This is the accessible text file for GAO report number GAO-01-765G entitled 'Financial Audit Manual: Volumes 1 and 2' which was released on August 01, 2001 and updated by GAO-03-466G entitled 'Financial Audit Manual: Update to Part II - Tools' which was released on April 01, 2003. This text file was formatted by the U.S. General Accounting Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. [This page intentionally left blank.] GAO/PCIE Financial Audit Manual: (including April 2003 update): This page was last revised April 28 ,2003: Volume 1 - Methodology [PDF 1.5mb] Cover to Volume 1 [PDF 8.3mb] Section 100 - Foreword, Table of Contents, Introduction: Section 200 - Planning: Section 300 - Internal Control: Section 400 - Testing: Section 500 - Reporting: Section Appendixes - Appendixes, Glossary, Abbreviations, Index: Volume 2 - Tools [PDF 3.0mb] Cover to Volume 2 [PDF 8.3mb] Section 600 - Planning and General: Section 700 - Internal Control: Section 800 - Compliance: Section 900 - Substantive Testing: Section 1000, except for CFO Act Checklist - Reporting: CFO Act Checklist, Beginning - Overview, General Items, Balance Sheet: CFO Act Checklist, End - Statements of Net Cost, Changes in Net Position, Budgetary Resources, Financing, Custodial Activity, Notes, and Supplementary Information: Other Related Guidance: GAO's FFMIA Reporting: Download zipped files that allow users to enter data: Sections 300, 400, and 500 - SCE (FAM 395 H - both transaction-related and line item-related), ARA (FAM 395 I), sampling documentation (FAM 495 E), example audit report and summaries of misstatements (FAM 595 A, B, C, and D): Sections 600 and 700 - example documentation and templates for using the work of others (FAM 650 B and C), agreed-upon procedures (FAM 660 A, B, C, and D), and testing compliance with FFMIA (FAM 701 A and B): Section 800 - general compliance checklist (FAM 802) and summary and audit procedures for other acts (FAM 803, 808, 809, 810, 812, 813, 814, 816, and 817): Sections 900 and 1000, except CFO Act checklist - example documentation and templates for related parties, including intragovernmental activity and balances (FAM 902 C), Fund Balance with Treasury (FAM 921 D), management representations (FAM 1001 A), inquiries of legal counsel (FAM 1002 A, B, C, and D), audit completion checklist (FAM 1003), and subsequent events review (FAM 1005): CFO Act checklist (FAM 1004): Financial Audit Manual: Foreword: On behalf of the General Accounting Office (GAO) and the President's Council on Integrity and Efficiency (PCIE), we are pleased to present the first-ever GAO/PCIE Financial Audit Manual. With passage of the Government Management and Reform Act of 1994, executive branch Inspectors General and GAO gained statutory responsibility for auditing agency and government-wide consolidated financial statements, respectively. Since that time, GAO and the PCIE community have worked cooperatively to ensure that these audits are of the highest possible quality, consistency, and cost-effectiveness. This manual is a natural outgrowth of that cooperation. More importantly, the new manual represents our ongoing efforts to ensure that financial statement audits achieve their intended outcomes of providing enhanced accountability over taxpayer-provided resources. We extend our thanks to the many individuals and organizations that provided comments and insights to make the manual stronger. The Task Force assembled by GAO and the PCIE also deserves much credit for its dedication to completing this project. Jeffrey C. Steinhoff Managing Director U.S. General Accounting Office The Honorable Gregory H. Friedman: Chair, Audit Committee: President's Council on Integrity and Efficiency: Signed by Jeffrey C. Steinhoff and Gregory H. Friedman: [End of section] CONTENTS: : 100; INTRODUCTION. 200; PLANNING PHASE. 210; Overview. 220; Understand the Entity's Operations. 225; Perform Preliminary Analytical Procedures. 230; Determine Planning, Design, and Test Materiality. 235; Identify Significant Line Items, Accounts, Assertions, and RSSI. 240; Identify Significant Cycles, Accounting Applications, and Financial Management Systems. 245; Identify Significant Provisions of Laws and Regulations. 250; Identify Relevant Budget Restrictions. 260; Identify Risk Factors. 270; Determine Likelihood of Effective Information System Controls. 275; Identify Relevant Operations Controls to Evaluate and Test. 280; Plan Other Audit Procedures. * Inquiries of Attorneys. * Management Representations. * Related Party Transactions. * Sensitive Payments. * Reaching an Understanding with Management and Requesters. * Other Audit Requirements. 285; Plan Locations to Visit. 290; Documentation. * Appendixes to Section 200: 295 A; Potential Inherent Risk Conditions. 295 B; Potential Control Environment, Risk Assessment, Communication, and Monitoring Weaknesses. 295 C; An Approach for Multiple-Location Audits. 295 D; Interim Substantive Testing of Balance Sheet Accounts. 295 E; Effect of Risk on Extent of Audit Procedures. 295 F; Types of Information System Controls. 295 G; Budget Controls. 295 H; Laws Identified in OMB Audit Guidance and Other General Laws. 295 I; Examples of Auditor Responses to Fraud Risk Factors. 295 J; Steps in Assessing Information System Controls. 300; INTERNAL CONTROL PHASE. 310; Overview. 320; Understand Information Systems. 330; Identify Control Objectives. 340; Identify and Understand Relevant Control Activities. 350; Determine the Nature, Timing, and Extent of Control Tests and of Tests for Systems' Compliance with FFMIA Requirements. 360; Perform Nonsampling Control Tests and Tests for Systems' Compliance with FFMIA Requirements. 370; Assess Controls on a Preliminary Basis. 380; Other Considerations. 390; Documentation. Appendixes to Section 300: 395 A; Typical Relationships of Accounting Applications to Line Items/ Accounts. 395 B; Financial Statement Assertions and Potential Misstatements. 395 C; Typical Control Activities. 395 D; Selected Statutes Relevant to Budget Execution. 395 E; Budget Execution Process. 395 F; Budget Control Objectives. 395 F Sup; Budget Control Objectives - Federal Credit Reform Act Supplement. 395 G; Rotation Testing of Controls. 395 H; Specific Control Evaluation Worksheet. 395 I; Account Risk Analysis Form. 400; TESTING PHASE. 410; Overview. 420; Consider the Nature, Timing, and Extent of Tests. 430; Design Efficient Tests. 440; Perform Tests and Evaluate Results. 450; Sampling Control Tests. 460; Compliance Tests. 470; Substantive Tests - Overview. 475; Substantive Analytical Procedures. 480; Substantive Detail Tests. 490; Documentation. Appendixes to Section 400: 495 A; Determining Whether Substantive Analytical Procedures Will Be Efficient and Effective. 495 B; Example Procedures for Tests of Budget Information. 495 C; Guidance for Interim Testing. 495 D; Example of Audit Matrix with Statistical Risk Factors. 495 E; Sampling. 495 F; Manually Selecting a Dollar Unit Sampling. 500; REPORTING PHASE. 510; Overview. 520; Perform Overall Analytical Procedures. 530; Determine Adequacy of Audit Procedures and Audit Scope. 540; Evaluate Misstatements. 550; Conclude Other Audit Procedures. * Inquiries of Attorneys. * Subsequent Events. * Management Representations. * Related Party Transactions. 560; Determine Conformity with Generally Accepted Accounting Principles. 570; Determine Compliance with GAO/PCIE Financial Audit Manual. 580; Draft Reports. * Financial Statements. * Internal Control. * Financial Management Systems. * Compliance with Laws and Regulations. * Other Information in the Accountability Report. 590; Documentation. Appendixes to Section 500: 595 A; Example Auditor's Report - Unqualified. 595 B; Suggested Modifications to Auditor's Report. 595 C; Example Summary of Possible Adjustments. 595 D; Example Summary of Unadjusted Misstatements. APPENDIXES. A; Consultations. B; Instances Where the Auditor "Must" Comply with the FAM. GLOSSARY. ABBREVIATIONS. INDEX. [End of table] SECTION 100: Introduction: Table 1: Methodology Overview: Figure 100.1: Methodology Overview: Planning Phase: Understand the entity's operations: Section: 220: Perform preliminary analytical procedures: Section: 225: Determine planning, design, and test materiality: Section: 230: Identify significant line items, accounts, assertions, and RSSI: Section: 235: Identify significant cycles, accounting applications, and financial management systems: Section: 240: Identify significant provisions of laws and regulations: Section: 245: Identify relevant budget restrictions: Section: 250: Assess risk factors: Section: 260: Determine likelihood of effective information system controls: Section: 270: Identify relevant operations controls to evaluate and test: Section: 275: Plan other audit procedures: Section: 280: Plan locations to visit: Section: 285: Internal Control Phase: Understand information systems: Section: 320: Identify control objectives: Section: 330: Identify and understand relevant control activities: Section: 340: Determine the nature, timing, and extent of control tests and of tests for systems' compliance with FFMIA requirements: Section: 350: Perform nonsampling control tests and tests for systems' compliance with FFMIA requirements: Section: 360: Assess controls on a preliminary basis: Section: 370: Testing Phase: Consider the nature, timing, and extent of tests: Section: 420: Design efficient tests: Section: 430: Perform tests and evaluate results: Section: 440: Sampling control tests: Section: 450: Compliance tests: Section: 460: Substantive tests: Section: 470: Substantive analytical procedures: Section: 475: Substantive detail tests: Section: 480: Reporting Phase: Perform overall analytical procedures: Section: 520: Determine adequacy of audit procedures and audit scope: Section: 530: Evaluate misstatements: Section: 540: Conclude other audit procedures: Section: 550: Inquire of attorneys: Consider subsequent events: Obtain management representations: Consider related party transactions: Determine conformity with generally accepted accounting principles: Section: 560: Determine compliance with GAO/PCIE Financial Audit Manual: Section: 570: Draft reports: Section: 580: [End of table] .01: This introduction provides an overview of the methodology of the General Accounting Office (GAO) and the President's Council on Integrity and Efficiency (PCIE) for performing financial statement audits of federal entities, describes how the methodology relates to relevant auditing and attestation standards and Office of Management and Budget (OMB) guidance, and outlines key issues to be considered in using the methodology. OVERVIEW OF THE METHODOLOGY: .02 The overall purposes of performing financial statement audits of federal entities include providing decisionmakers (financial statement users) with assurance as to whether the financial statements are reliable, internal control is effective, and laws and regulations are complied with. To achieve these purposes, the approach to federal financial statement audits involves four phases: * Plan the audit to obtain relevant information in the most efficient manner. * Evaluate the effectiveness of the entity's internal control and, for Chief Financial Officers (CFO) Act Agencies and components designated by OMB, whether financial management systems substantially comply with the requirements of the Federal Financial Management Improvement Act of 1996 (FFMIA): federal financial management systems requirements, applicable federal accounting standards,[Footnote 1] and the U.S. Government Standard General Ledger (SGL) at the transaction level.[Footnote 2] * Test the significant assertions related to the financial statements and test compliance with laws and regulations. * Report the results of audit procedures performed. These phases are illustrated in figure 100.1 and are summarized below. [Footnote 3] Planning Phase: .03: Although planning continues throughout the audit, the objectives of this initial phase are to identify significant areas and to design efficient audit procedures. To accomplish this, the methodology includes guidance to help in * understanding the entity's operations, including its organization, management style, and internal and external factors influencing the operating environment; * identifying significant accounts, accounting applications, and financial management systems; important budget restrictions, significant provisions of laws and regulations; and relevant controls over the entity's operations; determining the likelihood of effective information systems (IS) controls; performing a preliminary risk assessment to identify high-risk areas, including considering the risk of fraud; and: planning entity field locations to visit. Internal Control Phase: .04: This phase entails evaluating and testing internal control to support the auditor's conclusions about the achievement of the following internal control objectives: Reliability of financial reporting--transactions are properly recorded, processed, and summarized to permit the preparation of the principal statements and required supplementary stewardship information (RSSI) in accordance with generally accepted accounting principles (GAAP), and assets are safeguarded against loss from unauthorized acquisition, use, or disposition. Compliance with applicable laws and regulations--transactions are executed in accordance with (a) laws governing the use of budget authority and other laws and regulations that could have a direct and material effect on the principal statements or RSSI and (b) any other laws, regulations, and governmentwide policies identified by OMB in its audit guidance. OMB audit guidance requires the auditor to test controls that have been properly designed to achieve these objectives and placed in operation, to support a low assessed level of control risk. This may be enough testing to give an opinion on internal control. GAO audits should be designed to give an opinion on internal control.[Footnote 4] If the auditor does not give an opinion, generally accepted government auditing standards (GAGAS) require the report to state whether tests were sufficient to give an opinion. .05: OMB's audit guidance includes a third objective of internal control, related to performance measures. The auditor is required to understand the components of internal control relating to the existence and completeness assertions and to report on internal controls that have not been properly designed and placed in operation, rather than to test controls. .06: This manual also provides guidance on evaluating internal controls related to operating objectives that the auditor elects to evaluate. Such controls include those related to safeguarding assets from waste or preparing statistical reports. .07: To evaluate internal control, the auditor identifies and understands the relevant controls and tests their effectiveness. Where controls are considered to be effective, the extent of substantive testing can be reduced. .08: The methodology includes guidance on: * assessing specific levels of control risk, * selecting controls to test, * determining the effectiveness of IS controls, and: * testing controls, including coordinating control tests with the testing phase. .09: Also, during the internal control phase, for CFO Act agencies and their components identified in OMB's audit guidance, the auditor should understand the entity's significant financial management systems and test their compliance with FFMIA requirements. Testing Phase: .10: The objectives of this phase are to (1) obtain reasonable assurance about whether the financial statements are free from material misstatements, (2) determine whether the entity complied with significant provisions of applicable laws and regulations, and (3) assess the effectiveness of internal control through control tests that are coordinated with other tests. .11: To achieve these objectives, the methodology includes guidance on: * designing and performing substantive, compliance, and control tests; * designing and evaluating audit samples; * correlating risk and materiality with the nature, timing, and extent of substantive tests; and: * designing multipurpose tests that use a common sample to test several different controls and specific accounts or transactions. Reporting Phase: .12: This phase completes the audit by reporting useful information about the entity, based on the results of audit procedures performed in the preceding phases. This involves developing the auditor's report on the entity's (1) financial statements (also called Principal Statements) and other information (management's discussion and analysis [MD&A] or the overview, RSSI, other required supplementary information, and other accompanying information), (2) internal control, (3) whether the financial management systems substantially comply with FFMIA requirements, and (4) compliance with laws and regulations. To assist in this process, the methodology includes guidance on forming opinions on the principal statements and conclusions on internal control, as well as how to determine which findings should be reported. Also included is an example report designed to be understandable to the reader. RELATIONSHIP TO APPLICABLE STANDARDS: .13: The following section describes the relationship of this audit methodology to applicable auditing standards, OMB guidance, and other policy requirements. It is organized into three areas: * relevant auditing standards and OMB guidance, * audit requirements beyond the "yellow book," and: * auditing standards and other policies not addressed in this manual. Relevant Auditing Standards and OMB Guidance: .14: This manual provides a framework for performing financial statement audits in accordance with Government Auditing Standards (also known as generally accepted government auditing standards or GAGAS) issued by the Comptroller General of the United States ("yellow book"); incorporated generally accepted auditing standards (GAAS) and attestation standards established by the American Institute of Certified Public Accountants (AICPA); and OMB's audit guidance. .15: This manual describes an audit methodology that both integrates the requirements of the standards and provides implementation guidance. The methodology is designed to achieve: * effective audits by considering compliance with the CFO Act, FFMIA, GAGAS, and OMB guidance; * efficient audits by focusing audit procedures on areas of higher risk and materiality and by providing an integrated approach designed to gather evidence efficiently; * quality control through an agreed-upon framework that can be followed by all personnel; and: * consistency of application through a documented methodology. .16: The manual supplements GAGAS and OMB's audit guidance. References are made to Statements on Auditing Standards (preceded by the prefix "AU") and Statements on Standards for Attestation Engagements (SSAE) (preceded by the prefix "AT") of the Codification of Statements on Auditing Standards, issued by the AICPA, that are incorporated into GAGAS. Audit Requirements Beyond the "Yellow Book": .17: In addition to meeting GAGAS requirements, audits of federal entities to which OMB's audit guidance applies must be designed to achieve the following objectives described in OMB's audit guidance: * responsibility for performing sufficient tests of internal controls that have been properly designed and placed in operation, to support a low assessed level of control risk; * expansion of the nature of controls that are evaluated and tested to include controls related to RSSI, budget execution, and compliance with laws and regulations; * responsibility to understand the components of internal control relating to the existence and completeness assertions relevant to the performance measures included in the MD&A, in order to report on controls that have not been properly designed and placed in operation; * responsibility to consider the entity's process for complying with 31 U.S.C. 3512 (the Federal Managers' Financial Integrity Act (FMFIA)); * responsibility to perform tests at CFO Act agencies and components identified by OMB to report on the entity's financial management systems' substantial compliance with FFMIA requirements; * responsibility to test for compliance with laws, regulations, and governmentwide policies identified in OMB's audit guidance at CFO Act agencies (regardless of their materiality to the audit); and: * responsibility to consider conformity of the MD&A, RSSI, required supplementary information, and other accompanying information with FASAB requirements and OMB guidance. .18: To help achieve the goals of the CFO Act, GAO audits should be designed to achieve the following objectives,[Footnote 5] in addition to those described in OMB's audit guidance: * Provide an opinion on internal control. * Determine the effects of misstatements and internal control weaknesses on (1) the achievement of operations control objectives, (2) the accuracy of reports prepared by the entity, and (3) the formulation of the budget. * Determine whether specific control activities are properly designed and placed in operation, even if a poor control environment precludes their effectiveness. * Understand the components of internal control relating to the valuation assertion relevant to performance measures reported in the MD&A in order to report on controls that have not been properly designed and placed in operation. Auditing Standards and Other Policies Not Addressed in the Manual: .19: This manual was designed to supplement financial audit and other policies and procedures adopted by GAO and Inspectors General (IGs). As such, it was not intended to address in detail all requirements. For example, report processing is not addressed. .20: Updates to this manual that include additional audit guidance and practice aids, such as checklists and audit programs, will be issued from time to time. GAO and a team representing the PCIE audit committee will be responsible for preparing the updates. There will be an exposure process for significant updates. KEY IMPLEMENTATION ISSUES: .21: The auditor should consider the following factors in applying the methodology to a particular entity: * audit objectives, * exercise of professional judgment, * references to positions, * use of IS auditors, * compliance with policies and procedures in the manual, * use of technical terms, and: * reference to GAO/PCIE Financial Audit Manual (FAM). Audit Objectives: .22: While certain federal entities are not subject to OMB audit guidance, financial statement audits of all federal entities should be conducted in accordance with this guidance to the extent applicable to achieve the audit's objectives. The manual generally assumes that the objective of the audit is to render an opinion on the current year financial statements, a report on internal control, and a report on compliance. Where these are not the objectives, the auditor should use judgment in applying the guidance. In some circumstances, the auditor will expect to issue a disclaimer on the current year financial statements (because of scope limitations). In these circumstances, the auditor may develop a multiyear plan to be able to render an opinion when the financial statements are expected to become auditable. Exercise of Professional Judgment: .23: In performing a financial statement audit, the auditor should exercise professional judgment. Consequently, the auditor should tailor the guidance in the manual to respond to situations encountered in an audit. However, the auditor must exercise judgment properly, assuring that, at a minimum, the work meets professional standards. Proper application of professional judgment could result in additional or more extensive audit procedures than described in this manual. .24: In addition, when exercising judgment, the auditor should consider the needs of, and consult in a timely manner with, other auditors who plan to use the work being performed. In turn, the auditor should coordinate with other auditors whose work he or she wishes to use so that the judgments exercised can satisfy the needs of both auditors. For example, auditors of a consolidated entity (such as the US Government or an entire department or agency) are likely to plan to use the work of auditors of subsidiary entities (such as individual departments and agencies or bureaus and components of a department). This coordination can result in more economy, efficiency, and effectiveness of government audits in general and avoid duplication of effort. .25: Many aspects of the audit require technical judgments. The auditor should ensure a person(s) with adequate technical expertise is (are) available, especially in the following areas: * quantifying planning materiality, design materiality, and test materiality and using materiality as one consideration in determining the extent of testing (see section 230); * specifying a minimum level of substantive assurance based on the assessed combined risk, analytical procedures, and detail tests (see sections 470, 480, and 495 D); * documenting whether selections are samples (intended to be representative and projected to populations) or nonsampling selections that are not projectible (see section 480); * using sampling methods, such as dollar-unit sampling, classical variables estimation sampling, or classical probability proportional to size (PPS) sampling, for substantive or multipurpose testing (including nonstatistical sampling) (see section 480); * using sampling for control testing, other than attribute sampling using the tables in section 450 to determine sample size when not performing a multipurpose test; * using sampling for compliance testing of laws and regulations, other than attribute sampling using the tables in section 460 to determine sample size when not performing a multipurpose test; and: * placing complete or partial reliance on analytical procedures, using test materiality to calculate the limit. The limit is the amount of difference between the expected and recorded amounts that can be accepted without further investigation (see section 475). References to Positions: .26: Various sections of this manual make reference to consultation with audit management and/or persons with technical expertise to obtain approval or additional guidance. Key consultations should be documented in the audit workpapers. Each audit organization should document, in the workpapers or its audit policy manual, the specific positions of persons who will perform these functions. An IG using a firm to perform an audit in accordance with this manual should clarify and document the positions of the persons the firm should consult in various circumstances. * The Assistant Director is the top person responsible for the day-to-day conduct of the audit. * The Audit Director is the senior manager responsible for the technical quality of the financial statement audit, reporting to the Assistant Inspector General for Audit or, at GAO, to the Managing Director. * The Reviewer is the senior manager responsible for the quality of the auditor's reports, reporting to the Assistant Inspector General for Audit (or higher position) or, at GAO, is the Managing Director or the second partner. The Reviewer may consult with others. * The Statistician is the person the auditor consults for technical expertise in areas such as audit sampling, audit sample evaluation, and selecting entity field locations to visit. * The Data Extraction Specialist is the person with technical expertise in extracting data from agency records. * The Technical Accounting and Auditing Expert is the senior manager reporting to the Assistant Inspector General for Audit or higher or, at GAO, is the Chief Accountant. The Technical Accounting and Auditing Expert advises on accounting and auditing professional matters and related national issues. The Technical Accounting and Auditing Expert reviews reports on financial statements and reports that contain opinions on financial information. * The Office of General Counsel (OGC) provides assistance to the auditor in (1) identifying provisions of laws and regulations to test, (2) identifying budget restrictions, and (3) identifying and resolving legal issues encountered in the financial statement audit, such as evaluating potential instances of noncompliance. * The Special Investigator Unit investigates specific allegations involving conflict-of-interest and ethics matters, contract and procurement irregularities, official misconduct and abuse, and fraud in federal programs or activities. In the offices of the IGs this is the investigation unit; at GAO, it is Special Investigations. The Special Investigator Unit provides assistance to the auditor by (1) informing the auditor of relevant pending or completed investigations of the entity and (2) investigating possible instances of federal fraud, waste, and abuse. Use of Information Systems Auditors: .27: The audit standards (SAS 94) require that the audit team possess sufficient knowledge of information systems (IS) to determine the effect of IS on the audit, to understand the IS controls, and to design and perform tests of IS controls and substantive tests. This is generally done by having IS auditors as part of the audit team. IS auditors should possess sufficient technical knowledge and experience to understand the relevant concepts discussed in the manual and to apply them to the audit. While the auditor is ultimately responsible for assessing inherent and control risk, assessing the effectiveness of IS controls requires a person with IS audit technical skills. Specialized technical skills generally are needed in situations where, (1) the entity's systems, automated controls, or the manner in which they are used in conducting the entity's business are complex, (2) significant changes have been made to existing systems or new systems implemented, (3) data are extensively shared among systems, (4) the entity participates in electronic commerce, (5) the entity uses emerging technologies, or (6) significant audit evidence is available only in electronic form. Appendix V of GAO's Federal Information System Controls Audit Manual (FISCAM) contains examples of knowledge, skills, and abilities needed by IS auditors. Certain financial auditors also may possess IS audit technical skills. In some cases, the auditor may require outside consultants to provide these skills. Compliance With Policies and Procedures in the Manual: .28: The following terms are used throughout the manual to describe the degree of compliance with the policy or procedure required. * Must: Compliance with this policy or procedure is mandatory unless an exception is approved in writing by the Reviewer, [Footnote 6]such as in certain instances when a disclaimer of opinion is anticipated. * Should: Compliance with this policy or procedure is expected unless there is a reasonable basis for departure from it. Any such departure and the basis for it are to be documented in a memorandum. The Assistant Director should approve this memorandum and copies should be sent to the Audit Director and the Reviewer. Generally Should: Compliance with this policy or procedure is strongly encouraged. Departure from such policy or procedure should be discussed with the Assistant Director or the audit manager. * May: Compliance with this policy or procedure is optional. When the auditor deviates from a policy or procedure that is expressed by use of the term "must" or "should" in the FAM, he or she should consider the needs of, and consult in a timely manner with, other auditors who plan to use the work of the auditor and provide an opportunity for the other auditors to review the documentation explaining these deviation decisions. Use of Technical Terms: .29: The manual uses many existing technical auditing terms and introduces many others. To assist you, a glossary of significant terms is included in this manual. Reference to GAO/PCIE Financial Audit Manual: .30: When cited in workpapers, correspondence, or other communication, the letters "FAM" should precede section or paragraph numbers from this manual. For example, this paragraph should be referred to as FAM 100.30. FOOTNOTES [1] In October 1999 the American Institute of Certified Public Accountants (AICPA) recognized the Federal Accounting Standards Advisory Board (FASAB) as the accounting standards-setting body for federal government entities under Rule 203 of the AICPA's Code of Professional Conduct. Thus, FASAB standards are recognized as generally accepted accounting principles (GAAP) for federal entities. FASAB standards (Statement of Federal Financial Accounting Standards No. 8, paragraph .40) allow government corporations and certain other federal entities to report using GAAP issued by the Financial Accounting Standards Board (FASB). [2] Testing for FFMIA is most efficiently accomplished, for the most part, as part of the work done in understanding agency systems in the Internal Control phase of the audit. [3] The methodology presented is for performance of a financial statement audit. If the auditor is to use the work of another auditor, see FAM section 650 (under revision). [4] AICPA attestation standards allow the auditor to give an opinion on internal control or on management's assertion about the effectiveness of internal control (except that if material weaknesses are present, the opinion must be on internal control, not management's assertion). The example report in this manual assumes the opinion will be on internal control directly. [5] The manual refers specifically to objectives of GAO audits in various sections. Such objectives are optional for other audit organizations. [6] Capitalized positions are described in paragraph 100.25. SECTION 200: Planning Phase: Table 1: Methodology Overview: Planning Phase: * Understand the entity's operations: 220; * Perform preliminary analytical procedures: 225; * Determine planning, design, and test materiality: 230; * Identify significant line items, accounts, assertions, and RSSI: 235; * Identify significant cycles, accounting applications, and financial management systems: 240; * Identify significant provisions of laws and regulations: 245; * Identify relevant budget restrictions: 250; * Identify risk factors: 260; * Determine likelihood of effective information system controls: 270; * Identify relevant operations controls to evaluate and test: 275; * Plan other audit procedures: 280; * Plan locations to visit: 285. Internal Control Phase: * Understand information systems: 320; * Identify control objectives: 330; * Identify and understand relevant control activities: 340; * Determine the nature, timing, and extent of control tests and of tests for systems' compliance with FFMIA requirements: 350; * Perform nonsampling control tests and tests for systems' compliance with FFMIA requirements: 360; * Assess controls on a preliminary basis: 370. Testing Phase: * Consider the nature, timing, and extent of tests: 420; * Design efficient tests: 430; * Perform tests and evaluate results: 440; * Sampling control tests: 450; * Compliance tests: 460; * Substantive tests: 470; * Substantive analytical procedures: 475; * Substantive detail tests: 480. Reporting Phase: Section: * Perform overall analytical procedures: 520; * Determine adequacy of audit procedures and audit scope: 530; * Evaluate misstatements: 540; * Conclude other audit procedures: 550; * Inquire of attorneys; * Consider subsequent events; * Obtain management representations; * Consider related party transactions; * Determine conformity with generally accepted accounting principles: 560; * Determine compliance with GAO/PCIE Financial Audit Manual: 570; * Draft reports: 580. [End of table] 210: Overview: .01: The auditor performs planning to determine an effective and efficient way to obtain the evidential matter necessary to report on the entity's Accountability Report (or annual financial statement). The nature, extent, and timing of planning varies with, for example, the entity's size and complexity, the auditor's experience with the entity, and the auditor's knowledge of the entity's operations. Procedures performed in the planning phase are shown in figure 200.1. .02: A key to a quality audit, planning requires the involvement of senior members of the audit team. Although concentrated in the planning phase, planning is an iterative process performed throughout the audit. For example, findings from the internal control phase directly affect planning the substantive audit procedures. Also, the results of control and substantive tests may require changes in the planned audit approach. .03: Auditors should consider the needs of, and consult in a timely manner with, other auditors who plan to use the work being performed, especially when making decisions that require the auditor to exercise significant judgment. 220: Understand the Entity's Operations: .01: The auditor should obtain an understanding of the entity sufficient to plan and perform the audit in accordance with applicable auditing standards and requirements. In planning the audit, the auditor gathers information to obtain an overall understanding of the entity and its origin and history, size and location, organization, mission, business, strategies, inherent risks, fraud risks, control environment, risk assessment, communications, and monitoring. Understanding the entity's operations in the planning process enables the auditor to identify, respond to, and resolve accounting and auditing problems early in the audit. .02: The auditor's understanding of the entity and its operations does not need to be comprehensive but should include: * entity management and organization, * external factors affecting operations, * internal factors affecting operations, and: * accounting policies and issues. .03: The auditor should identify key members of management and obtain a general understanding of the organizational structure. The auditor's main objective is to understand how the entity is managed and how the organization is structured for the particular management style. .04: The auditor should identify significant external and internal factors that affect the entity's operations. External factors might include (1) source(s) of funds, (2) seasonal fluctuations, (3) current political climate, and (4) relevant legislation. Internal factors might include (1) size of the entity, (2) number of locations, (3) structure of the entity (centralized or decentralized), (4) complexity of operations, (5) information system structure, (6) qualifications and competence of key personnel, and (7) turnover of key personnel. .05: In identifying accounting policies and issues, the auditor should consider: * generally accepted accounting principles, including whether the entity is likely to be in compliance; * changes in GAAP that affect the entity; and: * whether entity management appears to follow aggressive or conservative accounting policies. .06: The auditor also should consider whether the entity will report any required supplementary stewardship information (RSSI). This includes stewardship property, plant, and equipment (PP&E) (heritage assets, national defense assets, and stewardship land), stewardship investments (nonfederal physical property, human capital, and research and development), social insurance, and risk-assumed information. RSSI and deferred maintenance, which is considered required supplementary information, should be designated "unaudited.": .07: The auditor should develop and document a high-level understanding of the entity's use of information systems (IS) and how IS affect the generation of financial statement information, RSSI, and the data that support performance measures reported in the MD&A (overview) of the Accountability Report (CFO report). An IS auditor may assist the auditor in understanding the entity's use of IS. Appendix I of the GAO Federal Information System Controls Manual (FISCAM) can be used to document this understanding. .08: The auditor gathers planning information through different methods (observation, interviews, reading policy and procedure manuals, etc.) and from a variety of sources, including: * top-level entity management, * entity management responsible for significant programs, * Office of Inspector General (IG) and internal audit management (including any internal control officer), * others in the audit organization concerning other completed, planned or in-progress assignments, * personnel in OGC, * personnel in the Special Investigator Unit, and: * entity legal representatives. .09: The auditor gathers information from relevant reports and articles issued by or about the entity, including: * the entity's prior Accountability Reports; * other financial information; * FMFIA reports and supporting documentation; * reports by management or the auditor about systems' substantial compliance with FFMIA requirements; * the entity's budget and related reports on budget execution; * GAO reports; * IG and internal audit reports (including those for performance audits and other reviews); * congressional hearings and reports; * consultant reports; and: * material published about the entity in newspapers, magazines, internet sites, and other publications. 225: Perform Preliminary Analytical Procedures: .01: During the planning phase, preliminary analytical procedures are performed to help the auditor: * understand the entity's business, including current-year transactions and events; * identify account balances or transactions that may signal inherent or control risks (see section 260); * identify and understand the significant accounting policies; * determine planning, design, and test materiality (see section 230); and: * determine the nature, timing, and extent of audit procedures to be performed. .02: GAAS requires the auditor to perform preliminary analytical procedures (AU 329). The resources spent in performing these procedures should be commensurate with the expected reliability of comparative information. For example, in a first-year audit, comparative information might be unreliable; therefore, preliminary analytical procedures generally should be limited. .03: The auditor generally should perform the following steps to achieve the objectives of preliminary analytical procedures. a. Compare current-year amounts with relevant comparative financial information: The financial data used in preliminary analytical procedures generally are summarized at a high level, such as the level of financial statements. If financial statements are not available, the budget or financial summaries that show the entity's financial position and results of operations may be used. The auditor compares current-year amounts with relevant comparative financial information. Use of unaudited comparative data might not allow the auditor to identify significant fluctuations, particularly if an item consistently has been treated incorrectly. Also, the auditor may identify fluctuations that are not really fluctuations due to errors in the unaudited comparative data. A key to effective preliminary analytical procedures is to use information that is comparable in terms of the time period presented and the presentation (i.e., same level of detail and consistent grouping of detail accounts into summarized amounts used for comparison). The auditor may perform ratio analysis on current-year data and compare the current year's ratios with those derived from prior periods or budgets. The auditor does this to study the relationships among components of the financial statements and to increase knowledge of the entity's activities. The auditor uses ratios that are relevant indicators or measures for the entity. Also, the auditor should consider any trends in the performance indicators prepared by the entity. b. Identify significant fluctuations: Fluctuations are differences between the recorded amounts and the amounts expected by the auditor, based on comparative financial information and the auditor's knowledge of the entity. Fluctuations refer to both unexpected differences between current-year amounts and comparative financial information as well as the absence of expected differences. The identification of fluctuations is a matter of the auditor's judgment. The auditor establishes parameters for identifying significant fluctuations. When setting these parameters, the auditor generally considers the amount of the fluctuation in terms of absolute size and/ or the percentage difference. The amount and percentage used are left to the auditor's judgment. An example of a parameter is "All fluctuations in excess of $10 million and/or 15 percent of the prior- year balance or other unusual fluctuations will be considered significant.": c. Inquire about significant fluctuations: The auditor discusses the identified fluctuations with appropriate entity personnel. The focus of the discussion is to achieve the purposes of the procedures described in paragraph 225.01. For preliminary analytical procedures, the auditor does not need to corroborate the explanations since they will be tested later. However, the explanations should appear reasonable and consistent to the auditor. The inability of entity personnel to explain the cause of a fluctuation may indicate the existence of control, fraud, and/or inherent risks. 230: Determine Planning, Design, and Test Materiality: .01: Materiality is one of several tools the auditor uses to determine that the planned nature, timing, and extent of procedures are appropriate. As defined in Financial Accounting Standards Board (FASB) Statement of Financial Concepts No. 2., materiality represents the magnitude of an omission or misstatement of an item in a financial report that, in light of surrounding circumstances, makes it probable that the judgment of a reasonable person relying on the information would have been changed or influenced by the inclusion or correction of the item. .02: Materiality is based on the concept that items of little importance, which do not affect the judgment or conduct of a reasonable user, do not require auditor investigation. Materiality has both quantitative and qualitative aspects. Even though quantitatively immaterial, certain types of misstatements could have a material impact on or warrant disclosure in the financial statements for qualitative reasons. .03: For example, intentional misstatements or omissions (fraud) usually are more critical to the financial statement users than are unintentional errors of equal amounts. This is because the users generally consider an intentional misstatement more serious than clerical errors of the same amount. .04: GAGAS and incorporated GAAS require the auditor to consider materiality in planning, designing procedures, and considering need for disclosure in the audit report. AU 312 requires the auditor, in planning the audit, to consider his/her preliminary judgment about materiality levels. The "yellow book" states that materiality is a matter of professional judgment influenced by the needs of the reasonable person relying on the financial statements. Materiality judgments are made in the light of surrounding circumstances and involve both quantitative and qualitative considerations, such as the public accountability of the auditee and the visibility and sensitivity of government programs, activities, and functions. .05: The term "materiality" can have several meanings. In planning and performing the audit, the auditor uses the following terms that relate to materiality: * Planning materiality is a preliminary estimate of materiality, in relation to the financial statements taken as a whole, used to determine the nature, timing, and extent of substantive audit procedures and to identify significant laws and regulations for compliance testing. * Design Materiality is the portion of planning materiality that has been allocated to line items, accounts, or classes of transactions (such as disbursements). This amount will be the same for all line items or accounts (except for certain intragovernmental or offsetting balances as discussed in paragraph 230.10). * Test materiality is the materiality actually used by the auditor in testing a specific line item, account, or class of transactions. Based on the auditor's judgment, test materiality can be equal to or less than design materiality, as discussed in paragraph 230.13. Test materiality may be different for different line items or accounts. .06: The following other uses of the term "materiality" relate principally to the reporting phase: * Disclosure materiality is the threshold for determining whether an item should be reported or presented separately in the financial statements or in the related notes. This value may differ from planning materiality. * FMFIA materiality is the threshold for determining whether a matter meets OMB criteria for reporting matters under FMFIA as described in paragraphs 580.35-.37. * Reporting materiality is the threshold for determining whether an unqualified opinion can be issued. In the reporting phase, the auditor considers whether unadjusted misstatements are quantitatively or qualitatively material. If considered to be material, the auditor would be precluded from issuing an unqualified opinion on the financial statements. See section 540. Unless otherwise specified, such as through using the terms above, the term "materiality" in this manual refers to the overall financial statement materiality as defined in paragraph 230.01. .07: The following guidelines provide the auditor with a framework for determining planning materiality. However, this framework is not a substitute for professional judgment. The auditor has the flexibility to determine planning materiality outside of these guidelines. In such circumstances, the Audit Director should discuss the basis for the determination with the Reviewer. The planning materiality selected and method of determining planning materiality should be documented and approved by the Audit Director. .08: The auditor should estimate planning materiality in relation to the element of the financial statements that is most significant to the primary users of the statements (the materiality base). The auditor uses judgment in determining the appropriate element of the financial statements to use as the materiality base. Also, since the materiality base normally is based on unaudited preliminary information determined in the planning phase, the auditor usually has to estimate the year-end balance of the materiality base. To provide reasonable assurance that sufficient audit procedures are performed, any estimate of the materiality base should use the low end of the range of estimated materiality so that sufficient testing is performed. .09: For capital-intensive entities, total assets may be an appropriate materiality base. For expenditure-intensive entities, total expenses may be an appropriate materiality base. Based on these concepts, the materiality base generally should be the greater of total assets or expenses (net of adjustments for intragovernmental balances and offsetting balances). (See discussion of these adjustments in next paragraph.) Other materiality bases that might be considered include total liabilities, equity, revenues, and net cost to the government (appropriations). .10: In considering a materiality base, the auditor should consider how to handle significant intragovernmental balances (such as funds with the U.S. Treasury, U.S. Treasury securities, and interentity balances) and offsetting balances (such as future funding sources that offset certain liabilities and collections that are offset by transfers to other government entities). The auditor should establish a separate materiality base for significant intragovernmental or offsetting balances because combining all accounts may improperly distort the nature, timing, and extent of audit procedures. For example, an entity that collects and remits funds on behalf of other federal entities could have operating accounts that are small in comparison to the funds processed on behalf of other entities. In this example, the auditor would compute separate planning materiality for auditing (1) the offsetting accounts, using the balance of the offsetting accounts as the materiality base and (2) the rest of the financial statements using the materiality base guidance in paragraph 230.09. .11: Planning materiality generally should be 3 percent of the materiality base. Although a mechanical means might be used to compute planning materiality, the auditor should use judgment in evaluating whether the computed level is appropriate. The auditor also should consider adjusting the materiality base for the impact of such items as unrecorded liabilities, contingencies, and other items that are not incorporated in the entity's financial statements (and not reflected in the materiality base) but that may be important to the financial statement user. .12: Design materiality for the audit should be one-third of planning materiality to allow for the precision of audit procedures. This guideline recognizes that misstatements may occur throughout the entity's various accounts. The design materiality represents the materiality used as a starting point to design audit procedures for line items or accounts so that an aggregate material misstatement in the financial statements will be detected, for a given level of audit assurance (discussed in paragraph 260.04). .13: Generally, the test materiality used for a specific test is the same as the design materiality. However, the auditor may use a test materiality lower than the design materiality for substantive testing of specific line items and assertions (which increases the extent of testing) when: * the audit is being performed at some, but not all, entity locations (requiring increased audit assurance for those locations visited - see section 285); * the area tested is deemed to be sensitive to the financial statement users; or: * the auditor expects to find a significant amount of misstatements. [Footnote 1] 235: Identify Significant Line Items, Accounts, Assertions, and RSSI: .01: The auditor should identify significant line items and accounts in the financial statements and significant related financial statement assertions. The auditor should also identify significant RSSI.[Footnote 2] In the internal control and testing phases, the auditor performs control and substantive tests for each significant assertion for each significant account. By identifying significant line items, accounts, and the related assertions early in the planning process, the auditor is more likely to design efficient audit procedures. Some insignificant line items, accounts, and assertions may not warrant substantive audit tests to the extent that they are not significant in the aggregate. However, some line items and accounts with zero or unusual balances may warrant testing, especially with regard to the completeness assertion. .02: Financial statement assertions, as defined by AU 326, are management representations that are embodied in financial statement components. Most of the auditor's work in forming an opinion on financial statements consists of obtaining and evaluating evidential matter concerning the assertions in such financial statements. The assertions can be either explicit or implicit and can be classified into the following broad categories: * Existence or occurrence: An entity's assets or liabilities exist at a given date, and recorded transactions have occurred during a given period. * Completeness: All transactions and accounts that should be presented in the financial statements are so included. * Rights and obligations: Assets are the rights of the entity, and liabilities are the obligations of the entity at a given date. * Valuation or allocation: Asset, liability, revenue, and expense components have been included in the financial statements at appropriate amounts. * Presentation and disclosure: The particular components of the financial statements are properly classified, described, and disclosed. .03: A line item or an account in the financial statements or RSSI should be considered significant if it has one or more of the following characteristics: * Its balance is material (exceeds design materiality) or comprises a significant portion of a material financial statement or RSSI amount. * A high combined risk (inherent and control risk, as discussed in paragraph 260.02) of material misstatement (either overstatement or understatement) is associated with one or more assertions relating to the line item or account. For example, a zero or unusually small balance account may have a high risk of material understatement. * Special audit concerns, such as regulatory requirements, warrant added consideration. The auditor should determine that any accounts considered insignificant are not significant in the aggregate. .04: An assertion is significant if misstatements in the assertion could exceed test materiality for the related line item, account, or disclosure. Certain assertions for a specific line item or account, such as completeness and disclosure, could be significant even though the recorded balance of the related line item or account is not material. For example, (1) the completeness assertion could be significant for an accrued payroll account with a high combined risk of material understatement even if its recorded balance is zero and (2) the disclosure assertion could be significant for a contingent liability even if no amount is recordable. .05: Assertions are likely to vary in degree of significance, and some assertions may be insignificant or irrelevant for a given line item or account. For example: * The completeness assertion for liabilities may be of greater significance than the existence assertion for liabilities. * All assertions related to an account that is not significant (as defined in paragraph 235.03) are considered to be insignificant. The rights and obligations assertion for a revenue or expense account is irrelevant. .06: Significant line items, accounts, and assertions should be identified in the Account Risk Analysis (ARA) or other appropriate audit planning workpapers. 240: Identify Significant Cycles, Accounting Applications, and Financial Management Systems: .01: In the internal control phase, the auditor evaluates controls for each significant cycle and accounting application and determines whether significant financial management systems substantially comply with federal financial management systems requirements, federal accounting standards, and the SGL at the transaction level. A cycle or an accounting application should be considered significant if it processes an amount of transactions in excess of design materiality or if it supports a significant account balance in the financial statements or significant RSSI. A financial management system generally consists of one or more accounting applications. If one or more of the accounting applications making up a financial management system are considered significant, then that financial management system generally should be considered significant for determining whether the system substantially complies with FFMIA requirements. The auditor may identify other cycles, accounting applications, or financial management systems as significant based on qualitative considerations. For example, financial management systems covered by FFMIA include not only systems involved in processing financial transactions and preparing financial statements, but also systems supporting financial planning, management reporting, or budgeting activities, systems accumulating and reporting cost information, and the financial portion of mixed systems, such as benefit payment, logistics, personnel, and acquisition systems. .02: The entity's accounting system may be viewed as consisting of logical groupings of related transactions and activities, or accounting applications. Each significant line item/account is affected by input from one or more accounting applications (sources of debits or credits). Related accounting applications may be grouped into cycles by the auditor and into financial management systems by the entity. Accounting applications are classified as (1) transaction-related or (2) line item/account-related. .03: A transaction-related accounting application consists of the methods and records established to identify, assemble, analyze, classify, and record (in the general ledger) a particular type of transaction. Typical transaction-related accounting applications include billing, cash receipts, purchasing, cash disbursements, and payroll. A line item/account-related accounting application consists of the methods and records established to report an entity's recorded transactions and to maintain accountability for related assets and liabilities. Typical line item/account-related accounting applications include cash balances, accounts receivable, inventory control, property and equipment, and accounts payable. .04: Within a given entity, there may be several examples of each accounting application. For example, a different billing application may exist for each program that uses a billing process. Accounting applications that process a related group of transactions and accounts comprise cycles. For instance, the billing, returns, cash receipts, and accounts receivable accounting applications might be grouped to form the revenue cycle. Similarly, related accounting applications also comprise financial management systems. .05: For each significant line item and account, the auditor should use the Account Risk Analysis form (ARA) (see section 395 I) or an equivalent workpaper to document the significant transaction cycles (such as revenue, purchasing, and production) and the specific significant accounting applications that affect these significant line items and accounts. For example, the auditor might determine that billing, returns, cash receipts, and accounts receivable are significant accounting applications that affect accounts receivable (a significant line item). The Account Risk Analysis form provides a convenient way for documenting the specific risks of misstatement for significant line items for consideration in determining the nature, timing, and extent of audit procedures. If an equivalent workpaper is used, rather than the ARA, it should document the information discussed in section 395 I. .06: Related accounting applications may be grouped into cycles to aid in preparing workpapers. This helps the auditor design audit procedures that are both efficient and relevant to the reporting objectives. The auditor may document insignificant accounts in each line item on the ARA or equivalent, indicating their insignificance and consequent lack of audit procedures applied to them. In such instances, the cycle matrix may not be necessary. Otherwise, the auditor should prepare a cycle matrix or equivalent document that links each of the entity's accounts (in the chart of accounts) to a cycle, an accounting application, and a financial statement or RSSI line item. .07: Based on discussions with entity personnel, the auditor should determine the accounting application that is the best source of the financial statement information. When a significant line item has more than one source of financial data, the auditor should consider the various sources and determine which is best for financial audit purposes. The auditor needs to consider the likelihood of misstatement and auditability in choosing the source to use. For audit purposes, the best source of financial information sometimes may be operational information prepared outside the accounting system. .08: Once the significant accounting applications are identified, the auditor determines which computer systems are involved in those applications. Those particular computer systems are then considered in assessing computer-related controls using an appropriate methodology. .09: An appropriate methodology would require the auditor to obtain sufficient knowledge of the information system relevant to financial reporting to understand the accounting processing from initiation of a transaction to its inclusion in the financial statements, including electronic means used to transmit, process, maintain, and access information (see AU 319.49, SAS 94). AU 319.61 requires documentation of this understanding. OMB audit guidance notes that the components of internal control include general and application controls. General controls are the entitywide security management program, access control, application software development and change control, system software control, segregation of duties, and service continuity control. Application controls are authorization control, completeness control, accuracy control, and control over integrity of processing and data files. OMB audit guidance also requires that, for controls that have been properly designed and placed in operation, the auditor shall perform sufficient tests to support a low assessed level of control risk. The auditor should document the basis for believing that the methodology used is appropriate to satisfy these requirements for assessing general and application controls. The GAO Federal Information System Controls Audit Manual (FISCAM) is designed to meet these requirements. See section 295 J for a flowchart of steps generally followed in assessing information system controls in a financial statement audit. IS security controls are also addressed in OMB Circular A-130, Management of Federal Information Resources, in the National Institute of Standards and Technology's An Introduction to Computer Security: The NIST Handbook, and in other publications. 245: Identify Significant Provisions of Laws and Regulations: .01: To design relevant compliance-related audit procedures, the auditor identifies the significant provisions of laws and regulations. To aid the auditor in this process, this manual classifies provisions of laws and regulations into the following categories: * Transaction-based provisions are those for which compliance is determined on individual transactions. For example, the Prompt Payment Act requires that late payments be individually identified and interest paid on such late payments. * Quantitative-based provisions are those that require the accumulation/ summarization of quantitative information for measurement. These provisions may contain minimum, maximum, or targeted amounts (restrictions) for the accumulated/summarized information. For example, the Comprehensive Environmental Response, Compensation, and Liability Act of 1980 prohibits the Environmental Protection Agency from exceeding certain spending limits on specific projects. * Procedural-based provisions are those that require the entity to implement policies or procedures to achieve certain objectives. For example, the Single Audit Act, as amended, requires the awarding entity to review certain financial information on awardees. .02: The auditor should identify the significant provisions of laws and regulations. For each significant provision, the auditor should study and evaluate related compliance controls and should test compliance with the provision. To identify such significant provisions, the auditor should take these steps: a. The auditor should review the lists of laws and regulations that OMB and the entity have determined might be significant to others. The OMB list is provided in an appendix of OMB's audit guidance and is included in section 295 H. The entity is expected to develop a list that, for CFO Act agencies and components listed in OMB audit guidance, should include laws and regulations in OMB audit guidance, whether or not they are material to the entity, because they have been determined to be material to the consolidated financial statements of the United States Government. In addition, the auditor should identify (with OGC assistance) any laws or regulations (in addition to those identified by OMB and the entity) that have a direct effect on determining amounts in the financial statements. The meaning of direct effect is discussed below in paragraph 245.03. b. For each such law or regulation, the auditor should identify those provisions that are significant. A provision should be considered significant if (1) compliance with the provision can be measured objectively and (2) it meets one of the following criteria for determining that the provision has a material effect on determining financial statement amounts: * Transaction-based provisions: Transactions processed by the entity that are subject to the provision exceed planning materiality in the aggregate. * Quantitative-based provisions: The quantitative information required by the provision or by established restrictions exceeds planning materiality. * Procedural-based provisions: The provision broadly affects all or a segment of the entity's operations that process transactions exceeding planning materiality in the aggregate. For example, a provision may require that the entity establish procedures to monitor the receipt of certain information from grantees; in determining whether to test compliance with this provision, the auditor should consider whether the total amount of money granted exceeded planning materiality. .03: A direct effect means that the provision specifies: * the nature and/or dollar amount of transactions that may be incurred (such as obligation, outlay, or borrowing restrictions), * the method used to record such transactions (such as revenue recognition policies), or: * the nature and extent of information to be reported or disclosed in the annual financial statements (such as the statement of budgetary resources). For example, entity-enabling legislation may contain provisions that limit the nature and amount of obligations or outlays and therefore have a direct effect on determining amounts in the financial statements. If a provision's effect on the financial statements is limited to contingent liabilities as a result of noncompliance (typically for fines, penalties, and interest), such a provision does not have a direct effect on determining financial statement amounts. Laws identified by the auditor that have a direct effect might include (1) new laws and regulations (not yet reflected on OMB's list) and (2) entity-specific laws and regulations. The concept of direct effect is discussed in AU 801 (SAS 74) and AU 317. .04: In contrast, indirect laws relate more to the entity's operating aspects than to its financial and accounting aspects, and their financial statement effect is indirect. In other words, their effect may be limited to recording or disclosing liabilities arising from noncompliance. Examples of indirect laws and regulations include those related to environmental protection and occupational safety and health. .05: The auditor is not responsible for testing compliance controls over or compliance with any indirect laws and regulations not otherwise identified by OMB or the entity (see paragraph 245.02.a.). However, as discussed in AU 317, the auditor should make inquiries of management regarding policies and procedures for the prevention of noncompliance with indirect laws and regulations. Unless possible instances of noncompliance with indirect laws or regulations come to the auditor's attention during the audit, no further procedures with respect to indirect laws and regulations are necessary. .06: The auditor may elect to test compliance with indirect laws and regulations. For example, if the auditor becomes aware that the entity has operations similar to those of another entity that was recently in noncompliance with environmental laws and regulations, the auditor may elect to test compliance with such laws and regulations. The auditor may also elect to test provisions of direct laws and regulations that do not meet the materiality criteria in paragraph 245.02.b. but that are deemed significant, such as laws and regulations that have generated significant interest by the Congress, the media, or the public. .07: The significant provisions identified by the above procedures are intended to include provisions of all laws and regulations that have a direct and material effect on the determining of financial statement amounts and therefore comply with GAGAS, AU 801 (SAS 74), and OMB audit guidance. .08: In considering regulations to test for compliance, the auditor should consider externally imposed requirements issued pursuant to the Administrative Procedures Act, which has a defined due process. This would include regulations in the Code of Federal Regulations, but would not include OMB circulars and bulletins. Such circulars and bulletins generally implement laws, and the provisions of the laws themselves could be considered for compliance testing. Internal policies, manuals, and directives may be the basis for internal controls, but are not regulations to consider for testing for compliance. 250: Identify Relevant Budget Restrictions: .01: To evaluate budget controls (see section 295 G) and to design compliance-related audit procedures relevant to budget restrictions, the auditor should understand the following information (which may be obtained from the entity or OGC): * the Antideficiency Act (title 31 of the U.S. Code, sections 1341, 1342, 1349-1351, 1511-1519); * the Purpose Statute (title 31 of the U.S. Code, section 1301); * the Time Statute (title 31 of the U.S. Code, section 1502); * OMB Circular A-34; * title 7 of the GAO Policy and Procedures Manual for Guidance of Federal Agencies; * the Impoundment Control Act; and: * the Federal Credit Reform Act of 1990. .02: The auditor should read the following information relating to the entity's appropriation (or other budget authority) for the period of audit interest: * authorizing legislation; * enabling legislation and amendments; * appropriation legislation and supplemental appropriation legislation; * apportionments and budget execution reports (including OMB forms 132 and 133 and supporting documentation); * Impoundment Control Act reports regarding rescissions and deferrals, if any; * the system of funds control document approved by OMB; and: * any other information deemed by the auditor to be relevant to understanding the entity's budget authority, such as legislative history contained in committee reports or conference reports. Although legislative histories are not legally binding, they may help the auditor understand the political environment surrounding the entity (i.e., why the entity has undertaken certain activities and the objectives of these activities). .03: Through discussions with OGC and the entity and by using the above information, the auditor should identify all legally binding restrictions on the entity's use of appropriated funds that are relevant to budget execution, such as restrictions on the amount, purpose, or timing of obligations and outlays ("relevant budget restrictions"). Additionally, the auditor should consider any legally binding restrictions that the entity has established in its fund control regulations, such as lowering the legally binding level for compliance with the Antideficiency Act to the allotment level. .04: The auditor should obtain an understanding of the implications if the entity were to violate these relevant budget restrictions. In the internal control phase, the auditor identifies and tests the entity's controls to prevent or detect noncompliance with these relevant restrictions. The auditor may elect to evaluate controls over budget restrictions that are not legally binding but that may be considered sensitive or otherwise important. .05: During these discussions with OGC and the entity, the auditor should determine whether any of these relevant budget restrictions relate to significant provisions of laws and regulations for purposes of testing compliance. .06: For those entities that do not receive appropriated funds, the auditor should identify budget-related requirements that are legally binding on the entity. These requirements, if any, are usually found in the legislation that created the entity or its programs (such as the authorizing and enabling legislation) as well as any subsequent amendments. Although budget information on these entities may be included in the President's budget submitted to the Congress, this information usually is not legally binding. In general, certain budget- related restrictions (such as the Antideficiency Act) apply to government corporations but not to government-sponsored enterprises. Regardless, the auditor should consider the entity's budget formulation and execution as part of the control environment, as discussed in section 260. 260: IDENTIFY RISK FACTORS: .01: The auditor's consideration of inherent risk, fraud risk, control environment, risk assessment, communication, and monitoring (parts of internal control) affects the nature, timing, and extent of substantive and control tests. This section describes (1) the impact of risk factors identified during this consideration on substantive and control tests, (2) the process for identifying these risk factors, and (3) the auditor's consideration of the entity's process for reporting under FMFIA (both for internal control (section 2 of FMFIA) and for financial management systems' conformance with system requirements (section 4 of FMFIA)) and for formulating the budget. IMPACT ON SUBSTANTIVE TESTING: .02: AU 312 provides guidance on the consideration of audit risk and defines "audit risk" as the risk that the auditor may unknowingly fail to appropriately modify an opinion on financial statements that are materially misstated. Audit risk can be thought of in terms of the following three component risks: * Inherent risk is the susceptibility of an assertion to a material misstatement, assuming that there are no related internal controls. * Control risk is the risk that a material misstatement that could occur in an assertion will not be prevented or detected and corrected on a timely basis by the entity's internal control. Internal control consists of five components: (1) the control environment, (2) risk assessment, (3) monitoring, (4) information and communication, and (5) control activities (defined in paragraph 260.08 below). This section will discuss the first three of the components and communication and section 300 (Internal Control Phase) will discuss the information systems and control activities. * Detection risk is the risk that the auditor will not detect a material misstatement that exists in an assertion. AU 316 (SAS 82) requires the auditor to consider fraud risk, which is a part of audit risk, making up a portion of inherent and control risk. Fraud risk consists of the risk of fraudulent financial reporting and the risk of misappropriation of assets that cause a material misstatement of the financial statements. The auditor should specifically consider and document the risk of material misstatements of the financial statements due to fraud and keep in mind the consideration of fraud risk in designing audit procedures. Considering the risk of material fraud generally should be done concurrently with the consideration of inherent and control risk, but it should be a separate conclusion. The auditor also should consider the risk of fraud throughout the audit. Section 290 includes documentation requirements for the consideration of fraud risk. .03: Based on the level of audit risk and an assessment of the entity's inherent and control risk, including the consideration of fraud risk, the auditor determines the nature, timing, and extent of substantive audit procedures necessary to achieve the resultant detection risk. For example, in response to a high level of inherent and control risk, the auditor may perform: * additional audit procedures that provide more competent evidential matter (nature of procedures); * substantive tests at or closer to the financial statement date (timing of procedures); or: * more extensive substantive tests (extent of procedures), as discussed in section 295 E. .04: Audit assurance is the complement of audit risk. The auditor can determine the level of audit assurance obtained by subtracting the audit risk from 1. (Assurance equals 1 minus risk).[Footnote 3] AU 350.48 uses 5 percent as the allowable audit risk in explaining the audit risk model (95 percent audit assurance). The audit organization should determine the level of assurance to use, which may vary between audits based on risk. GAO auditors should use 95 percent. In other words, the GAO auditor, in order to provide an opinion, should design the audit to achieve at least 95 percent audit assurance that the financial statements are not materially misstated (5 percent audit risk). Section 470 provides guidance to the auditor on how to combine (1) the assessment of inherent and control risk (including fraud risk) and (2) substantive tests to achieve the audit assurance required by the audit organization. .05: The auditor may consider it necessary to achieve increased audit assurance if the entity is politically sensitive or if the Congress has expressed concerns about the entity's financial reporting. In this case, the level of audit assurance should be approved by the Reviewer. RELATIONSHIP TO CONTROL ASSESSMENT: .06: Internal control, as identified in AU 319 (SAS 55 amended by SAS 78), is a process--effected by an entity's governing body, management, and other personnel--designed to provide reasonable assurance regarding the achievement of objectives in the following categories (OMB audit guidance expands the category definitions as noted):[Footnote 4] * Reliability of financial reporting--transactions are properly recorded, processed, and summarized to permit the preparation of the financial statements and RSSI in accordance with generally accepted accounting principles, and assets are safeguarded against loss from unauthorized acquisition, use, or disposition. (Note that safeguarding controls (see paragraphs 310.02-.04) are considered as part of financial reporting controls, although they are also operations controls.): * Compliance with applicable laws and regulations--transactions are executed in accordance with (a) laws governing the use of budget authority and other laws and regulations that could have a direct and material effect on the financial statements or RSSI, and (b) any other laws, regulations, and governmentwide policies identified by OMB in its audit guidance. (Note that budget controls are part of financial reporting controls as they relate to the statements of budgetary resources and of financing, but that they are also part of compliance controls in that they are used to manage and control the use of appropriated funds and other forms of budget authority in accordance with applicable law. These controls are described in more detail in section 295 G.): * Effectiveness and efficiency of operations. These controls include policies and procedures to carry out organizational objectives, such as planning, productivity, programmatic, quality, economy, efficiency, and effectiveness objectives. Management uses these controls to provide reasonable assurance that the entity (1) achieves its mission, (2) maintains quality standards, and (3) does what management directs it to do. (Note that performance measures controls (those designed to provide reasonable assurance about reliability of performance reporting--transactions and other data that support reported performance measures are properly recorded, processed, and summarized to permit the preparation of performance information in accordance with criteria stated by management) are included in operations controls.): .07: Some control policies and procedures belong in more than one category of control. For example, financial reporting controls include controls over the completeness and accuracy of inventory records. Such controls are also necessary to provide complete and accurate inventory records to allow management to analyze and monitor inventory levels to better control operations and make procurement decisions (operations controls). .08: The five components of internal control relate to objectives that an entity strives to achieve in each of the three categories: financial reporting (including safeguarding), compliance, and operations (including performance measures) controls. The components are defined in AU 319 as: * The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. * Risk assessment is the entity's identification and analysis of relevant risks to achievement of its objectives, forming a basis for determining how the risks should be managed. * Information and communication are the identification, capture, and exchange of information in a form and time frame that enable employees to carry out their responsibilities. * Monitoring is a process that assesses the quality of internal control performance over time. * Control activities are the policies and procedures that help ensure that management directives are carried out. PROCESS FOR IDENTIFYING RISK FACTORS: .09: In the planning phase, the auditor should (1) identify conditions that significantly increase inherent, fraud, and control risk (based on identified control environment, risk assessment, communication, or monitoring weaknesses) and (2) conclude whether any identified control risks preclude the effectiveness of specific control activities in significant applications. The auditor identifies specific inherent risks, fraud risks, and control environment, risk assessment, communication, and monitoring weaknesses based on information obtained earlier in the planning phase, primarily from understanding the entity's operations and preliminary analytical procedures. The auditor considers factors such as those listed in paragraphs 260.16-.51 in identifying such risks and weaknesses. These factors are general in nature and require the auditor's judgment in determining (1) the extent of procedures (testing) to identify the risks and weaknesses and (2) the impact of such risks and weaknesses on the entity and its financial statements. Because this risk consideration requires the exercise of significant audit judgment, it should be performed by experienced audit team personnel. .10: The auditor considers the implications of these risk factors on related operations controls. For example, inherent risk may be associated with a material liability for loan guarantees because it is subject to significant management judgment. In light of this inherent risk, the entity should have strong operations controls to monitor the entity's exposure to losses from loan guarantees. Potential weaknesses in such operations controls could significantly affect the ultimate program cost. Therefore, the need for operations controls in a particular area or the awareness of operations control weaknesses related to these risk factors should be identified and considered for further review, as discussed in section 275. .11: Specific conditions that may indicate inherent or fraud risks or control environment, risk assessment, communication, or monitoring weaknesses are provided in sections 295 A and 295 B, respectively. These sections are designed to aid the auditor in identifying these risks and weaknesses but are not intended to be all inclusive. The auditor should consider any other factors and conditions deemed relevant. .12: The auditor identifies and documents any significant risk factors after considering (1) his/her knowledge of the entity (obtained in previous steps in the planning phase); (2) the risk factors discussed in paragraphs 260.16-.51 and in sections 295 A and 295 B; and (3) other relevant factors. These risks and weaknesses and their impact on proposed audit procedures should be documented on the General Risk Analysis (GRA) or equivalent (see section 290). The auditor also should summarize and document any account-specific risks on the Account Risk Analysis (ARA) or equivalent (see sections 290 and 395 I). .13: For each risk factor identified, the auditor documents the nature and extent of the risk or weakness; the condition(s) that gave rise to that risk or weakness; and the specific cycles, accounts, line items, and related assertions affected (if not pervasive). For example, the auditor may identify a significant risk that the valuation of the net receivables line item could contain a material misstatement due to (1) the materiality of the receivables and potential allowance, (2) the subjectivity of management's judgment related to the loss allowance (inherent risk), and (3) management's history of aggressively challenging any proposed adjustments to the valuation of the receivables (control environment weakness). The auditor should also document other considerations that may mitigate the effects of identified risks and weaknesses. For example, the use of a lock box (a control activity) may mitigate inherent risks associated with the completeness of cash receipts. .14: The auditor also should document, in the GRA or equivalent, the overall effectiveness of the control environment, risk assessment, communication, and monitoring, including whether weaknesses preclude the effectiveness of specific control activities. The focus should be on management's overall attitude, awareness, and actions, rather than on specific conditions related to a control environment, risk assessment, communication, or monitoring factor. This assessment will be considered when determining the control risk associated with the entity. .15: In assessing the control environment, risk assessment, communication, and monitoring, the auditor should specifically assess the quality of the entity's process for compliance with FMFIA (see paragraphs 260.43- .47) and should obtain an overall understanding of the budget formulation process (see paragraph 260.51). INHERENT RISK FACTORS: .16: Inherent risk factors incorporate characteristics of an entity, a transaction, or account that exist due to: * the nature of the entity's programs, * the prior history of audit adjustments, or: * the nature of material transactions and accounts. The assessment of inherent risk generally should be limited to significant programs, transactions, or accounts. For each factor listed below, section 295 A lists conditions that may indicate inherent risk. a. Nature of the entity's programs: The mission/business of an entity includes the implementation of various programs or services. The characteristics of these programs or services affect the entity's susceptibility to errors and fraud and sensitivity to changes in economic conditions. For example, student loan guarantee programs may be more susceptible to errors and fraud because of loans issued and serviced by third parties. b. Prior history of significant audit adjustments: Significant audit adjustments identified in previous financial statement audits or other audits often identify problem areas that may result in financial statement misstatements. For example, the prior year's audit may have identified the necessity for recording a contingent liability as the result of certain economic conditions. The auditor could then focus on: * determining whether similar conditions continue to exist; * understanding management's response to such conditions (including implementation of controls), if any; and: * assessing the nature and extent of the related inherent risk. c. Nature of material transactions and accounts: The nature of an entity's transactions and accounts has a direct relation to the risk of errors or fraud. For example, accounts involving subjective management judgments, such as loss allowances, are usually of higher risk than those involving objective determinations. INFORMATION SYSTEMS (IS) EFFECTS ON INHERENT RISK: Information systems (IS) do not affect the audit objectives for an account or a cycle. However, IS can introduce inherent risk factors not present in a manual accounting system. The auditor should (1) consider each of the following IS factors and (2) assess the overall impact of IS processing on inherent risk. The impact of these factors typically will be pervasive in nature. An IS auditor may assist the auditor in considering these factors and making this assessment. More detail on assessing IS controls in a financial statement audit is available in FISCAM, and a flowchart of the steps to follow is in section 295 J. a. Uniform processing of transactions: Because IS process groups of identical transactions consistently, any misstatements arising from erroneous computer programming will occur consistently in similar transactions. However, the possibility of random processing errors is reduced substantially in computer-based information systems. b. Automatic processing: The information system may automatically initiate transactions or perform processing functions. Evidence of these processing steps (and any related controls) may or may not be visible. c. Increased potential for undetected misstatements: Computers use and store information in electronic form and require less human involvement in processing. This increases the potential for individuals to gain unauthorized access to sensitive information and to alter data without visible evidence. Due to the electronic form, changes to computer programs and data are not readily detectible. Also, users may be less likely to challenge the reliability of computer output than manual reports. d. Existence, completeness, and volume of the audit trail: The audit trail is the evidence that demonstrates how a specific transaction was initiated, processed, and summarized. For example, the audit trail for a purchase could include a purchase order, a receiving report, an invoice, invoice register (purchases summarized by day, month, and/or account), and general ledger postings from the invoice register. Some computerized financial management systems are designed so that the audit trail exists for only a short period (such as in on-line systems), only in an electronic format, or only in summary form. Also, the information generated may be too voluminous to allow effective manual review. For example, one posting to the general ledger may result from the computer summarization of information from hundreds of locations. e. Nature of the hardware and software used in IS: The nature of the hardware and software can affect inherent risk, as illustrated below: * The type of computer processing (on-line, batch-oriented, or distributed) presents different levels of inherent risk. For example, the inherent risk of unauthorized transactions and data entry errors may be greater for on-line processing than for batch-oriented processing. * Peripheral access devices or system interfaces can increase inherent risk. For example, Internet and dial-up access to a system increases the system's accessibility to additional persons and therefore increases the risk of unauthorized access to computer resources. * Distributed networks enable multiple computer processing units to communicate with each other, increasing the risk of unauthorized access to computer resources and possible data alteration. On the other hand, distributed networks may decrease the risk of conflicting computerized data between multiple processing units. * Applications software developed in-house may have higher inherent risk than vendor-supplied software that has been thoroughly tested and is in general commercial use. f. Unusual or nonroutine transactions: As with manual systems, unusual or nonroutine transactions increase inherent risk. Programs developed to process such transactions may not be subject to the same procedures as programs developed to process routine transactions. For example, the entity may use a utility program to extract specified information in support of a nonroutine management decision. FRAUD RISK FACTORS: .18: The auditor is concerned with fraud that causes a material misstatement of the financial statements. Fraud is distinguished from error in that the action causing the misstatement in fraud is intentional. Two types of misstatements are relevant in the auditor's consideration of fraud in a financial statement audit--misstatements arising from fraudulent financial reporting and misstatements arising from misappropriation of assets. .19: Misstatements arising from fraudulent financial reporting are intentional misstatements or omissions of amounts or disclosures in financial statements to deceive financial statement users. Misstatements arising from misappropriation of assets involve the theft of an entity's assets causing the financial statements not to be presented in conformity with GAAP. .20: Both types of fraud usually involve a pressure or incentive to commit fraud and a perceived opportunity to do so. Many experts believe that fraud requires that both be present. Fraud may be concealed through falsified documentation. In a financial statement audit, the auditor does not have a responsibility to authenticate documents. Fraud also may involve collusion, which may cause evidence to appear persuasive when it is not. Although fraud is usually concealed, the presence of risk factors or other conditions may alert the auditor to a possibility of fraud. For example, documents may be missing or records out of balance. However, these conditions may be the result of errors rather than fraud. Identification of Fraud Risk Factors: .21: The auditor should specifically consider and document the risk of material misstatement of the financial statements due to fraud and keep the consideration in mind in designing audit procedures. Considering the risk of material fraud generally should be done concurrently with the consideration of inherent and control risk, but it should result in specific identification of fraud risk factors that are present and the auditor's response to the factors. Although fraud risk factors do not necessarily indicate the presence of fraud, they have often been found in situations where fraud has occurred. .22: As part of the consideration of fraud risk, in addition to obtaining representations about fraud risk in the management representation letter (see section 1001), the auditor should inquire of management (a) to obtain management's understanding regarding the risk of fraud in the entity and (b) to learn whether management has knowledge of fraud perpetrated on or within the entity. In addition, if the entity has established a program to prevent, deter, and detect fraud, the auditor should ask the fraud prevention program managers whether the program has identified fraud risk factors. .23: Inspectors general often report numerous cases of fraud and have significant experience in this area. The auditor should obtain information about instances of fraud identified by the IG, ask the Special Investigator Unit to summarize how cases of reported fraud were committed, and ask management whether controls have been strengthened, to consider whether there is a risk of material fraud. .24: Fraud risk factors that relate to misstatements arising from fraudulent financial reporting may be grouped in three categories as follows: * Industry conditions. These factors involve the economic and regulatory environment in which the entity operates. * Operating characteristics and financial stability. These factors pertain to the nature and complexity of the entity and its transactions, the entity's financial condition, and its profitability. * Management's characteristics and influence over the control environment. These factors pertain to management's abilities, pressures, style, and attitude relating to internal control and the financial reporting process. The first two of these categories contain factors that are also inherent risk factors mentioned in the earlier paragraphs of this section and the third category contains factors that are also control risk factors as discussed in subsequent paragraphs. Examples of fraud risk factors in each of these three categories in the federal government are included in sections 295 A and B. .25: Fraud risk factors that relate to misstatements arising from misappropriation of assets may be grouped in two categories as follows: * Susceptibility of assets to misappropriation. These factors pertain to the nature of an entity's assets and the degree to which they are subject to theft. * Controls. These factors involve the lack of controls designed to prevent or detect misappropriations of assets. Examples of fraud risk factors in the first of these two categories in the federal government are also included in section 295 A, and examples of the second category are included in section 295 B. .26: It is not necessary for the auditor to search for indications of financial or other stress on employees that might make them likely to commit fraud. However, if the auditor becomes aware of such information, he or she should keep it in mind in considering the risk of material misstatement due to fraud. Other similar information would include disgruntled employees, anticipated layoffs, and known unusual changes in behavior or lifestyle of employees with access to assets susceptible to misappropriation. The Auditor's Response to the Fraud Risk Consideration: .27: The risk of material misstatement due to fraud always exists to some degree. The auditor should decide whether the audit procedures already planned are sufficient to respond to the fraud risk factors found or whether there is a need to modify the planned audit procedures. If audit procedures need to be modified, the auditor should decide whether an overall response is appropriate or whether the response should be specific to a particular account balance, class of transactions, or assertion or whether both an overall and a specific response are called for. If it is not practicable, as part of a financial statement audit, to modify planned audit procedures sufficiently to address the fraud risk, the auditor should consider requesting assistance from the Special Investigator Unit. See section 290 for documentation re* quirements. .28: The auditor may decide that an overall response covering one or more of the following is appropriate: * Professional skepticism. Due professional care requires the exercise of professional skepticism--an attitude that includes a questioning mind and critical assessment of audit evidence. With an increased risk of material misstatement due to fraud, professional skepticism may cause the auditor to examine documentation of a different nature and greater extent in support of material transactions, or to corroborate management representations more extensively. * Assignment of audit personnel. The qualifications and extent of supervision of personnel assigned on an audit generally should be commensurate with the level of fraud risk. * Accounting principles and policies. With a greater risk of material misstatement due to fraud, the auditor may have a greater concern about whether management may apply accounting principles and policies in an inappropriate manner to create a material misstatement of the financial statements and may need to test more extensively. * Controls. If increased fraud risk exists because of risk factors that have control implications, the auditor may have to assess control risk as high. However, understanding controls in this situation may be even more important than otherwise. The auditor generally should understand how controls (or lack thereof) relate to the fraud risk factors, while noting the extent of management's ability to override controls. .29: Also in an overall response, the nature, timing, and extent of procedures related to certain accounts and assertions may be modified as follows: * The nature may be changed to obtain more reliable evidence or further corroboration, such as from independent sources outside the entity. For example, physical observation of certain assets may become more important. * The timing of substantive tests may be closer to or at year end. * The extent of procedures may involve larger sample sizes or more extensive analytical procedures. .30: The auditor may determine that a specific response is required due to the types of risk factors identified and the accounts and assertions that may be affected. Examples of specific responses are in section 295 I. .31: The consideration of fraud risk is a cumulative process that should be ongoing throughout the audit. Fraud risk factors may be identified at any time during the audit. Also, other conditions may be identified during fieldwork that change or support a judgment regarding fraud risk, such as discrepancies in the accounting records, conflicting or missing evidential matter, or problematic or unusual relationships between management and the auditor. Thus the auditor should continue to be aware of the risk of fraud, and at the conclusion of the audit, the auditor should consider whether the accumulated results of audit procedures and other observations affect the consideration of the risk of material misstatement due to fraud. (See section 540.): CONTROL ENVIRONMENT FACTORS: .32: As discussed in AU 319 (SAS 55 amended by SAS 78), control environment risk factors incorporate management's attitude, awareness, and actions concerning the entity's control environment. These factors include: * integrity and ethical values, * commitment to competence, * management's philosophy and operating style, * organizational structure, * assignment of authority and responsibility, * human resource policies and practices, * management's control methods over budget formulation and execution, * management's control methods over compliance with laws and regulations, and: * the functioning of oversight bodies (including congressional committees). .33: The auditor should obtain sufficient knowledge of the control environment to determine whether the collective effect of these factors establishes, enhances, or mitigates the effectiveness of specific control activities. In making this determination, the auditor should consider the following factors and their effect on internal control. For each factor listed below, section 295 B lists conditions that may indicate control environment weaknesses. a. Integrity and ethical values: Control effectiveness cannot rise above the integrity and ethical values of those who create, administer, and monitor the controls. Integrity and ethical values are essential elements of the control environment, affecting the design, administration, and monitoring of the other components. Integrity and ethical behavior result when the entity and its leaders have high ethical and behavioral standards and properly communicate them and reinforce them in practice. The standards include management's actions to remove or reduce incentives and temptations that might prompt personnel to engage in dishonest, illegal, or unethical acts. The communication of entity values and behavioral standards to personnel takes place through policy statements and codes of conduct and by example. b. Commitment to competence: Competence is the knowledge and skills necessary to accomplish tasks required by an individual's job. Commitment to competence includes management's consideration of the competence levels for various jobs and the requisite skills and knowledge. c. Management's philosophy and operating style: Management's philosophy and operating style encompass a broad range of beliefs, concepts, and attitudes. Such characteristics may include management's approach to taking and monitoring operational/program risks, attitudes and actions toward financial reporting, emphasis on meeting financial and operating goals, and management's attitude toward information processing, accounting, and personnel. d. Organizational structure: An entity's organizational structure provides the overall framework for planning, directing, and controlling operations. The organizational structure should appropriately assign authority and responsibility within the entity. An organizational structure includes the form and nature of an entity's organizational units, including the data processing organization, and related management functions and reporting relationships. e. Assignment of authority and responsibility: An entity's policies or procedures for assigning authority for operating activities and for delegating responsibility affect the understanding of established reporting relationships and responsibilities. This factor includes policies relating to appropriate business practices, knowledge and experience of key personnel, and resource allocations. It also includes policies and communications to ensure that all personnel understand the entity's objectives, how they contribute to these objectives, and how and for what they will be held accountable. f. Human resource policies and practices: Human resource policies and practices affect an entity's ability to employ sufficient competent and trustworthy personnel to accomplish its goals and objectives. Such policies and practices include hiring, training, evaluating, promoting, compensating, and assisting employees in the performance of their assigned responsibilities by giving them the necessary resources. g. Management's control methods over budget formulation and execution: Management's budget control methods affect the authorized use of appropriated funds. Budget formulation is discussed in more detail in paragraph 260.51, and controls over budget execution (budget controls) are addressed in more detail in section 300. h. Management's control methods over compliance with laws and regulations: Such methods have a direct impact on an entity's compliance with applicable laws and regulations. (Compliance controls are addressed in more detail in section 300). i. The functioning of oversight groups: An entity's oversight groups typically are responsible for overseeing both business activities and financial reporting. The effectiveness of an oversight group is influenced by its authority and its role in overseeing the entity's business activities. In the federal government, oversight groups are the Congress and the central agencies (OMB, Treasury, GSA, OPM, and GAO). Within agencies, senior management councils may also have a role in overseeing operations and programs. RISK ASSESSMENT FACTORS: .34: Risk assessment is an entity's internal process for identifying, analyzing, and managing risks relevant to achieving the objectives of reliable financial reporting, safeguarding of assets, and compliance with budget and other laws and regulations. For example, risk assessment may address how the entity analyzes significant estimates recorded in the financial statements or how it considers the possibility of unrecorded transactions. Risks can arise due to both internal and external circumstances such as: * changes in the operating or statutory environment, * new personnel who may have a different focus on internal control, * new or significantly changed information systems, * rapid growth of programs which can strain controls, * new technology which may change risks, * new programs or activities which may introduce new control risks, * restructurings or budget cutbacks which may include downsizing and changes in supervision and segregation of duties, or: * adoption of new accounting principles which may affect risks in preparing financial statements. .35: The auditor should gain sufficient knowledge of the entity's risk assessment process to understand how management considers risks relevant to the objectives of financial reporting (including safeguarding), and compliance with budget and other laws and decides what actions to take. This understanding may include how management identifies risks, estimates their significance, assesses the likelihood of occurrence, and relates them to financial reporting. COMMUNICATION FACTORS: .36: Communication involves providing an understanding of individual roles and responsibilities pertaining to internal control. It includes the extent to which personnel understand how their activities relate to the work of others and the means of reporting exceptions to an appropriate higher level within the entity. Open communication channels help ensure that exceptions are reported and acted on. Communication takes such forms as policy manuals, accounting and financial reporting manuals, and memoranda. Communication also may be electronic, oral, and through the actions of management in demonstrating acceptable behavior. .37: The auditor should obtain sufficient knowledge of the means the entity uses to communicate roles and responsibilities for, and significant matters relating to financial reporting, safeguarding, and compliance with budget and other laws and regulations. MONITORING FACTORS: .38: Monitoring is the process by which management assesses the quality of internal control performance over time. This may include ongoing activities, such as regular management and supervision, or communications from external parties, such as customer complaints or regulator comments that may indicate areas in need of improvement. This also may include separate evaluations, such as FMFIA work and IG or internal auditor work, or a combination of ongoing activities and separate evaluations. .39: The auditor should gain sufficient knowledge of the major types of activities the entity uses to monitor internal control over financial reporting, including safeguarding, and compliance with budget and other laws and regulations and how those activities are used to initiate corrective actions. .40: The IG's office or internal audit is often an important part of monitoring. The IG's office is responsible for (1) conducting and supervising audits and investigations relating to programs and operations, (2) providing leadership and coordination, including recommending policies for programs and operations, and (3) keeping the entity head and the Congress informed about problems and deficiencies, including the progress of corrective actions. The auditor should assess the effectiveness of the IG or internal audit as a monitoring control. However, if the auditor is the IG, the office should not attempt to assess its effectiveness as a control. Evaluating an IG's office or internal audit includes consideration of its authority and reporting relationships, the qualifications of its staff, and its resources. (In using the work of the IG or internal auditors, refer to section 650.): IS EFFECTS ON THE CONTROL ENVIRONMENT, RISK ASSESSMENT, COMMUNICATION, AND MONITORING: .41: IS affects the effectiveness of the control environment, risk assessment, communication, and monitoring. For example, controls that normally would be performed by separate individuals in manual systems may be concentrated in one computer application and pose a potential segregation-of-duties problem. .42: The auditor should consider the following IS factors in making an overall assessment of the control environment, risk assessment, communication, and monitoring. An IS auditor may assist the auditor in considering these factors: a. Management's attitudes and awareness with respect to IS: Management's interest in and awareness of IS functions is important in establishing an organizationwide consciousness of control issues. Management may demonstrate such interest and awareness by: * considering the risks and benefits of computer applications; * communicating policies regarding IS functions and responsibilities; * overseeing policies and procedures for developing, modifying, maintaining, and using computers and for controlling access to programs and files; * considering the inherent and control risk, including fraud risk, related to IS; * responding to previous recommendations or concerns; * quickly and effectively planning for, and responding to, computerized processing crises; and: * depending on computer-generated information for key operating decisions. b. Organization and structure of the IS function: The organizational structure affects the control environment. Centralized structures often have a single computer processing organization and use a single set of system and applications software, enabling tighter management control over IS. In decentralized structures, each computer center generally has its own computer processing organization, application programs, and system software, which may result in differences in policies and procedures and various levels of compliance at each location. c. Clearly defined assignment of responsibilities and authority: Appropriate assignment of responsibility according to typical IS functional areas can affect the control environment. Factors to consider include: * how the position of the Chief Information Officer (CIO) fits into the organizational structure; * whether duties are appropriately segregated within the IS function, since lack of segregation typically affects all systems; * the extent to which management external to the IS function is involved in major systems development decisions; and: * the extent to which policies, standards, and procedures are documented, understood, followed, and enforced. d. Management's ability to identify and to respond to potential risk: Computer processing, by its nature, introduces additional risk factors. The entity should be aware of these risks and should develop appropriate policies and procedures to respond to any IS issues that might occur. Factors to consider include: * the methods for monitoring incompatible functions and for enforcing segregation of duties and: * management's mechanism for identifying and responding to unusual or exceptional conditions. FEDERAL MANAGERS' FINANCIAL INTEGRITY ACT OF 1982: .43: In considering the control environment, risk assessment, communication, and monitoring, the auditor should assess the quality of the FMFIA process to provide evidence of management's control consciousness and the overall quality of the control environment, risk assessment, communication, and monitoring. In this regard, the quality of the FMFIA process is a good indicator of management's (1) philosophy and operating style, (2) assignment of authority and responsibility, and (3) control methods for monitoring and follow-up. The FMFIA process also may be the basis for management's assertion about the effectiveness of internal control (section 2) and about the entity's financial management systems' substantial compliance with FFMIA requirements (section 4). .44: In considering the quality of the FMFIA process, the auditor generally should perform the following procedures. If the entity does not issue its own FMFIA report, the auditor should perform the following with respect to information the entity contributes to the FMFIA report in which the entity is included. Read: * the FMFIA report, * important workpapers prepared by the entity in support of the FMFIA report, * IG reports on FMFIA compliance, * OMB's most recent annual letter concerning FMFIA reporting, and: * management's description of the FMFIA process. Discuss the FMFIA process with appropriate entity management (including management's opinion of the quality of the process). Understand: * how the FMFIA process is organized; * who is assigned to manage the process, including the staffing level, experience and qualifications of assigned personnel, and reporting responsibilities; and: * how the process finds and evaluates weaknesses. * Identify the entity's actions on previously reported weaknesses and examine agency documentation that demonstrates the results/ effectiveness of those actions. * Determine whether the audit finds different issues from those identified in the FMFIA process. (If so, see section 580 for reporting on FMFIA.): .45: In assessing the quality of the FMFIA process, the auditor should consider whether management procedures and supporting documentation are sufficient to (1) provide management with reasonable assurance that FMFIA objectives have been achieved and (2) meet OMB requirements. This assessment is based on the auditor's overview and is not a result of extensive tests. Factors for the auditor to consider may include: * evidence of efforts to rectify previously identified material weaknesses; * management's commitment of resources to the FMFIA process, as reflected in the skills, objectivity, and number of personnel assigned to manage the process; * extent to which management's methodology and assessment process conform to the guidance in Circulars A-123 ( June 21, 1995) and A-127 (July 23, 1993 and revisions in Transmittal Memorandum No. 2, dated June 10, 1999) and related OMB guidelines; * IG and internal auditor involvement (if any); * the process used to identify and screen material weaknesses as FMFIA reports are consolidated and moved up the entity's hierarchy; and: * the sources that identify material weaknesses, since items identified by management personnel, rather than from IG, GAO, or other external reports, demonstrate that the process can detect and report weaknesses. .46: The auditor's assessment of the quality of the FMFIA process will affect the auditor's ability to use information in the FMFIA report and supporting documentation when identifying risks, testing controls, and preparing workpapers. The higher the quality of the FMFIA process, the more likely the auditor will be able to use the FMFIA findings in the financial audit. The auditor should document the assessment of the quality of the FMFIA process in the audit workpapers. Regardless, any material weaknesses identified in the FMFIA report should be considered in considering risk. .47: The reliance that the auditor places on management's FMFIA work depends on a number of factors as discussed in FAM 650 (under revision). Federal Financial Management Improvement Act of 1996: .48: As part of its FMFIA work, management determines whether its financial management systems comply with the requirements found in OMB Circular A-127, Financial Management Systems. Under FFMIA, the auditor is required to report whether the financial management systems' substantially comply with those requirements. Further, OMB issues guidance that agencies and auditors should consider when addressing compliance with FFMIA. .49: During the planning phase, the auditor generally should understand what management did to determine that the entity's systems were in substantial compliance in order to report under FMFIA. The entity may have used the OMB FFMIA guidance, the GAO Financial Management Series of checklists for Systems Reviewed Under the Federal Financial Management Improvement Act of 1996, the draft JFMIP Financial Management Systems Compliance Review Guide (http://www.financenet.gov/ financenet/fed/jfmip/fmscrg.pdf), or other tools. The auditor generally should review this documentation in the internal control phase of the audit to determine the degree to which he or she may rely on it as discussed in section 650 (under revision). (See section 320.): .50: If the entity previously had an assessment made of its financial management systems' substantial compliance with these requirements that resulted in lack of substantial compliance, the auditor should read the remediation plan required by FFMIA and note whether the plan appears feasible and likely to remedy the deficiencies. BUDGET FORMULATION: .51: While assessing the control environment, risk assessment, communication, and monitoring, the auditor should obtain an overall understanding of the budget formulation process. The auditor does this to understand better how misstatements and internal control weaknesses affect the budget formulation process and, possibly, to consider the budget process as a control. Based on discussions with entity management responsible for the budget formulation process and review of budget documents, the auditor should consider: * the entity's process for developing and summarizing the budget, * the nature and sufficiency of instructions and training provided to individuals responsible for developing the budget, * the extent that individuals involved in approving budget requests are also involved in the budget formulation process, * the general extent to which the budget is based on historical information, * the reliability of information on which the budget is based, * the extent to which the budget formulation system is integrated with the budget execution system, and: * the extent of correlation between information developed in the budget formulation process and the allotments and suballotments in the budget execution system. [End of section] 270 - DETERMINE LIKELIHOOD OF EFFECTIVE INFORMATION SYSTEM CONTROLS: .01: Controls are considered IS controls if their effectiveness depends on computer processing. In the planning phase, the auditor (with the assistance of the IS auditor and using FISCAM or another appropriate methodology) should determine whether IS controls are likely to be effective and should therefore be considered in the internal control phase. The auditor may coordinate work done to meet the requirements of Division A, Title X, Subtitle G (Government Information Security Reform) of the National Defense Authorization Act for Fiscal Year 2001 (P.L. 106-398) with work done as part of the financial statement audit. (See section 295 J for a flowchart of steps in assessing IS controls in a financial statement audit.) The procedures to be performed build on those procedures performed while understanding the entity's operations and assessing the effects of IS on inherent risk and the control environment, risk assessment, communication, and monitoring. AU 319 (SAS 55, as amended by SAS 78 and SAS 94) requires the auditor to sufficiently understand each of the five components of internal control--control environment, risk assessment, information and communications, monitoring, and control activities--to plan the audit. This understanding should include relevant IS aspects. .02: Computerized financial management systems are used extensively in the federal government. While many of these systems are mainframe based, numerous other technologies also exist. Some of these systems share programs and data files with one another. Others may be networked into major subsystems. In addition to producing financial and accounting information, such systems typically generate other information used in management decision-making. .03: As discussed in paragraph 260.06, the auditor evaluates and tests the following types of controls in a financial statement audit: * financial reporting controls, * compliance controls, and: * certain operations controls (to the extent described in section 275). .04: For each of the controls to be evaluated and tested, the auditor should distinguish which are IS controls. IS controls--those whose effectiveness depends on computer processing--can be classified into three types (described in section 295 F): * general controls, * application controls, and: * user controls. Testing of technical IS controls should be performed by an IS auditor as described in section 360. The audit team may assist the IS auditor by testing user controls and application controls involving manual follow-up. .05: In the planning phase, the auditor and the IS auditor should understand each of the three types of IS controls to the extent necessary to tentatively conclude whether IS controls are likely to be effective. If they are likely to be effective, the auditor should consider specific IS controls in determining whether control objectives are achieved (in the internal control phase). .06: If IS controls are not likely to be effective, the auditor (with the assistance of the IS auditor) should obtain a sufficient understanding of control risks arising from IS to develop appropriate findings and to plan substantive testing. Also, in the internal control phase, the auditor generally should focus on the effectiveness of manual controls in achieving control objectives. If IS controls are not likely to be effective due to poor general controls and if manual controls do not achieve the control objectives, the auditor should identify and evaluate, but not test, any specific IS controls that are designed to achieve the control objectives (to provide recommendations to improve internal control). .07: In the planning phase, the auditor and the IS auditor generally limit the understanding of general controls to those at an overall entity level. However, obtaining this understanding generally requires visits to selected installations. General controls related to an installation level and to specific applications will be considered in more detail in the internal control phase. In assessing general controls, the auditor and the IS auditor should consider the results of past internal and external reviews. .08: The auditor should keep in mind that, as stated in SAS 94, paragraph 66, in some circumstances, such as where a significant amount of information is electronically initiated, recorded, processed, and reported, it may not be practical or possible to restrict detection risk to an acceptable level by performing only substantive tests for one or more financial statement assertions. In such circumstances, the auditor should test IS controls to obtain evidential matter about the effectiveness of both the design and operation of controls to reduce the assessed level of control risk. [End of section] 275 - IDENTITY RELEVANT OPERATIONS CONTROLS TO EVAULATE AND TEST: .01: The overall intent of the CFO Act is to improve the quality of federal financial management. Reliable financial information and effective internal control are important to the quality of such federal financial management. In a financial statement audit, the auditor draws a conclusion about the effectiveness of certain financial reporting (including safeguarding and budget) and compliance (including budget) controls. For operations controls, the auditor: * may evaluate certain operations controls considered relevant (see paragraphs 275.02-.07), * should evaluate and test operations controls that are relied on in performing audit procedures (see paragraph 275.08), and: * should understand the components of internal control relating to the existence and completeness (and valuation is required for GAO audits) assertions relevant to the performance measures reported in the MD&A, in order to report on those controls that have not been properly designed and placed in operation, but does not need to test those controls, although he or she may decide to do so (see paragraph 275.09). RELEVANT OPERATIONS CONTROLS: .02: For the potential operations control needs of the entity or for operations control weaknesses identified through the procedures described in paragraphs 275.04-.07, the auditor should determine whether the evaluation of related controls should (1) be included in the financial audit, (2) become a separate audit, or (3) not be performed but any weaknesses be reported to the IG. In making this determination, the auditor might consider the following factors: * the significance of the operations control to the entity's operations, * the time required to identify and test the operations control, * available resources, and: * congressional interest. .03: Audit team management should agree on the operations controls that are to be evaluated and tested as part of the financial audit. Such operations controls should be documented in the workpapers. For example, audit management may require that before evaluating and testing a specific operations control, the audit team submit relevant information to audit management on a standard form developed by the audit team. .04: In the planning phase and throughout the audit, the auditor generally should identify significant areas where the entity would be expected to have operations controls. The auditor may become aware of these areas, as well as potential weaknesses in operations controls, through: * understanding the entity's operations. * planning the audit procedures, * understanding audit risks and weaknesses in financial reporting and compliance controls, * understanding the cause of misstatements noted, or: * observations made during on-site fieldwork. .05: In obtaining an understanding of the entity's operations, the auditor should identify those areas that are critical to such operations. For each of these areas, the entity should have effective operations controls. Also, in planning the audit, the auditor may identify operations controls that could be evaluated in conjunction with planned audit and other procedures. For example, the auditor may evaluate whether management considered appropriate order quantities for each inventory purchase selected in a test of inventory purchases. .06: The auditor identifies specific risks and weaknesses in planning and performing the audit and in determining the causes of misstatements requiring audit adjustments. The auditor should consider the implications of those risks and weaknesses on the entity's operations controls. For example, misstatements in inventory records may indicate weaknesses in operations controls whose effectiveness depends on accurate inventory records. This would include the operations controls for maintaining proper inventory levels. .07: The auditor should be alert to any opportunities to recommend improvements to operations controls. Such opportunities could come to light while visiting the entity's various locations and performing the financial audit. OPERATIONS CONTROLS RELIED ON IN THE AUDIT: .08: If any contemplated audit procedure relies on operations controls, the auditor should identify and test such controls. For example, assume that an auditor is using substantive analytical procedures, based on entity-generated "per unit" statistics, to test the reasonableness of certain operating costs. The auditor plans to compare such "per unit" statistics with published costs incurred by similar operations. The auditor will need to identify and test the entity's operations controls over the production of these internal statistics. OPERATIONS CONTROLS OVER REPORTED PERFORMANCE MEASURES: .09: OMB audit guidance requires the auditor to understand the design of internal controls over the existence and completeness (see definition in paragraph 235.02) assertions (and GAO has added valuation as a requirement for its audits) related to the performance measures the entity reports on in the MD&A and whether they have been placed in operation. However, OMB does not require the auditor to test the controls (determine operating effectiveness), although he or she may decide to do so. The procedures the auditor performs to gain the understanding do not need to be extensive but may consist of discussions, observations, and walkthroughs (see AU 319.41-.43). [End of section] 280 - PLAN OTHER AUDIT PROCEDURES: .01: The auditor should consider the following areas during the planning phase, even though many related audit procedures will be applied during the other phases. INQUIRIES OF ATTORNEYS: .02: As discussed in AU 337 and section 550, the auditor should make inquires of the entity's counsel and perform other audit procedures regarding litigation, claims, and assessments. Because of the amount of the time needed by management and the attorneys to gather and report the necessary information (including the potential need for management to inquire of Department of Justice attorneys on a case-specific basis), the auditor should plan the following procedures (which are described in more detail in AU 337) for an appropriate time in the audit: * making inquiries of management regarding their policies and procedures used for identifying, evaluating, and accounting for litigation, claims, and assessment; * obtaining a description and evaluation of all such matters existing as of the balance sheet date and through the date of management's response (which should be near the end of fieldwork); * obtaining evidence regarding attorneys used by the entity and matters handled; and: * sending letters of audit inquiry to attorneys (the auditor should consider the aggregation of cases in deciding on the materiality to include in the legal letter to ensure it is sufficiently low). MANAGEMENT REPRESENTATIONS: .03: As discussed in section 550, the auditor is required to obtain a representation letter from management on specific matters prior to completion of the audit. Particularly during first year audits and when standards change, the auditor may want to discuss these required representations with management early in the audit to identify and resolve any difficulties related to obtaining these representations. Note that for federal government auditors, these representations include (1) the effectiveness of internal control, (2) financial management systems' substantial compliance with FFMIA requirements, and (3) compliance with laws and regulations. Additional guidance on management representations is provided in AU 333, AU 801, SSAE 2, and section 1001 (Part II). Also, per SAS 89, a summary of uncorrected misstatements aggregated by the auditor is to be included or attached to the letter, which shall state management's belief that the effects of the misstatements are immaterial to the financial statements taken as a whole, both individually and in the aggregate. (See section 595 D for an example summary of uncorrected misstatements.): RELATED PARTY TRANSACTIONS: .04: AU 334 and section 1006 provide guidance on audit procedures that should be performed to identify related parties and related party transactions as well as examining these transactions for appropriate disclosure in the financial statements. During the planning phase, the auditor should perform procedures to identify and document related parties and the nature of related party transactions that might need to be disclosed in the financial statements and related notes. Such information should be distributed to all members of the audit team for use in summarizing and testing related party transactions and identifying any additional related parties. SENSITIVE PAYMENTS: .05: In the planning phase, the auditor should consider the audit procedures that will be applied to sensitive payments. Sensitive payments encompass a wide range of executive functions including executive compensation, travel, official entertainment funds, unvouchered expenses, and consulting services. See GAO's technical guideline 8.1.2, Guide for Review of Sensitive Payments. REACHING AN UNDERSTANDING WITH MANAGEMENT AND REQUESTERS: .06: During planning, it is important that the auditor reach an understanding with the entity's management and individuals contracting for or requesting the audit, about the work to be performed, as required by AU 310 and Amendment No. 2 to Government Auditing Standards (paragraphs 4.6.3-4.6.9). If the audit is done based on the request of a committee or member of Congress, the auditor should communicate with that committee or member as well as management. If the audit is required by law or is self-initiated, the auditor should communicate with the committee members or staff who have oversight of the auditee as well as management. .07: The auditor should communicate with management and the committee or member in writing (preferred) or orally and document the understanding reached in the workpapers. "Commitment" letters may be used to communicate with Congress about the auditor's planned work. In drafting commitment letters, the auditor should consider the matters required to be communicated by the auditing standards. If the audit organization has a general ongoing working relationship with Congress and prior audit reports, there may already be an understanding with the applicable committee or other requester. .08: Because of an ongoing working relationship with either a requester or management, the auditor may affirm the contents of the prior audit report, since the types of information included in the understanding are generally included in the objectives, scope, and methodology section of the audit report. .09: Examples of the matters that are generally included in the understanding are the objectives and limitations of the audit and management's and the auditor's responsibilities. These are described in AU 310.06-.07. GAGAS also requires the understanding to relate to the auditor's responsibility for testing and reporting on compliance and internal control. OTHER AUDIT REQUIREMENTS: .10: GAGAS (section 4.7) also require the auditor to follow up on known material findings and recommendations from previous audits. Generally, a financial audit should cover areas that had findings and recommendations in previous audits. However, the auditor should consider whether any findings and recommendations from the prior year financial audit need follow-up that would not otherwise be covered (for example, findings at locations that would not otherwise be revisited). .11: During planning, the auditor also should consider the additional requirements in OMB audit guidance for legal letters, management representation letters, and certain agreed-upon procedures. OMB audit guidance has specific dates by which interim and updated legal letters for CFO Act agencies are to be requested and received, specific formats for summarizing the information in the letters, and a list of specific officials to whom copies of the letters and summaries should be forwarded. The guidance also has an example of a management representation letter. In addition, the guidance requires that certain agreed-upon procedures to be applied to agency payroll offices and requires that reports be submitted to OPM by a specific date. [End of section] 285 - PLAN LOCATIONS TO VISIT: .01: Most federal entities conduct operations, perform accounting functions, and/or retain records at multiple locations. During planning, the auditor needs to consider the effect of these multiple locations on the audit approach. The auditor should develop an understanding of the respective locations, including significant accounts and accounting systems and cycles/applications. This understanding may be obtained centrally or in combination with visits to field offices, as appropriate. When planning locations to visit, the auditor should consider whether certain locations warrant more extensive testing than others, based on the following factors: * Materiality or significance of locations to the overall entity: More material locations, particularly those individually exceeding design materiality, and significant cycles/accounting applications may require more extensive testing. * The results of the preliminary analytical procedures applied during planning: Unusual results require follow-up, possibly including on-site testing at specific locations causing such results. * The results and the extent of audit procedures applied in prior years by the auditor or others, including the time since significant procedures were performed: Problems noted in prior audits could indicate areas of concern for the current audit, and the effectiveness of prior evidence ordinarily diminishes with the passage of time. * The auditor's assessment of inherent risk, including the nature of operations, sensitivity to economic conditions, and key management turnover: Locations at which inherent risk is high generally warrant more extensive testing than those where inherent risk is low. * The auditor's preliminary assessment of control risk, including the control environment, risk assessment, communications, and monitoring: Locations at which control risk (particularly concerning the control environment, risk assessment, communication, and monitoring) is high warrant more extensive testing than those where control risk is low. * The auditor's consideration of the risk of material misstatement due to fraud: Locations at which the auditor has considered there may be a greater risk of material misstatement due to fraud warrant more extensive testing than those where he or she has considered a lower risk of material misstatement due to fraud is present. * The extent to which accounting records are centralized: A high degree of centralization may enable the auditor to conduct the majority of work at the central location, with only limited work at other locations. * The extent of uniformity of control systems (including computer controls) throughout the entity: The number of locations visited is a function of the uniformity of significant control systems. For example, if there are two major procurement control systems, the auditor generally should test each system to a sufficient extent. Where locations develop or modify systems, more locations may require visits than for those entities using centrally developed systems that cannot be changed locally. * The extent of work performed by other auditors: Work done by other auditors may be used to reduce or eliminate tests at selected locations or to assist in tests of locations not selected. (See section 650.): * Special reporting or entity requirements: The auditor should select sufficient locations to meet special needs, such as separate-location reports. .02: The auditor should plan the general nature of audit procedures to be performed at each location. The extent of testing may vary between locations, depending on test materiality, control risk, and other factors. Using common audit programs, workpaper formats, and indexes for the various locations visited makes it easier to plan, review the workpapers, and combine the results of all locations or funds to improve effectiveness and efficiency. .03: The auditor should obtain an understanding of the procedures for combining the locations' financial information to prepare the entity's financial statements. The auditor should understand and test these procedures during the audit, including any necessary adjustments and eliminations. .04: One approach to stratifying the locations and selecting samples for multiple-location audits is provided in section 295 C. This method assumes that increased testing is not required at any location because of the factors in paragraph 285.01. Other methods of selecting locations for on-site testing may be used with the approval of the Reviewer. For example, selecting fewer locations but more items to test at each of those locations may be appropriate in some instances. Although other methods generally will require more overall audit testing than the method described in section 295 C, the costs of performing additional work at fewer locations may be lower. [End of section] 290 - DOCUMENTATION: .01: The auditor should document relevant information obtained during the planning phase in the documents described in paragraphs 290.03-.06. Also, as described in paragraph 290.07, the auditor should document the understanding reached with requesters and management. Information that is likely to be useful in future audits may be documented in a permanent file. .02: As the audit work is performed, the auditors may become aware of possible reportable conditions or other matters that should be communicated to the auditee. A structured method to document these matters will aid in communicating them to the audit team, management for review, and the agency soon after their discovery. The auditor generally should document the nature of the reportable condition and the criteria, cause, potential effect, and suggestions for improvement (as applicable) throughout the audit and discuss them with management when identified, rather than waiting until the exit conference. .03: In the entity profile or an equivalent document, the auditor should document the information gathered to gain an understanding of the entity (section 220). This profile should briefly document such elements as the entity's origin and history, size and location, organization, mission, results of prior and current audits, and accounting and auditing considerations. The auditor generally should limit the information in the entity profile to that which is relevant to planning the audit. This information may include documents prepared by the entity, such as historical information or the mission of the entity. If this and other documents were prepared in prior years, they need only be updated for changes each year. .04: The General Risk Analysis or an equivalent document contains the overall audit plan, including the strategy for conducting the audit, and also should include information on the following areas: a. Preliminary analytical procedures and the results of those procedures (section 225): The auditor should document the following information: * data used and sources of financial data used for current-year amounts and for developing expected amounts, including: ** the amounts of the financial items, ** the dates or periods covered by the data, ** whether the data are audited or unaudited, ** the person from whom the data were obtained (if applicable), and: ** the source of the information (for example, the general ledger trial balance, prior-year audit workpapers, or prior-year financial statements); * parameters for identifying significant fluctuations; * explanations for fluctuations identified and sources of these explanations, including the name and title of the person(s) from whom the explanations were obtained; and: * the auditor's conclusion and consideration of the impact of the results of preliminary analytical procedures on the audit. b. Planning, design, and test materiality, including the basis for their determination (section 230). c. Methodology used in assessing computer-related controls (section 240): If the auditor uses a methodology other than the FISCAM, he or she should document the basis for believing that the methodology is appropriate. d. Significant provisions of laws and regulations (section 245). e. Relevant budget restrictions (section 250). f. Level of audit assurance (section 260): The auditor should document the overall level of audit assurance and the justification for the level used. If the level of audit assurance chosen is 95 percent, the auditor may reference the FAM. g. Assessment of inherent risk and the overall effectiveness of the control environment, risk assessment, communication, and monitoring, including whether they preclude the effectiveness of specific control activities (section 260): The auditor identifies and documents any inherent risks or control risks arising from the control environment, risk assessment, communication, and monitoring and associates them with significant financial statement line items and assertions. For each risk identified, the auditor documents the (1) nature and extent of the risk, (2) condition(s) that gave rise to that risk, and (3) specific cycles, accounts, line items, and related assertions affected (if not pervasive). The auditor also documents conclusions on the overall effectiveness of the control environment, risk assessment, communication, and monitoring. In addition, the auditor generally should document the entity's basis for its determination of substantial compliance of its systems with FFMIA requirements. h. Risk of material misstatement due to fraud (section 260): The auditor should document: * the fraud risk factors identified and: * the auditor's response to those risk factors, either individually or in combination. i. Effects of IS (section 270): The auditor should document: * a basic understanding of the IS aspects of the financial management system, including the significance of IS to the entity (section 220); * the inherent risks arising from IS (paragraph 260.17); * the impact of IS on the control environment, risk assessment, communication, and monitoring (paragraphs 260.41-.42); and: * tentative conclusions on the likelihood that IS controls are operating effectively (section 270). When the auditor prepares documentation of the above information, the IS auditor generally should review and agree with the content. Tentative conclusions on the likelihood that IS controls are operating effectively should also be reviewed and concurred to by the Audit Director and Assistant Director as part of their reviews of the General Risk Analysis or equivalent. If IS controls are not likely to be effective, the auditor should document supporting evidence and generally should report such findings as discussed in section 580. j. Operations controls to be tested, if any (section 275). k. Other planned audit procedures (section 280). l.Locations to be visited (section 285): This information includes: * the locations selected, * the basis for selections, * the general nature of procedures planned for each location, * the determination of the number of items for testing, * the allocation of those items among the selected locations, and: * other procedures applied. m. Staffing requirements. n. Audit timing, including milestones. o. Assistance from entity personnel. .05: The Cycle Matrix or equivalent links each of the entity's accounts (in the chart of accounts) to a cycle, an accounting application, and a financial statement line item or RSSI (paragraph 240.06). This information may instead be incorporated into the Account Risk Analysis or equivalent. .06: The Account Risk Analysis or equivalent contains the audit plan for each significant line item and account and should identify significant line items, accounts, assertions, and cycles/accounting applications (sections 235 and 240, respectively). The auditor also summarizes and documents the specific risks, other than pervasive risks, for use in determining the nature, timing, and extent of the audit procedures. The auditor may also include insignificant accounts in each line item ARA or equivalent, indicating their insignificance and the consequent lack of audit procedures applied to them. In such instances, the cycle matrix or equivalent need not be prepared. .07: The auditor should document in the workpapers the understanding reached with those requesting the audit and management about the work to be performed, as described in section 280. .08: The auditor also should consider the needs of, and consult in a timely manner with, other auditors who plan to use the work being performed, especially in areas where the auditor makes decisions requiring significant auditor judgment. Where the auditor deviates from a policy or procedure expressed by use of the term "must" or "should" in the FAM, he or she should provide an opportunity for the other auditors to review the documentation of the reasons explaining these deviation decisions. [End of section] 295 A - POTENTIAL INHERENT RISK CONDITIONS: .01: The specific conditions listed below may indicate the presence of inherent and/or fraud risks. This section is designed to aid the auditor in considering each of the inherent risk factors described in paragraph 260.16 and the fraud risk factors described in paragraphs 260.24-.25 relating to industry conditions, operating conditions and financial stability, and susceptibility of assets to misappropriation, but is not intended to be all inclusive. The auditor should consider any other factors and conditions considered relevant. .02: NATURE OF THE ENTITY'S PROGRAMS: * Programs are significantly affected by new/changing governmental regulations, economic factors, and/or environmental factors. * Contentious or difficult accounting issues are associated with the administration of a significant program(s). * Major uncertainties or contingencies, including long-term commitments, relate to a particular program(s). * New (in existence less than 2 years) or changing (undergoing substantial modification or reorganization) programs lack written policies or procedures, lack adequate resources, have inexperienced managers, lack adequate systems to measure performance, and generally have considerable confusion associated with them. * Programs that are being phased out (being eliminated within 1 or 2 years), lack adequate resources, lack personnel motivation and interest, or involve closeout activities for which controls have not been developed. * Significant programs have a history of improper administration, affecting operating activities. * Significant programs have a history of inadequate financial management systems causing management to resort to extensive, costly, time- consuming, ad hoc efforts to prepare financial statements by the required deadline. * Significant programs have minimal IG or internal audit coverage. * Management faces significant pressure to obtain additional funding necessary to stay viable and maintain levels of service considering the financial or budgetary position of a program, including the need for funds to finance major research and development or capital expenditures. * Management faces significant pressure to "use or lose" appropriated funds in order to sustain future funding levels. * Partisan politics between competing political parties or factions or constituent groups create conflict and a lack of stability within the entity or programs. * Unusually rapid growth occurs in a program. * Economic conditions are deteriorating among the group served by the entity. .03: HISTORY OF SIGNIFICANT AUDIT ADJUSTMENTS: * The underlying cause of significant audit adjustments continues to exist. .04: NATURE OF MATERIAL TRANSACTIONS AND ACCOUNTS: * New types of transactions exist. * Significant transactions or accounts have minimal IG or internal audit coverage. * Significant related and/or third party transactions exist. * Classes of transactions or accounts are: ** difficult to audit; ** subject to significant management judgments (such as estimates); ** susceptible to manipulation, loss, or misappropriation; ** susceptible to inappropriate application of an accounting policy; and: ** susceptible to problems with realization or valuation. * Accounts have complex underlying calculations or accounting principles. * Accounts in which the underlying activities, transactions, or events are operating under severe time constraints. * Significant interagency transactions or revenue sources create incentives to shift costs or otherwise manipulate accounting transactions. * Accounts in which activities, transactions, or events involve the handling of unusually large cash receipts, cash payments, or wire transfers. * Inventory or equipment have characteristics such as small size, high value, high demand, marketability, or lack of ownership identification that make them easily converted to cash (for example, pharmaceutical inventory or military equipment with high street values). * Assets are easily converted to cash, such as food stamps, benefits vouchers, commodities, supplies, or materials. * Assets are susceptible to personal, non-program/non-government use such as cars, computers, telephones. * Many payments are sent to post office boxes. * Large amounts of payments are sent to outside recipients, as in the cases of grants, medical care reimbursements, or other federal financial assistance. [End of section] 295 B - POTENTIAL CONTROL ENVIRONMENT, RISK ASSESSMENT, COMMUNICATION, AND MONITORING WEAKNESSES: .01: The specific conditions listed below may indicate the presence of control environment, risk assessment, communication, and monitoring weaknesses and fraud risk. This section is designed to aid the auditor in considering each of the control environment, risk assessment, communication, and monitoring factors described in paragraphs 260.32- .40 but is not intended to be all inclusive. The auditor should consider any other factors and conditions considered relevant. (If the auditor is doing a more detailed assessment of internal control than is usual in a financial audit, he or she may refer to GAO's exposure draft of Internal Control Management and Evaluation Tool for additional and more detailed examples of internal control factors.): CONTROL ENVIRONMENT: .02: Integrity and Ethical Values: * An appropriate "tone at the top" has not been established and communicated throughout the entity, including explicit moral guidance about what is right and wrong. * No (or inadequate) formal code of conduct or other policies regarding acceptable practices, conflicts of interest, or expected standards of ethical and moral behavior exists, or employees are unaware of it. * Employees do not understand what behavior is acceptable or unacceptable, or what to do if they encounter improper behavior. * Bad news is covered up by management rather than making full disclosure as quickly as possible. * Management does not quickly address signs that problems exist. * Employees feel peer pressure to cut corners. * High decentralization leaves top management unaware of actions taken at lower organizational levels and thereby reduces the chances of getting caught. * Everyday dealings with employees, auditors, the public, oversight groups, etc., are not generally based on honesty and fairness (for example, overpayments received or supplier underpayments are ignored, or efforts are made to find a way to reject legitimate benefits claims). * Penalties for improper behavior are insignificant or unpublicized and thus lose their value as deterrents. * Management has displayed a loose attitude towards internal control, for example, by not providing guidance on when intervention is allowed or not investigating and documenting deviations. * Pressure is felt to meet performance targets or deadlines that are unrealistic. * Management is under undue pressure from the administration to attain an unqualified opinion on the financial statements, despite significant internal control weaknesses. * Management displays lack of candor in dealing with oversight committee staff, recipients of the entity's services, or auditors regarding decisions that could have an impact on the entity. .03: Commitment to Competence: * Jobs have not been analyzed to determine the knowledge and skills needed. * Employees do not seem to have the knowledge and skills they should have to do their jobs, based on the level of judgment necessary. * Supervision of employees does not compensate for lack of knowledge and skills in their specific jobs. .04: Management's Philosophy and Operating Style: * Management lacks concern about internal control and the environment in which specific controls function. * Management demonstrates an aggressive approach to risk-taking. * Management demonstrates an aggressive approach to accounting policies. * Management has a history of completing significant or unusual transactions near the year's end, including transactions with related parties. * Management makes numerous adjusting journal entries, especially at yearend. * Management is reluctant to (1) consult auditors/consultants on accounting issues, (2) adjust the financial statements for misstatements, or (3) make appropriate disclosures. * Management displays a significant disregard for regulatory, legal, or oversight requirements or for IG, GAO, or Congressional authorities. * Top-level management lacks the financial experience/background necessary for the positions held. * Management is slow to respond to crisis situations in both operating and financial areas. * Management uses unreliable and inaccurate information to make business decisions. * Unexpected reorganization or replacement of management staff or consultants occurs frequently. * Management and personnel in key areas (such as accounting, IS, IG, and internal auditing) have a high turnover. * Individual members of top management are unusually closely identified with specific major projects. * Overly optimistic information on performance of programs and activities is disclosed. * Financial estimates consistently prove to be significantly overstated or understated. * Obtaining adequate audit evidence is difficult due to a lack of documentation and evasive or unreasonable responses to inquiries. * Financial arrangements/transactions are unduly complex. * Lack of interaction of adequate frequency between senior management and operating management, particularly with geographically removed locations. * Management attitude toward IS and accounting functions is that these are necessary "bean counting" functions rather than a vehicle for exercising control over the entity's activities. * Management is motivated to engage in fraudulent financial reporting resulting from substantial political pressure creating an undue concern about reporting positive financial accomplishments. * Management is dominated, either entity-wide or at a specific component, by a single person or small group without compensating controls such as effective oversight by the IG, GAO, Congressional committees, or other oversight body. * One or more individuals with no apparent executive position(s) with the entity appear to exercise substantial influence over its affairs or over individual departments or programs (for example, a major political donor or fundraiser). * Management has significant grantee, cooperative agreement, or contractor relationships for which there appears to be no clear programmatic or governmental justification. * Management appears more concerned with an unqualified opinion on the financial statements rather than with fixing significant weaknesses in its systems. * Management has difficulty meeting reporting deadlines. .05: Organizational Structure: * The organizational structure is inappropriate for the entity's size and complexity. General types of organizational structures include: ** federal centralized (managed and controlled on a day-to-day basis by a centralized federal entity system), ** federal decentralized (managed and controlled on a day-to-day basis by federal entity field offices or staffs), ** participant administered (managed and controlled on a day-to-day basis by a nonfederal organization), and: ** other (managed and controlled on a day-to-day basis by some combination of the above or by other means). * The structure inhibits segregation of duties for initiating transactions, recording transactions, and maintaining custody over assets. * It is difficult to determine the organization or individual(s) that control(s) the entity, parts of the entity, or particular programs. * Recent changes in the management structure disrupt the organization. * Operational responsibilities do not coincide with the divisional structure. * Delegation of responsibility and authority is inappropriate. * A lack of definition and understanding of delegated authority and responsibility exists at all levels of the organization. * Inexperienced and/or incompetent accounting personnel are responsible for transaction processing. * The number of supervisors is inadequate or supervisors are inaccessible. * Key financial staff have excessive work loads. * Policies and procedures are established at inappropriate levels. * A high degree of manual activity is required in capturing, processing, and summarizing data. * Activities are dominated and controlled by a single person or a small group. * The potential exists for entity officials to obtain financial or other benefits on the basis of decisions made or actions taken in an official capacity. .06: Assignment of Authority and Responsibility: * The entity's policies are inadequate regarding the assignment of responsibility and the delegation of authority for such matters as organizational goals and objectives; operating functions; and regulatory requirements, including responsibility for information systems and authorizations for changes. * Appropriate control-related standards and procedures are lacking. * The number of people, particularly in IS and accounting, with requisite skill levels relative to the size and complexity of the operations is inadequate. * Delegated authority is inappropriate in relation to the assigned responsibilities. * Appropriate system of authorization and approval of transactions (for example, in purchasing, grants, and federal financial assistance) is lacking. * Policies are inadequate regarding physical safeguards over cash, investments, inventory, and fixed assets. .07: Human Resource Policies and Practices: * Human resource policies for hiring and retaining capable people are inadequate. * Standards and procedures for hiring, promoting, transferring, retiring, and terminating personnel are insufficient. * Training programs do not adequately offer employees the opportunity to improve their performance or encourage their advancement. * Written job descriptions and reference manuals are inadequate or inadequately maintained. * Communication of human resource policies and procedures at field locations is inadequate. * Policies on employee supervision are inappropriate or obsolete. * Inappropriate remedial actions are taken in response to departures from approved policies and procedures. * Employee promotion criteria and performance evaluations are inadequate in relation to the code of conduct. * Job applicant screening procedures for employees with access to assets susceptible to misappropriation are lacking. * Training is inadequate regarding controls over payments to others for grants, federal financial assistance, etc. * Mandatory vacations are not required for employees performing key control functions. .08: Management's Control Methods Over Budget Formulation and Execution: * Little or no guidance material and instructions are available to provide direction to those preparing the budget information. * The budget review, approval, and revision process is not defined or understood. * Management demonstrates little concern for reliable budget information. * Management participation in directing and reviewing the budget process is inadequate. * Management is not involved in determining when, how much, and for what purpose obligations and outlays can be made. * The planning and reporting systems that set forth management's plans and the results of actual performance are inadequate. * Inadequate methods are used to identify the status of actual performance and exceptions from planned performance and communicate them to the appropriate levels of management. * Noncompliance with Antideficiency Act, purpose, time, or other budget-related restrictions has been previously reported. .09: Management's Control Methods Over Compliance with Laws and Regulations: * Management is unaware of the applicable laws and regulations and potential problems. * A mechanism to inform management of the existence of illegal acts does not exist. * Management neglects to react to identified instances of noncompliance with laws and regulations. * Management is reluctant to discuss its approach toward compliance and the reasonableness of that approach. * Recurring public complaints have been received through "hotline" allegations. * Repeated instances of noncompliance or control weaknesses are disclosed in FMFIA reports; congressional reports; consultants' reports; and prior audits/evaluations by GAO, the IG, internal audit, or others. * Management is reluctant to provide evidential matter necessary to evaluate whether noncompliance with laws and regulations has occurred. * Management is not responsive to changes in legislative or regulatory bodies' requirements. * Policies and procedures for complying with laws and regulations are weak. * Policies on such matters as acceptable business practices, conflicts of interest, and codes of conduct are weak. * Management does not have an effective legal counsel. .10: Oversight Groups (Including Congressional Committees): * Oversight groups demonstrate little concern toward controls and the speed with which internal and external auditors' recommendations are addressed. * Oversight groups have little involvement in and scrutiny of activities. * Little interaction occurs between oversight groups and the IG and internal and external auditors. * Oversight groups demonstrate little concern for compliance with applicable laws, regulations, and contractual requirements. RISK ASSESSMENT: .11: Setting Objectives: * Management has not established or communicated its overall objectives to employees or oversight committees. * No strategic planning has been done, or the strategic plan does not support the objectives. * The strategic plan does not address high-level resource allocations and priorities. * The strategic plan, budgets, and/or objectives are inconsistent. * Management has not established activity-level objectives for all significant activities, or the objectives are inconsistent with each other or with the overall objectives. * Objectives do not include measurement criteria. .12: Analyzing Risks: * Management has not adequately identified risks to achieving the entity's objectives arising from external sources, including economic conditions, the President, the Congress, OMB, and the media. * Management has not adequately identified risks arising from internal sources, such as human resources (ability to retain key people) or IS (adequacy of back-up systems in the event of systems failure). * Once risks are identified, management has not adequately analyzed the risks, including estimating the significance of risks, assessing the likelihood of their occurring, and determining needed actions. .13: Managing Change: * The mechanisms for identifying and communicating events, activities, and conditions that affect operations or financial reporting objectives are insufficient. * Accounting and/or information systems are not modified in response to changing conditions. * No consideration is given to designing new or alternative controls in response to changing conditions. * Management is unresponsive to changing conditions. COMMUNICATION: .14: Internal Communication: * The system for communicating policies and procedures is ineffective. * Formal or informal job descriptions do not adequately delineate specific duties, responsibilities, reporting relationships, and constraints. * Channels of communication for personnel reporting suspected improprieties are inappropriate. * Management fails to display and communicate an appropriate attitude regarding internal control. * Management is not effective in communicating and supporting the entity's accountability for public resources and ethics, especially regarding matters such as acceptable business practices, conflicts of interest, and codes of conduct. * Management is not receptive to employee suggestions of ways to enhance productivity and quality or other similar improvements. * Communication across the organization (for example, between procurement and program activities) is inadequate to enable people to discharge their responsibilities effectively. .15: External Communication: * Channels of communication with suppliers, contractors, recipients of program services, and other external parties are not open and effective for communicating information on changing needs. * Outside parties have not been made aware of the entity's ethical standards. * Management does not appropriately follow up on information received in communications from program service recipients, vendors, regulators, or other external parties. MONITORING: .16: Ongoing Monitoring: * Management is not sufficiently involved in reviewing the entity's performance. * Management control methods are inadequate to investigate unusual or exceptional situations and to take appropriate and timely corrective action. * Management lacks concern for and does not effectively establish and monitor policies for developing and modifying accounting systems and control activities. * Management's follow-up action is untimely or inappropriate in response to communications from external parties, including complaints, notification of errors in transactions with parties, and notification of inappropriate employee behavior. * Management does not periodically compare amounts recorded by the accounting system with physical assets. * Management allows large numbers of duplicate payments. * Management does not respond to internal and external auditors' recommendations to strengthen internal control. * Management has strained relationships with the IG and/or its current or predecessor external auditors. * Management does not encourage and consider employee suggestions. * Personnel do not periodically acknowledge compliance with the code of conduct or sign off to evidence performance of critical control functions. * Management does not adequately monitor significant activities that have been outsourced to contractors or information systems components maintained by contractors. .17: FMFIA or Similar Separate Evaluations: * Management displays a disregard for fully complying with the FMFIA process, reporting, results, and follow-up. * Management displays a disregard for fully complying with or a combative attitude towards the FFMIA process, reporting, results, and follow-up. * FMFIA or similar reviews are not conducted by personnel with requisite skills or using a logical and appropriate methodology. * Auditors note weaknesses that were not included in FMFIA and FFMIA reports. .18: Reporting Deficiencies: * The entity does not have a mechanism for capturing and reporting identified internal control deficiencies from both internal and external sources resulting from ongoing monitoring or separate evaluations. * Deficiencies are not reported to the person with direct responsibility and to a person at least one level higher or to more senior management for specified types of deficiencies. * Corrective actions on deficiencies do not take place on a timely basis. * Underlying causes of problems are not investigated. * Follow-up to ensure that the necessary corrective action has taken place is not done. .19: The Effectiveness of Other Auditors: * The audit staff are responsible for making operating decisions or for controlling other original accounting work subject to audit. * Audit management personnel are inexperienced for the tasks assigned. * Training activities are minimal, including little or no participation in formal courses and seminars and inadequate on-the-job training. * Resources to effectively conduct audits and investigations are inadequate. * Audits are not focused on areas of highest exposure to the entity. * Standards against which the auditor's work is measured are minimal or nonexistent. * Performance reviews are nonexistent or irregular. * The audit planning process is nonexistent or inadequate, including little or no concentration on significant matters and little or no consideration of the results of prior audits and current developments. * Supervision and review procedures are nonexistent or inadequate, including little involvement in the planning process, in monitoring progress, and in reviewing conclusions and reports. * Workpaper documentation (audit programs, evidence of work performed, and support for audit findings) is incomplete. * An inadequate mechanism is used to keep the entity head and the Congress informed about problems, deficiencies, and the progress of corrective action. * Audit coverage over payments made by others (such as states) for grants, federal financial assistance, etc. is inadequate. * The audit has an inadequate review of computer general and application controls. * The auditor does not use appropriate tools, such as audit software and sampling. * The audit department does not have a peer review every 3 years. * The audit department does not have an annual internal inspection. [End of section] 295 C - AN APPROACH FOR MULTIPLE-LOCATION AUDITS: .01: This section provides one approach for stratifying the locations and selecting the samples for multiple-location audits. This method assumes that the auditor first identifies locations to be tested each year because of specific inherent or control risks. Other methods of selecting locations for on-site testing may be used with the approval of the Reviewer. STRATIFYING THE LOCATIONS: .02: Unless a dollar-unit sampling method is used, which automatically stratifies the population, the auditor stratifies the locations by separating them into an appropriate number of relatively homogeneous groups or strata. Stratification can improve the efficiency of the sample result (reduce the uncertainty of the estimate) by grouping items together that are expected to behave similarly with respect to the audit measure. Stratification can also be used to ensure that items of special interest receive adequate coverage in the sample. The stratification should be based on relative size and/or qualitative factors, such as inherent or control risk. If exact information is not available, estimates may be used. Criteria for stratifying may include one or more of the following relative factors: * the amount of assets; * the amounts of revenue and expenses incurred or processed at the location; * the number of personnel, where payroll costs are significant; * the amount of appropriations; * a concentration of specific items (such as a stratum consisting of significant inventory storage locations, of which those selected will undergo only inventory procedures); * the nature and extent of inherent and control risk, including fraud risk and sensitive matters or the turnover of key management; and: * special reporting requirements, such as separate reports, special disclosures, or supplementary schedules. .03: For example, the auditor may stratify locations, based on the amount of total assets, into the following strata: (1) individually material locations (top stratum), (2) relatively significant locations (intermediate stratum), and (3) relatively insignificant locations (bottom stratum). If an entity has 100 locations and if the total amount of assets is determined to be the relevant criterion for stratifying locations, the first three columns of table 295 C.1 may represent an acceptable stratification. .04: SELECTING LOCATIONS: The auditor selects locations for on-site testing using one of the following methods for each stratum: (These methods are described in more detail in section 480.): * Dollar-unit sampling (DUS) or classical variables sampling using a multistage approach may be used as described in section 480. * Another representative sampling method may be used when appropriate. The auditor should consult with the Statistician if classical variables sampling or another representative sampling method is used. * Nonrepresentative selection (nonsampling) is used when the auditor determines that it is effective to select locations on a nonrepresentative basis and to apply substantive analytical procedures and/or other substantive tests to locations that are not tested on- site. .05: Table 295 C.1 illustrates a possible DUS sample for each stratum, using design materiality of $3 million and 95-percent assurance. For a DUS sample, the sampling interval would be $1 million, and the preliminary estimate of the sample size would be 100 ($100 million divided by $1 million). Section 400 provides additional information on calculating the amounts in the table and the various selection methods. Table 295 C.1: EXAMPLE OF DUS SAMPLING: [See PDF for image] [A] The preliminary estimate of sample size is computed by dividing the total balance by the sampling interval of $1,000,000. Refer to section 400 for additional information concerning sampling. [B] The actual number of items tested in the top stratum may be fewer than the preliminary estimate of sample size because a top stratum selection may include more than one sample item. For example, if the implicit sampling interval is $1,000,000, a $2 million selection would include two of the sample items. [End of table] TESTING THE ITEMS: .06: The auditor determines the number of items to be tested at each location, and then selects and tests those items. For each line item/ account the auditor should determine the total number of items to be tested, based on the applicable selection method and population, test materiality, and risk factors, as described in sections 480 and 495 E. .07: The auditor should perform analytical and other procedures, as applicable, for both the locations selected and those not selected. Generally, the auditor should perform supplemental analytical procedures, including comparisons of locations with each other and with other years' information, for all locations, regardless of the selection method. When nonrepresentative selection is used, the auditor must apply appropriate substantive analytical procedures and/or other substantive procedures for locations not tested on-site, unless those locations are immaterial in total. Section 400 provides guidance on substantive and supplemental analytical procedures. Specific matters noted during the audit--for example, cutoff errors at one or more locations--may warrant increased or different audit procedures at locations not previously selected for on-site testing. .08: In evaluating the result of a sample, the auditor estimates the effects, both quantitative and qualitative, on the financial statements taken as a whole, of any misstatements noted, as discussed in sections 480 and 540. In visiting selected locations, in addition to the issues concerning evaluation of samples in those sections, the auditor should exercise judgment and should apply the following additional procedures: a. Determine if apparent misstatements are, in fact, misstatements that have not been corrected at some level in the entity. b. Ask management to identify the cause of the misstatement. c. Obtain evidence as to whether the same or similar types of misstatement exist at other locations (including locations not tested on-site). If the evidence is highly persuasive that the misstatement does not exist at other locations and the Audit Director concurs, the auditor may treat the effect on the entity the same as that on the location. (See paragraph 480.40 for a discussion of requirements for deciding whether evidence is highly persuasive.): d. If the misstatement is not isolated to the location, determine whether there is evidence that the misstatement exists in other than a similar proportion throughout the entity. If such evidence exists, the auditor should obtain evidence of the incidence rate and should determine the effect on the entity; additional testing may be required. If no such evidence exists, the auditor should project the misstatement to the entity. .09: In a nonrepresentative selection, the auditor should consider the possible effects of misstatements on locations not visited and determine whether additional audit procedures are required. Because the selection is not representative, the misstatements cannot be projected to the entity as a whole. .10: The auditor should evaluate the sufficiency of audit procedures applied. The auditor should use judgment and should consider all relevant factors to determine whether the audit objectives are met, considering the specific circumstances. [End of section] 295 D - INTERIM SUBSTANTIVE TESTING OF BALANCE SHEET ACCOUNTS: .01: The auditor may consider performing significant substantive tests of balance sheet line items/accounts as of a date before the balance sheet date. If such interim tests are performed, the auditor should also apply audit procedures to the transactions during the "roll forward period" between the interim testing date and the balance sheet date (year end). .02: Because evidence obtained as of the year end about an asset or liability balance provides a higher level of assurance than that obtained as of a prior or subsequent date, the audit risk generally increases as the length of the roll forward period increases. Although generally accepted auditing standards do not require moderate or low control risk to use interim testing, the auditor should consider inherent, control, and fraud risk in determining whether substantive tests of the roll forward period can be designed to provide a reasonable basis for extending the audit conclusions from the interim testing date to the year end. .03: The additional audit procedures that should be performed during the roll forward period ordinarily increase the overall audit costs. However, by performing these procedures before the year's end, the auditor may be able to: * more quickly identify and address significant audit and accounting issues, such as problem areas and complex or unusual transactions, enabling the entity to correct misstatements or the auditor to modify the audit plan; * complete the audit and issue the audit report earlier; and: * improve staff utilization and enable a smaller number of staff members to perform the audit by allocating the total audit hours over a longer period before the report issuance date. .04: Generally, the auditor should not perform interim tests for an assertion with a high control or combined risk. In such instances, all substantive testing of balance sheet line items/accounts generally should be performed as of the year end. If the preliminary assessment of control and combined risk is moderate or low and exceptions are noted in the tests of controls, the auditor should use judgment, considering the nature, cause, and estimated effects of the exceptions, to determine whether revisions of the preliminary control and combined risk assessments and audit plan are warranted. .05: In determining whether to apply interim testing, the auditor should consider the following factors: * The assessment of inherent, control, and fraud risk: The auditor should consider the risk of misstatement during the roll forward period, as well as all other relevant factors, including business conditions that may make management more susceptible to pressures, causing a misstatement of the financial statements. As combined risk (inherent and control risk) and fraud risk increase, so does the extent of the additional procedures that should be applied to the roll forward period, possibly making interim testing much more costly than testing the year-end balance. However, the auditor may be able to apply interim testing to certain assertions for which combined risk is assessed at lower levels while testing the other assertions as of the year end. * The anticipated comparability of the internal controls and the nature of the line item/account balances from the interim testing date to the year end: To extend the audit conclusions from the interim date to the year-end date, it is essential that no significant changes in internal control occur from the interim date to the year-end date and that the line item/account balances consist of similar types of items at both dates. * The amount of the line item/account balance at the interim testing date in relation to the expected year-end balance: A significant increase in the amount of the line item/account balance between interim and year-end dates would diminish the auditor's ability to extend the audit conclusions to the year end. In addition, applying substantive interim tests to a large line item/account balance may be inefficient if the year-end balance is expected to be lower than the balance at the interim date. * The length of the roll forward period: The longer the roll forward period, the more difficult it is to control the increased audit risk. The roll forward period generally should not be longer than 3 months. * The anticipated level of transaction activity during the roll forward period: Interim testing generally decreases in effectiveness and efficiency as the level of transaction activity during the roll forward period increases, particularly if there are large or unusual transactions during this period. * The ease with which substantive procedures can be applied to test the transactions during the roll forward period: As the difficulty of such procedures increases, the efficiency of interim testing generally decreases. * The availability of information to test roll forward period activity using substantive analytical procedures, detail tests, or a combination of both: If sufficient information is not available, interim testing is not appropriate. * The timing of the audit, staffing and scheduling requirements, and reporting deadlines: Tight deadlines or the unavailability of necessary staff to perform audit procedures at the year's end may necessitate interim testing. .06: In determining the timing of audit tests, the auditor should consider the relationships between line items/accounts that are affected by the same transactions. For example, if the auditor applies interim testing to inventory, the audit risk associated with inventory-related accounts payable, including cutoff matters, should be considered. The auditor may apply substantive procedures to each of the related line items/ accounts as of the same interim testing date or may apply other procedures to obtain sufficient audit assurance. .07: The auditor should document in the ARA (or equivalent) line items/ accounts (and assertions, where applicable) to which interim testing is applied. The factors considered when concluding that the use of interim testing is appropriate should be documented in the GRA or equivalent. [End of section] 295 E - EFFECT OF RISK ON EXTENT OF AUDIT PROCEDURES: .01: The concepts of materiality and risk interrelate and sometimes are confused. The auditor determines materiality based on the users' perceived concerns and needs. The auditor assesses risk based on (but not limited to) knowledge of the entity, its business (purpose), applicable laws and regulations, and internal control. .02: The auditor considers both materiality and risk in (1) determining the nature, timing, and extent of audit procedures and (2) evaluating the results of audit procedures. The evaluation of risk usually does not affect materiality. However, risk affects the extent of testing needed. The higher the auditor's assessment of inherent and control risk (combined risk), including fraud risk, the higher the required level of substantive assurance from the audit procedures. The discussion of consideration of risk in planning begins at paragraph 260.02. Consideration of risk in determining sample size is discussed in section 470. .03: As an example, assume that the auditor is testing accounts receivable using dollar-unit sampling techniques described in section 480. Following are the pertinent data for this test: * Accounts receivable total $2.5 million. * Test materiality is $100,000. If the auditor assesses combined risk as low, the sample size would be 25 items; if combined risk is assessed as high, the sample size would be 75 items. The increase in the assessment of risk caused the required sample size to triple with the same test materiality. .01: As discussed in paragraph 270.04, the auditor should identify IS controls. Such controls should be tested by an IS auditor as described in section 300 and in accordance with the FISCAM or other appropriate methodology. IS controls can be classified into three types: * general controls, * application controls, and: * user controls. GENERAL CONTROLS: .02: General controls are the policies and procedures that apply to an entity's overall computer operations and that create the environment in which application controls and certain user controls, which are control activities, operate. They are classified as: * entitywide security management program that provides a framework and continuing cycle of activity for managing risk, developing security policies, assigning responsibilities, and monitoring the adequacy of the entity's computer-related controls; * access control that limits or detects access to computer resources (data, programs, equipment, and facilities), thereby protecting these resources against unauthorized modification, loss, and disclosure; * application software development and change control that prevents unauthorized programs or modifications to an existing program from being implemented; * system software control that limits and monitors access to the powerful programs and sensitive files that (1) control the computer hardware and (2) secure applications supported by the system; * segregation of duties that means having policies, procedures, and an organizational structure established so that one individual cannot control key aspects of computer-related operations and thereby conduct unauthorized actions or gain unauthorized access to assets or records; and: * service continuity control to ensure that when unexpected events occur, critical operations continue without interruption or are promptly resumed and critical and sensitive data are protected. Chapter 3 of the FISCAM has detailed guidance on evaluating and testing general controls. .03: General controls are established at an (1) entity and/or installation/ system level and (2) application level. For example, consider the following general controls related to security access: * In evaluating general controls at the entity or installation level, the IS auditor considers security on an overall basis. For instance, the IS auditor may evaluate the entity's use of security access software, including its proper implementation. * When evaluating general controls at the application level, the IS auditor reviews security controls that limit access to particular applications and related computer files. Thus, the IS auditor may focus on how security access software restricts access to payroll applications and related files (such as the employee master file and payroll transaction files) to authorized users. * Finally, security is typically built into the application itself to further restrict authorized access. This security is usually accomplished by means of menus and other restrictions programmed into the application software. Thus, a payroll clerk may have access to payroll applications but may be restricted from access to a specific function, such as reviewing or updating payroll data on payroll department employees. .04: The effectiveness of general controls is a significant factor in determining the effectiveness of application controls and certain user controls. Without effective general controls, application controls may be rendered ineffective by circumvention or modification. For example, the production and review of an exception report of unmatched items can be an effective application control. However, this control would be ineffective if the general controls permitted unauthorized program modifications such that certain items would be inappropriately excluded from the report. Certain user controls are also affected by general controls. For example, a user control may be the comparison of manually calculated batch totals with computer-generated totals. Such a procedure would be ineffective if the general controls permitted unauthorized modifications of the program such that the program would print the desired batch totals without summarizing the detail. APPLICATION CONTROLS: .05: Application controls are incorporated directly into individual computer applications to provide reasonable assurance of accurate and reliable processing. Application controls address three major operations: * data input, * data processing, and: * data output. .06: FISCAM, in chapter 4, uses control categories that better tie in with the methodology used in the FAM. These categories relate to the financial statement assertions and are as follows. * Authorization control. This category is most closely aligned with the financial statement accounting assertion of existence or occurrence and, therefore, focuses on the validity of transactions. Consequently, it includes controls designed to ensure that transactions are appropriately authorized and approved and represent economic events that actually occurred during a given period. * Completeness control. This category directly relates to the financial statement accounting assertion on completeness and deals with whether all valid transactions are recorded. Also included in this category are reconciliation controls, which not only help detect misstatements relating to transaction completeness, but can also be used to identify the cutoff and summarization misstatements associated with both the existence or occurrence and completeness assertions. * Accuracy control. This category most directly relates with the financial statement assertion on valuation or allocation, which deals with whether transactions are recorded at correct amounts. This control category, however, is not limited to valuation, and also includes controls designed to ensure that transactions are properly classified and entered into the application correctly. * Control over integrity of processing and data files. These application controls are not limited directly to one specific accounting application assertion, and if deficient could nullify other application controls and allow the occurrence of unauthorized transactions, as well as contribute to incomplete and inaccurate data. USER CONTROLS: .07: User controls are manual comparisons of computer output (generally totals) to source documents or other input (including control totals). For example, a manual calculation of total hours worked may be reconciled to a corresponding computer-generated total from the payroll processing application. Where user controls are used, computer- generated information should be manually compared with reliable information prepared or verified independently of the computer. .08: In certain circumstances, user controls may function independently of general controls. For example, a user control may be to manually check the accuracy and completeness of IS-computed transactions against manually prepared records. With the concurrence of the IS auditor, such control activities may be evaluated and tested without testing general controls. [End of section] 295 G - BUDGET CONTROLS: .01: Budget controls are management's policies and procedures for managing and controlling the use of appropriated funds and other forms of budget authority. Budget controls are part of the internal controls covered in OMB's audit guidance. During planning, the auditor should assess related inherent risk and the control environment, risk assessment, communication, and monitoring and should obtain an understanding of the budget accounting system. .02: Certain controls may achieve both financial reporting and other control objectives. Accordingly, to maximize efficiency, the auditor should coordinate the evaluation of budget controls with that of financial reporting, compliance, and operations controls, to the extent possible. .03: Budget authority is authority provided by law to enter into financial obligations which will result in immediate or future outlays involving government funds (2 U.S.C. 622(2)). The Congress provides an entity with budget authority and may place restrictions on the amount, purpose, and timing of the obligation or outlay of such budget authority. .04: The three forms of budget authority follow: * Appropriations are the most common form of budget authority. An appropriation is an authorization by an act of the Congress that permits federal agencies to incur obligations and to make payments out of the Treasury for specified purposes. Appropriations do not represent cash actually set aside in the Treasury for purposes specified in the appropriation acts. Appropriations represent amounts that agencies may obligate during the period specified in the appropriation acts. * Borrowing authority is statutory authority that permits federal agencies to borrow and obligate and expend borrowed funds (title 7 of the GAO Policies and Procedures Manual). Usually, the amount that may be borrowed and the purposes for which the borrowed funds are to be used are stipulated by the authorizing statute. * Contract authority is statutory authority that permits obligations to be incurred before appropriations or in anticipation of receipts to be credited to a revolving fund or other account (offsetting collections). By definition, contract authority is unfunded and must subsequently be funded by an appropriation or offsetting collections to liquidate the obligations incurred under the contract authority. .05: Offsetting collections are collections of a business-or market-oriented nature and intragovernmental transactions. If, pursuant to law, they are deposited to receipt accounts and are available for obligation, they are considered budget authority and referred to as offsetting receipts. Contract authority and immediate availability of offsetting receipts for use are the usual forms of budget authority for revolving funds. Offsetting collections may also include reimbursements for materials or services provided to other government entities. .06: Borrowing and contract authority are sometimes called "back door authority," which refers to any type of budget authority that is provided by legislation outside the normal appropriations process. [End of section] 295 H - LAWS IDENTIFIED IN OMB AUDIT GUIDANCE AND OTHER GENERAL LAWS: .01: When identifying significant provisions of laws and regulations (see paragraph 245.02), the auditor should consider the following laws and regulations identified in OMB audit guidance in addition to any others that could have a direct and material effect on the financial statements and RSSI. Following each listed law is the subsection in FAM section 800 (under revision) that contains the compliance summary and audit program for that law. * Antideficiency Act (codified as amended in 31 U.S.C. 1341, 1342, 1351, and 1517). (FAM section 803). Provisions: 31 U.S.C. 1341(a)(1)(A) and (C), and 31 U.S.C. 1517(a). * Provisions Governing Claims of the United States Government as provided primarily in sections 3711-3720E of Title 31, Unites States Code (including provisions of the Debt Collection Improvement Act of 1996, Pub. L. No. 104-134, 110 Stat. 1321-358, which also is codified in various sections of 5 U.S.C., 18 U.S.C., 26 U.S.C., 31 U.S.C., and 42 U.S.C.). (FAM section 809). Provisions: 31 U.S.C. 3711, 31 U.S.C. 3717(a), (b), (c), (e), and (f), and 31 U.S.C. 3719. * Federal Credit Reform Act of 1990, Pub. L. No. 100-508, 104 Stat. 1388-610 (codified in various sections of 2 U.S.C.). (FAM section 808). Provisions: 2 U.S.C. 661(b) and (e). * Pay and Allowance System for Civilian Employees as provided primarily in Chapters 51-59 of Title 5, United States Code. (FAM section 812). Provisions: 5 U.S.C. 5332 and 5343 and 29 U.S.C. 206. * Prompt Payment Act (codified as amended in 31 U.S.C. 3901-3907). (FAM section 810). Provisions: 31 U.S.C. 3902(a), (b), and (f) and 31 U.S.C. 3904. OMB audit guidance lists the specific provisions for each law above that the CFO Act agency is expected to test at a minimum. .02: The auditor should also consider whether any other general or entity- specific laws are significant laws for the audited entity, per FAM sections 245 and 802. The following are some general laws for which we have included in section 800 (under revision) a compliance summary for internal control testing and a compliance audit program. See FAM section 802 (Part II), General Compliance Checklist, and the referenced section for each law for internal control and compliance testing. * Civil Service Retirement Act, 5 U.S.C. 8331 et. seq. (FAM section 813). * Federal Employees' Compensation Act, 5 U.S.C. 8101 et. seq. (FAM section 816). * Federal Employees Health Benefits Act, 5 U.S.C. 8901 et. seq. (FAM section 814). * Federal Employees Retirement System Act of 1986. This becomes increasingly material each year as the number of employees covered by this act increases and those covered by the Civil Service Retirement Act decreases. We will include a new FAM section on the compliance summary and audit program for this act. [End of section] 295 I - EXAMPLES OF AUDITOR RESPONSES TO FRAUD RISK FACTORS: .01: As discussed in section 260, the auditor is required by AU 316 (SAS 82) to consider the risk of material misstatement to the financial statements due to fraud. Misstatements due to fraud may arise from fraudulent financial reporting or from misappropriation of assets. Examples of fraud risk factors the auditor may encounter in the federal government are found in sections 295 A and B (inherent and control risk factors). Depending on the nature of the programs audited, the auditor may need to consider further risk factors. The auditor generally should consider the cases the IG has investigated or is investigating to obtain ideas of specific risk factors to look for. .02: In considering the risk factors in those sections, the auditor should note that some of these fraud risk factors will exist in entities where circumstances do not present a risk of material misstatement. Also, specific controls may exist to mitigate fraud risk, even where risk factors are present. The auditor should consider whether identified risk factors, individually and in combination, present a risk of material misstatement of the financial statements. .03: In addition to the overall responses to the presence of fraud risk factors affecting professional skepticism, assignment of personnel, accounting principles and policies, controls, and/or modification of the nature, timing, and extent of procedures discussed in section 260, the auditor may decide that a specific response to the fraud risk factors identified is required. These are examples of specific responses: * Conduct surprise or unannounced visits or procedures (such as inventory observations or cash counts). * Request that physical inventory be taken closer to year end. * Contact major customers and suppliers orally and in writing for confirmations, request confirmations of specific persons in the organizations, or request confirmation of more or different information. * Review year-end adjusting entries in detail and investigate any that appear unusual. * For significant and unusual transactions, especially near year end, investigate the possibility of related parties (see section 1006). * Perform substantive analytical procedures at a detailed level, such as by location, line of business, or month. * Interview personnel in areas where fraud risk factors are a concern to obtain their insights about the risk and whether or how controls address the risk. * Discuss with other auditors who are auditing departments, locations, or programs of the entity, the extent of work necessary to assure that the risk of material misstatement due to fraud resulting from transactions and activities among these components is adequately addressed. * If a specialist's work is particularly significant, perform additional procedures with respect to some or all of the specialist's assumptions, methods, or findings to determine that the findings are not unreasonable, or engage another specialist to do that (see section 650). * Perform additional or more focused analytical procedures concerning budget to actual variances and their underlying causes. * Test a larger sample of disbursement transactions for validity. .04: If there is an increased risk of material misstatement due to fraudulent financial reporting, example responses include: * Revenue recognition. Confirm with customers relevant contract terms and absence of side agreements. * Inventory quantities. Review inventory records to identify locations, areas, or items for specific attention during or after physical inventory. It may be important to count all locations on the same date, or to observe some locations on an unannounced basis. The auditor may examine the contents of boxed items more rigorously, investigate how boxes are stacked or labeled and the quality of the contents, or he or she may do additional testing of count sheets or tags or maintain copies to minimize the risk of subsequent alteration. * Allowance for loan losses. Perform more detailed analytical procedures (such as analyzing specific credit lines rather than the portfolio taken as a whole), increase the sample size of loans to conclude as to the accuracy of credit risk and adequacy of loan loss allowances for specific loans, or increase the number of confirmation requests to gain further evidence as to existence. .05: If there is an increased risk of material misstatements due to misappropriation of assets, example responses include the following: * Evaluate control risk differently at different locations when the risk is greater at specific locations (such as when a large amount of a specific type of asset that is particularly susceptible to such risk is present at some locations), requiring a different response at different locations. * With a particular asset that is highly susceptible to misappropriation, understanding and testing controls may be important. Also, physical inspection of such assets at or near year end may be appropriate, as well as analytical procedures using a narrow precision in the auditor's expectation. * In some programs, consider additional participant eligibility testing, including unannounced visits to intake centers or work sites to test the existence and identity of participants, or observe benefit payment distribution to identify "ghost" participants, or use confirmation requests to test the existence of program participants. [End of section] 295 J - STEPS IN ASSESSING INFORMATION SYSTEM CONTROLS: .01: As discussed in section 260, the following are the steps the auditor and the IS auditor generally follow in assessing IS controls in a financial statement audit. However, the audit team may decide to test the effectiveness of the general controls even if they are not likely to be effective, or the team may decide to review application controls even though general controls are not effective. The team may decide to do this to be able to make better recommendations on how to fix weak controls. Steps in Assessing Information System Controls In a Financial Statement Audit: [See PDF for image] [End of figure] [End of section] FOOTNOTES [1] If the auditor uses software to calculate sample size, he or she should understand how the software considers expected misstatements. For example, if the auditor uses Interactive Data Extraction and Analysis (IDEA) to calculate sample size when test materiality is lower than design materiality, because the auditor expects misstatements, the auditor should use design materiality in IDEA because he or she separately inputs the expected misstatement. See paragraph 480.27. [2] The auditor is not required to opine on RSSI, but, per OMB audit guidance, internal control over RSSI should be tested the same as internal control over the financial statements. [3] Assurance is not the same as statistical confidence. Assurance is a combination of quantitative measurement and auditor judgment. [4] See also GAO's Standards for Internal Control in the Federal Government, GAO/AIMD-00-21.3.1, November 1999. SECTION 300: Internal Control Phase: Figure 300.1: Methodology Overview Planning Phase: * Understand the entity's operations: Section 220: * Perform preliminary analytical procedures: Section 225: * Determine planning, design, and test materiality: Section 230: * Identify significant line items, accounts, assertions, and RSSI: Section 235: * Identify significant cycles, accounting applications, and financial management systems: Section 240: * Identify significant provisions of laws and regulations: Section 245: * Identify relevant budget restrictions: Section 250: * Assess risk factors: Section 260: * Determine likelihood of effective information system controls: Section 270: * Identify relevant operations controls to evaluate and test: Section 275: * Plan other audit procedures: Section 280: * Plan locations to visit: Section 285: Internal Control Phase: * Understand information systems: Section 320: * Identify control objectives: Section 330: * Identify and understand relevant control activities: Section 340: * Determine the nature, timing, and extent of control tests and of tests for systems’ compliance with FFMIA requirements: Section 350: * Perform nonsampling control tests and tests for systems’ compliance with FFMIA requirements: Section 360: * Assess controls on a preliminary basis: Section 370: Testing Phase: * Consider the nature, timing, and extent of tests: Section 420: * Design efficient tests: Section 430: * Perform tests and evaluate results: Section 440: ** Sampling control tests: Section 450: ** Compliance tests: Section 460: ** Substantive tests: Section 470: *** Substantive analytical procedures: Section 475: *** Substantive detail tests: Section 480: Reporting Phase: * Perform overall analytical procedures: Section 520: * Determine adequacy of audit procedures and audit scope: Section 530: * Evaluate misstatements: Section 540: * Conclude other audit procedures: Section 550: ** Inquire of attorneys: ** Consider subsequent events: ** Obtain management representations: ** Consider related party transactions: * Determine conformity with generally accepted accounting principles: 560: * Determine compliance with GAO/PCIE Financial Audit Manual: Section 570: * Draft reports: Section 580: [End of figure] 310 - OVERVIEW: .01: In the internal control phase, the auditor should gain an understanding of internal control and obtain evidence about the effectiveness of internal control to (1) assess control risk, (2) determine the nature, timing, and extent of control, compliance, and substantive testing, and (3) form an opinion or report on internal control over financial reporting and compliance. Control risk should be assessed separately for each significant financial statement assertion in each significant cycle/accounting application (including RSSI). (See figure 300.1.) The auditor also should gain an understanding of the components of internal control relating to the existence and completeness assertions (and valuation for GAO audits) (see definitions of assertions in paragraph 235.02) relevant to the performance measures reported in the MD&A (overview) of the Accountability Report in order to report on controls that have not been properly designed and placed in operation. The auditor is not required to test performance measures controls, but he or she may decide to do so. .02: The entity's management is responsible for establishing and maintaining internal control to provide reasonable assurance that the entity's objectives will be met. In a financial statement audit, the auditor evaluates those internal controls designed to provide reasonable assurance that the following objectives are met (also see paragraph 310.10 for the auditor's responsibility for performance measures controls): * Reliability of financial reporting ("financial reporting controls") --transactions are properly recorded, processed, and summarized to permit the preparation of the financial statements and RSSI in accordance with generally accepted accounting principles, and assets are safeguarded against loss from unauthorized acquisition, use, or disposition; * Compliance with applicable laws and regulations ("compliance controls") --transactions are executed in accordance with (a) laws governing the use of budget authority and other laws and regulations that could have a direct and material effect on the principal statements or RSSI, and (b) any other laws, regulations, and governmentwide policies identified by OMB in its audit guidance. .03: The auditor should determine whether such internal control provides reasonable assurance that misstatements, losses, or noncompliance, material in relation to the financial statements, would be prevented or detected during the period under audit. In addition, if the auditor intends to opine on internal control, he or she makes a separate conclusion on internal control as of the end of the period. Additionally, the auditor may test certain operations controls and should understand performance measures controls, as discussed in the planning phase (section 275). .04: Internal control over safeguarding assets constitutes a process, effected by an entity's governing body, management, and other personnel, designed to provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the entity's assets that could have a material effect on the financial statements. As used in this manual, safeguarding controls, a part of financial reporting controls, relate to protecting assets from loss arising from misstatements in processing transactions and handling the related assets. Section 395 C includes a list of typical safeguarding controls. Safeguarding controls examined as part of a financial statement audit do not relate to the loss of assets arising from management's operating business decisions, such as incurring expenditures for equipment or material that might prove to be unnecessary. (Such controls are operations controls.) Safeguarding controls consist of (1) controls that prevent or detect unauthorized access (direct or indirect) to assets and (2) segregation of duties. Safeguarding controls are considered as part of financial reporting controls. .05: Just as safeguarding controls are part financial reporting and part operations controls, budget controls are part financial reporting and part compliance controls. Budget controls that provide reasonable assurance that budgetary transactions, such as obligations and outlays, are properly recorded, processed, and summarized to permit the preparation of the financial statements, mainly the statements of budgetary resources and financing, in accordance with GAAP, are financial reporting controls. Budget controls are generally also compliance controls in that they provide reasonable assurance that transactions are executed in accordance with laws governing the use of budget authority. Some budget controls may be compliance controls only; for example, controls over allotments, to prevent Antideficiency Act violations. .06: The auditor must evaluate and test certain controls. AU 319 (SAS 55 amended by SAS 78) permits the auditor to assess control risk at a high (maximum) level and forgo evaluation and testing of financial reporting controls if the auditor believes evaluating their effectiveness would be inefficient. However, because OMB audit guidance requires the auditor to perform sufficient tests of internal controls that have been properly designed and placed in operation to support a low assessed level of control risk, the auditor may not elect to forgo control tests solely because it is more efficient to extend compliance and substantive audit procedures. .07: The following are the types of controls to test: * financial reporting controls (including certain safeguarding and budget controls) for each significant assertion in each significant cycle/accounting application (identified in section 240), * compliance controls for each significant provision of laws and regulations (identified in section 245), including budget controls for each relevant budget restriction (identified in section 250), and: * operations controls for each operations control (1) relied on in performing financial audit procedures or (2) selected for testing by the audit team. The auditor also should understand performance measures controls, but is not required to test them. However, the auditor may decide to test them (see section 275). .08: The auditor is not required to test controls that have not been properly designed and placed in operation. Thus, internal controls that are not effective in design (or in operation, based on prior years' testing) do not need to be tested. If the auditor determined in a prior year that controls in a particular accounting application were ineffective and if management indicates that controls have not improved, the auditor need not test them. On the other hand, if controls have been determined to be effective in design and placed in operation, the auditor must perform sufficient tests of their effectiveness to support a low assessed level of control risk. In such cases, the auditor may consider using a rotation approach to testing controls over the various accounting applications, as described in section 395 G. If the auditor expects to disclaim an opinion because of scope limitations or inadequate controls, the auditor may limit internal control work to updating the understanding of controls and whether they have been placed in operation. The auditor may do this by inquiring as to whether previously identified control weaknesses have been corrected. In the year the auditor expects to issue an opinion on the financial statements, the auditor needs a basis of sufficient work on internal control. .09: In the internal control phase, the auditor should perform and document the following procedures: * Understand the entity's information systems for financial reporting, compliance with laws and regulations, and relevant operations (including reported performance measures) (see section 320). * Identify control objectives (see section 330). * Identify and understand relevant control activities that effectively achieve the control objectives (see section 340). * Determine the nature, timing, and extent of control testing (not necessary for performance measures controls) (see section 350). * Perform control tests that do not involve sampling (nonsampling control tests - see section 360).[Footnote 1] (Sampling control tests, if necessary, are performed in the testing phase, as discussed in section 450.) Testing is not required for performance measures controls. * On a preliminary basis, based on the evidence obtained, assess (1) the effectiveness of financial reporting, compliance, and relevant operations controls and (2) control and combined risk (see section 370). (Combined risk, which includes inherent and control risk, is discussed in paragraph 370.09). .10: OMB's audit guidance also defines internal control over performance measures as a process, effected by management and other personnel, designed to provide reasonable assurance that the following objective is met: * Reliability of performance reporting--transactions and other data that support reported performance measures are properly recorded, processed, and summarized to permit the preparation of performance information in accordance with criteria stated by management. OMB requires the auditor to obtain an understanding of the components of internal control over performance measures included in the MD&A relating to the existence and completeness assertions (for GAO audits, the valuation assertion is also included in the understanding) and to report deficiencies in the design of those controls that have not been properly designed and placed in operation. Note that the auditor is not required to test internal control over performance measures. .11: In gaining an understanding of an entity's internal control, the auditor should obtain knowledge about the design of relevant controls and whether they have been placed in operation. In obtaining knowledge about whether controls have been placed in operation, the auditor determines whether the entity is using them, rather than merely having them written in a manual, for example. This differs from determining a control's operating effectiveness, which is concerned with how the control was applied, the consistency with which it was applied, and by whom. Gaining an understanding of internal control does not require that the auditor obtain knowledge about operating effectiveness. [End of section] 320 - UNDERSTAND INFORMATION SYSTEMS: .01: The auditor should obtain an understanding of the entity's information systems (including methods and records) for processing and reporting accounting (including RSSI), compliance, and operations data (including performance measures reported in the MD&A (overview) of the Accountability Report).[Footnote 3] The information systems are part of the information and communication component of internal control. The communication portion of this component was considered in section 260. The auditor should obtain sufficient knowledge of each type of system to understand the information in paragraphs 320.03-.07. The auditor may use an IS auditor to assist in understanding and documenting the IS aspects of these systems. The understanding of the systems should be documented in cycle memorandums or other narratives and flow charts. .02: The auditor should perform sufficient system walkthroughs to confirm the understanding of significant information about such systems. However, if the auditor already has a sufficient understanding of the systems as a result of procedures performed in the preceding year, discussion of any system changes with management may be substituted for the walkthroughs. In a walkthrough of an accounting system, the auditor traces one or more transactions from initiation through all processing to inclusion in the general ledger, observing the processing in operation and examining related documents. Because walkthroughs are important in understanding the transaction process and in determining appropriate audit procedures, they should be performed for all significant accounting applications. Walkthroughs of budget accounting, compliance, and operations systems (including reported performance measures) should provide the auditor with evidence about the functioning of such systems. This walkthrough is to confirm the understanding of the system. The IS aspects of each system should be incorporated into the audit workpapers, supplemented by additional flow charts, narratives, and checklists, as considered necessary. ACCOUNTING SYSTEM(S): .03: The auditor should obtain an understanding of and should document the following for each significant cycle and accounting application (including those dealing with RSSI): * The manner in which transactions are initiated; * The nature and type of records, journals, ledgers, and source documents, and the accounts involved; * The processing involved from the initiation of transactions to their inclusion in the financial statements, including the nature of computer files and the manner in which they are accessed, updated, and deleted; and: * The process used to prepare the entity's financial statements and budget information, including significant accounting estimates, disclosures, and computerized processing. .04: Understanding the processing involved will be important in determining whether the financial management systems substantially comply with federal financial management systems requirements, federal accounting standards, and the SGL at the transaction level, so the auditor can report as required by FFMIA. If the entity is likely to receive an unqualified opinion and to have no material weaknesses in internal control, the auditor should test, (for efficiency, this could be done while performing nonsampling control tests (see section 350)), significant information the entity provides to support its assertion about the substantial compliance of its systems. BUDGET ACCOUNTING SYSTEM(S): .05: Through discussions with individuals responsible for accounting for budget execution, the auditor should understand and document the entity's process for: * Developing and requesting apportionments from OMB; * Establishing and allocating allotments within the entity, including reprogramming of allotments; * Establishing and recording commitments, if applicable; * Establishing, recording, and monitoring obligations (undelivered orders); * Establishing and recording expended authority (delivered orders); * Establishing and recording outlays; * Monitoring supplemental appropriations; * Recording transactions in and adjustments to expired accounts; and: * Monitoring canceled (closed) accounts. COMPLIANCE SYSTEM(S): .06: The compliance system includes the entity's policies and procedures to monitor overall compliance with laws and regulations applicable to the entity. Through discussions with entity management, the auditor should understand and document the entity's process for: * Identifying and documenting all laws and regulations applicable to the entity; * Monitoring changes in applicable laws and regulations and responding on a timely basis; * Establishing policies and procedures for complying with specific laws and regulations and clearly documenting and communicating these policies and procedures to appropriate personnel; * Assuring that an appropriate number of competent individuals at appropriate levels within the entity monitor the entity's compliance with applicable laws and regulations; and: * Investigating, resolving, communicating, and reporting any noncompliance with laws and regulations. OPERATIONS SYSTEM(S) (INCLUDING REPORTED PERFORMANCE MEASURES): .07: Through discussions with appropriate entity personnel, the auditor should understand and document any entity systems in which operations controls to be evaluated and tested operate, and any systems that produce the data used in performance measures reported in the MD&A (overview) of the Accountability Report. For example, if the auditor intends to evaluate and test an operations control that is dependent on certain statistical information, the auditor should understand how such statistical information is developed. Also, although the auditor is not required to test controls over a system producing data used in performance measures (unless it is an accounting or other system tested for other reasons), he or she should understand the system and the design of internal control related to the existence, completeness, and, for GAO audits, valuation (see definition in paragraph 235.02) assertions and whether they have been placed in operation. Thus, the auditor should understand and document the following: * How the entity determines the performance measures to report, including their relationship to the entity's mission; * The source of the information used in performance measures; * The processing involved from the initial source information to its inclusion in performance measures; and: * The process used to prepare the performance measures from the system- produced data. [End of section] 330 - IDENTIFY CONTROL OBJECTIVES: .01: The auditor should identify control objectives for each type of control that, if achieved, would provide the entity with reasonable assurance that misstatements (whether caused by error or fraud), losses, or noncompliance material in relation to the principal statements would be prevented or detected. For RSSI, the objectives would relate to controls that would provide reasonable assurance that misstatements, losses, or noncompliance that would be considered material by users of the information would be prevented or detected. Such objectives should cover the following general areas: * Financial reporting controls: Prevent or detect aggregate misstatements in significant financial statement assertions, including assertions relating to RSSI and the statements of budgetary resources and financing. Also, Safeguarding controls: Safeguard assets against loss from unauthorized acquisition, use, or disposition. * Compliance controls: Comply with significant provisions of applicable laws and regulations. Also, Budget controls: Execute transactions in accordance with budget authority. * Operations controls: For each relevant operations control, achieve the performance level desired by management for the planning, productivity, quality, economy, efficiency, or effectiveness of the entity's operations. For performance measures controls, report the data used to measure the entity's performance in accordance with criteria stated by management. Paragraphs 330.02-.11 describe the process for identifying control objectives for each type of control. FINANCIAL REPORTING CONTROLS: .02: The auditor should evaluate and test financial reporting controls for each significant assertion in each significant line item or account, including RSSI and the statements of budgetary resources and financing. (See paragraph 235.02 for a discussion of financial statement assertions.) The first step in developing control objectives for financial reporting controls is to consider the types of misstatements that might occur in each significant assertion in each significant line item or account. One or more potential misstatements can occur in each financial statement assertion. For example, for the existence or occurrence assertion, potential misstatements can occur in the following four areas: * Validity: Recorded transactions do not represent economic events that actually occurred. * Cutoff: Transactions are recorded in a different period from that in which the economic events occurred. * Summarization: Transactions are summarized improperly, resulting in an overstated total. * Substantiation: Recorded assets and liabilities of the entity do not exist at a given date. For each potential misstatement, there are one or more control objectives that, if achieved, would prevent or detect the potential misstatement. These potential misstatements and control objectives provide the auditor the primary basis for assessing the effectiveness of an entity's control activities. Identifying Potential Misstatements and Control Objectives: .03: As discussed in section 240, the auditor identifies the significant accounting applications that provide a source of significant entries to each significant line item or account. For example, as illustrated in section 395 A, (1) sources of significant entries to cash typically include the cash receipts, cash disbursements, payroll, and cash accounting applications, and (2) sources of significant entries to accounts receivable typically include the billing, cash receipts, and accounts receivable accounting applications. Such accounting applications should have been identified in the cycle matrix or ARA or equivalent documentation. .04: The auditor should understand how potential misstatements in significant accounting applications could affect the related line item or account at an assertion level. For example, an overstatement of cash receipts typically results in (1) an overstatement of the cash account (by overstating the debit to cash) and (2) an understatement of accounts receivable (by overstating the credit to accounts receivable). To illustrate this concept using the assertions, a misstatement in the existence or occurrence assertion for cash receipts typically results in misstatements in (1) the existence or occurrence assertion for the cash account and (2) the completeness assertion for accounts receivable. .05: The following general rules may be used to determine the effect of transaction-related accounting applications on line items/accounts: [See PDF for image] [End of table] .06: For each potential misstatement in the accounting application, the auditor should identify related control objectives that prevent or detect the potential misstatement. Section 395 B includes a list of potential misstatements that could occur in each assertion in an accounting application and related control objectives. The auditor should exercise judgment in determining which potential misstatements and control objectives to use. The list included in section 395 B should be tailored to the accounting application and to the entity and may be supplemented with additional objectives or subobjectives. .07: If the above procedures were performed and documented by line item or account, a given application might be addressed two or more times. For example (see section 395 A), the purchasing accounting application typically would be addressed in evaluating controls relating to the inventory, property, liabilities, and expenses accounts. To avoid such duplication, the auditor should use a Specific Control Evaluation (SCE) worksheet or equivalent to document the procedures discussed in paragraphs 330.03-.06. The SCE groups potential misstatements and control objectives by accounting application (within each cycle), providing a format to perform and document the evaluation and testing of internal controls efficiently. See section 395 H for an example of a completed SCE worksheet. GAO has developed sample forms in WordPerfect and MS Word for preparing the ARA and SCE worksheets. The Need for Testing Safeguarding Controls and Segregation-of-Duties Controls: .08: Safeguarding controls and segregation-of-duties controls are often critical to the effectiveness of controls over liquid (easily sold or traded), readily marketable assets (such as cash, inventories, or property) that are highly susceptible to theft, loss, or misappropriation in material amounts. These controls are also important when there is an increased risk of fraud. Before selecting specific control activities to test, the auditor should determine whether safeguarding controls are relevant. If the auditor determines that (1) the asset is highly liquid or marketable and (2) material amounts are susceptible to theft, loss, or misappropriation, the auditor should identify control objectives for safeguarding such assets and evaluate and test safeguarding controls. On the other hand, if the asset is not liquid or marketable or if material amounts are not readily susceptible to theft, loss, or misappropriation, the need to test safeguarding controls may be lessened. (Testing for segregation of duties is discussed in paragraphs 360.11-.12. Other safeguarding controls are considered in connection with financial reporting controls, as part of the existence assertion.): BUDGET CONTROLS: .09: The objectives of budget controls are to provide reasonable assurance that the entity (1) properly records, processes, and summarizes transactions to permit the preparation of the statements of budgetary resources and financing in accordance with GAAP and (2) executes transactions in accordance with budget authority. Section 395 F presents a list of budget control objectives, organized by steps in the budget process. In addition, section 395 D presents a list of selected statutes relevant to the budget and section 395 E describes budget steps of interest to the auditor in evaluating an entity's budget controls. Budget control objectives may be documented in a separate SCE worksheet for budget controls, in a memo, or incorporated in an SCE with related financial reporting controls. COMPLIANCE CONTROLS: .10: The objective of compliance controls is to provide reasonable assurance that the entity complies with significant provisions of applicable laws and regulations. Compliance control objectives should be tailored to the related provision and may be documented in a separate SCE worksheet for compliance controls, in a memo, or incorporated into an SCE with related financial reporting controls. OPERATIONS CONTROLS: .11: The objectives of operations controls are to provide reasonable assurance that the entity effectively and efficiently meets its goals. The objective of performance measures controls is to provide reasonable assurance that the data that support performance measures reported in the MD&A (overview) of the Accountability Report are properly recorded and accounted for to permit the preparation of reliable and complete performance information. Operations control objectives should be tailored to the related provision and may be documented in a separate SCE worksheet for operations controls, in a memo, or incorporated into an SCE with related financial reporting controls. [End of section] 340 - IDENTIFY AND UNDERSTAND RELEVANT CONTROL ACTIVITIES: .01: For each control objective, based on discussions with entity personnel, the auditor should identify the control activities designed and implemented to achieve the specific control objective.[Footnote 4] Such controls may be recorded in the auditor's informal notes and/or interview write-ups for use in the following procedure, but each control activity need not be formally documented on the SCE worksheet at this time. The auditor should first screen the activities to identify those that are effective and efficient to test. An IS auditor may assist the auditor in identifying and understanding IS controls. BASIC UNDERSTANDING OF EFFECTIVENESS OF CONTROL ACTIVITIES: .02: The auditor should obtain a sufficient understanding of the identified control activities to determine whether they are likely to achieve the control objectives, assuming an effective control environment, risk assessment, communication, and monitoring, appropriate segregation of duties, and effective general controls. The purpose of this assumption is to identify any weaknesses in the specific control activities that should be corrected. When other internal control components are poor, there is inadequate segregation of duties, or poor general controls preclude the effectiveness of specific control activities that would otherwise be effective, the testing of such specific control activities may be limited to determining whether such controls are in place. To accomplish this, the auditor might (1) discuss the cycle and specific controls with management and then (2) perform walkthroughs by observing the controls in place or examining several items of documentary evidence of their existence. FACTORS TO CONSIDER: .03: When evaluating whether controls are likely to achieve the control objectives, the factors that the auditor should consider include (1) directness, (2) selectivity, (3) manner of application, and (4) follow- up. In determining whether control objectives are achieved, the auditor should consider both manual and IS controls, if likely to be effective (see section 270). .04: Directness refers to the extent that a control activity relates to a control objective. The more direct the relationship, the more effective that activity may be in achieving the objective. For example, management reviews of inventory reports that summarize the inventory by storage facility may be less effective in preventing or detecting misstatements in the existence assertion for inventory than a periodic physical inventory, which is more directly related to the existence assertion. .05: Selectivity refers to the magnitude of the amount, or the significance of other criteria or distinguishing characteristics, that a specific control will identify as an exception condition. Examples of selectivity thresholds are (1) a requirement for additional approvals of all payments to vendors in excess of $25,000 and (2) management reviews of all payments to vendors not on an entity's approved vendor list. When determining whether a control is likely to be effective, the auditor should consider the likelihood that items that do not meet the selectivity threshold could, in the aggregate, result in material misstatements of financial statements, material noncompliance with budget authority, material noncompliance with significant provisions of laws and regulations, or significant ineffective or inefficient use of resources. The auditor also should consider the appropriateness of the specified criteria used to identify items on a management or exception report. For example, IS input controls (such as the matching of vendor invoices with receiving reports and purchase orders) that require exact matches of data from different sources before a transaction is accepted for processing may be more effective than controls that accept transactions that fall within a broader range of values. On the other hand, controls based on exception reports that are limited to selected information or use more selective criteria may be more effective than lengthy reports that contain excessive information. .06: Manner of application refers to the way in which an entity places a specific control into operation. The manner of application can influence the effectiveness of a specific control. The auditor should consider the following factors when determining the effectiveness of controls: * Frequency of application: This refers to the regularity with which controls are applied. Generally, the more frequently a control is applied, the greater the likelihood that it will be effective. * Experience and skills of personnel: This refers to whether the person applying a control has the necessary knowledge and expertise to properly apply it. The lesser the person's experience and skills, the less likely that the control will be effective. Also, the effective application of a control is generally adversely affected if the technique (1) is performed by an employee who has an excessive volume of work or (2) is not performed carefully. .07: Follow-up refers to the procedures followed when a control identifies an exception condition. A control's effectiveness is dependent on the effectiveness of follow-up procedures. To be effective, these procedures should be applied on a timely basis and should (1) determine whether control exceptions represent misstatements and (2) correct all misstatements noted. For example, as a control, an accounting system may identify and put exception transactions into a suspense file or account. Lack of timely follow-up procedures to (1) reconcile and review the suspense file or account and (2) correct items in the suspense file or account would render the control ineffective. .08: When evaluating whether controls are likely to be effective, the auditor should consider whether the controls also are applied effectively to adjustments/corrections made to the financial records. Such adjustments/corrections may occur at the transaction level, during summarization of the transactions, or may be posted directly to the general ledger accounts. .09: Based on the understanding of control activities and the determination as to whether they are likely to achieve the control objectives, the auditor reassesses control risk to decide whether to test controls. If control risk is high because the control activities for a particular accounting application are not effective in design or not effective in operation (based on prior years' testing of the control activities and management's indication that they have not improved), the auditor does not need to test the controls. If they are effective, the auditor must test them, but may consider using a rotation approach to testing the controls, as discussed in section 395 G. [End of section] 350 - DETERMINE THE NATURE, TIMING, AND EXTENT OF CONTROL TESTS AND OF TESTS FOR SYSTEMS' COMPLIANCE WITH FFMIA REQUIREMENTS: .01: For each control objective, the auditor should (1) identify specific relevant control activities to test, (2) perform walkthroughs to be sure that those controls are in operation, (3) document these control activities on the SCE worksheet or equivalent, (4) determine the nature and timing of control tests, and (5) determine the extent of control tests. Internal control includes IS controls, as discussed further in paragraphs 360.03-.10 and the FISCAM. For the controls over performance measures reported in the MD&A (overview) of the Accountability Report, the auditor does not need to test controls (although he or she may decide to do so), but should identify the activities likely to achieve the objectives, perform walkthroughs to be satisfied that the controls have been placed in operation, and document the controls. .02: The auditor also should determine the nature, timing, and extent of tests for compliance of the entity's systems with federal financial management systems requirements (these requirements are established by OMB Circular A-127 and include the Joint Financial Management Improvement Program's series of system requirements documents), federal accounting standards (GAAP - see section 560), and the SGL at the transaction level in order to report in accordance with FFMIA. Substantial compliance includes the ability of the financial management systems to routinely provide reliable and timely financial information for managing day-to-day operations as well as to produce reliable financial statements, have effective internal control, and comply with legal and regulatory requirements. .03: If it is likely that the financial statement opinion will be unqualified and internal control will be determined to be effective, the auditor should plan to test the systems' compliance with the requirements. Many nonsampling control tests will also test for compliance with the systems requirements and the SGL, although determining compliance with federal accounting standards (GAAP) will also require substantive testing. In designing control and substantive tests, the auditor should keep in mind the need to report whether the entity's financial management systems are in substantial compliance with FFMIA requirements so that the control and other tests may serve this dual purpose. In addition, for purposes of FFMIA financial management systems include systems that produce the information management uses day-to-day, not just systems that produce annual financial statements. Thus, the auditor should test the financial management systems used for managing financial operations and supporting financial planning, management reporting, budgeting activities, and systems accumulating and reporting cost information, including the financial portion of mixed systems. .04: For agencies with longstanding, well-documented financial management systems weaknesses that severely affect the systems' ability to comply with FFMIA requirements, the auditor need not perform specific tests of the systems' compliance with the FFMIA requirements. The auditor will generally have adequate information about the systems to describe the instances of lack of substantial compliance and make recommendations, as required by FFMIA, by gaining an understanding of the systems and performing internal control and substantive testing. The auditor also should understand management's process for determining whether its systems comply with the FFMIA requirements and report any deficiencies in management's process (for example, management has not compared its systems with JFMIP systems requirements). The auditor's report should make clear that there may be other areas of noncompliance. .05: Similarly, if it is likely that the opinion on the financial statements will not be unqualified, that the entity has material weaknesses or reportable conditions in internal control, or that it has significant noncompliance with legal and regulatory requirements, then the auditor may limit the scope of testing performed to support an FFMIA assessment. However, if the auditor is concerned that he or she may find it difficult to convince management of the systems' noncompliance without specific tests, the auditor should perform them. Also, the auditor should recognize that if controls have improved and/ or an unqualified opinion can be expressed, the auditor will need to test systems for FFMIA compliance. IDENTIFY RELEVANT CONTROL ACTIVITIES TO TEST: .06: For each control objective identified in Section 330, the auditor should identify the control activity, or combination of control activities, that is likely to (1) achieve the control objective and (2) maximize the overall efficiency of control tests. In doing this, the auditor should consider (1) the extent of any inherent risk[Footnote 5] and control environment, risk assessment, communication, or monitoring weaknesses,[Footnote 6] including those related to IS (as documented in the ARA and/or GRA document or equivalent (see section 260)) and (2) the tentative determination of the likelihood that IS controls will be effective, as determined in the planning phase (see section 270). The auditor should test only the control activities necessary to achieve the objective. For example, the entity may have several controls that are equally effective in achieving an objective. In such a case, the auditor should select and test the control activity that is most efficient to test, considering such factors as (1) the extent to which a control achieves several control objectives and thereby reduces the number of controls that would ordinarily need to be tested and (2) the time that will be required to test the control. .07: For those control objectives for which the auditor preliminarily determines that effective control activities exist or are likely to exist, the auditor should test the selected control activities, as discussed in sections 360 and 450. The auditor may test all, or only certain control activities (because others are not likely to be effective), related to a control objective. However, the auditor may not elect to forgo control tests solely because it is more efficient to extend substantive or compliance audit procedures. If, in any phase of the audit, the auditor determines that control activities selected for testing are, in fact, ineffective in design or operation, the auditor should discontinue the specific control evaluation of related control objectives and should report resulting weaknesses in internal control as discussed in section 580. If the entity's management does not agree with the auditor's conclusion that effective control activities do not exist or are unlikely to exist, the auditor may need to perform procedures sufficient to support that conclusion. .08: Before testing controls the auditor believes will be effective, the auditor may elect to complete the ARA or equivalent tentatively, assuming that such controls are effective. PERFORM WALKTHROUGHS TO DETERMINE WHETHER THOSE CONTROLS ARE IN OPERATION: .09: Before performing control tests, the auditor should perform one or more walkthroughs to determine whether the control activities are functioning in the manner understood by the auditor. These walkthroughs, designed to confirm the auditor's understanding of the control activities, differ from those performed to confirm the auditor's understanding of the systems in which they operate (see paragraph 320.02). Through observations, inspection, and discussions with personnel responsible for applying or maintaining each control (including walkthroughs), the auditor should determine whether each control has, in fact, been placed in operation. If a control has not been placed in operation, the auditor should consider whether other controls are likely to achieve the related control objective(s) and should consider testing such controls. DOCUMENT CONTROL ACTIVITIES TO BE TESTED: .10: The auditor should document the control activities to be tested on the SCE worksheet or equivalent. (See an illustration in section 395 H.) (Other components of internal control are generally tested by observation and inquiry in the planning phase. See paragraph 260.09.) Controls that satisfy more than one control objective may be listed (and evaluated) only once and referred to, when applicable, on subsequent occasions. For each control to be tested, the auditor should determine whether the control is an IS control. An IS auditor generally should review and concur with the auditor's identification of IS controls. DETERMINE THE NATURE AND TIMING OF CONTROL TESTS: .11: To obtain additional evidence of the effectiveness of specific controls, the auditor should select the combination of control tests (observation, inquiry, or inspection) to be performed and determine the timing of such tests. No one specific control test is always necessary, applicable, or equally effective in every circumstance. In fact, a combination of these types of control tests is usually needed to provide the necessary level of assurance. In determining the types of tests to apply, the auditor should select the tests that are effective and most efficient, as discussed in paragraphs 350.15-.18. Specific types of control tests and methods to apply them are discussed below. .12: Observation - The auditor conducts observation tests by observing entity personnel actually performing control activities in the normal course of their duties. Observation generally provides highly reliable evidence that a control activity is properly applied when the auditor is there to observe it; however, it provides no evidence that the control was in operation at any other time. Consequently, observation tests should be supplemented by corroborative evidence obtained from other tests (such as inquiry and inspection) about the operation of controls at other times. .13: Inquiry - The auditor conducts inquiry tests by making either oral or written inquiries of entity personnel involved in the application of specific control activities to determine what they do or how they perform a specific control activity. Such inquiries are typically open ended. Generally, evidence obtained through inquiry is the least reliable audit evidence and generally should be corroborated through other types of control tests (observation or inspection). The reliability of evidence obtained from inquiry depends on various factors, such as the following: The competence, experience, knowledge, independence, and integrity of the person of whom the inquiry was made. The reliability of evidence is enhanced when the person possesses these attributes. Whether the evidence was general or specific. Evidence that is specific is usually more reliable than evidence that is general. The extent of corroborative evidence obtained. Evidence obtained from several entity personnel is usually more reliable than evidence obtained from only one. Whether the evidence was provided orally or in writing. Generally, evidence provided in writing is more reliable than evidence provided orally. .14: Inspection - The auditor conducts inspection tests by examining documents and records for evidence (such as the existence of initials or signatures) that a control activity was applied to those documents and records. System documentation, such as operations manuals, flow charts, and job descriptions, may provide evidence of control design but do not provide evidence that controls are actually operating and being applied consistently. To use system documentation as part of the evidence of effective control activities, the auditor should obtain additional evidence on how the controls were applied. Inspection is generally a reliable source of audit evidence and is frequently used in multipurpose testing. Because evidence of performance is documented, this type of test can be performed at any time. The evidence previously obtained from (1) the inspection of documents in walkthroughs (in which inspection is performed to a lesser extent than in sampling control tests) and (2) observation or inquiry tests may provide sufficient evidence of control effectiveness. However, if the auditor needs additional evidence, sampling items for inspection should be considered. Since documentary evidence generally does not provide evidence concerning how effectively the control was applied, the auditor generally should supplement inspection tests with observation and/or inquiry of persons applying the control. For example, the auditor generally should supplement inspection of initials on documents with observation and/or inquiry of the individual(s) who initialed the documents to understand the procedures they followed before initialing the documents. The auditor may also reperform the control being tested to determine if it was properly applied. .15: The type of control test or tests the auditor selects depends on (1) the nature of the control to be tested and (2) the timing of and period covered by the control test. .16: The nature of the control influences the type of evidential matter that is available. For example, if the control provides documentary evidence, the auditor may decide to inspect the documentation. For other controls, such documentation may not be available or relevant. For example, segregation-of-duties controls generally do not provide documentary evidence. In such circumstances, the auditor may obtain evidential matter about the effectiveness of the control's operation through observation or inquiry. .17: The timing of and period covered by the control test require consideration. The evidential matter should relate to the audit period and, unless it is documentary evidence, should be obtained during the audit period, when sufficient corroborative evidence is most likely to be available. When the evidence relates to only a specific point in time, such as evidence obtained from observation, the auditor should obtain additional evidence that the control was effective during the entire audit period. For example, the auditor may observe the control in operation during the audit period and use inquiry and inspection of procedures manuals to determine that the control was in operation during the entire audit period. Paragraph 380.02 provides guidance concerning situations when new controls are implemented during the year. .18: When selecting a particular control test from among equally effective tests, the auditor should select the most efficient test. For example, the auditor may find that inquiry, observation, and walkthroughs (tests of controls that do not involve sampling) provide sufficient evidence that the control was effective during the year and are most efficient to test. When sampling is considered necessary, the auditor should consider performing multipurpose tests to enhance audit efficiency (see sections 430 and 450). DETERMINE THE EXTENT OF NONSAMPLING CONTROL TESTS: .19: After selecting the nature of control tests to be performed, the auditor should determine the extent of control tests (including IS controls). This determination is based on the information gathered in developing an understanding of internal control, the nature of the control to be tested, the nature and availability of evidential matter, and the auditor's determination of the amount of additional evidence needed. For each control activity considered necessary to achieve the control objectives, the auditor should test the control activity to determine whether it achieves the control objectives. Relevant financial reporting, budget, compliance, and operations controls generally should be tested to the same level of assurance. The extent of this testing is discussed in section 360 for nonsampling control tests and in section 450 for sampling control tests. .20: Controls that do not leave documentary evidence of existence or application generally cannot be tested with sampling procedures. When control activities, such as segregation of duties, do not leave documentary evidence, the auditor should test their effectiveness by observation and/or inquiry. For example, the auditor may obtain evidential matter about the proper segregation of duties by (1) direct observation of the control activities being applied at a specific time during the audit period and (2) inquiry of the individual(s) involved about applying the activities at other times during the audit period. The appropriate extent of observation and inquiry is not readily quantifiable. To determine whether a control is effective, the auditor should consider whether sufficient evidence has been obtained to support the preliminary assessment of control effectiveness (see section 370). DETERMINE THE NATURE, TIMING, AND EXTENT OF TESTS FOR SYSTEMS' COMPLIANCE WITH FFMIA REQUIREMENTS: .21: If the auditor believes it is likely that the opinion on the financial statements will be unqualified (or qualifications will not relate to the entity's ability to prepare reliable financial statements or provide reliable financial information when needed), that internal control will be determined to be effective, and that the auditor will find no instances of noncompliance with legal and regulatory requirements, then the auditor should test each of the elements of systems' compliance with FFMIA requirements. Also, the auditor may need to test for systems' compliance with FFMIA requirements in other circumstances, as discussed in paragraph 350.05. .22: The determination of substantial compliance with the requirements requires auditor judgment. To assist the auditor in making these judgments, he or she should identify any management-developed documentation for its assertion about the systems' conformance with systems requirements in its FMFIA section 4 report and any work it may have done for FFMIA. The documentation may include the Financial Management Series of Checklists for Systems Reviewed Under the Federal Financial Management Improvement Act of 1996 or other tools. The issues discussed earlier in this section with regard to nature, timing, and extent of control tests also apply to tests of systems' compliance with FFMIA requirements. These tests generally should be done concurrently with nonsampling control tests as described in section 360. .23: Management's documentation may be the basis for tests of the systems' compliance. If, for example, management provides the auditor with a checklist detailing the functions the systems are able to perform, the auditor generally should select some significant functions from the checklist and determine whether the systems perform them. This may be done based on knowledge the auditor has acquired from gaining an understanding of the systems, as well as by additional observation, inquiry, inspection, and walkthroughs as discussed earlier in this section for control tests. If management has not provided documentation, testing may be based directly on the FFMIA requirements. If management is unable to provide any documentation, the auditor should ask why there is no documentation and how management knows whether it is in compliance. Lack of documentation often indicates that the systems do not substantially comply with FFMIA. [End of section] 360 - PERFORM NONSAMPLING CONTROL TESTS AND TESTS FOR SYSTEMS' COMPLIANCE WITH FFMIA REQUIREMENTS: .01: The auditor should design and conduct tests of control activities that are effective in design to confirm their effectiveness in operation. (The auditor should refer to paragraph 380.02 if control activities were not effective in design during the entire audit period.) The auditor should perform the following procedures in connection with control tests: * Request an IS auditor to test IS controls. * Perform nonsampling control tests. (Sampling control tests are performed in the testing phase, as discussed in section 450.): * Evaluate the results of nonsampling control tests. .02: Similarly, the auditor should design and conduct tests of the financial management systems' compliance with the three FFMIA requirements, if he or she determined such tests were necessary (see paragraphs 350.02-.05 and 350.21-.23). Many nonsampling control tests will also serve as tests for compliance with FFMIA requirements, especially the systems requirements and the SGL, although testing for federal accounting standards (GAAP) will include substantive testing, done as part of the testing phase. TESTS OF IS CONTROLS: .03: In an entity that uses information systems to perform accounting functions, the auditor might identify controls whose effectiveness depends on the computer (IS controls). Such IS controls are discussed in more detail in section 295 F. Due to the technical nature of certain IS controls, an IS auditor should perform or supervise tests of such controls and should document conclusions on the effectiveness of IS controls during the audit period. The financial auditor may perform tests of less technical IS controls but the IS auditor should supervise such testing to evaluate the results and to consider such controls in relation to other IS controls. .04: If IS controls are identified for testing, an IS auditor should evaluate the effectiveness of: * general controls at the entity or installation level; * general controls as they relate to the application to be tested; and: * specific application controls and/or user controls, unless the IS controls that achieve the control objectives are general controls. .05: The IS auditor should determine whether overall or installation-level general controls are effectively designed and operating by: * identifying applicable general controls, * determining how those controls function, and: * evaluating and testing the effectiveness of those controls. The IS auditor should consider knowledge obtained in the planning phase. At the conclusion of this step, the IS auditor should document the understanding of general controls and should conclude whether such controls are effectively designed and operating as intended. Tests of General Controls at the Installation Level: .06: General controls ordinarily are tested through a combination of procedures, including observation, inquiry, inspection (which includes a review of documentation on systems and procedures), and reperformance using appropriate test software. Although sampling is generally not used to test general controls, it may be used to test certain controls, such as those involving approvals. .07: If general controls are not effectively designed and operating as intended, the auditor will generally be unable to obtain satisfaction that application controls are effective. In such instances, (1) the IS auditor should discuss the nature and extent of risks resulting from ineffective general controls with the audit team and (2) the auditor should consider whether manual controls achieve the control objectives that the IS controls were supposed to achieve. However, if manual controls do not achieve the control objectives, the IS auditor should determine whether any specific IS controls are designed to achieve the objectives. If not, the auditor should develop appropriate findings principally to provide recommendations to improve internal control. If specific IS controls are designed to achieve the objectives, but are in fact ineffective due to poor general controls, testing would typically not be necessary, except to support findings. Tests of General Controls at the Application Level: .08: Based on favorable conclusions reached on general controls at the entity or installation level, the IS auditor should evaluate and test the effectiveness of general controls for those applications within which application controls or user controls are to be tested. .09: If general controls are not operating effectively within the application, application controls and user controls generally will be ineffective. In such instances, the IS auditor should discuss the nature and extent of risks resulting from ineffective general controls with the audit team and should determine whether to proceed with the evaluation of application controls and user controls. Tests of Application Controls and User Controls: .10: The IS auditor generally should perform or supervise tests of those application controls and user controls necessary to achieve the control objectives where the overall and application-level general controls were determined to be effective. NONSAMPLING CONTROL TESTS: .11: The auditor should (1) develop a detailed control test audit program that incorporates the nature, timing, and extent of planned nonsampling control tests, including tests for compliance with FFMIA requirements and (2) perform nonsampling control tests according to the audit program. The following paragraphs discuss the testing of segregation of duties. Segregation of Duties: .12: Nonsampling control tests relating to segregation of duties require special consideration. Such controls are designed to reduce the opportunities for any person to be in a position both to perpetrate and to conceal misstatements, especially fraud, in the normal course of duties. Typically, an entity achieves adequate segregation of duties by establishing controls (such as segregating asset custody from recordkeeping functions) to prevent any person from having uncontrolled access to both assets and related records. Paragraph 330.08 describes situations in which the auditor should test segregation of duties. .13: The auditor may use the following method to test segregation-of-duties controls: a. Identify the assets to be controlled through the segregation of duties. b. Identify the individuals who have authorized access (direct or indirect) to the assets. Direct access exists when the individual is authorized to handle the assets directly (such as during the processing of cash receipts). Indirect access exists when the individual is authorized to prepare documents that cause the release or transfer of assets (such as preparing the necessary forms to request a cash disbursement or transfer of inventory). c. For each individual with authorized access to assets, determine whether there are sufficient asset access controls. Asset access controls are those controls that are designed to provide assurance that actions taken by individuals with authorized access to assets are reviewed and approved by other individuals. For example, an approval of an invoice for payment generally provides asset access controls (relating to cash) over those individuals authorized to prepare supporting documentation for the transaction. If IS provides access to assets, evaluation and testing of IS controls should be designed to identify (1) individuals (including IS personnel) who may use the computer to obtain access and (2) asset access controls over such individuals. d. For individuals with authorized access to assets over which asset access controls are insufficient, determine whether such individuals can affect any recording of transactions in the accounting records. If so, segregation of duties is insufficient, unless such access to accounting records is controlled. For example, the person who processes cash receipts may also be able to record entries in the accounting records. Such a person may be in a position to manipulate the accounting records to conceal a shortage in the cash account, unless another individual reviews all accounting entries made by that person. In an IS accounting system, access to assets frequently provides access to records. For example, generation of a check may automatically record a related accounting entry. In such circumstances, a lack of asset access controls would result in inadequate segregation of duties, and the auditor should consider whether other controls would mitigate the effects of this lack of asset access control. EVALUATING THE RESULTS OF NONSAMPLING TESTS: .14: The auditor should investigate and understand the reasons for any deviations from control activities noted during nonsampling control tests. The auditor may find, for example, that significant subpopulations were not subject to controls or that controls were not applied during a specific period during the year. In such instances, the auditor should conclude whether controls are effective for at least some parts of the population. For example, an otherwise effective control may not have been applied effectively in one month due to personnel turnover. For all but that month, the auditor may assess controls as effective and reduce related testing. The auditor also should consider whether other controls can achieve the related control objective(s). .15: Additionally, the auditor should gather sufficient evidence to report the control weakness. As discussed in paragraphs 580.37-.58, the significance of the weakness will determine how the auditor reports the finding and therefore which elements of the finding (condition, cause, criteria, effect, and recommendation or suggestion) need to be developed. .16: Finally, the auditor may make preliminary conclusions as to whether the entity's financial management systems substantially comply with federal financial management systems requirements, federal accounting standards (GAAP), and the SGL at the transaction level. However, a final conclusion as to compliance, especially with federal accounting standards, needs to wait for the results of substantive testing. [End of section] 370 - ASSESS CONTROLS ON A PRELIMINARY BASIS: .01: Based on the evaluation of internal control and results of nonsampling control tests, the auditor should preliminarily assess the effectiveness of internal control during the period (for reporting on internal control in a non-opinion report and for determining the extent of procedures to be performed in the testing phase) and/or as of the end of the period (for an opinion on internal control). Considerations for assessing the effectiveness of IS controls and each type of control (financial reporting (including safeguarding and budget), compliance, and operations) are discussed in paragraphs 370.06-.14 below and in the FISCAM. .02: To assess the effectiveness of internal control, the auditor considers whether the control objectives are achieved. For each control objective that is not fully achieved, the auditor should obtain sufficient (1) information to develop comments in the auditor's report or management letter (see paragraphs 580.32-.61) and (2) evidence to support the preliminary assessment of the effectiveness of internal control. INFORMATION SYSTEM RESULTS: .03: Based on the procedures performed, the IS auditor should discuss conclusions on the effectiveness of IS controls with the audit team and obtain concurrence. The auditor should (1) incorporate the IS auditor's conclusions into the audit workpapers for each IS control tested and (2) perform tests of application controls (principally manual follow-up of exceptions) or user controls identified by the IS auditor for the audit team to test. .04: If IS controls are determined to be effective, the auditor may also ask the IS auditor to identify any IS controls within the applications tested using the above procedures that were not previously identified by the auditor. For example, such IS controls might achieve control objectives not otherwise achieved through manual controls or might be more efficient or effective to test than manual controls. The IS auditor can assist the auditor in determining the cost effectiveness of searching for and testing additional IS controls. Decisions made in response to these considerations should be documented, including a description of the expected scope of the IS auditor's work. .05: Audit programs and supporting workpapers should be prepared to document the procedures for evaluating and testing the effectiveness of IS controls. Such workpapers should be included in the audit workpapers. FINANCIAL REPORTING CONTROLS: .06: Based on procedures performed and before sampling control tests,[Footnote 7] if any, the auditor should form a preliminary conclusion about (1) the effectiveness of financial reporting controls as of the end of the period and (2) the assessed level of control and combined risk during the period for each significant assertion in each significant line item or account. Combined risk is the risk that, prior to the application of substantive audit procedures, a material misstatement exists in a financial statement assertion. Combined risk consists of the risks that (1) a financial statement assertion is susceptible to material misstatement (inherent risk) and (2) such misstatement is not prevented or detected on a timely basis by the entity's internal control (control risk). The use of professional judgment is essential in assessing both control and combined risk. .07: Preliminary assessment of control risk. For each significant assertion in each significant account, the auditor should assess control risk at one of the following three levels: * Low control risk: The auditor believes that controls will prevent or detect any aggregate misstatements that could occur in the assertion in excess of design materiality. * Moderate control risk: The auditor believes that controls will more likely than not prevent or detect any aggregate misstatements that could occur in the assertion in excess of design materiality. * High control risk: The auditor believes that controls will more unlikely than likely prevent or detect any aggregate misstatements that could occur in the assertion in excess of design materiality. .08: In assessing control risk in a line item/account assertion, the auditor should consider the aggregate magnitude of misstatements that might not be prevented or detected in significant accounting applications that affect the line item or account. For example, the cash receipts, cash disbursements, and payroll accounting applications typically affect the cash account. Accordingly, the auditor should consider the risk that aggregate misstatements could arise from a combination of those accounting applications and not be prevented or detected by controls. .09: Preliminary assessment of combined risk. In assessing combined risk, the auditor should consider the likelihood that a material misstatement would occur (inherent risk) and not be prevented or detected on a timely basis by the entity's internal control (control risk). This preliminary assessment of combined risk should be consistent with the auditor's assessment of inherent risk and control risk. For each significant assertion in each significant account, the auditor should assess combined risk at one of the following three levels: * Low combined risk: Based on the evaluation of inherent risk and control risk, but prior to the application of substantive audit procedures, the auditor believes that any aggregate misstatements in the assertion do not exceed design materiality. * Moderate combined risk: Based on the evaluation of inherent risk and control risk, but prior to the application of substantive audit procedures, the auditor believes that it is more likely than not that any aggregate misstatements in the assertion do not exceed design materiality. * High combined risk: Based on the evaluation of inherent risk and control risk, but prior to the application of substantive audit procedures, the auditor believes that it is more unlikely than likely that any aggregate misstatements in the assertion do not exceed design materiality. As a result, the auditor will need to obtain most, if not all, audit reliance from substantive tests. .10: The minimum substantive assurance level required for substantive tests varies directly with combined risk. In other words, as combined risk increases, so does the minimum substantive assurance level. Section 470 discusses the assurance level. The auditor should document the preliminary assessment of control risk and combined risk in the ARA or equivalent. COMPLIANCE CONTROLS: .11: Based on the results of compliance control tests and other audit procedures, the auditor should: * conclude whether the entity's internal control provides reasonable assurance that the entity complied with the significant provisions of laws and regulations and executed transactions in accordance with budget authority during the period (to assess control risk, to test compliance as discussed in section 460, and/or to report (non-opinion report) on internal control) and/or as of the end of the period (to support the opinion on internal control) and: * report weaknesses in compliance controls that come to the auditor's attention (see paragraphs 580.32-.61). If compliance controls are effective in preventing or detecting noncompliance with relevant provisions of laws and regulations during the period, the extent of compliance testing can be less than if such controls were not effective, as discussed in section 460. .12: When forming conclusions on internal control related to budget execution, the auditor should consider the impact of any unadjusted misstatements noted in the proprietary accounts and should determine any impact on the budgetary amounts. If the budgetary amounts are also misstated, the auditor should consider whether these misstatements are indications of weaknesses in internal control related to budget execution. If audit evidence indicates that internal control might not provide reasonable assurance that the entity executed transactions in accordance with budget authority, the auditor should discuss the legal implications with OGC. OPERATIONS CONTROLS: .13: If the results of control tests indicate that operations controls were not effective during the period, the auditor should not place reliance on the ineffective operations controls when performing other audit procedures. Based on gaining an understanding of performance measures systems and other procedures (which may include optional tests of controls), the auditor will have an understanding of the design of performance measures controls as they relate to the existence and completeness assertions (for GAO audits, the valuation assertion is also included in the understanding) and whether they have been placed in operation. The auditor should report weaknesses in performance measures controls that come to his or her attention. See paragraphs 580.32-.61 regarding reporting of control weaknesses. REEVALUATION OF CONTROL RISK AND COMBINED RISK ASSESSMENT: .14: After completing the testing phase, discussed in section 400, the auditor should reevaluate the preliminary assessment of control risk for financial reporting controls and control effectiveness for compliance and operations controls. If the test results are contrary to the preliminary assessment, the auditor should reconsider the adequacy of the audit procedures performed and perform additional procedures as considered necessary. [End of section] 380 - OTHER CONSIDERATIONS: ROTATION TESTING OF CONTROLS: .01: When the entity's control environment, risk assessment, communication, and monitoring are strong and inherent and fraud risk are low, using a rotation approach for testing controls may be appropriate for IS controls. When appropriate, based primarily on favorable results from prior tests and limited work in the current year, the auditor may test IS internal controls of certain cycles/applications on a rotating basis rather than every year. Rotation is generally not appropriate for use in first-time audits where an opinion is expressed or for audits of entities that do not have strong control environments, risk assessment, communication, and monitoring. Section 395 G provides additional requirements and guidelines for rotation testing of controls. PARTIAL-YEAR CONTROLS: .02: In certain situations, such as when new controls are implemented during the year, the auditor may elect to test controls only for the period that the new controls were operating. In such situations, the extent of control testing should remain similar, but be concentrated over the period the new controls are in place. For any portion of the audit period that financial reporting, budget, and compliance controls were not tested directly or through a rotation plan (see paragraph 380.01), the auditor should assume that such controls were ineffective for purposes of designing compliance and substantive tests. PLANNED CHANGES IN CONTROLS: .03: The auditor may become aware of an entity's plans to implement new accounting or control systems after the audit period ends. Even though new systems or controls are planned, the auditor should evaluate and test controls in effect through the end of the audit period to (1) provide support for the report on internal controls, (2) recommend any improvements to the current system that should be considered in designing the new systems or controls, and/or (3) obtain audit evidence to reduce substantive testing in the current audit. During the current audit, the auditor may elect to review controls designed into the new system. [End of section] 390 - DOCUMENTATION: .01: In addition to preparing a control testing audit program and other workpapers relevant to the internal control phase, the auditor should prepare the documents described in paragraphs 390.04-.07 or their equivalent. .02: In the audit program, the auditor generally should explain the objectives of audit procedures. Also, written guidance, either within or accompanying the audit program to explain possible exceptions, their nature, and why they might be important, may help auditors focus on key matters, more readily determine which exceptions are important, and identify significant exceptions. .03: As the audit work is performed, the auditors may become aware of possible reportable conditions or other matters that should be communicated to the auditee. The auditor generally should document and communicate these as described in paragraph 290.02. CYCLE MEMORANDUM AND FLOWCHART: .04: The auditor is required to document (AU 319.44) the understanding gained of each component of internal control, among them, the information system (AU 319.36). The auditor should prepare sufficient documentation to clearly describe and illustrate the accounting system; such documentation may include memorandums and flowcharts. Flowcharts provide a good mechanism to document the process and need not be extremely detailed. In some systems, particularly IS, it is difficult to understand the system without a flowchart. For each significant cycle, the auditor should prepare a cycle memorandum or equivalent, and a complementary flowchart of the cycle and component accounting application(s) is also recommended. To the extent relevant, these documents should include the following accounting systems information for financial reporting controls: * The cycle memorandum or equivalent should (1) identify the cycle transactions, each significant accounting application, and each significant financial management system included in the cycle, (2) describe interfaces with other cycles, (3) identify financial statement line items and general ledger accounts included in the cycle, (4) describe the operating policies and procedures relating to the processing of cycle transactions (see paragraph 320.03),[Footnote 8] and (5) identify major internal controls (overview only). The cycle memorandum may also include information on FFMIA requirements considered to this point, such as systems requirements and the SGL. * The flowchart should complement the related cycle memorandum and summarize the significant transaction flows in terms of (1) input and report documents, (2) processing steps, (3) files used, (4) units involved, and (5) interfaces with other cycles and accounting applications.[Footnote 9] .05: The auditor should document the understanding of compliance and relevant operations (including performance measures) control systems in a memorandum and, if applicable, a flowchart addressing each point discussed in paragraphs 320.05-.07. SPECIFIC CONTROL EVALUATION WORKSHEET: .06: The auditor should document the evaluation of specific control activities in the SCE worksheet or equivalent. Control tests should be documented in a control test audit program and in accompanying workpapers. Any IS control tests should also be documented in the audit workpapers, as discussed in paragraph 370.05. Section 395 H presents an example of a completed SCE worksheet. UPDATING THE ACCOUNT RISK ANALYSIS FORM: .07: The auditor should update the ARA form or equivalent by completing the internal control phase columns, as illustrated in section 395 I. [End of section] 395 A - TYPICAL RELATIONSHIPS OF ACCOUNTING APPLICATIONS TO LINE ITEMS/ ACCOUNTS: This section illustrates the typical relationships between accounting applications and line items or accounts. For example, sources of significant accounting entries to cash typically include the cash receipts, cash disbursements, payroll, and cash accounting applications. For each significant line item or account, the auditor should develop an understanding of how potential misstatements in significant accounting applications could affect the related line item or account. In turn, control objectives and relevant control techniques to achieve those objectives should be identified. [See PDF for image] [End of table] [End of section] 395 B - FINANCIAL STATEMENT ASSERTIONS AND POTENTIAL MISSTATEMENTS: This section lists potential misstatements that could occur in each financial statement assertion within an accounting application, together with related control objectives. The auditor should use judgment to tailor this information to the accounting application and to the entity and should consider supplementing this list with other control objectives or subobjectives. The assertions, potential misstatements, and control objectives illustrated in this section can be used in preparing the first, fourth, and fifth columns of the SCE worksheet, which is illustrated in section 395 H. However, this section is provided as a reference and does not require completion as a form. [See PDF for image] Note: Segregation-of-duties controls are a type of safeguarding control and are often crucial to the effectiveness of controls, particularly over liquid, readily marketable assets that are highly susceptible to theft, loss, or misappropriation. Such controls are designed to reduce the opportunities for any person to be in a position to both perpetrate and conceal fraud. The lack of segregation-of-duties controls may be pervasive and affect several misstatements. Paragraph 330.08 discusses when segregation-of-duties controls should be tested. [End of table] [End of section] 395 C - TYPICAL CONTROL ACTIVITIES: AUTHORIZATION: .01: Authorization controls are designed to provide reasonable assurance that (1) transactions, (2) events from which they arise, and (3) procedures under which they are processed are authorized in accordance with laws, regulations, and management policy. Typical authorization controls include: * documented policies establish events or transactions that the entity is authorized to engage in by law, regulation, or management policy; * documented policies and procedures exist for processing transactions in accordance with laws, regulations, or management policy; and: * master files include only authorized employees, customers, or suppliers. APPROVAL: .02: Approval controls are designed to provide reasonable assurance that appropriate individuals approve recorded transactions in accordance with management's general or specific criteria. Typical approval controls include the following: * Specific transactions are approved by persons having the authority to do so (such as the specific approval of purchases by the procurement officer or other designated individual with procurement authority) in accordance with established policies and procedures. * Transactions are compared with predetermined expectations (invoice terms are compared with agreed-upon prices, input is checked for valid data type for a particular field, etc.), and exceptions are reviewed by someone authorized to approve them. * Transactions are compared with approved master files (such as approved customer credit limits or approved vendors) before approval or acceptance, and exceptions are reviewed by someone authorized to approve them. * Key records are matched before a transaction is approved (such as the matching of purchase order, receiving report, and vendor invoice records before an invoice is approved for payment). * Before acceptance, changes to data in existing files are independently approved, evidenced by either documentary or on-line approval of input before processing. SEGREGATION OF DUTIES: .03: Segregation-of-duties controls are designed to reduce the opportunities for someone to both perpetrate and conceal errors or fraud in the normal course of duties. Typically, an entity achieves adequate segregation of duties by establishing controls (such as segregating asset custody from recordkeeping functions) to prevent any person from having uncontrolled access to both assets and records. See paragraphs 330.08 and 360.11 for additional discussions of segregation-of-duties controls. DESIGN AND USE OF DOCUMENTS AND RECORDS: .04: The purpose of controls over the design and use of records is to help provide reasonable assurance that transactions and events are properly recorded. Such controls typically include the following. * Prenumbered forms are used to record all of an entity's transactions, and accountability is maintained for the sequence of all numbers used. (For example, prenumbered billing documents, vouchers, purchase orders, etc., are accounted for in numerical sequence when they are used, and any numbers missing from the sequence are investigated). * Receiving reports, inspection documents, etc., are matched with billing notices, such as vendor invoices, or other documents used to record delivered orders and related liabilities to provide assurance that all and only valid transactions are recorded. * Transaction documents (such as vendor invoices or shipping documents) are stamped with the date and tracked (through periodic supervisory reviews) to provide assurance that transactions are recorded promptly. * Source documents are canceled after processing (for example, invoices are stamped, perforated, or written on after they are paid) to provide assurance that the same documents will not be reused and will not result in recording transactions more than once. Also, only original documents are used to process transactions. ADEQUATE SAFEGUARDS OVER ACCESS TO AND USE OF ASSETS AND RECORDS: .05: Access controls are designed to protect assets and records against physical harm, theft, loss, misuse, or unauthorized alteration. These controls restrict unauthorized access to assets and records. Evaluation of segregation of duties is also required for persons who have authorized access to assets and records. Typical access controls follow: * Cash receipt totals are recorded before cash is transmitted for deposit. * Secured facilities (locked rooms, fenced areas, vaults, etc.) are used. Access to critical forms and equipment (such as check signing machines and signature stamps) is limited to authorized personnel. * Access to programs and data files is restricted to authorized personnel. (For example, manual records, computer terminals, and backup files are kept in secured areas to which only authorized persons can gain access.): * Assets and records are protected against physical harm. (For example, intruder alarms, security guards, fire walls, a sprinkler system, etc., are used to prevent intentional or accidental destruction of assets and records). * Incoming and outgoing assets are counted, inspected, and received or given up only on the basis of proper authorization (such as a purchase order, contract, or shipping order) in accordance with established procedures. * Procedures are established to provide reasonable assurance that current files can be recovered in the event of a computer failure. (For example, the entity has implemented a backup and recovery plan, such as using on-premises or off-premises file backup, off-site storage of duplicate programs and operating procedures, and standby arrangements to use a second processing facility if the entire data center is destroyed). * Access to critical forms and records is restricted. (For example, secured conditions are established and maintained for manual records and media used to access assets, such as blank checks or forms for the release of inventory). INDEPENDENT CHECKS: .06: Controls in this category are designed to provide independent checks on the validity, accuracy, and completeness of processed data. The following procedures are typical of this category of controls: * Calculations, extensions, additions, and accounting classifications are independently reviewed. (For example, arithmetic on vouchers is independently recomputed, and transactions and accounting classifications are subsequently reviewed). * Assets on hand are periodically inspected and counted, and the results are compared with asset records. (For example, inventories are inspected and physically counted at the end of each year and compared with inventory records). * Subsidiary ledgers and records are reconciled to general ledgers. * The entity promptly follows up on complaints from vendors, customers, employees, and others. * Management reviews performance reports. (For example, the warehouse manager reviews performance reports on the accuracy and timeliness of fulfilling shipping orders and recording them in the sales processing system). * Data from different sources are compared for accuracy and completeness. (For example, the cash journal entry is compared with the authenticated bank deposit slip and with the detailed listing of cash receipts prepared independently when mail was opened, and units billed are compared with units shipped). * Actual operating results (such as personnel cost or capital expenditures for a particular organizational component or an entity as a whole) are compared with approved budgets, and variances are explained. VALUATION OF RECORDED AMOUNTS: .07: Controls in this category are designed to provide assurance that assets are valued at appropriate amounts. Typical valuation controls follow: * Periodically, the condition and marketability of assets are evaluated. (For example, inventory is periodically reviewed for physical damage, deterioration, or obsolescence, or receivables are evaluated for collectibility). * Recorded data are compared with information from an independent third party. (For example, recorded cash is reconciled to bank statements, and suppliers' accounts are reconciled to monthly statements from suppliers). * Assessed values (such as independent appraisals of assets) are compared with the accounting records. SUMMARIZATION OF ACCOUNTING DATA: .08: Controls in this category are designed to provide assurance that transactions are accurately summarized and that any adjustments are valid. Typical controls in this category include the following: * The sources of summarized data (such as subsidiary ledgers, journals, and/or other records) are compared with the underlying subsidiary records and/or documents before the data are accepted for inclusion in summarized records and reports. (For example, journal entries are compared to source documents, and the daily summaries of journal entries are compared with to the individual journal entries before the summarized entries are posted to the general ledger.): * Procedures are followed to check the completeness and accuracy of data summarization, and exceptions are reviewed and resolved by authorized persons. (For example, batch totals are compared with appropriate journals, hash totals are compared at the beginning and end of processing, and totals passed from one system or application to another are compared). RIGHTS AND OBLIGATIONS: .09: Controls in this category are designed to provide assurance that (1) the entity owns recorded assets, with the ownership supported by appropriate documentation, (2) the entity has the rights to its assets at a given date, and (3) recorded liabilities reflect the entity's legal obligations at a given date. The following procedures are typical of this category of controls: * Policies and procedures are documented (such as policy, procedures, and training manuals, together with organization charts) for initiating transactions and for identifying and monitoring those transactions and accounts warranting attention with respect to ownership. * Policies and procedures are documented for initiating and monitoring transactions and accounts related to obligations. * Significant transactions require the approval of senior management. * Reported results and balances are compared with plans and authorizations. PRESENTATION AND DISCLOSURE: .10: Controls in this category are designed to provide assurance that (1) accounts are properly classified and described in the financial statements, (2) the financial statements are prepared in conformance with GAAP, and (3) footnotes contain all information required to be disclosed. The following procedures are typical of this category of controls: * Policies and procedures are documented for accumulating and disclosing financial information in the financial statements by appropriate personnel. Responsibility is assigned to specific individuals. * Policies and procedures are documented for preparing financial statements by authorized personnel having sufficient experience and expertise to assure compliance with GAAP. * Policies and procedures are documented (such as policy and procedures manuals, together with organization charts) for properly classifying and describing financial information in the financial statements. * Reports are periodically substantiated and evaluated by supervisory personnel. Procedures are implemented to detect errors and omissions and to evaluate recorded balances. * A written chart of accounts containing a description of each account is used, such as the SGL. Journal entries are prepared, reviewed, compared with supporting details where necessary, and approved each accounting period. * Appropriate processing procedures are used, including control or batch totals, etc. Written cutoff and closing schedules are also used. * The same chart of accounts is used for both budgeting and reporting, and variances between actual and planned results are analyzed. [End of section] 395 D - SELECTED STATUTES RELEVANT TO BUDGET EXECUTION: .01: Antideficiency Act: This statute places limitations on the obligation and expenditure of government funds. Expenditures and obligations may not exceed the amounts available in the related appropriation or fund accounts. Unless allowed by law, amounts may not be obligated before they are appropriated. Additionally, the amount of obligations and expenditures may not exceed the amount of the apportionments received. (See 31 U.S.C. sections 1341-1342, 1349-1351, and 1511-1517 for further information.): .02: Purpose statute: This statute states that appropriations may be obligated and expended only for the purposes stated in the appropriation. (See 31 U.S.C. 1301 for further information.): .03: Time statute: This statute states that appropriations may be obligated or expended only during the period of availability specified by law. (See 31 U.S.C. 1502 for further information.) Annual or multiple year appropriations often are referred to as "fixed accounts." Fixed accounts are available for obligation for a definite period of time. "No year" authority or accounts are resources that are available for obligation for an indefinite period of time, usually until the purposes for which they were provided are carried out. [End of section] 395 E - BUDGET EXECUTION PROCESS: The steps of a simplified budget process are illustrated in the following table. [See PDF for table] [End of table] .02: The following budget execution process is of interest to the auditor when testing the statement of budgetary resources and when evaluating an entity's internal control relating to budget execution:[Footnote 10] * Congress provides an entity with an appropriation (or other budget authority), which is authority provided by law to enter into obligations that result in immediate or future outlays (2 U.S. 622(2)). The Secretary of the Treasury issues warrants, which establish the amount of moneys authorized to be withdrawn from the central accounts maintained by Treasury. * OMB makes an apportionment, which is a distribution of amounts available for obligation. Apportionments divide amounts available for obligation by specific periods (usually quarters), activities, projects, or objects, or a combination thereof. The amounts so apportioned limit the amount of obligations that may be incurred. * The entity head (or other authorized employee) makes an allotment, which is an authorization to subordinates to incur obligations within a specified amount. The total amount allotted by an entity may not exceed the amount apportioned by OMB. The entity, through its fund control regulations, establishes allotments at a legally binding level for complying with the Antideficiency Act. Suballotments and allowances are further administrative divisions of funds, usually at a more detailed level (i.e., suballotments are divisions of allotments established as needed). * The entity may make a commitment, which is an administrative reservation of an allotment or of other funds in anticipation of their obligation. Commitments are not required by law or regulation nor are they considered formal/official use of budget authority. Rather, commitments are used by entities for financial planning in the acquisition of goods and services and control over obligations and the use of budget authority. * The entity incurs an obligation, which is the amount of orders placed, contracts awarded, services received, and similar transactions during a given period that will require payments during the same or future periods. Obligations need to comply with legal requirements before they may be properly recorded against appropriation accounts (title 7 of the GAO Policies and Procedures Manual). These legal requirements include consideration of whether the purpose, the amount, and the timing of when the obligation was incurred are in accordance with the appropriation. Additionally, there are legal requirements concerning the documentary evidence necessary for recording an obligation. The term "obligation" in this manual refers to orders for goods and services that have not been delivered (undelivered orders). The entity records expended authority, which is the reduction of an obligation by the receipt and acceptance of goods and services ordered. Expended authority means that the budget authority has been used to acquire goods or services.[Footnote 11] * The entity records an "outlay," which, as used in the President's budget, Congressional budget documents, and the statement of budgetary resources, refers to payments made to liquidate obligations for goods and services. The statement of budgetary resources reconciles obligations incurred net of offsetting collections to net outlays. * The appropriation account expires when, according to the restrictions contained in the appropriation, the appropriation is no longer available for new obligations. Adjustments may be made for valid obligations that were either (1) recorded at an estimated amount that differs from the actual amount[Footnote 12] or (2) incurred before the authority expired, but were not recorded. Adjustments may be recorded for 5 years after the appropriation expires. For both expired accounts and closed accounts, the entity's obligations and expenditures may not exceed the related budget authority. The auditor should refer to OMB Circular A-34 (2000), sections 30.6-.10, for additional guidance on these types of adjustments and transactions. Examples of valid adjustments to expired accounts within the 5-year period include adjustments for (1) canceled orders or orders for which delivery is no longer likely, (2) refunds received in the current period that relate to recovery of erroneous payments or accounting errors, (3) legal and valid obligations that were previously unrecorded, and (4) differences between the estimated and actual obligation amounts. * After the 5-year period, the budget authority for the expired accounts is canceled and the expired accounts are closed. No further adjustments or outlays may be made in those closed accounts. Payments for any outstanding unliquidated obligations in closed accounts may be made from unexpired appropriations that have the same general purpose (but are limited in aggregate to 1 percent of the current year appropriation). For both expired accounts and closed accounts, the entity's obligations and expenditures may not exceed the related budget authority. The auditor should refer to OMB Circular A-34 (2000), sections 30.6-10, for additional guidance on these types of adjustments and transactions. [End of section] 395 F - BUDGET CONTROL OBJECTIVES: .01: This section lists budget control objectives by steps in the budget process. The auditor may consider these control objectives for either or both of the audit of the statement of budgetary resources (evaluation of financial reporting controls) and/or as part of the compliance control evaluation. The auditor may evaluate many of these controls at the same time as controls over expenses, disbursements, and liabilities. a. Appropriations (or other forms of budget authority): The recorded appropriation (or other form of budget authority) is the same as that made available in the appropriation or other appropriate legislation, including restrictions on amount, purpose, and timing. b. Apportionments: The recorded apportionments agree with the OMB apportionments (as indicated on the apportionment schedules), and the total amount apportioned does not exceed the total amount appropriated.[Footnote 13] c. Allotments/suballotments: The total amount allotted does not exceed the total amount apportioned. d. Commitments: The auditor may not be concerned with controls over budgetary commitments because commitments are not required by law or regulation nor are they considered formal/official use of budget authority. Controls over budgetary commitments are considered a type of operations control. The auditor should consider evaluating controls over commitments if the entity is using commitments and relying on controls over commitments to achieve the control objectives relating to obligations. If controls over commitments are evaluated, the auditor should apply the same control objectives used for obligations and expenditures, as discussed below. e. Obligation transactions: The following control objectives relate to obligation transactions (undelivered orders): * Validity: Obligations recorded are valid. An obligation is considered valid only if it meets these criteria: The obligation has been incurred. This is usually evidenced by appropriate supporting documentation, such as a purchase order or binding contract. The auditor should be alert for instances of "block obligating" or "block dumping," which occur when an entity records obligations to "reserve" funds even though the goods or services have not been ordered. This is most likely to occur near the expiration of the appropriation. The auditor should be alert for such signs as large, even-amount obligations near the end of the fiscal year for annual appropriations or during the last year of a multiyear appropriation account. The purpose of the obligation is one for which the appropriation was made. The obligation was incurred within the time that the appropriation was made available for new obligations. The obligation did not exceed the amount allotted or appropriated by statute, nor was it incurred before the appropriation became law, unless otherwise provided by law. The obligation complies with any other legally binding restrictions, such as obligation ceilings, identified in the planning phase. The obligation has not subsequently been canceled nor the goods or services received. For adjustments to obligations in expired accounts, the following objectives also are to be met: If the adjustment represents a "contract change" as defined in OMB Circular A-34 (2000), the auditor should refer to section 30.7 of that circular for reporting and approval requirements. The adjustment does not cause the entity to exceed the amount allotted or appropriated by statute. The adjustment is recorded during the period when the account is available for adjustments (5 years) and was made for a valid obligation incurred before the authority expired. New obligations may not be recorded in expired accounts. * Completeness: All obligation transactions are recorded. * Valuation: Obligations are recorded at the best available estimate of actual cost. * Cutoff: Obligations are recorded in the proper period. * Classification: Obligations are recorded in the proper appropriation or fund accounts (also by program and by object, if applicable), including the proper appropriation year if the account has multiple years. Examples of programmatic account classifications are "school lunch program" and "nutrition education and training." Examples of object account classifications are "salaries," "rent," and "travel.": f. Expended authority transactions: The following control objectives relating to expended authority transactions, as defined in section 395 E, are generally the same as those for obligation transactions: * Validity: For all expended authority transactions, recorded expended authority transactions have occurred. This occurrence is usually evidenced by appropriate supporting documentation. For expended authority transactions (or adjustments to expended authority transactions) in expired accounts, the following objectives also are to be met: The expended authority transaction does not cause the entity to exceed the amount appropriated by statute: The expended authority transaction is recorded during the period when the account is available for adjustments (5 years). The expenditure is not made out of a closed account. * Completeness: All expended authority transactions and adjustments are recorded. * Valuation: Expended authority transactions and adjustments are recorded at the correct amount. * Cutoff: Expended authority transactions and adjustments are recorded in the proper period. * Classification: Expended authority transactions and adjustments are recorded in the proper appropriation or fund accounts (also by program and by object, if applicable), including the proper appropriation year if the account has multiple years. g. Outlay transactions: The following control objectives relate to outlay transactions (to be considered while auditing cash disbursements): * Validity: Outlays are supported by sufficient evidence such as contractor invoices and receiving reports. The outlay is recorded against an obligation made during the period of availability of the appropriation (not made out of a closed account) and is for a purpose for which the appropriation was provided as evidenced by being in an amount not exceeding the obligation, as adjusted, authorizing the outlay. Use of "first-in, first-out" or other arbitrary means to liquidate obligations based on outlays is not generally acceptable unless supporting evidence demonstrates that, in fact, these estimating techniques reasonably represent the manner in which costs are incurred and should be charged to unliquidated obligations. Accrual of liabilities based on incurred but unbilled contractor costs alone is not sufficient evidence of validity (i.e., it does not ensure that the purpose, time, and amount provisions of an appropriation are met). Internal control over liquidation of the corresponding obligation by outlays is a safeguard against improper payments, including erroneous, duplicative, or fraudulent contractor billings. * Completeness: All outlays and adjustments are recorded in a timely manner. * Classification: Outlays are recorded in the proper accounts (both by program and by object, if applicable), including the proper appropriation year if the account has multiple years. This is evidenced by "matching" the outlay to the underlying obligation. h. Obligation and expended authority balances: The following control objectives relate to obligation and expended authority balances as of a point in time: * Summarization: Recorded balances of obligation and expended authority accounts as of a given date are supported by appropriate detailed records that are accurately summarized and reconciled to the appropriation or fund account balance, by year, for each account. * Substantiation: Recorded account balances are supported by valid obligations and expended authority transactions. * Limitation: Total undelivered orders plus total expended authority transactions do not exceed the amount of the appropriation or other statutory limitations (such as obligation ceilings) that may exist by appropriation period. These other statutory limitations may limit the amount of obligations that can be incurred by program or object classification. In addition, total payments of outstanding unliquidated obligations that relate to closed accounts cannot exceed the limits described in A-34 (2000), section 30.10 (for annual accounts, 1 percent of the account's current year appropriation, for multiyear accounts, 1 percent of all appropriations that are available for obligation for the same purpose - this is a single, cumulative limit). i. Appropriation account balances: The following control objectives relate to appropriation account balances as of a point in time: * Fixed appropriation accounts are identified by fiscal year after the end of the period in which they are available for obligation until they are closed. (31 USC 1553(a)): * Fixed appropriation accounts are closed on September 30th of the 5th fiscal year after the end of the period that they are available for obligation. Any remaining balance (whether obligated or unobligated) in the account is canceled and is no longer available for obligation or expenditure for any purpose. (31 USC 1552(a)). For example, at the end of fiscal year 1995, the entity should only have accounts for fixed appropriations that expired at the end of fiscal years 1991, 1992, 1993, 1994, and 1995. All fixed appropriations that expired prior to these dates should have been closed and canceled as of the end of fiscal year 1995. * Appropriation accounts that are available for obligation for an indefinite period are closed if (1) the entity head or the President determines that the purposes for which the appropriation was made have been carried out and (2) no disbursement has been made against the appropriation for two consecutive fiscal years. (31 USC 1555): j. Recording of cash receipts related to closed appropriation accounts: (to be considered only if such amounts are expected to exceed design materiality): * Collections authorized or required to be credited to an appropriation account but not received before the account is closed are deposited in the Treasury as miscellaneous receipts. (31 USC 1552 (b)): [End of section] 395 F Sup - BUDGET CONTROL OBJECTIVES - FEDERAL CREDIT REFORM ACT SUPPLEMENT: .01: The Federal Credit Reform Act (FCRA) contains many provisions regarding the recording and reporting of activity related to direct loans, loan guarantees, and modifications of these items for budget accounting purposes. (Definitions of these and other FCRA terms are included in the notes to this supplement.) For transactions and account balances related to these types of activities, the auditor should consider each of the budget control objectives listed in FAM 395 F and supplement them with the following budget control objectives related to FCRA. Additional guidance on FCRA accounting for budget purposes is included in OMB Circular A-34 (2000), section 70, Federal Credit Programs. Also, see Federal Financial Accounting and Auditing Technical Release No. 3, Preparing and Auditing Direct Loan and Loan Guarantee Subsidies Under the Federal Credit Reform Act, issued by FASAB's Accounting and Auditing Policy Committee (AAPC) in July 1999. a. Obligation transactions: Obligation transactions include direct loan obligations, loan guarantee commitments, and modifications that change the cost of an outstanding direct loan or loan guarantee (except modifications within the terms of existing contracts or through other existing authorities). The following are supplemental control objectives related to obligation transactions under FCRA: * Valuation: Obligations are recorded at the best available estimate of actual cost. ** The cost of a direct loan is recorded as the net present value, at the time when the loan is disbursed, of the following cash flows: *** loan disbursements, *** estimated principal repayments, *** estimated interest payments, and: *** estimated amounts and timing of any other payments by or to the government over the life of the loan. These amounts include fees, penalties, and other recoveries. Administrative costs and any incidental effects on governmental receipts and outlays are excluded. (2 USC 661a(5)(A) and (B)): These estimated cash flows include the effects of the timing and amounts of expected defaults and prepayments. These cash flows are discounted using the appropriate rate as described below. ** The cost of a loan guarantee is recorded as the net present value, at the time when the related guaranteed loan is disbursed, of the following cash flows: *** estimated amounts and timing of payments by the government for defaults, delinquencies, interest subsidies, or other payments, excluding administrative costs; and: *** estimated amounts and timing of payments to the government for origination and other fees, penalties, and recoveries. (2 USC 661a(5)(A) and (C)): Any incidental effects on governmental receipts and outlays are excluded. These cash flows are discounted using the appropriate rate as described below. ** The cost of a modification is recorded as the difference between the current estimated net present value of the cash flows under the existing direct loan or guarantee contract and the estimated net present value of the cash flows under the modified contract. The cash flows for each of these calculations is discounted at the rate for modifications described below. (2 USC 661a(5)(D)): ** The discount rate used to estimate the net present values described above is the average interest rate, in effect when the obligation is incurred, for marketable Treasury securities of similar maturity to the related loan. For modifications, the discount rate used is the average rate, in effect at the time of modification, for marketable Treasury securities with a maturity similar to the remaining maturity of the modified loan. (2 USC 661a(5)(E)): b. Expended authority transactions: Expended authority transactions include transactions that occur when loans are disbursed. The following are supplemental control objectives related to expended authority transactions under FCRA: * Valuation: Expended authority transactions are recorded at the proper amount. The same specific criteria for the amounts of FCRA obligations are also applicable to expended authority transactions. * Cutoff: Expended authority transactions are recorded in the proper period. ** Expended authority transactions for the cost of loans or guarantees are recorded in the fiscal year in which the direct or guaranteed loan is disbursed or its costs altered. (2 USC 661c(d)(2)): * Classification/Presentation and Disclosure: Amounts are recorded in the proper account and reported appropriately. ** Differences in subsequent years between original estimated cost and reestimated costs are recorded in a separately identified subaccount in the credit program account and shown as a change in program costs and a change in net interest. (2 USC 661c(f)): ** Funding for the administration of a direct loan or loan guarantee program is recorded in separately identified subaccounts within the same budget account as the program's cost. (2 USC 661c(g)): ** Cash disbursements for direct loan obligations or loan guarantee commitments made on or after October 1, 1991, are made out of the financing account. (2 USC 661a(7)): c. Obligation and expended authority balances: The following are supplemental control objectives related to obligation and expended authority balances under FCRA as of a point in time: * Limitation: Total obligations plus total expended authority transactions do not exceed the amount of the appropriation or other statutory limitations that may exist by appropriation period. ** Direct loan obligations made on or after October 1, 1991, do not exceed the available appropriation or other budget authority. ** Modifications made to direct loan obligations or direct loans do not exceed the available appropriation or other budget authority. (The auditor should discuss applicability of this budget restriction to direct loans and direct loan obligations that were outstanding prior to October 1, 1991, with OGC prior to performing control or compliance tests.): ** Obligations for new loan guarantee commitments made on or after October 1, 1991, do not exceed the available appropriation or other budget authority. ** Modifications made to loan guarantee commitments or outstanding loan guarantees do not exceed the available appropriation or other budget authority. (The auditor should discuss applicability of this budget restriction to loan guarantees, or loan guarantee commitments that were outstanding prior to October 1, 1991, with OGC prior to performing control or compliance tests.): d. Cash receipts: The following are supplemental control objectives related to cash receipts under FCRA: * Classification: Cash receipts are recorded in the proper account. ** Cash receipts related to direct loans obligated or loan guarantees committed prior to October 1, 1991, are recorded in the liquidating accounts. (2 USC 661f(b)): ** Cash receipts related to direct loan obligated or loan guarantees committed on or after October 1, 1991, are recorded in the financing account. (2 USC 661a(7)): Note 1: A direct loan is a disbursement of funds by the government to a nonfederal borrower under a contract that requires the repayment of such funds with or without interest. The term also includes the purchase of, or participation in, a loan made by another lender. The term does not include the acquisition of a federally guaranteed loan in satisfaction of default claims or the price support loans of the Commodity Credit Corporation. (2 USC 661a(1)): Note 2: A direct loan obligation is a binding agreement by a federal agency to make a direct loan when specified conditions are fulfilled by the borrower. (2 USC 661a(2)): Note 3: A loan guarantee is any guarantee, insurance, or other pledge with respect to the payment of all or a part of the principal or interest on any debt obligation of a nonfederal borrower to a nonfederal lender, but does not include the insurance of deposits, shares, or other withdrawable accounts in financial institutions. (2 USC 661a(3)): Note 4: A loan guarantee commitment is a binding agreement by a federal agency to make a loan guarantee when specified conditions are fulfilled by the borrower, the lender, or any other party to the guarantee agreement. (2 USC 661a(4)): Note 5: Costs are defined as the estimated long-term cost to the government of a direct loan or loan guarantee, calculated on a net present value basis, or modification thereof, excluding administrative costs and any incidental effects on governmental receipts or outlays (2 USC 661a(5)). These calculations are described in further detail under the valuation control objective for obligations in FAM 395 F. Note 6: A credit program account is a budget account associated with each program account into which an appropriation to cover the cost of a direct loan or loan guarantee program is made and from which such cost is disbursed to the financing account. (2 USC 661a(6)): Note 7: A liquidating account is a budget account that includes all cash flows to and from the government resulting from direct loan obligations or loan guarantee commitments made prior to October 1, 1991. These accounts are required to be shown on a cash basis. (2 USC 661a(8)): Note 8: A financing account is a nonbudget account(s) associated with each credit program account that holds balances, receives the cost payment from the credit program account, and also includes all other cash flows to and from the government resulting from direct loan obligations or loan guarantee commitments made on or after October 1, 1991. (2 USC 661a(7)): Note 9: Modifications are government actions that alter the estimated cost of an outstanding direct loan or loan guarantee from the current estimate of cash flows (2 USC 661c(9)); for example, a policy change affecting the repayment period or interest rate for a group of existing loans. Changes within the terms of existing contracts or through other existing authorities are not considered modifications under FCRA. In addition, "work outs" of individual loans, such as a change in the amount or timing of payments to be made, are not considered modifications. The effects of these changes should be included in the annual reestimates of the estimated net present value of the obligations. Note 10: OMB Circular A-34, section 70.2(x) instructs agencies to make annual reestimates to adjust the net present value of direct loans and loan guarantee obligations for changes in the estimated amounts of items such as defaults and the timing of payments. Permanent indefinite authority has been provided for reestimates. [End of section] 395 G - ROTATION TESTING OF CONTROLS: OVERVIEW: .01: Rotation testing of controls, as discussed in paragraph 380.01, may be considered for testing financial reporting controls of an entity with multiple significant accounting cycles/applications, provided that effective financial reporting controls within all significant cycles/ applications have been evaluated and tested within a sufficiently recent period of years. Under a rotation plan, such controls are tested in different cycles/applications each year such that each cycle/ application is selected for testing, as described in sections 310-380, at least once during a rotation period of several years, but not necessarily every year. For example, a rotation plan for an entity with five significant cycles/applications might include tests of two or three cycles/applications annually, covering all cycles/applications in a two or three year period. Rotation testing should be limited to computerized applications that have strong computer general controls because computer programs ordinarily function consistently in the absence of programming changes, reducing the probability of random errors. .02: Less extensive work must be performed annually for financial reporting controls in significant cycles/applications not selected for testing. This work consists of: * updating the auditor's understanding of the control environment, risk assessment, communication, and monitoring, accounting system, and financial reporting control activities, including performing walkthroughs, and: * performing any other procedures that may be necessary under the specific circumstances to support the report on internal control and the evaluation of internal controls relied on in performing certain audit procedures. .03: The auditor's decision to use rotation is made on a cycle-by-cycle or application-by-application basis, so some cycles/applications might be tested annually and others by rotation. In rotation testing, the auditor relies on cumulative audit evidence and knowledge, including that gathered in prior years, to support the assessment of and report on internal control. Accordingly, rotation may be used only when all the following conditions exist: * The auditor possesses a "foundation" of audit evidence on which to develop current audit conclusions. * Control risk is low; the control environment, risk assessment, communication, and monitoring are strong; and inherent and fraud risk factors are reasonably low. * Financial reporting controls over all significant cycles/applications have been evaluated and tested during a sufficiently recent period (generally within 3 years). * Recurring audits of the entity enable a rotation plan to be effective. * No specific reporting or risk issues preclude the use of rotation. (For example, cycles/applications do not affect such sensitive areas as loan loss reserves.): .04: Ordinarily, the following cycles/applications should be subjected to tests of financial reporting controls and should be excluded from rotation testing: * any cycle/application that is disproportionately significant. * any cycle/application that has undergone major change since financial reporting controls were most recently tested. The auditor should consider whether assets susceptible to loss or theft, such as cash on hand or imprest funds, also should be excluded from rotational testing. .05: The foundation of audit evidence to support a rotation plan, which is updated and increased through limited tests and other relevant audit evidence, may be obtained from one or a combination of the following: * evidence gathered in one or more prior audits and: * the current or prior work of another auditor, after the auditor considers the requirements of FAM section 650. CIRCUMSTANCES UNDER WHICH ROTATION TESTING MAY BE USED: .06: The auditor should exercise judgment in determining whether to use rotation. Factors that the auditor should consider include the following: * The results and extent of the auditor's prior experiences with the entity and its cycles/applications, including the length of time since financial reporting controls were tested. The effectiveness of prior evidence ordinarily diminishes with the passage of time. * The importance of the cycles/applications to the overall entity and the nature of the audit assertion or assertions involved. As the significance of cycles/applications and assertions increases, the frequency of testing thereof ordinarily increases. * The auditor's assessment of inherent and fraud risk. The effectiveness of rotation ordinarily diminishes as inherent and fraud risk increase. * The auditor's preliminary assessment of control risk. The effectiveness of rotation ordinarily diminishes rapidly as control risk increases. * The extent to which control is centralized or decentralized. The effectiveness of rotation ordinarily diminishes rapidly as control becomes more decentralized. * The number and relative sizes of the respective cycles/applications. The efficiency of rotation ordinarily increases as the number and size of cycles/applications increase. * The nature and extent of audit evidence about internal controls that may result from substantive testing in the current audit. Information obtained concurrently with substantive testing might provide evidence about the functioning of cycles/applications. * The extent of oversight provided by others. Work performed by others might be used to reduce tests of financial reporting controls. (See FAM section 650.): * Any special reporting or entity requirements. The auditor should perform sufficient tests to meet any special requirements, such as a special report on the functioning of a specific cycle/application. .07: For any rotation testing plan, the auditor should document in a memorandum approved by the Reviewer: * the schedule for testing all significant cycles/applications; * the reasons for using such a plan; * any limitations on the use of such a plan; and: * any other significant aspects, including descriptions of any modifications to rotation plans established in previous years. A rotation plan should be reevaluated annually. [End of section] 395 H - SPECIFIC CONTROL EVALUATION WORKSHEET: The auditor should use the SCE worksheet or equivalent to document the evaluation of control activities in the internal control phase. This section illustrates an SCE worksheet for the cash receipts application for a hypothetical federal government entity, "XYZ Agency" (XYZ). (See page 395 H-3.): An SCE worksheet should be prepared for each significant accounting application. The auditor generally should use the SCE worksheet to document the evaluation of compliance (including budget) and operations controls. The worksheet may be completed for financial reporting controls as follows: 1. List each assertion that is relevant to the accounting application. While all five financial statement assertions relate to line item/ account-related accounting applications, the existence or occurrence, completeness, and valuation assertions relate principally to transaction-related accounting applications, as illustrated at section 395 B. Therefore, assertions relevant to cash receipts would be existence or occurrence, completeness, and valuation. 2. From the Account Risk Analysis (see section 240), list the significant line items or accounts that the accounting application affects. For example, cash and accounts receivable are ordinarily affected by cash receipts. 3. Document the assertions for each of the line items or accounts identified in step 2 that relate to each accounting application assertion (see section 330). 4. For each significant account assertion, identify the potential misstatements that could occur in the accounting application and the related control objectives, based on the generic list of potential misstatements and control objectives included in section 395 B. This list should be tailored to the accounting application and the entity and, if necessary, should be supplemented with additional objectives or subobjectives.[Footnote 14] 5. List control activities selected for testing that achieve each control objective identified above and indicate whether each is an IS control. Section 395 C illustrates typical control activities to achieve financial reporting control objectives. User controls where the user would be able to detect misstatements in the computer-generated information independently of IS is not an IS control. 6. Document the effectiveness of control activities in achieving the control objectives in relation to each potential misstatement and cross-reference to the audit procedures in the testing program. (The overall assessment of financial reporting controls should be documented in the ARA document, as illustrated in section 395 I.): [See PDF for image] [End of table] FOOTNOTES [1] The auditor should consider coordinating sampling control tests with substantive audit procedures and/or tests of compliance with laws and regulations (multipurpose tests) to maximize efficiency. See section 450 for further discussion. [2] The auditor should consider coordinating sampling control tests with substantive audit procedures and/or tests of compliance with laws and regulations (multipurpose tests) to maximize efficiency. See section 450 for further discussion. [3] As indicated in paragraphs 260.27-.31, the FMFIA report and its supporting documentation may be considered as a starting point for evaluating internal control. The auditor may use management's documentation of systems and internal control where appropriate. Management's tests of controls may be used by the auditor in testing controls, if such tests were executed by competent individuals independent of the controls. (See AU 322 (SAS 65) and section 650 for further information.) [4] Section 395 C presents a list of typical control activities that an entity may establish to help prevent or detect misstatements in financial statement assertions. [5] Assertions that have high inherent risk normally require stronger or more extensive controls to prevent or detect misstatements than assertions without such risk. [6] Control environment, risk assessment, communication, and monitoring weaknesses may result in ineffective control activities. If so, the auditor should still identify and test specific control activities, but the extent of such testing should be limited, as discussed in paragraph 340.02. [7] The auditor may assess control and combined risk on a preliminary basis at an earlier point in the audit, if preferred. [8] Specific relevant control activities will be documented later in the specific control evaluation worksheet or equivalent, after related control objectives have been identified. (See paragraphs 330.02-.11.) [9] Although the auditor may gather information on control activities in preparing the flowchart, such techniques should be documented in the SCE worksheet or equivalent, if applicable, and need not be documented in the flowchart. [10] For additional information on budget execution, see OMB Circular A-34, Instructions on Budget Execution, November 3, 2000. [11] In the normal flow of business, when obligations are incurred, a credit to "undelivered orders" or "unexpended obligations - unpaid" is recorded. When the goods or services are received, the obligation is reduced and a credit to "expended authority - unpaid" (a payable) is recorded. When the obligation is paid and the outlay is made, the transaction is credited to "expended authority - paid." For additional transaction details, see the U.S. Standard General Ledger Accounting Transactions Supplement of the Treasury Financial Manual. [12] Amounts of commitments, obligations, and expended authority may differ for a particular item acquired. Commitments are made at "initial" estimates, obligations at "later" estimates," and expended authority at "actual" amounts. [13] OMB apportionments may, as a result of impoundments (rescissions or deferrals), be less than the amount of the apportionments requested by the entity. The auditor should notify OGC of any impoundments that come to his or her attention. OMB may also approve amounts available different from those requested by time period, activities, projects, or objects. [14] In the SCE worksheet, the auditor may either commingle the documentation of compliance (including budget) and operations controls with that of financial reporting controls to the extent relevant or present each of these types of controls in a separate SCE. To complete the SCE worksheet for these controls, the auditor begins by inserting relevant control objectives and performs steps 5 and 6 above. [End of section] SECTION 400: Testing Phase: Figure 400.1: Methodology Overview Planning Phase: * Understand the entity's operations: Section 220: * Perform preliminary analytical procedures: Section 225: * Determine planning, design, and test materiality: Section 230: * Identify significant line items, accounts, assertions, and RSSI: Section 235: * Identify significant cycles, accounting applications, and financial management systems: Section 240: * Identify significant provisions of laws and regulations: Section 245: * Identify relevant budget restrictions: Section 250: * Assess risk factors: Section 260: * Determine likelihood of effective information system controls: Section 270: * Identify relevant operations controls to evaluate and test: Section 275: * Plan other audit procedures: Section 280: * Plan locations to visit: Section 285: Internal Control Phase: * Understand information systems: Section 320: * Identify control objectives: Section 330: * Identify and understand relevant control activities: Section 340: * Determine the nature, timing, and extent of control tests and of tests for systems’ compliance with FFMIA requirements: Section 350: * Perform nonsampling control tests and tests for systems’ compliance with FFMIA requirements: Section 360: * Assess controls on a preliminary basis: Section 370: Testing Phase: * Consider the nature, timing, and extent of tests: Section 420: * Design efficient tests: Section 430: * Perform tests and evaluate results: Section 440: ** Sampling control tests: Section 450: ** Compliance tests: Section 460: ** Substantive tests: Section 470: *** Substantive analytical procedures: Section 475: *** Substantive detail tests: Section 480: Reporting Phase: * Perform overall analytical procedures: Section 520: * Determine adequacy of audit procedures and audit scope: Section 530: * Evaluate misstatements: Section 540: * Conclude other audit procedures: Section 550: ** Inquire of attorneys: ** Consider subsequent events: ** Obtain management representations: ** Consider related party transactions: * Determine conformity with generally accepted accounting principles: 560: * Determine compliance with GAO/PCIE Financial Audit Manual: Section 570: * Draft reports: Section 580: [End of figure] 410 - OVERVIEW: .01: During the testing phase, the auditor gathers evidence to report on the financial statements, internal control, whether the entity's systems are in substantial compliance with the three requirements of FFMIA, and the entity's compliance with significant provisions of laws and regulations. (See figure 400.1.) The following types of tests are performed in the testing phase: * Sampling control tests may be performed to obtain evidence about the achievement of specific control objectives. If the auditor obtains sufficient evidence regarding control objectives through the use of nonsampling control tests (such as observation, inquiry, and walkthroughs including inspection of documents), sampling control tests are not necessary, as discussed in section 350. Further guidance on sampling control tests begins in section 450. * Compliance tests are performed to obtain evidence about compliance with significant provisions of laws and regulations. Further guidance on compliance tests is in section 460. * Substantive tests are performed to obtain evidence that provides reasonable assurance about whether the financial statements and related assertions are free of material misstatement. Further guidance on substantive tests is in section 470. .02: Sampling is often used in these tests. Sampling requires the exercise of professional judgment as well as knowledge of statistical sampling methods. The following sections provide a framework for applying sampling to financial audit situations, but are not meant to be a comprehensive discussion. Additional background and guidance on sampling is provided in the Audit Guide Audit Sampling (2001 issue),[Footnote 1] published in 1999 by the American Institute of Certified Public Accountants and in Using Statistical Sampling published by GAO (accession number 129810). The auditor should consider whether he or she needs to consult with the Statistician for assistance in designing and evaluating samples. The auditor should consider the costs and benefits in determining which type of sampling to use. .03: During this phase, the auditor performs the following activities for each type of test: * Consider the nature, timing, and extent of tests: * Design efficient tests: * Perform tests: * Evaluate results: Each of these processes is discussed below. [End of section] 420 - CONSIDER THE NATURE, TIMING, AND EXTENT OF TESTS: CONSIDER THE NATURE OF TESTS: .01: The auditor determines the testing methods that will best achieve the audit objectives for sampling control tests, compliance tests, and substantive tests. Testing methods generally can be classified as either analytical procedures or detail tests. Analytical procedures involve the comparison of the recorded test amount with the auditor's expectation of the recorded amount and the investigation of any significant differences between these amounts. Detail tests can be classified in two general categories: sampling and nonsampling. Sampling methods involve the selection of individual items from a population with the objective of reaching a conclusion on all the items in the population (including those not selected for testing). Nonsampling methods involve selections to reach a conclusion only on the items tested. Nonsampling requires the auditor to assess the risk of misstatement in the items not tested. .02: The testing method selected by the auditor is a matter of the auditor's judgment, considering the objectives of the test, the nature of the population, the results of procedures performed during the planning and internal control phases (including combined risk assessment and test materiality), and possible efficiencies. For tests that involve sampling, efficiencies can be achieved by using a common sample for each test. These potential efficiencies are discussed further in section 430. CONSIDER THE TIMING OF TESTS: .03: As discussed in section 295 D, the auditor may choose to conduct tests before or after the balance sheet date (interim testing) or to conduct all tests as of the balance sheet date. Section 495 C provides guidance on interim testing, tests of the period between the interim date and the balance sheet date (the rollforward period), and related documentation. CONSIDER THE EXTENT OF TESTS: .04: For each type of test, the auditor determines, based on judgment, the extent of tests to be performed. Generally, the extent of sampling control tests is a function of the auditor's preliminary assessment of the effectiveness of controls and the number of control deviations expected. The extent of compliance tests is a function of the effectiveness of compliance controls. The extent of substantive tests is a function of combined risk and test materiality. [End of section] 430 - DESIGN EFFICIENT TESTS: .01: After considering the general nature, timing, and extent of the tests to be performed, the auditor should design specific tests. The auditor should coordinate similar tests to maximize efficiency. For tests that involve sampling, efficiencies can be realized by performing numerous tests on a common sample (multipurpose testing).[Footnote 2] The auditor generally should minimize the number of separate sampling applications performed on the same population by attempting to effectively achieve as many objectives as possible using the items selected for testing. .02: As discussed in section 480, there are several methods of selecting items for testing. When determining the selection method to use during a multipurpose test, the auditor generally should use the method considered most appropriate for substantive detail tests in the particular situation. Use of this selection method is usually the most efficient because sampling control and compliance tests generally can be based on any type of sample. .03: For example, the auditor might use a sample of property additions to (1) substantively test the amount of additions and (2) test financial reporting controls over property acquisition. If a substantive test would require 135 sample items and if the test of financial reporting controls would require 45 sample items, the auditor should select 135 items in the sample but test controls relating only to 45. The 45 items for control testing should be selected randomly or systematically (with a random start) from the 135 sample items. For example, beginning from a random start, every third item selected for substantive testing should be tested for controls. If appropriate, the auditor may test controls relating to all sample items to provide additional assurance concerning controls. [End of section] 440 - PERFORM TESTS AND EVALUATE RESULTS: .01: The auditor should perform the planned tests and should evaluate the results of each type of test separately, without respect to whether the items were chosen as part of a multipurpose test. Guidance on performing and evaluating the results is presented for each type of test in the following sections: * Section 450 - Sampling control tests, * Section 460 - Compliance tests, and * Section 470 - Substantive tests. .02: Sometimes, tests performed with the expectation of obtaining certain results give other results. When this happens, the auditor may wish to expand a sample to test additional items. Unless planned for in advance, this generally cannot be done simply, as discussed in paragraphs 450.17, 460.02, and 480.28; the auditor should consult with the Statistician in such cases. .03: The auditor should keep in mind that the consideration of the risk of material misstatement due to fraud (discussed in section 260 for planning) is a cumulative process that should be ongoing throughout the audit. During testing, the auditor may become aware of additional fraud risk factors or other conditions that may affect the auditor's consideration of fraud risk factors identified during planning, such as discrepancies in the accounting records, conflicting or missing evidential matter, or problematic or unusual relationships between the auditor and the entity being audited. The auditor should consider whether fraud risk factors or other conditions identified require additional or different audit procedures. (See section 540.): .04: For CFO Act agencies and components listed in OMB audit guidance the auditor is required to report on the substantial compliance of their financial management systems with the requirements of FFMIA. The auditor should conclude on substantial compliance at the completion of the audit work based on work done in the internal control and testing phases, as discussed in section 540. [End of section] 450 - SAMPLING CONTROL TESTS: .01: Controls that leave documentary evidence of their existence and application may be tested by inspecting this evidence. If sufficient evidence cannot be obtained through walkthroughs in combination with other observation and inquiry tests, the auditor generally should obtain more evidence by inspecting individual items selected using sampling procedures. The auditor may use multipurpose testing to use the same sample to test controls and/or compliance and/or balances (substantive test). This is usually more efficient. Alternatively, the auditor may design a sample to test controls alone. In this case, the auditor generally should use random attribute sampling (described beginning in paragraph 450.05) to select items for sampling control tests. .02: When planning sampling control tests, the auditor should determine (1) the objectives of the test (including what constitutes a deviation), (2) the population (including sampling unit and frame), (3) the method of selecting the sample, and (4) the sample design and resulting sample size. The auditor should document the sampling plan in the workpapers. See section 495 E for example workpapers for documenting samples. OBJECTIVES OF THE TEST: .03: The auditor should clearly indicate the objectives of the specific control test. In designing samples for control tests, the auditor ordinarily should plan to evaluate operating effectiveness in terms of the rate of deviations in units or dollars from prescribed controls. This involves defining (1) the specific control to be tested and (2) the deviation conditions. The auditor should define control deviations in terms of control activities not followed. For example, the auditor might define a deviation in cash disbursements as "invoice not approved and initialed by authorized individual.": POPULATION: .04: In defining the population, the auditor should identify the whole set of items on which the auditor needs to reach a conclusion and from which the sample should be drawn. This includes (1) describing the population, (2) determining the source document or the transaction documents to be tested, and (3) defining the period covered by the test. When multiple locations are involved, the auditor may consider all or several locations as one population for sampling if the controls at each location are components of one overall control system. Before combining locations into one population, the auditor should consider such factors as (1) the extent of uniformity of the controls and their applications at each location, (2) whether significant changes can be made to the controls or their application at the local level, (3) the amount and nature of centralized oversight or control over local operations, and (4) whether there could be a need for separate conclusions for each location. If the auditor concludes that the locations should be separate populations, he or she should select separate samples at each location; he or she should evaluate the results of each sample separately. METHOD OF SELECTION: .05: The auditor should select a sample that he or she expects to be representative of the population. For tests of controls, attribute sampling achieves this objective. Attribute sampling requires random selection of sample items without considering the transactions' dollar amount or other special characteristics. IDEA or other software may be used to make random selections. SAMPLE SIZE: .06: In designing attribute samples for which inspection is the principal source of evidence of control effectiveness, the auditor should determine the objectives of the sample. For financial reporting control tests, the objective is to support the preliminary assessment of control risk as either moderate or low. For compliance and operations control tests, the objective is to support the preliminary assessment of the control as effective. In addition, for financial reporting and compliance control tests, there is an objective of obtaining evidence to support the auditor's report on internal control. .07: To determine the sample size, the auditor uses judgment to determine three factors: the confidence level, the tolerable rate (maximum rate of deviations from the prescribed control that the auditor is willing to accept without altering the preliminary assessment of control effectiveness), and the expected population deviation rate (expected error rate). Once the auditor determines these factors, he or she may use software (such as IDEA) or tables to determine sample size and to determine how many deviations the auditor may find without having to change the control risk assessment. GAO uses Tables I and II. Table I on the following page may be used to determine the sample sizes necessary to support these preliminary assessments of controls and to conclude on the effectiveness of the controls. Tables I and II are used to evaluate the test results. The AICPA has other examples in its guidance, and the GAO factors are within the range of the AICPA examples. If an auditor chooses to use factors other than Tables I and II, he or she should consult with the Statistician. .08: Tables I and II are based on a 90 percent confidence level. (This confidence level used at GAO is generally appropriate because the auditor obtains additional satisfaction regarding controls through other tests such as substantive tests, inquiry, observation, and walkthroughs.): .09: Tables I and II are each based on different tolerable rates. Table I is based on a tolerable rate of 5 percent, and Table II is based on a tolerable rate of 10 percent. Each table shows various sample sizes and the maximum number of deviations that may be detected in each sample to rely on the controls at the determined control risk level. (See paragraphs 450.13-.15 for a discussion of the evaluation of test results.)[Footnote 3] Figure 450.1: Sample Sizes and Acceptable Numbers of Deviations; (90% Confidence Level). TABLE I: (Tolerable rate of 5%): (Use for determining sample sizes in all cases): Sample size: 45; Acceptable Number of Deviations: 0. Sample size: 78; Acceptable Number of Deviations: 1 Sample size: 105; Acceptable Number of Deviations: 2. Sample size: 132; Acceptable Number of Deviations: 3. Sample size: 158; Acceptable Number of Deviations: 4. Sample size: 209; Acceptable Number of Deviations: 6 [End of table] TABLE II: (Tolerable rate of 10%) (Use for evaluating sample results only if preliminary assessment of financial reporting control risk is low and deviations exceed Table I): Sample size: 45; Acceptable Number of Deviations: 1. Sample size: 78; Acceptable Number of Deviations: 4. Sample size: 105; Acceptable Number of Deviations: 6. Sample size: 132; Acceptable Number of Deviations: 8. Sample size: 158; Acceptable Number of Deviations: 10. Sample size: 209; Acceptable Number of Deviations: 14. [End of table] [End of table] .10: For financial reporting controls, if the preliminary assessment of control risk is low or moderate, Table I may be used to determine sample size. OMB audit guidance requires the auditor to perform sufficient control tests to justify a low assessed level of control risk, if controls have been properly designed and placed in operation. .11: For compliance and operations controls, sample sizes may also be determined using Table I. .12: The auditor may use the sample size indicated for 0 acceptable deviations (45 items). If no deviations are expected, the sample size will be the most efficient for assessing control effectiveness; if no deviations are found, the sample will be sufficient to support the assessment of control risk. However, the auditor may use a larger sample size if control deviations are expected to occur but not exceed the acceptable number of deviations for the table. EVALUATING TEST RESULTS: Financial Reporting Controls: .13: To evaluate sample results, the auditor needs the sample size, the number of deviations, and the confidence level. The auditor may use software (such as IDEA) or tables to evaluate results.[Footnote 4] If the auditor used Table I to determine sample size, and deviations are noted that exceed the acceptable number for the sample size, the auditor should follow the guidance below in deciding how to revise the preliminary assessment of control risk: * Low control risk: If the preliminary assessment of control risk is low and if deviations are noted that exceed the acceptable number for Table I, but not Table II, control risk may be assessed as moderate. For example, if the original sample was 45 items, the auditor may reduce the assessment of control risk to a moderate level if there is not more than 1 deviation. If the auditor finds more than 1 deviation with a sample size of 45 items, the auditor concludes that the controls being tested are not operating effectively and should reassess control risk as high. * Moderate control risk: If the preliminary assessment of control risk is moderate and if control deviations exceed the acceptable number for Table I, the auditor should conclude that control risk is high. The preliminary assessment of control risk is based on the assumption that the controls operate as designed. If the preliminary assessment of control risk is moderate and if control tests indicate that the control is not operating as designed (deviations exceed the acceptable number in Table I), the auditor should conclude that the control is ineffective and revise the control risk assessment to high. Compliance Controls: .14: If Table I is used to determine sample size and deviations are noted that exceed the acceptable number for the sample sizes shown in Table I, the auditor should conclude that the compliance control is not effective. The auditor also should determine whether any deviations noted ultimately resulted in noncompliance with a budget-related or other law or regulation. Operations Controls: .15: If Table I is used to determine sample size and deviations are noted that exceed the acceptable number for the sample sizes shown in Table I, the auditor should conclude that the operations control is not effective. The auditor should not place reliance on ineffective operations controls when performing other auditing procedures. OTHER CONSIDERATIONS: .16: If, during the testing of sample items, the number of deviations exceeds the acceptable number of deviations in Table I or II (as applicable), the auditor concludes that the controls are not operating as designed. However, the auditor should consider whether there are other reasons for continuing to test the remaining sample items. For example, audit team management should determine whether additional information (such as an estimate of the population rate of occurrence) is needed to report control weaknesses as described in paragraphs 580.31-.57. The significance of the weakness will determine how the auditor reports the finding and, therefore, which elements of the finding (condition, cause, criteria, possible effect, and recommendation or suggestion) need to be developed. Or, the auditor may want to include an interval estimate in the report. The auditor should consult with audit team management and the Statistician in deciding whether to complete the testing of the sample. .17: If an unacceptable number of deviations is noted in the original sample and the auditor believes the use of a larger sample size might result in an acceptable number of deviations, the auditor should consult with the Statistician before selecting additional sample items. The selection and evaluation of additional sample items cannot be based on Tables I or II or on the formulas used by IDEA. .18: The auditor should consult with the Statistician when projecting the rate of sample control deviations to a population for disclosure in a report. While typically stated as a percentage of transactions, the deviation rate is expressed as a percentage of dollars in the population if sampling control tests are performed on a sample selected using DUS (see paragraphs 480.14-.23). [End of section] 460 - COMPLIANCE TESTS: .01: The type of provision of a law or regulation and the assessment of the effectiveness of compliance controls affect the nature and extent of compliance testing. Based on the type of provision (as discussed in paragraph 245.01) the compliance tests discussed below should be performed. TRANSACTION-BASED PROVISIONS: .02: To test transaction-based provisions, the auditor should use sampling to select specific transactions for testing compliance. The selection of transactions to test may be combined with tests of financial reporting, compliance, or operations controls and/or with substantive tests, as appropriate. If the selection is solely for compliance testing, the auditor generally should use a random attribute sample (see paragraph 450.05). To determine sample size, the auditor needs to make judgments as to confidence level, tolerable rate, and expected population deviation rate. Confidence level should be related to compliance control risk. For example, if the auditor determines compliance controls are effective, he or she may use an 80 percent confidence level; if ineffective, a 95 percent confidence level. Tolerable rate is the rate of transactions not in compliance that could exist in the population without causing the auditor to believe the noncompliance rate is too high. GAO auditors should use 5 percent for this. Since the auditor will assess the impact of all identified noncompliance, many auditors use zero as the expected population deviation rate. Using the above factors yields the following sample sizes: [See PDF for image] [End of figure] Since the auditor usually reports compliance on an entitywide basis, the auditor may use these sample sizes on an entitywide basis. Evaluation of test results is discussed in paragraph 460.07. The auditor should test the entire sample, even if instances of noncompliance are detected. If compliance controls were assessed on a preliminary basis as effective and the results of testing indicated that this assessment is not appropriate, in the above example, the auditor should consult with the Statistician to determine the appropriate sample size and selection procedures. The auditor cannot merely choose the other sample size, but may, for example, increase the sample size from 32 to 65 by using sequential sampling and randomly selecting 33 additional items. The Statistician should also evaluate the results when a test is expanded. QUANTITATIVE-BASED PROVISIONS: .03: Generally, effective compliance controls should provide reasonable assurance that the accumulation/summarization of information is accurate and complete. If the compliance controls do not provide such reasonable assurance, the auditor should test the accumulation of information directly for existence, completeness, and summarization. Such tests may be either samples or nonsampling selections and generally should be designed to detect misstatements that exceed an auditor-determined percentage of the total amount of the summarized information or the amount of the restriction stated in the provision, if any (GAO generally uses 5 percent for this test materiality). (The amount of the restriction is described in paragraph 245.01.) Such tests may be discontinued if significant misstatements are noted that would preclude compliance. The test for compliance is the comparison of the accumulated/summarized information with any restrictions on the amounts stated in the identified provision. .04: For example, if provisions of budget-related laws and regulations are considered significant and if related budget and consequently compliance controls are ineffective, the auditor should test the summarized information directly for the following potential misstatements in budget execution information: * Validity: Recorded amounts are not valid. (See section 395 F for validity criteria for obligations, expended authority, and outlays.): * Completeness: Not all amounts are recorded. * Cutoff: Obligations, expended authority, and outlays are not recorded in the proper period. * Recording: Obligations, expended authority, and outlays are not recorded at the proper amount. * Classification: Obligations, expended authority, and outlays are not recorded in the proper account by program and by object, if applicable, including the proper appropriation year if the account has multiple years. (Examples of program and object classifications are provided in section 395 F.): * Summarization: Transactions are not properly summarized to the respective account totals. .05: An example of audit procedures to test for these misstatements is included in section 495 B. PROCEDURAL-BASED PROVISIONS: .06: In testing compliance controls relating to a procedural-based provision, the auditor generally would obtain sufficient evidence to conclude whether the entity performed the procedure and therefore complied with the provision. For example, the auditor's tests of compliance controls concerning receipt of information from grantees generally would provide evidence of whether such information was received and therefore whether the entity complied. If compliance control tests do not provide sufficient evidence to determine compliance, the auditor should perform additional procedures, as considered necessary, to obtain such evidence. EVALUATING TEST RESULTS: .07: For any possible instances of noncompliance noted in connection with the procedures described above or other audit procedures, the auditor should: * discuss such possible instances with OGC and, when appropriate, the Special Investigator Unit and conclude whether noncompliance has occurred and the implications of any noncompliance; * identify the weakness in compliance controls that allowed the noncompliance to occur, if not previously identified during compliance control testing; * report the nature of any weakness in compliance controls and consider modification of the report on internal control as appropriate (see paragraphs 580.31-.55); * consider the implications of any instances of noncompliance on the financial statements; and: * report instances of noncompliance, as appropriate. (See paragraphs 580.67-.75.): [End of section] 470 - SUBSTANTIVE TESTS - OVERVIEW: .01: In the internal control phase, the auditor preliminarily assesses the level of combined (inherent and control) risk for each significant assertion within each significant line item or account (see section 370). Substantive audit procedures should be applied to all significant assertions in significant financial statement line items and accounts. The auditor's objective during substantive tests is to determine whether the assertions are materially misstated and to form an opinion about whether the financial statements are presented fairly in accordance with GAAP. To determine if significant assertions are misstated, the auditor should consider designing substantive tests to detect each of the potential misstatements in assertions that were developed in the internal control phase (see section 330). In addition, the auditor should consider whether efficiencies can be achieved by using the concepts of directional testing, as discussed in paragraphs 470.14-.16. .02: Based on the level of expected overall audit assurance determined in the planning phase of the audit (see paragraph 260.04), the auditor should establish the minimum levels of substantive assurance for each level of combined risk. For example, based on the audit risk model in AU 350 and a desired overall audit assurance of 95 percent, GAO considers the following minimum levels of substantive assurance for each level of combined risk to be appropriate: Low combined risk: 63%: Moderate combined risk: 86%: High combined risk: 95%: Substantive assurance is the auditor's judgment that all of the auditor's substantive tests will detect misstatements that in total exceed materiality. Substantive assurance, which relates to the entire audit and correlates directly with the level of combined risk, is not the same as confidence level, which is for a specific sample. The higher the risk, the more substantive assurance required. TYPES OF SUBSTANTIVE TESTS: .03: There are two general types of substantive tests: (1) substantive analytical procedures and (2) tests of details. To achieve the required substantive assurance (discussed above) the auditor may use either of these tests or a combination of the two. The type of test to use and the amount of reliance to place on each type of procedure, within the framework of the audit matrix (discussed in paragraph 470.10), is a matter of the auditor's judgment and should be based on effectiveness and efficiency considerations. Substantive analytical procedures: .04: Substantive analytical procedures involve the comparison of a recorded amount with the auditor's expectation of that amount and investigation of any significant differences to reach a conclusion on the recorded amount. Analytical procedures involve a study of plausible relationships among both financial and nonfinancial data. A basic premise is that plausible relationships among data may reasonably exist and continue in the absence of errors, fraud, or changes in circumstances. (See AU 329.): .05: Substantive analytical procedures may be performed at one of three levels for an assertion, as follows: * Complete: The auditor relies solely on analytical procedures for all of the assurance required from substantive procedures. The procedure is so persuasive that the auditor believes that it will detect any aggregate misstatements that exceed test materiality. * Partial: The auditor relies on a combination of analytical procedures and tests of details to obtain an appropriate level of substantive assurance. For partial assurance, the auditor believes that the analytical procedures should detect any aggregate misstatements that exceed test materiality. * None: The auditor does not rely on analytical procedures for substantive assurance. All substantive assurance will be obtained from tests of details. In this situation, supplemental analytical procedures may be performed to increase the auditor's understanding of account balances and transactions, but not to provide any additional substantive assurance. These procedures are similar in scope to those performed on an overall basis at the financial statement level (see section 520). .06: To determine whether to perform complete or partial substantive analytical procedures, the auditor should consider the effectiveness or persuasiveness and efficiency of such procedures. In so doing, the auditor should consider the factors discussed in detail in section 495 A. Detail tests: .07: Detail tests are test procedures that are applied to individual items selected for testing and include: * Confirming a balance or transaction or the related terms, such as accounts receivable or accounts payable, by obtaining and evaluating direct communication from a third party. * Physically observing, inspecting, or counting tangible assets, such as inventory or property, plant, and equipment, and applying related procedures. * Examining supporting documents to determine whether a balance is properly stated. For example, the auditor might examine invoices for property and equipment purchases. * Recalculating, or checking mathematical accuracy of entity records by footing or crossfooting or by recomputing amounts and tracing journal postings, subsidiary ledger balances, and other details to corresponding general ledger accounts. For example, the auditor might recalculate unit cost extensions in an inventory list, foot the list (whether prepared manually or by computer), and trace the total to the general ledger amount. .08: Detail tests are generally used in combination to provide sufficient substantive assurance about an assertion. For example, to test the valuation of accounts receivable, the auditor might confirm balances, recalculate the aging schedule, examine documents supporting the aging and specific delinquent accounts, and discuss collectibility with management. On the other hand, a single detail test procedure might provide substantive assurance about more than one of the five financial statement assertions. For example, a physical observation of inventory might provide evidence about existence, valuation, and presentation and disclosure. .09: The minimum extent of detail testing to be performed is based on the combined risk assessment and the amount of assurance obtained from substantive analytical procedures, as illustrated in the Audit Matrix (figure 470.1). DETERMINING MIX OF SUBSTANTIVE TESTS: .10: In determining an appropriate mix of analytical procedures and detail tests, the auditor should consider the following matrix (figure 470.1) which illustrates the integration of such tests for each level of combined risk, when the auditor is using a desired overall audit assurance of 95 percent. GAO auditors should use this audit matrix. Figure 470.1: Audit Matrix: Assessed combined risk level: Low; Substantive assurance: 63%; Substantive assurance from analytical procedures[A]: Complete; Minimum substantive assurance from detail tests: 0%; Substantive assurance from analytical procedures[A]: Partial; Minimum substantive assurance from detail tests: 50%; Substantive assurance from analytical procedures[A]: None; Minimum substantive assurance from detail tests: 86%. Assessed combined risk level: Moderate; Substantive assurance: 86%; Substantive assurance from analytical procedures[A]: Complete; Minimum substantive assurance from detail tests: 0%; Substantive assurance from analytical procedures[A]: Partial; Minimum substantive assurance from detail tests: 77%; Substantive assurance from analytical procedures[A]: None; Minimum substantive assurance from detail tests: 86%. Assessed combined risk level: High; Substantive assurance: 95%; Substantive assurance from analytical procedures[A]: Complete; Minimum substantive assurance from detail tests: 0%; Substantive assurance from analytical procedures[A]: Partial; Minimum substantive assurance from detail tests: 92%; Substantive assurance from analytical procedures[A]: None; Minimum substantive assurance from detail tests: 95%. [A] Complete assurance from analytical procedures requires procedures that are extremely effective and persuasive to serve as the sole source of audit evidence for achieving the audit objective. This level of effectiveness or persuasiveness is very difficult to achieve when combined risk is assessed as high. Therefore, complete reliance on analytical procedures for substantive assurance in these situations is rare, particularly for balance sheet accounts. [End of table] .11: Additional factors to consider in determining an appropriate mix of analytical procedures and detail tests include the following: * The nature and significance of the assertion being tested: Analytical procedures are generally more likely to be effective for assertions related to net cost statement accounts than for those related to balance sheet accounts. Significant assertions generally require more or higher quality audit evidence that may not be available from analytical procedures. * The nature of the combined risk: Substantive tests should be designed to address the specific type and level of combined risk for each assertion. For example, for certain loss claim liabilities, detail tests might be used to search subsequent claim payments for potential liabilities in testing the completeness assertion, while analytical procedures might be applied to test the related valuation assertion by evaluating the amounts per claim. * The availability of different types of evidence: Using evidence that can be readily obtained may be more efficient. For example, in federal government audits, the availability of budgets and other information may assist in performing analytical procedures. * The quality of the respective types of evidence available: The higher the quality of a type of evidence, the greater the level of assurance the auditor may derive from that type (see paragraph 470.13). * The anticipated effectiveness of analytical procedures: Detail tests should be used if analytical procedures are not expected to be effective. .12: When determining the types of substantive tests to use, the auditor's goal should be to choose the mix of effective procedures that are considered to be the most efficient in combination with sampling control tests and compliance tests. The auditor should exercise judgment when assessing the effectiveness or persuasiveness of all audit procedures, particularly analytical procedures. .13: When considering a procedure's relative effectiveness, the auditor is concerned about the expected quality of the evidence. The quality of evidence obtained in a substantive test depends highly on the circumstances under which it is obtained and should be evaluated with professional skepticism. The following are generalizations about evidence: * Evidence obtained from independent third parties provides a higher level of assurance than that obtained from sources in the entity. * Evidence obtained directly by the auditor through confirmation, physical examination, vouching, or recalculation provides a higher level of assurance than that obtained indirectly, such as through inquiry. * Documentary evidence provides a higher level of assurance than oral representations. * Evidence obtained at or near the balance sheet date concerning an asset or liability balance provides a higher level of assurance than that obtained before or after the balance sheet date, because the audit risk generally increases with the length of the intervening period. * The lower the control risk associated with an entity's internal control, the higher the assurance concerning the information subject to that internal control. OTHER EFFICIENCIES: .14: In planning tests, the auditor should consider the relationships between recorded amounts to help in achieving efficiencies. For example, in double-entry accounting, a misstatement in one account affects at least one other (related) account. This relationship gives rise to the opportunity for testing more than one account with a single test. Similarly, the relationship between budgetary and proprietary[Footnote 6] accounts may provide the opportunity for efficiencies in testing. .15: In double-entry accounting, a misstatement in one account affects at least one other (related) account. For example, a misstatement of accrued payroll typically results in a misstatement of payroll expense. In this example, a substantive test of accrued payroll should detect misstatements in both accrued payroll and payroll expense. In designing substantive tests, after considering combined risk and developing an understanding of each related account, the auditor should consider the effect of such tests on related accounts. For example, a test of revenue for completeness may provide substantive evidence about the completeness of accounts receivable. In many instances where double- entry accounting is used, it may be efficient to (1) design an overall strategy that tests certain accounts substantively for either existence or completeness (the two assertions most affected by testing related accounts) and (2) rely on such tests to detect misstatements in the related accounts. For example, the auditor might test (1) assets and expenses directly for existence and (2) liabilities, equity, and revenue for completeness, thereby indirectly testing the related accounts for existence or completeness, as applicable. This logic is called a directional testing approach. .16: In some instances, the auditor may need to supplement a directional testing approach to address specific combined risks. For example, if inherent and control risk factors warrant, the auditor might test both existence and completeness in a test of cutoff as of the balance sheet date. During initial financial statement audits, the auditor generally should test both existence and completeness directly, when those assertions are significant, because the cumulative knowledge about the interaction of accounts may be limited. .17: The audit assurance that can be obtained from directional testing is diminished in balance-sheet-only audits if related accounts are not also tested and in audits of entities having single-entry accounting systems (since double-entry account interrelationships do not exist). In these instances, the auditor should test both existence and completeness directly when those assertions are significant. .18: To maximize efficiency, the auditor should combine the testing of budgetary and proprietary accounts where the combination is appropriate. For example, the auditor may combine tests of outlays (on the statement of budgetary resources) with tests of cash disbursements (used to test net costs). .19: If an entity has budget accounting records but does not maintain separate proprietary accounting records, or the proprietary records are incomplete, the auditor should directly test expended authority produced by the budget system and the items necessary to reconcile the budget to the proprietary accounts. .20: Also, if (1) relevant budget restrictions relate to significant quantitative-based provisions of laws and regulations and (2) budget controls are not effective, the auditor should test the accumulation of budget amounts (see paragraphs 460.03-.05). [End of section] 475 - SUBSTANTIVE ANALYTICAL PROCEDURES: .01: This section provides guidance on the application of substantive analytical procedures. Analytical procedures are sometimes referred to as fluctuation analysis, flux analysis, predictive tests, or analytical review. These procedures consist of comparing recorded account balances with the auditor's expectations. The auditor develops an expectation or estimate of what the recorded amount should be based on an analysis and understanding of relationships between the recorded amounts and other data. This estimate is then used to form a conclusion on the recorded amount. A basic premise underlying analytical procedures is that plausible relationships among data may reasonably be expected to continue unless conditions are known that would change the relationship. (For further information, refer to AU 329 or the Audit Guide Analytical Procedures.): .02: Scanning account detail and recomputation are two other audit procedures related to analytical procedures. Scanning consists of searching for unusual items in the detail of account balances. Scanning is an appropriate tool to investigate the cause of a significant fluctuation, but it is not considered a substantive analytical procedure on its own. Unusual items identified through scanning should be investigated to obtain substantive assurance about the unusual items. The auditor may independently compute an estimate of an account balance, which is sometimes referred to as recomputation or an overall test of reasonableness. These recomputations are considered substantive analytical procedures. When making recomputations, the auditor should assess the reliability of the data used and should follow the steps used for performing substantive analytical procedures. .03: The risk of forming the incorrect conclusion on the account balance tested may be higher for substantive analytical procedures than for detail tests because of the procedures' extensive use of the auditor's judgment. Accordingly, quality control is of critical importance. To help maintain a high level of quality in these procedures, the assessment of the amount of reliance to place on the procedures, the design of the procedures, and the formulation of conclusions on the results of these procedures should be performed or closely supervised and reviewed by experienced audit team personnel. PERFORMING SUBSTANTIVE ANALYTICAL PROCEDURES: .04: If substantive analytical procedures are used, the auditor should perform steps a. through l. below: a. Determine the amount of the limit. The limit is the amount of difference between the auditor's expectation and the recorded amount that the auditor will accept without investigation. The determination of the limit is a matter of the auditor's judgment; some guidelines are provided in paragraph 475.05. The guidelines consider the amount of substantive assurance desired from analytical procedures. b. Identify a plausible, predictable relationship and develop a model to calculate an expectation of the recorded amount. Consider the type of misstatements that could occur and how those misstatements would be detected by the model. c. Gather data for developing the expectation, and perform appropriate procedures to establish the reliability of the data. The reliability of these base data is subject to the auditor's judgment. The reliability of data is discussed further in section 495 A. d. Develop the expectation of the recorded amount using the information obtained during the previous steps. The preciseness of the expectation is subject to the auditor's judgment and is discussed further in section 495 A. e. Compare the expectation with the recorded amount, and note the difference. f. Obtain explanations for differences that exceed the limit, since such differences are considered significant. g. Corroborate explanations for significant differences. h. Determine whether the explanations and corroborating evidence provide sufficient evidence for the desired level of substantive assurance. If unable to obtain a sufficient level of substantive assurance from analytical procedures, perform additional procedures as discussed in paragraphs 475.12-.17 and consider whether the difference represents a misstatement. i. Consider whether the assessment of combined risk remains appropriate, particularly in light of any misstatements identified. Revise the assessment of combined risk, if necessary, and consider the effects on the extent of detail tests. j. Document (on the Summary of Possible Adjustments as discussed in 540.04) the amount of any misstatements detected by substantive analytical procedures and their estimated effects. The limit (the amount of the difference between the recorded amount and the expectation that does not require explanation) is not considered a known or likely misstatement and is not posted to the Summary of Possible Adjustments. k. Conclude on the fair presentation of the recorded amount. l. Include documentation of work performed, results, and conclusions in the workpapers. Required documentation is discussed in section 490. GUIDELINES FOR ESTABLISHING THE LIMIT: .05: As discussed above, the limit is the amount of the difference between the expected and recorded amounts that can be accepted without further investigation. GAO uses the following guidelines in establishing the limit for each level of reliance on analytical procedures for substantive assurance: * Complete reliance: The limit is 20 percent or less of test materiality. * Partial reliance: The limit is 30 percent or less of test materiality. * No reliance: Substantive analytical procedures are not needed. Auditors using different limits should document the basis for the limit used. INVESTIGATING SIGNIFICANT DIFFERENCES: Causes of significant differences: .06: Differences between the expectation and the recorded amount typically relate to either factors not included in the model (such as specific unusual transactions or changes in accounting policies), a lack of preciseness of the model, or misstatements (either errors or fraud). Amount of Difference to Be Explained: .07: When obtaining explanations, it is usually helpful to review with entity personnel the model and assumptions used to develop the expectation. Entity personnel will then be in a better position to provide the auditor with a relevant explanation. If the amount of the difference exceeds the limit, the auditor generally should try to obtain an explanation for the entire difference between the recorded amount and the expectation. The portion of the difference that exceeds the limit must be explained (see figure 475.1). If the difference does not exceed the limit, an explanation is not required. The auditor should identify and corroborate all significant factors that may cause the expectation to differ from the actual amount, regardless of whether the factors increase or decrease the difference. Figure 475.1: Amount of Difference Explained When: Recorded Amount Exceeds Limit: [See PDF for image] [End of figure] Corroboration of explanations: .08: The relevance and reliability of corroborating evidence may vary significantly; therefore, the extent of corroboration of explanations is left to the auditor's judgment. Corroboration may consist of examining supporting documentation or corroborating explanations received from accounting department personnel with personnel from the appropriate operating department, who should be knowledgeable about the entity's operations. The explanations for the fluctuations should be quantified and should address the direction and magnitude of the event causing the fluctuation. The auditor should corroborate all explanations received. In determining whether sufficient corroborating evidence has been obtained, the auditor should consider the guidelines for complete and partial assurance discussed in paragraph 470.05. In evaluating explanations the auditor should consider whether the difference could be caused by error or fraud. Example of an adequate explanation for a significant fluctuation: .09: Assume that the auditor determined test materiality to be $25 million. Additionally, assume that the auditor has determined, after considering any inherent and control risks, that a substantive analytical procedure should be performed with a limit of $5 million. The auditor estimated interest expense at $80 million by multiplying the average loan balance of $1 billion by the average interest rate of 8 percent. Both of these averages were computed through a simple average of beginning-of-year and end-of-year amounts. The recorded amount of interest expense, $94.5 million, is higher than the estimated amount by $14.5 million and exceeds the limit by $9.5 million. .10: An explanation from entity personnel that "we borrowed more money this year and interest rates are higher than last year" would not be adequate. This explanation needs to be quantified and corroborated. .11: An example of an adequate explanation follows: Based on a review of correspondence from lenders, interest rates increased during the year and then fell and were computed to average 9 percent based on a monthly average. Additionally, loan statements from lenders indicate that $100 million was borrowed and repaid during the year, and the additional borrowings were outstanding for 6 months. Therefore, the average loan balance was actually $50 million higher and the average interest rate was 1 percent higher than the figures used in the auditor's original estimate. Therefore, the interest expense in excess of the expectation can be explained as follows (in thousands): $1,000,000 X 1% = $10,000 + 50,000 X 9% = 4,500: Total difference explained: $14,500: Course of action in the event of inadequate explanations or corroborating evidence: .12: If an explanation and/or corroborating evidence does not adequately explain the fluctuation sufficient to provide either complete or partial assurance, the auditor must perform additional substantive procedures. These procedures may consist of: * increasing the effectiveness of the substantive analytical procedures by making the expectation more precise in order to obtain the amount of desired assurance, * performing tests of details and placing no reliance on the substantive analytical procedures that were ineffective, or: * treating the difference as a misstatement. .13: The auditor should consider the relative efficiency of each of these options. Deciding whether to perform additional substantive procedures is a matter of the auditor's judgment. The additional procedures must provide the auditor with adequate assurance that aggregate misstatements that exceed test materiality have been identified. .14: To increase the persuasiveness or effectiveness of an analytical procedure, the auditor generally needs to make the expectation more precise. The auditor can do so by: * building a more sophisticated model by identifying more key factors and relationships, * disaggregating the data (such as using monthly instead of annual data[Footnote 7]), or * using more reliable data or obtaining greater confidence in the data's reliability by corroborating the data to a greater extent. Measuring the precision of the expectation and the impact of changing each of these factors on the procedure's effectiveness is difficult and is left to the auditor's judgment. .15: If detail tests are used to test the account balance because adequate explanations cannot be obtained or corroborated, the auditor still must obtain an overall understanding of the current-year financial statements when applying the required overall analytical procedures at the financial statement level. As discussed in section 520, significantly less work is needed to obtain this overall understanding of the financial statements than when using analytical procedures as a substantive test. .16: Additionally, if analytical procedures originally performed as a substantive test do not provide the required assurance, the auditor may be able to use those procedures to supplement an understanding of the account balances or transactions after obtaining substantive assurance through detail tests. .17: When the auditor places no reliance on substantive analytical procedures, all substantive assurance is provided by detail tests. In this situation, less rigorous, supplemental analytical procedures may be used to increase the auditor's understanding of the account balances and transactions after performing the detail tests. When using supplemental analytical procedures, the auditor uses judgment to determine which fluctuations require explanations. [End of section] 480 - SUBSTANTIVE DETAIL TESTS: POPULATION TO BE TESTED: .01: In designing detail tests, the assertion tested affects the choice of the population (an account balance or a portion of an account balance) from which items are selected. For example, the existence assertion deals with whether recorded assets or liabilities exist as of a given date and whether recorded transactions have occurred during a given period. To detail test the existence assertion, the auditor should test the recorded account balance by (1) selecting items from those that compose the account balance and (2) then testing those items to evaluate whether such inclusion in the account balance is proper. For example, to test an expense account for existence, the auditor might select individual expense amounts included in the balance from a detail general ledger and then examine invoices that support the expense amount. It would be inappropriate to select invoices directly and then trace invoice amounts to inclusion in the general ledger balance. .02: For the existence assertion, the test population should agree with or be reconciled to the recorded amount of the account balance being tested. The auditor should test reconciling items, if any, in an appropriate manner. If this is not done, the conclusion applies only to the test population (the available items), not the recorded population. .03: Conversely, the completeness assertion deals with whether all transactions and accounts that should be presented in the financial statements are so included. To detail test the completeness assertion, the auditor should select from an independent population of items that should be recorded in the account. The auditor should (1) select items that should be recorded from a source that is likely to contain all the items that should be recorded and (2) determine whether they are included in the recorded balance. For example, to test completeness of recorded revenue, the auditor might select shipments from a shipping log (which is believed to be reasonably complete), trace them to recorded revenue amounts, and then test the summarization of those amounts to inclusion in the general ledger revenue balance. To test completeness of recorded accounts payable, the auditor might select from payments made subsequent to year-end plus invoices on hand but not yet paid and trace those in which the receipt of goods or services occurred before year-end to inclusion in year-end accounts payable (those where the receipt occurred after year-end should be tested for exclusion from accounts payable). SELECTION METHODS FOR DETAIL TESTS: .04: Detail tests may be applied to any of the following: * all items composing the population; * a nonrepresentative selection (nonsampling selection) of items; and: * a representative selection (sample) of items composing the population. Flowchart 1 (section 495 E) illustrates the process of deciding the selection method. .05: Detail testing of all items composing the population is generally most appropriate for populations consisting of a small number of large items. For example, several large accounts receivable or investments might compose an entire balance. .06: Detail testing of a nonrepresentative selection (nonsampling selection) is appropriate where the auditor knows enough about the population to identify a relatively small number of items of interest, usually because they are likely to be misstated or otherwise have a high risk. (Nonrepresentative selections may also be used to test controls by using inquiry, observation, and walkthrough procedures and to obtain planning information, for example, by performing a walkthrough to understand the items in the population.) While the dollar amount is frequently the characteristic that indicates that an item is of interest, other relevant characteristics might include an unusual nature (such as an item identified on an exception report), an association with certain entities (such as balances due from high-risk financially troubled entities), or a relationship to a particular period or event (such as transactions immediately before and after the year-end date). The effects of any misstatements found should be evaluated; however, unlike sampling, the results of procedures applied to items selected under this method apply only to the selected items and must not be projected to the portion of the population that was not tested. Accordingly, the auditor must apply appropriate analytical and/ or other substantive procedures to the remaining items, unless those items are immaterial in total or the auditor has already obtained enough assurance that there is a low risk of material misstatement in the population. .07: Detail testing of a representative selection (sample) of items composing the population is necessary where the auditor cannot efficiently obtain sufficient assurance (based on the assessed combined risk and other substantive procedures including analytical procedures) about the population from nonrepresentative selections. The auditor selects sample items in such a way that the sample and its results are expected to be representative of the population. Each item in the population must have an opportunity to be selected, and the results of the procedures performed are projected to the entire population. (In random selection, each item has an equal chance of selection (see glossary for further discussion of definition); in dollar-unit sampling (DUS), each dollar has an equal chance of selection; in classical variables estimation sampling, each item in a stratum has an equal chance of selection.): .08: The auditor may use a nonrepresentative selection for part of the population and a sample for the remainder of the population. For example, the auditor might select all inventory items with a book amount greater than $10,000,000, all items that have not had any activity in the previous 6 months, and a statistical sample of the balance of the population. The auditor would project the misstatements in the statistical sample to the population of items less than $10,000,000 with activity in the last 6 months. The auditor would also compute a combined evaluation for the three selections by adding the results of the 100 percent selections to the conclusion for the statistical selections. .09: The auditor should document in the workpapers (usually in the audit program) whether a selection is intended to be a representative selection (a sample projectable to the population) or a nonrepresentative selection (not projectable to the population); if it is a nonrepresentative selection, the auditor also should document the basis for concluding that enough work has been done to obtain sufficient assurance that the items not tested are free from aggregate material misstatement. REPRESENTATIVE SELECTIONS (SAMPLING): .10: The following paragraphs provide an overview of sampling, primarily with respect to the existence and valuation assertions. Similar concepts and methods apply to the completeness assertion, except that the population for selection differs. (See paragraphs 480.01-.03.): .11: AU 350.45 indicates that samples may be either statistical or nonstatistical. In statistical sampling, the auditor uses probability theory to determine sample size, select the sample, and evaluate the results for the purpose of reaching a conclusion about the population. Statistical sampling permits the auditor to objectively determine sample size (based on subjective decisions about risk and materiality), objectively select the sample items, and objectively evaluate the results; thus, the auditor using statistical sampling determines objectively whether enough work has been performed. Because of these advantages, when a sample is necessary, the auditor should use statistical sampling. Software such as Interactive Data Extraction and Analysis (IDEA)[Footnote 8] allows the auditor to quickly perform the calculations necessary for statistical sampling. .12: In nonstatistical sampling, the auditor considers statistical concepts, but does not explicitly use them to determine sample size, select the sample,[Footnote 9] or evaluate the results. Because the auditor using statistical sampling objectively considers the same factors that the auditor using nonstatistical sampling should subjectively consider, the size of a nonstatistical sample should not be less than the size of a properly calculated statistical sample. .13: The auditor who uses nonstatistical sampling generally should first calculate a statistical sample size (generally using dollar-unit sampling), then add at least 25 percent. The 25 percent is protection because the nonstatistical sample is not as objective as the statistical sample. The auditor who wishes to use nonstatistical sampling for a particular test should obtain the approval of the Reviewer, in consultation with the Statistician, before performing the test. Approval is not needed to use nonrepresentative selections (nonsampling) since they do not involve projections. .14: In sampling, the sample must be selected from all the items that compose the population so that each item has an opportunity for selection (in statistical sampling, the auditor can determine the probability of selection). For example, the auditor might select sample items from a list of all accounts receivable balances that is reconciled to the related account balance. Selecting sample items from file drawers is not a valid selection method for any type of sampling unless the auditor has determined that all items composing the population are included in the drawers. .15: For statistical samples, sample items should be selected using random or dollar-unit selection methods. Computer software may be used. Manual selection should be based on random number tables, a computer-based random number generator, or through use of systematic selection (every nth item with a random start between 1 and n). For example, the auditor might begin with a random start and then choose every nth item, where n is the sampling interval. The sampling interval would be determined by dividing the number of items in the population by the desired number of selections. .16: The sample size is a function of the size of the population, the desired confidence level (based on the amount of substantive assurance the auditor requires from detail tests, as shown on the audit matrix in section 495 D), test materiality (based on design materiality, expected misstatements, and other factors discussed in paragraph 230.13), and the sample selection method. .17: Once the auditor decides that a sample is necessary, the choice of the sample selection method to be used is a matter of the auditor's judgment concerning the most efficient method to achieve the audit objectives. The following methods of sample selection are available for substantive testing: * dollar-unit sampling (DUS)--see paragraph 480.21, * classical variables estimation sampling--see paragraph 480.32, and: * classical probability proportional to size (PPS) sampling (evaluating a PPS sample using a classical variables sampling approach)--see paragraph 480.34. Attributes sampling may be used for tests of controls and for tests of compliance with laws and regulations. To use any sampling method for substantive testing that is not listed in this paragraph, the auditor should consult with the Statistician. (Stratification and/or use of ratio estimates and regression estimates often lead to smaller sample sizes. Multistage samples may reduce time and travel costs.): .18: Each of these methods yields a valid projected (likely) misstatement, and a valid upper limit at the desired confidence level. In addition, classical PPS and classical variables sampling yield a valid two-sided confidence interval (DUS yields a valid upper limit). The auditor chooses the method based on the test objectives and efficiency. .19: When deciding the sampling method, the auditor should consider whether the dollar amounts of the individual items composing the population are available (such as on a detail listing or a computer file), the expected amount of misstatements, and the relative cost and efficiency of each appropriate sampling method. Flowchart 2 (section 495 E) summarizes the process of choosing the sampling method once the auditor has decided a sample is necessary. The subsequent pages of the flowchart indicate the steps that the auditor generally should perform for each sampling method. Example workpapers to document attribute, dollar-unit, and classical variables sampling are in section 495 E. .20: If the dollar amounts of the individual items composing the population are known, the auditor should use DUS, classical PPS, or classical variables estimation sampling. If dollar amounts of these individual items are not known, see paragraph 480.36. SAMPLE SELECTION: Dollar-unit sampling (DUS): .21: Dollar-unit sampling (DUS)[Footnote 10] is a type of statistical sampling that the auditor generally should use when: a. the dollar amounts of individual items in the population are known, b. the primary objective is to test the overstatement of the population (see below for testing a population related to the line item), c. the auditor expects that the total dollar amount of misstatement in the population is not large,[Footnote 11] and: d. the amount of misstatement in an individual item cannot exceed the selected amount.[Footnote 12] DUS is also known as probability proportional to size (PPS) and monetary unit sampling (MUS). DUS works best in populations where the total misstatement is not large and where the objective is to test for overstatement of a population. When the objective is understatement of a line item, the auditor often is able to define a related population to test for overstatement. For example, to test for understatement of accounts payable, the auditor would select a DUS of subsequent disbursements. See also paragraph 480.36. .22: In a manually applied DUS, a sampling interval (n) is used to select every nth dollar from the dollars in the individual items that compose the population. These items might be recorded amounts for individual receivable balances, inventory items, invoices, or payroll expenses. The item that contains the nth dollar is selected for testing. DUS is representative of all dollars in the population; however, larger items have a higher probability of selection (for example, a $2,000 item has an approximately twenty times greater probability of selection than a $100 item). .23: When the total misstatement in the population is not large, DUS will yield the smallest sample size for a given population, test materiality, and desired confidence level when all statistical sampling methods are considered. When the auditor expects that the population contains a large amount of misstatement, he or she should use classical variables sampling (see footnote 3 and paragraph 480.33). .24: In DUS, the auditor may compute the sample size manually (paragraphs 480.24-.26) or by using computer software (paragraph 480.27). To calculate a dollar-unit sample size manually, the auditor uses the dollar amount of the population, test materiality (see section 230), and required confidence level. The auditor calculating sample size manually may use the statistical risk factor from figure 480.1 to determine sample sizes for the appropriate confidence level, as discussed below. Figure 480.1: Statistical Risk Factors: Confidence Level: 50%; Statistical; Risk Factor[A]: 0.7. Confidence Level: 63%; Statistical; Risk Factor[A]: 1.0. Confidence Level: 77%; Statistical; Risk Factor[A]: 1.5. Confidence Level: 86%; Statistical; Risk Factor[A]: 2.0. Confidence Level: 92%; Statistical; Risk Factor[A]: 2.5. Confidence Level: 95%; Statistical; Risk Factor[A]: 3.0. [A] These are based on the Poisson distribution, which approximates the binomial distribution. Therefore, the sample size computed using this table may differ slightly from the sample size computed using IDEA. [End of table] Section 495 D contains the audit matrix with the appropriate risk factor for each level of combined risk and reliance on substantive analytical procedures. See paragraph 480.27 for guidance on using IDEA to compute sample size. .25: The statistical risk factors are used in the following formulas to determine the sampling interval and sample size for DUS: 1. sampling interval = test materiality ÷ statistical risk factor: 2. sample size = recorded amount ÷ sampling interval: Sample sizes should be stated in whole numbers. Uneven amounts should be rounded up to the next whole number. For example, a sample size of 40.2 items should be rounded up to 41 items. .26: For example, to test a recorded amount of $30 million with a test materiality of $900,000 and a 95 percent confidence level, the statistical risk factor would be 3.0. The sampling interval would be $300,000 (test materiality of $900,000 divided by the statistical risk factor of 3.0). Essentially, from a random start, every 300,000th dollar is selected. Therefore, the preliminary estimate of sample size of 100 items is calculated by dividing the recorded amount of $30 million by the sampling interval of $300,000. Because the amount of certain items might equal or exceed the sampling interval, a selection might include more than 1 sample item (for example, a $600,000 selection would include 2 of the 100 estimated sample items: $600,000/ $300,000 = 2), thereby making the actual number of items tested fewer than 100. .27: When the auditor uses the IDEA software to calculate sample size, the inputs are materiality, expected total dollar amount of misstatements in the population, confidence level, and the dollar amount of the population. Whether the auditor should input design materiality or test materiality depends on why the auditor reduced design materiality to get test materiality (see paragraph 230.13). If the auditor reduced design materiality to test materiality because not all entity locations are being tested or because the area is sensitive to financial statement users, the auditor should input test materiality. If the auditor reduced design materiality to test materiality solely because misstatements were expected, the auditor should input design materiality rather than test materiality. The reason for this is that the auditor inputs the expected dollar amount of misstatements in the population, and the software considers it in adjusting materiality (if the auditor inputs test materiality, the adjustment will have been made twice). .28: It is difficult to select additional items for a dollar-unit sample after the original sample is selected. If the auditor believes that extension of the sample might be necessary, the auditor generally should plan for that possibility and consult with the Statistician. For example, the auditor might use a 95 percent confidence level (statistical risk factor of 3.0) to select the sample but test only the number of items necessary to achieve the planned confidence level. The items tested should be spread evenly throughout all of the items selected. For example, in a manual selection, if a statistical risk factor of 1.5 is appropriate based on the planned confidence level, the auditor would make selections using a statistical risk factor of 3.0 (twice as many selections as the factor of 1.5) and initially test every other selection (beginning with a random start). .29: If the preliminary assessment of combined risk or reliance on substantive analytical procedures is not supported by the results of testing, the substantive assurance needed from detail tests increases, and the auditor would then test the additional items selected in the initial sample. .30: If additional sample items are not selected during the initial sample and it is necessary to select additional items, the auditor should consult with the Statistician to determine how to select the additional sample items. Selection of these additional items may be more complex and less efficient than if they were chosen during the initial sample. .31: Section 495 F describes how to manually select items using DUS. Computer software, such as IDEA, generally should be used to select a dollar-unit sample.[Footnote 13] The choice of selection method used should be based on efficiency considerations. Classical variables estimation sampling: .32: Classical variables estimation sampling is a type of statistical sampling that the auditor should consider when the auditor expects that one or more of the following exist in the population: the dollar amount of misstatement in the population is large (see footnote 3); individual misstatements may exceed the selected amount of sampling units; significant understatements cannot be identified using other tests; there are no book amounts for each sampling unit; or the auditor cannot add the dollar amounts in the population (see flowchart 2 in section 495 E). .33: Classical variables estimation sampling is useful because it frequently results in smaller sample sizes in higher misstatement situations than those that would be obtained using DUS. Because applying this method is somewhat complex, the auditor should consult with the Statistician before using it. Classical variables sampling and classical PPS require knowledge of the population to determine sample size. In many audits, the auditor learns about the population over several audits and improves the plan each time. Classical PPS Sampling: .34: Classical PPS Sampling is a type of statistical sampling that the auditor should use when he or she is testing for overstatement of the defined population and finds a large misstatement rate. The sample is selected the same way as a dollar-unit sample (proportional to size). Since there is no exact way to determine sample size, the auditor uses DUS to calculate sample size. However, since classical PPS sampling is used when there are large misstatement rates, the auditor uses a conservative (high) estimate of the expected misstatement to avoid needing subsequently to expand the sample size to obtain a sufficient sample size. .35: Since classical PPS yields a valid measure of likely misstatement and precision, it may be used whenever the only reason for using classical variables sampling otherwise is the expected large misstatement rate. Sampling when dollar amounts are not known: .36: DUS cannot be used if the dollar amounts of individual items in the population are not known. Classical variables estimation sampling might be used, but this has some difficulties: there is no way to accurately calculate the sample size without the individual dollar amounts, and the method is inefficient unless the auditor finds a large misstatement rate. Lack of individual dollar amounts usually occurs when testing the completeness assertion where the selection is made from a population independent of the population being tested (see paragraphs 480.01-.03). In one approach, the auditor might select a random or systematic sample of the individual items. For example, items might be randomly selected from a shipping log to test the completeness assertion for revenue. .37: For this type of test, the sample size may be approximated from the total dollar amount of either the population that the auditor is sampling from (the total dollars of the shipping log if the total dollar amount is available) or the dollar amount of the population that the auditor is testing (the total recorded revenue). Because this method is less efficient than DUS, the preliminary estimate of sample size for this sample should exceed the sample size that would result from using DUS. GAO auditors should use at least a 25 percent increase in sample size.[Footnote 14] .38: The auditor should consult with the Statistician in performing the evaluation. If the misstatement rate is large, they should consider using classical variables estimation sampling. While attribute sampling may be used to estimate the misstatement rate in the population, this will yield acceptable results only if just one or two misstatements are found. The auditor generally should use the upper limit of the misstatement rate to make a conservative estimate of the dollar amount of misstatement in the population. If the upper limit is less than materiality, the auditor has evidence that the population is free of material misstatement. EVALUATION OF SAMPLE RESULTS: .39: Evaluation involves several steps: a. Projecting the results of the sample to the population (for nonstatistical samples, making a judgment about likely misstatement in the population). b. Calculating either the upper limit of misstatement in the population or an interval estimate of misstatement or of the population audited value at the desired confidence level (for nonstatistical samples, considering the risk of further misstatement). c. Considering the qualitative aspects of misstatements. d. Reaching a conclusion as to whether the population is fairly stated. e. Considering the effect of misstatements on the financial statements taken as a whole. Steps a. and b. are usually done with software such as IDEA in consultation with the Statistician. .40: The effects of any misstatements detected in a sample should be projected to the population. In doing so, the auditor should ask the auditee to determine the cause of any misstatement found. The auditor should project all misstatements unless he or she has obtained highly persuasive evidence that the misstatement is not representative of the entire population. If the evidence is highly persuasive that a misstatement is not representative of the population, the auditor should (1) perform procedures to test that the same type of misstatement does not exist elsewhere in the population, (2) evaluate the misstatement that is not representative, (3) evaluate the sample, excluding the misstatement that is not representative, and (4) obtain the approval of the Audit Director that the evidence is highly persuasive. The projected misstatement amount should be included in the Summary of Possible Adjustments as a likely misstatement, the evaluation of which is discussed in section 540. .41: At the conclusion of the test, the auditor also should consider whether the assessment of combined risk remains appropriate, particularly in light of any misstatements identified. If the preliminary combined risk assessment was not appropriate, the auditor should consult with the Reviewer to determine whether the extent of substantive procedures is adequate. .42: When understated amounts are detected in any sample designed primarily to test the existence assertion (i.e., designed to test primarily for overstatement), the auditor should consult with the Statistician in evaluating the sample results. Calculating the projected misstatement for DUS: .43: If the auditor does not use software to evaluate sample results, he or she may calculate projected misstatement as follows. For a misstatement detected in which the item equals or exceeds the amount of the sampling interval (each of which is selected for testing), the projected misstatement is the amount of the misstatement detected. For any other misstatement detected, the projected misstatement is computed as follows: (1) divide the amount of misstatement by the recorded amount of the sample item and (2) multiply the result by the amount of the sampling interval. The sum of all projected misstatements represents the aggregate projected misstatement for the sample. For example, assume the following two misstatements are detected in a sample for which the sampling interval is $300,000: (1) a $50,000 misstatement detected in a $500,000 item (which exceeds the amount of the sampling interval) results in a projected misstatement of $50,000, and (2) a $100 misstatement in a $1,000 sample item represents a 10 percent misstatement, which results in a projected misstatement of $30,000 (10 percent of the $300,000 sampling interval). In this case, the aggregate projected misstatement is $80,000. Converting a DUS to a Classical PPS sample: .44: If a dollar-unit sample results in a large number of misstatements, it is likely that the evaluation calculated using the method illustrated above would indicate that the upper limit of misstatement in the population exceeds materiality (IDEA indicates the number of misstatements that would yield acceptable results). However, if there are a large number of misstatements,[Footnote 15] the auditor, in consultation with the Statistician, should evaluate the sample using classical PPS. This evaluation is complex and cannot be done directly using IDEA. Evaluating the results of a classical variables estimation sample: .45: The auditor should consult with the Statistician in evaluating the results of a classical variables estimation sample. Evaluating the results of other samples: .46: When misstatements are detected in a sample for which guidance on evaluation is not described above, the auditor should consult with the Statistician. EFFECTS OF MISSTATEMENTS ON THE FINANCIAL STATEMENTS: .47: The quantitative and qualitative effects of all misstatements detected in the audit --both known and likely --must be evaluated in relation to the financial statements as a whole. Section 540 provides guidance on this evaluation. [End of section] 490 - DOCUMENTATION: .01: The auditor should document the nature, timing, and extent of tests performed during this phase of the audit, as well as the conclusions reached. The auditor should specifically identify the procedures used to obtain substantive assurance for an account balance. This identification is particularly important if detail tests are relied on for complete substantive assurance and supplemental analytical procedures are performed to increase the auditor's understanding of the account balances and transactions. .02: For example, assume an entity incurs and accounts for operating expenses at 50 locations. After considering the guidance in section 295 C regarding multiple-location audits, the auditor decides to obtain all the required substantive assurance from detail tests. The auditor subjects all operating expenses to a statistical sample and visits only the locations for which selections were made. Assume that the auditor decides to obtain additional knowledge of the current-year operations, particularly for locations not visited, through supplemental analytical procedures at all locations. These procedures consist of comparing current-year operating expenses with prior-year audited information by location and between locations. .03: In the above situation, the auditor is obtaining the entire required amount of substantive assurance from detail tests. The comparison of the current-and prior-year amounts is considered a supplemental analytical procedure and does not provide substantive audit assurance that the auditor may use to reduce the detail tests. During this supplemental analytical procedure, the auditor may detect misstatements that were not detected during the detail tests. The auditor must consider the implications of these misstatements to determine if the original assessment of combined risk was appropriate and if the amount of substantive testing performed (the detail tests) was adequate. Even though misstatements may be detected during supplemental analytical procedures, these procedures cannot be relied on for substantive assurance. .04: In the audit program, the auditor generally should explain the objectives of audit procedures. Also, written guidance either within or accompanying the audit program to explain possible exceptions, their nature, and why they might be important, may help auditors focus on key matters, more readily determine which exceptions are important, and identify significant exceptions. .05: The auditor also should document, usually in the audit program, whether a selection is intended to be a representative selection (a sample projectable to the population) or a nonrepresentative selection (not projectable to the population). If it is a nonrepresentative selection, the auditor also should document the basis for concluding that enough work has been done to obtain sufficient assurance that the items not tested are free from aggregate material misstatement. .06: As the audit work is performed, the auditors may become aware of possible reportable conditions or other matters that should be communicated to the auditee. The auditor generally should document and communicate these as described in paragraph 290.02. .07: Documentation of this phase should specifically include (see section 495 E for example workpapers): For tests involving sampling: ** the sampling method used and any key factors regarding selection; ** the sample size and the method of determining it; ** the audit procedures performed; and: ** the results of tests, including evaluations of sample results, and conclusions. For substantive analytical procedures: ** the model used to develop the expectation and the basis for the model; ** the data used and the data sources; ** the auditor's assessment of the reliability of the data used and procedures performed to establish or increase the amount of reliability, if applicable; ** the amount of the limit and the criteria for establishing the limit; ** explanations for fluctuations considered significant, sources of these explanations, and corroborating evidence obtained; ** the additional procedures performed and related conclusions if misstatements are detected or if the initial procedures are not considered adequate; and: ** conclusions regarding findings, including proper treatment of any misstatements detected and assessment of any other effects of these misstatements. Interim testing procedures (see section 495 C for documentation guidance). Any misstatements detected (which also should be referenced to their posting on the Summary of Possible Adjustments (see section 540) where they will be considered further). [End of section] 495 A - DETERMINING WHETHER SUBSTANTIVE ANALYTICAL PROCEDURES WILL BE EFFICIENT AND EFFECTIVE: .01: The following factors should be considered when determining whether analytical procedures will be effective and efficient as a substantive test: * nature of the account balance, the specific audit objective (including the assertions being tested), and any identified inherent or control risks; * expected availability and reliability of explanations for fluctuations and related corroborating evidence; * plausibility and predictability of the relationship; * availability and reliability of data; and: * preciseness of the expectation. NATURE OF THE ACCOUNT BALANCE, THE SPECIFIC AUDIT OBJECTIVE, AND ANY IDENTIFIED INHERENT OR CONTROL RISKS: .02: Analytical procedures are usually more effective for testing net cost statement amounts than balance sheet amounts. Balance sheet amounts are more difficult to predict because they are as of a specific point in time. Additionally, net cost statement amounts generally have relationships with various types of other data, such as cost of sales as a percentage of sales, interest expense as a function of the debt balance and interest rates, or sales revenue as a function of the number of units shipped and the average sales price. Analytical procedures are usually less effective for testing amounts that are subject to management discretion or are unpredictable, such as repairs or miscellaneous expenses. .03: The auditor should consider the specific audit objective, including the assertions being tested, and any identified inherent and control risks to determine whether substantive analytical procedures will be effective and efficient in achieving the audit objective and level of assurance. The procedures need to be more effective if fraud, inherent, and control risks have been identified. The auditor can obtain three levels of substantive assurance from analytical procedures--complete, partial, or none. The effectiveness and the amount of assurance provided by an individual procedure are matters of the auditor's judgment and are difficult to measure. .04: As discussed, the auditor may choose to rely completely on analytical procedures when the level of combined risk has been assessed as high. In these cases, the analytical procedures should be extremely effective and persuasive to serve as the sole source of audit evidence for achieving the audit objective. This level of effectiveness is very difficult to achieve when combined risk is assessed as high; therefore, complete reliance on analytical procedures for substantive assurance in these situations is rare, particularly for balance sheet accounts. EXPECTED AVAILABILITY AND RELIABILITY OF EXPLANATIONS FOR FLUCTUATIONS AND RELATED CORROBORATING EVIDENCE: .05: Explanations for fluctuations and related, reliable corroborating evidence may not always be readily available. This audit evidence is essential to using analytical procedures as a substantive test. The relative ease of obtaining explanations for significant differences and relevant, reliable corroborating evidence should be considered when determining whether analytical procedures will be the most efficient and effective substantive test. PLAUSIBILITY AND PREDICTABILITY OF THE RELATIONSHIP: .06: Relationships between the amount being tested (the recorded amount) and other data are an essential component of substantive analytical procedures. The relationships identified and used for these procedures should be good indicators of the account balance of the item being tested. To be considered a good indicator of the recorded balance, the relationship between the recorded amount and the other data should be plausible and predictable. Plausibility: .07: If one set of data provides a reasonable basis for predicting another set of data, the relationship between the two sets of data is considered to be plausible. As the plausibility of the relationship increases, so does the effectiveness of analytical procedures as a substantive test. .08: For example, there is a plausible relationship between payroll expense, the average number of employees, and the average pay rate. This relationship generally is effective for estimating payroll expense for salaried employees. Alternatively, there is not usually a plausible relationship between revenue and interest expense; therefore, this relationship would not be used for testing. Predictability: .09: The more predictable the relationship is, the more effective the substantive analytical procedure will be. Relationships are more predictable in a stable environment. As relationships become more complex as a result of increases in the number and type of contributing factors, related amounts become more difficult to effectively and efficiently predict. .10: For example, payroll expense generally is very predictable if there is little employee turnover during the period, if all employees receive the same percentage raise at the same time, and if all employees are salaried. Payroll expense becomes more difficult to predict if any of these factors changes (e.g., high turnover resulting in a different mix of employee pay, a wide range of raises awarded at different times, or a mix of hourly and salaried employees). Therefore, to effectively estimate payroll expense, the auditor may need to use a more complex relationship that considers these factors. .11: The relationships identified may be between the recorded amount and either prior-year or current-year data, using financial or nonfinancial data, including underlying business factors. For example, the auditor may estimate current-year (1) interest expense using current-year audited, long-term debt amounts and interest rate information or (2) sales revenue based on the auditor's estimate of the expected gross margin percentage applied to the audited cost of sales amounts. When using current-year relationships, the data used to estimate the recorded amount must be audited by a method other than a substantive analytical procedure that uses a relationship with the recorded amount. .12: The auditor should exercise caution when using prior-year amounts as the basis for the expectation of the current-year recorded amount. The workpapers must document why, in the auditor's judgment, the prior-year amount, and any adjustments to that amount, have a plausible and predictable relationship with the current-year recorded amount. Any adjustments to the prior amount, such as for the effects of inflation, must be supported by reliable data and must be corroborated. Additionally, the prior-year amount must meet the criteria discussed below for reliable data. The easiest way to meet these criteria is if the prior-year amount is audited. .13: As an example of prior-year relationship, assume that the payroll raises for the year were authorized at 5 percent and that the number and salary mix of employees have remained relatively stable. In this example, the auditor might reasonably expect current-year payroll expense to be 5 percent higher than the prior-year's payroll expense. However, the auditor would need to test the reliability of the percentage pay increase and the assumptions regarding the number and mix of employees. AVAILABILITY AND RELIABILITY OF DATA: Availability of Data: .14: Data needed to perform analytical procedures as a substantive test may not always be readily available. The relative ease of obtaining relevant, reliable data should be considered when determining whether analytical procedures will be the most efficient and effective substantive test. Reliability of Data: .15: The reliability of the data used is important in determining the effectiveness of the substantive analytical procedures. The more reliable the data are, the more effective these procedures will be as a substantive test. In assessing the reliability of data, which is a matter of auditor judgment, the auditor should consider the following: * the source of the data, including whether the data are audited or unaudited; * conditions under which the data were gathered, including related internal controls; and: * other knowledge the auditor may have about the data. Sources of Data: .16: Data obtained from an independent source outside the entity are generally more reliable than data obtained from inside the entity; however, the auditor should determine if the outside information is comparable to the item being tested. This issue of comparability is particularly important if the auditor is using industry statistics. .17: Data obtained from entity sources are considered more reliable if the sources are independent of the accounting function and if the data are not subject to manipulation by personnel in the accounting function. If multiple data sources are used, the reliability of all sources should be considered. Audited versus unaudited data: .18: The auditor should consider whether the data are audited or unaudited because audited data are considered more reliable than unaudited data. If data are audited by the entity's IG office, they may be as reliable as data audited by independent auditors if the IG's work is considered adequate. (See FAM section 650.): .19: Unaudited data are not considered reliable unless procedures are followed to establish their reliability. These procedures could consist of either tests of controls over data production or tests of the data. The extent of such procedures is left to the auditor's judgment. For example, interest rates from an entity's loan register may be used to estimate interest income. The reliability of this information may be established by including the interest rate on loan confirmations that are sent to the borrowers or by reviewing original loan documents. Conditions under which the data were gathered: .20: Another consideration of internal data is whether the data were developed under a reliable system with adequate financial reporting or operations controls. In some instances, testing operations controls may be appropriate to assess the reliability of the data used for substantive analytical procedures. The extent of this testing is a matter of the auditor's judgment. .21: If the system used to develop internal data is computerized rather than manual, the auditor must perform additional procedures before relying on the data. The auditor must test either (1) the general controls and the specific application controls over the IS system that generated the report or (2) the data in the report. .22: An auditor might choose to test operations controls when using entity- prepared statistics for a substantive analytical procedure. For example, the auditor might choose to use Air Force statistics to test the reasonableness of its Airlift Services aircraft operating costs. The auditor might compare the per hour fuel and maintenance costs for Airlift Services cargo and passenger aircraft with the "block hour" costs incurred by major airlines for similar aircraft as published by Aviation Week and Space Technology. The auditor should first determine if the industry statistics are comparable, e.g., if the statistics are for the same or similar types of aircraft and if the types of items included in maintenance costs are similar. If appropriate, the auditor should identify and test the internal controls over the production of these operating statistics. PRECISENESS OF THE EXPECTATION: .23: The expectation, the auditor's estimate of the account balance, should be precise enough to provide the desired level of substantive assurance. When determining how precise the expectation should be, the auditor should determine the proper balance between effectiveness and efficiency. Any work to make the expectation more precise than the desired level of assurance is unnecessary and inefficient. .24: To maximize efficiency, the auditor should conduct procedures at the minimum level of effort that can reasonably be expected to provide the assurance needed. If the audit objective cannot be achieved with the original expectation, the auditor may be able to perform additional procedures to make the expectation more precise. The preciseness of the expectation and changes in this preciseness are difficult to measure in quantifiable terms, unless the auditor uses regression analysis for the analytical procedures. If the auditor uses regression analysis, he or she should consult with the Statistician. .25: Factors that influence the expectation's preciseness follow: * The identification and use of key factors when building the model based on the relationships identified by the auditor: The expectation generally becomes more precise as additional key factors are identified. * The reliability of the data used to develop the expectation: The expectation becomes more precise as the reliability of the data increases. * The degree of disaggregation of the data: The expectation becomes more precise as the disaggregation of the data increases. [End of section] 495 B - EXAMPLE PROCEDURES FOR TESTS OF BUDGET INFORMATION: .01: This section includes example procedures auditors may perform in testing budget information for the statements of budgetary resources and financing. .02: In addition, if budget controls are ineffective and quantitative provisions of budget-related laws and regulations are considered significant, the auditor should perform audit procedures sufficient to detect the types of budget information misstatements listed in paragraph 460.04. Following is an example of procedures for testing obligation and expended authority transactions for these misstatements. (Test materiality for determination of sample sizes is discussed in paragraph 460.03.): * Validity, cutoff, recording, and classification: Select obligations recorded as of the end of the audit period and expended authority transaction recorded during the audit period. Determine if each selected item is a valid obligation or expended authority transaction based on the criteria set forth in section 395 F and if each is recorded in the appropriate period. If the obligation or expended authority transaction is not recorded or is recorded in the incorrect period, determine the effects of this misstatement on budget amounts and consider whether the auditor's evaluation of budget controls is affected. Also determine if each selected item is: ** recorded at the proper amount and: ** classified in the proper appropriation or fund account (also by program and by object, if applicable), including the proper appropriation year. * Completeness and cutoff: First, select obligations and expended authority transactions recorded during the period following the balance sheet date. Second, examine open purchase orders, unpaid invoices, and contracts as of the report date. Third, select items representing payments by Treasury or cash disbursements by the entity during the audit period. (Substantive detail test selections of expenses and additions to inventory, property, and prepaid accounts may be used for this purpose if the populations from which they are selected are complete.) For each selection, determine whether the obligation or expended authority transaction is recorded in the proper period. If it is not recorded or is recorded in the incorrect period, determine the effects of this misstatement on budget amounts and consider any impact on the evaluation of budget controls. If the selected obligation or expended authority transaction relates to the audit period and is recorded in that period, determine if it is: ** recorded at the proper amount and: ** classified in the proper appropriation or fund account (also by program and by object, if applicable), including the proper appropriation year. * Summarization: Test the footing of the detail of the obligation account balance recorded as of the end of the audit period and expended authority accounts recorded during the audit period. Then reconcile the total of these details to the recorded totals for obligation and expended authority accounts as of the end of the audit period. (Audit software is often an effective tool for footing the transactions recorded in the accounts and for simultaneously selecting items for this test.): .03: The audit procedures discussed above for testing expended authority transactions should be coordinated with the audit of the other financial statement amounts. For example, if appropriate, the tests of accounts payable for completeness may be coordinated with the selection of subsequent obligations and expended authority transactions described above. .04: Following is an example of procedures for testing outlay transactions. These audit procedures also should be coordinated with the audit of the other financial statement amounts, chiefly cash disbursements. * Validity and classification: Select outlays recorded during the audit period. Determine if an invoice and receiving report supports each selected outlay and determine the obligation that was liquidated by the outlay. Examine the support for the obligation and determine if the invoice billed for goods or services is related to (or properly "matches") the obligation (and, in turn, the appropriation). Obtain the accounting data of the matched obligation to include appropriation and year. Match these data to the type of services paid for of the selected outlay. Determine if the related appropriation authorizes payment for the services billed and paid. .05: The auditor also generally should audit upward and downward adjustments of prior year obligations. If any of these adjustments relate to closed accounts, the auditor generally should determine whether the adjustments are in compliance with the requirements of the National Defense Authorization Act for fiscal year 1991, section 1405(a), Closing Appropriation Accounts, 31 U.S.C. 1551-1558. [End of section] 495 C - MISSTATEMENTS IN INTERIM TESTING: MISSTATEMENTS IN INTERIM BALANCES: .01: The auditor should use judgment to determine whether any misstatements detected in interim tests (see section 295 D for a discussion of factors to consider in deciding whether to use interim substantive testing of balance sheet accounts) warrant a revision of (1) the auditor's combined risk assessment and (2) the nature, timing, and extent of planned audit procedures. In determining the effects of such misstatements, the auditor should consider all relevant factors, including: * the nature and cause of the misstatement, * the estimated effects on the overall line item/account balance, * whether the entity has subsequently corrected the misstatement, and * the impact of the misstatement on other parts of the audit. .02: Any financial statement misstatements detected should be discussed with entity management. Based on the nature and cause of the misstatements detected, the auditor should determine, and obtain supporting evidence on, whether the misstatements are isolated or are likely to occur in the remainder of the line item/account balance at the interim testing date and at the year's end. (See paragraph 480.40 for a discussion of the need to project all misstatements unless evidence is highly persuasive that a misstatement is isolated and the Audit Director approves.) The auditor should encourage management to correct any such misstatements in the population. Based on the following guidance, the auditor should use judgment to determine the extent, if any, that interim testing can be relied on, in conjunction with substantive tests of the rollforward period, to provide evidence on the year-end line item/account balance: * If the misstatements are not material when projected to the entire population and are expected to be representative of the misstatements of the year-end balance, the auditor may rely on the results of the interim testing. * If the auditor has obtained highly persuasive evidence that the misstatements are isolated (generally by nature, cause, or extent), the auditor may be able to rely on unaffected parts of the interim testing and apply procedures at the year's end to test only those financial statement assertions associated with the misstatements. For example, in interim testing of inventory, the auditor might determine that the misstatements concern only the costing of inventory; accordingly, reliance could be placed on other parts of the interim testing, such as those for the accuracy of the physical count, and only cost testing and related procedures would be required at the year's end. * If the misstatements are material or pervasive, it might be necessary to place no reliance on the interim testing and to perform extensive substantive testing of the line item/account balance as of the balance sheet date. .03: For any misstatements found during interim testing, the auditor should use judgment to evaluate, in a manner appropriate for the circumstances, the effects on the year-end balance. TESTING THE ROLLFORWARD PERIOD: .04: Because the auditor reports on the financial statements as of the year's end, not the interim test date, additional procedures must be performed to extend the interim conclusions to the year's end. The auditor should perform substantive tests of the rollforward period activity or the year-end balance. For example, after interim testing of the accounts receivable balance, the auditor might examine supporting documents for selected debits and credits to the balance during the rollforward period and/or might apply analytical procedures to compare the amount of rollforward activity, on a month-by-month basis, with that of preceding months or similar periods of preceding years. .05: The auditor should determine the extent of the required substantive procedures based on the assessment of combined risk and test materiality, in substantially the same manner as for other substantive tests. In some instances, the auditor may determine that specific combined risk warrants additional substantive procedures at the year's end (such as cutoff tests). If control risk is moderate or low, the auditor should determine whether the internal controls as of the interim testing date were in place and were functioning effectively during the rollforward period (generally by reference to the results of tests of financial reporting controls which generally cover the entire year under audit for significant systems). DOCUMENTATION: .06: The auditor should document: * the line items/accounts (and assertions, where applicable) to which interim testing is applied; * the factors considered when determining whether to use interim testing; * the audit procedures used to test interim balances and the rollforward period (including tests of controls, findings, and conclusions); and: * the effects of any misstatements found during interim testing. The following table illustrates the correlation between combined risk and the substantive assurance obtained from substantive analytical procedures and detail test. This example is based on 95 percent audit assurance.[Footnote 16] The table also provides the statistical risk factors to be used when the auditor manually computes sample size using DUS (see paragraph 480.17). [End of section] 495 D - EXAMPLE OF AUDIT MATRIX WITH STATISTICAL RISK FACTORS: Figure 495 D.1: Example Audit Matrix: Assessed combined risk level: Low; Substantive assurance: 63%; Substantive assurance from analytical procedures[A]: Complete; Minimum confidence level for detail tests: 0%; Statistical risk factor[B]: N/A[C]; Substantive assurance from analytical procedures[A]: Partial; Minimum confidence level for detail tests: 50%; Statistical risk factor[B]: 0.7; Substantive assurance from analytical procedures[A]: None; Minimum confidence level for detail tests: 63%; Statistical risk factor[B]: 1.0. Assessed combined risk level: Moderate; Substantive assurance: 86%; Substantive assurance from analytical procedures[A]: Complete; Minimum confidence level for detail tests: 0%; Statistical risk factor[B]: N/A; Substantive assurance from analytical procedures[A]: Partial; Minimum confidence level for detail tests: 77%; Statistical risk factor[B]: 1.5; Substantive assurance from analytical procedures[A]: None; Minimum confidence level for detail tests: 86%; Statistical risk factor[B]: 2.0. Assessed combined risk level: High; Substantive assurance: 95%; Substantive assurance from analytical procedures[A]: Complete; Minimum confidence level for detail tests: 0%; Statistical risk factor[B]: N/A; Substantive assurance from analytical procedures[A]: Partial; Minimum confidence level for detail tests: 92%; Statistical risk factor[B]: 2.5; Substantive assurance from analytical procedures[A]: None; Minimum confidence level for detail tests: 95%; Statistical risk factor[B]: 3.0. [A] Complete assurance from analytical procedures requires procedures that are extremely effective and persuasive to serve as the sole source of audit evidence for achieving the audit objective. This level of effectiveness or persuasiveness is very difficult to achieve when combined risk is assessed as high. Therefore, complete reliance on analytical procedures for substantive assurance in these situations is rare, particularly for balance sheet accounts. [B] Based on the Poisson distribution; used if sample size computed manually. [C] Not applicable. [End of table] [End of section] 495 E - SAMPLING: SAMPLING FLOWCHARTS AND EXAMPLE WORKPAPERS: .01: This section contains sampling flowcharts (pages 495 E-2 through 495 E- 6) and example workpapers for sampling (pages 495 E-7 through 495 E- 19). .02: Flowchart 1 (page 495 E-2) is to assist the auditor in deciding selection method: nonrepresentative selections versus sampling (statistical or nonstatistical). Flowchart 2 (page 495 E-3) is to help the auditor determine which type of sampling to use in various situations. The second, third, and fourth pages of this flowchart are to assist the auditor in performing attribute, dollar unit, and classical variables estimation sampling. .03: Example workpapers for documenting sampling are given for attribute sampling (pages 495 E-7 through 495 E-10), for dollar unit sampling (pages 495 E-11 through 495 E-15), and for classical variables sampling (pages 495 E-16 through 495 E-19). [See PDF for images] [End of figures] [End of section] 495 F - MANUALLY SELECTING A DOLLAR UNIT SAMPLE: .01: Even though auditors usually use software (such as IDEA) to select a dollar-unit sample, it is helpful to understand the process for manually selecting a dollar-unit sample. To select a dollar-unit sample manually, the following steps should be performed: a. Determine the sampling interval using the following formula: sampling interval = test materiality ¸ statistical risk factor: b. Clear the calculator: c. Select and document a random start and enter as a negative number in the calculator. The random start should be a number between 1 and the sampling interval. d. Enter the positive amounts in the test population (items) until the calculator's running subtotal becomes positive. The item that caused the subtotal to become positive is the item selected for testing. [See page 495 F-3. Note that the calculator subtotals were positive for invoices #3, 10, 17, 19, and 24.] Do not enter into the calculator any items in the population with zero or credit balances. These items should be accumulated separately and tested in conjunction with tests of completeness of the account balance or class of transactions if they are expected to be significant. e. After each selection, subtract the sampling interval until the subtotal is negative. Even if the last item in the population is selected, the sampling interval should be subtracted until the subtotal is negative. [See page 495 F-3. For invoice #19, the auditor had to subtract the sampling interval twice to get a negative subtotal.] f. Repeat steps d. and e. until all items in the test population have been entered into the calculator and the ending subtotal is negative. g. To test the footing of the population, reconcile the sample to the recorded amount of the test population as follows: Add: (a) Random start: (b) Sampling interval multiplied by the number of times the sampling interval was subtracted during selection of the sample: (c) The remaining subtotal on the calculator. The total should equal the test population amount. If the total on the reconciliation is not equal to the population amount, there is either an error in the total population amount or there was an error in entering the population items into the adding machine. The auditor should consider the amount of any difference when determining whether investigation of the difference is necessary. Immaterial amounts generally do not require investigation. [See page 495 F-4 for an example reconciliation to test the footing.] [PAGE 495 F-3]: Example of Systematic Selection for DUS: [See PDF for image] [End of table] PAGE 495 F-4: Reconciliation of book amounts footed to test population: Random start: $6,000: + Sampling interval x number of times subtracted: 300,000: ($50,000 x 6): + Remaining subtotal: (14,400): Population total: $291,600: [End of section] FOOTNOTES [1] The FAM generally uses the same terminology as the Audit Guide. [2] Many factors influence efficiency in addition to number of sampling applications, such as sample size, number of locations it is necessary to visit to achieve audit objectives, nature of the audit procedures, extent of review required, whether rework can be avoided by designing easy-to-follow procedures. [3] Tables I and II assume a large population (generally over 5,000 items). If the population is small, the auditor may ask the Statistician to calculate a reduced sample size and to evaluate the results. Generally, the effect is small unless the sample size per the table is more than 10 percent of the population. [4] Using the AICPA guidance, the auditor computes the deviation rate and the upper limit at the desired confidence level (usually the same confidence level used to determine sample size). If the upper limit of deviations is less than the tolerable rate, the results support the control risk assessment. If not, the control risk should be increased in designing substantive tests. [5] Tolerable rate of 5 percent, expected population deviation rate of 0, and a large population (see footnote on page 450-3). If the population is small, the auditor may ask the Statistician to compute a reduced sample size and to evaluate the results. [6] The proprietary accounting system supports the accrual basis of accounting. [7] If the data are disaggregated, the limit is still applied on an annual basis. [8] IDEA is the primary software GAO uses. It is distributed by Audimation Services, Inc., Houston, Texas. [9] Usually the auditor applying nonstatistical sampling will select a "haphazard sample." A haphazard sample is a sample consisting of sampling units selected without conscious bias, that is, without any special reason for including or excluding items from the sample. It does not consist of sampling units selected in a careless manner; rather it is selected in a way the auditor expects to be representative of the population. Since a haphazard sample is not the same as a statistical sample, the auditor using a haphazard sample cannot calculate precision at a given confidence level. However, AICPA guidance indicates that the auditor may use the haphazard sample to make a judgment of what a statistical sample might have shown. For example, he or she might use the haphazard sample to make a judgment as to the likely misstatement in areas that are not very significant. Even though the judgment will not be a statistical projection, it may assist the auditor in determining whether the possible misstatement could be material. Thus, the auditor should not avoid making the judgment. Professional standards and the FAM do not use the term "judgment sample." All selections (including statistical selections) require judgment. The term "judgment sample" is often used to refer to nonrepresentative selections, although it sometimes refers to nonstatistical samples. [10] See Dollar Unit Sampling, by Leslie, Teitlebaum, and Anderson (Copp Clark Pitman, 1979), for a more technical discussion of DUS. [11] This expectation affects the efficiency of the sample, not its effectiveness. GAO auditors who use IDEA to calculate sample size (based on the binomial distribution) generally use classical variables estimation sampling when they expect that more than 30 percent of the sampling units contain misstatements (no matter what the size of the misstatement). When GAO auditors expect that 10 percent or fewer of the sampling units contain misstatements, GAO auditors generally use dollar-unit sampling. When GAO auditors expect between 10 and 30 percent of the sampling units contain misstatements, GAO auditors consult with the Statistician. If a large misstatement rate is found, the auditor, in consultation with the Statistician, should consider whether to use classical PPS to evaluate the sample to obtain a smaller precision. Other auditors, in consultation with their Statisticians, may use different rules of thumb in deciding when to use DUS versus classical variables estimation sampling. [12] This means, for example, that an item that has a selected amount of $1,000 cannot be misstated by more than $1,000. This is usually not an issue in testing existence or valuation (overstatement). However, it might be an issue in testing completeness (understatement). Thus, if understatements larger than the selected amount are expected, classical variables estimation sampling generally should be used. [13] IDEA offers two methods of selecting a dollar-unit sample. The auditor generally should use the cell method rather than the fixed interval method. In the cell method, the program divides the population into cells such that each cell is equal in size to an interval. Then the program selects a random dollar in each cell. The random dollar selected identifies the transaction, account, or line item to be tested (sometimes called the logical unit). [14] The 25 percent is a rough estimate that is used because there is no way to calculate the correct sample size. [15] As a general rule, this means 10 misstatements if the sample size is between 75 and 100, 10 percent if the sample size is between 100 and 300, and 30 if the sample size is over 300. Minimum sample size for classical PPS is 75. [16] Audit assurance is not the same as statistical confidence level. Assurance is a combination of quantitative measurement and auditor judgment. [End of section] SECTION 500: Reporting Phase: Figure 500.1: Methodology Overview: Planning Phase: * Understand the entity's operations: Section 220: * Perform preliminary analytical procedures: Section 225: * Determine planning, design, and test materiality: Section 230: * Identify significant line items, accounts, assertions, and RSSI: Section 235: * Identify significant cycles, accounting applications, and financial management systems: Section 240: * Identify significant provisions of laws and regulations: Section 245: * Identify relevant budget restrictions: Section 250: * Assess risk factors: Section 260: * Determine likelihood of effective information system controls: Section 270: * Identify relevant operations controls to evaluate and test: Section 275: * Plan other audit procedures: Section 280: * Plan locations to visit: Section 285: Internal Control Phase: * Understand information systems: Section 320: * Identify control objectives: Section 330: * Identify and understand relevant control activities: Section 340: * Determine the nature, timing, and extent of control tests and of tests for systems’ compliance with FFMIA requirements: Section 350: * Perform nonsampling control tests and tests for systems’ compliance with FFMIA requirements: Section 360: * Assess controls on a preliminary basis: Section 370: Testing Phase: * Consider the nature, timing, and extent of tests: Section 420: * Design efficient tests: Section 430: * Perform tests and evaluate results: Section 440: ** Sampling control tests: Section 450: ** Compliance tests: Section 460: ** Substantive tests: Section 470: *** Substantive analytical procedures: Section 475: *** Substantive detail tests: Section 480: Reporting Phase: * Perform overall analytical procedures: Section 520: * Determine adequacy of audit procedures and audit scope: Section 530: * Evaluate misstatements: Section 540: * Conclude other audit procedures: Section 550: ** Inquire of attorneys: ** Consider subsequent events: ** Obtain management representations: ** Consider related party transactions: * Determine conformity with generally accepted accounting principles: 560: * Determine compliance with GAO/PCIE Financial Audit Manual: Section 570: * Draft reports: Section 580: [End of figure] [End of section] 510 - OVERVIEW: .01: Based on the work in the preceding phases, the auditor must form conclusions on the information in the financial statements, the entity's internal control, the financial management systems' substantial compliance with the three FFMIA requirements, the entity's compliance with laws and regulations, and other information (management's discussion and analysis (or the overview of the reporting entity), required supplementary information (unaudited RSSI is considered required supplementary information), and other accompanying information). Additionally, findings coming to the auditor's attention should be reported in an appropriate manner. The following sections provide guidance to assist the auditor in making these determinations and in formulating the report type and form. Guidance is also provided on other activities that should be performed by the auditor during the reporting phase. (See figure 500.1.): [End of section] 520 - PERFORM OVERALL ANALYTICAL PROCEDURES: PURPOSES OF OVERALL ANALYTICAL PROCEDURES: .01: As the audit nears completion, the auditor must perform overall analytical procedures as required by GAAS (AU 329). These procedures, which are part of the reporting phase, have the following purposes: * to determine if an adequate understanding of all fluctuations and relationships in the financial statements has been obtained from other audit procedures, * to determine if other audit evidence is consistent with explanations for fluctuations documented during overall analytical procedures, and: * to assist the auditor in forming an opinion on the financial statements that is consistent with the conclusions reached during tests of individual account balances and classes of transactions. .02: If overall analytical procedures indicate that an adequate understanding of relationships and fluctuations has not been obtained or if there are inconsistencies in audit evidence gathered from other audit procedures, further inquiries and testing are necessary to obtain an adequate understanding or to resolve the inconsistencies. .03: The auditor may find it effective and efficient to perform overall analytical procedures in more detail than the financial statement level (supplemental analytical procedures) and then use the results of these procedures to "roll up" into and support the overall analytical procedures at the financial statement level. For example, the auditor might perform overall analytical procedures at the account level and roll them up to the financial statement line item to which they belong. .04: The auditor may choose to use analytical procedures to obtain complete or partial substantive assurance for certain accounts or to perform supplemental analytical procedures when detail tests are used exclusively to obtain substantive assurance. The information obtained during these procedures can be used as the basis for explanations of fluctuations for overall analytical procedures. .05: Having the auditor who conducted the detail tests on an account also conduct supplemental analytical procedures usually maximizes efficiency and effectiveness by building on the knowledge of the account obtained during detail tests. .06: Overall analytical procedures should be coordinated with the auditor's evaluation of the MD&A (overview of the entity) included in the Accountability Report (annual financial statement). For example, the auditor should use the MD&A, if available, to assist in performing overall analytical procedures and should use the results of the analytical procedures to assist in forming conclusions about the information in the MD&A. PERFORMANCE OF OVERALL ANALYTICAL PROCEDURES: .07: The auditor should take the following steps to achieve the purposes of overall analytical procedures described above: * Compare current-year amounts with comparative financial information and with budget execution information: This information may be on a summarized level, such as the level of financial statements, or a more detailed level, as discussed in paragraph 520.03. If available, audited prior-year information that is comparable to the current-period information should be used for comparison. If audited prior-year information is not available, the auditor should use any other information that provides a reasonable basis for comparison. The audited, final amounts for the current year must be used for these procedures. The auditor may also perform ratio analysis on current-year data and compare these with ratios derived from prior periods or budgets. * Identify significant fluctuations: The auditor should establish parameters for determining if a fluctuation is significant. Fluctuations identified are a matter of the auditor's judgment. The auditor should also consider the absence of expected fluctuations when identifying significant fluctuations. * Understand identified fluctuations: The auditor should understand all significant fluctuations identified. The causes for the fluctuations should be briefly described and referenced to corroborating evidence in the workpapers. If the auditor does not understand the cause of the fluctuation or if the understanding is not consistent with the evidence in the workpapers, the auditor should perform appropriate procedures to obtain an understanding or to resolve any inconsistencies. * Consider the results of overall analytical procedures: The auditor should consider these results to determine if an adequate understanding of significant fluctuations was obtained and evidence is consistent and adequate to support the report on the financial statements. [End of section] 530 - DETERMINE ADEQUACY OF AUDIT PROCEDURES AND AUDIT SCOPE: .01: In the planning phase, the auditor determined planning materiality based on preliminary information. Based on planning materiality, the auditor determined design and test materialities, which affected the extent of testing. In light of the final assessment of combined risk, the overall level of audit assurance used, and the audited materiality base, the auditor should consider whether the extent of substantive audit procedures was sufficient (i.e. appropriateness of sample sizes for detail tests and the limit for investigation of differences during substantive analytical procedures). When there are questions regarding the adequacy of work performed, the auditor should consult with the Reviewer to determine the necessity of additional procedures. .02: When determining whether an opinion can be expressed on the financial statements, any limitations on the nature, timing, or extent of work performed should be considered. Additional guidance on scope limitations and their impact is provided in paragraphs 580.14-.18. [End of section] 540 - EVALUATE MISSTATEMENTS: OVERVIEW: .01: The auditor may detect misstatements during substantive tests or other procedures. These misstatements should be evaluated in both quantitative and qualitative terms. Based on this evaluation, the auditor should determine the type of report to issue on the financial statements. .02: Additionally, the auditor needs to consider the implications of misstatements on the following. * The auditor's evaluation of internal control (see paragraphs 580.32- .61): Consider whether the misstatements indicate control weaknesses that had not been previously identified, whether the assessment of the controls remains appropriate, and whether the categorization of control weaknesses for reporting purposes is appropriate. * The consideration of the risk of material misstatement due to fraud (see paragraphs 540.18-.21): Consider whether the accumulated results of audit procedures and other observations would change the risk of material misstatement due to fraud identified during planning. * The auditor's evaluation of the financial management systems' substantial compliance with the three FFMIA requirements (see paragraph 580.62-.66): Consider whether the misstatements would have a significant impact on the auditor's conclusions with respect to the financial management systems' substantial compliance with the three FFMIA requirements. * The entity's compliance with laws and regulations (see paragraphs 580.67-.75): Consider whether the misstatements would change the auditor's conclusions with respect to the entity's compliance with laws and regulations. * budget formulation and execution: Consider whether the misstatements would have a significant impact on budget related matters for purposes of reporting budget control weaknesses, reporting on the statements of budgetary resources and financing, and reporting on compliance with budget-related provisions of laws and regulations. * Other reports: Consider whether the misstatements and any underlying internal control weaknesses affect reported performance measures or other reports prepared by the entity that are (1) used for management decision-making or (2) distributed outside the entity. .03: The auditor should follow the guidance in sections 475 (substantive analytical procedures) and 480 (substantive detail tests) regarding evaluation of individual misstatements from a quantitative standpoint. Following that guidance, the auditor should quantify the effects of the misstatements and classify them as follows: * known misstatement: the amount of misstatement actually found or * likely misstatement: the auditor's best estimate of the amount of the misstatement (including the known misstatement). For sampling applications, this amount is the projected misstatement. (Also see paragraph 540.11.): ACCUMULATION OF MISSTATEMENTS: .04: To evaluate the aggregate effects of misstatements on the financial statements, the auditor should accumulate the adjustments necessary to correct all known and likely misstatements on the Summary of Possible Adjustments. This schedule should include all misstatements detected by the auditor, including any that the entity corrected during the audit. It is important to consider all misstatements to have a record of the impact of the audit, bring all misstatements to the attention of the appropriate level of management, and assist the auditor in evaluating the risk of further misstatement as a part of the consideration of unadjusted misstatements (paragraphs 540.11-.12). An example format is included as section 595 C. The Reviewer should review the Summary of Possible Adjustments. Per AU 312.40, the auditor may designate an amount below which misstatements need not be accumulated. This amount should be set so that any such misstatements, either individually or when aggregated with other such misstatements, would not be material to the financial statements, after the possibility of further undetected misstatements is considered. .05: The financial statements usually include various estimates made by management, such as the recoverability of assets (allowances for doubtful accounts receivable or loans) and liabilities for loan guarantees. If the recorded amount falls outside of a range of amounts that the auditor considers reasonable, the auditor should consider the difference between the recorded amount and the closest end of the auditor's range to be a likely misstatement to be included in the Summary of Possible Adjustments and should discuss the difference with entity management. .06: Additionally, the auditor should consider whether management's estimates consistently overstate or understate components of the financial statements, such as total assets or total expenditures. If so, the auditor should consider the effects on the financial statements in addition to any unadjusted misstatements when determining the appropriate type of opinion. Further guidance on evaluating estimates is provided in AU 312.36 and AU 342. REVIEW OF MISSTATEMENTS WITH MANAGEMENT: .07: After accumulating and summarizing the adjustments, the auditor: * must bring all misstatements found (except those below the auditor- designated amount at which misstatements need not be accumulated) to the attention of appropriate entity management; * should encourage entity management to adjust the entity's records to correct all known misstatements; and: * should encourage entity management to determine the cause of the likely misstatements and to make appropriate adjustments; unless the entity's analysis determines another adjustment is appropriate, the auditor should encourage entity management to establish valuation allowances for likely misstatements, net of known misstatements (since the likely misstatement represents the best estimate of the correction needed). .08: In presenting the proposed adjustments to management, the auditor should remind management that SAS 89 requires the audited entity to indicate in the management representation letter that the unadjusted misstatements, individually or in the aggregate, are not material to the financial statements taken as a whole. SAS 89 also requires that a summary of the unadjusted misstatements be attached to the representation letter. Thus, management may consider some of the same factors presented in paragraphs 540.09-.16. CONSIDERATION OF UNADJUSTED MISSTATEMENTS: .09: If entity management declines to record adjustments for any misstatements, the auditor considers the potential effects of these misstatements on the auditor's report in both quantitative and qualitative terms. The auditor should prepare a Summary of Unadjusted Misstatements, following the format provided in section 595 D or equivalent. Overall guidance on evaluating misstatements is provided in AU 312.34-.40. If total unadjusted likely misstatements are material, the auditor should modify the opinion on the financial statements (see paragraph 580.22). Misstatements, individually or in the aggregate, are material if, in light of surrounding circumstances, it is probable that the judgment of a reasonable person relying on the information would have been changed or influenced by the correction of the items. The concept of materiality includes both quantitative and qualitative considerations. Deciding whether and how to modify the opinion based on the materiality of total unadjusted likely misstatements is a significant auditor's judgment. The decision and the basis for it should be documented. The Audit Director should be involved in the decision and review the documentation related to it. Also, the Reviewer should review and approve the documentation of the decision. Quantitative Considerations: .10: Although there is some point where unadjusted likely misstatements would generally be considered material, there is no single amount that can be used for deciding to modify the opinion. Instead, the auditor should follow a process that considers a number of quantitative factors in reaching this decision. .11: The auditor should add an allowance for further misstatement to the unadjusted likely misstatement. This risk of further misstatement relates to the imprecision of audit procedures. This risk includes the allowance for sampling risk (the combined precision of all sampling applications), an allowance for imprecision of analytical and other substantive audit procedures, and an allowance for unaudited immaterial account balances. The Statistician should compute the combined precision for all sampling applications. .12: This total of likely misstatement plus allowance for further misstatement should then be considered in relation to planning materiality and the relative importance of the misstated items to readers of the financial statements to determine whether the financial statements as a whole may be materially misstated. For example, if the aggregate unadjusted likely misstatement is $10 million and the allowance for imprecision of audit procedures is probably no more than $15 million, the auditor should determine whether the total ($25 million) materially misstates the financial statements taken as a whole. The Reviewer should be consulted in considering these issues. .13: The auditor's report addresses the fair presentation of the financial statements as a whole. When considering the effects of any unadjusted misstatements on the financial statements, the auditor should bear in mind that he/she is taking less responsibility for individual line items in the financial statements and in any combining statements and supplemental schedules than for the financial statements as a whole. Qualitative Considerations: .14: The auditor should consider numerous qualitative factors when determining the effect of unadjusted misstatements on the auditor's report. The auditor may choose to modify or qualify the report on the financial statements, even if the amounts of any unadjusted misstatements are not quantitatively material. Examples of misstatements for which the auditor may consider issuing a modified or qualified report include: * misstatements of account balances or transactions that are considered sensitive to the financial statement users; * misstatements that offset one another in the aggregate but are individually significant; and: * misstatements that have a significant effect on the MD&A (overview) presented by management, including the entity's performance indicators. Treatment of Unadjusted Misstatements Detected in Prior Periods: 15 The auditor should consider the effects on the current-period financial statements of any misstatements detected in prior periods. If corrected in the current period, the auditor should record the impact on current- period financial statements in the Summary of Possible Adjustments. If uncorrected, the auditor should consider the misstatement in combination with current-period misstatements. Guidance is provided in AU 312.37. Treatment of Misstatements That Arose in Prior Periods But Were Detected in the Current Period: 16 If, during the audit of the current period, the auditor detects a misstatement that arose in a prior period but was not previously detected, the auditor should determine if the misstatement is material to the prior-or current-period financial statements. If the misstatement is considered to be material, the auditor should consult the Reviewer to determine the effects on the current-period statements and the auditor's report. Any material misstatements of this type should be discussed with entity management and should be included on the Summary of Possible Adjustments if not corrected through a prior- period adjustment to the financial statements. MANAGEMENT DISAGREEMENT WITH LIKELY MISSTATEMENTS: 17 If management disagrees with the auditor's likely misstatements and if the disagreement involves amounts that are material, the auditor may consider the following options: * The entity may perform procedures, such as reviewing all or substantially all of the items in the relevant population, to refine the estimated amount of the misstatement. In these situations, the auditor should test management's procedures and conclusions. * The auditor may believe that sufficient evidence has already been obtained and may form his/her opinion on the financial statements based on his/her estimate. * The auditor may want to increase assurance in the likely misstatements in order to convince entity management of the amount or to support the report on the financial statements. For example, the auditor may choose to increase his/her assurance in the likely misstatement by testing additional items. These additional procedures will most likely increase the auditor's assurance in the previous findings but generally will not materially affect the amount of the likely misstatement. Before deciding to perform additional procedures, the auditor should obtain agreement from entity management on the extent of additional evidence needed to be persuasive to them. The auditor also should consult with the Reviewer before beginning any of these additional procedures. * The Audit Director may decide not to expend additional resources to resolve the disagreement, for example, because additional testing is unlikely to provide different conclusions. If the auditor believes the estimate is sufficiently accurate, he or she would express a qualified or adverse opinion, depending on the materiality of the item to the financial statements taken as a whole. If the auditor believes the estimate is not sufficiently accurate, he or she would qualify or disclaim an opinion for a scope limitation, depending on the materiality of the item to the financial statements taken as a whole. RECONSIDERATION OF FRAUD RISK: 18 The consideration of the risk of material misstatement due to fraud is a cumulative process that should be ongoing throughout the audit. The auditor should consider whether the audit test results indicate the need for a change in the original consideration of fraud risk made in planning (see section 260) or whether the results indicate a need for additional or different audit procedures. 19 When audit tests identify misstatements, the auditor should consider whether these may be indicative of fraud. If the auditor determines that misstatements are or may be the result of fraud, he or she should consult with the Audit Director and the Reviewer who will determine whether to seek help from the Special Investigator Unit and/or OGC. If the effect is not material to the financial statements, the auditor should consider the implications, especially regarding the organizational position of the individual(s) involved. If the person involved in the fraud is a relatively low-level employee, there is little significance to the audit, although the misstatement should be reported at least to the next level of management. However, if the person is of a higher level of management, even though the amount of misstatement found is immaterial, the auditor should consider whether it may indicate a more pervasive problem and should reevaluate fraud risk as well as the assessment of inherent and control risk; the assignment of personnel; and the nature, timing, and extent of substantive testing. 20 If the misstatement is or may be the result of fraud and the effect could be material or the auditor is unable to evaluate whether the effect is material, he or she, in consultation with the issue area director, should (1) consider the implications on other aspects of the audit (see previous paragraph), (2) discuss the matter with at least the next level of entity management and with senior management, (3) consider whether to attempt to obtain additional evidence to determine whether material fraud has occurred or is likely to have occurred and the effect on the financial statements and the audit report, and (4) consider whether to advise entity management to consult with its general counsel. 21 Fraud involving senior management and fraud that causes a material misstatement of the financial statements should be included in the audit report in the compliance section and in the report on the financial statements section if the financial statements are misstated. When the auditor identifies evidence of these cases, the Special Investigator Unit and/or OGC should be consulted. If the auditor has identified fraud risk factors that have continuing control implications, the auditor should consider whether these risk factors represent reportable conditions that should then be included in the audit report in the internal control section. FINANCIAL MANAGEMENT SYSTEMS: 22 For audits of the CFO Act agencies and components identified by OMB in its audit guidance, the auditor should determine whether the entity's financial management systems comply substantially with the three requirements of FFMIA. Federal financial management systems requirements and the SGL at the transaction level were considered in sections 350 and 360. At this point, the auditor should reassess those preliminary conclusions and conclude on the federal accounting standards based on the results of control, compliance, and substantive testing and evaluation of misstatements found. If the auditor concludes that the systems do not comply with the requirements, he or she should report the noncompliance. In addition, if the auditor concluded the systems were not in substantial compliance with FFMIA based on limited testing, he or she should report that the work on FFMIA would not necessarily disclose all instances of lack of substantial compliance with FFMIA requirements. (See section 580.): [End of section] 550 - CONCLUDE OTHER AUDIT PROCEDURES: .01: To issue the auditor's report, procedures in the following areas should be concluded during the reporting phase: * inquiries of attorneys (see paragraphs 550.02.-.03), * subsequent events (see paragraphs 550.04.-.06), * management representations (see paragraphs 550.07-.11), and: * related party transactions (see paragraph 550.12). INQUIRIES OF ATTORNEYS: .02: In considering any contingent liabilities or uncertainties that may affect the entity or its financial statements, the auditor should make inquiries of the entity's counsel regarding litigation, claims, and assessments. Guidance on these inquiries, as well as on interpreting and using responses received from counsel, is provided in AU 337 and 9337 and OMB audit guidance (see also section 280). .03: The inquiries and responses should cover the entire period under audit and the subsequent period through completion of fieldwork (the date of the auditor's report). A response should be obtained from counsel at the approximate end of fieldwork. If a long period elapses from end of fieldwork to report issuance, a subsequent update generally should be obtained, either written or oral (and documented in the workpapers), for material events to report issuance. SUBSEQUENT EVENTS: .04: Events or transactions may occur after the balance sheet date but before the audit report is issued. Such events or transactions that have a material effect on the financial statements and therefore require adjustment to or disclosure in the financial statements are referred to as subsequent events. AU 560 provides guidance on determining whether a particular subsequent event requires adjustment to or disclosure in the financial statements (see also section 1005). .05: To identify subsequent events that would require either adjustment to or disclosure in the financial statements, the auditor should follow the procedures described in AU 560.10-12 (see also section 1005). These procedures should be performed at or near the completion of fieldwork. If a long period elapses from end of fieldwork to report issuance, the procedures generally should be updated for material events through the issuance of the auditor's report. The auditor should follow the guidance in AU 530 on dating the auditor's report if any subsequent events are identified that affect the report. .06: The auditor generally has no obligation to perform procedures to identify subsequent events after the report is issued. If the auditor becomes aware of facts that might have affected the report if they had been known before issuance, the auditor should follow the guidance in AU 561. MANAGEMENT REPRESENTATIONS: .07: The auditor is required to obtain written representations from management as part of the audit. These representations supplement the other audit procedures performed by the auditor but are not a substitute for them. Written representations help avoid any misunderstandings that could arise if only oral representations were received from management. In some circumstances, corroborating evidence for representations may not be readily available, such as for those involving management's intent concerning a future transaction or business decision. AU 333.06, AT 501.44 (SSAE 10, paragraph 5.44), and AU 801.07 provide examples of the written representations usually obtained from management (see also sections 1001 and 1001 A). Additionally, the auditor may request representations on other matters. .08: Federal government auditors should obtain further representations from management in addition to those required by generally accepted auditing standards. These are management assertions about the effectiveness of internal control and about substantial compliance of financial management systems with the three requirements of FFMIA. .09: If management refuses to provide the requested written representations, the auditor considers this a limitation on the audit scope and modifies the report (see paragraphs 580.14-.18). In these situations, the auditor should consider the reliability of other representations received from management during the audit. .10: The representation letter should be signed by members of management who, in the auditor's view, are responsible for and knowledgeable, directly or through others, about the matters in the representation letter, as discussed in AU 333.09. .11: The representation letter should be dated as of the date of the auditor's report. If there is a significant delay between the report date and the issuance of the report, the auditor should consider obtaining updated management representations. RELATED PARTY TRANSACTIONS: .12: The auditor should be aware of the possible existence of relationships with related parties and material related party transactions that could affect the financial statements. AU 334 provides guidance on identifying related parties, examining related party transactions, and considerations for disclosure (see also section 1006). [End of section] 560 - DETERMINE CONFORMITY WITH GENERALLY ACCEPTED ACCOUNTING PRINCIPLES: .01: Generally accepted accounting principles (GAAP) for federal government entities are developed by the Federal Accounting Standards Advisory Board (FASAB), an entity created by GAO, OMB, and Treasury. FASAB was recognized by the American Institute of Certified Public Accountants (AICPA) as the body to establish GAAP for federal governmental entities under Rule 203, "Accounting Principles," of the AICPA's Code of Professional Conduct. Pursuant to the resolution adopted by the AICPA Council on October 19, 1999, Statements of Federal Financial Accounting Standards (SFFAS) issued by FASAB are recognized as GAAP for the applicable federal governmental entities. FASAB develops federal accounting concepts or standards and transmits them to the Comptroller General, the Secretary of the Treasury, and the Director of OMB (the three principals). The accounting concepts or standards become final 90 days after transmittal, provided no principal advises FASAB of an objection during the 90 days. The concepts or standards are then issued by FASAB. .02: Federal executive agencies are to follow the hierarchy of accounting principles given below. This means that the entity is to use the guidance in item "a" unless that item is silent about a particular topic. In that case, the entity is to use the guidance in item "b," unless it also does not address the topic, and so on to item "c," or "d," until guidance addressing the topic is found. This hierarchy is recognized by the AICPA as GAAP for applicable federal entities, according to SAS 91: a. FASAB Statements and Interpretations plus AICPA and FASB pronouncements if made applicable to federal governmental entities by a FASAB Statement or Interpretation. b. FASAB Technical Bulletins and the following pronouncements if specifically made applicable to federal governmental entities by the AICPA and cleared by FASAB: AICPA Industry Audit and Accounting Guides and AICPA Statements of Position. c. AICPA AcSEC Practice Bulletins if specifically made applicable to federal governmental entities and cleared by FASAB and Technical Releases of its Accounting and Auditing Policy Committee. d. Implementation guides published by FASAB staff and practices that are widely recognized and prevalent in the federal government. .03: In the absence of a pronouncement in the above hierarchy, the auditor may consider other accounting literature, including FASAB Concepts Statements; pronouncements in categories "a" through "d" above when not specifically made applicable to federal governmental entities; FASB and GASB Concepts Statements; GASB Statements, Interpretations, and Technical Bulletins; AICPA Issues Papers; International Accounting Standards of the International Accounting Standards Committee; pronouncements of other professional associations or regulatory agencies; AICPA Technical Practice Aids; and accounting textbooks, handbooks, and articles. .04: Entities are required to summarize the significant accounting policies used in the notes to the principal statements. .05: The auditor should review the financial statements for conformity with GAAP and should identify any instances of nonconformity. Such nonconformity may include incomplete disclosure or use of an accounting principle that is contrary to GAAP. A Checklist for Reports Prepared Under the CFO Act is in section 1004 (Part II) for reviewing the financial statements for appropriate and adequate disclosure in accordance with GAAP. .06: The auditor should consider the impact of nonconformity with GAAP on the financial statements and should determine the effects, if any, on the auditor's report (see paragraph 580.22). [End of section] 570 - DETERMINE COMPLIANCE WITH GAO/PCIE FINANICAL AUDIT MANUAL: .01: The auditor must determine whether the audit was conducted in accordance with GAGAS, OMB audit guidance, and GAO/PCIE financial audit methodology. The auditor should use the audit completion checklist included in section 1003 (Part II) for determining and documenting compliance. [End of section] 580 - DRAFT REPORTS: .01: At the conclusion of the audit, the auditor finalizes the draft of the auditor's report(s), which includes the auditor's conclusions on: * the financial statements (see paragraphs 580.10-.31); * internal control (see paragraphs 580.32-.61); * whether the financial management systems substantially comply with the requirements of FFMIA: federal financial management systems requirements, federal accounting standards (GAAP), and the SGL at the transaction level (see paragraphs 580.62-.66); and: * compliance with laws and regulations (see paragraphs 580.67-.75); * the MD&A (see requirements in SFFAS No. 15) and other information included in the Accountability Report (including RSSI) (see paragraphs 580.76-.81). .02: The auditor's report should clearly identify the entity audited, the Accountability Report on which the auditor is reporting, and the period covered by the Accountability Report. .03: The report should be dated as of the completion of fieldwork. If a subsequent event occurs after that time that requires disclosure in the report, the auditor should follow the guidance in AU 530 with respect to dating the report. REPORT FORMAT: .04: An example of an unqualified auditor's report is presented in section 595 A. The auditor may use another reporting format, such as issuing separate reports on the financial statements (see AU 508) and on internal control and compliance (see AICPA Audit and Accounting Guide: Audits of State and Local Governmental Units or OMB audit guidance) and should document the reasons for deviations from the language required by the professional standards. GAO auditors also should document the reasons for deviations from the example reporting format or language in sections 595 A and/or B. The example report includes the following sections: Introduction; Significant Matters (when applicable); Conclusions on: ** financial statements, ** internal control, ** financial management systems' substantial compliance with FFMIA requirements, ** compliance with laws and regulations, and: ** consistency of other information; Objective, Scope, and Methodology; and Agency Comments and Our Evaluation (if applicable). .05: The introduction summarizes the auditor's conclusions on the entity's financial statements, internal control, financial management systems' substantial compliance with the three FFMIA requirements, and compliance with laws and regulations. .06: A significant matters section is included if any of the following situations exist:[Footnote 1] * significant limitations on the scope of the audit (paragraphs 580.14- .18, .34-.36, and .73-.75); * uncertainties for which the auditor disclaimed an opinion (paragraph 580.19); * material departures from generally accepted accounting principles (paragraph 580.22); * material weaknesses in internal control (including performance measures controls) or other weaknesses that the auditor has decided to describe in the audit report (paragraphs 580.51-.55); * material conflicts between the Summary of Management's Report on Internal Controls prepared under FMFIA and the results of the auditor's evaluation of internal control (paragraph 580.61); * instances of lack of substantial compliance with the three requirements of FFMIA (paragraphs 580.63-.66): * instances of noncompliance that are reportable under GAGAS or OMB audit guidance, that is, any that are not clearly inconsequential (paragraphs 580.71-.72); * material inconsistencies between other information (MD&A, required supplementary information, including RSSI, and other accompanying information) and the financial statements, or material nonconformity of the other information with OMB guidance for such information (paragraphs 580.76-.80); or * any other significant matters coming to the auditor's attention, that in his/her judgment, should be communicated to the entity head, OMB, and the Congress. This section should be phrased similar to an executive summary. Matters should be described in nontechnical language so that report users can readily grasp their significance. Other sections of the report would not repeat this narrative, but would refer to it using phrases such as "as described above." If two or more of the above items affect the same area, the auditor should combine the discussion of the situations to the extent possible. Each significant matter should begin with a summary heading. Also, if significant matters exist, the auditor's report should indicate that such matters were considered in forming the audit conclusions (as discussed in section 595 B, note 1). .07: The conclusions section of the report is used to report the auditor's overall conclusions on the financial statements, internal control, financial management systems' substantial compliance with the three requirements of FFMIA, compliance with laws and regulations, and consistency of other information. .08: The objectives, scope, and methodology section includes a discussion of management's and the auditor's responsibilities, what the auditor did to fulfill his/her responsibilities, the scope of the auditor's work on internal control, and a statement that the audit was performed in accordance with GAGAS and OMB's audit guidance. .09: The remainder of this section provides guidance on forming conclusions on the financial statements, internal control, financial management systems' substantial compliance with the three requirements of FFMIA, compliance with laws and regulations, and other information. * Example report wording of an unqualified auditor's report is included in section 595 A. * Section 595 B provides guidance on modifying the report based on the auditor's conclusions. In some cases, when findings are extensive, the report format may also be modified. FINANCIAL STATEMENTS: .10: Under GAAS, the fourth standard of reporting on financial statements follows (see AU 508.04): "The report shall either contain an expression of opinion regarding the financial statements, taken as a whole, or an assertion to the effect that an opinion cannot be expressed. When an overall opinion cannot be expressed, the reasons therefor should be stated. In all cases where an auditor's name is associated with financial statements, the report should contain a clear-cut indication of the character of the auditor's work, and the degree of responsibility the auditor is taking.": .11: When reporting on financial statements, the auditor considers the following areas: (1) audit scope, (2) uncertainties, (3) consistency, and (4) departures from GAAP. Each of these areas and their effects on the report are discussed below. .12: The auditor considers these four areas and the results of all audit procedures performed to determine if an opinion can be expressed on the financial statements and, if so, the type of opinion. If an opinion cannot be expressed, the auditor should issue a disclaimer report. If an opinion can be expressed, the auditor may issue one of the following opinion types: unqualified, unqualified with an explanatory paragraph, qualified, or adverse. .13: The auditor should formulate the type of report on the financial statements following the guidance provided below and in sections 595 A and 595 B. Audit Scope: .14: To express an opinion, first the auditor must determine if the audit has been conducted in accordance with GAGAS and OMB audit guidance. If the auditor is not able to perform all procedures considered necessary, the scope of the audit is considered to have been limited or restricted. .15: Restrictions on the scope of the auditor's work may be imposed by the entity or may be caused by circumstances beyond the entity's control. Scope limitations may result from the timing of the audit work; the inability to obtain sufficient, competent evidential matter; or inadequate accounting records. If the audit scope has been limited, the auditor should refer to the guidance in AU 508.22-.28 to determine whether to qualify or disclaim an opinion. .16: When determining if sufficient competent evidence has been obtained, the auditor should consider the impact of any misstatements on the audit scope from a qualitative standpoint. The auditor should also consider whether the audit scope is adequate in light of any misstatements or other findings that indicate noncompliance with laws and regulations. .17: Whether to qualify or disclaim an opinion because of a scope limitation is a matter of the auditor's judgment. The auditor should assess how important the omitted procedures were to his/her ability to form an opinion on the financial statements. This assessment is influenced by the nature, significance, and magnitude of the items to which the omitted procedures relate. For example, the potential effect of a scope limitation on a material account is likely to be greater than on an immaterial account. .18: If the audit scope is adequate for expressing an opinion, the auditor determines the appropriate type of opinion. Three areas that the auditor should consider when forming the opinion are uncertainties, consistency, and departures from GAAP. Uncertainties: .19: Uncertainties are matters affecting the financial statements whose outcome is expected to be resolved at a future date when conclusive evidential matter will become available. Uncertainties may be related to the resolution of litigation or the valuation of assets, such as real estate owned. Uncertainties include the contingencies discussed in SFFAS No. 5 (amended by SFFAS No. 12), estimates covered by AICPA Statement of Position 94-6, as well as other matters. Guidance on considering uncertainties and their effects on the auditor's report is provided in AU 508.29-.32 (SAS 79). Depending on the nature of the uncertainty, the auditor may need to add an explanatory paragraph or disclaim an opinion, as discussed in AU 508. Because of the nature of uncertainties, conclusive evidence cannot be expected to exist at the time of the audit. Management is responsible for estimating the effect of future events on the financial statements or determining that a reasonable estimate cannot be made and making required disclosures. The auditor generally should give an unqualified opinion if, in his or her judgment, evidence is sufficient to support management's analysis of the nature of the uncertainty and its presentation or disclosure in the financial statements. (The auditor may add a matter of emphasis paragraph; see AU 508.19.) Additionally, if the uncertainty involves a scope limitation (unavailable or insufficient evidence to support recorded amounts or disclosure relating to the uncertainty) a qualification or disclaimer may be appropriate as discussed in paragraphs 580.28-.29 and .31 (see AU 508.29-.32). If the uncertainty involves a departure from accounting principles (inadequate disclosure, inappropriate accounting principles, and unreasonable accounting estimates), the auditor may need to express a qualified or adverse opinion as discussed in paragraphs 580.28-.29 and .30, respectively (see AU 508.45-.49). Consistency: .20: The auditor is concerned with comparability between the financial statements for all periods presented or with the prior period if only 1 year is presented. A lack of comparability may be caused by an inconsistency in the accounting principles used; the method of applying these principles; or other factors, such as the classification of accounts for reporting purposes. For first-year audits, the auditor should determine if accounting principles are consistent with the prior period, following the guidance in AU 420.22 -.25. Guidance on the auditor's consideration of accounting and other changes that may affect the consistency of the financial statements may be found in AU 420. Inconsistencies may result in an explanatory paragraph or departure from GAAP. Guidance on reporting on a lack of consistency is provided in AU 508.16-.18. .21: If the entity has a change in accounting principles when it first adopts FASAB standards, the auditor should include a paragraph on consistency in the audit report, regardless of whether or not the financial statements of the previous period are presented. The paragraph should state that the entity adopted SFFAS No. X, as discussed in note XX. The SFFASs generally specify what disclosures are required upon adoption. Departure from GAAP: .22: The auditor must consider whether the financial statements are materially affected by a departure from GAAP. If such a departure exists, the auditor should determine the extent of the effects of the departure on the financial statements, considering both quantitative and qualitative factors, as discussed in AU 508.35-.36. The auditor also should consider whether adequate disclosures have been made in the financial statements and related notes (see AU 431 and AU 508.41-.44) and should evaluate whether any changes in accounting principles used by the entity are appropriate (see AU 508.50-.57). Depending on the extent of the departure, the auditor should express either a qualified or adverse opinion. Guidance on reporting these departures is included in AU 508.37-.40 for qualified opinions and AU 508.58-.60 for adverse opinions (see section 595 B for modifications to be made to the auditor's report). In rare cases when compliance with accounting principles would result in misleading financial statements, a departure from GAAP may not result in a qualified or adverse opinion (see AU 508.14 -.15). Types of reports: .23: As discussed, the auditor may express various types of opinions or may disclaim an opinion. Guidance on reporting is included in AU 411, 420, 431, 504, 508, and 558. Additionally, section 595 A includes an example of an unqualified report. Section 595 B includes specific changes to be made to the unqualified report under various circumstances. Each type of report is discussed in paragraphs 580.24-.31. Unqualified Opinion: .24: In an unqualified opinion on the financial statements, the auditor concludes that the financial statements and accompanying notes present fairly, in all material respects, the assets, liabilities, and net position of the entity at the end of the period, and the net costs, changes in net position, budgetary resources, reconciliation of net costs with budgetary obligations, and custodial activity (if applicable) for the period then ended, in conformity with generally accepted accounting principles. .25: If, in the auditor's judgment, he/she cannot make this conclusion (for reasons discussed in paragraphs 580.14-.22) the auditor's report on the financial statements should be modified. This report modification may take the form of an explanatory paragraph, or the opinion expressed in the report may be qualified or adverse. Additionally, if the auditor opines only on the balance sheet, the auditor should follow the guidance in AU 508.33-.34. Explanatory Paragraphs: .26: An auditor may express an unqualified opinion and also include explanatory paragraphs in the report. An explanatory paragraph may be included in either the significant matters section or the opinion on the financial statements section of the auditor's report based on the auditor's judgment about its significance. The following types of situations usually require the addition of an explanatory paragraph or other explanatory language. (See AU 508.11 for further guidance.): * The auditor's opinion refers to another auditor's report. * The predecessor auditor's report is not presented for comparative financial statements. * The accounting principles or their method of application materially changes between periods. (See paragraph 580.20 for a discussion of consistency.): * Certain circumstances exist relating to reports on comparative financial statements. (See AU 508.68-.69 and .72-.74.): * Supplementary information required by FASAB or OMB has been omitted, the presentation of such information departs materially from FASAB or OMB guidelines or is materially inconsistent with information in the financial statements, the auditor is unable to complete prescribed procedures concerning such information, or the auditor is unable to remove substantial doubts about whether the supplementary information conforms to FASAB or OMB guidelines. (See AU 558 for guidance on required supplementary information.): * There is substantial doubt about the entity's ability to continue to carry out its mission without substantial additional resources or changes in operations (see AU 341). .27: An explanatory paragraph may also be added to emphasize a matter, such as significant transactions with related parties, as discussed in AU 508.19. Also, although not required, an explanatory paragraph may be added when the financial statements are affected by uncertainties concerning future events whose outcome cannot be reasonably estimated as of the report date. (See paragraph 580.19 for a discussion of uncertainties.): Qualified Opinion: .28: A qualified opinion states that except for the effects of the matter to which the qualification relates, the financial statements present fairly, in all material respects, the assets, liabilities, net position, net costs, changes in net position, budgetary resources, reconciliation of net costs with budgetary obligations, and custodial activities (if applicable) in conformity with GAAP. Guidance on qualified opinions is provided in various paragraphs of AU 508. .29: The following situations may require a qualified opinion, as discussed in AU 508.20: * The audit scope is limited (see paragraphs 580.14-.18.): * Based on the audit results, the auditor believes that a departure from GAAP had a material effect on the financial statements but has decided not to express an adverse opinion (see paragraph 580.22). AU 508.21 provides guidance on qualified opinions. Section 595 B provides guidance on specific report modifications for qualified opinions. Adverse Opinion: .30: An adverse opinion states that the financial statements do not fairly present the assets, liabilities, net position, net costs, changes in net position, budgetary resources, reconciliation of net costs with budgetary obligations, or custodial activities (if applicable) in conformity with generally accepted accounting principles. This type of opinion is expressed on the financial statements taken as a whole when there are material departures from GAAP as discussed in paragraph 580.22. Guidance on adverse opinions is provided in AU 508.58-.60. Section 595 B provides specific report modifications for adverse opinions. Disclaimer Report: .31: In a disclaimer report, the auditor does not express an opinion on the financial statements. A disclaimer report is appropriate when the audit scope is not sufficient to enable the auditor to express such an opinion, as discussed in paragraphs 580.14-.18, or when there are material uncertainties involving a scope limitation, as discussed in paragraph 580.19. AU 508.61-.63 provides guidance on issuing disclaimer reports. The reasons that caused the auditor to disclaim an opinion should be described in the significant matters section of the report following the guidance in AU 508.25-.26. Specific guidance on the wording of disclaimer reports is included in section 595 B. INTERNAL CONTROL: .32: Federal financial auditors may take one of two different approaches to reporting on internal control: (1) management provides an assertion about the effectiveness of its internal control and the auditor expresses an opinion on internal control (see paragraphs 580.38- .48)[Footnote 2] or (2) the auditor reports weaknesses found but does not give an opinion (see paragraphs 580.49-.50). (OMB audit guidance requires management to include representations about internal control in the management representation letter in either case.) GAO auditors generally express an opinion on internal control. In either case, the auditor considers whether internal control is sufficient to meet the following control objectives insofar as those objectives pertain to preventing or detecting misstatements, losses, or noncompliance that would be material in relation to the financial statements: * Reliability of financial reporting--transactions are properly recorded, processed, and summarized to permit the preparation of the financial statements and RSSI in accordance with GAAP, and assets are safeguarded against loss from unauthorized acquisition, use, or disposition. * Compliance with applicable laws and regulations--transactions are executed in accordance with laws governing the use of budget authority and other laws and regulations that could have a direct and material effect on the financial statements or RSSI and any other laws, regulations, and governmentwide policies identified by OMB in its audit guidance. The auditor also should report any reportable conditions detected in performance measures controls but does not need to express an opinion on whether internal control is sufficient to meet the objective that data supporting performance measures are properly recorded, processed, and summarized to permit preparation of performance information in accordance with criteria stated by management. Classifying Control Weaknesses: .33: The following definitions and guidelines should be used for classifying internal control weaknesses: * A material weakness is a reportable condition (see below) in which the design or operation of one or more of the internal control components does not reduce to a relatively low level the risk that misstatements, whether caused by errors or fraud, losses, or noncompliance in amounts that would be material in relation to the financial statements, RSSI, or a performance measure or aggregation of related performance measures may occur and not be detected within a timely period by employees in the normal course of their assigned duties.[Footnote 3] * Reportable conditions are matters coming to the auditor's attention that in the auditor's judgment, should be communicated because they represent significant deficiencies in the design or operation of internal control, which could adversely affect the entity's ability to meet the internal control objectives described in the report. .34: The auditor should consider whether reportable conditions, in combination, result in material weaknesses. If so, the auditor should consider them to be material weaknesses in concluding as to the effectiveness of internal control and reporting findings, as discussed in paragraphs 580.42-.48 and 580.51-.58. Additional guidance on classification of internal control weaknesses is provided in AU 325. .35: OMB has provided guidance, supplementing Circulars A-123 (June 21, 1995) and A-127 (July 23, 1993 and revisions in Transmittal Memorandum No. 2, dated June 10, 1999), on materiality for reporting matters under FMFIA. The term "material weakness" as used by OMB in this guidance (FMFIA material weakness) is different from the above definition. Management and the auditor should evaluate the material weaknesses reported under FMFIA to determine whether they meet the auditor's definitions of material weakness and reportable condition for reporting as part of management's assertion about the effectiveness of internal control (see paragraph 580.33). .36: According to OMB criteria, an internal control weakness is an FMFIA material weakness under A-123 if it is significant enough to be reported outside the agency, as determined by the agency head (that is, included in the annual Integrity Act report to the President and the Congress). .37: According to OMB criteria (A-127), nonconformance of entity budget or accounting information and financial systems is material for FMFIA reporting under A-123 if it is material, as judged by the agency head, when weighed against other agency deficiencies. Opinion on Internal Control: .38: The auditor's evaluation of the entity's internal control and the results of other audit procedures form the basis for the auditor's opinion on internal control. The opinion may be unqualified, unqualified with reference to reportable conditions, qualified, or adverse. Additionally, there may be restrictions on the scope of the procedures that result in a qualified opinion or a disclaimer report (see paragraphs 580.39-.49). The auditor should communicate any identified internal control weaknesses (including weaknesses in operations controls), as discussed in paragraphs 580.51-.58, and consider the effects of such weaknesses on other reports prepared by the entity (paragraph 580.60). Scope of Procedures: .39: To express an unqualified opinion on internal control, the auditor must have an assertion from management about the effectiveness of internal control and must be able to perform all of the procedures considered necessary, as described in sections 300 and 450. If there is a restriction on the scope of the audit (i.e., not all of these procedures can be performed), the auditor may need to qualify or disclaim the opinion on internal control. Scope restrictions may be imposed by the entity or may be due to other circumstances. The decision of whether to qualify or disclaim an opinion is a matter of the auditor's judgment regarding the importance of the omitted procedures to forming an opinion on internal control. However, if a significant scope restriction is imposed by the entity, the auditor should disclaim an opinion. .40: When determining the severity of a scope limitation on internal control, the auditor should consider the control objectives listed in the report--financial reporting, including safeguarding assets, and compliance with laws and regulations. If the scope of work on internal control relevant to one of these objectives is limited, the auditor may need to qualify or disclaim the opinion on internal control regarding that objective. Also, the auditor should determine whether that limitation affects his/her ability to opine on the other objective. If a scope limitation is encountered for a control objective, the auditor should exercise judgment in determining if it is appropriate to give an unqualified opinion on internal control over either objective. In the case of a scope limitation, the auditor should review the guidance in AT 501.59-.62 (SSAE 10, paragraphs 5.59-.62) and consult with the Reviewer to determine the appropriate type of opinion. Section 595 B contains example language for situations in which (1) the auditor is satisfied that the scope limitation affects only one control objective and that it is considered appropriate to give an opinion on internal control over the other objective and (2) the auditor believes a disclaimer report on internal control, as a whole, is appropriate due to a scope limitation. .41: If the auditor has determined that an opinion can be expressed on one or both of the control objectives, the type of opinion to be given depends on whether any internal control weaknesses are identified and the significance of such weaknesses. In concluding as to the effectiveness of internal control, weaknesses should be categorized, in order of decreasing significance, as (1) material weaknesses, (2) reportable conditions that are not considered to be material weaknesses (other reportable conditions), and (3) other weaknesses less significant than reportable conditions (other weaknesses). Each of these types of weaknesses and its effects on the auditor's conclusion on internal control is discussed below. If no material weaknesses or other reportable conditions are identified, the auditor concludes that internal control is effective in meeting the control objectives. Effects of Control Weaknesses on the Auditor's Conclusion as to the Effectiveness of Internal Control: .42: Based on the types of weaknesses noted, the auditor should conclude as to the effectiveness of internal control as of the end of the audit period, as discussed in paragraphs 580.43-.47. Management also concludes as to the effectiveness of internal control in deciding what assertion to make. Material weaknesses: .43: If material weaknesses exist at the end of the audit period, the auditor should conclude that the entity's internal control is ineffective or effective "except for" the weakness for the control objective(s) that the weakness affects. The existence of a material weakness precludes a conclusion that internal control is effective for that objective. If a material weakness relates only to one control objective, the auditor should determine whether internal control is effective in achieving the other control objective. The auditor should exercise judgment when concluding that the effects of a material weakness are isolated to one control objective. .44: The auditor also should exercise judgment in deciding whether it is appropriate in the circumstances to conclude that "except for" a material weakness, internal control is effective for the objective. Management should exercise judgment in deciding what assertion to make about the effectiveness of internal control. By definition, a material weakness is a very significant condition (see paragraph 580.33) that could allow misstatements, losses, or noncompliance of such a magnitude that the judgment of a reasonable person relying on the information would have been changed or influenced. If, after careful consideration, the auditor determines that although a material weakness, the weakness is not severe enough to judge that internal control for that objective is ineffective, he or she may conclude that internal control for that objective is effective "except for" the material weakness. However, if the auditor determines that the material weakness(es) is(are) significant enough that he or she cannot judge internal control to be effective for that objective, even "except for" the material weakness(es), he or she should conclude that internal control is ineffective for that objective. Factors the auditor should consider in deciding whether an "except for" conclusion is appropriate are: * whether there is a single material weakness related to the objective or several, * whether the material weakness relates to ancillary areas that are less significant or to one of the more significant aspects of the entity, and * whether the material weakness is limited to one or a few assertions that are not generally considered the most significant ones related to the line item or the assertions are quite significant. .45: If a material weakness is presented in a report that also includes an unqualified opinion on the financial statements, a statement should be added to the unqualified opinion to indicate that material misstatements may nevertheless occur in other financial information reported by the entity as a result of the material weakness. Example report modifications for material weaknesses are provided in section 595 B. Reportable conditions other than material weaknesses: .46: If reportable conditions other than those considered to be, individually or in combination, material weaknesses exist at the end of the audit period, the auditor generally may conclude that the controls are effective in achieving the control objectives. However, the auditor's report should be revised (see section 595 B) to highlight that the work performed identified the need to improve certain internal controls. Weaknesses that do not meet the criteria for reportable conditions: .47: Weaknesses that do not meet the criteria for reportable conditions (paragraph 580.33) do not affect the auditor's conclusion as to the effectiveness of internal control. They may be reported in a management letter or orally. Type of Opinion: .48: As described in paragraphs 580.39-.41, if the auditor is unable to apply all the audit procedures he or she considers necessary in the circumstances, a scope limitation exists and the report on internal control may need to be a qualified opinion or a disclaimer of opinion. If all the procedures considered necessary were performed, the opinion may be one of the following. * If the auditor and management agree as to the effectiveness of internal control and there are no material weaknesses or other reportable conditions in internal control, the opinion on internal control is unqualified (see section 595 A). * If the auditor and management agree as to the effectiveness of internal control and there are no material weaknesses in internal control, but there is(are) other reportable condition(s), the auditor modifies the report on internal control by stating that internal control is effective but could be improved and by referring to the reportable condition(s) (see section 595 B). * If the auditor and management agree as to the effectiveness of internal control and there are material weaknesses in internal control, the auditor modifies the opinion on internal control by (1) referring to the material weakness(es) noted in management's assertion (which states that internal control with respect to one or both of the internal control objectives--financial reporting, including safeguarding, or compliance--is either effective "except for" the material weakness (qualified opinion) or ineffective (adverse opinion)) and (2) describing the material weakness(es). (See section 595 B.): * If the auditor and management disagree as to the effectiveness of internal control, either because (1) management does not agree that material weakness(es) exist or (2) management does not appropriately modify its assertion about the effectiveness of internal control in light of the material weakness(es), the auditor's opinion is also adverse. (The existence of a material weakness precludes management from asserting that its internal control is effective for that objective.) Thus, an adverse opinion is appropriate if management states that internal control is effective "except for" the material weakness(es) when, in the auditor's judgment, the material weakness(es) is(are) so severe that internal control is ineffective (see paragraph 580.44 and section 595 B). The auditor should consult with the Reviewer on the opinion on internal control, especially in instances where he or she concludes that a material weakness is isolated to one control objective or that internal control is effective "except for" a material weakness. Nonopinion Report: .49: If the purpose of the audit is not to render an opinion on internal control, the auditor should report material weaknesses and other reportable conditions in internal control, or state that no material weaknesses were found. (See sections 595 A and/or B.) If, in the auditor's judgment, material weaknesses were so significant that the auditor concludes internal control was ineffective for one or more objectives, he or she may state that conclusion in the report. (See section 595 B.): .50: The AICPA, in SAS No. 87, states that a report on internal control in which no opinion is issued is a by-product report, a report that provides a limited degree of assurance about internal control. When no opinion is issued, the report on internal control is not the primary objective of the engagement. SAS 87 states that the auditor should indicate the intended use of the internal control report because of the potential for misunderstanding related to a by-product report's limited degree of assurance. Because the distribution of government audit reports is not restricted, the reports should explain their limitations. (See section 595 A where, in a footnote explaining changes for a nonopinion internal control section, the example report cautions the reader that the internal control testing performed may not be sufficient for other purposes.): Where to Report Control Weaknesses: .51: The means of communicating weaknesses in internal control depends on the type of weakness, as discussed in paragraph 580.33. Each type of weakness is discussed in paragraphs 580.52-.55 below. Reportable conditions (including material weaknesses): .52: If, in the auditor's judgment, a reportable condition is considered to be a significant matter that should be communicated to the entity head, OMB, and the Congress, it should be described in the auditor's report. Any material weakness identified by the auditor should be reported in this manner. These matters should be included in the significant matters section of the auditor's report and combined with related matters to the extent possible as discussed in paragraph 580.06. If management's assertion about the effectiveness of internal control is printed with the audit report, the auditor's report should refer to the discussion of the material weakness (or other reportable condition) in management's assertion. .53: The significant matters section of the auditor's report should be limited to summarized information. As such, control weaknesses included in the significant matters section generally should be limited to providing the reader with an understanding of the nature and extent of the weakness. If more complete information concerning the weakness is provided in other reports issued prior to or at the same time as the auditor's report, a reference to such other reports (such as date and title or report number) generally should be included in the auditor's report. .54: Reportable conditions not considered to be significant matters individually, as described in paragraph 580.52, should be listed in the significant matters section or in the internal control section of the report. Related weaknesses should be combined. Such weaknesses may be reported in more detail in a management letter (or other written communication). The opinion or report on internal control generally should refer to such letters or communications. To the extent that any such weaknesses contribute to significant matters, they should be described in conjunction with the related significant matter. .55: The auditor may report weaknesses that do not meet the criteria for reportable conditions in a management letter (including the elements that are reported in the management letter as discussed in paragraph 580.57), orally communicate the weakness to an appropriate level of entity management, or determine that no further consideration is necessary. The auditor should document any oral communication or the basis for the decision not to communicate the weakness. What to Report About Control Weaknesses: .56: Control weaknesses identified by the auditor are considered to be findings. The "yellow book" (paragraph 6.49) describes the four elements of a finding: * criteria (what should be), * condition (what is), * cause (why the condition occurred), and * effect (the nature of the possible past or future impact). .57: Fully developing each of the four elements of a finding is not always necessary. The auditor should use judgment in applying the resources to investigate a control weakness, based on the elements that are to be reported. For each reportable condition, the minimum extent to which the elements of a finding should be developed depends on how it is communicated. * Reportable conditions reported in the auditor's report: The auditor should identify at least the criteria, condition, cause, and possible asserted effect (as to nature, not necessarily amount) to permit federal officials to determine the effect and to take prompt and proper corrective action. Each reported finding should include a recommendation. * Reportable conditions reported in a management letter: The auditor should identify at least the condition and the criteria and generally should identify the possible asserted effect. Also, the auditor should provide suggestions for improvements. The auditor should consider the benefits of identifying the cause, which would generally strengthen the suggested improvement. In discussing each reportable condition that meets FMFIA reporting criteria, the auditor should state whether the reportable condition was identified in the entity's FMFIA report or in the FMFIA report of the organization of which the entity is a part. .58: For weaknesses that do not meet the criteria for reportable conditions, developing all of the elements of a finding is generally not necessary. The auditor should apply judgment to limit the resources applied to investigate this type of control weakness. Other Considerations: .59: To communicate audit findings promptly, the auditor should consider issuing reports and/or management letters during the audit. In such instances, the audit report describes significant matters and the general nature of other reportable conditions (as discussed in paragraphs 580.52-.54) and refers to such reports and/or management letters. The reference generally should be sufficient to allow the reader to request these reports and/or management letters. For example, titles and dates or accession numbers generally should be included. .60: The auditor should consider whether internal control weaknesses, particularly material weaknesses, could affect information in other reports generated by the entity for external distribution or internal decision-making. The auditor should make inquiries and consider other knowledge obtained during the audit concerning use of reports affected by the weaknesses. The auditor should determine, based on his/her judgment, whether such reports are significant and likely to contain inaccuracies as a result of such control weaknesses that would likely influence the judgment of the report users. If so, the auditor generally should describe, in the auditor's report, the nature of such reports and the effect of control weaknesses on them. In determining if such reports are significant, the auditor should consider whether user judgments or management decisions based on such reports could affect the entity in amounts that would be material in relation to the financial statements. Reporting on management's FMFIA reports: .61: In the internal control section of the auditor's report, the auditor considers whether material weaknesses, other reportable conditions, or financial management systems' nonconformances identified during the audit were identified in management's FMFIA report. The auditor should investigate any material weaknesses, other reportable conditions, or systems' nonconformances discovered during the audit that were not included in the entity's FMFIA report or the FMFIA report of the organization of which the entity is a part. If the auditor found reportable conditions or systems' nonconformances that should have been reported under FMFIA (see paragraphs 580.35-.37), he or she should refer to them and should determine whether management's FMFIA process has weaknesses that should be reported. Such weaknesses might result from one of the following problems. * Management did not initially recognize internal control weaknesses or systems' nonconformances, perhaps due to a lack of training or understanding or to limitations in the scope of the FMFIA process. (For example, certain areas were not reviewed annually or certain types of controls or systems were not reviewed.): * Management did not recognize that identified weaknesses were FMFIA material weaknesses or systems' nonconformances. * Management relied on controls that the auditor concluded were ineffective. * Management failed to report identified weaknesses due to inappropriate report preparation (perhaps due to errors in aggregating the internal control weaknesses or systems' nonconformances of branches or agencies). FINANCIAL MANAGEMENT SYSTEMS: .62: FFMIA requires the auditor to report whether the financial management systems of CFO Act agencies or the components designated by OMB comply substantially with three federal financial management systems requirements. These requirements, also required by OMB Circular A-127, are: * federal financial management systems requirements, including those found in the JFMIP functional requirements documents; * applicable federal accounting standards, which are now recognized as GAAP (see section 560); and: * the SGL at the transaction level. Reporting on Systems' Substantial Compliance with FFMIA Requirements: .63: Specific guidance for FFMIA reporting when the auditor determines that the financial management systems are in substantial compliance with the three FFMIA requirements will be provided in the future. OMB and GAO are reviewing this reporting issue and FFMIA implementation generally, which may result in revision to OMB Bulletin No. 01-02 and additional guidance in the FAM. .64: If the auditor finds lack of substantial compliance with any of the three requirements, see section 595 B for reporting guidance; the lack of substantial compliance should be discussed in the significant matters section of the audit report. Frequently, lack of substantial compliance is related to material weaknesses or other reportable conditions in internal control. If so, the discussion should be combined in the significant matters section to avoid redundancy. .65: If the the auditor finds that the entity's systems did not substantially comply with the requirements, the auditor is required by FFMIA to identify the entity or organization responsible for the systems found not to comply; include pertinent facts, including nature and extent of the noncompliance, areas in which there is substantial but not full compliance, primary reason or cause, and any relevant comments from management or responsible employees; and make recommendations of remedial actions and time frames for implementing the recommendations. This information also should be included in the significant matters section and/or a recommendation section, if either is used. Scope of Procedures: .66: If the auditor is unable to perform all the procedures considered necessary, as discussed in section 350, the scope of the audit is restricted. Generally, if the scope of the audit is restricted, such as due to unavailability of needed information from the system, the auditor reports that the financial management systems are not in substantial compliance with FFMIA requirements. Also, if the auditor concluded the systems were not in substantial compliance with FFMIA based on limited testing, he or she should report that the work on FFMIA would not necessarily disclose all instances of lack of substantial compliance with FFMIA requirements. (See section 595 B.): COMPLIANCE WITH LAWS AND REGULATIONS: .67: The auditor reports on the results of compliance testing and on compliance matters (including fraud--see section 540) coming to his or her attention during procedures other than compliance tests. The manner in which noncompliance is reported depends on the significance of the noncompliance and whether such noncompliance is material to the financial statements, as described below. The auditor should consult with OGC regarding conclusions on the entity's compliance with laws and regulations. .68: The following definitions and guidelines should be used for classifying noncompliance detected during the audit. * Reportable noncompliance includes all matters coming to the auditor's attention except those that in the auditor's judgment, are clearly inconsequential. * Material noncompliance is reportable noncompliance in which a failure to comply with laws or regulations results in misstatements that are material to the financial statements. Any instances of material noncompliance should be described in the significant matters section of the audit report. .69: Reportable noncompliance, other than material noncompliance, should be described in the significant matters section of the auditor's report if, in the auditor's judgment, it is considered to be a significant matter that should be communicated to the entity head, OMB, and the Congress. Otherwise, the auditor should list the reportable noncompliance in the significant matters section or in the compliance section of the report. Related instances of noncompliance should be combined. Such noncompliance may be reported in detail in another report or in the management letter, and that other report or management letter should be referred to in the auditor's report. To the extent that any such noncompliance contributes to significant matters, it should be described in conjunction with the related significant matter. .70: Noncompliance that does not meet the criteria for reportable noncompliance may be orally communicated to an appropriate level of entity management, or the auditor may determine that no further consideration is necessary. The auditor should document any oral communication in the workpapers. Reporting on compliance tests: .71: The auditor states directly whether any reportable noncompliance was detected during compliance tests. This type of direct statement is illustrated in section 595 A for a situation in which the compliance tests disclosed no reportable noncompliance. If reportable noncompliance is noted, the statement should be modified as shown in section 595 B, and the reportable noncompliance should be discussed in the significant matters section of the auditor's report according to the guidance in paragraphs 580.69-.70. .72: The AICPA, in SAS No. 87, states that a report on compliance with laws and regulations in which no opinion is issued is a by-product report, a report that provides a limited degree of assurance about compliance. When no opinion is issued, the report on compliance is not the primary objective of the engagement. SAS 87 states that the auditor should indicate the intended use of the compliance report because of the potential for misunderstanding related to a by-product report's limited degree of assurance. Because the distribution of government audit reports is not restricted, the reports should explain their limitations. (See section 595 A in the objectives, scope, and methodology section). Scope of procedures: .73: The auditor should be able to perform all of the procedures considered necessary to obtain sufficient evidence to report on compliance with laws and regulations. If the auditor is unable to perform all of the procedures for each of the significant provisions of laws and regulations, he or she may be able to report on the laws and regulations tested; however, the auditor should modify the report to alert the reader that not all of the laws that were considered necessary were tested. See section 595 B for report modifications. .74: If the scope limitation is so significant that the auditor believes that any statement could be misleading, he or she may omit it. Significant scope limitations should be described in the significant matters section of the auditor's report, and the auditor's report should be modified as described in section 595 B. The auditor should also consider the effect of such a scope limitation on the opinion on the financial statements. .75: If weaknesses in compliance controls are identified but no instances of noncompliance are found during compliance testing, the auditor should reconsider whether controls or other mitigating factors prevented or detected instances of noncompliance. If sufficient additional controls or other mitigating factors are not identified, the auditor should consult with the Reviewer and OGC concerning the appropriate reporting of such weaknesses and compliance tests. OTHER INFORMATION IN THE ACCOUNTABILITY REPORT: .76: As discussed in OMB Bulletin, Form and Content of Agency Financial Statements, certain other information is to be included in the annual financial statement. This information consists of MD&A (the overview of the reporting entity), required supplementary information including RSSI, and other accompanying information. .77: GAAP require the reporting of certain RSSI: stewardship property, plant, and equipment (PP&E) and its condition (reported in units, including heritage assets, national defense PP&E, and stewardship land); stewardship investments (including nonfederal physical property, such as highways; human capital, such as expenditures for training and education; and research and development); risk-assumed information (such as pension and deposit insurance projections); and social insurance information. OMB and GAO, which are responsible for determining audit scope related to this information, do not require RSSI to be audited. RSSI presented should be marked "unaudited.": .78: As this information is "required supplementary information," the auditor should apply procedures consistent with AU 558. As discussed in AU 558, the auditor should compare the consistency of the information with the financial statements and should discuss the methods of measurement and presentation with entity officials. .79: If there are no material inconsistencies or nonconformance with OMB guidance that come to the auditor's attention during these or other audit procedures, the auditor should state this as shown in section 595 A. (Although AU 558.08 requires reporting on the other information only if material inconsistencies or nonconformances with OMB guidance are found, OMB audit guidance requires the auditor to report based on AU 551.15.) If material inconsistencies or instances of nonconformance are noted and are not remedied by the entity, the auditor should describe these situations in the significant matters section of the auditor's report and refer to the discussion in the significant matters section as illustrated in section 595 B. .80: The auditor should also consider whether circumstances that resulted in modification of the auditor's report, such as a scope limitation or departure from GAAP, also affect this other information and disclose these effects in the discussion of those circumstances in the significant matters section of the report as described in section 595 B. .81: Following the objectives, scope, and methodology section of the report, there generally should be a section on agency comments. The auditor should allow the audited entity to review a draft of the report prior to issuance and provide either written or oral comments on it to assure the report is fair, objective, accurate, and complete. Written comments are generally preferred, especially when the report is sensitive or controversial, when significant disagreements exist, or when the report makes wide-ranging recommendations. Oral comments are preferred when there is a time-critical need to expedite issuance and the auditor has worked closely with the agency so that it is familiar with the findings and issues addressed in the draft, which are not expected to cause disagreements or controversy. If the report is unqualified, the entity may decide not to comment on it. The auditor should briefly characterize the overall response to the draft and summarize the major points made in the comments, whether written or oral, in the final section of the report. If agency officials concurred with all the findings, conclusions, and recommendations, the auditor should state that they concurred, mention actions the agency has agreed to take, and provide responses the auditor has to those actions. If agency officials disagree with or have concerns regarding portions of the report, the auditor should discuss these concerns fully and provide the auditor's response to them. Written comments generally should be included as an appendix to the report if they relate to the message. [End of section] 590 - DOCUMENTATION: .01: The auditor should document the nature and extent of work performed in the reporting phase and the related conclusions. Such documentation should include: * evaluation of misstatements, * inquiries of attorneys, * subsequent events, * management representations, * related party transactions, and * procedures performed to determine consistency of the other information in the Accountability Report with the financial statements and on conformity with OMB guidelines on form and content of financial statements. SPECIFIC DOCUMENTATION CONSIDERATIONS: Audit Summary Memorandum: .02: At the completion of the audit, an audit summary memorandum should be prepared that summarizes the audit results and demonstrates the adequacy of the audit procedures and the reasonableness of the conclusions on the financial statements, internal control, substantial compliance of the financial management systems with the FFMIA requirements, the entity's compliance with laws and regulations, MD&A (the overview of the entity), required supplementary information (including RSSI), and other accompanying information. .03: The audit summary memorandum generally should refer to other workpapers where this information is described in more detail. The memorandum should briefly summarize and allow the reader to easily refer in the workpapers to: * any significant changes from the auditor's original assessment of the control environment, risk assessment, communication, and monitoring or inherent or control risks and significant revisions of audit procedures; * additional fraud risk factors or other conditions (beyond those considered in planning--section 260) identified during the audit that caused the auditor to believe that an additional response was required and any further response that the auditor concluded was appropriate; * significant accounting, auditing, or reporting issues; * any limitations on the audit scope and the auditor's assessment of whether the audit procedures were adequate to support conclusions on the financial statements, internal control, the systems' substantial compliance with FFMIA requirements, compliance with laws and regulations, MD&A, required supplementary information (including RSSI), and other accompanying information; * the auditor's conclusions on whether the audit evidence obtained supports the conclusions on the financial statements, internal control, the systems' substantial compliance with FFMIA requirements, compliance with laws and regulations, MD&A, required supplementary information (including RSSI), and other accompanying information; * the auditor's conclusion on whether the audit was done in compliance with GAGAS, OMB audit guidance, and the GAO/PCIE Financial Audit Manual and whether the report is appropriate; * the auditor's conclusion on whether the entity's financial statements comply with generally accepted accounting principles; * significant subsequent events, if any; * the Summary of Unadjusted Misstatements; * a summary of internal control weaknesses and a comparison of those the auditor found to the weaknesses reported in management's assertion about the effectiveness of internal control; * a summary of instances of lack of substantial compliance with FFMIA requirements, including areas in which there is substantial but not full compliance; * a summary of instances of noncompliance with laws and regulations; and: * the documentation of overall analytical procedures. Overall Analytical Procedures: .04: The following items should be documented in the workpapers for overall analytical procedures: * Data used and sources of data: The documentation on the specific financial data used for the current-year amounts and the data used for comparison should include the amounts of the financial items; the dates or periods covered by the data; whether the data were audited or unaudited; the persons from whom the data were obtained, if applicable; and the source of the information (e.g., the general ledger trial balance, prior-year audit workpapers, or prior-year financial statements). * Parameters for identifying significant fluctuations: These parameters are left to the auditor's judgment. * Explanations for significant fluctuations and sources of these explanations: Explanations obtained should be consistent with corroborating evidence in the workpapers and should be referenced to this work. * Auditor's conclusions on the results of the procedures: The auditor's conclusions on the results of overall analytical procedures generally should be documented in the reporting phase workpapers. Considering Weaknesses in Internal Control: .05: The basis for considering internal control weaknesses as material weaknesses, other reportable conditions, or as not reportable, should be documented in the workpapers. Any oral communications of control weaknesses that are not included in a written report should be documented in the workpapers. Procedures performed to determine the effects of misstatements and weaknesses in internal control on other reports prepared and used by the entity also should be documented. Reporting Lack of Substantial Compliance With FFMIA Requirements: .06: The basis for considering whether noncompliances with FFMIA requirements represent lack of substantial compliance should be documented in the workpapers. Reporting Instances of Noncompliance: .07: The basis for classification of instances of noncompliance as material noncompliance, other reportable noncompliance, or as not reportable should be documented in the workpapers. Any oral communications of noncompliance that are not included in a written report should be documented in the workpapers. [End of section] 595 A - EXAMPLE AUDITOR'S REPORT - UNQUALIFIED: In our audit of [name of entity] for fiscal year [year], we found: * the financial statements are presented fairly, in all material respects, in conformity with U.S. generally accepted accounting principles, * [entity] had effective internal control over financial reporting (including safeguarding assets) and compliance with laws and regulations,[Footnote 4] * [FFMIA reporting, see note 2 below],[Footnote 5] and: * no reportable noncompliance with laws and regulations we tested. The following sections discuss in more detail (1) these conclusions and our conclusions on Management's Discussion and Analysis and other supplementary information and (2) the scope of our audit. Opinion on Financial Statements: The financial statements including the accompanying notes present fairly, in all material respects, in conformity with U.S. generally accepted accounting principles, [name of entity's] assets, liabilities, and net position; net costs; changes in net position; budgetary resources; reconciliation of net costs to budgetary obligations; and custodial activity (if applicable)[Footnote 6] as of September 30, 20XX and for the year then ended. Opinion on Internal Control[Footnote 7] [Entity] maintained, in all material respects, effective internal control over financial reporting (including safeguarding assets) and compliance as of [end of fiscal year] that provided reasonable assurance that misstatements, losses, or noncompliance material in relation to the financial statements or to stewardship information would be prevented or detected on a timely basis. Our opinion is based on criteria established under 31 U.S.C. 3512 (c), (d), the Federal Managers' Financial Integrity Act, and the Office of Management and Budget (OMB) Circular A-123, Management Accountability and Control [or other criteria]. Systems' Compliance With FFMIA Requirements[Footnote 8] Compliance With Laws and Regulations: Our tests for compliance with selected provisions of laws and regulations disclosed no instances of noncompliance that would be reportable under U.S. generally accepted government auditing standards or OMB audit guidance. However, the objective of our audit was not to provide an opinion on overall compliance with laws and regulations. Accordingly, we do not express such an opinion. Consistency of Other Information: Management's Discussion and Analysis, required supplementary information (including stewardship information), and other accompanying information contain a wide range of data, some of which are not directly related to the financial statements. We do not express an opinion on this information. However, we compared this information for consistency with the financial statements and discussed the methods of measurement and presentation with [name of entity] officials. Based on this limited work, we found no material inconsistencies with the financial statements or nonconformance with OMB guidance. Objectives, Scope, and Methodology: Management is responsible for (1) preparing the financial statements in conformity with generally accepted accounting principles, (2) establishing, maintaining, and assessing internal control to provide reasonable assurance that the broad control objectives of the Federal Managers' Financial Integrity Act are met, (3) ensuring that [entity's] financial management systems substantially comply with FFMIA requirements, and (4) complying with applicable laws and regulations. We are responsible for obtaining reasonable assurance about whether (1) the financial statements are presented fairly, in all material respects, in conformity with generally accepted accounting principles and (2) management maintained effective internal control, the objectives of which are the following:[Footnote 9] * Financial reporting: Transactions are properly recorded, processed, and summarized to permit the preparation of financial statements and stewardship information in conformity with generally accepted accounting principles, and assets are safeguarded against loss from unauthorized acquisition, use, or disposition. * Compliance with laws and regulations: Transactions are executed in accordance with laws governing the use of budget authority and with other laws and regulations that could have a direct and material effect on the financial statements and any other laws, regulations, and governmentwide policies identified by OMB audit guidance. We are also responsible for[Footnote 10] (1) testing whether [entity's] financial management systems substantially comply with the three FFMIA requirements, (2) testing compliance with selected provisions of laws and regulations that have a direct and material effect on the financial statements and laws for which OMB audit guidance requires testing, and (3) performing limited procedures with respect to certain other information appearing in the Accountability Report. In order to fulfill these responsibilities, we (1) examined, on a test basis, evidence supporting the amounts and disclosures in the financial statements, (2) assessed the accounting principles used and significant estimates made by management, (3) evaluated the overall presentation of the financial statements, (4) obtained an understanding of internal control related to financial reporting (including safeguarding assets), compliance with laws and regulations (including execution of transactions in accordance with budget authority), and performance measures reported in Management's Discussion and Analysis of the Accountability Report, (5) tested relevant internal controls over financial reporting, and compliance, and evaluated the design and operating effectiveness of internal control, (6) considered the process for evaluating and reporting on internal control and financial management systems under the Federal Managers' Financial Integrity Act, (7) tested whether [entity's] financial management systems substantially complied with the three FFMIA requirements, and (8) tested compliance with selected provisions of the following laws and regulations [list laws and regulations]. We did not evaluate all internal controls relevant to operating objectives as broadly defined by the Federal Managers' Financial Integrity Act, such as those controls relevant to preparing statistical reports and ensuring efficient operations. We limited our internal control testing to controls over financial reporting and compliance. Because of inherent limitations in internal control, misstatements due to error or fraud, losses, or noncompliance may nevertheless occur and not be detected. We also caution that projecting our evaluation to future periods is subject to the risk that controls may become inadequate because of changes in conditions or that the degree of compliance with controls may deteriorate.[Footnote 11] We did not test compliance with all laws and regulations applicable to [entity]. We limited our tests of compliance to those laws and regulations required by OMB audit guidance that we deemed applicable to the financial statements for the fiscal year ended [date]. We caution that noncompliance may occur and not be detected by these tests and that such testing may not be sufficient for other purposes. We performed our work in accordance with U.S. generally accepted government auditing standards and OMB audit guidance. Agency Comments and Our Evaluation: In commenting on a draft of this report (see appendix x), [entity] concurred with the facts and conclusions in our report. [End of section] 595 B - SUGGESTED MODIFICATIONS TO AUDITOR'S REPORT: This section suggests how to modify each major section of the unqualified auditor's report on the Accountability Report (annual financial statement) illustrated in section 595 A for each of the situations listed below. Situations relating to the financial statements: 1. Scope limitation resulting in a qualified opinion on the financial statements: 595 B-3: 2. Scope limitation resulting in a disclaimer of an opinion on the financial statements: 595 B-3: 3. Uncertainty resulting in the addition of an explanatory paragraph: 595 B-4: 4. Lack of consistency in the application of accounting principles resulting in the addition of an explanatory paragraph: 595 B-4: 5. Departure from generally accepted accounting principles resulting in a qualified opinion on the financial statements: 595 B-5: 6. Departure from generally accepted accounting principles resulting in an adverse opinion on the financial statements: 595 B-5: Situations relating to internal control: 7. Scope limitation resulting in a disclaimer of opinion on internal control: 595 B-6: 8. Scope limitation resulting in a qualified opinion on internal control: 595 B-7: 9. Material weaknesses in internal control: 595 B-9: 10. Reportable conditions (other than material weaknesses) in internal control: 595 B-12: 11. The purpose was not to give an opinion on internal and other reportable conditions were found: 595 B-14: 12. The purpose was not to give an opinion on internal control and one or a few material weaknesses were found: 595 B-16: 13. The purpose was not to give an opinion on internal control and many material weaknesses were found: 595 B-18: Situations relating to financial management systems' substantial compliance with FFMIA requirements: 14. Lack of financial management systems' substantial compliance with FFMIA requirements: 595 B-20: Situations relating to compliance with laws and regulations: 15. Scope limitation--some laws and regulations could not be tested: 595 B-21: 16. Scope limitation--all laws and regulations could not be tested-- disclaimer: 595 B-22: 17. Material noncompliance with laws and regulations: 595 B-23: 18. Reportable noncompliance (other than material noncompliance) with laws and regulations: 595 B-24: Situations relating to the consistency of other information in the Accountability Report (management' discussion and analysis (or overview), required supplementary information (including stewardship information), and other accompanying information): 19. Material inconsistency between other information and the principal statements: 595 B-26: 20. Nonconformance of other information with OMB guidance: 595 B-27: 21. Any situation that caused the auditor to modify the report on the financial statements, internal control, or compliance with laws and regulations that also affects other information: 595 B-28: Financial Statements: Situation: 1. Scope limitation--qualified opinion (see paragraph 580. 14); Introduction: First bullet: "Evidence about [identify account(s) affected by the scope limitation] in the financial statements was not available because of limitations on the scope of our work. Otherwise, we found the financial statements are presented fairly in conformity with generally accepted accounting principles”; Significant Matters (See Note 1): Describe significant limitations on the scope of the work; Opinion or Conclusion: "Qualified Opinion on Financial Statements: "Because of the limitation on the scope of our work described above, we cannot determine if the financial statements' presentation of [identify account(s) affected by the scope limitation] is free of material misstatement. Otherwise, the financial statements including the accompanying notes present fairly..” Objectives, Scope, and Methodology: After the last sentence add: "We considered the limitations on the scope of our work in forming our conclusions.” Situation: 2. Scope limitation--disclaimer (see paragraph 580.14); Introduction: First bullet "We are unable to give an opinion on the fiscal year [year] financial statements of [name of entity] because of limitations on the scope of our work. Thus, the financial statements may be unreliable."; Significant Matters (See Note 1): Describe scope limitations that caused the disclaimer of the opinion and conclude with the following statement: "Because of this limitation on the scope of our work, we are unable to give an opinion on the financial statements."; Opinion or Conclusion: "Disclaimer of Opinion on Financial Statements: "As described above, we are unable to give an opinion on the financial statements." Objectives, Scope, and Methodology: Because we did not audit the financial statements, delete all references to the auditor's responsibility for auditing the financial statements and how that responsibility was fulfilled. (See note 2.). Situation: 3. Uncertainty --explanatory paragraph (see paragraph 580. 19); Introduction: No changes; Significant Matters (See Note 1) No changes. (See note 7.) Opinion on Financial Statements (see note 7) After the opinion, include an explanatory paragraph describing the uncertainty. No changes. Situation: 4. Lack of consistency in the application of accounting principles--explanatory paragraph (see paragraph 580.20); Introduction: No changes; Significant Matters (See Note 1) No changes. (See note 7.) Opinion on Financial Statements (see note 7) After the opinion, include an explanatory paragraph explaining the accounting change. For example "As discussed in Note X to the financial statements, the entity changed its method of computing depreciation in fiscal year [year]." No changes. Situation: 5. Departure from GAAP--qualified opinion (see paragraph 580.22); Introduction: First bullet "Entity departed from generally accepted accounting principles in [identify account(s) affected by the departure from GAAP]. Otherwise the financial statements are presented fairly in conformity with generally accepted accounting principles." Significant Matters (See Note 1): Describe material departures from GAAP. Opinion or Conclusion: "Qualified Opinion on Principal Statements "Except for the departure from U.S. generally accepted accounting principles described above, the financial statements, including the accompanying notes, present fairly .." Objectives, Scope, and Methodology: No changes. Situation: 6. Departure from GAAP--adverse opinion (see paragraph 580. 22); Introduction: First bullet "The financial statements are not presented fairly in conformity with generally accepted accounting principles." Significant Matters (See Note 1): Describe material departures from GAAP. "Adverse Opinion on Financial Statements "Because of the departure from U.S. generally accepted accounting principles described above, the financial statements, including the accompanying notes, do not present fairly .." No changes. [End of table] Internal Control: Situation: 7. Scope limitation--disclaimer (see paragraph 580.39); Bullets: Second bullet: "We are unable to give an opinion on internal control because of limitations on the scope of our work;" Significant Matters (See Note 1): Describe limitations on the scope of work that caused the disclaimer of the opinion and conclude with the following statement "Because of this limitation on the scope of our work, we are unable to give an opinion on internal control." Opinion or Conclusion: "Disclaimer of Opinion on Internal Control "As described above, we are unable to give an opinion on internal control." Objectives, Scope, and Methodology: Because we did not perform adequate procedures to give an opinion on internal control, delete all references to the auditor's responsibility for giving such an opinion and how that responsibility was fulfilled. (See note 3.). Situation: 8. Scope limitation on one objective--qualified opinion (see paragraph 580.39) (continued on next page); Bullets: Second bullet "We are unable to give an opinion on internal control over [state objective affected, for example, financial reporting] because of limitations on the scope of our work. We found that management had effective internal control over [state objective not affected, for example, compliance with laws and regulations.]" Significant Matters (See Note 1): Describe significant limitations on the scope of the work. This should follow the discussion of a scope restriction on the audit of the financial statements, if any, and should conclude with the following statement "Because of this limitation on the scope of our work, we are unable to give an opinion on internal control over [state the affected control objective, such as financial reporting]." Opinion or Conclusion: "Qualified Opinion on Internal Control "As described above, we are unable to give an opinion on internal control over [state control objective affected]. However, we did evaluate internal control over [list control objective not affected by scope limitation]." Objectives, Scope, and Methodology: State the opinion on the other objective: "[Entity] maintained in all material respects effective internal control over [list unaffected areas, for example, financial reporting or compliance] as of [end of fiscal year] that provided reasonable assurance that [list unaffected areas, for example, misstatements and losses or noncompliance] material in relation to the financial statements or to stewardship information would be prevented or detected on a timely basis. Our opinion is based on.. [continue with second sentence]. After the last sentence add "We considered the limitations on the scope of our work in forming our conclusions.". Situation: 9. Material weakness in internal control relevant to one or more control objective(s) (see paragraph 580.43) (continued on next page); Bullets: Second bullet "[Entity] did not have effective internal control over [state objective(s) affected, for example, financial reporting], but had effective internal control over [state objective not affected, for example, compliance with laws and regulations]." Significant Matters (See Note 1): Describe material weaknesses in internal control and include the term "material weakness" in the description. Indicate whether management in FMFIA reports reported each weakness. Add the following to address the possible effects of material weaknesses on other reports "These deficiencies in internal control may adversely affect any decision by management that is based, in whole or in part, on information that is inaccurate because of the deficiencies. Unaudited financial information reported by [name of entity], including budget information, also may contain misstatements resulting from these deficiencies." Opinion or Conclusion: "Adverse Opinion on Internal Control "Because of the material weakness(es) in internal control described above, [entity] did not maintain effective internal control over [state objective(s) affected, for example, financial reporting or compliance] as of [end of fiscal year], which thus did not provide reasonable assurance that [state control objective(s) affected, such as misstatements and losses or noncompliance] material in relation to the financial statements or to stewardship information would be prevented or detected on a timely basis." If controls were effective over one objective, add the following "However, [entity] maintained in all material respects effective internal control over [state objective not affected, such as compliance or financial reporting] as of [date of fiscal year-end] that provided reasonable assurance that [state appropriate effect(s) such as, noncompliance or misstatements and losses] material in relation to the financial statements or to stewardship information would be prevented or detected on a timely basis." Continue with sentence about the basis of the opinion. Opinion on Financial Statements If the opinion on financial statements is unqualified, include the following at the end of the opinion on the financial statements "However, misstatements may nevertheless occur in other financial information reported by [name of entity] as a result of the internal control weakness(es) described above." If the report also includes reportable conditions other than material weaknesses, see note 6. Objectives, Scope, and Methodology: No changes unless both control objectives are affected by material weakness(es). In that Situation: delete the sentences of caution on projection of the evaluation of controls to future periods that begins "Because of inherent limitations [delete rest of paragraph]..". Situation: 10. Reportable conditions (other than material weaknesses) (see paragraph 580.46) (continued on next page); Bullets: Second bullet "Although internal controls should be improved, [entity] had effective internal control over.." Significant Matters (See Note 1): For reportable conditions considered to be significant matters that should be communicated to the entity head, OMB, and the Congress (as defined in paragraph 580.52) Describe the weaknesses and indicate (1) that the weaknesses are not material weaknesses and (2) whether the weak-nesses were reported by management in the summary of FMFIA reports. For reportable conditions that are not considered to be significant matters individually (as defined in paragraph 580.52) List the weaknesses. Combine related weaknesses. Opinion or Conclusion: Opinion on Internal Control No change to the two sentences. Following that, continue "However, our work identified the need to improve certain internal control, as described above and in [identify other reports or management letters that discuss these internal control weaknesses in more detail by reference to date and GAO document number]. These weaknesses in internal control, although not considered to be material weaknesses, represent significant deficiencies in the design or operations of internal control, which could adversely affect the entity's ability to meet the internal control objectives listed above or meet OMB criteria for reporting matters under FMFIA." If reportable conditions are included as significant matters and the opinion on the financial statements is unqualified, include the following "In addition, misstatements may occur in other financial information reported by [name of entity] as a result of the internal control weakness(es) described above." If the report also includes material weaknesses, see note 6. Objectives, Scope, and Methodology: No changes. Situation: 11. The purpose was not to give an opinion on internal control and other reportable conditions were found (see paragraph 580.49) Bullets: Second bullet "No material weaknesses in internal control over financial reporting (including safeguarding assets) and compliance and its operation, although internal control should be improved." Significant Matters (See Note 1): If reportable conditions considered to be significant matters that should be communicated to the entity head, OMB, and the Congress (as defined in paragraph 580.52) were found Describe the weaknesses and indicate (1) that the weaknesses are not material weaknesses and (2) whether the weaknesses were reported by management in the summary of FMFIA reports. If reportable conditions are not considered to be significant matters individually (as defined in paragraph 580.52) List the weaknesses. Combine related weaknesses. Opinion or Conclusion: "Consideration of Internal Control "We considered internal control over financial reporting and compliance. "We do not express an opinion on internal control over financial reporting and compliance because the purpose of our work was to determine our procedures for auditing the financial statements and to comply with OMB audit guidance, not to express an opinion on internal control. However, our work identified the need to improve certain internal controls, as described above. These weaknesses in internal control, although not considered material weaknesses, represent significant deficiencies in the design or operation of internal control, which could adversely affect the entity's ability to meet the internal control objectives listed in the objectives, scope, and methodology or meet OMB criteria for reporting matters under FMFIA. A material weakness is a condition in which the design or operation of one or more of the internal control components does not reduce to a relatively low level the risk that errors, fraud, or noncompliance in amounts that would be material to the financial statements may occur and not be detected promptly by employees in the normal course of performing their duties. Our internal control work would not necessarily disclose all material weaknesses." Objectives, Scope, and Methodology: See note 8. Situation: 12. The purpose was not to give an opinion on internal control and one or a few material weaknesses were found (see paragraph 580.49) (continued on next page); Bullets: Second bullet "Material weakness(es) over [briefly describe area affected by material weakness(es), for example, reporting expenditures]." Significant Matters (See Note 1): Describe material weaknesses found and include the term "material weakness" in the description. Indicate whether each weakness was reported by management in FMFIA reports. Add the following to address the possible effects of material weaknesses on other reports "These deficiencies in internal control may adversely affect any decision by management that is based, in whole or in part, on information that is inaccurate because of the deficiencies. Unaudited financial information reported by [name of entity], including budget information, also may contain misstatements resulting from these deficiencies." Opinion or Conclusion: "Consideration of Internal Control "We considered internal control over financial reporting and compliance. "We do not express an opinion on internal control over financial reporting and compliance because the purpose of our work was to determine our procedures for auditing the financial statements and to comply with OMB audit guidance, not to express an opinion on internal control. However, we found the material weakness(es) described above. A material weakness is a condition in which the design or operation of one or more of the internal control components does not reduce to a relatively low level the risk that errors, fraud, or noncompliance in amounts that would be material to the financial statements may occur and not be detected promptly by employees in the normal course of performing their duties. Our internal control work would not necessarily disclose all material weaknesses." Objectives, Scope, and Methodology: See note 8. Situation: 13. The purpose was not to give an opinion on internal control and many material weaknesses were found (see paragraph 580.49) (continued on next page); Bullets: Second bullet "Material weaknesses in internal control that resulted in ineffective controls over [state objectives(s) affected, for example, financial reporting]." Significant Matters (See Note 1): Describe material weaknesses found and include the term "material weakness" in the description. Indicate whether each weakness was reported by management in FMFIA reports. Add the following to address the possible effects of material weaknesses on other reports "These deficiencies in internal control may adversely affect any decision by management that is based, in whole or in part, on information that is inaccurate because of the deficiencies. Unaudited financial information reported by [name of entity], including budget information, also may contain misstatements resulting from these deficiencies." Opinion or Conclusion: "Consideration of Internal Control "We considered internal control over financial reporting and compliance. "We do not express an opinion on internal control over financial reporting and compliance because the purpose of our work was to determine our procedures for auditing the financial statements and to comply with OMB audit guidance, not to express an opinion on internal control. However, we found the material weakness(es) described above, which resulted in ineffective controls over [state objective(s) affected, for example, financial reporting]. A material weakness is a condition in which the design or operation of one or more of the internal control components does not reduce to a relatively low level the risk that errors, fraud, or noncompliance in amounts that would be material to the financial statements may occur and not be detected promptly by employees in the normal course of performing their duties. Our internal control work would not necessarily disclose all material weaknesses." Objectives, Scope, and Methodology: See note 8. [End of table] Financial Management Systems' Substantial Compliance with FFMIA Requirements: Situation: 14. Lack of financial management systems' substantial compliance with FFMIA requirements (see paragraph 580.64); Bullets: Third bullet "[entity's] financial management systems did not substantially comply with the requirements of FFMIA." Significant Matters (See Note 1): Describe instances of lack of substantial compliance of financial management systems with federal financial management systems requirements, federal accounting standards, or the SGL at the transaction level. Indicate whether each instance was reported by management in FMFIA reports. In addition, as required by FFMIA, identify the entity or organization responsible for the systems found not to comply include the nature and extent of the noncompliance, areas in which there was substantial but not full compliance, primary reason or cause, and relevant management comments and make recommendations (in the recommendation section) and set time frames for implementing recommendations. Opinion or Conclusion: Systems' Compliance With FFMIA Requirements "Our work disclosed instances, described above, in which [entity's] financial management systems did not substantially comply with [specify the requirements where a lack of substantial compliance was found, such as federal financial management systems requirements or the U.S. Government Standard General Ledger at the transaction level]." See section 595A, footnote 2, re reporting on other requirements. Objectives, Scope, and Methodology: Add "Our work on FFMIA would not necessarily disclose all instances of lack of substantial compliance with FFMIA requirements.". [End of table] Compliance with Laws and Regulations: Situation: 15. Scope limitation --some laws could not be tested (see paragraph 580.73); Bullets: Fourth bullet "No reportable noncompliance with laws and regulations we tested however, we could not test compliance with certain laws we considered necessary because of limitations on the scope of our work." Significant Matters (See Note 1): Describe significant scope limitations, including a list of the laws not tested. Opinion or Conclusion: "Compliance With Laws and Regulations "Our tests for compliance with selected provisions of laws and regulations disclosed no instances of noncompliance that would be reportable under U.S. generally accepted government auditing standards or OMB audit guidance however, as discussed above, we could not test for compliance with all the laws we considered necessary." Objectives, Scope, and Methodology: Exclude laws not tested from list of laws. After the last sentence add "We considered the limitations on the scope of our work in forming our conclusions." Situation: 16. Scope limitation --all laws could not be tested-- disclaimer (see paragraph 580.73); Bullets: Fourth bullet "We were unable to test [entity's] compliance with laws and regulations because of limitations on the scope of our work." Significant Matters (See Note 1): Describe scope limitation. Conclude with "Because of this limitation on the scope of our work, we were unable to test [entity's] compliance with laws and regulations." Opinion or Conclusion: Compliance With Laws and Regulations Omit statement regarding compliance with laws and regulations. Replace with "We were unable to test for compliance with the laws we considered necessary accordingly, we are unable to report on the entity's compliance with laws and regulations." Omit the last two sentences. Objectives, Scope, and Methodology: Delete all references to the auditor's responsibility for testing compliance with laws and regulations and how that responsibility was fulfilled. (See note 4.). Situation: 17. Material noncompliance with laws and regulations (see paragraph 580.68) Bullets: Fourth bullet "Reportable noncompliance with laws and regulations we tested." Significant Matters (See Note 1): Describe the material noncompliance and place the findings in proper perspective to give readers a basis for judging the prevalence and consequences of the conditions. Although it is not necessary to use the word "material," a fuller description is necessary than for reportable noncompliance that is not material. Opinion or Conclusion: Compliance with Laws and Regulations "Except as noted above, our tests for compliance with the provisions of selected laws and regulations disclosed no other instances of noncompliance that would be reportable under U.S. generally accepted government auditing standards or OMB audit guidance." [Continue paragraph with last two sentences.] Objectives, Scope, and Methodology: No changes. Situation: 18. Reportable noncompliance (other than material noncompliance)(see paragraph 580.69); Bullets: Fourth bullet "Reportable noncompliance with laws and regulations we tested." Significant Matters (See Note 1): For noncompliance that is considered to be a significant matter that should be communicated to the entity head, OMB, and the Congress Describe the noncompliance. Indicate that the noncompliance is not material to the financial statements. For reportable noncompliance that is not considered to be significant List the noncompliance. Combine related instances of noncompliance. Opinion or Conclusion: Compliance With Laws and Regulations "Except as noted above, our tests for compliance with selected provisions of laws and regulations disclosed no other instances of noncompliance that would be reportable under U.S. generally accepted government auditing standards or OMB audit guidance." [Continue paragraph with last two sentences.] Objectives, Scope, and Methodology: No changes. [End of table] Consistency of Other Information (MD&A (Overview), Required Supplementary Information (including Stewardship Information), and Other Accompanying Information): Situation: 19. Material inconsistency between other information and financial statements (see paragraph 580.79) Bullets: No changes. Significant Matters (See Note 1): Describe material inconsistency. Opinion or Conclusion: Consistency of other information Omit statement that we found no material inconsistencies. Add "As discussed above, the [list type(s) of other information in the Accountability Report (or annual financial statement)--MD&A (or overview), required supplementary information (including stewardship information), other accompanying information--that is not consistent with the financial statements] is inconsistent with the financial statements." If certain type(s) of information are consistent, add "Otherwise, we found no other material inconsistencies with the financial statements and the [state type(s) of information not affected] or nonconformance with OMB guidance." Objectives, Scope, and Methodology: No changes. Situation: 20. Nonconformance of other information with OMB guidance (see paragraph 580.79); Bullets: No changes. Significant Matters (See Note 1): Describe nonconformance with OMB guidance. Opinion or Conclusion: Consistency of other information Omit statement that we found no nonconformance with OMB guidance. Add "As discussed above, the [list the type(s) of other information in the Accountability Report (or annual financial statement)--MD&A (or overview), required supplementary information, or other accompanying information--that is not in conformity] does not conform with OMB guidance." If certain type(s) of other information conforms to OMB guidance, add "Otherwise, we found no other material inconsistencies with the financial statements or nonconformance of the [state type(s) of information not affected] with OMB guidance." Objectives, Scope, and Methodology: No changes. Situation: 21. Any Situation: that caused the auditor to modify the report on the financial statements, internal control, or compliance with laws and regulations that also affects other information (see paragraph 580.80) Bullets: No changes. Significant Matters (See Note 1): In the discussion of the Situation: include the effects on the other information in the Accountability Report. Opinion or Conclusion: Consistency of other information Omit statement that we found no inconsistency or nonconformance (or modify to refer only to unaffected type(s) of other information in the Accountability Report--MD&A (overview), required supplementary information, or other accompanying information ) if considered to be misleading in light of the particular Situation: . Omit statement that we found no inconsistencies or nonconformance if there is a scope limitation that resulted in a disclaimer of a report on the financial statements. Objectives, Scope, and Methodology: If a scope limitation on the work on the principal statements, internal control, or compliance with laws and regulations results in the omission of the statement that we found no inconsistency of other information, delete all references to the auditor's responsibility for this other information and how we fulfilled that responsibility. (See note 5.). [End of table] Note 1: Significant matters: If a significant matters section is included in the auditor's report, add the following statement in quotation marks to the introduction immediately preceding "The following sections describe..": "Described below are significant matters considered in performing our audit and forming our conclusions.": Note 2: Disclaimer due to a scope limitation on financial statements: In the "Objectives, Scope and Methodology" section delete the following words in quotation marks. We are responsible for obtaining reasonable assurance about whether "(1)the financial statements are presented fairly, in all material respects, in conformity with generally accepted accounting principles], and (2)" [continue with rest of paragraph]. Delete the following: " (1) examined, on a test basis, evidence supporting the amounts and disclosures in the financial statements, (2) assessed the accounting principles used and significant estimates made by management, (3) evaluated the overall presentation of the financial statements,": Add the following words in quotation marks: We performed our work in accordance with U.S. generally accepted government auditing standards and OMB audit guidance. "We considered the limitations on the scope of our work in forming our conclusions.": Note 3: Disclaimer of opinion on internal control due to a scope limitation: In the ":Objectives, Scope, and Methodology" section, delete the following words in quotations marks: We are responsible for obtaining reasonable assurance about whether "(1)" the financial statements are presented fairly, in all material respects, in conformity with generally accepted accounting principles "and (2) management maintained effective internal control, the objectives of which are the following: * Financial reporting: Transactions are properly recorded, processed, and summarized to permit the preparation of financial statements and stewardship information in conformity with generally accepted accounting principles, and assets are safeguarded against loss from unauthorized acquisition, use, or disposition. * Compliance with laws and regulations: Transactions are executed in accordance with laws governing the use of budget authority and with other laws and regulations that could have a direct and material effect on the financial statements and any other laws, regulations, and governmentwide policies identified by OMB audit guidance." [continue with rest of paragraph] Delete the following: "(4)obtained an understanding of internal control related to financial reporting (including safeguarding assets), compliance with laws and regulations (including execution of transactions in accordance with budget authority), and performance measures reported in Management's Discussion and Analysis (or the overview) of the Accountability Report; (5)tested relevant internal controls over financial reporting (including safeguarding assets), compliance, and evaluated the design and operating effectiveness of internal control; (6)considered the process for evaluating and reporting on internal control and financial management systems under the Federal Managers' Financial Integrity Act of 1982," ..[continue with rest of paragraph] "We did not evaluate all internal controls relevant to operating objectives as broadly defined by FMFIA, such as those controls relevant to preparing statistical reports and ensuring efficient operations. We limited our internal control testing to those controls over financial reporting and compliance. Because of inherent limitations in internal control, misstatements due to error or fraud, losses, or noncompliance may nevertheless occur and not be detected. We also caution that projecting our evaluation to future periods is subject to the risk that controls may become inadequate because of changes in conditions or that the degree of compliance with controls may deteriorate.": Add the following words in quotation marks: We performed our work in accordance with U.S. generally accepted government auditing standards and OMB audit guidance. "We considered the limitations on the scope of our work in forming our conclusions.": Note 4: Disclaimer of a report on compliance with laws and regulations due to a scope limitation: In the objectives, scope and methodology section, delete the following words in quotation marks: We are also responsible for "(1)" testing whether [entity's] financial management systems substantially comply with the three FFMIA requirements, "(2) testing compliance with selected provisions of laws and regulations that have a direct and material effect on the financial statements and laws for which OMB audit guidance requires testing," and "(3)" performing limited procedures with respect to certain other information appearing in the Accountability Report. Delete the following: "(8)tested compliance with selected provisions of the following laws and regulations [do not list any laws and regulations].": Add the following words in quotation marks: We performed our work in accordance with U.S. generally accepted government auditing standards and OMB audit guidance. "We considered the limitations on the scope of our work in forming our conclusions.": Note 5: Disclaimer of a report on the financial statements, internal control, or compliance with laws and regulations: If scope limitations on our work on the financial statements, internal control, or compliance with laws and regulations result in the omission of the statement that we found no inconsistency of other information, delete the following words in quotation marks from the objectives, scope, and methodology section: We are also responsible for .. "and (3) performing limited procedures with respect to certain other information appearing in the Accountability Report.": Add the following words in quotation marks: We performed our work in accordance with U.S. generally accepted government auditing standards and OMB audit guidance. "We considered the limitations on the scope of our work in forming our conclusions.": Note 6: Reporting both material weaknesses and other reportable conditions in the significant matters section: If both material weaknesses and other reportable conditions are included in the significant matters section, the opinion on internal control should include the changes for material weaknesses first, and then should continue with an additional paragraph for reportable conditions that begins "Our work also identified the need to improve certain internal controls..": Note 7: Explanatory paragraphs: Explanatory paragraphs may be included in either the significant matters section or the opinion section of the report as discussed in paragraph 580.26. Note 8:No management assertion about the effectiveness of internal control: In the objectives, scope, and methodology section, delete the following words in quotations marks: We are responsible for obtaining reasonable assurance about whether "(1)" the financial statements are presented fairly, in all material respects, in conformity with generally accepted accounting principles "and (2) management maintained effective internal control, the objectives of which are the following: * Financial reporting: Transactions are properly recorded, processed, and summarized to permit the preparation of financial statements and stewardship information in conformity with generally accepted accounting principles, and assets are safeguarded against loss from unauthorized acquisition, use, or disposition. * Compliance with laws and regulations: Transactions are executed in accordance with laws governing the use of budget authority and with other laws and regulations that could have a direct and material effect on the financial statements and any other laws, regulations, and governmentwide policies identified by OMB audit guidance." .. [continue with rest of paragraph] Insert the following words in quotation marks into the sentence following the objectives: We are also responsible for "obtaining a sufficient understanding of internal control over financial reporting and compliance to plan the audit and for" testing compliance with .. Add the following sentence at the end of the paragraph that begins, "We did not evaluate all internal controls..": "In addition, we caution that our internal control testing may not be sufficient for other purposes.": [End of section] 595 C - EXAMPLE SUMMARY OF POSSIBLE ADJUSTMENTS: [See PDF for image] [End of table] [End of section] 595 D - EXAMPLE SUMMARY OF UNADJUSTED MISSTATEMENTS: .01: The Summary of Unadjusted Misstatements, as discussed in paragraph 540.09, is used to accumulate known and likely misstatements that are identified by the auditor but not corrected by the entity in the principal statements. The source of these unadjusted misstatements is the Summary of Possible Adjustments (section 595 C). [See PDF for image] [End of table] FOOTNOTES [1] The auditor may include certain other matters in this section as discussed in paragraphs 580.26-.27. [2] If the auditor finds no material weaknesses in internal control, the auditor may express an opinion on management's assertion, rather than opining directly on internal control. [3] This definition is used to determine whether a material weakness exists. Abbreviated language is used in an opinion report (see section 595 A). [4] If the auditor does not express an opinion on internal control, the following should replace the second bullet: "* no material weaknesses in internal control over financial reporting (including safeguarding assets) and compliance with laws and regulations," [5] Specific guidance for FFMIA reporting will be provided in the future. OMB and GAO are reviewing this reporting issue and FFMIA implementation generally, which may result in revision to OMB Bulletin No. 01-02 and additional guidance in the FAM. [6] This list assumes the entity follows GAAP issued by FASAB. If the entity follows GAAP issued by FASB (government corporations and others such as the U.S. Postal Service), modify the list accordingly. [7] If the auditor does not express an opinion on internal control, this section should be replaced with the following: "Consideration of Internal Control "In planning and performing our audit, we considered [entity's] internal control over financial reporting and compliance. [Here the auditor should include a footnote stating the objectives of internal control, which are reasonable assurance that the two bullets in the objectives, scope, and methodology section are achieved.] We did this to determine our procedures for auditing the financial statements and to comply with OMB audit guidance, not to express an opinion on internal control. Accordingly, we do not express an opinion on internal control over financial reporting and compliance. However, for the controls we tested, we found no material weaknesses in internal control over financial reporting (including safeguarding assets) and compliance. A material weakness is a condition in which the design or operation of one or more of the internal control components does not reduce to a relatively low level the risk that errors, fraud, or noncompliance in amounts that would be material to the financial statements may occur and not be detected promptly by employees in the normal course of performing their duties. Our internal control work would not necessarily disclose all material weaknesses." [8] See footnote 2. [9] If the auditor does not express an opinion on internal control, delete the numbers in parentheses, put a period after "generally accepted accounting principles," and delete the rest of the sentence including the two bullets. [10] If the auditor does not express an opinion on internal control, insert the following after the "for," "(1) obtaining a sufficient understanding of internal control over financial reporting and compliance to plan the audit," and renumber the following phrases. [11] If the auditor does not express an opinion on internal control, add at the end of this paragraph, "In addition, we caution that our internal control testing may not be sufficient for other purposes." [End of section] CONTENTS - PART II - TOOLS: 600: PLANNING AND GENERAL: 601: Introduction to Part II - Tools: 650: Using the Work of Others: 650 A: Summary of Audit Procedures and Documentation for Review of Other Auditors' Work: 650 B: Example Audit Procedures for Using the Work of Others: 650 C: Example Reports When Using the Work of Others: 660: Agreed-Upon Procedures: 660 A: Example Agreed-Upon Procedures Engagement Letter: 660 B: Example Representation Letter from Responsible Entity on Agreed- Upon Procedures Engagement: 660 C: Agreed-Upon Procedures Completion Checklist: 660 D: Example Agreed-Upon Procedures Report: 700: INTERNAL CONTROL (See also section 900). 701: Assessing Compliance of Agency Systems with the Federal Financial Management Improvement Act (FFMIA): 701 A: Example Audit Procedures for Testing Compliance with FFMIA: 701 B: Summary Schedule of Instances of Noncompliance with FFMIA: 800: COMPLIANCE: 801: Reserved: 802: General Compliance Checklist: 803: Antideficiency Act: 804: Reserved: 805: Reserved: 806: Reserved: 807: Reserved: 808: Federal Credit Reform Act of 1990: 809: Provisions Governing Claims of the U.S. Government (31 U.S.C. 3711-3720E) (Including the Debt Collection Improvement Act of 1996) (DCIA): 810: Prompt Payment Act: 811: Reserved: 812: Pay and Allowance System for Civilian Employees, as Provided Primarily in Chapters 51-59 of Title 31, U.S. Code: 813: Civil Service Retirement Act: 814: Federal Employees Health Benefits Act: 815: Reserved: 816: Federal Employees' Compensation Act: 817: Federal Employees' Retirement System Act of 1986: 900: SUBSTANTIVE TESTING: 901: Reserved: 902: Related Parties, Including Intragovernmental Activity and Balances: 902 A: Example Account Risk Analysis for Intragovernmental Activity and Balances: 902 B: Example Specific Control Evaluation for Intragovernmental Accounts: 902 C: Example Audit Procedures for Intragovernmental and Other Related Parties' Activity and Balances: 903: Auditing Cost Information: 921: Auditing Fund Balance with Treasury (FBWT): 921 A: Treasury Processes and Reports Related to FBWT Reconciliation: 921 B: Example Account Risk Analysis for Fund Balance with Treasury: 921 C: Example Specific Control Evaluation for Fund Balance with Treasury: 921 D: Example Audit Procedures for Fund Balance with Treasury: 1000: REPORTING: 1001: Management Representations: 1001 A: Example Management Representation Letter: 1002: Inquiries of Legal Counsel: 1002 A: Example Audit Procedures for Inquiries of Legal Counsel: 1002 B: Example Legal Letter Request: 1002 C: Example Legal Representation Letter: 1002 D: Example Management Summary Schedule: 1003: Financial Statement Audit Completion Checklist: 1004: Checklist for Reports Prepared Under the CFO Act: 1005: Subsequent Events Review: 1006: Reserved: (For Related Parties, see section 902): [End of section] SECTION 600: Planning and General: 601 - INTRODUCTION TO PART II-TOOLS: .01: Part II of the GAO/PCIE Financial Audit Manual (FAM) consists of tools to assist the auditor[Footnote 1] in performing a financial statement audit. These tools are generally organized according to the phases of the audit: tools in section 600 deal with the planning phase and general issues; section 700, the internal control phase; section 800, compliance; section 900, substantive testing; and section 1000, the reporting phase. .02: Many of the tools in the various sections include activities that would be performed during other phases of the audit. Thus, the auditor should refer to the sections in part II early in the audit. For example, section 701, Assessing Compliance of Agency Systems with the Federal Financial Management Improvement Act, includes procedures that would be performed throughout the audit, not just during the internal control phase, although many of them would be performed then. Also, section 902, Related Parties, Including Intragovernmental Activity and Balances, has procedures that the auditor may decide to perform in the planning and internal control phases of the audit as well as during the testing phase. .03: The audit procedures presented in the examples in this and other sections of part II (tools) of the GAO/PCIE FAM are examples of some of the audit steps typically performed in each area. They should be used in conjunction with the appropriate FAM sections. In using these procedures, the auditor should use judgment to add additional procedures, delete irrelevant procedures, modify procedures, indicate the extent and timing of procedures, and change the terminology to that used by the audited entity. The auditor may integrate these steps with the audit programs for related line items. For example, tests of intragovernmental activity and balances (section 902) may be integrated with tests of accounts receivable and payable, and, to improve efficiency, the auditor may coordinate those tests with related nonintragovernmental activity and balances. [End of section] 650-USING THE WORK OF OTHERS: .01: In many audits, the auditor uses the work and reports of other auditors and specialists. Other auditors include CPA firms, Inspectors General, state auditors, and internal auditors. Specialists include actuaries and information systems auditors. The audit organization may contract with a CPA firm to perform parts of or the entire audit. The audit organization should use FAM 650 to design and perform appropriate oversight and other procedures to use the work of other auditors and specialists. (The audit organization using the work of other auditors and specialists is referred to below as "the auditor.") This section provides guidance on using the work of other auditors and specialists and the nature and extent of procedures the auditor should perform. .02: Various professional standards provide guidance in this area. These standards include AU 543, "Part of Audit Performed by Other Independent Auditors"; AU 322, "The Auditor's Consideration of the Internal Audit Function in an Audit of Financial Statements"; AU 336, "Using the Work of a Specialist";[Footnote 2] and AU 315 (SAS No. 84), "Communication Between Predecessor and Successor Auditors." These standards have different requirements depending on whether the other organization is an independent auditor, an internal auditor, or a specialist. .03: The auditor may use the work of other auditors and specialists in various situations, for example: * audits by Inspectors General or CPA firms in accordance with the GAO/ PCIE FAM; * CPA firms or specialists hired to do parts of an audit (for example, review information systems controls, review actuarial calculations, test specific accounts); * single audits or audits of federal funds performed by state auditors and CPA firms; * work performed by internal auditors; and: * internal audit staff who provide direct assistance to the auditor. .04: AU 543.13 states: "In some circumstances the principal auditor may consider it appropriate to participate in discussions regarding the accounts with management personnel of the component whose financial statements are being audited by other auditors and/or to make supplemental tests of such accounts. The determination of the extent of additional procedures, if any, to be applied rests with the principal auditor alone in the exercise of his professional judgment and in no way constitutes a reflection on the adequacy of the other auditor's work. Because the principal auditor in this case assumes responsibility for his opinion on the financial statements on which he is reporting without making reference to the audit performed by the other auditor, his judgment must govern as to the extent of procedures to be undertaken.": .05: The above paragraph makes clear that the principal auditor exercises considerable judgment in deciding what procedures are necessary to use the work of the other auditor. FAM 650 provides guidance in making the judgments necessary to use the work of others. These judgments include: * the type of reporting (see paragraphs 650.09-.10), * the auditor's evaluation of the other auditors' or specialists' independence and objectivity (see paragraphs 650.11-.24), * the auditor's evaluation of the other auditors' or specialists' qualifications (see paragraphs 650.25-.35), and: * the auditor's determination of the level of review (see paragraphs 650.36-.41). .06: The auditor should coordinate with other auditors whose work he or she wishes to use. In turn, the other auditor should consider the needs of auditors who plan to use the work being performed so that the judgments exercised by both auditors could satisfy the needs of both. This is best done before major work is started. For example, auditors of a consolidated entity (such as the U.S. government or an entire department or agency) are likely to plan to use the work of auditors of subsidiary entities (such as individual departments and agencies or bureaus and components of a department). This coordination can result in more economy, efficiency, and effectiveness of government audits in general and avoid duplication of effort. In addition, the coordination needs to be ongoing throughout the audit so that the timing needs of both the auditor and the other auditors are met. The other auditors should make their audit documentation available for review by the auditor on an ongoing basis during the audit. .07: In this coordination, the auditor should inform the other auditor how his or her work and report will be used. AU 543.07 indicates that if the auditor's report will name the other auditor, the auditor should obtain permission to do so and should present the other auditor's report together with the principal auditor's report. For CPA firms, this permission may be obtained through the contracting process. The auditor also should provide the other auditors a draft of the report as a courtesy. .08: When there is a difference of opinion between the two auditors, the principal auditor generally should confer with the other auditor to reach agreement with him or her as to the procedures necessary to satisfy both auditors' professional judgments. If both auditors are unable to reach agreement, see paragraphs 650.54 to .56. Section 650 B contains example audit procedures for using the work of others, which depend on the judgments made. TYPES OF REPORTING: .09: There are various types of reporting when using the work of other auditors and specialists. The type of reporting depends on the degree of responsibility the auditor accepts and the work performed by the auditor. Factors for the auditor to consider in deciding which type of reporting to use include the amount of assurance the auditor wishes to provide, legal requirements, and cost-benefit considerations. The degree of resources required varies by type of report and generally increases in the order presented below. The type of reporting should be decided in planning the job and generally should be discussed with the other auditors or specialists. In deciding the type of reporting, the auditor should consider AU 504.03, which states that an auditor is "associated with financial statements when he has consented to the use of his name in a report, document, or written communication containing the statements." (Section 650 C contains examples of wording for two types of reporting.) The types of reporting are as follows. a. No association with report--In this situation, the other auditors' or specialists' report is provided directly to the auditee and/or to significant users. The auditor may use this method when the auditor merely procures the audit but is not acting as "the auditor." For example, if there is no legal requirement for a separate report by the auditor, the user does not need a separate report from the auditor, and a separate report would provide no additional information. When the auditor is required by law to perform the audit, he or she should not use this option since he or she is associated with the report. b. Auditor transmittal letter--There are two types of transmittal letters, one expressing no assurance and one expressing negative assurance on the other auditors' work. For either type, the auditor is associated with the financial statements as described in AU 504. The fourth standard of reporting states, (in the last sentence) "where an auditor's name is associated with financial statements, the report should contain a clear-cut indication of the character of the auditor's work, if any, and the degree of responsibility the auditor is taking." Because the auditor did not perform an audit, the auditor should disclaim an opinion and should not express concurrence with the other auditors' opinion. The auditor may use this approach when there is no legal requirement for the auditor to express an opinion or concurrence but the auditor is required to or wants to issue a report or letter. The auditor may expand the letter to highlight certain findings or information or to indicate that certain procedures were performed. See example 1 of section 650 C for wording for both types of transmittal letters. * Auditor transmittal letter expressing no assurance--For this letter, the auditor issues a transmittal letter without reviewing the other auditors' documentation. In these situations, the transmittal should be clear as to the limitations of the auditor's work. The auditor still has the responsibility to monitor any contract and meet the requirements of the IG Act, as amended, CFO Act, and Accountability of Tax Dollars Act of 2002, if applicable. * Auditor transmittal letter expressing negative assurance--This letter indicates that the auditor reviewed the other auditors' or specialists' report and related documentation and inquired of their representatives and states that the auditor found no instances where the other auditors did not comply, in all material respects, with Government Auditing Standards (GAGAS). c. The auditor issues a report that refers to other auditors' reports and indicates a division of responsibilities--To use this approach, the auditor has two decisions to make: (1) whether the auditor may serve as the principal auditor (AU 543.01-.03) and (2) whether the auditor should refer to the work of the other auditors (AU 543.01-.10). The auditor should exercise considerable judgment in making these decisions and should document the basis for the decisions. One consideration the auditor may use in deciding whether the auditor is the principal auditor is whether the auditor has sufficient knowledge of the entire entity, including portions audited by other auditors. Another consideration is the materiality and importance of the consolidated assets, liabilities, expenses, revenues, or net position he or she has not audited. The auditor may issue a report that refers to other auditors when (1) the other auditors have reported on financial statements for a component entity that is part of the entity whose financial statements the auditor is reporting on and (2) the auditor does not wish to take responsibility for the other auditors' work. (See AU 543.09 for example wording. This approach may be used only for CPA firms or for other auditors who are organizationally independent [see paragraph 650.14]; it may not be used for internal auditors or specialists.) However, if the reader of the report could question the basis for the principal auditor issuing the opinion because of the significant materiality and importance of the portion of the financial statements audited by the other auditors, the auditor should consider whether there is a need to issue a report that does not mention the other auditors' work, which may require additional work (see 650.09 e below). d. The auditor issues a report that expresses concurrence with the other auditors' report and conclusions--The auditor may use this approach when other auditors have reported on financial statements and the auditor needs or wants to provide more assurance than what is provided by the transmittal letter.[Footnote 3] Expressing concurrence means that the auditor would have reached the same opinion or conclusion had he or she done the audit. Therefore, the auditor needs to do the same level of work as he or she would have done to take responsibility for the other auditor's work.[Footnote 4] The auditor usually accomplishes this by (1) reviewing the audit documentation and (2) having discussions with entity management and/or performing supplemental tests. See example 2 in section 650 C for report wording. This approach may be used only for CPA firms or for other auditors who are organizationally independent (see paragraph 650.14). This report should not be used for specialists, since AU 336.15 prohibits reference to a specialist's report unless the auditor issues a qualified or adverse opinion or a disclaimer of opinion based on the specialist's work. This approach also should not be used for internal auditors. AU 322.19 notes that the responsibility to report on the financial statements rests with the auditor and cannot be shared with internal auditors.[Footnote 5] e. The auditor issues a report that does not mention the other auditors' or specialists' work--In this situation, the auditor issues the report in section 595 A and/or B (as if no other auditors or specialists were involved). This means the auditor takes responsibility for the other auditors' or specialists' work. (See 650.09 c above for a discussion of principal auditor issues.) The auditor may use this approach when the other auditors have done part of the audit; the approach also may be used when the other auditors have done substantially the entire audit.[Footnote 6] The auditor usually accomplishes this by (1) reviewing the audit documentation and (2) having discussions with entity management and/or performing supplemental tests. The auditor also should use this approach when using the work of specialists and internal auditors, because professional standards do not permit referring to specialists' or internal auditors' work (unless, for specialists, the auditor issues a qualified or adverse opinion or a disclaimer of opinion based on the specialist's work). GAO uses this approach in the audit of the consolidated financial statements of the United States Government. .10: The following chart presents an overview of the work the auditor generally should perform for each type of report or letter. "Yes" means some of that category of work generally should be performed. "No" means that the category is generally not required for the report or letter. The extent of work in each category depends on the auditor's judgment. See paragraph 650.36 for discussion on level of review. Type of reporting: No association with report (paragraph 650.09 a): Auditor transmittal letter expressing no assurance (paragraph 650.09 b, first bullet): Evaluate the other auditors' independence and objectivity (paragraphs 650.11-.24): No[A]; Evaluate the other auditors' qualifications (paragraphs 650.25-.35): No; Level of Review (paragraphs 650.36-.42): None; Hold discussions and/or perform supplemental tests (paragraphs 650.43-.47): No. Type of reporting: Auditor transmittal letter expressing no assurance (paragraph 650.09 b, first bullet): Evaluate the other auditors' independence and objectivity (paragraphs 650.11-.24): Yes; Evaluate the other auditors' qualifications (paragraphs 650.25-.35): Yes; Level of Review (paragraphs 650.36-.42): Low or none; Hold discussions and/ or perform supplemental tests (paragraphs 650.43-.47): No. Type of reporting: Auditor transmittal letter expressing negative assurance (paragraph 650.09 b, second bullet): Evaluate the other auditors' independence and objectivity (paragraphs 650.11-.24): Yes; Evaluate the other auditors' qualifications (paragraphs 650.25-.35): Yes; Level of Review (paragraphs 650.36-.42): Moderate or low; Hold discussions and/or perform supplemental tests (paragraphs 650.43-.47): No. Type of reporting: Report refers to the other auditors' report and indicates a division of responsibilities (paragraph 650.09 c): Evaluate the other auditors' independence and objectivity (paragraphs 650.11-.24): Yes; Evaluate the other auditors' qualifications (paragraphs 650.25-.35): Yes; Level of Review (paragraphs 650.36-.42): Low or None; Hold discussions and/or perform supplemental tests (paragraphs 650.43-.47): No. Type of reporting: Report concurs with the other auditors' report or does not mention the other auditors' work (paragraph 650.09 d and e): Evaluate the other auditors' independence and objectivity (paragraphs 650.11-.24): Yes; Evaluate the other auditors' qualifications (paragraphs 650.25-.35): Yes; Level of Review (paragraphs 650.36-.42): High, moderate or low; Hold discussions and/or perform supplemental tests (paragraphs 650.43-.47): Yes for internal auditors' work (should include supplemental tests); Yes for auditors' work for high level of review; No for auditor's work for moderate or low level of review. [A] If the auditor contracts with the other auditors, the contracting process generally will require the auditor to evaluate the other auditors' independence, objectivity, and qualifications and to monitor performance under the contract. [End of table] EVALUATING THE OTHER AUDITORS' OR SPECIALISTS' INDEPENDENCE AND OBJECTIVITY: .11: Unless the auditor has no association with the report, the auditor should evaluate the other auditors' or specialists' independence and objectivity. Where the auditor has previously used the work of the same other auditors, the auditor generally should update the previous evaluation. GAGAS 3.11 indicates that audit organizations and individual auditors should be free from personal and external impairments to independence, should be organizationally independent, and should maintain an independent attitude and appearance. The auditor should first evaluate organizational independence. Different standards apply to CPA firms, other organizationally independent auditors, internal auditors, and specialists. .12: For CPA firms and specialists, the contracting process is designed to select a firm that is independent and objective. The statement of work or request for proposal should ask the firms to represent that they are independent and objective with respect to the auditee and should request the firms to describe in their proposals all work, including nonaudit services, they have done for the auditee in the last several years (see GAGAS Amendment No. 3, Independence, and Answers to Independence Questions). The technical evaluation panel should evaluate whether the nature and extent of this work or other factors cause an independence or objectivity issue. In this evaluation, the panel may consider, for example, whether (1) the other auditors will need to audit their own work or (2) whether the other auditors made management decisions or performed management functions. .13: If possible,[Footnote 7] the auditor should have a role in contracting for the CPA firm or specialist. When the auditor does not participate in contracting for the CPA firm or specialist, the auditor generally should obtain an overview of the contracting process; this generally should include reading the statement of work or request for proposal and the proposal of the firm selected, and understanding the evaluations of the panel selecting the firm. The auditor should determine whether the firm provided a representation as to independence and objectivity (usually in its proposal). If the firm has not provided a representation as to independence and objectivity, the auditor should obtain a representation from the firm. If the auditor is not familiar with the firm, the auditor should inquire of professional organizations (such as the American Institute of Certified Public Accountants or the Public Company Accounting Oversight Board established by the Sarbanes- Oxley Act of 2002) as to the firm's professional reputation and standing. .14: For government auditors, the auditor should decide whether the other audit organization is organizationally independent to report externally or whether it should be considered an internal audit organization. The auditor may refer to the work of organizationally independent government auditors but should not refer to the work of internal audit organizations in the audit report; generally more extensive review and supervision are necessary when dealing with internal auditors. The auditor should obtain written representations from the head of the government audit organization that to the best of his or her knowledge, the organization and the individual auditors doing the work are independent of the entity being audited. This means that the individual auditors are free of personal impairments to independence and maintain an independent attitude and appearance; it also means that the organization is free from external impairments and is organizationally independent (see GAGAS 3.11). The representation letter may indicate the general criteria for determining independence, such as "under the criteria in GAGAS." The representations should be for the period of the financial statements to the date of the other auditors' report. Since the decision on the independence and objectivity of the other auditors is needed to plan the auditor's work, the auditor generally should obtain oral representations early in the audit, with written representations at the end of the audit.[Footnote 8] .15: Government auditors may be presumed to be free from organizational impairments to independence when reporting externally to third parties if their audit organization is organizationally independent of the audited entity. Government audit organizations may meet the requirement for organizational independence in a number of ways. There is a presumption that a government audit organization is organizationally independent (GAGAS 3.30.1) if the audit organization is: a. "assigned to a level of government other than the one to which the audited entity is assigned (federal, state, or local), for example, a federal auditor auditing a state government program, or: b. "assigned to a different branch of government within the same level of government as the audited entity, for example, a legislative auditor auditing an executive branch program.": .16: There is also a presumption of organizational independence if the head of the audit organization (GAGAS 3.30.2) meets one of the following: a. "is directly elected by voters of the jurisdiction being audited, b. "is elected or appointed by a legislative body, subject to removal by a legislative body, and reports the results of audits to and is accountable to a legislative body, c. "is appointed by someone other than a legislative body, so long as the appointment is confirmed by a legislative body and removal from the position is subject to oversight or approval by a legislative body, and reports the results of audits to and is accountable to a legislative body, or: d. "is appointed by, accountable to, reports to, and can only be removed by a statutorily created governing body, the majority of whose members are independently elected or appointed and come from outside the organization being audited.": .17: If the other audit organization or its head meets one of the above criteria, the auditor need not perform any procedures concerning organizational independence other than to obtain a representation letter from the head of the audit organization as noted in paragraph 650.14 (see paragraph 650.23 for tests of personal independence). However, if the auditor encounters evidence that the audit organization might not be organizationally independent, the auditor should consider the need for inquiries and other procedures; the auditor should then evaluate the results of these procedures. .18: In addition to the presumptive criteria, GAGAS recognize that there may be other organizational structures under which a government audit organization could be free from organizational impairments. These other structures should provide sufficient safeguards to prevent the audited entity from interfering with the audit organization's ability to perform the work and report the results impartially. For the audit organization to be considered free from organizational impairments to report externally under a structure different from the ones listed above, the audit organization (GAGAS 3.30.3) should have all of the following safeguards: a. "statutory protections that prevent the abolishment of the audit organization by the audited entity, b. "statutory protections that require that if the head of the audit organization is removed from office, the head of the agency should report this fact and the reasons for the removal to the legislative body, c. "statutory protections that prevent the audited entity from interfering with the initiation, scope, timing, and completion of any audit, d. "statutory protections that prevent the audited entity from interfering with the reporting on any audit, including the findings, conclusions, and recommendations, or the manner, means, or timing of the audit organization's reports, e. "statutory protections that require the audit organization to report to a legislative body or other independent governing body on a recurring basis, f. "statutory protections that give the audit organization sole authority over the selection, retention, and dismissal of its staff, and: g. "statutory access to records and documents that relate to the agency, program, or function being audited.": .19: If the head of the audit organization concludes that the organization has all the safeguards listed above, the audit organization may be considered free from organizational impairments to independence when reporting externally. The audit organization should document the statutory provisions in place that provide these safeguards. The external quality assurance reviewer will review these provisions to determine whether the necessary safeguards are present. .20: The auditor using the work of other auditors who meets these requirements should request a representation letter (see paragraph 650.14) from the head of the audit organization; the auditor should review the above documentation and discuss it with the head of the audit organization. He or she also may discuss the matter with the external quality assurance reviewer, legal counsel for the audit organization, and his or her own legal counsel. .21: If the auditor decides that the government audit organization is not organizationally independent to report externally (either because it does not meet the criteria in GAGAS or for another reason), the auditor should determine whether the other auditors are organizationally independent to report internally. These auditors are internal auditors. The Institute of Internal Auditors' (IIA) Standards for the Professional Practice of Internal Auditing defines internal auditing as "an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes." GAGAS contain guidance on organizational independence for government internal auditors. For example, internal auditors should be outside the staff or line management function of the unit under audit. They should report their results and be accountable to the head or deputy of their agency. IIA standards require internal auditors to be objective for the activities they audit. These GAGAS and IIA standards of independence for internal auditors differ from independence under the AICPA Code of Professional Conduct or independence for external auditors under GAGAS. The auditor generally should determine whether the internal auditors whose work is to be used are independent of the activities they audit. The auditor also should consider the organizational status of the head of the audit organization, including (GAGAS 3.30.5) whether the head: * "is accountable to the head or deputy head of the government entity; * "is required to report the results of the audit organization's work to the head or deputy head of the government entity, and: * "is located organizationally outside the staff or line management function of the unit under audit.": .22: If the auditor concludes that the internal auditors are not independent under GAGAS and IIA standards, the auditor should treat the work as if the auditee prepared it. If the auditor concludes that the internal auditors are independent under GAGAS and IIA standards, the auditor may use their work to the extent permitted by AU 322. In either case, the auditor may not issue a report referring to or concurring with the work of internal auditors. .23: In addition to evaluating the other auditors' organizational independence, the auditor should evaluate whether the audit team has any personal impairments. For both internal auditors and organizationally independent government audit organizations, the auditor generally should ask how the other auditors monitor the personal independence of individual staff members, especially those doing the work the auditor would like to use. .24: The auditor should document the work performed and the conclusions reached as to independence and objectivity. The documentation should indicate the auditor's conclusion as to whether the other auditors are independent and objective and the basis for that conclusion. The auditor should consult with the Reviewer if there are questions about the other auditors' independence or objectivity. EVALUATING THE OTHER AUDITORS' OR SPECIALISTS' QUALIFICATIONS: .25: After evaluating the other auditors' or specialists' independence and objectivity, the auditor should evaluate the other auditors' or specialists' qualifications to perform the specific tasks required. This involves evaluating the qualifications of the firm or audit organization and evaluating the qualifications of the specific audit team. Where the auditor has previously used the work of the same other auditors, the auditor generally should update the previous evaluation. .26: For CPA firms and specialists, qualifications are generally evaluated through the contracting process. The firm submits resumes for the audit team and demonstrates why its team is qualified to do the work. CPA firms should be asked to submit their latest peer review report (or inspection report specified by the Public Company Accounting Oversight Board), letter of comments, and response to the peer review report. The firm generally submits its plan for doing the work. The purpose of the technical evaluation panel under the contracting process is to select a qualified firm. .27: Where the auditor did not participate in the contracting process, the auditor should consider how the qualifications of the firm were evaluated. For example, did the evaluation panel review resumes of the team; review the audit approach; and read the peer review report, the related letter of comments, and the firm's response to the peer review report? The auditor should read these documents and reach a conclusion as to qualifications. .28: For auditors other than CPA firms, the auditor should ask whether the audit organization had a peer review and the date of that review. IGs have peer reviews performed every 3 years by other IGs. Most state auditors also have peer reviews every 3 years. To comply with GAGAS, the audit organization should have a peer review every 3 years. The IIA standards indicate that, "[e]xternal assessments, such as quality assurance reviews, should be conducted at least once every five years by a qualified, independent reviewer or review team from outside the organization.". While reviews under the IIA standard are not designed to report whether the audit organization's quality control adheres to GAGAS, they do provide evidence about whether the work adheres to a recognized set of professional standards. The auditor should read the peer review report, the letter of comments, and the audit organization's response. Where the audit organization has received an unqualified peer review report recently (usually less than 1 year ago), further review of the audit organization's qualifications is generally not required. .29: Where the peer review report is not recent, the auditor also should review the results of the audit organization's internal inspection program. If the peer review is not recent, the inspection is important in highlighting new quality control issues. The inspection generally should include reviews of documentation, interviews of staff members, and tests of functional areas. Where the inspection is recent (usually within the past year) and the inspection report is unqualified, further review of the audit organization's qualifications is generally not required. .30: Where the peer review or inspection report is qualified or adverse, the auditor should evaluate whether the quality control system has since been strengthened to allow the auditor to use the other auditors' work. The auditor may review the organization's action plan for improving quality controls. Inspection results are helpful in determining whether quality controls have improved since the peer review. The auditor should consider the effect of the remaining weaknesses in determining the nature and extent of procedures the auditor will perform. .31: Where the peer review is not recent and there is no inspection program, the auditor generally should obtain an overview of the important policies and procedures in the functional areas: * independence, integrity, and objectivity (see above); * personnel management (includes recruiting and hiring, advancement, professional development and training, and assigning personnel to assignments); * audit performance (includes supervision and consultation); * acceptance and continuance of assignments; and: * monitoring programs. .32: This information usually is obtained through interviews of the audit organization's management and staff and through reading the audit organization's quality control summary document, if one has been written. The auditor also may read the organization's manuals and other guidance for conducting audits. .33: In addition to evaluating the audit organization's qualifications, the auditor also should evaluate the overall qualifications of the other auditors' team assigned to do the work. Reviewing resumes of key team members may accomplish this. The auditor should consider the specific education, training, certifications, and experience of key team members. In evaluating qualifications, the auditor should consider the specific role of staff members on the job. When the auditor has knowledge of qualifications from prior experience with key team members, the auditor should inquire about experience in the time since the last audit. .34: Where the auditor is not fully satisfied as to the other auditors' qualifications, the auditor generally should perform a more detailed review of the documentation and/or perform supplemental tests of key line items (see paragraph 650.36). The auditor also may help the other auditors improve future audits. .35: If the auditor has significant concerns about the other auditors' independence, objectivity, or qualifications, the auditor should revise the audit approach. For example, the auditor may: * contract with another firm, * ask the other auditors to substitute more highly qualified or objective staff members, * do the audit without using the other auditors' work, treating any work done by the other auditors as prepared by the auditee, * divide the work so that the other auditors test the areas where they are qualified, and the auditor does the rest of the audit, or: * issue a disclaimer of opinion. PLANNING THE REVIEW AND TESTING OF THE OTHER AUDITORS' OR SPECIALISTS' WORK: After evaluating the other auditors' or specialists' independence, objectivity, and qualifications, the auditor should develop a written plan for reviewing and, if necessary, testing the work done. This plan documents the level of review the auditor believes necessary. The level of review is high,[Footnote 9] moderate, or low.[Footnote 10] The plan should be reconsidered as the work progresses. The level of review is a judgment the auditor makes; this judgment generally should be made for each material line item and should consider the following factors: a. The type of report or letter the auditor will issue (less review is needed for a transmittal letter than for reports in which the auditor takes responsibility for the other auditors' work). (See paragraph 650.10.): b. Whether the other auditors issue a disclaimer of opinion because of a scope limitation (less work is needed to concur with a scope limitation than to concur with an unqualified opinion). (See paragraph 650.37.): c. Whether the auditor's report might contain a disclaimer because of a scope limitation (less work is needed if the auditor's report will contain a scope limitation). (See paragraph 650.39.): d. The other auditors' independence, objectivity, and integrity (both for the audit team and for the other audit organization) including whether the other audit organization is an independent auditor or an internal auditor (the level of review increases as independence, objectivity, and integrity decreases). e. The other auditors' qualifications to perform the work the auditor wishes to use (both for the audit team and for the other audit organization) (the level of review increases as the other auditors' qualifications decrease). f. The auditors' prior experience with the other auditors (both for the audit team and for the other audit organization) (the level of review decreases as the auditor has favorable experience in working with the other auditors). g. The materiality of the line item in relation to the financial statements the auditor is reporting on, taken as a whole (the level of review increases as the line item becomes more material). h. The combined risk (combination of inherent risk and control risk) and the risk of material fraud for the line item and assertion in the financial statements the other auditors are auditing (the level of review increases as the combined risk and the risk of material fraud increase). .37: If the other auditors' work had a scope limitation, this generally affects the level of review (except for transmittal letters with no assurance). If the other auditors disclaim an opinion on the financial statements because of a scope limitation, the auditor should issue a disclaimer of opinion (unless the financial statements the other auditors audited are not material to the financial statements the auditor is auditing). It will not take much review to be satisfied that the disclaimer is appropriate. Discussions with entity management and/ or supplemental tests are not required in this situation, and the review of documentation may be limited to summary documentation. Thus, the level of review is usually low or no review (see footnote 6). However, the auditor may decide to do additional work to learn about the entity, to help the other auditor plan future audits, or to help management correct the causes of the scope limitation. .38: If the other auditors' work had a scope limitation that results in a qualified opinion, this generally needs a moderate or high level of review to determine whether the other auditors should have disclaimed an opinion and that the only issues are those relating to the qualification. .39: A scope limitation on the auditor's work that results in a disclaimer also may affect the level of review. Since the auditor has already decided that not enough work can be done on the overall financial statements, no amount of review of the other auditors' work is likely to change that conclusion. Thus, as in the situation above, discussions with entity management and/or supplemental tests are not required, the review of the other auditors' documentation may be limited to summary documentation, and the level of review is usually low or no review (see footnote 6). However, the auditor may decide to do additional work to learn about the entity, to help the other auditor plan future audits, or to help management correct the causes of the scope limitation. .40: A scope limitation on the auditor's work that results in a qualified opinion needs a similar amount of work as an unqualified opinion. .41: Section 650 A illustrates the work that generally should be performed for each level of review for each significant line item as well as what to retain in the documentation. REVIEW OF DOCUMENTATION: .42: The extent of the auditor's review of the other auditors' or specialists' documentation depends on the level of review and is a judgment based on the factors in paragraph 650.36. For the low level of review, the review of documentation may be limited to key summary planning and completion documentation. For the moderate level, the auditor generally should review more of the other auditors' or specialists' documentation, especially those evidencing important decisions. For financial statement audits, these include the General Risk Analysis (GRA) or audit plan or equivalent documents; the Account Risk Analysis (ARA) (or equivalent documentation) for significant accounts; the Specific Control Evaluations (SCE) (or equivalent documentation) for significant applications; the documentation for high-risk accounts, estimates, and judgments; the analytical procedures; the audit completion checklist (or equivalent documentation); the audit summary memorandum; and the summary of possible adjustments. For the high level of review, the auditor generally should review all of the items for the moderate level of review plus the important detailed documentation. DISCUSSIONS AND/OR SUPPLEMENTAL TESTS WHERE LEVEL OF REVIEW IS HIGH: .43: AU 543.13 states: "In some circumstances the principal auditor may consider it appropriate to participate in discussions regarding the accounts with management personnel of the component whose financial statements are being audited by other auditors and/or to make supplemental tests of such accounts." "In some circumstances" is interpreted to mean when the level of review is high. Thus, where the level of review is high, the auditor should (1) review audit documentation and (2)hold discussions with auditee management and/or perform tests of original documents. The objective of these additional procedures is for the auditor to obtain additional evidence about whether key items are properly handled and well supported. For example, the auditor generally should discuss key items with auditee management, especially estimates and judgments; this discussion generally should be with the other auditors present. The auditor generally should attend the entrance and exit conferences and other key meetings held by other auditors or specialists. The auditor should consider that for key items that are high risk, discussions with management may not provide sufficient evidence and supplemental tests may need to be performed. .44: Supplemental tests may be a selection of the other auditors' work, additional tests of the accounting records, or both. To perform supplemental tests, the auditor should have access to the entity's personnel and their books and records. The auditor may coordinate access to the entity's personnel and records through the other auditor. The auditor and the other auditor also may jointly perform parts of a test, where the sample is planned jointly and the results are evaluated jointly. Although supplemental tests are usually performed only when the level of review is high, the auditor may decide to perform supplemental tests in other situations to learn about the entity, to help the other auditor plan future audits, or to help management correct problems. .45: Where the other auditor is an internal auditor, the auditor should perform supplemental tests. Accordingly, for internal auditors, supplemental tests generally should be of greater scope (see AU 322.26). .46: The auditor generally should limit discussions with entity management and/or supplemental tests to line items that are both high combined risk and material to the financial statements the auditor is reporting on, especially in areas involving estimates and judgments or in areas on which users place extensive reliance. The auditor's supplemental tests generally should include some items that the other auditor tested that appear to be exceptions to determine whether they were appropriately considered in formulating an opinion. The auditor should consider performing supplemental tests while the other auditors are at the auditee location and have access to records; this can minimize the inconvenience to the auditee. .47: It is not necessary to perform supplemental tests of the work of specialists. As indicated in AU 336.12, the auditor should understand the methods and assumptions used by the specialists, test the data provided to the specialists (extent of testing is based on risk and materiality), and evaluate whether the specialists' findings support the financial statement assertions. If the auditor believes the findings are unreasonable, the auditor should apply additional procedures and/or consider the need to obtain another specialist. SUBSEQUENT EVENTS REVIEW AND DATING OF THE AUDITOR'S REPORT: .48: The auditor's report should be dated when the auditor completes fieldwork. If the other auditors' or specialists' report is dated earlier and the auditor's report does not mention the other auditors' report or concurs with the other auditors' report (example 2 of section 650 C), the subsequent events review should be updated to the date of the auditor's report. The auditor may ask the other auditors to update the subsequent events work to the required date, or the auditor may update the subsequent events review. Since this requires additional work, the auditor should attempt to complete fieldwork when the other auditors complete fieldwork. This issue should be considered in planning. It is not necessary to update the subsequent events review when the auditor issues a transmittal letter (example 1 of section 650 C). STAFFING THE REVIEW OF THE OTHER AUDITORS' OR SPECIALISTS' WORK: .49: When staffing the review, the auditor should consider that the other auditors or specialists may already have reviewed the work at several levels. The auditor's staff reviewing the work generally should have enough experience in financial statement auditing to understand the judgments that need to be made and to interact with the higher levels of the other audit organization. Most of the review generally should be done by or under the direction of an assistant director or a manager who has significant experience in performing and reviewing financial statement audit work. Supplemental tests may be done by less experienced staff members and supervised by an assistant director or an experienced audit manager. Primary review of the experienced audit manager's or assistant director's documentation should be performed by the audit director or an assistant director designated by the audit director. However, the assistant director or audit manager should review the documentation of supplemental tests performed by the less experienced staff members. Because of the high level of financial statement auditing experience of staff members doing and reviewing this work, secondary review should be performed only in very high-risk situations. .50: When the other auditors' work involves the review of computer controls, an information systems auditor in a management role generally should do the auditor's review. An audit assistant director should review the information systems auditor's documentation to determine that related audit objectives were achieved. EVALUATING THE WORK: .51: After the auditor has completed the review of the other auditors' work, and, if necessary, the supplemental testing, the auditor should determine whether the work is sufficient and acceptable for the auditors' use. The auditor should summarize the evaluation in the audit summary memorandum. .52: Sometimes, the other auditors use methodologies or audit approaches that are different from those the auditor would have used. The auditor should recognize that auditing requires a great deal of professional judgment and that there often are alternative ways to achieve audit objectives. Thus, the auditor should first understand the basis for the nature, timing, and extent of the other auditors' procedures. The auditor should evaluate whether sufficient evidence has been obtained to meet the auditor's objectives; usually the auditor should consider materiality and combined risk for the particular line item in this evaluation. If the auditor has concerns about whether the other auditors' work provides sufficient evidence, the auditor should discuss the matter with the audit director and the Reviewer before formally discussing the issue with the other auditors. .53: The auditor should consider the significance of the test results to the audit of the financial statements the auditor is reporting on. As an example, the other auditors might have selected a nonstatistical sample and/or the sample size might be smaller than the sample size the auditor would have selected. The auditor might decide that this provides sufficient evidence in an area that is less material or is not risky. However, if the area is material or risk is high, the auditor might conclude that sufficient evidence has not been obtained and that additional work is needed. In this case, after consulting with the audit director and the Reviewer, the auditor generally should either ask the other auditors to perform additional tests or perform the additional tests; if the additional testing is not done, the auditor should consider the effect of this scope limitation on the auditor's report. Since reaching this conclusion after the work is performed is inefficient, when the level of review is high, the auditor generally should coordinate or concur with major planning decisions before audit work is started. .54: Sometimes, the auditor may disagree with the conclusions or judgments of the other auditors. In this case, the auditor should consider the other auditors' work as well as any other evidence necessary to determine the appropriate conclusion. .55: The auditor should then discuss the issue with the other auditors to attempt to resolve the disagreement. It is important to attempt to resolve disagreements to reduce confusion that may arise from differing auditor views. In planning the audit, the auditor should try to identify potential disagreements early. Once identified, the auditor should discuss the issues with the other auditors as early as possible so that they can be resolved timely. .56: If the auditor does not reach agreement with the other auditors, the auditor should consider how to report. For very material disagreements, the auditor may decide not to transmit the other auditors' report, instead issuing a disclaimer of opinion due to a scope limitation or doing additional work, if necessary, to issue an appropriate opinion. In less material disagreements, the auditor may transmit the other auditors' report, issue the transmittal letter or report, and describe the disagreement and the basis for the auditor's conclusions. DOCUMENTING THE REVIEW OF OTHER AUDITORS' OR SPECIALISTS' WORK: .57: Regardless of the type of reporting or the level of review, the auditor's documentation should contain the items listed in section 650 A under "documentation.": .58: In addition, where the auditor performs supplemental tests of the accounting records, the auditor's documentation should contain a description of the work (this may be a list of the documents the auditor examined or tick marks on a copy of the other auditors' documentation if that is the basis for the selection) and the auditor's conclusion. It is not necessary to retain copies of the documents examined. .59: It is important to distinguish between the auditor's responsibilities to review the documentation of other auditors versus what the auditor might copy and retain from that documentation. The auditor should use judgment in deciding which of the other auditors' or specialists' documents to copy and retain. Copies of documents readily available from the other auditors or the auditee (such as invoices and contracts) need not be retained. Section 650 A indicates what documentation the auditor generally should retain. .60: The auditor may decide to retain other documentation if it might be useful in understanding the entity, training staff members, planning future audits, reviewing the documentation, or writing the report. Documentation in this category includes the entity profile (or equivalent), the general risk analysis or audit plan, the audit programs, the ARA and SCE forms (or equivalent), the trial balance or lead schedules, the management representation letter, and the attorney representation letter. Auditors often find it helpful to keep copies of documents in case questions are raised in review but not to include those copies in the documentation unless they are needed to document the work performed. Documents should not be retained if they are no longer needed. The audit plan or audit program may indicate which documents to retain. USING INTERNAL AUDIT STAFF TO PROVIDE DIRECT ASSISTANCE TO THE AUDITOR: .61: Sometimes the auditor or the auditee requests that internal auditors provide direct assistance to the auditor. Before this is done, the auditor should be satisfied with the independence, objectivity, and qualifications of the staff assigned to do the work requested. AU 322.27 indicates that in these situations "the auditor should inform the internal auditors of their responsibilities, the objectives of the procedures they are to perform, and matters that may affect the nature, timing, and extent of procedures.. The auditor should also inform the internal auditors that all significant accounting and auditing issues identified during the audit should be brought to the auditor's attention." The auditor should direct, review, test, and evaluate the work done by internal auditors to the extent appropriate based on the auditor's evaluation of risk, materiality, objectivity, and qualifications. USING AGENCY SPECIALISTS: .62: Many agencies have actuaries, security specialists, statistical specialists, and other specialists whose work the auditor would like to use. Unless these specialists are part of an organization that is organizationally independent or under contract to such an organization, the auditor should evaluate their work as the work of any auditee employee. The auditor generally should use specialists in the audit organization or contract for outside specialists to develop and implement appropriate tests. MULTIPLE LEVELS OF OTHER AUDITORS: .63: Sometimes there are several levels of other auditors. For example, the IG might hire a CPA firm to do an audit. The IG may issue a report concurring with the CPA's report or a letter transmitting the CPA's report; GAO may then use the work of the IG. .64: In these situations, each audit organization should follow the guidance in section 650. The IG should evaluate the independence (see paragraphs 650.11-. 24) and qualifications of the other auditors (see paragraphs 650.25-. 35), should review the audit documentation (see paragraph 650.42), and may need to have discussions with entity management and/or perform supplemental tests of key accounts (see paragraphs 650.43-. 47) (depending on the level of review deemed appropriate). GAO should evaluate the qualifications of the IG organization (by reading the peer review report, the letter of comments, and the audit organization's response as described in paragraph 650.25) and the team doing the monitoring, should review the IG's documentation, and may perform supplemental tests. When GAO finds that the IG has done and documented adequate work including discussions with management and/or supplemental tests, GAO's discussions and/or supplemental tests would be quite limited--perhaps a walk-through of work done in high-risk and material areas. Often, GAO may attend fewer meetings than the IG staff attends and would concentrate the review on the IG's documentation. GAO may then issue a report on the financial statements. .65: Because of the potential for inefficiency, there should be close coordination between the various auditors. The IG and GAO may perform the review jointly. Sometimes, a memorandum of understanding might be useful in documenting responsibilities. A chart that describes the review to be done by each organization may be useful. The following is a useful format for this chart (with more detail added as necessary under each phase): [See PDF for image] [End of table] REPORTS ON OTHER AUDITORS' WORK: .66: The auditor may be asked to issue a report evaluating work done by other auditors in a situation where the auditor is not using the work of the other auditors. For example, the auditor might be asked to evaluate an audit done by a CPA firm. While AU 543, 322, and 336 are not directed towards these situations, the guidance in FAM 650 is helpful in planning and reporting on these assignments. [End of section] 650 A-SUMMARY OF AUDIT PROCEDURES AND DOCUMENTATION FOR REVIEW OF OTHER AUDITORS' WORK: .01: The table in this section indicates the work that generally should be performed for each level of review, as well as what generally should be retained in the documentation. The table does not include work on other auditor's independence, objectivity, and qualifications. (See paragraphs 650.11-.35 for a discussion of that work.) Where the other auditor uses equivalent documents, review those documents. .02: In the table, steps to be performed and documents to be retained at the low level of review are indicated by regular font. The moderate level of review includes the low level plus those in bold letters. The high level of review includes the moderate level plus those in BOLD CAPITALS. AUDIT PROCEDURES. At entity level: * Communicate with the other auditors: - as to the objectives of the work; - discuss their procedures and results; * Attend key entrance and exit meetings; * COORDINATE OR CONCUR IN SIGNIFICANT PLANNING DECISIONS BEFORE MAJOR WORK IS STARTED; * Review: - general risk analysis; - audit plan; - scope of work; - audit summary memorandum; - summary of unadjusted misstatements; - analytical procedures; - completion checklist; - determination of planning and design materiality; - information systems background; - general and application controls documentation (done by information systems auditor); - representation letters; - key documentation; * Read: - other auditor's report; - financial statements and notes; - stewardship report and required supplementary information; - other accompanying information; - management's response; For significant line items, accounts, or applications: * Review: - audit program; - conclusions about significant issues and their resolution (often in audit summary) - conclusions about line items; - account risk analysis (ARA); - specific control evaluations (SCE); - cycle memo; - flowcharts; - determination of test materiality; sampling plan; - other auditors' key documentation; - documentation for high-risk accounts, estimates, and judgments; analytical procedures; evaluation of sample results; - summary of possible adjustments; * PARTICIPATE IN DISCUSSIONS WITH MANAGEMENT PERSONNEL AND/OR PERFORM SUPPLEMENTAL TESTS OF the line items (especially key items, estimates and judgments); COMPARE CONCLUSIONS. [End of table] DOCUMENTATION. Retain: * Auditor prepared: - audit plan; - audit program; - memo documenting entrance and exit conference; - MEMOS DOCUMENTING KEY MEETINGS ATTENDED and discussions with auditee management; - results of review of documentation; - SUPPLEMENTAL TEST DOCUMENTATION; summary memo; * Other auditor prepared: * At entity level: - other auditor's report; - final financial statements and notes; - stewardship report; - management letter; - other auditor's unadjusted misstatements, estimate of the imprecision of audit procedures, and comparison with materiality; - audit completion checklist; - other auditor's audit summary memo; * At line item level: - documentation that supports exceptions; - other auditor's documentation evidencing significant judgments and conclusions; Optional: - entity profile; - general risk analysis; - other auditor's audit plan; - other auditor's audit program; - account risk analyses; - specific control evaluations; - sampling plan; - trial balance; - lead schedules; - evaluation of sample results; - management representation letter; - legal representation letter. [End of table] [End of section] 650 B - EXAMPLE AUDIT PROCEDURES FOR USING THE WORK OF OTHERS: This program is appropriate when using the work of other auditors or the work of specialists to perform a full or partial audit of financial statements. The steps should be tailored to the circumstances and the planned level of review by deleting inapplicable steps, modifying the steps, and adding additional steps. When the other auditors or specialists have done only part of an audit, many of the steps below may be deleted. Many of the steps also may be deleted for the low level of review or when the auditor plans to issue a transmittal letter. The program consists of three sections: evaluating independence, objectivity, and qualifications for CPA firms and specialists; evaluating independence, objectivity, and qualifications for government auditors; and monitoring the work (for all types of other auditors and for specialists). The auditor generally should use one of the first two sections and the third section. A separate form generally should be used for each other auditor or specialist. [See PDF for image] [End of table] Step: EVALUATING INDEPENDENCE, OBJECTIVITY, AND QUALIFICATIONS FOR GOVERNMENT AUDITORS; Independence and objectivity: 1. For all government audit organizations, obtain written representation from the head of the audit organization that the audit organization and the individual auditors are independent of the entity being audited; 2. Determine whether the audit organization meets ONE of the criteria in paragraph 650.15, or the head meets ONE of the criteria in paragraph 650.16; If the organization (or its head) meets one of these criteria, no further work is needed unless the auditor finds contrary evidence as to independence and objectivity in other parts of the audit. Indicate which criterion is met; document the evaluation of any other evidence obtained. (Go to step 6.) 3. If the audit organization (or its head) does not meet any of the criteria in step 2, determine whether it meets ALL of the criteria in paragraph 650.18; 4. Review the audit organization's documentation of how it meets the requirements of step 3. Discuss with head of audit organization (consider discussing with external quality control reviewer, legal counsel for audit organization, and auditor's legal counsel). (Go to step 6.); 5. If the audit organization does not meet the criteria for organizational independence to report externally, determine whether the organization is an independent internal audit organization under GAGAS and IIA standards. Determine whether the internal auditors are objective for the activities they audit. Consider the organizational status of the head of the audit organization, including whether the head; is accountable to the head or deputy head of the government entity,; is required to report the results of the audit organization's work to the head or deputy head of the government entity, and; is located organizationally outside the staff or line management function of the unit under audit; 6. For all government audit organizations, obtain an understanding of organization's policies to enhance the objectivity of individual auditors, including; policies to prohibit auditors from auditing areas where relatives are employed,; policies to prohibit auditors from auditing areas where they were recently assigned or are scheduled to be assigned after they complete their tour of duty in auditing, and; policies to require representations as to objectivity and lack of conflicts of interest from each auditor; 7. Prepare memorandum documenting work performed and conclusions as to independence and objectivity; Qualifications: 8. Read the latest peer review report, letter of comments, and the audit organization's response. Note date of report and whether it is unqualified. If report is recent (usually within the past year) and unqualified, go to step 12; 9. If the peer review is not recent, review the latest inspection report, if any, and the organization's response. Note date of report and whether it is unqualified. If the inspection is recent (usually within the past year) and unqualified, go to step 12; 10. If the organization has not had a recent peer review or inspection, obtain an overview of the important policies and procedures in the functional areas (through interviews of management and staff and through reading the summary quality control document, if any). Consult with Reviewer before performing this step; 11. If the peer review or inspection report was qualified or adverse, determine whether the quality control system has since been strengthened. Review the organization's action plan for strengthening its quality control system. Consider the effect of remaining weaknesses in determining the level of review; 12. Inquire how the audit organization determined the staffing for the audit. Evaluate the overall qualifications of the team performing the work. Review resumes and consider for key team members: educational level, professional certifications, and professional experience; continuing professional education, especially whether key team members have received training and have current knowledge in the type of work done; supervision and review of work; whether the audit team has adequate sources for consultation and use of specialists, especially for audit sampling, audit methodology, and review of computer controls; and; quality of documentation, reports, and recommendations; 13. If the auditor has significant concerns about the audit organization's or team's objectivity or qualifications, the auditor, in developing the audit plan, may either; ask the audit organization to substitute more objective or highly qualified staff members; do the work, treating any work done by the other auditors as prepared by the auditee; divide the work so that the other auditors test the areas where they are qualified and the auditor does the rest of the audit; or; issue a disclaimer of opinion; [End of table] Step: MONITORING THE WORK (FOR ALL TYPES OF OTHER AUDITORS AND FOR SPECIALISTS): 1. Develop a plan for reviewing the other auditors' or specialists' work and, if necessary, performing supplemental tests of the accounting records. Determine the level of review for each line item; 2. Monitor the planning of the audit (FOR MODERATE AND HIGH LEVEL OF REVIEW); Attend entrance meeting and key planning meetings; Review the entity profile; Review the General Risk Analysis or equivalent document (and audit plan if prepared as a separate document) (FOR ALL LEVELS OF REVIEW); Review the determination of planning materiality and design materiality; Have an information systems auditor review the information resource management background information and the documentation for review of general and application controls; Document line items and applications to be reviewed; For each such line item, review the Account Risk Analyses, the Specific Control Analyses, the cycle flowcharts, the cycle memoranda, the determination of test materiality, and the audit program or equivalent documents; 3. Monitor the execution of the audit (for reports following example 2 of section 650 C or section 595 A and/or B WHERE LEVEL OF REVIEW IS HIGH); Attend key meetings, especially those discussing high-risk areas, significant estimates and judgments, and the other auditors' conclusions; Discuss key items with auditee management, especially significant estimates and judgments; Perform supplemental tests of the accounting records; ** Generally do for high risk and material line items, especially in areas involving estimates and judgments or ones that users rely on extensively; ** Generally do while the other auditors are at the auditee location and have access to the records; ** Examine some of the same documents the other auditors examined or make own selection or both; ** Compare results of other auditors' work to results of supplemental tests; ** Document scope of supplemental testing and conclusions reached; 4. Monitor the completion of the audit (items with * are usually not necessary for LOW level of review); Review the overall analytical procedures; *Review the key documentation for the line item and for completing the audit; consider evaluations of sample results. (For example, were projections appropriate? Was appropriate action taken based on sample results?); *Determine whether the subsequent events review was updated to the date of the auditor's report; Review the audit summary memorandum, conclusions about line items, and summary of possible adjustments; Review the audit completion checklist (or equivalent document); Review the management representation letter and the legal representation letter; *Attend key exit conference(s); Read the other auditors' report, the financial statements, the notes, the other accompanying information, and management's response; 5. Prepare summary memorandum; 6. Write the auditor's report or transmittal letter; [End of table] [End of section] 650 C - EXAMPLE REPORTS WHEN USING THE WORK OF OTHERS: EXAMPLE 1 - TRANSMITTAL LETTER: We contracted with the independent certified public accounting firm of [name of firm] to audit the financial statements of [name of entity] as of [date] and for the year then ended. The contract required that the audit be done in accordance with U.S. generally accepted government auditing standards; OMB's bulletin, Audit Requirements for Federal Financial Statements; and the GAO/PCIE Financial Audit Manual. In its audit of [name of entity], [name of CPA firm] found: * the financial statements were fairly presented, in all material respects, in conformity with U.S. generally accepted accounting principles, * [entity] had effective[Footnote 11] internal control over financial reporting (including safeguarding assets) and compliance with laws and regulations, * [entity's] financial management systems substantially complied[Footnote 12] with the requirements of the Federal Financial Management Improvement Act of 1996 (FFMIA), and: * no reportable noncompliance with laws and regulations it tested. [Name of CPA firm] also described the following significant matters: [Discuss significant matters]. [For transmittal letters expressing no assurance, use the following paragraph:] [Name of CPA firm] is responsible for the attached auditor's report dated [date] and the conclusions expressed in the report. We do not express opinions on [name of entity]'s financial statements or internal control or on whether [entity]'s financial management systems substantially complied with FFMIA; or conclusions on compliance with laws and regulations. [For transmittal letters expressing negative assurance, use the following paragraph:] In connection with the contract, we reviewed [name of CPA firm]'s report and related documentation and inquired of its representatives. Our review, as differentiated from an audit in accordance with U.S. generally accepted government auditing standards, was not intended to enable us to express, and we do not express, opinions on [name of entity]'s financial statements or internal control[Footnote 13] or on whether [entity]'s financial management systems substantially complied with FFMIA;[Footnote 14] or conclusions on compliance with laws and regulations. [Name of CPA firm] is responsible for the attached auditor's report dated [date] and the conclusions expressed in the report. However, our review disclosed no instances where [name of CPA firm] did not comply, in all material respects, with U.S. generally accepted government auditing standards.[Footnote 15] EXAMPLE 2 - REPORT CONCURRING WITH OTHER AUDITORS' OPINION (PRESENTING REPORT OF OTHER AUDITORS AFTER THE AUDITOR'S REPORT)[Footnote 16] Under [citation of statute], we are responsible for auditing [name of entity]. To help fulfill these responsibilities, we contracted with [name of firm], an independent certified public accounting firm. [Name of firm]'s report dated [date] is attached. We concur[Footnote 17] with [name of firm]'s report that indicated: * the financial statements were fairly presented, in all material respects, in conformity with U.S. generally accepted accounting principles, * [entity] had effective internal control over financial reporting (including safeguarding assets) and compliance with laws and regulations, * [entity's] financial management systems substantially complied with the requirements of the Federal Financial Management Improvement Act of 1996 (FFMIA), and: * no reportable noncompliance with laws and regulations it tested. Details of their conclusions are in their report. OBJECTIVES, SCOPE, AND METHODOLOGY: Management is responsible for (1) preparing the financial statements in conformity with U.S. generally accepted accounting principles, (2) establishing, maintaining, and assessing internal control to provide reasonable assurance that the broad control objectives of 31 U.S.C. 3512 (c), (d) (Federal Managers' Financial Integrity Act) are met, (3) ensuring that [entity]'s financial management systems substantially comply with FFMIA requirements, and (4) complying with applicable laws and regulations. We are responsible for obtaining reasonable assurance about whether (1) the financial statements are presented fairly, in all material respects, in conformity with U.S. generally accepted accounting principles, and (2) management maintained effective internal control, the objectives of which are the following: * Financial reporting: Transactions are properly recorded, processed, and summarized to permit the preparation of financial statements and stewardship information in conformity with U.S. generally accepted accounting principles, and assets are safeguarded against loss from unauthorized acquisition, use, or disposition. * Compliance with laws and regulations: Transactions are executed in accordance with laws governing the use of budget authority and with other laws and regulations that could have a direct and material effect on the financial statements and any other laws, regulations, and governmentwide policies identified by OMB audit guidance. We are also responsible for (1) testing whether [entity's] financial management systems substantially comply with the three FFMIA requirements, (2) testing compliance with selected provisions of laws and regulations that have a direct and material effect on the financial statements and laws for which OMB audit guidance requires testing, and (3) performing limited procedures with respect to certain other information appearing in the Accountability Report. To help fulfill these responsibilities, we contracted with the independent certified public accounting (CPA) firm of [name of firm] to perform a financial statement audit in accordance with U.S. generally accepted government auditing standards; OMB's bulletin, Audit Requirements for Federal Financial Statements; and the GAO/PCIE Financial Audit Manual. We evaluated the nature, timing, and extent of the work, monitored progress throughout the audit, reviewed the documentation of the CPA firm, met with partners and staff members, evaluated the key judgments, met with officials of [entity being audited], performed independent tests of the accounting records, and performed other procedures we deemed appropriate in the circumstances. We conducted our work in accordance with U.S. generally accepted government auditing standards. [End of section] 660 - AGREED-UPON PROCEDURES: .01: In an engagement to apply agreed-upon procedures, a client engages an auditor to perform specific procedures on subject matter and report on the results to assist users in evaluating subject matter or an assertion. Agreed-upon procedures should be performed in accordance with the Statements on Standards for Attestation Engagements (SSAE). The auditor should read appropriate sections (e.g., AT 101, Attest Engagements, and AT 201, Agreed-Upon Procedures Engagements) and thoroughly understand them before performing agreed-upon procedures. .02: An agreed-upon procedures engagement may be applied to a variety of subject matter. The engagement will vary depending on the needs of the user. The engagement may assist entity management by providing information for making decisions and give report users information on important areas. Examples of agreed-upon procedures are: * compare payroll information reported to the Office of Personnel Management with the entity's payroll records and general ledger; * compare entity reconciliations of intragovernmental activity and balances with supporting documentation and compare amounts with the financial statements and with reports to the Department of the Treasury (Treasury); * trace tax collections from the master file to deposit confirmations, determine whether they were recorded in the appropriate period and in the correct tax class; * trace amounts on the entity's financial statements to an "account grouping worksheet," foot the worksheet, read the CFO's explanation for any differences, and compare the explanation with supporting documentation; and: * examine official receipt documents to determine whether they were included in the weekly deposit; compare deposit amounts to amounts reported on the statement of funding. .03: In agreed-upon procedures engagements, all parties involved, which include the report users, the entity responsible for the subject matter (which may or may not be the same as the user), and the auditor, should clearly understand the procedures to be applied. Since users may have different needs, the nature, timing, and extent of the agreed-upon procedures also may differ. Therefore, the users, and not the auditor, assume the responsibility for the sufficiency of the design and extent of the procedures since they best understand their own needs, although the auditor may assist the user in designing the procedures. .04: The auditor should establish and document an understanding with the users regarding the nature, timing, and extent of the agreed-upon procedures to be performed. The auditor may document this understanding using an engagement letter to the users. (See example in section 660 A.): .05: The subject matter should be capable of evaluation against criteria that are suitable and available to users. Suitable criteria should have objectivity, measurability, completeness, and relevance. The procedures should be subject to reasonably consistent measurement and the criteria should be agreed upon. The auditor should not perform overly subjective procedures or use terms with uncertain meaning unless they are defined within the agreed-upon procedures. .06: The auditor need not perform additional procedures beyond the agreed- upon procedures. If matters come to the auditor's attention by other means that significantly contradict the subject matter (or assertion), the auditor should include these matters in the report. For example, if during the course of applying agreed-upon procedures regarding an entity's operation, the auditor becomes aware of a material weakness related to the assertion by means other than the agreed-upon procedures, the auditor should include this matter in the report. This may be done by mentioning the material weakness with a footnote reference to another report where it is described in detail. .07: Where circumstances impose restrictions on the performance of the agreed-upon procedures, the auditor should attempt to obtain agreement from the users of the report to modify the agreed-upon procedures. When agreement cannot be obtained (for example, when the agreed-upon procedures are published by a regulatory agency that will not modify the procedures), the auditor should describe restrictions in the report or withdraw from the engagement. WRITTEN REPRESENTATIONS: .08: The auditor should determine if a representation letter is necessary. The auditor may determine that a representation letter is necessary, for example, if (1) the responsible entity is so large there is a risk as to whether one person knows whether pertinent information has been made available to the auditor, (2) the subject matter depends on estimates, judgments, or future events (i.e., whether the subject matter is less objective and fact-based and more subjective), or (3) the user of the report believes written representations should be obtained. Although generally not required (unless specifically required by another attestation standard, such as in a compliance engagement) a representation letter may nonetheless be a useful means of documenting the responsible entity's representations. (See FAM section 660 B for an example representation letter for an agreed-upon procedures engagement.): .09: The responsible entity's refusal to furnish written representations determined by the auditor to be necessary constitutes a scope limitation. In such circumstances, the auditor should do one of the following: * disclose in the report the inability to obtain representations from the responsible entity, * withdraw from the engagement, or: * change the engagement to another form of engagement (e.g., a performance audit). DOCUMENTATION: .10: In accordance with GAGAS, the auditor should prepare and maintain documentation in connection with an agreed-upon procedures engagement that is appropriate for the engagement. They should contain sufficient information to enable an experienced auditor having no previous connection with the engagement to ascertain from them the evidence that supports the auditors' agreed-upon procedures report. .11: Although the quantity, type, and content of documentation varies with the circumstances, ordinarily it should be sufficient to demonstrate that the work was adequately planned and supervised and sufficient evidential matter was obtained to provide a reasonable basis for the report. .12: The auditor generally should prepare a summary memorandum that recaps the work performed and refers to the detailed documentation. This memorandum generally should include the auditor's conclusion on whether the work was performed in accordance with GAGAS, including the attestation standards, and the GAO/PCIE FAM and whether the report is appropriate. (See FAM section 660 C for an agreed-upon procedures completion checklist.): REPORTING: .13: An auditor should report on the agreed-upon procedures in the form of results. The auditor should not provide any opinion or negative assurance about whether the subject matter or the assertion is fairly stated based on the criteria. The report should include information such as the identification of the entities that agreed to the procedures and took responsibility for the sufficiency of the design and extent of the procedures for their purposes, as shown in the example report in FAM section 660 D. .14: The auditor should report all results arising from application of the agreed-upon procedures. The concept of materiality does not apply to results to be reported in an agreed-upon procedures engagement unless the users of the report agree to the definition of materiality. This could be included in the engagement letter. Any agreed-upon materiality limits should be described in the report. .15: The auditor should include a statement indicating that the report is intended for the specified users who have agreed upon the procedures performed and taken responsibility for the sufficiency of the design and extent of the procedures for their needs. However, since governmental reports are generally a matter of public record, the distribution of the report is not limited. .16: The auditor may have performed agreed-upon procedures on an element, account, or item of financial statements and also audited the same financial statements. If the audit report on the financial statements includes a departure from a standard report, the auditor generally should include a reference to the audit report and the departure from the standard report in the agreed-upon procedures report. .17: The auditor also may include explanatory language about such matters as the following: * stipulated facts, assumptions, or interpretations (including the source); * description of the condition of records, controls, or data to which the procedures were applied; * explanation that the auditor has no responsibility to update the report; or: * explanation of sampling risk. .18: The auditor should state the results in definitive, rather than qualified, language and avoid vague or ambiguous language. The following table provides examples of appropriate and inappropriate descriptions of findings. Examples of appropriate/inappropriate description of findings: Procedures agreed-upon: Based on the total tax liability, select and recompute the 50 largest excise tax returns from the quarter ended September 30 and compare these amounts with the certified audit file; Description of findings: Appropriate: Recomputed amounts for the selected excise tax returns agreed with the amounts in the certified audit file; Description of findings: Inappropriate: Nothing came to our attention as a result of applying this procedure. Procedures agreed-upon: Select a random sample of 45 Treasury SF-224 reconciliations; determine if XYZ reported revenue receipts were properly classified and reconciled to Treasury FMS records; Description of findings: Appropriate: Revenue receipts selected randomly from the monthly Treasury SF-224 reconciliation process were properly classified and agreed with Treasury FMS records; Description of findings: Inappropriate: The revenue receipts approximated the amount shown in the Treasury FMS records. Procedures agreed-upon: Examine personnel files of 40 individuals randomly selected from the timekeeping records for the year; determine if all the selected files contain a current and approved Notification of Personnel Action; Description of findings: Appropriate: Thirty of the selected files contained a current and approved Notification of Personnel Action. Ten files did not contain a current and approved Notification of Personnel Action (list and identify exceptions); Description of findings: Inappropriate: Some of the personnel files did not contain a current and approved Notification of Personnel Action. [End of table] Other Report Issues: .19: The report should be addressed to the users who have agreed upon the procedures to be performed (see paragraph 660.03). The date of completion of the agreed-upon procedures should be used as the date of the agreed-upon procedures report. If the audit organization's procedure is to date reports with the issue date, the date of completion of fieldwork may be stated in the report (e.g., "We completed the agreed-upon procedures on [date]."). .20: Agency comments should be obtained from the entity responsible for the subject matter. If time constraints present problems, oral comments may be obtained. [End of section] 660 A - EXAMPLE AGREED-UPON PROCEDURES ENGAGEMENT LETTER: [Date] Management of ABC Agency: Subject: Fiscal Year 20X1 Agreed-Upon Procedures for the Tax Trust Fund: Dear Management Official: Based on our discussions, we agree to perform agreed-upon procedures to assist ABC Agency in determining the completeness and accuracy of receipts transferred to the tax trust fund. XYZ Agency is responsible for the information to which these procedures will be applied. This letter documents our agreement to perform these agreed-upon procedures related to fiscal year 20X1. We will perform these procedures in accordance with U.S. generally accepted government auditing standards, which incorporate the financial audit and attestation standards established by the American Institute of Certified Public Accountants (AICPA). The procedures are included in the enclosure to this letter. We will meet with you as needed to discuss the agreed-upon procedures, results, and other issues that may arise. We are not engaged to perform, and will not perform, an examination, the objective of which would be to express an opinion on the amount of receipts transferred to the tax trust fund. Accordingly, we will not express such an opinion. Were we to perform additional procedures, other matters might come to our attention that we would report to you. Our report will be intended solely for your information and use and should not be used by those who have not agreed to the procedures or taken responsibility for the sufficiency of the procedures for their purposes. However, the report will be a matter of public record and its distribution will not be limited. Unless we hear from you, we will assume your concurrence with these procedures and their sufficiency for your purposes.[Footnote 18] Please contact me at [telephone number] if you or your staff have any questions. Sincerely yours, [Name of Director] Director: Enclosure: cc: XYZ Agency: Agreed-Upon Procedures for Tax Receipts and Refunds: General: * Compare fiscal year 20X1 tax collections for the ABC tax trust fund per XYZ's Statement of Custodial Activity with: **the trust fund's accounting records and: **ABC's consolidated financial statements. * Obtain explanations and examine supporting documentation for differences. Sampling: A. Use dollar unit sampling (DUS) and an 80-percent confidence level to select a sample of ABC tax trust fund tax revenue receipts and refunds for fiscal year 20X1. Use $300 million as the test materiality, which is 1 percent of the total revenue collected. Use an expected aggregate misstatement of $100 million, or one-third of test materiality. The projected sample size for this population is expected to be 40 transactions. For the sample items selected: * Receipts testing --Compare tax receipts transactions (for example cash receipts, federal tax deposit (FTD) receipts, reversals, and adjustments) with source documents to determine whether the amounts agree, the transactions are recorded in the appropriate period based on the transaction date, and they are properly categorized as ABC tax trust fund receipts. * Refunds testing --Compare refund transactions with the source documents (for example, payment vouchers, FTD coupons, tax returns) to determine whether the amounts agree, the transactions are recorded in the appropriate period based on the transaction date, and they are properly categorized as ABC tax trust fund refunds. B. Use DUS and the same sampling parameters as above to extract statistical samples of total XYZ revenue receipts and refunds for fiscal year 20X1. For the sample items selected: * Test whether the tax receipt or refund amounts and tax category from source documentation agrees with amounts recorded for each of the revenue receipts or refunds sample items. [End of section] 660 B - EXAMPLE REPRESENTATION LETTER FROM RESPONSIBLE ENTITY ON AGREED-UPON PROCEDURES ENGAGEMENT: [XYZ Agency letterhead] [Date] Dear Auditor: In connection with the agreed-upon procedures engagement for XYZ's budget execution process for the period from October 1, 20X0 through September 30, 20X1, we confirm to the best of our knowledge and belief, the following representations made to you in performing these agreed- upon procedures. * We acknowledge responsibility for XYZ's budget execution process. * We acknowledge responsibility for selecting the criteria [state criteria] and for determining the appropriateness of the criteria for our purposes. * Our budget execution process is [state assertion about budget execution process based on the criteria selected]. * We know of no matters that would contradict our assertion about our budget execution process. * There have been no communications from regulatory or oversight agencies concerning our budget execution process or noncompliance with budgetary laws or the Antideficiency Act. * We have made available to you all records and related data pertaining to our budget execution process during the period from October 1, 20X0 through September 30, 20X1. * XYZ's budget execution process is designed to meet the requirements of the Antideficiency Act. * The accounting records and fund status reports are checked quarterly to determine whether all source documents that affect the appropriation and fund balance have been recorded properly, accurately, and on a timely basis. * The agency's accounting system provides timely disclosure of total valid obligations incurred to date and total budgetary resources available for obligations within each apportionment. * The system also provides timely disclosure of the authorization or creation of commitments, obligations, or expenditures that exceed apportionments and allotments. * We are not aware of instances of noncompliance with the above-stated procedures. * There has been no fraud involving management, employees, or contractor staff who have significant roles in the operation of our budget execution process. * We have no plans or intentions that would materially affect our budgetary process or operations. Sincerely yours, Management, XYZ Agency: [End of section] 660 C - AGREED-UPON PROCEDURES COMPLETION CHECKLIST: Entity: Job code: Principal report: .01: This checklist is a tool to help auditors comply with the requirements for agreed-upon procedures engagements. No specific signatures are required on the checklist in the planning phase. .02: Several of the last questions include steps in GAO's quality control process, including the GAO workpaper set, second partner review, and review by the Technical Accounting and Auditing Expert (Chief Accountant at GAO) when that person is not the second partner. GAO auditors should complete these questions and forms. IG auditors and other auditors may use these questions and forms or may substitute questions and forms that consider their reporting style and quality control. Step: 1. Has the audit team documented an understanding with the users? 2. Does the documentation cover the following? The nature of the engagement; Identification of the subject matter, the responsible entity, and the criteria; Identification of the users of the report; Auditor's responsibilities; Reference to GAGAS and the attestation standards; Agreement on procedures; Disclaimers expected; Any involvement of a specialist; Materiality limits; 3. Was an entrance conference held with the responsible entity? 4. Has the auditor determined whether a letter of representation from the responsible entity is necessary? (Note: This is not a requirement.); 5. Were applicable laws and regulations documented if part of the procedures? 6. Were review responsibilities communicated to individuals on the assignment? 7. Does the documentation contain the following? The scope and methodology, including any sampling criteria used; Documentation of the work performed to support reported results; Descriptions of transactions and records examined; Evidence of supervisory review; 8. Does the documentation record that the applicable standards were followed (AT 201 and AT 101)? 9. Does the documentation record a reasonable basis for the results of the agreed-upon procedures? 10. Does the summary memorandum summarize the results of the procedures and refer to the documentation? 11. Were any deviations from the standard reporting elements documented and the basis approved by the assistant director with copies of the documentation sent to the audit director and Reviewer (AT 201.31)? 12. Was the report referenced? 13. Did the assistant director review the following? Understanding with the client; Memorandum of entrance conference with the responsible entity; Completed work programs; Memorandums on key engagement issues; Summary of the results of the procedures; Memorandum of exit conference with the responsible entity; Deviations from standard reporting language; Financial schedules/statements; Agreed-upon procedures report; GAO workpaper set (or equivalent); 14. Did the audit director review the following? Understanding with the client; Summary of results of the procedures; Memorandum of exit conference with responsible entity; Deviations from standard reporting language; Agreed-upon procedures report; GAO workpaper set (or equivalent); 15. Did the assistant director or the auditor in charge determine that all significant review notes were resolved appropriately? 16. Did the assistant director initial all documentation bundle covers to indicate that all documentation was sufficiently reviewed? 17. Is the report appropriate as to the following? Wording; Scope of work; GAGAS; Explanatory paragraphs; 18. Was the report reviewed by the following? Office of the General Counsel; Technical Accounting and Auditing Expert; Second partner (or equivalent), if not Technical Accounting and Auditing Expert; 19. Is the agreed-upon procedures report dated appropriately or does the report indicate when the auditor completed fieldwork? (AT 201); [End of table] Second Partner's (OR EQUIVALENT) Concurrence on Agreed-Upon Procedures work: Objective of second partner (or equivalent) review: To objectively review significant engagement matters to conclude, based on all facts the second partner (or equivalent) has knowledge of, that no matters were found that caused the second partner (or equivalent) to believe that (1) the procedures were not performed in accordance with GAGAS, which incorporate financial audit and attestation standards established by the American Institute of Certified Public Accountants and (2) the report does not meet professional standards and audit organization policies; Procedures: Before the report was issued, I performed the following procedures: * as necessary, discussed significant engagement issues with the audit director; * read documentation of key decisions and consultations; * read the agreed-upon procedures report; * and; confirmed with the audit director that there are no unresolved issues; Conclusions: Based on all the relevant facts of which I have knowledge, I found no matters that caused me to believe that (1) the agreed-upon procedures were not performed in accordance with GAGAS and the AICPA's attestation standards related to agreed-upon procedures engagements and (2) the report is not in accordance with professional standards and audit organization policies. Title Signature Date. TECHNICAL ACCOUNTING AND AUDITING EXPERT'S Concurrence on Agreed-Upon Procedures work. Objective of review: When the Technical Accounting and Auditing Expert is not the second partner (or equivalent), the Technical Accounting and Auditing Expert should read the report. The Technical Accounting and Auditing Expert should then sign the conclusions below; Conclusions: Based on my reading of the report, I found no matters that caused me to believe that (1) the agreed-upon procedures were not performed in accordance with GAGAS and the AICPA's attestation standards related to agreed-upon procedures engagements and (2) the report is not in accordance with professional standards and audit organization policies. Title Signature Date. [End of section] 660 D - EXAMPLE AGREED-UPON PROCEDURES REPORT: [Date] Management of ABC Agency: Subject: Applying Agreed-Upon Procedures: Count of Cash and Related Items: Dear Management Official: We have performed the procedures contained in the enclosure to this letter, which we agreed to perform and with which you concurred, solely to meet your needs for an independent count of cash and cash-related items as of September 30, 20X1. We conducted our work in accordance with U.S generally accepted government auditing standards, which incorporate financial audit and attestation standards established by the American Institute of Certified Public Accountants. These standards also provide guidance when performing and reporting the results of agreed-upon procedures. You are responsible for the adequacy of the procedures to meet your objectives and we make no representation in that respect. The procedures we agreed to perform consist of counting amounts for cash and related receipts and comparing combined totals to the authorized amounts. The enclosure contains the agreed-upon procedures and our results. We were not engaged to perform, and did not perform, an examination, the objective of which would have been to express an opinion on the amount of cash on hand. Accordingly, we do not express such an opinion. Had we performed additional procedures, other matters might have come to our attention that we would have reported to you. We completed our agreed-upon procedures on [date of completion]. We provided a draft of this letter, along with the enclosure, to your representatives for review and comment. They agreed with the results presented in this letter and its enclosure. This letter is intended solely for the use of the management of ABC Agency and should not be used by those who have not agreed to the procedures or have not taken responsibility for the sufficiency of the procedures for their purposes. However, the report is a matter of public record and its distribution is not limited. If you have any questions, please call [name, title, and telephone number]. Sincerely yours, [Name of Director] Director: Enclosure: Results OF CASH COUNTS: Procedures: We counted and totaled cash on hand for the petty cash fund as of [date]. We also listed and totaled the receipts on hand evidencing disbursements from the fund. Finally, we compared the combined total of cash and receipts available to the amount authorized for the fund ($500). Results: We counted cash totaling $258.96 and scheduled 14 receipts totaling $174.85. The combined total of cash and receipts on hand accounted for $433.81 of the $500 in authorized petty cash funds. In addition, the custodian provided us two separate Expense Summary Report and Petty Cash Itemization Sheets and related receipts for an additional $65.09, which had been submitted for reimbursement to the fund. Thus, the unexplained difference between the authorized amount and the total cash and receipts evidencing petty cash fund disbursements was $1.10. FOOTNOTES [1] The term "auditor," throughout the FAM includes individuals who may be titled auditor, analyst, evaluator, or have a similar position description. [2] The AICPA also issued Practice Alert 2002-02, Use of Specialists. [3] For example, a certain audit may be required by law, in which the auditor, although allowed to hire other auditors to do the work, is required to give his or her own opinion. In the absence of such a requirement, a report expressing concurrence is generally not cost- effective because of the resources required. [4] In this instance both the other auditor and the auditor that expresses concurrence are principal auditors because both have sufficient knowledge of the overall financial statements and the important issues, and the concurring auditor, by reason of the level of work done, has also audited the financial statements. [5] There may be situations where the auditor is asked to provide a separate opinion in addition to presenting the other auditors' report. In these situations, the auditor should follow the wording in section 595 A and/or B and should add the following in lieu of the introduction to the first paragraph on page 595 A-5: "To help fulfill these responsibilities, we contracted with the independent certified public accounting firm of [insert firm name] to perform a financial statement audit in accordance with U.S. generally accepted government auditing standards, OMB's bulletin, Audit Requirements for Federal Financial Statements, and the GAO/PCIE Financial Audit Manual. The report of [name of CPA firm] dated [date] is attached. We evaluated the nature, timing, and extent of the work, monitored progress throughout the audit, reviewed the documentation of [name of CPA firm], met with partners and staff members of [name of firm], evaluated the key judgments, met with officials of [entity being audited], performed independent tests of the accounting records [if applicable], and performed other procedures we deemed appropriate in the circumstances. Our opinions expressed above are consistent with the opinions of [name of CPA firm]. Thus, in this audit, we:" (continue with numbered items). [6] For example, a number of other auditors may have audited individual components of an entity and the auditor may audit the consolidation process. The auditor may choose to use this approach if the auditor has sufficient knowledge of the entire entity and does additional work (see paragraph 650.10). [7] Under the CFO Act and the Government Management Reform Act, if the IG is not doing the audit, he or she is required to determine the CPA firm that will do the work. [8] Obtaining a representation from the head of the audit organization is similar to the procedure for CPA firms under AU 543.10b. [9] Some situations may require significantly more work than the work shown for the high level. In those situations, the auditor generally should perform significant supplemental tests; in some cases, the audit may be a joint audit. [10] In some situations, the auditor may decide less review or no review is necessary. These situations typically involve entities or line items that are very small in relation to the financial statements taken as a whole. In these situations the auditor may decide to read the other auditors' report and the financial statements and ask questions if anything seems unusual. [11] If the other auditors did not provide an opinion on internal control, change this to "there were no material weaknesses in internal control" (and include a definition of material weakness in a footnote). [12] If the other auditors did not provide an opinion (i.e., did not give positive assurance) on whether the entity's systems complied with FFMIA, change this to "no instances in which entity's financial management systems did not substantially comply" (i.e., negative assurance). [13] If the other auditors did not provide an opinion on internal control, change this to read "conclusions about the effectiveness of internal control." [14] If the other auditors did not provide an opinion on FFMIA, change "opinion" to "conclusions." [15] If the auditor found that the other auditors did not comply with GAGAS, or if the auditor disagrees with the other auditors' conclusions, see paragraphs 650.54-.56. [16] This example assumes the other auditors opined on internal control and on whether the financial management systems substantially complied with FFMIA. If the other auditors provided negative assurance, appropriate changes should be made. [17] If the auditor does not concur with the other auditors' report, see paragraphs 650.54-.56. [18] The auditor may request the users to document their agreement with the procedures and their sufficiency for their purposes by signing the engagement letter and returning it to the auditor. [End of section] SECTION 700: Internal Control: 701 - ASSESSING COMPLIANCE OF AGENCY SYSTEMS WITH THE FEDERAL FINANCIAL SYSTEMS WITH THE FEDERAL FINANCIAL MANAGEMENT IMPROVEMENT ACT (FFMIA): .01: FFMIA emphasizes the need for agencies to have systems that can generate timely, reliable, and useful information with which to make informed decisions and to ensure ongoing accountability. FFMIA requires the 24 CFO Act departments and agencies[Footnote 1] to implement and maintain financial management systems that comply substantially with (1) federal financial management systems requirements, (2) applicable federal accounting standards, and (3) the U.S. Government Standard General Ledger (SGL) at the transaction level. The law also requires auditors to report whether agency financial management systems comply with the FFMIA requirements. OMB has provided FFMIA implementation guidance to help agencies and their auditors determine compliance. This section also provides guidance for assessing agency systems' compliance with FFMIA. It explains FFMIA's requirements and discusses audit issues related to testing for compliance with the act. An example audit program is included as section 701 A. FFMIA REQUIREMENTS: .02: OMB Circular A-127, Federal Financial Systems,[Footnote 2] also addresses the three FFMIA requirements. OMB Circular A-127 prescribes policies and standards for executive branch departments and agencies to follow in developing, operating, evaluating, and reporting on financial management systems (see www.whitehouse.gov/omb/financial). In its FFMIA implementation guidance, OMB identifies the applicable requirements from Circular A-127 that should be assessed when making an FFMIA compliance determination.[Footnote 3] OMB, in Circular A-127, refers to the federal financial management systems requirements, a series of publications issued by the Joint Financial Management Improvement Program (JFMIP), as the source of governmentwide requirements for financial management systems software functionality. JFMIP has developed a framework to describe the basic elements of an integrated financial management system, including the core financial system. Agency financial management systems fall into four categories: core financial systems, other financial and mixed systems[Footnote 4] (such as procurement, property, budget, payroll, and travel systems), shared systems,[Footnote 5] and departmental executive information systems (systems to provide information to all levels of management.): .03: JFMIP has developed publications of systems requirements for the core financial system and for some of the mixed or feeder systems (see www.jfmip.gov). The systems requirements in the publications are stated as either mandatory (required) or value-added (optional). Agencies should use the mandatory functional and technical requirements in planning system improvement projects, whereas value-added requirements should be used as needed. The core financial management system affects all financial event transaction processing because it maintains reference tables used for editing and classifying data, controls transactions, and maintains security. The core financial management system consists of six functional areas: general ledger management, funds management, payment management, receivable management, cost management, and reporting. OMB Circular A-127 requires agencies to use for agency core financial management systems commercial-off-the-shelf (COTS) software that has been tested and certified through the JFMIP software certification process. According to JFMIP, core financial management system certification does not mean that agencies that install qualified software packages will have financial systems that are in compliance with FFMIA. Many other factors can affect the capability of the systems to comply with FFMIA, including modifications made to the JFMIP-certified core financial management system software, and the validity and completeness of data from feeder systems. JFMIP's certification process does not eliminate or significantly reduce the need for agencies to develop and conduct a comprehensive testing effort to ensure that the software product meets their requirements: .04: The federal accounting standards, the second requirement of FFMIA, are promulgated by the Federal Accounting Standards Advisory Board (FASAB). FASAB develops accounting standards after considering the financial and budgetary information needs of Congress, executive agencies, and other users of federal financial information as well as comments from the public (see www.fasab.gov). FAM section 560 describes the relationship of the FASAB standards to the hierarchy of accounting principles. .05: Implementing the SGL at the transaction level is also a requirement of FFMIA. The SGL provides a uniform chart of accounts and guidance for use in standardizing federal agency accounting and supports the preparation of standard external reports required by OMB and Treasury (see www.fms.treas.gov/ussgl). The SGL is defined in the latest supplement, which is released annually, to the Department of the Treasury's Treasury Financial Manual (TFM). The supplement is composed of five major sections (1) chart of accounts, (2) account descriptions, (3) accounting transactions, (4) SGL attributes, and (5) report crosswalks. Each agency should implement a chart of accounts that is consistent with the SGL and meets the agency's information needs. OMB Circular A-127 states that application of the SGL at the transaction level means that financial management systems will process transactions following the definitions and defined uses of the general ledger accounts as described in the SGL. Transaction detail supporting SGL accounts are required to be available in the financial management systems and directly traceable to specific SGL account codes. In addition, the criteria for recording financial events in all financial management systems should be consistent with accounting transaction definitions and processing rules defined in the SGL. .06: OMB's FFMIA implementation guidance requires the CFO act agency auditors to perform tests of the compliance of the entity's systems with FFMIA. Auditors who are reporting that agency financial management systems do not substantially comply with FFMIA requirements are to include in their reports (1) the entity or organization responsible for the financial management systems that have been found not to be substantially compliant and all pertinent facts relating to the noncompliance, (2) the nature and extent of the noncompliance including areas in which there is substantial but not full compliance, (3) the primary reason or cause of the noncompliance, (4) the entity or organization responsible for the noncompliance, (5) any relevant comments from any responsible officer or employee, and (6) a statement with respect to the recommended remedial actions for each instance of noncompliance and the time frames for implementing these actions. FFMIA as well as OMB's FFMIA implementation guidance require agencies to report whether the agencies' financial management systems comply with FFMIA's requirements and prepare remediation plans that include resources, remedies, and intermediate target dates necessary to bring the agency's financial management systems into substantial compliance. .07: According to OMB's FFMIA implementation guidance, auditors are to plan and perform their audit work in sufficient detail to enable them to determine the degree of compliance and report on instances of noncompliance for all of the applicable FFMIA requirements. The guidance describes specific minimum requirements from Circular A-127 that agency systems should meet to achieve compliance and provides indicators of compliance. The indicators included in OMB's implementation guidance are characterized as examples and are not all- inclusive. The four primary factors OMB identifies as critical to assessing compliance with FFMIA are determining whether agencies can:[Footnote 6] * Prepare financial statements and other required financial and budget reports using information generated by the financial management system(s); * Provide reliable and timely financial information for managing current operations; * Account for their assets reliably, so that they can be properly protected from loss, misappropriation, or destruction; and, * Do all of the above in a way that is consistent with federal accounting standards and the Standard General Ledger. AUDIT ISSUES: .08: While financial statement audits will offer some assurances regarding FFMIA compliance, auditors should design and implement additional testing to satisfy the criteria in FFMIA. For example, in performing financial statement audits, auditors generally focus on the capability of the financial management systems to process and summarize financial information that flows into agency financial statements. In contrast, FFMIA requires auditors to assess whether an agency's financial management systems comply with systems requirements. To do this, auditors need to consider whether agency systems provide complete, accurate, and timely information for managing day-to-day operations. This is based on Congress' expectation, in enacting FFMIA, that agency managers would have any necessary information to measure performance on an ongoing basis rather than just at year-end. Financial statement auditors generally review performance measure information for consistency with the financial statements, but do not assess whether managers have the performance-related information to manage during the fiscal year. .09: As a result of the overlapping scope and nature of FFMIA assessments and financial statements audits, the auditor should use, where appropriate, the audit work performed as part of the financial statement audit. In the example audit program (FAM 701 A) for testing compliance with FFMIA, several procedures indicate that the auditor may have performed the procedure as part of the financial statement audit; whereas, other procedures needed to assess FFMIA compliance require additional work not normally contemplated by financial statement auditors. The determination of FFMIA compliance need not be performed simultaneously with the financial statement audit. The determination of FFMIA compliance may be performed by different staff or staggered throughout the assessment time frame. While the example audit program provides steps the auditor should perform, the auditor may tailor the steps to satisfy the objectives or intent of the step if the step cannot be completed as described. Because of the broad scope of federal operations and the many variations that can and do flow from such a broad scope, the degree of specificity in the example audit program varies. For example, each agency will likely need and use a variety of internal reports for managing current operations. These reports may be on line or in hard copy. Auditors will need to use their skills and professional judgment to assess the adequacy of these reports that are essential to having FFMIA compliance. Auditors may also rely on other work products that address the objectives of the example audit procedures. .10: As discussed in FAM section 350, the auditor need not perform specific tests of the systems compliance with FFMIA requirements for agencies with longstanding, well-documented financial management systems weaknesses that severely affect the systems' ability to comply with FFMIA requirements. The auditor should understand management's process for determining whether its systems comply with FFMIA requirements and report any deficiencies in management's process along with previously identified problems. .11: FAM paragraphs 580.62 through .66 and FAM section 595 A provide FFMIA reporting guidance. When reporting a lack of substantial compliance, the auditor should refer to FAM 595 B for suggested modifications to the report. FAM Part III, section 1603, provides guidance that GAO will use to provide an affirmative statement when reporting on compliance with FFMIA. [End of section] 701 A - EXAMPLE AUDIT PROCEDURES FOR TESTING COMPLIANCE WITH FFMIA: Entity: Date of review: Job code: Objective: FFMIA requires the 24 major departments and agencies covered by the CFO Act to implement and maintain financial management systems that comply substantially with (1) federal financial management systems requirements, (2) applicable federal accounting standards, and (3) the U.S. Government Standard General Ledger (SGL) at the transaction level. OMB also requires certain designated entities to determine FFMIA compliance. The objective of this audit program is to assess whether agencies' systems' comply with FFMIA. FFMIA example audit procedures: Description of Procedure: I. Planning (May be combined with the work to plan the financial statement audit); A. To understand the FFMIA requirements, read: Federal Financial Management Improvement Act, P.L. 104-208; Audit Requirements for Federal Financial Statements (OMB Bulletin); OMB Memorandum, January 4, 2001, Revised Implementation Guidance for the Federal Financial Management Improvement Act; JFMIP Publications of Federal Financial Management System Requirements including the Framework and Core Financial System Requirements; Form and Content of Agency Financial Statements (OMB Bulletin); FASAB Standards; Treasury Financial Manual (TFM) sections related to the SGL (see transmittal letter S2-01-02 and TFM Part 2, Chapter 4000); OMB Circular No. A-123, Management Accountability and Control; OMB Circular No. A-127, Financial Management Systems; OMB Circular No. A-130, Management of Federal Information Resources; Government Information Security Reform (GISR) legislation, Floyd D. Spence National Defense Authorization Act for Fiscal Year 2001, Pub. L. 106-398. B. Read the prior year's workpapers and audit report to identify (1) the auditors' FFMIA determinations, (2) reported instances of noncompliance with FFMIA, and (3) material weaknesses and reportable conditions related to the agency's financial management systems; Prepare a schedule of the previously identified problems to follow up on the status of these specific problems. See section 701 B for an example of the schedule. C. Read the most recent FMFIA report, IG reports, GAO reports, internal control workpapers from the financial statement audit or other reports related to financial systems and consider the impact of any reported weaknesses on the FFMIA assessment; Obtain an update on the status of the issues and document problems identified in the schedule in section 701 B. D. Read the cycle memoranda for each of the audit cycles completed for the current year audit. Document issues related to FFMIA compliance in the schedule in section 701 B. E. From the work performed in part I (planning), decide whether it is necessary to perform the remaining test steps. If the information gathered indicates "longstanding, well-documented financial management systems weaknesses" that preclude compliance with FFMIA requirements, then: Document recognition of longstanding, well-documented financial management systems weaknesses and identify the source for this conclusion; Obtain and document an understanding of management's process for determining whether its systems comply with FFMIA requirements. Report any deficiencies identified in management's process; Complete step V (summary), except for completion of the schedule in FAM section 701 B. II. Testing for Compliance with Federal Financial Management Systems Requirements; A. Ask whether the agency has an agencywide inventory of its systems. If so, obtain the inventory and any supporting documentation. B. From the agency's inventory of systems, identify the core financial management systems and the feeder systems; 1. Document the key internal controls and the information flows between the core financial systems and the feeder systems in a flowchart or narrative. (This step may be performed as part of the internal control phase); a. Determine whether the feeder systems are integrated or interfaced with the core financial system. Note: Feeder systems that are integrated with the core financial system share data tables. Therefore, reconciliations should not be necessary; b. If the feeder systems interface with the core systems, determine whether reconciliations are performed between the systems. If reconciliations are performed, determine how often and by whom; assess the adequacy of the reconciliation, including follow-up activities and supervisory review; c. Through interviews with agency management and reading of systems documentation, determine if the agency's systems have detective controls (i.e., batch control or hash totals or supervisory reviews) and preventive controls (i.e. segregated duties, appropriate authorizations, or access controls) to process transactions properly and timely. (May be performed as part of the internal control phase). 2. Using the documentation prepared in step II.B.1 above, identify those JFMIP financial management systems requirements that are applicable to the agency's operations. For example, for those agencies that do not have grant or loan programs, the auditor would not need to assess whether JFMIP requirements related to grants or loans are applicable. Document the results. C. Determine whether the agency's core financial management system and the financial portions of its applicable feeder systems, as identified in step II.B.2 above, conform to JFMIP's federal financial management systems requirements; Ask whether the agency's core financial management system is a JFMIP-certified COTS system. If so, ask which version of the software is being used and obtain the agency's JFMIP certification for that software version. [Agencies replacing software to meet core financial system requirements must use JFMIP-certified core financial management systems as required by OMB Circular A-127, but it is not a noncompliance issue for FFMIA purposes.]. 1. Ask whether there have been significant changes in the agency's automated business processes since compliance testing with JFMIP requirements was last performed. If so, ask whether the agency has performed an assessment of any new functionality using the JFMIP system requirements documents, GAO checklists, or similar tools. Document the results. 2. For those agencies with a core financial management system that is not a JFMIP-certified COTS and for any feeder systems, obtain any analyses performed by agency management to support its FFMIA and FMFIA assessments that document how the agency's systems conform to the applicable JFMIP systems requirements. If management has not performed an analysis of systems functionality, go to step C.5. 3. Select several important functions that management has reported as complying with the systems requirements and determine if management's assessment can be relied upon. 4. If management's results cannot be relied upon for each system, perform an assessment of the functionality of the applicable systems using JFMIP system requirement documents, GAO checklists or other similar tools. 5. Document in section 701 B, the instances and related impact in which the agency's systems did not comply with JFMIP requirements. D. Ask if management receives appropriate reports that are significant to performing day-to-day management operations; 1. Determine the adequacy of reports used to manage day-to-day operations; a. For reports that are produced by the agency's financial management systems, ask knowledgeable users, read the agency's financial management systems documentation, and from other audit work, use professional judgment to determine if the reports produced by the systems are timely, useful, reliable, complete, and appropriately summarized for the management level receiving the report. Use professional judgment, agency policy, and/or criteria evident from each report to determine its timeliness and accuracy; i.e., if a report is due by the 10th of each month, verify it was provided by the 10th OF EACH MONTH. IF ONLY ON-LINE ACCESS IS PROVIDED FOR IMPORTANT internal reports, through observation, documentation, and inquiry--such as obtaining systems logs and asking key managers about their work habits--assess whether the reports were available and accessed. Through inquiry and observation, assess if management uses the reports to manage operations. Ask management what improvements are needed in the current reporting methods. Document the results; b. If the reports were not produced by the agency's financial management systems, ask how the reports were prepared and perform a similar assessment as described in step D.1.a. 2. Determine whether appropriate levels of management are receiving adequate and timely management information. See FAM paragraph 903.12 for questions related to determining FFMIA compliance with SFFAS No. 4; a. Using professional judgment and industry best practices, identify internal management performance-related information that should be available for managing day-to-day operations; b. Determine whether appropriate levels of management are receiving the information identified in step D.2.a; c. If full costing is not used in these management reports, assess whether the lack of full cost information affects the usefulness of the information. Review management's justification that full costing would not be beneficial for the internal reports. This may need to be assessed on a case-by-case basis. 3. Include any deficiencies identified and related impact in the schedule shown in section 701 B. E. Identify the agency's external reports that are related to financial management such as those used for budget formulation and execution, fiscal management of agency programs, funds management, payments and receipts management, and to support the legal, regulatory, and other special requirements of the agency; 1. Through interviews with knowledgeable users and reading of the agency's financial management system documentation, determine if the reports are produced by the systems; a. For external reports that are tested as part of the financial statement audit, include any deficiencies identified and the related impact in section 701 B; b. For external reports that are not tested as part of the financial statement audit, using professional judgment select several reports and assess whether the reports are reliable, timely, and complete. Include any deficiencies identified and the related impact in section 701 B. 2. As an indicator of systems deficiencies, determine the magnitude and type of adjustments made by both management and the auditors to derive financial statements after the end of the accounting period. F. Determine if the agency's financial management systems track financial events and summarize information to facilitate the preparation of auditable financial statements. This determination can result from work performed as part of the financial statement audit. Document the deficiencies and the related impact in the schedule shown in section 701 B. G. Determine if the financial management systems enable the agency to prepare, execute, and report on the agency's budget in accordance with the requirements of OMB Circular No. A-11. This determination can result from work performed as part of the financial statement audit. Document the deficiencies and the related impact in the schedule shown in section 701 B. H. Determine if the agency's financial management systems capture and produce the financial information required to measure program performance; 1. Identify the agency's performance measures from its most recent accountability report that include data from the agency's financial management systems. 2. Ask agency management whether an assessment was performed of the validity of the financial data used to derive the performance measures. If so, obtain and review the assessment and any supporting documentation. 3. If agency management has not assessed the validity of the financial data used to derive the agency's performance measures, include this deficiency in section 701 B. 4. Determine if recent GAO or IG reports have addressed the validity of financial data used to derive performance measures. 5. If any deficiencies were identified, include them along with the related impact in the schedule shown in FAM section 701 B. I. Coordinate with the Information Security (IS) auditors to determine if the agency has implemented and maintains a program to provide adequate security for all agency information that is collected, processed, transmitted, stored, or disseminated in financial management systems; 1. Have the IS auditors review the annual management evaluation and the annual independent evaluation conducted in accordance with the Government Information Security Reform (GISR) legislation. 2. Document the deficiencies and related impact identified by the IS auditors in the schedule shown in section 701 B. J. Determine if the financial management systems include internal control to safeguard resources against waste, loss, and misuse, and whether reliable data are obtained, maintained, and disclosed in system generated reports. Some of the information needed to make this determination may be obtained from the work performed in the internal control phase of the financial statement audit, and other systems internal control weaknesses may be identified from other audit reports reviewed and steps performed in this program. Document the results in section 701 B. III. Testing for Compliance with the Federal Accounting Standards; A. Determine if the agency's financial statements are compiled in accordance with applicable accounting standards; 1. Ask agency management and review financial statement audit results to determine whether any FASAB standards are not applicable. Document the results. Analyze the resultant list of applicable/inapplicable FASAB standards for reasonableness and use the list as a reference in performing these steps. 2. Determine if any issues reported as part of the financial statement audit were related to the lack of the agency's implementation of the accounting standards in their systems or the standards were not properly applied because of inadequate or improperly implemented manual procedures. Document the results in the schedule shown in section 701 B. B. Perform tests to determine if the agency's cost accounting systems * use the agency's accounting classification elements to identify and establish unique cost objects to capture, accumulate, and report costs and revenues; * allocate and distribute the full cost and revenue of cost objects as defined by OMB including services provided by one federal entity to another for external reporting; and * transfer cost data directly to and from other cost systems/applications that produce or allocate cost information; Also, see step II.D.2 of this audit program. C. From the deficiencies identified in performing steps in part II (testing for compliance with federal financial management systems requirements) and from tests conducted as part of the financial statement audit, determine if the financial systems record and summarize transactions in accordance with applicable accounting standards. Note that the systems functionality assessments performed in step II. B. should have determined any compliance issues related to accounting standards since the accounting standards are used as a source for systems functionality requirements. Document the results and the related impact in the schedule shown in section 701 B. IV: Testing for Compliance with the SGL: A. Determine whether the agency financial management systems use financial data that can be traced directly to SGL accounts to produce reports providing financial information for both internal and external reporting; 1. Ask agency management and from the documentation prepared in step II.B.1 above, determine how financial transaction data are summarized from the financial systems to the core financial system. 2. Compare the agency's chart of accounts to the SGL accounts and identify any deviations. 3. Review all of the standard entries allowed by the core financial system to determine if these entries conform to the SGL posting rules. 4. Document any deficiencies and the related impact in the schedule shown in section 701 B. B. Ask whether the agency uses a crosswalk from its chart of accounts for its core financial management system to the SGL. If so, perform tests to determine the accuracy of the crosswalk; 1. Trace all SGL accounts to the crosswalk. 2. Identify any SGL accounts that are not included in the crosswalk. Identify any agency accounts not associated with an SGL account in the crosswalk. 3. Compare the posting rules used by the system to those included in the SGL to determine whether the posting rules used by the system conform to the SGL. 4. Document deficiencies and the related impact in the schedule shown in section 701 B. V. Summary; A. Summarize the results of the work performed above and assess the agency's compliance with the federal financial management systems requirement of FFMIA; 1. Finalize the schedule of the FFMIA noncompliances identified in the schedule prepared in FAM section 701 B. 2. Read the agency's management representation letter covering the fiscal year under audit to obtain the agency management's FFMIA determination; a. Document the entity or organization responsible for the financial management systems that have been found not to comply; b. Document all facts pertaining to the: i. nature and extent of the noncompliance and areas where there is substantial but not full compliance; ii. primary reason or cause of the noncompliance; iii. impact of the noncompliance; iv. entity or organization responsible for the noncompliance; and; v. relevant comments from any responsible officer or employee; c. Assess the recommended remedial actions for each instance of noncompliance and the time frames for implementing these actions. Include this assessment in the schedule in section 701 B. 3. After reviewing the nature and extent of deficiencies identified, conclude whether the systems deficiencies identified constitute lack of substantial compliance with FFMIA. Consider the four factors in paragraph 701.07 from OMB's FFMIA implementation guidance when drawing this conclusion. 4. Prepare the FFMIA section of the report. See FAM paragraphs 580.62 through .66 and sections 595 A, 595 B, and 1603, as appropriate. [End of section] 701 B - SUMMARY SCHEDULE OF INSTANCES OF NONCOMPLIANCE WITH FFMIA: [See PDF for image] [End of table] FOOTNOTES [1] OMB also requires certain designated entities to determine FFMIA compliance. [2] OMB is considering revising this guidance. [3] OMB did not include certain elements of Circular A-127, section 7, in its FFMIA implementation guidance because some of the elements are not essential to satisfying the requirements of FFMIA and to the ability of an agency's systems to provide reliable, timely, and useful information necessary for federal managers' responsibilities. Accordingly, those elements are not included in this section. [4] Mixed systems are any information systems that support both financial and non-financial functions of the federal government. Mixed systems can also be feeder systems. [5] Shared systems are governmentwide systems used by agencies with information and data definitions common to all users. [6] OMB is considering revising this guidance. [End of section] SECTION 800: Compliance: 802 - General Compliance Checklist: .01: The compliance testing section consists of a General Compliance Checklist (questionnaire) for identifying laws and regulations for compliance testing and supplements for the laws OMB requires auditors of CFO Act agencies to test for (see section 295 H) and other laws of general applicability auditors may consider during federal financial audits. The compliance supplements provide detailed guidance for assessing the effectiveness of compliance controls and testing compliance with the significant provisions of each law. .02: The General Compliance Checklist (Form 802), or equivalent, generally should be completed for federal financial audits. If an individual law is considered to be significant for purposes of compliance testing, the related supplement should be completed. Supplements should be completed only for laws required to be tested for CFO Act agencies and for other laws identified for compliance testing on the General Compliance Checklist. Use of these documents is described below. .03: To understand and evaluate compliance controls, the auditor also should follow the guidance in FAM 260 on identifying risk factors and in FAM 320 on understanding information systems. The FAM also provides additional guidance on compliance considerations for all audit phases. INSTRUCTIONS FOR GENERAL COMPLIANCE CHECKLIST: .04: The checklist contains a summary of each law. The auditor generally should use this checklist or equivalent to determine which of these laws are considered to be significant for purposes of testing compliance, as discussed in FAM 245. The auditor should indicate whether each law meets the criteria for significance by placing a check mark in the appropriate column (yes or no). OMB audit guidance requires auditors of CFO Act agencies to test for five of the laws, as noted in section 295 H. Auditors also may test for the other four laws if they have determined they are material to the financial statements being audited. .05: The auditor may need to use estimates or interim information in the preliminary column. The final amounts (based on the audited amounts or the final amounts of available budget authority) are used to determine whether all laws that would be significant in quantitative terms have been identified for control and compliance testing. The sources of all amounts included in this checklist should be documented. If the law is considered to be significant from a qualitative standpoint, the reasons for this conclusion should be documented. .06: Supplements to the General Compliance Checklist (Form 802): Supplement number: Law: Antideficiency Act (required for CFO Act agencies); Supplement number: 803. Law: Federal Credit Reform Act of 1990 (required for CFO Act agencies); Supplement number: 808. Law: Provisions Governing Claims of the U.S. Government as provided primarily in 31 U.S.C. 3711-3720E (Including the Debt Collection Improvement Act of 1996 (DCIA)) (required for CFO Act agencies); Supplement number: 809. Law: Prompt Payment Act (required for CFO Act agencies); Supplement number: 810. Law: Pay and Allowance System for Civilian Employees as Provided Primarily in Chapters 51-59 of Title 5, U.S. Code (required for CFO Act agencies); Supplement number: 812. Law: Civil Service Retirement Act; Supplement number: 813. Law: Federal Employees Health Benefits Act; Supplement number: 814. Law: Federal Employees' Compensation Act; Supplement number: 816. Law: Federal Employees' Retirement System Act of 1986; Supplement number: 817. [End of table] Entity: Period of financial statements: Job code: Description of Law: Antideficiency Act - 31 U.S.C. 1341, 1342, 1514, 1517: This law imposes restrictions on the amounts of budgetary authority that may be obligated or expended. As discussed in FAM 250, the auditor should obtain information on the entity's budget authority, from sources such as appropriation legislation, and identify all legally binding restrictions on budget execution; Do the amounts of any legally binding budget execution restrictions on budget authority in effect during the audit period exceed planning materiality or are provisions of the Antideficiency Act otherwise considered to be significant? (OMB audit guidance requires auditors of CFO Act agencies to test for compliance with this law.); Individual appropriations: (Preliminary; Final): budget authority: (Preliminary; Final): Planning materiality: (Preliminary; Final): If yes, complete compliance supplement 803; Federal Credit Reform Act of 1990 (FCRA), 2 U.S.C. 661-661f; This law contains numerous provisions relating to the recording of activity related to direct loans, loan guarantees, and related modifications for budget accounting purposes. The law provides that after October 1, 1991, an agency may incur new direct loan obligations or make new loan guarantee commitments only to the extent that Congress has provided budget authority to cover the costs of the loan or loan guarantee; Does the entity's budget authority available during the audit period for direct loan obligations, loan guarantee commitments, or any related modifications exceed planning materiality or are provisions of the FCRA of 1990 otherwise considered to be significant? (OMB audit guidance requires auditors of CFO Act agencies to test for compliance with this law.); Total appropriations or other budget authority available during the fiscal year for costs of FCRA activities (direct loans, loan guarantees, and related modifications): (Preliminary; Final) Planning materiality: (Preliminary; Final) If yes, complete compliance supplement 808. Provisions Governing Claims of the U.S. Government, Including the Debt Collection Improvement Act of 1996 (DCIA): These provisions address the collection of amounts owed to the federal government. Interest generally accrues from the date that a notice stating the amount due and the interest policies is first mailed to the debtor. Interest generally accrues at a rate established by the Secretary of the Treasury. Administrative costs and penalties shall also be charged; The provisions also require the entity to take all appropriate steps to collect the debt before discharging it and to notify Treasury about delinquent debt for administrative offset, collection by a debt collection center, or tax refund offset. Entities shall also participate in a computer match of delinquent debt with federal employees, and when collection actions are terminated, the entity holding delinquent debt shall sell it. Provisions also require the entity (or entities making loans the government guarantees) to notify credit-reporting agencies about delinquent debt and not make or guarantee loans to persons who owe delinquent debt; Does the cumulative amount of receivables created during the audit period that are subject to provisions governing claims of the U.S. government, including DCIA, exceed planning materiality; does the amount of receivables at the end of the audit period that are subject to provisions governing claims of the U.S. government, including DCIA, exceed planning materiality; or are provisions governing claims of the U.S. government, including the DCIA, otherwise considered to be significant? (OMB audit guidance requires auditors of CFO Act agencies to test for compliance with this law.) Provisions Governing Claims of the U.S. Government, Including the Debt Collection Improvement Act of 1996 (DCIA): Cumulative amount of; receivables created during the; audit period that are subject to; provisions governing claims of; the U.S. government, including; DCIA: (Preliminary; Final) or: Amount of receivables at the end of the audit period that are subject to provisions governing claims of the U.S. government, including DCIA: (Preliminary; Final). Planning materiality: (Preliminary; Final) If yes, complete compliance supplement 809; Note: These provisions of the law generally do not apply to amounts payable to the entity under the Internal Revenue Code, the Social Security Act, or tariff laws. Those laws contain specific provisions for these amounts. Prompt Payment Act, 31 U.S.C. 3901 et seq: The Prompt Payment Act requires federal entities to make payments for property or services by the due date specified in the related contract or, if a payment date is not specified in the contract, generally 30 days after the invoice for the amount due is received. If payments are not made within the appropriate period, the entity shall pay an interest penalty. Also, discounts offered by vendors may be taken only during the specified period. If they are taken after the time period has expired, an interest penalty shall be paid; Do the entity's payments for property or services subject to the Prompt Payment Act for the audit period exceed planning materiality or are provisions of the Prompt Payment Act otherwise considered to be significant? (OMB audit guidance requires auditors of CFO Act agencies to test for compliance with this law.); Amount of payments made for property and services subject to the Prompt Payment Act: (Preliminary; Final) Planning materiality: (Preliminary; Final) If yes, complete compliance supplement 810; Pay and Allowance System for Civilian Employees as Provided Primarily in Chapters 51-59 of Title 5, U.S. Code; These laws require that employees be paid at the appropriate rates established by law, including general pay increases, and that employees be paid at least minimum wage; Does the entity's payroll expense for the audit period exceed planning materiality or are related provisions of the Pay and Allowance System for Civilian Employees (as provided primarily in Chapters 51-59 of Title 5, U.S. Code) otherwise considered to be significant? (OMB audit guidance requires auditors of CFO Act agencies to test for compliance with this law.); Payroll expense: (Preliminary; Final) Planning materiality: (Preliminary; Final) If yes, complete compliance supplement 812; It is not expected that the entity's expense for performance awards, cash awards, overtime, travel, transportation, subsistence, or allowances for the audit period would exceed planning materiality. However, if these items or related provisions of the Pay and Allowance System for Civilian Employees are otherwise considered to be significant, the auditor should consult with the Office of General Counsel (OGC) for specific provisions to be considered for compliance testing; Civil Service Retirement Act, 5 U.S.C. 8331 et seq: This law provides retirement benefits to employees who were hired prior to January 1, 1984. For each employee, the entity withholds a percentage of basic pay from the employee's compensation and contributes an equal amount for retirement. The employee and entity amounts are remitted to Treasury; Does the entity's expense for retirement costs under the Civil Service Retirement Act for the audit period exceed planning materiality or are provisions of the Civil Service Retirement Act otherwise considered to be significant? Expense for retirement contributions: (Preliminary; Final) Planning materiality: (Preliminary; Final) If yes, complete compliance supplement 813. Federal Employees Health Benefits Act, 5 U.S.C. 8901 et seq: This law provides health insurance coverage to employees who elect health insurance benefits. For each employee who elects coverage, the entity pays an amount set by OPM for insurance costs. The entity portion cannot exceed 75 percent of the insurance cost. The employee pays the remainder of the total cost. Information on the employee and entity cost of the insurance is published by OPM. The entity withholds the amount of the employee's portion of the cost from the employee's pay and remits this amount, along with its own contribution, to Treasury; Does the entity's expense for health insurance costs for the audit period exceed planning materiality or are provisions of the Federal Employees Health Benefits Act otherwise considered to be significant? Expense for health insurance: (Preliminary; Final); Planning materiality: (Preliminary; Final); If yes, complete compliance supplement 814; Federal Employees' Compensation Act, 5 U.S.C. 8101 et seq: This law provides for the compensation of employees injured or disabled while performing their duties. Claims are paid out of the Federal Employees' Compensation Fund. Federal entities are billed annually by the fund for claims paid on their behalf; Does the entity's expense for the audit period for benefits paid by the Federal Employees' Compensation Fund on the entity's behalf exceed planning materiality or are provisions of the Federal Employees' Compensation Act otherwise considered to be significant? Expense for Compensation Fund claims: (Preliminary; Final); Planning materiality: (Preliminary; Final); If yes, complete compliance supplement 816; Federal Employees' Retirement System Act of 1986, 5 U.S.C. 8401 et seq: This law provides retirement benefits for employees who were hired after December 31, 1983. For each employee, the entity withholds a percentage of basic pay from the employee's compensation and contributes an amount equal to the employing agency's applicable normal cost percentage less the employee deduction rate for retirement. The employee and entity amounts are remitted to Treasury; Does the entity's expense for retirement costs under the Federal Employees' Retirement System Act for the audit period exceed planning materiality or are provisions of the Federal Employees' Retirement System Act of 1986 otherwise considered to be significant? Expense for retirement contributions: (Preliminary; Final); Planning materiality: (Preliminary; Final); If yes, complete compliance supplement 817. Other laws; Perform the following procedures and include references to supporting documentation: 1. As described in FAM 245.02, read the list of laws and regulations identified by the entity as significant to others. (See [EMPTY].); 2. With OGC assistance, identify any other laws or regulations that have a direct effect on determining financial statement amounts. Determine whether any such laws or regulations are material to the financial statements. (See [EMPTY].); 3. Consider whether to test compliance with any indirect laws or regulations and make inquiries of management as discussed in FAM 245.04-.06. (See [EMPTY].); 4. For all laws or regulations identified for testing above, identify significant provisions using the criteria in FAM 245.02. Test compliance controls and compliance as described in FAM 300 and 460; Are any other laws or regulations identified for compliance testing? If yes, attach a list of the laws or regulations identified to this form and reference it to control and compliance work performed. [End of table] INSTRUCTIONS FOR COMPLIANCE SUPPLEMENTS: .07: Each compliance supplement consists of (1) a compliance summary, (2) a compliance audit program, and (3) notes. Compliance Summary: .08: For each law identified for compliance testing on the General Compliance Checklist, the auditor generally should complete the related compliance summary or equivalent. The compliance summary is designed to assist the auditor in planning compliance control tests and summarizing the results of compliance control tests and compliance tests for reporting the results of the work performed. .09: The first column contains a description of the specific provisions of the law that have been identified for compliance testing, the type of provision, and the reference to the law. .10: The second column contains the objective related to the specific provision to be used for both compliance control and compliance testing. .11: The auditor should identify the control activities that the entity has in place to achieve each objective and document the control activity in the third column. If the entity does not have a control activity that achieves the objective, the auditor should document this condition in the third column. .12: The fourth column is used to indicate whether the control activity is information system (IS)-related as described in FAM 270.04. IS controls are those the effectiveness of which depends on computer processing. They can generally be classified into general, application, and user controls. Testing of IS controls generally should be performed by an IS auditor, although the audit team may assist the IS auditor. .13: The auditor should design control tests to determine whether the control activities that have been identified in the third column are in place and operating effectively. A control activity is considered to be effective if it achieves the control objective. The control testing program and the control tests should be recorded in the documentation. The results of these tests and the auditor's conclusions on the effectiveness of the compliance controls should be documented in the fifth column of the Compliance Summary. A reference to supporting documentation should be included in this column. .14: Compliance tests should be performed using the related Compliance Audit Program as described below. The results of the compliance tests should be indicated in the last column of the Compliance Summary along with a reference to the supporting documentation. Compliance Audit Program: .15: A compliance audit program has been developed for the provisions identified on the related compliance summary for each law. For each law identified for compliance testing on the General Compliance Checklist, the auditor generally should perform each step of the related compliance audit program. Because the subject matter of some laws is closely related to matters the auditor will be planning to test for other parts of the audit, the auditor should consider coordinating with that other testing and designing multipurpose tests. For example, payroll compliance testing could be performed using multipurpose tests of payroll controls and/or substantive payroll testing. The auditor generally should initial in the "performed by" column of the compliance audit program when he or she performs the procedure. A reference to the documentation recording the work performed for each step generally should be included in the last column of the compliance audit program. 803 - ANTIDEFICIENCY ACT: Note: Complete this compliance summary or prepare equivalent documentation only if provisions of the Antideficiency Act are considered to be significant as indicated on Form 802 - General Compliance Checklist. OMB guidance on budget execution, including the Antideficiency Act, is included in OMB Circular A-11, Part 4. [See PDF for image] [End of table] Note: Complete this program or prepare equivalent documentation only if provisions of the Antideficiency Act are considered to be significant as indicated on Form 802 - General Compliance Checklist. The procedures in this program are designed to test compliance with the provisions listed on the Compliance Summary for this law. Audit Procedures: 1. List the appropriations or other budget authority and the related budget accounts that were identified for compliance testing on Form 802 - General Compliance Checklist. Per page 802-3, the auditor should identify all legally binding restrictions on budget execution, from sources such as appropriation legislation; (The following tests for compliance with the Antideficiency Act should be coordinated with tests of the Statement of Budgetary Resources and with tests of expenses.) 2. As discussed in FAM 460.03, the auditor needs assurance that the summarized budget information (obligations and expenditures) used for compliance tests is reasonably accurate and complete. This assurance may be provided through effective controls (usually the budget controls) or, if the controls are not effective, through substantive testing of budget amounts for validity, completeness, cutoff, recording, classification, and summarization as described in FAM 495 B; For the accounts listed in step 1, document if this assurance is provided through effective controls (as indicated on Form 803 - Compliance Summary) or if substantive tests of the budget information are necessary; If the controls are not considered to be effective in meeting some or all of the budget control objectives listed in FAM 395 F, perform substantive tests of the budget amounts (obligations and expenditures) as discussed in FAM 495 B. These substantive tests should be performed only for those potential misstatements for which the entity does not have effective budget controls; After the auditor is satisfied as to the reasonableness of the budget amounts to be used for the compliance tests, perform the compliance tests in steps 3 and 4. 3. Compare the actual amounts of budget obligations and expenditures with the related appropriation or other budget authority listed in step 1. If the entity does not appear to have complied with the provision, perform step 5. (31 U.S.C. 1341(a)(1)(A) and (C)). 4. Determine the entity's legally binding level of budget authority (below the appropriation level) that was identified during the planning phase. This level is usually the apportionment level unless the entity has elected a lower level, such as allotments; Compare the amount of actual obligations and expenditures to the legally binding level of restrictions on budget authority identified for compliance testing (the apportionment or allotment level). If the entity does not appear to have complied with the provision, perform step 5. (31 U.S.C. 1517(a)). 5. If the entity does not appear to be in compliance based on the results of tests performed, discuss these matters with OGC and, when appropriate, the Special Investigator Unit to conclude if noncompliance actually has occurred and the implications of such noncompliance; For any noncompliance noted, the auditor should * identify the weakness in controls that allowed the noncompliance to occur, if not previously identified during control testing; * report the nature of any weakness in controls and consider modification of the opinion on internal control as appropriate (see FAM 580.32-.61); * consider the implications of any instances of noncompliance on the financial statements, and * report instances of noncompliance, as appropriate (see FAM 580.67-.75.). 6. Document conclusions on compliance with each provision on Form 803 - Compliance Summary. [End of table] Note 1: Entities are required to establish regulations that provide for a system of administrative controls over their execution of budget authority (31 U.S.C. 1514(a)). As discussed in FAM 250.03, the entity may elect to lower the level at which budget limitations are legally binding in these regulations. For example, the entity may elect to reduce the legally binding limit on the obligation and expenditure of budget funds from the apportionment to the allotment level. The auditor should determine the level at which the entity's legally binding limit has been established. Note 2: The auditor should consider the results of the evaluation and testing of budget controls. These controls relate to the execution of budget authority and usually are the same controls that are used to comply with the Antideficiency Act. Accordingly, additional consideration of controls that achieve the compliance objective generally is not necessary if the auditor has assessed whether the entity achieves all of the budget control objectives listed in FAM 395 F. The auditor should reference this compliance summary to the budget control evaluation and testing and perform any additional procedures considered necessary to conclude if compliance controls are effective. [End of section] 808 - FEDERAL CREDIT REFORM ACT OF 1990: Note: Complete this compliance summary or prepare equivalent documentation only if provisions of the Federal Credit Reform Act of 1990 (FCRA) are considered to be significant as indicated on Form 802 - General Compliance Checklist. OMB guidance on FCRA is included in OMB Circular A-11, part 5, Federal Credit Programs. [See PDF for image] [End of table] Note: Complete this program or prepare equivalent documentation only if provisions of the Federal Credit Reform Act (FCRA) are considered to be significant as indicated on Form 802 - General Compliance Checklist. The procedures in this program are designed to test compliance with the provisions listed on the Compliance Summary. OMB guidance on FCRA is included in OMB Circular A-11, part 5, Federal Credit Programs. Audit Procedures: 1. List the appropriations or other budget authority and the related budget accounts that were identified for compliance testing on Form 802 - General Compliance Checklist. 2. As discussed in FAM 460.03, the auditor needs assurance that the summarized budget information (obligations and expenditures) used for compliance tests is reasonably accurate and complete. This assurance may be provided through effective controls (usually the budget controls) or, if the controls are not effective, through substantive testing of budget amounts for validity, completeness, cutoff, recording, classification, and summarization as described in FAM 495 B. For the accounts listed in step 1, document whether this assurance is provided through effective controls (as indicated on Form 808 - Compliance Summary) or whether substantive tests of the budget information are necessary. If the controls are not considered to be effective in meeting some or all of the budget control objectives listed in FAM 395 F, plus the supplemental objectives for FCRA listed in FAM 395 F Sup, perform substantive tests of the budget amounts (obligations and expenditures) as discussed in FAM 495 B. These substantive tests should be performed only for those potential misstatements for which the entity does not have effective budget controls. After the auditor is satisfied as to the reasonableness of the budget amounts to be used for the compliance tests, perform the compliance tests in steps 3 and 4. 3. For each appropriation account or other budget authority listed in step 1, perform the following procedures that are applicable for direct and guaranteed loan programs that have a positive subsidy (i.e., cash outflows exceed cash inflows); (for direct and guaranteed loan programs that have a negative subsidy (i.e., cash inflows exceed cash outflows), perform step 4). (a) Compare the amount of obligations for direct loans to the amount of the available appropriation or other budget authority. (Note: This budget restriction is applicable only to obligations for direct loans made on or after October 1, 1991.). 3. (b) Compare the amount of obligations for modifications of direct loan obligations or outstanding direct loans to the amount of available budget authority. (Note: The sale of a direct loan is considered a modification. Discuss applicability of this budget restriction to direct loans and direct loan obligations that were outstanding prior to October 1, 1991, with OGC prior to performing compliance test.). 3. (c) Compare the amount of obligations for loan guarantee commitments to the amount of the available appropriation or other budget authority. (Note: This budget restriction is only applicable to obligations for loan guarantee commitments made on or after October 1, 1991.). 3. (d) Compare the amount of obligations for modifications of loan guarantee commitments or outstanding loan guarantees to the amount of available budget authority. (Note: Discuss applicability of this budget restriction to loan guarantees and loan guarantee commitments that were outstanding prior to October 1, 1991, with OGC prior to performing compliance test.) (2 U.S.C. 661c(b) and (e)). If the amounts of obligations in any of these comparisons exceed the available budget authority, the entity may not be in compliance. Perform step 5; 4. Direct and guaranteed loan programs that have a negative subsidy (cash inflows exceed cash outflows) do not receive an appropriation. However, such programs have a loan limit that cannot be exceeded, i.e., a maximum number of loans that can be made or guaranteed. For these programs, compare the total number and dollar volume of loans made to the loan limit in the applicable Presidents' Budget. Perform step 5. 5. If the entity does not appear to be in compliance based on the results of tests performed, discuss these matters with OGC and, when appropriate, the Special Investigator Unit to conclude if noncompliance actually has occurred and the implications of such noncompliance. For any noncompliance noted, the auditor should: * identify the weakness in controls that allowed the noncompliance to occur, if not previously identified during control testing; * report the nature of any weakness in controls and consider modification of the report on internal control as appropriate (see FAM 580.32-.61); *consider the implications of any instances of noncompliance on the financial statements; and * report instances of noncompliance, as appropriate (see FAM 580.67- .75). 6. Document conclusions on compliance with each provision on Form 808 - Compliance Summary. [End of table] Note 1: A direct loan is a disbursement of funds by the government to a non-federal borrower under a contract that requires the repayment of such funds with or without interest. The term also includes the purchase of, or participation in, a loan made by another lender. The term does not include the acquisition of a federally guaranteed loan in satisfaction of default claims or the price support loans of the Commodity Credit Corporation. (2 U.S.C. 661a(1)): Note 2: A direct loan obligation is a binding agreement by a federal agency to make a direct loan when specified conditions are fulfilled by the borrower. (2 U.S.C. 661a(2)): Note 3: A loan guarantee is any guarantee, insurance, or other pledge with respect to the payment of all or a part of the principal or interest on any debt obligation of a nonfederal borrower to a nonfederal lender, but does not include the insurance of deposits, shares, or other withdrawable accounts in financial institutions. (2 U.S.C. 661a(3)): Note 4: A loan guarantee commitment is a binding agreement by a federal agency to make a loan guarantee when specified conditions are fulfilled by the borrower, the lender, or any other party to the guarantee agreement. (2 U.S.C. 661a(4)): Note 5: Appropriations or other budget authority to cover the cost of budget obligations for direct loan obligations and loan guarantee commitments must be made in advance by Congress. For revolving or other funds that otherwise would be available for these budget obligations, Congress must enact a limit on the use of such funds for these purposes to make them available for use. (2 U.S.C. 661c(b)): Note 6: Costs are defined as the estimated long-term cost to the government of a direct loan or loan guarantee, calculated on a net present value basis, excluding administrative costs and any incidental effects on governmental receipts or outlays. These calculations are described in further detail under the valuation control objective for obligations in FAM 395 F. (2 U.S.C. 661a(5)): Note 7: There is an exemption from this requirement for entitlements (mandatory programs such as the guaranteed student loan program and the VA home loan guaranty program) and credit programs of the Commodity Credit Corporation existing on the date of enactment of the act (November 5, 1990). (2 U.S.C. 661c(c)): Note 8: Modifications are government actions that alter the estimated net present value of a direct loan or loan guarantee for which an obligation has been recorded, for example, the sale of a direct loan, per SFFAS No. 2, paragraph 53, or a policy change affecting the repayment period or interest rate for a group of existing loans. (Changes within the terms of existing contracts or through other existing authorities are not considered to be modifications. Also, "work outs" of individual loans, such as a change in the amount or timing of payments to be made, are not considered modifications.) The effects of these changes should be included in the annual reestimates of the estimated net present value of the obligations. Permanent indefinite authority is provided by FCRA for these reestimates. Note 9: Discuss applicability of this budget restriction to direct loans, direct loan obligations, loan guarantees, or loan guarantee commitments that were outstanding prior to October 1, 1991, with OGC prior to performing control or compliance tests. Note 10: The auditor should consider the results of the evaluation and testing of budget controls and testing of the Statement of Budgetary Resources. These controls relate to the execution of budget authority and usually are the same controls that are used to comply with the Antideficiency Act and the Federal Credit Reform Act. Accordingly, additional consideration of controls that achieve the compliance objective generally is not necessary if the auditor has assessed whether the entity achieves all of the budget control objectives listed in FAM 395 F, including the supplemental control objectives for the Federal Credit Reform Act. The auditor should reference to the budget control evaluation and testing and perform any additional procedures considered necessary to conclude if compliance controls are effective. [End of section] 809 - PROVISIONS GOVERNING CLAIMS OF THE U.S. GOVERNMENT (31 U.S.C. 3711-3720) (INCLUDING THE DEBT COLLECTION IMPROVMENT ACT OF 1996 (DCIA)): Note: Complete this compliance summary or prepare equivalent documentation only if provisions governing claims of the U.S. government, as provided primarily in sections 3711-3720E of Title 31, U.S. Code (including provisions of the Debt Collection Improvement Act of 1996), are considered significant, as indicated on Form 802 - General Compliance Checklist. OMB Guidance on FCRA is included in OMB Circular A-11, part 5, Federal Credit Programs: [See PDF for image] [End of table] Note: Complete this program or prepare equivalent documentation only if provisions governing claims of the United States government as provided primarily in sections 3711-3720E of Title 31, U.S. Code (including provisions of the Debt Collection Act of 1996) are considered significant, as indicated on Form 802 - General Compliance Checklist. The procedures in this program are designed to test compliance with the provisions listed on the Compliance Summary. OMB Guidance on FCRA is included in OMB Circular A-11, part 5, Federal Credit Programs: Audit Procedures: 1. Based on the preliminary assessment of compliance control effectiveness (as documented on Form 809 - Compliance Summary), select a sample of amounts owed to the entity during or at the end of the audit period. (The sample size will vary based on the expected effectiveness of compliance controls, as discussed in FAM 460.02). Document the sampling approach using the documentation in FAM section 495 E. See note 8 regarding sampling efficiencies and completeness of the sample population. 2. For each item selected in step 1 obtain the loan file or other supporting documentation and note the following information as of the date selected for testing: * due date of debt; * amount owed; * date the notice of the amount due and the interest policies is first mailed to the debtor; * amount of interest accrued and other administrative charges and penalties charged, if any; and * number of days the debt is past due, if any; Perform step 3 if the debt is past due; Perform step 4 if the debt is not past due. 3. If the amount selected is past due: (a) Calculate the number of days that interest should be accrued on the debt as of the date selected for testing. Interest generally accrues from the date that the notice of the amount due is first mailed to the debtor. (See note 1.) Compare the auditor's calculation with the calculation performed by the entity and obtain explanation and examine support for any differences. (31 U.S.C. 3717(b)). 3. (b) Determine the interest rate that should be used to accrue interest on the debt. The rate is published in the Federal Register and should be the rate that was in effect on the date that the notice of the amount due is first mailed to the debtor. (The web site for the Federal Register is: http://www.access.gpo.gov/su_docs/aces/ aces140.html.) Compare the auditor's determination of the rate to the rate used by the entity and obtain explanation and examine support for any differences. (31 U.S.C. 3717(a) and (c)). 3. (c) Calculate the amount of interest that should be owed as of the date selected for testing using the number of days tested in (a) and the interest rate tested in (b). Compare the auditor's calculation to the amount calculated by the entity and obtain explanation and examine support for any differences. See notes 2 and 3 regarding the waiver of interest. 3. (d) Obtain the entity's schedule of administrative charges and late payment penalties and determine if the appropriate amounts were charged to the debtor. See note 3 regarding the waiver of these charges. (31 U.S.C. 3717(e) and (f)). 4. If the debt is not past due, determine through examination of the entity's records whether (a) interest, administrative charges, or penalties are not being charged; and (b) the debtor had no outstanding nontax delinquent federal debt at the time the loan was obtained. (31 U.S.C. 3720 B). 5. The objectives listed below relate to procedural-based provisions. As discussed in FAM 460.06, sufficient procedures usually are performed in conjunction with tests of compliance controls for these procedural- based provisions to conclude on the entity's compliance without performing additional procedures. Additional procedures should not be performed to obtain evidence regarding compliance with the provisions related to the following objectives unless sufficient evidence regarding compliance was not obtained during compliance control tests documented on Form 809 - Compliance Summary; (a) Claims of more than $100,000 (excluding interest, penalties, and administrative costs) are referred to the Justice Department for compromise, termination, or suspension. See note 4. (31 U.S.C. 3711 ); (b) Claims delinquent for a period of 180 days have been referred to Treasury for collection. See notes 5, 6, and 7. (31 U.S.C. 3711 (g)). 6. If the entity does not appear to be in compliance based on the results of tests performed, discuss these matters with OGC and, when appropriate, the Special Investigator Unit to conclude if noncompliance actually has occurred and the implications of such noncompliance; For any noncompliance noted, the auditor should *identify the weakness in compliance controls that allowed the noncompliance to occur, if not previously identified during compliance control testing * report the nature of any weakness in compliance controls and consider modification of the conclusion on internal control as appropriate (see FAM 580.32-.61) * consider the implications of any instances of noncompliance on the financial statements; and * report instances of noncompliance, as appropriate (see FAM 580.67- .75). 7. Document conclusions on compliance with each provision on Form 809 - Compliance Summary. [End of table] Note 1: Claims are amounts owed to the government, including amounts owed for loans insured or guaranteed by the government. The term "claim" is used interchangeably with the term "debt" in this law. (31 U.S.C. 3701(b)) Interest normally accrues from the date that notice of the debt and the agency's interest policies is first mailed to the debtor. If the agency sends a bill to the debtor in advance of the due date and that bill states the interest policies, interest would accrue from the due date specified in the bill. The provisions regarding accrual of interest and other charges do not apply to the extent that a statute, related regulation, loan agreement, or contract provides otherwise, or if a claim is under a contract executed before October 25, 1982, that is in effect on October 25, 1982. (31 U.S.C. 3717(g)) Accrual of interest and penalties under this law does not apply to amounts owed by other agencies of the federal government, a state government or a unit of general local government or to amounts payable to the entity under the Internal Revenue Code, the Social Security Act, or tariff laws. (31 U.S.C. 3701 (c) and (d)) This law, however, does not preclude the charging of interest to state and local governments under authority provided under other laws. Note 2: The entity shall waive the collection of interest on a claim (or any portion of the claim) that is paid within 30 days after the date on which interest began to accrue. The agency may extend this 30-day period. (31 U.S.C. 3717(d)) Interest that is either accrued or collected on claims that are paid within the 30-day period would usually not be material or otherwise significant for purposes of compliance testing. If the auditor considers this provision to be significant for compliance testing, this form should be tailored to include the appropriate testing procedures. Note 3: The entity has the authority to waive the collection of interest, penalties, and administrative charges. The entity should follow its own regulations when determining whether a waiver is appropriate. Such regulations should be in conformity with the standards set jointly by the Comptroller General, the Attorney General, and the Secretary of the Treasury described in 31 CFR 901.9. (31 U.S.C. 3717(h)): The entity may increase an administrative claim (debt not based on an extension of government credit through direct loans, guarantees, or insurance, including fines, penalties, and overpayments) annually by the cost of living adjustment in lieu of charging interest and penalties. (31 U.S.C. 3717(i)): Note 4: Compromise is the term used when an amount less than the total amount of the claim is accepted by the entity as payment in full. Suspension refers to the temporary deferral of collection activities until collection activity is expected to be more successful. Termination refers to stopping of collection activities. Only the Justice Department has the authority to compromise, terminate, or suspend collection on claims that are greater than $100,000 (excluding interest, penalties, and administrative charges). Pursuant to 31 CFR Parts 902.1 and 903.1, entities generally should use a Claims Collection Litigation Report (CCLR) to refer such matters to the Justice Department. Note 5: Exceptions to the requirement to transfer nontax debt delinquent for a period of 180 days to Treasury for collection are: (a)a debt or claim that: (1)is in litigation or foreclosure; (2)will be disposed of under an asset sales program within 1 year after becoming eligible for sale, or later than 1 year if consistent with an asset sales program and a schedule established by the entity and approved by OMB; (3)has been referred to a private collection contractor for collection for a period determined by Treasury; (4)has been referred by, or with the consent of, Treasury to a debt collection center for a period determined by Treasury; or: (5)will be collected under internal offset, if such offset is sufficient to collect the claim within 3 years after the date the debt or claim is first delinquent; and: (b) to any other specific class of debt or claim, as determined by Treasury at the request of an entity. (31 U.S.C. 3711(g)(2)) Examples include: (1) debts in bankruptcy meeting the criteria for an automatic stay (11 U.S.C. 362), (2) foreign debt considered uncollectable by Treasury due to foreign diplomacy considerations and affairs of state, (3) debts in forbearance or appeals. Note 6: Exceptions to the requirement to notify Treasury of nontax debt delinquent over 180 days for administrative offset are a claim that has been outstanding for more than 10 years or when a statute explicitly prohibits using administrative offset or setoff to collect the type of claim involved. (31 U.S.C. 3716(e)) Also, this section does not prohibit the use of any other administrative offset authority existing. (31 U.S.C. 3716 (d)): Prior to referring debts to Treasury, an agency shall inform the debtor of the amount and nature of the debt (such as overpayment, etc.), and actions which may be taken to enforce recovery of a delinquent debt. These include: (a) offset of any payments which the debtor is due, including tax refunds, and salary; (b) referral of the debt to a private collection agency; (c) referral of the debt to the Department of Justice or agency counsel for litigation; (d) reporting of the debt to a credit bureau; (e) reporting of the debt, if discharged, to IRS as a potential taxable income. In the future, the agency also will need to inform the debtor that the debt may be subject to administrative wage garnishment, his/her identity may be published or publicly disseminated, and/or the debt may be sold. The notice must tell the debtor that he/she has the opportunity: (a) to inspect and copy records relating to the debt, (b) for a review by the agency; and: (c) to enter into a written repayment agreement. Note 7: Before an entity refers past-due debt to Treasury for reduction of tax refund, it must: (a) notify the person incurring such debt that the entity proposes to refer to Treasury for tax refund offset, (b) give such person at least 60 days to present evidence that all or part of the debt is not past due or not legally enforceable, (c) consider any evidence presented by such person and determine that an amount of such debt is past due and legally enforceable, (d) satisfy such other conditions Treasury may prescribe to ensure the above determination is valid and that the entity has made reasonable efforts to obtain payment, and: (e) certify that reasonable efforts have been made by the entity to obtain payment. (31 U.S.C. 3720A (b)): Treasury issues regulations prescribing the times at which entities shall submit notices of past-due legally enforceable debts, the manner of submitting them, and the information to be contained in them. The regulations also specify the minimum amount of debt that may be referred for tax refund offset and the fee the entity shall pay to reimburse Treasury for its costs. Note 8: If multipurpose testing is used for the compliance test and/or compliance control test and/or a substantive test of accounts or loans receivable details, the sample items for the compliance test and/or compliance control test should be selected using the sampling method used for the substantive test as described in FAM 430. Otherwise, the items should be selected using attribute sampling as discussed in FAM 460.02. As with all sampling applications, the auditor should consider the completeness of the test population. For efficiency, the auditor should consider using records that were tested for validity, accuracy, and completeness (as well as the other financial statement assertions) in conjunction with substantive tests of the population. [End of section] 810 - PROMPT PAYMENT ACT: Note: Complete this compliance summary or prepare equivalent documentation only if provisions of the Prompt Payment Act are considered to be significant as indicated on Form 802 - General Compliance Checklist. OMB guidance on the Prompt Payment Act is included in 5 CFR Part 1315. [See PDF for image] [End of table] Note: Complete this program or prepare equivalent documentation only if provisions of the Prompt Payment Act are considered to be significant as indicated on Form 802 - General Compliance Checklist. The procedures in this program are designed to test compliance with the provisions listed on the Compliance Summary. OMB Guidance on the Prompt Payment Act is included in 5 CFR Part 1315. Audit Procedures: 1. Based on the preliminary assessment of compliance control effectiveness (as documented on Form 810 - Compliance Summary), select a sample of payments from throughout the audit period. (The sample size will vary based on the expected effectiveness of compliance controls as discussed in FAM 460.02.) Document the sampling approach using the documentation in FAM section 495 E. See note 6 regarding sampling efficiencies and completeness of the population; 2. For each item selected in step 1, obtain the supporting documentation for the payment such as the invoice voucher package; (a) Document the following items in the documentation: * invoice number; * payee; * invoice amount; * invoice date; * invoice receipt date (or other date used for determining compliance with this law - see step 2 (b)); * payment date; * amount of interest penalty paid, if any; * amount of discount taken, if any; and appropriation account(s) charged for the expenditure and interest penalty, if any. 2. (b) For each item selected, note whether the payment was made by the required due date. The required due date may be the date specified in the contract or, if a date is not specified, 30 days after receipt of the invoice (31 U.S.C. 3903(a)(1)(A) and (B)). If payment is for meat or meat food products, perishable agricultural products, dairy products or construction contracts, consult with OGC to determine payment due date. Specific payment due dates to avoid interest penalties are established by law for these items. (31 U.S.C. 3903(a)(2), (3), (4), and (6)); The invoice receipt date is the later of (1) the date the entity's designated representative or office actually receives a proper invoice or (2) the 7th day after the date on which, in accordance with the terms and conditions of the contract, the property is actually delivered or performance of the services is actually completed (unless the entity accepted the property or services before the 7th day or a longer acceptance period is specified in the contract). If the date of actual invoice receipt is not indicated, the entity must use the invoice date. (31 U.S.C. 3901(a)(4)(A) and (B)); If the payment was made prior to the payment due date, perform step 3; If the payment was made after the payment due date, perform step 4; If a discount was taken, perform step 5. 3. If the payment was made prior to the payment due date, and no discount was taken, determine that no interest penalty was paid; (Note: If the entity did not take advantage of a discount for which it was eligible or if an interest penalty was paid when it was not owed, the auditor generally should determine the cause of these items for purposes of reporting findings.). 4. If the payment was made after the payment due date, determine whether; (a) an interest penalty was paid; (b) the amount of the interest penalty was properly calculated; and (c) the interest penalty was paid out of the appropriation used to pay the related expenditures; Review the accounting codes indicated on the expense voucher. Determine whether the accounting codes used to record the interest penalty are the same as those used for the related expenditure and whether the codes and amounts agree with those recorded in the budgetary accounting records. (See step 6 regarding proper summarization of amounts.) (31 U.S.C. 3902 (a), (b), and (f)); Investigate any differences between the amount of interest penalty calculated by the auditor and the amount paid by the entity, including any instances when an interest penalty was owed but not paid. See note 5. Investigate any instances when the proper appropriation account was not charged; See note 2 regarding the interest rate to be used. See notes 3 and 4 regarding the period the penalty should cover. 5. If a discount was taken, determine whether it was taken during the specified period the discount was available. If the discount was taken during the specified period, further consideration is not necessary; If any discounts are taken after the appropriate time period, determine whether; (a) an interest penalty was paid,; (b) the amount of the interest penalty was properly calculated, and (c) the interest penalty was charged against the appropriation used for the related expenditures; Review the budget accounting codes indicated on the expense voucher. Determine whether the budget accounting codes indicated on the voucher for the interest penalty are the same as those used for the related expenditure. Determine whether the codes and amounts on the voucher agree with those recorded in the budgetary accounting records. (See step 6 regarding proper summarization of the budgetary amounts.) (31 U.S.C. 3902 (a), (b), and (f), and 31 U.S.C. 3904); Interest penalties should be calculated on the amount of the discount. The penalty accrues on the amount of the discount from the last date specified that the discounted amount may be paid (31 U.S.C. 3904). See note 2 regarding the interest rate to be used to calculate the interest penalty; Investigate any differences between the amount of interest penalty calculated by the auditor and the amount paid by the entity, including any instances when an interest penalty was owed but not paid. Investigate any instances when the proper appropriation account was not charged. 6. Consider the procedures performed on the entity's budget controls over summarization of expenditure balances as discussed in FAM 395 F; If the auditor has assessed the entity's controls as effective in achieving the control objective of summarization of expenditure balances, further procedures are not necessary to obtain assurance as to whether interest penalties are paid out of the proper appropriation account; If the auditor has assessed the controls as ineffective, the auditor should perform procedures to determine if the entity has properly summarized the expenditure balances as described in FAM 495 B. 7. If the entity does not appear to be in compliance based on the results of tests performed, discuss these matters with OGC and, when appropriate, the Special Investigator Unit to conclude if noncompliance actually has occurred and the implications of such noncompliance; For any noncompliance noted, the auditor should: * identify the weakness in compliance controls that allowed the noncompliance to occur, if not previously identified during compliance control testing; * report the nature of any weakness in compliance controls and consider modification of the opinion on internal control as appropriate (see FAM 580.32-.61); * consider the implications of any instances of noncompliance on the financial statements; and * report instances of noncompliance, as appropriate (see FAM 580.67-.75). 8. Document conclusions on compliance with each provision on Form 810 - Compliance Summary. [End of table] Note 1: The required due date is generally the date specified in the contract or, if a date is not specified, 30 days after receipt of the invoice (31 U.S.C. 3903(a)(1)(A) and (B)) If payment is for meat or meat food products, perishable agricultural products, dairy products or construction contracts, consult with OGC to determine payment due date. Specific payment due dates to avoid interest penalties are established by law for these items. (31 U.S.C. 3903(a)(2), (3), (4), and (6)): The invoice receipt date is established as the later of (1) the date the entity's designated representative or office actually receives a proper invoice or (2) the 7th day after the date on which, in accordance with the terms and conditions of the contract, the property is actually delivered or performance of the services is actually completed, unless the entity accepted the property or services before the 7th day or a longer acceptance date is specified in the contract. If the date of actual invoice receipt is not indicated, the entity must use the invoice date. (31 U.S.C. 3901(a)(4)(A) and (B)): Note 2: Interest shall be calculated at the rate set by the Secretary of the Treasury under section 12 of the Contract Disputes Act of 1978 (41 U.S.C. 611) that is in effect at the time the entity accrues the obligation to pay a late payment interest penalty. The rates are published in the Federal Register. (31 U.S.C. 3902(a)): Note 3: The interest penalty shall be paid for the period beginning on the day after the required payment date and ending on the date on which payment is made. (31 U.S.C. 3902(b)): An interest penalty not paid after any 30-day period shall be added to the principal amount of the debt, and a penalty accrues thereafter on the combined amount of principal and interest. (31 U.S.C. 3902(e)): Note 4: A payment is deemed to be made on the date a check for payment is dated or an electronic transfer is made. (31 U.S.C. 3901 (a)(5)): Note 5: The temporary unavailability of funds to make a timely payment due for property or services does not relieve the entity head of the obligation to pay interest penalties under this law. (31 U.S.C. 3902 (d)): Note 6: If multipurpose testing is used for the compliance test and/or compliance control test and/or a substantive test of payments details, the sample items for the compliance test and/or compliance control test should be selected using the sampling method used for the substantive test as described in FAM 430. Otherwise, the items should be selected using attribute sampling as discussed in FAM 460.02. As with all sampling applications, the auditor should consider the completeness of the test population. For efficiency, the auditor should consider using records that were tested for validity, accuracy, and completeness (as well as the other financial statement assertions) in conjunction with substantive tests of the population. [End of section] 812 - PAY AND ALLOWANCE SYSTEM FOR CIVILIAN EMPLOYEES, AS PROVIDED PRIMARILY IN CHAPTERS 51-59 OF TITLE 5, U.S. CODE: Note: Complete this compliance summary or prepare equivalent documentation only if provisions of the Pay and Allowance System for Civilian Employees, as provided primarily in Chapters 51-59 of Title 5, U.S. Code, are considered to be significant as indicated on Form 802 - General Compliance Checklist. [See PDF for image] [End of table] Note: Complete this program or prepare equivalent documentation only if provisions of the Pay and Allowance System for Civilian Employees, as provided primarily in Chapters 51-59 of Title 5, U.S. Code, are considered to be significant as indicated on Form 802 - General Compliance Checklist. The procedures in this program are designed to test compliance with the provisions listed on the Compliance Summary. Audit Procedures: Note: These tests are closely related to procedures performed for substantive tests of payroll expense details. Use of multipurpose testing in this situation is strongly encouraged. 1. Based on the preliminary assessment of compliance control effectiveness (as documented on Form 812 - Compliance Summary), select an appropriate sample of disbursements from the payroll records throughout the audit period. (The sample size will vary based on the expected effectiveness of compliance controls as discussed in FAM 460.02). Document the sampling approach using the documentation in FAM section 495 E. See note 2 regarding sampling efficiencies and completeness of the population. 2. For each item selected in 1, note the following information: * employee name; * pay period (number and dates); * amount of gross pay for the period; * pay rate; * total hours worked; and number of hours worked at regular pay and other pay (i.e., overtime, premium pay, etc.). 3. For each item selected in 1, obtain the employee's personnel file and note the following in effect for the pay period selected: the employee's grade and step and the employee's pay rate. 4. For each item selected in 1, (a) Calculate the amount of gross pay using the hours worked and the employee's pay rate indicated on the payroll records. Compare the amount of gross pay calculated by the auditor to the amount shown on the payroll records for the selected pay period and obtain explanation and examine support for any differences. Note: To convert basic annual amount to a daily, weekly or biweekly amount, divide the annual rate by 2,087 for an hourly rate. Multiply the hourly rate by number of either daily hours, 40 for weekly, or 80 for biweekly amounts. (5 U.S.C. 5504) 4. (b) Compare the employee's pay rate in the payroll records to the appropriate pay rate for the employee's approved grade and step on the pay schedules established by executive order. (Use the approved grade and step indicated in the employee's personnel records for this test.) Obtain explanation and examine support for any differences between the actual pay rate for the period selected and the authorized amounts. (5 U.S.C. 5332, 5343, and 5383); If the employee's pay is not set by these pay schedules, determine whether the amount paid is properly authorized and whether the pay rate is at least minimum wage. (29 U.S.C. 206) 5. If the entity does not appear to be in compliance based on the results of tests performed, discuss these matters with OGC and, when appropriate, the Special Investigator Unit to conclude if noncompliance actually has occurred and the implications of such noncompliance.; For any noncompliance noted, the auditor should; identify the weakness in compliance controls that allowed the noncompliance to occur, if not previously identified during compliance control testing; * report the nature of any weakness in compliance controls and consider modification of the opinion on internal control as appropriate (see FAM 580.32-.61); * consider the implications of any instances of noncompliance on the financial statements; and * report instances of noncompliance, as appropriate (see FAM 580.67- .75) 6. Document conclusions on compliance with each provision on Form 812 - Compliance Summary. [End of table] Note 1: To convert basic annual amount to a daily, weekly, or biweekly amount, divide the annual rate by 2,087 for an hourly rate. Multiply the hourly rate by number of either daily hours, 40 for weekly, or 80 for biweekly amounts. (5 U.S.C. 5504): Note 2: If multipurpose testing is used for the compliance test and/or compliance control test and a substantive test of payroll expense details, the sample items for the compliance test and/or compliance control test should be selected using the sampling method used for the substantive test. Otherwise, the items should be selected using attribute sampling, as discussed in FAM 460.02. As with all sampling applications, the auditor should consider the completeness of the population. For efficiency, the auditor should consider using records that were tested for validity and completeness (as well as the other financial statement assertions) in conjunction with substantive tests of payroll or other payroll related compliance tests. Note 3: If the entity outsources payroll processing, the entity remains responsible for compliance. Dividing responsibility for payroll processing activities between the entity and the service organization could make payroll testing more complicated, although the same testing should be performed. The auditor may accomplish that testing with the assistance of the service organization's auditor, who may issue an internal control report on the service organization under AU 324 (SAS 70). Or the service organization's auditor may assist the entity auditor by performing agreed-upon procedures at the service organization (e.g., substantive testing) under AT 201 (see FAM 660). [End of section] 813 - CIVIL SERVICE RETIREMENT ACT: Note: Complete this compliance summary or prepare equivalent documentation only if provisions of the Civil Service Retirement Act are considered to be significant as indicated on Form 802 - General Compliance Checklist. [See PDF for table] [End of table] Note: Complete this program or prepare equivalent documentation only if provisions of the Civil Service Retirement Act are considered to be significant as indicated on Form 802 - General Compliance Checklist. The procedures in this program are designed to test compliance with the provisions listed on the Compliance Summary. Audit Procedures: 1. Based on the preliminary assessment of compliance control effectiveness (as documented on Form 813 - Compliance Summary), select a sample of expense amounts for individuals' gross pay from the payroll disbursement records for the audit period for employees covered by the Civil Service Retirement Act system (CSRS). (See note 1.); (The sample size will vary based on the expected effectiveness of compliance controls, as discussed in FAM 460.02). Document the sampling approach using the documentation in FAM section 495 E. See note 3 regarding sampling efficiencies and completeness of the population; These tests should be coordinated with other tests of payroll-related expenses and with the agreed-upon procedures agency auditors perform for the Office of Personnel Management (OPM), per OMB audit guidance, if performed; 2. For each selection made in 1, document the following for the pay period selected: * the amount withheld for the cost of retirement benefits; * the amount of basic pay; and * if indicated in the payroll disbursement records, document the retirement plan under which the withholdings were made (CSRS or FERS). (Only employees covered by CSRS should be included in this compliance test. See FAM 817 for the FERS compliance test.). 3. For each item selected in 1, obtain the employee's personnel file and note the following: * employee hire date, * amount of basic pay, and *the retirement plan under which the employee is covered. 4. For each selection made in 1, (a) Compare the amount of basic pay indicated in the employee's personnel file with the amount indicated in the payroll records and obtain an explanation and examine support for any differences. (This procedure would be performed only if not already performed as part of other testing.). (b) Calculate the amount of the withholdings for retirement costs based on 7 percent of basic pay for executive branch employees (see note 2 for percentages for other employees) for the selected pay period and document the amount in the documentation. Compare to the actual amount withheld for the selected pay period and obtain an explanation and examine support for any differences. (5 U.S.C. 8334(a)(1)). (c) Determine whether the entity contributed an equal amount for the employee's retirement for the selected pay period. Obtain explanation and examine support for any differences between the employee and entity contributions. (5 U.S.C. 8334(a)(1)). 5. Determine whether amounts contributed by the entity are charged to the appropriation or fund used to pay the employee for the selected pay period by performing the following procedures: (a) Review the accounting codes indicated on the supporting documentation; (b) Determine whether the accounting codes used to record the entity contribution are the same as those used for the related payroll expenditure and whether the codes and amounts agree with those recorded in the budgetary accounting records. (This step assumes other payroll testing would have included checking that the codes represent the proper appropriation.). (c) Consider the procedures performed on the entity's budget controls over summarization of expenditure balances as discussed in FAM 395 F; If the auditor has assessed the entity's controls as effective in achieving the control objective of summarization of expenditure balances, further procedures are not necessary to obtain assurance as to whether the entity's contributions are paid out of the proper appropriation account; If the auditor has assessed the controls as ineffective, the auditor should perform procedures to determine whether the entity has properly summarized the expenditure balances as described in FAM 495 B. (5 U.S.C. 8334 (a)(1)). 6. Determine whether the entity has effective controls over the proper summarization of (a) the amounts withheld from employees for retirement costs under this law and (b) the entity contributions for remittance to Treasury. If the entity does not have effective controls for summarization, test the summarization of the totals that include the items selected for testing in step 1. 7. Compare the combined totals of employee withholdings and entity contributions that include each selection made in step 1 to the deposit made to Treasury and the remittance sent to OPM and obtain an explanation and examine support for any differences. The funds should be deposited in the Treasury to the credit of the Civil Service Retirement and Disability Fund. (5 U.S.C. 8334(a)(2)).[Empty]. [Empty]. 8. If the entity does not appear to be in compliance based on the results of tests performed, discuss these matters with OGC and, when appropriate, the Special Investigator Unit to conclude if noncompliance actually has occurred and the implications of such noncompliance; For any noncompliance noted, the auditor should; * identify the weakness in compliance controls that allowed the noncompliance to occur, if not previously identified during compliance control testing; * report the nature of any weakness in compliance controls and consider modification of the opinion on internal control as appropriate (see FAM 580.32-.61); * consider the implications of any instances of noncompliance on the financial statements; and * report instances of noncompliance, as appropriate (see FAM 580.67-.75). 9. Document conclusions on compliance with each provision on Form 813 - Compliance Summary. [End of table] Note 1: Employees may be covered by the Civil Service Retirement Act (CSRS) or the Federal Employees' Retirement System Act (FERS), generally depending on their employment date. Note 2: The percentage to be withheld for the service period after December 31, 2000, for (1) executive branch employees is 7 percent and (2) Congressional employees is 7.5 percent. The percentage to be withheld for the service period between January 1, 2001 and December 31, 2002, for Members of Congress is 8.5 percent. The percentage withheld for service after December 31, 2002, for Members of Congress is 8 percent. (5 U.S.C. 8334(a)(1)): Note 3: If multipurpose testing is used for the compliance test and/or compliance control test and a substantive test of payroll expense details, the sample items for the compliance test and/or compliance control test should be selected using the sampling method used for the substantive test. Otherwise, the items should be selected using attribute sampling, as discussed in FAM 460.02. As with all sampling applications, the auditor should consider the completeness of the population. For efficiency, the auditor should consider using records that were tested for validity and completeness (as well as the other financial statement assertions) in conjunction with substantive tests of payroll or other payroll related compliance tests. Note 4: If the entity outsources payroll processing, the entity remains responsible for compliance. Dividing responsibility for payroll processing activities between the entity and the service organization could make payroll testing more complicated, although the same testing should be performed. The auditor may accomplish that testing with the assistance of the service organization's auditor, who may issue an internal control report on the service organization under AU 324 (SAS 70). Or the service organization's auditor may assist the entity auditor by performing agreed-upon procedures at the service organization (e.g., substantive testing) under AT 201 (see FAM 660). [End of section] 814 - FEDERAL EMPLOYEES HEALTH BENEFITS ACT: Note: Complete this compliance summary or prepare equivalent documentation only if provisions of the Federal Employees Health Benefits Act are considered to be significant as indicated on Form 802 - General Compliance Checklist. [See PDF for image] [End of table] Note: Complete this program or prepare equivalent documentation only if provisions of the Federal Employees Health Benefits Act are considered to be significant as indicated on Form 802 - General Compliance Checklist. The procedures in this program are designed to test compliance with the provisions listed on the Compliance Summary. Audit Procedures: 1. Based on the preliminary assessment of compliance control effectiveness (as documented on Form 814 - Compliance Summary), select a sample of expense amounts for individuals' gross pay from the payroll disbursement records for the audit period; (The sample size will vary based on the expected effectiveness of compliance controls, as discussed in FAM 460.02). Document the sampling approach using the documentation in FAM section 495 E. See note 2 regarding sampling efficiencies and completeness of the population. These tests should be coordinated with other tests of payroll-related expenses and with the agreed-upon procedures agency auditors perform for OPM, per OMB audit guidance, if performed. 2. For each selection made in step 1, document the employee, the pay period selected, and the amount withheld for the pay period selected, if any, for the cost of health insurance. If available, document the health plan enrollment code. 3. For each selection made in step 1, obtain the employee's personnel file and note whether the employee elected health insurance coverage for the period to which payroll disbursement relates. Such coverage should be indicated on OPM form SF 2809; If the employee did not elect health insurance coverage, ask why amounts are being withheld for the cost of insurance and determine whether any entity contributions are being made inappropriately as well. 4. If the employee identified in step 3 elected coverage, perform the following steps: (a) Obtain the schedule of health insurance costs for all plans published by OPM. Using the enrollment code for the plan selected by the employee on OPM form SF 2809, calculate the employee's portion of the health insurance cost and record it in the documentation. Compare it to the amount actually withheld for the selected pay period and obtain an explanation and examine support for any differences. (5 U.S.C. 8906(d)); (b) For each employee in (a), determine the appropriate amount of the entity's contribution for its share of health insurance costs by using the OPM schedule of costs. Compare it to the amount actually contributed by the entity for the employee's health insurance for the selected pay period and obtain an explanation and examine support for any differences. (See note 1 for part-time career employees.) (5 U.S.C. 8906(b)(1)); (c) For each employee in (b), determine if amounts contributed by the entity are charged to the appropriation or fund that is used to pay the employee for the selected pay period by performing the following procedures: (1) Review the accounting codes indicated on the supporting documentation; (2) Determine whether the accounting codes used to record the entity contribution are the same as those used for the related payroll expenditure and whether the codes and amounts agree with those recorded in the budgetary accounting records. (This step assumes other payroll testing would have included checking that the codes represent the proper appropriation.); (c) (3) Consider the procedures performed on the entity's budget controls over summarization of expenditure balances as discussed in FAM 395 F; If the auditor has assessed the entity's controls as effective in achieving the control objective of summarization of expenditure balances, further procedures are not necessary to obtain assurance as to whether the entity's contributions are paid out of the proper appropriation account; If the auditor has assessed the controls as ineffective, the auditor should perform procedures to determine whether the entity has properly summarized the expenditure balances as described in FAM 495 B. (5 U.S.C. 8906(f)). 5. Determine whether the entity has effective controls over the proper summarization of the amounts withheld from employees for health insurance costs under this law and the entity contributions for remittance to Treasury. If the entity does not have effective controls for summarization, test the summarization of the totals that include the items selected for testing in step 1.; 6. Compare the total cost of health insurance on the entity's records (employee and employer portions) for the selected pay period to the deposit made to Treasury and the documentation sent to OPM and obtain an explanation and examine support for any differences. The funds should be deposited in the Treasury to the credit of the Employees Health Benefits Fund. (5 U.S.C. 8909); 7. If the entity does not appear to be in compliance based on the results of tests performed, discuss these matters with OGC and, when appropriate, the Special Investigator Unit to conclude if noncompliance actually has occurred and the implications of such noncompliance; For any noncompliance noted, the auditor should * identify the weakness in compliance controls that allowed the noncompliance to occur, if not previously identified during compliance control testing; * report the nature of any weakness in compliance controls and consider modification of the opinion on internal control as appropriate (see FAM 580.32-.61); * consider the implications of any instances of noncompliance on the financial statements; and * report instances of noncompliance, as appropriate (see FAM 580.67- .75). 8. Document conclusions on compliance with each provision on Form 814 - Compliance Summary.; [End of table] Note 1: For part-time career employees, the biweekly entity contribution shall be calculated on a prorata basis based on the ratio of number of scheduled part-time hours to the number of scheduled regular hours for an employee serving in a comparable position on a full-time basis. (5 U.S.C. 8906(b)(3)): Note 2: If multipurpose testing is used for the compliance test and/or compliance control test and a substantive test of payroll expense details, the sample items for the compliance test and/or compliance control test should be selected using the sampling method used for the substantive test. Otherwise, the items should be selected using attribute sampling, as discussed in FAM 460.02. As with all sampling applications, the auditor should consider the completeness of the test population. For efficiency, the auditor should consider using records that were tested for validity and completeness (as well as the other financial statement assertions) in conjunction with substantive tests of payroll or other payroll related compliance tests. Note 3: If the entity outsources payroll processing, the entity remains responsible for compliance. Dividing responsibility for payroll processing activities between the entity and the service organization could make payroll testing more complicated, although the same testing should be performed. The auditor may accomplish that testing with the assistance of the service organization's auditor, who may issue an internal control report on the service organization under AU 324 (SAS 70). Or the service organization's auditor may assist the entity auditor by performing agreed-upon procedures at the service organization (e.g., substantive testing) under AT 201 (see FAM 660). [End of section] 816 - FEDERAL EMPLOYEES COMPENSATION ACT: Note: Complete this compliance summary or prepare equivalent documentation only if provisions of the Federal Employees' Compensation Act are considered to be significant as indicated on Form 802 - General Compliance Checklist. [See PDF for figure] [End of table] Note: Complete this program or prepare equivalent documentation only if provisions of the Federal Employees' Compensation Act are considered to be significant as indicated on Form 802 - General Compliance Checklist. The procedures in this program are designed to test compliance with the provisions listed on the Compliance Summary for this law. Audit Procedures: Note: The provisions identified for testing are procedural-based provisions. As discussed in FAM 460.06, sufficient procedures usually are performed in conjunction with tests of compliance controls for these procedural-based provisions to conclude on the entity's compliance without performing additional procedures. Additional procedures should not be performed to obtain evidence regarding compliance with the provisions related to the following objectives unless sufficient evidence regarding compliance was not obtained during compliance control tests documented on Form 816 - Compliance Summary. 1. Reference to conclusions on compliance controls on Form 816 - Compliance Summary and indicate whether any additional procedures are necessary. 2. If the entity does not appear to be in compliance based on the results of tests performed, discuss these matters with OGC and, when appropriate, the Special Investigator Unit to conclude if noncompliance actually has occurred and the implications of such noncompliance; For any noncompliance noted, the auditor should; * identify the weakness in compliance controls that allowed the noncompliance to occur, if not previously identified during compliance control testing; * report the nature of any weakness in compliance controls and consider modification of the opinion on internal control as appropriate (see FAM 580.32-.61); * consider the implications of any instances of noncompliance on the financial statements; and report instances of noncompliance, as appropriate (see FAM 580.67-.75). 3. Document conclusions on compliance with each provision on Form 816 - Compliance Summary. [End of table] Note 1: A statement showing the total cost of benefits and other payments made from the Employees' Compensation Fund during the preceding July 1 through June 30 expense period on account of the injury or death of employees or individuals under the jurisdiction of the entity is required to be provided by the Secretary of Labor to the entity by August 15 of each year. (5 U.S.C. 8147): Note 2: Entities not dependent on an annual appropriation shall make the required deposit to Treasury from funds under its control during the first 15 days of October after receipt of the statement showing the costs paid on the entity's behalf. (5 U.S.C. 8147): [End of section] 817 - FEDERAL EMPLOYEES' RETIREMENT SYSTEM ACT OF 1986: Note: Complete this compliance summary or prepare equivalent documentation only if provisions of the Federal Employees' Retirement System Act of 1986 are considered significant as indicated on Form 802 - General Compliance Checklist. [See PDF for image] [End of table] Note: Complete this program or prepare equivalent documentation only if provisions of the Federal Employees' Retirement System Act of 1986 are considered significant as indicated on Form 802 - General Compliance Checklist. The procedures in this program are designed to test compliance with the provisions listed on the Compliance Summary. Audit Procedures: 1. Based on the preliminary assessment of compliance control effectiveness (as documented on form 817 - Compliance Summary), select a sample of expense amounts for individuals' gross pay from the payroll disbursement records for the audit period for employees covered by the Federal Employees' Retirement System (FERS). (See note 1.); (The sample size will vary based on the expected effectiveness of compliance controls as discussed in FAM 460.02). Document the sampling approach using the documentation in FAM section 495 E. See note 4 regarding sampling efficiencies and completeness of the sample population; These tests should be coordinated with other tests of payroll-related expenses and with the agreed-upon procedures agency auditors perform for OPM, per OMB audit guidance, if performed. 2. For each selection made in 1, document the following for the pay period selected: * the amount withheld for the cost of retirement benefits, * the amount of basic pay, and * if indicated in the payroll disbursement records, document the retirement plan under which the withholdings were made (CSRS or FERS). (Only employees covered by FERS should be included in this compliance test. See FAM 813 for the CSRS compliance test.). 3. For each item selected in 1, obtain the employee's personnel file and note the following: * employee hire date, * amount of basic pay, and * the retirement plan under which the employee is covered. 4. For each selection made in 1, (a) Compare the amount of basic pay indicated in the employee's personnel file with the amount indicated in the payroll records and obtain an explanation and examine support for any differences. (This procedure would be performed only if not already performed as part of other testing.). (b) Calculate the amount of the withholdings for retirement costs based on 0.8% of basic pay for most employees (see note 2 for percentages for certain employees) for the selected pay period and record the amount in the documentation. Compare to the actual amount withheld for the selected pay period and obtain an explanation and examine support for any differences. (5 U.S.C. 8422(a)(1)). (c) Determine whether the entity contributed the correct amount for the employee's retirement for the selected pay period. Obtain an explanation and examine support for any differences between the entity contributions and the amount calculated using OPM's normal cost percentage. (5 U.S.C. 8423(a)(1) and 5 U.S.C. 8401(23)). 5. Determine if amounts contributed by the entity are charged to the appropriation or fund used to pay the employee for the selected pay period by performing the following procedures: (a) Review the accounting codes indicated on the supporting documentation; (b) Determine whether the accounting codes used to record the entity contribution are the same as those used for the related payroll expenditure and whether the codes and amounts agree to those recorded in the budgetary accounting records. (This step assumes other payroll testing would have included checking that the codes represent the proper appropriation.); (c) Consider the procedures performed on the entity's budget controls over summarization of expenditure balances as discussed in FAM 395 F; If the auditor has assessed the entity's controls as effective in achieving the control objective of summarization of expenditure balances, further procedures are not necessary to obtain assurance as to whether the entity's contributions are paid out of the proper appropriation account; If the auditor has assessed the controls as ineffective, the auditor should perform procedures to determine whether the entity has properly summarized the expenditure balances as described in FAM 495 B. (5 U.S.C. 8423(a)(1)). 6. Determine whether the entity has effective controls over the proper summarization of the amounts withheld from employees for retirement costs under this law and the entity contributions for remittance to Treasury. If the entity does not have effective controls for summarization, test the summarization of the totals that include the items selected for testing in step 1. 7. Compare the combined totals of employee withholdings and entity contributions that include each selection made in step 1 to the deposit made to Treasury and the remittance sent to OPM and obtain explanation and examine support for any differences. The funds should be deposited in the Treasury to the credit of the Civil Service Retirement and Disability Fund. (5 U.S.C. 8422(c) and 5 U.S.C. 8401(6)). 8. If the entity does not appear to be in compliance based on the results of tests performed, discuss these matters with OGC and, when appropriate, the Special Investigator Unit to conclude if noncompliance actually has occurred and the implications of such noncompliance; For any noncompliance noted, the auditor should; * identify the weakness in compliance controls that allowed the noncompliance to occur, if not previously identified during compliance control testing; * report the nature of any weakness in compliance controls and consider modification of the conclusion on internal control as appropriate (see FAM 580.32-.61); * consider the implications of any instances of noncompliance on the financial statements; and * report instances of noncompliance, as appropriate (see FAM 580.67-.75). 9. Document conclusions on compliance with each provision on Form 813 - Compliance Summary. [End of table] Note 1: Employees may be covered by the Civil Service Retirement Act (CSRS) or the Federal Employees' Retirement System Act (FERS), generally depending on their employment dates. Note 2: For most employees, the percentage to be withheld is 0.8 percent (7 percent less the Social Security tax rate). For congressional employees, Members of Congress, and law enforcement officers, firefighters, air traffic controllers, and nuclear materials couriers, the withholding rates are higher. (See 5 U.S.C. 8422(a)(1).). Note 3: The Office of Personnel Management (OPM) computes the normal cost percentage. For FY 2002, it is 11.5 percent for regular employees. For congressional employees, Members of Congress, and law enforcement officers, firefighters, air traffic controllers, and nuclear materials couriers, the normal cost percentages are higher. OPM lists the percentages in its Benefits Administration Letters, accessible on its Internet site, http://www.opm.gov/asd/htm/bal01.htm (where the 2 digits after "bal" represent the calendar year of the letters). (5 U.S.C. 8401(23)): Note 4: If multipurpose testing is used for the compliance test and/or compliance control test and a substantive test of payroll expense details, the sample items for the compliance test and/or compliance control test should be selected using the sampling method used for the substantive test. Otherwise, the items should be selected using attribute sampling, as discussed in FAM 460.02. As with all sampling applications, the auditor should consider the completeness of the test population. For efficiency, the auditor should consider using records that were tested for validity and completeness (as well as the other financial statement assertions) in conjunction with substantive tests of payroll or other payroll related compliance tests. Note 5: If the entity outsources payroll processing, the entity remains responsible for compliance. Dividing responsibility for payroll processing activities between the entity and the service organization could make payroll testing more complicated, although the same testing should be performed. The auditor may accomplish that testing with the assistance of the service organization's auditor, who may issue an internal control report on the service organization under AU 324 (SAS 70). Or the service organization's auditor may assist the entity auditor by performing agreed-upon procedures at the service organization (e.g., substantive testing) under AT 201 (see FAM 660). [End of section] SECTION 900: Substantive Testing: 902 - RELATED PARTIES, INCLUDING INTRAGOVERNMENTAL ACTIVITY AND BALANCES: .01: This section provides detailed guidance on the procedures that the auditor should perform with respect to related parties, as described in FAM sections 280 and 550. AU 334 (SAS No. 45) provides general guidance on the procedures that should be performed to identify related party relationships and transactions so that the auditor may satisfy him or herself that they are appropriately accounted for and disclosed. In addition, the American Institute of Certified Public Accountants (AICPA) has issued a toolkit for accountants and auditors titled, Accounting and Auditing for Related Parties and Related Party Transactions[Footnote 1]. This toolkit includes selected authoritative accounting and auditing literature, an illustrative audit program, disclosure checklist, confirmation letter, and letter to other auditors and is available at the AICPA's website: http://www.aicpa.org/news/ relpty1.htm. .02: The federal government in its entirety is an economic entity. Federal entities are components of the U.S. government; therefore, transactions between federal entities are considered intragovernmental. Within the federal government, many reporting entities rely on other federal entities to help them achieve their missions and fulfill their operating objectives. These arrangements may be voluntary, stipulated by law, or established by mutual agreement of the entities involved and may not be carried out on an arm's-length basis. In many cases, the entity receiving goods or services will reimburse the providing entity in accordance with some agreed-upon price, which may or may not represent market value. Often, however, one entity provides goods or services to another entity free of charge (without reimbursement). For example, the General Services Administration, in some cases, provides property management services and contract award and administration to other entities without charge. .03: In addition, certain federal entities can significantly influence the operating policies of the transacting entities. For example, the Office of Management and Budget (OMB) provides policy and/or general management guidance to other federal entities, and the Office of Personnel Management (OPM) helps federal entities recruit nationwide and sets human resources management rules with the federal entities' involvement; administers the systems for setting federal compensation and benefits; manages federal employee health and life insurance programs; and operates the retirement program for federal employees. .04: Thus, in the federal government, the most significant related parties are other federal government entities. Other possible related parties outside of the federal government include states, members of the entity's management, and individuals and firms with which members of management may be related. .05: The auditor should consider the possible existence of related parties with material activity and balances that could affect the financial statements, including intragovernmental activity and balances. The identification of related parties and activity and balances is important because of (1) the requirement under U.S. generally accepted accounting principles to disclose material related-party transactions and certain control relationships, (2) the instances of fraudulent financial reporting and misappropriation of assets that have been facilitated by the use of an undisclosed related party, and (3) the potential for distorted or misleading financial statements in the absence of adequate disclosure. .06: The reason for disclosing related party information is that financial statement users may need that information to make informed judgments. As stated above, if parties are related, the transactions between them may not be based on an arm's-length relationship. For example, certain goods or services may be donated or be at an amount that does not represent market value, thus affecting the cost of the receiving entity's operations. In addition, if the entity has transactions with another entity based on a common control situation, such as when the entity controls or can significantly influence the management or operating policies of the transacting entity, the users of financial statements should know the nature of the relationship since this control relationship could result in operating results or financial positions significantly different from those that would have been achieved in the absence of such relationship. .07: Disclosures generally should include the nature of the relationship between the entity and its related parties, a description of the transactions, including donations, dollar amounts of transactions that occurred during the period, and amounts due to or from related parties as of the end of the period. Disclosures could include aggregation of similar transactions by type. In cases of common control relationships, the nature of the control relationship generally should be disclosed even if there are no transactions between the entities. Disclosure of related party transactions is not required for transactions between components of the audited entity that are eliminated in consolidation. However, if separate statements of the components are issued, the disclosures should be presented in the separate component statements. .08: The following paragraphs discuss intragovernmental activity and balances, then other related parties. INTRAGOVERNMENTAL ACTIVITY AND BALANCES: .09: Intragovernmental amounts represent activity and balances within or between federal entities. Intradepartmental amounts are activity and balances within the same department (a department here means any department, agency, administration or other entity designated by OMB as a financial reporting entity that is not part of a larger financial reporting entity other than the government as a whole). Interdepartmental amounts are activity and balances between two different departments. The intradepartmental and interdepartmental amounts are subsets of intragovernmental activity and balances. Intragovernmental activity includes: * Intragovernmental fiduciary transactions such as: ** Transactions with the Department of Labor (Labor) relating to the Federal Employee's Compensation Act, including routine payments to Labor; ** Transactions with the OPM relating to employee benefit programs (the Federal Employees' Retirement System, the Civil Service Retirement System, and federal employees' life insurance and health benefits programs) including routine payments, imputed financing, and accruals; ** Investments in federal securities issued by Treasury's Bureau of the Public Debt, including interest accruals, interest income and expense, and amortization of premiums and discounts; and: ** Borrowings from the Treasury and the Federal Financing Bank, including interest accruals, interest income, and expenses; * Goods and services provided from one federal entity to another (trade transactions) including any related revenues earned, costs incurred, and reimbursable costs (including both interdepartmental and intradepartmental activity); * Transfers between entities based on agreements or legislative authority, expended appropriations, taxes and fees collected, collections for others, accounts receivable from appropriations, transfers payable, and custodial revenue (including both interdepartmental and intradepartmental activity); and: * Imputed costs such as fiduciary transactions with OPM and Labor mentioned above and costs of litigation paid by the judgment fund (including both interdepartmental and intradepartmental activity). .11: Activity and balances between federal entities (interdepartmental transactions) should be eliminated at the U.S. Government's Consolidated Financial Statements level, while the activity and balances within the same department (intradepartmental) should be eliminated at the department's consolidated financial statements level. Accounting and Reporting Guidance: .12: In accounting for and reporting of related parties, including intragovernmental activity and balances, the entity should refer to Statements of Federal Financial Accounting Standards (SFFAS), Statements of Financial Accounting Standards, OMB guidance, and Treasury guidance. The following paragraphs illustrate these relevant documents. .13: SFFAS No. 4, Managerial Cost Accounting Concepts and Standards, and related interpretations address the accounting standards for interentity cost activities. SFFAS No. 5, Accounting for Liabilities of the Federal Government, addresses interentity liabilities, including federal debt, pensions and retirement benefits. Also, SFFAS No. 7, Accounting for Revenue and Other Financing Sources and Concepts for Reconciling Budgetary and Financial Accounting, addresses interentity revenue and requires disclosure of the nature of intragovernmental exchange transactions in which an entity provides goods or services at a price less than full cost or does not charge a price at all. The reporting entities should also consult with the funding and administering agencies, such as OPM, for information needed to properly record interentity costs. Note that SFFAS No. 4 directs OMB to designate the costs of goods and services received from other departments that should be recognized, which it has done in the guidance mentioned below. .14: Statement of Financial Accounting Standards No. 57, Related Party Disclosures, defines related parties and provides examples of related party transactions and general guidance on disclosures of transactions between related parties. Footnote disclosures generally should include disclosure of the nature of the relationship between the entity and its related parties, a description of the transactions, including donations, dollar amounts of transactions that occurred during the period, and amounts due to or from related parties as of the end of the period. .15: The OMB bulletin titled Form and Content of Agency Financial Statements indicates that federal entities should: * Present intragovernmental amounts by trading partner (reciprocal federal entity) as required supplementary information (RSI). Intragovernmental asset and liability categories reported as RSI should agree with the intragovernmental asset and liability line items reported on the balance sheet. The intragovernmental RSI may be limited to the consolidated departmentwide financial statements of the Chief Financial Officers (CFO) Act departments and agencies covered by the form and content bulletin. The intragovernmental RSI reporting requirement does not extend to federal components that are required to prepare financial statements. All amounts should be net of intraentity transactions. * Reconcile intragovernmental asset, liability, and revenue amounts reported as RSI with their trading partners; and: * Report intragovernmental gross cost to generate earned revenue from trade transactions, as well as total entity gross cost and earned revenue, by budget functional classification. OMB also has issued a memorandum titled Business Rules for Intragovernmental Transactions that requires agencies to use the same methodology in accounting for certain intragovernmental transactions, which should help in reconciliation. .16: To emphasize the agency management's responsibility for identifying intragovernmental activity and balances and reconciling data with relevant trading partners, the entity should include specific representations in the management representation letter that intragovernmental, including intradepartmental, transactions have been properly accounted for, reconciled with trading partners, and disclosed (see FAM section 1001). If such disclosure is included in the financial statements and the auditor believes that the disclosure is not supported by management, or if management refuses to disclose related party transactions, the auditor generally should give a qualified or adverse opinion because of the inadequate disclosure, depending on materiality, and include the necessary disclosures in a separate paragraph in the audit report. .17: Treasury Financial Manual (TFM) section "Federal Intragovernmental Transactions Process" and the Federal Intragovernmental Transactions Accounting Policies Guide (Guide) provide governmentwide procedures for federal entities to account for and reconcile transactions occurring within and between each other. The procedures in these guides do not apply to transactions between federal entities and nonfederal entities. The TFM and the Guide are available at the Treasury/Financial Management Service's (FMS) websites (http://fms.treas.gov/tfm/vol1/ v1p2c400.html and http://www.fms.treas.gov/cfs/dev/index.html). .18: The TFM includes procedures for CFO Act departments to reconcile and confirm with their trading partners intragovernmental activity and balances as of and for the fiscal year ended September 30. Each department's CFO is to provide the department Inspector General (IG) with representations indicating whether the department completed the reconciliation. In addition, the department is to describe noncompliance with the reconciliation requirements. (See TFM.) These CFO representations should be included in the management representation letter (see above). .19: The Guide provides detailed guidance on accounting and reconciling intragovernmental balances. According to the Guide, federal entities should identify trading partners[Footnote 2] for all intragovernmental transactions and accumulate detail and summary information for each activity by trading partner from their accounting records. The trading partner code may be incorporated (1) as part of account coding classification or (2) in the customer/vendor identification code in accounts receivable and payable systems. These codes are the same as the Treasury index agency code used by the Treasury to prepare the governmentwide consolidated financial statements. If the two-digit Treasury index agency code is not adequate to identify the trading partner, entities may expand the partner code to components below the department level and communicate these codes to their trading partners. .20: Federal entities also should use Standard General Ledger (SGL) account attributes to indicate the nature of account balances and to identify intragovernmental transactions. For example, the federal "F" and nonfederal "N" attributes used in conjunction with an SGL account in the Federal Agencies' Centralized Trial Balance System (FACTS) I submissions enable Treasury/FMS to prepare elimination entries for the governmentwide financial statements. When the federal attribute "F" is used with an SGL account, a trading partner should be designated for each transaction posted to the account. Audit History: .21: Prior years' audits of several federal entities' financial statements have identified instances where entities did not identify, summarize, or reconcile intragovernmental activity and balances by trading partner. Controls over the intragovernmental transactions were not adequate. For example, one department instructed its components to make buyer's intragovernmental transaction amounts agree with seller's information without requiring an adequate reconciliation or verification if goods or services were provided. Similar issues were also identified concerning activity and balances within the same entity (intradepartmental). Accordingly, there was no assurance that the entity records contained fairly stated balances. Intragovernmental Payment and Collection (IPAC) System[Footnote 3] .22: IPAC is the primary method used by most federal entities to electronically bill and/or pay for services and supplies within the government, and to communicate to the Treasury and the trading partner agency that the online billing and/or payment for services and supplies has occurred. IPAC, however, is not intended to be a control over the intragovernmental transactions (reciprocal accounts). The auditor should understand that IPAC was not designed as an accounting system and does not require trading partners to record transactions at the same time or in the same amounts. In addition, unreconciled IPAC differences could affect the existence and completeness of intragovernmental activity and balances. .23: The IPAC billing entity initiates an IPAC transaction either as a collection or a payment. The IPAC customer entity receives an IPAC transaction either as a payment or a collection. Monthly, the Treasury compares the customer and billing entities' Statement of Transactions with the IPAC data. If there is a difference, a Statement of Differences, including a detailed list of all transactions charged or credited to a particular agency location code, is generated monthly. Entities should investigate the differences and make any necessary corrections on their next Statement of Transactions. .24: The auditor should examine the entity's IPAC reconciliation procedures to determine if the entity performs the reconciliation and researches and resolves differences reflected on the statement of differences properly and timely. The auditor may coordinate with the Fund Balance with Treasury (FBWT) procedures to assess the effectiveness of the entity's IPAC reconciliation. .25: The auditor should also design procedures to understand whether the entity uses other systems (standard forms used to transfer funds between appropriations, credit cards, and others) in addition to the IPAC system to process intragovernmental activity and balances. The auditor should determine whether these systems affect the fairness of intragovernmental activity and balances. (See audit procedures below and FAM section 902 C.): Audit Procedures: .26: The auditor should consider audit risk and materiality in determining the nature, timing, and extent of procedures for auditing intragovernmental activity and balances and in evaluating the results of these procedures. Throughout the audit, the auditor should consider the possible existence of material intragovernmental activity and balances that could affect the financial statements. The auditor should evaluate all the information available concerning material intragovernmental activity and balances and determine that the financial statement disclosures are adequate and appropriate. .27: During the planning phase, the auditor should assess inherent, fraud, and control risk. In assessing the inherent risk related to intragovernmental activity and balances, there are several conditions that the auditor should consider. For example, inherent risk may exist because of the nature of the intragovernmental activity, such as a significant volume of transactions and number of trading partners or complex transactions. The auditor should assess the impact of inherent and control risk on control testing and substantive testing. The auditor should determine whether similar conditions continue to exist and understand management's response to such conditions. .28: In assessing inherent and control risk, the auditor should obtain an understanding of management responsibilities and the relationship of each component to the total department and of each department to other departments. The auditor should obtain an understanding of the entity's operations to identify, respond to, and resolve accounting and auditing problems early in the audit. For example, the auditor should know what trading partners the entity has, the nature of intragovernmental transactions that occur, the volume and dollar amount of transactions, and management's attitude and awareness with respect to reconciliations of intragovernmental activity and balances. .29: The auditor should assess the effectiveness of the entity's internal control over intragovernmental activity and balances. The auditor should identify the policies and procedures that pertain to the entity's ability to record, process, summarize, and report intragovernmental activity and balances by trading partner. The agency should emphasize the importance of identifying and classifying intragovernmental transactions by trading partner when they are initiated and on all documentation thereafter; without this initial identification, the system will not be able to keep track of them. .30: Without proper and timely reconciliation of intragovernmental activity and balances, misstatements in these account balances at the component and/or department level could materially affect the balances at the governmentwide level (as well as at the department or component level). In addition, when preparing consolidated financial statements, the preparer must eliminate intragovernmental activity and balances within and between departments or components. Because the amounts reported for entity trading partners for certain intragovernmental accounts could be significantly out of balance, the preparer would not be able to eliminate these accounts in the consolidated financial statements. The auditor may advise the entity about the need for monthly confirmation and reconciliation of these transactions with trading partners. Annual or quarterly reconciliations are generally not sufficient to detect and resolve misstatements promptly. .31: If the auditor determines that the entity's reconciliation control for intragovernmental transactions is not effectively designed and placed in operation, the auditor should consider the effect on the financial statements. Where intragovernmental transactions are or could be material, significant additional work is usually necessary to express an unqualified opinion. In some cases where the auditor finds material weaknesses in the intragovernmental reconciliation control and no other mitigating controls exist, the auditor may decide to modify the audit opinion (see FAM section 580). .32: The TFM contains agreed-upon procedures for the department inspectors general to perform for federal intragovernmental activity and balances. These procedures are intended to assist with accounting for and eliminating intragovernmental activity and balances in the preparation of department and governmentwide financial statements and reports. The IG should perform these procedures regardless of the opinion on the department consolidated financial statements. .33: To avoid duplicate procedures, the auditor should consider the agreed- upon procedures contained in the TFM when designing the tests for intragovernmental activity and balances. Examples of the account risk analysis (ARA), specific control evaluation (SCE), and audit procedures for the audit of intragovernmental activity and balances are in sections 902 A, 902 B, and 902 C. The ARA, SCE(s), and audit procedures generally should be customized for the particular entity. For example, if the auditor determines that the intragovernmental accounts receivable line item is significant, the auditor generally should prepare a separate ARA, SCE(s), and audit procedures for the intragovernmental accounts receivable account and its related accounting applications. (Note that a single SCE for a line-item/ account-related accounting application is presented. There are likely transaction-related accounting applications listed on the ARA that also would have SCEs.) In addition, to improve efficiency, the auditor may coordinate tests of intragovernmental activity and balances with tests of nonfederal activity and balances. OTHER RELATED PARTIES: .34: To effectively plan and perform an audit, the auditor should understand the entity's organization and its characteristics. The auditor should consider the possible existence of other related parties and other related party transactions throughout the audit to satisfy him or herself that they are properly accounted for and disclosed (see paragraph 902.07). Other related parties may include states that federal entities made payments to in carrying out or executing their federal programs. Examples of these programs are Department of Health and Human Services grants to states for Medicaid,[Footnote 4] Department of Transportation Federal Highway Administration programs such as federal aid for highways and highway safety construction programs, and Department of Labor State Unemployment Insurance and Employment Service Operations. .35: The auditor may attempt to detect these relationships by inquiry of management, reviewing major contracts/agreements, and reading financial disclosure statements. The documentation generally should include the names of related parties so all audit staff may become aware of transactions with them. Work done to test transactions with such parties may be coordinated with sensitive payments work, as discussed in paragraph 280.05. .36: In addition to the procedures on related parties, the auditor also generally should inquire about other parties that may not be related parties, but that the agency may wish to disclose because of a public perception that they might be related, although professional standards do not require disclosure if the parties are not related (as defined in AU 334). Section 902 C shows examples of audit procedures for other related parties as well as for intragovernmental activity and balances. The steps should be customized for the particular audited entity. PRACTICE AIDS: .37: The following practice aids are appended: Section 902 A - Example Account Risk Analysis (ARA), Section 902 B - Example Specific Control Evaluation (SCE), and: Section 902 C - Example Audit Procedures: [End of section] 902 A - EXAMPLE ACCOUNT RISK ANALYSIS FOR INTRAGOVERNMENTAL ACTIVITY AND BALANCES: [See PDF for image] [End of figure] [End of section] 902 B - EXAMPLE SPECIFIC CONTROL EVALUATION FOR INTRAGOVERNMENTAL ACCOUNTS: [See PDF for image] [End of figure] [End of section] 902 C - EXAMPLE AUDIT PROCEDURES FOR INTRAGOVERNMENTAL AND OTHER RELATED PARTIES' ACTIVITY AND BALANCES: Entity: Period of financial statements: Job code: Audit Procedures[1]: Planning Phase: Obtain an understanding of the entity's operations that are significant to the audit of intragovernmental and other related party activity and balances (see FAM section 220). 1. To obtain an understanding of significant accounting and auditing issues, read the entity's prior year's accountability and auditors' reports. 2. To identify the entity's accounting and reporting requirements and applicable auditing standards for intragovernmental and other related party activity and balances, read the following: a. SFFAS No. 4, Managerial Cost Accounting Concepts and Standards; SFFAS No. 5, Accounting for Liabilities of the Federal Government; SFFAS No. 7, Accounting for Revenue and Other Financing Sources and Concepts for Reconciling Budgetary and Financial Accounting; Statement of Financial Accounting Standards No. 57, Related Party Disclosures; AU Section 334, Related Parties; AU Section 558, Required Supplementary Information; OMB bulletin on Form and Content of Agency Financial Statements; Treasury/Financial Management Service's (FMS) Federal Intragovernmental Transactions Accounting Policies Guide; and Treasury Financial Manual section "Federal Intragovernmental Transactions Process."; b. The entity's internal procedures for identifying, accounting, reconciling and reporting intragovernmental and other related party activity and balances. c. The entity's process for identifying, classifying, and reporting intragovernmental activity and balances requiring elimination at the consolidated departmentwide or governmentwide level. 3. To identify the impact of systems/methods for processing, accounting and financial reporting of intragovernmental and other related party activity and balances, a. Interview the entity's key management about, for example, the systems/methods that are used to process intragovernmental and other related party activity and balances (e.g., IPAC, credit cards, standard forms used to transfer funds between appropriations, and others). b. Obtain estimates of the approximate number and dollar amount of intragovernmental and other related party activity and balances (this could be based on the prior year) that are processed by each significant system/method (see FAM section 270). c. Consider coordinating this work with the audit of like nonfederal activity and balances (i.e., similar transactions by the entity with parties other than other federal entities). 4. To identify the intragovernmental and other related party activity and balances; a. Ask the entity management: i. Names of all related parties (intragovernmental and others) and whether there were transactions with them during the period. Other possible related parties outside of government might be states, management, and individuals and firms with which members of management may be related or otherwise be able to significantly influence the management or operating policies. ii. The nature and terms of all significant activities and balances. For example, * for a seller entity, ** Obtain information on the types of significant revenues, any markup percentage(s) over full cost, and the settlement/payment due date. ** Inquire as to how the full cost of products and services sold is determined. * for a buyer entity, ** Inquire about the minimum requirements (business rules) that must be met before an intragovernmental trading partner may provide goods or services. * Inquire as to amounts, if any, that are in dispute at year-end. iii. Whether the audited entity receives services without reimbursement or for less than full reimbursement, for example, donated services, such as space or detailed employees. If so, ask if the entity is complying with GAAP and/or OMB requirements with respect to accounting and reporting treatment of these transactions. Also, if applicable, ask about the approximate fair value and/or financial statement disclosure for such goods and/or services. iv. Whether the entity centrally maintains contracts, agreements, and support for the terms of all significant transactions with related parties. b. Review, if any: i. The entity policy for advance approval of related party transactions by senior management. ii. The entity policy for requiring disclosure by employees to appropriate officials of potential conflicts of interest, such as related party transactions by employees of the entity. Also determine if summaries of such transactions are communicated to financial management for its consideration. iii. Vendor and customer master file listings, major contracts, and IPAC activity for intragovernmental or other related parties. c. Ask Treasury/FMS regarding entities historically reporting intragovernmental transactions with the audited entity. 5. Provide audit staff with the names of known intragovernmental and other related party trading partners, a description of the nature of significant transactions with each, and such other information as considered necessary to assist them in planning and performing other sections of the audit. 6. Summarize the results. 7. Document the auditor's preliminary assessment of risks related to the intragovernmental and other related party activity and balances in the ARA form or equivalent. II. Internal Control Phase: Understand the internal control the entity has in place for identifying, accounting for, eliminating, and reporting intragovernmental and other related party activity and balances (existence, completeness, valuation, rights and obligations, presentation and disclosure) (see FAM section 320). 1. Determine through inquiry of management, walkthroughs, review of prior years' documentation and other means, how and when the entity identifies intragovernmental and other related party transactions. a. Whether the entity identifies the transactions by trading partner when they are initiated and on all documentation thereafter. b. If the entity uses trading partner codes, the relationship of such codes to other document identifiers such as vendor codes. For example, trading partner codes may be integral to each vendor code, or it may be necessary to crosswalk vendor codes to a file of trading partner codes. c. If the entity does not use trading partner codes, determine how the entity identifies, analyzes, and accumulates intragovernmental activity and balances. For example, the entity may derive such amounts through off-line manual processes after the fact. d. When the entity recognizes each significant category of intragovernmental and other related party transactions. For example, when an invoice is received, when processed through IPAC, when goods or services are received, when notified by the seller that an agreed-upon stage of completion has been achieved. Consider whether the entity's policy in recording intragovernmental and other related party transactions is appropriate. e. Whether the entity and its trading partners use consistent reciprocal ledger accounts and categories of activity and balances for recording and reconciling such amounts. If so, ask what processes are in place to provide management with reasonable assurance that trading partners are recognizing reciprocal transactions in the same period, for the same amount, and by consistent or compatible accounting methods. f. If the entity complies substantially with the SGL at the transaction level as it applies to intragovernmental activity and balances. (Note: The SGL accounts used should include attributes for intragovernmental activity and balances that identify (a) that these accounts contain intragovernmental transactions (e.g., attribute "F") and (b) the trading partner (e.g., Treasury trading partner code "20").); g. Policies and procedures for confirming intragovernmental and other related party activity and balances with trading partners. h. How often the entity reconciles its related party activity and balances with its trading partners. Also inquire as to whether adjustments identified as necessary through the reconciliation process have been properly recognized in the financial records. If not, ask why. If the entity did not perform reconciliations, ask why not. i. Whether the selling and buying entities have established processes to facilitate the timely reconciliation of activity and balances. (Note: The selling entity is typically responsible for furnishing detailed transaction information to facilitate reconciliation.); j. What the entity's year-end cut-off procedures related to the intragovernmental and other related party activity are. Determine if procedures provide assurance that intragovernmental activities occurring in the current period are recorded in the current period. (Since the reconciliation process should detect cutoff errors, see above for reconciliation procedures with trading partners.); k. What the entity's policies and procedures are for intraentity elimination. l. Whether the entity maintains transaction logs or detailed records of transactions to identify the postings to SGL accounts and to facilitate the reconciliation process. The logs should include sufficient information to enable identification and location of the supporting documents. m. Whether the entity reviews and approves monthly account analyses of intragovernmental accounts and examines budget-to-actual and trend analyses. 2. Coordinate with the results of audit procedures for other cycles to determine if the entity has internal control issues related to intragovernmental and other related party activity and balances. For example, to determine if the entity has control issues related to intragovernmental activity and balances, coordinate with the results of FBWT audit procedures to determine if the entity has issues on its FBWT/IPAC reconciliation such as material unreconciled amounts and aged unreconciled IPAC differences. 3. Perform walk-throughs of processes for identifying, accounting, reconciling, confirming, eliminating, and reporting intragovernmental and other related party activity and balances to obtain or update the auditor's understanding of these procedures and preliminarily assess the effectiveness of these controls. a. Walkthrough the process from initiation to recording in the general ledger and inclusion in the financial statements or elimination for each significant type of intragovernmental and other related party activity and balances. b. Walk through the management/entity approval process of payments to trading partners. (Note: Prior audits have identified instances where payment controls for intragovernmental transactions were not sufficient, for example, the seller entity made payments to trading partners without verifying whether goods or services were provided.); c. Identify and document differences in process for nonfederal and intragovernmental and other related party activities and balances. d. If the entity performs reconciliations of intragovernmental activity and balances with trading partners during the year, the auditor should walk through both interim and year-end reconciliation processes. 4. Prepare or update the cycle memorandum, flowchart, and ARA and SCE forms (See FAM sections 390, 395 H and I, and 902 A and B) or equivalents. III. Testing Phase: A. For intragovernmental accounts, if the auditor preliminarily determines that the entity's reconciliation and confirmation controls with trading partners are effectively designed and placed in operation, test the entity's policies and procedures to determine if the reconciliation and confirmation controls are effective and if intragovernmental balances appear reasonable. 1. Obtain final yearend reconciliations/confirmations of intragovernmental activity and balances for each trading partner and supporting documentation; or obtain the entity CFO responses for intragovernmental activity and balances and the supporting documentation for the final reconciliation/ confirmations. (See the Treasury Financial Manual (TFM) sections on CFO procedures/representations and on IG Agreed-Upon Procedures for Federal Intragovernmental Activity and Balances); 2. Compare the amounts in the reconciliations to supporting documentation. 3. Trace the adjustments, if any, identified in the reconciliation process to the entity's financial records. 4. Compare the amounts, excluding intra-departmental activity and balances, in the audited department consolidated financial statements to such amounts in the department's final FACTS I or FACTS Notes reports to FMS. 5. Prepare an agreed-upon procedures report. (Note: The procedures in steps 1 to 4 above are agreed-upon procedures for intragovernmental activity and balances. See the TFM, volume 1, section on IG Agreed-Upon Procedures for Federal Intragovernmental Activity and Balances. Also see FAM section 660.); 6. Consider whether these agreed-upon procedures are sufficient to achieve financial statement audit objectives. For example, whether the agreed upon procedures are applied to all significant assertions for all significant intragovernmental activity and balances. Typically these procedures alone will not be sufficient for financial statement audit purposes. 7. If the agreed-upon procedures are not sufficient, then design additional procedures that in combination with the agreed-upon procedures will be sufficient. For example: Reconciliation/confirmation (existence, completeness, valuations, rights and obligations, and classification): * OMB's bulletin on Form and Content of Agency Financial Statements requires an entity to reconcile and confirm intragovernmental activity and balances with trading partners semiannually, beginning with the six-month period ending March 31, 2002 and quarterly, beginning with the three-month period ending December 31, 2002. If the entity performed monthly, quarterly, or semiannual reconciliations, test reconciliations to determine if the entity's reconciliation control is effective throughout the year. * There should be a separate reconciliation/confirmation for each trading partner. * This reconciliation/confirmation also may be used for within entity reconciliation/confirmation (intraentity). a. Determine the completeness of population: Determine if the entity performed reconciliations and confirmations for all trading partners by comparing the trading partners on the reconciliations and confirmation forms to subsidiary records or the entity's trading partner list obtained during the planning phase. b. For each reconciliation/confirmation: i. Determine if the reconciliation/confirmation was reviewed and approved by the appropriate personnel. ii. Compare the total amounts and SGL accounts of the activity and balances reported on the reconciliation/confirmation form with the general and subsidiary ledger accounts, and the total amounts to audited financial statements and footnote disclosures. If differences are found, document each such difference. Consider potential impact on financial statements and post the differences identified to summary of unadjusted misstatements. iii. Test whether the entity used appropriate SGL accounts and whether these SGL accounts include the proper attribute(s) to indicate that they result from intragovernmental transactions. (Note: For example, when the federal attribute "F" is used with an SGL account, a trading partner should be designated for each transaction posted to the account.) Entities can modify SGL accounts listed on the form to be more specific. iv. Consider whether the entity is using the reciprocal accounts delineated in the FMS Guide. Entities should use these accounts to account for intragovernmental activity and balances in the specified categories. Use of these reciprocal accounts will facilitate the reconciliation and confirmation process. v. For fiduciary activity and balances, compare amounts on the reconciliation forms to amounts on the Intragovernmental Fiduciary Confirmation System. (Note: Fiduciary activity and balances include loans from the Federal Financing Bank and Bureau of Public Debt, investments with Bureau of Public Debt, Federal Employees Compensation Act transactions with Labor, and employee benefit transactions with OPM. The seller entity--Bureau of Public Debt, Treasury, Federal Financing Bank, Labor, and OPM--will make balances information and other details available through the Intragovernmental Fiduciary Confirmation System for the buyer entities' use in reconciling amounts to their records. The Intragovernmental Fiduciary Confirmation System is the official confirmation system for federal entities that engage in fiduciary intragovernmental transactions with Bureau of Public Debt, Federal Financing Bank, OPM, and Labor.); vi. For transfers, test whether; * the classification of transfers as expenditure or nonexpenditure is proper, and * the accounting and reporting are appropriate. vii. For trust fund transfers such as highway and airport trust funds, also test whether the trust fund amounts are properly accounted for and maintained in accordance with laws that established these funds. (Note: Test either by the trust fund auditor or as agreed-upon procedures by the auditor who audits the entity that collects the revenue for it.); Reconciliation adjustments and differences (all intragovernmental categories); (Note: Exhibit I to FAM 902 C provides an illustration of a reconciliation tool that may be used to summarize reconciling items and prove amounts between a buyer and a seller entity.); c. Determine whether adjustments, if any, are supported and timely: i. Trace the adjustments and reconciling items identified in the reconciliation process to the entity general and subsidiary ledgers. ii. Examine the adjustments and supporting documents to determine if * The entity timely and properly performed the research and identified causes for differences. * The adjustments are agreed upon by both entities and made to proper SGL accounts. (Note: Examples of adjustments and reconciling items are: ** Adjustments in estimated accruals: For example, the seller entity has recorded unbilled revenue and the buyer entity was not timely advised of the estimated accrual. ** Adjustments due to timing differences: For example, timing differences caused by a buyer entity's delay in recording IPAC transactions into proper SGL accounts. ** Reconciling item for capitalization of assets: For example, the buyer entity purchased property and equipment or inventory and recorded them as assets.); iii. Obtain or prepare aging of outstanding unadjusted reconciling amounts for all significant intragovernmental balance sheet accounts. Identify old and/or unusual reconciling items and obtain explanations from the entity. iv. Review final yearend reconciliation for any accounting policy differences and determine if the entity explains the causes of these differences on the final reconciliation. The causes of these differences might be differences in accounting standard requirements, for example, amortization methods for discounts and premiums. For example, one trading partner uses the interest method and the other trading partner uses the straight-line method to amortize discounts/ premiums. (Note: There should be no material unresolved differences on the final year-end reconciliation forms. The entity should resolve all differences with trading partners.); v. Determine the extent of unadjusted differences at year-end. Assess their materiality on the financial statement line item and the overall financial statements. vi. If adjustments are made subsequent to the completion of the confirmations (during the audit period), determine if the entity revised the reconciliation and confirmation and submitted the updated data to FMS. 8. Summarize the results of testing: (1) conclude on the effectiveness of the entity's reconciliation and confirmation controls and (2) propose adjustments, if necessary. 9. Determine whether the results of testing and the nature of misstatements indicate that combined risk should be assessed differently and whether the audit procedures should be revised. B. For intragovernmental activity and balances, if the auditor preliminarily determines that the entity's reconciliation/ confirmation control with trading partners is not effective, or if the reconciliations and/or confirmations are not performed by the entity, the auditor should consider the effect on substantive tests and on the audit report. In some cases, the auditor may decide to modify the audit opinion when no reconciliation and other mitigating controls existed. However, when intragovernmental activity and balances are material, significant additional work may be necessary to express an unqualified opinion such as: 1. Coordinate work with other related line items to test existence, completeness, valuation, rights and obligations, and classification of intragovernmental activity and balances. For example, a. In conjunction with cash receipts, revenues, and accounts receivable testing, determine if intragovernmental accounts receivable were collected subsequent to test date. Examine supporting documentation for the posting of collections to the cash records; determine if intragovernmental revenues and receivables are included in nonfederal balances. b. Test completeness of intragovernmental activity and balances by reviewing vendor and customer master files to determine if intragovernmental vendors and customers are properly included in intragovernmental accounts. c. Consider sending confirmation requests to trading partners for both balance sheet and net cost activity and balances. Especially if combined risk is assessed as high, consider applying similar confirmation procedures as to the nonfederal accounts. Cut off test (existence and completeness); d. Determine if there are unrecorded transactions and if the transactions are recorded in the correct period. i. Coordinate with the FBWT audit team to review results of the FBWT reconciliation tests. For example, review IPAC transactions reconciliations and the recording of IPAC transactions in accounting systems; consider how timely and whether appropriate; review IPAC transactions after 9/30-subsequent billing and collecting transactions-to determine unrecorded transactions as of 9/30. ii. Search for unrecorded sales revenue, accounts receivable, purchases, and accounts payable (completeness). For example, * To search for unrecorded sales revenue and accounts receivable, select sales invoices for trading partners recorded in the xx-day period subsequent to year- end. Trace the selected invoices to shipping records or evidence of service performance. Determine whether the sales revenue and accounts receivable were recorded in the correct period. Alternatively, select from shipping records to trading partners prior to year-end and trace to sales invoices. * To test the completeness of amounts recorded as accounts payable at the balance-sheet date, select disbursements after the end of the audit period and test if the amounts were recorded in accounts payable. 2. Review the test results of other related line items to determine if there are issues related to existence, completeness, valuation, rights and obligations, and classification in the tested accounts and transactions and the impact on the intragovernmental activity and balances. In testing these other accounts, consider whether items tested were from trading partners. 3. Summarize the results and propose adjustments, if necessary. 4. Determine if the results of testing and the nature of misstatements indicate that combined risk should be assessed differently and whether the audit procedures should be revised. Control and substantive tests of details--other related parties: C. Attain satisfaction about the purpose, nature, and extent of material other related party transactions and their effect on the financial statements. Coordinate with sensitive payments work, including the review of executive compensation, travel, official entertainment funds, unvouchered expenses, and consulting services (see FAM section 280.05). 1. Based on the work performed during the planning and internal control phases, determine and document the methodology used to select the transactions for testing. * Examine all transactions, * Dollar unit sampling (DUS), * Classical variables estimation sampling, or * Other (describe). 2. For the selected transactions, a. examine documentation such as invoices, contracts, agreements, and receiving and shipping reports; b. determine whether the transactions have been properly approved; c. confirm transaction terms and amounts with the other party to the transaction; and; d. test the compilation of amounts that may be disclosed in the financial statements for reasonableness. 3. Summarize the results. 4. Determine if the results of testing and the nature of misstatements indicate that combined risk should be assessed differently and if the audit procedures should be revised. Substantive analytical procedures (FAM 475): D. Substantive analytical procedures: Perform analytical procedures to assess whether balances are reasonable and reflect appropriate activities (existence and completeness). If the entity performs reconciliation and confirmation of intragovernmental activity and balances and the auditor places reliance on those tests of details, less rigorous, supplemental analytical procedures may be used to increase the auditor's understanding of intragovernmental activity and balances after performing tests of details in Testing, step III.A, above. However, in the absence of adequate reconciliation and confirmation controls, some or all of these procedures may be necessary to obtain sufficient evidence, if possible. For example, 1. Develop expectations of the accounts payable and receivable balances overall or for all significant trading partners in light of the payment cycle during the year. Then, compare the recorded balance overall or by trading partner to the expected amount and investigate differences in the recorded balance if differences exceed (insert an amount such that the total uninvestigated difference for all trading partners, including those not selected, does not exceed the limit). 2. Develop expectations of recorded intragovernmental sales overall or for all significant trading partners based on independent data; for example, consider using trading partners' orders. Then compare the expectations to the recorded sales amounts and investigate differences in the recorded balance if differences exceed (insert an amount such that the total uninvestigated difference for all trading partners, including those not selected, does not exceed the limit). 3. Examine accounting records, for example, accounts receivable and payable, for large, unusual, or nonrecurring activity or balances. For example, consider expectations as to the types of intragovernmental activity and balances and trading partners based on the planning work. Then, examine significant unexpected/unusual intragovernmental activity and balances and intragovernmental activity or balances with unexpected trading partners. Document the definition of significant. 4. Summarize the results of testing and determine if adjustments are necessary. Elimination (existence, completeness, and valuation): E. Test consolidation/elimination for transactions occurring within the entity (intraentity) to determine whether the elimination is appropriate and supportable. 1. Obtain a list of each component entity's intraentity transactions identified for elimination and each component entity's reconciliation of its intraentity activity and balances with its respective trading partners. This step may be done in conjunction with the test of reconciliation (see step III.A above). 2. Review the entity's eliminating journal entries and supporting documentation for elimination entries of the entitywide consolidated financial statements. Determine whether elimination journal entries are a. approved by management and; b. supported by schedules summarizing the SGL accounts that are combined to total the amounts eliminated. 3. Summarize the results. 4. Determine if the results of testing and the nature of misstatements indicate that combined risk should be assessed differently and if the audit procedures should be revised. IV. Reporting Phase: To determine if the presentation and disclosures of intragovernmental and other related party balances comply with GAAP and OMB requirements: 1. Determine whether financial reports are prepared in accordance with the OMB bulletin on Form and Content of Agency Financial Statements. For example, a. Review the balance sheet and determine whether it is properly classified and line items are correctly reported as intragovernmental or nonfederal. b. Read the required supplementary information (RSI) to determine if intragovernmental amounts and the related federal trading partners for assets, liabilities, earned revenue from trade (buy/sell) transactions and nonexchange revenue are presented as RSI. The gross cost to generate earned revenue from trade transactions should be presented by budget functional classification in the notes to the financial statements. c. Read disclosures for the Statement of Net Cost in the notes to the departmentwide financial statements and determine if the department includes a separate disclosure of intragovernmental gross cost and earned revenue by budget functional classification as required by OMB's form and content bulletin. Gross cost and earned revenue should be net of intradepartment transactions (consolidated). 2. Read the entitywide financial statements, notes, and RSI; compare the reported intragovernmental and other related party (if any) activity and balances with the test results. 3. Request that the entity's management include, in the representation letter, representations related to intragovernmental and other related party activity and balances. (See FAM section 1001 for guidance.); 4. Communicate with trading partner entities' auditors (with auditee's permission) to consider whether issues identified by the other auditors affect the auditor' s conclusions on intragovernmental transactions. 5. Read the various current period Agreed-Upon Procedures (AUP) reports to consider whether the findings will affect the auditor's conclusion and/ or if additional procedures need to be performed. For example, a. The AUP report on employee withholdings and employer contributions that are reported on the Report of Withholdings and Contributions for Heath Benefits, Life Insurance and Retirements. This AUP report is to assist OPM in assessing the reasonableness of the Retirement, Health Benefits, and Life Insurance Withholdings/Contributions and Supplemental Semiannual Headcount report submitted to OPM (see OMB audit guidance). b. The AUP report on FACTS I verification. This AUP report is to evaluate the department's management assertion that it compared the department's summarized FACTS I data to its consolidated financial statements and to determine whether such data is in agreement. 6. Summarize the results and determine if adjustments are necessary. 7. Conclude whether intragovernmental and other related party activity and balances have been adequately accounted for and properly disclosed in the financial statements. [End of table] Exhibit I: Reconciliation of Seller Entity Intragovernmental Earned Revenue with Buyer Entity Cost: [See PDF for image] [End of section] 903 - AUDITING COST INFORMATION: .01: This section provides general guidance for considering cost information and planning audit procedures. The auditor should coordinate these procedures with procedures on auditing various line items and accounts. The auditor is concerned about cost information for a number of reasons. First, the auditor should obtain sufficient evidence to determine whether the costs are fairly stated in the financial statements and appropriately classified. Proper classification at the agency level also contributes to proper classification of costs in the consolidated financial statements of the U.S. government. Second, for CFO Act agencies and components designated by OMB, the auditor is concerned about the entity's financial management systems' substantial compliance with the three requirements of FFMIA. Third, cost information is important to the MD&A, although the auditor does not opine on the MD&A. The most relevant accounting standard for cost information is Statement of Federal Financial Accounting Standards (SFFAS) No. 4, Managerial Cost Accounting. This standard has relevance both to external financial reporting and to cost information for internal management reporting. STATEMENT OF FEDERAL FINANCIAL ACCOUNTING STANDARDS NO. 4, MANAGERIAL COST ACCOUNTING: .02: SFFAS No. 4 establishes the concepts and standards for providing reliable and timely information on the full cost of federal programs, their activities, and outputs. The objectives of managerial cost information specified in SFFAS No. 4 are: * To provide program managers with relevant and reliable information relating costs to outputs and activities. With this information, program managers should understand the costs of the activities they manage. The cost information should assist them in improving operational efficiency. * To provide relevant and reliable cost information to assist Congress and executives in making decisions about allocating federal resources, authorizing and modifying programs, and evaluating program performance. * To provide consistency between costs reported in general purpose financial reports and costs reported to program managers. This includes standardizing terminology to improve communication among federal organizations and users of cost information. .03: The first two objectives primarily address the managerial use of cost information in improving operating efficiency and cost effectiveness, making planning and budgeting decisions, and measuring performance. The third objective primarily addresses external financial reporting. That objective can be achieved by reporting cost information in financial statements that is consistent with costs generated by the cost accounting process. Because of the differences in the three objectives, some requirements in SFFAS No. 4 are relevant to managerial decision making and operations improvement, while some requirements are relevant to external financial reporting. .04: The cost accounting concepts section of SFFAS No. 4 (paragraphs 41-66) establishes the overall goals of cost accounting for federal agencies. Managerial cost accounting should be a fundamental part of the financial management system and, to the extent practicable, be integrated with the other parts of the system. Managerial costing should use a basis of accounting, recognition, and measurement that is appropriate for the intended purpose. Cost information developed for various purposes should be drawn from a common data source, and output reports should be reconcilable to each other. .05: The five fundamental standards for managerial cost accounting set forth in SFFAS No. 4 (paragraphs 67-162) are important for the auditor. These standards will lead to the development of accurate and consistent cost information for internal and external reporting by federal agencies. The five standards are: * Requirement for cost accounting: Each reporting entity should accumulate and regularly report the cost of its activities for management information. * Responsibility segments: Management of each reporting entity should define and establish responsibility segments and report the costs of each segment's outputs. * Full costs: Reporting entities should report the full costs of outputs, which is the total amount of resources used to produce the output, including direct and indirect costs. * Interentity costs: Each entity's costs should incorporate the full cost of goods and services received from other entities. As directed by SFFAS No. 4, paragraph 110, OMB has designated, in its bulletin, Form and Content of Agency Financial Statements, the costs of goods and services received from other entities that should be recognized. * Costing methodology: The costs of resources that directly or indirectly contribute to the production of outputs should be accumulated and assigned to outputs using appropriate methodologies. (See paragraph 903.07.): AUDIT PROCEDURES FOR FINANCIAL STATEMENT OPINION: .06: As part of understanding the entity's operations, the auditor should obtain an overview of how the entity meets these standards. This may be done by inquiry, observation, and walkthrough procedures. Substantive tests of the cost accounting system are usually necessary. The auditor should consider coordinating tests with other control and substantive tests. Based on the auditor's understanding of the agency's operations, the auditor should determine whether the statement of net costs is designed to include all the costs of the agency's programs. Also, in testing the statement of net costs, the auditor should test the financial statement assertions related to costs including whether expenses are properly classified in the statement of net costs, and in the notes by budget functional classification, as required by OMB's form and content guidance. The following (see FAM section 395 B) are examples of subassertions related to costs: Existence or occurrence: * Validity: (1) Recorded costs, underlying goods and services used, and related processing procedures are authorized by federal laws, regulations, and management policy. (2) Recorded costs are approved by appropriate individuals in accordance with management's general or specific criteria. (3) Recorded costs represent goods and services that were actually used and are properly classified. * Cutoff: Costs recorded in the current period represent goods and services used during the current period. * Summarization: (1) The summarization of recorded costs is not overstated. (2) Costs are assigned to appropriate classifications in the financial statements. Completeness: * Transaction completeness: All valid costs are recorded and properly classified. * Cutoff: All goods and services used in the current period should be recorded in the current period. * Summarization: The summarization of recorded costs is not understated. Valuation or allocation: * Accuracy: (1) Costs are recorded at correct amounts. (2) Costs are recorded using appropriate assignment methodologies. * Measurement: Costs included in the financial statements are properly measured. Presentation and disclosure: * Account classification: Cost accounts are properly classified and described in the financial statements. * Consistency: The financial statement costs are based on accounting principles that are applied consistently from period to period. * Disclosure: The financial statements and footnotes contain all information required to be disclosed. .07: SFFAS No. 4 discusses three methods of assigning costs: directly tracing costs, assigning costs on a cause-and-effect basis, and allocating costs on a reasonable and consistent basis. Although the standard discusses these three methods in relation to assigning costs to responsibility segments and outputs, the methods are also applicable to assigning costs to financial statement line items in the statement of net costs, generally by program, and in the notes by budget functional classification. The different methods of assigning costs may require different auditing procedures for determining whether costs are properly classified in the statement of net costs by program and in the notes by budget functional classification. .08: For example, for directly traced costs (such as materials used in production or employees who worked on an output), the auditor generally should test whether costs were assigned to the appropriate program and/ or budget functional classification. .09: Costs may be assigned on a cause-and-effect basis, by grouping costs into cost pools where an intermediate activity may be a link between the cause and the effect. For example, an information technology department may provide support to other departments. The information technology department may assign costs to other departments on a cause- and-effect basis by first assigning costs to an intermediate activity, such as hardware installation or software design. Then the costs in these pools may be further assigned to other departments based on their use of these technical services. In auditing these types of costs, the auditor should test whether costs are assigned to the appropriate cost pool (hardware installation, software design), but also whether the costs are appropriately summarized in the pool. Then, when costs are assigned to other departments, the auditor should test whether costs assigned are based on appropriate usage information, whether the cost assignments are reasonable and consistent, and whether they are mathematically accurate. .10: Costs may be allocated if it is not economically feasible to directly trace or assign costs on a cause-and-effect basis. This is commonly done with costs such as general management, depreciation, rent, maintenance, security, and utilities used in common by various segments. These costs are generally accumulated in cost pools and allocated to segments or outputs (or programs or budget functional classifications) based on a relevant common denominator such as number of employees, square footage of office space, or amount of direct costs incurred in segments. In auditing these allocated costs, the auditor should test whether the costs are assigned to the appropriate cost pool and summarized appropriately. The auditor also should determine whether the allocation basis is reasonable and consistent and test the mathematical allocation. In addition, the auditor should determine whether an allocation rather that directly tracing costs or assigning them on a cause-and-effect basis is appropriate in the circumstances. .11: The entity exercises judgment in determining the line item/programs included in its statement of net costs. The auditor should consider whether classifications are reasonable in the circumstances. Federal Financial Management Improvement Act of 1996 (FFMIA): .12: For audits of the CFO Act agencies and components identified by OMB audit guidance, the auditor should determine whether the agency's financial management systems comply substantially with the three requirements of FFMIA (see paragraph 100.02 and FAM section 701). To determine compliance with SFFAS No. 4 for the purposes of FFMIA, the auditor should ask these questions, which relate to the standards discussed in paragraph 903.05: * Does the agency regularly accumulate and report the costs of its activities to management? * Has the agency defined its major programs and responsibility segments for the purpose of delineating costs? * Does the agency properly accumulate costs by those programs and segments? * Has the agency accounted for the full costs (including interentity costs) of products, services, or outputs to be externally reported at the entitywide level? * Has the agency accounted for the costs of resources that contribute to the production of outputs by individual responsibility segment using appropriate costing methodologies? * Has the agency reported those costs in the year-end financial statements on the accrual basis of accounting? * Are the costs reported for external financial reporting and those reported for internal management reporting consistent and reconcilable? * Is the reported management cost information consistent, timely, and comprehensive? * Is the cost information reported in such a manner that management can determine answers to appropriate questions about costs of outputs? * How does management determine whether costs are appropriate? * How does management determine the entity's compliance with FFMIA? This inquiry is frequently combined with the procedures in paragraph 903.06, the outcome of which should be considered in concluding about the entity's compliance with the cost accounting requirements under FFMIA. Also, the auditor should review evidence supporting management's assertions in response to these questions, as further discussed in section 701, Assessing Compliance of Agency Systems with the Federal Financial Management Improvement Act (FFMIA). MANAGEMENT'S DISCUSSION AND ANALYSIS (MD&A): .13: The auditor does not provide an opinion on the MD&A. Thus, the main concern is consistency of information, rather than testing the reliability of the cost data in the MD&A. The auditor should read the MD&A for consistency with the financial statements and with the auditor's knowledge of the entity. Testing generally should be limited to data in the financial statements, as discussed in paragraph 903.06, not the MD&A. Analytical procedures may be used to consider the reasonableness of cost data in the MD&A. Based on this comparison, the auditor should consider whether additional testing is needed. .14: Although costs reported in internal and external reports should be consistent, they may differ in the degree of detail and reporting frequency. Cost information for management may require more frequent and timely reporting. It also may require more specific and detailed information regarding the costs of specific activities or outputs. By comparison, external reports could be less frequent, and the cost information more aggregated, such as on a suborganization or program basis. [End of section] 921 - AUDITING FUND BALANCE WITH TREASURY (FBWT): .01: This section provides guidance in auditing the Fund Balance with Treasury (FBWT) account. It explains key agency and Treasury processes and procedures related to FBWT accounts and discusses audit issues. Practice aids, including example Account Risk Analysis (ARA) and Specific Control Evaluation (SCE) forms and suggested audit procedures for the FBWT line item, are included in appendices. .02: The FBWT account (SGL account 1010) is an asset account representing the unexpended spending authority in agencies' appropriations. Federal agencies record their budget spending authority in FBWT accounts and increase or decrease these accounts as they collect or disburse funds. Most agencies maintain several fund balance accounts funded by different types of appropriations, such as annual 1-year appropriations and/or multiyear appropriations that are included in the financial statement FBWT line item. The FBWT account also serves as one of several mechanisms to prevent agencies' disbursements from exceeding appropriated amounts. .03: In the federal government, Treasury serves as the central banker. Most agencies use the banking services provided by Treasury's Financial Management Service (FMS) and do not keep cash in separate bank accounts. Some agencies have authority to disburse funds on their own behalf. These agencies still maintain FBWT accounts and follow Treasury's reporting and reconciliation requirements. .04: Unlike commercial banking institutions, Treasury does not keep independent accounting records of each agency's FBWT accounts. Instead, Treasury uses monthly data reported by the agencies to calculate agencies' FBWT balances and requires agencies to perform detailed reconciliations of FBWT accounts to maintain the accuracy and reliability of agencies' fund balance records. Effective reconciliations also serve as a detection control for identifying unauthorized and unrecorded transactions at the agencies and Treasury. .05: Treasury requires agencies to maintain FBWT accounts and to perform a two-part reconciliation process each month. * First, agencies should reconcile differences identified by Treasury between cash receipts and disbursements transactions reported by agencies to those reported by other sources of financial data, such as the Federal Reserve, commercial banks, other federal agencies, and the FMS regional financial centers. Treasury reports differences identified to agencies each month on "Statements of Differences."[Footnote 5] * Second, agencies should reconcile differences between their records and Treasury records of the monthly activity recorded in the FBWT accounts. Each month Treasury provides appropriation, fund, and receipt account ledgers, which include a rollforward of the previous month's balance, the current month's cash activity reported by the agency and other account activity (supplemental appropriations, rescissions, nonexpenditure transfers, entries reported by other agencies) to compare to their records. Differences remain until reconciled by the agencies and represent potential misstatements in agencies' financial statements and budget execution reports. Audit Issues: .06: Many agencies have problems in reconciling the transaction activity in their FBWT accounts. Ineffective FBWT reconciliations contribute to agencies' inability to prepare auditable financial statements. Without effective agency reconciliations of receipt and disbursement activity, the agency FBWT balance -the amount of funds available to it for expenditure in each appropriation - may contain material misstatements, and auditors generally would be unable to determine whether FBWT is fairly stated. .07: Prior audits of agencies' financial statements identified instances in which agencies were not timely reconciling their FBWT accounts. Instead, some agencies adjusted their accounts to show the amounts reported by Treasury and/or recorded differences in suspense accounts without adequately researching the causes of the differences. Unreconciled differences recorded in suspense accounts could represent transactions that have not been recorded by the agency to the appropriate accounts. Only after researching its accounting records and reports can an agency determine the cause of the problem and make the proper adjustments to its FBWT accounts (and related asset, liability, expense, or revenue accounts) or advise Treasury to correct its records. .08: There were instances in which agencies did not receive Statements of Differences from Treasury, even though unreconciled differences existed. Some agencies did not use their accounting records to prepare monthly reports to Treasury. Instead, they reported the same amounts recorded in OPAC and CASHLINK to avoid Statements of Differences; generally these agencies tracked differences in suspense accounts. Because Treasury uses these sources to compare with the amounts reported by the agency, Treasury did not identify differences; thus, no Statements of Differences were issued. Also, some agencies cleared Statements of Differences by reporting adjustments to Treasury before researching and resolving differences. Therefore, amounts reported on Statements of Differences might not always be an adequate indicator of reconciliation problems or an adequate measure of the extent of outstanding unreconciled differences. Auditors should design tests to obtain an understanding of the agency's reconciliation procedures in order to assess the effect of its reconciliation process on the financial statements and to determine the level of audit procedures required after considering the materiality of unreconciled differences. .09: Because Treasury's record of an agency's FBWT is the result of the activity reported to Treasury by the agency itself, and is not obtained from another source, the reconciliation process is a key control over FBWT accounts. .10: One year's successful audit of the reconciliation of FBWT activity will generally not result in an auditable balance because the auditor faces the issue of auditing the beginning balance. Except for the first year of an appropriation, the balances in most FBWT accounts are included in the FBWT line item rollforward from year to year until the account is closed, which can be 5 years or more, depending on the type of appropriation. .11: In an initial audit, the auditor should design tests to obtain assurance on the FBWT beginning balance. This may require testing of FBWT reconciliations performed in prior years or other audit procedures that provide assurance on the FBWT line item. For example, in some instances detailed audit procedures over beginning balances related to other financial statement accounts that affect FBWT could provide assurance. In tests of other account balances, the auditor may be able to determine that old errors were written off or other appropriate adjustments were made to FBWT and that the fund balances from prior years and remaining unadjusted reconciling differences are immaterial. Audit Approach: .12: Because Treasury relies on the monthly data reported by the agencies to calculate agencies' FBWT balances, confirmation of FBWT account balances with Treasury does not provide competent evidence. Therefore, the auditor needs to obtain competent evidence through tests of the agency's FBWT reconciliation process. .13: Since most assets, liabilities, revenues, and expenses stem from or result in cash transactions, misstatements in the receipt or disbursement activity recorded in the FBWT accounts affect the balances of various financial statement accounts. Even though net FBWT account balances may be immaterial as of the date of the financial statements, the gross receipt and disbursement transactions flowing through the FBWT account during the fiscal year are usually material. Therefore, the auditor should test the reconciliation of the transaction activity flowing through the account. In addition, the auditor should assess the impact of gross unreconciled differences on the FBWT and other financial statement line items. .14: The auditor should design an audit program that includes steps to determine whether the agency: * prepares monthly reports to Treasury using the same detailed accounting records of collection and disbursement transactions that are used to prepare the agency's financial statements; * researches and resolves the underlying causes of differences between amounts reported by Treasury and agency records each month and makes the proper adjustments; and: * monitors suspense account activity - including maintaining detailed records of unreconciled differences charged to the account and maintaining records that age the differences - and performs procedures to timely and properly clear the account. .15: The auditor also should design procedures to determine the magnitude of the agency's gross unreconciled differences at year-end by analyzing the Treasury Statements of Differences reports and agency suspense account items in terms of their aggregate absolute values and resulting impact on the financial statements. (Since each difference represents a potential misstatement, the roll-up and netting of charges and credits can significantly understate the total outstanding differences.): Practice Aids: .16: The following practice aids are appended to this section: * Section 921 A - Treasury Processes and Reports Related to FBWT Reconciliation. * Section 921 B - Example Account Risk Analysis (ARA). * Section 921 C - Example Specific Control Evaluation (SCE). (Note that a single SCE of the line item/account-related accounting application for FBWT is presented. There are transaction-related accounting applications listed on the ARA that affect FBWT, such as cash receipts and cash disbursements, that would require transaction related SCEs.): * Section 921 D - Example Audit Procedures. .17: These aids are not all inclusive. They do not include tests of other accounts, such as Other Cash on Deposit bank accounts and Imprest Funds. Also, for agencies that write their own checks, the aids do not discuss or include tests of controls over check stock. If material, the auditor should apply appropriate additional tests. The aids provide the auditor with a framework for designing tests of FBWT accounts. Auditors should use professional judgment in designing audit programs for their particular agency after considering materiality, audit risks, and internal control. .18: The auditor should use judgment in determining the most effective and efficient method to achieve the audit objectives. When possible, the FBWT audit procedures should be coordinated with other tests. For example, many procedures may be performed in conjunction with tests of agency cash receipts and cash disbursements. Others may be included as part of compliance testing. [End of section] 921 A - TREASURY PROCESSES AND REPORTS RELATED TO FBWT RECONCILIATION: [See PDF for image] [End of table] [End of section] 921 B - EXAMPLE ACCOUNT RISK ANALYSIS FOR FUND BALANCE WITH TREASURY: [See PDF for image] [End of figure] [End of section] 921 C - EXAMPLE SPECIFIC CONTROL EVALUATION FOR FUND BALANCE WITH TREASURY: [See PDF for image] [End of figure] [End of section] 921 D - EXAMPLE AUDIT PROCEDURES FOR FUND BALANCE WITH TREASURY: FBWT Example Audit Procedures: Planning Phase; FB-1: A. To obtain an understanding of the agency's accounting and reporting requirements for Fund Balance with Treasury (FBWT) accounts, read the following documents: * Treasury Financial Manual, Volume I, part 2, chapter 5100 - Reconciling Fund Balance with Treasury accounts, http://fms.treas.gov/fundbalance. * Current OMB bulletin, Form and Content of Agency Financial Statements. * Statements of Federal Financial Accounting Standards (SFFAS No. 1). * Agency accounting policies and procedures for the Fund Balance with Treasury Accounts. B. Read prior year documentation, financial statements, and related auditor's reports to determine if there were any audit issues/ reportable conditions related to FBWT. Internal Control Phase; FB-2: A. To obtain an understanding of the agency's internal controls over FBWT accounts, perform the following: 1. Interview key agency staff about the FBWT procedures and controls in place at the agency. a. Determine what method the agency uses to disburse funds (FMS regional finance centers, on its own behalf, and/or both methods). b. Obtain an understanding of the significant accounting systems and controls used in reporting and accounting for FBWT transactions. c. Identify FBWT line item general ledger accounts. d. Obtain an understanding of the agency's FBWT reconciliation procedures. Ask * if and how the agency tracks differences between the agency's and Treasury FBWT records; * what suspense accounts, if any, are used by the agency to track unreconciled differences; * if the agency has a process/system for aging unreconciled differences; and; * how the agency reports and handles differences. B. Walk through the FBWT reconciliation process and determine whether reconciliation controls have been placed in operation. Testing Phase; FB-3: A. To determine whether the agency's reconciliation of the monthly SF 224, 1219/1220 or 1218/1221 Statement of Transactions/Accountability report submitted to Treasury, to the applicable general ledger (G/L) accounts is effective (existence): 1. Obtain a list of the agency's Agency Location Codes (ALCs). Agency ALCs can be obtained through the GOALS. ALCs indicate the agency's method of disbursement. Four digit ALCs indicate a non-Treasury disbursing agency. Eight digit ALCs indicate a Treasury disbursing agency. 2. Obtain the monthly Statements of Transactions (SF 224) or Statements of Accountability/Transactions (SF 1219/1220 or 1218/1221) for each ALC for the fiscal year, or for the period being audited if testing at an interim date. 3. Select the individual Statements of Transactions (SF 224) or Statements of Accountability/Transactions (SF 1219/1220 or 1218/1221) to be tested (use separate forms to document the sampling plan). Indicate selection method. * Dollar unit sampling (DUS), * Classical Variables Estimation Sampling, or * Other (describe) For each statement selected: a. Compare the ALC on the SF 224 or SF 1219/1220 or 1218/1221 to the agency's list of ALCs. b. Trace monthly collection and disbursement amounts reported on the SF 224, SF 1219/1220 or SF 1218/1221 to amounts recorded in the agency's official accounting records (G/L). c. Trace any prior period adjustment amounts reported on the SF 224, SF 1219/1220 or SF 1218/1221 to supporting documentation and the agency's G/L. d. Examine supporting documentation for any differences. B. Summarize the results of testing. C. Determine whether the results of testing indicate that combined risk should be assessed differently and whether the audit procedures should be revised. FB-4: A. To determine whether the agency is properly reconciling collection and disbursement differences identified by Treasury (existence and completeness): 1. Obtain the following Treasury reports for each ALC for each month of the fiscal year, or for the period being audited if testing at an interim date. * Final month-end Statements of Differences (FMS 6652). Note: To obtain the population of Statements of Differences, obtain the initial month-end Statements of Differences issued by Treasury. Treasury issues month-end Statements of Differences for each accounting month (when differences are identified) and continues to send statements for that month until the difference is cleared. To obtain the initial differences reports for the period being audited, obtain the reports that show the same accounting date and audit date on the statement, indicating that this is the initial statement of differences issued for that month. * Advice of Check Issued Discrepancy reports (FMS 5206). (Note: This step applies only for agencies that disburse their own funds - Non-Treasury Disbursing Offices (NTDO) agencies.); * Treasury letters notifying the agency of outstanding differences between amounts reported on the SF 1219/1220 or SF 1218/1221 and its check issued summary reports. (Note: This step applies only for NTDO agencies.); Select the individual statements/letters to be tested (use separate forms to document the sampling plan). Indicate selection method: * Dollar unit sampling (DUS), * Classical variables estimation sampling, or * Other (describe). For each statement/letter selected: a. Compare the ALC number on the statement/report to the agency's list of ALCs. b. Examine the agency's reconciliation files/documentation supporting the reconciliation of the difference, and determine if differences were adequately researched and resolved. c. Trace resulting adjustments, if any, to subsequent month Treasury reporting (SF 224, 1219/1220, or 1218/1221) and/or the agency general ledger accounts to determine if adjustments were properly recorded. (Note: reconciling items do not always result in adjustments to the G/ L and/or Treasury records. The resulting adjustment, if any, depends on the cause of the difference. For example, an adjustment to the agency's G/L is not necessary when a bank error caused the difference. The bank is responsible for reporting the adjustment to Treasury.); B. Summarize the results of testing and conclude on the effectiveness of the agency's reconciliation controls. C. Determine if the results of testing indicate that combined risk should be assessed differently and if the audit procedures should be revised. FB-5: A. To determine if the agency's monthly reconciliation of its G/L to Treasury records is effective (existence and completeness): 1. For the months that correspond to the Statements of Differences selected above, obtain the Undisbursed Appropriation Account ledgers (FMS 6653) and Receipt Account ledgers (FMS 6655) sent by Treasury and the agency's reconciliation. * Trace the FMS 6653/6655 balance per the agency reconciliation to the FMS 6653/6655 reports sent by Treasury. * Trace the G/L account balances per the reconciliation to the appropriate G/L accounts. * Trace account activity per the FMS 6653/6655 to the agency G/L. (Note: Typical activity, other than agency disbursements and receipts, may include supplemental appropriations, non-expenditure transfers, and entries reported by other agencies.); * Examine supporting documentation for reconciling items. * Determine if the appropriate adjustments were made to the general ledger or that Treasury had been notified of needed corrections. B. Summarize the results of testing and conclude on the effectiveness of the agency's reconciliation controls. C. Determine if the results of testing indicate that combined risk should be assessed differently and if the audit procedures should be revised. FB-6: A. To determine whether the agency's year-end (September) reconciliation of FBWT accounts is effective (existence and completeness): 1. Obtain the Agency's year-end (September) FBWT reconciliation and Treasury's September Undistributed Appropriation Account Ledger (FMS 6653) and Receipt Account Ledger (FMS 6655). * Trace appropriation, fund, and receipt account balances reported on the Treasury account ledgers to the agency's reconciliation. * Trace the appropriation, fund, and receipt account balances reported on the Treasury account ledgers to the agency general ledger. * Examine supporting documentation for reconciling items. * Determine if appropriate adjustments were made to the G/L and/or reported to Treasury. 2. Obtain the year-end (September) Statements of Differences reports issued by Treasury (FMS 6652, and/or FMS 5206 and Treasury notification letters). * Trace reported differences to the agency's reconciliation to determine if all differences were included in the FBWT reconciliation. * Examine supporting documentation and determine if differences were adequately resolved. * Trace resulting adjustments to supplemental Statements of Transactions/Accountability or subsequent month Treasury reporting (SF 224, 1219/1220, or 1218/1221) and/or the agency general ledger. 3. Summarize the results of testing. FB-7: A. To determine the extent of unreconciled differences at year-end and the potential impact on the agency FBWT account balance: 1. Determine if unresolved differences reported by Treasury on Statements of Differences as of September 30 for the fiscal year being audited were subsequently resolved and properly accounted for. * Obtain the Statements of Differences for the months subsequent to year-end (October through end of fieldwork). * Identify unreconciled differences outstanding at 9/30 that were subsequently resolved. * Determine if the differences were adequately researched and resolved. * Determine if the appropriate adjustments were made to the agency FBWT accounts or that Treasury had been notified of needed corrections. 2. Determine the extent of unreconciled differences included in suspense accounts that are not included on Statements of Differences. * Obtain suspense account transaction detail report as of 9/30 for the year being audited. * Obtain suspense account transaction detail report for months subsequent to year-end (October through end of fieldwork). * Identify unreconciled differences outstanding at 9/30 that were subsequently resolved. * Determine if the differences were adequately researched and resolved. * Determine if the appropriate adjustments were made to the agency FBWT accounts or that Treasury had been notified of needed corrections. 3. Assess the materiality of all unreconciled differences outstanding (at absolute value). 4. Summarize test results. 5. Document the potential effect of material unreconciled differences on the FBWT line item and other financial statement accounts. FB-8; A. To determine if the agency recorded warrants, appropriation transfers, and rescissions properly, perform the following (rights and obligations): 1. For first year appropriations, obtain copies of the appropriation legislation and U.S. Treasury Appropriation Warrants (FMS 6200) for the fiscal year. * Compare the warrants to the appropriation legislation. * Trace amounts reported on the appropriation warrants to beginning appropriation balances recorded in the general ledger FBWT accounts. * Examine supporting documentation for any differences/reconciling items. 2. For other than first year appropriations, trace the beginning balances recorded in the general ledger to audited ending balances of the prior fiscal year financial statements. (Note: If this is a first year audit, additional work may be necessary to substantiate the beginning FBWT account balance. For example, the auditor may need to consider if the reconciliation process has been effective over the life of the appropriations. This may require review of prior year reconciliations.); 3. For appropriation activity occurring during the fiscal year being audited (supplemental appropriations, rescissions, and nonexpenditure transfers), obtain copies of related legislation for supplemental appropriation and rescission warrants and U.S. Treasury Non-Expenditure Transfer Authorizations form (FMS 1151) for the fiscal year. * Compare supplemental appropriations and rescissions recorded in the agencies' FBWT account to appropriation legislation and to U.S. Treasury warrants. * Compare non-expenditure transfer amounts recorded in the agencies' FBWT account to approved Non-Expenditure Transfer Authorizations form (FMS 1151). 4. Examine supporting documentation for any differences/reconciling items. FB-9: A. To determine the existence and completeness of the appropriation, fund, and receipt accounts included in the FBWT financial statement balance (existence, completeness, presentation and disclosure): 1. Obtain the agency "crosswalk" of G/L accounts included in the FBWT line item and the September Treasury Undisbursed Appropriation Account Trial Balance and Receipt Account Trial Balance. * Trace account balances listed on the Treasury trial balances to the agency crosswalk of G/L accounts included in the FBWT line item. * Determine the status of accounts (i.e., open, expired, canceled) and assess whether the account is appropriately included in the FBWT line item. * Obtain an explanation and determine the appropriateness of accounts omitted from or included in the crosswalk that were not included in the Treasury trial balance. IV. Reporting Phase; FB-10; To determine if the FBWT balance appears reasonable (analytical procedure): 1. Compare the G/L accounts that constitute the FBWT with expectations and obtain explanation for any unexpected changes (e.g., credit balances, new accounts, closed accounts) or the absence of expected changes. 2. Determine if additional testing is necessary. B. To assess whether the presentation of the financial statements and footnote disclosures for the FBWT line item are in accordance with U.S. generally accepted accounting principles (SFFAS No. 1) (presentation and disclosure) (see GAO/PCIE FAM, Part II, section 1004-Financial Reporting: Checklist for Reports Prepared under the CFO Act): 1. Determine if the agency has presented and disclosed FBWT in the notes to the financial statements in accordance with U.S. generally accepted accounting principles. 2. Determine if material unreconciled differences are disclosed and explained in the notes to the financial statements. 3. Determine if material unreconciled differences that were written off by the agency during the fiscal year being audited are disclosed in the notes to the financial statements. 4. Determine if material restrictions, if any, have been properly disclosed. FB-11: A. Prepare proposed audit adjustments, if any. B. Conclude if the FBWT line item is fairly stated and if the controls over FBWT are effective. FOOTNOTES [1] These tools are based on the best practices guidance received from the participating accounting and auditing firms and the AICPA publication, Practice Alert No. 95-3, Auditing Related Parties and Related Party Transactions, which is available at http://www.aicpa.org/ members/div/secps/lit/practice/953.htm. [2] Trading partners are agencies, bureaus, programs or other entities (within or between entities) participating in transactions with each other. [3] The Intragovernmental Payment and Collection (IPAC) system replaced the Online Payment and Collection (OPAC) system in December 2001. [4] Medicaid assists states in providing medical care to their low- income populations by granting federal matching payments under the Social Security Act to states with approved plans. [5] The banking system data is reported via CASHLINK, other federal agencies via IPAC (which replaced OPAC in December 2001), and FMS regional financial centers via GOALS. See FAM section 921 A for more detail on the Treasury processes and reports related to FBWT reconciliation. [End of section] SECTION 1000: Reporting: 1001 - MANAGEMENT REPRESENTATIONS: .01: This section deals with the management representations that the auditor is required to obtain from current management as part of the audit, as described in sections 280 and 550. It covers the four general areas of representations: representations about the financial statements, internal control, financial management systems' substantial compliance with the requirements of the Federal Financial Management Improvement Act of 1996 (FFMIA), and compliance with laws and regulations. In the AICPA standards, these representations are discussed in sections AU 333 (SAS 85), AT 501.44 (from Statement on Standards for Attestation Engagements (SSAE) Number 10, paragraph 5.44), and AU 801. OMB audit guidance also contains guidance on management representations letters. .02: Written representations from management ordinarily confirm oral representations given to the auditor, indicate and document the continuing appropriateness of those representations, and reduce the possibility of misunderstanding. Management representations are not a substitute for audit procedures. If a representation is contradicted by other audit evidence, the auditor should investigate the circumstances and consider the reliability of the representation. Also, the auditor should then consider whether it is appropriate to rely on other management representations. Management's refusal to furnish written representations is a scope limitation sufficient to preclude an unqualified opinion. .03: The specific representations obtained will depend on the circumstances of the engagement and the nature and basis of presentation of the financial statements. These representations apply to all the financial statements and all periods covered by the audit report. In addition to the representations given in the AICPA standards, the auditor generally should consider the need to obtain representations on other matters based on the circumstances of the audited entity. Also, the representations given in the example representation letter in section 1001 A should be deleted if inapplicable or customized to the situation of the entity being audited. .04: The management representation letter should be obtained from the highest level of the audited entity. The officials who sign the management representation letter should be those who, in the auditor's view, are responsible for and knowledgeable, directly or through others, about the matters in the representation letter. These officials should generally be the head of the entity and the CFO, or equivalent. Additional management representation letters should be obtained from any component units for which separate reports are to be issued. .05: The management representation letter should be on the audited entity's letterhead. The representations should be as of a date no earlier than the date of the auditor's report--the end of fieldwork. To ensure the letter is ready in time, a draft letter generally should be provided to and discussed with management early in the audit and updated for circumstances found throughout the audit. Where management signs the letter after the end of fieldwork, the letter should state that the representations are as of the date of the audit report. If management signs the letter before the end of fieldwork, the auditor generally should obtain a separate letter to update the representations to the end of fieldwork. However, where the time difference is short, the auditor may update the representations orally and document the update in the workpapers. .06: Although the management representation letter generally should be addressed to the Comptroller General (at GAO) or the agency IG, the audit team should consider having the entity deliver it directly to a member of the team to avoid any delays in receiving the letter. .07: Especially for large audited entities, management may need to specify a materiality threshold in the management representation letter, below which items would not be considered exceptions. The auditor should be satisfied that such a materiality threshold is so far below design materiality that even many items below this level would not, in the aggregate, approach design materiality. For example, a threshold that is 5 percent (or less) of design materiality may be sufficiently low. The materiality level may be different for different representations and would not apply to those representations not directly related to amounts in the financial statements (such as responsibility for the statements). REPRESENTATIONS RELATING TO THE FINANCIAL STATEMENTS: .08: Paragraph AU 333.06 lists 17 management representations that are ordinarily included in a GAAS audit if applicable. These generally relate to management acknowledging its responsibility for the financial statements and its belief that the financial statements are fairly presented in conformity with generally accepted accounting principles; completeness of financial information; recognition, measurement, and disclosure; and subsequent events. Examples of additional representations that may be appropriate depending on an entity's business or industry are given in appendix B to AU 333. The auditor may review section AU 333 for items that could be added to the representations, many of which would have to be modified in the federal government environment. (OMB has added a representation dealing with intragovernmental transactions and their reconciliations for CFO Act agencies and components.): .09: Appendix B of AU 333 gives example language for the following situations: General: * Unaudited interim information accompanies the financial statements. * The impact of a new accounting principle is not known. * There is justification for a change in accounting principles. * Financial circumstances are strained, with disclosure of management's intentions and the entity's ability to continue as a going concern. * The possibility exists that the value of specific significant long- lived assets or certain identifiable intangibles may be impaired. * The work of a specialist has been used by the entity. Cash: * Disclosure is required of compensating balances or other arrangements involving restrictions on cash balances, line of credit, or similar arrangements. Financial instruments: * Management intends to and has the ability to hold to maturity debt securities classified as held to maturity. * Management considers the decline in value of debt or equity securities to be temporary. * Management has determined the fair value of significant financial instruments that do not have readily determinable market values. * There are financial instruments with off-balance-sheet risk and financial instruments with concentrations of credit risk. Receivables: * Receivables have been recorded in the financial statements. Inventories: * Excess or obsolete inventories exist. Deferred charges: * Material expenditures have been deferred. Debt: * Short-term debt could be refinanced on a long-term basis, and management intends to do so. Contingencies: * Estimates and disclosures have been made of environmental remediation liabilities and related loss contingencies. * Agreements may exist to repurchase assets previously sold. Pension and postretirement benefits: * An actuary measured pension liabilities and costs. * There is involvement with a multiemployer plan. * Postretirement benefits have been eliminated. * Employee layoffs that would otherwise lead to a curtailment of a benefit plan are intended to be temporary. * Management intends to either continue to make or not make frequent amendments to its pension or other postretirement benefit plans, which may affect the amortization period of prior service cost, or management has expressed a substantive commitment to increase benefit obligations. Sales: * There may be losses from sales commitments. * There may be losses from purchase commitments. * Nature of the product or industry indicates the possibility of undisclosed sales terms. .10: The auditor generally should consider the need for additional customizing of the example representation letter given in section 1001 A and for the additional representations in paragraph 1001.09. Many of the representations may have to be qualified, especially in an initial audit or in later audits where significant problems remain. For instance, where the example representation letter states that there are no violations of laws or regulations, the entity may need to add at the end of the statement, "except as follows:" and describe the violations. .11: In addition, the auditor generally should consider whether circumstances may require that additional descriptive items be included in the representation letter, especially as support for conclusions the auditor makes in the audit. This is important where the corroborating information that can be obtained by procedures other than inquiry is limited. For example, the letter should include descriptions of (1) the reasons for audited-entity-imposed scope limitations, such as lack of availability of certain records, (2) the basis for material liability estimates, key asset valuations, or the probability of contingencies, and (3) significant plans or intentions for the entity. For example, if the entity has a pension plan outside of the Civil Service Retirement System or the Federal Employees' Retirement System, an item should state that the entity does not plan to terminate the plan and that management believes the actuarial assumptions and methods used to measure pension liabilities and costs for financial reporting purposes are appropriate in the circumstances. REPRESENTATIONS RELATING TO INTERNAL CONTROL: .12: Internal control representations when the auditor opines on internal control are found in AT 501.44 (SSAE 10, paragraph 5.44). These representations relate to management's (1) acknowledging its responsibility for internal control, (2) stating that management has assessed the effectiveness of its internal control and specifying the control criteria used, (3) stating management's assertion about the effectiveness of its internal control based on the control criteria, (4) stating that management has disclosed to the auditor all significant deficiencies in the design or operation of internal control that could adversely affect the entity's ability to meet the internal control objectives and pointing out those that are material weaknesses (using the definition in the representation letter, which is the definition in AU 325), (5) describing any fraud, and (6) stating whether there were any changes to internal control subsequent to the end of the reporting period. Where the auditor is not opining on internal control, he or she should delete representations 2 and 3 above. Depending on circumstances, the auditor should consider modifying representation 4 above to remove the phrase "pointing out those that are material weaknesses. " The auditor also should modify the introductory paragraph to the representation letter. .13: For items 2 and 3, the auditor expects entities to use criteria established under FMFIA and OMB Circular A-123 in their FMFIA internal control assessment. Standards in GAO's green pamphlet Standards for Internal Control in the Federal Government were established as standards for federal entities to follow, and they were incorporated by OMB into Circular A-123. The November 1999 update to these standards (GAO/AIMD-00-21.3.1) is effective for fiscal year 2000 FMFIA reports and incorporates concepts from the private sector guidance Internal Control--Integrated Framework by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission. Entities should summarize in the representation letter any material weaknesses relating to financial reporting (including safeguarding), compliance (including budget), and performance measures controls. Example wording for the representations is given in section 1001 A for the case where management asserts that its internal control as of the date of the financial statements provided reasonable assurance that misstatements, losses, or noncompliance material in relation to the financial statements or required supplementary stewardship information would be prevented or detected on a timely basis. If there are material weaknesses, management should include a brief description of them in its representation letter and modify its assertion accordingly. .14: For entities that have not formally assessed the effectiveness of their internal control, AT 501 (SSAE 10, chapter 5) provides that the auditor may assist management in its assessment by gathering or preparing information that management can use in evaluating the effectiveness of its internal control. The auditor may also use the information in forming an opinion on internal control. Thus, the example representations are appropriate for inclusion in the management representation letter if management and the auditor agree on the conclusions regarding the effectiveness of internal control. REPRESENTATIONS RELATING TO FINANCIAL MANAGEMENT SYSTEMS' SUBSTANTIAL COMPLIANCE WITH FFMIA REQUIREMENTS: 15: FFMIA requires the auditor who performs a CFO Act audit to report whether the entity's financial management systems comply substantially with (1) federal financial management systems requirements, (2) applicable federal accounting standards (now recognized as generally accepted accounting principles), and (3) the SGL at the transaction level. In order to report in accordance with FFMIA, the auditor should obtain representations from management as to the entity's systems' compliance with these requirements. .16: The auditor should obtain representations that management takes responsibility for complying substantially with the FFMIA requirements, stating that it has assessed the systems' compliance, stating the criteria used, and asserting the systems' substantial compliance (or lack thereof). The criteria should be the requirements in OMB Circular A-127, Financial Management Systems (which incorporates the SGL, the JFMIP Federal Financial Management Systems Requirements documents, and other OMB circulars). These requirements are further described, including indicators of substantial compliance, in OMB's FFMIA implementation guidance for CFOs and IGs, referenced in OMB's audit guidance. REPRESENTATIONS RELATING TO COMPLIANCE WITH LAWS AND REGULATIONS: .17: AU 801.07 suggests that a representation relating to compliance with laws and regulations state that management has identified and disclosed to the auditor all laws and regulations that have a direct and material effect on the financial statements. .18: In addition, AT 601 (SSAE 10, chapter 6) deals with compliance attestation. The auditor is not required to follow this standard because it does not apply to audits reporting on compliance as part of an audit of financial statements or on audits reporting in accordance with Government Auditing Standards. However, in situations in which the auditor believes additional representations regarding compliance may be needed, examples are given in AT 601. 68 (SSAE 10, paragraph 6. 68). EFFECT OF CHANGE IN MANAGEMENT ON REPRESENTATION LETTER: .19: Sometimes management is reluctant to sign representations for periods when it did not manage the entity. The auditor should explain to management that by issuing the financial statements, it is making the assertions implicit in the financial statements. Management may wish to understand the transactions and controls supporting the financial statements, and the auditor should help it do so. Where a change in management is expected, the auditor may advise the new management to obtain representations from the old management about the period prior to the change. [End of section] 1001 A - EXAMPLE MANAGEMENT REPRESENTATION LETTER: [Entity Letterhead] [Date of auditor's report and completion of fieldwork] The Honorable [name of Inspector General or Comptroller General] [Inspector or Comptroller] General [of the United States] [Name of agency] [or U.S. General Accounting Office] Washington, D. C. Dear [name]: This letter is in connection with your audits of the [entity's] balance sheet as of September 30, 20X1 and 20X2, [or dates of audited financial statements] and the related statements of net costs, changes in net position, budgetary resources, financing, and custodial activity [if applicable], for the years then ended for the purposes of (1) expressing an opinion as to whether the financial statements are presented fairly, in all material respects, in conformity with generally accepted accounting principles, (2) expressing an opinion [or reporting] on [entity's] internal control as of September 30, 20X2 [or date of latest audited financial statements], (3) reporting whether the [entity's] financial management systems substantially comply with federal financial management systems requirements, applicable federal accounting standards (generally accepted accounting principles), and the U.S. Government Standard General Ledger at the transaction level as of September 30, 20X2, and (4) testing for compliance with applicable laws and regulations. Certain representations in this letter are described as being limited to matters that are material. For purposes of this letter, matters are considered material if they involve $X or more. Items also are considered material, regardless of size, if they involve an omission or misstatement of accounting information that, in the light of surrounding circumstances, makes it probable that the judgment of a reasonable person relying on the information would be changed or influenced by the omission or misstatement. We confirm, to the best of our knowledge and belief, the following representations made to you during the audits (these representations are as of [date of completion of fieldwork], pertain to both years' financial statements, and update the representations we provided in the prior year): 1. We are responsible for the fair presentation of the financial statements and stewardship information in conformity with generally accepted accounting principles. 2. The financial statements are fairly presented in conformity with generally accepted accounting principles. 3. We have made available to you all: a. financial records and related data, b. where applicable, minutes of meetings of the Board of Directors [or other similar bodies, such as congressional oversight committees] or summaries of actions of recent meetings for which minutes have not been prepared, and: c. communications from the Office of Management and Budget (OMB) concerning noncompliance with or deficiencies in financial reporting practices. 4. There are no material transactions that have not been properly recorded in the accounting records underlying the financial statements or disclosed in the notes to the financial statements. 5. We believe that the effects of the uncorrected financial statement misstatements summarized in the accompanying schedule are immaterial, both individually and in the aggregate, to the financial statements taken as a whole. [An example accompanying schedule is included in section 595 C. ] [If management believes that certain of the identified items are not misstatements, management's belief may be acknowledged by adding to the representation, for example, "We believe that items XX and XX do not constitute misstatements because [description of reason]. "] [This representation is required for audits of financial statements for periods beginning on or after December 15, 1999. ] 6. The [entity] has satisfactory title to all owned assets, including stewardship property, plant, and equipment; such assets have no liens or encumbrances; and no assets have been pledged. 7. We have no plans or intentions that may materially affect the carrying value or classification of assets and liabilities. 8. Guarantees under which the [entity] is contingently liable have been properly reported or disclosed. 9. Related party transactions and related accounts receivable or payable, including assessments, loans, and guarantees, have been properly recorded and disclosed. 10. All intraentity transactions and balances have been appropriately identified and eliminated for financial reporting purposes, unless otherwise noted. All intragovernmental transactions and balances have been appropriately recorded, reported, and disclosed. We have reconciled intragovernmental transactions and balances with the appropriate trading partners for the four fiduciary transactions identified in Treasury's Intra-governmental Fiduciary Transactions Accounting Guide, and other intragovernmental asset, liability, and revenue amounts as required by OMB Bulletin 97-01, as amended. 11. There are no: a. possible violations of laws or regulations whose effects should be considered for disclosure in the financial statements or as a basis for recording a loss contingency, b. material liabilities or gain or loss contingencies that are required to be accrued or disclosed that have not been accrued or disclosed, or: c. unasserted claims or assessments that are probable of assertion and must be disclosed that have not been disclosed. 12. We have complied with all aspects of contractual agreements that would have a material effect on the financial statements in the event of noncompliance. 13. No material events or transactions have occurred subsequent to September 30, 20X2 [or date of latest audited financial statements], that have not been properly recorded in the financial statements and stewardship information or disclosed in the notes. 14. There has been no material fraud (intentional misstatements or omissions of amounts or disclosures in financial statements and misappropriation of assets that could have a material effect on the financial statements or stewardship information) or any fraud involving management or employees who have significant roles in internal control. [If there were any incidents of fraud meeting the foregoing criteria, they should be described. ] 15. We are responsible for establishing and maintaining internal control. 16. Pursuant to the Federal Managers Financial Integrity Act, we have assessed the effectiveness of [entity's] internal control in achieving the following objectives: a. reliability of financial reporting--transactions are properly recorded, processed, and summarized to permit the preparation of financial statements and stewardship information in accordance with generally accepted accounting principles, and assets are safeguarded against loss from unauthorized acquisition, use or disposition; b. compliance with applicable laws and regulations--transactions are executed in accordance with (i) laws governing the use of budget authority and with other laws and regulations that could have a direct and material effect on the financial statements and (ii) any other laws, regulations, and governmentwide policies identified by OMB in its audit guidance; and: c. reliability of performance reporting--transactions and other data that support reported performance measures are properly recorded, processed, and summarized to permit the preparation of performance information in accordance with criteria stated by management. 17. Those controls in place on September 30, 20X2 [or date of latest audited financial statements], provided reasonable assurance that the foregoing objectives are met. [If there are material weaknesses, the foregoing representation should be modified to read: Those controls in place on September 30, 20X2, provided reasonable assurance that the foregoing objectives are met except for the effects of the material weaknesses discussed below or in the attachment. or: Internal controls are not effective. or: Internal controls do not meet the foregoing objectives. ] 18. We have disclosed to you all significant deficiencies in the design or operation of internal control that could adversely affect the entity's ability to meet the internal control objectives and identified those we believe to be material weaknesses. [This item is not required if the auditor is not opining on internal control. ] 19, There have been no changes to internal control subsequent to September 30, 20X2 [or date of latest audited financial statements], or other factors that might significantly affect it. [If there were changes, describe them, including any corrective actions taken with regard to any significant deficiencies or material weaknesses. ] [This item is not required if the auditor is not opining on internal control. ] 20. We are responsible for implementing and maintaining financial management systems that comply substantially with federal financial management systems requirements, federal accounting standards (generally accepted accounting principles), and the U.S. Government Standard General Ledger at the transaction level. 21. We have assessed the financial management systems to determine whether they comply substantially with these federal financial management systems requirements. Our assessment was based on guidance issued by OMB. 22. The financial management systems complied substantially with federal financial management systems requirements, federal accounting standards, and the U.S. Government Standard General Ledger at the transaction level as of [date of the latest financial statements]. [If the financial management systems substantially comply with only one or two of the above elements, this representation should be modified as follows: As of [date of financial statements], the [entity's] financial management systems comply substantially with [specify which of the three elements for which there is substantial compliance (e.g., federal accounting standards and the SGL at the transaction level)], but did not comply substantially with [specify which of the elements for which there was a lack of substantial compliance (e.g., federal financial management systems requirements)], as described below (or in an attachment). ] [If the financial management systems do not comply substantially with any of thee three elements, the following paragraph should be used instead: As of [date of financial statements], the [entity's] financial management systems do not comply substantially with the federal financial management systems requirements. ] [If there is a lack of substantial complliance with one or more of the three requirements, identify herein or in an attachment all the facts pertaining to the noncompliance, including the nature and extent of the noncompliance and the primary reason or cause of the noncompliance. ] 23. We are responsible for [entity's] compliance with applicable laws and regulations. 24. We have identified and disclosed to you all laws and regulations that have a direct and material effect on the determination of financial statement amounts. 25. We have disclosed to you all known instances of noncompliance with laws and regulations. __: [Name of Head of Entity] [Title] __: [Name of Chief Financial Officer] [Title] [End of section] 1002 - INQUIRIES OF LEGAL COUNSEL .01: This section provides guidance on procedures for the auditor to perform to obtain evidence that the financial accounting and reporting of contingencies[Footnote 1] regarding litigation, claims, and assessments conform with U.S. generally accepted accounting principles (GAAP), as described in FAM sections 280 and 550. This section discusses the accounting and reporting guidance and audit procedures for inquiries of legal counsel concerning litigation, claims, and assessments, and includes examples of a legal representation letter request, a legal representation letter response, including the Department of Justice's standard forms for legal contingencies, and management's schedule for summarizing the information contained in the legal response. ACCOUNTING AND REPORTING GUIDANCE: .02: Entity management is responsible for implementing policies and procedures to identify, evaluate, account for, and disclose litigation, claims, and assessments as a basis for the preparation of financial statements in conformity with GAAP. .03: Statement of Federal Financial Accounting Standards (SFFAS) No. 5, Accounting for Liabilities of the Federal Government, as amended by SFFAS No.12, Recognition of Contingent Liabilities Arising from Litigation: An Amendment of SFFAS No. 5, Accounting for Liabilities of the Federal Government, contains accounting and reporting standards for loss contingencies, including those arising from litigation, claims, and assessments. [Footnote 2] The Federal Accounting Standards Advisory Board (FASAB) Interpretation No. 2, Accounting for Treasury Judgment Fund Transactions, clarifies GAAP related to claims to be paid through the Treasury Judgment Fund. [Footnote 3] Statement of Financial Accounting Standards No. 5, Accounting for Contingencies, also provides guidance for financial accounting and reporting for loss and gain contingencies for those entities following GAAP for nongovernmental entities. The definition of probable for legal contingencies is now essentially the same in Statement of Financial Accounting Standard No. 5 and SFFAS No. 5, since SFFAS No.12 has amended the latter. .04: A contingency is an existing condition, situation, or set of circumstances involving uncertainty as to possible gain or loss to an entity. The uncertainty will ultimately be resolved when one or more future events occur or fail to occur. When a loss contingency exists, the likelihood that the future event or events will confirm the loss or impairment of an asset or the incurrence of a liability can range from probable to remote. SFFAS Nos. 5 and 12 use the terms probable, reasonably possible, and remote to identify three areas within the range of potential loss, as follows: * Probable--For pending or threatened litigation and unasserted claims, the future confirming event or events are likely to occur. (For other contingencies, the future event or events are more likely than not to occur.): * Reasonably possible--The chance of the future event or events occurring is more than remote but less than probable. * Remote--The chance of the future event or events occurring is slight. .05: A liability and the related cost for an estimated loss from a loss contingency should be recognized (accrued by a charge to income) when[Footnote 4] a. a past event or exchange transaction has occurred, b. a future outflow or other sacrifice of resources is probable, and: c. the future outflow or sacrifice of resources is measurable. .06: Disclosure of the nature of an accrued liability for loss contingencies, including the amount accrued, may be necessary for the financial statements not to be misleading. For example, if the amount recognized is large or unusual, disclosure should be considered. However, if no accrual is made for a loss contingency because one or more of the conditions in paragraph 1002.05 are not met, disclosure of the contingency should be made when there is at least a reasonable possibility that a loss has been incurred. The disclosure should include the nature of the contingency, and an estimate of the possible liability or range of possible liability, if estimable, or a statement that such an estimate cannot be made. In addition, if the Judgment Fund might be involved in the payment of the possible loss, the federal entity involved in the litigation should discuss the Judgment Fund's role in a note to the financial statements. .07: Although management often relies on advice of legal counsel about the (a) likelihood of an unfavorable outcome and (b) estimates of the amount or range of potential loss for litigation, claims, and assessments, management is ultimately responsible for determining whether these contingencies are probable, reasonably possible, or remote. Management does this to decide whether they should be recognized as liabilities and/or disclosed in the notes to the financial statements. Thus, the Office of Management and Budget's (OMB) audit guidance requires CFO Act agency management to prepare a schedule summarizing legal contingencies including whether they are probable, reasonably possible, or remote, and whether (and in what amounts) they have been accrued or disclosed in the financial statements (see example summary schedule in FAM section 1002 D). AUDIT PROCEDURES: .08: The auditor should design procedures to test the entity's accounting for and disclosure of litigation, claims, and assessments. AU 337 (SAS 12) provides guidance on the procedures to identify litigation, claims, and assessments so that the auditor may obtain evidence that they are appropriately accounted for and disclosed. AU 9337 provides auditing interpretations of AU 337. OMB guidance for audits of federal financial statements also contains procedures for inquiries of legal counsel. (See FAM section 1002 A for example audit procedures.): .09: The auditor should obtain evidence relevant to the following factors with respect to litigation, claims, and assessments: a. The existence of a condition, situation, or set of circumstances indicating uncertainty as to the possible loss to an entity arising from litigation, claims, and assessments. b. The period in which the underlying causes for legal action occurred. c. The likelihood of an unfavorable outcome (probable, reasonably possible, or remote). c. The amount or range of potential loss, if estimable. .10: The auditor should discuss with management the events or conditions that should be considered in the accounting for and reporting of litigation, claims, and assessments. The auditor should perform audit procedures to corroborate the information provided by management, including requesting that management send a legal letter request to the entity's legal counsel. An example audit program is in FAM section 1002 A. The audit procedures should be modified, as appropriate, for the particular entity. .11: A letter from legal counsel to the auditor, in response to a legal letter request from management to legal counsel, is the auditor's primary means of corroborating the information furnished by management concerning the accuracy and completeness of litigation, claims, and assessments. The legal letter request may include a list of pending or threatened litigation, claims, and assessments or a request by management that legal counsel prepare the list. The legal letter request also may include a list of unasserted claims and assessments considered probable of assertion, and that, if asserted, would have at least a reasonable possibility of an unfavorable outcome, to which legal counsel has devoted substantive attention on the entity's behalf in the form of legal consultation or representation (or a statement that management is not aware of any matters meeting the criteria). Legal counsel then would supplement management's information about those unasserted claims and assessments, including an explanation of matters where his or her views differ from those expressed by management in the legal letter request. In the federal government, where the general counsel may be part of management, the general counsel may instead provide the list of unasserted claims or assessments meeting the above criteria. The legal letter request should also include a request for legal counsel to make a statement that he or she will advise management about unasserted claims and assessments that should be considered for disclosure. (See the example request and response in FAM sections 1002 B and 1002 C.): Timing of Legal Letter Request and Responses: .12: The audit procedures for inquiries of legal counsel concerning litigation, claims, and assessments should be performed on a timely basis to give priority to the resolution of potential problem areas and to complete other procedures. To meet deadlines, the auditor, entity management, and legal counsel should coordinate the timing of legal letter requests, responses (including interim responses), and related management schedules. The auditor and the entity management should consider the due dates for providing legal letter responses for the entity financial statements as well as for the U.S. Government's Consolidated Financial Statements. (OMB sometimes provides these dates for the governmentwide audit.) The due dates should enable the auditors to timely complete their work, including the potential need for management to inquire of Department of Justice legal counsels on a case-specific basis. .13: In addition, when an entitywide audit team uses the work of entity component audit teams, the entitywide and component audit teams should coordinate the timing of legal letter requests, responses, and management schedules and consider the due dates for the component financial statements as well as the entitywide financial statements. The entitywide team generally should receive copies of the component letters. .14: The legal counsel's response should include matters that existed at the balance sheet date and through the end of fieldwork. The effective date (the latest date covered by the legal counsel's review) should be as close as feasible to the completion of fieldwork. If the effective date is substantially in advance of the end of fieldwork (for example, earlier than 2 weeks before end of fieldwork), the auditor should contact the legal counsel for an updated response. To avoid this situation, the legal letter request should clearly specify the period the legal counsel's response should cover and the date the auditor should receive the response. .15: To assist the auditor in completing the review of legal matters in a timely manner (and to assist management in preparing the financial statements), the auditor may ask management to request legal counsel to submit a preliminary or interim response covering matters that existed at the balance sheet date and through a point in time reasonably before the end of fieldwork so that a preliminary evaluation of the significance of material legal matters can be made. Then, the legal counsel should submit a final or updated response covering matters through the end of fieldwork. The updated response generally should contain only changes or a statement indicating there are no changes from the interim response. (See FAM section 1002 B for an example legal letter request that includes requests for interim and updated responses from legal counsel.): Determining a Materiality Level: .16: The auditor may limit the inquiry to matters that are considered individually or collectively material to the financial statements, provided the entity and the auditor have reached an understanding and agreement on the materiality level. The materiality level, if used, should be documented in the legal letter request and in the response. .17: In determining a materiality level for the legal letter, the auditor should set the level sufficiently low that the cases not included in the legal letter would not be material to the financial statements taken as a whole when aggregated with (1) other cases not included in the letter, (2) all other types of contingencies, (3) all other items that would not be adjusted because they are judged immaterial (unadjusted misstatements), (4) all other amounts in the financial statements that would not be tested directly because they were judged to be immaterial, and (5) all other items resolved on the basis of materiality considerations. For example, 2. 5 percent of design materiality is used for individual cases in the U. S Government's Consolidated Financial Statements and 5 percent of design materiality is used for the aggregate of all cases. .18: In aggregating cases, the auditor and the entity may use two levels of aggregation. First, similar cases (such as employment discrimination cases, harbor maintenance fee cases, spent nuclear fuel cases, or military promotion board challenges) should be aggregated and treated as a group and compared with the individual materiality level. The aggregation generally should include a list of the individual cases that are aggregated and a discussion of the items of information requested to be included in the legal letter for the aggregated cases (see FAM sections 1002 B and 1002 C). Second, all cases not included in the legal letter individually or as part of a group of similar cases should be aggregated. A higher materiality level may be used for such an aggregation; however, this higher materiality level should be set sufficiently low that the cases not included in the legal letter would not be material to the financial statements taken as a whole when aggregated with the other items listed in the previous paragraph. .19: Where the entity engages more than one legal counsel, the auditor should exercise caution so that matters considered not material individually would not, when aggregated, exceed the materiality limit. In addition, when separate legal representation letters are issued on individual components/bureaus of a consolidated entity because of individual component audits, the auditor may determine materiality levels for each component/bureau. Legal Counsels from Whom Information Should Be Requested: .20: Most federal agencies have a general counsel who has primary responsibility for and knowledge about the entity's litigation, claims, and assessments. The auditor should request entity management to send a legal letter request to the general counsel. In addition, the auditor should ask the management and/or general counsel whether the entity used outside legal counsel whose engagement may be limited to particular matters (e.g., specific litigation). .21: In the federal government, the main legal counsel outside of the entity is the Department of Justice. [Footnote 5] The entity's management, its legal counsel, or the auditor may consult with Justice as well as other outside legal counsel to assure completeness and accuracy of the presentation of matters related to litigation, claims, and assessments. Such consultation may include requesting a list of pending litigation, claims, and assessments from Justice or other outside legal counsel, or discussion of specific cases. .22: The legal response should cover all litigation, claims, and assessments pertaining to the federal reporting entity, including matters handled by Justice and other outside legal counsel on behalf of the entity. If the general counsel has overall responsibility for handling and evaluating litigation, claims, and assessments, his or her evaluation and responses ordinarily would be considered adequate. However, evidential matter obtained from inside legal counsel is not a substitute for information that outside legal counsel refuses to furnish to the auditor. .23: Where there is no general counsel and management has not consulted legal counsel, the auditor should obtain a written representation from management that legal counsel has not been consulted. Such representation may be incorporated as an item in the management representation letter. (See FAM sections 550 and 1001.) (An example item is: "We are not aware of any pending or threatened litigation, claims, or assessments or unasserted claims or assessments that are required to be accrued or disclosed in the financial statements in accordance with SFFAS No. 5. We have not consulted legal counsel concerning litigation, claims, or assessments. "): Evaluation of Responses: .24: Written responses from legal counsel will vary considerably in the scope of information provided and in the opinion expressed. In preparing the responses, legal counsels should consider the guidance contained in the American Bar Association's Statement of Policy Regarding Lawyers' Responses to Auditors' Requests for Information (ABA Policy Statement) (included in its entirety in AU 337 C). If legal counsel does not follow the ABA Policy Statement in responding to the auditor, the legal counsel's response nevertheless should meet the requirements of AU 337. .25: The response should cover all components included in the financial statements being audited. Legal counsel generally should indicate the disposition of cases included in the prior year's letter that are no longer contingencies. .26: The auditor should evaluate each response in terms of sufficiency as evidence and consider (a) the possible limitations on the scope of legal counsel's responses and (b) the lack of sufficient opinion on the resolution of a case. AU 9337 provides guidance in evaluating legal counsel's responses. The auditor also should consider the legal counsel's response in light of any other information that comes to the auditor's attention. Possible Limitations on the Scope of Legal Counsel's Responses: .27: When legal counsel limits his/her responses, the auditor should determine whether the limitation affects the auditor's report. A legal counsel may appropriately limit responses to certain matters; for example, to matters that (a) the legal counsel has given substantive attention to in the form of legal consultation or representation and (b) are considered individually or collectively material to the financial statements, provided the entity and the auditor have reached an understanding on materiality levels. These limitations are acceptable and not limitations on the scope of the audit. .28: The following are examples of limitations on legal counsel's responses that are not acceptable to the auditor and that would ordinarily result in a scope limitation: a. Legal counsel refuses to furnish the requested information. When legal counsel refuses to furnish the information requested in the legal letter request, the auditor should consider this matter as a scope limitation sufficient to preclude an unqualified opinion. b. Legal counsel excludes matters requested. The legal counsel's responses may not address all information requested. The auditor should compare legal counsel's response with the legal letter request and determine whether legal counsel has addressed all the information requested. If legal counsel excluded any of the requested matters, the auditor should obtain responses for those matters from legal counsel. If the auditor is unable to obtain all the information needed, the auditor should consider this a scope limitation that could be sufficient to preclude an unqualified opinion. c. Legal counsel indicates that certain information is being withheld due to attorney-client privilege. Under the American Bar Association (ABA) Code of Professional Responsibility, legal counsel is required to preserve the confidences and secrets of the client. Legal counsel may disclose confidences to the auditor only with the consent of the client. If the legal letter request is prepared in accordance with AU 337, the auditor should expect that legal counsel would be responsive; otherwise the scope of the audit would be restricted. (On the other hand, explanatory language in the legal letter request or in legal counsel's response emphasizing that management or legal counsel does not intend to waive attorney-client privilege or attorney work-product privilege does not result in a scope limitation.): Lack of Sufficient Opinion on the Resolution of a Case: .29: The following are examples of the legal counsel's responses that lack sufficient opinion on the resolution of a case. a. Uncertainties. A legal counsel may be unable to respond concerning the likelihood of an unfavorable outcome of litigation, claims, and assessments or the amount or range of potential loss, because of inherent uncertainties. In these circumstances, the auditor ordinarily will conclude that the financial statements are affected by an uncertainty concerning the outcome of a future event, which is not susceptible to reasonable estimation. The auditor should follow the guidance in FAM section 580 for reporting on uncertainties. b. Unclear responses. Legal counsels sometimes use general terms to indicate their evaluation of the outcome of a case. The ABA Policy Statement states that legal counsel may, in the appropriate circumstances, communicate to the auditor his/her view that an unfavorable outcome is "probable" or "remote. " The legal letter responses may include phrases that mean remote or probable. The phrases below are examples of opinions that provide sufficient clarity that the likelihood of an unfavorable outcome is remote: * "We are of the opinion that this action will not result in any liability to the entity. ": * "We believe that the plaintiff's case against the entity is without merit. ": The following are examples of opinions that indicate significant uncertainty as to whether the entity will prevail: * "In our opinion, the entity has a substantial chance of prevailing in this action. " (A "substantial chance," a "reasonable opportunity," and similar terms indicate more uncertainty than an opinion that the entity will prevail.): * "It is our opinion that the entity will be able to assert meritorious defenses to this action. " (The term "meritorious defenses" indicates that the court will not summarily dismiss the entity's defenses; it does not indicate legal counsel's opinion that the entity will prevail.): .30: To avoid unclear and incomplete responses, the auditor generally should ask management to request legal counsel to use Justice's standard forms to describe legal contingencies (see pages 1002 C-4 to 6 for examples of these forms). When legal counsel does not indicate whether the unfavorable outcome is probable or remote, management and the auditor should conclude that the outcome is reasonably possible and the case should be considered for disclosure. (Management, with legal counsel's advice, determines whether cases are probable, reasonably possible, or remote, to decide whether they should be recognized as liabilities and/ or disclosed in the notes to the financial statements.): .31: If the auditor is not certain about the legal counsel's evaluation, the auditor should discuss the matters with the legal counsel and entity management (and document the oral discussion) and/or obtain written clarification in a follow-up letter. Sometimes legal counsel may give a clearer indication of likelihood orally. If legal counsel is unable to give a clear evaluation of the likelihood of an unfavorable outcome, management should disclose the uncertainty and the auditor should consider the uncertainty's effect on the audit report. Example Legal Letter Request: .32: The legal letter request, which the auditor may assist management to draft, should be on the audited entity's letterhead, signed by the Chief Financial Officer (CFO), or equivalent, and request a reply directly to the auditor and a copy to management by specified due dates. FAM section 1002 B shows an example legal letter request that includes requests for interim and updated responses from legal counsel and matters that should be covered in the letter. Example Legal Counsel's Responses and Management's Schedule: .33: The General Counsel should respond on General Counsel letterhead to the auditor with a copy to management by the agreed-upon due dates. The response should indicate that it is provided for the auditor's use in connection with the audit. .34: FAM section 1002 C shows an example of a legal counsel response, including the legal representation letter and Justice's legal contingency standard forms for each case or group of cases, respectively. Justice's forms (pages 1002 C-4 to 6) are on Justice's website: http://www. usdoj. gov/civil/forms/forms. htm. .35: FAM section 1002 D shows an example of management's schedule that documents how the information contained in the legal counsel's responses was considered in preparing the financial statements. Management should include each case discussed in the legal letter and indicate (1) the amount accrued for probable cases and (2) note disclosure for reasonably possible cases, probable cases where the amount cannot be estimated, and probable cases where a range of amounts above the accrued amount is estimated. The electronic templates for FAM sections 1002 C (pages 1002 C-1 to 3) and 1002 D are on OMB's website: http://www. whitehouse. gov/omb/bulletins/index. html. PRACTICE AIDS: .36: The following practice aids are appended: Section 1002 A - Example Audit Procedures; Section 1002 B - Example Legal Letter Request; Section 1002 C - Example Legal Representation Letter, including Justice's Example Legal Contingencies Forms; and: Section 1002 D - Example Management Summary Schedule. [End of section] 1002 A - EXAMPLE AUDIT PROCEDURES FOR INQUIRIES OF LEGAL COUNSEL: Entity: Period of financial statements: Job code: Example Audit Procedures: I. Testing Procedures: 1. Ask management about the entity's policies and procedures for identifying, evaluating, and accounting for litigation, claims, and assessment. 2. Obtain from management a description and evaluation of litigation, claims, and assessments existing as of the balance sheet date and through the date of management's response (which should be near the end of fieldwork). (This may instead be obtained from the entity's legal counsel.). 3. To determine whether an outside legal counsel is performing services for the entity, inquire of management whether outside legal counsel has been used by the entity and matters handled. Ask management for a list of pending litigation, claims, and assessments from the Department of Justice and/or examine correspondence and invoices from other outside legal counsel (e.g., for legal fees), if any. 4. Ask whether the entity has changed its general counsel or outside legal counsel or the general counsel or outside legal counsel has resigned or has indicated an intention to resign. If so, determine if there are matters that may affect the financial statements. For example, in appropriate circumstances, a legal counsel may be required by the ABA Code of Professional Responsibility to resign the engagement if the legal counsel's advice concerning disclosures is disregarded by the entity. 5. To identify litigation, claims, and assessments read minutes of management meetings, contracts, loan agreements, leases, and correspondence from other government entities and discuss pertinent items with management. 6. If information comes to the auditor's attention that may indicate a potential contingency with respect to litigation, claims, or assessments that may require adjustment to or disclosure in the financial statements, discuss with the entity its possible need to consult legal counsel. Depending on the severity of the matter, refusal by the entity to consult legal counsel in those circumstances may result in a scope limitation. Consider the effect of such a limitation on the auditor's report. 7. Request entity management to send a legal letter request to the general counsel asking counsel to respond directly to the auditor. (Obtain a copy of the legal letter request.) Consider whether to also request legal letters from any outside legal counsel. The legal letter should cover litigation, claims, and assessments pertaining to the reporting entity, including matters handled by the Department of Justice or other outside legal counsel. (See Sections 1002 B for an example legal letter request.) Coordinate with management and legal counsel to; * determine the timing of legal letter requests and responses and related management's summary/schedules of information contained in legal responses and; * determine a materiality level to be included in the legal representation letter. 8. Read the legal letter responses and management's schedules to identify litigation, claims, and assessments. 9. Compare the description and evaluation of the current year's legal letter responses to the prior year's audit documentation. If this comparison indicates that certain legal matters in the prior year are no longer included, discuss these matters with management or legal counsel to obtain an understanding of the reasons for the changes. 10. Determine whether the information in the legal representation letter is consistent with management's schedule summarizing the information in the letter and related supporting documentation. 11. Discuss with legal counsel if the information obtained is not complete, clear, or consistent. 12. Evaluate legal counsel's responses and determine the effects of the responses on liabilities and related note disclosures in the financial statements and on the auditor's report. 13. If a response date is substantially in advance of the audit report date, for example, earlier than 2 weeks prior to date of auditors' report, obtain a written or oral update response. (The longer the period between the legal letter and the audit report date, the more important a written update becomes.). II. Reporting Procedures: Obtain a representation from management in the management representation letter (see FAM sections 550 and 1001) that the entity has disclosed all unasserted claims that legal counsel has advised are probable of assertion that, if asserted, would have at least a reasonable possibility of an unfavorable outcome and must be disclosed. 1. Discuss the description and evaluation of litigation, claims, and assessments obtained with management to determine if, subsequent to the date of legal counsel's response, there have been any changes in status of the matters, changes in management's evaluation of the outcome, or additional matters to be considered. 2. If there are significant changes in the status of the matters or new matters, obtain a written confirmation or updated response from legal counsel. 3. Have management include in the management representation letter representations related to contingencies and determine if they are appropriately accrued and disclosed as required by SFFAS No. 5, as amended. If management has not consulted legal counsel, obtain a written representation from management that legal counsel has not been consulted. This representation may be incorporated in the management representation letter (see FAM sections 550 and 1001). 4. Read the entity's financial statements and notes and: a. consider the adequacy of financial statement disclosure for contingencies with respect to litigation, claims, and assessments. b. determine if the financial statement disclosures for contingencies with respect to litigation, claims, and assessments are prepared in accordance with the OMB guidance on form and content of agency financial statements; and. c. for federal entities involved in litigation for which the Judgment Fund is a likely source of judgment or settlement, determine if a note to the financial statements discusses the Judgment Fund's role in the payment of a possible loss, as required by FASAB Interpretation No. 2, Accounting for Treasury Judgment Fund Transactions. 5. Document conclusions reached concerning the accounting for and disclosure of litigation, claims, and assessments, determine if adjustments are necessary, and consider whether modification of the auditor's report is appropriate (see FAM section 580). [End of section] 1002 B - EXAMPLE LEGAL LETTER REQUEST: [Audited Entity Letterhead] Date: [date] To: General Counsel: From: Chief Financial Officer [signed] Subject: [Auditor's] Audits of the Fiscal Years 20X1 and 20X0 Financial Statements: Pursuant to 31 U.S.C.3515, [Auditor name] is performing audits of the financial statements of [entity] as of and for the fiscal years ended September 30, 20X1, and 20X0. In performing audits of government entities, auditors comply with Government Auditing Standards, issued by the Comptroller General of the United States (the "yellow book"). For financial statement audits, Government Auditing Standards incorporate the fieldwork and reporting standards of the American Institute of Certified Public Accountants (AICPA) and the Statements on Auditing Standards that interpret them. Consistent with the procedures contained in AU 337 of the AICPA's Codification of Statements on Auditing Standards, [Auditor] has inquired about litigation, claims, and assessments to obtain evidence as to the financial accounting and reporting of such matters with respect to the financial statements. The purpose of this letter is to request your assistance in responding to that inquiry. The American Bar Association Statement of Policy Regarding Lawyers' Responses to Auditors' Request for Information (December 1975) provides relevant guidance for the lawyer 's response to the Auditor's request. In accordance with Statement of Federal Financial Accounting Standards (SFFAS) Number 5, Accounting for Liabilities of the Federal Government, as amended by SFFAS Number 12, and Interpretation Number 2 of SFFAS Numbers 4 and 5, [entity] reports certain information in its financial statements and notes concerning contingent liabilities for litigation, claims, and assessments. We request that you provide [Auditor] (with a copy to me) with information on matters with respect to which you have been engaged and to which you have devoted substantive attention on behalf of the [entity] in the form of legal consultation or representation. You should furnish an interim response by [agreed-upon date], including matters that existed as of September 30, 20X1, and from that date through at least [interim date]. You should furnish an updated response by [agreed-upon date], that is effective no earlier than [agreed-upon date], that includes any changes from the interim response or furnish a statement that there are no changes. Include any cases with respect to which you have been engaged and to which you have devoted substantive attention on behalf of the [entity] in the form of legal consultation or representation, even those cases for which you believe the Judgment Fund or some financing source other than [entity]'s budgetary resources will pay any potential loss. Under generally accepted accounting principles, these amounts should be included as liabilities or disclosure items in the [entity]'s financial statements. Cases similar in nature should be aggregated where appropriate. It would be helpful if you could list the matters in order of the amount of potential loss, starting with the largest. Pending or Threatened Litigation (excluding unasserted claims): We and [Auditor] have determined that any matters for which the amount of potential loss exceeds $XX, individually or in the aggregate, could be material to the financial statements. Please provide to [Auditor] the information described below about pending or threatened litigation where the amount of potential loss exceeds $XX: 1. The nature of the matter. Include a description of the case or cases and amount claimed, if specified. 2. The progress of the case to date. 3. The government's response or planned response (for example, to contest the case vigorously or to seek an out-of-court settlement). 4. An evaluation of the likelihood of unfavorable outcome. Please categorize likelihood as probable (an unfavorable outcome is likely to occur), reasonably possible (the chance of an unfavorable outcome is less than probable but more than remote), or remote (the chance of an unfavorable outcome is slight). 5. An estimate of the amount or range of potential loss, if one can be made, for losses considered to be probable or reasonably possible. 6. The name of the [entity]'s legal counsel handling the case and names of any outside legal counsel/other lawyers representing or advising the government in the matter (Department of Justice or outside law firms). Unasserted Claims and Assessments: [If legal counsel is a part of management use this paragraph. ] Please provide the following information for all unasserted claims and assessments that you consider to be probable of assertion and which, if asserted, would have at least a reasonable possibility (more that remote) of an unfavorable outcome in an amount over $XX, individually or in the aggregate, involving matters to which you have devoted substantive attention. [If the legal letter request will be sent to a legal counsel that is not part of management, such as an outside legal counsel, use this paragraph. ] We have provided an attachment to this request that lists the unasserted claims and assessments that we believe are probable of assertion and which, if asserted, would have at least a reasonable possibility (more than remote) of an unfavorable outcome in an amount over $XX, individually or in the aggregate, involving matters to which you have devoted substantive attention. Please provide the following information for each matter and for any additional matters that you believe meet these criteria. 1. A description of the nature of the matter. 2. The government's planned response if the claim is asserted. 3. An evaluation of the likelihooD of an unfavorable outcome. (Categorize likelihood as probable (likely to occur) or reasonably possible (less than probable but more than remote).): 4. An estimate of the amount or range of potential loss, if one can be made. Please specifically confirm to [Auditor] that our understanding of the following is correct: Whenever, in the course of performing legal services for us, with respect to a matter recognized to involve an unasserted possible claim or assessment that may call for financial statement disclosure, if you have formed a professional conclusion that we should disclose or consider disclosure concerning such possible claim or assessment, as a matter of professional responsibility to us, you will (1) advise us of your conclusion and (2) consult with us concerning the question of such disclosure and the applicable requirements of SFFAS No. 5, as amended. Please separately identify any cases with respect to which you have been engaged and to which you have devoted substantive attention on behalf of the [entity] in the form of legal consultation or representation for which you believe another government entity will be responsible for any potential liability. Please specifically identify the nature of and reasons for any limitations on your response to this request. Please address your reply to [Auditor], and contact him/her at (phone number), when your reply is available for pick up, and send a copy of your reply to me. Do not hesitate to contact me or [Auditor] if you have any questions about this request. [End of section] 1002 C - EXAMPLE LEGAL REPRESENTATION LETTER: [General Counsel Letterhead] [Date] [Auditor] [Title] [Agency or Firm Name] [City] Subject: Legal Response in Connection with the Fiscal Years 20X1 and 20X0 Financial Statement Audits of [entity name] Dear [Auditor]: As General Counsel of [entity], I am writing in response to the legal letter request from the [entity]'s Chief Financial Officer (CFO) dated [date], in connection with the audit of [entity]'s financial statements as of and for the fiscal years ended September 30, 20X1 and 20X0. [In an interim response, add "I will, as further requested by the CFO, provide an updated response by [date]. "] I call your attention to the fact that as General Counsel for [entity], I have general supervision of [entity]'s legal affairs. [If the general legal supervisory responsibilities of the person signing the letter are limited, set forth a clear description of those legal matters over which such person exercises general supervision, indicating exceptions to such supervision and situations where primary reliance should be placed on other sources. ] In such capacity, I have reviewed litigation and claims threatened or asserted involving [entity] and have consulted with outside legal counsel about them when I have deemed appropriate. Subject to the foregoing and to the last paragraph of this letter, I advise you that since [insert date of beginning of fiscal year period under audit] neither I, nor any of the lawyers over whom I exercise general legal supervision, have given substantive attention to, or represented [entity] in connection with loss contingencies [over the amount of (state materiality level agreed to with auditor and stated in request letter)] coming within the scope of clause (a) of Paragraph 5 of the Statement of Policy referred to in the last paragraph of this letter, except as follows: [Describe litigation and claims that fit the foregoing criteria as follows (it is recommended that general counsels use the attached Department of Justice forms (one for pending or threatened litigation, another for unasserted claims) to describe the cases):][Footnote 6] Pending or Threatened Litigation (excluding unasserted claims): 1. Nature of the matter (include a description of the case or cases and amount claimed, if specified). 2. Progress of the case to date. 3. Current or intended response. 4. Evaluation of the likelihood of an unfavorable outcome (categorize likelihood as probable, reasonably possible, or remote). 5. Estimated amount or range of potential loss, if determinable, for losses considered to be probable or reasonably possible. 6. Name of [entity]'s legal counsel handling the case and names of any outside legal counsel representing or advising the government in the matter. With respect to matters that have been specifically identified as contemplated by clauses (b) or (c) of paragraph 5 of the ABA Statement of Policy, I advise you, subject to the last paragraph of this letter, as follows: Unasserted Claims and Assessments (considered to be probable of assertion and which, if asserted, would have at least a reasonable possibility of an unfavorable outcome): 1. Nature of the matter. 2. Intended response if claim would be asserted. 3. Evaluation of the likelihood of an unfavorable outcome. (Categorize likelihood as probable or reasonably possible.): 4. Estimated amount or range of potential loss, if determinable. The information set forth herein is [(as of the date of this letter) or (as of (insert date), the date on which we commenced our internal review procedures for purposes of preparing this response)], except as otherwise noted. [If an interim response, add "Upon submission of the updated response, which is due on [date],"] I disclaim any undertaking to advise you of changes that, thereafter, may be brought to my attention or the attention of our lawyers over whom I exercise general legal supervision. This response is limited by, and in accordance with, the ABA Statement of Policy Regarding Lawyers' Responses to Auditors' Requests for Information (December 1975); without limiting the generality of the foregoing, the limitations set forth in such statement on the scope and use of this response (Paragraphs 2 and 7) are specifically incorporated herein by reference, and any description herein of any "loss contingencies" is qualified in its entirety by Paragraph 5 of the statement and the accompanying commentary (which is an integral part of the statement). Consistent with the last sentence of Paragraph 6 of the ABA Statement of Policy, this will confirm as correct [entity]'s understanding that whenever, in the course of performing legal services for [entity] with respect to a matter recognized to involve an unasserted possible claim or assessment that may call for financial statement disclosure, I have formed a professional conclusion that the entity must disclose or consider disclosure concerning such possible claim or assessment, I, as a matter of professional responsibility to [entity], will so advise [entity] and will consult with [entity] concerning the question of such disclosure and the applicable requirements of Statement of Federal Financial Accounting Standards (SFFAS) Number 5, Accounting for Liabilities of the Federal Government, as amended by SFFAS Number 12, and Interpretation Number 2 of SFFAS Numbers 4 and 5. [Describe any other or additional limitation as indicated by Paragraph 4 of the statement. ] Sincerely yours, [Name of General Counsel] [Title] cc: Chief Financial Officer: SUGGESTED DEPARTMENT OF JUSTICE FORM: PENDING OR THREATENED LITIGATION. AGENCY/COMPONENT: Amount of potential loss exceeds the agency/component materiality threshold of: 1. Case name. (Include case citation, case number, and other names by which the case or group of cases is commonly known.): 2. Nature of matter. (Include a description of the case or cases and amount claimed, if specified.): 3. Progress of the case: 4. The government's response or planned response. (For example, to contest the case vigorously or to seek an out-of-court settlement.): 5. An evaluation of the likelihood of unfavorable outcome. (Choose one.): PROBABLE - An unfavorable outcome is likely to occur: REASONABLY POSSIBLE - the chance of an unfavorable outcome is less than probable but more than remote: REMOTE - the chance of an unfavorable outcome is slight: 6. An estimate of the amount or range of potential loss (if one can be made, for losses considered to be probable or reasonably possible): 7. The name and phone number of the government attorney handling the case (and names and phone numbers of any outside legal counsel/other lawyers representing or advising the government in the matter.): 8. The sequence number (based on the total number of pending or threatened cases in litigation, claims, and assessments the agency/ component is submitting. e.g., Number of ) (#) (total): SUGGESTED DEPARTMENT OF JUSTICE FORM: UNASSERTED CLAIMS AND ASSESSMENTS: [See PDF for image] [End of figure] [End of section] 1002 D - Example Management Summary Schedule: [See PDF for image] [End of figure] [End of section] 1003 - FINANCIAL STATEMENT AUDIT COMPLETION CHECKLIST: Entity: Job Code: Principal Report: Other Reports (including management letters and testimonies): INSTRUCTIONS: .01: This checklist is a tool to help auditors of financial statements comply with generally accepted government auditing standards (GAGAS) and with OMB audit guidance. This checklist should be completed before the report is issued and should be prepared by the audit manager and reviewed by the assistant director and audit director. If the audit is conducted at multiple sites, the site supervisor may complete parts of the checklist for each site (with the audit manager completing an overall checklist). While parts of the checklist are useful in audit planning, no specific signatures are required on the checklist in the planning phase. .02: The detailed questions in this checklist are to be answered "N/A" (not applicable), "Yes," or "No. " Check N/A when the item does not exist or when the item exists but is judged to be not material. It is not necessary to create additional documentation to support the Yes answers, but a column is provided to give a workpaper reference ("W/ P"). All No answers should be discussed at the end of this checklist. Because the checklist is designed for the wide range of financial statement audits, there will be many "not applicable" answers. If the reason why a question is not applicable is not obvious, the auditor should document the reason on the checklist or in an attachment. The questions are summarized; for most questions, there is a reference to professional literature that provides more detail. .03: Section V has questions on GAO's report considerations; section VI has questions on GAO's quality control. GAO auditors should complete these sections. IG auditors and other auditors may use these sections or may substitute forms that consider their reporting style and quality controls. .04: As noted in FAM 650, auditors whose work GAO and the IGs use may complete this checklist and the "Checklist for Reports Prepared under the CFO Act. " Where this has been done, GAO or IG auditors should review the checklists prepared by the other auditors. .05: The FAM includes a separate "Checklist for Reports Prepared under the CFO Act" (section 1004) that covers accounting, financial reporting, and disclosure issues and should be completed for all entities reporting under generally accepted accounting principles promulgated by FASAB. When the report covers financial statements prepared using generally accepted accounting principles promulgated by FASB, the auditor should prepare the appropriate AICPA disclosure checklist. .06: GAO auditors should prepare the "GAO workpaper set" that provides guidance on workpapers. IG and other auditors may develop similar tools. .07: For GAO's financial audits, a second partner review should be performed and the Chief Accountant should read the report. These reviews by the second partner and/or Chief Accountant are documented on the last two pages of this checklist. IG auditors and other auditors should consider the need for similar reviews. CONTENTS: Section: I. Planning and Concluding the Audit: II. Key Audit Areas: III. Consultation: IV. Report: V. GAO's Report Considerations: VI. GAO's Quality Control: VII. Explanation of "No" Answers and Other Comments: VIII. Conclusions: IX. Second Partner's concurrence: X. Chief Accountant's concurrence: References: AICPA Professional Standards (vol.1): AU: GAO/PCIE Financial Audit Manual: FAM: Government Auditing Standards, as amended: GAGAS: section I: Planning and Concluding the Audit: 1. Do the workpapers document that the audit team has established an understanding with the client as to the objectives of the work, management's responsibilities, auditors' responsibilities, and limitations of the work? (FAM 280); 2. Were entrance conferences held? 3. Does the entity profile (or equivalent) document an understanding of the entity sufficient to plan the audit? (FAM 290.03); 4. Do the workpapers contain an adequate general risk analysis or the equivalent? (FAM 290.04); 5. Did the audit team adequately perform and document the following planning steps? (FAM 290.04); a. Perform preliminary analytical procedures (FAM 225); b. Determine planning, design, and test materiality (FAM 230); c. Identify significant laws and regulations (FAM 245); d. Identify relevant budget restrictions (FAM 250); e. Understand the budget formulation process (FAM 260.51); f. Assess inherent risk and the overall effectiveness of the control environment, risk assessment, communication, and monitoring, including whether weaknesses in the control environment, risk assessment, communication, and monitoring preclude the effectiveness of specific control activities (FAM 260); g. Assess the risk of fraud (FAM 260); h. Design the audit to achieve an acceptable level of audit assurance that the financial statements are not materially misstated (GAO uses 95 percent) (FAM 260.04); i. Consider the effects of information technology, including service centers (FAM 220, 260.17, 260.41-42, and 270); j. Assess the FMFIA process (FAM 260.43); k. Consider operations controls to be tested (FAM 275); l. Understand performance measures controls (FAM 275); m. Plan other procedures (representation letters, related party transactions, sensitive payments) (FAM 280); n. Consider locations to be visited (FAM 285); o. Plan procedures to test whether the entity's financial management systems substantially comply with the requirements of FFMIA (FAM 350.20); p. Consider staffing requirements; q. Consider timing of procedures and milestones (FAM 295 D); r. Consider assistance from entity personnel; 6. Does the general risk analysis or the equivalent reflect appropriate consideration of findings and recommendations from previous audits that could affect the current audit objectives? (GAGAS, par. 4.10); 7. Did the audit team identify budget controls for each relevant budget restriction and perform sufficient work to support the conclusions on internal control? (FAM 250, 310.05, 330.09); 8. Did the audit team identify compliance controls and perform sufficient work to support the conclusions on internal control? (FAM 245, 310.05, 330.09); 9. If the audit team used the work of others (CPA firms, IGs, internal auditors, or specialists), did the audit team meet the requirements of FAM 650? 10. Did the audit team perform overall analytical procedures, including documentation of the following?; a. Expectations; b. Data/sources; c. Parameters; d. Explanations/corroboration; e. Conclusions (FAM 590.04); 11. Do the workpapers indicate that the audit team properly performed the following procedures in the reporting phase of the audit? (FAM 590.01); a. Evaluate misstatements (FAM 540); b. Bring all misstatements to the attention of entity management (FAM 540.07); c. Obtain attorneys' representations (FAM 550.02); d. Review subsequent events (FAM 550.04 and 1005); e. Obtain management representations (FAM 550.08 and 1001); f. Identify and test related party transactions (FAM 550.12 and 1006); g. Review the consistency of other information accompanying the financial statements (FAM 580.76); 12. Does the audit summary memorandum or equivalent properly summarize or refer to workpapers addressing the following? (FAM 590.02-.03); a. Changes from original risk assessments; b. Additional fraud risk factors or other conditions identified during the audit calling for an additional response and the additional response; c. The basis for conclusions on significant auditing, accounting, and reporting issues; d. Conclusions on adequacy of procedures; e. Unadjusted misstatements; f. Conclusions on financial statements; g. Conclusions on internal control; h. Conclusions on whether the entity's financial management systems meet the requirements of FFMIA; i. Conclusions on compliance with laws and regulations; j. Conclusions on the consistency of accompanying information with the principal statements; 13. Do the workpapers document that the following occurred?; a. Deviations from the "should" procedures in the FAM and the basis therefor were approved by the assistant director with copies of the documentation sent to the audit director and the Reviewer; b. Deviations from the "must" procedures in the FAM were approved by the Reviewer (FAM 100.27); Section II: Key Audit Areas: Answer these questions for each key audit area or cycle. Indicate the key audit areas and cycles these questions apply to: 1. Did the audit team prepare the following documentation summarizing considerations in planning and performing the work in the key audit areas and cycles?; a. Cycle Matrix or an equivalent (or documentation in Account Risk Analysis or an equivalent) showing links between accounts, cycles, applications and line items (FAM 290.05); b. Account Risk Analysis or an equivalent (FAM 290.06); c. Cycle Memorandum and/or flowchart or equivalents (FAM 390.04-.05); d. Specific Control Evaluation or an equivalent (FAM 390.06); e. Written audit program (AU 311.05); 2. If conditions changed during the course of the audit, was the audit program modified as appropriate in the circumstances? (AU 311.05); 3. When the audit team performed sampling, did it properly determine and document the following?; a. The method used in relation to test objectives; b. Sample size and the method of determining it; c. Tests performed; d. Results (misstatements and deviations found); e. Evaluation (including projection to the population); f. Conclusion (FAM 490.06); 4. When the audit team performed substantive analytical procedures, did it properly document the following?; a. Expectations and the method used to develop them; b. Data sources/reliability; c. Limit/criteria; d. Client explanations and corroborating evidence; e. Additional steps needed; f. Conclusions (FAM 490.06); 5. When the audit team performed interim testing, did it do the following?; a. Test the rollforward period; b. Properly document: i. The basis for using interim testing; ii. The procedures performed; iii. The effects of any misstatements found (FAM 495C.06); 6. Did the audit team evaluate the reasonableness of significant accounting estimates made by management? (AU 342); 7. Were known and likely misstatements identified in the testing of the key area carried forward to the summary of possible adjustments? (FAM 540.04) 8. Did an information systems auditor review the specific control evaluation to evaluate the audit team's decision on which controls are computer-related (including controls relating to service-center- produced records)? (FAM 350.09); 9. Based on the inherent and control risk, did the audit team perform adequate substantive tests of the following? (If not a key area, check the N/A box.); Fund Balance with Treasury (FBWT); Consider these issues: * Did the audit team test the agency's year-end reconciliation of Fund Balances with Treasury to Treasury account ledgers and trial balance reports (Financial Management Service (FMS) Forms 6653, 6655)?; * Did the audit team determine whether the auditee did the following?; a. Researched and resolved differences before making adjustments; b. Recorded any necessary adjustments in the agency's FBWT accounts; c. Reported the adjustments to Treasury; d. Disclosed in the notes to the financial statements material unreconciled differences and budget clearing account differences at year-end, and material unreconciled differences written off by the agency during the year?; * Fund Balance with Treasury (continued); Did the audit team assess (at absolute value) the materiality of unreconciled differences, such as those reported on the Statement of Differences (FMS form 6652) and those included in budget clearing accounts (such as budget accounts F3875, F3878, F3879)? (GAO/AIMD-97-104R); Receivables; Consider these issues: * Where practical, were accounts receivable confirmed and appropriate follow-up steps taken, including second requests and alternate procedures? (AU 330.30-.31); * If substantive test were performed prior to year-end, was there an adequate review of transactions from the interim date to the balance sheet date? (AU 313.08-.09); * If a significant number and amount of accounts receivable were not confirmed, were other appropriate auditing procedures performed? (AU 330.31-.32) Inventories; Consider these issues: * Were physical inventories observed at all locations where material amounts were located? (AU 331); * If perpetual inventory records are maintained, do the workpapers indicate that differences disclosed by the physical inventory (or cycle counts) are properly reflected in the financial statements? (AU 331); * When the physical inventory is taken at a date other than the balance sheet date (or where rotating procedures are used), did the auditor consider inventory transactions between the inventory date(s) and the balance sheet date? (AU 313.08-09); * Do the workpapers contain evidence that counts were correctly made and recorded (was control over inventory tags or count sheets maintained) and test count quantities were reconciled with the counts reflected in the final inventory? (AU 331.09); * Were there adequate tests of the following?; a. Clerical accuracy of the inventory; b. Costing methods and substantiation of costs used in pricing all elements of the inventory; c. Cutoff; * Were analytical procedures used to test the overall valuation of inventories? Investments; Consider these issues: * Was a summary schedule prepared (or obtained) and details tested with respect to the description, purchase price and date, changes during the period, income, market value, etc. of investments?; * Were securities either examined or confirmed? (AU 332.04) Property, Plant, and Equipment; Consider these issues: * Was a summary schedule prepared (or obtained) to show beginning balances, changes during the period and ending balances for the following?; a. Property, plant, and equipment; b. Accumulated depreciation; * If samples were used to determine opening balances, were the samples appropriate?; * Did the audit team perform tests of completeness, such as by testing from disbursements to property records?; * Do the tests appear adequate and were proper conclusions drawn?; Liabilities; Consider these issues: * Did the audit team perform an adequate search for unrecorded liabilities?; *Did the audit team consider expenses that might require accrual (e.g., pensions, compensated absences, other postretirement benefits, or postemployment benefits provided to former or inactive employees prior to retirement), and whether accrued expenses were reasonably stated?; Revenue and Expenses; Consider these issues: * Did the audit team compare revenue and expenses for the period to expectations, based on the budget and the results of the preceding period? (AU 329); * Were significant variances and fluctuations from expectations explained? (AU 329); * Did the audit team consider the following?; a. The entity's revenue recognition policy; b. Unusual transactions; * Do tests appear adequate and were proper conclusions drawn?; Statement of Budgetary Resources; Consider these issues: * Were appropriate procedures applied, such as the following?; a. Understanding and testing the budget execution controls; b. Tests of the process of preparing the statement; c. Tests of undelivered orders; d. Review of reconciliation to the President's Budget Section III: Consultation: 1. Where warranted by the complexity or unusual nature of an issue (for example, issues where the FAM requires consultation, issues not discussed in FAM or professional standards, going concern, economic dependency, issues arising after report issuance), was there appropriate consultation with specialists, including the following?; * The Reviewer (FAM Appendix A); * The Statistician (FAM Appendix A); * The Office of General Counsel (FAM Appendix A); * The Technical Accounting and Auditing Expert? (FAM 100.25); 2. Were significant consultations appropriately documented? (FAM 100.24); 3. Were the persons consulted made aware of all relevant facts and circumstances?; Section IV: Report: 1. Does the auditor's report include the following?; a. Introduction; b. Significant matters (if applicable); c. Conclusions on: i. Financial statements; ii. Internal control; iii. Whether the entity's financial management systems substantially complied with the requirements of the Federal Financial Management Improvement Act of 1996 (FFMIA); iv. Compliance with laws and regulations; v. Consistency of other information with financial statements; d. Objectives, scope, and methodology, including description of all instances where GAGAS and OMB audit guidance were not followed; e. Agency comments (FAM 580.04, 580. 81); 2. Is the auditor's report appropriate as to the following?; a. Wording; b. Scope of work; c. Generally accepted accounting principles; d. Explanatory paragraphs; e. Opinion on financial statements; f. Conclusions on internal control; g. Conclusions on whether the entity's financial management systems substantially comply with the requirements of FFMIA; h. Reporting on compliance with laws and regulations (FAM 580); 3. Is background material (purpose, authority, and functions of programs/activities) limited to what is necessary?; 4. Is the auditor's report dated in conformity with professional standards? (AU 530) (FAM 1601); 5. Does the auditor's report cover all periods for which financial statements are presented? (AU 508. 65); 6. If the financial statements of a prior period are presented and have been audited by a predecessor auditor whose report is not presented, does the auditor's report refer to the predecessor auditor's report? (AU 508. 74); 7. Does the auditor's report describe the responsibility the auditor is taking for supplementary information, including stewardship information? (AU 551; FAM 580.79); 8. a. When illegal acts involve funds received from other governmental entities, did the audit team satisfy itself that the audited entity notified the proper officials of those entities within a reasonable time?; b. If the entity did not, or was unable to do so because the top official was involved, did the audit team report these acts to the officials of those other governmental entities? (GAGAS, par. 5.23); 9. Does the auditor's report include the following?; a. Identification of which matters are reportable conditions and which of the reportable conditions are material weaknesses (GAGAS, par. 5.27); b. Reference to a separate letter, if applicable, describing nonreportable conditions (GAGAS, par. 5.28); c. Presentation of fraud, illegal acts, and reportable noncompliance with laws and regulations (GAGAS, par. 5.18); 10. When appropriate, did the audit team issue a separate report on fraud, abuse, or illegal acts or indications of such acts? (GAGAS, par 5.21) 11. Did the report disclose the status of all known, but uncorrected, significant or material findings and recommendations from prior audits that affect current audit objectives? (GAGAS par. 4.10); 12. Do the workpapers document a reasonable basis for the following?; a. The opinion about whether the financial statements and disclosures comply in all material respects with generally accepted accounting principles (FAM 560); b. The conclusions on internal control; c. The conclusions on whether the entity's financial management systems substantially comply with the requirements of FFMIA; d. The conclusions about compliance with laws and regulations; 13. Do the workpapers document a reasonable basis for reported findings, including the following? (FAM 590.05-06); a. Internal control weaknesses; b. Instances of the entity's financial management systems lack of substantial compliance with the requirements of FFMIA; c. Instances of noncompliance with laws and regulations; 14. Do the findings include (where appropriate) the following?; a. Condition (describe the existing situation); b. Criteria (state what we are comparing to); c. Cause (reflect reason or reasons why the condition and criteria differ); d. Effect (describe the result of the difference between the condition and criteria); 15. Are recommendations and suggestions reasonable, doable, and cost- effective? 16. Does the presentation of agency comments include the following?; a. Type of comments obtained (oral, written); b. Title of the most senior official(s) involved; c. Accurate characterization of general agreement or disagreement with the report; d. Description of the substance of the comments; e. Resolution of all substantive comments; Section V: GAO's Report Considerations: 1. Overall, does the report have the following characteristics?; a. Professional (the work reflects an understanding of the issues, an awareness of the external environment, including sensitivity to relevant trends, and a practical approach to what can be done to deal with the problems noted); b. Accurate (presents information or findings accurately; contains no notable errors in logic or reasoning); c. Objective (presentation is fair and impartial; tone is constructive and objective); d. Fact-based (states information and findings completely, includes all necessary facts and/or explanations, distinguishes between fact and unproven or uncorroborated material, resolves conflicting evidence); e. Balanced (presents sound and logical evidence to support conclusions, does not use adjectives or adverbs to characterize evidence in a way that implies criticism or conclusions by innuendo, appropriately recognizes positive aspects of the programs or issues reviewed); f. Timely and useful (provides relevant and timely information); g. Clear and concise (presentation is clear, concise, and well organized; message is presented logically; writing style is adapted to the audience); Section VI: GAO's Quality Control: 1. Was the report reviewed by the following?; a. Audit Director; b. Office of the General Counsel; c. Chief Accountant; d. Second Partner; 2. Did the audit director review the following? (FAM 1301.17); a. General risk analysis or equivalent; b. Account risk analyses or equivalent for material areas with high combined risk; c. Memoranda on key accounting and auditing issues; d. Summary memoranda for material areas with high or moderate combined risk; e. Management representation letter; f. Legal representation letter; g. Summary of unadjusted misstatements; h. Audit summary memorandum; i. Exit conference memorandum; j. Financial statements; k. GAO workpaper set (FAM 1301.17); 3. Did the assistant director review the following? (FAM 1301.17); a. Entity profile or equivalent; b. General risk analysis or equivalent; c. Account risk analyses or equivalent; d. Initial audit programs; e. Lead schedules; f. Completed audit programs; g. Memoranda on key accounting and auditing issues; h. Summary memoranda; i. Checklist for reports prepared under the CFO Act (for statements using GAAP promulgated by FASAB); j. Financial reporting and disclosure checklist (for statements using GAAP promulgated by FASB); k. Management representation letter; l. Legal representation letter; m. Summary of unadjusted misstatements; n. Exit conference memorandum; o. Audit summary memorandum; p. Financial statements; q. GAO workpaper set (FAM 1301.17); 4. Did the assistant director or audit manager determine that all significant review notes were resolved appropriately? (FAM 1301.24); 5. Did an assistant director initial all workpaper bundle covers to indicate that all workpapers were sufficiently reviewed? (FAM 1301.05); 6. Were review notes, superseded versions of workpapers, and draft reports (except the referenced draft and the draft sent to the agency for comment), including review notes and superseded versions in electronic form, placed in a separate folder to be retained until the report is issued (unless the audit director decides to retain them until the next audit)? (FAM 1301.24); 7. Were review responsibilities communicated to all individuals on the assignment? (FAM 1301.19); 8. Were workpapers prepared by an information systems auditor reviewed by an information systems auditor for technical content and by a member of the audit team to determine that related audit objectives were achieved? (FAM 1301.20); 9. For areas that are both material and have high combined risk, did the audit director or assistant director perform secondary reviews of the workpapers? (FAM 1301.12); 10. Were all workpapers prepared by the audit director or assistant directors read by audit managers or auditors in charge to determine their consistency with any related workpapers? (FAM 1301.15); 11. If the workpapers indicated a difference of opinion between engagement personnel or between engagement personnel and a specialist or other person consulted, was the difference resolved appropriately and was the basis of the resolution documented? (FAM 1302); Section VII: Explanation of "NO" Answers and Other Comments: The following pages are provided for comments on all "no" answers or to expand upon any of the "yes" answers. [See PDF for image] [End of figure] Section VIII: Conclusions: Based on your review and knowledge, do you believe the following?; Yes; No*. 1. The audit team performed the engagement, in all material respects, in accordance with generally accepted government auditing standards (which include generally accepted auditing standards) and applicable OMB guidance or the auditor's report was appropriately modified; 2. The financial statements conformed, in all material respects, with generally accepted accounting principles or the auditor's report was appropriately modified 3. The auditor's report was appropriate in the circumstances; 4. The documentation on this engagement supports: The auditor's opinion on the financial statements; The auditor's conclusions on internal control; The auditor's conclusions on whether the entity's financial; management systems substantially comply with the requirements of FFMIA; The auditor's conclusions on compliance with laws; and regulations; 5. The audit team complied, in all material respects, with the audit organization's policies and procedures * If any of the above 5 statements have "no" responses, please describe the response in a memorandum to the Reviewer. Date of completion of fieldwork: Audit Manager Date: Assistant Director Date: Audit Director Date: Section IX: Second Partner's Concurrence: Objective of second partner review: To objectively review significant auditing, accounting, and reporting matters and to conclude, based on all facts the second partner has knowledge of, that, except as discussed in the report, no matters were found that caused the second partner to believe that (1) the audit was not performed in accordance with GAGAS and OMB audit guidance (if applicable), (2) the financial statements are not, in all material respects, in accordance with generally accepted accounting principles, and (3) the report does not meet professional standards and GAO's policies and core values. Procedures: Before the report was issued, I performed the following procedures. Discussed significant auditing, accounting, and reporting issues with the Audit Director, Discussed the audit team's identification of high-risk balances and transactions and the audit of those balances and transactions, Reviewed documentation on the resolution of significant auditing, accounting, and reporting issues, including documentation of consultation with specialists such as the Chief Accountant, Statistician and IS professionals, Reviewed the summary of unadjusted misstatements, Read the financial statements and audit report, Confirmed with the Audit Director that there are no unresolved issues. Conclusion: Based on all the relevant facts of which I have knowledge, I found no matters, except as discussed in the report, that cause me to believe that (1) the audit was not performed in accordance with GAGAS and OMB audit guidance (if applicable), (2) the financial statements are not, in all material respects, in accordance with generally accepted accounting principles, and (3) the report is not in accordance with professional standards and GAO's policies and core values. Section X: Chief Accountant's Concurrence. When the Chief Accountant is not the second partner, the Chief Accountant should read the report. The Chief Accountant should then sign the conclusion below. Conclusion: Based on my reading of the report, I found no matters, except as discussed in the report, that cause me to believe that (1) the audit was not performed in accordance with GAGAS and OMB audit guidance (if applicable), (2) the financial statements are not, in all material respects, in accordance with generally accepted accounting principles, and (3) the report is not in accordance with professional standards and GAO policies and core values. [End of section] Reporting: 1004 - Financial Reporting: Checklist for Reports Prepared Under the CFO Act: Contents: Abbreviations: Sections: I: Overview: II: General Items: III: Balance Sheet: IV: Statement of Net Cost: V: Statement of Changes in Net Position: VI: Statement of Budgetary Resources: VII: Statement of Financing: VIII: Statement of Custodial Activity: IX: Notes to Financial Statements (Significant Accounting Policies): X: Supplementary Information: Abbreviations: AcSEC: Accounting Standards Executive Committee: AICPA: American Institute of Certified Public Accountants: CFO Act: Chief Financial Officers Act of 1990: COTS: commercial-off-the-shelf software: CSRS: Civil Service Retirement System: FASAB: Federal Accounting Standards Advisory Board: FASB: Financial Accounting Standards Board: FERS: Federal Employees Retirement System: FFMIA: Federal Financial Management Act: FIFO: first-in, first-out: FY: fiscal year: GAAP: generally accepted accounting principles: GDP: gross domestic product: GPRA: Government Performance and Results Act of 1993: HI: Hospital Insurance (Medicare Part A): IMF: International Monetary Fund: Imple. Guide: Implementation Guide: IRS: Internal Revenue Service: LIFO: last-in, first-out: MD&A: Management Discussion and Analysis: MRS: Military Retirement System: NRV: net realizable value: OASDI: Old Age, Survivors, and Disability Insurance (Social Security): OMB: Office of Management and Budget: OMB Bull.: OMB Bulletin: OPEB: Other Postemployment Benefits: ORB: Other Retirement Benefits: PP&E: property, plant, and equipment: RRB: Railroad Retirement Benefits: RSSI: Required Supplementary Stewardship Information: SFAS: Statement of Financial Accounting Standards: SFFAC: Statements of Federal Financial Accounting Concepts: SFFAS: Statements of Federal Financial Accounting Standards: SGL: U.S. Government Standard General Ledger: SMI: Supplementary Hospital Insurance (Medicare Part B): SOP: Statement of Position: UI: unemployment insurance: UTF: Unemployment Trust Fund: Section I Overview: Introduction: The Chief Financial Officers Act of 1990 and the Government Management and Reform Act of 1994 require, among other mandates, that agencies' chief financial officers submit annual reports to their agency heads and to the Office of Management and Budget (OMB). These annual reports should contain audited financial statements of their agencies. The financial statements are to be presented in accordance with the Federal Accounting Standards Advisory Board's (FASAB) approved statements and OMB Bulletin 97-01, Form and Content of Financial Statements, as revised. The checklist has been issued to assist agencies in preparing these statements and auditors in auditing them. Use of this checklist is not a requirement. Rather, it is intended to help provide for a systematic, organized, and structured approach to preparing or reviewing agency financial statements. Furthermore, it must be noted that, while the questions contained in the checklist are taken from authoritative sources, the checklist itself is not authoritative, nor is it a comprehensive guide. Preparers and auditors should also consult financial management regulations for the individual agencies, as the regulations may have specific guidance when the standards allow alternatives or management flexibility. Checklist Organization: The checklist has 10 sections: an overview section; a section related to general items in the financial statements; a section for each of the six financial statements; and two additional sections. The six sections reflecting the financial statements are organized by the line items in financial statements to allow the user to proceed through each statement from the beginning to the end. The final two sections cover disclosures in the footnotes related to significant accounting policies and required supplementary information. Since the financial statements are interrelated, some questions concerning line items in one financial statement may also pertain to line items in another statement. For example, the questions covering loans receivable in the balance sheet section may also include questions on the related interest income and subsidy expense appearing in the statements of financing and net cost. The questions on related line items appearing in more than one statement are covered only in the first statement in which the line item appears. In the preceding example, questions concerning interest income and subsidy expense would appear only in the balance sheet. Further, questions related to footnote disclosure would also appear only under the line item of the initial financial statement and would not be duplicated in the related financial statement except for the section on notes to the financial statements about significant accounting policies. Except for sections I, II, VI, and IX, the first page of each section contains a list showing the number of questions in the section. This checklist has 715 questions as follows. General Items Related to the Financial Statements: Balance Sheet: Statement of Net Cost: Statement of Changes in Net Position: Statement of Budgetary Resources: Statement of Financing: Statement of Custodial Activity: Notes to Financial Statements (Significant Accounting Policies): Supplementary Information: Authoritative Guidance: Each question in this guide is referenced to a source. The sources cited are (1) the Statements of Federal Financial Accounting Standards (SFFAS) and (2) OMB Bulletin 97-01, Form and Content of Financial Statements (including the 1998 and 2000 revisions). FASAB-recommended statements approved by the principals include Statements of Federal Financial Accounting Concepts (SFFAC) and Statements of Federal Financial Accounting Standards (SFFAS). The three approved accounting concept statements are #1 Objectives of Federal Financial Reporting, 1993, #2 Entity and Display, 1995, and #3 Management's Discussion and Analysis - Concepts, 1999. The nineteen SFFAS standards are: 1. Accounting for Selected Assets and Liabilities, 1993. 2. Accounting for Direct Loans and Loan Guarantees, 1993. 3. Accounting for Inventory and Related Property, 1994. 4. Managerial Cost Accounting Concepts and Standards, 1995. 5. Accounting for Liabilities of the Federal Government, 1997. 6. Accounting for Property, Plant, and Equipment, 1995. 7. Accounting for Revenue and Other Financing Sources, 1996. 8. Supplementary Stewardship Reporting, 1996. 9. Deferral of the Effective Date of Managerial Cost Accounting Standards for the Federal Government in SFFAS No.4, 1998. 10. Accounting for Internal Use Software, 1998. 11. Amendments to Accounting for Property, Plant, and Equipment - Definitional Changes, 1998 - Amending SFFAS No. 6 and SFFAS No 8: Accounting for Property Plant and Equipment and Supplementary Stewardship Reporting. 12. Recognition of Contingent Liabilities Arising from Litigation: An Amendment of SFFAS No. 5, 1998 - Accounting for Liabilities of the Federal Government. Deferral of Paragraph 65.2 - Material Revenue-Related Transactions Disclosures, 1998 - Amending SFFAS No. 7, Accounting for Revenue and Other Financing Sources. 14. Amendments to Deferred Maintenance Reporting, 1999 - Amending SFFAS No. 6, Accounting for Property, Plant, and Equipment and SFFAS No. 8, Supplementary Stewardship Reporting. Management's Discussion and Analysis, 1999. 16. Amendments to Accounting for Property, Plant, and Equipment - Measurement and Reporting for Multi-Use Heritage Assets, 1999 - Amending SFFAS No. 6 and SFFAS No. 8, Accounting for Property, Plant, and Equipment and Supplementary Stewardship Reporting. 17. Accounting for Social Insurance, 1999. Amendments to Accounting Standards For Direct Loans and Loans Guarantees, 2000. Technical Amendments to Accounting Standards for Direct Loans and Loan Guarantees In Statement of Federal Financial Accounting Standards No. 2, 2001. OMB Bulletin 97-01 as amended (Jan. 7, 2000) as well as the attachment to OMB Memo M-00-05, OMB Bulletin 97-01 Technical Amendments as amended January 7, 2000, provide the detailed requirements for the form and content of financial statements. How to Use This Guide: To the right of each question are two columns. The first column provides for a "yes," "no," or "NA" answer to each question. The third column provides for an explanation for the answer checked in one of the first three columns. A "yes" answer should indicate that the financial statements contain the information asked by the question. For each "yes" answer, the explanation column should include the page number or location in the financial statements where the information can be found. Also, other materials, such as accounting records, studies or working papers, or other documents, should be referenced or listed in the column where appropriate. A "no" answer indicates that the information asked in the question is not included in the financial statements. The fourth column should provide an explanation. Examples of explanations for a "no" answer might include: (1) the federal entity is working to have the information available for the statements in subsequent years, (2) management believes that the information does not enhance the usefulness of the statements, (3) the cost of compiling the information exceeds the benefit of providing it, and (4) the items are not material. However, it must be noted that explanations 1 - 3 do not necessarily imply that the information is not needed for fair presentation and compliance with the Federal Financial Management Improvement Act (FFMIA) of 1996; only explanation 4 implies this. Also, support, such as a cost-benefit analysis, should be referenced or listed in the column, where appropriate. An "N/A" answer might indicate that the question does not apply to the federal entity. For example, most federal agencies do not administer loan, loan guarantee, or loan insurance programs and, therefore, do not have credit program receivables and related property. Consequently, the questions on these receivables, property, and subsidies would not apply. A simple explanation indicating that the reporting entity does not administer loan programs would appear in the explanation column of the first question in the series. Section II: General Items Related to the Financial Statements: There are 28 questions in this section. All the questions relate to the overall financial statements and are not further divided into categories. General Items (1 - 28): 1. Does the entity's annual financial statement consist of the following items?; a. management's discussion and analysis (MD&A) of the reporting entity; b. financial statements and related notes; c. required supplementary stewardship information; d. required supplementary information; e. other accompanying information that in management's judgment provides users with relevant information (OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 4 & 5). 2. Do the principal statements and notes include the following six statements?; a. Balance Sheet; b. Statement of Net Cost; c. Statement of Changes in Net Position; d. Statement of Budgetary Resources; e. Statement of Financing; f. Statement of Custodial Activity (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 5). 3. Does the entity use the following hierarchy as its sources of guidance in preparing its financial statements?; a. Statements and interpretations of the Federal Financial Accounting Standards Advisory Board (FASAB) as well as applicable AICPA and FASB pronouncements; b. FASAB technical bulletins and, if specifically made applicable to federal government entities by FASAB, AICPA Industry Audit and Accounting Guides and AICPA Statements of Position; c. AICPA AcSEC Practice Bulletins if specifically made applicable to federal government entities and cleared by FASAB, as well as Technical Releases of the Accounting and Auditing Policy Committee of FASAB; d. accounting principles published by other authoritative standard- setting bodies; i. in the absence of other guidance in the first three parts of this hierarchy, and; ii. if the use of such accounting principles improves the meaningfulness of the financial statements; (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 7; Statement on Auditing Standards (SAS) No. 91 - Federal Generally Accepted Accounting Principles (GAAP) Hierarchy. 4. Do the descriptions and displays meet the authoritative standard that governs the nature and purpose of the statements, the recognition and measurement of items in the statements, and the required disclosures? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 10, item 2); 5. When presenting dollar amounts in the statements and the notes, does the entity do the following?; a. round dollar amounts to the nearest whole dollar, thousand, or million based on informative value to the reporting entity; b. maintain the chosen rounding level throughout the financial statements and footnotes; c. adjust the individual line items for differences created by rounding so that totals equal the sum of the addends in a column (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 10, item 5). 6. Does the entity present comparative financial statements with full footnote disclosure? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 10, item 3). 7. Are immaterial but related line items combined? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 10, item 6). 8. Are the statement line items, footnotes, and lines or columns that are not informative for the reporting entity excluded? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 10, item 7). 9. Are material balances excluded from the "other" category and separately reported and designated by name? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 10, item 8). 10. Are footnotes sequentially numbered? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 10, item 10). 11. Do total amounts presented in the footnotes tie to the amounts presented in the body of the financial statements? (OMB Bull. 97-01, p. 10, item 10). Financial statements may be aggregated or disaggregated in different ways depending upon the nature of the statements. (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 11, item 11). 12. When agencies present disaggregated information for component organizations, does the total column for the entity as a whole reflect consolidated totals net of intra-entity transactions? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 11, item 11). When a reporting entity presents its financial statements in a single column format, the statements are referred to as consolidating statements. Financial statements that use a multicolumn format to present information on an entity's major components or lines of business as well as the consolidated amounts are referred to as consolidating statements. (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 11, item 11). 13. Are intra-entity transactions needed to arrive at the consolidated amounts presented in a column on the face of the consolidating statements? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 11, item 11). 14. Does the reporting entity include franchise funds and other intragovernmental support revolving funds among the activities covered by its financial statements? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 11, item 11). 15. If information about the assets, liabilities, costs, and revenues of these franchise funds and intragovernmental support revolving funds is not separately disclosed in the entity's financial statements, is this information reported as required supplementary information? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 11, item 11). The Department of the Treasury will issue separate guidance providing a crosswalk from the accounts or the Standard General Ledger (SGL) to required financial statements (OMB Bulletin 97-01 as amended (Jan. 7, 2000), p. 11, item 13). 16. If the entity it not yet using the accounts and data elements of the SGL, are the ledger accounts and data elements used crosswalked to those of the SGL? (OMB Bulletin 97-01 as amended (Jan. 7, 2000), p. 11, item 13). 17. Does the MD&A provide a clear and concise description of the reporting entity and its mission, activities, program and financial results, and financial condition? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 12). 18. Does the MD&A, at a minimum, contain sections that address the following items concerning the entity?; a. mission and organizational structure; b. performance goals, objectives, and results; c. financial statements; d. systems controls and legal compliance; e. forward-looking information, either as a separate section of MD&A or incorporated with the sections listed above; f. important problems that need to be addressed and action taken or planned, either as a separate section of the MD&A or incorporated with the sections listed above (SFFAS 15, par. 2 - 4; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 12). 19. Does the entity's mission statement have the following attributes?; a. a clear articulation of what the entity's major programs and activities are intended to accomplish; b. consistency with the entity's strategic plan? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 12); 20. Are the entity's programs and financial results expressed in terms of objective and relevant measures that disclose the extent to which its programs are achieving their intended objectives? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 12). 21. Has the entity attempted to develop and report objective measures that provide information about the cost effectiveness of programs? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 13). 22. Are the reported measures of program and financial performance consistent with the agency's strategic plan? (OMB Bull. 97-01, p. 12); 23. Do the entity's performance measures meet the following criteria?; a. clearly set forth; b. objective and quantifiable; c. meaningful and relevant; d. related to measures developed in the entity's strategic planning processes; e. capable of presenting the outputs and outcomes of the programs, not just inputs or processes (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 13). 24. Does the entity's presentation of its performance measures include the following?; a. both positive and negative results; b. presentation of future and historical trends, if possible; c. use of charts and graphs, whenever possible, for easy identification of trends; d. explanation of the significance of trends; e. comparisons of actual results to goals or benchmarks; f. variations from goals and trends; g. other explanatory information that helps readers understand the significance of the measures, results, and any variations from goals or plans (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 13). 25. Does the entity explain what needs to be done and what is planned to improve financial or program performance? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 14). 26. Do the performance measures presented in the MD&A include the following criteria?; a. related to program purposes and goals; b. consistent with measures previously included in budget documents and other materials related to implementation of the Government Performance and Results Act (GPRA); c. linked to the programs presented in the Statement of Net Cost; d. limited to the entity's most significant program and financial measures (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 14). 27. Are the less significant program and financial measures presented as "other accompanying information?" (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 14). 28. Does the entity note the following in the section on limitations of the "Financial Statements?"; a. the financial statements have been prepared to report the financial position and results of operations of the entity, pursuant to the requirements of 31 U.S.C.3515(b); b. while the statements have been prepared from the books and records of the entity in accordance with the formats prescribed by OMB, the statements are in addition to the financial reports used to monitor and control budgetary resources that are prepared from the same books and records; c. the statements should be read with the realization that they are for a component of the U.S. government (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 14). Section III: Balance Sheet: The questions related to the balance sheet are contained under 23 line items. The question numbers related to each line item follow. Question numbers: General items: 1 - 4: Assets: 1. Fund Balance with Treasury: 5 - 17: 2. Investments: 18 - 26: 3. Accounts Receivable (Net): 27 - 47: 4. Interest Receivable (Net): 48 - 51: 5. Credit Program Receivables: 52 - 92: 6. Cash and Other Monetary Assets: 93 - 95: 7. Inventory and Related Property: 96 - 112: 8. Operating Materials and Supplies: 113 - 120: 9. Stockpile Materials: 121 - 131: 10. Seized Property: 132 - 141: 11. Forfeited Property: 142 - 149: 12. Goods Held Under Price Support and Stabilization Programs: 150 - 163: 13. General Property, Plant, and Equipment (Net): 164 - 195: 14. Software: 196 - 226: 15. Other Assets: 227 - 238: Liabilities: 16. Liabilities in General: 239 - 240: 17. Interest Payable: 241 - 248: 18. Liabilities for Loan Guarantees: 249 - 262: 19. Lease Liabilities: 263 - 266: 20. Federal Debt and Related Interest: 267 - 278: 21. Pensions, Other Retirement Benefits, and Postemployment Benefits: 279 - 287: 22. Other Liabilities: 288 - 318: Net Position: 23. Unexpended Appropriations and Cumulative Results of Operations: 319 - 322: General Items (1 - 4): Explanation. The Balance Sheet presents, as of a specific time, amounts of future economic benefits (assets) owned or managed by the reporting entity exclusive of items subject to stewardship reporting, amounts owed by the entity (liabilities), and amounts that comprise the difference (net position). (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 17). 1. Does the Balance Sheet display assets, liabilities, and net position? (OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 15 & 16); Entity assets are assets that the reporting entity has authority to use in its operations. Nonentity assets are assets that are held by an entity but are not available to the entity as, for example, income tax receivables. (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 17). 2. Are entity assets separately reported from nonentity assets? (OMB Bull. 97-10 as amended (Jan. 7, 2000), pp. 15 & 17). Intragovernmental assets are claims of a federal entity against other federal entities; conversely, intragovernmental liabilities are claims against the entity by other federal entities. (OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 17 & 22). 3. Are intragovernmental assets and liabilities reported separately from governmental assets and liabilities that arise from transactions of the federal government or a federal government entity with nonfederal entities, the federal reserve, and government-sponsored enterprises? (OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 15, 17, & 22); . Liabilities covered by budgetary resources are liabilities covered by realized budgetary resources as of the balance sheet date. Budgetary resources include: (1) new budget authority, (2) spending authority from offsetting collections credited to an appropriation or fund account, (3) recoveries of unexpired budget authority through downward adjustment or prior year obligations (4) unobligated balances of budgetary resources of the beginning of the year or net transfers or prior-year balances during the year, and (5) permanent indefinite appropriations or borrowing authority, which have been enacted and signed into law as of the balance sheet date and may be apportioned by OMB without further congressional action or a contingency having to be met. (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 22). 4. Are liabilities covered by budgetary resources separately reported from liabilities not covered by budgetary resources? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 22). Assets; Fund Balance with Treasury (5 - 17): A federal entity's fund balance with the Treasury is the aggregate amount of funds in the entity's accounts with Treasury for which the entity is authorized to make expenditures and pay liabilities. From the reporting entity's perspective, a fund balance with Treasury is an asset. From the perspective of the federal government as a whole, the fund balance is neither an asset nor a liability. It instead represents a commitment to make resources available to federal or other entities. (SFFAS 1, par. 31). 5. Is the fund balance with Treasury reported as an intragovernmental asset? (SFFAS 1, par. 31; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 15). 6. Are amounts disclosed as fund balances in deposit, suspense, and clearing accounts that are not available to finance entity activities reported as nonentity assets? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 18). 7. Is foreign currency translated into U.S. dollars at exchange rates determined by the Treasury at the financial reporting date? (SFFAS 1, par. 32; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 18); 8. Does the entity's fund balance with Treasury also include the following?; a. clearing account balances; b. balances for direct loan and loan guarantee activities; c. funds actually borrowed from Treasury under statutory authority; d. the dollar equivalent of foreign currency account balances (SFFAS 1, par. 32 & 35). 9. Does the entity's fund balance with Treasury exclude contract authority or unused authority to borrow? (SFFAS 1, par. 34). 10. Does the entity record an increase in its fund balance with Treasury when it does at least one of the following?; a. receives appropriations, reappropriations, continuing resolutions, appropriation restorations, and allocations; b. receives transfers and reimbursements from other agencies; c. borrows from the Treasury, Treasury, Federal Financing Bank, or other entity; d. collects and credits amounts to its appropriations or fund accounts that the entity is authorized to spend or use to offset its expenditures (SFFAS 1, par. 33). 11. Does the entity record a decrease in its fund balance with Treasury when at least one of the following occurs?; a. Treasury makes disbursements to pay liabilities or to purchase assets, goods, and services; b. Treasury makes investments in U.S. securities. c. Treasury's expired appropriations are cancelled. d. Treasury makes transfers and reimbursements to other entities or the Treasury. e. Treasury's appropriations are rescinded or sequestered. (SFFAS 1, par. 36); 12. Are any restrictions related to future uses of fund balances disclosed? (SFFAS 1, par. 38; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 44, item B). 13. Are discrepancies between fund balances in Treasury's records and general ledger accounts explained and corrected, if necessary? (SFFAS 1, par. 39; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 44, item B); 14. Are amounts held for special purposes (such as collections pending litigation outcome or held as an agent for others) disclosed as "other fund types?" (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 44, item A). 15. Are fund balances representing amounts (1) obligated but not yet disbursed and (2) unobligated: disclosed separately? (SFFAS 1, par. 37 & 38). 16. Are fund balances disclosed by fund type? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 43 & 44, item A). 17. Are unexpended appropriations recognized as capital and included under funds with Treasury when they are made available for apportionment? (SFFAS 7, par. 71). Assets; Investments (18 - 26): Investments in federal securities include (a) nonmarketable par value Treasury securities, (b) market-based Treasury securities, (c) marketable Treasury securities, and (d) securities issued by other federal entities. Nonfederal securities include those issued by state and local governments, private corporations, and government-sponsored enterprises. (SFFAS 1, par. 62; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 18). 18. Are investments in federal securities reported separately from investments in nonfederal securities? (SFFAS 1, par. 67; OMB Bull. 97- 01 as amended (Jan. 7, 2000), p. 18). 19. Are investments initially recorded and reported at their acquisition or amortized costs? (SFFAS 1, par. 68 & 69; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 18 & pp. 46 & 47, note 4). 20. Are investments acquired in exchange for nonmonetary assets recognized at the fair value of either (whichever is more determinable) the securities acquired or the assets given up? (SFFAS 1, par. 68); 21. Subsequent to acquisition, are investments reported at their carrying amount adjusted for amortized premium or discount? (SFFAS 1, par. 70 - 71; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 18 & pp. 46 & 47, note 4). 22. Is the interest method (i.e., effective interest rate multiplied by the carrying amount) used in amortizing the premium or discount over the life of the security? (SFFAS 1, par. 71). 23. Is the market value of market-based and marketable securities disclosed? (SFFAS 1, par. 72; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 46 & 47, note 4). 24. Are investments grouped by type of security, such as marketable or market-based Treasury securities? (SFFAS 1, par. 72). 25. Are investment securities, which initially were expected to be held to maturity, reported at market value in the balance sheet if they are for sale and have experienced more than a temporary reduction in value? (SFFAS 1, par. 72 & 73; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 46 & 47, note 4). 26. Does the entity disclose any other information relative to understanding the nature of reported investments, such as permanent impairments? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 47); Assets; Accounts Receivable (Net) (27 - 47): Entity receivables are amounts due from other federal or nonfederal entities. Nonentity receivables are amounts that the entity is to collect on behalf of the federal government or other entities. Not included in this category are receivables related to direct or guaranteed loans, which are reported separately. (SFFAS 1, par. 43; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 47, note 5). 27. Is a receivable recognized when a federal entity establishes a claim based on legal provisions or when goods or services are provided? (SFFAS 1, par. 41). 28. If the exact amount of a receivable is unknown, is a reasonable estimate made? (SFFAS 1, par. 41). 29. Are entity and nonentity accounts receivable reported separately? (SFFAS 1, par. 43; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 15 & p. 47, note 5). 30. If cash has not been received at the time revenue is recognized, is a receivable recorded and allowance for bad debts, if needed, established? (SFFAS 7, par. 39 & 129 - 131). 31. Is an account receivable arising from a nonexchange transaction recognized when a collecting entity establishes a specifically identifiable, measurable, and legally enforceable claim to cash or other assets? (SFFAS 7, par. 53, 61 & 62 & footnote 9; SFFAS 1, par. 41). 32. Is a receivable associated with nonexchange revenue for taxes and duties recognized upon completion of the entity's established assessment process? (SFFAS 7, par. 53). 33. Is an interentity receivable recognized when (1) a legally enforceable claim exists between a collecting entity and a recipient entity for the transfer or repayment of taxes or duties and (2) payment of such a claim is probable and measurable (SFFAS 7, par. 60). 34. Are assessments recognized as accounts receivable if an enforceable claim for taxes and duties exists in the following instances?; a. tax returns filed by the taxpayer; b. customs documents filed by the importer; c. taxpayer agreements to assessments at the conclusion of an audit or as a substitute for a tax return (or importer agreements to supplemental assessments); d. court actions determining an assessment; e. taxpayer (or importer) agreements to pay an assessment on an installment plan; f. receivables determined to be currently not collectable but with future collection potential (SFFAS 7, par. 53, 54, 170, & 171); Compliance assessments are proposed assessments by the collecting entity in definitive amounts, but with which the taxpayer (or importer) still has the right to disagree or object. (SFFAS 7, par. 55.1); Preassessment works-in-process are assessments not yet officially asserted by the collecting entity that are subject to a taxpayer's right to conference in response to initial information notices. (SFFAS 7, par. 55.2). 35. Do nonexchange-related accounts receivable for taxes and duties exclude the following?; a. amounts received or due with tax returns received after the close of the reporting period; b. compliance assessments; c. preassessment work-in-process amounts (SFFAS 7, par. 54); 36. Are compliance assessments reclassified and recognized as an account receivable in the following instances?; a. the taxpayer files an amended tax return; b. a protest or retention period lapses; c. a court action settles the matter in the government's favor; d. the taxpayer (or importer) agrees to pay or; e. a compromise payment plan is accepted (SFFAS 7, par. 55.1 & 178 - 180). 37. Is an allowance for uncollectible amounts based on an analysis of both individual accounts receivable and groups of accounts receivable as prescribed by SFFAS No.1? (SFFAS 1, par. 44 - 51; SFFAS 7, par. 56); 38. Is this allowance for estimated uncollectable accounts receivables periodically adjusted to reflect the latest information? (SFFAS 1, par. 45). 39. Are amounts for preassessment work in progress excluded from accounts receivable? (SFFAS 7, par. 55. B). 40. Are intragovernmental accounts receivable reported separately from receivables from nonfederal entities? (SFFAS 1, par. 42; OMB Bull. 97- 01 as amended (Jan. 7, 2000), p. 15). 41. Are losses due to uncollectable amounts measured through a systematic methodology, which is based on an analysis of both individual accounts and a group of accounts as a whole? (SFFAS 7, par. 46); 42. Are accounts that represent significant amounts individually analyzed to determine the loss allowance? (SFFAS 1, par. 47). 43. Is the loss estimation for individual accounts based on the following?; a. the debtor's ability to pay; b. the debtor's payment record and willingness to pay; c. the probable recovery of amounts from secondary sources including liens, garnishments, cross collections, and other applicable collection tools (SFFAS 1, par. 47). 44. If information is not available or if the nature of the receivables does not lend itself to individual account analysis, are the potential losses assessed on a group basis? (SFFAS 1, par. 48). 45. If potential losses are assessed on a group basis, are the receivables separated into groups of homogeneous accounts with similar risk characteristics? (SFFAS 1, par. 49 - 51). 46. Does the reporting entity disclose the following?; a. the major categories of account receivables by amount and type; b. the methodology used to estimate the allowance for uncollectible amounts; c. the dollar amount of the allowance for uncollectable accounts (SFFAS 1, par. 52; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 18 & p. 47, note 5); 47. Are losses on receivables recognized when it is more likely than not that the receivables will not be totally collected (i.e., there is a greater than 50 percent chance of loss)? (SFFAS 1, par. 44); Assets; Interest Receivable (Net) (48 - 51): 48. Is interest earned but not received recognized as interest receivable and reported as interest receivable? (SFFAS 1, par. 53; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 18). 49. Does interest receivable exclude interest on accounts receivable and investments determined to be uncollectible? (SFFAS 1, par. 54; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 18). 50. Is interest accrued on uncollectible amounts receivable disclosed until: (1) the interest payment requirement has been officially waived or (2) the related debt has been written off? (SFFAS 1, par. 55); 51. Is interest receivable from federal entities reported separately from interest receivable from nonfederal entities? (SFFAS 1, par. 56); Assets; Credit Program Receivables (52 - 92): The Federal Credit Reform Act of 1990 divides loans and loan guarantees into two groups: pre-1992 and post-1991. Pre-1992 refers to direct loan obligations or loan guarantee commitments made prior to fiscal year 1992; post-1991 refers to direct loan obligations or loan guarantee commitments made after fiscal year 1991. (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 55). 52. Is interest receivable related to pre-1992 and post-1991 direct loans and are acquired defaulted guaranteed loans reported as a component of credit program receivables and related foreclosed property? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p 18). 53. Are loan amounts broken out by group (pre-1992 and post-1991) and loan program and disclosed in a note to the financial statements? (OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 49 & 50). 54. Are credit program receivables considered an entity asset if at least one of the following criteria is met?; a. The entity has the authority to either determine the use of the funds collected. b. The entity is legally obligated to use the funds to meet entity obligations (e.g., loans to Treasury). (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 19); 55. If a loan guarantee program is generating a negative subsidy and the lender had not disbursed the loan as of the balance sheet date, does the entity record and include this amount as part of the total undelivered orders? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 19 & p. 71, note 15). 56. Are special receipt accounts for negative subsidies and downward subsidy reestimates included in the credit reporting entity's financial statements? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 19); 57. Are any assets in these special receipt accounts shown as nonentity assets offset by intragovernmental liabilities covered by budgetary resources? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 19); 58. Do the notes disclose other relevant and appropriate information related to direct loans and loan guarantees including the following? a. commitments to guarantee; b. management's method for accruing interest revenue and recording interest receivable; c. management's policy for accruing interest on nonperforming loans (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 58, item K). For post-1991 loans and guarantees, a subsidy expense is recognized in the year it is disbursed. For pre-1992 loans and guarantees, a loss and liability need not be recognized until it is more likely than not that a loan (either direct or guaranteed) will go into default. (SFFAS 2, par. 24 & 39). 59. Are post-1991 direct loans recognized as assets at the present value (discounted at a comparable Treasury rate) of their estimated net cash inflows? (SFFAS 2, par. 22 & app. B, part I A). 60. Is the difference between the outstanding principal of post-1991 direct loans and the present value of their net cash flows recognized as a subsidy cost allowance? (SFFAS 2, par. 22 & app. B, part I A); 61. Are the components of the present value of post-1991 direct loans receivable (i.e., principal, interest, estimated net value of foreclosed property, and allowance for subsidy costs) disclosed? (OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 50 & 56, item C); 62. When post-1991 guaranteed loans go into default, is the value of the assets related to defaulted guaranteed loans receivable included in the reported credit program receivables? (OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 51 & 57, item E). 63. When post-1991 loans are written off, is the unpaid principal removed from unpaid loans receivable and charged against the allowance for subsidy costs? (SFFAS 2, par. 61). 64. Are the following components of the assets that are related to post- 1991 direct and defaulted guaranteed loans receivable disclosed by loan program?; a. loans receivable, gross; b. interest receivable; c. estimated net realizable value of foreclosed property; d. allowance for subsidy costs (present value); e. the total value of related assets (i.e., the sum of a - c less d) (OMB Bull. 97-01 as amended (Jan. 7, 2000), items C & E, pp. 50, 51, 56 item C, & 57 item E). 65. Are losses of pre-1992 direct loans obligated recognized (and a corresponding allowance amount set up) when it is more likely than not that the direct loans will not be totally collected? (SFFAS 2, par. 39 & app. B, part II A). 66. Are allowances for uncollectible pre-1992 loans reestimated each year? (SFFAS 2, par. 39). 67. Are the following components of assets related to pre-1992 direct loans receivable disclosed by loan program?; a. loans receivable, gross; b. interest receivable; c. foreclosed property; d. present value allowance (if the present value method is used); e. allowance for loan losses (if the allowance method is used) (SFFAS 2, par. 39; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 49 & 56 item B). 68. Are the following components of defaulted guaranteed loans from pre- 1992 guarantees disclosed by loan program?; a. defaulted guaranteed loans receivable, gross; b. interest receivable; c. the estimated net value of related foreclosed property; d. the present value allowance (if the present value method is used); e. the allowance for loan losses (if the allowance for loss method is used); f. defaulted guaranteed loans receivable, net (i.e., depending on the method used: the sum of a, b, & c less d or a, b, & c less e) (OMB Bull. 97-01 as amended (Jan. 7, 2000), items D1 & D2, pp. 50, 56, & 57). A loan modification is a federal government action that directly or indirectly alters the estimated subsidy cost and the present value of outstanding loans or the liability of loan guarantees. A direct modification changes the subsidy cost by altering the terms of existing contracts or through the sale of direct loans. An indirect modification changes the subsidy costs by altering the way loans and loan guarantees are administered. A modification does not include subsidy cost reestimates, routine administrative workouts of troubled loans, and other actions permitted within existing contract terms. (SFFAS 2, par. 41-44). 69. When post-1991 loans are modified, is their existing book value changed to an amount equal to the present value (discounted at the Treasury rate in effect when the loans were first disbursed after adjusting for the interest rate re-estimate) of the loans' net cash inflows that are projected under the modified terms from the time of the modification to the loans' maturity? (SFFAS 2, par. 46 & app. B, part I D(4)); 70. When pre-1992 loans are directly modified do they meet the following conditions?; a. They are transferred from the liquidating account to a financing account. b. Their book value is recorded at their post- modification value (i.e., the present value of the net cash flows under post-modification terms discounted at the current Treasury rate). (SFFAS 2, par. 47 & app. B, part II B(4)). 71. Are subsequent (direct) modifications of pre-1992 loans treated as a modification of post-1991 loans? (SFFAS 2, par. 47). 72. When pre-1992 loans are indirectly modified do they meet the following conditions?; a. they are kept in a liquidating account; b. their bad debt allowance is reassessed and adjusted to reflect amounts that would not be collected due to the modification (SFFAS 2, par. 47); 73. Does the entity disclose the following by program in the notes to the financial statements?; a. the nature of the modification of direct loans or loan guarantees; b. the discount rate used in calculating the modification expense; c. the basis for recognizing a gain or loss related to the modification (SFFAS 2, par. 56 & OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 54 & 58 item K). 74. When post-1991 and pre-1992 loans are sold is the sale treated as a direct modification? (SFFAS 2, par. 53). 75. Does the agency disclose the expectation that proceeds from the sale of its loans will differ from the reported face value of the loans or the value of their related assets? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 55, item A, 5[TH] par.). Foreclosed property is any asset, which is assumed to be held for sale, that is received in satisfaction of a loan receivable or as a result of payment of a claim under a guaranteed or insured loan (excluding commodities acquired under price support programs). Pre-1992 foreclosed property refers to property associated with direct loans obligated or loan guarantees committed before October 1, 1991. Post-1991 foreclosed property refers to property associated with direct loans obligated or loan guarantees committed after September 30, 1991 (SFFAS 3, par. 79 & 80). 76. Is post-1991 foreclosed property valued at the net present value of the projected future cash flows associated with the property? (SFFAS 3, par. 81). 77. Is pre-1992 foreclosed property recorded at cost and adjusted to the lower of cost or net realizable value? (SFFAS 3, par. 81); 78. Is any difference between cost and net realizable value carried in a valuation allowance? (SFFAS 3, par. 81). 79. In estimating sales proceeds, has the entity considered its historical experience in selling property as well as the nature of the sale? (SFFAS 3, par. 82). 80. Were the estimated future cash flows of post-1991 foreclosed property (i.e., sales proceeds, rent, holding and selling expenses) or acquired loans discounted at the original (or Treasury) discount rate in effect at the time the underlying loan or guarantee was granted? (SFFAS 2, par. 57, 59; SFFAS 3, par. 82 - 83; SFFAS 19, par. 7(e)); 81. Is the net present value of post-1991 foreclosed property adjusted periodically to recognize both changes in the expected future cash flows and accrual of interest due to the passage of time? (SFFAS 3, par. 84). 82. Are any adjustments in the carrying amounts of post-1991 foreclosed property included in the presentation of "interest income" and the reestimate of "subsidy expense?" (SFFAS 3, par. 84). 83. For post-1991 foreclosed property are the following true?; a. Third party claims are recorded at their net present value at the time of the foreclosure. b. Any periodic changes in net present value of the claim are reflected in "interest income" and "subsidy expense. " (SFFAS 3, par. 87). 84. Are receipts or disbursements associated with acquiring and holding post-1991 foreclosed property charged or credited to foreclosed property? (SFFAS 3, par. 88). 85. When the government acquires foreclosed assets in full or partial settlement of post-1991 loans, is the present value of the government's claim against the borrowers reduced by the amount settled as a result of the foreclosure? (SFFAS 2, par. 60). 86. If a lender, debtor, or other third party has a legitimate claim to a post-1991 foreclosed asset, is the net present value of the estimated claim recognized as a special contra-valuation allowance? (SFFAS 2, par. 58; SFFAS 3, par. 87). 87. Is pre-1992 foreclosed property recorded at cost and adjusted, if necessary, to the lower of cost or net realizable value? (SFFAS 3, par. 81 & 85). 88. Is the net realizable value based on an estimate of the market value of the property adjusted for any expected losses consistent with historical experience, abnormal market conditions, and time limitations as well as any other costs of the sale? (SFFAS 3, par. 81 & 86); 89. Is the estimate of market value based on one of the following criteria?; a. the market value of the property if an active market exists; b. the market value of similar properties if no active market exists; c. a reasonable forecast of expected cash flows adjusted for estimates of all holding costs, including any cost of capital (SFFAS 3, par. 85). 90. For pre-1992 foreclosed property, are third-party claims recorded at the expected amount of cash required to settle the claims? (SFFAS 3, par. 87). 91. If foreclosed property is not sold but placed into operation, is the asset transfer treated in the same manner as a sale to a third party? (SFFAS 3, par. 90). 92. When the government acquires foreclosed assets in full or partial settlement of a direct or guaranteed loan (pre-1992 and post-1991), is the following information disclosed?; a. valuation basis for foreclosed property; b. changes from prior-year's accounting methods, if any; c. restrictions on the use/disposal of property; d. balances by categories (i.e., pre-1992 and post-1991 foreclosed property); e. number of properties held and average holding period by type or category and; f. number of properties for which foreclosure proceedings are in process at the end of the period (SFFAS 3, par. 91; OMB Bull. 97-01 as amended (Jan. 7, 2000), item K, pp. 58 & 59). Assets; Cash and Other Monetary Assets (93 - 95): Cash (including imprest funds) consists of: coins, paper currency, negotiable instruments (such as checks, money orders, and bank drafts), demand deposits, and foreign currencies stated in U.S. dollars at the financial statement date exchange rate. (SFFAS 1, par. 27; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 19); Other monetary assets consist of other items such as gold, special drawing rights, and U.S. reserves in the International Monetary Fund (IMF). (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 19 & p. 45, item C). 93. Are entity cash (amounts held and authorized to be spent by the entity) and nonentity cash (amounts held on behalf of other entities such as Treasury) separately reported? (SFFAS 1, par. 28 & 29; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 19). 94. Are the components of cash and other monetary assets disclosed and described in a note to the financial statements? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 19 & pp. 44 & 45, note 3). 95. If cash is restricted, is the nature and reason disclosed? (SFFAS 1, par. 30; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 45, note 3, item E). Assets; Inventory and Related Property (96 - 112); Yes, No, or; N/ A: Inventory is tangible personal property that is (a) held for sale, (b) in process of production for sale, or (c) to be consumed in the production of goods for sale or in the provision of services for a fee. Inventory does not include other assets held for sale such as (a) stockpile materials, (b) seized and forfeited property, (c) foreclosed property, and (d) goods held under price support and stabilization programs. (SFFAS 3, par. 17). 96. Is inventory categorized and either separately reported or disclosed in the notes as the following?; a. inventory held for current sale; b. inventory held in reserve for future sale; c. excess, obsolete, and unserviceable inventory; d. inventory held for repair (SFFAS 3, par. 18, 27, 29, & 32; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 59, note 8). 97. Is inventory valued at historical cost, latest acquisition cost, or net realizable value? (SFFAS 3, par. 20 & 26). 98. If inventory is valued at historical cost, does that cost include the purchase amount and all other costs incurred to bring the inventory into its current condition and location? (SFFAS 3, par. 21); 99. Are one of the following historical cost flow assumptions used to value inventory?; a. first-in, first out (FIFO); b. weighted average; c. moving average; d. any other valuation method (such as a standard cost system) whose results reasonably approximate "a" "b" or "c" (SFFAS 3, par. 22); 100. Are abnormal costs, such as excessive handling or rework costs, charged to expenses for the period? (SFFAS 3, par. 21). 101. Is donated inventory valued at its fair value at the time of donation? (SFFAS 3, par. 21). 102. Is inventory acquired through exchange of nonmonetary assets (e.g., barter) valued at the fair value of the asset received at the time of the exchange? (SFFAS 3, par. 21). 103. If the latest acquisition cost method of inventory valuation is used, is the latest invoice price (actual cost) applied to all like units, including those acquired through donation and nonmonetary exchange? (SFFAS 3, par. 23). 104. Under the latest acquisition cost method, is the inventory revalued periodically (or at least by the end of the fiscal year)? (SFFAS 3, par. 23). 105. If the latest acquisition cost method is used to value inventory, is the reported cost of goods sold adjusted by the difference between the beginning and ending unrealized holding gains and losses? (SFFAS 3, par. 25). 106. If inventory is valued at net realizable value, does it meet the following criteria?; a. There is an inability to determine approximate cost. b. There is immediate marketability at quoted prices. c. There is unit interchangeability (e.g., petroleum reserves). (SFFAS 3, par. 26). 107. Is excess, obsolete, and unserviceable inventory valued at its expected net realizable value? (SFFAS 3, par. 30). 108. When inventory is declared excess, obsolete, or unserviceable is the difference between the carrying amount and the expected net value recognized as a loss (or gain) and either separately reported or disclosed? (SFFAS 3, par. 30). 109. Are any subsequent adjustments to the inventory's net value or any loss (or gain) upon disposal recognized as losses (or gains)? (SFFAS 3, par. 30). 110. When inventory is held for repair is it valued using either of the following?; a. the allowance method (i.e., it is valued at the same value as a serviceable item and a contra-asset repair allowance account is set up); b. the direct method (original carrying value of the inventory less estimated repair costs) (SFFAS 3, par. 32 & 33); 111. If inventory is transferred to "inventory held for repair," are estimated prior-period repair costs either credited to the repair allowance or to the inventory and reported as an adjustment to equity? (SFFAS 3, par. 34). 112: Does the entity disclose the following about its inventory?; a. the general composition; b. the basis for determining inventory values (including the valuation method and any cost flow assumptions); c. changes from prior years' accounting methods, if any; d. balances for the major categories of inventory if not broken out in the financial statements; e. restrictions on the sale of inventory; f. the decision criteria for categorizing inventory; g. changes in the criteria for categorizing inventory (SFFAS 3, par. 28, 31, & 35; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 59, note 8) Assets; Operating Materials and Supplies (113 - 120); Yes, No, or; N/A: Operating materials and supplies are tangible personal property to be consumed in normal operations. Excluded are (a) operating materials and supplies acquired to construct real property and equipment for the entity's use, (b) stockpile materials, (c) price stabilization goods, (d) foreclosed property, (e) seized and forfeited property, and (f) inventory. (SFFAS 3, par. 36). 113. Are operating materials and supplies categorized and reported or disclosed as the following?; a. operating materials and supplies held for use; b. operating materials and supplies held in reserve for future use; c. excess, obsolete, or unserviceable operating materials and supplies (SFFAS 3, par. 36, 37, 45, & 47; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 60, note 8) 114. Are operating materials and supplies recognized and reported as assets when produced or purchased? (SFFAS 3, par. 38). 115. Are operating materials and supplies valued at historical cost, including all appropriate purchase and production costs incurred to bring the items to their current condition and location? (SFFAS 3, par. 43). 116. Are donated operating materials and supplies valued at their fair value at the time of donation? (SFFAS 3, par. 43). 117. Are operating materials and supplies acquired through exchange of nonmonetary assets (e.g., barter) valued at the fair value of the asset received at the time of the exchange? (SFFAS 3, par. 43); 118. Is one of the following historical cost flow assumptions used to value ending materials and supplies under the consumption method?; a. first-in, first out (FIFO); b. weighted average; c. moving average or; d. any other valuation method (such as a standard cost system) whose results reasonably approximate "a," "b," or "c" (SFFAS 3, par. 42 & 44); 119. Does the entity disclose the following information about its operating materials and supplies?; a. general composition; b. balances in each operating material and supply category; c. change from prior years' accounting methods; d. basis for valuation (including valuation method and any cost flow assumptions); e. restrictions on the use of materials and supplies, if any; f. decision criteria for identifying each category to which material and supplies are assigned; g. changes in the criteria for identifying the category to which the operating materials and supplies are assigned (SFFAS 3, par. 46, 49 & 50; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 60). 120. Are excess, obsolete, and unserviceable operating materials valued at their estimated net realizable value? (SFFAS 3, par. 48); Assets; Stockpile Materials; (121 - 131): Stockpile materials are strategic and critical materials held due to statutory requirements for use in national defense, conservation, or national emergencies. Not included under this category are (a) items held for sale or use in normal operations, (b) items held for use in the event of an agency's operating emergency or contingency, and (c) price support and stabilization goods. (SFFAS 3, par. 51). 121. Are stockpile materials recognized and reported as assets when acquired (i.e., recognized as assets using the consumption method)? (SFFAS 3, par. 52). 122. Are stockpile materials valued using an acceptable historical cost flow method (i.e., FIFO, weighted average, moving average, or other equivalent method)? (SFFAS 3, par. 53). 123. Does the cost of stockpile materials include all appropriate costs incurred in bringing the materials to their current condition and location? (SFFAS 3, par. 53). 124. If stockpile materials have either suffered a permanent decline in value below cost or have become damaged or decayed, has their value been reduced to net realizable value? (SFFAS 3, par. 54); . 125. Is the resultant decline in value recognized as a loss or expense in the period in which it occurs? (SFFAS 3, par. 54). 126. When stockpile materials are authorized to be sold, are those materials disclosed as stockpile materials held for sale? (SFFAS 3, par. 55); 127. Are the stockpile materials authorized for sale valued using the same basis used before they were authorized for sale? (SFFAS 3, par. 55); 128. Is any difference between the carrying amount (i.e., purchase price or cost) of the stockpile materials held for sale and their estimated selling price disclosed? (SFFAS 3, par. 55). 129. If stockpile materials are sold, is the cost removed from stockpile materials and reported as a cost of goods sold? (SFFAS 3, par. 55); . 130. Is any gain (or loss) from the sale of stockpile materials recognized as a gain (or loss) at that time? (SFFAS 3, par. 55). 131. Does the entity disclose the following information about its stockpile materials?; a. general composition; b. basis for valuing stockpile materials, including valuation method and any cost flow assumptions; c. changes from prior-year's accounting methods, if any; d. restrictions on the use of the material; e. balances in each category of stockpile material (i.e., stockpile materials held and held for sale); f. criteria for grouping stockpile material held for sale; g. any changes in criteria for categorizing stockpile materials held for sale (SFFAS 3, par. 56; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 60). Assets; Seized Property (132 - 141): Seized property includes monetary instruments, real property, and tangible personal property belonging to others in actual or constructive possession of a custodial agency. (SFFAS 3, par. 59); There may be as many as three government entities involved with seized property: (1) the seizing agency, (2) the custodial agency and (3) a "central fund" set up for financial record-keeping. (SFFAS 3, par. 57). 132. If seized monetary assets are reported, is a corresponding liability also reported? (SFFAS 3, par. 61; and OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 20). 133. If the central fund is other than the seizing or custodial entity, does the custodial entity maintain sufficient internal records to carry out its stewardship responsibility? (SFFAS 3, par. 60). 134. Does the custodial agency recognize seized monetary instruments as assets at their market values and set up corresponding liabilities? (SFFAS 3, par. 61 & 65). 135. Is the existence of seized property other than monetary instruments disclosed in a note to the statements and accounted for in the entity's property management records? (SFFAS 3, par. 62). 136. Is seized property valued at its market value when seized (or as soon thereafter as reasonably possible if the market value cannot be readily determined)? (SFFAS 3, par. 63). 137. Is the market value of seized property based on the value of the property assuming an active market exists for the property? (SFFAS 3, par. 63). 138. If no active market exists for the property in the general area in which it was seized, is a value in the principle market nearest the place of seizure used? (SFFAS 3, par. 63). 139. Is the valuation of property seized under the Internal Revenue Code based on the taxpayer's equity (market value less any third-party liens)? (SFFAS 3, par. 64). 140. Does the entity disclose and present by type of seized property in its custody the following?; a. an explanation of what constitutes a seizure and a general description of the property; b. valuation method(s); c. changes from prior years' accounting methods, if any and; d. analysis of change in seized property (including dollar value and number of seized properties) that are on hand at the beginning of the year, seized during the year, disposed of during the year, and on hand at the end of the year (SFFAS 3, par. 66; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 61). 141. Does the entity also disclose the method of disposal of seized property, if material? (SFFAS 3, par. 66; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 61). Assets; Forfeited property(142 - 149): Forfeited property consists of (a) property acquired through forfeiture proceedings, (b) property acquired to satisfy a tax liability, and (c) unclaimed and abandoned merchandise. (SFFAS 3, par. 67 & 68). 142. When a forfeiture judgment is obtained for seized monetary instruments: a. Are they reclassified as forfeited monetary instruments at the current market value?; b. Is a revenue credit recognized in an amount equal to the value of the monetary asset?; c. Is the liability associated with the seized monetary instrument classification removed? (SFFAS 3, par. 69). 143. When a forfeiture judgment is obtained for real, tangible, and intangible property: a. Is the property recorded as an asset at its fair value at the time of forfeiture?; b. Is an allowance account (contra-asset account) established for liens or claims from third party claimants against forfeited property?; c. Is an offsetting deferred revenue credit recognized?; d. Is revenue recognized upon sale and the merchandise and deferred revenue (referred to in "a" and "c" above) removed from the accounts? (SFFAS 3, par. 70, 72, 75, 76, & 77; SFFAS 6, par. 33); 144. Does the entity disclose the following information about forfeited property under its control (including forfeited property) which may be donated or destroyed but not booked as an asset or sold due to legal restrictions?; a. composition of the property; b. valuation method(s); c. changes from prior year's accounting methods; d. analysis of the changes in forfeited property by type and dollar amount that includes: i. number of forfeitures on hand at the beginning of the year; ii. additions; iii. disposals and method of disposition; iv. end of the year balances; e. restrictions on use or disposition of the property and, if available; f. estimates of the value of property to be distributed to other federal, state, and local agencies in future reporting periods? (SFFAS 3, par. 71 & 78; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 61); 145. If the entity reclassifies forfeited property not held for sale to property held for donation or use: a. Is revenue recognized upon approval of distribution or use of property?; b. Is the associated deferred revenue reversed on the books? (SFFAS 3, par. 73 & 74). 146. Is a distinction maintained in the entity's accounting reports between revenue arising from the sale of forfeited property and revenue arising from forfeited property being transferred, donated, or placed into official use? (SFFAS 3, par. 75). 147. Is property acquired by the government to satisfy a taxpayer's liability recorded when title to the property passes to the federal government, and is a credit made to the related account receivable? (SFFAS 3, par. 76). 148. Is the property forfeited in satisfaction of a taxpayer's liability valued at its market value less any third party liens? (SFFAS 3, par. 76). 149. Upon sale of the forfeited property mentioned in the previous question, is revenue recognized in the amount of the sale proceeds, and are the property and third party liens removed from the accounts? (SFFAS 3, par. 76). Assets; Goods Held Under Price Support; and Stabilization Programs (150 - 163): Goods acquired under price support and stabilization programs (i.e., commodities) are items of commerce or trade (usually farm commodities) having an exchange value. Producers of the goods: (1) are either given nonrecourse loans under which they can, at their option, repay the loan with interest or surrender their commodity pledged as collateral for the loan or (2) may enter into purchase agreements that allow the producer of the option to sell commodities to the government (the Commodity Credit Corporation) at the price support rate. (SFFAS 3, par. 92, 93, & 94). 150. Are nonrecourse loans recognized as assets at face value when the loan principal is disbursed? (SFFAS 3, par. 96). 151. Is interest accrued on nonrecourse loans? (SFFAS 3, par. 96); 152. Is a valuation allowance set up to recognize losses on nonrecourse loans when it is "more likely than not" (i.e., more than a 50-percent chance) that loans will not be totally collected? (SFFAS 3, par. 102); 153. Is this allowance reestimated on each financial reporting date? (SFFAS 3, par. 102). 154. When the entity has entered into a purchase agreement and there is an expected loss: a. Is a loss (i.e., the difference between the contract price and the net realizable value of the commodities) recognized if it is probable that a loss has been incurred and is reasonably measurable?; b. Is a corresponding liability recognized? (SFFAS 3, par. 97 & 103). 155. If the contingent loss arising from a purchase agreement is not recognized because it is less than probable or is not reasonably measurable, is the contingent loss disclosed if it is at least "reasonably possible that a loss may occur?" (SFFAS 3, par. 98); 156. When commodities are acquired to satisfy a nonrecourse loan or purchase agreement, are they recognized and reported as assets at the lower of cost or net realizable value? (SFFAS 3, par. 99 & 104); 157. Does the cost for the commodities acquired through a nonrecourse loan settlement include the following amounts?; a. loan principal (excluding interest); b. processing and packaging costs incurred after acquisition; c. other costs (e.g., transportation) incurred in taking title to the commodity (SFFAS 3, par. 105). 158. Does the cost for commodities acquired though a purchase agreement include the following amounts?; a. the unit price agreed upon in the purchase agreement multiplied by the number of units purchased; b. other costs incurred in taking title to the commodity (SFFAS 3, par. 106); 159. Is any adjustment necessary to reduce the carrying amount of the acquired commodities to the lower of cost or net realizable value recognized as a loss in the current period and recorded in a commodity valuation allowance? (SFFAS 3, par. 99 & 107). 160. Conversely, are recoveries of previously recorded losses in the current period recognized up to the point of any previously recognized losses on the commodities, and is the commodity valuation allowance reduced accordingly? (SFFAS 3, par. 107). 161. When commodities acquired to satisfy the terms of a nonrecourse loan or purchase agreement are sold: a. Are revenues recognized?; b. Is the carrying amount of the commodities removed from the asset account and reported as a cost of goods sold? (SFFAS 3, par. 100). 162. When commodities are held for purposes other than sale, is the carrying amount reported as an expense and removed from the commodity asset account upon transfer? (SFFAS 3, par. 101). 163. Is the following information related to goods held under price support and stabilization programs disclosed?; a. basis for valuing commodities including valuation method and cost flow assumptions (e.g., FIFO, weighted average); b. changes from prior-year's accounting methods; c. restrictions on the use, disposal, or sale of commodities; d. analysis of the changes in dollar amount and volume of commodities, including those; i. on hand at the beginning of the year; ii. acquired during the year; disposed of during the year by method of disposition; iii. on hand at the end of the year; iv. on hand at year's end and estimated to be donated or transferred during the coming period; v. received as a result of surrender of collateral related to nonrecourse loans outstanding; vi. dollar value and volume of purchase agreement commitments (SFFAS 3, par. 108 & 109; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 62). Assets; General Property/Plant/Equipment (Net); (164 - 195); Yes, No, or; N/A: General property, plant, and equipment (PP&E) are any property, plant, and equipment used in providing goods or services. (SFFAS 6, par. 23). 164. Has the entity established, disclosed, and consistently followed appropriate capitalization thresholds for property, plant, and equipment (PP&E) suitable to its financial and operational conditions? (SFFAS 6, par. 13, 148, & 149). 165. Does the entity follow a policy that ensures that its PP&E consists of tangible assets that meet the following criteria?; a. They have estimated useful lives of 2 years or more. b. They are not intended for sale in the ordinary course of operations. c. They are acquired or constructed with the intention of being used or being available for use by the entity. (SFFAS 6, par. 17). 166. Does PP&E also consist of the following items?; a. assets acquired through capital leases; b. property owned by the reporting entity in the hands of others (e.g., state and local governments, colleges and universities, federal contractors); c. land rights (SFFAS 6, par. 18). Capital leases are leases that transfer substantially all the benefits and risks of ownership to the lessee. Operating leases are leases in which the federal entity does not assume the risks of ownership of PP&E. Multiyear service contracts and multiyear purchase agreements for expendable commodities are not capital leases. (SFFAS 6, par. 20, footnote 22; SFFAS 5, par. 43). 167. Does the entity classify a lease as a capital lease if at its inception the lease meets one or more of the following criteria?; a. The lease transfers ownership of the property to the lessee by the end of the lease term. b. The lease contains an option to purchase the leased property at a bargain price. c. The lease term is equal to or greater than 75 percent of the estimated economic life of the leased property, and the beginning of the lease term does not fall within the last 25 percent of the total estimated economic life of the property. d. The present value of rental and other minimum lease payments, excluding that portion of the payments representing executory cost, equals or exceeds 90 percent of the fair value of the leased property, and the beginning of the lease term does not fall within the last 25 percent of the total estimated economic life of the property. (SFFAS 6, par. 20; SFFAS 5 par. 43). 168. Does the general PP&E asset line item exclude the following items?; a. items held in anticipation of physical consumption such as operating materials and supplies; b. items the federal entity has a reversionary interest in; c. national defense PP&E; d. heritage assets (except multiuse heritage assets); e. stewardship land (i.e., land not included in general PP&E) (SFFAS 6, par. 19, 21, 57, 58, 150 & 151; SFFAS 11, par. 7; SFFAS 16, par. 6). 169. In determining the level at which the entity categorizes its PP&E, has the entity considered the following factors?; a. the cost of maintaining different accounting methods for property and the usefulness of the information; b. the diversity of the PP&E (e.g., useful lives, value, alternative uses); c. the future disposition of the PP&E; d. the programs being served by the PP&E (SFFAS 6, par. 22). 170. Does the entity categorize an asset under general PP&E if it has one or more of the following characteristics?; a. It could be used for alternative purposes (e.g., by other federal programs, state or local governments, or nongovernmental entities) but is used to produce goods or services or to support the mission of the entity. b. It is used for business-type activities. c. It is used by entities in activities whose costs can be compared to those of other entities performing similar activities (e.g., federal hospital services in comparison to other hospitals). (SFFAS 6, par. 23; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 21). 171. Is PP&E of entities operating as business-type activities categorized as general PP&E whether or not it meets the definition of other PP&E categories (e.g., heritage assets)? (SFFAS 6, par. 24; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 21). 172. Are lands and land rights specifically acquired for or in connection with general PP&E included in general PP&E? (SFFAS 6, par. 25; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 21). 173. Is all general PP&E recorded at cost? (SFFAS 6, par. 26); 174. Does the cost of general PP&E include all costs incurred to bring the PP&E to a form and location suitable for its intended use, such as the following?; a. amounts paid to vendors; b. transportation charges to the point of initial use; c. handling and storage costs; d. labor and other direct or indirect production costs (for assets produced or constructed); e. costs of engineering, architectural, and other outside services for designs, plans, specifications, and surveys; f. acquisition and preparation costs of buildings and other facilities; g. an appropriate share of the cost of the equipment and facilities used in construction work; h. fixed equipment and related installation costs required for activities in a building or facility; i. direct costs of inspection, supervision, and administration of construction contracts and construction work; j. legal and recording fees and damage claims; k. fair value of facilities and equipment donated to the government; l. material amounts of interest costs paid (SFFAS 6, par. 26). 175. Is the recognized cost of general PP&E acquired under a capital lease the lower of either the fair value of the asset or liability for the capital lease at its inception? (SFFAS 6, par. 29). 176. Is the cost of general PP&E acquired through donation, will, or judicial process, excluding forfeiture, capitalized at estimated fair value at the time acquired by the government? (SFFAS 6, par. 30); 177. Is general PP&E transferred from other federal entities capitalized at the book value recorded by the transferring entity? (SFFAS 6, par. 31); . 178. Is the asset capitalized at the fair value at the time of the transfer from another federal entity if the receiving entity cannot reasonably ascertain the book value of the PP&E transferred? (SFFAS 6, par. 31); . 179. If general PP&E is acquired through exchange with a nonfederal entity, is it capitalized at the fair value of the PP&E surrendered at the time of the exchange? (SFFAS 6, par. 32). 180. If, however, the fair value of the PP&E acquired through exchange is more readily determinable than that of the PP&E surrendered, is the acquired general PP&E capitalized at the acquired PP&E's fair value? (SFFAS 6, par. 32). 181. If the fair values of the exchanged PP&E are not determinable, is the acquired general PP&E capitalized at the book value of the PP&E surrendered? (SFFAS 6, par. 32). 182. If cash is included in an exchange of general PP&E, is the cost of PP&E acquired increased or decreased, respectively, by the amount of cash surrendered or received? (SFFAS 6, par. 32). 183. Is PP&E recognized when title passes to the acquiring entity or when PP&E is delivered to the entity or to an agent of the entity? (SFFAS 6, par. 34). 184. If general PP&E is under construction, is it recorded as construction work in process until it is placed into service? (SFFAS 6, par. 34); 185. Do estimates of useful life of general PP&E consider such factors as physical wear and tear and technological change? (SFFAS 6, par. 35); 186. Except for land and land rights of unlimited duration, is general PP&E less its estimated salvage/residual value depreciated in a rational and systematic manner over its estimated useful life? (SFFAS 6, par. 35, 122, & 136; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 21); 187. Are changes in estimated useful life or salvage and residual value of general PP&E accounted for in the period of change and future periods? (SFFAS 6, par. 35). 188. Are depreciation and amortization expenses accumulated in contra asset accounts? (SFFAS 6, par. 36). 189. Are costs that either extend the useful life of existing general PP&E or enlarge or improve its capacity capitalized and depreciated/ amortized over the remaining useful life of the asset? (SFFAS 6, par. 37). 190. When general PP&E is disposed of, retired, or removed from service, is the asset removed from the asset accounts along with the associated accumulated depreciation/amortization? (SFFAS 6, par. 38); 191. Are the differences between the book value and the amounts realized upon removal of service, retirement, or disposal of general PP&E recognized as a current-period gain or loss? (SFFAS 6, par. 38); 192. If prior to disposal, retirement, or removal from service, a general PP&E asset no longer provides service in the operations of the entity: a. Is it removed from the corresponding asset and contra asset accounts?; b. Is its net realizable value recorded in an appropriate asset account?; c. Is the difference between its book value and net realizable value recorded as a current period gain or loss? (SFFAS 6, par. 39). 193. If historical cost information for existing general PP&E has not been maintained, are cost estimates based on either of the following costs?; a. the cost of similar assets at the time of acquisition; b. the current cost of similar assets discounted for inflation since the time of acquisition (SFFAS 6, par. 40). 194. If general PP&E would have been substantially depreciated or amortized had it been recorded upon acquisition, does the entity weigh materiality and cost-benefit in considering either of the following alternatives?; a. Record only improvements made during the period beyond the initial expected useful life of general PP&E. b. Make an aggregate entry for whole classes of PP&E (e.g., entire facilities rather than a building-by-building estimate). (SFFAS 6, par. 42). 195. Does the entity make the following minimum disclosures about its general PP&E?; a. the cost, associated accumulated depreciation, and book value by major class (e.g., building and structures, fixtures, equipment); b. the estimated useful lives for each major class; c. the method(s) of depreciation for each major class; d. capitalization threshold(s) including any changes in thresholds(s) during the period; e. restrictions on the use or convertibility of general PP&E; f. in the period in which SFFAS 6 standards are implemented, adjustments to the PP&E and related contra asset accounts by major class (e.g., buildings, equipment, and vehicles) (SFFAS 6, par. 44 & 45; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 62, note 9). Assets; Software (196 - 226): Software includes the application and operating system programs, procedures, rules, and any associated documentation pertaining to the operation of a computer system or program. "Internal use software" is software that is purchased from commercial vendors "off the shelf," internally developed, or contractor-developed solely to meet the entity's internal or operational needs. (SFFAS 10, par. 8). 196. Does the entity capitalize the cost of software when such software meets the following criteria?; a. specifically identifiable; b. determinate life of 2 years or more; c. not intended for sale in the ordinary course of operations; d. acquired or constructed with the intention of being used by the entity; e. meets the criteria for general property, plant, and equipment (SFFAS 10, par. 15, 38, & 48). 197. Are capitalized software costs included under general PP&E or reported separately if the following criteria apply?; a. The costs are intended to be primarily recovered through user charges. b. The feasibility has been proven. (OMB 97-01 as amended (Jan. 7, 2000), p. 21). 198. Does the capitalized development cost of internally developed software include the full cost (i.e., direct and indirect cost) incurred during the software development stage? (SFFAS 10, par. 16). 199. Are capitalized software development costs limited to costs incurred after the following steps have been taken?; a. Management authorizes and commits to a computer software project and believes that it is more likely than not that the project will be completed and the software will be used to perform the intended function with an estimated service life of 2 years or more. b. The conceptual formulation, design, and testing of possible software project alternatives (i.e., preliminary design stage) have been completed. (SFFAS 10, par. 11, 12, 16, 45, 62, & 64). 200. Do software capitalization costs include those for new software and documentation manuals? SFFAS 10, par. 17, 60, & 61). 201. Do the capitalized costs for commercial off-the-shelf (COTS) software include the amount paid to the vendor? (SFFAS 10, par. 18); 202. Do the capitalized costs for contractor-developed software include the amount paid to a contractor to design, program, install, and implement the software? (SFFAS 10, par. 18). 203. Does the entity capitalize material internal costs incurred to implement the commercial-off-the-shelf software (COTS) or contractor- developed software and otherwise make it ready for use? (SFFAS 10, par. 18). 204. Does the entity expense all data conversion costs, including the cost to develop or obtain the relevant software, related to internally developed, contractor-developed, or COTS software? (SFFAS 10, par. 14, 19, & 69). 205. Does the entity expense costs (e.g., ongoing training for users, preventive maintenance) incurred after the completion of final acceptance testing? (SFFAS 10, par. 14 & 20). 206. Does the entity treat software that serves both internal uses and stewardship purposes (e.g., a global positioning system) as internal use software and capitalize it to the extent such software meets criteria for general PP&E? (SFFAS 10, par. 15 & 21). 207. Is computer software that is integrated into general PP&E and necessary to operate it, rather than perform an application, considered part of the PP&E of which it is an integral part, and is it capitalized and depreciated accordingly? (SFFAS 10, par. 22). 208. If the entity purchased software as part of a package of products and services, does it use a reasonable estimate in allocating the cost difference between capitalizable and noncapitalizable (i.e., expense) elements? (SFFAS 10, par. 23). 209. Does the entity expense software costs that are not susceptible to allocation between maintenance and relatively minor enhancements? (SFFAS 10, par. 23). 210. Has the entity established realistic and defensible capitalization thresholds for its internal-use software including bulk purchases of software programs and modules or components of a total software system? (SFFAS 10, par. 24 & 68). 211. Does the entity capitalize the acquisition cost of enhancements to existing internal-use software, as well as related modules, when it is more likely than not that they will result in significant additional capabilities? (SFFAS 10, par. 25, 42, 43, & 73). 212. Does the entity expense the cost of minor enhancements resulting from ongoing systems maintenance as well as the purchase of enhanced versions of software for a minimal charge? (SFFAS 10, par. 26 & 73); 213. Are material expenditures to add capability and functionality to computer software capitalized? (SFFAS 10, par. 27). 214. If the expensed repair or upgrades of computer software extends its useful life, is the amortization period adjusted? (SFFAS 10, par. 27, 42, & 43). 215. Does the entity recognize a loss upon impairment of computer software if either of these conditions apply?; a. The software is no longer expected to provide substantive service and will be removed from service. b. A significant reduction occurs in the capabilities functions of the software (or module thereof). (SFFAS 10, par. 28, 29, 30, 75 & 76). 216. If the impaired software is to remain in use, is the loss due to impairment measured as the difference between the book value and either of the following amounts?; a. the cost to acquire software that would perform similar remaining functions (i.e., unimpaired functions); b. the portion of book value attributable to the remaining functional elements of the software (SFFAS 10, par. 29). 217. If the loss due to impairment cannot be determined, is the book value of the software amortized over the remaining useful life of the software? (SFFAS 10, par. 29). 218. If impaired software is to be removed from use, is the loss due to impairment measured as the difference between the book value and net realizable value (NRV)? (SFFAS 10, par. 30 & 44). 219. Does the entity transfer the NRV, if any, to an appropriate asset account until such time as the software is disposed of and the NRV realized? (SFFAS 10, par. 30). 220. If the entity's managers conclude that, "more likely than not," developmental software (or a module thereof) will not be completed and placed in service, is the accumulated book value (or the balance in a work-in-process account, if applicable) reduced to reflect the expected NRV and recognized as a loss? (SFFAS 10, par. 31). 221. Does the entity amortize capitalized software in a systematic and rational manner over the estimated useful life of the software? (SFFAS 10, par. 32 & 70). 222. Does amortization of capitalized software not begin until successful completion of testing? (SFFAS 10, par. 33, 41, & 71). 223. If the use of software is dependent on the completion of another or other software module(s), does the amortization not begin until the complementary module(s) have successfully completed testing? (SFFAS 10, par. 33). 224. Are additions to the book value or changes in useful life of capitalized software treated prospectively (i.e., during the period of change and future periods only) when the software is amortized? (SFFAS 10, par. 34). 225. When the entity replaces existing internal-use software with new software, is the unamortized cost of the old software expensed when the new software has successfully completed testing? (SFFAS 10, par. 34); 226. Does the entity disclose, if material, the following information regarding its capitalized software?; a. the cost, associated amortization, and book value; b. the estimated useful life for each major class of software; c. the method(s) of amortization (SFFAS 10, par. 35; SFFAS 6, par. 45). Assets; Other Assets(227 - 238): 227. Are other assets listed and described in a note to the financial statements and broken out by homogenous groups within the major categories of assets (i.e., entity versus nonentity, and intragovernmental versus other entity assets)? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 48, note 6). Advances are cash outlays made by a federal entity to its employees, contractors, grantees, or others to cover the recipient's anticipated expenses or as advance payments for the costs of goods and services acquired by an entity. (SFFAS 1, par. 57); Prepayments are payments made by a federal entity to cover certain periodic expenses before those expenses are incurred (SFFAS 1, par. 58). 228. Are advances and prepayments recorded as assets and disclosed in the notes? (SFFAS 1, par. 59; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 19). 229. Are amounts of advances or prepayments --remaining after related goods or services have been received, contract terms have been met, progress payments have been made, or prepaid expenses have expired --transferred to accounts receivable? (SFFAS 1, par. 59). 230. Are advances and prepayments that are made to federal entities accounted for and reported separately from those made to nonfederal entities? (SFFAS 1, par. 61). 231. Are advances and prepayments paid out reported separately (i.e., not netted) from advances and prepayments received? (SFFAS 1, par. 60); Property, plant, and equipment are classified as heritage assets if they have (1) historical or natural significance; (2) cultural, educational, or artistic importance; or (3) significant architectural characteristic. (SFFAS 6, par. 57). 232. If the predominant use is in general government operations (e.g., main U.S. Treasury building, which is a heritage asset used as an office building), is acquisition, betterment, or reconstruction of all multiuse heritage assets capitalized as general PP&E and depreciated over the useful life of the assets? (SFFAS 16, par. 6 & 9; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 21). 233. Does the entity also include a footnote disclosure explaining that "physical quantity" information for the multiuse heritage assets is included in supplemental stewardship reporting for heritage assets? (SFFAS 16, par. 9). 234. Are multiuse heritage assets acquired through donation or devise recognized as general PP&E at the assets' fair value? (SFFAS 16, par. 11). 235. Is the fair value amount of such assets acquired through donation or devise recognized as "nonexchange revenue," as defined in SFFAS 7 in the Statement of Change in Net Position? (SFFAS No.16, par. 11); Land is defined as the solid part of the surface of the earth. Excluded from the definition of land are depletable resources, such as timber and other continental shelf resources. (SFFAS 6, par. 66 & 67). 236. Are land and land rights owned by the federal government, except those acquired for or in connection with general PP&E, referred to as stewardship land in the entity's annual report? (SFFAS 6, par. 68, 137 & 228). 237. Are significant structures that have been acquired with stewardship land and have a significant operating use treated as general PP&E (i.e., capitalized and depreciated) if used in operations? (SFFAS 6, par. 70 & 232). 238. Is the cost of a structure acquired with stewardship land that is to be used in operations included in the acquisition cost of the land if one of the following apply?; a. The structure's value is insignificant compared to the value of the land. b. The structure has little or no inherent value. c. The structure is merely a byproduct of the acquisition of the land. (SFFAS 6, par. 70). Liabilities; Liabilities in General (239 - 240); Yes, No, or, N/A; Explanation. Liabilities of federal agencies are reported under two major categories: (1) liabilities covered by budgetary resources and (2) liabilities not covered by budgetary resources. Within each of these two categories, liabilities are classified as (1) intragovernmental liabilities, which are amounts owed to other federal entities or (2) governmental liabilities, which are amounts owed to nonfederal entities by the federal government or an entity within the federal government. (SFFAS 1, par. 21; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 16 & 22); A liability for federal accounting purposes is a probable and measurable future outflow or other sacrifice of resources as a result of past transactions or events. (SFFAS 5, par. 19, 20, & 21; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 22); Probable refers to that which can reasonably be expected or is believed to be more likely than not on the basis of available evidence or logic. However, in the context of assessing the outcome of matters of pending or threatened litigation and unasserted claims and recognizing an associated liability, "probable" refers to that which is likely, not to that which is "more likely than not. " (SFFAS 5, par. 33; SFFAS 12, par. 10); Measurable refers to that which can be quantified in monetary units with sufficient reliability to be reasonably estimable. (SFFAS 5, par. 34). 239. Are liabilities recognized when incurred regardless of whether they are covered by available budgetary resources (including those liabilities related to appropriations cancelled under "M" account legislation)? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 22); 240. Does the federal entity recognize a liability for probable and measurable future outflows or other sacrifices of resources arising from one or more of the following events?; a. past exchange transactions; b. government-related events, such as government-caused damages; c. government-acknowledged events, such as natural disasters, for which the government has taken formal responsibility for the related costs; d. nonexchange transactions that, according to current law and applicable policy, are unpaid amounts due as of the reporting date. (SFFAS 5, par. 19 - 34; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 22); Liabilities; Interest Payable (241 - 248); Explanation. Accounts payable are amounts owed by a federal entity for goods and services received from, progress in contract performance made by, and rents due to other entities. (SFFAS 1, par. 74; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 22). 241. Do accounts payable exclude amounts related to ongoing continuous expenses, such as salary and related benefits expense, which are classified as other current liabilities? (SFFAS 1, par. 75); 242. Are accounts payable owed to other federal agencies reported separately from those owed to the public? (SFFAS 1, par. 76; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 16 & 22). 243. When an entity accepts title to goods, whether the goods are delivered or in transit, does the entity recognize a liability for the unpaid cost of goods? (SFFAS 1, par. 77). 244. If invoices for goods, for which the entity has accepted the title, are not available, does the entity estimate the amount owed? (SFFAS 1, par. 77). 245. For facilities or equipment constructed or manufactured by contractors or grantees according to agreements or contract specifications, are amounts recorded as payable based on an estimate of work completed under the contract or the agreement in accordance with the federal entity's engineering and management evaluation of actual performance progress and incurred costs? (SFFAS 1, par. 78 & 79). 246. Are accounts payable covered by budgetary resources separately reported from those not covered by budgetary resources? (SFFAS 1, par. 80; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 16 & 22). 247. Is interest incurred but unpaid on liabilities and late payments and refunds recognized as interest payable and reported as a liability at the end of each period? (SFFAS 1, par. 81; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 22). 248. Is interest payable to federal entities reported separately from interest payable to the public? (SFFAS 1, par. 82). Liabilities; Liabilities for Loan Guarantees (249 - 262); N/A; Explanation. A loan guarantee is any guarantee, insurance (but not deposit insurance), or other pledge with respect to the payment of all or part of the principal or interest on any debt obligation of a nonfederal borrower to a nonfederal lender. (SFFAS 2, app. C); The Federal Credit Reform Act of 1990 requires federal entities to estimate and budget for the costs arising from default of guaranteed loans made after fiscal year (FY) 1991 (i.e., post 1991). (SFFAS 2, par. 7; OMB 97-01 as amended (Jan. 7, 2000), p. 55). 249. Is the present value of estimated net cash outflows from post-1991 (i.e., committed after September 30, 1991) loan guarantees recognized as a liability? (SFFAS 2, par. 7 & 23). 250. Does the entity disclose by loan program the face value of guaranteed loans outstanding and the amount of outstanding principal guaranteed? (SFFAS 2, par. 23; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 51, note 7, item F & p. 55, 1[ST] par.). 251. Does the entity disclose by loan program the estimated liabilities arising from post-1991 loan guarantees? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 52, note 7, item G & p. 57, item G); 252. Is a liability for a pre-1992 (i.e., committed before October 1, 1991) loan guarantee recognized when it is more likely than not that the loan guarantee will require a future cash outflow to pay a default claim? (SFFAS 2, par. 39 & app. B, part IV A). 253. Is the face value of pre-1992 guaranteed loans outstanding and related liability broken out by loan program and disclosed in a note to the financial statements? (OMB Bull. 97-01 as amended (Jan. 7, 2000), note 7, items A & G; pp. 49, 52, 55, item A 1[ST] par. & p. 57, item G); 254. Are the liabilities for the pre-1992 loan guarantees reestimated each year as of the date of the financial statements? (SFFAS 2, par. 39); 255. Does the entity disclose, by loan program, whether pre-1992 loan guarantees are reported on a present-value basis1 or under the allowance-for-loss method?2 (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 52 items, G1 & G2; p. 55, item A, 4[TH] par. & p. 57, item G); . 256. When the total loan guarantee liability for all of the credit programs is negative, is this reported as an asset? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 23). 257. However, if a loan guarantee liability is the result of both positive and negative amounts of the various components, is the total shown as a liability, and are the negative components (of the loan guarantee liability) disclosed? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 23). A "modification" is a federal government action, including new legislation or administrative action, that directly or indirectly alters the estimated subsidy cost and the present value of outstanding direct loans or the liability of loan guarantees. (SFFAS 2, par. 41); Direct modifications are actions that change the subsidy cost by altering the terms of existing contracts or by selling loan assets. (SFFAS 2, par. 42); Indirect modifications are actions that change the subsidy cost by legislation that alters the way in which an outstanding portfolio of direct loans or guarantees is administered. (SFFAS 2, par. 43). 258. When post-1991 loan guarantees are modified, is the existing book value of the related liability changed to an amount equal to the present value3 of net cash outflows that are projected under the modified terms from the time of the modification to the loan's maturity? (SFFAS 2, par. 50 & app. B, part III D(4); SFFAS 19, par. 7(d)); . 259. When pre-1992 loan guarantees are directly modified: a. Are they transferred from the liquidating account to a financing account?; b. Is the existing book value of the liability of the modified loan guarantees changed to an amount equal to their post-modification liability (i.e., the present value of the net cash outflows under post- modification terms discounted at the current Treasury rate)? (SFFAS 2, par. 51 & app. B, part IV B(4)). 260. If pre-1992 loan guarantees are indirectly modified: Are they kept in a liquidating account?; b. Is the related liability reassessed and adjusted to reflect any change in the liability resulting from the modification? (SFFAS 2, par. 51). 261. Are subsequent modifications of pre-1992 loan guarantees treated as a modification of post-1991 loan guarantees? (SFFAS 2, par. 51); 262. If a post-1991 or pre-1992 loan is sold with a recourse provision, is the present value (discounted at the Treasury rate in effect at the time of the sale) of the estimated losses recognized as a subsidy expense and loan guarantee liability? (SFFAS 2, par. 53 & 54 & app. B, part I F(3)). Liabilities; Lease Liabilities (263 - 266): Capital leases are leases that transfer substantially all of the benefits and risks of ownership to the lessee. (SFFAS 5, par. 43). 263. Is the amount recorded by the lessee as a liability under a capital lease arrangement the lesser of the following amounts?; a. the present value of rental and other minimum lease payments (excluding executory costs) during the lease term; b. the fair value of the property at the inception of the lease (SFFAS 5, par. 43 & 44). 264. Does the entity use the applicable Treasury borrowing rate to determine the interest rate charged on a capital lease unless the following apply?; a. It is practicable for the lessee to learn the implicit rate computed by the lessor. b. The implicit rate is less than the Treasury borrowing rate. (SFFAS 5, par. 45). 265. During the lease term is each minimum payment allocated between a reduction of the obligation and interest expense so as to produce a constant periodic rate of interest on the remaining balance of the liability? (SFFAS 5, par. 46). 266. Does the entity disclose in a note to the statements the following information about its capital leases?; a. gross amounts of assets under capital lease by major asset category; b. a description of the lease arrangements, for example: future funding commitments, lease terms, renewal options, escalation clauses, restrictions, and amortization periods; c. future payments due, by major asset category, and deductions for imputed interest and executory costs for all noncancellable leases with terms longer than 1 year; d. a breakout of portions of the capital lease liability covered by budgetary resources and not covered by budgetary resources (OMB Bull. 97-01 as amended (Jan. 7, 2000), note 12, pp. 67 & 69, item A). Liabilities; Federal Debt and Related Interest; (267 - 278); Explanation. Debts are amounts borrowed from the Treasury, the Federal Financing Bank, other federal agencies, or the public under general or special financing authority such as Treasury bills, notes, bonds, and FHA debentures. (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 23). 267. Does the entity accounting for federal debt identify the amount of the outstanding debt liability at any given time and the related interest cost for each accounting period? (SFFAS 5, par. 48). 268. Are fixed-value securities with known redemption or maturity amounts valued at their original face (par) value net of any unamortized discount or premium? (SFFAS 5, par. 50). The straight-line method for amortizing a bond premium or discount reduces it in equal amounts over the life of the bond. (A. N. Mosch and E. John Larsen, Intermediate Accounting, McGraw-Hill Book Company, fifth edition 1982, p. 612.); The interest method for amortizing a bond premium or discount reduces the discount or premium by the difference between the effective interest and stated interest on the bond. (SFFAS 1, app. B). 269. Is either the straight line or interest method of discount or premium amortization used if the following conditions are met?; a. The short-term securities have a maturity of 1 year or less. b. In the case of longer- term securities, the difference between the amount of amortization under the interest and straight-line methods is immaterial. (SFFAS 5, par. 50). 270. Is the interest method used for amortizing any discount or premium if the conditions listed in the previous question are not met? (SFFAS 5, par. 51). 271. If the entity has issued variable value securities of unknown redemption or maturity values, are they appraised at their original value and periodically revalued on the basis of the regulations or offering language? (SFFAS 5, par. 52). 272. Are old currencies issued by the federal government and not yet redeemed or written off identified as a federal debt liability at face value? (SFFAS 5, par. 55). 273. Are the beginning balance, net borrowing, and ending balances of debt disclosed? (SFFAS 5, par. 48; OMB Bull. 97-01 as amended (Jan. 7, 2000), note 10, p. 63). 274. Are the following categories of debt disclosed?; a. total public debt (reported by the Treasury Department only) broken out by debt; b. total agency debt issued under special financing authority (e.g., FHA debentures and TVA bonds) broken out by debt held by the government accounts and debt held by the public; c. other debt broken out by debt owed to the Treasury, debt owed to the Federal Financing Bank, and debt owed to other federal agencies (OMB Bull. 97-01 as amended (Jan. 7, 2000), note 10, pp. 63 & 64). 275. Is all debt owed to Treasury, the Federal Financing Bank, or other federal agencies reported under intragovernmental liabilities and disclosed as intragovernmental debt? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 16 & note 10, pp. 63 & 64). 276. Is all debt owed to the public reported and disclosed as such? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 16 & note 10, pp. 63 & 64); 277. Are the names of the agencies disclosed, other than Treasury or Federal Financing Bank, to which intragovernmental debt is owed, and are the amounts disclosed? (OMB Bull. 97-01 as amended (Jan. 7, 2000), note 10, p. 64). 278. Is other information relative to debt disclosed (e.g., maturity dates, redemption or call of debt owed to the public before maturity dates, write-offs of debts owed to Treasury or the Federal Financing Bank)? (OMB Bull. 97-01 as amended (Jan. 7, 2000), note 10, p. 64); Liabilities; Pensions, Other Retirement Benefits, and Postemployment Benefits (279 - 287): Federal employee and veterans benefits include the actuarial portion of pensions, other retirement benefits, and other postemployment benefits. They do not include liabilities related to ongoing continuous expenses such as employees' accrued salary, accrued annual leave, unpaid portions of employee benefits, and other benefits that are currently due. These items are reported under the "other liabilities" line item. (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 23); In the context of accounting for pensions, other retirement benefits (ORB), and other postemployment benefits, the "administrative entity" manages and accounts for the pension or other employee plan, while the "employer entity" employs federal workers and generates employee costs, for which it would typically receive a salary and expense appropriation. (SFFAS 5, par. 57, footnote 38); The "aggregate entry age normal" actuarial cost method is one under which the expenses or liabilities arising from the actuarial present value of projected pension benefits are allocated on a level basis over the earnings or the service of the group between entry age and assumed exit ages. The portion of the actuarial present value allocated to a valuation year is called "normal cost. " (SFFAS 5, par. 64). 279. Is the aggregate entry age normal actuarial cost method used to calculate, for the administrative entity financial statements, the liabilities arising from pension and ORB expenses? (SFFAS 5, par. 64 & 82). 280. If other actuarial cost methods are used, does the entity provide an explanation? (SFFAS 5, par. 64). 281. Does the administrative entity report pension and ORB assets separately from liabilities as opposed to netting them out? (SFFAS 5, par. 68 & 85). 282. Does the administrative entity carry pension and ORB assets at their acquisition cost, adjusted for amortization, if appropriate? (SFFAS 5, par. 68 & 85). 283. Does the administrative entity disclose the market value of pension and ORB investments in market-based and marketable securities? (SFFAS 5, par. 68 & 85). 284. Does the employer entity recognize the long-term other postemployment benefits liability as the present value of future payments discounted at the Treasury borrowing rate for securities of similar maturity? (SFFAS 5, par. 95). 285. Does the administrative entity disclose and report separately the liabilities arising from pensions, other retirement benefits, and other postemployment benefits that are covered by budgetary resources and the liabilities that are not covered by budgetary resources? (OMB Bull. 97- 01 as amended (Jan. 7, 2000), pp. 16 & 23 & note 13, p. 70); 286. Does the administrative entity disclose the assumptions used to calculate the liability for pensions, other retirement benefits, and other postemployment benefits? (SFFAS 5, par. 67 & 83; OMB Bull. 97-01 as amended (Jan. 7, 2000), note 13, p. 70). 287. If the assumptions for a pension plan differ from the assumptions used by the three primary plans --Civil Service Retirement System (CSRS), Federal Employees Retirement System (FERS), and Military Retirement System (MRS) --does the administrative entity disclose how and why the assumptions differ from those of the primary plans? (SFFAS 5, par. 67; OMB Bull. 97-01 as amended (Jan. 7, 2000), note 13, p. 70); Liabilities; Other Liabilities (288 - 318): Unless they are reported separately, other liabilities cover liabilities not recognized in other categories. They include, but are not limited to: capital leases, insurance, advances and prepayments, deposit funds held in escrowand accrued liabilities and liabilities for losses, claims, and other contingencies. Claims and other contingencies include: indemnity agreements, adjudicated claims, commitments to international institutions, and clean-up costs. (SFFAS 1, par. 83 - 86; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 24). 288. Do all federal insurance and guarantee programs (except social insurance and loan guarantee programs) recognize a liability for unpaid claims incurred resulting from insured events that have occurred as of the reporting date? (SFFAS 5, par. 104; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 24). 289. Do federal insurance programs accrue a contingent liability when an existing condition, situation, or set of circumstances involving uncertainty as to possible loss exists, and when the following conditions apply?; a. The uncertainty will be resolved when one or more probable future events occur or fail to occur. b. Future outflow or other sacrifice of resources is probable and measurable. (SFFAS 5, par. 104 & 108; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 24); 290. When insurance payments and losses extend beyond the current year, are net losses calculated on a present-value basis to reflect the time value of money? (SFFAS 5, par. 109). 291. Does the entity report under "required supplementary stewardship information" (RSSI) the major assumptions and "risks assumed" (i.e., the present value of unpaid losses net of associated premiums based on risk inherent in the insurance or guarantee coverage) for all sponsored insurance programs (except for social insurance, life insurance, and loan guarantee programs)? (SFFAS 5, par. 105, 106, & 109); 292. Does the entity also report under RSSI the indicators of the range of uncertainty around insurance-related estimates and sensitivity of the estimates to changes in major assumptions? (SFFAS 5, par. 114); The liability for future policy benefits is the present value of future outflows to be paid to (or on behalf of) policyholders, less the present value of future related premiums. In general, for whole life policies, the liability for future policy benefits should be no less than the cash surrender value that accrues to the benefit of the policyholder. (SFFAS 5, par. 116). 293. Does the entity also recognize a liability for future insurance policy benefits (such as death or disability)? (SFFAS 5, par. 104; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 24). 294. Are liabilities for future benefits of whole life insurance policies reported and disclosed in accordance with private sector standards (i.e., FASB SFAS 60, 97, & 120; AICPA SOP 95-1)? (SFFAS 5, par. 117 & 191 - 193; OMB Bull. 97-01 as amended (Jan. 7, 2000), note 14, p. 70); 295. Does the liability for future benefits relating to participating life insurance contracts equal the sum of the following amounts?; a. the net- level premium reserve for death and endowment policy benefits; b. liability for terminal dividends and; c. any premium deficiency (SFFAS 5, par. 118 & 120). 296. Has the entity made an assessment to compare the liability for future policy benefits using actuarial assumptions applicable at the time the contract was made (contract assumptions) with the liability for future policy benefits using assumptions that consider the following factors?; a. current economic conditions (i.e., current and expected investments and expected long-term yields); b. experience (i.e., mortality, morbidity, and termination rates) (SFFAS 5, par. 119). 297. Does the entity disclose the components of the liability for future policy benefits of whole life insurance contracts along with a description of each amount and explanation of its projected use? (SFFAS 5, par. 121; OMB Bull. 97-01 as amended (Jan. 7, 2000), note 14, p. 70). 298. Does the reporting entity disclose and break out the following items?; a. the portion of other liabilities covered by budgetary resources and the portion not covered by budgetary resources; b. the portion of other liabilities payable to governmental (i.e., federal) entities and the portion payable to nonfederal entities; c. the portion of other liabilities that are noncurrent and the portion that are current (SFFAS 1, par. 83 - 86; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 16 & 24 & note 11, pp. 65 & 66). 299. Does the agency record "unearned revenue" as a liability if it requests advances or progress payments prior to receipt of cash, and does it record the amounts? (SFFAS 7, par. 37). 300. Are amounts payable for refunds, refund offsets, and drawbacks recognized as liabilities when measurable and legally payable under established processes of the collecting entity? (SFFAS 7, par. 57 & app. E). 301. Do amounts payable for refunds include refund claims filed by the taxpayer in which the government has determined the amount payable and identified the payee? (SFFAS 7, par. 57). 302. Are filed claims for refunds, even if reasonably estimable, excluded from payables if administrative actions have not been completed as of the close of the reporting period? (SFFAS 7, par. 58. A); 303. Are unasserted claims for refunds, even if reasonably estimable, excluded from payables? (SFFAS 7, par. 58. B). 304. Are voluntarily made deposits pending settlements and judgments separately recognized as deposit liabilities? (SFFAS 7, par. 59); A loss contingency is an existing condition, situation, or set of circumstances involving uncertainty as to possible loss to an entity. The uncertainty should ultimately be resolved when one or more future events occur or fail to occur. (SFFAS 5, par. 35; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 24 & note 16, p. 71). 305. Does the entity recognize estimated losses for claims or other contingencies if the following conditions apply?; a. A past event or exchange transaction has occurred. b. A future outflow or other sacrifice of resources is probable. c. The future outflow or sacrifice of resources is measurable. (SFFAS 5, par. 33 & 38; SFFAS 12, par. 10 & 11; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 24); 306. If any one of the conditions for recognizing a contingent liability are not met and there is at least a "reasonable possibility" 20 that a loss or additional loss may be incurred, does the entity disclose the nature of the contingency and the following?; a. an estimate of the possible liability; b. an estimate of the range of the possible liability; c. a statement that such an estimate cannot be made (SFFAS 5, par. 36, 38, 40, & 41). 307. If no amount within the range of possible liabilities is a better estimate than any other amount: a. Is the minimum amount in the range of possible liabilities recognized?; b. Is the range and a description of the nature of the contingency disclosed? (SFFAS 5, par. 39); 308. If information about remote contingencies, or related to remote contingencies, is included in general-purpose federal financial reports, is the information labeled to avoid the misleading implication that there is more than a remote chance of a loss of that amount? (SFFAS 5, par. 42). 309. If material, does the entity separately disclose a contingent liability for environmental clean-up costs for PP&E if the following criteria apply?; a. They are related to a past transaction or event. b. The related costs are probable and measurable. (SFFAS 5, par. 38 & SFFAS 6, par. 91 - 93; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 24); 310. When clean-up costs are paid, are the payments recognized as a reduction in the liability for clean-up costs? (SFFAS 6, par. 100); 311. If clean-up costs have not been previously recognized, is a liability recognized for the portion of the estimated total clean-up cost that is attributable to either the portion of the physical capacity used or the portion of the estimated useful life that has passed, since the PP&E was placed into service? (SFFAS 6, par. 104). 312. When clean-up costs are recognized for the first time, is the offsetting charge for any liability for clean-up costs shown as a "prior-period adjustment?" (SFFAS 6, par. 105). 313. Are the amounts of prior-period adjustments arising from belated recognition of clean-up costs and liabilities disclosed and, if possible, associated with current and prior periods? (SFFAS 6, par. 105). 314. Are any subsequent changes (made in periods following implementation) in estimated total clean-up cost immediately expensed (if costs are to be recovered though user charges) and reflected in the related liability balance? (SFFAS 6, par. 104). 315. Does the entity also disclose the following information?; a. the sources (i.e., applicable laws and regulations) of clean-up requirements; b. the method for assigning estimated total clean-up costs to current operating periods (e.g., physical capacity versus passage of time); c. the unrecognized portion of estimated total clean-up costs associated with general PP&E; d. the material changes in total estimated clean-up costs due to changes in laws, technology, or plans; e. the portion of change in an estimate that relates to prior-period operations; f. the nature of estimates and the disclosure of information regarding possible changes due to inflation, deflation, technology, or applicable laws and regulations (SFFAS 6, par. 107 - 111). Social insurance programs provide for the maintenance and distribution of incomes and medical benefits during periods of unemployment, disability, and retirement. These programs are Social Security, Medicare, and Railroad Retirement Benefits, Black Lung Benefits, and Unemployment Insurance. Expense and liability recognition for these programs is the same for both the consolidated governmentwide entity as for the component entities. (SFFAS 17, par. 2, 4, 14, & 30). 316. Does the entity recognize a liability for social insurance benefits due and payable including claims incurred but not reported? (SFFAS 17, par. 22, 59 - 63, & 113). 317. Does the liability for unemployment insurance include the following amounts?; a. amounts due to states and territories for benefits they have paid to beneficiaries but for which they have not withdrawn funds from the federal unemployment trust fund (UTF) as of the fiscal year-end; b. estimated amounts to be withdrawn from UTF and benefits paid by states and territories after fiscal year-end for compensatory days occurring prior to fiscal year-end (SFFAS 17, par. 23). 318. Does the entity separately report items within other liabilities if the amounts are material? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 24). Net Position; Unexpended Appropriations & Cumulative Results of Operations (319 - 322): 319. Does the line item "unexpended appropriations" include both the portion of the entity's appropriation represented by undelivered orders and unobligated balances? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 25). 320. Does the entity break out and disclose the portion of unexpended appropriations represented by undelivered orders and unobligated amounts? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 71, note 15); . 321. Does the entity disclose its estimate of obligations related to cancelled appropriations for which it has a contractual commitment for payment? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 71, note 16); . 322. Does the line item "cumulative results of operations" include the following items?; a. the net results of operations since inception; b. the cumulative amount of prior-period adjustments; c. the cumulative amount of donations and transfers of assets in and out of the entity's control (i.e., constructive ownership) without reimbursement; d. the cumulative amounts related to investment in capitalized assets, such as PP&E (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 25); Section IV: Staetment of Net Cost: The questions related to the Statement of Net Cost are presented under three general captions and 12 line items. The question numbers related to each caption and line item follow. Question Numbers: Cost Accounting in General: 1. Overall Requirements: 1 - 16: 2. Responsibility Segments: 17 - 21: 3. Full Cost: 22 - 30: 4. Interentity Costs: 31 - 36: 5. Costing Methodology: 37 - 45: Revenues: 46 - 69: Costs: 6. Pensions and Other Retirement and Postemployement Benefits: 70 - 94: 7. Inventory, Materials, Supplies, and Commodities: 95 - 103: 8. Property, Plant, and Equipment: 104 - 118: 9. Clean-up Costs: 119 - 127: 10. Interest: 128 - 129: 11. Insurance and Subsidies: 130 - 133: 12. Credit Programs: 134 - 182: Cost Accounting in General Overall Requirements (1 - 16); Yes, No, or; N/A: The Statement of Net Cost is designed to show separately the components of the net cost of the reporting entity's operations for the period. The statement and any related supporting schedules classify revenue and cost information by suborganization or responsibility segment. (OMB Bull. 97-01 as amended (Jan. 7, 2000) , p. 27); Information presented in the Statement of Net Costs mostly depends on the agency properly implementing SFFAS No. 4, Managerial Cost Accounting Standards for the Federal Government. SFFAS No. 4 essentially defines how costs are determined and provides guidance for defining and structuring responsibility segments. (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 27); Managerial cost accounting is the process of accumulating, measuring, analyzing, interpreting, and reporting cost information useful to both internal and external groups concerned with the way in which the organization uses, accounts for, safeguards, and controls its resources to meet its objectives. (SFFAS 4, par. 42); A cost accounting "system" is a continual and systematic cost accounting process that may be designed to accumulate and assign costs to a variety of objects routinely or as desired by management. (SFFAS 4, par. 74); Cost finding is a method for determining the cost of producing goods or services using appropriate procedures, for example, special cost studies or analyses. (SFFAS 4, par. 76). 1. Is the classification of suborganization and major programs for which costs are reported consistent with the entity's mission and outputs? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 27). 2. Are net costs reported for the entity as a whole and for specific suborganizations and major programs? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 27). 3. Does the Statement of Net Costs include a combined total column? (OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 26 & 28). 4. Does the combined total column include a note alerting readers that the combined statement of financing or equivalent schedules do not include intra-agency eliminations? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 28). 5. Are the costs related to the production of goods and services provided to other programs reported separately from the costs of goods, services, transfers, and grants provided to the public? (OMB Bull. 97- 01 as amended (Jan. 7, 2000), p. 28). 6. Are costs that cannot be directly traced, assigned on a cause-and- effect basis, or reasonably allocated to segments and their outputs and programs reported on the Statement of Net Cost as "Costs not assigned to programs?" (OMB 97-01, pp. 26 & 29; SFFAS 7 Imple. Guide, par. 32); . 7. Is earned revenue that is insignificant or cannot be attributed to particular outputs or programs reported separately as a deduction in arriving at the net cost of operations of the suborganization or reporting entity as a whole? (OMB 97-01 as amended (Jan. 7, 2000), pp. 26 & 29). 8. Does the reporting entity regularly accumulate and report the costs of its activities either by means of cost accounting systems or cost finding techniques? (SFFAS 4, par. 70). 9. Has the entity established appropriate procedures and practices to enable the consistent and regular collection, measurement, accumulation, analysis, interpretation, and communication of cost information? (SFFAS 4, par. 68 & 70). 10. Does the cost accounting data collected by the entity provide information needed to determine and report service efforts, accomplishments, and information required by the Government Performance and Results Act of 1993 (GPRA)? (SFFAS 4, par. 69). 11. In general, does the reporting entity use a cost accounting system or cost finding technique that can perform at least a certain minimum level of cost accounting as well as provide basic cost information necessary to accomplish the objectives associated with planning, decision-making, control, and reporting? (SFFAS 4, par. 71); . 12. Specifically, does the reporting entity's cost accounting system or cost finding technique, at a minimum, do the following?; a. Collect cost information by responsibility segments, which have been identified by management. b. Define outputs for each responsibility segment. c. Measure the full cost (including the cost of goods or services provided by other entities) of outputs so that total operational costs and total unit costs of outputs can be determined. d. Use a costing methodology (e.g., activity-based, job order, and standard costing) that is appropriate for management's needs and the operating environment. e. Provide information needed to determine and report service efforts, accomplishments, and information necessary to meet the requirements of GPRA (or interface with a system that provides such information). f. Rely on the Standard General Ledger as a basis for integrating its cost information with its general financial accounting capability. g. Supply cost data precise enough to provide reliable and useful information to internal and external users in making evaluations or decisions. h. Accommodate management's special cost information needs. (SFFAS 4, par. 71). 13. Are all cost accounting activities, processes, and procedures documented? (SFFAS 4, par. 71). 14. In determining the appropriate detail for its cost accounting processes and procedures, has the reporting entity considered the following?; a. nature of its operations; b. the precision desired and needed in cost information; c. the practicality of data collection and processing; d. the availability of electronic data-handling facilities; e. the cost of installing, operating, and maintaining the cost accounting processes; f. any specific information needs of management (SFFAS 4, par. 72); 15. Has the entity used similar or compatible cost accounting processes throughout its component units? (SFFAS 4, par. 73). 16. Does the entity provide appropriate variations of the Statement of Net Cost based on the types of programs that it carries out and OMB guidance? (SFFAS 7 Imple. Guide, par. 33; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 28 & 30). Cost Accounting in General; Responsibility Segments (17 - 21); Explanation. A responsibility segment is a component of a reporting entity that is responsible for carrying out a mission, conducting a major line of activity, or producing one or a group of related products or services. (SFFAS 4, par. 78). 17. Has the management of the reporting entity defined and established, as needed, responsibility segments to perform managerial cost accounting functions? (SFFAS 4, par. 77). 18. Does management designate or establish responsibility segments based on the following?; a. the entity's organization structure; b. its lines of responsibility and missions; c. its output of goods and services; d. budget accounts and funding authorities (SFFAS 4, par. 86); 19. For each responsibility segment, can the entity do the following?; a. Define and accumulate outputs and, if feasible, quantify each type of output in units. b. Accumulate costs and quantitative units of resources consumed in producing the outputs. c. Assign costs to outputs and calculate the cost per unit of each type of output, if possible. d. Establish lower level cost centers, as needed. (SFFAS 4, par. 79 & 88); 20. Does the reporting entity include supporting schedules in the Notes to the Financial Statements if the suborganization's summary information provided in the Statement of Net Cost does not fully display the suborganization's major programs and activities? (OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 71 & 72). 21. Does the reporting entity disclose gross cost and earned revenue, by budget functional classification? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 73). Cost Accounting in General; Full Cost (22 - 30): Full cost is the sum of all costs required by a cost object including the costs of activities performed by other entities regardless of funding sources. (SFFAS 4, app. B); Cost object (or cost objective) is an activity, output, or item whose cost is to be measured --or in a broad sense, an organizational division, function, task, product, service, or customer. (SFFAS 4, app. B); Direct costs are costs that can be specifically identified with an output. (SFFAS 4, par. 89); Indirect costs are costs of resources that are jointly or commonly used to produce two or more types of outputs but are not specifically identifiable with any of the outputs. (SFFAS 4, par. 91); Output is any product or service generated from the consumption of resources. (SFFAS 4, par. 89). 22. Does the reporting entity report include all direct costs in the full cost of outputs? (SFFAS 4, par. 89 & 90). 23. Does the reporting entity also include the following?; a. indirect costs incurred within a responsibility segment; b. the costs of support services that a responsibility segment receives from other segments and entities (SFFAS 4, par. 91, 122, & 123). 24. Are those general management and administrative support costs that cannot be traced, assigned, or allocated to responsibility segments and outputs identified and reported as costs not assigned to programs? (SFFAS 4, par. 92). 25. Are the costs of employee benefits included as part of the cost of outputs? (SFFAS 4, par. 93 - 96). 26. Are other postemployment benefits reported as expenses for the period during which a future outflow or other sacrifice of resources is probable and measurable on the basis of an event occurring on or before the accounting date? (SFFAS 4, par. 96 - 97). 27. Are the costs of transfer payments for welfare, insurance, grants, and other public assistance programs and the costs of operating those programs separately identified? (SFFAS 4, par. 98 - 101; OMB Bull. 97- 01 as amended (Jan. 7, 2000), pp. 28 & 72). 28. Are incurred depreciation expenses included in the full costs of outputs that the segment produces? (SFFAS 4, par. 102); . 29. Are the costs of acquiring or constructing national defense PP&E and heritage PP&E treated as a program cost or period expense but excluded from the full cost of outputs? (SFFAS 4, par. 103; SFFAS 11, par. 7); . 30. Are other nonproduction costs, such as reorganization costs and nonrecurring clean-up costs resulting from facility abandonment, also excluded from the full cost of outputs and treated as current-period expenses? (SFFAS 4, par. 104). Cost Accounting in General; Interentity Costs (31 - 36): Within the federal government, some reporting entities rely on other federal entities to help them achieve their missions. Often, this involves providing goods or services, with or without reimbursement. The reporting entity generally must account for the full cost of goods or services provided to or received from other federal entities. (SFFAS 4, par. 105 - 106). 31. Does the reporting entity include in its Statement of Net Cost the full costs of goods and services received from other federal entities? (SFFAS 4, par. 105). 32. Does the entity providing goods or services to another reporting entity recognize in its accounting records, as well as disclose to the receiving entity, the full cost of goods and services provided? (SFFAS 4, par. 108; OMB Bull. 97-01 as amended (Jan. 7, 2000) , pp. 26 & 28); 33. Is recognition of interentity costs that are not fully reimbursed limited to material items that have the following attributes?; a. are significant to the receiving entity; b. form an integral or necessary part of the receiving entity's output; c. can be identified or matched to the receiving entity with reasonable precision (SFFAS 4, par. 105 & 112). 34. Are the costs of broad, general support services provided by a federal entity to other federal entities excluded from the costs of the recipient entity unless such services are integral to the receiving entity (e.g., Treasury check-writing services provided for the Social Security Administration)? (SFFAS 4, par. 112). 35. If the receiving entity can not get complete information on the full cost of goods or services provided by another reporting entity, does one of the following apply?; a. The receiving entity uses a reasonable estimate of the cost. b. If an estimate of the cost cannot be made, the estimated market value of the received goods or services is used. (SFFAS 4, par. 109). 36. Are interentity and intra-entity expenses and financing sources eliminated for any consolidated financial statements covering both entities? (SFFAS 4, par. 109). Cost Accounting in General; Costing Methodology (37 - 45); Explanation. Entities are not required to use a particular costing system or costing methodology, but the costing system or methodology used should be appropriate to the entity's operating environment and used consistently. Four examples of acceptable (but not necessarily mutually exclusive) costing methodologies are activity-based costing, job order costing, process costing, and standard costing. (SFFAS 4, par. 144 - 162); Cost accumulation is the process of collecting cost data in an organized way by responsibility segment. (SFFAS 4, par. 117); Cost assignment is a process that identifies accumulated costs with reporting periods and cost objects. Three methods of cost assignment are direct tracing, cause and effect, and allocation that is reasonable and consistent. (SFFAS 4, par. 120, 124 - 137, & app. E); Cost object or cost objective is an activity, output, or item the cost of which is to be measured. (SFFAS 4, par. 121 & app. E). 37. Is the entity's accounting system capable of identifying costs with responsibility segments? (SFFAS 4, par. 118). 38. Are costs related to the production of goods and services provided to other programs (governmental) reported separately from the costs of goods, services, transfers, and grants provided to the public? (OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 26 & 28). 39. Are costs related to the production of outputs reported separately from costs that are not related to the production outputs (i.e., nonproduction costs)? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 26 & 28). 40. Are the costs of resources consumed by responsibility segments classified by type of resource, such as costs of employees, materials, capital, utilities, rent? (SFFAS 4, par. 119). 41. Are data on the quantity of units (e.g., staff days, gallons of gasoline consumed) related to the various cost categories maintained, when appropriate and feasible? (SFFAS 4, par. 119). 42. Are costs assigned to outputs using the methods in the following order of preference?; a. directly tracing costs used in the production of an output, wherever feasible and economically practicable; b. assigning costs on a cause-and-effect basis to, for example, cost pools; c. allocating costs on a reasonable and consistent basis (SFFAS 4, par. 124); 43. For cost allocation purposes, do indirect costs assigned to a given cost pool have similar characteristics? (SFFAS 4, par. 136); 44. Are common costs assigned to activities either on a cause-and-effect basis, if feasible, or through reasonable allocations? (SFFAS 4, par. 139, 140, 142, & 143). 45. Are the full costing methodologies that are most appropriate to a segment's operating environment used and followed consistently, and if improvements or refinements are made, are they documented and explained? (SFFAS 4, par. 145 & 146). Revenues (46 - 69): Revenues are inflows of resources that the government demands, earns, or receives by donation. Revenue comes from two sources: exchange transactions and nonexchange transactions. (SFFAS 7, par. 30); Nonexchange revenues are inflows of resources that the government demands or receives by donation. Nonexchange revenues are primarily derived from the government's power to demand payments from the public (e.g., taxes, duties, fines). (SFFAS 7, par. 30 & 48); Exchange revenues and gains are inflows of resources to a government entity that the entity has earned. They are earned when each party to the transaction sacrifices value and receives value in return. (SFFAS 7, par. 30, 33 & app. C); The gross cost of a program consists of the full cost of the outputs produced by a program plus any nonproduction costs that can be assigned to the program (nonproduction costs are costs linked to events other than the production of goods and services). (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 27); The net cost of operations consists of gross cost less related exchange revenues (or in this context, the cost of the entity to the taxpayer). (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 27). 46. Are earned revenues deducted from the gross costs of suborganizations and programs if practical and possible and, if not, from the costs of the entity as a whole? (OMB Bull. 97-04 as amended (Jan. 7, 2000), p. 29). 47. In its Statement of Net Costs, does the entity show the following?; a. the gross cost of providing goods or services that earned exchange revenue; b. exchange revenue earned; c. the resulting difference between a and b to determine net costs (SFFAS 7, par. 43 & 120 - 125; SFFAS 7 Imple. Guide, par. 7, 8 & 42 - 47; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 26 & 27, 5[TH] par.). 48. Does the entity also break out the gross costs of providing goods, services, benefit payments, or grants that did not earn exchange revenue? (SFFAS 7, par. 43 & 120; SFFAS 7 Imple. Guide, par. 32, 33, & 41; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 27); . 49. Is the net amount of gains (or losses) subtracted from (or added to) the gross cost to determine net cost? (SFFAS 7, par. 44); . 50. If exchange (or earned) revenue is immaterial or cannot be associated with a particular output or program, is it reported separately, as appropriate, as a deduction in arriving at net cost of the program, suborganization, or reporting entity as a whole? (SFFAS 7, par. 44, SFFAS 7 Imple. Guide, par. 45. 6; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 29). 51. Are nonexchange revenues and other financing sources excluded from calculating net cost? (SFFAS 7, par. 44). 52. If the entity incurs virtually no cost in connection with earning exchange revenue, is such revenue not recognized in the Statement of Net Cost, but shown as a financing source on the Statement of Changes in Net Position or (if appropriate) Statement of Custodial Activity? (SFFAS 7, par. 45. A & 140 - 146; SFFAS 7 Imple. Guide, par. 50 - 58); . 53. If the collecting entity transfers exchange revenue to a second entity, does the second entity follow similar revenue recognition (i.e., match revenues against actual costs unless no costs are incurred)? (SFFAS 7, par. 45. B). 54. Is the full amount of exchange revenues reported regardless of whether the entity is permitted to retain the revenues? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 29, 1[ST] par.). 55. Does a reporting entity that provides goods or services to the public or other government entity disclose the following in a note or narrative?; a. a pricing policy that differs from the full cost or market pricing guidance set forth in OMB Circular No. A-25 and the possible effect on demand and revenue if prices were raised to reflect the market or full cost; b. prices set by law or executive order that are not based on full cost or market price and the possible effect on demand and revenue if prices were raised to reflect the market or full cost; c. the nature of intragovernmental exchange transactions in which goods or services are provided free or at less than full cost and the reasons for disparities between billing and full cost; d. the full amount of any expected loss when specific goods or services are provided or made to order under a contract and a loss is both probable and measurable (SFFAS 7, par. 46, 47, & 163 - 167) 56. Is custodial collected nonexchange revenue, that is legally retained by the collecting entity as reimbursement for the cost of collection, recognized as exchange revenue in determining the collecting entity's net cost of operations? (SFFAS 7, par. 60.3). 57. Is revenue received from the public or other government entity in return for providing goods or services recognized and reported in the Statement of Net Cost as earned or exchange revenue? (SFFAS 7, par. 34, 35, 36 (a) & (c), 270, & 271; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 29). 58. Is exchange revenue broken out by major category and linked, where possible, to the net costs of related outputs, programs, organizations, or suborganizations in the Statement of Net Cost? (SFFAS 7, par. 43; SFFAS 7 Imple. Guide, par. 42 - 47; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 29). 59. If an exchange transaction is likely to be unusual or nonrecurring for a particular entity, is a gain or loss recognized rather than a revenue or expense? (SFFAS 7, par. 35, 133, 238, 329 & 330). 60. If specific goods or services are made to order under terms of a contract, is exchange revenue (and any probable loss or gain) recognized in proportion to costs of goods and services acquired to fulfill the contract? (SFFAS 7, par. 36(b)). 61. When goods are kept in inventory so that they are available to customers when ordered, is exchange revenue recognized when the goods are delivered to the customer? (SFFAS 7, par. 36(c)). 62. If services are rendered continually or the right to use an asset extends continually over time, is exchange revenue recognized in proportion to the passage of time or the use of the asset? (SFFAS 7, par. 36(d)). 63. Is interest received on intragovernmental loans recognized as exchange revenue if the source of borrowed funds is predominately exchange revenue? (SFFAS 7, par. 36(d) & 154 - 161). 64. When an asset other than inventory is sold, is any gain (or loss) recognized when the asset is delivered to the purchaser? (SFFAS 7, par. 36(e)). 65. When advance fees or payments are received, such as for large-scale, long-term projects, is revenue recognized only as the cost of providing the corresponding goods and services? (SFFAS 7, par. 37 & 113 - 119); . 66. Is the measurement for revenue from exchange transactions based on the actual price received or receivable under established pricing arrangements? (SFFAS 7, par. 38). 67. If the realization of the full amount of exchange revenue is not probable due to credit losses, is an expense recognized and is the allowance for bad debts increased? (SFFAS 7, par. 40); . 68. If recognized exchange revenue is not likely to be realized for reasons apart from credit losses (e.g., returns and allowances), is the probable amount recognized as a revenue adjustment? (SFFAS 7, par. 41 & 129). 69. Is exchange revenue recognized regardless of whether the entity retains the revenue for its own use or transfers it to other entities? (SFFAS 7, par. 43). Costs; Pensions and Other Retirement and; Postemployment Benefits (70 - 94): Pension benefits include all retirement, disability, and survivor benefits financed through a pension plan, including unfunded pension plans. Required federal payments to social insurance plans (i.e., Social Security and Medicare) and matching federal payments to defined contribution pension plans are also considered to be plan expenses. (SFFAS 5, par. 61); Costs of pensions and other retirement benefits (ORB), whether they are paid for in part or in total by other governmental entities, are included in the costs of program outputs. (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 28); Recognition of other postemployment benefits (OPEB) is linked to the occurrence of an OPEB event rather than the production of an output. OPEB costs are generally treated as period expenses. Special-purpose cost studies may distribute OPEB costs over a number of prior years to determine the cost of outputs OPEB recipients helped produce. (SFFAS 4, par. 96 & 97); In accounting for pensions, (ORB), and OPEB, the "administrative entity" typically manages and accounts for the related assets and liabilities. The "employer entity" accounts for the related costs of pensions, ORB and OPEB. For these costs the employer entity receives a salary and expense appropriation, imputes a financing source, or both. (SFFAS 5, par. 57, footnote 38, & par. 78 & 93); The "aggregate entry age normal" actuarial cost method is one under which the expenses or liabilities arising from the actuarial present value of projected pension benefits is allocated on a level basis over the earnings or the service of the group between entry age and assumed exit ages. The portion of the actuarial present value of pension plan and benefits and expenses that is allocated to a valuation year is called "normal cost" (SFFAS 5, par. 64 & app. E). 70. Are pensions and ORB recognized as expenses at the time of employment? (SFFAS 5, par. 59). 71. Is the "aggregate entry age normal" actuarial cost method (or other actuarial cost method, if the results are not materially different and an explanation is provided) used to calculate pension expense, the liability for the administrative entity financial statements, and the expense for the employer entity financial statements? (SFFAS 5, par. 64). 72. When using the "aggregate entry age normal" actuarial cost method, does the entity allocate pension expenses on the basis of a level percentage of earnings? (SFFAS 5, par. 64). 73. Does the administrative entity base its actuarial assumptions for pension plans on the experience of the covered groups, long-term trends, and guidance of the American Academy of Actuaries? (SFFAS 5, par. 65). 74. Does the administrative entity base its interest rate assumptions on the estimated long-term investment yield for a pension plan or, if the plan is not being funded, on some other appropriate long-term assumption (e.g., the federal long-term borrowing rate)? (SFFAS 5, par. 66). 75. Does the administrative entity disclose the assumptions used to calculate pension benefit expenses? (SFFAS 5, par. 67); 76. When a new pension plan is initiated or current one amended, does the administrative entity immediately recognize all past service costs or gains as well as all actuarial gains and losses, without amortization? (SFFAS 5, par. 69 & 70). Normal cost or service cost is the actuarial present value of benefits attributed by the pension plan's benefit formula to services rendered by employees during an accounting period. (SFFAS 5, par. 74, footnote 45). 77. Does the administrative entity disclose the following components of reported pension benefit expenses?; a. normal cost; b. interest on pension liability during the period; c. prior service cost from plan amendments (or the initiation of a new plan) during the period, if any; d. actuarial gains or losses during the period, if any (SFFAS 5, par. 71 & 72; OMB Bull. 97-01 as amended (Jan. 7, 2000), note 13, p. 70); 78. Does the administrative entity report pension plan revenue for the sum of contributions from the following entities?; a. the employer; b. its employees; c. financing from the general fund to cover prior service or other costs for which contributions were not provided by the employer or employee; d. interest on the plan's investments (SFFAS 5, par. 73 & 78). 79. In the financial report, does the employer entity recognize a pension expense report that equals the service cost for its employees for the accounting period, less the amount contributed by the employees, if any? (SFFAS 5, par. 74, 77, & 78). 80. Is the employer entity's pension expense balanced by either of the following?; a. a decrease to its "fund balance with Treasury" for the amount of its contribution to the pension plan, if any; b. an increase to an account representing an intragovernmental imputed financing source (e.g., "imputed financing - expenses paid by other agencies") (SFFAS 5, par. 75). 81. If the employer entity is also the administrative entity, does it also report the liability and recognize the expense for all components of the pension plan's cost? (SFFAS 5, par. 71 & 76). ORB includes all retirement benefits other than pension benefits. The predominant ORB in the federal government is retirement health benefits. (SFFAS 5, par. 58 & 79). 82. Is the "aggregate entry age normal" actuarial cost method (or other actuarial cost method, if the results are not materially different and an explanation is provided) used to calculate the ORB expense and liability for the administrative entity financial statements and the expense for the employer entity financial statements? (SFFAS 5, par. 82 & 88). 83. Are expenses and other liabilities attributable to ORB expenses allocated based on the service rendered by each employee? (SFFAS 5, par. 82 & 83). 84. Do the amounts calculated for financial reports prepared for ORB plans reflect the following?; a. general actuarial and economic assumptions that are consistent with those used for pensions; b. a health care cost trend assumption that is consistent with Medicare projections or other authoritative sources appropriate for the population covered by the plan (SFFAS 5, par. 83). 85. Does the administrative entity discount the projected ORB costs at the rate of expected return of plan assets, if the plan is being funded, or on some other long-term assumptions (e.g., the long-term federal government borrowing rate) for unfunded plans? (SFFAS 5, par. 84); . 86. Does the administrative entity disclose the assumptions used to calculate projected ORB costs? (SFFAS 5, par. 83). 87. Is the accrual period for ORB based on the expected retirement age rather than the age when the employee becomes eligible for pension benefits? (SFFAS 5, par. 84). 88. When a new ORB plan is initiated or current one amended, does the administrative entity immediately recognize all past and prior service costs or gains as well as all actuarial gains and losses, without amortization? (SFFAS 5, par. 86 & 87). 89. Does the administrative entity disclose the following components of reported ORB (e.g., health insurance) expenses?; a. normal cost; b. interest on the ORB liability during the period; c. prior (and past) service cost from plan amendments (or the initiation of a new plan) during the period, if any; d. any gains/losses due to a change in the medical inflation rate assumption; e. other actuarial gains or losses during the period, if any (SFFAS 5, par. 88; OMB Bull. 97-01 as amended (Jan. 7, 2000), note 13, p. 70). 90. Does the administrative entity report ORB revenue for the sum of contributions from the employer entity and its employees? (SFFAS 5, par. 89). 91. Does the employer entity recognize ORB expenses on a per employee basis in its financial report as the net of normal cost and employee contributions? (SFFAS 5, par. 90 & 93). 92. If the employer entity is also the administrative entity, does it also report the liability and recognize the expense for all components of the pension plan's cost? (SFFAS 5, par. 88 & 92). OPEB are provided to former or inactive employees, beneficiaries, and covered dependents outside pension or ORB plans. Postemployment benefits can include salary continuation, severance benefits, counseling and training, continuation of health care or other benefits, unemployment workers' compensation, and veterans' disability compensation benefits paid by the employer. (SFFAS 4, par. 96; SFFAS 5, par. 57). 93. Are OPEB expenses recognized as an expense at the time the benefit is provided? (SFFAS 5, par. 59). 94. Does the employer recognize an expense and a liability for OPEB - such as severance pay, training, and health care - when a future outflow or other sacrifice of resources is probable (i.e., more likely than not) and measurable? (SFFAS 5, par. 94 & 95). Costs; Inventory, Material, Supplies, and Commodities (95 - 103); Explanation. 95. Upon sale or use, is the cost of inventory expensed and removed from the inventory asset account? (SFFAS 3, par. 19). 96. To arrive at the historical cost of ending inventory and cost of goods sold, is one of the following cost flow assumptions used?; a. first-in, first-out; b. weighted average; c. moving average; d. any other valuation method (such as a standard cost system) whose results reasonably approximate a, b, or c (SFFAS 3, par. 22). 97. Are operating materials and supplies expensed using the consumption method (i.e., reported as an operating expense as they are issued to the end user for current operations)? (SFFAS 3, par. 38 & 39); 98. Are operating materials and supplies expensed upon purchase if they meet one of the following attributes?; a. they are of insignificant amounts; b. they are in the hands of the end user for use in normal operations; c. it is cost effective to immediately expense rather than to capitalize (i.e., apply the purchase method rather than the consumption method of accounting) (SFFAS 3, par. 40 & 41); 99. Are inventory and operating materials acquired through a nonmonetary exchange valued at the fair value of the items received at the time of the exchange, and is the difference between the fair value of the acquired items and the recorded amount surrendered reported as a gain or loss? (SFFAS 3, par. 21 & 43). 100. Are abnormal costs associated with inventory and operating materials and supplies, such as excessive handling or rework costs, charged to operations of the period? (SFFAS 3, par. 21 & 43). 101. Are any unrealized gains or losses, which are reflected in periodic inventory or operating materials and supplies revaluations, captured in a designated allowance account? (SFFAS 3, par. 17, 23 & 24); 102. Is the cost of stockpile materials removed from the corresponding asset account and reported as an operating expense when issued for use or sale? (SFFAS 3, par. 52). 103. Are abnormal costs of stockpile materials, such as excessive handling and rework costs, expensed in current operations? (SFFAS 3, par. 53); A common expense related to PP&E that is included in the Statement of Net Cost is depreciation. Other current expenses related to PP&E are all costs of acquiring and maintaining federal mission and heritage PP&E and stewardship land. (SFFAS 6, par. 35, 53, 61, & 69); Depreciation expense is calculated through systematic and rational allocation of the cost of general PP&E, less its estimated salvage or residual value, over its estimated useful life. (GAO/AIMD-21.1.1 SFFAS 6, par. 35). 104. Is depreciation of general PP&E recognized as an expense of the period? (SFFAS 6, par. 35). 105. If historical cost information has not been maintained for existing general PP&E, does the entity depreciate or amortize the estimated residual values over its remaining useful life in a systematic and rational manner? (SFFAS 6, par. 35, 40, & 41). 106. In an exchange transaction with a nonfederal entity, is the difference between the book value (i.e., cost less accumulated depreciation) of general PP&E surrendered and the cost of PP&E acquired recognized as either a gain or a loss? (SFFAS 6, par. 32). 107. In the event that cash consideration is included in the exchange, is the cost of general PP&E either increased by the amount of cash consideration surrendered or decreased by the amount of cash consideration received? (SFFAS 6, par. 32). 108. Is the expected net realizable value of a general PP&E asset that has been prematurely removed from service adjusted at the end of each accounting period, and is any adjustment made recognized as either a gain or loss? (SFFAS 6, par. 39). 109. When assets have been removed from general PP&E in anticipation of disposal, retirement, or removal from service, has the entity stopped recording depreciation and amortization expenses for such assets? (SFFAS 6, par. 38). 110. Is the cost of acquiring, constructing, improving, reconstructing, or renovating --as well as the cost incurred to bring national defense PP&E to its current condition and location --recognized as an expense on the Statement of Net Cost when incurred, and is this disclosed in the notes as a "cost of national defense PP&E?" (SFFAS 6, par. 53 & SFFAS 8, par. 65-67, & 119; SFFAS 11, par. 7 & 16; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 28 & 73, 1[ST] par.). 111. Are costs to acquire, improve, reconstruct, or renovate heritage assets, other than multiuse heritage assets, recognized on the Statement of Net Cost for the period in which the costs are incurred? (SFFAS 16, par. 8; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 28 & 73). 112. Do the recognized costs of heritage assets also include all costs incurred during the period to bring the items to their current condition? (SFFAS 16, par. 8). 113. If the fair value of donated or bequeathed heritage assets is not known or reasonably estimable, is information as to the type and quantity of assets received disclosed? (SFFAS 16, par. 10; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 73, 2[ND] par.). 114. Are costs to acquire, as well as costs incurred to bring the stewardship land to its current condition or intended use, recognized as a cost of the period incurred and disclosed as "Cost of Stewardship Land?" (SFFAS 6, par. 69 & 73; SFFAS 8, par. 77 & 119; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 29, 4[TH] par. & 73, 1st par.); . 115. Is the fair value, if known and material, of stewardship land acquired through donation or devise disclosed in notes to the Statement of Net Cost? (SFFAS 6, par. 71; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 73, 2[ND] par.). 116. If the fair value of donated or willed stewardship land is not estimable, is information as to the type and quantity of assets received disclosed in notes to the Statement of Net Cost, if material? (SFFAS 6, par. 71; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 73, 2[ND] par.). 117. If land included in general PP&E is transferred to another federal entity to be used as stewardship land, is the cost to the receiving entity of the transferred land recognized at the book value on the transferring entity's books? (SFFAS 6, par. 72). 118. If the receiving entity does not know the book value of the transferred land, is the transfer disclosed in the notes to the Statement of Net Cost, if material? (SFFAS 6, par. 72). Costs; Clean-up Costs (119 - 127): Clean-up costs are the costs of removing, containing, or disposing of (1) hazardous waste from property or (2) material or property that consists of hazardous waste upon permanent or temporary closure or shutdown of associated PP&E. Clean-up costs may include, but are not limited to, decontamination, decommissioning, site restoration, site monitoring, closure, and postclosure costs (SFFAS 6, par. 85 & 87). 119. When general PP&E is placed into service, does the entity estimate the associated clean-up costs? (SFFAS 6, par. 94). 120. In estimating clean-up costs and liability, has the entity considered the following?; a. the level of restoration to be performed; b. current legal and regulatory requirements; c. current technology; d. current costs (i.e., the costs of acquiring during the current period all goods and services included in the clean-up estimate) (SFFAS 6, par. 95); 121. Are estimated clean-up costs periodically revised to account for material changes due to inflation or deflation and changes in regulations, plans, or technology? (SFFAS 6, par. 96 & 189); 122. When general PP&E is placed into service, does the entity do the following?; a. estimate and disclose total clean-up costs; b. apportion clean-up costs over the useful life of the asset in a rational and systematic manner, based on the physical capacity of the PP&E or, if physical capacity is not useful or estimable, on the estimated useful life; c. begin expensing and accumulating a liability on a pro rata basis for unfunded clean-up expenses (SFFAS 6, par. 97-98, 186, 188, & 234- 239). 123. If clean-up costs are reestimated, are the cumulative changes related to current and past operations of general PP&E immediately recognized as an expense and is the corresponding liability adjusted? (SFFAS 6, par. 99 & 190). 124. When stewardship PP&E is placed into service, does the entity expense the total estimated clean-up costs and establish a liability in the period the asset is placed into service? (SFFAS 6, par. 101); . 125. If clean-up costs for stewardship PP&E are reestimated, are any adjustments to the liability associated with clean-up costs expensed in the period of the change in estimate? (SFFAS 6, par. 102); . 126. Are payments for clean-up costs for stewardship PP&E recognized as a reduction in the liability for clean-up costs? (SFFAS 6, par. 103); 127. Does the entity disclose the following?; a. the applicable laws and regulations covering clean-up requirements; b. the method for assigning estimated total clean-up costs to current operating periods (e.g., physical capacity versus passage of time); c. the unrecognized portion of estimated total clean-up costs for clean-up costs associated with general PP&E; d. material changes in total estimated clean-up costs due to changes in laws, technology, or plans, as well as the portion of the change in clean-up cost estimates that relate to prior-period operations; e. the nature of estimates and information regarding possible changes due to inflation, deflation, technology, or applicable laws and regulations (SFFAS 6, par. 107 - 111: OMB Bull. 97-01 as amended (Jan. 7, 2000), p . 71, note 17) Costs; Interest (128 -129): Interest costs are generally related to securities and other debt instruments issued by the U.S. Treasury or other federal agencies. (SFFAS 5, par. 47 - 48). 128. Does the related interest cost of federal debt include the following?; a. the accrued (prorated) share of the nominal interest incurred during the accounting period; b. the amortized discounts or premiums for each accounting period for fixed value securities; c. the amount of change in the current value for the accounting period for variable value securities (SFFAS 5, par. 53). 129. If securities are retired before maturity, is the difference between the reacquisition price and net carrying value recognized as a gain or loss? (SFFAS 5, par. 54). Costs; Insurance and Subsidies (130 -133): Federal insurance and guarantee programs are established to subsidize providing insurance to achieve social objectives or assume risks that private sector entities are unwilling or unable to assume. For life insurance, a premium deficiency occurs if the liability for future policy benefits using current conditions exceeds the liability for future policy benefits using contract conditions. (SFFAS 5, par. 97, 102, & 120). 130. If an insured event has occurred as of the financial statement reporting date, has the federal entity recognized an expense and, if the claim has not been paid, a liability? (SFFAS 5, par. 104 & 109); 131. Are changes in estimates of claims resulting from: (1) the present value calculations, (2) the continual review process, and (3) differences between the estimates and actual payments for claims, recognized as charges against operations of the period in which the estimates are changed or payments are made? (SFFAS 5, par. 109); 132. If the liability for future [life insurance] policy benefits using current conditions exceeds the liability for future policy benefits under contract conditions (resulting in a premium deficiency), is the difference recognized as a change to operations in the current period? (SFFAS 5, par. 120). 133. Does the entity recognize an expense for social insurance benefits paid during the reporting period plus any increase (or less any decrease) in the liability for social insurance from the end of the prior-period to the end of the current period? (SFFAS 17, par. 22 & 59); Costs; Credit Programs (134 - 182): In accordance with the Credit Reform Act of 1990, a subsidy expense is recognized for direct or guaranteed loans disbursed during the fiscal year. The amount of the subsidy expense equals the present value of estimated cash outflows over the life of the loans minus the present value of the estimated cash inflows. The discount rate used to calculate the present value is the average interest rate on marketable Treasury securities of similar maturity to the cash flows of the direct loan or loan guarantee for which the estimate is being made (SFFAS 2, par. 6, 7, 24, 30 & 31; SFFAS 19, par. 6, 7 (a) & (b) ). 134. Are the following true of the present values of estimated net cash outflows resulting from the post-1991 direct or loan guarantee programs?; a. They are discounted at the interest rate of marketable Treasury securities with similar maturities. b. They are recognized as expenses in the year the loan is disbursed. (SFFAS 2, par. 24 & app. B, part I A; SFFAS 19, par 6). 135. Are the following components of estimated subsidy costs (and offsetting receipts) of post-1991 loans and guarantees separately recognized and disclosed?; a. the interest subsidy costs; b. default costs; c. the present value of fees and other collections; d. other subsidy costs (SFFAS 2, par. 25 - 29, & app. B, part I A & III A; OMB Bull. 97-01 as amended (Jan. 7, 2000), items H & I, pp. 53, 54, 57, & 58); 136. Is the subsidy cost allowance for post-1991 direct loans amortized using the interest method? (SFFAS 2, par. 30, app. B, part I B(2); SFFAS 19, par. 7(a) ). 137. If the effective interest for post-1991 direct loans is less than the nominal interest, is the subsidy cost allowance increased by the difference and recognized as a reduction in interest income? (SFFAS 2, par. 30 & app. B, part I B(2); SFFAS 19, par. 7(a) ). 138. If the effective interest for post-1991 direct loans is greater than the nominal interest, is the subsidy cost allowance decreased by the difference and recognized as an increase in interest income? (SFFAS 2, par. 30 & app. B, part I B(2); SFFAS 19, par. 7(a)). 139. Is interest accrued and compounded on the liabilities of post-1991 loan guarantees at the interest rate that was originally used to calculate the present value of the loan guarantee liabilities when the guaranteed loans were disbursed? (SFFAS 2, par. 31 & app. B, part III B(2)); . 140. Is the interest accrued and compounded on the liabilities of post-1991 direct loan guarantees recognized as an interest expense? (SFFAS 2, par. 31 & app. B, part III B(2)). Two kinds of reestimates for the subsidy cost allowance for outstanding direct loans and the liability for outstanding loan guarantees are (1) interest rate reestimates and (2) technical/default reestimates. An interest rate reestimate results from changing the interest rates from those that were assumed in budget preparation and used in calculating the subsidy expense to the interest rates that are prevailing during the periods in which the direct or guaranteed loans are disbursed. A technical/default reestimate results from changes in projected cash flows of outstanding direct loans and loan guarantees after reevaluating the underlying assumptions and other factors (except for interest rate reestimates) that affect cash flow projections as of the financial statement date. (SFFAS 18, par. 9); Cohort, as it is used here, is a budget term that refers to all direct loans or loan guarantees of a program for which a subsidy appropriation is provided for a given fiscal year, even if disbursements occur in subsequent years. For direct loans and loan guarantees for which a subsidy appropriation is provided for one fiscal year, the cohort will be defined for that fiscal year. For direct loans and loan guarantees for which multiple year or no-year appropriations are provided, the cohort is defined by the year of obligation. (SFFAS 18, glossary). 141. Does the entity measure and disclose reestimates of allowances for subsidy costs of post-1991 loans and liabilities for guarantees in two components separately, specifically: the interest rate reestimate and the technical/default reestimate? (SFFAS 18, par. 9). 142. Is any increase (or decrease) in the subsidy cost allowance of post- 1991 direct loans or loan guarantee liabilities resulting from the reestimates recognized as a subsidy expense (or a reduction in subsidy expense)? (SFFAS 2, par. 32 & app. B, parts I B(1) & III B(I); SFFAS 18, par. 9; OMB Bull. 97-01 OMB Bull. 97-01 as amended (Jan. 7, 2000), item H. 2, pp. 52 & 57 & item I. 2, pp. 54 & 58). 143. If the assumed interest rates used in calculating the subsidy expenses for cohorts from which direct or guaranteed loans are disbursed differs from the rates prevailing at the time of the loan disbursement, is an interest rate reestimate for those cohorts made as of the date of the financial statements? (SFFAS 18, par. 9 (A)). 144. Do technical/default reestimates take into consideration all factors that may have affected various components of projected cash flows, including defaults, delinquencies, recoveries, and prepayments? (SFFAS 18, par. 9 (B)). 145. Are technical/default reestimates for each cohort made each year as of the date of the financial statements? (SFFAS 18, par. 9 (B)); 146. In a note to the financial statement, does the entity display reconciliation between the beginning and ending balances of the following?; a. the subsidy cost allowances for outstanding direct loans; b. the liability for outstanding loan guarantees reported in the entity's balance sheet (SFFAS 18, par. 10, 18 - 30, & app. B). 147. Does the reconciliation of beginning and ending subsidy cost allowances and loan guarantee liability balances include changes in the following?; a. interest subsidy costs, default costs, fees and other collections, and other subsidy costs; b. interest rate and technical/default restimates; c. other adjustments (SFFAS 2, par. 25 - 29; SFFAS 18, par. 10 & app. B). 148. For direct loans, do other adjustments include loan modifications, fees received, loans written off, foreclosed property or other recoveries acquired, and subsidy allowance amortization? (SFFAS 18, par. 10 & app. B, schedule A). 149. For loan guarantees, do other adjustments include loan guarantee modifications, fees received, interest supplements paid, claim payments made to lenders, foreclosed property or other recoveries acquired, and interest accumulated on the loan guarantee liability? (SFFAS 18, par. 10 & app. B, schedule B). 150. In its notes to the financial statements, does the entity include a description of the characteristics of the program it administers, including the following?; a. the total amount of direct or guaranteed loans disbursed for the current and preceding reporting years; b. interest subsidy costs, default costs, fees and other collections, and other subsidy costs; c. interest rate and technical/default restimates (SFFAS 2, par. 25 - 29; SFFAS 18, par. 10 & 11 (A)). 151. Does the reporting entity disclose, at the program level, the subsidy rates for the following?; a. interest subsidy costs; b. default costs (net of recoveries); c. fees and other collections; d. other costs estimated for direct loans and loan guarantees in the current year's budget for the current year's cohorts (SFFAS 18, par. 11 (B), 31 & 33 - 38). 152. If the entity uses trend data to display significant fluctuations in subsidy rates, are these data accompanied by an analysis that explains the underlying causes for the fluctuations? (SFFAS 18, par. 11 (B) & 32). 153. Does the reporting entity disclose, discuss, and explain events and changes in economic conditions, other risk factors, legislation, credit policies, and subsidy estimation methodologies and assumptions that have had a significant and measurable effect on subsidy rates, subsidy expenses, and subsidy reestimates? (SFFAS 18, par. 11 (C), 39, 41, & 43 - 49). 154. Do changes in legislation or credit policies include, for example, changes in borrowers' eligibility, the levels of fees or interest rates charged to borrowers, the maturity of loan terms, and the percentage of a private loan that is guaranteed? (SFFAS 18, par. 11 (C) & 42); 155. Does the disclosure and discussion also include events and changes that have occurred and are more likely than not to have a significant impact, but whose effects are not measurable at the reporting date? (SFFAS 18, par. 11 (C) & 41). 156. Are default costs estimated and periodically reestimated for each post- 1991 loan and loan guarantee program on the basis of separate cohorts and risk categories? (SFFAS 2, par. 33). 157. In estimating default costs, has the entity considered the following factors?; a. loan performance experience; b. the current and forecasted international, national, or regional economic conditions that may effect the performance of the loans; c. financial and other relevant characteristics of borrowers; d. the value of collateral to loan balance; e. changes in recoverable value of collateral; f. newly developed events that could affect the loans' performance; g. improvements in methods to reestimate defaults (SFFAS 2, par. 34). 158. In estimating and reestimating current and projected future default costs for each group, cohort, and risk category of loan and guarantee, has the agency used a consistent and systematic methodology?; (SFFAS 2, par. 35 & 36). 159. Are unbudgeted subsidy expenses resulting from reestimates disclosed in a note to the financial statements? (OMB Bull. 97-01 OMB Bull. 97-01 as amended (Jan. 7, 2000), item K, p. 58). 160. Is interest (at the discount rate in effect when the loans were first disbursed) accrued on post-1991 direct loans, including amortized interest, recognized as interest income? (SFFAS 2, par. 37 & app. B, part I B(2) & C). 161. Is interest (at the original discount rate) accrued on debt to the Treasury arising from post-1991 direct loans recognized as interest expense? (SFFAS 2, par. 37 & app. B, part I B(2) & C); 162. Is interest (at the discount rate in effect when the loans were first disbursed) accrued on liability of post-1991 loan guarantees recognized as interest expense? (SFFAS 2, par. 37 & app. B, part III B(2) & C); 163. Is interest (at the original discount rate) due from the Treasury on uninvested funds associated with post-1991 loan guarantee liabilities recognized as interest income? (SFFAS 2, par. 37 & app. B, part III B(2) & C). 164. Are costs for administering credit activities (such as salaries, legal fees, and servicing) incurred in support of direct loan and guaranteed loan programs recognized as administrative expenses and not included in direct loan and loan guarantee subsidy costs? (SFFAS 2, par. 38 & app. B, part I C). 165. Are administrative expenses for loans and guarantees broken out and disclosed by program, if material? (OMB Bull. 97-01 OMB Bull. 97-01 as amended (Jan. 7, 2000), note 7, item J, pp. 54 & 58). 166. Are losses (as well as valuation allowances and corresponding liabilities) of direct loans obligated and loan guarantees committed before October 1, 1992, recognized when it is likely that the direct loans will not be totally collected or that the loan guarantees will require a future cash outflow to pay default claims? (SFFAS 2, par. 39). 167. If, at the time of the foreclosure, the expected net realizable value of pre-1992 foreclosed property is less than the cost (i.e., the carrying amount of the loan), is the loss charged to operations and tracked in a valuation allowance account? (SFFAS 3, par. 86); . 168. If the pre-1992 foreclosed asset's net realizable value subsequently increases or decreases, does the entity credit or charge this amount to results of operations and adjust the valuation allowance? (SFFAS 3, par. 86). 169. Upon sale, is any difference between the net carrying amount of foreclosed property and the net proceeds of the sale recognized as a component of operating results? (SFFAS 3, par. 89). 170. For post-1991 foreclosed property, is interest income accrued from the previous periodic adjustment in the carrying amount up to the sale date? (SFFAS 3, par. 89). 171. Is the resulting difference between the adjusted carrying amount of the post-1991 foreclosed property and the net sales proceeds recognized as a reestimate of "subsidy expense?" (SFFAS 3, par. 89); 172. For pre-1992 foreclosed property, is the difference between the carrying amount and net sales proceeds recognized as a gain or a loss on the sale of foreclosed property? (SFFAS 3, par. 89); The cost of the modification is the excess of the premodification value of a direct loan (or postmodification liability of loan guarantees) over the postmodification value of a direct loan (or premodification liability of loan guarantees), both of which have been discounted at the Treasury rate in effect when the modification occurred. (SFFAS 2, par. 45, notes 3 & 4 & par. 49, notes 6 & 7; SFFAS 19, par. 6); When a loan or loan guarantee is modified, the book value of a direct loan will generally decrease, while the liability for a loan guarantee will typically increase. The book value of the loan or guarantee is discounted at the Treasury rate originally used to calculate the present value of the direct loan or loan guarantee liability when the loan was originally disbursed. (SFFAS 2, par. 48 & 50, app. B parts I D (4 & 5), II B (4), III B (4), & IV B (4) ); A gain from a modification occurs when the cost of a modification is greater than the decrease in book value of a direct loan (or increase in the liability of a loan guarantee). (SFFAS 2, par. 46, par. 48 note 5, par. 50 & par. 52 footnote 8; SFFAS 19, par. 7 ); Conversely, a loss from a modification occurs when the cost of a modification is less than the decrease in book value of a direct loan (or increase in the liability of a loan guarantee) that was discounted at the Treasury rate in effect when the loan was made. (SFFAS 2, par. 46, par. 48 note 5, par. 50 & par. 52 note 8; SFFAS 19, par. 7); A sale of a post-1991 loan and pre-1992 direct loan is treated as a direct modification of the loans sold. The cost of modification is determined on the basis of the premodification value of the loans sold. (SFFAS 2, par. 53 & 54). 173. If pre-1992 or post-1991 loans are modified, is the excess of the premodification value over the post-modification value0 recognized as a modification expense or cost? (SFFAS 2, par. 45 & app. B, parts I D(1 - 3) & II B(1 - 3)). 174. If the cost of modifying pre-1992 or post-1991 loans is greater than the decrease in the loans' book value1, is the difference recognized as a gain? (SFFAS 2, par. 48 & app. B, parts I D(4 & 5) & II B (4 & 5)); . 175. If the cost of modifying pre-1992 or post-1991 loans is less than the decrease in the loans' book value, is the difference recognized as a loss? (SFFAS 2, par. 48 & app. B, parts I D(4 & 5), & part II B(4 & 5)); . 176. If pre-1992 or post-1991 loan guarantees are modified, is the excess of the postmodification liability2 over the premodification liability recognized as a modification expense? (SFFAS 2, par. 49 & app. B, parts III D(1 - 3), & IV B (1 - 3)). 177. If the premodification value of post-1991 and pre-1992 loans sold exceeds the net proceeds from the sale, is the excess treated as the cost of modification and recognized as a modification expense? (SFFAS 2, par. 45 & 53 & app. B, part I F(1)). 178. If a loan is sold with recourse, are estimated losses recognized as a subsidy expense and loan guarantee liability? (SFFAS 2, par. 54); . 179. If the cost of modifying pre-1992 or post-1991 loan guarantees is greater than the increase in the book value of the related loan guarantee liabilities,5 is the difference recognized as a gain? (SFFAS 2, par. 52 & app. B, parts III D (4 & 5) & IV B (5)). 180. If the cost of modifying pre-1992 or post-1991 loan guarantees is less than the increase of the related loan guarantee liabilities, is the difference recognized as a loss? (SFFAS 2, par. 52 & app. B, parts III D(4 & 5) & IV B (5)). 181. If the modification expense arising from a loan sale is greater than the book value loss, is the difference recognized as a gain? (SFFAS 2, par. 55 & app. B, part I F(2)). 182. If the modification expense arising from a loan sale is less than the book value loss, is the difference recognized as a loss? (SFFAS 2, par. 55 & app. B, part I F (2)). Section V: Statement of Changes in Net Position: The 37 questions in this section are related to the Statement of Changes in Net Position: Question Numbers: 1. Net Cost of Operations: 1 - 2: 2. Appropriations Used: 3 - 4: 3. Taxes and Other Nonexchange Revenues: 5 - 12: 4. Donations: 13: 5. Imputed Financing: 14: 6. Transfers: 15 - 18: 7. Modifications: 19 - 24: 8. Prior-period Adjustments: 25 - 31: 9. Unexpended Appropriations: 32 - 33: 10. Net Position: 34 - 37: Changes in Net Position (1 - 37): The Statement of Changes in Net Position reports the beginning net position, the items that caused net position to change during the reporting period, and the ending net position. (SFFAS 7 Imple. Guide, par. 63; OMB 97-01 as amended (Jan. 7, 2000), p. 32). 1. Does the amount reported for "net cost of operations" correspond to the amount reported on the current year's Statement of Net Cost? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 32). 2. Is nonexchange revenue recognized as a financing source in calculating the net results of operations (and not as a deduction in determining the net cost of operations)? (SFFAS 7, par. 60). 3. Are "appropriations used" recognized as a financing source in determining the net results of operations when, under authority of the appropriation, goods and services are received or benefits or grants are provided? (SFFAS 7, par. 72, 212, 214, 331, & 332; OMB 97-01 as amended (Jan. 7, 2000), p. 32). 4. Do appropriations used exclude the following appropriations?; a. appropriations of dedicated tax receipts and donations; b. appropriations used by collecting entities to provide refunds of monies deposited to Treasury or trust funds; c. appropriations used for repayment of debt (SFFAS 7, par. 332; OMB 97-01 as amended (Jan. 7, 2000), p. 32). 5. Does the entity recognize taxes and other nonexchange revenues to which it is legally entitled and which it does not transfer to other entities? (SFFAS 7, par. 48, 49, & 176; SFFAS 7 Imple. Guide, par. 65 & 95). 6. Is nonexchange revenue recognized when the government's claim to resources can be characterized as follows?; a. specifically identifiable; b. legally enforceable; c. reasonably measurable; d. more likely than not collectable (SFFAS 7, par. 48). 7. Are the following transactions recognized as taxes and other nonexchange revenues from the public?; a. individual and corporate income taxes, social insurance taxes and contributions, excise taxes, estate and gift taxes, and customs duties; b. social insurance taxes and contributions paid by federal employees; c. deposits by states for unemployment trust funds; d. user fees and harbor maintenance trust fund payments; e. customs service fees; f. deposits of earnings from the Federal Reserve System; g. donations; h. fines and penalties; i. penalties due to delinquent taxes in connection with custodial activity; j. forfeitures (SFFAS 7, par. 49, 61 - 63, 242 - 257, 260 - 269, & 305; SFFAS 7 Imple. Guide, par. 99 - 103). 8. Is seignorage recognized as an "other" financing source when coins are delivered to the Federal Reserve banks in return for deposits? (SFFAS 7, par. 305). 9. Are the following transactions recognized as nonexchange revenue from other federal government entities?; a. interest on Treasury securities held by trust funds and special funds (except revolving trust funds) when the predominant source of funds is from nonexchange revenue; b. interest received by one fund from another; c. employer contributions to social insurance programs (SFFAS 7, par. 306 - 310). 10. Does the general fund recognize all nonexchange revenue not recognized by trust funds and other recipient entities? (SFFAS 7, par. 60. 4); 11. Does the general fund recognize, in succeeding periods, revenue that is determined, after the books have been closed for the period, to have been properly transferable (or improperly transferred) to other recipient entities? (SFFAS 7, par. 60. 4). 12. Are the following transactions recognized as nonexchange gains or losses from other federal government entities?; a. retirement of debt securities prior to maturity held by trust funds and special funds; b. cancellation of debt (SFFAS 7, par. 311 - 313). 13. Is revenue arising from donations of nonfinancial resources measured at the estimated fair value of the contribution at the time of the donation? (SFFAS 3, par. 43; SFFAS 6, par. 30; SFFAS 7, par. 62, 258, 259, & 361; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 32); 14. Does the reporting entity recognize an imputed financing source for costs funded through other federal entities as well as nonreimbursed costs of goods and services provided by other federal entities? (SFFAS 4, par. 109; SFFAS 5, par. 75, 77, 78, 91, & 93; SFFAS 7, par. 70, 73, 220, & 333 - 337; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 32); . 15. When assets are transferred among governmental entities without reimbursement: a. Does the receiving entity recognize the transfer-in as an increase in financing sources in its statement of net position?; b. Does the transferring entity recognize the transfer-out as a decrease in financing sources in its statement of net position? (SFFAS 7, par. 74, 220(b), par. 344 - 346; SFFAS 7 Imple. Guide, par. 65; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 32 & 33). 16. Are transferred assets recorded at the book value of the transferring entity, or, if the receiving entity does not know the book value, is the asset recorded at its estimated fair value as of the date of the transfer? (SFFAS 7, par. 74; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 32 & 33). 17. Is revenue recognized by the recipient entities as the sum of the following?; a. cash or cash equivalents transferred to them by the collecting entities; b. the net change in any related interentity balances between the collecting and the receiving entities (i.e., the amount to be transferred to the recipient entities from the collecting entity or vice versa) (SFFAS 7, par. 60). 18. Is noncustodial exchange revenue transferred to another government entity or to the Treasury recognized as a "transfer-out" in determining the net results of operations? (SFFAS 7, par. 75 & note 18); A modification means a federal government action, including new legislation or administration action, that directly or indirectly alters the estimated subsidy cost and present value of outstanding loans or the liability of loan guarantees. (SFFAS 2, par. 41). 19. Is a gain from the modification of post-1991 loans reported as a reduction in financing source and paid to the Treasury as a "modification adjustment transfer?" (SFFAS 2, par. 48, & app. B, part I D(5)). 20. Is a loss from the modification of post-1991 loans reported as a financing source when the reporting entity receives from the Treasury a "modification adjustment transfer?" (SFFAS 2, par. 48 & app. B, part I D(5)). 21. Is a gain resulting from a modification of post-1991 loan guarantees reported as a reduction in financing source and paid to the Treasury as a "modification adjustment transfer?" (SFFAS 2, par. 52 & app. B, part III D(5)). 22. Is a loss resulting from a modification of post-1991 loan guarantees reported as a financing source when the reporting entity receives from the Treasury a "modification adjustment transfer" to offset the difference? (SFFAS 2, par. 52 & app. B, part III D(5)); 23. Is a gain on the sale of a post-1991 loan reported as a reduction in financing source and paid to the Treasury as a "modification adjustment transfer?" (SFFAS 2, par. 55 & app. B, part I F(2)). 24. Is a loss on the sale of a post-1991 loan reported as a financing source when the reporting entity receives from the Treasury a "modification adjustment transfer?" (SFFAS 2, par. 55 & app. B, part I F(2)). 25. Are prior-period adjustments limited to corrections of errors and accounting changes with retroactive effect, including changes caused by the adoption of new federal financial accounting standards? (SFFAS 7, par. 76; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 33); 26. Are prior-period adjustments recognized as changes in cumulative results of operations (rather than as an element of net results of operations for the period)? (SFFAS 7, par. 76; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 33). 27. If cost information for existing general PP&E has not been maintained, are the estimated values recorded in the appropriate asset and contra- asset accounts and the difference shown as a "prior-period adjustment" in the statement of changes in net position? (SFFAS 6, par. 40 & 43); 28. If national defense, heritage PP&E, and stewardship land had been previously recognized as assets and contra-assets for balance sheet reporting, has the entity performed the following operations?; a. netted out these accounts, charged the residual to "net position"; b. shown the net change as a "prior-period adjustment" in the statement of changes in net position (SFFAS 6, par. 55; SFFAS 11, par. 7; SFFAS 16, par. 14). 29. Conversely, if multiuse heritage assets are capitalized, is the asset fair value added to the balance sheet and reported as a "prior-period adjustment? (SFFAS 16, par. 15). 30. If stewardship PP&E has been placed into service as of September 30, 1997, is a liability recognized, disclosed, and an adjustment made to net position as a "prior-period adjustment" for the following amounts?; a. the portion of estimated clean-up costs incurred to date; b. the estimated total clean-up costs as a liability if costs are not intended to be recovered primarily through user charges (SFFAS 6, par. 16 & 104 - 106; OMB 97-01 as amended (Jan. 7, 2000), p. 74). 31. If prior-period adjustments are made to the current year's assets and liabilities and offset against net position: a. Are the amounts and circumstances disclosed in the notes?; b. Are the published financial statements presenting prior-year financial information left unchanged? (SFFAS 6, par. 55, 56, 63, 65, 75, 76, 105, & 106). 32. Are unexpended appropriations reduced as appropriations are used? (SFFAS 7, par. 71). 33. Are unexpended appropriations adjusted for other changes in budgetary resources, such as rescissions and transfers? (SFFAS 7, par. 71); . 34. Is the "Net Position - Beginning Period" consistent with "Net Position - End of Period" on the prior-year's balance sheet? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 33). 35. Is "Net Position - End of Period" reported in the Statement of Changes in Net Position consistent with "Total Net Position" reported in the current year's Balance Sheet? (OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 16 & 33). 36. Is the sum of the net increase or decrease in unexpended appropriations and the net change in the cumulative results of operations recognized as the "Change in Net Position?" (SFFAS 7, par. 71; SFFAS 7 Imple. Guide, par. 65 & 121, figure 3 & 4; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 31 & 33). 37. Is the difference between "Net Position - Beginning of Period" and "Net Position - End of Period" equal to the "Change in Net Position?" (SFFAS 7, par. 71; SFFAS 7 Imple. Guide, par. 121, figures 3; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 31 & 33). Section VI: Statement of Budgetary Resources: The four questions in this section concern the Statement of Budgetary Resources: Statement of Budgetary Resources; (1 - 4): The budget is the primary financial planning and control tool of the government. The Statement of Budgetary Resources and the related disclosures provide information about how budgetary resources were made available as well as their status at the end of the period. (SFFAS 7, par. 77; SFFAS 7 Imple. Guide, par. 68; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 36). 1. If the reporting entity's financing comes either wholly or partially from budgetary resources, does the entity present in a "Statement of Budgetary Resources" the following disclosures?; a. total budgetary resources available during the period including, if applicable; i. new budget authority; ii. direct spending authority; iii. unobligated balances at the beginning of the period or transferred in during the period; iv. spending authority from offsetting collections; v. adjustments to budgetary authority; b. the status of budgetary resources consisting, when applicable, of; i. obligations incurred; ii. unobligated balances that remain available at the end of the period. iii. unobligated balances that are unavailable at the end of period, except to adjust or liquidate obligations chargeable to prior-period appropriations; c. a statement of outlays during the period that displays; i. obligations incurred less spending authority from offsetting collections and adjustments; ii. obligated balances at the beginning of the period; iii. obligated balances transferred; iv. obligated balances net at end of extra period (SFFAS 7, par. 77; & SFFAS 7, Imple. Guide, par. 68 - 69; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 35 & 36). 2. Is the recognition and measurement of budgetary information reported on the Statement of Budgetary Resources based on budget terminology, definitions, and guidance in OMB Circular A-34, Instructions on Budget Execution, dated December 26, 1995? (SFFAS 7, par. 78; SFFAS 7, Imple. Guide, par. 69; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 36, 2[ND] par.). 3. Is the information for each of the entity's major budget accounts presented as required supplementary information? (SFFAS 7, par. 78; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 80). 4. Does the entity disclose the following information about the status of its budgetary assets?; a. the amount of budgetary resources obligated for undelivered orders at the end of the period; b. available borrowing and contract authority at the end of the period; c. repayment requirements, financing sources for repayment, and other terms of borrowing authority used; d. material adjustments during the reporting period to budgetary resources available at the beginning of the year and an explanation thereof; e. existence, purpose, and availability of permanent indefinite appropriations; f. information about legal arrangements affecting the use of unobligated balances of budget authority, such as time limits, purpose, and obligation limitations; g. explanations of any material differences between the budgetary resources reported in the Statement of Budgetary Resources and "actual" amounts in the Budget of the U.S. government; h. the amount of unfunded liabilities, and an explanation that includes identification of balance sheet components, when unfunded liabilities do not equal the total financing sources yet to be provided; i. the amount of any capital infusion received during the reporting period (SFFAS 7, par. 79 & 209 - 212; SFFAS 7 Imple. Guide, par. 70-71; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 74 & 75); . Section VII: Statement of Financing: The ten questions in this section are related to the Statement of Financing. Question Numbers: 1. General: 1: 2. Obligations and Nonbudgetary Resources: 2 - 3: 3. Resources That Do Not Fund Net Cost of Operations: 4 - 5: 4. Costs That Do Not Require Resources: 6 - 7: 5. Financing Sources Yet to be Provided: 8: 6. Net Cost of Operations: 9: 7. Disclosures: 10: Statement of Financing (1 - 10): Accrual-based measures used in the Statement of Net Cost differ from the obligation-based measures used in the Statement of Budgetary Resources. The Statement of Financing is designed to report those differences and facilitate the reconciliation between the two statements. (SFFAS 7, par. 80; SFFAS 7 Imple. Guide, par. 72 - 73; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 38). 1. Does the reconciliation between the budgetary and financial accounting information explain the relationship between budgetary resources obligated by the entity during the period and the net cost of operations? (SFFAS 7; par. 80, 91 - 94, & 217; SFFAS 7 Imple. Guide, par. 74 - 75); 2. To arrive at "total adjusted obligations and nonbudgetary resources," are "obligations incurred" reduced by such adjustments as the following?; a. offsetting collections to expenditure accounts (e.g., receipts from the sale of capitalized assets, collections of loan principle, and related interest and reimbursements for services provided); b. exchange revenues not in the budget; c. transfers-out of assets in the amount of their book value (SFFAS 7, par. 80; SFFAS 7 Imple. Guide, par. 77 - 81, 121 (figure 11), 140 - 152, 155, & 168 - 170; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 37 & 38); 3. To arrive at "total obligations as adjusted and nonbudgetary resources," are "obligations incurred" increased by such adjustments as the following?; a. imputed financing for cost subsidies; b. transfers-in of assets in the amount of the book value, if known, or for the fair market value, if not known; c. financing sources other than exchange revenues that are not in the budget; d. donations not accounted for in the budget (SFFAS 7, par. 80; SFFAS 7 Imple. Guide, par. 77 - 81, 121 (figure 16), 140 - 141, & 146 - 152; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 37 & 38); 4. Are adjusted obligations and nonbudgetary resources reduced by certain changes in resources that do not fund net costs of operations, including the following?; a. the amount of net increases in undelivered but obligated orders for goods, services, and benefits; b. the cost of any capitalized good or service acquired during the year; c. loans made (less subsidy expense); d. financing sources that fund costs of prior periods (e.g., appropriations for credit subsidies expensed in prior periods or decreases in unfunded liabilities, such as reductions in accrued annual leave liabilities); e. other resources that do not fund net costs of operations (SFFAS 7, par. 81; SFFAS 7 Imple. Guide, par. 82 - 85, 121 (figures 11 & 16), 127 - 139, & 153 -167; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 37 & 38); 5. Are adjusted obligations and nonbudgetary resources increased by certain changes in resources that do not fund net costs of operations, including the following?; a. the amount of net decreases in undelivered and obligated orders for goods, services, and benefits; b. Collections of loan principal and related subsidy expenses; c. removal of undepreciated portions of capitalized assets disposed of during the year; d. other offsetting adjustments (SFFAS 7, par. 81; SFFAS 7 Imple. Guide, par. 82 - 85, 142 - 145, 146 - 152, & 153 - 167; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 37 & 38); 6. Are certain costs that do not require financing by either budgetary or nonbudgetary resources (e.g., depreciation and losses or expenses arising from revaluation of assets) added to adjusted obligations and nonbudgetary resources to arrive at net costs of operations? (SFFAS 7, par. 81; SFFAS 7 Imple. Guide, par. 86 - 89 & 121 (figures 11 & 16); OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 37, 38, & 39); 7. If the reimbursement for goods or services provided by one federal entity to another federal entity is less than the full cost, does the recipient entity recognize the difference in its accounting records as a financing source? (SFFAS 4, par. 109, 114, & 115); 8. Are costs that are recognized in the current period but are to be financed in future periods (e.g., accrued expenses such as increases in annual leave, subsidy reestimates, and increases in postretirement benefit liabilities) reported as "financing sources yet to be provided?" (SFFAS 7, par. 81; SFFAS 7 Imple. Guide, par. 90 - 93 & 121 (figures 6 & 11); OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 37 & 39); 9. Does the net cost of operations on the Statement of Financing agree with the net cost of operations on the Statement of Net Cost? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 39); Accrual-based measures used in the obligation- based measures used in the Statement of Budgetary Resources. The Statement of Financing is designed to report those differences and facilitate the reconciliation between the two statements. (SFFAS 7, par. 80; SFFAS 7 Imple. Guide, par. 72 - 73; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 38) 10. Are adjustments to the total of obligations and nonbudgetary resources presented and explained in a manner that clarifies the relationship between the obligation basis used in the budget and the accrual basis used in financial accounting? (SFFAS 7, par. 80 - 82); Section VIII: Statement of Custodial Activity: The 26 questions in this section are related to the Statement of Custodial Activity: Question Numbers: 1. General: 1 - 2: 2. Sources of Collections: 3 - 8: 3. Disposition of Collections: 9 - 12: 4. Disclosures: 13 - 17: 5. Dedicated Collections and Other Accompanying Information: 18 - 26: Statement of Custodial Activity (1 - 26): Entities that collect nonexchange revenue for the General Fund of the Treasury, a trust fund, or other recipient entities account for the collection and disposition of these revenues in a Statement of Custodial Activity. (SFFAS 7 Imple. Guide, par. 58; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 41). 1. If the entity collects exchange revenue on behalf of other entities and recognizes little or no costs in earning that revenue, does the entity account for it as a custodial activity? (SFFAS 7, par. 45, 140 - 145, & 270 - 279; SFFAS 7 Imple. Guide, par. 51 - 57; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 41). 2. If the collecting entity is not legally entitled to retain a portion or all of the collected nonexchange revenue, is the receipt and disposition of that revenue reported in the Statement of Custodial Activity? (SFFAS 7, par. 48, 49, & 176; SFFAS 7 Imple. Guide, par. 58 - 62 & 95; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 41); . 3. Does the collecting entity measure taxes and duties on a cash basis and then modify that with an accrual adjustment to determine the amount of revenue to be recognized? (SFFAS 7, par. 49 & 52). 4. Except for deposits, are cash collections based on amounts actually received during the period? (SFFAS 7, par. 50 & 59). 5. Are the components of cash collections classified by source and nature of collection, such as by type of tax or duty? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 41). 6. Are cash refunds of nonexchange revenue based on refunds of taxes and duties during the period? (SFFAS 7, par. 51). 7. Do cash refunds of nonexchange revenue for taxes and duties include "refund offsets" and "drawbacks?" (SFFAS 7, par. 51). 8. Are accrual adjustments separately reported in a footnote? (SFFAS 7, par. 52; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 41); 9. Is the disposition of collections, including amounts transferred to others, amounts yet to be transferred, and amounts retained by the collecting entity reported and broken out by recipient? (OMB Bull. 97- 01 as amended (Jan. 7, 2000), pp. 40, 41, & 42). 10. Does the collecting entity report the change in liability for accrued and collected revenue yet to be transferred? (SFFAS 7 Imple. Guide, par. 61; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 41); 11. Are collections retained by the entity separately reported and treated as a disposition of collections revenue? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 42). 12. In the statement of custodial activity, do total sources of collections equal total disposition of collections (revenue) so that the net custodial activity is zero? (SFFAS 7 Imple. Guide, par. 61; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 40 & 42). 13. If custodial revenues are immaterial and incidental to the entity's primary mission and are not reported separately, are the sources and amounts of the collections and the amounts distributed to others disclosed in the accompanying footnotes? (OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 41 & 75). 14. Does the collecting entity disclose and explain the following information?; a. the basis of accounting when application of the general rule for recognizing nonexchange revenue (i.e., specifically identifiable, legally enforceable, and reasonably estimable) results in a modified cash basis of accounting; b. the specific potential accruals that are not made as a result of using the modified cash basis accounting; c. the practical and inherent limitations affecting the accrual of taxes and duties; d. the use of accrual-based accounting, if applicable (SFFAS 7, par. 48 & 64; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 75. 15. Do entities that collect taxes and duties disclose the following information in a note or narrative?; a. basis of accounting; b. factors affecting the collectability and timing of taxes and other nonexchange revenues; c. cash collections and refunds by tax year and type of tax for the reporting period (SFFAS 7, par. 65.1 & 65. 3; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 75). 16. If trust fund revenues are not recorded in accordance with applicable law, do the collecting and recipient entities disclose the reasons? (SFFAS 7, par. 66). 17. If refunds are material in relation to gross collections, are they separately disclosed by components? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 39). Dedicated collections are funds held with the expectation that they will be held for and applied to the purposes for which the funds were dedicated. Such funds include all funds within the budget classified as trust funds, those funds within the budget that are classified as "special funds" but that are similar in nature to trust funds, and those funds within the federal universe (inside or outside the budget) that are fiduciary in nature. (SFFAS 7, par. 83; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 75). 18. Does the management of a reporting entity identify, track, and disclose the receipts and expenditures of dedicated trust funds, "special funds," and fiduciary or deposit funds (both inside and outside the budget) that are under its purview? (SFFAS 7, par. 83, 226, 230 - 233, & 370; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 75); 19. Does management provide separate financial information about these dedicated funds if they are material to the reporting entity, the beneficiary, or the contributors? (SFFAS 7, par. 84, 226, 230 - 233, & 370). 20. If a separate report is made to beneficiaries of or contributors to dedicated collections and the funds are not material to the reporting entity, are those immaterial funds combined for disclosure purposes? (SFFAS 7, par. 84 & 85). 21. Is the following information reported for individual funds that account for dedicated collections?; a. a description of each fund's purposes, and how the administrative entity accounts for and reports the fund and its authority to use those collections; b. the sources of revenue or other financing for the period and an explanation of the extent to which they are inflows of resources to the government or the result of intragovernmental flows; c. condensed information about assets and liabilities showing investments in Treasury securities, other assets, liabilities due and payable to beneficiaries, other liabilities, and fund balance; d. condensed information on net cost and changes to fund balance showing revenues by type (exchange or nonexchange), program expenses, other expenses, other financing sources, and other changes in fund balance; e. the amounts of any revenues --other financing sources or costs attributable to the fund under accounting standards --that are not legally allowable as credits or charges to the fund (SFFAS 7, par. 85). 22. If revenues, other financing sources, or costs (such as item "e" of the previous question) are associated with but not legally allowable to a fund, does the larger reporting entity of which the fund is a component recognize them? (SFFAS 7, par. 86; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 75). 23. If more than one reporting entity is responsible for carrying out a program financed with dedicated collections, does the entity with the largest share of the activity take responsibility for reporting all revenues, other financing sources, assets, liabilities, and costs of the fund? (SFFAS 7, par. 87; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 75). 24. Are trust funds allowed to recognize revenue from excise taxes on the basis of assessments if information on actual collections is not currently available from the collecting entity? (SFFAS 7, par. 60.1); 25. Is the amount of revenue accrued and recognized by the social security trust fund based on the best available information (i.e., on the basis of the higher of the amount of Internal Revenue Service (IRS) assessments or the amounts actually reported by employers to Social Security)? (SFFAS 7, par. 60.2 & 177). 26. Does the collecting entity report the following as other accompanying information?; a. income tax burden borne by different classes of taxpayers and the effects of tax rates, deductions, credits, etc. (required of IRS); b. applicable information on the size of the tax gap, including; i. explicit definitions of the estimated amounts reported (e.g., whether the tax gap includes estimates on illegally earned income); ii. appropriate explanations of the limited reliability of the estimates; iii. cross references to portions of the tax gap due from identified noncompliant taxpayers and importers; c. appropriate explanations and qualifications, if information about tax expenditures related to entity programs is present; d. a description of the basis for the estimates and appropriate cautionary language about reliability, if information about estimated directed flows of resources related to an entity's programs is presented (SFFAS 7, par. 69.1 - 69. 4, 108, & 192 - 202; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 82). Section IX: Notes to Financial Statements: The four questions in this section concern the disclosure of significant accounting policies: Notes to Financial Statements; (1 - 4): 1. Does the entity identify and describe accounting principles and applications it follows in a note to the financial statements? (OMB Bull. 97-01 as amended (Jan. 7, 2000) , p. 43, note 1); 2. Does the entity's disclosure of its accounting policies include its rationale for the valuation, recognition, and allocation of assets, liabilities, expenses, revenues, and other financing sources? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 43, note 1); 3. Does the entity disclose any significant changes in its composition or manner in which it aggregates information for financial reporting purposes? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 43, note 1); 4. If the changes have resulted in a new reporting entity, has the entity restated prior-period financial statements to correspond to the changes? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 43, note 1); Section X: Supplementary Information: The questions related to the Supplementary Information are organized in the following nine categories. Question Numbers: Required Supplementary Stewardship Information: Property, Plant and Equipment: 1 - 19: Required Supplementary Stewardship Information: Stewardship Investments: 20 - 41: Required Supplementary Stewardship Information: Risk Assumed Information: 42 - 46: Required Supplementary Information: Custodial Activity: 47 - 48: Required Supplementary Information: Segment Information: 49 - 50: Required Supplementary Information: Deferred Maintenance: 51 - 54: Required Supplementary Information: Intragovernmental Amounts: 55 - 67: Required Supplementary Stewardship Information: Social Insurance Programs: 68 - 94: Required Supplementary Information: Management Discussion and Analysis: 95 - 101: Required Supplementary Stewardship Information: Property, Plant, and Equipment (1 - 19): The standards for reporting on the federal government's stewardship cover (1) certain resources entrusted to it that are identified as stewardship property, plant, and equipment (PP&E) and stewardship investments and (2) certain responsibilities assumed by it, identified as the current services assessment, that cannot be measured in traditional financial reports. PP&E consists of items whose characteristics resemble those of general PP&E traditionally capitalized in financial statements. However, because of the nature of these assets, valuation may be difficult, and matching costs with specific periods would not be meaningful. Stewardship PP&E include * heritage assets, such as federal monuments and memorials, that are of historical, natural, cultural, educational, architectural, or artistic significance; * national defense PP&E such as military weapons systems; and; * stewardship land, such as national forests and parks, that have not been acquired for or in connection with general PP&E. (SFFAS 8, par. 9, 10, 11, & 17; SFFAS 11, par. 3, 4 & 7; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 76). 1. Are heritage assets reported as Required Supplementary Stewardship Information (RSSI) accompanying the financial statements rather than as asset amounts on the balance sheet? (SFFAS 8, par. 17, 19,21, & 46; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 76). 2. Are heritage assets reported in RSSI in terms of physical units rather than in terms of cost, fair value, or other monetary values? (SFFAS 8, par. 46; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 76); 3. Does the reporting entity provide relevant RSSI in the financial statements, such as the following information about its heritage assets?; a. a description of each major category of heritage asset; b. a breakout by type of heritage asset of the number of physical units added, withdrawn, and on hand at the end of the reporting year; c. a description of the methods of acquisition and withdrawal of heritage assets; d. a description of the condition of the assets if not already disclosed in a note to the financial statements; e. a reference to the Required Supplementary Information, if deferred maintenance has been reported for the assets (SFFAS 8, par. 50; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 77). National defense PP&E are (1) the PP&E components of weapons systems and support PP&E owned by the Department of Defense or its component entities for use in the performance of military missions and (2) vessels held in a preservation status by the Maritime Administration's National Defense Reserve Fleet. (SFFAS 11, par. 8). 4. Is National defense PP&E reported as RSSI? (SFFAS 8, par. 68; SFFAS 11, par. 16 & 22 - 24; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 77); 5. Do national defense PP&E components include the following items?; a. weapons systems PP&E (e.g., aircraft, ships, and tanks); b. weapons systems supporting principal end items (e.g., radars, guidance systems, engines); c. weapons systems supporting real property (e.g., ammunition bunkers, missile silos); d. mission support PP&E (e.g., nontactical vehicles such as fuel tankers, combat operations centers, crypto systems, and field security systems) (SFFAS 11, par. 9 & 14); 6. Does national defense PP&E also include PP&E items in the possession of contractors? (SFFAS 11, par. 10 & 11). 7. Does national defense PP&E exclude the following items?; a. manufacturing and testing equipment; b. operating materials and supplies; c. stockpiled materials (SFFAS 11, par. 12 & 13). 8. Is national defense PP&E valued and reported in RSSI using either of the following methods?; a. the total cost method; b. the latest acquisition cost method (SFFAS 8, par. 60, 62, 63, & 121; SFFAS 11, par. 22 - 24; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 77). 9. Is the valuation method chosen used on a consistent basis and, if any change in method is made, is it justified? (SFFAS 8, par. 61; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 77). 10. Do the costs assigned to an item of national defense PP&E also include all costs incurred to bring PP&E to a form and location suitable for its intended use? (SFFAS 8, par. 64). 11. Does the reporting entity include in its RSSI the acquisition-in- process costs of its national defense PP&E? (SFFAS 8, par. 67; SFFAS 11, par. 16 & 22 - 24). 12. Does the reporting entity include, at a minimum, in its RSSI the following information about its national defense PP&E?; a. a description of major types of national defense PP&E including assigned values and valuation method; b. a description of the methods of acquisition and withdrawal at the major program or category level; c. beginning value; d. value added; e. value withdrawn; f. revaluations; g. ending value; h. the overall condition of the assets (unless this is already reported elsewhere in the report, in which case a note will suffice); i. a reference to the applicable information if deferred maintenance is reported for the assets (SFFAS 8, par. 17 & 68; SFFAS 11, par. 16 & 22 - 24; SFFAS 14, par. 10; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 77); 13. Are federal land and land rights not acquired for or in connection to items of general PP&E reported as stewardship land in the RSSI of the financial statements? (SFFAS 8, par. 73 - 74). 14. Is stewardship land quantified and reported in terms of physical units (e.g., acres) in the RSSI rather than as monetary amounts? (SFFAS 8, par. 75 - 76, 125, & 126; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 77). 15. If a structure acquired with stewardship land has a significant operating use (e.g., a recently constructed hotel or employee-housing block), is its cost capitalized and treated as general PP&E? (SFFAS 8, par. 78). 16. If the fair value of stewardship land acquired through donation or devise is known and material, is it disclosed in the notes to the financial statements? (SFFAS 8, par. 79). 17. If the fair value of the stewardship land acquired through donation or devise is not estimable, is information as to the type and quantity of the assets disclosed? (SFFAS 8, par. 79). 18. Are costs incurred to prepare stewardship land for its intended use expensed as a part of the cost of stewardship land? (SFFAS 8, par. 80); . 19. With regard to stewardship land, does the reporting entity include in its RSSI the following information?; a. the number of physical units of stewardship land broken out by principal organization and category of major use; b. acquisitions, withdrawals, and ending balances broken out by major categories; c. methods of acquisition and withdrawal of stewardship land; d. the condition of the stewardship land, unless it is already reported elsewhere in the report (in which case a reference to the information will suffice); e. a reference to the applicable information if deferred maintenance is reported for the assets. (SFFAS 8, par. 81; SFFAS 14, par. 10; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 77); Required Supplementary Stewardship Information: Stewardship Investments (20 - 41): Stewardship investments are made by the federal government for the benefit of the nation. When incurred, they are treated as expenses in calculating net cost, but they are also separately reported as RSSI to highlight their long-term benefit. (OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 76 & 77); Stewardship investment includes: federally financed purchases, construction, or major renovation or physical property, including major equipment owned by state and local governments (i.e., grants for nonfederal physical property); expenses incurred for education and training programs (except those for federal civilian and military personnel) that are intended to increase or maintain national productive capacity (i.e., human capital costs); expenses incurred to support the search for new or refined knowledge and ideas and their application in order to increase or maintain national productive capacity or yield other future benefits (i.e., research and development costs). (SFFAS 8, par. 83, 89, 90, & 96; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 78). 20. Are nonfederal physical property investments reported in nominal dollars on the basis of "expenses incurred" and measured on the same basis of accounting used for financial statement purposes? (SFFAS 8, par. 84). 21. Are investments in nonfederal physical property and related cash grants recognized and reported as expenses in arriving at the net cost of operations? (SFFAS 8, par. 85; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 78). 22. Does the reporting entity provide in its RSSI a narrative description and nominal dollar breakout by meaningful category of expenses incurred for programs that fund the purchase, renovation, and replacement of PP&E owned by state and local governments for the year being reported on as well as at least the preceding 4 years? (SFFAS 8, par. 84 - 87 & 122; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 79); . 23. Does the reporting entity also include in its RSSI a description of federally owned physical property transferred to state and local governments for the year being reported on as well as at least the preceding 4 years? (SFFAS 8, par. 87 & 128; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 79). 24. If expense data for the purchase of PP&E for state and local governments for the year being reported and for the preceding 4 years are not available, does the entity report outlay data, if available? (SFFAS 8, par. 87). 25. If neither historical expense nor outlay data are available for the year being reported on and the preceding 4 years, has the entity begun to report expense data for the current year? (SFFAS 8, par. 87); . 26. Are expenses incurred for program costs, contracts, or grants with split purposes reported in RSSI on the basis of a logical allocation? (SFFAS 8, par. 86, 92, & 98). 27. If an allocation of costs is not feasible, are the total expenses reported on the basis of the predominant application of the costs incurred for investments in nonfederal physical property, human capital, and research and development? (SFFAS 8, par. 86, 92, & 98); . 28. Does the entity report in its RSSI the amounts of significant contributions from state, local, private, and other sources to its investments in nonfederal physical property, human capital, and research and development? (This is not required, but encouraged.) (SFFAS 8, par. 88, 95, & 101). 29. Is the investment in human capital based on expenses incurred, measured, and accounted for in accordance with SFFAS 4? (SFFAS 8, par. 91). 30. Does the reporting entity include in its RSSI the dollar amount and a narrative description of its "investment in human capital" for the year being reported on as well as the preceding 4 years? (SFFAS 8, par. 91 & 94; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 79); . 31. Does the entity link its investments in human capital to outcomes that can be described in financial, economic, or quantitative terms? (SFFAS 8, par. 93; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 76); . 32. If outcome data are not available, does the reporting entity report output data that best provide indications of the intended program outcomes? (SFFAS 8, par. 93). 33. If expense data for the investments in human capital for the year being reported and for the preceding 4 years are not available, does the entity report outlay data, if available? (SFFAS 8, par. 94); . 34. If neither historical expense nor outlay data for the investments in human capital are available for the year being reported on and the preceding 4 years, has the entity begun to report expense data for the current year? (SFFAS 8, par. 94). 35. Is expense or outlay data for investments in human capital reported at a meaningful category or level (e.g., by major program or department)? (SFFAS 8, par. 94). 36. Is the investment in research and development based on expenses incurred, measured, and accounted for in accordance with SFFAS 4? (SFFAS 8, par. 97). 37. Does the entity link its investments in research and development to program outcome data (e.g., narrative discussions of major discoveries and applications) that can be described in financial, economic, or quantitative terms? (SFFAS 8, par. 93 & 99; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 78 & 79). 38. If outcome data are not available, does the reporting entity use output (e.g., number of publications, patents, scientific and engineering personnel funded) data that best provide indications of the intended program outcomes? (SFFAS 8, par. 99). 39. Does the reporting entity include in its RSSI the dollar amount and a narrative description of its investment in major research and development programs for the year being reported on as well as the preceding 4 years? (SFFAS 8, par. 100; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 79). 40. If expense data for the investments in research and development for the year being reported and for the preceding 4 years are not available, does the entity report outlays, if available? (SFFAS 8, par. 100); . 41. If neither historical expense nor outlay data are available for the year being reported on and the preceding 4 years, has the entity begun to report expense data for the current year? (SFFAS 8, par. 100); Required Supplementary Stewardship Information: Risk Assumed Information (42 - 46): An assessment of stewardship responsibilities has two major components: - risk-assumed information, which is generally measured by the present value of unpaid expected losses net of associated premiums (but not yet recognized as a contingent liability) based on the risk inherent in the insurance or guarantee coverage in force (SFFAS 5, par. 105 & 106; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 79) and; - current services assessments, which provide receipt and outlay data on the basis of projections of future activities. Data on current service assessments would be presented as RSSI accompanying the consolidated financial statements of the federal government. (SFFAS 8, par. 101, 102, & 105). 42. Does the entity include in RSSI the current amount and periodic changes of "risk assumed" arising from insurance and guarantee programs? (SFFAS 5, par. 105, 106, 110; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 79). 43. Does the current service assessment provide a summary of projected outlays for the current base year and at least 6 years subsequent to the base year for defense, Social Security, Medicare, net interest functions, etc. ? (SFFAS 8, par. 103). 44. Does the current service assessment identify estimated receipts by major source (e.g., income taxes, social insurance taxes) that will be used to fund projected outlays for the current base year and 6 subsequent years? (SFFAS 8, par. 103). 45. Does the current service assessment also provide an estimate of the current and projected (over the subsequent 6 years) deficit or surplus of receipts? (SFFAS 8, par. 103). 46. Are current service assessment data included in the consolidated financial report of the U.S. government identical to the projected data published in the President's Budget for the same period (i.e., the base year [or last completed fiscal year] and 6 years subsequent to the base year)? (SFFAS 8, par. 104). Required Supplementary Information: Custodial Activity (47 - 48): 47. Do entities that collect taxes and duties provide the following supplementary information?; a. a discussion of the factors affecting the collectability of compliance assessments recognized as taxes receivable; b. if reasonably estimable, claims for refunds not yet accrued but likely to be paid when administrative action is complete; c. management's best estimates of unasserted claims for refunds; d. amount of assessments defined as written-off (i.e., no further collection potential) that continues to be statutorily collectable; e. amounts by which related trust funds may be overfunded or underfunded in comparison with the requirements of the law, if reasonably estimable (SFFAS 7, par. 67.1 - 67. 4, 106, & 177; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 80). 48. If the entity receiving funds from the collecting entity is itself a trust fund, does it provide as supplementary information amounts by which related trust funds may be overfunded or underfunded in comparison with the requirements of the law, if reasonably estimable? (SFFAS 7, par. 67. 4, 68, & 177; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 80). Required Supplementary Information: Segment Information (49 - 50): 49. Do all franchise and other intragovernmental support revolving funds report the following supplementary information?; a. a brief description of the services provided by the fund and the identity of the fund's major customers (i.e., organizations that account for more than 15 percent of the fund's revenues); b. a summary for the reporting period, by product or line of business, including the following items; i. the full cost of goods and services provided; ii: the related exchange revenues; iii: the excess of costs over exchange revenues (OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 80 & 81). 50. If a franchise fund or other intragovernmental support revolving fund is not separately reported on the entity's principal statements, does the entity report as Required Supplementary Information a summary of the fund's assets, liabilities, and net position that includes the following items as of the reporting date?; a. fund balance; b. accounts receivable; c. property, plant, and equipment; d. other assets; e. liabilities due and payable for goods and services received; f. deferred revenues; g. other liabilities and cumulative results of operations (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 80). Required Supplementary Information; Deferred Maintenance (51 - 54): Maintenance is the act of keeping fixed assets in acceptable condition. Maintenance includes preventive maintenance, normal repairs, replacement of parts and structural components, and other activities needed to preserve the asset so that it continues to provide acceptable services and achieves its expected life. Maintenance excludes activities aimed at expanding the capacity of an asset or otherwise upgrading it to serve needs different from, or significantly greater than, originally intended. (SFFAS 6, par. 78); Deferred maintenance is maintenance that was not performed when it should have been, or was scheduled to be, and that, therefore, is put off or delayed for a future period. (SFFAS 6, par. 77). 51. Does the entity report under required supplementary information the following information for each major category of its PP&E (i.e., general, national defense, heritage, and stewardship)?; a. the identity (e.g., building, equipment, land) of each major class of asset for which maintenance was deferred; b. the method of measuring deferred maintenance (SFFAS 6, par. 21, 83, & 171 -178; SFFAS 11, par. 7; SFFAS 14, par. 1; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 73); Condition assessment surveys are periodic inspections of PP&E - based on generally accepted and consistently applied method - to determine PP & E's current condition and the estimated cost to correct any deficiencies. (SFFAS 6, par. 81). 52. If the condition assessment survey method is used to measure deferred maintenance, is the following information presented for each major class of PP&E?; a. a description of requirements or standards for acceptable operating condition; b. any changes in the condition requirements or standards; c. asset condition and a range estimate of the dollar amount of maintenance needed to return it to its acceptable operating condition (SFFAS 6, par. 80, 83, & 233); Life-cycle costing is an acquisition or procurement technique that considers operating, maintenance, and other costs in addition to the acquisition cost of assets. (SFFAS 6, par. 82). 53. If the total life-cycle cost method is used to measure deferred maintenance, is the following information presented for each major class of PP&E?; a. the original date of the maintenance forecast and an explanation for any changes to the forecast; b. prior-year balance of the cumulative deferred maintenance amount; c. the dollar amount of maintenance that was defined by the professionals who designed, built, or managed the PP&E as required maintenance for the reporting period; d. the dollar amount of maintenance actually performed during the period; e. the difference between the forecast and actual maintenance; f. any adjustments to the scheduled amounts deemed necessary by the managers of the PP&E; g. the ending cumulative balance for the reporting period for each major class of asset experiencing deferred maintenance (SFFAS 6, par. 83); 54. If management elects to break out deferred maintenance by critical and noncritical amounts needed to bring each class of asset to its acceptable operating condition, does it also include its definition of these categories? (SFFAS 6, par. 84); Required Supplementary Information: Intragovernmental Amounts (55 - 67): Intragovernmental amounts represent transactions between federal entities included in the Financial Report of the United States Government. These transactions include activity (consolidated or net of intra-entity transactions) with federal CFO Act and non-CFO Act entries as identified in the Treasury Financial Manual. The intragovernmental supplementary information may be limited to the consolidated agencywide financial statements of the 24 executive departments and agencies covered by appendix A of OMB Bulletin No. 98-08. (Attachment to OMB Memo M-00-05, of Jan. 7, 2000, Technical Amendments to OMB Bull. 97-01, pp. 3 & 4. 55. Does the entity report as required supplementary information and intragovernmental amounts for the following items?; a. assets; b. liabilities; c. nonexchange revenue; d. for certain reporting entities, earned revenue from trade (buy/sell) transactions along with the gross cost to generate such revenue (Attachment to OMB Memo M-00-05, of Jan. 7, 2000, Technical Amendments to OMB Bull. 97-01, p. 3, 5[TH] par.); 56. Does the entity report intragovernmental assets, liabilities, and earned revenue from trade transactions and nonexchange revenue by trading partner (reciprocal federal entity)? (Attachment to OMB Memo M- 00-05, of Jan. 7, 2000, Technical Amendments to OMB Bull. 97-01, p. 3); 57. Does the entity report intragovernmental gross cost to generate earned revenue from trade transactions by budget functional classification? (Attachment to OMB Memo M-00-05, of Jan. 7, 2000, Technical Amendments to OMB Bull. 97-01, p. 3). 58. Do intragovernmental asset and liability categories reported as requiring supplementary information agree with the intragovernmental asset and line items reported on the balance sheet? (Attachment to OMB Memo M-00-05, of Jan. 7, 2000, Technical Amendments to OMB Bull. 97-01, p. 3). 59. Are transactions with components of federal departments and agencies (e.g., Forest Service of the USDA) included in the activity reported for the federal department or agency? (Attachment to OMB Memo M-00-05, of Jan. 7, 2000, Technical Amendments to OMB Bull. 97-01, p. 4); 60. Does the entity reconcile the following amounts with its trading partners?; a. investments in federal securities issued by the Department of the Treasury, Bureau of the Public Debt; b. borrowings from Treasury and the Federal Financing Bank; c. transactions with the Department of Labor relating to the Federal Employees Compensation Act; d. transactions with the Office of Personnel Management relating to employee benefit programs (Attachment to OMB Memo M-00-05, of Jan. 7, 2000, Technical Amendments to OMB Bull. 97-01, p. 4, 3[RD] par.). 61. Does the entity also reconcile intragovernmental asset, liability, and revenue amounts0 with its trading partners at least annually as of the fiscal year end? (Attachment to OMB Memo M-00-05, of Jan. 7, 2000, Technical Amendments to OMB Bull. 97-01, p. 4, 4[TH] par.); 62. Do intragovernmental assets and liabilities reported as required supplementary information agree with the intragovernmental asset and liability line items and totals on the reporting entity's consolidated agencywide balance sheet? (Attachment to OMB Memo M-00-05, of Jan. 7, 2000, Technical Amendments to OMB Bull. 97-01, pp. 5 & 6); 63. For each intragovernmental asset and liability line item on the consolidated agencywide balance sheet, does the entity identify in the supplementary information the trading partner balances that make up the line item? (Attachment to OMB Memo M-00-05, of Jan. 7, 2000, Technical Amendments to OMB Bull. 97-01, pp. 5 & 6). 64. If intragovernmental transactions with a trading partner are material in one asset or liability category but immaterial in another category, does the entity report transactions with the trading partner for each category? (Attachment to OMB Memo M-00-05, of Jan. 7, 2000 Technical Amendments to OMB Bull. 97-01, 2000, pp. 5 & 6). 65. If the entity has total intragovernmental earned revenues from trade transactions (net of intra-entity activity) of greater than $500 million, does it report such intragovernmental revenues by trading partner? (Attachment to OMB Memo M-00-05, of Jan. 7, 2000, Technical Amendments to OMB Bull. 97-01, p. 7). 66. If the entity reports intragovernmental earned revenues, does it also report, by budget functional classification, the gross cost of goods, services, and other transactions that generated the intragovernmental earned revenues? (Attachment to OMB Memo M-00-05, of Jan. 7, 2000, Technical Amendments to OMB Bull. 97-01, p. 7). 67. Does the entity report, by trading partner, intragovernmental nonexchange revenues transferred in and out? (Attachment to OMB Memo M- 00-05, of Jan. 7, 2000, Technical Amendments to OMB Bull. 97-01, p. 7); Required Supplementary; Information; Social Insurance Programs (68 - 94): Social insurance programs covered by SFFAS 17, Accounting for Social Insurance, have five common characteristics. They are; a. financing from participants or their employers; b. eligibility from taxes and fees paid and time worked in covered employment; c. benefits not directly related to taxes and fees paid; d. benefits prescribed in law; and; e. programs intended for the general public. The social insurance programs specifically covered by SFFAS 17 are; a. Old-Age, Survivors, and Disability Insurance (OASDI - i.e., Social Security); b. Hospital Insurance (HI or Medicare Part A) and Supplementary Medical Insurance (SMI or Medicare Part B); c. Railroad Retirement Benefits (RRB); d. Black Lung Benefits; and; e. Unemployment Insurance (UI). The standard for consolidated governmentwide accounting and reporting for social insurance programs is the same as that for component entities unless otherwise indicated (SFFAS 17, par. 14, 15, 29, 44, 45, & app. D - glossary). 68. In general, does the entity responsible for a given social insurance program provide a clear and concise description of the program including its financing, calculation of benefits, and actuarial status? (SFFAS 17, par. 24, 110 - 112, & 131 - 149). 69. Does this description include the following information?; a. discussion of the long-term sustainability and financial condition of the program; b. an illustration and explanation of the long-term trends revealed in the data (SFFAS 17, par. 24 & 80 - 85). 70. Does the consolidated governmentwide financial report explain the relationship of the social insurance program(s) to governmentwide financing, including the intragovernmental nature of trust fund assets and government debt? (SFFAS 17, par. 31). 71. Does the reporting entity describe statutory or other material changes, and implications thereof, affecting the program after the current fiscal year? (SFFAS 17, par. 24). 72. Are projections and estimates based on the entity's best estimates of demographic and economic assumptions? (SFFAS 17, par. 25); 73. Does the entity disclose significant assumptions used in making estimates and projections? (SFFAS 17, par. 25). 74. Are all projections and estimates made as of a date (i.e., the valuation date) as close to the end of the fiscal year (i.e., current year) being reported on as possible and no more than one year prior to the end of the current year? (SFFAS 17, par. 26). 75. Does the entity consistently follow this valuation date from year to year? (SFFAS 17, par. 26). 76. Does information on the financial and actuarial status of the social insurance programs include actuarial projections that are indicative of long-term sustainability and show the annual cash flows in nominal dollars for current and future participants? (SFFAS 17, par. 27 (1)); 77. Are the actuarial projections of cash flow amounts reported for at least every fifth year in the projection period? (SFFAS 17, par. 17 (1) (a)). 78. Does the cash flow information show the following amounts?; a. total cash inflow from all sources (i.e., by and on behalf of participants) less net interest on intragovernmental borrowing and lending; b. total cash outflow (SFFAS 17, par. 27 (1) (a)). 79. When cash flow projections are made for the consolidated governmentwide entity, is interest on intragovernmental borrowing and lending excluded? (SFFAS 17, par. 32). 80. Does the narrative accompanying the cash flow data include identification of any year or years during the projection period when cash outflow exceeds cash inflow, with and without interest, on intragovernmental borrowing or lending? (SFFAS 17, par. 27 (1) (a), 87, 88, 116, & 117). 81. Does the narrative provide an explanation of the significance of the cash flow "cross-over points" where cash outflows begin exceeding cash inflows? (SFFAS 17, par. 27 (1) (a) & 32 (1) (a)). 82. Do the cash flow projections (net of interest on intragovernmental borrowing/lending) for Medicare Part A (HI ) and Social Security (OASDI) include an estimate of cash flows as a percentage of taxable payroll? (SFFAS 17, par. 27 (1) (b), 89, 118 - 120, & app. D - glossary ). 83. Do the cash flow projections (net of interest on intragovernmental borrowing/lending) for HI, OASDI, and Medicare Part B (SMI) include an estimate of cash flows as a percentage of gross domestic product? (SFFAS 17, par. 27 (1) (b), 46, 47, 89, & 121 - 122 & app. D - glossary). 84. Does the entity disclose its estimate of the ratio of the number of contributors to the number of beneficiaries during the same projection period as for cash flow projections (e.g., 75 years)? (SFFAS 17, par. 27 (2), 90, & 130). 85. At a minimum, is the ratio of contributors to beneficiaries reported for the beginning and end of the projection period? (SFFAS 17, par. 27 (2)). 86. For all enumerated social insurance programs except Unemployment Insurance (UI), does the responsible entity present a statement of actuarial present values of the following items?; a. all future expenditures during the projection period related to benefit payments; i. to or on behalf of current participants who have not yet attained retirement age; ii. to or on behalf of current participants who have attained retirement age; iii. to or on behalf of those who are expected to become plan participants; b. all future contributions and tax income from or on behalf of current and future participants described in "a"; c. cash flow derived from subtracting "b" from "a"; (SFFAS 17, par. 27 (3) (a) - (g), 40 - 42, 91 - 103, & 115). 87. With the exception of Unemployment Insurance (UI), does the entity disclose in the notes of the fund balance, as of the valuation date, the accumulated excess of all past cash receipts, including interest on investments over all cash disbursements? (SFFAS 17, par. 27 (2) (a) & (3) (h), 42, & 113). 88. Does the entity also disclose how it calculated the actuarial net present value of future benefits and contributions from or on behalf of current participants of all social insurance programs but UI? ( SFFAS 17, par. 27 (2) (a) & (3) (i)). 89. If available, does the entity provide estimates of the actuarial present values and fund balances of the social insurance programs (except UI) under its purview for each of the 4 preceding years? (SFFAS 17, par. 27 (3) (j) & 28). 90. For all social insurance programs except UI, does the responsible entity illustrate the sensitivity of the projections of cash flows and actuarial present values to changes in the most significant individual assumptions? (SFFAS 17, par. 27 (4) (a), 48, 49, & 123 - 129); 91. At a minimum, do the Social Security and Medicare programs analyze assumptions regarding the following factors?; a. birth and death rates; b. net immigration; c. real wage differential; d. real interest rate; (SFFAS 17, par. 27 (4) (a) & 123 - 129). 92. Does the sensitivity analysis for UI programs show the effects of increasing the unemployment rate as follows?; a. by approximately 1 percentage point; b. to a level that puts significant stress on the system (e.g., to simulate the largest recession occurring within the last 25 years) (SFFAS 17, par. 27 (4) (b) & 159 - 160). 93. Does information on the UI program provide a state-by-state analysis of the relative solvency of individual state programs, including the ratio of each state's current accumulated fund balance to the highest level of annual benefit payments experienced by that state over the last 20 years? (SFFAS 17, par. 27 (5) & 159 - 160). 94. Does the consolidating entity break out and separately identify, at a minimum, the following information on social insurance programs?; a. cash flow projections net of intragovernmental borrowing and lending for, at a minimum, the OASDI, HI, and SMI programs; b. net cash flows as a percentage of taxable payroll for OASDI and HI; c. net cash flows as a percentage of gross domestic product (GDP) for the Social Security and Medicare programs; d. the ratio of contributors to beneficiaries for OASDI and HI; e. the actuarial present values for all covered social insurance programs (except UI) for the current and proceeding 4 years; f. sensitivity analyses for all social insurance programs including OASDI, HI, SMI, and UI; g. state-by-state analysis of the UI program (SFFAS 17, par. 32). Required Supplementary Information: Management Discussion and Analysis; (95 - 101): 95. Does the entity include as required supplementary information management discussion and analysis (MD&A) of the financial statements and related information? (SFFAS 15, par. 1, 12, & 13; SFFAC 3, par. 1 & 2). 96. Does the MD&A provide a clear and concise description of the reporting entity and its mission, activities, program and financial performance, systems controls, legal compliance, financial position, and financial condition? (SFFAS 15, par. 2; SFFAC 3, par. 1). 97. Is the MD&A balanced, providing both positive and negative information? (SFFAS 15, par. 1; SFFAC 3, par. 29). 98. Does the MD&A contain sections that discuss the following information about the entity?; a. mission and organizational structure; b. performance goals, objectives, and results; c. financial statements and; d. systems, controls and legal compliance (SFFAS 15, par. 2; SFFAC 3, par. 9, 11, 13, 15 - 17, 25 - 27, & 42 - 49). 99. Does the MD&A include forward-looking information regarding the possible future effects of the most important currently known demands, risks, uncertainties, events, conditions, and trends? (SFFAS 15, par. 3 & 21; SFFAC 3, par. 6, 9, 14, & 30 - 36). 100. Does the MD&A discuss important problems that need to be addressed as well as actions that have been taken or planned? (SFFAS 15, par. 4; SFFAC 3, 40 & 41). 101. Does the MD&A limit itself to the most important matters that could, for example, contribute the following results?; a. lead to significant actions or proposals by top management of the reporting unit; b. be significant to the managing, budgeting, and oversight functions of Congress and the administration; c. significantly affect the judgment of citizens about the efficiency and effectiveness of their federal government (SFFAS 15, par. 5 & 6; SFFAC 3, par. 28 & 29); [End of section] 1005 - SUBSEQUENT EVENTS REVIEW: .01: This section deals with the subsequent events review that the auditor is required to perform as part of the audit, as described in section 550. AU 560 describes and provides guidance on the types of subsequent events requiring evaluation by the auditor as well as the procedures that generally should be performed to discover whether such events have occurred. .02: Subsequent events are those events or transactions that may occur or become known subsequent to the date of the financial statements but before the audit report is issued and that have a material effect on the financial statements and thus require adjustment or disclosure. .03: Two types of subsequent events may occur: * Events occurring after the date of the financial statements that provide additional information about conditions existing at the date of the financial statements and that affect amounts recorded (or which should be recorded) in the financial statements. For example, a subsequent event may reveal that an accounting estimate is materially incorrect and that the financial statements should be adjusted. * Events occurring after the date of the financial statements that provide information about conditions that did not exist at the date of the financial statements. These events should not result in adjustments to the financial statements, but disclosure of them may be necessary to prevent the statements from being misleading. For example, a fire or flood after year-end may cause a significant loss. .04: The purpose of a subsequent events review is to determine whether all subsequent events that have a material effect on the financial statements have been considered and treated appropriately in the financial statements. The subsequent period covered is from the date of the financial statements to the date of the audit report, which is the date of the completion of fieldwork. AUDIT PROCEDURES: .05: At or near the completion of fieldwork, the auditor generally should perform specific procedures to be satisfied that he or she is aware of all subsequent events that may require adjustment to or disclosure in the financial statements. These procedures are in addition to substantive tests that may be applied to transactions occurring after the date of the financial statements, such as examining subsequent disbursements to test completeness of accounts payable. The following program describes audit procedures that may be performed as part of a subsequent events review. The procedures generally should be customized for the particular audited entity. Entity: Period of financial statements: Job code Subsequent Events Review Program; Audit procedure: I. Read Interim Financial Statements; A. Compare the latest available interim financial statements, if any, with the financial statements under audit to identify any unusual adjustments and investigate any significant variations. B. Inquire as to whether the interim statements have been prepared on the same basis as the annual statements. C. For items in the statement of net costs, compare to similar interim financial statements of the prior year; consider expectations and investigate any significant variations. D. If interim financial statements are not available: 1. Compare interim internal financial reports or analyses, budgets, or cash-flow forecasts, considering any adjustments to the internal reports that may be necessary to make meaningful comparisons. 2. Review the accounting records prepared since the date of the financial statements for material transactions that may require adjustment to or disclosure in the financial statements, such as by scanning the general ledger and/or journals for material, unusual entries. II. Make Inquiries of Management as to: A. Whether any significant contingent liabilities or commitments existed at the date of the financial statements or at the date of the inquiry. B. Whether any significant changes occurred in the financial condition of the entity or in net position or long-term debt. C. The current status of items in the financial statements that were accounted for on the basis of tentative, preliminary, or inconclusive data. D. Whether any significant changes in estimates were made with respect to amounts included or disclosed in the financial statements, or any significant changes in assumptions or factors were considered in determining estimates. E. Whether any unusual adjustments have been made during the period from the date of the financial statements to the date of inquiry. F. Whether any significant events occurred subsequent to the date of the financial statements, such as commitments or plans for major capital expenditures; lawsuits filed or settled other than those disclosed in the lawyers' letters; changes in accounting and financial policies; or losses as a result of fire, flood, or other disaster. III. Read Minutes; A. Read the available minutes of meetings of agency management committees or other appropriate groups, including the period after the date of the financial statements, for information about events or transactions authorized or discussed which may require adjustment to or disclosure in the financial statements. B. With regard to meetings for which no minutes are available, inquire about matters dealt with at such meetings and conclusions reached. IV. Cover Subsequent Events in Lawyers' Letters; A. Confirm litigation, claims, and assessments with the entity's legal counsel. See section 550 and AU 337. V. Cover Subsequent Events in Management Representation Letter; A. Have management include representations in its management representation letter as to whether any events occurred subsequent to the date of the financial statements that would require adjustment to or disclosure in the financial statements. See section 1001. VI. Other; A. Use other sources of information to learn of subsequent events, such as: 1. Talk to inspector general or internal audit department. 2. Talk to program divisions. 3. Read newspapers. B. Make additional inquiries or perform additional procedures deemed necessary to resolve any questions raised in the foregoing audit steps. C. Prepare a summary memo documenting the results of the above and conclusions reached. [End of section] 1006 - RESERVED: [For related parties, see FAM section 902] Federal Financial Management Improvement Act of 1996 Reporting: The Federal Financial Management Improvement Act of 1996 (FFMIA) states: "Each audit … shall report whether the agency financial management systems … comply substantially with … [the three requirements]. ": To meet the Act's requirement to provide an affirmative statement as to whether the entity's financial management systems substantially comply with the Act's three requirements, GAO's approach will be to provide an opinion. GAO will use the following wording in the introduction to the financial statement audit report when it is reporting that the financial management systems were in substantial compliance with the three requirements of FFMIA: * "[entity's] financial management systems substantially complied with the requirements of the Federal Financial Management Improvement Act of 1996 (FFMIA), and": When reporting that the entity's financial management systems were in substantial compliance with the three requirements of FFMIA, GAO will use the following language in the body of the financial statement audit report: Systems' Compliance With FFMIA Requirements: [Entity's] financial management systems, as of [end of fiscal year], substantially complied with the following requirements of FFMIA: (1) federal financial management systems requirements, (2) federal accounting standards, and (3) the U.S. Government Standard General Ledger (SGL) at the transaction level. Our opinion is based on criteria established under FFMIA, OMB Circular A-127, Financial Management Systems (which includes the Joint Financial Management Improvement Program's series of system requirements documents), generally accepted accounting principles, and the SGL. GAO is working with the Office of Management and Budget (OMB) on this issue and FFMIA implementation generally, which may result in revision to OMB Bulletin No.01-02 and additional guidance in the FAM. [End of section] FOOTNOTES [1] Environmental and disposal liabilities are a type of contingency that is often a significant issue. [2] SFFAS No. 7 has guidance for reporting claims for tax refunds. Rather than recognizing probable claims and disclosing other claims in the notes to the financial statements, SFFAS No. 7 indicates that other claims for refunds that are probable should be included as supplementary information. [3] A permanent, indefinite appropriation, commonly known as the Judgment Fund, is available to pay final judgments, settlement agreements, and certain types of administrative awards against the United States when payment is not otherwise provided for. The Secretary of the Treasury certifies all payments from the fund. (See 31 U.S.C. 1304, Judgments, awards, and compromise settlements.) FASAB Interpretation No. 2 clarifies how federal entities should report the costs and liabilities arising from claims to be paid by the Judgment Fund and how the Judgment Fund should account for the amounts that it is required to pay on behalf of federal entities. [4] If the Judgment Fund will pay the claim, the entity should still recognize the liability and cost at this time. Once the claim is settled or a court judgment is assessed and the Judgment Fund is determined to be the appropriate source for payment, the entity should reduce the liability by recognizing an (imputed) financing source. Note that for Judgment Fund payments made under the Contract Disputes Act and in employment discrimination cases, the entity should instead establish a payable to reimburse the Judgment Fund. [5] The Accounting and Auditing Policy Committee (AAPC) guidance (Technical Release No.1) clarifies FASAB Interpretation No. 2, with respect to the Department of Justice's role related to legal letters in cases in which Justice's legal counsels are handling legal matters on behalf of other federal reporting entities. The letter from the entity's general counsel may provide sufficient evidence for the auditor. If the auditor determines that additional evidence is needed about a specific case, the auditor may request entity management and legal counsel to send a legal letter request to Justice, directed to the lead Justice legal counsel handling the case, asking that person to provide a description and evaluation directly to the auditor. [6] It is expected that cases or matters will be aggregated where appropriate. [End of section] APPENDIXES: CONSULTATIONS: REVIEWER: .01: The paragraphs listed below refer to situations in which the auditor should consult with the Reviewer: 100.27; Departing from a policy or procedure designated as "must" in the manual (for deviations from a "should" the auditor should send a memorandum to the Reviewer rather than consult). 230.07; Using an amount for planning materiality that does not follow the guidelines in the manual. 260.05; Using an increased overall audit assurance. 285.04, 295 C; Using a plan other than that described in section 295 C for selecting locations to visit. 395 G.07; Planned rotation of IS control testing. 480.13; Using nonstatistical sampling. 480.41; Determining the adequacy of substantive procedures in light of any reassessment of combined risk. 530.01; Determining the need to perform additional procedures when there are questions about the adequacy of work performed. 540.04, 595 C; Reviewing the Summary of Possible Adjustments. 540.09; Reviewing documentation of a decision to modify the opinion based on the materiality of total unadjusted likely misstatements. 540.12; Considering the materiality of unadjusted misstatements and their effects on the financial statements. 540.16; Determining the effects on the auditor's report, if any, of material misstatements detected in the current year that arose during prior periods but were not detected during prior audits. 540.17; Considering the performance of additional procedures to increase assurance in projected misstatements. 540.19; Considering whether misstatements may be the result of fraud. 580.40; Determining the appropriate type of opinion on internal control when there is a scope limitation. 580.48; Considering the opinion on internal control. 580.74; Determining the effects on the auditor's report if weaknesses are found in compliance controls but no instances of noncompliance are detected. [End of table] STATISTICIAN: .02: The following paragraphs refer to situations in which the auditor should consult with the Statistician: 295 C.04; 480.33; Using classical variables sampling or another representative sampling method to select locations. 410.03; Consulting for assistance in designing and evaluating samples. 440.02, 450.17, 460.02, 480.28, 480.30; Expanding the sample size to test additional items. 450.07; Determining sample sizes for tests of controls when not using Tables I and/or II. 450.09; (footnote), 460.02; (footnote); Computing reduced sample sizes and evaluating results for small populations. 450.16; Continuing to test a sample when deviations exceed the acceptable number. 450.18; Projecting the rate of sample control deviations to a population for a report. 480.13; Using nonstatistical sampling. 480.17; Using a method of sampling other than attributes, dollar-unit, classical variables estimation, or classical probability-proportional- to-size sampling. 480.21; (footnote); Deciding when to use DUS versus classical variables estimation sampling. 480.38; Sampling when dollar amounts are not known. 480.39; Evaluating sample results for substantive tests. 480.42; Evaluating samples designed to test existence when understatements are found. 480.44; Evaluating dollar-unit samples when a significant number of misstatements is found. 480.45; Evaluating classical variables estimation sampling. 480.46; Evaluating the results of other samples. 495 A.24; Using regression analysis for analytical procedures. 540.11; Computing the combined precision for all sampling applications. [End of table] OGC: .03: The paragraphs listed below refer to situations in which the auditor should consult with OGC: 245.02a; Identifying laws and regulations that have a direct effect on determining amounts in the financial statements. 250.01, 250.03, 250.05; Identifying relevant budget restrictions. 370.12; Determining the legal implications of indications that internal control might not provide reasonable assurance that the entity executed transactions in accordance with budget authority. 395 F.01; (footnote); Identifying any impoundments (rescissions or deferrals) as a result of evaluating budgetary controls. 395F; Sup.01c.; Determining, prior to performing control or compliance tests, the applicability of budget restrictions to modifications made to direct loans, direct loan obligations, loan guarantees, or loan guarantee commitments that were outstanding prior to October 1, 1991. 460.07; Evaluating possible instances of noncompliance noted in connection with compliance testing. 540.19, 540.21; Considering whether misstatements may be the result of fraud. 580.66; Concluding on the entity's compliance with laws and regulations. 580.74; Determining the effects on the auditor's report if weaknesses are found in compliance controls but no instances of noncompliance are detected. [End of table] [End of section] Appendix B: INSTANCES WHERE THE AUDITOR "MUST" COMPLY WITH THE FAM: .01: In the paragraphs listed below the word "must" is used to indicate a situation in which the auditor is required to comply with the FAM: 100.04 (footnote): In opining on internal control, the opinion must be on internal control and not management's assertion if material weaknesses are present. 100.17: The audit must be designed to achieve the objectives of OMB audit guidance. 100.23: The auditor must exercise judgment properly, assuring that, at a minimum, the work meets professional standards. 295 C.07: The auditor must apply analytical or other substantive procedures to locations not tested in using nonrepresentative sample selection, unless immaterial. 310.06: The auditor must evaluate and test certain controls. 310.08: The auditor must test the effectiveness of controls if the controls have been determined to be effective in design. 340.09: The auditor must test controls that are likely to be effective. 395 G.02: In using rotation testing of controls, the auditor must annually perform some work in areas not selected for testing. 475.07: In order to rely on a substantive analytical procedure, a difference that exceeds the limit must be explained. 475.12: In performing a substantive analytical procedure, if the explanation is not adequate to explain the difference, the auditor must do additional substantive testing. 475.13: Additional procedures must provide adequate assurance that misstatements that exceed test materiality are identified. 475.15: The auditor must obtain an overall understanding of current-year financial statements in using overall analytical procedures at the financial statement level. 480.06: When using nonrepresentative selection, the auditor must not project results to the portion of the population not tested and must apply other procedures to the remaining items unless immaterial. 480.07: In representative sampling, each item in the population must have the opportunity to be selected. 480.14: In sampling, sample items must be selected from all items so that each item has an opportunity to be selected. 480.47: The auditor must evaluate the quantitative and qualitative effects of known and projected misstatements in relation to the financial statements as a whole. 490.03: The auditor must consider the implications of misstatements detected in applying supplemental analytical procedures. 495 A.11: In using analytical procedures, if an account is compared with another current year amount, that amount must be audited by means other than an analytical procedure using its relationship to this account. 495 A.12: In analytical procedures, the auditor must document why a prior year amount has a plausible and predictable relationship with the current year amount, and adjustments must be supported by reliable data and corroborated. (Four "musts" in paragraph.): 495 A.21: In using computer-produced data in performing analytical procedures, the auditor must either test the IS controls in the system or test the reliability of the data produced. (Two "musts" in paragraph.): 495 C.04: The auditor must perform additional procedures to extend the results of interim testing to year-end. 510.01: The auditor must conclude on the financial statements, internal control, FFMIA requirements, compliance, and other information included. 520.01: The auditor must perform overall analytical procedures. 520.07(First bullet.): In overall analytical procedures, the auditor must use audited, final current-year amounts. 540.07: The auditor must bring all misstatements found to management's attention (except those below the auditor-designated amount at which misstatements need not be accumulated). 570.01, 580.14: The auditor must determine whether the audit was conducted in accordance with GAGAS, OMB audit guidance, and the GAO/ PCIE financial audit methodology, and document the conclusion on compliance in the workpapers. 580.22: The auditor must consider whether the financial statements are materially affected by a departure from generally accepted accounting principles. 580.39: In order to express an opinion on internal control, the auditor must have a management assertion about the effectiveness of internal control and must be able to perform all the procedures considered necessary. (Two "musts" in paragraph.): [End of section] GLOSSARY: [This page intentionally left blank.] : Accountability report: An agency's accountability report integrates the (1) Federal Managers' Financial Integrity Act (FMFIA) Report; (2) Chief Financial Officers' (CFO) Act Annual Report, including audited financial statements; (3) Management's Report on Final Action as required by the Inspector General Act; (4) the Debt Collection Improvement Act, Civil Monetary Penalty Act and Prompt Payment Act reports; and (5) available information on agency performance compared with the agency's stated goal and objectives. Accounting applications: The procedures and records used to identify, record, process, summarize, and report a class of transactions. Common accounting applications are (1) billings, (2) accounts receivable, (3) cash receipts, (4) purchasing and receiving, (5) accounts payable, (6) cash disbursements, (7) payroll, (8) inventory control, and (9) property and equipment. Accounting system: The methods and records established to identify, assemble, analyze, classify, record, and report an entity's transactions and to maintain accountability for the related assets and liabilities. Activity: In cost accounting, an activity is the actual work task or step performed in producing and delivering products and services. An aggregation of actions performed within an organization that is useful for purposes of activity-based costing. Analytical procedures: The comparison of recorded account balances with expectations developed by the auditor, based on an analysis and understanding of the relationships between the recorded amounts and other data, to form a conclusion on the recorded amount. A basic premise underlying the application of analytical procedures is that plausible relationships among data may reasonably be expected to continue unless there are known conditions that would change the relationships. Annual financial statement: As defined by OMB, the annual financial statement comprises; ; an overview of the reporting entity (or Management's Discussion and Analysis, MD&A), the financial statements and related notes, required supplementary stewardship information, required supplementary information, and; other accompanying information. Application controls: Management's control activities that are incorporated directly into individual computer applications to provide reasonable assurance of accurate and reliable procession. Application controls address (1) data input, (2) data processing, and (3) data output. FISCAM categories of application controls that more closely tie into the FAM methodology are (1) authorization control, (2) completeness control, (3) accuracy control, and (4) control over integrity of processing and data files. Appropriation: The most common form of budget authority; an authorization by an act of the Congress that permits federal agencies to incur obligations and to make payments out of the Treasury for specified purposes. Appropriations do not represent cash actually set aside in the Treasury for purposes specified in the appropriation acts. They represent limitations of amounts that agencies may obligate during the period specified in the appropriation acts. Assertions: Management's representations that are embodied in the account balance, transaction class, and disclosure components of the financial statements. The primary assertions (described in paragraph 235.02) are; ; Existence or occurrence; Completeness; Rights and obligations; Valuation or allocation; Presentation and disclosure. Assessing control risk: The process of evaluating the effectiveness of an entity's internal control in preventing or detecting misstatements in financial statement assertions. Assurance, level of: The complement of audit risk, which is an auditor judgment. This is not the same as confidence level, which relates to an individual sample. Attributes sampling: Statistical sampling that reaches a conclusion about the population in terms of a rate of occurrence. Audit risk: The overall risk that the auditor may unknowingly fail to appropriately modify his or her opinion on financial statements that are materially misstated. This is an auditor judgment. Back door authority: Any type of budget authority that is provided by legislation outside the normal appropriations process. (See contract authority.). Base data: Data used to develop the expectation in an analytical procedure. Borrowing authority: Statutory authority that permits obligations to be incurred but requires that funds be borrowed to liquidate the obligations (see title 7 of the GAO Policies and Procedures Manual for Guidance of Federal Agencies). Usually, the amount that may be borrowed and the purposes for which the borrowed funds must be used are stipulated by the authorizing statute. Borrowing authority sometimes is referred to as back door authority. Budget authority: Authority provided by law (1) to enter into obligations that will result in immediate or future outlays involving government funds or (2) to collect offsetting receipts (2 U.S.C. 622(2)). The Congress provides an entity with budget authority and may place restrictions on the amount, purpose, and timing of the obligation or expenditure of such authority. The three forms of budget authority are; ; appropriations; borrowing authority; contract authority. Budget controls: Management's policies and procedures to manage and control the use of appropriated funds and other forms of budget authority. (These are considered part of financial reporting and compliance controls.). Budget functional classification: A way of grouping budgetary resources so that all budget authority and outlays of on-budget and off-budget federal entities and tax expenditures can be presented according to national needs being addressed. To the extent feasible, functional classifications are made without regard to entity or organizational distinctions. Case study: See nonsampling selection. Cause and effect basis: In cost accounting, a way to group costs into cost pools in which an intermediate activity may be a link between the cause and the effect. Classical probability proportional to size sampling: A sampling approach where the sample is selected proportional to the size (usually dollar amount) of an item and the evaluation is performed using variables methods (not dollar unit sampling). Classical variables estimation sampling: A sampling approach that measures precision using the variation of the underlying characteristic of interest. This method includes mean per unit sampling, difference estimation, ratio estimation, and regression estimation. Closed account: A budget account for which the expired budget authority has been canceled. Combined precision: A judgment of precision for all tests in the audit. Used at the end of the audit to evaluate the results of all tests. Combined risk: The auditor's judgment of the combined inherent and control risk (high, moderate, or low); the risk that the financial statements contain material misstatements before audit. Common data source: In cost accounting, this includes all financial and non-financial data, such as environmental data, that are necessary for budgeting and financial reporting, as well as evaluation and decision information developed as a result of prior reporting and feedback. Compliance control: A process, effected by management and other personnel, designed to provide reasonable assurance that transactions are executed in accordance with (1) laws governing the use of budget authority and other laws and regulations that could have a direct and material effect on the financial statements or required supplementary stewardship information and (2) any other laws, regulations, and governmentwide policies identified in OMB audit guidance. Compliance tests: Tests to obtain evidence on the entity's compliance with significant laws and regulations. Confidence interval: The projected misstatement or point estimate plus or minus precision at the desired confidence level. Confidence level: The probability associated with the precision; the probability that the true misstatement is within the confidence interval. This is not the same as level of assurance. Contingency: An existing condition, situation, or set of circumstances involving uncertainty as to possible gain or loss. Contract authority: Statutory authority that permits obligations to be incurred before appropriations or in anticipation of receipts to be credited to a revolving fund or other account (offsetting collections). By definition, contract authority is unfunded and must subsequently be funded by an appropriation to liquidate the obligations incurred under the contract authority or by the collection and use of receipts. Control environment: A component of internal control, in addition to risk assessment, monitoring, information and communication, and control activities. The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. The control environment represents the collective effect of various factors on establishing, enhancing, or mitigating the effectiveness of specific control activities. Such factors include (1) integrity and ethical values, (2) commitment to competence, (3) management's philosophy and operating style, (4) organizational structure, (5) assignment of authority and responsibility, (6) human resource policies and practices, (7) control methods over budget formulation and execution, (8) control methods over compliance with laws and regulations, and (9) oversight groups. Control risk: The risk that a material misstatement that could occur in an assertion will not be prevented or detected on a timely basis by the entity's internal controls (classified as high, moderate, or low). This is an auditor judgment. Control activities (techniques): A component of internal control, in addition to the control environment, risk assessment, monitoring, and information and communication. The policies and procedures that help ensure that management directives are carried out. Control tests: Tests of a specific control activity to assess its effectiveness in achieving control objectives. Core financial management system (CFMS): As developed by JFMIP, a system that consists of six functional areas: general ledger management, funds management, payment management, receivable management, cost management, and reporting, and affects all financial event transaction processing because it maintains reference tables used for editing and classifying data, controls transactions, and maintains security. Cost: The monetary value of resources used or sacrificed or liabilities incurred to achieve an objective, such as to acquire or produce a good or to perform an activity or service. Costing methodology: Methodology for accumulating the costs of resources that directly or indirectly contribute to the production of outputs and assigning those costs to outputs. Department (per FASAB Interpretation No. 6): Any department, agency, administration, or other financial reporting entity (see SFFAC No. 2) that is not part of a larger financial reporting entity other than the government as a whole. Used in distinguishing inter-and intradepartmental activity and balances. Design materiality: The portion of planning materiality that the auditor allocates to line items or accounts. This amount should be the same for all line items or accounts (except for certain offsetting balances as discussed in paragraph 230.10). The auditor should set design materiality for the audit as one-third of planning materiality. (See discussion in paragraph 230.12.). Detection risk: The risk that audit procedures will not detect a material misstatement that exists in the financial statements. The auditor determines the desired detection risk based on combined risk and audit risk. (In statistical terms, beta risk or type II risk.). Errors: Unintentional misstatements or omissions of amounts or disclosures in financial statements. Expectation: The auditor's estimate of an account balance in an analytical procedure. Expected misstatement: The dollar amount of misstatements the auditor expects in a population. Expired account: A budgetary account in which the balances are no longer available for incurring new obligations because the time available for incurring such obligations has expired. After 5 years, these accounts are canceled and are then considered to be closed accounts. Federal financial management systems requirements: One of the three requirements of FFMIA. They include the requirements of OMB Circulars A-127, A-123, and A-130 and the JFMIP Federal Financial Management Systems Requirements series. Financial reporting control: A process, effected by management and other personnel, designed to provide reasonable assurance that transactions are properly recorded, processed, and summarized to permit the preparation of the financial statements and required supplementary stewardship information in accordance with GAAP, and that assets are safeguarded against loss from unauthorized acquisition, use, or disposition. Financial statements (also called principal statements): The components of a federal entity's annual financial statement (also referred to as the Accountability report), which are; ; Balance Sheet; Statement of Net Cost; Statement of Changes in Net Position; Statement of Budgetary Resources; Statement of Financing; Statement of Custodial Activity (if applicable); Related Notes. Fraud: Although fraud is a broad legal concept, the auditor is interested in fraudulent acts that cause a material misstatement of financial statements. Fraud is distinguished from error because fraud is intentional whereas error is unintentional. Two relevant types of misstatements are those arising from fraudulent financial reporting and those arising from misappropriation of assets. Fraudulent financial reporting: Intentional misstatements or omissions of amounts or disclosures in financial statements to deceive financial statement users. This may involve acts such as manipulation, falsification, or alteration of accounting records or supporting documents; misrepresentation or intentional omission of events, transactions, or other significant information in the financial statements; or intentional misapplication of accounting principles relating to amounts, classification, manner of presentation, or disclosure. Full cost: In cost accounting, the sum of all costs required by a cost object including the costs of activities performed by other entities regardless of funding sources. Fund Balance with Treasury account (FBWT): An asset account representing the unexpended spending authority in agencies' appropriations. Also serves as a mechanism to prevent agencies' disbursements from exceeding appropriated amounts. General controls: Management's policies and procedures that apply to an entity's overall computer operations and that create the environment in which application controls and certain user controls (which are control activities) operate. They are classified in the FISCAM as (1) entitywide security management program, (2) access control, (3) application software development and change control, (4) system software, (5) segregation of duties, and (6) service continuity control. Generally accepted accounting principles (GAAP): The accounting principles that the entity should use. For federal executive agencies, these are federal accounting standards following the hierarchy listed in SAS 91. The standards issued by FASAB are the first level of the hierarchy. For government corporations, generally accepted accounting principles are commercial generally accepted accounting principles issued by FASB. Haphazard sample: A sample consisting of sampling units selected without any conscious bias, that is, without any special reason for including or omitting items from the sample. It does not consist of sampling units selected in a careless manner, but is selected in a manner that can be expected to be representative of the population. Information and communication: A component of internal control in addition to the control environment, risk assessment, monitoring, and control activities. The identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities. The accounting system and accounting manuals are examples of this component. Information systems (IS) auditor: A person with specialized technical knowledge and skills who can understand the IS concepts discussed in the manual and apply them to the audit. IS controls: Controls whose effectiveness depends on computer processing, including general, application, and user controls (described in section 295 F). Inherent risk: The susceptibility of an assertion to a material misstatement, assuming there are no related specific control activities. This is an auditor judgment. Interdepartmental amounts: Activity and balances between two different departments. (See department.) The intradepartmental and interdepartmental amounts are subsets of intragovernmental activity and balances. Interentity: Activities or balances between two or more agencies, departments, or bureaus. (See inter-and intradepartmental.). Internal control: A process, effected by an entity's management and other personnel, to provide reasonable assurance that the entity's specific objectives are achieved. Following are the types of internal controls:; ; financial reporting (including safeguarding and budget); compliance (including budget); operations. Intradepartmental amounts: Activity and balances within the same department. (See department.) The intradepartmental and interdepartmental amounts are subsets of intragovernmental activity and balances. Intragovernmental amounts: Activity and balances occurring within or between federal departments. Intragovernmental Payment and Collection System (IPAC): The primary method used by most federal agencies to electronically bill and/or pay for services and supplies within the government. Used to communicate to the Treasury and the trading partner agency that the online billing and/or payment for services and supplies has occurred. Joint Financial Management Improvement Program (JFMIP): The joint undertaking of the U.S. Department of the Treasury, the U.S. General Accounting Office, the Office of Management and Budget, and the Office of Personnel Management to improve financial management in the federal government. The source of governmentwide requirements for financial management systems software functionality that describes the basic elements of an integrated financial management system (including the core financial system). Judgment fund: A permanent and indefinite appropriation that is available to pay final judgments, settlement agreements, and certain types of administrative awards against the United States when payment is not otherwise provided for. The Secretary of the Treasury certifies all payments from the fund. Known misstatement: The amount of misstatement found by the auditor. Likely misstatement: The auditor's best estimate of the amount of the misstatement in the tested population (including known misstatement). For sampling applications, this amount is the projected misstatement. Limit: Used in performing substantive analytical procedures, the limit is the amount of difference between the expectation and the recorded amount that the auditor will accept without investigation. Therefore, the auditor should investigate amounts that exceed the limit during analytical procedures. Materiality: The magnitude of an item's omission or misstatement in a financial statement that, in the light of surrounding circumstances, makes it probable that the judgment of a reasonable person relying on the information would have been changed or influenced by the inclusion or correction of the item (FASB Statement of Financial Concepts No. 2). See planning materiality, design materiality, and test materiality. Misappropriation of assets: Theft of an entity's assets causing the financial statements not to be presented in conformity with GAAP. Monitoring: A component of internal control in addition to the control environment, risk assessment, information and communication, and control activities. The process by which management assesses internal control performance over time. It may include ongoing activities, separate evaluations, or a combination of both. Multipurpose testing: Performing several tests, such as control tests, compliance tests, and substantive tests, on a common selection, usually a sample. Nonsampling selection: A selection of items to reach a conclusion only on the items selected. Sometimes called a case study, the auditor using a nonsampling selection may not project the results to the population, but should be satisfied that there is a low risk of material misstatement in the untested items. Obligation ceiling: A limit set by the Congress on the amount of obligations and expenditures the entity may incur even though the budget authority (such as an appropriation) is greater than this limit. Offsetting collections: Collections of a business-or market- oriented nature and intragovernmental transactions. If, pursuant to law, they are deposited to receipts accounts and are available for obligation, they are considered budget authority and referred to as offsetting receipts. Contract authority and immediate availability of offsetting receipts for use are the usual forms of budget authority for revolving funds. Operations controls: Management's policies and procedures to carry out organizational objectives, such as planning, productivity, programmatic, quality, economy, efficiency, and effectiveness objectives. Output: Any product or service generated from the consumption of resources. This can include information generated by the completion of a task or activity. Overall analytical procedures: Analytical procedures performed as an overall financial statement review during the audit reporting phase. Performance measures controls: Policies and procedures management uses to assure data that support performance measures reported in the MD&A of the Accountability report are properly recorded, processed, and summarized to permit preparation of performance information in accordance with criteria stated by management. Planning materiality: The auditor's judgment of the total amount of misstatements that would be material in relation to the financial statements to be audited; used for planning the audit scope. The auditor determines an appropriate base (usually the greater of assets, liabilities, revenues, or expenses); then the auditor multiplies by a percent, usually 3 percent. Point estimate: Most likely amount of the population characteristic based on the sample. Population: The items comprising a financial statement line item, account balance, or class of transactions from which selections are made for audit testing. Precision: The difference between the point estimate and the upper or lower limit. Thus, precision tells the auditor how close the point estimate could be from the true population amount. Preliminary analytical procedures: Analytical procedures performed during the audit planning phase. Principal statements: See financial statements. Probable: The chance of the future confirming event(s) occurring is likely, for pending or threatened litigation and unasserted claims. (For other contingencies, the future event or events are more likely than not to occur.). Projected misstatement: An estimate of the misstatement in a population, based on the misstatements found in the examined sample items; represents misstatements that are probable. The projected misstatement includes the known misstatement. Providing agency: The agency providing services, products, goods, transfer funds, investments, debt, and/or incurring the reimbursable costs. This includes bureaus, departments, and/or programs within agencies. The providing agency is the seller. The providing agency is the agency transferring out funds to another agency (transfers-out) when appropriations are transferred without the exchange of goods or services. Random sample: A sample selected so that every combination of the same number of items in the population has an equal chance of selection. A random sample should be selected by using computer software or a random number table. A systematic sample with a random start, although not technically meeting the definition, may generally be evaluated as if it were a random sample. Reasonably possible: The chance of the future event or events occurring is more than remote but less than probable. Receiving agency: The agency receiving services, products, goods, transfer funds, purchasing investments, and/or borrowing from Treasury (or other agency). This includes bureaus, departments, and/or programs within agencies. The receiving agency is the purchaser. The receiving agency is the agency receiving transfers of funds (transfers in) when appropriations are transferred without the exchange of goods or services. Reciprocal accounts: Corresponding SGL accounts that should be used by a providing and receiving agency to record like intra- governmental transactions. For example, the providing entity's accounts receivable would normally be reconciled to the reciprocal account, accounts payable, on the receiving entity's records. Recorded amount: The financial statement amount being tested by the auditor in the specific application of substantive tests. Reimbursable activity: In intragovernmental activity, similar to goods or services, except the amounts billed to the receiving entity by the providing entity are based on actual costs incurred instead of on fees. Related parties: Affiliates, management of the entity, their immediate families, and other parties the entity deals with if one party controls or can significantly influence the management or operating policies of the other to an extent that one of the parties might be prevented from fully pursuing its own separate interests. Remote: The chance of the future event or events occurring is slight. Responsibility segment: In cost accounting, a significant organizational, operational, functional, or process component that has the following characteristics: (a) its manager reports to the entity's top management, (b) it is responsible for carrying out a mission, performing a line of activities or services, or producing one or a group of products, and (c) for financial reporting and cost management purposes, its resources and results of operations can be clearly distinguished, physically and operationally, from those of other segments of the entity. Risk: See audit risk, inherent risk, control risk, detection risk. Risk assessment: A component of internal control in addition to the control environment, monitoring, information and communication, and control activities. The entity's identification and analysis of relevant risks to achievement of its objectives, forming a basis for determining how the risks should be managed. Safeguarding controls: Internal controls to protect assets from loss from unauthorized acquisition, use, or disposition arising from misstatements in processing transactions and handling the related assets. Safeguarding controls are considered part of financial reporting controls. Some safeguarding controls are operations controls. Sample: Items selected from a population to reach a conclusion about the population as a whole. (Compare with nonsampling selection.). Sampling: The application of audit procedures to fewer than all items composing a population to reach a conclusion about the entire population. The auditor selects sample items in such a way that the sample and its results are expected to be representative of the population. Each item must have an opportunity to be selected, and the results of the procedures performed must be projected to the entire population. Sampling interval: The amount between two consecutive sample items, used in selecting the items in systematic sampling. In dollar- unit sampling, this amount may be determined by dividing the test materiality by a statistical risk factor. Sampling risk: The risk that the auditor's conclusion based on a sample might differ from the conclusion that would be reached by applying the test in the same way to the entire population. Specific control evaluation (SCE): Evaluating the effectiveness of the design and operation of specific control activities. This process is documented on the SCE worksheet. Standard General Ledger (SGL): A uniform chart of accounts and guidance for standardizing federal agency accounting. Composed of five major sections: (1) chart of accounts, (2) account descriptions, (3) accounting transactions, (4) SGL attributes, and (5) report crosswalks. Prescribed by the Department of the Treasury in its Treasury Financial Manual. Standard General Ledger (SGL) at the transaction level: One of the three requirements of FFMIA. Implementing the SGL at the transaction level means that the entity's general ledger is in full compliance with the SGL chart of accounts descriptions and posting rules, that transactions from feeder systems are fed into the general ledger following SGL requirements through an automated or, in certain cases, a manual interface, that detail supporting these transactions can be traced back to the source transactions in the feeder systems, and that the feeder systems process transactions consistent with SGL account descriptions and posting rules. Statistical sampling: Sampling that uses the laws of probability for selecting and evaluating a sample from a population for the purpose of reaching a conclusion about the population. Stewardship information: Required supplementary stewardship information includes (1) stewardship property, plant, and equipment (property owned by the federal government including: heritage assets [PP&E of historical, natural, cultural, educational, or artistic significance], national defense PP&E [weapons systems and vessels], and stewardship land [land other than that acquired for, or in connection with, general PP&E]), (2) stewardship investments (items treated as expenses in calculating net cost but meriting special treatment to highlight their substantial investment and long-term-benefit nature, including: nonfederal physical property [grants provided for properties financed by the federal government but owned by the state and local governments], human capital [education and training programs financed by the federal government for the benefit of the public], and research and development [basic and applied]), (3) stewardship responsibilities (current services assessment showing receipt and outlay data on the basis of projections of future activities--required in the consolidated statements of the U.S. government only--and social insurance information), and (4) risk-assumed information on insurance and guarantee programs (generally, the present value of unpaid expected losses net of associated premiums). Stratification: Separation of a population into what the auditor believes are relatively homogeneous groups, each of which is referred to as a stratum, usually to improve sampling efficiency in a classical variables estimation sample. Stratified sample: A classical variables estimation sample where the auditor first stratifies the population then selects a random sample from each stratum. Substantive analytical procedures: Analytical procedures used as substantive tests. Substantive assurance: The auditor's judgment that the assurance provided by all substantive tests of an assertion will detect misstatements that exceed materiality. Not the same as confidence level. Substantive tests: Specific tests to detect material misstatements in an assertion relating to the account balance, transaction class, and disclosure components of financial statements. Suitable criteria: In agreed upon procedures engagements, suitable standards that have the attributes of objectivity, measurability, completeness, and relevance. Supplemental analytical procedures: Analytical procedures to increase the auditor's understanding of account balances and transactions when detail tests are used as the sole source of substantive assurance. Systematic sampling: A method of selecting a sample in which every nth item is selected. See random sample. Test materiality (tolerable misstatement): The maximum misstatement that the auditor can tolerate in a population. This materiality is used in determining the extent of a specific substantive test. (In statistical terms, margin or bound of error.) Test materiality is design materiality, reduced when; the audit is being performed at some, but not all, entity locations (requiring increased audit assurance for those locations visited); the area tested is deemed to be sensitive to the users of the financial statements; or; the auditor expects to find a significant amount of misstatements. Tolerable misstatement: See test materiality. Tolerable rate: In attribute sampling for control testing, the maximum rate of deviation from a prescribed control that the auditor would be willing to accept without altering the assessment of the effectiveness of the control. For tests of compliance with laws and regulations, the tolerable rate is the maximum rate of noncompliance that the auditor would accept in the population without reporting the noncompliance. (In statistical terms, margin or bound of error.). Top stratum item: An item in a dollar-unit sample that equals or exceeds the amount of the sampling interval or implicit sampling interval. Top stratum items are tested 100 percent. Trading partner code: As assigned by the U.S. Department of the Treasury, trading partner code is the attribute defined within the accounting for a transaction used to identify the trading partner entity. The trading partner code is illustrated next to the SGL account and is a two-digit number. Trading partners: As defined by the U.S. Department of the Treasury, trading partners are agencies, bureaus, programs, or other entities (within or between agencies/ departments) participating in transactions with each other. Transfers: Funding moved from one entity to another based on an agreement between the providing entity and the receiving entity. Treasury Financial Manual (TFM): The Treasury Financial Manual (TFM) is Treasury's official publication for financial accounting and reporting of all receipts and disbursements of the federal government. Provides procedures for federal agencies to account for and reconcile transactions occurring within and between each other. Includes procedures for CFO Act agencies to reconcile and confirm with their trading partners intragovernmental activity and balances. Universe: See population. User controls: Manual comparisons of computer output (generally totals) to source documents or other input (including control totals). . Walkthroughs: Audit procedures to help the auditor understand the actual operation of significant aspects of accounting system processing and control techniques. Walkthroughs of financial reporting controls consist of tracing one or more transactions from initiation, through all processing, to inclusion in the general ledger; observing the processing and applicable controls in operation; making inquiries of personnel applying the controls; and examining related documents. [End of table] FISCAM has a glossary of IS terms. [End of section] ABBREVIATIONS: AAPC: Accounting and Auditing Policy Committee. ABA: American Bar Association. AcSEC: Accounting Standards Executive Committee of the AICPA. AICPA: American Institute of Certified Public Accountants. ALC: agency locator code. ARA: Account Risk Analysis. AT: Reference to Statements on Standards for Attestation Engagements in the sections of the Codification of Statements on Auditing Standards. AU: Reference to Statements on Auditing Standards in the sections of the Codification of Statements on Auditing Standards. AUP: agreed-upon procedures. CFO: Chief Financial Officer. COSO: Committee of Sponsoring Organizations of the Treadway Commission. CSRS: Civil Service Retirement System. DUS: dollar-unit sampling. DCIA: Debt Collection Improvement Act. FACTS: Federal Agencies' Centralized Trial Balance System. FAM: GAO/PCIE Financial Audit Manual. FASAB: Federal Accounting Standards Advisory Board. FASB: Financial Accounting Standards Board. FBWT: fund balance with Treasury. FCRA: Federal Credit Reform Act. FERS: Federal Employees' Retirement System. FISCAM: Federal Information System Controls Audit Manual. FFMIA: Federal Financial Management Improvement Act of 1996. FMFIA: Federal Managers' Financial Integrity Act of 1982. FMS: Financial Management Service. GAAP: generally accepted accounting principles. GAAS: generally accepted auditing standards. GAGAS: generally accepted government auditing standards. GAO: General Accounting Office. G/L: general ledger. GRA: General Risk Analysis. IG: Inspector General. IPAC: Intragovernmental Payments and Collection System. IS: Information Systems. JFMIP: Joint Financial Management Improvement Program. MD&A: management's discussion and analysis. NTDO: Non-Treasury Disbursing Office. OGC: Office of General Counsel. OMB: Office of Management and Budget. OPM: Office of Personnel Management. PCIE: President's Council on Integrity and Efficiency. PP&E: property, plant, and equipment. RSI: required supplementary information. RSSI: required supplementary stewardship information. SAS: Statement on Auditing Standards. SCE: Specific Control Evaluation. SF: standard form. SFFAC: Statement of Federal Financial Accounting Concepts. SFFAS: Statement of Federal Financial Accounting Standards. SGL: U.S. Government Standard General Ledger. SSAE: Statement on Standards for Attestation Engagements. TFM: Treasury Financial Manual. W/P: workpaper. [End of table] [End of section] INDEX: Account Risk Analysis (ARA): Control risk and combined risk, Preliminary assessment of: 370.10: Documentation of internal control phase: 390.07: Documentation of planning phase: 235.06, 290.06: Sample completed form: 395 I: Accounting application: Audit requirements for internal controls: 310.06: Description: 240.02: Documentation: 390.04: Potential misstatements: 330.06: Relation to line items/accounts: 330.05, 395 A: Walkthrough procedures: 320.02: Accounting principles and policies: Determining compliance with: 560.01: Accounting systems: Understanding: 320.01: Analytical procedures: Overall: 520.01: Preliminary: 225.01: Substantive: 470.04, 475.01: Supplemental: 470.05, 475.17, 520.03: Application controls: See IS controls: Assertions: Audit requirements for internal controls: 310.06: Combined risk, Preliminary assessment of: 370.09: Control risk, Preliminary assessment of: 370.07: Control activities, Effectiveness of: 340.02: Definition: 235.02: Management, about internal control: See Internal control: Relation to potential misstatements and control objectives: 330.02: Significant: 235.04: Audit assurance: Guidelines: 260.04: Audit matrix: 470.10: With statistical risk factors: 495 D: Audit reports: See Report on Accountability Report (annual financial statement): See Report on financial statements: Audit risk: Definition: 260.02: Guidelines: 260.04: Audit sampling: See Sampling: Audit scope: 530.01, 580.14, 580.39, 580.66, 580.73: Audit summary memorandum: 590.02: Auditing standards and related OMB guidance: Audit requirements beyond "yellow book" (GAGAS): 100.16: Determine compliance with: 570.01: Relevant standards: 100.13: Standards and other policies not addressed: 100.18: Budget: Audit requirements: 310.05: Controls: 260.06, 295 G, 310.04: Budget accounting system: 320.05: Control objectives: 330.09, 395 F: Execution statutes: 395 D: Execution steps: 395 E: Formulation, understanding: 260.32: Definition: 260.06: Documentation: 390.05: Preliminary assessment of effectiveness: 370.11: Reporting: 370.11, 580.32: Restrictions, identifying: 250.01: Tests of budget information, example: 495 B: Combined risk: Assurance level for substantive tests, Relationship to: 370.10, 470.02: Definition: 370.09: Effect on audit procedures: 295 E: Reevaluation of assessment: 370.14: Compliance with laws and regulations: Checklist, General compliance: 802: Identifying significant laws and regulations: 245.01: Laws identified in OMB audit guidance: 295 H: Material noncompliance, definition: 580.68: Reportable noncompliance, definition: 580.68: Reporting on: 580.71: Scope of procedures: 580.73: Supplements, Compliance: 803 - 816: See Compliance controls: See Compliance tests: Compliance controls: Audit programs: 803 - 816: Audit requirements: 310.07: Compliance system: 320.06: Control objectives: 330.10: Definition: 260.06: Documentation: 390.05: Effect on compliance tests: 370.11, 460.02, 460.03, 460.06: Preliminary assessment of effectiveness: 370.11: Reporting requirements: 370.11, 580.32: Compliance tests: Definition: 410.01: Evaluation of results: 460.07: Procedural-based provisions: 460.06: Quantitative-based provisions: 460.03: Tests of budget information for use in: 495 B: Transaction-based provisions: 460.02: Control environment: 260.43: Documentation: 290.04: Factors for consideration: 260.32: IS effects on: 260.41: Potential weaknesses: 295 B: Weaknesses: 260.09: Control objectives: Identifying: 330.01: Potential misstatements, Relationship to: 330.02: See Budget controls: See Compliance controls: See Financial reporting controls: See Operations controls: See Safeguarding controls: Control risk: Assessment of: 370.06, 370.14: Combined risk, Component of: 370.09: Definition: 260.02: Documentation of assessment: 370.10: Control activities: Definition: 260.08: Documentation: 340.01, 390.06: Effectiveness of: 340.02: Efficiency of testing: 350.06: Factors for evaluating design effectiveness: 340.03: Identification: 340.01: IS controls, Identification of: 350.10: Segregation of duties: 330.08: Specific control evaluation: 340.01, 390.06: Typical, List of: 395 C: Understanding: 340.02: Control tests: Attribute sampling: 450.01: Control Assessment, Relation to: 370.01: Documentation: 390.06, 395 H, 450.02, 490.06: Efficiency considerations: 350.18: Evaluation of results, nonsampling tests: 360.14: Control tests (continued): Evaluation of results, sampling tests: 450.13: Evidence, Documentary: 350.16: Inquiry: 350.13: IS controls, Performing tests of: 360.03: IS controls, Evaluating results of: 370.03: Inspection: 350.14: Multiple locations, Impact on sampling control tests of: 450.04: Nature: 350.11: Nonsampling tests: 350.19: Observation: 350.12: Partial-year controls: 380.02: Planned changes in controls: 380.03: Population, sampling control tests: 450.04: Rotation testing of controls: 380.01, 395 G: Sample size: 450.06: Samples, Design of: 450.02: Sampling control tests: 410.01, 450.01: Segregation of duties: 330.08, 360.12, 395 C.03: Selection of: 350.18: Timing: 350.1: Tolerable rate of deviations, sampling control tests: 450.08: Cycle: Audit requirements for internal controls: 310.06: Documentation: 390.04: Identification: 240.01: Cycle matrix: 240.06, 290.05: Detail tests: 470.07, 480.01: Detection risk: 260.02: Differences in estimates: 540.05: Discussion and analysis: See Management's discussion and analysis: Dual-purpose tests: See Multipurpose testing: Entity profile: 290.03: Errors: See Misstatements: FFMIA: Conclude: 460.07: Determine nature, timing, extent of tests: 350.02-.05, 350.21-.23: Documentation: 590.02-.03, 590.07: Planning: 260.48-.50: Reporting: 580.63-.66: Requirements: 100.09, 320.04: Testing: 360.02, 360.16: Understanding accounting systems: 320.04: Financial reporting controls: Accounting system: 320.03: Audit requirements: 310.06: Control objectives: 330.01: Definition: 260.06: Documentation: 390.04: Preliminary assessment of control risk: 370.06: Reporting requirements: 580.32: Sampling control tests: 450: Flowcharts, Use of: 390.04: FMFIA: Assessing: 260.43, 580.61: Material weakness: 580.35: Reliance on management's process: 260.47, 320.01: Reporting on management's reports: 580.61: Fraud risk: Auditor responses: 295 I: Consideration: 260.01: Continuing assessment: 440.03: Documentation: 290.04, 590.03: Factors: 260.18: Reassessment: 540.18: GAO/PCIE Financial Audit Manual, Compliance with: 570.01: General Controls: See IS controls: General Risk Analysis (GRA): 290.04: Information and communication: 320.01: Information Systems (IS) controls: See IS controls: Inherent risk: Definition: 260.02: Documentation: 290.04: Identifying: 260.09: IS effects on: 260.17: Risk factors: 260.16, 295 A: Inquiries of attorneys: 280.02, 550.02: Interim testing: 295 D, 495 C: Internal control: Audit requirements: 310.06: Classifying control weaknesses: 580.33: Components: 260.08: Effects of control weaknesses on internal control opinion: 580.42: Management assertion about: 550.08, 580.38-.48: Material weakness: 580.33: Nonopinion report: 580.49: Opinion report: 580.38: Reportable condition: 580.33: Reporting on: 580.32: Reporting on management's FMFIA reports: 580.35, 580.61: Reporting weaknesses: 580.51: Scope of procedures: 580.39: See Budget controls: See Compliance controls: See Control activities: See Control environment: Internal control (continued): See Financial reporting controls: See Information and communication: See Monitoring: See Operations controls: See Risk assessment: IS controls: Application controls: 295 F.05: Assessing: 295 J: Control activities, Identification for testing: 350.10: Determining likelihood of effective: 270.01: Develop high-level understanding: 220.07: Documentation: 290.04, 370.05: Effects on inherent risk: 260.17: Effects on the control environment, risk assessment, communication, and monitoring: 260.41: General controls: 295 F.02: Information system (IS): 320.01: IS auditor, Use of: 100.27, 220.07, 260.17, 260.42, 270.01, 320.01, 340.01, 350.10, 360.03: Testing: 360.03: Types of: 295 F: User controls: 295 F.07: Laws and regulations: See Compliance with laws and regulations: Management's discussion and analysis (MD&A): 100.12, 220.07, 520.06, 580.76-.80, 590.06: Coordination with overall analytical procedures: 520.06: Reporting on: 580.79: Management letter: 580.54, 580.69: Management representations: 280.03, 550.07, 1001: Materiality: Base, Definition and use of: 230.08: Definition of: 230.01: Design: 230.05, 230.12: Disclosure: 230.06: FMFIA: 230.06: Guidelines: 230.07: Planning: 230.05, 230.08, 230.11: Reporting: 230.06: Test: 230.05, 230.13: Misstatements: Budgetary amounts: 370.12: DUS sample: 480.43: Effects on auditor's report: 540.09: Effects on financial statements: 480.47, 540.04: Evaluation of misstatements: 540.01: Known and likely: 540.03: Results of other samples: 480.46: Review with management: 540.07: Substantive analytical procedures: 475.12: Summary of Possible Adjustments: 540.04, 595 C: Summary of Unadjusted Misstatements: 540.09, 595 D: Monitoring: 260.08, 260.38: Documentation: 290.04: Factors for consideration: 260.38: IS effects on: 260.46: Potential weaknesses: 295 B: Weaknesses: 260.09: Multipurpose testing, Definition of: 430.01: Multiple-location audits: Locations to visit: 285.01, 295 C: Operations, Understanding the entity's: See Understanding the entity's operations: Operations controls: Audit requirements: 310.06: Control objectives: 330.11: Definition: 260.06: Documentation: 390.05: Identify for evaluation and testing: 275.01: Operations system: 320.07: Preliminary assessment of effectiveness: 370.13: Reporting requirements: 370.13, 580.32: Other accompanying information: 100.12, 580.76-.80, 590.02: Other auditors, Using the work of: 100.02, 100.24, 100.28, 210.03, 285.01, 290.08, 295 B.19, 295 I.03, 395 G.05, 580.26, 650: Overall analytical procedures: Documentation: 590.04: Performance: 520.01: Overview: See Management's discussion and analysis: Performance measures controls: 275.09: See Operations controls: Positions, References to: 100.25: Potential misstatements: Accounting applications, Relation to: 330.04: Assertions, Relation to: 330.02: Control objectives, Relation to: 395 B: Line item/account, Relation to: 330.04: Typical, List of: 395 B: Preliminary analytical procedures: 225.01: Professional judgment: 100.23: Related party transactions: 280.04, 550.12, 1006: Report on Accountability Report (annual financial statement): Compliance with laws and regulations: 580.71: Dating: 580.03: Example, unqualified: 595 A: Example, various modifications: 595 B: Financial statements: 580.10: Internal controls: 580.32: Other information (MD&A [overview], RSSI, required: supplementary information and other: accompanying information): 580.76: Report format: 580.04: Significant matters section: 580.06: Report on financial statements: Adverse: 580.30: Consistency: 580.20: Departure from established accounting principles: 580.22: Disclaimer: 580.31: Explanatory paragraphs: 580.26: Qualified: 580.28: Scope limitations: 580.15: Uncertainties: 580.19: Unqualified: 580.24: Representation letter from management: See Management representations: Representation letter, Legal: See Inquiries of attorneys: Representative sampling: See Sampling: Required supplementary stewardship information (RSSI): 100.12, 220.06, 580.76-.80, 590.02: Risk: See Audit risk: See Combined risk: See Control risk: See Detection risk: See Fraud risk: See Inherent risk: Risk assessment (as part of an entity's internal control): 260.08, 260.34: Documentation: 290.04: Identification: 260.09: IS effects on: 260.17: Factors for consideration: 260.34: Potential weaknesses: 295 B: Rotation testing of controls: 380.01, 395 G: Safeguarding controls: 260.06, 310.04: See Financial reporting controls: Sampling: Attribute sampling: 450.01, 450.06: Classical variables estimation sampling: 480.32, 480.45: Control tests: 410.01, 450.01: Dollar-unit sampling (DUS): 480.21, 480.43: Evaluation of sample results: 450.13, 480.39: Flowcharts and example workpapers: 495 E: Other sampling methods: 480.13, 480.34: Population: 450.04, 480.01: Representative selections (sampling): 480.10: Selection methods for detail tests: 480.04: Sensitive payments: 280.05: Significant cycles/accounting applications: Audit requirements for internal controls: 310.06: Documentation: 290.05, 390.04: Identifying: 240.01: Relationship to line items/accounts: 240.03, 330.03: Significant line items, accounts, assertions, and RSSI: Documentation: 290.06: Identifying: 235.01: Specific control evaluation worksheet (SCE): Control objectives, Documentation of: 330.07: Control activities, Documentation of: 340.01, 350.07: Sample completed worksheet: 395 H: Statistical risk factors: 480.24, 495 D: Stewardship information: Reporting: 580.77: See Required supplementary stewardship information (RSSI): Subsequent events: 550.04, 1005: Substantive analytical procedures: 475.01: Considerations for use: 495 A: Documentation: 490.06: Establishment of limit, guidelines: 475.05: Increasing effectiveness of: 475.14: Investigation of differences: 475.06: Levels of: 470.05: Performance of: 475.04: Substantive tests: Definition: 410.01: Determining mix: 470.10: Directional testing: 470.14: Levels of assurance: 470.02: Types of tests: 470.03: See Detail tests: See Substantive analytical procedures: Summary of Possible Adjustments: 540.04, 595 C: Summary of Unadjusted Misstatements: 540.09, 595 D: Supplemental analytical procedures: 470.05, 475.17, 520.03: Understanding the entity's operations: 220.01: Accounting issues and policies: 220.05: Documentation: 290.03: IS220.07: Sources of information: 220.08: User controls: See IS controls: Walkthrough procedures: Control techniques, Operation of: 350.09: Processing systems, Understanding of: 320.01: Use as limited control test: 340.02: Yellow book: See Auditing standards and related OMB guidance: [End of section] GAO's Mission: The General Accounting Office, the investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through the Internet. GAO's Web site ( www.gao.gov ) contains abstracts and full-text files of current reports and testimony and an expanding archive of older products. The Web site features a search engine to help you locate documents using key words and phrases. You can print these documents in their entirety, including charts and other graphics. Each day, GAO issues a list of newly released reports, testimony, and correspondence. GAO posts this list, known as "Today's Reports," on its Web site daily. The list contains links to the full-text document files. To have GAO e-mail this list to you every afternoon, go to www.gao.gov and select "Subscribe to e-mail alerts" under the "Order GAO Products" heading. Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. General Accounting Office 441 G Street NW, Room LM Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000: TDD: (202) 512-2537: Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov Automated answering system: (800) 424-5454 or (202) 512-7470: Public Affairs: Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S. General Accounting Office, 441 G Street NW, Room 7149 Washington, D.C. 20548: