluation of whether its auditors’ independence could be impaired.
Firms should be asked to describe in their proposals all work,
including nonaudit services, they have done for the audited entity in
the last several years. See GAGAS, chapter 3, and Government Auditing
Standards: Answers to Independence Questions (GAO-02-870G, July 2002).
The auditor generally should determine whether the SOW or RFP indicate
that “The government will determine whether a firm is independent for
the purpose of performing an audit of financial statements of the
federal entity.” This avoids a potential dispute where, for example,
the firm does substantial nonaudit work for the entity to be audited
that the auditor views as a conflict. The technical evaluation panel
should evaluate whether the nature and extent of nonaudit services or
other factors causes an independence or objectivity issue, either in
fact or in appearance. In this evaluation, the panel generally should
determine whether (1) the other auditors will need to audit their own
work or (2) whether the other auditors made management decisions or
performed management functions.
.13: The auditor generally should have a role in contracting for the
CPA firm or specialist.[Footnote 6] When the auditor does not
participate in contracting for the CPA firm or specialist, the auditor
generally should obtain an overview of the contracting process,
including:
* reading the SOW or RFP;
* reviewing the proposal of the firm selected; and:
* understanding the evaluations of the panel selecting the firm.
The auditor should determine whether the firm provided a representation
as to independence and objectivity (usually in its proposal). If the
firm has not provided a representation as to independence and
objectivity, the auditor should obtain a representation from the firm.
If the auditor is not familiar with the firm, the auditor should
inquire of professional organizations, such as the AICPA or the Public
Company Accounting Oversight Board (PCAOB), as to the firm’s
professional reputation and standing.
.14: For government auditors, the auditor should decide whether the
other auditor is organizationally independent to report externally or
whether to consider it as an internal audit organization. The auditor
may refer to the work of organizationally independent government
auditors but should not refer to the work of internal audit
organizations in the audit report. The auditor generally should perform
more extensive review and supervision when dealing with internal
auditors. The auditor should obtain written representations from
appropriate officials[Footnote 7] of the government audit organization
that to the best of their knowledge, the organization and the
individual auditors doing the work are independent of the entity being
audited. This means that the individual auditors are free of personal
impairments to independence and maintain an independent attitude and
appearance. It also means that the auditor is free from external
impairments and is organizationally independent (see GAGAS, chapter 3).
The representation letter may indicate the general criteria for
determining independence, such as “under the criteria in GAGAS.” The
auditor should obtain representations for the period of the financial
statements to the date of the other auditors’ report. Since the auditor
decides on the independence and objectivity of the other auditors to
plan its work, the auditor generally should obtain oral representations
early in the audit and written representations at the end of the audit.
.15: Government auditors may be presumed to be free from organizational
impairments to independence when reporting externally to third parties
ifthey are organizationally independent of the audited entity.
Government auditors may meet the requirement for organizational
independence in a number of ways. There is a presumption that a
government auditor is organizationally independent (GAGAS, chapter 3)
if the auditor is assigned to:
a. a level of government other than the one to which the audited entity
is assigned (federal, state, or local), for example, a federal auditor
auditing a state government program; or:
b. a different branch of government within the same level of government
as the audited entity, for example, a legislative auditor auditing an
executive branch program.
.16: There is also a presumption of organizational independence if the
head of the government audit organization (GAGAS, chapter 3) meets one
of the following criteria:
a. directly elected by voters of the jurisdiction being audited;
b. elected or appointed by a legislative body, subject to removal by a
legislative body, and reports the results of audits to and is
accountable to a legislative body;
c. appointed by someone other than a legislative body, so long as the
appointment is confirmed by a legislative body and removal from the
position is subject to oversight or approval by a legislative body, and
reports the results of audits to and is accountable to a legislative
body; or:
d. appointed by, accountable to, reports to, and can only be removed by
a statutorily created governing body, the majority of whose members are
independently elected or appointed and come from outside the
organization being audited.
.17: If the other auditor or its head meets one of the above criteria,
the auditor need not perform any procedures concerning organizational
independence other than to obtain a representation letter from an
appropriate official of the government audit organization as noted in
FAM 650.14 (see FAM 650.23 for tests of personal independence).
However, if the auditor encounters evidence that the other auditor
might not be organizationally independent, the auditor should determine
the need for inquiries and other procedures, and then evaluate the
results of these procedures.
.18: In addition to the presumptive criteria, GAGAS recognizes that
there may be other organizational structures under which a government
audit organization could be free from organizational impairments. The
auditor should determine whether these other structures provide
sufficient safeguards to prevent the audited entity from interfering
with the government auditor’s ability to perform the work and report
the results impartially. For the auditor to determine that the
government audit organization is free from organizational impairments
to report externally under a structure different from the ones listed
above, the government auditor (GAGAS, chapter 3) should have all of the
following safeguards:
a. statutory protections that prevent the audited entity from
abolishing the government audit organization;
b. statutory protections that require that if the head of the
government audit organization is removed from office, the head of the
federal entity report this fact and the reasons for the removal to the
legislative body;
c. statutory protections that prevent the audited entity from
interfering with the initiation, scope, timing, and completion of any
audit;
d. statutory protections that prevent the audited entity from
interfering with the reporting on any audit, including the findings and
conclusions, or the manner, means, or timing of the government audit
organization’s reports;
e. statutory protections that require the government audit organization
to report to a legislative body or other independent governing body on
a recurring basis;
f. statutory protections that give the government audit organization
sole authority over the selection, retention, and dismissal of its
staff; and:
g. statutory access to records and documents related to the federal
entity, program, or function being audited, and access to government
officials or other individuals as needed to conduct the audit.
.19: If the auditor concludes that the government audit organization
has all the safeguards listed in FAM 650.18, the auditor may determine
that the governmental auditor is free from organizational impairments
to independence when reporting externally. The auditor should document
the statutory provisions in place that provide these safeguards.
.20: When using the work of other government auditors that meet these
requirements, the auditor should request a representation letter (see
FAM 650.14) from an appropriate official of the government audit
organization. The auditor should review this document and as necessary
discuss it with appropriate officials of the government audit
organization, the external quality assurance reviewer, legal counsel
for the government audit organization, and the auditor’s legal counsel.
.21: If the auditor decides that the government audit organization is
not organizationally independent to report externally (either because
it does not meet the criteria in GAGAS or for another reason), the
auditor should determine whether the other auditor is organizationally
independent to report internally. Such auditors are internal auditors.
The Institute of Internal Auditors’ (IIA), International Standards for
the Professional Practice of Internal Auditing defines internal
auditing as “an independent, objective assurance and consulting
activity designed to add value and improve an organization’s
operations. It helps an organization accomplish its objectives by
bringing a systematic, disciplined approach to evaluate and improve the
effectiveness of risk management, control, and governance processes.”
GAGAS contain guidance on organizational independence for government
internal auditors. For example, internal auditors should be outside the
staff or line management function of the unit under audit. They should
report their results and be accountable to the head or deputy of their
federal entity. IIA standards require internal auditors to be objective
for the activities they audit. These GAGAS and IIA standards of
independence for internal auditors differ from independence under the
AICPA Code of Professional Conduct or independence for external
auditors under GAGAS.
The auditor generally should determine whether the internal auditors
whose work is to be used are independent of the activities they audit.
The auditor also should determine the organizational status of the head
of the audit organization. For the audit organization to be considered
free from organizational impairments to report internally to
management, the head of the audit organization (GAGAS, chapter 3)
should meet all criteria:
a. is accountable to the head or deputy head of the government entity,
or those charged with governance;
b. is required to report the results of the audit organization’s work
to the head or deputy head of the government entity and those charged
with governance;
c. is located organizationally outside the staff or line management
function of the unit under audit;
d. has access to those charged with governance; and:
e. is sufficiently removed from political pressures to conduct audits
and report findings, opinions, and conclusions objectively without fear
of political reprisal.
.22: If the auditor concludes that the internal auditors are not
independent under GAGAS and IIA standards, the auditor should treat the
work as if the audited entity prepared it. If the auditor concludes
that the internal auditors are independent under GAGAS and IIA
standards, the auditor may use their work to the extent permitted by AU
322. In either case, the auditor should not issue a report referring to
or concurring with the work of internal auditors.
.23: In addition to evaluating the other auditors’ organizational
independence, the auditor should evaluate whether the audit team has
any personal impairments. For both internal auditors and
rganizationally independent government audit organizations, the auditor
generally should ask how the other auditors monitor the personal
independence of individual staff members, especially those doing the
work the auditor would like to use.
.24: The auditor should document the work performed and the conclusions
reached as to independence and objectivity. The documentation should
indicate the auditor’s conclusion as to whether the other auditors are
independent and objective and the basis for that conclusion. The
auditor should consult with the reviewer if there are questions about
the other auditors’ independence or objectivity.
Evaluating Other Auditors’ or Specialists’ Qualifications:
.25: After evaluating the other auditors’ or specialists’ independence
and objectivity, the auditor should evaluate their qualifications to
perform the specific tasks required. This involves evaluating the
qualifications of the firm or audit organization and evaluating the
qualifications of the specific audit team. Where the auditor has
previously used the work of the same other auditors, the auditor
generally should update the previous evaluation.
.26: For CPA firms and specialists, the auditor generally should
evaluate qualifications through the contracting process, usually by
using a technical evaluation panel to select a qualified firm. A firm
submits résumés for its audit team members, demonstrates why its team
is qualified to do the work, and submits its plan for doing the audit.
Each CPA firm should submit its latest peer review report, letter of
comments, and response to the peer review report. The firm should also
agree to submit updated peer review reports during the period of the
contract. If the peer review report was issued more than three years
earlier, the evaluation panel may obtain documentation relating to the
internal quality control policies and procedures of the selected firm,
or read the firm’s inspection report and response.[Footnote 8]
A CPA firm may also be asked to submit its latest public inspection
report prepared by the PCAOB, but these reports pertain to audits of
publicly traded companies and related quality controls. However, to the
extent they raise issues about quality controls or methodology, they
may be applicable to audits of federal entities.[Footnote 9]
.27: Where the auditor did not participate in the contracting process,
the auditor should determine how the qualifications of a firm were
evaluated. For example, did the technical evaluation panel review:
* Résumés of the team members?
* The audit approach?
* The peer review report and related letter of comments (if any)?
* The firm’s response to the peer review report?
The auditor should read these documents and reach a conclusion as to
qualifications.
.28: For auditors other than CPA firms, the auditor should ask whether
the audit organization had a peer review and the date of that review.
IGs have peer reviews performed every 3 years by other IGs. Most state
auditors also have peer reviews every 3 years. To comply with GAGAS,
the audit organization should have a peer review every 3 years. The IIA
standards indicate that “[e]xternal assessments, such as quality
assurance reviews, should be conducted at least once every five years
by a qualified, independent reviewer or review team from outside the
organization.”
While reviews under the IIA standard are not designed to report whether
the audit organization’s quality control adheres to GAGAS, they do
provide evidence about whether the work adheres to a recognized set of
professional standards. The auditor should read the peer review report,
the letter of comments, and the audit organization’s response. Where
the audit organization has received an unqualified peer review report
recently (usually less than 3 years ago), the auditor generally need
not perform further review of the audit organization’s qualifications.
.29: Where the peer review report is not recent, the auditor generally
should review the results of the audit organization’s internal
inspection program for any new quality control issues. The inspection
generally should include reviews of audit documentation, interviews of
staff members, and tests of functional areas. Where the inspection is
recent (usually within the past year) and the inspection report is
unqualified, the auditor generally need not perform further review of
the audit organization’s qualifications.
.30: Where the peer review or inspection report is qualified or
adverse, the auditor should evaluate whether the quality control system
has since been strengthened to allow the auditor to use the other
auditors’ work. The auditor may review the organization’s action plan
for improving quality controls and inspection results in determining
whether quality controls have improved since the peer review. The
auditor should evaluate the effect of remaining weaknesses in
determining the nature and extent of procedures to be performed.
.31: Where the latest peer review was completed more than 3 years
earlier and there is no inspection program, the auditor should obtain
an overview of the important quality control policies and procedures of
the other auditor.[Footnote 10]
The overview generally should cover the functional areas of:
* independence, integrity, and objectivity (FAM 650.11-.24);
* leadership responsibilities;
* ethical requirements;
* acceptance and continuance of clients and engagements;
* human resources (includes recruiting and hiring, advancement,
professional development and training, and assigning personnel to
assignments);
* engagement performance (includes supervision and consultation); and:
* monitoring programs.
.32: The auditor may obtain this information through interviews of the
other auditor’s management and staff and through reading its quality
control summary document. The auditor also may read the other auditor’s
manuals and other guidance for conducting audits.
.33: In addition to evaluating the other auditor’s qualifications, the
auditor also should evaluate the overall qualifications of the team
assigned to do the work. The auditor may review résumés of key team
members to accomplish this. The auditor should review the specific
education, training, certifications, and experience of key team
members. In evaluating qualifications, the auditor should review the
specific role of staff members on the job. When the auditor has
knowledge of qualifications from prior experience for key team members,
the auditor should inquire about their experience in the time since the
last audit.
.34: Where the auditor is not satisfied as to the qualifications of the
other auditor, the auditor generally should perform a more detailed
review of the documentation and/or perform supplemental tests of key
line items (see FAM 650.36).
The auditor should document the work performed and the conclusions
reached as to the other auditors’ qualifications. The documentation
should indicate the auditor’s conclusion as to whether the other
auditors are qualified to perform the tasks required and the basis for
that conclusion. The auditor should consult with the reviewer if there
are questions about the other auditors’ qualifications.
.35: If the auditor has significant concerns about the other auditors’
independence, objectivity, or qualifications, the auditor should revise
its audit strategy. For example, the auditor may:
* contract with another firm;
* ask the other auditors to substitute more highly qualified or
objective staff members;
* do the audit without using the other auditors’ work, treating any
work done by the other auditors as prepared by the audited entity;
* divide the work so that the other auditors test the areas where they
are qualified, and the auditor does the rest of the audit; or:
* issue a disclaimer of opinion.
Planning the Review and Testing of Other Auditors’ or Specialists’
Work:
.36: After evaluating the other auditors’ or specialists’ independence,
objectivity, and qualifications, the auditor should develop an audit
strategy and audit plan for reviewing and, if necessary, testing the
work done. In this strategy, the auditor generally should document the
level of review as high, moderate, or low. In some situations, the
auditor should perform significantly more work than the work shown for
the high level to include performing significant supplemental tests. In
other situations, the auditor may decide less review or no review is
necessary. These situations typically involve entities or line items
that are very small in relation to the financial statements taken as a
whole. In these situations, the auditor may decide to read the other
auditors’ report and the financial statements and ask questions if
anything seems unusual.
The auditor should reevaluate the audit strategy and plan as the work
progresses. If serving as the COTR, the auditor will assist the
contracting officer to ensure contractor compliance with the terms and
conditions of the contract. In addition, the IG Act requires that the
IG take appropriate steps to assure that any work performed by
nonfederal auditors complies with GAGAS. The level of review is a
professional judgment the auditor generally should make for significant
assertions in each material line item considering the following
factors:
a. The type of report or letter the auditor will issue, as less review
is needed for a transmittal letter than for reports in which the
auditor takes responsibility for the other auditors’ work (see FAM
650.10).
b. Whether the other auditors issue a disclaimer of opinion because of
a scope limitation, as less work is needed to concur with a scope
limitation than to concur with an unqualified opinion (see FAM 650.37).
c. Whether the auditor’s report might contain a disclaimer because of a
scope limitation, as less work is needed if the auditor’s report will
contain a scope limitation (see FAM 650.39).
d. The other auditors’ independence, objectivity, and integrity (both
for the audit organization and its audit team) are impaired, as the
level of review increases as independence, objectivity, and integrity
decreases.
e. The other auditors’ qualifications (both for the audit organization
and its audit team) to perform the work the auditor wishes to use, as
the level of review increases as the other auditors’ qualifications
decrease.
f. The auditors’ prior experience with the other auditors (both for its
audit organization and its audit team), as the level of review tends to
decrease as the auditor’s confidence increases from working with the
other auditors.
g. The materiality of the line item in relation to the financial
statements the auditor is reporting on, taken as a whole, as the level
of review increases as the line item becomes more material.
h. The risk of material misstatement, including the risk of material
fraud for the line item and assertion in the financial statements the
other auditors are auditing, as the level of review increases as the
risk of material misstatement increases.
.37: If the other auditors’ work has a scope limitation, this generally
affects the level of review, except for transmittal letters with no
assurance. If the other auditors disclaim an opinion on the financial
statements because of a scope limitation, the auditor should also issue
a disclaimer of opinion, unless the financial statements the other
auditors audited are not material to the financial statements the
auditor is auditing. The auditor generally need not perform extensive
procedures to be satisfied that this disclaimer is appropriate.
Additionally, the auditor generally need not hold discussions with
entity management and/or perform supplemental tests in this situation,
and may limit the review of documentation to summary documentation.
Thus, the level of review is usually low or no review (see FAM 650.10).
However, the auditor may do additional work to learn about the entity,
to help the other auditor plan future audits, or to help entity
management correct the causes of the scope limitation.
.38: If the other auditors’ work had a scope limitation that results in
a qualified opinion, the auditor generally should perform a moderate or
high level of review to determine whether the other auditors should
have disclaimed an opinion and that the only issues are those relating
to the qualification.
.39: A scope limitation on the auditor’s work that results in a
disclaimer also may affect the level of review. Since the auditor has
already decided that not enough work can be done on the overall
financial statements, no amount of review of the other auditors’ work
is likely to change that conclusion. Thus, as in FAM 650.37,
discussions with entity management and/or supplemental tests are not
required, the review of the other auditors’ documentation may be
limited to summary documentation; and the level of review is usually
low or no review (see FAM 650.10). However, the auditor may do
additional work to learn about the entity, to help the other auditor
plan future audits, or to help entity management correct the causes of
the scope limitation.
.40: If there is a scope limitation on the auditor’s work that results
in a qualified opinion, the auditor should perform a similar amount of
work as for an unqualified opinion (i.e., enough to support the
qualification).
.41: FAM 650 A illustrates the audit work that the auditor generally
should perform for each level of review on each significant line item,
as well as what to retain in audit documentation.
Review of Audit Documentation:
.42: The extent of the auditor’s review of the other auditors’ or
specialists’ documentation depends on the level of review and is a
professional judgment based on the factors in FAM 650.36.
* For a low level of review, the auditor may limit the review of
documentation to key summary planning and completion documentation.
* For a moderate level of review, the auditor generally should review
more of the other auditors’ or specialists’ documentation, especially
those evidencing important decisions. For financial statement audits,
this includes the audit strategy and audit procedures (or equivalent
documents); the ARA (or equivalent documentation) for significant
accounts; the SCE (or equivalent documentation) for significant
applications; the documentation for accounts, estimates, and judgments
with high risk of material misstatement; the analytical procedures; the
audit completion checklist at FAM 1003 (or equivalent documentation);
the audit summary memorandum; and the summary of uncorrected
misstatements (see FAM 595 C).
* For a high level of review, the auditor generally should review all
of the items for the moderate level of review plus the important
detailed documentation.
Discussions and/or Supplemental Tests for a High Level of Review:
.43: AU 543.13 states that “In some circumstances the principal auditor
may consider it appropriate to participate in discussions regarding the
accounts with management personnel of the component whose financial
statements are being audited by other auditors and/or to make
supplemental tests of such accounts.” The auditor may interpret “in
some circumstances” to mean when the level of review is high. Thus,
where the level of review is high, the auditor generally should (1)
review audit documentation, and (2) hold discussions with audited
entity management and/or perform tests of original documents.
The objective of these additional procedures is for the auditor to
obtain additional evidence about whether key items are properly handled
and supported by sufficient appropriate evidence. For example, the
auditor generally should discuss key items with entity management,
especially estimates and judgments. This discussion generally should be
with the other auditors present. The auditor generally should attend
the entrance and exit conferences and other key meetings held by other
auditors or specialists. For key items that have high risk of material
misstatement, discussions with entity management may not provide
sufficient evidence, and the auditor should perform supplemental tests.
.44: The auditor may perform supplemental tests on a selection of the
other auditors’ work, additional tests of the accounting records, or
both. To perform supplemental tests, the auditor should obtain access
to the entity’s personnel and its books and records. The auditor may
coordinate access to the entity’s personnel and records through the
other auditor. The auditor and the other auditor also may jointly
perform parts of a test, where the sample is planned jointly and the
results are evaluated jointly. Although supplemental tests are usually
performed only when the level of review is high, the auditor may
perform supplemental tests in other situations to learn about the
entity, to help the other auditor plan future audits, or to help entity
management correct problems.
.45: Where the other auditor is an internal auditor, the auditor should
perform supplemental tests. The extent of this testing depends on
circumstances and should be sufficient for the auditor to make an
evaluation of the overall quality and effectiveness of the internal
control work done by the internal auditor (see AU 322.26).
.46 The auditor generally should limit discussions with entity
management and/or supplemental tests to significant assertions in line
items that have a high risk of material misstatement. This is
especially true in areas involving estimates and judgments or in areas
on which users place extensive reliance. The auditor’s supplemental
tests generally should include some items tested by the other auditor,
particularly any that appear to be exceptions, in order to determine
whether they were appropriately evaluated in formulating an opinion.
The auditor generally should plan to perform supplemental tests while
the other auditors are at the entity and have access to records, as
this can minimize the inconvenience for everyone.
.47: It is not necessary to perform supplemental tests of the work of
specialists. As indicated in AU 336.12, the auditor should understand
the methods and assumptions used by the specialists, test the data
provided to the specialists (extent of testing is based on risk and
materiality), and evaluate whether the specialists’ findings support
the financial statement assertions. If the auditor believes the
findings are unreasonable, the auditor should apply additional
procedures and/or determine the need to obtain another specialist.
Subsequent Events Review and Dating of the Auditor’s Report:
.48: The auditor should date the report when the auditor has obtained
sufficient appropriate audit evidence to support the opinion on the
financial statements (AU 339.23 and AU 530). If the other auditors’ or
specialists’ report is dated earlier and the auditor’s report does not
mention the other auditors’ report or concurs with the other auditors’
report as in example 2 of FAM 650 C, the auditor should update the
subsequent events review to the date of the auditor’s report.
The auditor may ask the other auditors to update the subsequent events
review to the required date, or the auditor may update the subsequent
events review. However, since this requires additional work, the
auditor should attempt to complete audit work when the other auditors
complete their work. The auditor should evaluate this issue and
coordinate with the other auditor when planning the audit. The auditor
need not update the subsequent events review when the auditor issues a
transmittal letter, as in example 1 of FAM 650 C.
Staffing the Review of the Other Auditors’ or Specialists’ Work:
.49: When staffing the review, the auditor should determine the extent
to which the other auditors or specialists have reviewed their work.
The other auditor should have performed at least one level of review
for all audit work, with more material or sensitive areas having
multiple reviews. In some cases, before the audit is complete, the
other auditor may not have completed all levels of review, particularly
at its top level, and may be reluctant for the auditor to access the
audit documentation before these reviews are done.
The auditor’s staff reviewing the work generally should have enough
experience in financial statement auditing to understand the
professional judgments that need to be made and to interact with the
higher levels of the other auditor. An assistant director or a senior
manager who has significant experience in performing and reviewing
financial statement audit work should perform most of the review. Less
qualified staff members may perform supplemental tests when supervised
by more qualified auditors.
The assistant director, audit manager, or auditor-in-charge should
review the documentation of any supplemental tests performed by less
experienced staff members. Except for key areas or issues, the
auditdirector may designate another qualified auditor to perform the
primary review of audit documentation prepared by the assistant
director.
.50: When the other auditors’ work involves the review of IS controls,
an IS controls specialist should participate in the auditor’s review.
Together they should determine if IS controls were adequate, audit work
was properly documented, and related audit objectives were achieved.
Evaluating the Work of Other Auditors or Specialists:
.51: After the auditor has completed the review of the other auditors’
or specialists’ work, and, if necessary, any supplemental testing, the
auditor should determine whether the work is sufficient and acceptable
for the auditors’ use. The auditor should document this evaluation.
.52: Sometimes, other auditors use methodologies or audit approaches
that are different from those the auditor would have used. Auditing
requires a great deal of professional judgment and there often are
alternative ways to achieve audit objectives. Many CPA firms have
developed, at considerable expense, proprieary audit methodologies to
use on a wide range of public and private sector clients. Many of these
audit methodologies utilize electronic technology where the entire
audit documentation exists only in electronic form. Thus, the auditor
should understand the other auditors’ audit methodology and basis for
the nature, extent, and timing of audit procedures. This may require
obtaining permission to use proprietary software to review the audit
documentation. Additionally, where the CPA software is retained, the
auditor should develop a process to maintain the operability of the
software to access the audit documentation in the future.
The auditor should evaluate whether sufficient appropriate
evidence[Footnote 11] has been obtained to meet the audit objectives,
particularly for significant assertions in line items with a high risk
of material misstatement. If the auditor has concerns about whether the
other auditors’ work provides sufficient appropriate evidence, the
auditor generally should discuss the matter with the audit director and
the reviewer before formally discussing the issue with the other
auditors.
.53: The auditor should determine the significance of the test results
to the audit of the financial statements the auditor is reporting on.
As an example, the other auditors may have selected a nonstatistical
sample and/or the sample size may be smaller than the sample size the
auditor would have selected. The auditor may decide that this provides
sufficient evidence in an area that is less material or has low or
moderate risk of material misstatement. However, if the risk of
material misstatement is high, the auditor may conclude that sufficient
appropriate evidence has not been obtained and that additional work is
needed.
In this case, after consulting with the audit director and the
reviewer, the auditor generally should either ask the other auditors to
perform additional tests or perform the additional tests. If this
additional testing is not done, the auditor should determine the effect
on the auditor’s report of the scope limitation. Because reaching this
conclusion after the work is performed is inefficient, especially when
the level of review is high, the auditor generally should coordinate or
concur with major planning decisions of the other auditor before audit
work is started.
.54: Sometimes, the auditor may disagree with the conclusions or
judgments of the other auditors. In this case, the auditor should
evaluate the other auditors’ work as well as any other evidence or
testing necessary to determine the appropriate conclusion.
.55: The auditor should discuss any issues of disagreement with the
other auditors to attempt to resolve the disagreement. The auditor
should attempt to resolve professional disagreements early to reduce
confusion that may arise from differing auditor views. Once identified,
the auditor should discuss the issues with the other auditors to
resolve them in a timely manner and before the completion of the audit.
.56: If the auditor does not reach agreement with the other auditors,
the auditor should determine how to report. For disagreements involving
matters that are material to the financial statements, the auditor may
decide not to transmit the other auditors’ report, instead issuing a
disclaimer of opinion due to a scope limitation or doing additional
work, if necessary, to issue an appropriate opinion. For disagreements
involving matters that are not material to the financial statements,,
the auditor may transmit the other auditors’ report, issue the
transmittal letter or report, and describe the disagreement and the
basis for the auditor’s conclusions.
Documenting the Review of Other Auditors’ or Specialists’ Work:
.57: Regardless of the type of reporting or the level of review, the
auditor’s documentation generally should contain the items listed in
FAM 650 A under “documentation,” either electronically or in hard copy.
.58: In addition, where the auditor performs supplemental tests of the
accounting records, the auditor’s documentation should contain a
description of the work (this may be a list of the documents the
auditor examined or tick marks on a copy of the other auditors’
documentation if that is the basis for the selection) and the auditor’s
conclusion. It is not necessary to retain copies of the documents
examined.
.59: There is a difference between the auditor’s responsibilities to
review the documentation of other auditors and what the auditor may
copy and retain from that documentation. The auditor uses professional
judgment in deciding which of the other auditors’ or specialists’
documents to copy and retain. However, many auditors use electronic
technology to retain documentation for the entire audit. The auditor
may cite this documentation as part of the review to include any
supplemental testing performed on the other auditors’ work. The auditor
may print any documents as necessary.
.60: The auditor may retain other documentation if it might be useful
in understanding the entity, training staff members, planning future
audits, reviewing the documentation, or writing the report.
Documentation in this category includes the entity profile (or
equivalent), audit strategy, audit procedures, ARA and SCE forms (or
equivalent), trial balance or lead schedules, management representation
letter, and legal representation letter. Auditors often find it helpful
to keep copies of documents (either electronically or in hard copy) in
case questions are raised in review but not to include those copies in
the audit documentation unless they are needed to document the work
performed.
The auditor should retain documents in accordance with the contract or
other legal requirements, but not less than 5 years from the report
release date (AU 339.32). Audit procedures may indicate which documents
to retain. The auditor may not discard documents after 60 days from the
report release date (AU 339.27-.30). In documenting the review,
auditors may indicate the document number or index number used by the
other auditor in order to locate the document at a later date.
Ownership and confidentiality of audit documentation is determined by
contract and legal requirements (see AU 339.31).
Using Internal Audit Staff to Provide Direct Assistance to the Auditor:
.61: Sometimes, the auditor or the audited entity requests that
internal auditors provide direct assistance to the auditor. Before this
is done, the auditor should be satisfied with the independence,
objectivity, and qualifications of the staff assigned to do the work
requested. AU 322.27 indicates that in these situations, “The auditor
should inform the internal auditors of their responsibilities, the
objectives of the procedures they are to perform, and matters that may
affect the nature, timing, and extent of procedures, such as possible
accounting and auditing issues.”
The auditor should direct, review, test, and evaluate the work done by
internal auditors to the extent appropriate based on the auditor’s
evaluation of risk, materiality, objectivity, and qualifications.
Using Federal Entity Specialists:
.62: Many federal entities have actuaries, security specialists,
statistical specialists, and other specialists whose work the auditor
would like to use. However, unless these specialists are part of an
entity that is organizationally independent or are under contract to
such an entity, the auditor should evaluate their work as the work of
an employee of the entity under audit. The auditor should use the
specialists of other auditors or contract for outside specialists to
develop and implement appropriate tests.
Multiple Levels of Other Auditors:
.63: Sometimes there are several levels of other auditors. For example,
an IG may hire a CPA firm to perform an audit of a federal entity’s
financial statements. The IG may issue a report concurring with the
firm’s report or a letter transmitting the firm’s report. GAO auditors
may then use the work of the IG as part of the audit of the financial
statements of the U.S. government.
.64: When there are multiple levels of other auditors, each audit
organization should follow the guidance in FAM 650. IG auditors should
evaluate the independence (see FAM 650.11-.24) and qualifications of
the CPA firm (see FAM 650.25-.35); should review the audit
documentation (see FAM 650.42); and may need to have discussions with
entity management and/or perform supplemental tests of key accounts
depending on the level of review deemed appropriate (see FAM 650.43-
.47).
GAO auditors should evaluate the qualifications of the IG organization
(by reading the peer review report, the letter of comments, and the
audit organization’s response as described in FAM 650.25) and the
qualifications of the IG team doing the monitoring of the CPA firm. GAO
auditors should also review the IG auditor’s documentation of its
review of the CPA firm work and may perform supplemental tests as
deemed necessary. If GAO auditors find that the IG auditor has
completed and documented adequate work, including discussions with
entity management and/or supplemental tests, further discussions and/or
supplemental tests would be quite limited, perhaps a walk-through of
work done in areas with high-risk of material misstatement. Often, GAO
auditors will attend fewer meetings than the IG auditor attends and
would concentrate the review on the IG auditor’s documentation. GAO
auditors may then issue a report on the financial statements.
.65: Because of the potential for inefficiency, there generally should
be close coordination between the various auditors. The IG and GAO may
perform the review jointly. Sometimes, a memorandum of understanding
may be useful in documenting responsibilities. A chart that describes
the review to be done by each organization may be useful. The following
is a useful format for this chart (with more detail added as necessary
under each phase of the audit).
Phase of the audit: Planning;
Procedures: Other auditor: [Empty]; Procedures: IG review: [Empty];
Procedures: GAO review: [Empty].
Phase of the audit: Internal Control;
Procedures: Other auditor: [Empty];
Procedures: IG review: [Empty];
Procedures: GAO review: [Empty].
Phase of the audit: Testing;
Procedures: Other auditor: [Empty];
Procedures: IG review: [Empty];
Procedures: GAO review: [Empty].
Phase of the audit: Reporting;
Procedures: Other auditor: [Empty];
Procedures: IG review: [Empty];
Procedures: GAO review: [Empty].
Reports on Other Auditors’ Work:
.66: The auditor may be asked to issue a report evaluating work done by
other auditors in a situation where the auditor is not using the work
of the other auditors. For example, the auditor may be asked to
evaluate an audit done by a CPA firm. While AU 543, 322, and 336 are
not directed toward these situations, the guidance in FAM 650 is
helpful in planning and reporting on those assignments.
650 A - Summary of Audit Procedures and Documentation for Review of
Other Auditors’ Work:
.01: Table 1 on the following page presents a summary of audit
procedures that the auditor generally should perform at the entity
level and for significant assertions, line items, accounts, or
applications when reviewing the work of other auditors. As discussed in
FAM 650.36, the three levels of review are high, moderate, or low, as
determined by the auditor’s professional judgment.
Table 2 on the next following page presents a summary of documentation
that the auditor generally should retain from the auditor’s review of
the work of other auditors. However, the summary does not include work
to be done by the auditor on other auditor independence, objectivity,
and qualifications. (See FAM 650.11-.35 for a discussion of that work.)
Where the other auditor uses equivalent documents, the auditor should
review those documents.
.02: In both tables, procedures to be performed and documents to be
retained at the low level of review are indicated by regular font. The
moderate level of review includes the low level plus those in bold
letters. The high level of review includes the moderate level plus
those in BOLD CAPITALS.
Table 1: Summary of Audit Procedures from Reviewing Other Auditors’
Work:
Audit Procedures:
At entity level:
1. Communicate with the other auditors:
* as to the objectives of the work;
* discuss their procedures and results;
* Attend key entrance and exit meetings;
* Coordinate Or Concur In Significant Planning Decisions Before Major
Work Is Started
2. Review:
* audit strategy;
* scope of work;
* audit summary memorandum;
* summary of uncorrected misstatements;
* analytical procedures;
* completion checklist;
* determination of planning and design materiality;
* representation letters;
* information systems background;
* general and application controls; documentation (with assistance from
IS controls specialist);
* other key documentation;
3. Read:
* other auditor’s report;
* financial statements and notes;
* supplementary information;
* MDA and other accompanying information;
* Management’s response;
For significant assertions, line items, accounts, or applications:
1. Review:
* audit procedures (plan);
* conclusions about significant issues and their resolution (often in
audit summary);
* account risk analysis (ARA);
* specific control evaluations (SCE);
* cycle memo;
* flowcharts;
* determination of tolerable misstatement;
* sampling plan;
* other auditors’ key documentation;
* high risk accounts, estimates, and judgments;
* analytical procedures;
* Evaluation Of Sample Results;
* Summary Of Uncorrected Misstatements;
2. Participate In Discussions With Management Personnel And/or Perform
Supplemental Tests Of The Line Items (Especially Key Items, Estimates
And Judgments); Compare Conclusions;
[End of table]
Table 2: Summary of Documentation from Reviewing Other Auditors’ Work:
Documentation:
Retain:
1. Auditor prepared:
* audit strategy;
* memo documenting entrance and exit conference;
* Memos Documenting Key Meetings Attended And Discussions With Audited
Entity Management;
* results of review of documentation;
* Supplemental Test Documentation;
* summary memo;
2. Other auditor prepared:
At entity level:
* other auditor’s report;
* entity’s final financial statements, notes, and supplementary info;
* management letter;
* other auditor’s unadjusted known and likely misstatements,
consideration of risk of further misstatements, and comparison with
materiality;
* audit completion checklist;
* other auditor’s audit summary memo;
At line item or assertion level:
* documentation that evaluates exceptions;
* other auditor’s documentation evidencing significant judgments and
conclusions;
Optional:
1. Auditor and other preparers:
* entity profile;
* audit procedures (plan);
* account risk analyses;
* specific control evaluations;
* sampling plan;
* trial balance;
* lead schedules;
* evaluation of sample results;
* management representation letter;
* legal representation letter;
[End of table]
650 B - Example Audit Procedures for Using the Work of Others:
These example procedures are appropriate when using the work of other
auditors or the work of specialists to perform a full or partial audit
of financial statements and are applicable to GAO financial statement
audits. Auditors may use these procedures or a monitoring tool for
financial audits developed by the Federal Audit Executive Council, a
subcommittee of the President’s Council on Integrity and Efficiency
that can be found at
[hyperlink,http://www.ignet.gov/pande/faec/fsan0906.xls].
As stated in FAM 650.08, these procedures depend upon the professional
judgments that the auditor makes. The auditor should tailor the
procedures to the circumstances and the planned level of review (high,
moderate, or low) as discussed in FAM 650.36. The auditor should modify
or add procedures as necessary, and delete them if not applicable. When
other auditors or specialists have done only part of an audit, the
auditor may delete many of the procedures below. The auditor may also
delete procedures for the low level of review or when the auditor plans
to issue only a transmittal letter as discussed in FAM 650.09 b. The
audit procedures are presented in three sections: (1) evaluating
independence, objectivity, and qualifications for CPA firms and
specialists; (2) evaluating independence, objectivity, and
qualifications for government audit organizations; and (3) monitoring
the work (for all types of other auditors and for specialists). The
auditor should use the applicable one of the first two sections and the
third section. The auditor generally should use a separate form for
each other auditor or specialist.
Entity:
Job code:
Period of audit:
Step: 1. Evaluating Independence, Objectivity, And Qualifications For
Cpa Firms And Specialists: General:
1. Read the statement of work or request for proposal to determine
whether this contracting document provides sufficient background on the
audited entity and indicates the objectives of the work, what the
contractor should include in its proposal, how proposals will be
evaluated, and how the report will be used;
Done by/date: [Empty];
Doc Ref: [Empty].
Step: Independence and objectivity: 2. Determine whether proposal of
selected firm includes a representation as to the firm’s independence
and objectivity;
Done by/date: [Empty];
Doc Ref: [Empty].
Step: Independence and objectivity: 3. If proposal does not include a
representation as to independence and objectivity, obtain written
representation from firm;
Done by/date: [Empty];
Doc Ref: [Empty].
Step: Qualifications:
4. Read proposal of selected firm. In reviewing proposal, evaluate the
overall qualifications of the team performing the work. Review resumes
and determine for key team members their educational level,
professional certifications, and professional experience, including
whether key team members have current knowledge and experience in the
type of work done;
Done by/date: [Empty];
Doc Ref: [Empty].
Step: 5. Review the selected firm’s peer review report, letter of
comments, and response letter. If the peer review report was issued
more than three years earlier, obtain documentation relating to the
firm’s internal quality control policies and procedures or review the
firm’s inspection program;
Done by/date: [Empty];
Doc Ref: [Empty].
Step: 6. Communicate orally or in writing with the other auditors to be
satisfied that they understand the requirements, the timetable, and the
report or letter the auditor expects to issue;
Done by/date: [Empty];
Doc Ref: [Empty].
Step: 2. Evaluating Independence, Objectivity, And Qualifications For
Government Auditors: Independence And Objectivity:
1. For all government audit organizations, obtain written
representation from an appropriate official that the organization and
its individual auditors are independent of the entity being audited;
Done by/date: [Empty];
Doc Ref: [Empty].
Step: 2. Determine whether the government audit organization meets ONE
of the criteria in FAM 650.15, or the head meets ONE of the criteria in
FAM 650.16. If the organization (or its head) meets one of these
criteria, no further work is needed unless the auditor finds contrary
evidence as to independence and objectivity in other parts of the
audit. Indicate the criteria met and document the evaluation of any
other evidence obtained. (Go to step 6.);
Done by/date: [Empty];
Doc Ref: [Empty].
Step: 3. If the government audit organization (or its head) does not
meet any of the criteria in step 2, determine whether it meets ALL of
the criteria in FAM 650.18;
Done by/date: [Empty];
Doc Ref: [Empty].
Step: 4. Review the government audit organization’s documentation of
how it meets the requirements of step 3. Discuss with an appropriate
official of the organization and consider discussions with quality
assurance advisors, legal counsel for the organization, and auditor’s
legal counsel. (Go to step 6.);
Done by/date: [Empty];
Doc Ref: [Empty].
Step: 5. If the government audit organization does not meet the
criteria for organizational independence to report externally,
determine whether the organization is an independent internal audit
organization under GAGAS and IIA standards. Determine whether the
internal auditors are objective for the activities they audit. For the
audit organization to be considered free from organizational
impairments, determine if the head of the audit organization meets all
of the criteria indicated in FAM 650.21;
Done by/date: [Empty];
Doc Ref: [Empty].
Step: 6. For government auditors, obtain an understanding of the
organization’s policies to enhance the objectivity of individual
auditors as discussed in FAM 650.23, including
* policies to prohibit auditors from auditing areas where relatives are
employed,
* policies to prohibit auditors from auditing areas where they were
recently assigned or are scheduled to be assigned after they complete
their tour of duty in auditing, and
* policies to require representations as to objectivity and lack of
conflicts of interest from each auditor;
Done by/date: [Empty];
Doc Ref: [Empty].
Step: 7. Prepare a memorandum documenting work performed and
conclusions reached as to government audit organization’s independence
and objectivity;
Done by/date: [Empty];
Doc Ref: [Empty].
Step: Qualifications:
8. Read the latest peer review report or equivalent, letter of
comments, and the audit organization’s response as discussed in FAM
650.28. Note the date of the report and whether it is unqualified. If
the report is recent (usually within the past year) and unqualified, go
to step 12;
Done by/date: [Empty];
Doc Ref: [Empty].
Step: Qualifications:
9. If the peer review is not recent, review the latest inspection
report[Footnote 12], if any, and the organization’s response as
discussed in FAM 650.29. Note the date of the report and whether it is
unqualified. If the inspection is recent (usually in the past year) and
unqualified, go to step 12;
Done by/date: [Empty];
Doc Ref: [Empty].
Step: Qualifications:
10. If the organization has not had a recent peer review or inspection
as discussed in FAM 650.31, obtain an overview of the important
policies and procedures in the functional areas through interviews of
management and staff and through reading the summary quality control
document, if any. Consult with the reviewer on the potential effect of
using work with no recent peer review or inspection before performing
this step;
Done by/date: [Empty];
Doc Ref: [Empty].
Step: Qualifications:
11. If the peer review or inspection report was qualified or adverse,
determine whether the quality control system has since been
strengthened as discussed in FAM 650.30. Review the organization’s
action plan for strengthening its quality control system. Evaluate the
effect of remaining weaknesses in determining the level of review;
Done by/date: [Empty];
Doc Ref: [Empty].
Step: Qualifications:
12. Inquire how the government audit organization determined staffing
of the audit. Evaluate the overall qualifications of the team
performing the work as discussed in FAM 650.33. Review resumes for key
team members and consider:
* educational level, professional certifications, and professional
experience;
* continuing professional education, especially training and current
knowledge in the type of work done;
* supervision and review of work;
* whether the audit team has adequate sources for consultation and use
of specialists, especially for audit sampling, audit methodology, and
review of computer controls; and:
* quality of documentation, reports, and recommendations;
Done by/date: [Empty];
Doc Ref: [Empty].
Step: Qualifications:
13. As discussed in FAM 650.35, if the auditor has significant concerns
about the government audit organization or its team’s objectivity or
qualifications, the auditor, in developing the audit plan, may either:
* ask the other auditors to substitute more objective or highly
qualified staff members;
* do the work, treating any work done by the other auditors as prepared
by the audited entity;
* divide the work so that the other auditors test the areas where they
are qualified and the auditor does the rest of the audit; or
* issue a disclaimer of opinion;
Done by/date: [Empty];
Doc Ref: [Empty].
Step: 3. Monitoring The Work (For All Types Of Other Auditors And
Specialists): 1. As discussed in FAM 650.36, develop a strategy and a
plan for reviewing the other auditors’ or specialists’ work and, if
necessary, performing supplemental tests of the accounting records.
Determine the level of review for each line item;
Done by/date: [Empty];
Doc Ref: [Empty].
Step: 2. Monitor audit planning (For All Levels Of Review):
* Review the entity profile.
* Review the audit strategy or equivalent document and audit plan. (For
Moderate And High Level Of Review)
* Attend entrance meeting and key planning meetings.
* Review the determination of planning materiality and design
materiality.
* Have an IS controls specialist participate with the auditor in
reviewing the information resource management background information
and the documentation for review of general and application controls.
* Document line items and applications to be reviewed.
* For each such line item, review the Account Risk Analyses, the
Specific Control Analyses, the cycle flowcharts, the cycle memoranda,
the determination of tolerable misstatement, and the audit plan or
equivalent documents;
Done by/date: [Empty];
Doc Ref: [Empty].
Step: 3. Monitor the execution of the audit for reports following
example 2 of FAM 650 C or FAM 595 A and/or FAM 595 B Where Level Of
Review Is High.
* Attend key meetings, especially those discussing highrisk areas,
significant estimates and judgments, fraud brainstorming, and the other
auditors’ conclusions.
* Discuss key items with audited entity management, especially
significant estimates and judgments.
* Perform supplemental tests of the accounting records:
-- Generally for high risk and material line items, especially in areas
involving estimates and judgments or ones which users rely on
extensively.
-- Generally while the other auditors are at the audited entity
location and have access to the records.
-- Examine some of the same documents the other auditors examined or
make own selection or both.
-- Compare results of other auditors’ work to results of supplemental
tests.
-- Document scope of supplemental testing and conclusions reached;
Done by/date: [Empty];
Doc Ref: [Empty].
Step: 4. Monitor the completion of the audit (items with * are usually
not necessary for LOW level of review):
* Review the overall analytical procedures.
* *Review the key documentation for the line item and for completing
the audit; consider evaluations of sample results. (For example, were
projections appropriate? Was appropriate action taken based on sample
results?)
* *Determine whether the subsequent events review was updated to the
date of the auditor’s report.
* Review the audit summary memorandum, conclusions about line items,
and the summary of uncorrected misstatements.
* Review the audit completion checklist at FAM 1003 (or equivalent
document).
* Review the management representation letter and the legal
representation letter.
* *Attend key exit conference(s).
* Read the other auditors’ report, the financial statements, the notes,
the other accompanying information, and management’s response;
Done by/date: [Empty];
Doc Ref: [Empty].
Step: 5. Prepare a summary memorandum;
Done by/date: [Empty];
Doc Ref: [Empty].
Step: 6. Write the auditor’s report or transmittal letter;
Done by/date: [Empty];
Doc Ref: [Empty].
650 C - Example Reports when Using the Work of Others:
Example 1 – Transmittal Letters:
As discussed in FAM 650.09 b, there are two types of transmittal
letters, one expressing no assurance and one expressing negative
assurance on the other auditor’s work. Examples of both types are
presented as follows:
[Addressee]
We contracted with the independent certified public accounting firm of
[name of firm] to audit the financial statements of [name of entity] as
of [date] and for the year then ended, to provide an opinion [or a
report] on internal control over financial reporting (including
safeguarding assets) and compliance with laws and regulations, to
provide an opinion on whether [entity’s] financial management systems
substantially complied[Footnote 13] with the requirements of the
Federal Financial Management Improvement Act of 1996 (FFMIA) (for CFO
Act agencies), and to report any reportable noncompliance with laws and
regulations they tested. The contract required that the audit be done
in accordance with U.S. generally accepted government auditing
standards, OMB audit guidance, and the GAO/PCIE Financial Audit Manual
[if required by the contract].
In its audit of [name of federal entity], [name of CPA firm] found
* the financial statements were fairly presented, in all material
respects, in conformity with U.S. generally accepted accounting
principles,
* [federal entity] had effective[Footnote 14] internal control over
financial reporting (including safeguarding assets) and compliance with
laws and regulations,
* [entity’s] financial management systems substantially
complied[Footnote 15] with the requirements of the Federal Financial
Management Improvement Act of 1996 (FFMIA) (for CFO Act agencies),
and:[Footnote 16]
* no reportable noncompliance with laws and regulations tested. [Name
of CPA firm] also described the following significant matters (if any):
* [Discuss any significant matters].
For transmittal letters expressing no assurance, use the following
paragraph:
[Name of CPA firm] is responsible for the attached auditor’s report
dated [date] and the conclusions expressed in the report. We do not
express opinions on [name of entity]’s financial statements or internal
control or on whether [entity]’s financial management systems
substantially complied with FFMIA (for CFO Act agencies); or
conclusions on compliance with laws and regulations.
For transmittal letters expressing negative assurance, use the
following paragraph:
In connection with the contract, we reviewed [name of CPA firm]’s
report and related documentation and inquired of its representatives.
Our review, as differentiated from an audit in accordance with U.S.
generally accepted government auditing standards, was not intended to
enable us to express, and we do not express, opinions on [name of
entity]’s financial statements or internal control[Footnote 17] or on
whether [entity]’s financial management systems substantially complied
with FFMIA (for CFO Act agencies);[Footnote 18] or conclusions on
compliance with laws and regulations. [Name of CPA firm] is responsible
for the attached auditor’s report dated [date] and the conclusions
expressed in the report. However, our review disclosed no instances
where [name of CPA firm] did not comply, in all material respects, with
U.S. generally accepted government auditing standards.[Footnote 19]
Example 2 – Report Concurring with Other Auditors’ Opinion (Presenting
Report of Other Auditors after the Auditor’s Report)[Footnote 20]:
As discussed in FAM 650.09 d, the auditor may use this approach when
other auditors have reported on financial statements and the auditor
wants to provide more assurance than what is provided in the
transmittal letter example 1 above.
[Addressee]
Under [citation of statute], we are responsible for auditing [name of
entity]. To help fulfill these responsibilities, we contracted with
[name of firm], an independent certified public accounting firm. [Name
of firm]’s report dated [date] is attached.
We concur[Footnote 21] with [name of firm]’s report that indicated:
* the financial statements were fairly presented, in all material
respects, in conformity with U.S. generally accepted accounting
principles,
* [entity] had effective internal control over financial reporting
(including safeguarding assets) and compliance with laws and
regulations,
* [entity’s] financial management systems substantially complied with
the requirements of the Federal Financial Management Improvement Act of
1996 (FFMIA) (for CFO Act agencies), and:
* no reportable noncompliance with laws and regulations it tested.
Details of their conclusions are in their report.
Objectives, Scope, and Methodology:
Management is responsible for (1) preparing the financial statements in
conformity with U.S. generally accepted accounting principles, (2)
establishing, maintaining, and assessing internal control to provide
reasonable assurance that the broad control objectives of 31 U.S.C.
3512 (c), (d) (commonly known as the Federal Managers’ Financial
Integrity Act) are met, (3) ensuring that [entity]’s financial
management systems substantially comply with FFMIA requirements (for
CFO Act agencies), and (4) complying with applicable laws and
regulations.
We are responsible for obtaining reasonable assurance about whether (1)
the financial statements are presented fairly, in all material
respects, in conformity with U.S. generally accepted accounting
principles, and (2) management maintained effective internal control,
the objectives of which are the following:
* Financial reporting: Transactions are properly recorded, processed,
and summarized to permit the preparation of financial statements in
conformity with U.S. generally accepted accounting principles, and
assets are safeguarded against loss from unauthorized acquisition, use,
or disposition.
* Compliance with laws and regulations: Transactions are executed in
accordance with laws governing the use of budget authority and with
other laws and regulations that could have a direct and material effect
on the financial statements and any other laws, regulations, and
governmentwide policies identified by OMB audit guidance.
We are also responsible for (1) testing whether [entity’s] financial
management systems substantially comply with the three FFMIA
requirements (for CFO Act agencies), (2) testing compliance with
selected provisions of laws and regulations that have a direct and
material effect on the financial statements and laws for which OMB
audit guidance requires testing, and (3) performing limited procedures
with respect to certain other information appearing in the Performance
and Accountability Report.
To help fulfill these responsibilities, we contracted with the
independent certified public accounting (CPA) firm of [name of firm] to
perform a financial statement audit in accordance with U.S. generally
accepted government auditing standards and OMB audit guidance. We
evaluated the nature, extent, and timing of the work, monitored
progress throughout the audit, reviewed the documentation of the CPA
firm, met with partners and staff members, evaluated the key judgments,
met with officials of [federal entity being audited], performed
independent tests of the accounting records, and performed other
procedures we deemed appropriate in the circumstances. We conducted our
work in accordance with U.S. generally accepted government auditing
standards.
660 – Agreed-Upon Procedures:
.01: In an engagement to apply agreed-upon procedures, a client engages
an auditor to perform specific procedures on a subject matter and
report on the results to assist users in evaluating a subject matter or
an assertion. Agreed-upon procedures should be performed in accordance
with GAGAS which incorporates the financial audit and attestation
standards established by the AICPA. The Statements on Standards for
Attestation Engagements (SSAE), specifically AT 101, Attest
Engagements, and AT 201, Agreed-Upon Procedures Engagements, contains
standards and guidance for these engagements.
.02: The auditor may perform an agreed-upon procedures engagement on a
variety of subject matters. The engagement will vary depending on the
needs of the user. The engagement may assist entity management by
providing information for making decisions and give report users
information on important areas. Examples of agreed-upon procedures are:
* compare payroll information reported to the Office of Personnel
Management with the entity’s payroll records and general ledger; (Refer
to OMB audit guidance for additional information);
* compare entity reconciliations of intragovernmental activity and
balances with supporting documentation and compare amounts with the
financial statements and with reports to the Department of the Treasury
(Treasury); (Refer to OMB audit guidance for additional information);
* trace tax collections from the master file to deposit confirmations,
determine whether they were recorded in the appropriate period, and in
the correct tax class;
* trace amounts on the entity’s financial statements to an “account
grouping worksheet,” foot the worksheet, read the CFO’s explanation for
any differences, and compare the explanation with supporting
documentation; and:
* examine official receipt documents to determine whether they were
included in the weekly deposit; compare deposit amounts to amounts
reported on the statement of funding.
.03: In agreed-upon procedures engagements, all parties involved, which
include the report users, the entity responsible for the subject matter
(which may or may not be the same as the user), and the auditor, should
clearly understand the procedures to be applied. Since users may have
different needs, the nature, extent, and timing of agreed-upon
procedures also may differ. Therefore, the users, and not the auditor,
assume the responsibility for the sufficiency of the design and extent
of the procedures since they best understand their own needs, although
the auditor may assist the user in designing the procedures.
.04: The auditor should establish and document an understanding with
the users regarding the nature, extent, and timing of agreed-upon
procedures to be performed. The auditor may document this understanding
using an engagement letter to the users, an example of which is
provided in FAM 660 A.
.05: The auditor should perform agreed-upon procedures only if the
subject matter is capable of evaluation against criteria that are
suitable and available to users. Suitable criteria should have
objectivity, measurability, completeness, and relevance. The auditor
should perform procedures that are subject to reasonably consistent
measurement and the users have agreed on. The auditor should not
perform overly subjective procedures or use terms with uncertain
meaning unless they are defined in the agreedupon procedures report.
.06: The auditor need not perform additional procedures beyond the
agreedupon procedures. If matters come to the auditor’s attention by
other means that significantly contradict the subject matter (or
assertion), the auditor should include these matters in the report. For
example, if during the course of applying agreed-upon procedures
regarding an entity’s operation, the auditor becomes aware of a
material weakness related to the assertion by means other than the
agreed-upon procedures, the auditor should include this matter in the
report. The auditor may do this by mentioning the material weakness
with a footnote reference to another report where it is described in
detail.
.07: Where circumstances impose restrictions on the performance of the
agreed-upon procedures, the auditor should attempt to obtain agreement
from the users of the report to modify the agreed-upon procedures. When
agreement cannot be obtained (for example, when the agreed-upon
procedures are published by a regulatory entity that will not modify
the procedures), the auditor should describe restrictions in the report
or withdraw from the engagement.
Written Representations:
.08: The auditor generally should determine if a representation letter
is necessary. The auditor may determine that a representation letter is
necessary, for example, if (1) the responsible entity is so large there
is a risk as to whether one person knows whether pertinent information
has been made available to the auditor, (2) the subject matter depends
on estimates, judgments, or future events (such as whether the subject
matter is less objective and fact-based and more subjective), or (3)
the user of the report believes written representations should be
obtained. Although generally not required by AT 201 (unless
specifically required by another attestation standard, such as in a
compliance engagement) a representation letter may nonetheless be a
useful means of documenting the responsible entity’s representations.
FAM 660 B provides an example representation letter for an agreed-upon
procedures engagement.
.09: The responsible entity’s refusal to furnish written
representations the auditor determines to be necessary constitutes a
scope limitation. In such circumstances, the auditor should do one of
the following:
* disclose in the report the inability to obtain representations from
the responsible entity,
* withdraw from the engagement, or
* change the engagement to another form of engagement (such as to a
performance audit) with the client’s consent.
Documentation:
.10: In accordance with GAGAS, the auditor should prepare and maintain
documentation in connection with an agreed-upon procedures engagement
that is appropriate for the engagement. The auditor should document
sufficient information to enable an experienced auditor having no
previous connection with the engagement to ascertain from the
documentation the nature, extent, timing, and results of procedures
performed and the evidence that supports the auditors’ agreed-upon
procedures report, including its sources and the auditors’ conclusions.
.11: Although the quantity, type, and content of documentation varies
with the circumstances, the auditor should document sufficient
information to demonstrate that the work was adequately planned and
supervised and that evidential matter provides a reasonable basis for
the report as discussed in GAGAS chapter 6.
.12: The auditor generally should prepare a summary memorandum that
recaps the work performed, refers to the detailed documentation,
includes the auditor’s conclusion on whether the work was performed in
accordance with GAGAS, the attestation standards, and the GAO/PCIE FAM,
and whether the report is appropriate. FAM 660 C provides an agreed-
upon procedures engagement completion checklist.
Reporting:
.13: The auditor should report on the agreed-upon procedures in the
form of results. The auditor should not provide any opinion or negative
assurance about whether the subject matter or the assertion is fairly
stated based on the criteria. The auditor should report the
identification of the entities that agreed to the procedures and took
responsibility for the sufficiency of the design and extent of the
procedures for their purposes, as shown in the example report in FAM
660 D.
.14: The auditor should report all results arising from application of
the agreed upon procedures. The concept of materiality does not apply
to results reported in an agreed-upon procedures engagement unless the
users of the report agree to the definition of materiality. This could
be included in the engagement letter at FAM 660 A. The auditor should
describe any agreed upon materiality limits in the report.
.15: The auditor should include a statement indicating that the report
is intended for the specified users who have agreed upon the procedures
performed and taken responsibility for the sufficiency of the design
and extent of the procedures for their needs. However, since
governmental reports are generally a matter of public record, the
distribution of the report is not limited and the audit organization
may provide copies upon request.
.16: The auditor may have performed agreed-upon procedures on an
element, account, or item of financial statements and also audited the
same financial statements. If the audit report on the financial
statements includes a departure from a standard report, the auditor
generally should include a reference to the audit report and the
departure from the standard report in the agreed-upon procedures
report.
.17: The auditor also may include explanatory language about such
matters as the following:
* stipulated facts, assumptions, or interpretations (including the
source);
* description of the condition of records, controls, or data to which
the procedures were applied;
* explanation that the auditor has no responsibility to update the
report; and:
* explanation of sampling risk.
.18: The auditor should state the results in definitive, rather than
qualified, language and avoid vague or ambiguous language. The
following table provides examples of appropriate and inappropriate
descriptions of findings.
Table: Examples of appropriate/inappropriate description of findings:
Procedures agreed-upon: Based on the total tax liability, select and
recompute the 50 largest excise tax returns from the quarter ended
September 30, 20XX, and compare these amounts with the certified audit
file; Description of findings: Appropriate: Recomputed amounts for the
selected excise tax returns agreed with the amounts in the certified
audit file; Description of findings: Inappropriate: Nothing came to our
attention as a result of applying this procedure.
Procedures agreed-upon: Select a random sample of 45 Treasury SF-224
reconciliations; determine if XYZ reported revenue receipts were
properly classified and reconciled to Treasury FMS records; Description
of findings: Appropriate: Revenue receipts selected randomly from the
monthly Treasury SF-224 reconciliation process were properly classified
and agreed with Treasury FMS records; Description of findings:
Inappropriate: The revenue receipts approximated the amount shown in
the Treasury FMS records.
Procedures agreed-upon: Examine personnel files of 40 individuals
randomly selected from the timekeeping records for the year; determine
if all the selected files contain a current and approved Notification
of Personnel Action (SF-50); Description of findings: Appropriate:
Thirty of the selected files contained a current and approved
Notification of Personnel Action. Ten files did not contain a current
and approved Notification of Personnel Action (list and identify
exceptions). Based on our sample, we are 95% confident that the
population deviation is between X and Y; Description of findings:
Inappropriate: Some of the personnel files did not contain a current
and approved Notification of Personnel Action.
Other Report Issues:
.19: The auditor should address the report to the users who have agreed
upon the procedures to be performed (see FAM 660.03). The auditor
should use the date of completion of the agreed-upon procedures as the
date of the agreed-upon procedures report. If the audit organization’s
procedure is to date reports with the issue date, the auditor may state
the date of completion of the engagement in the report, such as “We
completed the agreed-upon procedures on [date].”
.20: The auditor should obtain entity comments from the entity
responsible for the subject matter. These comments can be either
written or oral. If oral comments are obtained the auditor should
document them in a memo.
660 A - Example Agreed-Upon Procedures Engagement Letter:
[Date]:
Management of ABC Federal Entity:
Subject: Fiscal Year 20X8 Agreed-Upon Procedures for the Tax Trust Fund
Dear Management Official:
This letter responds to your letter of [date] requesting that we assist
ABC Federal Entity in determining the completeness and accuracy of
receipts transferred to the tax trust fund. On [date] we met with you
to discuss the scope and timing of our work. The detailed procedures we
agree to perform are enclosed. We plan to perform these procedures on
[provide date(s)]. This letter documents our agreement to perform these
agreed-upon procedures related to fiscal year 20X8. We will perform
these procedures in accordance with U.S. generally accepted government
auditing standards, which incorporate the financial audit and
attestation standards established by the American Institute of
Certified Public Accountants (AICPA). We will provide you with a draft
copy of our report for your review and comment and plan to issue the
report by [date]. We will meet with you as needed to discuss the agreed-
upon procedures, results, and other issues that may arise.
The sufficiency of the agreed-upon procedures is solely the
responsibility of XYZ Federal Entity. Accordingly, we make no
representation regarding their sufficiency to meet your needs or for
any other purpose. In addition, because of the nature of agreed-upon
procedures, the results we obtain will only be applicable to for the
period they are performed. We are not engaged to perform, and will not
perform, an examination or audit, the objective of which would be to
express an opinion on the amount of receipts transferred to the tax
trust fund for fiscal year 20X8. Accordingly, we will not express such
an opinion. If we were to perform an examination or audit, other
matters beyond the scope of our agreed-upon procedures might come to
our attention.
The report we will prepare is intended solely for your information and
use and is not intended to be, and should not be, used by any other
party. However, our report will be a matter of public record and will
be provided to others upon request. Unless we hear from you, we will
assume your concurrence with these procedures and their sufficiency for
your purposes.[Footnote 22] If you have any questions, please contact
me at [telephone number and e-mail address] or [alternative contact] at
[telephone number and e-mail address].
Sincerely yours,
[Signed]:
[Name of Director]:
Enclosure:
cc: XYZ Federal Entity:
Enclosure:
Agreed-Upon Procedures:
Tax Receipts and Refunds:
General:
a. Compare fiscal year 20X8 tax collections for the ABC tax trust fund
per XYZ’s Statement of Custodial Activity with:
* the trust fund’s accounting records, and:
* ABC’s consolidated financial statements.
b. Obtain explanations and examine supporting documentation for
differences.
Sampling:
a. Use monetary unit sampling (MUS) with an 80-percent confidence level
to select a sample of ABC tax trust fund tax revenue receipts and
refunds for fiscal year 20X8. Use $300 million as the tolerable
misstatement, which is 1 percent of the total revenue collected. Use an
expected aggregate misstatement of $100 million, or one-third of
tolerable misstatement. The projected sample size for this population
is expected to be 40 transactions.
For the sample items selected:
* Receipts testing — Compare tax receipts transactions (for example
cash receipts, federal tax deposit (FTD) receipts, reversals, and
adjustments) with source documents to determine whether the amounts
agree, the transactions are recorded in the appropriate period based on
the transaction date, and they are properly categorized as ABC tax
trust fund receipts.
* Refunds testing — Compare refund transactions with the source
documents (for example, payment vouchers, FTD coupons, tax returns) to
determine whether the amounts agree, the transactions are recorded in
the appropriate period based on the transaction date, and they are
properly categorized as ABC tax trust fund refunds.
b. Use MUS and the same sampling parameters as above to extract
statistical samples of total XYZ revenue receipts and refunds for
fiscal year 20X8.
For the sample items selected:
* Test whether the tax receipt or refund amounts and tax category from
source documentation agrees with amounts recorded for each of the
revenue receipts or refunds sample items.
660 B - Example Representation Letter from Responsible Entity on Agreed-
Upon Procedures Engagement [XYZ Entity letterhead]:
[Date]:
Dear Auditor:
In connection with the agreed-upon procedures engagement for XYZ’s
budget execution process for the period from October 1, 20X7 through
September 30, 20X8, we confirm to the best of our knowledge and belief,
the following representations made to you in performing these agreed-
upon procedures.
* We acknowledge responsibility for XYZ’s budget execution process.
* We acknowledge responsibility for selecting the criteria [state
criteria] and for determining the appropriateness of the criteria for
our purposes.
* Our budget execution process is [state assertion about budget
execution process based on the criteria selected].
* We know of no matters that would contradict our assertion about our
budget execution process.
* There have been no communications from regulatory or oversight
agencies concerning our budget execution process or noncompliance with
budgetary laws or the Antideficiency Act.
* We have made available to you all records and related data pertaining
to our budget execution process during the period from October 1, 20X7
through September 30, 20X8.
* XYZ’s budget execution process is designed to meet the requirements
of the Antideficiency Act.
* XYZ’s employees check the accounting records and fund status reports
quarterly to determine whether all source documents that affect the
appropriation and fund balance have been recorded properly, accurately,
and timely.
* XYZ’s accounting system provides timely disclosure of total valid
obligations incurred to date and total budgetary resources available
for obligations within each apportionment.
* The system also provides timely disclosure of the authorization or
creation of commitments, obligations, or expenditures that exceed
apportionments and allotments.
* We are not aware of instances of noncompliance with the above-stated
procedures.
* We are not aware of instances of fraud involving management,
employees, or contractor staff that have significant roles in the
operation of our budget execution process.
* We have no plans or intentions that would materially affect our
budgetary process or operations.
Sincerely yours,
[signed]:
Management:
XYZ Entity:
660 C – Agreed-Upon Procedures Engagement Completion Checklist:
Entity:
Job code:
Principal report:
.01: This checklist is a tool to help auditors comply with the
standards for agreed-upon procedures engagements. No signatures are
required on the checklist in the planning phase.
.02: Several of the last questions include steps in GAO’s quality
control process, GAO Audit Documentation Set, second partner review,
and reading of the report by the Technical Accounting and Auditing
Expert (Chief Accountant at GAO) when that person is not the second
partner. GAO auditors should complete these questions and forms. IG
auditors and other auditors may use these questions and forms or may
substitute questions and forms that consider their reporting style and
quality control.
Step: 1. Has the audit team documented an understanding with the
individuals requesting the agreed-upon procedures engagement?; N/A:
[Empty];
Yes/No: [Empty];
Ref: [Empty].
Step: 2. Were appropriate engagement acceptance and risk designation
procedures followed?; N/A: [Empty]; Yes/No: [Empty];
Ref: [Empty].
Step: 3. Does the documentation cover the following?
* Independence of professionals working on the engagement.
* The nature of the engagement.
* Identification of the subject matter, the responsible entity, and the
criteria.
* Identification of the users of the report.
* Auditor’s responsibilities.
* Reference to GAGAS and the attestation standards.
* Agreement on the nature, extent, and timing, of procedures.
* Anticipated reporting.
* Any involvement of a specialist.
* Materiality limits;
N/A: [Empty];
Yes/No: [Empty];
Ref: [Empty].
Step: 4. Was an entrance conference held with the responsible entity?;
N/A: [Empty];
Yes/No: [Empty];
Ref: [Empty].
Step: 5. Has the auditor determined whether a letter of representation
from the responsible entity is necessary? (Note: This is not a
requirement.); N/A: [Empty]; Yes/No: [Empty];
Ref: [Empty].
Step: 6. If part of the procedures, were applicable laws and procedures
documented?; N/A: [Empty];
Yes/No: [Empty];
Ref: [Empty].
Step: 7. Were review responsibilities communicated to individuals on
the assignment?; N/A: [Empty];
Yes/No: [Empty];
Ref: [Empty].
Step: 8. Does the documentation contain the following? a. The scope and
methodology, including any sampling criteria used and consideration of
the results of any previous agreed-upon procedures and follow up on any
known significant findings that directly relate to the agreed-upon
procedures engagement. b. Any indication of fraud, illegal acts,
violations of provisions of contracts or grant agreements, or abuse,
and—if there was such indication— the directed procedures performed,
results obtained, and related communications. c. Descriptions of
transactions and records examined. d. Documentation of the work
performed to support reported results. e. Evidence of supervisory
review; N/A: ; Yes/No: [Empty]; Ref: [Empty].
Step: 9. Does the documentation record that the applicable standards
were followed (AT 101, AT 201, and GAGAS, chapter 6)?; N/A: [Empty];
Yes/No: [Empty];
Ref: [Empty].
Step: 10. Does the documentation record a reasonable basis for the
results of the agreed-upon procedures?; N/A: [Empty]; Yes/No: [Empty];
Ref: [Empty].
Step: 11. Does the summary memorandum summarize the results of the
procedures and refer to the documentation?; N/A: [Empty];
Yes/No: [Empty];
Ref: [Empty].
Step: 12. Did the auditor document any deviations from the standards?
Did the director approve the documentation with copies to the
reviewer?; N/A: [Empty]; Yes/No: [Empty];
Ref: [Empty].
Step: 13. Was an exit conference held with the responsible entity?;
N/A: [Empty];
Yes/No: [Empty];
Ref: [Empty].
Step: 14. Was the report referenced?; N/A: [Empty]; Yes/No: [Empty];
Ref: [Empty].
Step: 15. Did the assistant director review the following? a.
Documentation of the understanding with the individuals requesting the
procedures and officials of the entity. b. Memorandum of entrance
conference with the responsible entity. c. Completed work plans and
procedures. d. Memorandums on key engagement issues. e. Summary of the
results of the procedures. f. Memorandum of exit conference with the
responsible entity. g. Deviations from standard reporting language. h.
Financial schedules/statements. i. Agreed-upon procedures report. j.
GAO Audit Documentation Set (or equivalent); N/A: [Empty];
Yes/No: [Empty];
Ref: [Empty].
Step: 16. Did the audit director review the following? a. Documentation
of the understanding with the individuals requesting the procedures and
officials of the entity. b. Summary of results of the procedures. c.
Memorandum of exit conference with responsible entity. d. Deviations
from standard reporting language. e. Agreed-upon procedures report. f.
GAO Audit Documentation Set (or equivalent); N/A: [Empty]; Yes/No:
[Empty];
Ref: [Empty].
Step: 17. Did the assistant director or the auditor in charge determine
that all significant review notes were resolved appropriately?; N/A:
[Empty];
Yes/No: [Empty];
Ref: [Empty].
Step: 18. Did the assistant director initial all documentation bundle
covers to indicate that all documentation was sufficiently reviewed?;
N/A: [Empty];
Yes/No: [Empty];
Ref: [Empty].
Step: 19. Is the report appropriate as to the following? a. Wording. b.
Scope of work.
c. GAGAS.
d. Explanatory paragraphs;
N/A: [Empty];
Yes/No: [Empty];
Ref: [Empty].
Step: 20. Was the report reviewed by the following? a. Office of the
General Counsel. b. Technical Accounting and Auditing Expert. c. Second
partner (or equivalent), if not Technical Accounting and Auditing
Expert; N/A: [Empty]; Yes/No: [Empty];
Ref: [Empty].
Step: 21. Is the agreed-upon procedures report dated appropriately or
does the report indicate when the auditor completed the engagement?;
N/A: [Empty]; Yes/No: [Empty];
Ref: [Empty].
Note: The auditor should discuss all “No” answers in attached
documentation. If the reason that a question is “Not Applicable” is not
obvious, the auditor should document the reason on the checklist or in
an attachment.
[End of table]
Date of completion of the engagement:
Auditor-in-charge (senior):
Date:
Audit Manager:
Date:
Assistant Director:
Date:
Audit Director:
Date:
Second Partner’s (Or Equivalent) Review Of Agreed-Upon Procedures Work:
Objective of second partner (or equivalent) review: To objectively
review significant engagement matters to conclude, based on all facts
the second partner (or equivalent) has knowledge of, that no matters
were found that caused the second partner (or equivalent) to believe
that (1) the procedures were not performed in accordance with GAGAS,
which incorporate financial audit and attestation standards established
by the AICPA and (2) the report does not meet professional standards
and audit organization policies.
Procedures: Before the report was issued, I performed the following
procedures:
* as necessary, discussed significant engagement issues with the audit
director;
* read documentation of key decisions and consultations;
* read the agreed-upon procedures report; and
* confirmed with the audit director that there are no unresolved
issues.
Conclusions: Based on all the relevant facts of which I have knowledge,
I found no matters that caused me to believe that (1) the agreed-upon
procedures were not performed in accordance with GAGAS and the AICPA’s
attestation standards related to agreed-upon procedures engagements and
(2) the report is not in accordance with professional standards and
audit organization policies.
In signing this form, I acknowledge that there have been no personal or
external impairments to independence regarding my work on this
engagement.
Title:
Signature:
Date:
Technical Accounting And Auditing Expert’s Reading Of Agreed-Upon
Procedures Report:
Objective of review: When the Technical Accounting and Auditing Expert
is not the second partner (or equivalent), the Technical Accounting and
Auditing Expert should read the report. The Technical Accounting and
Auditing Expert should then sign the conclusions below.
Conclusions: Based on my reading of the report, I found no matters that
caused me to believe that (1) the agreed-upon procedures were not
performed in accordance with GAGAS and the AICPA’s attestation
standards related to agreed-upon procedures engagements and (2) the
report is not in accordance with professional standards and audit
organization policies.
In signing this form, I acknowledge that there have been no personal or
external impairments to independence regarding my work on this
engagement.
Title:
Signature:
Date:
660 D – Example Agreed-Upon Procedures Report:
[Date]:
Management of [Federal Entity]:
Subject: Applying Agreed-Upon Procedures: Count of Cash and Related
Items:
Dear Management Official:
We have performed the procedures contained in the enclosure to this
letter, which we agreed to perform and with which you concurred, solely
to meet your needs for an independent count of cash and cash-related
items as of September 30, 20XX.
We conducted the engagement in accordance with U.S generally accepted
government auditing standards, which incorporate financial audit and
attestation standards established by the American Institute of
Certified Public Accountants. You are responsible for the adequacy of
the procedures to meet your objectives and we make no representation in
that respect. The procedures we agreed to perform consist of counting
amounts for cash and related receipts and comparing combined totals to
the authorized amounts. The enclosure contains the agreed-upon
procedures and our results.
We were not engaged to perform, and did not perform, an examination,
the objective of which would have been to express an opinion on the
amount of cash on hand. Accordingly, we do not express such an opinion.
Had we performed additional procedures, other matters might have come
to our attention that we would have reported to you. We completed our
agreedupon procedures on [date of completion].
We provided a draft of this letter, along with the enclosure, to your
representatives for review and comment. They agreed with the results
presented in this letter and its enclosure.
This letter is intended solely for the use of the management of
[Federal Entity] and should not be used by those who have not agreed to
the procedures or have not taken responsibility for the sufficiency of
the procedures for their purposes. However, the report is a matter of
public record and its distribution is not limited; thus, we will post
the report on our Web site and provide copies upon request. If you have
any questions, please call [name, title, and telephone number].
Sincerely yours,
[Signed]:
[Name of Director], Director:
Enclosure:
Results of Cash Counts:
Procedures:
We counted and totaled cash on hand for the petty cash fund as of
September 30, 20XX. We also listed and totaled the receipts on hand
evidencing disbursements from the fund. Finally, we compared the
combined total of cash and receipts available to the amount authorized
for the fund of $500.
Results:
We counted cash totaling $258.96 and scheduled 14 receipts totaling
$174.85 which accounted for $433.81 of the $500 in authorized petty
cash funds. In addition, the custodian provided us two separate Expense
Summary Report and Petty Cash Itemization Sheets and related receipts
for an additional $65.09, which had been submitted for reimbursement to
the fund. There remains an unexplained difference (shortage) of $1.10
between the authorized amount and the total cash and receipts
evidencing petty cash fund disbursements.
Section 700:
Internal Control:
701 – Assessing Agency Systems with the Federal Financial Management
Improvement Act (FFMIA)[Footnote 23]:
.01: Under FFMIA, agencies need to have systems that can generate
timely, reliable, and useful information with which to make informed
decisions and to provide accountability. FFMIA requires the 24 CFO Act
departments and agencies to implement and maintain financial management
systems that comply substantially with:
(1) federal financial management systems requirements; (2) applicable
federal accounting standards; and: (3) the U.S. Government Standard
General Ledger (SGL) at the transaction level.
.02: The law also requires auditors to state in their CFO Act financial
statement audit reports whether entities’ financial management systems
substantially comply with these three FFMIA requirements. OMB provided
FFMIA implementation guidance to help agencies and their auditors
determine compliance. This section also provides guidance for assessing
agency systems with FFMIA. It explains the FFMIA requirements and
discusses audit issues related to testing for compliance with the act.
An example audit program is included in FAM 701 A.
FFMIA Requirements:
.03: OMB Circular No. A-127, Financial Management Systems, addresses
the three FFMIA requirements and can be found at www.omb.gov. First,
regarding federal financial management systems requirements, the
circular prescribes policies and standards for executive branch
departments and agencies to follow in developing, operating,
evaluating, and reporting on financial management systems. In its FFMIA
implementation guidance, OMB identifies the applicable requirements
from OMB Circular No. A-127 that the entity and its auditors should
assess when determining FFMIA compliance.
The circular also refers to the federal financial management systems
requirements, a series of publications issued by the Joint Financial
Management Improvement Program (JFMIP), now issued by the Office of
Federal Financial Management (OFFM)[Footnote 24] as the source of
governmentwide requirements for financial management systems software
functionality. JFMIP’s Framework for Federal Financial Management
Systems issued in April 2004[Footnote 25] describes the basic elements
of an integrated financial system, including the core financial system.
Agency financial management systems fall into four categories: core
financial systems; other financial and mixed systems (such as
procurement, property, budget, payroll, and travel systems); shared
systems[Footnote 26]; and departmental executive information systems
(systems to provide information to all levels of management.)
.04: JFMIP/OFFM published systems requirements for the core financial
system and for some of the mixed or feeder systems which can be found
at [hyperlink, http://www.fsio.gov/fsio/fsiodata/]. The systems
requirements are either mandatory (required) or value-added (optional).
Agencies will use the mandatory functional and technical requirements
in planning system improvement projects, whereas the agencies may use
value-added requirements as needed. The core financial management
system affects all financial event transaction processing because it
maintains reference tables for editing and classifying data, controls
transactions, and maintains security. The core financial management
system consists of six functional areas: general ledger management,
funds management, payment management, receivable management, cost
management, and reporting.
.05: OMB Circular No. A-127 requires agencies to use for agency core
financial management systems commercial-off-the-shelf (COTS) software
that has been tested and certified through the JFMIP/Financial Systems
Integration Office (FSIO)[Footnote 27] software certification process.
Core financial management system certification does not mean that
agencies that install qualified software packages will have financial
systems that are in compliance with FFMIA. Many other factors can
affect the capability of the systems to comply with FFMIA, including
modifications made to the JFMIP/FSIOcertified core financial management
system software, the validity and completeness of data from feeder
systems, and whether internal controls are effective. The JFMIP/FSIO’s
certification process does not eliminate or significantly reduce the
need for agencies to develop and conduct a comprehensive testing effort
to determine whether the software product meets their requirements and
is working properly.
.06: The second requirement of FFMIA is the system’s use of federal
accounting standards, promulgated by FASAB. FASAB promulgates federal
accounting standards after considering the financial and budgetary
information needs of Congress, executive agencies, and other users of
federal financial information as well as comments from the public.
FASAB standards are at www.fasab.gov. FAM 560 describes the
relationship of the FASAB standards to the hierarchy of U.S. generally
accepted accounting principles.
.07: The third requirement of FFMIA is implementing the SGL at the
transaction level. The SGL provides a uniform chart of accounts and
guidance for use in standardizing federal agency accounting and
supports the preparation of standard external reports required by OMB
and Treasury. Information on the SGL can be found at [hyperlink,
http://www.fms.treas.gov/ussgl]. The SGL is defined in the latest
supplement, which is released annually to the Department of the
Treasury’s Treasury Financial Manual (TFM). The supplement is composed
of six major sections:
(1) chart of accounts,
(2) accounts and definitions,
(3) accounting transactions,
(4) account attributes for GFRS, FACTS I, and FACTS II
reporting,[Footnote 28] (5) crosswalks to standard external reports,
and: (6) crosswalks to the closing package.
.08: Each agency should implement a chart of accounts that is
consistent with the SGL and meets the agency’s information needs. OMB
Circular No. A-127 states that application of the SGL at the
transaction level means that financial management systems will process
transactions following the definitions and defined uses of the general
ledger accounts as described in the SGL. Transaction detail supporting
SGL accounts are required to be available in the financial management
systems and directly traceable to specific SGL account codes. In
addition, the agency should develop criteria for recording financial
events in all financial management systems that are consistent with
accounting transaction definitions and processing rules defined in the
SGL.
.09: FFMIA requires the CFO Act agency financial statement auditors to
report (1) whether the entity’s financial management systems
substantially complied with FFMIA requirements, or (2) instances in
which the entity’s systems did not substantially comply with the
requirements (or state that the audit disclosed no instances in which
the reporting entity’s systems did not substantially comply). Auditors
who report that agency financial management systems do not
substantially comply with FFMIA requirements should include in their
reports:
(1) The entity or organization responsible for the financial management
systems that have been found not to be substantially compliant and all
pertinent facts relating to the noncompliance.
(2) The nature and extent of the noncompliance including areas in which
there is substantial but not full compliance.
(3) The primary reason or cause of the noncompliance.
(4) The entity or organization responsible for the noncompliance.
(5) Any relevant comments from any responsible officer or employee.
(6) A statement with respect to the recommended remedial actions for
each instance of noncompliance and the entity’s estimated time frames
for implementing these actions.
FFMIA as well as OMB’s FFMIA implementation guidance require agencies
to report whether the agencies’ financial management systems
substantially comply with FFMIA requirements. Agencies should prepare
remediation plans that include resources, remedies, and intermediate
target dates necessary to bring the agency’s financial management
systems into substantial compliance.
.10: According to OMB’s FFMIA implementation guidance, auditors should
plan and perform their audit work in sufficient detail to enable them
to determine the degree of compliance and report on instances of
noncompliance for all of the applicable FFMIA requirements. The
guidance describes requirements from OMB Circular No. A-127 that
agencies should meet to achieve compliance and provides indicators of
compliance.[Footnote 29] The indicators included in OMB’s
implementation guidance are examples. The four primary factors OMB
identifies as critical to assessing compliance with FFMIA are
determining whether agencies can:
(1) Prepare financial statements and other required financial and
budgetary reports using information generated by the financial
management system(s).
(2) Provide reliable and timely financial information for managing
current operations.
(3) Account for their assets reliably, so that they can be properly
protected from loss, misappropriation, or destruction.
(4) Do all of the above in a way that is consistent with federal
accounting standards and the Standard General Ledger.
Audit Issues:
.11: Auditors should design and implement appropriate testing to apply
the criteria in FFMIA. For example, in performing financial statement
audits, auditors generally should evaluate the capability of the
financial management systems to process and summarize financial
information that flows into agency financial statements. In contrast,
under FFMIA auditors must assess and report on whether an agency’s
financial management systems substantially comply with systems
requirements. To do this, auditors should determine whether agency
systems provide complete, accurate, and timely information for managing
day-to-day operations as discussed in FAM 701.10 and OMB guidance. This
is based on a Congressional expectation, in enacting FFMIA, that agency
managers have necessary information to measure performance on an
ongoing basis rather than just at year-end.
.12: As a result of the overlapping scope and nature of FFMIA
assessments and financial statements audits, the auditor may use the
audit work performed as part of the financial statement audit. In the
example audit program at FAM 701 A for testing controls for compliance
with FFMIA, several procedures indicate that the auditor may have
performed the procedure as part of the financial statement audit;
whereas, other procedures needed to assess FFMIA compliance require
additional work not normally performed in financial statement audits.
.13: While the example audit procedures provides steps the auditor may
perform, the auditor may tailor the steps to satisfy the objectives or
intent of the step. Because of the broad scope of federal operations
and the many variations that can and do flow from such a broad scope,
the degree of specificity in the example audit program varies. For
example, each agency will likely use a variety of reports for managing
operations. These reports may be on line electronically or in hard
copy. Auditors may use other work that addresses the objectives of the
example audit procedures.
.14: As discussed in FAM 350, the auditor need not perform specific
tests of the systems compliance with FFMIA requirements for agencies
with longstanding, well-documented financial management systems
weaknesses that severely affect the systems’ ability to comply with
FFMIA. The auditor should evaluate management’s process for determining
whether its systems substantially comply with FFMIA and report any
deficiencies in management’s process along with previously identified
problems.
.15: FAM 580.65-.67 and FAM 595 A provide FFMIA reporting guidance to
the auditor. FAM 595 B provides guidance to the auditor for reporting a
systems’ lack of substantial compliance. FAM 580.35-.37 provides
guidance to the auditor on reporting for FMFIA. For FISMA
considerations, the auditor should refer to FAM 260.67-.70 and FAM
580.38-.39. FAM 1603 provides guidance that GAO auditors should use to
provide an opinion on compliance with FFMIA.
701 A – Example Audit Procedures for Testing Systems for Compliance
with FFMIA:
Entity:
Date of review:
Job code:
Objective: FFMIA requires the 24 departments and agencies covered by
the CFO Act to implement and maintain financial management systems that
comply substantially with (1) federal financial management systems
requirements, (2) applicable federal accounting standards, and (3) the
U.S. Government Standard General Ledger (SGL) at the transaction level.
OMB also requires certain designated entities to determine FFMIA
compliance. The objective of these audit procedures are to assess
whether agencies’ systems’ comply with FFMIA requirements.
Procedure: I. Planning (May be combined with the work to plan the
financial statement audit): A. To understand the FFMIA requirements,
read:
* Federal Financial Management Improvement Act (FFMIA), P.L. 104-208.
* Audit Requirements for Federal Financial Statements (OMB Audit
Guidance).
* Revised Implementation Guidance for the Federal Financial Management
Improvement Act (OMB Memorandum, January 4, 2001).
* JFMIP/OFFM Publications of Federal Financial Management System
Requirements including the Framework and Core Financial System
Requirements.
* Financial Reporting Requirements (OMB Circular No. A-136).
* FASAB Standards.
* Treasury Financial Manual (TFM) sections related to the SGL (see
transmittal letter S2--02 and TFM Volume I, Part 2, Chapter 4700).
* Management’s Responsibility for Internal Control (OMB revised
Circular No. A-123).
* Financial Management Systems (OMB Circular No. A-127).
* Management of Federal Information Resources (OMB Circular No. A-130).
* Federal Information Security Management Act of 2002 (FISMA), Title
III, E-Government Act of 2002 Pub. L. No 107-347; Done by/date:
[Empty];
Doc Ref.: [Empty].
Procedure: B. Read the prior year’s audit documentation and audit
report to identify (1) the auditors’ FFMIA determinations, (2) reported
instances of noncompliance with FFMIA, and (3) material weaknesses and
significant deficiencies related to the entity’s financial management
systems.
* Prepare a schedule of the previously identified deficiencies for
follow up. See FAM 701 B for an example of the schedule; Done by/date:
[Empty];
Doc Ref.: [Empty].
Procedure: C. Read the most recent FMFIA, FISMA[Footnote 29], IG, and
GAO reports and internal control documentation from the financial
statement audit or other reports related to financial systems. Evaluate
the impact of any reported weaknesses on the FFMIA assessment.
* Obtain an update on the status of the issues and document problems
identified in the schedule in FAM 701 B; Done by/date: [Empty];
Doc Ref.: [Empty].
Procedure: D. Read the cycle memoranda for each of the audit cycles
completed for the current year audit. Document issues related to FFMIA
compliance in the schedule in FAM 701 B; Done by/date: [Empty];
Doc Ref.: [Empty].
Procedure: E. From the work performed in part I (planning), decide
whether it is necessary to perform the remaining steps. If the
information gathered indicates “longstanding, welldocumented financial
management systems weaknesses” that preclude compliance with FFMIA
requirements, then: 1. Document recognition of longstanding,
welldocumented financial management systems weaknesses and identify the
source for this conclusion. 2. Obtain and document an understanding of
management’s process for determining whether its systems comply with
FFMIA requirements. Report any deficiencies identified in management’s
process. 3. Complete step V (summary), except for completion of the
schedule in FAM 701 B; Done by/date: [Empty];
Doc Ref.: [Empty].
Procedure: II. Testing for Compliance with Federal Financial Management
Systems Requirements: A. Ask whether the entity has an entity wide
inventory of its systems. If so, obtain the inventory and any
supporting documentation; Done by/date: [Empty];
Doc Ref.: [Empty].
Procedure: B. From the entity’s inventory of systems, identify the core
financial management systems and the feeder systems. 1. Document the
key internal controls and theinformation flows between the core
financial systems and the feeder systems in a flowchart or narrative.
(The auditor may perform this step as part of the internal control
phase).
a. Determine whether the feeder systems are integrated or interfaced
with the core financial system. Note: Feeder systems that are
integrated with the core financial system share data tables. Therefore,
the entity need not prepare reconciliations.
b. If the feeder systems interface with the core systems, determine
whether reconciliations are performed between the systems. If
reconciliations are performed, determine how often and by whom; assess
the adequacy of the reconciliation, including follow-up activities and
supervisory review.
c. Through interviews with entity management and reading of systems
documentation, determine if the entity’s systems have detective
controls (i.e., batch control or hash totals or supervisory reviews)
and preventive controls (i.e. segregated duties, appropriate
authorizations, or access controls) to process transactions properly
and timely. (The auditor may perform this step as part of the internal
control phase); Done by/date: [Empty]; Doc Ref.: [Empty].
Procedure: 2. Using the documentation prepared in step II.B.1 above,
identify those JFMIP/OFFM financial management systems requirements
that are applicable to the entity’s operations. For example, for those
agencies that do not have grant or loan programs, the auditor would not
need to assess whether JFMIP/OFFM requirements related to grants or
loans are applicable. Document the results; Done by/date: [Empty]; Doc
Ref.: [Empty].
Procedure: C. Determine whether the entity’s core financial management
system and the financial portions of its applicable feeder systems, as
identified in step II.B.2 above, conform to JFMIP/OFFM federal
financial management systems requirements.
* Ask whether the entity’s core financial management system is a
JFMIP/FSIO-certified COTS system.[Footnote 30] If so, ask which version
of the software is being used and obtain the entity’s FSIO
certification for that software version. [Agencies replacing software
to meet core financial system requirements must use JFMIP/FSIO
certified core financial management systems as required by OMB Circular
No. A-127 Financial Management Systems, but it is not an automatic
noncompliance issue.]
* During implementation of a JFMIP/FSIO-certified core financial
system, agencies can make changes and select options that could
adversely affect the original certification. Auditors cannot rely
solely on the original JFMIP/FSIO certification as sufficient evidence
of compliance with FFMIA. Perform testing to determine whether agency
specific enhancements to an otherwise JFMIP/FSIO-certified system
render the system non-compliant; Done by/date: [Empty]; Doc Ref.:
[Empty].
Procedure: 1. Ask whether there have been significant changes in the
entity’s automated business processes since compliance testing with
JFMIP/OFFM requirementswere last performed. If so, ask whether the
entity has performed an assessment of any new functionality using the
JFMIP/OFFM system requirements documents, GAO checklists, or similar
tools. Document the results; Done by/date: [Empty]; Doc Ref.: [Empty].
Procedure: 2. For those agencies with a core financial management
system that is not a JFMIP/FSIO-certified COTS and for any feeder
systems, obtain any analyses performed by entity management to support
its FFMIA and FMFIA assessments that document how the entity’s systems
conform to the applicable JFMIP/OFFM systems requirements. If
management has not performed an analysis of systems functionality, go
to step C.5; Done by/date: [Empty]; Doc Ref.: [Empty].
Procedure: 3. Select several important functions that management has
reported as complying with the systems requirements and determine if
management’s assessment can be relied upon using JFMIP/OFFM system
requirement documents, GAO checklists, or other similar tools; Done
by/date: [Empty]; Doc Ref.: [Empty].
Procedure: 4. If management’s results cannot be relied upon for each
system, assess the functionality of the applicable systems using
JFMIP/OFFM system requirement documents, GAO checklists or other
similar tools; Done by/date: [Empty];
Doc Ref.: [Empty].
Procedure: 5. Document in FAM 701 B, the instances and related impact
in which the entity’s systems did not comply with JFMIP/OFFM
requirements; Done by/date: [Empty]; Doc Ref.: [Empty].
Procedure: D. Ask line manager if they receive appropriate reports that
are significant to performing day-to-day management operations. 1.
Determine the adequacy of reports used to manage day-to-day operations.
a. For reports that are produced by the entity’s financial management
systems, ask knowledgeable users, read the entity’s financial
management systems documentation, and from other audit work, use
professional judgment to determine if the reports produced by the
systems are timely, useful, reliable, complete, and appropriately
summarized for the management level receiving the report. Use
professional judgment, entity policy, and/or criteria evident from each
report to determine its timeliness and accuracy. For example, if a
report is due by the 10th of each month, determine whether it was
provided by the 10th of each month. If only on-line access is provided
for important internal reports, through observation, documentation, and
inquiry—such as obtaining systems logs and asking key managers about
their work habits—assess whether the reports were available and
accessed. Through inquiry and observation, assess if management uses
the reports to manage operations. Ask management what improvements are
needed in the current reporting methods. Document the results; Done
by/date: [Empty]; Doc Ref.: [Empty].
Procedure: D. Ask line manager if they receive appropriate reports that
are significant to performing day-to-day management operations. 1.
Determine the adequacy of reports used to manage day-to-day operations.
a. For reports that are produced by the entity’s financial management
systems, ask knowledgeable users, read the entity’s financial
management systems documentation, and from other audit work, use
professional judgment to determine if the reports produced by the
systems are timely, useful, reliable, complete, and appropriately
summarized for the management level receiving the report. Use
professional judgment, entity policy, and/or criteria evident from each
report to determine its timeliness and accuracy. For example, if a
report is due by the 10th of each month, determine whether it was
provided by the 10th of each month. If only on-line access is provided
for important internal reports, through observation, documentation, and
inquiry—such as obtaining systems logs and asking key managers about
their work habits—assess whether the reports were available and
accessed. Through inquiry and observation, assess if management uses
the reports to manage operations. Ask management what improvements are
needed in the current reporting methods. Document the results; Done
by/date: [Empty]; Doc Ref.: [Empty].
Procedure: b. If the reports were not produced by the entity’s
financial management systems, ask how the reports were prepared and
perform a similar assessment as described in step D.1.a; Done by/date:
[Empty]; Doc Ref.: [Empty].
Procedure: 2. Determine whether appropriate levels of management
receive adequate and timely management information. See FAM 903.12 for
questions related to determining FFMIA systems’ compliance with SFFAS
No. 4. a. Using professional judgment and industry best practices,
identify internal management performance-related information needed for
managing day-to-day operations. b. Determine whether appropriate levels
of management receive the information identified in step D.2.a. c. If
full costing is not used in these management reports, assess whether
the lack of full cost information affects the usefulness of the
information. Evaluate management’s justification that full costing
would not be beneficial for the internal reports. This may need to be
assessed on a case-by-case basis; Done by/date: [Empty]; Doc Ref.:
[Empty].
Procedure: 3. Include any deficiencies identified and related impact in
the schedule shown in FAM 701 B; Done by/date: [Empty]; Doc Ref.:
[Empty].
Procedure: E. Identify the entity’s external reports that are related
to financial management such as those used for budget formulation and
execution, fiscal management of entity programs, funds management,
payments and receipts management, and to support the legal, regulatory,
and other special requirements of the entity. 1. Through interviews
with knowledgeable users and reading of the entity’s financial
management system documentation, determine if the reports are produced
by the systems. a. For external reports that are tested as part of the
financial statement audit, include any deficiencies identified and the
related impact in FAM 701 B. b. For external reports that are not
tested as part of the financial statement audit, using professional
judgment select several reports and assess whether the reports are
reliable, timely, and complete. Include any deficiencies identified and
the related impact in FAM 701 B; Done by/date: [Empty]; Doc Ref.:
[Empty].
Procedure: 2. As an indicator of systems deficiencies, determine the
magnitude and type of adjustments made to prepare financial statements
each quarter and annually; Done by/date: [Empty]; Doc Ref.: [Empty].
Procedure: F. Determine if the entity’s financial management systems
track financial events and summarize information to facilitate the
preparation of auditable financial statements. This determination can
result from work performed as part of the financial statement audit.
Document the deficiencies and the related impact in the schedule shown
in FAM 701 B; Done by/date: [Empty]; Doc Ref.: [Empty].
Procedure: G. Determine if the financial management systems enable the
entity to prepare, execute, and report on the entity’s budget in
accordance with the requirements of OMB Circular No. A-11, Preparation,
Submission and Execution of the Budget. This determination can result
from work performed as part of the financial statement audit. Document
the deficiencies and the related impact in the schedule shown in FAM
701 B; Done by/date: [Empty]; Doc Ref.: [Empty].
Procedure: H. Coordinate with an IS controls specialist to determine if
the entity has implemented and maintains a program to provide adequate
security for all entity information that is collected, processed,
transmitted, stored, or disseminated in financial management systems.
1. Have the IS controls specialist review the annual management testing
and evaluation of the effectiveness of information security, policies,
procedures, and practices in accordance with the Federal Information
Security Management Act of 2002 (FISMA); Done by/date: [Empty]; Doc
Ref.: [Empty].
Procedure: 2. Document the deficiencies and related impact identified
by the IS controls specialist in the schedule shown in FAM 701 B; Done
by/date: [Empty];
Doc Ref.: [Empty].
Procedure: I. Determine if financial management systems include
internal control to safeguard resources against waste, loss, and
misuse, and whether reliable data are obtained, maintained, and
disclosed in system generated reports. The auditor may obtain some of
the information needed to make this determination from the work
performed in the internal control phase. The auditor may identify other
systems internal control weaknesses from other audit reports reviewed
and steps performed. Document the results in FAM 701 B; Done by/date:
[Empty]; Doc Ref.: [Empty].
Procedure: III. Testing for Compliance with the Federal Accounting
Standards: A. Determine if the entity’s financial statements are
compiled in accordance with applicable accounting standards:
* Determine if any issues reported as part of the financial statement
audit were related to the lack of the entity’s implementation of the
accounting standards in their systems or the standards were not
properly applied because of inadequate or improperly implemented manual
procedures. Document the results in the schedule shown in FAM 701 B;
Done by/date: [Empty];
Doc Ref.: [Empty].
Procedure: B. Perform tests to determine if the entity’s cost
accounting systems:
* use the entity’s accounting classification elements to identify and
establish unique cost objects to capture, accumulate, and report costs
and revenues;
* allocate and distribute the full cost and revenue of cost objects as
defined by OMB including services provided by one federal entity to
another for external reporting; and:
* transfer cost data directly to and from other cost
ystems/applications that produce or allocate cost information. Also,
see step II.D.2 of these audit procedures; Done by/date: [Empty]; Doc
Ref.: [Empty].
Procedure: C. From the deficiencies identified in performing steps in
FAM 701 A (testing for compliance with federal financial management
systems requirements) and from tests conducted as part of the financial
statement audit, determine if the financial systems record and
summarize transactions in accordance with applicable accounting
standards. Document the results and the related impact in the schedule
shown in FAM 701 B; Done by/date: [Empty]; Doc Ref.: [Empty].
Procedure: IV. Testing for Compliance with the SGL: A. Determine
whether the entity financial management systems use financial data that
can be traced directly to SGL accounts to produce reports providing
financial information for both internal and external reporting. 1. Ask
entity management and from the documentation prepared in step II.B.1
above, determine how financial transaction data are summarized from the
financial systems to the core financial system; Done by/date: [Empty];
Doc Ref.: [Empty].
Procedure: 4. Document any deficiencies and the related impact in the
schedule shown in FAM 701 B; Done by/date: [Empty]; Doc Ref.: [Empty].
Procedure: B. Ask whether the entity uses a crosswalk from its chart of
accounts for its core financial management system to the SGL. If so,
perform tests to determine the accuracy of the crosswalk. 1. Trace all
SGL accounts to the crosswalk; Done by/date: [Empty]; Doc Ref.:
[Empty].
Procedure: 2. Identify any SGL accounts that are not included in the
crosswalk. Identify any entity accounts not associated with an SGL
account in the crosswalk; Done by/date: [Empty]; Doc Ref.: [Empty].
Procedure: 3. Compare the posting rules used by the system to those
included in the SGL to determine whether the posting rules used by the
system conform to the SGL; Done by/date: [Empty]; Doc Ref.: [Empty].
Procedure: 4. Document deficiencies and the related impact in the
schedule shown in FAM 701 B; Done by/date: [Empty];
Doc Ref.: [Empty].
Procedure: V. Summary:
A. Summarize the results of the work performed above and assess the
entity’s compliance with the federal financial management systems
requirement of FFMIA. 1. Finalize the schedule of the FFMIA
noncompliances identified in the schedule prepared in FAM 701 B; Done
by/date: [Empty]; Doc Ref.: [Empty].
Procedure: 2. Read the entity’s management representation letter
covering the year under audit to obtain the entity management’s FFMIA
determination. a. Document the entity or organization responsible for
the financial management systems that have been found not to comply. b.
Document facts pertaining to the: i. nature and extent of the
noncompliance and areas where there is substantial but not full
compliance; ii. primary reason or cause of the noncompliance; iii.
impact of the noncompliance; and: iv. relevant comments from any
responsible officer or employee. c. Assess the recommended remedial
actions for each instance of noncompliance and management’s time frames
for implementing these actions. Include this assessment in the schedule
in FAM 701 B; Done by/date: [Empty]; Doc Ref.: [Empty].
Procedure: 3. After reviewing the nature and extent of deficiencies
identified, conclude whether the systems deficiencies identified
constitute lack of substantial compliance with FFMIA requirements.
Consider the four factors from OMB’s FFMIA implementation guidance when
drawing this conclusion; Done by/date: [Empty]; Doc Ref.: [Empty].
Procedure: 4. Prepare the FFMIA section of the report. See FAM 580.65-
.67 and FAM 595 A, FAM 595 B, and FAM 1603, as appropriate; Done
by/date: [Empty];
Doc Ref.: [Empty].
Table: 701 B – Summary Schedule of Instances of Systems Noncompliance
with FFMIA:
[See PDF for image]
[End of table]
Section 800:
Compliance:
802 - General Compliance Checklist:
.01: The compliance testing section consists of a General Compliance
Checklist (questionnaire) for identifying laws and regulations for
compliance testing. It also supplements the laws OMB requires auditors
of executive departments, agencies and government corporations to test
for compliance (see FAM 295.01 H) and other laws of general
applicability auditors may decide to test during federal financial
audits (see FAM 295.02 H). The compliance supplements provide detailed
guidance for assessing the effectiveness of compliance controls and
testing compliance with the significant provisions of each law. .02 The
auditor generally should complete the General Compliance Checklist
(Form 802), or equivalent, for federal financial statement audits. With
the exception of the Antideficiency Act which has no materiality limit,
the auditor should decide if an individual law is significant for
purposes of compliance testing. The auditor generally should complete
compliance supplements only for laws required to be tested (FAM 802.06)
and for other laws (FAM 802.07) identified for compliance testing on
the General Compliance Checklist. Use of these documents is described
below.
.03: To understand and evaluate compliance controls, the auditor also
should follow the guidance in FAM 260 on identifying risk factors and
in FAM 320 on understanding information systems. The FAM also provides
additional guidance on compliance considerations for all audit phases.
Instructions For General Compliance Checklist
.04: The checklist contains a summary of each law. The auditor
generally should use this checklist or equivalent to determine which of
these laws are significant for testing compliance, as discussed in FAM
245. The auditor may indicate whether each law meets the criteria for
significance by placing a check mark in the appropriate column (yes or
no). As noted in FAM 295 H, auditors should test certain laws and may
also test for other laws if they could have a direct and material
effect on the financial statements.
.05: The auditor may use estimates or interim information in the
preliminary column. The final amounts (based on the audited amounts or
the final amounts of available budget authority) are used to determine
whether all laws that would be significant in quantitative terms have
been identified for control and compliance testing. The auditor should
document the sources of all amounts included in this checklist. If the
auditor determines the law is significant from a qualitative
standpoint, the auditor should document the reasons for this
conclusion.
.06 Laws required for testing (if applicable)[Footnote 31] contained in
supplements to the General Compliance Checklist (Form 802) are:
Law: Antideficiency Act;
Supplement number: FAM 803.
Law: Federal Credit Reform Act of 1990 (FCRA); Supplement number: FAM
808.
Law: Provisions Governing Claims of the U.S. Government as provided
primarily in 31 U.S.C. 3711-3720E (Including the Debt Collection
Improvement Act of 1996 (DCIA); Supplement number: FAM 809.
Law: Prompt Payment Act;
Supplement number: FAM 810.
Law: Pay and Allowance System for Civilian Employees as Provided
Primarily in Chapters 51-59 of Title 5, U.S. Code; Supplement number:
FAM 812.
.07: Other frequently encountered laws contained in supplements to the
General Compliance Checklist (Form 802) that the auditor may test are:
Law: Civil Service Retirement Act; Supplement number: FAM 803.
Law: Federal Employees Health Benefits Act; Supplement number: FAM 803.
Law: Federal Employees’ Compensation Act; Supplement number: FAM 803.
Law: Federal Employees’ Retirement System Act of 1986; Supplement
number: FAM 803.
Entity:
Period of financial statements:
Job code:
Table:
Description of Law: Antideficiency Act, 31 U.S.C. 1341 and 1517: This
law imposes restrictions on the amounts of obligations or expenditures
that agencies may make. As discussed in FAM 250, the auditor should
obtain information on the entity’s budget authority, from sources such
as appropriation legislation, and identify all legally binding
restrictions on budget execution. Does the entity have appropriations
or funds that are limited to an amount or a specified period of
availability? OMB audit guidance requires auditors to test for
compliance with this law. Individual: Preliminary/Final;
Budget authority: Preliminary/Final; Since the Act has no materiality
limit, the auditor should complete the compliance supplement at FAM
803; Yes: [Empty]; No: [Empty].
Description of Law: Federal Credit Reform Act of 1990 (FCRA), 2 U.S.C.
661-661f This law contains numerous provisions relating to the
recording of activity related to direct loans, loan guarantees, and
related modifications for budget accounting purposes. The law provides
that after October 1, 1991, an agency may incur new direct loan
obligations or make new loan guarantee commitments only to the extent
that Congress has provided budget authority to cover the costs of the
loan or loan guarantee. Does the entity’s budget authority available
during the audit period for direct loan obligations, loan guarantee
commitments, or any related modifications exceed planning materiality
or did the auditor determine that the FCRA could have a direct and
material effect on the entity’s financial statements? OMB audit
guidance requires auditors to test for compliance with this law. Total
appropriations or other budget authority available during the fiscal
year for costs of FCRA activities (direct loans, loan guarantees, and
related modifications): Preliminary/Final; Planning materiality:
Preliminary/Final; If yes, complete compliance supplement FAM 808; Yes:
[Empty]; No: [Empty].
Description of Law: Provisions Governing Claims of the U.S. Government,
Including the Debt Collection Improvement Act of 1996 (DCIA), 31 U.S.C.
3711-3720E
These provisions address the collection of amounts owed to the federal
government. Interest generally accrues from the date that a notice
stating the amount due and the interest policies is first mailed to the
debtor. Interest generally accrues at a rate established by the
Secretary of the Treasury. Administrative costs and penalties shall
also be charged.
The provisions also require the entity to take all appropriate steps to
collect the debt before discharging it and to notify Treasury about
delinquent debt for administrative offset, collection by a debt
collection center, or tax refund offset. Entities shall also
participate in a computer match of delinquent debt with federal
employees, and when collection actions are terminated, the entity
holding delinquent debt shall sell it. Provisions also require the
entity (or entities making loans the government guarantees) to notify
credit-reporting agencies about delinquent debt and not make or
guarantee loans to persons who owe delinquent debt.
Does the cumulative amount of receivables created during the audit
period that are subject to provisions governing claims of the U.S.
government, including DCIA, exceed planning materiality? Does the
amount of receivables at the end of the audit period that are subject
to provisions governing claims of the U.S. government, including DCIA,
exceed planning materiality?
Did the auditor determine that laws governing claims of the U.S.
government, including the DCIA, could have a direct and material effect
on the entity’s financial statements? OMB audit guidance requires
auditors to test for compliance with this law.
Provisions Governing Claims of the U.S. Government, Including the Debt
Collection Improvement Act of 1996 (DCIA), 31 U.S.C. 3711-3720E:
Cumulative amount of receivables created during the audit period that
are subject to provisions governing claims of the U.S. government,
including DCIAL: Preliminary/Final; or: Amount of receivables at the
end of the audit period that are subject to provisions governing claims
of the U.S. government, including DCIA: Preliminary/Final; Planning
materiality: Preliminary/Final; If yes, complete compliance supplement
FAM 809. Note: These provisions of the law generally do not apply to
amounts payable to the entity under the Internal Revenue Code, the
Social Security Act, or tariff laws. Those laws contain specific
provisions for these amounts; Yes: [Empty];
No: [Empty].
Description of Law: Prompt Payment Act, 31 U.S.C. 3901- 3907: The
Prompt Payment Act requires federal entities to make payments for
property or services by the due date specified in the related contract
or, if a payment date is not specified in the contract, generally 30
days after the invoice for the amount due is received. If payments are
not made within the appropriate period, the entity shall pay an
interest penalty. Also, discounts offered by vendors may be taken only
during the specified period. If they are taken after the time period
has expired, an interest penalty shall be paid. Do the entity’s
payments for property or services subject to the Prompt Payment Act for
the audit period exceed planning materiality or did the auditor
determine that the Prompt Payment Act could have a direct and material
effect on the entity’s financial statements? OMB audit guidance
requires auditors to test for compliance with this law. Amount of
payments made for property and services subject to the Prompt Payment
Act: Preliminary/Final; Planning materiality: Preliminary/Final; If
yes, complete compliance supplement FAM 810; Yes: [Empty]; No: [Empty].
Description of Law: Pay and Allowance System for Civilian Employees,
provided primarily in Chapters 51-59 of Title 5, U.S. Code: These laws
require that employees be paid at the appropriate rates established by
law. Does the entity’s payroll expense for the audit period exceed
planning materiality or did the auditor determine that the Pay and
Allowance System for Civilian Employees (as provided primarily in
Chapters 51-59 of Title 5, U.S. Code) could have a direct and material
effect on the entity’s financial statements? OMB audit guidance
requires auditors to test for compliance with this law. Payroll
expense: Preliminary/Final; Planning materiality: Preliminary/Final; If
yes, complete compliance supplement FAM 812. The entity’s expense for
performance awards, cash awards, overtime, travel, transportation,
subsistence, or allowances for the audit period usually do not exceed
planning materiality. However, if the auditor determines that these
items or related provisions of the Pay and Allowance System for
Civilian Employees are otherwise significant, the auditor should
consult with the Office of General Counsel (OGC) for specific
provisions to be compliance tested; If yes, complete compliance
supplement FAM 810; Yes: [Empty]; No: [Empty].
Description of Law: Civil Service Retirement Act, 5 U.S.C. Chapter 83:
This law provides retirement benefits to employees who were hired prior
to January 1, 1984. For each employee, the entity withholds a
percentage of basic pay from the employee’s compensation and
contributes an equal amount for retirement. The employee and entity
amounts are remitted to Treasury. Does the entity’s expense for
retirement costs under the Civil Service Retirement Act for the audit
period exceed planning materiality or did the auditor determine that
provisions of the Civil Service Retirement Act could have a direct and
material effect on the entity’s financial statements? Expense for
retirement contributions: Preliminary/Final; Planning materiality:
Preliminary/Final; If yes, complete compliance supplement FAM 813; Yes:
[Empty]; No: [Empty].
Description of Law: Federal Employees Health Benefits Act, 5 U.S.C.
Chapter 89: This law provides health insurance coverage to employees
who elect health insurance benefits. For each employee who elects
coverage, the entity pays an amount set by OPM for insurance costs. The
entity portion cannot exceed 75 percent of the insurance cost. The
employee pays the remainder of the total cost. Information on the
employee and entity cost of the insurance is published by OPM. The
entity withholds the amount of the employee’s portion of the cost from
the employee’s pay and remits this amount, along with its own
contribution, to Treasury. Does the entity’s expense for health
insurance costs for the audit period exceed planning materiality or did
the auditor determine that the Federal Employees Health Benefits Act
could have a direct and material effect on the entity’s financial
statements? Preliminary Final Expense for health insurance:
Preliminary/Final; Planning materiality: Preliminary/Final; If yes,
complete compliance supplement FAM 814; Yes: [Empty]; No: [Empty].
Description of Law: Federal Employees’ Compensation Act (FECA), 5
U.S.C. Chapter 81: This law provides for the compensation of employees
injured while performing their duties. Claims are paid out of the
Federal Employees’ Compensation Fund. Federal entities are billed
annually by the fund for claims paid on their behalf. Does the entity’s
expense for the audit period for benefits paid by the Federal
Employees’ Compensation Fund on the entity’s behalf exceed planning
materiality or did the auditor determine the FECA could have a direct
and material effect on the entity’s financial statements?; Expense for
Compensation Fund claims: Preliminary/Final; Planning materiality:
Preliminary/Final; If yes, complete compliance supplement FAM 816; Yes:
[Empty]; No: [Empty].
Description of Law: Federal Employees’ Retirement System (FERS) Act of
1986, 5 U.S.C. Chapter 84: This law provides retirement benefits for
employees who were hired after December 31, 1983. For each employee,
the entity withholds a percentage of basic pay from the employee’s
compensation and contributes an amount equal to the employing agency’s
applicable normal cost percentage less the employee deduction rate for
retirement. The employee and entity amounts are remitted to Treasury.
Does the entity’s expense for retirement costs under the FERS Act for
the audit period exceed planning materiality or did the auditor
determine that the FERS Act could have a direct and material effect on
the entity’s financial statements?; Expense for retirement
contributions: Preliminary/Final; Planning materiality:
Preliminary/Final; If yes, complete compliance supplement FAM 817; Yes:
[Empty]; No: [Empty].
Description of Law: Other Laws: The auditor should perform the
following procedures and include references to supporting
documentation: 1. As described in FAM 245.02, read the list of laws and
regulations identified by the entity as significant to others. (See .)
2. With OGC assistance, identify any other laws or regulations that
have a direct effect on determining financial statement amounts.
Determine whether the direct effect could be material to the financial
statements. (See .) 3. Determine whether to test compliance with any
indirect laws or regulations and make inquiries of management as
discussed in FAM 245.04-.06. See .) 4. For all laws or regulations
identified for testing above, identify significant provisions using the
criteria in FAM 245.02. Test compliance controls and compliance as
described in FAM 300 and FAM 460. Are any other laws or regulations
identified for compliance testing? If yes, attach a list of the laws or
regulations identified to this form and reference it to control and
compliance work performed; Yes: [Empty]; No: [Empty].
Instructions For Compliance Supplements .08: Each compliance supplement
in FAM 803-817 consists of (1) a compliance summary, (2) compliance
audit procedures, and (3) notes.
Compliance Summary:
.09: For each law identified for compliance testing on the General
Compliance Checklist, the auditor generally should complete the related
compliance summary or prepare equivalent documentation. The compliance
summary is designed to assist the auditor in planning compliance
control tests and summarizing the results of compliance control tests
and compliance tests for reporting the results of the work performed.
.10: The first column of the compliance summary contains a description
of the specific provisions of the law that have been identified for
compliance testing, the type of provision, and the reference to the
law.
.11: The second column of the compliance summary contains the objective
related to the specific provision to be used for both compliance
control and compliance testing.
.12: In the third column of the compliance summary, the auditor should
identify the control activities that the entity has in place to achieve
each objective and document the control activity. If the entity does
not have a control activity that achieves the objective, the auditor
should document this condition in the third column.
.13: The fourth column of the compliance summary is used to indicate
(Yes or No) whether the control activity is information systems (IS)
related as described in FAM 270.04. IS controls are those the
effectiveness of which depends on computer processing. They can
generally be classified into general, application, and user controls.
The auditor generally should perform tests of IS controls with
assistance from an IS specialist.
.14: The fifth column of the compliance summary indicates whether the
auditor believes that compliance controls are effective (Yes or No).
The auditor should design control tests to determine whether the
control activities that have been identified in the third column are in
place and operating effectively. A control activity is considered to be
effective if it achieves the control objective. The auditor should
provide a reference in the fifth column to the supporting documents of
the control testing procedures, the control tests, the results of these
tests, and the auditor’s conclusions on the effectiveness of the
compliance controls.
.15: The sixth column of the compliance summary indicates whether the
auditor has noted any instances of noncompliance (Yes or No). The
auditor generally should perform compliance tests using the related
Compliance Audit Procedures in the next paragraph. The auditor should
provide a reference in the sixth and last column to the supporting
documents of the results of the compliance tests.
Compliance Audit Procedures:
.16: Compliance audit procedures are provided for each law. For each
law identified for compliance testing on the General Compliance
Checklist, the auditor generally should perform each step of the
related compliance audit procedures in the first column. Because the
subject matter of some laws is closely related to matters the auditor
will test in other parts of the audit, the auditor may coordinate with
that other testing and design multipurpose tests. For example, payroll
compliance testing could be performed using multipurpose tests of
payroll controls and/or substantive payroll testing.
The auditor performing the procedure in the first column should initial
and date in the second column when the procedure is performed. The
auditor should include a reference to the documentation recording the
work performed for each step in the third and last column of the
compliance audit procedures.
Notes:
.17: Notes are provided for each compliance supplement to assist the
auditor in understanding criteria, definitions, exemptions, and
restrictions of law. The notes also provide guidance to the auditor in
testing and evaluating controls to achieve the compliance objective.
803 – Antideficiency Act:
Note: The auditor may complete this compliance summary or prepare
equivalent documentation as provisions of the Antideficiency Act are
applicable to entities receiving federal funds, with no limit on
materiality. OMB guidance on budget execution, including the
Antideficiency Act, is included in OMB Circular A-11, Part 4.
Table:
[See PDF for image]
[End of table]
Note: The auditor may perform these procedures or prepare equivalent
documentation for the Antideficiency Act as indicated on Form 802 -
General Compliance Checklist at FAM 802-3. These procedures test
compliance with the provisions listed on the Compliance Summary for
this law.
Name of entity:
Audit period:
Reviewed by:
Table:
Audit Procedures: 1. List the appropriations or other budget authority
and the related budget accounts that were identified for compliance
testing on Form 802 - General Compliance Checklist. Per FAM 802-3, the
auditor should identify all legally binding restrictions on budget
execution, from sources such as appropriation legislation. (The auditor
may coordinate the following tests for compliance with the
Antideficiency Act with tests of the Statement of Budgetary Resources
and with tests of expenses.); Done by/date: [Empty]; Doc ref: [Empty].
Audit Procedures: 2. As discussed in FAM 460.03, the auditor should
determine whether the summarized budget information (obligations and
expenditures) used for compliance tests are reasonably accurate and
complete. The auditor may obtain assurance through effective controls
the auditor tests (usually the budget controls) or, if the controls are
not effective, through substantive testing of budget amounts for
validity, completeness, cutoff, recording, classification, and
summarization as described in FAM 495 B. For the accounts listed in
step 1, document if the auditor will obtain this assurance by testing
controls (as indicated on Form 803 - Compliance Summary) or if
substantive tests of the budget information are necessary. If the
auditor determines that controls are not effective in meeting some or
all of the budget control objectives listed in FAM 395 F, the auditor
should perform substantive tests of the budget amounts (obligations and
expenditures) as discussed in FAM 495 B. The auditor should perform
substantive tests only for those potential misstatements for which the
entity does not have effective budget controls; Done by/date: [Empty];
Doc ref: [Empty].
Audit Procedures: After the auditor is satisfied as to the
reasonableness of the budget amounts to be used for the compliance
tests, perform the compliance tests in steps 3 and 4; Done by/date:
[Empty]; Doc ref: [Empty].
Audit Procedures: 3. Compare the actual amounts of recorded obligations
and expenditures with the related appropriation or other budget
authority listed in step 1. If the entity does not appear to have
complied with the provision, perform step 6. (31 U.S.C. 1341(a)(1)(A) ;
Done by/date: [Empty]; Doc ref: [Empty].
Audit Procedures: 4. Compare timing of legal obligations (contractual
or otherwise) with available appropriation or other budget authority
listed in step 1. If the entity does not appear to have complied with
the provision, perform step 6 (31 U.S.C. 1341(a)(1)(B); Done by/date:
[Empty];
Doc ref: [Empty].
Audit Procedures: 5. Determine the entity’s legally binding level of
budget authority (below the appropriation level) that was identified
during the planning phase. This level is usually the apportionment
level unless the entity has elected a lower level, such as allotments.
Compare the amount of actual obligations and expenditures to the
legally binding level of restrictions on budget authority identified
for compliance testing (the apportionment or allotment level). If the
entity does not appear to have complied with the provision, perform
step 6. (31 U.S.C. 1517(a)); Done by/date: [Empty]; Doc ref: [Empty].
Audit Procedures: 6. If the entity does not appear to be in compliance
based on the results of tests performed, discuss these matters with OGC
and, when appropriate, the Special Investigator Unit to conclude if
noncompliance actually has occurred and the implications of such
noncompliance. For any noncompliance noted:
* identify the weakness in controls that allowed the noncompliance to
occur, if not previously identified during control testing;
* report the nature of any weakness in controls and consider
modification of the opinion on internal control as appropriate (see FAM
580.32-.61);
* consider the implications of any instances of noncompliance on the
financial statements; and
* report instances of noncompliance, as appropriate (see FAM 580.67-
.75.); Done by/date: [Empty];
Doc ref: [Empty].
Audit Procedures: 7. Contact the entity office responsible for
submitting Antideficiency Act (ADA) violations to the President,
Congress, and GAO and:
* Obtain a listing of violations for the year under audit.
* Inquire if all known violations have been included on the list and
reported.
* For each ADA violation determine if it was reported to the President,
the Congress, and GAO; Done by/date: [Empty]; Doc ref: [Empty].
Audit Procedures: 8. Check GAO’S ADA reporting website:
http:/www.gap.gov/ada/antideficiencyrpts.htm to identify and obtain
background about ADA violations reported by the entity and compare
audit evidence with what the entity reported in ADA violation reports.
There may be time lags as to when violations are reported, particularly
at year end; Done by/date: [Empty]; Doc ref: [Empty].
Audit Procedures: 9. Document conclusions on compliance with each
provision on Form 803 - Compliance Summary; Done by/date: [Empty]; Doc
ref: [Empty].
Note 1: Entities are required to establish regulations that provide for
a system of administrative controls over their execution of budget
authority (31 U.S.C. 1514(a)). As discussed in FAM 250.03, the entity
may elect to lower the level at which budget limitations are legally
binding in these regulations. For example, the entity may elect to
reduce the legally binding limit on the obligation and expenditure of
budget funds from the apportionment to the allotment level. The auditor
should determine the level at which the entity’s legally binding limit
has been established.
Note 2: The auditor should consider the results of the evaluation and
testing of budget controls (FAM 370.11). These controls relate to the
execution of budget authority and usually are the same controls that
are used to comply with the Antideficiency Act. Accordingly, additional
determinations of controls that achieve the compliance objective
generally is not necessary if the auditor has assessed whether the
entity achieves all of the budget control objectives listed in FAM 395
F. The auditor should reference this compliance summary to the budget
control evaluation and testing and perform any additional procedures
determined to be necessary to conclude if compliance controls are
effective.
808 - Federal Credit Reform Act of 1990:
Table:
[See PDF for image]
[End of figure]
Note: The auditor may complete these procedures or prepare equivalent
documentation only if provisions of the Federal Credit Reform Act
(FCRA) are significant as indicated on Form 802 - General Compliance
Checklist. These procedures test compliance with the provisions listed
on the Compliance Summary. OMB guidance on FCRA programs is included in
OMB Circular No. A-11, part 5, Federal Credit.
Name of entity:
Audit period:
Reviewed by:
Audit Procedures: 1. List the appropriations or other budget authority
and the related budget accounts that were identified for compliance
testing on Form 802 - General Compliance Checklist at FAM 802-4; Done
by/date: [Empty]; Doc Ref: [Empty].
Audit Procedures: 2. As discussed in FAM 460.03, the auditor should
determine whether summarized budget information (obligations and
expenditures) used for compliance tests is reasonably accurate and
complete. The auditor may obtain assurance through effective controls
the auditor tests (usually the budget controls) or, if the controls are
not effective, through substantive testing of budget amounts for
validity, completeness, cutoff, recording, classification, and
summarization as described in FAM 495 B. For the accounts listed in
step 1, document if the auditor will obtain assurance by testing
controls (as indicated on Form 808 - Compliance Summary) or whether
substantive tests of the budget information are necessary. If the
auditor determines that controls are not effective in meeting some or
all of the budget control objectives listed in FAM 395 F, plus the
supplemental objectives for FCRA listed in FAM 395 F Sup, the auditor
should perform substantive tests of the budget amounts (obligations and
expenditures) as discussed in FAM 495 B. The auditor should perform
substantive tests only for those potential misstatements for which the
entity does not have effective budget controls. After the auditor is
satisfied as to the reasonableness of the budget amounts to be used for
the compliance tests, perform the compliance tests in steps 3 and 4;
Done by/date: [Empty]; Doc Ref: [Empty].
Audit Procedures: 3. For each appropriation account or other budget
authority listed in step 1, perform the following procedures that are
applicable for direct and guaranteed loan programs that have a positive
subsidy (i.e., cash outflows exceed cash inflows); (for direct and
guaranteed loan programs that have a negative subsidy (i.e., cash
inflows exceed cash outflows), perform step 4): (a) Compare the amount
of obligations for direct loans to the amount of the available
appropriation or other budget authority. (Note: This budget restriction
is applicable only to obligations for direct loans made on or after
October 1, 1991.); Done by/date: [Empty]; Doc Ref: [Empty].
Audit Procedures: 3. (b) Compare the amount of obligations for
modifications of direct loan obligations or outstanding direct loans to
the amount of available budget authority. (Note: The sale of a direct
loan is considered a modification. Discuss applicability of this budget
restriction to direct loans and direct loan obligations that were
outstanding prior to October 1, 1991, with OGC prior to performing
compliance test.); Done by/date: [Empty]; Doc Ref: [Empty].
Audit Procedures: 3. (c) Compare the amount of obligations for loan
guarantee commitments to the amount of the available appropriation or
other budget authority. (Note: This budget restriction is only
applicable to obligations for loan guarantee commitments made on or
after October 1, 1991.); Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 3. (d) Compare the amount of obligations for
modifications of loan guarantee commitments or outstanding loan
guarantees to the amount of available budget authority. (Note: Discuss
applicability of this budget restriction to loan guarantees and loan
guarantee commitments that were outstanding prior to October 1, 1991,
with OGC prior to performing compliance test.) (2 U.S.C. 661c(b) and
(e)) If the amounts of obligations in any of these comparisons exceed
the available budget authority, the entity may not be in compliance.
Perform step 5; Done by/date: [Empty]; Doc Ref: [Empty].
Audit Procedures: 4. Direct and guaranteed loan programs that have a
negative subsidy (cash inflows exceed cash outflows) do not receive an
appropriation. However, such programs often have a loan limit that
cannot be exceeded, i.e., a maximum number of loans that can be made or
guaranteed. For these programs, compare the total number and dollar
volume of loans made to the loan limit in the applicable appropriations
act or other law. Perform step 5; Done by/date: [Empty]; Doc Ref:
[Empty].
Audit Procedures: 5. If the entity does not appear to be in compliance
based on the results of tests performed, the auditor should discuss
these matters with OGC and, when appropriate, the Special Investigator
Unit to conclude if noncompliance actually has occurred and the
implications of such noncompliance. For any noncompliance noted, the
auditor should
* identify the weakness in controls that allowed the noncompliance to
occur, if not previously identified during control testing;
* report the nature of any weakness in controls and consider
modification of the report on internal control as appropriate (see FAM
580.32-.61);
* consider the implications of any instances of noncompliance on the
financial statements; and
* report instances of noncompliance, as appropriate (see FAM 580.67-
.75); Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 6. Document conclusions on compliance with each
provision on Form 808 - Compliance Summary; Done by/date: [Empty]; Doc
Ref: [Empty].
Note 1: A direct loan is a disbursement of funds by the government to a
non-federal borrower under a contract that requires the repayment of
such funds with or without interest. The term also includes the
purchase of, or participation in, a loan made by another lender. The
term does not include the acquisition of a federally guaranteed loan in
satisfaction of default claims or the price support loans of the
Commodity Credit Corporation. (2 U.S.C. 661a(1));
Note 2: A direct loan obligation is a binding agreement by a federal
agency to make a direct loan when specified conditions are fulfilled by
the borrower. (2 U.S.C. 661a(2));
Note 3: A loan guarantee is any guarantee, insurance, or other pledge
with respect to the payment of all or a part of the principal or
interest on any debt obligation of a nonfederal borrower to a
nonfederal lender, but does not include the insurance of deposits,
shares, or other withdrawable accounts in financial institutions. (2
U.S.C. 661a(3));
Note 4: A loan guarantee commitment is a binding agreement by a federal
agency to make a loan guarantee when specified conditions are fulfilled
by the borrower, the lender, or any other party to the guarantee
agreement. (2 U.S.C. 661a(4));
Note 5: Appropriations or other budget authority to cover the cost of
budget obligations for direct loan obligations and loan guarantee
commitments must be made in advance by Congress. For revolving or other
funds that otherwise would be available for these budget obligations,
Congress must enact a limit on the use of such funds for these purposes
to make them available for use. (2 U.S.C. 661c(b));
Note 6: Costs are defined as the estimated long-term cost to the
government of a direct loan, loan guarantee or modification, calculated
on a net present value basis, excluding administrative costs and any
incidental effects on governmental receipts or outlays. These
calculations are described in further detail under the valuation
control objective for obligations in FAM 395 F. (2 U.S.C. 661a(5));
Note 7: There is an exemption from this requirement for entitlements
(mandatory programs such as the guaranteed student loan program and the
VA home loan guaranty program) and credit programs of the Commodity
Credit Corporation existing on the date of enactment of FCRA (November
5, 1990). (2 U.S.C. 661c(c));
Note 8: Modifications are government actions that alter the estimated
net present value of a direct loan or loan guarantee for which an
obligation has been recorded, for example, the sale of a direct loan,
per SFFAS No. 2, paragraph 53, or a policy change affecting the
repayment period or interest rate for a group of existing loans.
(Changes within the terms of existing contracts or through other
existing authorities are not considered to be modifications. Also,
“work outs” of individual loans, such as a change in the amount or
timing of payments to be made, are not considered modifications.) The
effects of these changes should be included in the annual reestimates
of the estimated net present value of the obligations. Permanent
indefinite authority is provided by FCRA for these reestimates.
Note 9: Discuss applicability of this budget restriction to direct
loans, direct loan obligations, loan guarantees, or loan guarantee
commitments that were outstanding prior to October 1, 1991, with OGC
prior to performing control or compliance tests.
Note 10: The auditor should determine the results of the evaluation and
testing of budget controls and testing of the Statement of Budgetary
Resources. These controls relate to the execution of budget authority
and usually are the same controls that are used to comply with the
Antideficiency Act and FCRA. Accordingly, additional consideration of
controls that achieve the compliance objective generally is not
necessary if the auditor has assessed whether the entity achieves all
of the budget control objectives listed in FAM 395 F, including the
supplemental control objectives for FCRA. The auditor should reference
to the budget control evaluation and testing and perform any additional
procedures considered necessary to conclude if compliance controls are
effective.
809 - Provisions Governing Claims of the U.S. Government (31 U.S.C.
3711-3720E), Including the Debt Collection Improvement Act of 1996
(DCIA):
Note: The auditor may complete this compliance summary or prepare
equivalent documentation only if provisions governing claims of the
U.S. government, as provided primarily in sections 3711-3720E of Title
31, U.S. Code (including provisions of the Debt Collection Improvement
Act of 1996) are significant, as indicated on Form 802 - General
Compliance Checklist at FAM 802-5.
Table:
[See PDF for image]
[End of table]
Note: The auditor may perform these procedures or prepare equivalent
documentation only if provisions governing claims of the United States
government as provided primarily in sections 3711-3720E of Title 31,
U.S. Code (including provisions of the Debt Collection Act of 1996) are
significant, as indicated on Form 802 - General Compliance Checklist at
FAM 802-5. These procedures test compliance with the provisions listed
on the Compliance Summary.
Name of entity:
Audit period:
Reviewed by:
Audit Procedures: 1. Based on the preliminary assessment of compliance
control effectiveness (as documented on Form 809 -Compliance Summary),
select a sample of amounts owedto the entity during or at the end of
the audit period. (Thesample size will vary based on the expected
effectiveness of compliance controls, as discussed in FAM 460.02).
Document the sampling approach using the documentation in FAM 495 E.
See note 8 regarding sampling efficiencies and completeness of the
sample population. Sample size: Sample selection method;
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 2. For each item selected in step 1 obtain the loan
file or other supporting documentation and note the following
information as of the date selected for testing
* due date of debt;
* amount owed;
* date the notice of the amount due and the interest policies is first
mailed to the debtor;
* amount of interest accrued and other administrative charges and
penalties charged, if any; and
* number of days the debt is past due, if any. Perform step 3 if the
debt is past due. Perform step 4 if the debt is not past due; Done
by/date: [Empty]; Doc Ref: [Empty].
Audit Procedures: 3. If the amount selected is past due: (a) Calculate
the number of days that interest should be accrued on the debt as of
the date selected for testing. Interest generally accrues from the date
that the notice of the amount due is first mailed to the debtor. (See
note 1.) Compare the auditor’s calculation with the calculation
performed by the entity and obtain explanation and examine support for
any differences. (31 U.S.C. 3717(b)); Done by/date: [Empty]; Doc Ref:
[Empty].
Audit Procedures: 3. (b) Determine the interest rate that should be
used to accrue interest on the debt. The rate is published in the
Federal Register and should be the rate that was in effect on the date
that the notice of the amount due is first mailed to the debtor.
Compare the auditor’s determination of the rate to the rate used by the
entity and obtain explanation and examine support for any differences.
(31 U.S.C. 3717(a) and (c)); Done by/date: [Empty]; Doc Ref: [Empty].
Audit Procedures: 3. (c) Calculate the amount of interest that should
be owed as of the date selected for testing using the number of days
tested in (a) and the interest rate tested in (b). Compare the
auditor’s calculation to the amount calculated by the entity and obtain
explanation and examine support for any differences. See notes 2 and 3
regarding the waiver of interest; Done by/date: [Empty]; Doc Ref:
[Empty].
Audit Procedures: 3. (d) Obtain the entity’s schedule of administrative
charges and late payment penalties and determine if the appropriate
amounts were charged to the debtor. See note 3 regarding the waiver of
these charges. (31 U.S.C. 3717(e) and (f)); Done by/date: [Empty]; Doc
Ref: [Empty].
Audit Procedures: 4. If the debt is not past due, determine through
examination of the entity’s records whether (a) interest,
administrative charges, or penalties are not being charged; and: (b)
the debtor had no outstanding nontax delinquent federal debt at the
time the loan was obtained. (31 U.S.C. 3720B); Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 5. The objectives listed below relate to procedural-
based provisions. As discussed in FAM 460.06, the auditor usually
performs sufficient procedures in conjunction with tests of compliance
controls for these proceduralbased provisions to conclude on the
entity’s compliance without performing additional procedures. The
auditor should not perform additional procedures to obtain evidence
regarding compliance with the provisions related to the following
objectives unless sufficient evidence regarding compliance was not
obtained during compliance control tests documented on Form 809 -
Compliance Summary. (a) Claims of more than $100,000 (excluding
interest, penalties, and administrative costs) are referred to the
Justice Department for compromise, termination, or suspension. See note
4. (31 U.S.C. 3711) (b) Claims delinquent for a period of 180 days have
been referred to Treasury for collection. See notes 5, 6, and 7. (31
U.S.C. 3711(g)); Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 6. If the entity does not appear to be in compliance
based on: the results of tests performed, the auditor should discuss
these matters with OGC and, when appropriate, the Special Investigator
Unit to conclude if noncompliance actually has occurred and the
implications of such noncompliance. For any noncompliance noted, the
auditor should:
* identify the weakness in compliance controls that allowed the
noncompliance to occur, if not previously identified during compliance
control testing;
* report the nature of any weakness in compliance controls and consider
modification of the conclusion on internal control as appropriate (see
FAM 580.32- .61);
* consider the implications of any instances of noncompliance on the
financial statements; and:
* report instances of noncompliance, as appropriate (see FAM 580.67-
.75); Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 7. Document conclusions on compliance with each
provision on Form 809 - Compliance Summary; Done by/date: [Empty]; Doc
Ref: [Empty].
Note 1: Claims are amounts owed to the government, including amounts
owed for loans insured or guaranteed by the government. The term
“claim” is used interchangeably with the term “debt” in this law. (31
U.S.C. 3701(b)) Interest normally accrues from the date that notice of
the debt and the agency’s interest policies is first mailed to the
debtor. If the agency sends a bill to the debtor in advance of the due
date and that bill states the interest policies, interest would accrue
from the due date specified in the bill. The provisions regarding
accrual of interest and other charges do not apply to the extent that a
statute, related regulation, loan agreement, or contract provides
otherwise, or if a claim is under a contract executed befre October 25,
1982, that is in effect on October 25, 1982. (31 U.S.C. 3717(g))
Accrual of interest and penalties under this law does not apply to
amounts owed by other agencies of the federal government, or to amounts
payable to the entity under the Internal Revenue Code, the Social
Security Act, or tariff laws. (31 U.S.C. 3701 (c) and (d));
Note 2: The entity shall waive the collection of interest on a claim
(or any portion of the claim) that is paid within 30 days after the
date on which interest began to accrue. The agency may extend this 30-
day period. (31 U.S.C. 3717(d)) Interest that is either accrued or
collected on claims that are paid within the 30-day period would
usually not be material or otherwise significant for purposes of
compliance testing. If the auditor considers this provision to be
significant for compliance testing, this form should be tailored to
include the appropriate testing procedures.
Note 3: The entity has the authority to waive the collection of
interest, penalties, and administrative charges. The entity should
follow its own regulations when determining whether a waiver is
appropriate. Such regulations should be in conformity with the
standards set jointly by the Comptroller General, the Attorney General,
and the Secretary of the Treasury described in 31 C.F.R. 901.9. (31
U.S.C. 3717(h)) The entity may increase an administrative claim (debt
not based on an extension of government credit through direct loans,
guarantees, or insurance, including fines, penalties, and overpayments)
annually by the cost of living adjustment in lieu of charging interest
and penalties. (31 U.S.C. 3717(i));
Note 4: Compromise is the term used when an amount less than the total
amount of the claim is accepted by the entity as payment in full.
Suspension refers to the temporary deferral of collection activities
until collection activity is expected to be more successful.
Termination refers to stopping of collection activities. Only the
Justice Department has the authority to compromise, terminate, or
suspend collection on claims that are greater than $100,000 (excluding
interest, penalties, and administrative charges). Pursuant to 31 C.F.R.
Parts 902.1 and 903.1, entities generally should use a Claims
Collection Litigation Report (CCLR) to refer such matters to the
Justice Department.
Note 5: Exceptions to the requirement to transfer nontax debt
delinquent for a period of 180 days to Treasury for collection are (a)
a debt or claim that: (1) is in litigation or foreclosure; (2) will be
disposed of under an asset sales program within 1 year after becoming
eligible for sale, or later than 1 year if consistent with an asset
sales program and a schedule established by the entity and approved by
OMB; (3) has been referred to a private collection contractor for
collection for a period determined by Treasury; (4) has been referred
by, or with the consent of, Treasury to a debt collection center for a
period determined by Treasury; or: (5) will be collected under internal
offset, if such offset is sufficient to collect the claim within 3
years after the date the debt or claim is first delinquent; and: (b) to
any other specific class of debt or claim, as determined by Treasury at
the request of an entity. (31 U.S.C. 3711(g)(2)) Examples include (1)
debts in bankruptcy meeting the criteria for an automatic stay (11
U.S.C. 362), (2) foreign debt considered uncollectable by Treasury due
to foreign diplomacy considerations and affairs of state, (3) debts in
forbearance or appeals.
Note 6: Exceptions to the requirement to notify Treasury of nontax debt
delinquent over 180 days for administrative offset are a claim that has
been outstanding for more than 10 years or when a statute explicitly
prohibits using administrative offset or setoff to collect the type of
claim involved. (31 U.S.C. 3716(e)) Also, this section does not
prohibit the use of any other administrative offset authority existing.
(31 U.S.C. 3716(d)) Prior to referring debts to Treasury, an agency
shall inform the debtor of the amount and nature of the debt (such as
overpayment, etc.), and actions which may be taken to enforce recovery
of a delinquent debt. These include (a) offset of any payments which
the debtor is due, including tax refunds, and salary; (b) referral of
the debt to a private collection agency; (c) referral of the debt to
the Department of Justice or agency counsel for litigation; (d)
reporting of the debt to a credit bureau; (e) reporting of the debt, if
discharged, to IRS as a potential taxable income. In the future, the
agency also will need to inform the debtor that the debt may be subject
to administrative wage garnishment, his/her identity may be published
or publicly disseminated, and/or the debt may be sold. The notice must
tell the debtor that he/she has the opportunity (a) to inspect and copy
records relating to the debt, (b) for a review by the agency; and: (c)
to enter into a written repayment agreement.
Note 7: Before an entity refers past-due debt to Treasury for reduction
of tax refund, it must: (a) notify the person incurring such debt that
the entity proposes to refer to Treasury for tax refund offset, (b)
give such person at least 60 days to present evidence that all or part
of the debt is not past due or not legally enforceable, (c) consider
any evidence presented by such person and determine that an amount of
such debt is past due and legally enforceable, (d) satisfy such other
conditions Treasury may prescribe to ensure the above determination is
valid and that the entity has made reasonable efforts to obtain
payment, and: (e) certify that reasonable efforts have been made by the
entity to obtain payment. (31 U.S.C. 3720A(b)) Treasury issues
regulations prescribing the times at which entities shall submit
notices of past-due legally enforceable debts, the manner of submitting
them, and the information to be contained in them. The regulations also
specify the minimum amount of debt that may be referred for tax refund
offset and the fee the entity shall pay to reimburse Treasury for its
costs.
Note 8: If the auditor uses multipurpose testing for the compliance
test and/or compliance control test and/or a substantive test of
accounts or loans receivable details, the sample items for the
compliance test and/or compliance control test should be selected using
the sampling method used for the substantive test as described in FAM
430. Otherwise, the auditor should select items using attribute
sampling as discussed in FAM 460.02. As with all sampling applications,
the auditor should determine the completeness of the test population.
For efficiency, the auditor should use records that were tested for
validity, accuracy, and completeness (as well as the other financial
statement assertions) in conjunction with substantive tests of the
population.
810 - Prompt Payment Act:
Note: The auditor may complete this compliance summary or prepare
equivalent documentation only if provisions of the Prompt Payment Act
are significant as indicated on Form 802 - General Compliance Checklist
at FAM 802-7. OMB guidance on the Prompt Payment Act is included in 5
C.F.R. Part 1315.
Table:
[See PDF for image]
[End of figure]
Note: The auditor may complete this program or prepare equivalent
documentation only if provisions of the Prompt Payment Act are
significant as indicated on Form 802 - General Compliance Checklist at
FAM 802-7. These procedures test compliance with the provisions listed
on the Compliance Summary. OMB Guidance on the Prompt Payment Act is
included in 5 C.F.R. Part 1315.
Name of entity:
Audit period:
Reviewed by:
Audit Procedures: 1) Based on the preliminary assessment of compliance
control effectiveness (as documented on Form 810 - Compliance Summary),
select a sample of payments from throughout the audit period. (The
sample size will vary based on the expected effectiveness of compliance
controls as discussed in FAM 460.02.) Document the sampling approach
using the documentation in FAM 495 E. See note 6 regarding sampling
efficiencies and completeness of the population. Sample size: Sample
selection method;
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 2) For each item selected in step 1, obtain the
supporting documentation for the payment such as the invoice voucher
package. a) Document the following items in the documentation:
* invoice number;
* payee;
* invoice amount;
* invoice date;
* invoice receipt date (or other date used for determining compliance
with this law - see step 2(b));
* payment date;
* amount of interest penalty paid, if any;
* amount of discount taken, if any; and
* appropriation account(s) charged for the expenditure and interest
penalty, if any. b) For each item selected, note whether the payment
was made by the required due date. The required due date may be the
date specified in the contract or, if a date is not specified, 30 days
after receipt of the invoice (31 U.S.C. 3903(a)(1)(A) and (B)). If
payment is for meat or meat food products, perishable agricultural
products, dairy products or construction contracts, consult with OGC to
determine payment due date. Specific payment due dates to avoid
interest penalties are established by law for these items. (31 U.S.C.
3903(a)(2), (3), (4), and (6)) The invoice receipt date is the later of
(1) the date the entity’s designated representative or office actually
receives a proper invoice or (2) the 7th day after the date on which,
in accordance with the terms and conditions of the contract, the
property is actually delivered or performance of the services is
actually completed (unless the entity accepted the property or services
before the 7th day or a longer acceptance period is specified in the
contract). If the date of actual invoice receipt is not indicated, the
entity must use the invoice date. (31 U.S.C. 3901(a)(4)(A) and (B)) If
the payment was made on or prior to the payment due date, perform step
3. If the payment was made after the payment due date, perform step 4.
If a discount was taken, perform step 5; Done by/date: [Empty]; Doc
Ref: [Empty].
Audit Procedures: 3) If the payment was made on or prior to the payment
due date, and no discount was taken, determine that no interest penalty
was paid. (Note: If the entity did not take advantage of a discount for
which it was eligible or if an interest penalty was paid when it was
not owed, the auditor generally should determine the cause of these
items for purposes of reporting findings.); Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 4) If the payment was made after the payment due
date, determine whether a) an interest penalty was paid; b) the amount
of the interest penalty was properly calculated; and c) the interest
penalty was paid out of the appropriation used to pay the related
expenditures. Review the accounting codes indicated on the expense
voucher. Determine whether the accounting codes used to record the
interest penalty are the same as those used for the related expenditure
and whether the codes and amounts agree with those recorded in the
budgetary accounting records. (See step 6 regarding proper
summarization of amounts.) (31 U.S.C. 3902 (a), (b), and (f).)
Investigate any differences between the amount of interest penalty
calculated by the auditor and the amount paid by the entity, including
any instances when an interest penalty was owed but not paid. See note
5. Investigate any instances when the proper appropriation account was
not charged. See note 2 regarding the interest rate to be used. See
notes 3 and 4 regarding the period the penalty should cover; Done
by/date: [Empty]; Doc Ref: [Empty].
Audit Procedures: 4) If the payment was made after the payment due
date, determine whether a) an interest penalty was paid; b) the amount
of the interest penalty was properly calculated; and c) the interest
penalty was paid out of the appropriation used to pay the related
expenditures. Review the accounting codes indicated on the expense
voucher. Determine whether the accounting codes used to record the
interest penalty are the same as those used for the related expenditure
and whether the codes and amounts agree with those recorded in the
budgetary accounting records. (See step 6 regarding proper
summarization of amounts.) (31 U.S.C. 3902 (a), (b), and (f).)
Investigate any differences between the amount of interest penalty
calculated by the auditor and the amount paid by the entity, including
any instances when an interest penalty was owed but not paid. See note
5. Investigate any instances when the proper appropriation account was
not charged. See note 2 regarding the interest rate to be used. See
notes 3 and 4 regarding the period the penalty should cover; Done
by/date: [Empty]; Doc Ref: [Empty].
Audit Procedures: 6) Consider the procedures performed on the entity’s
budget controls over summarization of expenditure balances as discussed
in FAM 395 F. If the auditor has assessed the entity’s controls as
effective in achieving the control objective of summarization of
expenditure balances, further procedures are not necessary to obtain
assurance as to whether interest penalties are paid out of the proper
appropriation account. If the auditor has assessed the controls as
ineffective, the auditor should perform procedures to determine if the
entity has properly summarized the expenditure balances as described in
FAM 495 B; Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 7) If the entity does not appear to be in compliance
based on the results of tests performed, the auditor should discuss
these matters with OGC and, when appropriate, the Special Investigator
Unit to conclude if noncompliance actually has occurred and the
implications of such noncompliance. For any noncompliance noted, the
auditor should:
* identify the weakness in compliance controls that allowed the
noncompliance to occur, if not previously identified during compliance
control testing;
* report the nature of any weakness in compliance controls and consider
modification of the opinion on internal control as appropriate (see FAM
580.32-.61);
* consider the implications of any instances of noncompliance on the
financial statements; and
* report instances of noncompliance, as appropriate (see FAM 580.67-
.75); Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 8) Document conclusions on compliance with each
provision on Form 810 - Compliance Summary; Done by/date: [Empty]; Doc
Ref: [Empty].
Audit Procedures: 8) Document conclusions on compliance with each
provision on Form 810 - Compliance Summary; Done by/date: [Empty]; Doc
Ref: [Empty].
Note 1: The required due date is generally the date specified in the
contract or, if a date is not specified, 30 days after receipt of the
invoice (31 U.S.C. 3903(a) (1) (A) and (B)) If payment is for meat or
meat food products, perishable agricultural products, dairy products or
construction contracts, consult with OGC to determine payment due date.
Specific payment due dates to avoid interest penalties are established
by law for these items. (31 U.S.C. 3903(a) (2), (3), (4), and (6)) The
invoice receipt date is established as the later of (1) the date the
entity’s designated representative or office actually receives a proper
invoice or (2) the 7th day after the date on which, in accordance with
the terms and conditions of the contract, the property is actually
delivered or performance of the services is actually completed, unless
the entity accepted the property or services before the 7th day or a
longer acceptance date is specified in the contract. If the date of
actual invoice receipt is not indicated, the entity must use the
invoice date. (31 U.S.C. 3901(a) (4) (A) and (B))
Note 2: Interest shall be calculated at the rate set by the Secretary
of the Treasury under section 12 of the Contract Disputes Act of 1978
(41 U.S.C. 611) that is in effect at the time the entity accrues the
obligation to pay a late payment interest penalty. The rates are
published in the Federal Register. (31 U.S.C. 3902(a))
Note 3: The interest penalty shall be paid for the period beginning on
the day after the required payment date and ending on the date on which
payment is made. (31 U.S.C. 3902(b)) An interest penalty not paid after
any 30-day period shall be added to the principal amount of the debt,
and a penalty accrues thereafter on the combined amount of principal
and interest. (31 U.S.C. 3902(e))
Note 4: A payment is deemed to be made on the date a check for payment
is dated or an electronic transfer is made.(31 U.S.C. 3901(a) (5))
Note 5: The temporary unavailability of funds to make a timely payment
due for property or services does not relieve the entity head of the
obligation to pay interest penalties under this law. (31 U.S.C.
3902(d))
Note 6: If the auditor uses multipurpose testing for the complianceest
and/or compliance control test and/or a substantive test of payments
details, the sample items for the compliance test and/or compliance
control test should be selected using the sampling method used for the
substantive test as described in FAM 430. Otherwise, the auditor should
select items using attribute sampling as discussed in FAM 460.02.
As with all sampling applications, the auditor should consider the
completeness of the test population. For efficiency, the auditor should
consider using records that were tested for validity, accuracy, and
completeness (as well as the other financial statement assertions) in
conjunction with substantive tests of the population.
Note: The auditor may complete these procedures or prepare equivalent
documentation only if provisions of the Pay and Allowance System for
Civilian Employees, as provided primarily in Chapters 51-59 of Title 5,
U.S. Code, are significant as indicated on Form 802 - General
Compliance Checklist at FAM 802-8. These procedures test compliance
with the provisions listed on the Compliance Summary.
Name of entity:
Audit period:
Reviewed by:
Note: These tests are closely related to procedures performed for
substantive tests of payroll expense details and multipurpose testing
in this situation is strongly encouraged.
Audit Procedures: 1) Based on the preliminary assessment of compliance
control effectiveness (as documented on Form 812 -Compliance Summary),
select an appropriate sample of disbursements from the payroll records
throughout the audit period. (The sample size will vary based on the
expected effectiveness of compliance controls as discussed in FAM
460.02). Document the sampling approach using the documentation in FAM
495 E. See note 2 regarding sampling efficiencies and completeness of
the population. Sample size: Sample selection method;
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 2) For each item selected in 1, note the following
information:
* employee name;
* pay period (number and dates);
* amount of gross pay for the period;
* pay rate;
* total hours worked; and
* number of hours worked at regular pay and other pay (i.e., overtime,
premium pay, etc.); Done by/date: [Empty]; Doc Ref: [Empty].
Audit Procedures: 3) For each item selected in 1, obtain the employee’s
personnel file and note the following in effect for the pay period
selected:
* the employee’s grade and step and
* the employee’s pay rate;
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 4) For each item selected in 1 a) Calculate the
amount of gross pay using the hours worked and the employee’s pay rate
indicated on the payroll records. Compare the amount of gross pay
calculated by the auditor to the amount shown on the payroll records
for the selected pay period and obtain explanation and examine support
for any differences. Note: To convert basic annual amount to a daily,
weekly or biweekly amount, divide the annual rate by 2,087 for an
hourly rate. Multiply the hourly rate by number of either daily hours,
40 for weekly, or 80 for biweekly amounts. (5 U.S.C. 5504) b) Compare
the employee’s pay rate in the payroll records to the appropriate pay
rate for the employee’s approved grade and step on the pay schedules
established by executive order. (Use the approved grade and step
indicated in the employee’s personnel records for this test.) Obtain
explanation and examine support for any differences between the actual
pay rate for the period selected and the authorized amounts. (5 U.S.C.
5332, 5343, and 5383) If the employee’s pay is not set by these pay
schedules, determine whether the amount paid is properly authorized;
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 5) If the entity does not appear to be in compliance
based on the results of tests performed, the auditor should discuss
these matters with OGC and, when appropriate, the Special Investigator
Unit to conclude if noncompliance actually has occurred and the
implications of such noncompliance. For any noncompliance noted, the
auditor should:
* identify the weakness in compliance controls that allowed the
noncompliance to occur, if not previously identified during compliance
control testing;
* report the nature of any weakness in compliance controls and consider
modification of the opinion on internal control as appropriate (see FAM
580.32-.61);
* consider the implications of any instances of noncompliance on the
financial statements; and:
* report instances of noncompliance, as appropriate (see FAM 580.67-
.75); Done by/date: [Empty]; Doc Ref: [Empty].
Audit Procedures: 6) Document conclusions on compliance with each
provision on Form 812 - Compliance Summary; Done by/date: [Empty]; Doc
Ref: [Empty].
Audit Procedures: 6) Document conclusions on compliance with each
provision on Form 812 - Compliance Summary; Done by/date: [Empty]; Doc
Ref: [Empty].
Note 1: To convert basic annual amount to a daily, weekly, or biweekly
amount, divide the annual rate by 2,087 for an hourly rate. Multiply
the hourly rate by number of either daily hours, or 40 hours for
weekly, or 80 hours for biweekly amounts. (5 U.S.C. 5504);
Note 2: If the auditor uses multipurpose testing for the compliance
test and/or compliance control test and a substantive test of payroll
expense details, the sample items for the compliance test and/or
compliance control test should be selected using the sampling method
used for the substantive test. Otherwise, the auditor should select
items using attribute sampling, as discussed in FAM 460.02. As with all
sampling applications, the auditor should consider the completeness of
the population. For efficiency, the auditor should consider using
records that were tested for validity and completeness (as well as the
other financial statement assertions) in conjunction with substantive
tests of payroll or other payroll related compliance tests.
Note 3: If the entity outsources payroll processing, the entity remains
responsible for compliance. Dividing responsibility for payroll
processing activities between the entity and the service organization
could make payroll testing more complicated, although the auditor
should perform the same testing. The auditor may accomplish this
testing with the assistance of the service organization’s auditor, who
may issue an internal control report on the service organization under
AU 324 (SAS 70). Another approach may be for the service organization’s
auditor to assist the entity’s auditor by performing agreed-upon
procedures at the service organization (e.g., substantive testing)
under AT 201 (see FAM 660).
813 - Civil Service Retirement Act, 5 U.S.C. Chapter 83 Note: The
auditor may complete this compliance summary or prepare equivalent
documentation only if provisions of the Civil Service Retirement Act
are significant as indicated on Form 802 - General Compliance Checklist
at FAM 802-9.
Table:
[See PDF for image]
[End of table]
Name of entity:
Audit period:
Reviewed by:
Audit Procedures: 1. Based on the preliminary assessment of compliance
control effectiveness (as documented on Form 813 - Compliance Summary),
select a sample of expense amounts for individuals’ gross pay from the
payroll disbursement records for the audit period for employees covered
by the Civil Service Retirement Act system (CSRS). (See note 1.) (The
sample size will vary based on the expected effectiveness of compliance
controls, as discussed in FAM 460.02). Document the sampling approach
using the documentation in FAM 495 E. See note 3 regarding sampling
efficiencies and completeness of the population. These tests should be
coordinated with other tests of payroll-related expenses and with the
agreed-upon procedures agency auditors perform for the Office of
Personnel Management (OPM), per OMB audit guidance, if performed.
Sample size
Sample selection method;
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 2. For each selection made in 1, document the
following for the pay period selected:
* the amount withheld for the cost of retirement benefits;
* the amount of basic pay; and
* if indicated in the payroll disbursement records, document the
retirement plan under which the withholdings were made (CSRS or FERS).
(Only employees covered by CSRS should be included in this compliance
test. See FAM 817 for the FERS compliance test.); Done by/date:
[Empty];
Doc Ref: [Empty].
Audit Procedures: 3. For each item selected in 1, obtain the employee’s
personnel file and note the following:
* employee hire date,
* amount of basic pay, and
* the retirement plan under which the employee is covered; Done
by/date: [Empty];
Doc Ref: [Empty].
4. For each selection made in 1
(a) Compare the amount of basic pay indicated in the employee’s
personnel file with the amount indicated in the payroll records and
obtain an explanation and examine support for any differences. (This
procedure would be performed only if not already performed with other
testing.) (b) Calculate the amount of the withholdings for retirement
costs based on 7 percent of basic pay for most executive branch
employees (see note 2 for percentages for other employees) for the
selected pay period and document the amount in the documentation.
Compare to the actual amount withheld for the selected pay period and
obtain an explanation and examine support for any differences. (5
U.S.C. 8334(a)(1)) (c) Determine whether the entity contributed an
equal amount for the employee’s retirement for the selected pay period.
Obtain explanation and examine support for any differences between the
employee and entity contributions. (5 U.S.C. 8334(a)(1)); Done by/date:
[Empty];
Doc Ref: [Empty].
5. Determine whether amounts contributed by the entity are charged to
the appropriation or fund used to pay the employee for the selected pay
period by performing the following procedures: (a) Review the
accounting codes indicated on the supporting documentation. (b)
Determine whether the accounting codes used to record the entity
contribution are the same as those used for the related payroll
expenditure and whether the codes and amounts agree with those recorded
in the budgetary accounting records. (This step assumes other payroll
testing would have included checking that the codes represent the
proper appropriation.) (c) Consider the procedures performed on the
entity’s budget controls over summarization of expenditure balances as
discussed in FAM 395 F. If the auditor has assessed the entity’s
controls as effective in achieving the control objective of
summarization of expenditure balances, further procedures are not
necessary to obtain assurance as to whether the entity’s contributions
are paid out of the proper appropriation account. If the auditor has
assessed the controls as ineffective, the auditor should perform
procedures to determine whether the entity has properly summarized the
expenditure balances as described in FAM 495 B. (5 U.S.C. 8334 (a)(1));
Done by/date: [Empty]; Doc Ref: [Empty].
6. Determine whether the entity has effective internal controls over
the proper summarization of (a) the amounts withheld from employees for
retirement costs under the law, and (b) the entity contributions for
remittance to Treasury. If the entity does not have effective controls
for summarization, test the summarization of the totals that include
the items selected for testing in step 1; Done by/date: [Empty]; Doc
Ref: [Empty].
7. Compare the combined totals of employee withholdings and entity
contributions that include each selection made in step 1 to the deposit
made to Treasury and the remittance sent to OPM and obtain an
explanation and examine support for any differences. The funds should
be deposited in the Treasury to the credit of the Civil Service
Retirement and Disability Fund. (5 U.S.C. 8334(a)(2)); Done by/date:
[Empty];
Doc Ref: [Empty].
8. If the entity does not appear to be in compliance based on the
results of tests performed, the auditor should discuss these matters
with OGC and, when appropriate, the Special Investigator Unit to
conclude if noncompliance actually has occurred and the implications of
such noncompliance. For any noncompliance noted, the auditor should
* identify the weakness in compliance controls that allowed the
noncompliance to occur, if not previously identified during compliance
control testing;
* report the nature of any weakness in compliance controls and consider
modification of the opinion on internal control as appropriate (see FAM
580.32- .61);
* consider the implications of any instances of noncompliance on the
financial statements; and
* report instances of noncompliance, as appropriate (see FAM 580.67-
.75); Done by/date: [Empty];
Doc Ref: [Empty].
9. Document conclusions on compliance with each provision on Form 813 -
Compliance Summary; Done by/date: [Empty]; Doc Ref: [Empty].
Note 1: Employees employed before January 1, 1984, are generally
covered by the Civil Service Retirement Act (CSRS) and on and after
that date by the Federal Employees’ Retirement System Act (FERS) ,
although some CSRS employees may have opted for coverage under FERS.
Note 2: The percentage to be withheld for the service period after
December 31, 2000, for (1) most executive branch employees is 7
percent; (2) Congressional employees, firefighters, and law enforcement
personnel is 7.5 percent; and (3) Members of Congress is 8 percent. (5
U.S.C. 8334(a)(1)) Note 3: If the auditor uses multipurpose testing for
the compliance test and/or compliance control test and a substantive
test of payroll expense details, the sample items for the compliance
test and/or compliance control test should be selected by the auditor
using the sampling method used for the substantive test. Otherwise, the
auditor should select items using attribute sampling, as discussed in
FAM 460.02.
As with all sampling applications, the auditor should consider the
completeness of the population. For efficiency, the auditor should
consider using records that were tested for validity and completeness
(as well as the other financial statement assertions) in conjunction
with substantive tests of payroll or other payroll related compliance
tests.
Note 4: If the entity outsources payroll processing, the entity remains
responsible for compliance. Dividing responsibility for payroll
processing activities between the entity and the service organization
could make payroll testing more complicated, although the auditor
should perform the same testing. The auditor may accomplish this
testing with the assistance of the service organization’s auditor, who
may issue an internal control report on the service organization under
AU 324 (SAS 70). Another approach may be for the service organization’s
auditor to assist the entity’s auditor by performing agreed-upon
procedures at the service organization (e.g., substantive testing)
under AT 201 (see FAM 660).
Table:
[See PDF for image]
[End of figure]
Name of entity:
Audit period:
Reviewed by:
Audit Procedures: 1. Based on the preliminary assessment of compliance
control effectiveness (as documented on Form 814 - Compliance Summary),
select a sample of expense amounts for individuals’ gross pay from the
payroll disbursement records for the audit period. (The sample size
will vary based on the expected effectiveness of compliance controls,
as discussed in FAM 460.02). Document the sampling approach using the
documentation in FAM 495 E. See note 2 regarding sampling efficiencies
and completeness of the population.
The auditor should coordinate these tests with other tests of payroll-
related expenses and with the agreedupon procedures agency auditors
perform for OPM, per OMB audit guidance, if performed. Sample size
Sample selection method;
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 2. For each selection made in step 1, document the
employee, the pay period selected, and the amount withheld for the pay
period selected, if any, for the cost of health insurance. If
available, document the health plan enrollment code;
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 3. For each selection made in step 1, obtain the
employee’s personnel file and note whether the employee elected health
insurance coverage for the period to which payroll disbursement
relates. Such coverage should be indicated on OPM form SF 2809. If the
employee did not elect health insurance coverage, ask why amounts are
being withheld for the cost of insurance and determine whether any
entity contributions are being made inappropriately as well; Done
by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 4. If the employee identified in step 3 elected
coverage,perform the following steps: (a) Obtain the schedule of health
insurance costs for all plans published by OPM. Using the enrollment
code for the plan selected by the employee on OPM form SF 2809,
calculate the employee’s portion of the health insurance cost and
record it in the documentation. Compare it to the amount actually
withheld for the selected pay period and obtain an explanation and
examine support for any differences. (5 U.S.C. 8906(d));
(b) For each employee in (a), determine the appropriate amount of the
entity’s contribution for its share of health insurance costs by using
the OPM schedule of costs. Compare it to the amount actually
contributed by the entity for the employee’s health insurance for the
selected pay period and obtain an explanation and examine support for
any differences. (See note 1 for part-time career employees.) (5 U.S.C.
8906(b)(1));
(c) For each employee in (b), determine if amounts contributed by the
entity are charged to the appropriation or fund that is used to pay the
employee for the selected pay period by performing the following
procedures: (1) Review the accounting codes indicated on the supporting
documentation. (2) Determine whether the accounting codes used to
record the entity contribution are the same as those used for the
related payroll expenditure and whether the codes and amounts agree
with those recorded in the budgetary accounting records. (This step
assumes other payroll testing would have included checking that the
codes represent the proper appropriation.);
3. For each selection made in step 1, obtain the employee’s personnel
file and note whether the employee elected health insurance coverage
for the period to which payroll disbursement relates. Such coverage
should be indicated on OPM form SF 2809. If the employee did not elect
health insurance coverage, ask why amounts are being withheld for the
cost of insurance and determine whether any entity contributions are
being made inappropriately as well; Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 5. Determine whether the entity has effective
controls over the proper summarization of the amounts withheld from
employees for health insurance costs under this law and the entity
contributions for remittance to Treasury. If the entity does not have
effective controls for summarization, test the summarization of the
totals that include the items selected for testing in step 1; Done
by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 6. Compare the total cost of health insurance on the
entity’s records (employee and employer portions) for the selected pay
period to the deposit made to Treasury and the documentation sent to
OPM and obtain an explanation and examine support for any differences.
The funds should be deposited in the Treasury to the credit of the
Employees Health Benefits Fund. (5 U.S.C. 8909); Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 7. If the entity does not appear to be in compliance
based on the results of tests performed, the auditor should discuss
these matters with OGC and, when appropriate, the Special Investigator
Unit to conclude if noncompliance actually has occurred and the
implications of such noncompliance. For any noncompliance noted, the
auditor should:
* identify the weakness in compliance controls that allowed the
noncompliance to occur, if not previously identified during compliance
control testing;
* report the nature of any weakness in compliance controls and consider
modification of the opinion on internal control as appropriate (see FAM
580.32-.61);
* consider the implications of any instances of noncompliance on the
financial statements; and
* report instances of noncompliance, as appropriate (see FAM 580.67-
.75); Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 8. Document conclusions on compliance with each
provision on Form 814 - Compliance Summary; Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 8. Document conclusions on compliance with each
provision on Form 814 - Compliance Summary; Done by/date: [Empty];
Doc Ref: [Empty].
Note 1: For part-time career employees, the biweekly entity
contribution shall be calculated on a prorata basis based on the ratio
of number of scheduled parttime hours to the number of scheduled
regular hours for an employee serving in a comparable position on a
full-time basis. (5 U.S.C. 8906(b) (3))
Note 2: If the auditor uses multipurpose testing for the compliance
test and/or compliance control test and a substantive test of payroll
expense details, the sample items for the compliance test and/or
compliance control test should be selected using the sampling method
used for the substantive test. Otherwise, the auditor should select
items using attribute sampling, as discussed in FAM 460.02. As with all
sampling applications, the auditor should consider the completeness of
the test population. For efficiency, the auditor should consider using
records that were tested for validity and completeness (as well as the
other financial statement assertions) in conjunction with substantive
tests of payroll or other payroll related compliance tests.
Note 3: If the entity outsources payroll processing, the entity remains
responsible for compliance. Dividing responsibility for payroll
processing activities between the entity and the service organization
could make payroll testing more complicated, although the auditor
should perform the same testing. The auditor may accomplish this
testing with the assistance of the service organization’s auditor, who
may issue an internal control report on the service organization under
AU 324 (SAS 70). Another approach may be for the service organization’s
auditor to assist the entity’s auditor by performing agreed-upon
procedures at the service organization (e.g., substantive testing)
under AT 201 (see FAM 660).
816 - Federal Employees' Compensation Act (FECA), 5 U.S.C. Chapter 81:
Note: The auditor may complete this compliance summary or prepare
equivalent documentation only if provisions of the Federal Employees’
Compensation Act are significant as indicated on Form 802 - General
Compliance Checklist at FAM 802-10.
Table:
[See PDF for image]
[End of figure]
Note: The auditor may complete these procedures or prepare equivalent
documentation only if provisions of the Federal Employees’ Compensation
Act are significant as indicated on Form 802 - General Compliance
Checklist at FAM 802-10. These procedures test compliance with the
provisions listed on the Compliance Summary for this law.
Audit Procedures: Note: The provisions identified for testing are
proceduralbased provisions. As discussed in FAM 460.06, sufficient
procedures usually are performed by the auditor in conjunction with
tests of compliance controls for these procedural-based provisions to
conclude on the entity's compliance without performing additional
procedures. The auditor should not perform additional procedures to
obtain evidence regarding compliance with the provisions related to the
following objectives unless sufficient evidence regarding compliance
was not obtained during compliance control tests documented on Form
816 - Compliance Summary;
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 1. Reference to conclusions on compliance controls on
Form 816 - Compliance Summary and indicate whether any additional
procedures are necessary; Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 2. If the entity does not appear to be in compliance
based on the results of tests performed, the auditor should discuss
these matters with OGC and, when appropriate, the Special Investigator
Unit to conclude if noncompliance actually has occurred and the
implications of such noncompliance. For any noncompliance noted, the
auditor should
* identify the weakness in compliance controls that allowed the
noncompliance to occur, if not previously identified during compliance
control testing;
* report the nature of any weakness in compliance controls and consider
modification of the opinion on internal control as appropriate (see FAM
580.32- .61);
* consider the implications of any instances of noncompliance on the
financial statements; and
* report instances of noncompliance, as appropriate (see FAM 580.67-
.75);
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 3. Document conclusions on compliance with each
provision on Form 816 - Compliance Summary; Done by/date: [Empty];
Doc Ref: [Empty].
Note 1: A statement showing the total cost of benefits and other
payments made from the Employees’ Compensation Fund during the
preceding July 1 through June 30 expense period on account of the
injury or death of employees or individuals under the jurisdiction of
the entity is required to be provided by the Secretary of Labor to the
entity by August 15 of each year. (5 U.S.C. 8147);
Note 2: Entities not dependent on an annual appropriation shall make
the required deposit to Treasury from funds under its control during
the first 15 days of October after receipt of the statement showing the
costs paid on the entity's behalf. (5 U.S.C. 8147)
817 – Federal Employees’ Retirement System Act of 1986 (FERS), 5 U.S.C.
Chapter 84:
Note: The auditor may complete this compliance summary or prepare
equivalent documentation only if provisions of the Federal Employees’
Retirement System Act of 1986 are significant as indicated on Form
802 - General Compliance Checklist at FAM 802- 10.
Table:
[See PDF for image]
[End of table]
Note: The auditor may complete these procedures or prepare equivalent
documentation only if provisions of the Federal Employees’ Retirement
System Act of 1986 are significant as indicated on Form 802 - General
Compliance Checklist at FAM 802-10.
These procedures are designed to test compliance with the provisions
listed on the Compliance Summary.
Name of entity:
Audit period:
Reviewed by:
Audit Procedures: 1. Based on the preliminary assessment of compliance
control effectiveness (as documented on Form 817 - Compliance Summary),
select a sample of expense amounts for individuals’ gross pay from the
payroll disbursement records for the audit period for employees covered
by the Federal Employees’ Retirement System (FERS). (See note 1.) (The
sample size will vary based on the expected effectiveness of compliance
controls as discussed in FAM 460.02). Document the sampling approach
using the documentation in FAM 495 E. See note 4 regarding sampling
efficiencies and completeness of the sample population.
The auditor should coordinate these tests with other tests of payroll-
related expenses and with the agreedupon procedures agency auditors
perform for OPM, per OMB audit guidance, if performed. Sample size
Sample selection method;
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 2. For each selection made in 1, document the
following for the pay period selected:
* the amount withheld for the cost of retirement benefits,
* the amount of basic pay, and
* if indicated in the payroll disbursement records, document the
retirement plan under which the withholdings were made (CSRS or FERS).
(Only employees covered by FERS should be included in this compliance
test. See FAM 813 for the CSRS compliance test.);
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 3. For each item selected in 1, obtain the employee's
personnel file and note the
* employee hire date,
* amount of basic pay, and
* the retirement plan under which the employee is covered;
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 4. For each selection made in 1 (a) Compare the
amount of basic pay indicated in the employee’s personnel file with the
amount indicated in the payroll records and obtain an explanation and
examine support for any differences. (This procedure would be performed
only if not already performed as part of other testing.)
(b) Calculate the amount of the withholdings for retirement costs based
on 0.8% of basic pay for most employees (see note 2 for percentages for
certain employees) for the selected pay period and record the amount in
the documentation. Compare to the actual amount withheld for the
selected pay period and obtain an explanation and examine support for
any differences. (5 U.S.C. 8422(a)(1))
(c) Determine whether the entity contributed the correct amount for the
employee’s retirement for the selected pay period. Obtain an
explanation and examine support for any differences between the entity
contributions and the amount calculated using OPM’s normal cost
percentage. (5 U.S.C. 8423(a)(1) and 5 U.S.C. 8401(23)); Done by/date:
[Empty];
Doc Ref: [Empty].
Audit Procedures: 5. To determine if amounts contributed by the entity
are charged to the appropriation or fund used to pay the employee for
the selected pay period: (a) Review the accounting codes indicated on
the supporting documentation.
(b) Determine whether the accounting codes used to record the entity
contribution are the same as those used for the related payroll
expenditure and whether the codes and amounts agree to those recorded
in the budgetary accounting records. (This step assumes other payroll
testing would have included checking that the codes represent the
proper appropriation.)
(c) Consider the procedures performed on the entity’s budget controls
over summarization of expenditure balances as discussed in FAM 395 F.
If the auditor has assessed the entity’s controls as effective in
achieving the control objective of summarization of expenditure
balances, further procedures are not necessary to obtain assurance as
to whether the entity’s contributions are paid out of the proper
appropriation account. If the auditor has assessed the controls as
ineffective, the auditor should perform procedures to determine whether
the entity has properly summarized the expenditure balances as
described in FAM 495 B. (5 U.S.C. 8423(a)(1)); Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 6 . Determine whether the entity has effective
controls over the proper summarization of the amounts withheld from
employees for retirement costs under this law and the entity
contributions for remittance to Treasury. If the entity does not have
effective controls for summarization, test the summarization of the
totals that include the items selected for testing in step 1; Done
by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 7. Compare the combined totals of employee
withholdings and entity contributions that include each selection made
in step 1 to the deposit made to Treasury and the remittance sent to
OPM and obtain explanation and examine support for any differences. The
funds should be deposited in the Treasury to the credit of the Civil
Service Retirement and Disability Fund. (5 U.S.C. 8422(c) and 5 U.S.C.
8401(6));
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 8. If the entity does not appear to be in compliance
based on the results of tests performed, the auditor should discuss
these matters with OGC and, when appropriate, the Special Investigator
Unit to conclude if noncompliance actually has occurred and the
implications of such noncompliance. For any noncompliance noted, the
auditor should
* identify the weakness in compliance controls that allowed the
noncompliance to occur, if not previously identified during compliance
control testing;
* report the nature of any weakness in compliance controls and consider
modification of the conclusion on internal control as appropriate (see
FAM 580.32- .61);
* consider the implications of any instances of noncompliance on the
financial statements; and
* report instances of noncompliance, as appropriate (see FAM 580.67-
.75);
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 9. Document conclusions on compliance with each
provision on Form 813 - Compliance Summary; Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures: 9. Document conclusions on compliance with each
provision on Form 813 - Compliance Summary; Done by/date: [Empty];
Doc Ref: [Empty].
Note 1: Employees may be covered by the Civil Service Retirement Act
(CSRS) or the Federal Employees’ Retirement System Act (FERS),
generally depending on their employment dates. Generally, employees
hired after January 1, 1984 are in FERS.
Note 2: For most employees, the percentage to be withheld is 0.8
percent (7 percent less the Social Security tax rate). For
congressional employees, Members of Congress, and law enforcement
officers, firefighters, air traffic controllers, and nuclear materials
couriers, the withholding rates are higher. (See 5 U.S.C. 8422(a)(1).)
Note 3: The Office of Personnel Management (OPM) computes the normal
cost percentage. For example: for FY 2008 it is 11.2 percent for
regular employees. OPM lists the percentages in its Benefits
Administration Letters, accessible on its Internet site,
http://www.opm.gov/asd/htm/bal06.htm (where the 2 digits after "bal"
represent the calendar year of the letters). (5 U.S.C. 8401(23)) Note
4: If the auditor uses multipurpose testing for the compliance test
and/or compliance control test and a substantive test of payroll
expense details, the sample items for the compliance test and/or
compliance control test should be selected using the sampling method
used for the substantive test. Otherwise, the auditor should select
items using attribute sampling, as discussed in FAM 460.02.
As with all sampling applications, the auditor should consider the
completeness of the test population. For efficiency, the auditor should
consider using records that were tested for validity and completeness
(as well as the other financial statement assertions) in conjunction
with substantive tests of payroll or other payroll related compliance
tests. Note 5: If the entity outsources payroll processing, the entity
remains responsible for compliance. Dividing responsibility for payroll
processing activities between the entity and the service organization
could make payroll testing more complicated, although the same testing
should be performed. The auditor may accomplish that testing with the
assistance of the service organization's auditor, who may issue an
internal control report on the service organization under AU 324 (SAS
70). Another approach may be for the service organization's auditor to
assist the entity’s auditor by performing agreed-upon procedures at the
service organization (e.g., substantive testing) under AT 201 (see FAM
660).
[End of section]
Section 900:
Substantive Testing:
902 - Related Parties, Including Intragovernmental Activity and
Balances:
.01: This section provides guidance on the procedures that the auditor
should perform with respect to related parties, as described in FAM 280
and FAM 550. Additionally, in determining whether related party
activities are properly accounted for and disclosed in the financial
statements, the auditor should consult AU 334, which provides general
guidance on related parties relationships and transactions. Further,
the American Institute of Certified Public Accountants (AICPA) has
issued a toolkit for accountants and auditors titled Accounting and
Auditing for Related Parties and Related Party Transactions.[Footnote
31] This toolkit includes selected authoritative accounting and
auditing literature, an illustrative audit program, disclosure
checklist, confirmation letter, and letter to other auditors and is
available at the AICPA’s website at [hyperlink, http://www.aicpa.org].
.02: The U.S. government in its entirety is an economic entity and
federal entities are components of the U.S. government. Therefore,
transactions between federal entities are considered intragovernmental
(Note: Federal Accounting Standards Board’s (FASAB) Statements of
Financial Accounting Standards (SFFAS) refers broadly to the cost of
goods and services between federal entities as “inter-entity” costs).
Within the U.S. government, many reporting entities rely on other
federal entities to help them achieve their missions and fulfill their
operating objectives. These arrangements may be voluntary, stipulated
by law, or established by mutual agreement of the entities involved and
may not be carried out on an arm’s-length basis. In many cases, the
entity receiving goods or services reimburses the providing entity in
accordance with an agreed-upon price, which may or may not represent
fair value. However, frequently one entity provides goods or services
to another entity free of charge (without reimbursement) and the cost
of such activity is paid by appropriated funds of the providing entity.
For example, the General Services Administration (GSA) routinely
provides property management services and contract award and
administration to other entities without charge.
.03: In addition, certain federal entities can significantly influence
the operating policies of the transacting entities. For example, the
Office of Management and Budget (OMB) provides budget, policy and/or
general management guidance to other federal entities. The Office of
Personnel Management (OPM) helps federal civilian entities recruit
nationwide; sets human resources management rules with the federal
entities’ involvement; administers systems for setting federal
compensation and benefits; manages federal employee health and life
insurance programs; and operates retirement programs for federal
employees.
.04: In the U.S. government, the most significant related parties are
other governmental entities. Other possible related parties outside of
the federal government include states, members of entity’s management,
and individuals and companies with which members of management may be
related. State and local governments are technically not related
parties, since under the constitution they have powers independent of
the federal government. However, the procedures for related parties may
also be useful for state and local governments.
.05: The auditor should make inquiries about the possible existence of
related parties with material activity and balances that could affect
the financial statements, including intragovernmental activity and
balances. The auditor should also inquire about the possible existence
of related parties involving members of management that may be a
sensitive conflict-of-interest issue involving potential misuse of
government assets. The identification of related parties and activity
and balances is important because (1) U.S. GAAP requires disclosure of
material related-party transactions and certain control relationships,
(2) fraudulent financial reporting and misappropriation of assets have
been facilitated by the use of undisclosed related parties, and (3)
distorted or misleading financial statements may result in the absence
of adequate disclosure.
.06: Financial statement users need related party information to make
informed judgments. If parties are related, the transactions between
them may not be based on an arm’s-length relationship. For example,
certain goods or services may be donated or be at an amount that does
not represent fair value, thus affecting the cost of the receiving
entity’s operations. In addition, an entity may have transactions with
another entity based on a common control situation, such as when the
entity controls or can significantly influence the management or
operating policies of the transacting entity. In these cases, the
financial statements need to disclose the nature of the relationship
since this control relationship could result in operating results or
financial positions significantly different from those that would have
been achieved in the absence of such relationship.
.07: Disclosures include the nature of the relationship between the
entity and its related parties, a description of the transactions,
including donations, dollar amounts of transactions that occurred
during the period, and amounts due to or from related parties as of the
end of the period. Disclosures may aggregate similar transactions by
type. In cases of common control relationships, the nature of the
control relationship is disclosed even if there are no transactions
between the entities. Related party transactions between components of
the audited entity that are eliminated in consolidation are not
disclosed in the consolidated financial statements. However, if
separate statements of the components are issued, the disclosures are
presented in the separate component statements.
.08: The following sections discuss intragovernmental activity and
balances, and other related parties.
Intragovernmental Activity and Balances:
.09: Intragovernmental amounts represent activity and balances within
or between federal entities. Intradepartmental amounts are activity and
balances within the same department (a department here means any
department, agency, administration or other entity designated by OMB as
a financial reporting entity that is not part of a larger financial
reporting entity other than the government as a whole).
Interdepartmental amounts are activity and balances between two
different departments. The intradepartmental and interdepartmental
amounts are subsets of intragovernmental activity and balances. FASAB
uses various terms to define intragovernmental activities. As discussed
in FAM 902.02, SFFAS No. 4 refers to these activities broadly as inter-
entity costs. SFFAS No. 30 refers to intra-departmental inter-entity
costs to describe activities within the same department, while
activities between two different departments are inter-departmental
inter-entity costs. FASAB Interpretation No. 6 uses “department” to
refer to any department, agency or other financial reporting entity
that is not part of a larger reporting entity other than the government
as a whole. The terminology used in FAM 902 is consistent with FASAB
usage of the terms intra-departmental and inter-departmental
activities.
.10: Common examples of intragovernmental activities include:
* Goods and services provided from one federal entity to another (trade
transactions), costs incurred, and reimbursable costs (including both
interdepartmental and intradepartmental activity).
* Transfers between entities based on agreements or legislative
authority, expended appropriations, taxes and fees collected,
collections for others, accounts receivable from appropriations,
transfers payable, and custodial revenue (including both
interdepartmental and intradepartmental activity).
* Investments in federal securities issued by Treasury’s Bureau of the
Public Debt, including interest accruals, interest income and expense,
and amortization of premiums and discounts.
* Borrowings from the Treasury and the Federal Financing Bank,
including interest accruals, interest income, and expenses.
* Costs of litigation paid by the Treasury Judgment Fund[Footnote 32]
(including both interdepartmental and intradepartmental activity).
* Transactions with OPM relating to employee benefit programs such as
Federal Employees’ Retirement System, Civil Service Retirement System,
and federal employees’ life insurance and health benefits programs,
that include routine payments, imputed financing, and accruals.
* Transactions with the Department of Labor (Labor) relating to the
Federal Employee’s Compensation Act (FECA) that include routine
payments to Labor.
.11: Intradepartmental activities and balances (within the same
department) are eliminated at the department’s consolidated financial
statements level. Interdepartmental activities and balances (between
federal entities) are eliminated at the U.S. government’s consolidated
financial statements level. Accounting and Reporting Guidance
.12: In accounting for and reporting of related parties, including
intragovernmental activity and balances, see FASAB accounting
standards, the Financial Standards Accounting Board (FASB) financial
accounting standards (FAS), OMB reporting guidance contained in OMB
Circular No. A-136, and Treasury accounting and reporting guidance
contained in the Treasury Financial Manual (TFM). FAM 902.14-.20
illustrate these relevant documents in more detail.
.13: SFFAS No. 4, Managerial Cost Accounting Concepts and Standards,
and related interpretations, address the accounting standards for inter-
entity cost activities. SFFAS No. 5, Accounting for Liabilities of the
Federal Government, addresses inter-entity liabilities, including
federal debt, pensions and retirement benefits. Also, SFFAS No. 7,
Accounting for Revenue and Other Financing Sources and Concepts for
Reconciling Budgetary and Financial Accounting, as amended, addresses
inter-entity revenue and requires disclosure of the nature of
intragovernmental exchange transactions in which an entity provides
goods or services at a price less than full cost or does not charge a
price at all. In accordance with SFFAS No. 4, as amended by SFFAS No.
30, effective for periods beginning after September 30, 2008, the costs
of program outputs include the costs of services provided by other
entities whether or not the providing entity is fully reimbursed.
Additionally, each entity’s full cost is to incorporate the full cost
of goods and services that it receives from other entities. The entity
providing the goods or services has the responsibility to provide the
receiving entity with information on the full cost of services either
through billing or other advice. The reporting entities are also to
consult with the funding and administering agencies, such as OPM, for
information needed to properly record inter-entity costs. SFFAS No. 4
directs OMB to designate the costs of goods and services
received from other entities that are to be recognized and to issue
guidance identifying these costs.[Footnote 33]
.14: FASB FAS No. 57, Related Party Disclosures, defines related
parties and provides examples of related party transactions and general
guidance on disclosures of transactions between related parties in the
private sector. Footnote disclosures include disclosure of the nature
of the relationship between the entity and its related parties, a
description of the transactions, including donations, dollar amounts of
transactions that occurred during the period, and amounts due to or
from related parties as of the end of the period.
.15: OMB Circular No. A-136, Financial Reporting Requirements, states
that federal entities are to
* report intragovernmental assets separately from transactions with
non- Federal entities (entities outside the federal government) on the
balance sheet; disclose intragovernmental assets separately from other
non-entity assets; identify intragovernmental liabilities covered by
budgetary resources and those not covered by budgetary resources (such
as accrued annual leave); and separately report intragovernmental
liabilities,
* disclose intragovernmental costs and revenue transactions separately
from those made with the public and describe the criteria used for the
cost/revenue classification. Disclosure is to include an explanation
that makes it clear to the reader that the intragovernmental expenses
relate to the source of goods and services purchased by the reporting
entity and not to the classification of related revenue, and
* reconcile intragovernmental balances and transactions at least
quarterly and submit intragovernmental balance information as a note
disclosure in the special purpose financial statements. OMB also has
issued a memorandum titled Business Rules for Intragovernmental
Transactions that requires agencies to use this A-136 methodology in
accounting for certain intragovernmental transactions, which should
help in reconciliation.
.16: To emphasize entity management’s responsibility for identifying
intragovernmental transactions and balances and reconciling data with
other entities, specific representations are included in the management
representation letter for intragovernmental activity. These
representationsof transactions, and reconciliation (or inability to
reconcile) with entities providing the goods or services (see FAM
1001). If such disclosure is included in the financial statements and
the auditor believes that the disclosure is either not supported by
management, or if management refuses to disclose related party
transactions, the auditor generally should express a qualified or
adverse opinion because of the inadequate disclosure, depending on
materiality, and include the necessary disclosures in a separate
paragraph of the audit report.
.17: TFM section “Federal Intragovernmental Transactions Process” and
Treasury’s Federal Intragovernmental Transactions Accounting Policies
Guide (Treasury Guide) provides governmentwide procedures for federal
entities to account for and reconcile transactions occurring within and
between each other. The procedures in this guidance does not apply to
transactions between federal entities and nonfederal entities. Further
information is available at the Treasury/Financial Management Service’s
(FMS) web site at [hyperlink, http://www.fms.treas.gov].
.18: The TFM also includes procedures for CFO Act departments to
reconcile and confirm intragovernmental activity and balances as of and
for the fiscal year ended September 30. Each department’s CFO is to
provide the department’s Inspector General (IG) with representations
indicating whether the department completed the reconciliation. In
addition, the department is to describe noncompliance with the
reconciliation requirements. The auditor should include this
representation in the management representation letter (see FAM 1001).
.19: The Treasury Guide provides detailed information on accounting and
reconciling intragovernmental balances. According to the guide,
entities are to identify trading partners[Footnote 35] for all
intragovernmental transactions and accumulate detail and summary
information for each activity by trading partner from their accounting
records. The trading partner code may be incorporated (1) as part of
account coding classification, or (2) in the customer/vendor
identification code in accounts receivable and payable systems. These
codes are the same as the Treasury index agency code used by the
Treasury to prepare the governmentwide consolidated financial
statements. If the two-digit Treasury index agency code is not adequate
to identify the trading partner, entities may expand the partner code
to components below the department level and communicate these codes to
their trading partners.
.20: The Treasury Guide also indicates that federal entities are to use
the Standard General Ledger (SGL) account attributes to indicate the
nature of account balances and to identify intragovernmental
transactions. For example, the federal “F” and nonfederal “N”
attributes used in conjunction with an SGL account in the Federal
Agencies’ Centralized Trial Balance System (FACTS) I submissions enable
Treasury/FMS to prepare elimination entries for the governmentwide
financial statements. When the federal attribute “F” is used with an
SGL account, a trading partner is to be designated for each transaction
posted to the account.
Continuing Issues from Prior Year Audits:
.21: Prior year audits of federal entity financial statements have
identified numerous instances where entities did not identify,
summarize, or reconcile intragovernmental activity and balances by
trading partner. Controls over the intragovernmental transactions were
not adequate. For example, one department instructed its components to
make buyer’s intragovernmental transaction amounts agree with seller’s
information without requiring an adequate reconciliation or
verification if goods or services were provided. Similar issues were
also identified concerning activity and balances within the same entity
(intradepartmental). Accordingly, there was no assurance that the
entity records contained balances that are fairly presented. This has
been a material weakness at the U.S. government consolidated financial
statement level in that entity intragovernmental accounts do not
completely eliminate in consolidation.
Intragovernmental Payment and Collection (IPAC) System:
.22 IPAC is the primary method used by most federal entities to
electronically bill and/or pay for services and supplies within the
U.S. government. IPAC is used to communicate to Treasury and the
trading partner agency that the online billing and/or payment for
services and supplies has occurred. IPAC, however, is not intended to
be a control over the intragovernmental transactions (reciprocal
accounts). IPAC was not designed as an accounting system and does not
require trading partners to record transactions at the same time or in
the same amounts. In addition, unreconciled IPAC differences could
affect the existence and completeness of intragovernmental activity and
balances.
.23: The IPAC billing entity initiates an IPAC transaction either as a
collection or a payment. The IPAC customer entity receives an IPAC
transaction either as a payment or a collection. Monthly, the Treasury
compares the customer and billing amounts from Statement of
Transactions (FMS 224) reported by the entity with the IPAC data. If
there is a difference, a Statement of Differences (SOD),[Footnote 36]
including a detailed list of all transactions charged or credited to a
particular agency location code, is generated monthly. The SOD is an
Internet application of the Government On-Line Accounting Link
Information Access System II (GOALS II/IAS).
Entities are to investigate the differences and make any necessary
corrections on their next Statement of Transactions.
.24: The auditor generally should test the entity’s IPAC reconciliation
procedures to determine if the entity performs the reconciliation and
researches and resolves differences reflected on the Statement of
Differences properly and timely. The auditor may coordinate the
procedures with Fund Balance with Treasury (FBWT) audit procedures to
assess the effectiveness of the entity’s IPAC reconciliation (see FAM
921). .25 The auditor generally should also design audit procedures to
understand whether the entity uses other systems (EFT, check, standard
forms used to transfer funds between appropriations, credit cards,
etc.) in addition to the IPAC system to process intragovernmental
activity and balances. The auditor generally should determine whether
these systems affect the accuracy of intragovernmental activity and
balances. (See audit procedures below and FAM 902 C.)
Audit Procedures
.26 The auditor should identify the risk of material misstatement in
determining the nature, extent, and timing of procedures for auditing
intragovernmental activity and balances and in evaluating the results
of these procedures. Throughout the audit, the auditor evaluates the
possible existence of material intragovernmental activity and balances
that could affect the financial statements. The auditor also evaluates
information concerning material intragovernmental activity and balances
to determine the adequacy and appropriateness of financial statement
disclosures. .27 During the planning phase, the auditor should assess
inherent, fraud, and control risk. The auditor evaluates several
conditions to assess inherent risk related to intragovernmental
activity and balances. For example, inherent risk may exist because of
the nature of the intragovernmental activity, such as a significant
volume or dollar amount of transactions, number of trading partners, or
complexity of transactions. The auditor should also assess the impact
of the risk of material misstatement on control testing and substantive
procedures. The auditor should determine whether similar conditions
continue to exist and should understand management’s response to such
conditions. .28 In understanding the entity, including its internal
control, the auditor should obtain an understanding of management
responsibilities and the relationship of each component to the total
department and of each department to other departments. The auditor
should also obtain an understanding of the entity’s operations to
identify, respond to, and resolve accounting and auditing problems
early in the audit. This includes:
* knowledge of the entity’s trading partners,
* the nature of intragovernmental transactions that occur,
* the volume and dollar amount of transactions, and
* management’s attitude and awareness with respect to reconciliations
of intragovernmental activity and balances.
.29: The auditor should evaluate the design of the entity’s internal
control over intragovernmental activity and balances and whether the
design was implemented. This begins with the auditor identification of
policies and procedures that pertain to the entity’s ability to record,
process, summarize, and report intragovernmental activity and balances
by trading partner. A good design emphasizes the importance of
identifying and classifying intragovernmental transactions by trading
partner when they are initiated and on all documentation thereafter.
Without this initial identification, the entity’s accounting system may
not be able to adequately track intragovernmental activity and
balances.
.30: Without proper and timely reconciliation of intragovernmental
activity and balances, misstatements in these account balances at the
component and/or department level could materially affect the balances
at the governmentwide level (as well as at the department or component
level). In addition, when preparing consolidated financial statements,
the preparer eliminates intragovernmental activity and balances within
and between departments or components. Because the amounts reported for
entity trading partners for certain intragovernmental accounts could be
significantly out of balance, the preparer would not be able to
eliminate these accounts in the consolidated financial statements. The
auditor may advise the entity about the need for monthly confirmation
and reconciliation of these transactions with trading partners, as
annual or quarterly reconciliations may not be sufficient to detect and
resolve misstatements promptly.
.31: If the auditor determines that the entity’s reconciliation control
for intragovernmental transactions is not effectively designed and
implemented, the auditor should consider the effect on the risk of
material misstatement. Where intragovernmental transactions are or
could be material, significant additional work is usually necessary to
express an unqualified opinion. In those cases where the auditor finds
significant deficiencies or material weaknesses in the
intragovernmental reconciliation control and no other mitigating
controls exist, the auditor must disclose this in the report or opinion
on internal controls (FAM 580).
.32: OMB audit guidance requires that agreed-upon procedures be
performed by entities where there is evidence and a history of systemic
or recurring problems in accounting, reporting, or reconciling
intragovernmental balances, beginning with the third quarter of fiscal
year 2007. These procedures are intended to assist with accounting for
and eliminating intragovernmental activity and balances in the
preparation of department and governmentwide financial statements and
reports.
.33: To avoid duplicate procedures, the auditor should consider the
agreedupon procedures performed by the entity in the above paragraph
when designing the tests for intragovernmental activity and balances.
Examples of the account risk analysis (ARA), specific control
evaluation (SCE), and audit procedures for the audit of
intragovernmental activity and balances are in FAM 902 A, FAM 902 B,
and FAM 902 C, respectively. The ARA, SCE(s), and audit procedures
generally are customized by the auditor for the particular entity. For
example, if the auditor determines that the intragovernmental accounts
receivable line item is significant, the auditor generally should
prepare a separate ARA, SCE(s), and audit procedures forthe
intragovernmental accounts receivable account and its related
accounting applications. (Note that a single SCE for a line-
item/accountrelated accounting application is presented. There are
likely transactionrelated accounting applications listed on the ARA
that also would have SCEs.) In addition, for efficiency, the auditor
may coordinate tests of intragovernmental activity and balances with
tests of nonfederal activity and balances.
Other Related Parties
.34: To effectively plan and perform an audit, the auditor generally
should understand the entity’s organization and its characteristics.
The auditor generally should identify the possible existence of other
related parties and other related party transactions throughout the
audit and determine whether they are properly accounted for and
disclosed (see FAM 902.07). As indicted at FAM 902.04-.05, other
related party transactions may involve members of entity’s management,
and individuals and companies with which members of management may be
related. While these transactions are usually not material to the
entity’s financial statements, there may be a sensitive conflict-of-
interest issue involving the potential misuse of government assets.
.35: The auditor may inquire of management, review major contracts or
agreements, and read financial disclosure statements. The auditor
should document the names of related parties so audit staff members are
aware of them as they conduct the audit. Tests of transactions with
such parties may be coordinated with sensitive payments work, as
discussed in FAM 280.05.
.36: In addition to the procedures on related parties, the auditor also
may inquire about other parties that may not be related parties, but
that the entity may wish to disclose because of a public perception
that they might be related, although professional standards do not
require disclosure if the parties are not related (as defined in AU
334). FAM 902 C provides examples of audit procedures for other related
parties as well as for intragovernmental activity and balances. The
auditor may customize the steps for the particular audited entity.
Practice Aids:
.37: The following practice aids are presented as appendixes:
* FAM 902 A – Example Account Risk Analysis (ARA),
* FAM 902 B – Example Specific Control Evaluation (SCE), and
* FAM 902 C – Example Audit Procedures;
902 A - Example Account Risk Analysis for Intragovernmental Activity
and Balances:
Table:
[See PDF for image]
[End of table]
902 C – Example Audit Procedures for Intragovernmental and Other
Related Parties’ Activity and Balances:
Entity:
Period of financial statements: Job code:
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: I. Planning Phase Obtain an understanding of the
entity and its operations, including its internal controls that are
significant to the audit of intragovernmental and other related party
activity and balances (see FAM 220) by
1) Obtaining an understanding of significant accounting and auditing
issues by reading the entity’s prior year’s accountability and
auditors’ reports; Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 2) Identifying the entity’s accounting and
reporting requirements and applicable auditing standards for
intragovernmental and other related party activity and balances by
reading
a) SFFAS No. 4, Managerial Cost Accounting Concepts and Standards;
SFFAS No. 5, Accounting for Liabilities of the Federal Government;
SFFAS No. 7, Accounting for Revenue and Other Financing Sources and
Concepts for Reconciling Budgetary and Financial Accounting; Statement
of Financial Accounting Standards No. 57, Related Party Disclosures; AU
Section 334, Related Parties; AU Section 558, Required Supplementary
Information; OMB bulletin on Form and Content of Agency Financial
Statements; Treasury/ Financial Management Service’s (FMS) Federal
Intragovernmental Transactions Accounting Policies Guide; and Treasury
Financial Manual section “Federal Intragovernmental Transactions
Process.”;
b) The entity’s internal procedures for identifying, accounting,
reconciling and reporting intragovernmental and other related party
activity and balances;
c) The entity’s process for identifying, classifying, and reporting
intragovernmental activity and balances requiring elimination at the
consolidated departmentwide or governmentwide level; Done by/date:
[Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 3) To identify the impact of systems/methods for
processing, accounting, and financial reporting of intragovernmental
and other related party activity and balances, perform the following
procedures a) Interview the entity’s key management about processes,
for example, the systems/methods that are used to process
intragovernmental and other related party activity and balances (e.g.,
IPAC, credit cards, standard forms used to transfer funds between
appropriations, and others). b) Obtain estimates of the approximate
number and dollar amount of intragovernmental and other related party
activity and balances (this could be based on the prior year) that are
processed by each significant system/method (see FAM 270). c) Consider
coordinating this work with the audit of like nonfederal activity and
balances (i.e., similar transactions by the entity with parties other
than other federal entities);
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 4) To identify the intragovernmental and other
related party activity and balances, perform the following procedures
a) Ask entity management to identify i) The names of all related
parties (intragovernmental and others) and whether there were
transactions with them during the period. Other possible related
parties outside of government might be individuals and companies with
which members of
management may be related or otherwise be able to significantly
influence the management or operating policies; Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 4) To identify the intragovernmental and other
related party activity and balances, perform the following procedures
a) Ask entity management to identify i) The names of all related
parties (intragovernmental and others) and whether there were
transactions with them during the period. Other possible related
parties outside of government might be individuals and companies with
which members of
management may be related or otherwise be able to significantly
influence the management or operating policies. ii) The nature and
terms of all significant activities and balances. For example, (1) for
a seller entity,
(a) Obtain information on the types of significant revenues, any markup
percentage(s) over full cost, and the settlement/payment due date. (b)
Inquire as to how the full cost of products and services sold is
determined.
(2) for a buyer entity,
(a) Inquire about the minimum
requirements (business rules) that must be met before an
intragovernmental trading partner may provide goods or services.
(3) Inquire as to any amounts that are in dispute at year-end;
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 4) To identify the intragovernmental and other
related party activity and balances, perform the following procedures
a) Ask entity management to identify i) The names of all related
parties (intragovernmental and others) and whether there were
transactions with them during the period. Other possible related
parties outside of government might be individuals and companies with
which members of
management may be related or otherwise be able to significantly
influence the management or operating policies; iii) Determine whether
the audited entity receives services without reimbursement or for less
than full reimbursement. For example, donated services, such as space
or detailed employees. If so, ask if the entity is complying with U.S.
GAAP and/or OMB requirements with respect to accounting and reporting
treatment of these transactions. Also, if applicable, ask about the
approximate fair value and/or financial statement disclosure for such
goods and/or services.
iv) Determine whether the entity centrally maintains contracts,
agreements, and other documentation for the terms of all significant
transactions with related parties. Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 4) To identify the intragovernmental and other
related party activity and balances, perform the following procedures
a) Ask entity management to identify i) The names of all related
parties (intragovernmental and others) and whether there were
transactions with them during the period. Other possible related
parties outside of government might be individuals and companies with
which members of
management may be related or otherwise be able to significantly
influence the management or operating policies; iii) Determine whether
the audited entity receives services without reimbursement or for less
than full reimbursement. For example, donated services, such as space
or detailed employees. If so, ask if the entity is complying with U.S.
GAAP and/or OMB requirements with respect to accounting and reporting
treatment of these transactions. Also, if applicable, ask about the
approximate fair value and/or financial statement disclosure for such
goods and/or services.
iv) Determine whether the entity centrally maintains contracts,
agreements, and other documentation for the terms of all significant
transactions with related parties; b) Review, if any
i) Entity policy for advance approval of related party transactions by
senior management. ii) Entity policy for requiring disclosure by
employees to appropriate officials of potential conflicts of interest,
such as related party transactions by employees of the entity. Also
determine if summaries of such transactions are communicated to
financial management for its consideration. iii) Vendor and customer
master file listings, major contracts, and IPAC activity for
intragovernmental or other related parties. Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 5) Provide audit staff with the names of known
intragovernmental and other related party trading partners, a
description of the nature of significant transactions with each, and
such other information as considered necessary to assist them in
planning and performing other sections of the audit; Done by/date:
[Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 6) Summarize results of the Planning Phase; Done
by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 7) Document the auditor’s preliminary assessment
of risk of material misstatement related to intragovernmental and other
related party activities and balances in the ARA form (FAM 902 A) or
equivalent; Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 7II. Internal Control Phase Understand and
document the design of the internal control for identifying, accounting
for, eliminating, and reporting intragovernmental and other related
party activity and balances (existence, completeness, valuation, rights
and obligations, presentation and disclosure) (see FAM 320). Also
determine if the design has been implemented. 1) Determine through
inquiry of management, walkthroughs, review of prior years’
documentation and other means, how and when the entity identifies
intragovernmental and other related party transactions. a) Determine
whether the entity identifies transactions by trading partner when they
are initiated and on all documentation thereafter. b) If the entity
uses trading partner codes, determine the relationship of such codes to
other document identifiers such as vendor codes. For example, trading
partner codes may be integral to each vendor code, or it may be
necessary to crosswalk vendor codes to a file of trading partner codes.
c) If the entity does not use trading partner codes, determine how the
entity identifies, analyzes, and accumulates intragovernmental activity
and balances. For example, the entity may derive such amounts through
off-line manual processes after the fact.
d) Determine when the entity recognizes each significant category of
intragovernmental and other related party transactions. For example,
when an invoice is received, when processed through IPAC, when goods or
services are received, when notified by the seller that an agreed-upon
stage of completion has been achieved. Determine whether the entity’s
policy in recording intragovernmental and other related party
transactions is appropriate. e) Determine whether the entity and its
trading partners use consistent reciprocal ledger accounts[Footnote 37]
and categories of activity and balances for recording and reconciling
such amounts. If so, ask what processes are in place to provide
management with reasonable assurance that trading partners are
recognizing reciprocal transactions in the same period, for the same
amount, and by consistent or compatible accounting methods.
f) Determine if the entity complies substantially with the SGL at the
transaction level as it applies to intragovernmental activity and
balances. (Note: The SGL accounts used should include attributes for
intragovernmental activity and balances that identify (a) that these
accounts contain intragovernmental transactions (e.g., attribute “F”),
and (b) the trading partner (e.g., Treasury trading partner code “20”).)
g) Identify policies and procedures for confirming intragovernmental
and other related party activity and balances with trading partners. h)
Determine how often the entity reconciles its related party activity
and balances with its trading partners. Also inquire as to whether
adjustments identified as necessary through the reconciliation process
have been properly recognized in the financial records. If not, ask
why. If the entity did not perform reconciliations, ask why not; Done
by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 7II. Internal Control Phase Understand and
document the design of the internal control for identifying, accounting
for, eliminating, and reporting intragovernmental and other related
party activity and balances (existence, completeness, valuation, rights
and obligations, presentation and disclosure) (see FAM 320). Also
determine if the design has been implemented. 1) Determine through
inquiry of management, walkthroughs, review of prior years’
documentation and other means, how and when the entity identifies
intragovernmental and other related party transactions. a) Determine
whether the entity identifies transactions by trading partner when they
are initiated and on all documentation thereafter. b) If the entity
uses trading partner codes, determine the relationship of such codes to
other document identifiers such as vendor codes. For example, trading
partner codes may be integral to each vendor code, or it may be
necessary to crosswalk vendor codes to a file of trading partner codes.
c) If the entity does not use trading partner codes, determine how the
entity identifies, analyzes, and accumulates intragovernmental activity
and balances. For example, the entity may derive such amounts through
off-line manual processes after the fact.
d) Determine when the entity recognizes each significant category of
intragovernmental and other related party transactions. For example,
when an invoice is received, when processed through IPAC, when goods or
services are received, when notified by the seller that an agreed-upon
stage of completion has been achieved. Determine whether the entity’s
policy in recording intragovernmental and other related; e) Determine
whether the entity and its trading partners use consistent reciprocal
ledger accounts1 and categories of activity and balances for recording
and reconciling such amounts. If so, ask what processes are in place to
provide management with reasonable assurance that trading partners are
recognizing reciprocal transactions in the same period, for the same
amount, and by consistent or compatible accounting methods.
f) Determine if the entity complies substantially with the SGL at the
transaction level as it applies to intragovernmental activity and
balances. (Note: The SGL accounts used should include attributes for
intragovernmental activity and balances that identify (a) that these
accounts contain intragovernmental transactions (e.g., attribute “F”),
and (b) the trading partner (e.g., Treasury trading partner code “20”).)
g) Identify policies and procedures for confirming intragovernmental
and other related party activity and balances with trading partners. h)
Determine how often the entity reconciles its related party activity
and balances with its trading partners. Also inquire as to whether
adjustments identified as necessary through the reconciliation process
have been properly recognized in the financial records. If not, ask
why. If the entity did not perform reconciliations, ask why not; i)
Determine whether selling and buying entities have established
processes to facilitate the timely reconciliation of activity and
balances. (Note: The selling entity is typically responsible for
furnishing detailed transaction information to facilitate
reconciliation.)
j) Inquire as to the entity’s year-end cut-off procedures related to
intragovernmental and other related party activity. Determine if
procedures are designed to provide assurance that intragovernmental
activities occurring in the current period are recorded in the current
period. (Use the above trading partner procedures to detect cutoff
errors in the reconciliation process.) k) Identify the entity’s
policies and procedures for intra-entity elimination.
l) Determine whether the entity maintains transaction logs or detailed
records of transactions to identify the postings to SGL accounts and to
facilitate the reconciliation process. Determine if the logs include
sufficient information to enable identification and location of
supporting documents.
m) Determine whether the entity reviews and approves monthly account
analyses of intragovernmental accounts, examines budget-toactual, and
performs trend analyses.
2) Coordinate with the results of audit procedures for other cycles to
determine if the entity has internal control deficiencies related to
intragovernmental and other related party activity and balances. For
example, to determine if the entity has control issues related to
intragovernmental activity and balances, coordinate with the results of
FBWT audit procedures to determine if the entity has issues on its
FBWT/IPAC reconciliation such as material unreconciled amounts and aged
unreconciled IPAC differences.
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 3) Perform walkthroughs of processes for
identifying, accounting, reconciling, confirming, eliminating, and
reporting intragovernmental and other related party activity and
balances to obtain or update the auditor’s understanding of these
procedures and preliminarily assess the effectiveness of the design of
these controls. a) Walkthrough the process from initiation to recording
in the general ledger and inclusion in the financial statements or
elimination for each significant type of intragovernmental and other
related party activity and balances. b) Walk through the
management/entity approval process of payments to trading partners.
(Note: Prior audits have identified instances where payment controls
for intragovernmental transactions were not sufficient. For example,
the seller entity made payments to trading partners without verifying
whether goods or services were provided.)
c) Identify and document any differences in processing nonfederal and
intragovernmental and other related party activities and balances. d)
If the entity performs reconciliations of intragovernmental activity
and balances with trading partners during the year, walk through both
interim and year-end reconciliation processes.
4) Prepare or update the cycle memorandum (FAM 390), flowcharts (FAM
395 H and I), ARA form (FAM 902 A) and SCE form (FAM 902 B), or
equivalents.) Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: III. Testing Phase: A. Intragovernmental
accounts:
For intragovernmental accounts, if the auditor preliminarily determines
that the entity’s reconciliation and confirmation controls with trading
partners are effectively designed and placed in operation, the auditor
generally should test the entity’s policies and procedures to determine
if the reconciliation and confirmation controls are effective and if
intragovernmental balances appear reasonable. 1) If material
differences exist in intragovernmental activity and balances, prepare
an agreed-upon procedures report beginning with third quarter 2007.
(See Treasury TFM; OMB audit guidance on Intragovernmental Balances:
Supplementary and Agreed-Upon Procedures (AUP), sections 13.32 and
13.33; and FAM 660.)
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 2) Compare the amounts in the reconciliations to
supporting documentation.
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 3) Trace the adjustments, if any, identified in
the reconciliation process to the entity’s financial records. Done
by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 4) Compare the amounts, excluding intra-
departmental activity and balances, in the audited department
consolidated financial statements to such amounts in the department’s
final FACTS I or FACTS Notes reports to FMS.
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 5) If necessary, the auditor may design
additional procedures to achieve financial audit objectives. For
example: Reconciliation/confirmation (existence, completeness,
valuations, rights and obligations, and classification);
* According to OMB’s Circular A-136, Financial Reporting Requirements,
entities are required to reconcile intragovernmental balances and
transactions at least quarterly. Test reconciliations to determine if
the entity’s reconciliation control is effective throughout the year
and each trading partner has a separate reconciliation.
* This reconciliation/confirmation also may be used for within entity
reconciliation/confirmation (intraentity). a) Determine the
completeness of the population by comparing the trading partners on the
reconciliations and confirmation forms to subsidiary records or the
entity’s trading partner list obtained during the planning phase. b)
For each reconciliation/confirmation: i) Determine if the
reconciliation/confirmation was reviewed and approved by appropriate
personnel.
ii) Compare total amounts and SGL accounts of the activity and balances
reported on the reconciliation/confirmation form with the general and
subsidiary ledger accounts, and the total amounts to audited financial
statements and footnote disclosures. If differences are found, document
each such difference. Determine the potential impact on the financial
statements and post the differences identified to the Schedule of
Uncorrected Misstatements (FAM 595 C-4); iii) Test whether the entity
used appropriate SGL accounts and whether these SGL accounts include
the proper attribute(s) to indicate that they result from
intragovernmental transactions. For example, when the federal attribute
“F” is used with an SGL account, a trading partner should be designated
for each transaction posted to the account. Entities can modify SGL
accounts listed on the form to be more specific.
iv) Determine whether the entity is using the reciprocal accounts
delineated in the FMS Guide. Entities should use these accounts to
account for intragovernmental activity and balances in the specified
categories. Use of these reciprocal accounts will facilitate the
reconciliation and confirmation process. v) For fiduciary activity and
balances, compare amounts on the reconciliation forms to amounts on the
Intragovernmental Fiduciary Confirmation System. (Note: Fiduciary
activity and balances include loans from the Federal Financing Bank and
Bureau of Public Debt, investments with Bureau of Public Debt, Federal
Employees’ Compensation Act transactions with DOL, and employee benefit
transactions with OPM. The seller entity— Bureau of Public Debt,
Treasury, Federal Financing Bank, DOL, and OPM—should make balances
information and other details available through the Intragovernmental
Fiduciary Confirmation System for the buyer entities’ use in
reconciling amounts to their records. The Intragovernmental Fiduciary
Confirmation System is the official confirmation system for federal
entities that engage in fiduciary intragovernmental transactions with
Bureau of Public Debt, Federal Financing Bank, OPM, and DOL.); vi) For
transfers, test whether
(1) the classification of transfers as expenditure or nonexpenditure is
proper, and
(2) the accounting and reporting are appropriate.
vii) For trust fund transfers such as highway and airport trust funds,
also test whether the trust fund amounts are properly accounted for and
maintained in accordance with laws that established these funds. (Note:
Test either by the trust fund auditor or as agreed-upon procedures by
the auditor who audits the entity that collects the revenue for it.)
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: Reconciliation adjustments and differences (all
intragovernmental categories)
Exhibit I to FAM 902 C provides an illustration of a reconciliation
tool that may be used to summarize reconciling items and prove amounts
between a buyer and a seller entity.
b) Determine whether adjustments, if any, are supported and timely by
i) Tracing adjustments and reconciling items identified in the
reconciliation process to the entity general and subsidiary ledgers.
ii) Examining adjustments and supporting documents to determine if
(1) The entity timely and properly performed the research and
identified causes for differences.
(2) The adjustments are agreed upon by both entities and made to proper
SGL accounts. Examples of adjustments and reconciling items are:
(a) Adjustments in estimated
accruals: For example, the seller entity has recorded unbilled
revenue and the buyer entity was not timely advised of the
estimated accrual.
(b) Adjustments due to timing
differences: For example, timing differences caused by a buyer
entity’s delay in recording IPAC transactions into proper SGL
accounts.
(c) Reconciling item for capitalization of assets: For example, the
buyer entity purchased property and
equipment or inventory and
recorded them as assets.
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 5) If necessary, the auditor may design
additional procedures to achieve financial audit objectives. For
example: Reconciliation/confirmation (existence, completeness,
valuations, rights and obligations, and classification); iii) Obtain or
prepare aging of outstanding unadjusted reconciling amounts for all
significant intragovernmental balance sheet accounts. Identify old
and/or unusual reconciling items and obtain explanations from the
entity; Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: iv) Review final yearend reconciliation for any
accounting policy differences and determine if the entity explains the
causes of these differences on the final reconciliation. The causes of
these differences might be differences in accounting standard
requirements such as different amortization methods for discounts and
premiums. For example, one trading partner may use the interest method
and the other trading partner may use the straight-line method to
amortize discounts/premiums. However, there should be no material
unresolved differences on the final year-end reconciliation forms and
entities should resolve all differences with their trading partners;
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: v) Determine the extent of unadjusted
differences at year-end and assess their materiality on the financial
statement line item and the overall financial statements;
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: vi) If adjustments are made subsequent to the
completion of the confirmations (during the audit period), determine if
the entity revised the reconciliation and confirmation and submitted
the updated data to FMS;
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 6) Summarize the results of testing by
concluding on the effectiveness of the entity’s reconciliation and
confirmation controls. Propose any adjustments on the Schedule of
Uncorrected Misstatements (FAM 595 C); Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 7) Determine whether to change the risk of
material misstatement and revise audit procedures based on the results
of testing;
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: B. Intragovernmental activity and balances: For
intragovernmental activity and balances, if the auditor preliminarily
determines that the entity’s reconciliation/ confirmation control with
trading partners is not appropriately designed, or if the
reconciliations and/or confirmations are not performed by the entity,
determine the effect on substantive procedures and on the audit report.
Determine whether to modify the audit opinion when no reconciliation
and other mitigating controls exist, and to disclose a significant
deficiency or material weakness in internal controls. When
intragovernmental activity and balances are material, significant
additional work may also be necessary to express an unqualified opinion
on the financial statements, such as:
1) Coordinating work with auditor testing other related line items and
test existence, completeness, valuation, rights and obligations, and
classification of intragovernmental activity and balances by a)
Determining in conjunction with cash receipts, revenues, and accounts
receivable testing, if intragovernmental accounts receivable were
collected subsequent to test date. Examine supporting documentation for
the posting of collections to the cash records and determine if
intragovernmental revenues and receivables were included in nonfederal
balances. b) Testing completeness of intragovernmental activity and
balances by reviewing vendor and customer master files to determine if
intragovernmental vendors and customers are properly included in
intragovernmental accounts. c) Sending confirmation requests to trading
partners for both balance sheet and net cost activity and balances. If
the risk of material misstatement is assessed as high, apply similar
confirmation procedures to nonfederal accounts. Cut off test (existence
and completeness) d) Determine if there are unrecorded transactions and
if the transactions are recorded in the correct period by
i) Coordinating with the FBWT audit team to review results of the FBWT
reconciliation tests. For example, review IPAC transactions
reconciliations and the recording of IPAC transactions in accounting
systems; consider how timely and whether appropriate; review IPAC
transactions after 9/30–subsequent billing and collecting
transactions–to determine unrecorded transactions at 9/30. ii)
Searching for unrecorded revenue, accounts receivable, purchases, and
accounts payable (completeness). For example
(1) To search for unrecorded revenue and accounts receivable, select
invoices for trading partners recorded in the xx-day period subsequent
to year-end. Trace the selected invoices to shipping records or
evidence of service performance. Determine whether the revenue and
accounts receivable were recorded in the correct period. Alternatively,
select from shipping records to trading partners prior to year-end and
trace to invoices.
(2) To test the completeness of amounts recorded as accounts payable at
the balance-sheet date, select disbursements after the end of the audit
period and test if the amounts were recorded in payables; Done by/date:
[Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 2) Review the test results of other related line
items to determine if there are issues related to existence,
completeness, valuation, rights and obligations, and classification in
the tested accounts and transactions and the impact on the
intragovernmental activity and balances. In testing these other
accounts, consider whether items tested were from trading partners;
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 3) Summarize results of testing and propose any
adjustments on the Schedule of Uncorrected Adjustments (FAM 595 C-4);
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 4) Determine whether to change the risk of
material misstatement and revise audit procedures based on the results
of testing;
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: C. Control and substantive tests of details—
other related parties
Determine the purpose, nature, and extent of material other related
party transactions and their effect on the financial statements.
Coordinate with sensitive payments work, including executive
compensation, travel, official entertainment funds, unvouchered
expenses, and consulting services (see FAM 280.05).
1) Based on the work performed during the planning and internal control
phases, determine and document the methodology used to select the
transactions for testing by either
a) examining all transactions, or b) performing a Monetary Unit
Sampling (MUS), or c) performing a Classical Variables Estimation
Sampling, or
d) another method (describe);
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 2) For the selected transactions, a) examine
documentation such as invoices, contracts, agreements, and receiving
and shipping reports;
b) determine whether the transactions have been properly approved;
c) confirm transaction terms and amounts with the other party to the
transaction; and d) test the compilation of amounts that may be
disclosed in the financial statements for reasonableness;
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 3) Summarize results of testing and propose any
adjustments on the Schedule of Uncorrected Adjustments (FAM 595 C-4);
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 4) Determine whether to change the risk of
material misstatement and revise audit procedures based on the results
of testing;
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: C. Control and substantive tests of details—
other related parties
Determine the purpose, nature, and extent of material other related
party transactions and their effect on the financial statements.
Coordinate with sensitive payments work, including executive
compensation, travel, official entertainment funds, unvouchered
expenses, and consulting services (see FAM 280.05).
1) Based on the work performed during the planning and internal control
phases, determine and document the methodology used to select the
transactions for testing by either
a) examining all transactions, or b) performing a Monetary Unit
Sampling (MUS), or c) performing a Classical Variables Estimation
Sampling, or
d) another method (describe);
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 2) For the selected transactions, a) examine
documentation such as invoices, contracts, agreements, and receiving
and shipping reports;
b) determine whether the transactions have been properly approved;
c) confirm transaction terms and amounts with the other party to the
transaction; and d) test the compilation of amounts that may be
disclosed in the financial statements for reasonableness;
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 3) Summarize results of testing and propose any
adjustments on the Schedule of Uncorrected Adjustments (FAM 595 C-4);
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 4) Determine whether to change the risk of
material misstatement and revise audit procedures based on the results
of testing;
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: D. Substantive analytical procedures (FAM 475)
Perform analytical procedures to assess whether balances are reasonable
and reflect appropriate activities (existence and completeness). If the
entity performs reconciliation and confirmation of intragovernmental
activity and balances and the auditor places reliance on those tests of
details, less rigorous, supplemental analytical procedures may be used
to increase the auditor’s understanding of intragovernmental activity
and balances after performing tests of details in Testing, step III.A,
above. However, in the absence of adequate reconciliation and
confirmation controls, some or all of these procedures may be necessary
to obtain sufficient evidence, if possible. For example, 1) Develop
expectations of the accounts payable and receivable balances overall or
for all significant trading partners in light of the payment cycle
during the year. Then, compare the recorded balance overall or by
trading partner to the expected amount and investigate differences in
the recorded balance if differences exceed an amount such that the
total uninvestigated difference for all trading partners, including
those not selected, does not exceed the limit; Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 2) Develop expectations of recorded
intragovernmental revenue overall or for all significant trading
partners based on independent data; for example, consider using trading
partners’ orders. Then compare the expectations to the recorded revenue
amounts and investigate differences in the recorded balance if
differences exceed an amount such that the total uninvestigated
difference for all trading partners, including those not selected, does
not exceed the limit; Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 3) Examine accounting records, for example,
accounts receivable and payable, for large, unusual, or nonrecurring
activity or balances. For example, consider expectations as to the
types of intragovernmental activity and balances and trading partners
based on the planning work. Then, examine significant
unexpected/unusual intragovernmental activity and balances and
intragovernmental activity or balances with unexpected trading
partners. Document the definition of significant; Done by/date:
[Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 4) Summarize the results of testing and
determine if adjustments are necessary;
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: E. Elimination (existence, completeness, and
valuation)
Test consolidation/elimination for transactions occurring within the
entity (intra-entity) to determine whether the elimination is
appropriate and supportable. 1) Obtain a list of each component
entity’s intra-entity transactions identified for elimination and each
component entity’s reconciliation of its intra-entity activity and
balances with its respective trading partners. This step may be done in
conjunction with the test of reconciliation (see step III.A above);
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 2) Review the entity’s eliminating journal
entries and supporting documentation for elimination entries of the
entitywide consolidated financial statements. Determine whether
elimination journal entries are a) approved by management, and
b) supported by schedules summarizing the SGL accounts that are
combined to total the amounts eliminated;
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 3) Summarize results of testing; Done by/date:
[Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 4) Determine whether to change the risk of
material misstatement and revise audit procedures based on the results
of testing; Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: IV. Reporting Phase To determine if the
presentation and disclosures of intragovernmental and other related
party balances comply with U.S. GAAP and OMB requirements: 1) Determine
whether financial reports are prepared in accordance with the OMB
Circular No. A-136, Financial Reporting Requirements. For example, a)
Review the balance sheet and determine whether it is properly
classified and line items are correctly reported as intragovernmental
or nonfederal. b) Read the notes to the financial statements to
determine if intragovernmental amounts and the related federal trading
partners for assets, liabilities, earned revenue from trade (buy/sell)
transactions and nonexchange revenue are disclosed.
c) Read disclosures for the Statement of Net Cost in the notes to the
departmentwide financial statements and determine if the department
includes a separate disclosure of intragovernmental gross cost and
earned revenue by budget functional classification. Determine whether
gross cost and earned revenue are net of intradepartment transactions
(consolidated); Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 2) Read the entitywide financial statements and
notes and compare the reported intragovernmental and other related
party (if any) activity and balances with the test results;
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 3) Request that the entity’s management include,
in the representation letter, representations related to
intragovernmental and other related party activity and balances. (See
FAM 1001 for guidance.); Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 4) Communicate with trading partner entities’
auditors (with entity permission) to determine whether issues
identified by the other auditors affect the auditor’ s conclusions on
intragovernmental transactions; Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 5) Read the various current period Agreed-Upon
Procedures (AUP) reports to consider whether the findings will affect
the auditor’s conclusion and/or if additional procedures need to be
performed. For example,
* The AUP report on employee withholdings and employer contributions
that are reported on the Report of Withholdings and Contributions for
Heath Benefits, Life Insurance and Retirements. This AUP report is to
assist OPM in assessing the reasonableness of the Retirement, Health
Benefits, and Life Insurance Withholdings/Contributions and
Supplemental Semiannual Headcount report submitted to OPM (see OMB
audit guidance); Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 6) Summarize the results and propose any
adjustments on the Schedule of Uncorrected Adjustments (FAM 595 C- 4);
Done by/date: [Empty];
Doc Ref: [Empty].
Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances: 7) Conclude whether intragovernmental and other
related party activity and balances have been adequately accounted for
and properly disclosed in the financial statements;
Done by/date: [Empty];
Doc Ref: [Empty].
Figure:
[See PDF for image]
[End of figure]
903 - Auditing Cost Information:
.01: FAM 903 provides general guidance for auditors in identifying cost
information and planning audit procedures. The auditor should
coordinate these procedures with procedures on auditing various line
items and accounts. The auditor is generally concerned about cost
information because:
* The auditor should obtain sufficient evidence to determine whether
costs are presented fairly in entity financial statements and are
appropriately classified. Proper classifications of costs at the entity
level also contribute to proper classification of costs in the
consolidated financial statements of the U.S. government.
* For CFO Act agencies and components designated by OMB, the auditor
must evaluate whether agency financial management systems substantially
comply with the three requirements of FFMIA.
* Although the auditor does not opine on the MD&A, cost information is
important to the MD&A, particularly as it relates to developing
performance measures.[Footnote 38] The relevant accounting standard for
cost information is SFFAS No. 4, Managerial Cost Accounting, as amended
by SFFAS No. #30, Inter-Entity Cost Implementation. These standards
have relevance both to external financial reporting and to cost
information for internal management reporting.
The Impact of SFFAS No. 4 and SFFAS No. 30:
.02: SFFAS No. 4 establishes the concepts and standards for providing
reliable and timely information on the full cost of federal programs,
their activities, and outputs. The objectives of managerial cost
information specified in SFFAS No. 4 are:
* To provide program managers with relevant and reliable information
relating costs to outputs and activities. With this information,
program managers should understand the costs of the activities they
manage. The cost information should assist them in improving
operational efficiency.
* To provide relevant and reliable cost information to assist Congress
and executives in making decisions about allocating federal resources,
authorizing and modifying programs, and evaluating program performance.
* To provide consistency between costs reported in general purpose
financial reports and costs reported to program managers. This includes
standardizing terminology to improve communication among federal
organizations and users of cost information.
.03: The first two objectives primarily address the managerial use of
cost information in improving operating efficiency and cost
effectiveness, making planning and budgeting decisions, and measuring
performance. The third objective primarily addresses external financial
reporting, which can be achieved by reporting cost information in
financial statements that is consistent with costs generated by the
cost accounting process. Because of the differences in the three
objectives, some requirements in SFFAS No. 4 are relevant to managerial
decision making and operations improvement, while some requirements are
relevant to external financial reporting.
.04: The cost accounting concepts section of SFFAS No. 4 (paragraphs 41-
66) establishes the overall goals of cost accounting for federal
agencies. Managerial cost accounting should be a fundamental part of
the financial management system and, to the extent practicable, be
integrated with the other parts of the system. Managerial costing
should use a basis of accounting, recognition, and measurement that is
appropriate for the intended purpose. Cost information developed for
various purposes should be drawn from a common data source, and output
reports should be reconcilable to each other.
.05: The five fundamental standards for managerial cost accounting set
forth in SFFAS No. 4 (paragraphs 67-162) are important for the auditor.
These standards will lead to the development of accurate and consistent
cost information for internal and external reporting by federal
agencies. The five standards are:
* Requirement for cost accounting: Each reporting entity is to
accumulate and regularly report the cost of its activities for
management information.
* Responsibility segments: Management of each reporting entity is to
define and establish responsibility segments and report the costs of
each segment’s outputs.
* Full costs: Reporting entities are to report the full costs of
outputs, which is the total amount of resources used to produce the
output, including direct and indirect costs.
* Inter-entity costs: Each entity’s costs are to incorporate the full
cost of goods and services received from other entities. As directed by
SFFAS No. 4, paragraph 110, OMB has designated, in its Circular No. A-
136, Financial Reporting Requirements, the costs of goods and services
received from other entities to be recognized. SFFAS No. 30, effective
for reporting periods beginning after September 30, 2008, requires full
implementation of this inter-entity cost provision.
* Costing methodology: The costs of resources that directly or
indirectly contribute to the production of outputs are to be
accumulated and assigned to outputs using appropriate methodologies.
(FAM 903.07.)
Audit Procedures for Financial Statement Opinion:
.06 As part of understanding the entity’s operations, the auditor
generally should obtain an overview of how the entity applies FASAB
cost standards. This may be done by inquiry, observation, and
walkthrough procedures. The auditor generally should determine what
substantive testing procedures of the cost accounting system are
appropriate and may coordinate testing with other control and
substantive procedures. Based on the understanding of entity
operations, the auditor should determine whether the statement of net
costs is designed to include all costs of entity programs. Also, in
testing the statement of net costs, the auditor generally should test
the financial statement assertions related to costs, including whether
expenses are properly classified in the statement of net costs.
Consistent with FAM 395 B, examples of subassertions related to costing
are:
Existence Or Occurrence:
* Occurrence/Validity—(1) Recorded costs, underlying goods and services
received, and related processing procedures are authorized by federal
laws, regulations, and management policy. (2) Recorded costs are
approved by appropriate individuals in accordance with management’s
general or specific criteria. (3) Recorded costs exist for goods and
services received and are properly classified.
* Cutoff—Costs recorded in the current period represent goods and
services received during the current period.
* Summarization—(1) The summarization of recorded costs is not
overstated. (2) Costs are assigned to appropriate classifications in
the financial statements.
Completeness:
* Transaction completeness—All valid costs are recorded and properly
classified.
* Cutoff—All goods and services received in the current period are
recorded in the current period.
* Summarization—The summarization of recorded costs is not understated.
Accuracy/valuation:
* Accuracy—Costs are recorded at correct amounts.
* Valuation—Costs are valued in the financial statements using an
appropriate valuation basis.
* Measurement—Costs included in the financial statements are properly
measured.
* Presentation And Disclosure:
- Account classification—Cost accounts are properly classified and
described in the financial statements.
- Consistency—Costs in financial statements are based on accounting
principles that are applied consistently from period to period.
- Disclosure—Financial statements and footnotes contain all information
required to be disclosed.
.07: SFFAS No. 4 discusses three methods of assigning costs: directly
tracing costs, assigning costs on a cause-and-effect basis, and
allocating costs on a reasonable and consistent basis. Although the
standard discusses these three methods in relation to assigning costs
to responsibility segments and outputs, the methods are also applicable
to assigning costs to financial statement line items in the statement
of net costs, generally by program, and in the notes by budget
functional classification. The different methods of assigning costs may
require different auditing procedures for determining whether costs are
properly classified in the statement of net costs by program.
.08: For directly traced costs (such as materials used in production or
employees who worked on an output), the auditor generally should test
whether costs were assigned to the appropriate program and/or budget
functional classification.
.09: In some cases, costs may be assigned on a cause-and-effect basis,
by grouping costs into cost pools where an intermediate activity may be
a link between the cause and the effect. For example, an information
technology department may provide support to other departments. The
information technology department may assign costs to other departments
on a causeand- effect basis by first assigning costs to an intermediate
activity, such as hardware installation or software design. The costs
in these pools may then be further assigned to other departments based
on their use of these technical services.
In auditing these types of costs, the auditor generally should test
whether costs are assigned to the appropriate cost pool (hardware
installation, software design), and also whether costs are
appropriately summarized in the pool. When costs are assigned to other
departments, the auditor generally should test whether costs assigned
are based on appropriate usage information, whether cost assignments
are reasonable and consistent, and whether they are mathematically
accurate.
.10: If it is not economically feasible to either directly trace or
assign costs on a cause-and-effect basis, the entity may allocate
costs. This is commonly done with costs such as general management,
depreciation, rent, maintenance, security, and utilities used in common
by various segments.
These costs are generally accumulated in cost pools and allocated to
segments or outputs (or programs or budget functional classifications)
using a cost driver such as number of employees, square footage of
office space, or amount of direct costs incurred in segments. In
auditing these allocated costs, the auditor generally should test
whether the costs are assigned to the appropriate cost pool and
summarized appropriately. The auditor also generally should determine
whether the allocation basis is reasonable and consistent, whether the
mathematical allocation is correct, and whether an allocation is
appropriate in the circumstances.
.11: The entity exercises professional judgment in determining the line
item and programs to include in its statement of net costs. The auditor
generally should consider whether such classifications are reasonable
in the circumstances.
Federal Financial Management Improvement Act of 1996 (FFMIA)
.12: For audits of the CFO Act agencies and components identified by
OMB audit guidance, the auditor must evaluate whether agency financial
management systems substantial comply with the three requirements of
FFMIA (see FAM 100.02 and FAM 701). To determine compliance with SFFAS
No. 4 and SFFAS No. 30 for the purposes of FFMIA, the auditor generally
should ask the following questions (which relate to the standards
discussed in FAM 903.05)
* Does the agency regularly accumulate and report the full cost of its
activities to management?
* Has the agency defined its major programs and responsibility segments
for the purpose of delineating costs?
* Does the agency properly accumulate full costs by those programs and
segments?
* Has the agency accounted for the full costs (including inter-entity
costs) of products, services, or outputs to be externally reported at
the entitywide level?
* Has the agency accounted for the full cost of resources that
contribute to the production of outputs by individual responsibility
segment using appropriate costing methodologies? (See FAM 903.07)
* Has the agency reported full costs in the year-end financial
statements on the accrual basis of accounting?
* Are costs reported for external financial reporting and those
reported for internal management reporting consistent and reconcilable?
* Is the reported management cost information consistent, timely, and
comprehensive?
* Is the cost information reported in such a manner that management can
determine answers to appropriate questions about costs of outputs or
outcomes?
* How does management determine whether costs are appropriate?
* How does management determine compliance with FFMIA? The auditor
generally should combine this inquiry with the procedures in FAM
903.06, and consider the outcome in concluding about compliance with
the cost accounting requirements under FFMIA. Also, the auditor
generally should review evidence supporting management’s assertions in
response to these questions, as further discussed in FAM 701, Assessing
Compliance of Agency Systems with FFMIA. Management’s Discussion and
Analysis (MD&A)
.13: The auditor does not provide an opinion on the MD&A and this
information is unaudited. Thus, the auditor’s main concern is
consistency of this information, rather than testing the reliability of
the cost data in the MD&A. The auditor generally should read the MD&A
for consistency with the financial statements and with the auditor’s
knowledge of the entity. The auditor generally limits testing to data
in the financial statements, as discussed in FAM 903.06, not the MD&A.
The auditor may use analytical procedures to determine the
reasonableness of cost data in the MD&A. Based on this comparison, the
auditor should determine whether additional testing is needed.
Cost Reports:
.14: Costs reported in internal and external entity reports are
expected to be consistent, but may differ in the degree of detail and
reporting frequency. Cost information for management generally requires
more frequent and timely reporting. It also may require more specific
and detailed information regarding the costs of individual activities
or outputs. By comparison, external reports are generally less
frequent, and the cost information more aggregated, such as on a
suborganization or program basis.
.15: Entity level information, including cost data, generally becomes
more summarized at the U.S. government consolidated financial statement
level, or does not apply to the consolidation. In some cases, the
consolidation refers readers to individual agency financial statement
reports for further details in specific areas.
921- Auditing Fund Balance with Treasury (FBWT):
.01: FAM 921 provides guidance to the auditor when auditing FBWT
accounts. However, significant changes are anticipated in this area
over the next several years as Treasury is developing and implementing
the Government Wide Accounting (GWA) system, which is discussed further
in FAM 921.11. Implementation of the GWA system by federal entities is
expected to vary considerably and auditors should determine the effects
of this early in the audit as discussed in FAM 921.12.
.02: The FBWT account (SGL account 1010) is an asset account, unique to
the U.S. government, representing unexpended spending authority.
Entities record their budget spending authority in FBWT accounts with
an offsetting amount to unexpended appropriations – SGL account series
3100. Similar to cash in commercial bank accounts, FBWT amounts
increase as funds are collected and decrease as amounts are paid,
although noncash transactions adjust the balances, primarily as a
result of budgetary activity. Most entities have several FBWT accounts
funded by different types of appropriations[Footnote 39] that are
included in the financial statement FBWT line item.
.03: Federal agencies may also maintain other types of FBWT accounts,
such as for collections pending litigation, amounts awaiting
determination of the proper accounting disposition, or monies being
held by the entity in the capacity of a banker or agent for others,
such as non-entity, trust, or escrow accounts. Certain funds may also
be earmarked for specific purposes or restricted as to use. Entities
may also have FBWT balances in clearing or suspense accounts as a
result of unidentified and unclassified transactions.
.04: In the federal government, Treasury serves as the central banker.
Most entities use the banking services provided by Treasury’s Financial
Management Service (FMS), and therefore do not keep cash in commercial
bank accounts. Some entities have authority to disburse funds on their
own behalf and maintain separate commercial bank accounts in U.S. or
foreign currency. However, these agencies still maintain FBWT accounts
to track the status of their spending authority.
.05: Regular reconciliation of entity FBWT records with Treasury
records is a key control in maintaining the accuracy and reliability of
entity fund balance records. Effective reconciliations serve as a
detection control for identifying unauthorized and unrecorded
transactions at the entities and at Treasury. Effective reconciliations
are also important in preventing entity disbursements from exceeding
appropriated amounts and providing an accurate measurement of the
status of available resources.
.06: Treasury maintains and provides appropriation, fund, and receipt
account ledgers to entities. This includes a roll forward of the
previous month’s balance, the current month’s cash activity reported by
the entity, and other account activity such as supplemental
appropriations, rescissions, nonexpenditure transfers, and activity
reported by other entities. These Treasury account ledgers can be used
by entities for comparison to their records to account for all
transactions.
.07: Treasury also provides entities with detailed reports of cash
receipt and disbursement transactions reported by the Federal Reserve,
commercial banks, other federal entities, and the FMS regional
financial centers. These reports can be used by entities to reconcile
FBWT and most likely will be affected by implementation of the GWA
system discussed in FAM 921.11- .12.
FBWT Accounting and Reporting Information:
.08: To obtain a further understanding of entity’s accounting and
reporting for FBWT, the auditor may refer to:
* Treasury Financial Manual, Volume 1, part 2, chapter 5100 –
Reconciling Fund Balance with Treasury accounts, (see link at
[hyperlink, http://fms.treas.gov/fundbalance)].
* OMB Circular No. A-136, Financial Reporting Requirements.
* SFFAS No. 1, Accounting for Selected Assets and Liabilities.
* Entity accounting policies and procedures for FBWT accounts.
FBWT Audit Issues:
.09: Since most assets, liabilities, revenues, and expenses stem from
or result in cash transactions, misstatements in the receipt or
disbursement activity recorded in the FBWT account affects the accuracy
of year-end FBWT balances. It also affects the accuracy of several
entity financial statements, including the Balance Sheet, the Statement
of Net Cost, and the Statement of Budgetary Resources. Further, it
affects the integrity of entity budget execution reports and various
U.S. government accounts and reports.
.10: It is important for entities to establish processes to properly
record and reconcile transaction activity in their FBWT accounts
because without effective reconciliations of FBWT receipt and
disbursement activity, the amount of funds available for expenditure by
each appropriation may contain material misstatements. Entities should
avoid arbitrarily adjusting accounts to the amounts reported by
Treasury and/or recorded differences in suspense accounts without
adequately researching the causes of the differences. Unreconciled
differences recorded in suspense accounts could represent transactions
that have not been properly recorded by the entity to the appropriate
accounts.
Additionally, it is important for entities to reconcile their FBWT
account balances timely because this task becomes more difficult as
time passes and erroneous or fraudulent transactions may not be
identified to take appropriate actions. TFM Volume 1, part 2, chapter
5100 states that entities should perform monthly reconciliations of
their FBWT accounts.
.11 Treasury is developing the Government Wide Accounting (GWA) system,
to be implemented over the next several years. The GWA system will
eliminate the two-step reporting processes used by federal entities and
Treasury by transitioning from a monthly to a daily process of
reporting receipt and disbursement transactions to Treasury. This daily
classification of activity will eliminate the need for federal entities
to submit a monthly Statement of Transactions. The monthly Statement of
Differences reports that formerly resulted from this two-step
classification process will also be eliminated. Additionally, similar
to commercial on-line banking, the GWA system can provide federal
entities with a daily account statement of their FBWT accounts via the
Internet. Treasury continues to use “independent” sources of entity
FBWT activity, such as commercial banks, other federal entities, and
Treasury’s FMS regional financial centers, to calculate federal entity
FBWT balances.
.12 Implementation of the GWA system by federal entities is expected to
vary and auditors should determine the effects of this early in the
audit. The changing environment during this transition period increases
the audit risk associated with FBWT. To design effective and efficient
audit procedures during this transition period, auditors should fully
understand the status of GWA system implementation at their respective
federal entity and the processes and procedures used by their
particular entity during the year of audit.
.13 Treasury also plans to discontinue the use of certain suspense
(“F”) accounts used by entities to record unreconciled receipt and
disbursement transactions. Auditors will need to design procedures to
test whether entities have properly reconciled and classified the
suspense items that were recorded in these discontinued accounts. Some
entities will be granted waivers to continue using the suspense
accounts and auditors will need to ensure that all of the
reconciliations, aging, and CFO confirmation of balance requirements
for these suspense accounts are accurately performed by the entity.
Auditors will also need to fully understand their entity’s procedures
for tracking and recording suspense type items going forward and design
audit procedures to adequately test and assess the impact of the
suspense items on the FBWT at year-end.
FBWT Audit Approach:
.14: Auditors should obtain and fully document their understanding of
entity FBWT accounts, accounting systems, procedures, and the FBWT
control environment, including the information technology processing
and security controls over systems that report or transact FBWT
activities or balances, to determine the level of audit procedures
required.
.15: Auditors should design FBWT audit procedures that include tests of
the receipt and disbursement activity that flows through the accounts
and the FBWT balances. These procedures should include steps to
determine whether the entity:
* properly and timely records receipt and disbursement activity in
their FBWT accounts;
* researches and resolves the underlying causes of differences between
amounts reported by Treasury and entity records, including the receipt
and disbursement activity flowing through the FBWT accounts, as well as
the monthly account balances, and makes the proper adjustments; and:
* timely and properly clears suspense account balances.
.16: Auditors should determine the magnitude of the entity’s gross
unreconciled differences at year-end by analyzing their aggregate
absolute values and resulting impact on the financial statements. Since
each difference represents a potential misstatement, the roll-up and
netting of charges and credits can significantly understate the total
outstanding differences.
Audit Procedures:
.17: Audit procedures for the FBWT will vary by entity and auditors
should use their professional judgment to design audit programs for
their particular entity after considering the type of FBWT accounts,
materiality, audit risks, and the internal control environment. Over
the next several years as entities implement the GWA system, auditors
may consider the example audit procedures provided below to audit FBWT,
as well as developing new procedures to audit the GWA system.
Planning and Internal Control Phase:
.18: To obtain an understanding of the entity’s environment, internal
control over FBWT accounts and reconciliation process in the planning
and internal control phase of the audit, the auditor may perform steps
to:
* Review accounting and reporting information on FBWT at FAM 921.08.
* Read prior year audit documentation, financial statements, and
related audit reports to determine if there were any audit issues,
significant deficiencies, or material weaknesses related to FBWT.
* Interview entity key staff about its FBWT procedures and controls in
place.
* Determine how the entity disburses funds for both payroll and
nonpayroll transactions, either through FMS regional finance centers,
other entity disbursing centers, on its own behalf, or a combination of
ways.
* Obtain an understanding of the significant accounting systems and
controls used in reporting and accounting for FBWT transactions.
* Identify FBWT line item general ledger accounts.
* Obtain an understanding and walkthrough entity internal controls over
its FBWT reconciliation process and determine whether reconciliation
controls have been placed in operation.
* Inquire how the entity tracks and reports differences between its
FBWT records and Treasury’s FBWT records.
* Identify suspense and clearing accounts used by the entity containing
unreconciled differences and determine if transactions are identified
and removed from these accounts to the proper accounts in a timely
manner.
* Determine if the entity has a process or system for aging
unreconciled differences.
* Determine whether the entity is properly accounting for the FBWT line
item in accordance with U.S. GAAP by having the entity complete FAM
2010, Checklist for Federal Accounting.
Testing Phase:
.19: In the testing phase of the audit, the auditor may design an audit
program that includes steps to determine whether the entity:
* Properly and timely records receipt and disbursement activity in its
FBWT accounts.
* Researches and resolves the underlying causes of differences between
amounts reported by Treasury and entity records, (including the receipt
and disbursement activity flowing through the FBWT accounts and the
account balances each month) and makes the proper adjustments.
* Timely and properly investigates clearing and suspense account
balances.
* Reconciles its FBWT accounts and performs procedures to determine the
materiality of gross unreconciled differences at year-end by analyzing
the aggregate absolute values and resulting impact on the financial
statements. (Since each difference represents a potential misstatement,
the roll-up and netting of charges and credits can significantly
understate the total outstanding differences).
* Includes and presents nonexpenditure transactions such as
appropriation warrants, transfers, and rescissions.
* Discloses the status of accounts, such as open, expired, or canceled
and whether the account is appropriately included in the FBWT line
item.
Reporting Phase:
.20: To assess whether the presentation of the financial statements and
footnote disclosures for the FBWT line item are in accordance with U.S.
GAAP, the auditor may determine whether the entity has:
* Disclosed and explained material unreconciled differences in the
notes to the financial statements.
* Disclosed material unreconciled differences that were written off by
the entity during the fiscal year in the notes to the financial
statements.
* Disclosed material restrictions.
* Concluded that proposed audit adjustments are either booked or were
determined to be immaterial and were attached to the management
representation letter (see FAM 1001).
* Determined that the entity is properly reporting and disclosing the
FBWT line item in accordance with U.S. GAAP by having the entity
complete FAM 2020, Checklist for Federal Reporting and Disclosure. .21
Other audit procedures for FBWT may include tests of entity:
* fund controls,
* reconciliations of proprietary and budgetary amounts,
* compliance with applicable laws and regulations, and
* year-end reporting to Treasury and OMB.
.22: These audit procedures are not intended to be all inclusive. They
do not include all audit work over FBWT accounts, such as:
* cash on deposit bank accounts and petty cash (imprest) funds,
* tests of controls over check stock for entities that still write
checks instead of EFT, and:
* steps to test the specific requirements and/or compliance with
regulations and laws related to certain types of FBWT accounts, such as
those mentioned above in FAM 921.03.
Practice Aids:
.23: The following practice aids are presented as appendixes to FAM 921
to assist the auditor in auditing FBWT as follows:
* FAM 921 A – Treasury Processes and Reports Related to FBWT
Reconciliation.
* FAM 921 B – Example Account Risk Analysis (ARA) for FBWT.
* FAM 921 C - Example Specific Control Evaluation (SCE) for FBWT. A
single SCE of the line item/account-related accounting application for
FBWT is presented. There are transaction-related accounting
applications listed on the ARA that affect FBWT, such as cash receipts
and cash disbursements, which would require transaction related SCEs.
921 A - Treasury Processes and Reports Related to FBWT Reconciliation:
A. Verification of Collections and EFT Disbursements These FBWT
processes and reports are subject to change by the implementation of
the GWA system discussed in FAM 921.11-.12.
Table:
[See PDF for image]
*CASHLINK II processes will be migrating to successor systems such as
Transaction Reporting System (TRS) and Treasury General Account Deposit
Reporting Network (TGAnet) system.
**STAR performs core central accounting functions as the system of
record and the GWA system serves as a conduit to feed information in
and out. The two systems work in tandem to perform all of the central
accounting functions, although the GWA system is expected to replace
the STAR functionality.
[End of figure]
Table: B. Verification of Disbursement Data:
[See PDF for image]
[End of table]
Table: 921 B - Example Account Risk Analysis for Fund Balance with
Treasury
[See PDF for image]
[End of table]
Entity:
Date of Financial Statements:
Accounting application:
Fund Balance with Treasury:
Specific Control Evaluation:
Preparer:
Date:
(Line Item/Account-Related):
Reviewer:
Date:
Table 921 C - Example Specific Control Evaluation for Fund Balance with
Treasury:
[See PDF for image]
[End of figure]
931 – Auditing Heritage Assets and Stewardship Land:
.01: Heritage assets are real and personal tangible federal property,
plant, and equipment (PP&E) that is unique for one or more of the
following reasons:
* Historical or natural significance.
* Cultural, educational, artistic (or aesthetic) importance.
* Significant architectural characteristics. Heritage assets consist of
two types. Collection type heritage assets involve objects gathered and
maintained for exhibition and would include such examples as museum
collections, art collections, and library collections.
Non-collection type heritage assets would include such examples as
parks, memorials, monuments, and buildings.
.02: Stewardship land is public land and land rights owned by the
federal government, much of it acquired when the nation was formed. It
does not include land acquired for or used in connection with general
PP&E. Examples of stewardship land include land used as national
forests and parks, and land used for wildlife and grazing. It excludes
natural resources (for example, minerals, timber, and petroleum)
related to the land.
.03: Heritage assets may in some cases be used to serve two purposes—a
heritage function and general government operations. In cases where a
heritage asset serves two purposes, the heritage asset should be
considered a multi-use heritage asset if the predominant use of the
asset is in general government operations. For example, the main
Treasury building in Washington, DC is used primarily as an office
building. This multi-use asset would be considered general property,
capitalized on the balance sheet, and depreciated. Heritage assets
having an incidental use in government operations are not multi-use
heritage assets; they are simply heritage assets.
.04: SFFAS No. 29, Heritage Assets and Stewardship Land, issued on July
7, 2005, changed the classification of information reported for
heritage assets and stewardship land provided by SFFAS No. 6 and SFFAS
No. 8. Previously, reporting components of this federal property (e.g.,
unit balances, additions, withdrawals, methods of acquisition and
withdrawal) was presented as unaudited RSSI. However, under SFFAS No.
29, most information about heritage assets and stewardship land is
reclassified to the audited basic financial statements, except for
condition information that is presented as unaudited RSI. SFFAS No. 29
also requires additional audited disclosures about the federal entity’s
stewardship policies and an explanation of how heritage assets and
stewardship land relate to the entity’s mission.
.05: Per SFFAS No. 29, entities must reference a note on the balance
sheet that discloses information about heritage assets and stewardship
land but no dollar amount is shown. At a minimum, entities are to
present in note disclosure a description of major categories of assets,
physical unit information for the end of the reporting period, physical
units added and withdrawn during the reporting period, and a
description of the methods of acquisition and withdrawal.
Entities are also required to disclose information about stewardship
policies and an explanation of how heritage assets and stewardship land
relate to the mission of the entity. The standard also includes
disclosure requirements applicable to the U.S. government-wide
financial statements which must provide a general discussion of
heritage assets and stewardship land and direct users to the applicable
entities’ financial statements for more detailed information on these
assets.
.06: SFFAS No. 29 will be phased-in for reporting periods after
September 30,
2005, (FY 2006 through 2008). Full implementation of SFFAS No. 29 is
effective for periods after September 30, 2008, (FY 2009) although
early adoption is encouraged.
Accounting and Reporting Information
.07: To obtain a further understanding of entity accounting and
reporting for Heritage Assets and Stewardship Land, the auditor may
refer to:
* SFFAS No. 6, Accounting for Property, Plant and Equipment,
* SFFAS No. 8, Supplementary Stewardship Reporting (SFFAS 29 rescinds
Chapter 2 and Chapter 4),
* SFFAS No. 14, Amendments to Deferred Maintenance Reporting,
* SFFAS No. 29, Heritage Assets and Stewardship Land,
* FASAB Technical Release 9, Implementation Guide for SFFAS No. 29:
Heritage Assets and Stewardship Land (Feb 20, 2008),
* OMB Circular No. A-136, Financial Reporting Requirements, and
* entity accounting policies and procedures. Audit Issues.
.08: Entity financial statements, particularly DOD, have disclosed
material weaknesses in accounting for federal PP&E. This includes
identification of physical quantities by type of asset, cost/valuation,
depreciation (if general property, except land), condition, and
recording transactions in the proper period.
Audit Approach/Strategy
.09: The auditor should develop their audit approach/strategy by
identifying the extent of heritage assets and stewardship land at the
entity they are auditing. The auditor should then obtain and fully
document their understanding of this property in the entity’s accounts,
accounting systems, and related policies and procedures. The auditor
should also understand the control environment for this property,
including the information technology processing and security controls
over systems that report or transact activities or balances, to
determine the level of audit procedures required.
Audit Plan/Procedures:
.10: Heritage assets and stewardship land will vary by entity and
auditors should use their professional judgment to design the audit
plan/procedures for their particular entity after considering the type
of accounts, materiality, audit risks, and the internal control
environment. From fiscal years 2006 through 2008, as entities implement
SFFAS No. 29, auditors may consider the example audit procedures
provided below to audit this property, as well as a basis to develop
new procedures.
Planning Phase:
.11: To obtain an understanding of entity heritage assets and
stewardship land in the planning phase of the audit, the auditor may:
* Obtain an understanding of significant accounting and auditing
issues, read the entity’s prior year’s accountability and auditors’
reports.
* Read applicable SFFAS and OMB Circular No. A-136 guidance for
accounting, reporting, and disclosing heritage assets and stewardship
land.
* Understand and document the entity’s stewardship policies for
identifying heritage assets and stewardship land separate from multiuse
heritage assets and other general PP&E, and indicate how the
designation of heritage assets and stewardship land relate to the
entity’s mission.
* Understand and document the entity’s procedures for identifying,
categorizing, accounting, reconciling and reporting heritage assets and
stewardship land. Note that SFFAS No. 29 allows the entity flexibility
in designating categories by determining a meaningful level of
aggregation for reporting and selecting physical units aligned with
those categories based on the entity’s mission, types of heritage
assets, and how it manages those assets.
* Understand and document the entity’s methodology for acquisition and
withdrawal of heritage assets and stewardship land during the reporting
period.
* Understand and document the methodology used to account for deferred
maintenance (although unaudited RSI) on heritage assets and stewardship
land during the reporting period.
* Identify and understand the impact of systems/methods for
classifying, accounting, and processing of transactions related to
heritage assets and stewardship land by interviewing the entity’s key
personnel and its systems and methods for processing transactions.
* Provide sufficient time for the entity to respond to documentation
requests, as some records may be housed in field offices or other
locations.
* Coordinate, through the audit liaison, with non-financial staff, such
as cultural resource personnel, as heritage assets are non-financial
assets.
* Acquire expertise related to the assets they are auditing.
Internal Control Phase:
.12: To understand the internal controls the entity has in place for
identifying, accounting, and reporting heritage assets and stewardship
land, the auditor may:
* Determine through inquiry of management, walk-throughs, inspection of
documents, review of prior year’s documentation and other means
applicable to the entity, the entity’s process for identifying,
classifying and reporting heritage assets and stewardship land.
Specifically:
a) Whether the entity has an authorization process and the related
control procedures for acquisition, withdrawal, and deferred
maintenance transactions related to heritage assets and stewardship
land.
b) How the entity has instituted a consistent methodology for
categorization of heritage assets and stewardship land based on the
entity’s mission and in accordance with SFFAS No. 29.
c) How the entity records acquisitions, withdrawals, and deferred
maintenance entries in the accounting system and performs
reconciliations between the accounting system and the asset
accountability system. In accordance with SFFAS No. 29, costs related
to the acquisition, improvement, reconstruction and renovation of
heritage assets/stewardship land are recognized in the Statement of net
cost for the period in which the costs are incurred. These include all
costs incurred to prepare the item for its intended use.
d) Whether the entity maintains transaction logs or detailed records of
transactions to identify the postings to SGL accounts and to facilitate
the reconciliation process and whether the logs include sufficient
information to enable identification and location of supporting
documentation.
e) How the entity classifies and records transfers to/from other
federal entities of heritage assets and stewardship land.
f) How the entity classifies and records donation or devise of heritage
assets and stewardship land.
g) Whether the entity separates and capitalized multi-use heritage
assets. The cost of acquisition, improvement, reconstruction, or
renovation of multi-use heritage assets should be capitalized as
general PP&E and depreciated over its useful life.
h) Whether and how the entity conducts periodic physical inventories
designed to verify the existence, location, and condition of all
property listed in the accounts, and to verify the completeness of
recorded units.
* Prepare or update the cycle memorandum, flowchart, ARA, and SCE forms
(see FAM 390, FAM 395 H, and FAM 395 I).
Testing Phase:
.13: For heritage assets and stewardship land, if the auditor
preliminarily determines that the entity’s internal control procedures
are effectively designed and placed in operation, the auditor may test
the entity’s policies and procedures to determine if the controls are
effective and the balances appear reasonable. The audit objectives for
substantive procedures are to:
* Determine the existence of recorded heritage assets and stewardship
land.
* Determine the completeness of recorded heritage assets and
stewardship land.
* Determine the entity’s ownership rights to record these assets as
heritage assets and stewardship land in accordance with SFFAS No. 29.
* Determine the clerical accuracy of unit schedules for additions and
deletions.
* Determine the aggregation and categorizations of physical units are
in accordance with guidelines established in SFFAS No. 29. For example,
DOI has reported the number of federal parks, instead of the number of
acres comprising those parks, as physical units.
* Determine the presentation and disclosure of heritage assets and
stewardship land and note disclosures are in accordance SFFAS No. 29.
.14: Existence: To determine the existence of heritage assets and
stewardship land, the auditor may:
* Determine the propriety of beginning balance of physical units. As
heritage assets and stewardship land are being reclassified as basic
information, auditors may require supporting documentation to fulfill
audit assertions. However, due to the age of when these assets were
acquired, documentation may no longer exist. The entity and the auditor
are encouraged to develop other reasonable approaches and methods to
satisfy audit assertions that would rely on historical documents as
evidence and support. Further guidance is provided in the AAPC
implementation guide, paragraphs .80-.85.
* Obtain a summary analysis of changes in property in the current
fiscal year and reconcile to the general ledger.
* Agree changes in units from the subsidiary ledger to the general
ledger.
* Vouch additions during the year by analyzing on a sample basis
(depending on the auditor’s assessment of control risk) entries from
the general ledger to the original documentation such as contracts,
deeds, work orders, and invoices.
* On a sample basis, make physical inspections of acquisitions and
examine supporting documents on disposals. The auditor should
coordinate inspections with the appropriate entity staff, particularly
when visiting non-federal repositories which hold federal museum
collections. This will ensure that visits are efficient and productive,
and relationships between repositories and the entity are maintained.
.15: Completeness: The auditor may determine the completeness of
recorded heritage assets and stewardship land by tracing transactions
recorded in the asset accountability system to general ledger accounts.
Usually, few changes occur in heritage assets and stewardship land
during the year and the auditor should investigate significant changes
in balances. Since cutoff errors are not a major risk in establishing
the completeness of recorded assets, if the auditor is satisfied with
the beginning balances and verifies the acquisition and withdrawals of
the current period, the auditor has also substantiated the ending
balance.
.16: Rights and Obligations: To determine the entity’s ownership rights
to record the property as heritage assets and stewardship land, the
auditor may:
* Examine FASAB definitions of heritage assets and stewardship land,
historical documents, and compliance procedures to determine the
entity’s ownership rights to record the property as heritage assets and
stewardship land (as opposed to another federal entity).
* Examine documents to determine legal ownership such as public
records, property deeds, property tax bills (or exceptions), and other
documents specific to the entity’s documentation of legal ownership.
Documentation of ownership may be in a variety of formats including
permits, reports, and associated records which indicated where natural
resources were recovered from public lands.
* Examine the entity’s statements showing the assets’ direct link to
the entity’s mission. Auditors may perform this procedure to gain more
information about the entity’s assets, rather than to determine which
assets are properly included in the heritage assets and stewardship
land category.
.17: Accuracy: To determine the accuracy of unit schedules for heritage
assets and stewardship land additions and deletions, the auditor may:
* Agree subsidiary ledger for additions and deletions to controlling
accounts and examine detailed supporting documentation.
* Determine the propriety and accuracy of recorded transfers and
donations, examine subsidiary ledgers, and agree to detailed supporting
documentation.
* Recompute footings and extensions in detailed documentation and
summary analysis.
.18 Classification: To determine the aggregation, unitization and
categorization of physical units for heritage assets and stewardship
land, the auditor may:
* Examine entity documentation and methodology for categorization of
units to determine whether the entity’s aggregation/categorization and
physical unit of measure are appropriate, based on the entity’s
mission, how the entity views the asset for management purposes, types
of heritage assets, and materiality considerations. The entity should
designate asset categories that are meaningful and reflect how it views
the asset for management purposes. It would also be helpful if entities
documented the reasoning for categorization.
* Determine whether the results of testing and the nature of
misstatements indicate that the auditor should re-assess the risk of
material misstatement and revise procedures.
Reporting Phase:
.19: To determine the proper reporting, presentation, and disclosure of
heritage assets and stewardship land, the auditor may review the
balance sheet and determine whether these items are properly reported
and correctly classified as heritage assets and stewardship land. The
auditor should also read the note disclosures and determine whether the
entity reported:
For periods beginning after September 30, 2005 (FY 2006 and FY 2007):
* Disclosure of how the heritage assets and stewardship land relate to
the entity’s mission.
* Description of stewardship policies.
* Discussion of multi-use heritage assets.
* Disclosure of asset condition and deferred maintenance as RSI.
For periods beginning after September 30, 2007 (FY 2008):
* Inclusion of all the requirements noted above plus a description of
the major categories of heritage assets and the number of physical
units as collection or non-collection type for which the entity is the
steward at the end of the reporting period.
For periods beginning after September 30, 2008 (FY 2009):
* Inclusion of all requirements noted above with the number of physical
units by major category added and withdrawn and a description of the
major methods of acquisition and withdrawal.
* Full compliance with all SFFAS No. 29 requirements for reporting
periods beginning with FY 2009 is expected for all entities. To be in
accordance with SFFAS No. 29, information that is not required to be
reported as basic information during the phase-in period is still
required, but should be reported as RSI until the exceptions expire. It
may be appropriate for entities to include a reference to the
information reported as RSI during the phase-in period.
The auditor should also summarize the results and determine if
adjustments are necessary, and conclude whether heritage assets and
stewardship land have been adequately accounted for and properly
disclosed in the financial statements.
If the entity has early implemented SFFAS No. 29, the auditor should
confirm that the required information is presented.
941 – Auditing the Statement of Social Insurance:
.01: The Statement of Social Insurance (SOSI) has grown in prominence
as it presents trillions of dollars of future federal expenditures over
future federal revenues. Beginning with fiscal year 2006, the SOSI is
required to be audited, along with certain social insurance disclosure
information, while other social insurance information is to be
presented as unaudited required supplemental information (RSI). Because
most of the information is based on actuarial projections up to 75
years into the future, it presents a challenge to the federal entity
responsible for its preparation, as well as to the auditor. FAM 941
provides auditors with some guidance in auditing the SOSI in accordance
with U.S. GAGAS.
.02: FASAB has established accounting requirements for the SOSI through
various SFFAS. The financial statements affected are those of federal
entities responsible for Social Security, Medicare, Railroad
Retirement, and Black Lung programs, as well as the consolidated
financial statements of the federal government. For periods beginning
after September 30, 2005, the SOSI is to be presented as a basic
financial statement with the underlying significant assumptions
included in notes that are presented as an integral part of the
financial statements.
.03: FASAB standards for social insurance programs require entities and
the consolidated federal financial statements to report:
a. The estimated present value of the income to be received from or on
behalf of the following groups during a projection period sufficient to
illustrate the long-term sustainability of the social insurance
programs for:
* current participants who have not yet attained retirement age,
* current participants who have attained retirement age, and
* individuals expected to become participants.
b. The estimated present value of the benefit payments to be made
during that same period to or on behalf of the groups listed in item
(a) above.
c. The estimated net present value of the cash flows during the
projection period [the income described in item (a) above over the
expenditures described in item (b) above, or the expenditures described
in item (b) above over the income described in item (a) above].
d. In notes to the SOSI:
1. The accumulated excess of all past cash receipts, including interest
on investments, over all past cash disbursements within the social
insurance program, represented by the fund balance at the valuation
date.
2. An explanation of how the net present value referred to in item (c)
above is calculated for the closed group.[Footnote 40]
3. Comparative financial information for items (a), (b), (c), and d (1)
above for the current year and for each of the four preceding years.
4. The significant assumptions used in preparing the estimates.
Accounting and Reporting Information
.04: FASAB has issued standards for reporting on social insurance
programs of federal entities as follows:
* SFFAS No. 17 – Accounting for Social Insurance, effective for periods
beginning after September 30, 1999, presents accounting standards for
federal social insurance programs covering Social Security (Old-Age,
Survivors, and Disability Insurance), Medicare (Hospital Insurance
[Part A] and Supplementary Medical Insurance [Part B]),[Footnote 42]
Railroad Retirement, and Black Lung benefits, and Unemployment
Insurance. Social insurance programs covered by SFFAS No. 17 have five
common characteristics:
1. financing from participants or their employers;
2. eligibility from taxes or fees paid and time worked in covered
employment;
3. benefits not directly related to taxes or fees paid;
4. benefits prescribed in law; and
5. programs intended for the general public.
* SFFAS No. 25 – Reclassification of Stewardship Responsibilities and
Eliminating the Current Services Assessment requires the Statement of
Social Insurance to become a basic audited financial statement. It also
provides that certain information about social insurance programs
required by SFFAS No. 17 be reported in audited notes or as unaudited
RSI, rather than as unaudited RSSI. In accordance with SFFAS No. 28,
the effective period was deferred one year from fiscal year 2005 to
fiscal year 2006.
* SFFAS No. 26 – Presentation of Significant Assumptions for the
Statement of Social Insurance: Amending SFFAS No. 25 requires that the
underlying significant assumptions relating to the Statement of Social
Insurance shall be included in audited notes with other information
required by SFFAS No. 17 – including the sensitivity analysis – to be
presented as RSI, except to the extent that the preparer elects to
include some or all of that information in audited notes. In accordance
with SFFAS No. 28, the effective period was deferred one year from
fiscal year 2005 to fiscal year 2006.
* SFFAS No. 28 – Deferral of the Effective Date of Reclassification of
the Statement of Social Insurance: Amending SFFAS Nos. 25 and 26
deferred the effective dates of SFFAS No. 25 and SFFAS No. 26 for one
year to the fiscal year ended September 30, 2006.
.05: Auditors generally should follow the FAM methodology contained in
the planning, internal control, testing, and reporting phases in FAM
200-500 and the audit guidance included in the AICPA’s Statement of
Position (SOP) 04-1, Auditing the Statement of Social Insurance. SOP 04-
1 provides guidance to auditors in auditing the Statement of Social
Insurance.
.06: As permitted by AU 543, a principal auditor may fulfill the
requirements of SOP 04-1 by using work that other independent auditors
have performed in conformity with the provisions of SOP 04-1. For
example, for the OASDI program, the auditor of the consolidated
financial statements of the U. S. government may use the work and
report of the auditor of the Social Security Administration’s Statement
of Social Insurance.
.07: According to AU 342.10, the auditor should obtain an understanding
of how management develops estimates. Based on that understanding, the
auditor should evaluate the reasonableness of management’s estimates by
using one or a combination of approaches as follows:
* reviewing and testing the process used by management to develop the
estimate;
* developing an independent expectation of the estimate to corroborate
the reasonableness of management’s estimate; and
* reviewing subsequent events or transactions occurring prior to audit
completion.
.08: In auditing the Statement of Social Insurance, if the auditor has
assessed management’s controls over the estimation process to be
effective, the auditor may determine that the most practicable and
efficient approach is to test management’s process. However, if the
auditor finds that controls over the estimation process are
ineffective, the auditor should consider whether it is practicable to:
* develop an independent expectation of the estimate, or portions of
the estimate, to corroborate management’s estimate, or
* obtain competent evidence from outside the audited entity’s process
that would be sufficient to support the assertions in the Statement of
Social Insurance. If it is not practicable to mitigate the effects of
the ineffective controls through substantive procedures such as these,
the auditor’s report on the Statement of Social Insurance should be
modified (SOP 04-1, paragraph 9).
.09: The auditor’s objective when auditing the Statement of Social
Insurance is to obtain sufficient, competent, evidential matter to
provide reasonable assurance that:
* the estimates presented in the Statement of Social Insurance are
reasonable in the circumstances, and:
* the Statement of Social Insurance is presented fairly, in all
material respects, in conformity with U.S. GAAP, including adequate
disclosure.
.10: If the auditor does not possess the level of competence in
actuarial science to qualify as an actuary, the auditor generally
should obtain the services of an independent actuary[Footnote 43] to
assist the auditor in planning and performing auditing procedures.
Generally, the auditor will need the assistance of an independent
actuary in performing various procedures during all phases of the audit
and related to all elements of the estimates (SOP 04-1, paragraph 10).
Key Implementation Issues:
Determining Materiality:
.11: In FAM 230, materiality is one of several tools the auditor uses
to determine that the planned nature, extent, and timing of procedures
are appropriate. Materiality represents the magnitude of an omission or
misstatement of an item in a financial report that, in light of
surrounding circumstances, makes it probable that the judgment of a
reasonable person relying on the information would have been changed or
influenced by the inclusion or correction of the item. Materiality has
both quantitative and qualitative aspects. Even though quantitatively
immaterial, certain types of misstatements could have a material impact
on or warrant disclosure in the financial statements for qualitative
reasons.
.12: Auditors should use professional judgment in determining the
appropriate element of the financial statements to use as a materiality
base. Auditors generally consider materiality in the context of the
financial statements taken as a whole, taking into account both
quantitative as well as qualitative attributes of the financial
statements. Auditors should exercise due professional care when setting
the materiality base, carefully assessing the information gained during
the planning phase of the audit and the needs of a reasonable person
relying on the financial statements (SOP 04-1, paragraph 21).
.13: For certain federal entities, amounts reported in the Statement of
Social Insurance may vary significantly from the amounts reported in
the other basic financial statements, or may differ significantly on a
qualitative basis. In such cases, it may not be appropriate to
establish a single materiality threshold for the entire set of
financial statements. Instead, the auditor should use a separate
materiality level(s) when planning and performing the audit of the
Statement of Social Insurance and related disclosures (SOP 04-1,
paragraph 22).
.14: The auditor generally should establish planning materiality in
relation to the element of the financial statements that is most
significant to the primary users of the statements (the materiality
base - see FAM 230.08). The auditor uses professional judgment in
determining the appropriate element of the financial statements to use
as the materiality base. Also, since the materiality base may be based
on unaudited preliminary information determined in the planning phase,
the auditor may estimate the year-end balance(s) of the materiality
base(s). To provide reasonable assurance that sufficient audit
procedures are performed, any estimate of the materiality base(s)
should use the low end of the range of estimated materiality so that
sufficient testing is performed.
.15: SFFAS No. 17 includes a discussion of SFFAC No. 1, Objectives of
Federal Financial Reporting, which established four major reporting
objectives in applying accounting standards:
1. budgetary integrity,
2. operating performance,
3. stewardship, and
4. systems and controls.
SFFAC No. 1 provides useful information to assist the auditor in
determining an appropriate materiality base. For example, while all
four of the objectives are important, SFFAS No. 17 states that
objectives No. 2 and No. 3 directly impact the social insurance
standards.
.16: Objective No. 2 of SFFAC No. 1 states that federal financial
reporting should assist report users to evaluate:
* service efforts, costs, and accomplishments of the reporting entity,
* the manner in which these efforts and accomplishments have been
financed, and
* the management of the entity’s assets and liabilities. SFFAS No. 17
indicates that information about social insurance that is relevant to
this objective includes the cost of the program as well as longrange
estimates (and ranges of estimates) of future costs and other
obligations. Estimates of future costs highlight the cost impact of
changes in benefit levels as well as changes in economic and
demographic conditions, such as the cost of health care and life
expectancies.
.17: Objective No. 3 of SFFAC No. 1 states that federal financial
reporting should assist report users in assessing the impact on the
country of the government’s operations and investments for the period
and how, as a result, the government’s and the nation’s financial
condition has changed and may change in the future. Thus, federal
financial reporting should provide information that helps the reader to
determine whether:
* the government’s financial position has improved or deteriorated over
the period,
* future budgetary resources will likely to be sufficient to sustain
public services and to meet obligations as they come due, and
* government operations have contributed to the nation’s current and
future well being.
.18: Fundamental questions about social insurance programs that can be
addressed by accounting standards include whether:
* programs are sustainable as currently constructed,
* the government’s financial condition has improved or deteriorated as
a result of its efforts to provide for these and other programs, and
* the likelihood that these programs will be able to provide benefits
at current levels to those who are planning on receiving them. The
information required by this standard, taken as a whole, will help
users make this assessment while acknowledging the complexity of the
programs and the uncertainty of long-term projections.
.19: In determining the materiality base for planning and performing
audits of an entity’s Statement of Social Insurance, the auditor should
evaluate the actuarial present value of the estimated future: a.
revenue (excluding interest[Footnote 44]) received from or on behalf of
all current and future participants (estimated future revenue), b.
expenditures for or on behalf of all current and future participants
(estimated future expenditures), and c. balance of estimated future
revenue (excluding interest) over/(under) estimated future expenditures
(actuarial balance).
.20: The auditor may determine that the actuarial balances are the most
significant element of the Statement of Social Insurance to users of
the financial statements. If so, the materiality base would be the
actuarial balance. However, the auditor has the option of selecting a
materiality base of either the estimated future revenues, or the
estimated future expenditures. Regardless of which materiality base is
selected, the auditor generally should select the materiality base that
provides reasonable assurance that sufficient audit procedures are
performed.
The auditor’s basis for the selection of the materiality base(s)
generally should be documented, including consideration given to other
possible measures or separate bases for estimated future revenue and
estimated future expenditures. Auditors generally should follow the
guidance in FAM 230.11-.13 in determining materiality for planning and
performing audits of entity Statements of Social Insurance. Obtaining
Management’s Representations
.21: Entity management is responsible for preparing the Statement of
Social Insurance and underlying estimates in conformity with U.S. GAAP.
Management is also responsible for the accuracy and completeness of the
Statement of Social Insurance (SOP 04-1, paragraph 5). Therefore,
management should determine its best estimate[Footnote 45] of the
economic and demographic conditions that will exist in the future.
Because estimates in the Statement of Social Insurance are based on
subjective as well as objective factors, management should use judgment
to estimate amounts included in the Statement of Social Insurance.
Management’s judgment may be based on its knowledge and experience
about past and current events and its assumptions about conditions it
expects to exist.
.22: Consistent with FAM 1001, the auditor should obtain specific
representations relating to the Statement of Social Insurance. For an
audit of an entity’s Statement of Social Insurance, the representation
letter should include, as applicable, representations included in FAM
1001 A, example management representation letter. Planning
Considerations for the Consolidated Government-wide Report
.23: Pursuant to statutory requirements of the Government Management
Reform Act (GMRA) of 1994, GAO serves as the principal auditor of the
consolidated financial statements (CFS) of the U. S. government. GMRA
also requires the Secretary of the Treasury to annually prepare and
submit to the President and the Congress an audited financial
statement, or Financial Report (FR) of the United States Government,
for the preceding fiscal year. The Chief Financial Officer (CFO) of
each of the verifying agencies[Footnote 46] submits their financial
data using the closing package[Footnote 47] process via the
Governmentwide Financial Report System (GFRS) and the Federal Agencies’
Centralized Trial-Balance System (FACTS I).
All nonverifying agencies must submit FACTS I adjusted trial-balance
(ATB) data and must complete GFRS Notes and Other FR Data. The
Inspector General (IG) of each verifying agency, except those agencies
with a fiscal year-end other than September 30, opines on the closing
package data, (also referred to as the “special purpose financial
statements, or “special purpose closing package”) entered by the CFO
into GFRS, as to its consistency with the comparative, audited
consolidated, department-level financial statements.
.24: According to OMB audit guidance, the auditor should determine
whether the special purpose financial statements and accompanying notes
are fairly presented, in all material respects, in conformity with U.S.
GAAP and the presentation requirements set forth in the Treasury
Financial Manual (TFM), Volume I, Part 2-Chapter 4700 (TFM 2-4700),
Agency Reporting Requirements for the Financial Report of the United
States Government. Beginning with fiscal year 2006, the Statement of
Social Insurance is to be presented as a basic financial statement in
accordance with SFFAS Nos. 25, 26, and 28.
.25: TFM 2-4700 requires entities to provide the Statement of Social
Insurance data and the underlying key assumptions in the FR Notes
module in GFRS. All remaining social insurance information is to be
submitted through the Other FR Data (Stewardship and Supplemental
Information) module in GFRS[Footnote 48]. The auditor generally should:
* perform the procedures described in AU 551 as indicated in OMB audit
guidance for the Other FR Data information as required and defined in
TFM 2-4700, and:
* assess whether the Other FR Data is materially consistent with the
information in the special purpose financial statements. In accordance
with AU551.06 (d) the auditor report should include either an opinion
on whether the accompanying information is fairly stated in all
material respects in relation to the basic financial statements taken
as a whole, or a disclaimer of opinion, depending on whether the
information has been subjected to the auditing procedures applied in
the audit of the basic financial statements. The auditor may express an
opinion on a portion of the accompanying information and disclaim an
opinion on the remainder.
.26: Actuarial projections of the annual cash inflow from all sources
exclude net interest on intragovernmental borrowing/lending for both
the component entity’s Statement of Social Insurance[Footnote 49] and
the U.S. government’s consolidated Statement of Social Insurance.10 In
addition, because paragraph 32 (1)(a) of SFFAS No. 17 only permits cash
inflow from the public to be included in the long-range actuarial
projection of cash inflow presented in the U.S. government’s
consolidated Statements of Social Insurance, TFM 2-4700 requires the
(1) General Fund transfers for the Federal Supplementary Medical
Insurance (SMI – Medicare Part B) program, (2) General Fund transfers
for the Federal Supplementary Medical Insurance (SMI – Medicare Part D)
program, and (3) financial interchange[Footnote 51] income for the
Railroad Retirement benefits program to be excluded from the present
value of the long-range actuarial projections. SFFAS No. 17 states that
expense and liability recognition for the consolidated governmentwide
entity are the same as for the component entities.[Footnote 52]
Consequently, auditors responsible for these programs generally should
determine the impact of the TFM requirement, which excludes the General
Fund transfers and the financial interchange income from the present
value of the long range actuarial projections on their auditing
procedures. Auditors should plan and perform their department-level
social insurance related audit procedures to obtain a reasonable basis
for expressing an opinion on the special purpose financial statements
included in the Closing Package, which include the Statement of Social
Insurance.
[End of section]
Section 1000:
Reporting:
1001 – Management Representations:
.01: This section deals with the management representations that the
auditor must obtain from current management as part of the audit, as
described in AU 333, AT 501, AU 801, OMB audit guidance, FAM 280 and
FAM 550. It covers representations about:
* financial statements,
* internal control,
* fraud,
* financial management systems’ substantial compliance with the Federal
Financial Management Improvement Act of 1996 (FFMIA) by CFO Act
agencies,
* compliance with laws and regulations,
* social insurance,
* budgetary, and fund restrictions.
.02: Written representations from management ordinarily confirm oral
representations given to the auditor, indicate and document the
continuing appropriateness of those representations, and reduce the
possibility of misunderstanding. Management representations are not a
substitute for obtaining other audit evidence. If other audit evidence
contradicts a representation, the auditor should investigate the
circumstances and evaluate the reliability of the representation. The
auditor should also determine whether it is appropriate to rely on
other management representations. Management’s refusal to furnish
written representations is a scope limitation sufficient to preclude an
unqualified opinion.
.03: The specific representations obtained will depend on the
circumstances of the engagement and the nature and basis of
presentation of the financial statements. These representations apply
to all the financial statements and all periods covered by the audit
report. In addition to the representations in the AICPA standards, the
auditor generally should determine the need to obtain representations
on other matters based on the circumstances of the audited entity.
Also, the auditor should delete inapplicable representations in the
example representation letter in FAM 1001 A and should customize the
letter to the situation of the entity being audited.
.04: The auditor should obtain the management representation letter
from the highest level of the audited entity. The auditor should decide
who to ask to sign the management representation letter. Signers should
be officials who, in the auditor’s view, are responsible for and
knowledgeable, directly or through others, about the matters in the
representation letter. These officials generally should be the head of
the federal entity and the CFO, or equivalent. The auditor should
obtain separate management representation letters from any component
units for which the auditor will issue separate reports.
.05: The auditor should ask management to prepare the representation
letter on the audited federal entity’s letterhead. The auditor should
ask management to sign and date the representations as of the date of
the auditor’s report—the completion of the audit and not later. The
audit is complete when the auditor has enough evidence and has applied
enough quality controls (including supervisory, first partner, and
second partner review) to be ready to sign the audit report. To be sure
that the letter is ready in time, the auditor generally should provide
a draft letter to management early in the audit and update it for
circumstances found throughout the audit. If management signs the
letter before the completion of the audit, the auditor should obtain an
update of the representations to the completion of the audit date.
While a written update is preferred, where the time difference is
short, the auditor may update the representations orally and document
the update. The auditor should obtain the management representation
letter after receiving the final legal representation letter discussed
at FAM 1002.15.
In some cases a legal letter(s) may be obtained before the completion
date of the audit so auditors will have time to review/test the
information.
In these cases, the auditor should perform and document inquiries to be
satisfied that nothing has significantly changed between the date of
the legal letter(s) and the audit completion date.
.06: The audited entity generally should address the management
representation letter to the Comptroller General of the United States
for GAO audits. For other audits, the audited entity generally should
address the management representation letter to the auditor opining on
the financial statements which may be a CPA firm or the entity’s
Inspector General (or it may be dual addressed). However, to avoid any
delays in timely receipt of the letter, the audit team may have the
audited entity deliver it directly to a member of the team such as the
audit director.
.07: Especially for large audited entities, management, in agreement
with its auditor, generally should specify a materiality threshold for
the management representation letter, below which items would not be
reported. OMB audit guidance states that the management representation
letter shall specify management’s materiality threshold used for
reporting items in the management representation letter. It also
footnotes that management and the auditor should reach an understanding
on a materiality level. If no threshold is stated, management should
note all exceptions in the representation letter. The auditor should be
satisfied that such a materiality threshold is so far below design
materiality that even many items below this level would not, in the
aggregate, approach design materiality. For example, a threshold that
is 5 percent (or less) of design materiality may be sufficiently low.
The materiality level may be different for different representations
and would not apply to those representations not directly related to
amounts in the financial statements (such as responsibility for the
statements). Representations Relating to the Financial Statements
.08: AU 333.06 lists management representations that the auditor
generally should obtain in a U.S. GAAS audit if applicable. These
generally relate to management acknowledging its responsibility for the
financial statements and its belief that the financial statements are
fairly presented in conformity with U.S. GAAP and financial information
is complete with appropriate recognition, measurement, and disclosure.
Included in this representation is the effect of any uncorrected
financial statement misstatements, a schedule of which is attached to
the representation letter. (For this the auditor may tailor the example
schedule in FAM 595 C by removing the auditor’s conclusions.) Examples
of additional representations that may be appropriate depending on an
entity’s business or industry are given in appendix B to AU 333. The
auditor may review AU 333 to identify items to add to the
representations, many of which would be modified in the federal
government environment. In the example representation letter at FAM
1001 A, common presentation and disclosure representations are items #1
through #10. Representation #5 addresses uncorrected misstatements for
which the auditor should attach a summary to the management
representation letter. An example Summary of Uncorrected Misstatements
is provided at FAM 595 C. Additionally, OMB audit guidance has
emphasized the importance of identifying intragovernmental transactions
and their reconciliations for federal entities and their components. In
the example representation letter at FAM 1001 A, this item is #11.
.09: Appendix B of AU 333 provides further example language that the
auditor generally should modify as appropriate for the circumstances
applicable to the federal entity being audited in the following
situations: General
* Unaudited interim information accompanies the financial statements.
* The impact of a new accounting principle is not known.
* There is justification for a change in accounting principles.
* Financial circumstances are strained, with disclosure of management’s
intentions and the entity’s ability to continue as a going concern.
* The possibility exists that the value of specific significant long-
lived assets or certain identifiable intangibles may be impaired.
* The entity engages in transactions with special purpose entities.
* The entity used the work of a specialist
Cash:
* Cash is restricted by nonentity ownership; escrow, trust, or other
fiduciary activity; and seizures awaiting legal resolution. Financial
instruments
* The value of debt or equity securities has declined.
* Management has determined the fair value of significant financial
instruments that do not have readily determinable market values.
* There are financial instruments with off-balance-sheet risk and
financial instruments with concentrations of credit risk.
Receivables:
* Receivables have been properly stated in the financial statements
(for example, at estimated net realizable value). Collectability of
federal receivables requires considerable management judgment.
Inventories:
* Excess, obsolete, or unserviceable inventories exist. Items held for
repair are properly valued. Valuation allowances for federal
inventories require considerable management judgment.
Deferred charges and unearned revenues:
* Material expenditures have been deferred and unearned revenue has
been properly accrued.
Debt:
* Short-term debt could be refinanced on a long-term basis, and
management intends to do so.
Contingencies[Footnote 53]:
* Estimates and disclosures have been made of environmental remediation
liabilities and related loss contingencies.
* Agreements may exist to repurchase assets previously sold.
Pension and postretirement benefits:
* An actuary has been used to measure pension liabilities and costs.
* There is involvement with a multiemployer plan.
* Postretirement benefits have been eliminated.
* Employee layoffs that would otherwise lead to a curtailment of a
benefit plan are intended to be temporary.
* Management intends to either continue to make or not make frequent
amendments to its pension or other postretirement benefit plans, which
may affect the amortization period of prior service cost, or management
has expressed a substantive commitment to increase benefit obligations.
Sales:
* There may be losses from sales commitments.
* There may be losses from purchase commitments.
* There are no undisclosed sales terms.
.10: The auditor should determine the need for additional customizing
of the example representation letter in FAM 1001 A and for the
additional representations in FAM 1001.09. Many of the representations
may have to be qualified, especially in an initial audit or in later
audits where significant problems remain. For instance, where the
example representation letter states that there are no violations of
laws or regulations, the entity may need to add at the end of the
statement,“except as follows:” and describe the violations.
.11: In addition, the auditor should determine whether circumstances
may require that additional descriptive items be included in the
representation letter, especially as support for conclusions the
auditor makes in the report. This is important where the corroborating
information that can be obtained by procedures other than inquiry is
limited. For example, the auditor should ask that the letter include
descriptions of (1) the reasons for scope limitations imposed by the
audited entity, such as the lack of availability of certain records,
(2) the basis for material liability estimates, key asset valuations,
or the probability of contingencies, and (3) significant plans or
intentions for the entity. For example, if the entity has a pension
plan outside of the Civil Service Retirement System or the Federal
Employees’ Retirement System, an item may state that the entity does
not plan to terminate the plan and that management believes the
actuarial assumptions and methods used to measure pension liabilities
and costs for financial reporting purposes are appropriate in the
circumstances.
Representations Relating to Internal Control:
.12: Internal control representations, when the auditor expresses an
opinion on internal control, are found in AT 501.44. These
representations, examples for which are provide in FAM 1001 A, relate
to management’s
* acknowledging its responsibility for internal control (item #12);
* stating that management has assessed the effectiveness of its
internal control and specifying the control criteria used (item #13);
* stating management’s assertion about the effectiveness of its
internal control based on the control criteria (item #14);
* stating that management has disclosed to the auditor all significant
deficiencies in the design or operation of internal control that could
adversely affect the entity’s ability to meet the internal control
objectives and pointing out those that are material weaknesses using
the definition in the representation letter, which is the definition in
AU 325 (item #15); and
* stating whether there were any changes to internal control subsequent
to the end of the reporting period (item #16).
.13: For bullets 2 and 3 in FAM 1001.12, entities may use criteria
established under FMFIA and OMB Circular No. A-123 in their FMFIA
internal control assessment. Standards in GAO’s green book Standards
for Internal Control in the Federal Government, (GAO/AIMD-00-21.3.1)
were established as standards for federal entities to follow. These
standards incorporate concepts from the private sector guidance
Internal Control—Integrated Framework issued by the Committee of
Sponsoring Organizations (COSO) of the Treadway Commission. Federal
entities should summarize in the representation letter any material
weaknesses relating to financial reporting (including safeguarding),
and compliance (including budget).
Example wording for the representations, where management asserts that
its internal control in place as of the date of the financial
statements and during the years ended provided reasonable assurance
that misstatements, losses, or noncompliance material in relation to
the financial statements would be prevented or detected on a timely
basis is provided in FAM 1001 A (item #14). If there are material
weaknesses, management should include a brief description of them in
its representation letter and modify its assertion accordingly.
Representations Relating to Fraud
.14: Internal control representations related to fraud can be found in
AU 316.
These representations, examples for which are provide in FAM 1001 A,
relate to management’s:
* acknowledging its responsibility for the design and implementation of
programs and controls to prevent and detect fraud (item #17);
* disclosing knowledge of any fraud or suspected fraud affecting the
agency involving management, employees who have significant roles in
internal control, or others where the fraud could have a material
effect on the financial statements (item #18); and
* disclosing knowledge of any allegations of fraud or suspected fraud
affecting the entity received in communications from employees, former
employees, analysts, regulators, or others (item #19). Representations
Relating to Financial Management Systems’ Substantial Compliance with
FFMIA Requirements
.15: FFMIA requires the auditor who audits the financial statements of
a CFO Act agency to report whether the agency’s financial management
systems substantially comply with (1) federal financial management
systems requirements, (2) applicable federal accounting standards (U.S.
generally accepted accounting principles), and (3) the SGL at the
transaction level.
To report in accordance with FFMIA, the auditor should obtain
representations from management as to the agency’s systems’ substantial
compliance with these requirements.
.16: The auditor should obtain representations that management is
responsible for having its systems substantially comply with the FFMIA
requirements, stating that it has assessed the systems’ compliance,
stating the criteria used, and asserting the systems’ substantial
compliance (or lack thereof). The criteria are the requirements in OMB
Circular No. A- 127, Financial Management Systems, which incorporates
the SGL, the JFMIP/OFFM Federal Financial Management Systems
Requirements documents, and other OMB circulars. These requirements are
further described, including indicators of substantial compliance, in
OMB’s FFMIA implementation guidance for CFOs and IGs, referenced in
OMB’s audit guidance. Example FFMIA representations are in FAM 1001 A,
items #20 through #22.
Representations Relating to Compliance with Laws and Regulations
.17: AU 801.07 provides that representations relating to compliance
with laws and regulations state that management has identified and
disclosed to the auditor all laws and regulations that have a direct
and material effect on the financial statements. Example compliance
representations are in FAM 1001 A, items #23 through #27.
.18: In addition, AT 601 deals with compliance attestation. The auditor
need not follow AT 601 because the auditor is not giving an opinion on
compliance. However, when the auditor determines additional
representations regarding compliance are needed, examples are given in
AT 601.68.
Other Representations:
.19: FASAB standards require a Statement of Social Insurance for
certain entities. See AICPA publication SOP 04-1, Auditing the
Statement of Social Insurance, (AU 333; SOP 04-1 §36). Example social
insurance representations are in FAM 1001 A, items #28 through #36. OMB
audit guidance includes a representation by management on the
consistency of budgetary data. Example budget data representation is in
FAM 1001 A, item #37.
Further, FASAB SFFAS No. 27, Identifying and Reporting Earmarked Funds,
requires financial statement disclosure for earmarked funds.[Footnote
54] An example for earmarked and restricted funds representation is in
FAM 1001 A, item #38.
Effect of Change in Management on Representation Letter:
.20: Sometimes management is reluctant to sign representations for
periods when it did not manage the entity. The auditor may explain to
management that by issuing the financial statements, it is making the
assertions implicit in the financial statements. Management may wish to
understand the transactions and controls supporting the financial
statements, and the auditor may help it do so. Where a change in
management is expected, the auditor may advise the new management to
obtain representations from the old management about the period prior
to the change. Additionally, the auditor may discuss with management
the following to obtain representations when a change in management
occurs:
* Auditing standards require management representations covering all
financial statements presented.
* In the engagement letter (FAM 215) entity management indicated that
it would provide certain representations covering all financial
statements presented.
* New executives may consult with appropriate staff that was present
for the year to determine whether the representations officials will
sign are complete and accurate.
* Representations are made to the best of the signer’s knowledge and
belief.
* Not signing will result in a scope limitation and disclaimer of the
auditor’s opinion.
1001 A – Example Management Representation Letter:
[Entity Letterhead]:
[Date of auditor’s report and completion of the audit]:
The Honorable [name of Inspector General or Comptroller General]:
[Title as Inspector General or Comptroller General of the United
States]:
[Name of IG entity or U.S. Government Accountability Office]:
[Also, include the independent external auditor as an addressee, if
appropriate.]:
Address:
Dear [name(s)]:
We are providing this letter in connection with your audit of the
[entity’s] balance sheet as of September 30, 20X8 and 20X7, [or dates
of audited financial statements] and the related statements of net
costs, changes in net position, budgetary resources, social insurance
[if applicable] and custodial activity [if applicable], for the years
then ended (hereinafter referred to as the “financial statements”).
You conducted your audit to (1) express an opinion as to whether the
financial statements are presented fairly, in all material respects, in
conformity with U.S. generally accepted accounting principles, (2)
report [or express an opinion] on the entity’s internal control over
financial reporting and compliance with laws and regulations as of
September 30, 20X8 [or date of latest audited financial statements],
(3) (For CFO Act agencies) report whether the [entity’s] financial
management systems substantially comply with federal financial
management systems requirements, applicable federal accounting
standards (U.S. generally accepted accounting principles), and the U.S.
Government Standard General Ledger at the transaction level as of
September 30, 20X8, and (4) test for compliance with applicable laws
and regulations. In addition, you have performed certain audit
procedures with respect to the [entity’s] 20X8 Management’s Discussion
and Analysis (MD&A) and other supplementary information, which is
included as part of the 20X8 financial statements of the [entity].
(Recommended paragraph) Certain representations in this letter are
described as being limited to matters that are material. For purposes
of this letter, matters are considered material if they involve $XX or
more. Items also are considered material, regardless of size, if they
involve an omission or misstatement of accounting information that, in
the light of surrounding circumstances, makes it probable that the
judgment of a reasonable person relying on the information would be
changed or influenced by the omission or misstatement. (OMB audit
guidance states that the management representation letter shall specify
management’s materiality threshold used for reporting items in the
management representation letter.)
We confirm, to the best of our knowledge and belief, the following
representations made to you during the audits. These representations
pertain to both years’ financial statements, and update the
representations we provided in the prior year:
Presentation and Disclosure:
1. We are responsible for the fair presentation of the financial
statements in conformity with U.S. generally accepted accounting
principles. We are also responsible for the preparation of the MD&A,
and (if any): required supplementary information (RSI), required
supplementary stewardship information (RSSI), and other supplementary
information.
2. The financial statements are fairly presented in conformity with
U.S. generally accepted accounting principles. The MD&A, and (if any)
RSI, RSSI, and other supplementary information are fairly presented and
are consistent with the financial statements.
3. We have made available to you all a. financial records and related
data; b. where applicable, minutes of meetings of the Board of
Directors [or other similar bodies of those charged with governance] or
summaries of actions of recent meetings for which minutes have not been
prepared; and c. any communications from the Office of Management and
Budget (OMB) concerning noncompliance with or deficiencies in financial
reporting practices.
4. There are no material transactions that have not been properly
recorded in the accounting records underlying the financial statements
or disclosed in the notes to the financial statements.
5. There are no uncorrected financial statement misstatements as we
have adjusted the financial statements for all known and likely
misstatements you have informed us of. (or) We believe that the effects
of uncorrected financial statement misstatements summarized in the
attached summary are immaterial, both individually and in the
aggregate, to the financial statements taken as a whole. (An example
summary is provided in FAM 595 C.) [If management believes that certain
of the identified items are not misstatements, management’s belief may
be acknowledged by adding to the representation, for example, “We
believe that items XX and XX do not constitute misstatements because
(description of reason).”]
6. The [entity] has satisfactory title to all owned assets, including
stewardship property, plant, and equipment. There are no liens or
encumbrances on these assets and no assets have been pledged.
7. We have no plans or intentions that may materially affect the
carrying value or classification of assets and liabilities or that we
are required to disclose in the financial statements.
8. There are no guarantees under which the [entity] is contingently
liable that require reporting or disclosure in the financial
statements.
9. Related party transactions including related accounts receivable or
payable, revenues, expenditures, loans, transfers, leasing
arrangements, assessments, and guarantees have been properly recorded
and disclosed in the financial statements.
10. No material events or transactions have occurred subsequent to
September 30, 20X8 [or date of latest audited financial statements],
that have not been properly recorded in the financial statements or
disclosed in the notes.
Intra-governmental Activities:
11. All intra-entity transactions and balances have been appropriately
identified and eliminated for financial reporting purposes. All intra-
governmental transactions and activities have been appropriately
identified, recorded, and disclosed in the financial statements. We
have reconciled [or have been unable to reconcile] material
intragovernmental transactions and balances with the federal entity
providing the goods or services.
Internal Control:
12. We are responsible for establishing and maintaining a system of
internal control.
13. Pursuant to 31 U.S.C. 3512(c), (d) (commonly known as the Federal
Managers’ Financial Integrity Act), we have assessed the effectiveness
of the [entity’s] internal control in achieving the following
objectives:
a. Reliability of financial reporting: Transactions are properly
recorded, processed, and summarized to permit the preparation of the
financial statements in accordance with U.S. generally accepted
accounting principles, and assets are safeguarded against loss from
unauthorized acquisition, use, or disposition.
b. Compliance with applicable laws and regulations: Transactions are
executed in accordance with laws governing the use of budget authority;
other laws and regulations that could have a direct and material effect
on the financial statements, and any other laws and regulations
identified in OMB audit guidance.
[This item is optional if the auditor is not opining on internal
control. Also, if the agency bases its internal control assessment on
suitable criteria other than 31 U.S.C. 3512(c), (d), cite the criteria
used (for example, Internal Control—Integrated Framework issued by the
Committee of Sponsoring Organizations (COSO) of the Treadway
Commission).]
14. Those controls in place on September 30, 20X8 [or date of latest
audited financial statements], and during the years ended 20X8 and
20X7, provided reasonable assurance that the foregoing objectives are
met. [Delete this item if the auditor is not opining on internal
control.]
[If there are material weaknesses: Those controls in place on September
30, 20X8, and during the years ended 20X8 and 20X7, were not effective
to provide reasonable assurance that the foregoing objectives were met
because of the effects of the material weaknesses discussed below or in
an attachment.]
15. We have disclosed to you all significant deficiencies in the design
or operation of internal control that could adversely affect the
[entity’s] ability to meet the internal control objectives and
identified those we believe to be material weaknesses (or determined
that none is a material weakness). [This item is optional if the
auditor is not opining on internal control.]
16. There have been no changes to internal control subsequent to
September 30, 20X8 [or date of latest audited financial statements], or
other factors that might significantly affect the effectiveness of
internal control. [If there were changes, describe them, including any
corrective actions taken with regard to any significant deficiencies or
material weaknesses.]
Fraud:
17. We acknowledge our responsibility for the design and implementation
of programs and controls to prevent and detect fraud (intentional
misstatements or omissions of amounts or disclosures in financial
statements and misappropriation of assets that could have a material
effect on the financial statements).
18. We have no knowledge of any fraud or suspected fraud affecting the
[entity] involving:
a. management,
b. employees who have significant roles in internal control, or c.
others where the fraud could have a material effect on the financial
statements. [If there is knowledge of any instances, describe them.]
19. We have no knowledge of any allegations of fraud or suspected fraud
affecting the [entity] received in communications from employees,
former employees, or others. [If there is knowledge of any such
allegations, they should be described.]
Compliance of Systems with FFMIA: [For CFO Act agencies subject to the
Federal Financial Management Improvement Act of 1996 (FFMIA)]
20. We are responsible for implementing and maintaining financial
management systems that substantially comply with federal financial
management systems requirements, federal accounting standards (U.S.
generally accepted accounting principles), and the U.S. Government
Standard General Ledger at the transaction level.
21. We have assessed the financial management systems to determine
whether they substantially comply with those federal financial
management systems requirements. Our assessment was based on guidance
issued by OMB.
22. The financial management systems substantially complied with
federal financial management systems requirements, federal accounting
standards, and the U.S. Government Standard General Ledger at the
transaction level as of [date of the latest financial statements].
[If the financial management systems substantially comply with only one
or two of the above elements, modify as follows:
As of [date of financial statements], the [agency’s] financial
management systems substantially comply with [specify which of the
three elements for which there is substantial compliance (e.g., federal
accounting standards and the SGL at the transaction level)], but did
not substantially comply with [specify which of the elements for which
there was a lack of substantial compliance (e.g., federal financial
management systems requirements)], as described below (or in an
attachment).]
[If the financial management systems do not substantially comply with
any of these three elements, use the following paragraph:
As of [date of financial statements], the [agency’s] financial
management systems do not substantially comply with the federal
financial management systems requirements.]
[If there is a lack of substantial compliance with one or more of the
three requirements, identify all the facts pertaining to the
noncompliance, including the nature and extent of the noncompliance and
the primary reason or cause of the noncompliance.]
Laws and Regulations:
23. We are responsible for the [entity’s] compliance with applicable
laws and regulations.
24. We have identified and disclosed to you all laws and regulations
that have a direct and material effect on the determination of
financial statement amounts [may list laws and regulations].
25. There are no
a. violations or possible violations of laws or regulations whose
effects we should evaluate for disclosure in the financial statements
or as a basis for recording a loss contingency,
b. material liabilities or gain or loss contingencies that are required
to be accrued or disclosed that have not been accrued or disclosed, or
c. unasserted claims or assessments that are probable of assertion and
must be disclosed that have not been disclosed. [When there is no
general counsel and management has not consulted legal counsel
regarding contingencies, the auditor should obtain a written
representation from management that legal counsel has not been
consulted. Example wording is: “We are not aware of any pending or
threatened litigation, claims, or assessments or unasserted claims or
assessments that are required to be accrued or disclosed in the
financial statements in accordance with SFFAS No. 5. We have not
consulted legal counsel concerning litigation, claims, or assessments.”
(See FAM 1002.24)
26. We have complied with all aspects of contractual agreements that
would have a material effect on the financial statements in the event
of noncompliance.
27. We are not aware of any violations of the Antideficiency Act that
we must report to the Congress and the President (and provide a copy of
the report to the Comptroller General) for the year ended September 30,
20x8, (or, we have reported all known violations of the Antideficiency
Act) and through the date of this letter.
Statement of Social Insurance:
[For entities presenting a Statement of Social Insurance (SOSI) see
AICPA publication SOP 04-1, Auditing the Statement of Social Insurance,
(SOP 04-1 §36) which suggests the following management
representations.]
28. Management is responsible for the assumptions and methods used in
the preparation of the SOSI. Management agrees with the actuarial
methods and assumptions used by the entity’s actuary and have no
knowledge or belief that would make such methods or assumptions
inappropriate in the circumstances. Management did not give any
instructions, nor cause any instructions to be given to the entity’s
actuary with respect to values or amounts derived, and is not aware of
any matters that have affected the objectivity of the entity’s actuary.
Management believes that the actuarial assumptions and methods used to
measure the amounts in the SOSI for financial accounting purposes are
appropriate in the circumstances.
29. Actuarial assumptions and methods used to measure the amounts in
the SOSI for financial accounting and disclosure purposes represent
management’s best estimates regarding future events based on
demographic and economic assumptions and future changes mandated by
law.
30. There were no material omissions from the data provided to the
entity’s actuary for the purpose of determining the actuarial present
value of the estimated future income to be received and estimated
future expenditures to be paid during the projection period sufficient
to illustrate the long-term sustainability of (name of the social
insurance program) as of (dates of SOSI presented).
31. The SOSI covers a projection period sufficient to illustrate the
long-term sustainability of the social insurance program.
32. Management provided the auditor with all the reports developed by
external review
groups appointed by the entity or the program’s trustees related to
estimates in the SOSI.
33. The following matters relating to the SOSI have been disclosed
properly in the notes to the financial statements:
a. The accumulated excess of all past cash receipts, including interest
on investments, over all past cash disbursements within the social
insurance program represented by the fund balance at the valuation
date.
b. An explanation of how the net present value is calculated for the
closed group.
c. Comparative financial information for items in paragraphs 2a, 2b 2c
and 2d (1) of SOP 04-1, for the current year and for each of the
preceding four years. (Note any preceding years that are unaudited).
d. Significant assumptions used in preparing estimates
34. There have been no changes in (or, changes in the following have
been properly reported or disclosed in) the actuarial methods or
assumptions used to calculate amounts recorded or disclosed in the
financial statements between
a. the valuation dates (for example: of January 1, 20x8 and January 1,
20x7) or changes in the method of collecting data, and:
b. the valuation date (for example: of January 1, 20x8), and the
financial reporting date (of September 30, 20x8) or changes in the
method of collecting data.
35. There have been no changes in (or, changes in the following have
been properly reported or disclosed in) laws and regulations affecting
social insurance program income and benefits between
a. the valuation dates (for example: January 1, 20x8 and January 1,
20x7)
b. the valuation date (for example: January 1, 20x8) and the financial
reporting date (of September 30, 20x8).
36. Accounting estimates applicable to the financial information of the
entity included in the SOSI are based on management’s best estimate,
after considering past and current events and assumptions about future
events. Budgetary and Restricted Funds
[OMB audit guidance includes a representation by management on the
consistency of budgetary data in the following paragraph.]
37. The information presented in the (entity’s) Statement of Budgetary
Resources (materially - defined in paragraph 2 on page 1001 A-1) agrees
with information submitted in its year-end Reports on Budget Execution
and Budgetary Resources (SF-133s). The information will be used as
input for fiscal year 20x8 actual column of the Program and Financing
Schedules reported in the fiscal year 20x0 Budget of the U.S
Government. This information is supported by the related financial
records and data.
38. We have disclosed in the financial statements all material
earmarked funds[Footnote 55] as defined by FASAB SFFAS No. #27 and all
material restricted funds.
[Name of Head of Entity]:
[Title]:
[Name of Chief Financial Officer]
[Title]
Attachment:
1002 - Inquiries of Legal Counsel
.01: FAM 1002 provides guidance on procedures to obtain evidence that
the financial accounting and reporting of contingencies[Footnote 56]
regarding litigation, claims, and assessments conform with U.S.
generally accepted accounting principles (U.S. GAAP). FAM 1002
discusses the accounting and reporting guidance and audit procedures
for inquiries of legal counsel concerning litigation, claims, and
assessments, and includes an example audit program at FAM 1002 A; an
example legal representation letter request at FAM 1002 B; and a legal
representation letter response at FAM 1002 C.
Accounting and Reporting Guidance:
.02: Entity management is responsible for implementing policies and
procedures to identify, evaluate, account for, and disclose litigation,
claims, and assessments as a basis for the preparation of financial
statements in conformity with U.S. GAAP.
.03: Statement of Federal Financial Accounting Standards (SFFAS) No. 5,
Accounting for Liabilities of the Federal Government, as amended by
SFFAS No. 12, Recognition of Contingent Liabilities Arising from
Litigation, contains accounting and reporting standards for loss
contingencies, including those arising from litigation, claims, and
assessments.[Footnote 57] The Federal Accounting Standards Advisory
Board (FASAB) Interpretation No. 2, Accounting for Treasury Judgment
Fund Transactions, provides additional guidance related to claims to be
paid through the Treasury Judgment Fund.[Footnote 58] Statement of
Financial Accounting Standards (FAS) No. 5, Accounting for
Contingencies, also provides guidance for financial accounting and
reporting for loss and gain contingencies for government corporations
and entities following U.S. GAAP for the private-sector promulgated by
the Financial Accounting Standards Board (FASB). The definition of
probable for legal contingencies is essentially the same in FAS No. 5
and SFFAS No. 5.
.04: A contingency is an existing condition, situation, or set of
circumstances involving uncertainty as to possible gain or loss to an
entity. The uncertainty will ultimately be resolved when one or more
future events occur or fail to occur. When a loss contingency exists,
the likelihood that the future event or events will confirm the loss or
impairment of an asset or the incurrence of a liability can range from
remote to probable. SFFAS Nos. 5 and 12 use the terms remote,
reasonably possible, and probable to identify three areas within the
range of probability, as follows:
* Remote—The chance of the future event or events occurring is slight.
* Reasonably possible—The chance of the future event or events
occurring is more than remote but less than probable.
* Probable—For pending or threatened litigation and unasserted claims,
the future confirming event or events are likely to occur. (For other
contingencies, the future event or events are more likely than not to
occur.)
.05: The entity should recognize a liability and a related charge to
expense for an estimated loss from a loss contingency only
when[Footnote 59]: a. a past event or exchange transaction has
occurred, b. a future outflow or other sacrifice of resources is
probable, and c. the future outflow or sacrifice of resources is
measurable.
.06: Disclosure of the nature of an accrued liability for loss
contingencies, including the amount accrued, may be necessary for the
financial statements not to be misleading. For example, if the amount
recognized is large or unusual, the entity should determine whether to
disclose the contingency. However, if no accrual is made for a loss
contingency because one or more of the conditions in FAM 1002.05 are
not met, the federal government and its entities should report
contingent losses that involve situations where there is at least a
reasonable possibility that a loss has been incurred.
The entity should disclose the nature of the contingency, and an
estimate of the possible liability or range of possible liability, if
estimable, or a statement that such an estimate cannot be made. The
reporting of contingent losses depends on the likelihood that a future
event or events will confirm the loss or impairment of an asset or the
incurrence of a liability. Terms used to assess the likelihood of loss
are remote, reasonably possible, and probable as discussed in FAM
1002.04. Contingent losses that are assessed as probable and measurable
are accrued in the financial statements. Losses that are assessed to be
at least reasonably possible are disclosed in the notes. For an
overview of the standards that provide criteria for how federal
agencies are to account for contingent losses based on the likelihood
of the loss and the measurability, see table 1 below:
Table 1: Accounting for Contingent Losses:
[See PDF for image]
[End of table]
Management decides what to report. The auditor evaluates whether
management’s reporting is in accordance with U.S. GAAP. In addition, if
the Judgment Fund might be involved in the payment of the possible
loss, the federal entity involved in the litigation should discuss the
Judgment Fund’s role in a note to the financial statements.
.07: Although management often relies on advice of legal counsel about
the (a) likelihood of an unfavorable outcome and (b) estimates of the
amount or range of potential loss for litigation, claims, and
assessments, management is ultimately responsible for determining
whether these contingencies are probable, reasonably possible, or
remote. Management does this to decide whether they should be
recognized as liabilities and/or disclosed in the notes to the
financial statements. Thus, the Office of Management and Budget’s (OMB)
audit guidance requires CFO Act entity management to prepare a schedule
summarizing legal contingencies including whether they are probable,
reasonably possible, or remote, and whether (and in what amounts) they
have been accrued or disclosed in the financial statements. An Example
Management Summary Schedule is provided at FAM 1002 D.
Audit Procedures:
.08: The auditor should design procedures to test the entity’s
accounting for and disclosure of litigation, claims, and assessments.
AU 337 (SAS #12) provides guidance on the procedures to identify
litigation, claims, and assessments to evidence that they are
appropriately accounted for and disclosed. AU 9337 provides auditing
interpretations of AU 337. OMB audit guidance also contains procedures
for inquiries of legal counsel. (See FAM 1002 A for example audit
procedures.)
.09: The auditor should obtain evidence relevant to the following
factors with respect to litigation, claims, and assessments: a. The
existence of a condition, situation, or set of circumstances indicating
uncertainty as to the possible loss to an entity arising from
litigation, claims, and assessments. b. The period in which the
underlying causes for legal action occurred. c. The likelihood of an
unfavorable outcome (probable, reasonably possible, or remote).
d. The amount or range of potential loss, if estimable.
.10: The auditor may discuss with management the events or conditions
in accounting for and reporting of litigation, claims, and assessments.
The auditor should perform audit procedures to corroborate the
information provided by management, including requesting that
management send a legal letter request to the entity’s legal counsel.
.11: A letter from legal counsel to the auditor, in response to a legal
letter request from management to legal counsel, is the auditor’s
primary means of corroborating the information furnished by management
concerning the accuracy and completeness of litigation, claims, and
assessments. The auditor should ask management to have the legal letter
request include either (1) a list of pending or threatened litigation,
claims, and assessments, or (2) a request by management that legal
counsel prepare the list. The auditor should also ask management to
have the legal letter request include a list of unasserted claims and
assessments the lawyer determined probable of assertion, and that, if
asserted, would have at least a reasonable possibility of an
unfavorable outcome, to which legal counsel has devoted substantive
attention on the entity’s behalf in the form of legal consultation or
representation (or a statement that management is not aware of any
matters meeting the criteria). The auditor should obtain assurance from
management, ordinarily in writing, that it has disclosed all unasserted
claims when it is considered probable that a claim will be asserted and
there is a reasonable possibility that the outcome will be unfavorable.
Legal counsel then would supplement management’s information about
those unasserted claims and assessments, including an explanation of
any matters where their views differ from those expressed by management
in the legal letter request. In the federal government, where the
general counsel may be part of management, the general counsel may
instead provide the list of unasserted claims or assessments meeting
the above criteria.
The auditor should ask management to have the legal letter request
include a request for legal counsel to make a statement that they will
advise management about unasserted claims and assessments that
management should evaluate for disclosure. See the example request at
FAM 1002 B and example response at FAM 1002 C.
.12: The auditor should also perform procedures to learn about certain
legal claims against the government involving interaction between the
government and its environment. This could include events where federal
operations caused (1) hazardous waste for cleanup, (2) accidental
damage to nonfederal property, or (3) other damage to federal property.
In these cases, no monetary damages are being sought, but rather
plaintiffs generally seek that the government either take or cease a
particular action, which if successful, could cost the government
significant amounts of money to comply. An example is a claim that was
brought against the Department of Energy over its classification of
certain radioactive waste for disposal. Because the classification
affected how the waste could be disposed of and thus the cost of
disposal, a successful claim could have resulted in a material increase
in the agency’s environmental liabilities. Auditors should make
inquiries of management and legal counsel to determine whether the
entity has such cases that could create a loss contingency, and whether
the entity considered those cases in determining the amount of
liability to be disclosed per FAM 1002.05-1002.06. If such cases exist,
the auditor should apply the procedures in FAM 1002.08- 1002.11 to
these cases as well.
Timing of Legal Letter Request and Responses:
.13: The auditor generally should perform procedures for inquiries of
legal counsel concerning litigation, claims, and assessments on a
timely basis to give priority to the resolution of potential problem
areas and to complete other procedures. To meet deadlines, the auditor,
entity management, and legal counsel generally should coordinate the
timing of legal letter requests, responses (including interim
responses), and related management schedules. The auditor and the
entity management should determine the due dates for obtaining
responses from component units to provide legal letter responses for
the entity’s financial statements as well as for the U. S. Government’s
Consolidated Financial Statements. In setting the due dates, the
auditor and entity management generally should allow management to
inquire of Department of Justice legal counsel on a case-specific
basis.
.14: In addition, when an entitywide audit team uses the work of entity
component audit teams, the entitywide and component audit teams
generally should coordinate the timing of legal letter requests,
responses, and management schedules and determine the due dates for the
component financial statements as well as the entitywide financial
statements. The entitywide team generally should receive copies of the
component letters from the component audit teams by the due dates.
.15: The legal counsel’s response should include matters that existed
at the balance sheet date and through a date near the completion of the
audit. If the effective date is substantially in advance of the
completion of the audit (for example, earlier than 2 weeks before the
completion of the audit), the auditor should contact the legal counsel
for an updated response. To avoid this situation, the legal letter
request may specify the period the legal counsel’s response is to cover
and the date the auditor expects to receive the response.
.16: To assist the auditor in completing the review of legal matters in
a timely manner (and to assist management in preparing the financial
statements), the auditor may ask management to request legal counsel to
submit a preliminary or interim response covering matters that existed
at the current date and through a point in time reasonably before the
completion of the audit so that a preliminary evaluation of the
significance of material legal matters can be made. This is
particularly applicable to large federal agencies with numerous and
complex cases.[Footnote 60]
If an interim letter is used, the auditor should ask the entity to
request that legal counsel submit a final or updated response covering
matters from the interim date through the date of audit completion. The
entity should request that the updated response contain only changes or
a statement indicating there are no changes from the interim response
and any new matters from the interim date through the completion of the
audit. The auditor should ask the entity to request that legal counsel
date and submit the final legal representation letter to coordinate
with the management representation letter in FAM 1001. However, in some
cases, the legal representation letters are ready first so entity
management may rely upon them before signing the management
representation letters. In theses cases, the auditor should make oral
inquiries of legal counsel and document whether material changes had
occurred from the date of the legal representation letter to the date
of audit completion. The auditor should plan to receive letters to meet
the reporting deadline in accordance with OMB Circular No. A-136,
Financial Reporting Requirements. See FAM 1002 B for an example legal
letter request that includes requests for interim and updated responses
from legal counsel. Determining a Materiality Level
.17: The auditor and the entity may agree to limit the legal inquiry to
matters that are considered individually or collectively material to
the financial statements, provided that the entity and the auditor have
agreed on the materiality level. The auditor should ask the entity to
indicate the materiality level, if used, in the legal letter request
and the entity should ask the lawyer to include the materiality in the
response.
.18: In determining a materiality level for the legal letter, the
auditor and the entity should set the level sufficiently low that the
cases not included in the legal letter would not be material to the
financial statements taken as a whole when aggregated with
(1) other cases not included in the letter, (2) all other types of
contingencies, (3) all other items that would not be adjusted because
they are judged immaterial (unadjusted misstatements), (4) all other
amounts in the financial statements that would not be tested directly
because they were judged to be immaterial, and (5) all other items
resolved on the basis of materiality considerations.
.19: In aggregating cases, the auditor and the entity may use two
levels of aggregation. First, similar cases are aggregated (such as
employment discrimination cases, harbor maintenance fee cases, spent
nuclear fuel cases, or military promotion board challenges), treated as
a group and the auditor should compare the total with the individual
materiality level. The aggregation generally includes a list of the
individual cases and a discussion of the items of information included
in the legal letter for the aggregated cases (see FAM 1002 B and FAM
1002 C). Second, cases not included in the legal letter individually or
as part of a group of similar cases are aggregated. The auditor may use
a higher materiality level for such an aggregation. However, the
auditor may set this higher materiality level sufficiently low that the
cases not included in the legal letter would not be material to the
financial statements taken as a whole when aggregated with the other
items listed in the previous paragraph.
.20: Where the entity engages more than one legal counsel, the entity
and the auditor should determine whether matters considered not
material individually would exceed the materiality limit when
aggregated. In addition, when separate legal representation letters are
requested on individual components (such as bureaus or offices) of a
consolidated entity because of individual component audits, the auditor
may determine materiality levels for each component.
Legal Counsels from Whom Information Should be Requested:
.21: Most federal entities have a general counsel who has primary
responsibility for and knowledge about the entity’s litigation, claims,
and assessments. The auditor should request entity management to send a
legal letter request to the general counsel. In addition, the auditor
should ask the management and/or general counsel whether the entity
used outside legal counsel whose engagement may be limited to
particular matters (e.g., specific litigation).
.22: In the federal government, the main legal counsel outside of the
entity is the Department of Justice.[Footnote 61] The entity’s
management, its legal counsel, or the auditor may consult with Justice
as well as other outside legal counsel to assure completeness and
accuracy of the presentation of matters related to litigation, claims,
and assessments. Such consultation may include requesting a list of
pending litigation, claims, and assessments from Justice or other
outside legal counsel, or discussion of specific cases.
.23: The auditor should ask the entity to request that legal counsel
cover all litigation, claims, and assessments pertaining to the federal
reporting entity, including matters handled by Justice and other
outside legal counsel on behalf of the entity. If the general counsel
has overall responsibility for handling and evaluating litigation,
claims, and assessments, the evaluation and responses by general
counsel ordinarily are adequate evidence. However, evidential matter
obtained from general counsel is not a substitute for information that
outside legal counsel refuses to furnish to the auditor.
.24: Where there is no general counsel and management has not consulted
legal counsel, the auditor should obtain a written representation from
management that legal counsel has not been consulted. Such
representation may be incorporated as an item in the management
representation letter. (See FAM 550 and 1001.) An example item is: “We
are not aware of any pending or threatened litigation, claims, or
assessments or unasserted claims or assessments that are required to be
accrued or disclosed in the financial statements in accordance with
SFFAS No. 5. We have not consulted legal counsel concerning litigation,
claims, or assessments.”
Evaluation of Responses:
.25: Written responses from legal counsel will vary considerably in the
scope of information provided and in the opinion expressed. In
preparing the responses, legal counsel uses the guidance contained in
the American Bar Association’s Statement of Policy Regarding Lawyers’
Responses to Auditors’ Requests for Information (ABA Policy Statement)
(included in its entirety in AU 337 C).
.26: The auditor should ask the entity to request that legal counsel
cover all entity components included in the financial statements being
audited. Additionally, legal counsel generally should indicate the
disposition of cases included in the prior year’s letter that are no
longer contingencies.
.27: The auditor should evaluate each response in terms of sufficiency
as evidence and consider (a) the possible limitations on the scope of
legal counsel’s responses and (b) the lack of sufficient opinion on the
resolution of a case. AU 9337 provides guidance in evaluating legal
counsel’s responses. The auditor should evaluate any “unable to
determine” and vague and unclear responses. The auditor also should
evaluate the legal counsel’s response in light of any other information
that comes to the auditor’s attention.
Possible Limitations on the Scope of Legal Counsel’s Responses
.28: When legal counsel limits the response, the auditor should
determine whether the limitation affects the auditor’s report. Legal
counsel may appropriately limit their response to certain matters. For
example, to matters that (a) legal counsel has given substantive
attention to in the form of legal consultation or representation, and
(b) are determined to be individually or collectively material to the
financial statements, provided the entity and the auditor have reached
an understanding on materiality levels. These limitations are
acceptable and do not limit the audit scope.
.29: The following are examples of limitations on legal counsel’s
responses that the auditor should not accept and that would ordinarily
result in a scope limitation:
a. Legal counsel refuses to furnish the requested information. When
legal counsel refuses to furnish the information requested in the legal
letter request, the auditor should evaluate this matter as a scope
limitation sufficient to preclude an unqualified opinion.
b. Legal counsel excludes matters requested. The legal counsel’s
responses may not address all information requested. The auditor should
compare legal counsel’s response with the legal letter request and
determine whether legal counsel has addressed all the information
requested. If legal counsel has excluded any of the requested matters,
the auditor should obtain responses for those matters from legal
counsel. If the auditor is unable to obtain all the information needed,
the auditor should evaluate this as a scope limitation that could be
sufficient to preclude an unqualified opinion.
c. Legal counsel indicates that certain information is being withheld
due to attorney-client privilege. Under the American Bar Association
(ABA) Code of Professional Responsibility, legal counsel is required to
preserve the confidences and secrets of the client. Legal counsel may
disclose confidences to the auditor only with the consent of the
client. If the legal letter request is prepared in accordance with AU
337, the auditor should expect that legal counsel would be responsive;
otherwise the scope of the audit would be restricted. On the other
hand, explanatory language in the legal letter request or in legal
counsel’s response emphasizing that management or legal counsel does
not intend to waive attorney-client privilege or attorney work-product
privilege does not result in a scope limitation.
Lack of Sufficient Opinion on the Resolution of a Case:
.30: The following are examples of legal counsel responses that lack
sufficient opinion on the resolution of a case:
a. Uncertainties. Legal counsel may be unable to respond concerning the
likelihood of an unfavorable outcome of litigation, claims, and
assessments or the amount or range of potential loss, because of
inherent uncertainties. In these circumstances, the auditor generally
should conclude that the financial statements are affected by an
uncertainty concerning the outcome of a future event, which is not
susceptible to reasonable estimation. See FAM 580 for reporting on
uncertainties.
b. Unclear responses. Legal counsel sometimes use general terms to
indicate their evaluation of the outcome of a case. The ABA Policy
Statement states that legal counsel may, in the appropriate
circumstances, communicate to the auditor their view that an
unfavorable outcome is “probable” or “remote.” The legal letter
responses may include phrases that mean remote or probable. The phrases
below are examples of opinions that provide sufficient clarity that the
likelihood of an unfavorable outcome is remote:
* “We are of the opinion that this action will not result in any
liability to the entity.”
* “We believe that the plaintiff’s case against the entity is without
merit.”
The following are examples of opinions that indicate significant
uncertainty as to whether the entity will prevail:
* “In our opinion, the entity has a substantial chance of prevailing in
this action.” (A “substantial chance,” a “reasonable opportunity,” and
similar terms indicate more uncertainty than an opinion that the entity
will prevail.)
* “It is our opinion that the entity will be able to assert meritorious
defenses to this action.” (The term “meritorious defenses” indicates
that the court will not summarily dismiss the entity’s defenses; it
does not indicate legal counsel’s opinion that the entity will
prevail.)
.31: To avoid unclear and incomplete responses, the auditor generally
should ask management to request legal counsel to use Justice’s
standard forms to describe legal contingencies (see FAM 1002 C-4 to C-6
for examples of these forms). When legal counsel does not indicate
whether the unfavorable outcome is probable or remote, management and
the auditor should conclude that the outcome is reasonably possible,
and management should determine the disclosure. Management, with legal
counsel’s advice, determines whether cases are probable, reasonably
possible, or remote, to decide whether to recognize them as liabilities
and/or disclosed them in the notes to the financial statements.
.32: If the auditor is not certain about legal counsel’s evaluation,
the auditor should discuss the matters with legal counsel and entity
management (and document the oral discussion) and/or obtain written
clarification in a follow-up letter. Sometimes legal counsel may give a
clearer indication of likelihood orally. If legal counsel is unable to
give a clear evaluation of the likelihood of an unfavorable outcome,
management should disclose the uncertainty and the auditor should
evaluate the uncertainty’s effect on the audit report.
Example Legal Letter Request:
.33: The legal letter request, which the auditor may assist management
to draft, should be on the audited entity’s letterhead, signed by the
Chief Financial Officer (CFO), or equivalent, and ask that the reply be
sent directly to the auditor with a copy to management by specified due
dates. FAM 1002 B provides an example legal letter request that
includes requests for interim and updated responses from legal counsel
and matters that should be covered in the letter.
Example Legal Counsel’s Responses and Management’s Schedule:
.34: The General Counsel’s response on General Counsel letterhead is
sent to the auditor with a copy to management by the agreed-upon due
dates. The counsel may indicate that the response is provided for the
auditor’s use in connection with the audit.
.35: FAM 1002 C shows an example of a legal counsel response, including
the legal representation letter that should include Justice’s legal
contingency standard forms for each case or group of cases. Forms can
be obtained on Justice’s website at [hyperlink,
http://www.usdoj.gov/civil/forms/forms.htm] and auditors should check
that current forms were used.
.36: FAM 1002 D shows an example of management’s schedule that
documents how the information contained in the legal counsel’s
responses was used in preparing the financial statements. Management
should include each case discussed in the legal letter and indicate (1)
the amount accrued for probable cases and (2) note disclosure for
reasonably possible cases, probable cases where the amount cannot be
estimated, and probable cases where a range of amounts above the
accrued amount is estimated.
Practice Aids:
.37: The following practice aids are provided at:
FAM 1002 A – Example Audit Procedures for Inquiries of Legal Counsel;
FAM 1002 B – Example Legal Letter Request; FAM 1002 C – Example Legal
Representation Letter, and: FAM 1002 D – Example Management Summary
Schedule.
1002 A – Example Audit Procedures for Inquiries of Legal Counsel
Entity:
Period of financial statements:
Job code:
Example Audit Procedures: I. Testing Procedures: 1) Ask management
about the entity’s policies and procedures for identifying, evaluating,
and accounting for litigation, claims, and assessment; Done by/date:
[Empty];
Doc Ref.: [Empty].
Example Audit Procedures: 2) Obtain from management (or the entity’s
legal counsel) a description and evaluation of litigation, claims, and
assessments existing as of the balance sheet date and through the date
of management’s response (see timing of the audit at FAM 1002.13 to
1002.16); Done by/date: [Empty];
Doc Ref.: [Empty].
Example Audit Procedures: 3) To determine whether an outside legal
counsel is performing services for the entity, inquire of management
whether outside legal counsel has been used by the entity and the
matters handled. Ask management for a list of pending litigation,
claims, and assessments from the Department of Justice and/or examine
correspondence and invoices from other outside legal counsel (e.g., for
legal fees), if any;
Done by/date: [Empty];
Doc Ref.: [Empty].
Example Audit Procedures: 4) Ask whether there have been changes in the
status of general counsel or outside legal counsel such as any
resignations, or intentions to resign. If so, determine if there are
matters that may affect the financial statements. For example, in
appropriate circumstances, a legal counsel may be required by the ABA
Code of Professional Responsibility to resign the engagement if the
legal counsel’s advice concerning disclosures is disregarded by the
entity;
Done by/date: [Empty];
Doc Ref.: [Empty].
Example Audit Procedures: 5) To identify litigation, claims, and
assessments read minutes of management meetings, contracts, loan
agreements, leases, and correspondence from other government entities
and discuss pertinent items with management;
Done by/date: [Empty];
Doc Ref.: [Empty].
Example Audit Procedures: 6) If information comes to the auditor’ s
attention that may indicate a potential contingency with respect to
litigation, claims, or assessments that may require adjustment to or
disclosure in the financial statements, discuss with the entity its
possible need to consult legal counsel. Depending on the severity of
the matter, refusal by the entity to consult legal counsel in those
circumstances may result in a scope limitation. Determine the effect of
such a limitation on the auditor’s report; Done by/date: [Empty];
Doc Ref.: [Empty].
Example Audit Procedures: 7) Request entity management to send a legal
letter request to the general counsel asking counsel to respond
directly to the auditor. (Obtain a copy of the legal letter request.)
Determine whether there is a need to request legal letters from any
outside legal counsel. The legal letter should cover litigation,
claims, and assessments pertaining to the reporting entity, including
matters handled by the Department of Justice or other outside legal
counsel. (See FAM 1002 B for an example legal letter request.)
Coordinate with management and legal counsel to determine
* the timing of legal letter requests and responses and related
management’s summary/schedules of information contained in legal
responses and
* a materiality level to be included in the legal representation
letter. (FAM 1002.17-.20); Done by/date: [Empty];
Doc Ref.: [Empty].
Example Audit Procedures: 8) Read the legal letter responses and
management’s schedules to identify litigation, claims, and assessments;
Done by/date: [Empty];
Doc Ref.: [Empty].
Example Audit Procedures: 9) Compare the description and evaluation of
the current year’s legal letter responses to the prior year’s audit
documentation. If this comparison indicates that certain legal matters
in the prior year are no longer included, discuss these matters with
management or legal counsel to obtain an understanding of the reasons
for the changes; Done by/date: [Empty];
Doc Ref.: [Empty].
Example Audit Procedures: 10) Determine whether the information in the
legal representation letter is consistent with management’s schedule
summarizing the information in the letter and related supporting
documentation; Done by/date: [Empty];
Doc Ref.: [Empty].
Example Audit Procedures: 11) Document and discuss with legal counsel
if the information obtained is not complete, clear, or consistent;
Done by/date: [Empty];
Doc Ref.: [Empty].
Example Audit Procedures: 12) Evaluate legal counsel’s responses and
determine the effects of the responses on liabilities and related note
disclosures in the financial statements and on the auditor’s report;
Done by/date: [Empty];
Doc Ref.: [Empty].
Example Audit Procedures: 13) If a response date is substantially in
advance of the audit report date, for example, earlier than 2 weeks
prior to date of auditors’ report, obtain a written or oral update
response. (The longer the period between the legal letter and the audit
report date, the more important a written update becomes.);
Done by/date: [Empty];
Doc Ref.: [Empty].
Example Audit Procedures: II. Reporting Procedures: Obtain a
representation from management in the management representation letter
(see FAM 550 and 1001) that the entity has disclosed all unasserted
claims that legal counsel has advised are probable of assertion that,
if asserted, would have at least a reasonable possibility of an
unfavorable outcome and must be disclosed.
1) Discuss the description and evaluation of litigation, claims, and
assessments obtained with management to determine if, subsequent to the
date of legal counsel’s response, there have been any changes in status
of the matters, changes in management’s evaluation of the outcome, or
additional matters to be evaluated; Done by/date: [Empty];
Doc Ref.: [Empty].
Example Audit Procedures: If there are significant changes in the
status of the matters or new matters, obtain a written confirmation or
updated response from legal counsel; Done by/date: [Empty];
Doc Ref.: [Empty].
Example Audit Procedures: 3) Have management include in the management
representation letter representations related to contingencies and
determine if they are appropriately accrued and disclosed as required
by SFFAS No. 5, as amended. If management has not consulted legal
counsel, obtain a written representation from management that legal
counsel has not been consulted. This representation may be incorporated
in the management representation letter (see FAM 550 and 1001);
Done by/date: [Empty];
Doc Ref.: [Empty].
Example Audit Procedures: 4) Read the entity’s financial statements and
notes and: a) evaluate the adequacy of financial statement disclosure
for contingencies with respect to litigation, claims, and assessments;
b) determine if the financial statement disclosures for contingencies
with respect to litigation, claims, and assessments are prepared in
accordance with OMB guidance; and
c) for federal entities involved in litigation for which the Judgment
Fund is a likely source of judgment or settlement, determine if a note
to the financial statements discusses the Judgment Fund’s role in the
payment of a possible loss, as required by FASAB Interpretation No. 2,
Accounting for Treasury Judgment Fund Transactions; Done by/date:
[Empty];
Doc Ref.: [Empty].
Example Audit Procedures: 5) Document conclusions reached concerning
the accounting for and disclosure of litigation, claims, and
assessments, determine if adjustments are necessary, and whether
modification of the auditor’s report is necessary (see FAM 580);
Done by/date: [Empty];
Doc Ref.: [Empty].
1002 B – Example Legal Letter Request:
[Audited Entity Letterhead]:
Date: [date]:
To: General Counsel:
From: Chief Financial Officer [signed]: Subject: [Auditor’s] Audits of
20X8 and 20X7:
Financial Statements:
Pursuant to [cite applicable legal authority to conduct the audit, such
as 31 U.S.C. 3521], [auditor’s name] is auditing the financial
statements of [entity] as of and for the years ended September 30,
20X8, and 20X7.
In performing audits of government entities, auditors comply with
Government Auditing Standards, issued by the Comptroller General of the
United States (the “yellow book”). For financial statement audits,
Government Auditing Standards incorporate the fieldwork and reporting
standards of the American Institute of Certified Public Accountants
(AICPA) and the Statements on Auditing Standards that interpret them.
Consistent with AU 337 of the AICPA’s Codification of Statements on
Auditing Standards, [auditor] has inquired about litigation, claims,
and assessments to obtain evidence as to the financial accounting and
reporting of such matters in the financial statements. The purpose of
this letter is to request your assistance in responding to that
inquiry. The American Bar Association Statement of Policy Regarding
Lawyers’ Responses to Auditors’ Request for Information (December 1975)
provides guidance for the lawyer’s response to the auditor’s request.
In accordance with Statement of Federal Financial Accounting Standards
(SFFAS) No. 5, Accounting for Liabilities of the Federal Government, as
amended by SFFAS No. 12, and Interpretation No. 2 of SFFAS No. 4 and 5,
[entity] may need to report certain information in its financial
statements and notes concerning contingent liabilities for litigation,
claims, and assessments. We request that you provide [auditor] (with a
copy to me) information on matters with respect to which you have been
engaged and to which you have devoted substantive attention on behalf
of [entity] in the form of legal consultation or representation.
Please furnish an interim response by [agreed-upon date], but no later
than (insert date such as August 29, 20x8), including matters that
existed as of July 31, 20X8. Please furnish an updated response by
[agreed-upon date] but no later than (insert date such as October 31,
20x8) that includes any new legal matters from August 1 through October
31, 20x8, and any significant changes from your interim response or
furnish a statement that there are no new changes. (For CFO Act Audits
only; the auditor and entity should determine appropriate timing for
other audits.)
Please include any cases[Footnote 62] with respect to which you have
been engaged and to which you have devoted substantive attention on
behalf of the [entity] in the form of legal consultation or
representation, even those cases for which you believe the Judgment
Fund or some financing source other than [entity]’s budgetary resources
will pay any potential loss. Under U.S. generally accepted accounting
principles, these amounts will be included as liabilities or disclosure
items in the [entity]’s financial statements. Please aggregate cases
similar in nature where appropriate. Please list the matters in order
of the amount of potential loss, starting with the largest.
Pending or Threatened Litigation (excluding unasserted claims):
We and [auditor] have determined that any matters (1) for which the
amount of potential loss exceeds $XX, individually or in the aggregate
for similar cases, or (2) for which the amount of potential loss
exceeds $XXX in the aggregate for cases not listed individually or as
part of similar cases, could be material to the financial statements.
We request that you provide to [auditor] the information described
below about pending or threatened litigation where the amount of
potential loss exceeds $XX:
1. The nature of the matter. Include a description of the case or cases
and amount claimed, if specified.
2. The progress of the case to date.
3. The government’s response or planned response (for example, to
contest the case vigorously or to seek an out-of-court settlement). 4.
An evaluation of the likelihood of unfavorable outcome. Please
categorize likelihood as probable (an unfavorable outcome is likely to
occur), reasonably possible (the chance of an unfavorable outcome is
less than probable but more than remote), or remote (the chance of an
unfavorable outcome is slight).
5. An estimate of the amount or range of potential loss, if one can be
made, for losses considered to be probable or reasonably possible.
6. The name of the [entity]’s legal counsel handling the case and names
of any outside legal counsel/other lawyers representing or advising the
government in the matter (Department of Justice or outside law firms).
We also request that you identify litigation reported in your prior
year legal representation letter as pending or threatened that is no
longer pending or threatened and a short description of the
disposition.
Unasserted Claims and Assessments:
[If legal counsel is a part of management use this paragraph.] Please
provide the following information for all unasserted claims and
assessments that you consider to be probable of assertion and which, if
asserted, would have at least a reasonable possibility (more that
remote) of an unfavorable outcome (1) for which the amount of potential
loss exceeds over $XX, individually or in the aggregate for similar
cases, or (2) for which the amount of the potential loss exceeds $XXX
in the aggregate for cases not listed individually or as part of
similar cases, involving matters to which you have devoted substantive
attention.
[If legal counsel is not part of management, such as an outside legal
counsel, use this paragraph.] We have provided an attachment to this
request that lists the unasserted claims and assessments that we
believe are probable of assertion and which, if asserted, would have at
least a reasonable possibility (more than remote) of an unfavorable
outcome (1) for which the amount of potential loss exceeds $XX,
individually or in the aggregate, for similar cases, or (2) for which
the amount of potential loss exceeds $XXX in the aggregate for cases
not listed individually or as part of similar cases, involving matters
to which you have devoted substantive attention. Please provide the
following information for each matter and for any additional matters
that you believe meet these criteria.
1. A description of the nature of the matter.
2. The government’s planned response if the claim is asserted.
3. An evaluation of the likelihood of an unfavorable outcome.
(Categorize likelihood as probable (likely to occur) or reasonably
possible (less than probable but more than remote).)
4. An estimate of the amount or range of potential loss, if one can be
made.
Please specifically confirm to [auditor] that our understanding of the
following is correct: Whenever, in the course of performing legal
services for us, with respect to a matter recognized to involve an
unasserted possible claim or assessment that may call for financial
statement disclosure, if you have formed a professional conclusion that
we should disclose or consider disclosure concerning such possible
claim or assessment, as a matter of professional responsibility to us,
you will (1) advise us of your conclusion and (2) consult with us
concerning the question of such disclosure and the applicable
requirements of SFFAS No. 5, as amended.
We request that you describe the cases using the Department of Justice
forms (one for pending or threatened litigation, another for unasserted
claims). To obtain the current forms, go to the Department of Justice
website at [hyperlink, http://www.usdoj.gov/civil/forms/forms.htm].
Please separately identify any pending or threatened litigation and
unasserted claims with respect to which you have been engaged and to
which you have devoted substantive attention on behalf of the [entity]
in the form of legal consultation or representation for which you
believe another government entity will be responsible for any potential
liability.
Please specifically identify the nature of and reasons for any
limitations on your response to this request.
Please address your reply to [auditor], and contact them at (phone
number), when your reply is available for pick up, and send a copy of
your reply to me. Do not hesitate to contact me or [auditor] if you
have any questions about this request.
1002 C – Example Legal Representation Letter: [General Counsel
Letterhead]:
[Date]:
[Auditor]:
[Title]:
[Agency or Firm Name]:
[City]:
Subject: Legal Response in Connection with the 20X8 and 20X7 Financial
Statement: Audits of [entity name]:
Dear [Auditor]:
As General Counsel of [entity], I am writing in response to the legal
letter request from the [entity]’s Chief Financial Officer (CFO) dated
[date], in connection with the audit of [entity]’s financial statements
as of and for the years ended September 30, 20X8 and 20X7 [see FAM 1002
B]. [In an interim response, add “I will, as further requested by the
CFO, provide an updated response by [date].”]
I call your attention to the fact that as General Counsel for [entity],
I have general supervision of [entity]’s legal affairs. [If the general
legal supervisory responsibilities of the person signing the letter are
limited, set forth a clear description of those legal matters over
which the signer exercises general supervision, indicating exceptions
to such supervision and situations where the auditor may primary rely
on other sources.] In such capacity, I have reviewed litigation and
claims threatened or asserted involving [entity] and have consulted
with outside legal counsel about them when I have deemed appropriate.
Subject to the foregoing and to the last paragraph of this letter, I
advise you that since [insert date of beginning of period under audit]
neither I, nor any of the lawyers over whom I exercise general legal
supervision, have given substantive attention to, or represented
[entity] in connection with (1) loss contingencies [over the amount of
(state materiality level agreed to with auditor and stated in request
letter, for example $1 million)], or (2) loss contingencies that are
less than or equal to [for example, $1 million] but in the aggregate
exceed, [for example, $5 million] coming within the scope of clause (a)
of Paragraph 5 of the Statement of Policy referred to in the last
paragraph of this letter, except as follows:
[Describe litigation and claims that fit the foregoing criteria as
follows. General Counsel may use current Department of Justice forms to
describe the cases (one for pending or threatened litigation, another
for unasserted claims); see the DOJ website at [hyperlink,
http://www.usdoj.gov/civil/forms/forms.htm.][Footnote 63]
Pending or Threatened Litigation: (Excluding unasserted claims and
assessments, which are discussed below)
1. Nature of the matter (include a description of the case or cases and
amount claimed, if specified).
2. Progress of the case to date.
3. Current or intended response.
4. Evaluation of the likelihood of an unfavorable outcome (categorize
likelihood as probable, reasonably possible, or remote).
5. Estimated amount or range of potential loss, if determinable, for
losses considered to be probable or reasonably possible.
6. Name of [entity]’s legal counsel handling the case and names of any
outside legal counsel representing or advising the government in the
matter.
Pending or threatened litigation that was reported in the prior year’s
legal representation letter, which is no longer pending or threatened
is as follows [Identification of litigation with a short description of
its disposition.]
With respect to matters that have been specifically identified as
contemplated by clauses (b) or (c) of paragraph 5 of the ABA Statement
of Policy, I advise you, subject to the last paragraph of this letter,
as follows:
Unasserted Claims and Assessments (considered to be probable of
assertion and which, if asserted, would have at least a reasonable
possibility of an unfavorable outcome)
1. Nature of the matter.
2. Intended response if claim would be asserted.
3. Evaluation of the likelihood of an unfavorable outcome. (Categorize
likelihood as probable or reasonably possible.)
4. Estimated amount or range of potential loss, if determinable.
The information set forth herein is [(as of the date of this letter) or
(as of (insert date), the date on which we commenced our internal
review procedures for purposes of preparing this response)], except as
otherwise noted. [If an interim response, add “Upon receipt of a
request to update the response, I will provide an updated response,
which is due on [date],”] {If a final response: I disclaim any
undertaking to advise you of changes that, after the date of this
letter, may be brought to my attention or the attention of our lawyers
over whom I exercise general legal supervision.}
[The following language is generally consistent with AU 337C)
This response is limited by, and in accordance with, the ABA Statement
of Policy Regarding Lawyers’ Responses to Auditors’ Requests for
Information (December 1975); without limiting the generality of the
foregoing, the limitations set forth in such statement on the scope and
use of this response (Paragraphs 2 and 7) are specifically incorporated
herein by reference, and any description herein of any “loss
contingencies” is qualified in its entirety by Paragraph 5 of the
statement and the accompanying commentary (which is an integral part of
the statement).
Consistent with the last sentence of Paragraph 6 of the ABA Statement
of Policy, this will confirm as correct the [entity]’s understanding
that whenever, in the course of performing legal services for the
[entity] with respect to a matter recognized to involve an unasserted
possible claim or assessment that may call for financial statement
disclosure, I have formed a professional conclusion that the [entity]
must disclose or consider disclosure concerning such possible claim or
assessment, I, as a matter of professional responsibility to [entity],
will so advise the [entity] and will consult with the [entity]
concerning the question of such disclosure and the applicable
requirements of Statement of Federal Financial Accounting Standards
(SFFAS) No. 5, Accounting for Liabilities of the Federal Government, as
amended by SFFAS No. 12, and Interpretation Number 2 of SFFAS No. 4 and
5.
[Describe any other or additional limitation as indicated by Paragraph
4 of the statement.]
Sincerely yours,
[Name of General Counsel]:
[Title]:
cc: Chief Financial Officer:
Attachments (DOJ forms or other case information):
The auditor should see that management prepare this schedule (or
equivalent) summarizing the information contained in the legal letters.
In particular, the auditor should determine that management has
concluded as to the likelihood of loss about each case to determine
whether an amount should be recorded in the financial statements and/or
if note disclosure is necessary for the financial statements to conform
with U.S. GAAP. Although most information comes directly from the legal
letter, the auditor should determine that financial staff have
accurately added the information in the last two columns to indicate
the disposition of each case in the financial statements.
Management's Schedule of Information Contained in Legal Letter
Responses for Financial Reporting Purposes:
Amounts in thousands:
Table:
[See PDF for image]
[End of figure]
Guidance for Preparation:
1. Matters should be listed on this schedule in order of the amount or
range of potential loss, starting with the largest.
2. The level of aggregation should generally be at the same level as in
the general counsel's letter. However, there may be instances where the
level of aggregation is too high to be able to prepare this schedule in
a way that is meaningful. In such cases, the auditor should request
that the CFO work with legal counsel to provide further disaggregation
of dissimilar cases. There may also be other instances in which a
higher level of aggregation is desirable. The auditor should request
that CFOs use professional judgment, considering the purpose of this
schedule when determining the level of aggregation.
Column:
1: Reference key: Page number of legal representation letter obtained
from General Counsel discussing the case, or other reference
information.
2: Amount claimed: Amount claimed in the litigation, claim, or
assessment (if specified)
3: Name of case or related cases: Where appropriate, provide name of
case or aggregated cases which meet materiality threshold.
4: Likelihood of loss: Indicate management's evaluation of the
likelihood of loss on individual or aggregated cases. Options: P:
probable (loss likely to occur); R/P: reasonably possible (the chance
of loss is less than probable, but more than remote); or R: remote (the
chance of loss is slight).
5: Amount or range of potential loss: Options: 5a: Probable (P) --
Provide single estimate or lower end of range, if known. Enter "U" if
unknown. (Also provide column totals.)
5b: Reasonably possible (R/P) -- Provide single estimate or lower end
of range, if provided. Enter "U" if unknown. Also provide column
totals.
5c: If amounts in P or R/P are ranges, provide upper end of range;
otherwise, enter "n/a."
6: Disposition in financial statements - amount recorded: If
applicable, provide corresponding dollar amount recorded as a liability
in the financial statements. (Also provide column totals.)
7: Disposition in financial statements - note disclosure: If
applicable, indicate by note reference number where case information is
separately disclosed or included in amounts disclosed in notes to the
financial statements. (Also provide column totals.)
1003 - Financial Statement Audit Completion Checklist Entity:
Job Code:
Principal Report:
Other Reports (including management reports and testimonies):
Instructions:
.01: This checklist is a tool to help auditors of financial statements
determine whether they have complied with GAGAS, OMB audit guidance,
and the FAM. The auditor-in-charge (AIC), audit senior, or audit
manager should prepare this checklist before the audit completion date
and sign in section VIII. The assistant director and first partner
(audit director) should review this checklist before the audit
completion date and also sign in section VIII. For GAO audits, the
chief accountant or second partner should review the checklist and sign
in section IX when engagement quality control review (previously called
a second partner review) is completed before the audit completion date.
If the audit is conducted at multiple sites, the site supervisor may
complete parts of the checklist for each site (with the AIC, audit
senior, or audit manager completing the overall checklist). While parts
of the checklist are useful in audit planning, no signatures are
required on the checklist in the planning phase.
.02: The detailed questions in this checklist are to be answered “Yes”,
“No”, or “N/A (not applicable)”. For most questions, “No” answers
indicate departures from professional standards or from auditor
policies. The auditor should explain all “No” answers in section VII of
this checklist and determine the effects and significance of “No”
answers, including any effects on the auditor’s report. Auditors should
check “N/A” when the item does not exist or when the item exists but is
judged to be not material. Because the checklist is designed for a wide
range of financial statement audits, there may be many “N/A” answers.
If the reason why a question is not applicable is not obvious, the
auditor should document the reason on the checklist or in an
attachment. It is not necessary to create additional documentation to
support the “Yes” answers, but a column is provided to insert a
reference to related audit documentation (“Ref.”). The questions are
summarized. For most questions, there is a reference to professional
literature that provides more detail.
.03: Section V has questions on GAO’s report considerations and section
VI has questions on GAO’s quality control. GAO auditors should complete
these sections. IG auditors and other auditors may use these sections
or may substitute forms that conform to their reporting style and
quality controls.
.04: See FAM 650 related to reviewing this checklist (or equivalent)
when using the work of others.
.05: FAM Volume 3 has two checklists, Checklist for Federal Accounting
(FAM 2010), and Checklist for Federal Reporting and Disclosures, (FAM
2020), which superseded the July 2004 FAM 1050 checklist. The two
checklists cover accounting, financial reporting, and disclosure
requirements related to federal financial statements prepared using
U.S. GAAP promulgated by FASAB and includes form and content
presentation contained in OMB Circular No. A-136 (June 29, 2007). The
AICPA publishes a disclosure checklist for financial statements
prepared using U.S. GAAP promulgated by FASB. Preparers of entity
financial statements may document their conformity with U.S. GAAP by
either:
* completing the FAM 2010 and FAM 2020 checklists, or
* completing the AICPA disclosure checklist, as applicable, and a
supplemental checklist for FASAB requirements, or
* completing an equivalent checklist that addresses applicable
accounting, financial reporting, and disclosure requirements.
Preparers should tailor checklists to the needs of their individual
entity financial statements and auditors should review finished
checklists for completeness and accuracy. If the preparer does not
complete the checklists, the auditor should complete FAM 2010 and FAM
2020 or equivalent to document the conformity of the entity’s financial
statements with U. S. GAAP as discussed in FAM 560.
.06: For GAO’s financial audits, this checklist incorporates, by
reference, additional job-related documentation requirements.
.07: For GAO’s financial audits, the chief accountant or second partner
should perform an engagement quality control review. This review should
be documented on FAM 1003-29. IG auditors and other auditors should
determine the need for a similar review as part of their system of
quality control under GAGAS.
Contents:
Section Topic Page:
I. Planning and Concluding the Audit: II. Key Audit Areas:
III. Consultation:
IV. Report:
V. GAO’s Report Considerations: VI. GAO’s Quality Control:
VII. Explanation of “No” Answers and Other Comments: VIII. Conclusions:
IX. Engagement Quality Control Review (Second Partner Review):
References:
AICPA Professional Standards (vol. 1, Auditing): GAO/PCIE Financial
Audit Manual: Government Auditing Standards (2007 edition):
Section I: Planning and Concluding the Audit: 1. Has the audit team
documented that it has a. established an understanding with those
contracting for the audit, officials of the entity, or others defined
as the client and those charged with governance as to the objectives of
the work; management’s responsibilities; auditors’ responsibilities; an
overview of the nature, extent, and timing of planned audit procedures,
the form, general content, and timing of communications; planned
reporting on the financial statements, internal control, and
compliance; the planned level of assurance; any limitations of the work
and any potential restrictions on the auditor’s reports; and
b. issued an engagement letter, contract, or other written
communication to describe the terms of the engagement?
(FAM 215 and GAGAS, par. 4.06); N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section I: Planning and Concluding the Audit: 2. Was an entrance
conference held? (FAM 215 A); N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section I: Planning and Concluding the Audit: 3. Does audit
documentation contain an understanding of the entity, its operations,
and its internal controls sufficient to assess risk and plan the audit?
(FAM 290.03-.04);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section I: Planning and Concluding the Audit: 4. Does the audit
documentation contain an adequate audit strategy and audit plan? (FAM
290.05 and FAM 290.09);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section I: Planning and Concluding the Audit: 5. Did the audit team
adequately perform and document planning steps (FAM 290.05) to include
a. Perform preliminary analytical procedures? (FAM 225)
b. Determine planning and design materiality and tolerable
misstatement? (FAM 230) c. Identify the methodology used to assess
computer-related controls and document the basis for believing that the
methodology used is appropriate? (GAO auditors should use FISCAM.) (FAM
240)
d. Identify significant laws & regulations? (FAM 245) e. Identify
relevant budget restrictions? (FAM 250) f. Design the audit to achieve
an acceptable level of audit assurance that the financial statements
are not materially misstated? (GAO uses 95 percent.) (FAM 260)
g. Discuss the susceptibility of the entity’s financial statements to
material misstatement? (FAM 260) h. Assess inherent risk and the
overall effectiveness of the control environment, risk assessment,
communication, and monitoring, including whether weaknesses in the
control environment, risk assessment, communication, and monitoring
preclude the effectiveness of specific control activities? (FAM 260)
i. Assess fraud risks, including any related to revenue and to
management override of controls, and exercise professional skepticism
throughout the audit? (FAM 260 and FAM 290.08) j. Brainstorm risk of
material misstatement including fraud risk and error risk? (FAM 260) k.
Consider the effects of information technology, including service
centers? (FAM 270) l. Consider operations controls to test? (FAM 275)
m. Plan other procedures (representation letters, related party
transactions, sensitive payments)? (FAM 280)
n. Determine locations to be visited? (FAM 285) o. Determine staffing
requirements? (FAM 290.05) p. Determine timing of procedures and
milestones? (FAM 290.05)
q. Determine extent of assistance from entity personnel? (FAM 290.05);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section I: Planning and Concluding the Audit: 6. Does the audit
strategy consider findings and recommendations from previous audits
that could affect the current audit objectives? (GAGAS, par. 4.09);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section I: Planning and Concluding the Audit: 7. Did the audit team
identify budget controls for each relevant budget restriction and
perform sufficient work to support the conclusions on internal control?
(FAM 250, 310.06, 330.09);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section I: Planning and Concluding the Audit: 8. Did the audit team
identify compliance controls and perform sufficient work to support the
conclusions on internal control? (FAM 245, 310.05, 330.10); N/A:
[Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section I: Planning and Concluding the Audit: 9. Did the audit team use
the work of others (CPA firms, IGs, internal auditors, or specialists)?
(FAM 650); N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section I: Planning and Concluding the Audit: 10. Did the audit team
perform overall analytical procedures, including documentation of a.
expectations,
b. data/sources,
c. parameters,
d. explanations/corroboration, and e. conclusions?
(FAM 590.04);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section I: Planning and Concluding the Audit: 11. Does the
documentation indicate that the audit team properly performed
procedures in the reporting phase of the audit (FAM 590) as follows: a.
Evaluate misstatements, including considering whether any misstatements
are indicative of fraud? (FAM 540)
b. Bring all uncorrected known and likely misstatements to the
attention of entity management and those charged with governance? (FAM
540.07)
c Obtain attorneys’ representations? (FAM 550.02 and FAM 1002)
d. Review subsequent events? (FAM 550.04 and FAM 1005)
e. Obtain management representations? (FAM 550.07 and FAM 1001)
f. Identify and evaluate related party transactions? (FAM 550.12 and
FAM 1006)
g. Communicate with those charged with governance? (FAM 550.13)
h. Review the consistency of other information in the Annual Financial
Report? (FAM 580.77); N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section I: Planning and Concluding the Audit: 12. Does the audit
summary memorandum or equivalent properly summarize or refer to
documentation (FAM 590.02-.03) addressing the following? a. Any changes
from original assessments of the risk of material misstatement,
materiality, or tolerable misstatement?
b. Additional fraud risks or other conditions identified during the
audit calling for an additional response and the related response? c.
The basis for conclusions on significant auditing, accounting, and
reporting issues? d. Conclusions on adequacy of procedures and
sufficiency of evidence?
e. The effects of uncorrected misstatements (known and likely) on the
financial statements? f. Conclusions on financial statements? g.
Conclusions on internal control? h. Conclusions on whether the entity’s
financial management systems meet the requirements of FFMIA?
i. Conclusions on compliance with laws and regulations?
j. Conclusions on the consistency of accompanying information with the
financial statements?; N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section I: Planning and Concluding the Audit: 13. Has the audit
director determined that communications have occurred among the audit
team members regarding fraud risks and error risks? (FAM 540.19); N/A:
[Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section I: Planning and Concluding the Audit: 14. Is there
documentation that a. The director approved deviations from the
“should” procedures in the FAM and the basis for the deviations? (FAM
110.28)
b. The auditor complied with “must” procedures of professional auditing
standards as noted in the FAM? (FAM 110.28 and Appendix B); N/A:
[Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section II: Key Audit Areas: Planning and Concluding the Audit: Answer
the questions below for each key audit area or cycle. The key audit
areas and cycles to which these questions apply are:
1. Did the audit team prepare the documentation summarizing
considerations in planning and performing the work in the key audit
areas and cycles for
a. Cycle Matrix or an equivalent (or documentation in Account Risk
Analysis or an equivalent) showing links between accounts, cycles,
applications and line items? (FAM 290.06) b. Account Risk Analysis or
an equivalent? (FAM 290.07)
c. Cycle Memorandum and/or flowchart or equivalents? (FAM 390.05)
d. Specific Control Evaluation or an equivalent? (FAM 390.07)
e. Written audit plan and procedures? (FAM 390.01) 1. Did the audit
team prepare the documentation summarizing considerations in planning
and performing the work in the key audit areas and cycles for
a. Cycle Matrix or an equivalent (or documentation in Account Risk
Analysis or an equivalent) showing links between accounts, cycles,
applications and line items? (FAM 290.06) b. Account Risk Analysis or
an equivalent? (FAM 290.07)
c. Cycle Memorandum and/or flowchart or equivalents? (FAM 390.05)
d. Specific Control Evaluation or an equivalent? (FAM 390.07)
e. Written audit plan and procedures? (FAM 390.01); N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section II: Key Audit Areas: 2. If conditions changed during the course
of the audit, were the audit strategy, audit plans, and procedures
modified as appropriate in the circumstances, including evidence of
first partner/director approval? (AU 311.05);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section II: Key Audit Areas: 3. When the audit team performed sampling,
did it properly determine and document the a. method used in relation
to test objectives, b. sample size and the method of determining the
sample size,
c. tests performed,
d. results (misstatements and deviations found), e. evaluation
(including projection to the population), and
f. conclusions? (FAM 490.05a);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section II: Key Audit Areas: 4. When the audit team performed
substantive analytical procedures, did it properly document a.
expectations and the method used to develop them,
b. data sources/reliability,
c. limit/criteria,
d. client explanations and corroborating evidence, e. additional
procedures, if any and f. conclusions? (FAM 490.05b);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section II: Key Audit Areas: 5. When the audit team performed interim
testing, did it a. test the rollforward period,
b. properly document the
i. basis for using interim testing and the line items/ accounts and
assertions tested, ii. procedures performed, and
iii. effects of any misstatements found? (FAM 495 C.06);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section II: Key Audit Areas: 6. Did the audit team evaluate the
reasonableness of significant accounting estimates made by management?
(AU 342);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section II: Key Audit Areas: 7. Were known and likely misstatements
identified in the testing of the key area carried forward to the
Schedule of Uncorrected Misstatements? (FAM 540.04 and FAM 595 C);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section II: Key Audit Areas: 8. Did an IS specialist review the
specific control evaluation to evaluate the audit team’s decision on
which controls are computer-related (including controls relating to
service-center-produced records)? (FAM 350.10);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Based on the risk of material misstatement, did the audit team perform
adequate substantive audit procedures for line items/accounts on the
following pages? (If not a key area, check the N/A box.)
Section II: Key Audit Areas: Fund Balance with Treasury (FBWT) Consider
these issues:
* Did the audit team test the entity’s year-end reconciliation of Fund
Balances with Treasury to Treasury accounts?
* Did the audit team determine if the entity
a. researched and resolved differences before making adjustments,
b. recorded any necessary adjustments in the entity’s FBWT accounts,
c. reported the adjustments to Treasury, if applicable, and:
d. disclosed in the notes to the financial statements material
unreconciled differences and budget clearing account differences at
year-end, and material unreconciled differences written off by the
entity during the year?
* Did the audit team assess (at absolute value) the materiality of
unreconciled differences, including those in budget clearing accounts?;
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section II: Key Audit Areas: Receivables: Consider these issues:
* If substantive audit procedures were performed prior to year-end, was
there an adequate review of transactions from the interim date to the
balance sheet date? (AU 313.08-.09)
* Were receivables confirmed and appropriate follow-up steps taken,
including second requests and subsequent collections? (AU 330.30-.32)
* Are receivables stated at net realizable value after allowance for
uncollectible accounts? (AU 342.02); N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section II: Key Audit Areas: Inventories: Consider these issues:
* Were physical inventories observed at locations where material
amounts were located? (AU 331)
* If perpetual inventory records are maintained, does the documentation
indicate that differences disclosed by the physical inventory (or cycle
counts) are properly reflected in the financial statements? (AU 331)
* When the physical inventory is taken at a date other than the balance
sheet date (or where rotating procedures are used), did the auditor
consider inventory transactions between the inventory date(s) and the
balance sheet date? (AU 313.08-.09)
* Does the documentation contain evidence that counts were correctly
made and recorded (was control over inventory tags or count sheets
maintained) and test count quantities were reconciled with the counts
reflected in the final inventory? (AU 331)
* Were there adequate tests of
a. clerical accuracy of the inventory,
b. costing methods and substantiation of costs used in pricing all
elements of the inventory, and:
c. cutoff?
* Were analytical procedures used to test the overall valuation of
inventories?; N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section II: Key Audit Areas: Investments Consider these issues:
* Was a summary schedule prepared (or obtained) and details tested with
respect to the description, purchase price and date, changes during the
period, income, market value, etc. of investments?
* Were securities either examined or confirmed? (AU 332);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section II: Key Audit Areas: Property, Plant, and Equipment Consider
these issues:
* Was a summary schedule prepared (or obtained) to show beginning
balances, changes during the period, and ending balances for
a. property, plant, and equipment, and b. accumulated depreciation
and were significant activity and balances tested, particularly for
existence and other significant assertions?
* Were property items capitalized or expensed in accordance with
consistent capitalization limits?
* Did the audit team perform tests of completeness, such as testing
from disbursements to property records?
* Do the tests appear adequate and were proper conclusions drawn?;
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section II: Key Audit Areas: Liabilities Consider these issues:
* Did the audit team perform an adequate search for unrecorded
liabilities?
* Did the audit team consider expenses that might require accrual
(e.g., pensions, compensated absences, other postretirement benefits,
or postemployment benefits provided to former or inactive employees
prior to retirement), and whether accrued expenses were reasonably
stated?;
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section II: Key Audit Areas: Liabilities: Consider these issues:
* Did the audit team perform an adequate search for unrecorded
liabilities?
* Did the audit team consider expenses that might require accrual
(e.g., pensions, compensated absences, other postretirement benefits,
or postemployment benefits provided to former or inactive employees
prior to retirement), and whether accrued expenses were reasonably
stated?;
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section II: Revenue and Expenses: Consider these issues:
* Did the audit team compare revenue and expenses for the period to
expectations, based on the budget and the results of the preceding
period? (AU 329)
* For significant variances and fluctuations from expectations, were
management’s explanations corroborated with other audit evidence or if
explanations could not be obtained, were other audit procedures
performed to determine whether the variance is a misstatement? (AU 329)
* Did the audit team consider
a. the entity’s revenue recognition policy, b. unusual transactions, and
c. fraud risks?
* Do tests appear adequate, and were proper conclusions drawn?;
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section II: Statement of Budgetary Resources: Consider these issues:
* Were appropriate procedures applied, such as a. understanding and
testing the budget execution controls,
b. tests of the process of preparing the statement,
c. tests of undelivered orders, and d. review of reconciliation to the
President’s Budget?;
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section III: Consultation:
1. Where warranted by the complexity or unusual nature of an issue (for
example, issues where the FAM requires consultation, issues not
discussed in the FAM or professional standards, going concern issues,
economic dependency issues, issues arising after report issuance), was
there appropriate consultation with specialists, including the:
* Reviewer,
* Statistician,
* Office of General Counsel, and
* Technical Accounting and Auditing Expert? (FAM 100.26 and FAM
Appendix A); N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section III: Consultation:
2. Were significant consultations appropriately documented? (FAM
100.26);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section III: Consultation:
3. Were the persons consulted made aware of all relevant facts and
circumstances?;
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section IV: Report:
1. Does the auditor’s report or document containing the auditor’s
report (FAM 580.04, 580.77) include a. highlights page or executive
summary (for GAO reports);
b. transmittal letter (if appropriate); c. conclusions on:
i. financial statements,
ii. internal control,
iii. whether the entity’s financial management systems substantially
complied with the requirements of the Federal Financial Management
Improvement Act of 1996 (FFMIA) for CFO act agencies,
iv. compliance with laws and regulations, and v. consistency of other
information with financial statements?
d. objectives, scope, and methodology, including description of
instances where GAGAS and OMB audit guidance were not followed; and e.
entity comments and auditor evaluation?; N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section IV: Report:
2. Is the auditor’s report (FAM 580) appropriate as to a. wording,
b. scope of work,
c. U.S. GAAP,
d. explanatory paragraphs,
e. opinion/disclaimer on financial statements, f. opinion/conclusions
on internal control, g. conclusions on whether the entity’s financial
management systems substantially comply with the requirements of FFMIA
(for CFO Act agencies), and
h. reporting on compliance with laws and regulations?;
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section IV: Report:
3. Is background material (purpose, authority, and functions of
programs/activities) limited to what is necessary?;
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section IV: Report:
4. Is the auditor’s report dated when all appropriate, sufficient audit
evidence is obtained to support the opinion and all significant issues
are resolved? (AU 530, FAM 580);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section IV: Report:
5. Does the auditor’s report cover all periods for which financial
statements are presented? (AU 508.65); N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section IV: Report:
6. If the financial statements of a prior period are presented and have
been audited by a predecessor auditor whose report is not presented,
does the auditor’s report refer to the predecessor auditor’s report?
(AU 508.74);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section IV: Report:
7. Does the auditor’s report describe the responsibility the auditor is
taking for supplementary information, including stewardship
information? (AU 551; FAM 580.78-.81);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section IV: Report:
8. When illegal acts involve funds received from other governmental
entities, did the audit team a. satisfy itself that the audited entity
notified the proper officials of those entities within a reasonable
time?
b. report these acts to the officials of those other governmental
entities if the entity did not, or was unable to do so because the top
official was involved? (GAGAS, par. 5.15-.18); N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section IV: Report:
9. Does the auditor’s report include a. identification of which matters
are significant deficiencies and which are material weaknesses (GAGAS,
par. 5.11), and
b. presentation of all identified (1) instances of fraud and illegal
acts that are more than inconsequential, (2) material violations of
provisions of contracts or grant agreements, and (3) material abuse?
(GAGAS, par. 5.15); N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section IV: Report:
10. When appropriate, did the audit team report directly to outside
parties on fraud; illegal acts; violations of provisions of contracts
or grant agreements; or abuse? (GAGAS, par. 5.18);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section IV: Report:
11. Did the auditor consider the status of all known significant
findings and recommendations from prior audits that affect the current
year report, including whether any failure to correct previously
identified deficiencies in internal control is a significant deficiency
or material weakness? (GAGAS pars. 5.11- .14.);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section IV: Report:
12. Did the auditor document the basis to support (FAM 580.01) the
a. opinion about whether the financial statements and disclosures
comply in all material respects with U.S. GAAP (FAM 560),
b. opinion/conclusion on internal control, c. conclusion on whether the
entity’s financial management systems substantially comply with the
requirements of FFMIA, (for CFO act agencies), and
d. conclusion on compliance with laws and regulations?;
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section IV: Report:
13. Did the auditor document the basis for reported findings on
a. internal control deficiencies, including classification of control
deficiencies as material weaknesses, other significant deficiencies, or
other control deficiencies (FAM 590.05), b. entity’s financial
management systems lack of substantial compliance with the requirements
of FFMIA for CFO act agencies (FAM 590.06), and c. noncompliance with
laws and regulations (FAM 590.07), if any?;
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section IV: Report:
14. Did the auditor develop the elements of audit findings to include
(where appropriate and known) the a. condition (describe the existing
situation), b. criteria (state what we are comparing to), c. cause
(reflect reason or reasons why the condition and criteria differ), and
d. effect (describe the result of the difference between the condition
and criteria)? (GAGAS paragraphs 4.14-.18);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section IV: Report:
15. Are recommendations and suggestions reasonable, doable, and cost-
effective?;
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section IV: Report:
16. Does the report obtain the views of responsible officials in agency
comments to include: a. either oral or written comments, b. titles of
senior official(s) involved, c. accurate characterization of general
agreement or disagreement with the report, d. description of the
substance of the comments, and
e. auditor evaluation of the comments, particularly if they disagree,
are inconsistent, or conflict with the report findings, conclusions, or
recommendations.
(GAGAS paragraphs 5.32-.37);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section IV: Report:
17. Are there control deficiencies that do not meet the criteria for
significant deficiencies and do not affect the auditor’s conclusions as
to the effectiveness of internal controls that the auditor may
communicate orally or in a separate management report? If so, did the
auditor document any oral communications? (FAM 580.49, FAM 590.05, and
GAGAS par. 5.14); N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section V: GAO’s Report Considerations: 1. Overall, does the GAO report
have the following characteristics a. Professional: The work reflects
an understanding of the issues, an awareness of the external
environment, including sensitivity to relevant trends, and a practical
approach to what can be done to deal with the problems noted. b.
Accurate: Information and findings are presented accurately with no
notable errors in logic or reasoning. c. Objective: The presentation is
fair and impartial and the tone is constructive and objective.
d. Fact-based: Information and findings are stated completely, which
includes all necessary facts and/or explanations without unproven or
uncorroborated material, and any conflicting evidence is resolved.
e. Balanced: Sound and logical evidence is presented to support
conclusions, adjectives or adverbs are not used to characterize
evidence in a way that implies criticism or conclusions by innuendo,
and positive aspects of programs or issues reviewed are appropriately
recognized.
f. Timely and Useful: Relevant and timely information is presented.
g. Clear and Concise: The presentation is clear, concise, and well
organized with the message presented logically in a writing style
adapted to the audience; Yes: [Empty].
Section VI: GAO’s Quality Control: 1. Was the GAO report reviewed by
the a. audit director (first partner), b. engagement quality control
reviewer (second partner),
c. Office of the General Counsel (form 124A), d. Applied Research &
Methods (form 124C), and e. other stakeholders (form124C); N/A:
[Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section VI: GAO’s Quality Control: 3. Did the assistant director review
the a. entity profile or equivalent (FAM 290.04), b. audit strategy (AU
311.13-.14) or equivalent, including sampling approach (FAM 290.05), c.
account risk analyses or equivalent (FAM 290.07), d. initial audit plan
with procedures (FAM 290.09), e. line item/account lead schedules, f.
completed audit plan with procedures (FAM 290.09),
g. specific control evaluations (FAM 330.07), h. audit summary
memorandum (FAM 590.02-.03), i. Checklist for Federal Accounting (FAM
2010) and Checklist for Federal Reporting and Disclosures (FAM 2020)
for statements using U.S. GAAP promulgated by FASAB,
j. financial reporting and disclosure checklist for statements using
GAAP promulgated by FASB, k. management representation letter (FAM
1001), l. legal representation letter (FAM 1002), m. schedule of
uncorrected misstatements (FAM 595 C),
n. exit conference memorandum (FAM 590.10), o. GAO report with entity
financial statements and related disclosures,
p. referencing review sheet (GAO form 92), q. GAO abbreviated audit
documentation set, and r. this audit completion checklist (FAM 1003)?
(FAM 1301.17);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section VI: GAO’s Quality Control: 4. Did the assistant director
determine that all significant review notes were resolved
appropriately? (FAM 1301.27-.28);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section VI: GAO’s Quality Control: 5. Did the assistant director
indicate that all documentation was sufficiently reviewed? (FAM
1301.05); N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section VI: GAO’s Quality Control: 6. Were review notes, superseded
versions of documentation, and draft reports (except the referenced
draft and the draft sent to the entity for comment), including review
notes and superseded versions in electronic form, placed in a separate
folder to be retained until the report is released, after which they
may be destroyed or deleted electronically up to 60 days after the
report release date? (FAM 1301.28); N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section VI: GAO’s Quality Control: 7. Were review responsibilities
documented and communicated to all individuals on the assignment? (FAM
1301.23);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section VI: GAO’s Quality Control: 8. Was documentation prepared by an
IS specialist reviewed by an IS manager or IS assistant director for
technical content and by a member of the audit team to determine that
related audit objectives were achieved? (FAM 1301.24);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section VI: GAO’s Quality Control: 9. For areas that are both material
and have high risk of material misstatement, did the audit director or
assistant director perform secondary reviews of the documentation? (FAM
1301.12);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section VI: GAO’s Quality Control: 10. Was all documentation prepared
by the audit director or assistant directors read by the auditor-in-
charge to determine its consistency with any related documentation?
(FAM 1301.15);
N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section VI: GAO’s Quality Control: 11. If the documentation indicated a
difference of opinion between engagement personnel or between
engagement personnel and a specialist or other person consulted, was
the difference resolved appropriately and was the basis of the
resolution documented? (FAM 1302); N/A: [Empty];
Yes: [Empty];
No*: [Empty];
Ref.: [Empty].
Section VII: Explanation of “No*” Answers and Other Comments:
The page below is provided for comments on all “No*” answers or to
expand upon any of the “Yes” and “N/A” answers as needed, and may be
modified as necessary.
* For some questions, “No” answers may indicate departures from
professional standards or from auditor policies. The auditor should
explain all “No” answers below and determine the effects and
significance of “No” answers, including any effect on the auditor’s
report.
Section VIII: Conclusions: Based on your review and knowledge, do you
believe: 1. The audit team performed the engagement, in all material
respects, in accordance with GAGAS (which include U.S. GAAS) and
applicable OMB guidance, or the auditor’s report was appropriately
modified?;
Yes: [Empty];
No**: [Empty].
Section VIII: Conclusions: 2. The financial statements conformed, in
all material respects, with U.S. GAAP, or the auditor’s report was
appropriately modified?; Yes: [Empty];
No**: [Empty].
Section VIII: Conclusions: 3. The auditor’s report was appropriate in
the circumstances?; Yes: [Empty];
No**: [Empty].
Section VIII: Conclusions: 4. The documentation on this engagement
supports the auditor’s • opinion on the financial statements, •
opinion/conclusions on internal control, • conclusions on whether the
entity’s financial management systems substantially comply with the
requirements of FFMIA (for CFO act agencies), and
• conclusions on compliance with laws and regulations; Yes: [Empty];
No**: [Empty].
Section VIII: Conclusions: 5. The audit team complied, in all material
respects, with the audit organization’s policies and procedures; Yes:
[Empty];
No**: [Empty].
** If any of the above 5 statements have “No” responses, please
describe the response in a memorandum to the reviewer.
Date of audit completion:
Auditor-In-Charge:
Date:
Audit Manager:
Date:
Assistant Director:
Date:
Audit Director:
Date:
Section IX: Engagement Quality Control Review (Second Partner[Footnote
64] Review):
Objective of second partner review: To objectively review significant
auditing, accounting, and reporting matters and to conclude, based on
all facts the reviewer has knowledge of, that, except as discussed in
the report, no matters were found that caused the second partner to
believe that (1) the audit was not performed in accordance with GAGAS
and OMB audit guidance (if applicable), (2) the financial statements
are not, in all material respects, in conformity with U.S. GAAP, and
(3) the report does not meet professional standards and the auditor’s
policies and core values. Procedures: Before the report was issued, I
performed the following procedures:
* Discussed significant auditing, accounting, and reporting issues with
the audit director (first partner);
* Discussed the audit team’s identification of high-risk balances and
transactions and the audit of those balances and transactions;
* Reviewed documentation on the resolution of significant auditing,
accounting, and reporting issues, including documentation of
consultation with statisticians, IS specialists, and others;
* Reviewed the summary of uncorrected misstatements;
* Read the audit summary memorandum;
* Read the entity financial statements, audit report, and related
disclosures; and
* Confirmed with the audit director (first partner) that there are no
unresolved issues.
Conclusion:
Based on all the relevant facts of which I have knowledge, I found no
matters, except as discussed in the report, that cause me to believe
that (1) the audit was not performed in accordance with GAGAS and OMB
audit guidance (if applicable), (2) the financial statements are not,
in all material respects, in conformity with U.S. GAAP, and (3) the
report is not in accordance with professional standards and the
auditor’s policies and core values.
In signing this form, I acknowledge that there have been no personal or
external impairments to independence regarding my work on this
engagement.
Engagement quality control reviewer name & title:
Signature:
Date:
1005 - Subsequent Events Review:
.01: This section deals with the subsequent events review that the
auditor must perform as part of the audit, as described in FAM 550. AU
560 describes and provides guidance on the types of subsequent events
the auditor should evaluate as well as the procedures that the auditor
generally should perform to discover whether such events have occurred.
.02: Subsequent events are those events or transactions that may occur
or become known subsequent to the date of the financial statements but
before the audit report is issued and that have a material effect on
the financial statements which the auditor should ask management to
adjust the financial statements for the effect of the event or disclose
the event.
.03: Two types of subsequent events may occur:
* Events occurring after the date of the financial statements that
provide additional information about conditions existing at the date of
the financial statements and that affect amounts recorded (or which
management should record) in the financial statements. For example, a
subsequent event may reveal that an accounting estimate is materially
incorrect and that the auditor should ask management to adjust the
financial statements for the effect of the event.
* Events occurring after the date of the financial statements that
provide information about conditions that did not exist at the date of
the financial statements. The auditor should not ask management to
adjust the financial statements for these events, but disclosure of
them may be necessary to prevent the statements from being misleading.
For example, a fire or flood after year-end may cause a significant
loss.
.04: The purpose of a subsequent events review is to determine whether
all subsequent events that have a material effect on the financial
statements have been considered and treated appropriately in the
financial statements. The subsequent period covered is from the date of
the financial statements to the date of the audit report, which is the
date of the completion of thea audit.[Footnote 65]
Audit Procedures:
.05: At or near the completion of the audit, the auditor should perform
procedures to be aware of any subsequent events that the auditor may
ask management to adjust or disclose in the financial statements. These
procedures are in addition to substantive tests that the auditor may
apply to transactions occurring after the date of the financial
statements, such as examining subsequent disbursements to test
completeness of accounts payable.
.06: The following program describes audit procedures that the auditor
may perform as part of a subsequent events review. The auditor
generally should customize the procedures for the particular entity.
Entity:
Period of financial statements:
Job code:
Subsequent Events Review Program -- Audit Procedures: I. Read Interim
Financial Statements: 1) Compare the latest available interim financial
statements, if any, with the financial statements under audit to
identify any unusual adjustments and investigate any significant
variations from expectations.
2) Inquire as to whether the interim statements have been prepared on
the same basis as the annual statements.
3) For items in the statement of net costs, compare to similar interim
financial statements of the prior year; determine expectations and
investigate any significant variations from expectations.
4) If interim financial statements are not available: a) Compare
interim internal financial reports or analyses, budgets, or cash-flow
forecasts, considering any adjustments to the internal reports that may
be necessary to make meaningful comparisons.
b) Review the accounting records prepared since the date of the
financial statements for material transactions that may require
adjustment to or disclosure in the financial statements. For example,
scan the general ledger and/or journals for material, unusual entries;
Done by/date: [Empty];
Doc. Ref.: [Empty].
Subsequent Events Review Program -- Audit Procedures: II. Make
Inquiries of Management as to: 1) Whether any significant contingent
liabilities or commitments existed at the date of the financial
statements or at the date of the inquiry. 2) Whether any significant
changes occurred in the financial condition of the entity or in net
position or long-term debt.
3) The current status of items in the financial statements that were
accounted for on the basis of tentative, preliminary, or inconclusive
data. 4) Whether any significant changes in estimates were made with
respect to amounts included or disclosed in the financial statements,
or any significant changes in assumptions or factors were considered in
determining estimates.
5) Whether any unusual adjustments were made during the period from the
date of the financial statements to the date of inquiry.
6) Whether any significant events occurred subsequent to the date of
the financial statements, such as commitments or plans for major
capital expenditures; lawsuits or claims filed or settled other than
those disclosed in the lawyers’ letters; changes in accounting and
financial policies; or losses as a result of fire, flood, or other
disaster; Done by/date: [Empty];
Doc. Ref.: [Empty].
Subsequent Events Review Program -- Audit Procedures: III. Read
Minutes: 1) Read the available minutes of meetings of those charged
with governance such as entity management committees, audit committees,
or other appropriate groups, including the period after the date of the
financial statements, for information about events or transactions
authorized or discussed which may require adjustment to or disclosure
in the financial statements.
2) With regard to meetings for which no minutes are available, inquire
about matters dealt with at such meetings and conclusions reached; Done
by/date: [Empty];
Doc. Ref.: [Empty].
Subsequent Events Review Program -- Audit Procedures: IV. Cover in
Lawyers’ Letters: 1) Confirm litigation, claims, and assessments and
unasserted claims and assessments with the entity’s legal counsel per
AU 337. See FAM 550 and FAM 1002; Done by/date: [Empty];
Doc. Ref.: [Empty].
Subsequent Events Review Program -- Audit Procedures: IV. Cover in
Lawyers’ Letters: 1) Confirm litigation, claims, and assessments and
unasserted claims and assessments with the entity’s legal counsel per
AU 337. See FAM 550 and FAM 1002; Done by/date: [Empty];
Doc. Ref.: [Empty].
Subsequent Events Review Program -- Audit Procedures: V. Cover in
Management Representation Letter: 1) Have management include
representations in its management representation letter as to whether
any events occurred subsequent to the date of the financial statements
that management should adjust or disclose in the financial statements.
See FAM 1001; Done by/date: [Empty];
Doc. Ref.: [Empty].
Subsequent Events Review Program -- Audit Procedures: VI. Other: 1) Use
other sources of information to learn of subsequent events, such as:
a) Talk to inspector general or internal audit department.
b) Talk to program divisions.
c) Read newspapers.
2) Make additional inquiries or perform additional procedures deemed
necessary to resolve any questions raised in the foregoing audit steps.
3) Prepare a summary memo documenting the results of the above and
conclusions reached; Done by/date: [Empty];
Doc. Ref.: [Empty].
[End of section]
Footnotes:
[1] The term “auditor,” throughout the FAM includes individuals who may
be titled auditor, analyst, evaluator, or have a similar position
description.
[2] IG audits are used by GAO as principal auditor of the U.S.
government consolidated financial statements. For the GAO audit of the
Bureau of Public Debt (BPD), GAO is the other auditor and the CPA firm
under contract to the Treasury IG is the principal auditor when it
reports on the Treasury Department consolidated financial statements.
[3] The AICPA also issued Practice Alert 2002-02, Use of Specialists.
[4] IGs are designated by the CFO Act to audit their agencies, but have
the authority to contract with another auditor to perform the audits.
GAO is mandated by 31 U.S.C. 331(e) to audit the U.S. government’s
consolidated financial statements.
[5] There may be situations where the auditor is asked to provide a
separate opinion in addition to presenting the other auditors’ report,
or serves as the contracting officer’s technical representative (COTR).
In these situations, the auditor should follow the wording in FAM 595 A
and/or FAM 595 B, and should add the following in lieu of the
introduction to the first paragraph on FAM 595 A-5: “To help fulfill
these responsibilities, we contracted with the independent certified
public accounting firm of [insert firm name] to perform a financial
statement audit in accordance with U.S. generally accepted government
auditing standards, OMB's bulletin, Audit Requirements for Federal
Financial Statements, and the GAO/PCIE Financial Audit Manual. The
report of [name of CPA firm] dated [date] is attached. We evaluated the
nature, extent, and timing of the work, monitored progress throughout
the audit, reviewed the audit documentation of [name of CPA firm], met
with partners and staff members of [name of firm], evaluated the key
judgments, met with officials of [entity being audited], performed
independent tests of the accounting records [if applicable], and
performed other procedures we deemed appropriate in the circumstances.
Our opinions expressed above are consistent with the opinions of [name
of CPA firm].
[6] Under the CFO Act, if an executive agency IG is not performing the
audit of the agency’s financial statements, required under 31 U.S.C.
3515, the IG is required to determine the independent external auditor
(CPA firm) that will perform the work.
[7] Obtaining a representation from an appropriate official of the
audit organization is similar to the procedure for CPA firms under AU
543.10b.
[8] Some CPA firms consider internal inspection reports as proprietary
documents not subject to auditor review. This issue can be resolved by
either allowing the auditor access to inspection reports or providing
the auditor with a summary or representation about inspection results
as a condition of the contract.
[9] Further information on the PCAOB inspection report process is
available at [hyperlink, http://www.pcaobus.org].
[10] The auditor may refer to the AICPA Practice Aid, Establishing and
Maintaining a System of Quality Control for a CPA Firm’s Accounting and
Auditing Practice (2007) and GAGAS 3.55-3.63.
[11] Sufficiency is the measure of the quantity of evidence.
Appropriateness is the measure of the quality of audit evidence, that
is, its relevance and reliability in providing support for, or
detecting misstatements in, the classes of transactions, account
balances, and disclosures and related assertions. These measures
originated in SAS No. 106, Audit Evidence, and are codified at AU
326.08. They are effective for audits of financial statements for
periods beginning on or after December 25, 2006.
[12] This could be the PCAOB inspection report for a CPA firm.
[13] If the other auditors did not provide an opinion (i.e., did not
give positive assurance) on whether the entity’s systems complied with
FFMIA, change this to “no instances in which entity’s financial
management systems did not substantially comply” (negative assurance).
[14] If the other auditors did not provide an opinion on internal
control, change this to “there were no material weaknesses in internal
control” (and include a definition of material weakness in a footnote).
[15] If the other auditors did not provide an opinion (i.e., did not
give positive assurance) on whether the entity’s systems complied with
FFMIA, change this to “no instances in which entity’s financial
management systems did not substantially comply” (negative assurance).
[16] Non-GAO auditors may combine bullets 3 and 4.
[17] If the other auditors did not provide an opinion on internal
control, change this to read “conclusions about the effectiveness of
internal control.”
[18] If the other auditors did not provide an opinion on FFMIA change
“opinion” to “conclusions.”
[19] If the auditor found that the other auditors did not comply with
GAGAS, or if the auditor disagrees with the other auditors’
conclusions, see FAM 650.54-.56.
[20] This example assumes the other auditors opined on internal control
and on whether the financial management systems substantially complied
with FFMIA. If the other auditors provided negative assurance,
appropriate changes are needed.
[21] If the auditor does not concur with the other auditors’ report,
see FAM 650.54-.56.
[22] The auditor may request the users to document their agreement with
the procedures and their sufficiency for their purposes by signing the
engagement letter and returning it to the auditor.
[23] The FAM addresses FFMIA as part of internal control. OMB audit
guidance dated September 4, 2007, no longer lists FFMIA in Appendix E
as a general law for compliance with laws and regulations (FAM 800).
[24] The Financial Systems Integration Office (FSIO) coordinates work
related to federal financial management systems requirements and OMB’s
Office of Federal Financial Management (OFFM) issues new or revised
systems requirements. All documents and other guidance related to
financial management system requirements initially issued by JFMIP were
transferred to OFFM and remain in effect until modified.
[25] JFMIP SR -01-04.
[26] Shared systems are governmentwide systems used by agencies with
information and data definitions common to all users.
[27] As part of the realignment of JFMIP, in December 2004, the
responsibility for certifying core financial management systems was
transferred to FSIO.
[28] GFRS is the Governmentwide Financial Reporting System used since
FY 2004 to collect audited financial statements (closing package) from
verifying (larger) federal agencies. FACTS is Treasury’s Federal
Agencies’ Centralized Trial-Balance System for non-verifying (smaller)
federal entities. FACTS I collects trial balance information at the
fund group level using the SGL for inclusion in the Annual Financial
Report of the U.S. Government. FACTS II collects mostly budgetary
information for reporting in the Budget of the United States
Government.
[29] Plan of Action and Milestone (POAM) reports required by OMB under
FISMA.
[30] The Joint Financial Management Improvement Program (JFMIP),
Financial Systems Integration Office (FSIO) provides core financial
management systems requirements to be included in Commercial-Off-The-
Shelf (COTS) applications.
[31] These tools are based on the best practices guidance received from
the participating accounting and auditing firms and the AICPA
publication, Practice Alert No. 95-3, Auditing Related Parties and
Related Party Transactions.
[32] A permanent, indefinite appropriation, commonly known as the
Judgment Fund, is available to pay final judgments, settlement
agreements, and certain types of administrative awards against the
United States when payment is not otherwise provided for. The Secretary
of the Treasury certifies all payments from the fund. (See 31 U.S.C.
1304, Judgments, awards, and compromise settlements.) FASAB
Interpretation No. 2 clarifies how federal entities report the costs
and liabilities arising from claims to be paid by the Judgment Fund and
how the Judgment Fund accounts for the amounts that it is required to
pay on behalf of federal entities.
[33] In accordance with OMB Circular No. A-136, examples of
unreimbursed costs that reporting entities are required to recognize
include (but are not limited to): (1) employees’ pension, post-
retirement health and life insurance benefits, (2) other post-
employment benefits for retired, terminated, and inactive employees,
which includes unemployment and workers compensation under the Federal
Employees’ Compensation.
[34] Act (5 U.S.C. Ch. 81), and (3) losses in litigation proceedings
(see FASAB Interpretation No. 2, Accounting for Treasury Judgment Fund
Transactions). In the case of employee benefits, the imputed amount is
the difference between employer/employee contributions and the total
cost of the benefit.
[35] Trading partners are federal agencies, bureaus, programs or other
entities (within or between entities) participating in transactions
with each other as related parties.
[36] The Government Wide Accounting (GWA) system is being implemented
over the next several years and the SOD is scheduled to be eliminated
(see FAM 921.11-.12).
[37] Reciprocal accounts are corresponding SGL accounts seller and
buyer entities use to record like intragovernmental transactions. For
example, the seller entity’s accounts receivable would normally be
reconciled to the reciprocal account, accounts payable, on the buyer
entity’s records. Examples of these accounts are in FMS’ Federal
Intragovernmental Transactions Accounting Policies Guide.
[38] Reliability of performance reporting will be excluded from the
internal control definition effective starting in fiscal year 2008.
[39] Appropriations may be annual, multiyear, or no-year.
[40] The closed group is defined as those persons who, as of a
valuation date, are participants in a social insurance program as
beneficiaries, covered workers, or payers of earmarked taxes or
premiums.
[41] The closed group is defined as those persons who, as of a
valuation date, are participants in a social insurance program as
beneficiaries, covered workers, or payers of earmarked taxes or
premiums.
[42] The Medicare Prescription Drug, Improvement, and Modernization Act
of 2003, Public Law 108-173, created a new prescription drug benefit
under Medicare Part D, which is also covered by SFFAS No. 17.
[43] The actuary can either be under contract with the independent
auditor or employed by the independent audit organization. In either
case, the actuary performing services for the auditor would need to
meet the independence standards of GAGAS, which are applicable to
audits of Statements of Social Insurance.
[44] Income (excluding interest) consists of payroll taxes from
employers, employees, and self-employed persons, revenue from federal
income taxation of scheduled OASDI benefits, and miscellaneous
reimbursements from the General Fund of the Treasury.
[45] Paragraph 25 of SFFAS No. 17, Accounting for Social Insurance,
states, in part, “The projections and estimates used should be based on
the entity’s best estimates of demographic and economic assumptions,
taking each factor individually and incorporating future changes
mandated by current law.” Certain entities prepare social insurance
information using assumptions prepared by a board of trustees. Auditors
should consider such assumptions to represent the entity’s “best
estimates” if the trustees have characterized them as such, and entity
management has determined them to be reasonable. With respect to these
assumptions, the auditor should perform audit procedures that are
consistent with the guidance in paragraphs 9 through 36 of SOP 04-1.
[46] The verifying agencies are the 24 CFO Act agencies and 11 other
federal agencies.
[47] The closing package process is a methodology designed to link
agencies’ comparative, audited consolidated, department-level financial
statements to the FR. The closing package is the data submitted by each
verifying agency for inclusion in the FR.
[48] Beginning in fiscal year 2006, TFM 2-4700 included these
requirements. The process and modules used by FMS to prepare the
consolidated Statements of Social Insurance and accompanying notes, and
supplemental information included in the FR may change in future years,
based on changes that may be made by FMS to TFM 2-4700.
[49] SFFAS No. 17, paragraph 27 (a)(1).
[50] SFFAS No. 17, paragraph 32 (a)(1).
[51] Financial interchange (FI) income consists of transfers from the
social security trust funds under a financial interchange between the
railroad retirement and the social security systems. While the railroad
retirement system has remained separate from the social security
system, the two systems were closely coordinated with regard to
earnings credits, benefit payments, and taxes. The purpose of this
financial coordination is to place the Social Security Old-Age
Survivors and Disability Insurance (OASDI) and Hospital Insurance (HI)
trust funds in the same position they would have been in if railroad
services were covered by the Social Security and Federal Insurance
Contribution acts.
[52] SFFAS No. 17, paragraph 30.
[53] When there is no general counsel and management has not consulted
legal counsel with regard to contingencies, the auditor should obtain a
written representation from management that legal counsel has not been
consulted. Such representation may be incorporated as an item in the
management representation letter. (See FAM 550 and FAM 1002.24.) An
example item is: “We are not aware of any pending or threatened
litigation, claims, or assessments or unasserted claims or assessments
that are required to be accrued or disclosed in the financial
statements in accordance with SFFAS No. 5. We have not consulted legal
counsel concerning litigation, claims, or assessments.” (See FAM 1001
A.)
[54] SFFAS No. 27 does not use the term “earmarked” as it is sometimes
used to refer to set-asides of appropriations for specific purposes.
[55] SFFAS No. 27 does not use the term “earmarked” as it is sometimes
used to refer to set-asides of appropriations for specific purposes.
[56] Including environmental and disposal liabilities -- a contingency
that is often a significant issue for the federal government.
[57] SFFAS No. 7 has guidance for reporting claims for tax refunds.
Rather than recognizing probable claims and disclosing other claims in
the notes to the financial statements, SFFAS No. 7 indicates that other
claims for refunds that are probable should be included as
supplementary information.
[58] A permanent, indefinite appropriation, commonly known as the
Judgment Fund, is available to pay final judgments, settlement
agreements, and certain types of administrative awards against the
United States when payment is not otherwise provided for. The Secretary
of the Treasury certifies all payments from the fund. (See 31 U.S.C.
1304, Judgments, awards, and compromise settlements.) FASAB
Interpretation No. 2 clarifies how federal entities report the costs
and liabilities arising from claims to be paid by the Judgment Fund and
how the Judgment Fund accounts for the amounts that it is required to
pay on behalf of federal entities.
[59] If the Judgment Fund will pay the claim, the entity still
recognizes the liability and cost at this time. Once the claim is
settled or a court judgment is assessed and the Judgment Fund is
determined to be the appropriate source for payment, the entity reduces
the liability by recognizing an (imputed) financing source. Note that
for Judgment Fund payments made under the Contract Disputes Act and the
Notification and Federal Employee Antidiscrimination and Retaliation
Act, the entity establishes a payable to reimburse the Judgment Fund.
[60] For example, for the fiscal year 2007 audit, OMB reporting
guidance stated that agencies should submit interim legal
representation letters to Department of Justice, Treasury’s Financial
Management Service, and GAO no later than August 29, 2007. This would
allow review of cases before external issuance. Final legal
representation letters were due no later than November 15, 2007.
[61] The Accounting and Auditing Policy Committee (AAPC) guidance
(Technical Release No. 1) clarifies FASAB Interpretation No. 2, with
respect to the Department of Justice’s role related to legal letters in
cases in which Justice’s legal counsels are handling legal matters on
behalf of other federal reporting entities. The letter from the
entity’s general counsel may provide sufficient evidence for the
auditor. If the auditor determines that additional evidence is needed
about a specific case, the auditor may request entity management and
legal counsel to send a legal letter request to Justice, directed to
the lead Justice legal counsel handling the case, asking that person to
provide a description and evaluation directly to the auditor.
[62] This includes any cases that do not seek monetary damage awards,
but would require the government to use financial resources to
implement remedies or actions sought by litigation or unasserted claims
(for example, to increase the scope of, or change to a more costly
methodology of, environmental restoration and cleanup).
[63] It is expected that cases or matters will be aggregated where
appropriate.
[64] For GAO financial audits this is the chief accountant or another
director who is a CPA and an experienced financial statement auditor.
[65] The auditor has two methods available for dating the report when a
subsequent event disclosed in the financial statement occurs after the
original date of the auditor’s report but before the issuance of the
related financial statements. In these instances, the auditor may use
either dual dating or may date the report as of a later date. When the
auditor dual dates the report, the responsibility for events occurring
subsequent to the original report date is limited to the specific event
referred to in the note (or otherwise disclosed). For example, January
31, 20x8 except for note X, as to which the date is February 16, 20x8.
When the auditor dates the report as of a later date, the auditor’s
responsibility for subsequent events extends to the date of the report
and accordingly, the auditor should extend the subsequent events
procedures to that date.
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each
weekday, GAO posts newly released reports, testimony, and
correspondence on its Web site. To have GAO e-mail you a list of newly
posted products every afternoon, go to [hyperlink, http://www.gao.gov]
and select "E-mail Updates."
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. Government Accountability Office:
441 G Street NW, Room LM:
Washington, D.C. 20548:
To order by Phone:
Voice: (202) 512-6000:
TDD: (202) 512-2537:
Fax: (202) 512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]:
E-mail: fraudnet@gao.gov:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Ralph Dawn, Managing Director, dawnr@gao.gov:
(202) 512-4400:
U.S. Government Accountability Office:
441 G Street NW, Room 7125:
Washington, D.C. 20548:
Public Affairs:
Chuck Young, Managing Director, youngc1@gao.gov:
(202) 512-4800:
U.S. Government Accountability Office:
441 G Street NW, Room 7149:
Washington, D.C. 20548: