Kế toán, kiểm toán - Chapter 11: Auditing of governmental and not - For - profit organizations

Chapter11Auditing of Governmental and Not-for-Profit OrganizationsLearning ObjectivesAfter studying Chapter 11, you should be able to:Explain the essential elements of financial audits by independent CPAs, including: The objective(s) of financial auditsThe source and content of GAASAudit report formats and opinionsThe audit processLearning Objectives (Cont’d)Explain what is meant by GAGAS, the source of GAGAS, and why and how GAGAS are broader than GAASExplain the types of audits performed under GAGAS, including financial audits, attestation engagements and performance auditsLearning Objectives (Cont’d)Explain the essentials of a single audit, including:The purpose and scopeMajor program identificationAudit work requiredReports that must be submittedDescribe the implications of the Sarbanes-Oxley Act of 2002 on governments and not-for-profit organizationsObjective of a Financial Audit The independent auditor’s objective is to render a report expressing an opinion that the financial statements present fairly the financial position, changes in financial position, and, where applicable, cash flows of the organization“Present fairly” means in conformity with appropriate generally accepted accounting principles (GAAP)Opinions are based on reasonable assurance that the statements are free from material misstatementsAuditors performing financial audits follow GAAS, reflected in Statements of Auditing Standards (SASs) issued by the AICPA 10 standards (expanded on by more than 120 SASs)3 general standards 3 field work standards4 reporting standardsSee Ill. 11-1 Generally Accepted Auditing Standards (GAAS)Paragraphs in a standard audit report (see Ill. 11-2):Opening Identifies the financial statements being auditedScope Describes the nature of the auditOpinion Expresses the auditor’s opinion about the fairness of the financial statementsExplanatory Used in most governmental audits, usually related to the auditor’s role in reviewing supplementary informationAuditor’s Standard ReportUnqualified (clean)—Statements present fairly the financial position and changes in position (and cash flows, if applicable) according to GAAP. See Ill. 11-2Qualified opinion—Statements contain a material departure from GAAP or there is a material change between periods in GAAP. See Ill. 11-3Adverse opinion—Financial statements do not present fairly in conformity with GAAPDisclaimer of opinion—Often due to inability to examine records Types of Auditor’s OpinionsGAAP Hierarchy— Ill. 11-4CategoryState and Local GovernmentsFederal Governmental Entities aGASB Statements and InterpretationsFASAB Statements and Interpretations bGASB Technical Bulletins, AICPA pronouncementsspecifically for SLGFASAB Technical Bulletins and AICPA pronouncementsspecifically for federal entities cAICPA Practice Bulletins...Technical Releases of theFASAB Accounting and Auditing Policy Committee dGASB Implementation Guides (Q&As...)FASAB Implementation Guides.11-*GAAP for Nongovernmental EntitiesThe FASB Accounting Standards Codification is the source of authoritative GAAP to be applied by nongovernmental entities. Rules and interpretive releases of the SEC under authority of federal securities laws are also sources of authoritative GAAP for SEC registrants.MaterialityDefinition: In the auditor’s judgment, the level at which the quantitative or qualitative effects of misstatements will have a significant impact on users’ evaluationsAICPA Audit and Accounting Guide State and Local Governments requires auditors to make separate materiality determinations for each opinion unit. These are: Governmental activitiesBusiness-type activitiesAggregate discretely presented component unitsEach major governmental and enterprise fundThe aggregate remaining fund informationAuditing Required Supplementary Information (RSI)RSI, such as MD&A and budgetary comparison schedules, are outside the scope of the financial statement auditAuditors apply certain limited procedures in connection to RSI to provide assurance that they are fairly presented in relation to the basic financial statementsFinancial—Provides an opinion about whether an entity’s financial statements are presented fairly in all material respects in conformity with an applicable financial reporting frameworkAttestation engagement—Provides a report and assertion about subject matter that is the responsibility of another party; e.g., internal controls, compliance, MD&A, contract amounts, performance measuresPerformance—Provides findings or conclusions based on an evaluation of sufficient, appropriate evidence against criteriaTypes of Governmental Audits Ill. 11-5Standards issued by the U.S. Government Accountability Office in its “yellow book” Required of auditors in a Single Audit of organizations that expend more than $500,000 in federal resources in any yearStates may also require “yellow book” audits of their local governmentsGenerally Accepted Government Auditing Standards (GAGAS)GAGAS Financial Audit StandardsThere are 4 general standardsGAGAS incorporates the GAAS fieldwork standards and adds 5 additional standards for performing financial auditsGAGAS incorporates the GAAS reporting standards and adds 6 additional standards for reporting financial auditsGeneral Standards1. Independence standard: In all matters relating to audit work, the audit organization and the individual auditor must be independent in mind and in appearance.2. Professional judgment: Auditors must use professional judgment in planning and performing audits and in reporting the results. GAGAS General StandardsGeneral Standards3. Competence: The staff assigned to perform the audit must collectively possess adequate professional competence needed to address the audit objectives and perform the work in accordance with GAGAS.4. Quality control and assurance: The audit organization must establish and maintain a system of quality control and have an external peer review at least once every 3 years.GAGAS General Standards (Cont’d)1. Pertinent information should be communicated to individuals contracting for or requesting the audit. 2. During audit planning, the auditors should evaluate whether the audited entity has taken appropriate corrective action to address findings and recommendations from previous engagements that could have a material effect on the financial statements. GAGAS Requirements for Performing Financial Audits3. Auditors should extend the AICPA requirements pertaining to the auditors’ responsibilities for laws and regulations to also apply to compliance with provisions of contracts or grant agreements.4. When audit findings involve deficiencies in internal control; noncompliance; fraud; or abuse, auditors should plan and perform procedures to develop the elements (criteria, condition, cause and effect) of the findings that are relevant and necessary to achieve the audit objectives.GAGAS Requirements for Performing Financial Audits (Cont’d)5. Documentation should be provided concerning evidence of supervisory review of work performed. For any departures from the GAGAS requirements, auditors should document the impact on the audit and on the auditors’ conclusions.GAGAS Requirements for Performing Financial Audits (Cont’d)1. When audits are conducted in accordance with GAGAS, a reference to GAGAS should be made in the audit report.2. When the financial statement audit report contains an opinion or a disclaimer of opinion, a report on internal control over financial reporting and on compliance with laws, regulations, and provisions of contracts and grants must be provided as part of the report or as a separate report.GAGAS Requirements for Reporting on Financial Audits 3. Based on the audit work performed, a report should be made on significant deficiencies and material weaknesses in internal control, and instances of fraud; noncompliance with provisions of laws and regulations; or violations and abuse that are material.4. When reporting deficiencies in internal control, the views of responsible officials concerning the audit report and any plans for corrective action should be included.GAGAS Requirements for Reporting on Financial Audits (Cont’d)5. When applicable, the report should indicate that confidential or sensitive information has been omitted from the report and the reason that such an omission is necessary.6. Submission of reports should be made to appropriate officials, and audits should be made available to the public. Auditors should document any limitation on report distribution.GAGAS Requirements for Reporting on Financial Audits (Cont’d)GAGAS standards place much more emphasis on compliance with laws and regulations than do GAASUnique Aspects of GAGASThe competence standard requires, among other things, that auditors have:A thorough knowledge of governmental auditing standards and the specific or unique environment in which the audited entity operatesAt least 80 hours of CE (CPE) every two years of whichAt least 20 hours must be completed in each of the two yearsAt least 24 hours must be related directly to governmental auditing or the unique environment in which the audited entity operatesUnique Aspects of GAGAS (Cont’d)Independence StandardsIndependence is covered in 4 sections: (1) a conceptual framework; (2) guidance for internal audit organizations (not covered in text); (3) guidance when performing nonaudit services; and (4) requirements and guidance on documentation to support consideration of auditor independenceGAGAS establish a conceptual framework that requires auditors to identify, evaluate, and apply safeguards to appropriately address threats to independence. See Ill 11-7GAO Independence Standards–Conceptual FrameworkThreats to independence are circumstances that could impair independence. They include self-interest threat, self-review threat, bias threat, familiarity threat, undue influence threat, management participation threat, and structural threat Safeguards are controls designed to eliminate or reduce threats to independence If threats to independence are not at an acceptable level, the auditors should document the threats identified and the safeguards applied to eliminate the threats or reduce them to an acceptable level. GAO Independence Standards–Nonaudit Work DEFINITION: Work solely performed for the benefit of the entity requesting the work and which does not provide for a basis for conclusions, recommendations, or opinions as would a financial audit, attestation engagement, or performance auditAuditors are prohibited from assuming a management responsibility (i.e., making significant decisions regarding the acquisition, deployment, and control of resources), because the management participation threat would be so severe that no safeguards could reduce the threats to an acceptable levelGAO Independence Standards–Nonaudit Work (Cont’d)GAGAS identify examples of nonaudit services that could potentially impair the auditors’ independence in the government environment: preparing accounting records and financial statements, internal audit services, internal control monitoring and assessments, information technology systems services, and valuation servicesAuditors should use the conceptual framework to assess independence for services not specifically addressed by these categoriesGAO Independence Standards–DocumentationThe auditor is required to document conclusions regarding compliance with independence, including:Discussion of threats identified and safeguards in place or applied that eliminated the threat or reduced it to an acceptable levelSafeguards required for an audit organization that is structurally located within a government entityConsideration of audited entity management’s ability to effectively oversee a nonaudit service to be provided by the auditorThe auditor’s understanding with an audited entity for which the auditor will perform a nonaudit serviceImprove the efficiency and effectiveness of governmental audit effort Replace a multitude of grant-by-grant audits with a single, comprehensive, entity-wide audit Provide all federal awarding agencies a single report of a recipient of federal awards to satisfy a program’s audit requirementsWhat is the Purpose of a Single Audit?State and local governments, not-for-profit organizations, including colleges and hospitals, that expend more than $500,000 in federal financial assistance in a yearIf expended only for one program or one program cluster, the entity may have a program audit, otherwise the audit must be a single auditDetermining Who Must Have a Single Audit1996 Single Audit Act Amendments:Establishes a risk-based approach for audit testing, thus placing greater audit coverage on high risk programsImproves the contents and timeliness of single audit reportingPermits the Office of Management and Budget (OMB) to administratively revise Single Audit requirements without requiring additional legislationSee OMB Circular A-133 and the related Compliance Supplement for implementation guidance Single Audit (Cont’d)Calculation of amount of federal awards expendedCalculation can be complexBasic rule is that a federal award has been expended when the federal agency has become at risk and the nonfederal recipient has a duty of accountabilitySee Ill. 11-8Single Audit (Cont’d)Annual audit encompassing the entity’s financial statements and schedule of expenditures of federal awardsAudit must be conducted by an independent auditorAuditors must follow GAGAS (yellow book standards)Auditor must determine whether financial statements present fairly in conformity with GAAP and the schedule of federal financial awards is presented fairly in relation to the financial statementsSingle Audit RequirementsAuditor must obtain an understanding of internal controls pertaining to the compliance requirements for each major program, and assess control risk and perform tests of controlFederal and nonfederal “pass-through” agencies are assigned certain responsibilities for complianceSingle Audit Requirements (Cont’d)For each major program the auditor must test whether the program:Was administered in conformity with the appropriate OMB Circular (A-102 or A-110)Complied with detailed requirements in the A-133 Compliance Supplement and other specified requirementsCompliance Audits (as Part of Single Audit)Use the sliding scale shown in Chapter 11 andfollow the steps in Ill. 11-9Identify Type A programs Identify low-risk programs (based on no audit findings in the most recent audit and absence of certain risk factors)Assess risk of Type B programs (major programs that are not Type A programs)Selection of Programs for Single AuditAt a minimum, audit all high risk Type A programs and either Half of the high-risk Type B programs or One high-risk Type B program for each low-risk Type A programAudit enough major programs to ensure that at least 50% of total federal award expenditures are audited Selection of Programs for Single Audit (Cont’d)Both auditee and auditor have responsibilities for the “reporting package” that must be filed electronically and sent to the single audit clearinghouseReporting package consists of:Financial statements and schedule of expenditures of federal awardsSummary schedule of prior audit findingsAuditor’s reports (see Ill. 11-10) Corrective action plan Required Reporting Under Single AuditSchedule of findings and questioned costsDescribes such matters as internal control weaknesses, instances of noncompliance, questioned costs, fraud, and material misrepresentations by the auditeeInternal control weaknesses are reported as either: material weaknesses (a deficiency such that there is a reasonable possibility that a material misstatement of the entity's financial statements will not be prevented on a timely basis), or significant deficiencies (a deficiency that is less severe than a material weakness, yet important enough to merit attention by those charged with governance)Required Reporting Under Single Audit (Cont’d)Required Reporting Under Single Audit (Cont’d)Schedule of Findings and Questioned Costs (Cont’d)A questioned cost usually involves an instance of noncompliance with a law or regulation where the costs are either not allowable, are unreasonable, or are not supported by adequate documentationKnown questioned costs greater than $10,000 or likely costs greater than $10,000 must be reported in the schedule of findings and questioned costsTo promote quality control, nonfederal entities expending more than $50 million in federal awards are assigned a cognizant agency—usually the agency providing the predominant amount of supportThe cognizant agency provides technical advice and serves as a liaison, conducts quality control reviews, refers substandard audits for disciplinary action, and facilitates communicationCognizant AgenciesNonfederal entities expending less than $50 million are assigned an oversight agency rather than a cognizant agencyOversight agencies have similar but less extensive responsibilities than oversight agencies Oversight Agencies Single Audit QualityThe President’s Council on Integrity and Efficiency’s 2007 report on the national single audit sampling project found48.6% of single audits were of acceptable quality16.0% were of limited reliability35.5% were of unacceptable qualityRecommendations on improving single audit qualityImprove the single audit standards and guidanceEstablish minimum training requirementsEstablish consequences for submitting unacceptable auditsImpact of Sarbanes-Oxley ActSOX applies to publicly-held companies, but many governments are adapting some “best practices” in the areas of: Audit Committees–subsets of the governing council that appoint, oversee, and work with the external auditor throughout the yearInternal Controls–OMB Circular A-123 Management’s Responsibility for Internal Control is one example of a review and tightening of internal controls in the government sectorAuditors add value to information by being independent and conforming to professional auditing standards (GAAS or GAGAS)GAGAS applies to audits of nonfederal entities that expend at least $500,000 of federal awardsGAGAS are broader than GAAS in that they include standards for financial and performance audits and attestation engagementsThe single audit improves both the efficiency and effectiveness of audits of nonfederal entities with significant expenditures of federal awardsENDConcluding Comments