Chapter 5: Reporting Standards for Financial Audits

a. The report shall state whether the financial statements are presented in accordance with generally accepted accounting principles.

b. The report shall identify those circumstances in which such principles have not been consistently observed in the current period in relation to the preceding period.

c. Informative disclosures in the financial statements are to be regarded as reasonably adequate unless otherwise stated in the report.

d. The report shall either contain an expression of opinion regarding the financial statements, taken as a whole, or an assertion to the effect that an opinion cannot be expressed. When an overall opinion cannot be expressed, the reasons therefor should be stated. In all cases where an auditor's name is associated with financial statements, the report should contain a clear-cut indication of the character of the auditor's work, if any, and the degree of responsibility the auditor is taking.

a. reporting compliance with GAGAS (see paragraphs 5.11 through 5.14),

b. reporting on compliance with laws and regulations and on internal control over financial reporting (see paragraphs 5.15 through 5.28),

c. privileged and confidential information (see paragraphs 5.29 through 5.31), and

d. report distribution. (See paragraphs 5.32 through 5.35.)

[NOTE 1: GAGAS incorporate any new AICPA reporting standards relevant to financial statement audits unless the General Accounting Office (GAO) excludes them by formal announcement.]

Audit reports should state that the audit was made in accordance with generally accepted government auditing standards.

The report on the financial statements should either (1) describe the scope of the auditors' testing of compliance with laws and regulations and internal control over financial reporting and present the results of those tests or (2) refer to the separate report(s) containing that information. In presenting the results of those tests, auditors should report fraud, illegal acts, other material noncompliance, and reportable conditions in internal control over financial reporting.³ In some circumstances, auditors should report fraud and illegal acts directly to parties external to the audited entity.

[NOTE 3: These responsibilities are in addition to and do not modify auditors’ responsibilities under AICPA standards to (1) address the effect fraud or illegal acts may have on the report on the financial statements and (2) determine that the audit committee or others with equivalent authority and responsibility are adequately informed about fraud, illegal acts, and reportable conditions.]

[NOTE 4: Whether a particular act is, in fact, illegal may have to await final determination by a court of law. Thus, when auditors disclose matters that have led them to conclude that an illegal act is likely to have occurred, they should take care not to imply that they have made a determination of illegality.]

[NOTE 6: Chapter 4 provides guidance on factors that may influence auditors' materiality judgments in audits of government entities or entities receiving government assistance. AICPA standards provide guidance on the interaction of quantitative and qualitative considerations in materiality judgments.]

[NOTE 7: Internal auditors auditing within the entity that employs them do not have a duty to report outside that entity.]

a. absence of appropriate segregation of duties consistent with appropriate control objectives;

b. absence of appropriate reviews and approvals of transactions, accounting entries, or systems output;

c. inadequate provisions for the safeguarding of assets;

d. evidence of failure to safeguard assets from loss, damage, or misappropriation;

e. evidence that a system fails to provide complete and accurate output consistent with the auditee's control objectives because of the misapplication of control procedures;

f. evidence of intentional override of internal control by those in authority to the detriment of the overall objectives of the system;

g. evidence of failure to perform tasks that are part of internal control, such as reconciliations not prepared or not timely prepared;

h. absence of a sufficient level of control consciousness within the organization;

i. significant deficiencies in the design or operation of internal control that could result in violations of laws and regulations having a direct and material effect on the financial statements; and

j. failure to follow up and correct previously identified deficiencies in internal control.⁸

[NOTE 8: Chapter 4's audit follow-up standard requires auditors to report the status of uncorrected material findings and recommendations from prior audits that affect the financial statement audit.]

[NOTE 9: See footnote 5.]

If certain information is prohibited from general disclosure, the audit report should state the nature of the information omitted and the requirement that makes the omission necessary.

Written audit reports are to be submitted by the audit organization to the appropriate officials of the auditee and to the appropriate officials of the organizations requiring or arranging for the audits, including external funding organizations, unless legal restrictions prevent it. Copies of the reports should also be sent to other officials who have legal oversight authority or who may be responsible for acting on audit findings and recommendations and to others authorized to receive such reports. Unless restricted by law or regulation, copies should be made available for public inspection. ¹⁰

[NOTE 10: See the Single Audit Act Amendments of 1996 and Office of Management and Budget (OMB) Circular A-133 for the distribution of reports on single audits of state and local governmental entities and nonprofit organizations that receive federal awards.]

a. SAS No. 75, Engagements to Apply Agreed-Upon Procedures to Specific Elements, Accounts, or Items of a Financial Statement;

b. SAS No. 62, Special Reports, for auditing specified elements, accounts, or items of a financial statement;

c. SAS No. 74, Compliance Auditing Considerations in Audits of Governmental Entities and Recipients of Governmental Financial Assistance, for testing compliance with laws and regulations applicable to federal financial assistance programs;

d. SAS No. 70, Reports on the Processing of Transactions by Service Organizations, for examining descriptions of internal control of service organizations that process transactions for others;

e. Statement on Standards for Attestation Engagements (SSAE) No. 1, Attestation Standards, as amended by SSAE No. 9, Amendments to Statement on Standards for Attestation Engagements Nos. 1, 2, and 3, for examining or reviewing an entity's assertions about financial related matters not specifically addressed in other AICPA standards;

f. SSAE No. 2, Reporting on an Entity's Internal Control Over Financial Reporting, as amended by SSAE No. 9, Amendments to Statement on Standards for Attestation Engagements Nos. 1, 2, and 3, for examining an entity's assertions about its internal control over financial reporting and/or safeguarding assets;

g. SSAE No. 3, Compliance Attestation, as amended by SSAE No. 9, Amendments to Statement on Standards for Attestation Engagements Nos. 1, 2, and 3, for (1) examining or applying agreed-upon procedures to an entity's assertions about compliance with specified requirements or (2) applying agreed-upon procedures to an entity's assertions about internal control over compliance with laws and regulations; and

h. SSAE No. 4, Agreed-Upon Procedures Engagements, for applying agreed-upon procedures to (1) an entity’s assertions about internal control over financial reporting and/or safeguarding of assets or (2) an entity’s assertions about financial related matters not specifically addressed in other AICPA standards.

[NOTE 11: GAGAS incorporate any new AICPA reporting standards relevant to financial related audits unless GAO excludes them by formal announcement.]

[NOTE 12: Chapter 2 provides examples of other types of financial related audits.]