3.1 This chapter prescribes general standards for conducting financial
and performance audits. These general standards relate to the
qualifications of the staff, the audit organization's and the
individual auditor's independence, the exercise of due professional
care in conducting the audit and in preparing related reports, and the
presence of quality controls. General standards are distinct from
those standards that relate to conducting field work and preparing
3.2 These general standards apply to all audit organizations, both
government and nongovernment (for example, public accounting firms and
consulting firms), conducting audits of government organizations,
programs, activities, and functions and of government assistance
received by nongovernment organizations.
3.3 The first general standard is:
The staff assigned to conduct the audit should collectively possess adequate professional proficiency for the tasks required.
3.4 This standard places responsibility on the audit organization to ensure that each audit is conducted by staff who collectively have the knowledge and skills necessary for that audit. They should also have a thorough knowledge of government auditing and of the specific or unique environment in which the audited entity operates, relative to the nature of the audit being conducted.
3.5 The qualifications mentioned here apply to the knowledge and skills of the audit organization as a whole and not necessarily to each individual auditor. An organization may need to employ personnel or hire outside consultants knowledgeable in such areas as accounting, statistics, law, engineering, audit design and methodology, automated data processing, public administration, economics, social sciences, or actuarial science.3.6 To meet this standard, the audit organization should have a program to ensure that its staff maintain professional proficiency through continuing education and training. Thus, each auditor responsible for planning, directing, conducting, or reporting on audits under these standards should complete, every 2 years, at least 80 hours of continuing education and training which contributes to the auditor's professional proficiency. At least 20 hours should be completed in any 1 year of the 2-year period. Individuals responsible for planning or directing an audit, conducting substantial portions of the field work, or reporting on the audit under these standards should complete at least 24 of the 80 hours of continuing education and training in subjects directly related to the government environment and to government auditing. If the audited entity operates in a specific or unique environment, auditors should receive training that is related to that environment.
3.7 The audit organization is responsible for establishing and implementing a program to ensure that auditors meet the continuing education and training requirements just stated. The organization should maintain documentation of the education and training completed. 1
[NOTE 1: The qualifications standard and continuing education requirements place responsibilities on both the audit organization and individual auditors. Carrying out these responsibilities requires sound professional judgment. To assist audit organizations and individual auditors in exercising that judgment, the General Accounting Office (GAO) issued Interpretation of Continuing Education and Training Requirements, April 1991, Government Printing Office stock number 020-000-00250-6.]
3.8 The continuing education and training may include such topics as current developments in audit methodology, accounting, assessment of internal controls, principles of management or supervision, financial management, statistical sampling, evaluation design, and data analysis. It may also include subjects related to the auditor's field of work, such as public administration, public policy and structure, industrial engineering, economics, social sciences, or computer science.
3.9 External consultants and internal experts and specialists should be qualified and maintain professional proficiency in their areas of expertise and/or specialization but are not required to meet the above continuing education and training requirements. Auditors performing nonaudit activities and services also are not required to meet the above continuing education and training requirements.3.10 Qualifications for staff members conducting audits include:
a. Knowledge of the methods and techniques applicable to government auditing and the education, skills, and experience to apply such knowledge to the audit being conducted.
b. Knowledge of government organizations, programs, activities, and functions.
c. Skills to communicate clearly and effectively, both orally and in writing.
d. Skills appropriate for the audit work being conducted. For instance
(1) if the work requires use of statistical sampling, the staff or consultants to the staff should include persons with statistical sampling skills;
(2) if the work requires extensive review of computerized systems, the staff or consultants to the staff should include persons with computer audit skills;
(3) if the work involves review of complex engineering data, the staff or consultants to the staff should include persons with engineering skills; or
(4) if the work involves the use of nontraditional audit methodologies, the staff or consultants to the staff should include persons with skills in those methodologies.
e. The following qualifications are needed for financial audits that lead to an expression of an opinion.
(1) The auditors should be proficient in the appropriate accounting principles and in government auditing standards.
(2) The public accountants engaged to conduct audits should be (a) licensed certified public accountants or persons working for a licensed certified public accounting firm or (b) public accountants licensed on or before December 31, 1970, or persons working for a public accounting firm licensed on or before December 31, 1970.2
[NOTE 2: Accountants and accounting firms meeting these licensing
requirements should also comply with the applicable provisions of the
public accountancy law and rules of the jurisdiction(s) where the audit
is being conducted and the jurisdiction(s) in which the accountants and
their firms are licensed.]
3.11 The second general standard is:
In all matters relating to the audit work, the audit organization and the individual auditors, whether government or public, should be free from personal and external impairments to independence, should be organizationally independent, and should maintain an independent attitude and appearance.
3.12 This standard places responsibility on each auditor and the audit organization to maintain independence so that opinions, conclusions, judgments, and recommendations will be impartial and will be viewed as impartial by knowledgeable third parties.
3.13 Auditors should consider not only whether they are independent and their attitudes and beliefs permit them to be independent but also whether there is anything about their situations that might lead others to question their independence. All situations deserve consideration because it is essential not only that auditors are, in fact, independent and impartial, but also that knowledgeable third parties consider them so.
3.14 Government auditors, including hired consultants and internal experts and specialists, need to consider three general classes of impairments to independence--personal, external, and organizational. If one or more of these impairments affects an auditor's ability to do the work and report findings impartially, that auditor should either decline to perform the audit, or in those situations where that auditor cannot decline to perform the audit, the impairment(s) should be reported in the scope section of the audit report. Also, when auditors are employees of the audited entity, that fact should be reflected in a prominent place in the audit report.
3.15 Nongovernment auditors also need to consider those personal and external impairments that might affect their ability to do their work and report their findings impartially. If their ability is adversely affected, they should decline to perform the audit. Public accountants should also follow the American Institute of Certified Public Accountants (AICPA) code of professional conduct, the code of professional conduct of the state board with jurisdiction over the practice of the public accountant and the audit organization, and the guidance on personal and external impairments in these standards.3.16 There are circumstances under which auditors may not be impartial, or may not be perceived as impartial. The audit organization is responsible for having policies and procedures in place to help determine if auditors have any personal impairments. Managers and supervisors need to be alert for personal impairments of their staff members. Auditors are responsible for notifying the appropri-ate official within their audit organization if they have any personal impairments. These impairments apply to individual auditors, but they may also apply to the audit organization. Personal impairments may include, but are not limited to, the following:
a. official, professional, personal, or financial relationships that might cause an auditor to limit the extent of the inquiry, to limit disclosure, or to weaken or slant audit findings in any way;
b. preconceived ideas toward individuals, groups, organizations, or objectives of a particular program that could bias the audit;
c. previous responsibility for decision-making or managing an entity that would affect current operations of the entity or program being audited;
d. biases, including those induced by political or social convictions, that result from employment in, or loyalty to, a particular group, organization, or level of government;
e. subsequent performance of an audit by the same individual who, for example, had previously approved invoices, payrolls, claims, and other proposed payments of the entity or program being audited;
f. concurrent or subsequent performance of an audit by the same individual who maintained the official accounting records;3 and
g. financial interest that is direct, or is substantial though indirect, in the audited entity or program.
[NOTE 3: For example, an individual performs a substantial part of the accounting process or cycle, such as analyzing, journalizing, posting, preparing, adjusting and closing entries, and preparing the financial statements, and later the same individual performs an audit. In instances in which the auditor acts as the main processor for transactions initiated by the audited entity, but the audited entity acknowledges responsibility for the financial records and financial statements, the independence of the auditor is not necessarily impaired.]3.17 Factors external to the audit organization may restrict the audit or interfere with an auditor's ability to form independent and objective opinions and conclusions. For example, under the following conditions, an audit may be adversely affected and an auditor may not have complete freedom to make an independent and objective judgment:
a. external interference or influence that improperly or imprudently limits or modifies the scope of an audit;
b. external interference with the selection or application of audit procedures or in the selection of transactions to be examined;
c. unreasonable restrictions on the time allowed to complete an audit;
d. interference external to the audit organization in the assignment, appointment, and promotion of audit personnel;
e. restrictions on funds or other resources provided to the audit organization that would adversely affect the audit organization's ability to carry out its responsibilities;
f. authority to overrule or to influence the auditor's judgment as to the appropriate content of an audit report; and
g. influences that jeopardize the auditor's continued employment for reasons other than competency or the need for audit services.3.18 Government auditors' independence can be affected by their place within the structure of the government entity to which they are assigned and also by whether they are auditing internally or auditing other entities. 3.19 A federal, state, or local government audit organization, or an audit organization within other government entities, such as a public college, university, or hospital, may be subject to administrative direction from persons involved in the government management process. To help achieve organizational independence, audit organizations should report the results of their audits and be accountable to the head or deputy head of the government entity and should be organizationally located outside the staff or line management function of the unit under audit. The audit organization's independence is enhanced when it also reports regularly to the entity's independent audit committee and/or the appropriate government oversight body.
3.20 Auditors should also be sufficiently removed from political pressures to ensure that they can conduct their audits objectively and can report their findings, opinions, and conclusions objectively without fear of political repercussion. Whenever feasible, they should be under a personnel system in which compensation, training, job tenure, and advancement are based on merit.
3.21 If the above conditions are met, and no personal or external impairments exist, the audit staff should be considered organizationally independent to audit internally and free to report objectively to top management.
3.22 When organizationally independent internal audi-tors conduct audits external to the government entity to which they are directly assigned, they may be considered independent of the audited entity and free to report objectively to the head or deputy head of the government entity to which assigned.3.23 Government auditors employed by audit organizations whose heads are elected and legislative auditors auditing executive entities may be considered free of organizational impairments when auditing outside the government entity to which they are assigned.
a. a level of government other than the one to which they are assigned (federal, state, or local) or
b. a different branch of government within the level of government to which they are assigned (legislative, executive, or judicial).
a. elected by the citizens of their jurisdiction,
b. elected or appointed by a legislative body of the level of government to which they are assigned and report the results of audits to, and are accountable to the legislative body, or
c. appointed by the chief executive but confirmed by, report the
results of audits to, and are accountable to a legislative body of the
level of government to which they are assigned.
3.26 The third general standard is:
Due professional care should be used in conducting the audit and in preparing related reports.
3.27 This standard requires auditors to work with due professional care. Due care imposes a responsibility upon each auditor within the audit organization to observe generally accepted government auditing standards.
3.28 Exercising due professional care means using sound judgment in establishing the scope, selecting the methodology, and choosing tests and procedures for the audit. The same sound judgment should be applied in conducting the tests and procedures and in evaluating and reporting the audit results.
3.29 Auditors should use sound professional judgment in determining the standards that apply to the work to be conducted. The auditors' determination that certain standards do not apply to the audit should be documented in the working papers. Situations may occur in which government auditors are not able to follow an applicable standard and are not able to withdraw from the audit. In those situations, the auditors should disclose in the scope section of their report, the fact that an applicable standard was not followed, the reasons therefor, and the known effect that not following the standard had on the results of the audit.
3.30 While this standard places responsibility on each auditor and
audit organization to exercise due professional care in the performance
of an audit assignment, it does not imply unlimited responsibility;
neither does it imply infallibility on the part of either the
individual auditor or the audit organization.
3.31 The fourth general standard is:
Each audit organization conducting audits in accordance with these standards should have an appropriate internal quality control system in place and undergo an external quality control review.
3.32 The internal quality control system established by the audit organization should provide reasonable assurance that it (1) has adopted, and is following, applicable auditing standards and (2) has established, and is following, adequate audit policies and procedures. The nature and extent of an organization's internal quality control system depend on a number of factors, such as its size, the degree of operating autonomy allowed its personnel and its audit offices, the nature of its work, its organizational structure, and appropriate cost-benefit considerations. Thus, the systems established by individual organizations will vary, as will the extent of their documentation.
3.33 Organizations conducting audits in accordance with these standards should have an external quality control review at least once every 3 years by an organization not affiliated with the organization being reviewed.4 The external quality control review should determine whether the organization's internal quality control system is in place and operating effectively to provide reasonable assurance that established policies and procedures and applicable auditing standards are being followed.
[NOTE 4: Audit organizations should have an external quality control review completed (that is, report issued) within 3 years from the date they start their first audit in accordance with these standards. Subsequent external quality control reviews should be completed within 3 years after the issuance of the prior review.]
a. Reviewers should be qualified and have current knowledge of the type of work to be reviewed and the applicable auditing standards. For example, individuals reviewing government audits should have a thorough knowledge of the government environment and government auditing relative to the work being reviewed.
b. Reviewers should be independent (as defined in these standards) of the audit organization being reviewed, its staff, and its auditees whose audits are selected for review. An audit organization is not permitted to review the organization that conducted its most recent external quality control review.
c. Reviewers should use sound professional judgment in conducting and reporting the results of the external quality control review.
d. Reviewers should use one of the following approaches to selecting audits for review: (1) select audits that provide a reasonable cross section of the audits conducted in accordance with these standards or (2) select audits that provide a reasonable cross section of the organization's audits, including one or more audits conducted in accordance with these standards.
e. This review should include a review of the audit reports, working papers, and other necessary documents (for example, correspondence and continuing education documentation) as well as interviews with the reviewed organization's professional staff.
f. A written report should be prepared communicating the results of the external quality control review.
[NOTE 5: External quality control reviews conducted through or by the AICPA, National State Auditors Association, National Association of Local Government Auditors, President's Council on Integrity and Efficiency, Executive Council on Integrity and Efficiency, and Institute of Internal Auditors meet these requirements.]
3.35 External quality control review procedures should be tailored to the size and nature of an organization's audit work. For example, an organization that performs only a few audits may be more effectively reviewed by emphasizing a review of the quality of those audits rather than the organization's internal quality control policies and procedures.
3.36 Audit organizations seeking to enter into a contract to perform an audit in accordance with these standards should provide their most recent external quality control review report to the party contracting for the audit. Information in the external quality control review report often would be relevant to decisions on procuring audit services. Audit organizations also should make their external quality control review reports available to auditors using their work and to appropriate oversight bodies. It is recommended that the report be made available to the public.
[NOTE 6: The term "report" does not include separate letters of comment.]
send email to firstname.lastname@example.org.