Government Auditing Standards: July 1999: Chapter 7

Contents Previous Next	Chapter 7: Reporting Standards for Performance Audits
Contents Previous Next	Purpose 7.1 This chapter prescribes standards of reporting for performance audits. The report "contents" and "presentation" standards also apply to some financial related audits, as discussed in chapter 5.
Contents Previous Next	Form 7.2 The first reporting standard for performance audits is: Auditors should prepare written audit reports communicating the results of each audit. 7.3 Written reports (1) communicate the results of audits to officials at all levels of government, (2) make the results less susceptible to misunderstanding, (3) make the results available for public inspection, and (4) facilitate follow-up to determine whether appropriate corrective actions have been taken. The need to maintain public accountability for government programs demands that audit reports be written.¹ [NOTE 1: Audit reports may be presented on other media that are retrievable by report users and the audit organization. Retrievable audit reports include those which are in electronic or video formats.] 7.4 This standard is not intended to limit or prevent discussion of findings, judgments, conclusions, and recommendations with persons who have responsibilities involving the area being audited. On the contrary, such discussions are encouraged. 7.5 When an audit is terminated prior to completion, auditors should communicate the termination to the auditee and other appropriate officials, preferably in writing. Auditors should also write a memorandum for the record, summarizing the results of the work and explaining why the audit was terminated.
Contents Previous Next	Timeliness 7.6 The second reporting standard for performance audits is: Auditors should appropriately issue the reports to make the information available for timely use by management, legislative officials, and other interested parties. 7.7 To be of maximum use, the report must be timely. A carefully prepared report may be of little value to decisionmakers if it arrives too late. Therefore, auditors should plan for the appropriate issuance of the audit report and conduct the audit with this goal in mind. 7.8 The auditors should consider interim reporting, during the audit, of significant matters to appropriate officials. Such communication, which may be oral or written, is not a substitute for a final report, but it does alert officials to matters needing immediate attention and permits them to correct them before the final report is completed.
Contents Previous Next	Report Contents 7.9 The third reporting standard for performance audits covers the report contents. Objectives, Scope, and Methodology 7.10Auditors should report the audit objectives and the audit scope and methodology. 7.11 Knowledge of the objectives of the audit, as well as of the audit scope and methodology for achieving the objectives, is needed by readers to understand the purpose of the audit, judge the merits of the audit work and what is reported, and understand significant limitations. Objectives 7.12 In reporting the audit's objectives, auditors should explain why the audit was made and state what the report is to accomplish. Articulating what the report is to accomplish normally involves identifying the audit subject and the aspect of performance examined, and because what is reported depends on the objectives, communicating what finding elements are discussed and whether conclusions and recommendations are given. 7.13 To preclude misunderstanding in cases where the objectives are particularly limited and broader objectives can be inferred, it may be necessary to state objectives that were not pursued. Scope and Methodology 7.14 In reporting the scope of the audit, auditors should describe the depth and coverage of work conducted to accomplish the audit's objectives. Auditors should, as applicable, explain the relationship between the universe and what was audited; identify organizations, geographic locations, and the period covered; report the kinds and sources of evidence; and explain any quality or other problems with the evidence. Auditors should also report significant constraints imposed on the audit approach by data limitations or scope impairments. 7.15 To report the methodology used, auditors should clearly explain the evidence gathering and analysis techniques used. This explanation should identify any significant assumptions made in conducting the audit; describe any comparative techniques applied; describe the criteria used; and when sampling significantly supports auditors' findings, describe the sample design and state why it was chosen. 7.16 Auditors should attempt to avoid misunderstanding by the reader concerning the work that was and was not done to achieve the audit objectives, particularly when the work was limited because of constraints on time or resources. Audit Results 7.17Auditors should report significant audit findings, and where applicable, auditors' conclusions. Findings 7.18 Auditors should report the significant findings developed in response to each audit objective.² In reporting the findings, auditors should include sufficient, competent, and relevant information to promote adequate understanding of the matters reported and to provide convincing but fair presentations in proper perspective. Auditors should also report appropriate background information that readers need to understand the findings. [NOTE 2: Audit findings not included in the audit report, because of insignificance, should be separately communicated to the auditee, preferably in writing. Such findings, when communicated in a management letter to top management, should be referred to in the audit report. All communications of audit findings should be documented in the working papers.] 7.19 Audit findings often have been regarded as containing the elements of criteria, condition, and effect, plus cause when problems are found.³ However, the elements needed for a finding depend entirely on the objectives of the audit. Thus, a finding or set of findings is complete to the extent that the audit objectives are satisfied and the report clearly relates those objectives to the finding's elements. [NOTE 3: See description of the elements of a finding in paragraphs 6.49 through 6.52.] Conclusions 7.20 Auditors should report conclusions when called for by the audit objectives. Conclusions are logical inferences about the program based on the auditors' findings. Conclusions should be specified and not left to be inferred by readers. The strength of the auditors' conclusions depends on the persuasiveness of the evidence supporting the findings and the convincingness of the logic used to formulate the conclusions. Recommendations 7.21Auditors should report recommendations for actions to correct problem areas and to improve operations. 7.22 Auditors should report recommendations when the potential for significant improvement in operations and performance is substantiated by the reported findings. Recommendations to effect compliance with laws and regulations and improve management controls should also be made when significant instances of noncompliance are noted or significant weaknesses in controls are found. Auditors should also report the status of uncorrected significant findings and recommendations from prior audits that affect the objectives of the current audit. 7.23 Constructive recommendations can encourage improvements in the conduct of government programs. Recommendations are most constructive when they are directed at resolving the cause of identified problems, are action oriented and specific, are addressed to parties that have the authority to act, are feasible, and, to the extent practical, are cost-effective. Statement on Auditing Standards 7.24Auditors should report that the audit was made in accordance with generally accepted government auditing standards. 7.25 The statement of compliance with generally accepted government auditing standards refers to all the applicable standards that the auditors should have followed during the audit. The statement should be qualified in situations in which the auditors did not follow an applicable standard. In these situations, auditors should report in the scope section the applicable standard that was not followed, the reasons therefor, and how not following the standard affected the results of the audit. Compliance With Laws and Regulations 7.26Auditors should report all significant instances of noncompliance and all significant instances of abuse that were found during or in connection with the audit. In some circumstances, auditors should report illegal acts directly to parties external to the audited entity. Noncompliance and Abuse 7.27 When auditors conclude, based on evidence obtained, that significant noncompliance or abuse either has occurred or is likely to have occurred, they should report relevant information. The term "noncompliance" comprises illegal acts (violations of laws and regulations)⁴and violations of provisions of contracts or grant agreements. Abuse occurs when the conduct of a government organization, program, activity, or function falls far short of societal expectations for prudent behavior. [NOTE 4: Whether a particular act is, in fact, illegal may have to await final determination by a court of law. Thus, when auditors disclose matters that have led them to conclude that an illegal act is likely to have occurred, they should take care not to imply that they have made a determination of illegality.] 7.28 In reporting significant instances of noncompliance, auditors should place their findings in perspective. To give the reader a basis for judging the prevalence and consequences of noncompliance, the instances of noncompliance should be related to the universe or the number of cases examined and be quantified in terms of dollar value, if appropriate. 7.29 When auditors detect nonsignificant instances of noncompliance they should communicate them to the auditee, preferably in writing. If the auditors have communicated such instances of noncompliance in a management letter to top management, they should refer to that management letter in the audit report. Auditors should document in their working papers all communications to the auditee about noncompliance. Direct Reporting of Illegal Acts 7.30 Auditors are responsible for reporting illegal acts directly to parties outside the auditee in certain circumstances, as discussed in the following paragraphs. Auditors should fulfill these responsibilities even if they have resigned or been dismissed from the audit.⁵ [NOTE 5: Internal auditors auditing within the entity that employs them do not have a duty to report outside that entity.] 7.31 The auditee may be required by law or regulation to report certain illegal acts to specified external parties (for example, to a federal inspector general or a state attorney general). If auditors have communicated such illegal acts to the auditee, and it fails to report them, then the auditors should communicate their awareness of that failure to the auditee's governing body. If the auditee does not make the required report as soon as practical after the auditors' communication with its governing body, then the auditors should report the illegal acts directly to the external party specified in the law or regulation. 7.32 Auditors should obtain sufficient, competent, and relevant evidence (for example, by confirmation with outside parties) to corroborate assertions by management that it has reported illegal acts. If they are unable to do so, then the auditors should report the illegal acts directly as discussed above. 7.33 Chapter 6 reminds auditors that under some circumstances, laws, regulations, or policies may require them to report promptly indications of certain types of illegal acts to law enforcement or investigatory authorities. When auditors conclude that this type of illegal act either has occurred or is likely to have occurred, they should ask those authorities and/or legal counsel if reporting certain information about that illegal act would compromise investigative or legal proceedings. Auditors should limit their reporting to matters that would not compromise those proceedings, such as information that is already a part of the public record. Management Controls 7.34Auditors should report the scope of their work on management controls and any significant weaknesses found during the audit. 7.35 Reporting on management controls will vary depending on the significance of any weaknesses found and the relationship of those weaknesses to the audit objectives. 7.36 In audits where the sole objective is to audit the management controls, weaknesses found of significance to warrant reporting would be considered deficiencies and be so identified in the audit report. The management controls that were assessed should be identified to the extent necessary to clearly present the objectives, scope, and methodology of the audit. 7.37 In a performance audit, auditors may identify significant weaknesses in management controls as a cause of deficient performance. In reporting this type of finding, the control weaknesses would be described as the "cause." Views of Responsible Officials 7.38 Auditors should report the views of responsible officials of the audited program concerning auditors' findings, conclusions, and recommendations, as well as corrections planned. 7.39 One of the most effective ways to ensure that a report is fair, complete, and objective is to obtain advance review and comments by responsible auditee officials and others, as may be appropriate. Including the views of responsible officials produces a report that shows not only what was found and what the auditors think about it but also what the responsible persons think about it and what they plan to do about it. 7.40 Auditors should normally request that the responsible officials' views on significant findings, conclusions, and recommendations be submitted in writing. When, in these cases, written comments are not obtained, oral comments should be requested. 7.41 Advance comments should be objectively evaluated and recognized, as appropriate, in the report. Advance comments, such as a promise or plan for corrective action, should be noted but should not be accepted as justification for dropping a significant finding or a related recommendation. 7.42 When the comments oppose the report's findings, conclusions, or recommendations, and are not, in the auditors' opinion, valid, the auditors may choose to state their reasons for rejecting them. Conversely, the auditors should modify their report if they find the comments valid. Noteworthy Accomplishments 7.43 Auditors should report noteworthy accomplishments, particularly when management improvements in one area may be applicable elsewhere. 7.44 Noteworthy management accomplishments identified during the audit, which were within the scope of the audit, should be included in the audit report along with deficiencies. Such information provides a more fair presentation of the situation by providing appropriate balance to the report. In addition, inclusion of such accomplishments may lead to improved performance by other government organizations that read the report. Issues Needing Further Study 7.45 Auditors should refer significant issues needing further audit work to the auditors responsible for planning future audit work. 7.46 If, during the audit, auditors identify significant issues that warrant further work, but the issues are not directly related to the audit objectives or the auditors do not have the time or resources to expand the audit to pursue them, they should refer the issues to the auditors within the audit organization who are responsible for planning future audit work. When appropriate, auditors should also disclose the issues in the report and the reasons the issues need further study. Privileged and Confidential Information 7.47 If certain information is prohibited from general disclosure, auditors should report the nature of the information omitted and the requirement that makes the omission necessary. 7.48 Certain information may be prohibited from general disclosure by federal, state, or local laws or regulations. Such information may be provided on a need-to-know basis only to persons authorized by law or regulation to receive it. 7.49 If such requirements prohibit auditors from including pertinent information in the report, they should state the nature of the information omitted and the requirement that makes the omission necessary. The auditors should obtain assurance that a valid requirement for the omission exists, and, when appropriate, consult with legal counsel.
Contents Previous Next	Report Presentation 7.50 The fourth reporting standard for performance audits is: The report should be complete, accurate, objective, convincing, and as clear and concise as the subject permits. Complete 7.51 Being complete requires that the report contain all information needed to satisfy the audit objectives, promote an adequate and correct understanding of the matters reported, and meet the report content requirements. It also means including appropriate background information. 7.52 Giving readers an adequate and correct understanding means providing perspective on the extent and significance of reported findings, such as the frequency of occurrence relative to the number of cases or transactions tested and the relationship of the findings to the entity's operations. 7.53 In most cases, a single example of a deficiency is not sufficient to support a broad conclusion or a related recommendation. All that it supports is that a deviation, an error, or a weakness existed. However, except as necessary to make convincing presentations, detailed supporting data need not be included. Accurate 7.54 Accuracy requires that the evidence presented be true and that findings be correctly portrayed. The need for accuracy is based on the need to assure readers that what is reported is credible and reliable. One inaccuracy in a report can cast doubt on the validity of an entire report and can divert attention from the substance of the report. Also, inaccurate reports can damage the credibility of the issuing audit organization and reduce the effectiveness of its reports. 7.55 The report should include only information, findings, and conclusions that are supported by competent and relevant evidence in the auditors' working papers. If data are significant to the audit findings and conclusions, but are not audited, the auditors should clearly indicate in their report the data's limitations and not make unwarranted conclusions or recommendations based on those data. 7.56 Reported evidence should demonstrate the correctness and reasonableness of the matters reported. Correct portrayal means describing accurately the audit scope and methodology, and presenting findings and conclusions in a manner consistent with the scope of audit work. Objective 7.57 Objectivity requires that the presentation of the entire report be balanced in content and tone. A report's credibility is significantly enhanced when it presents evidence in an unbiased manner so that readers can be persuaded by the facts. 7.58 The audit report should be fair and not misleading, and should place the audit results in perspective. This means presenting the audit results impartially and guarding against the tendency to exaggerate or overemphasize deficient performance. In describing shortcomings in performance, auditors should present the explanation of responsible officials including the consideration of any unusual difficulties or circumstances they faced. 7.59 The tone of reports should encourage decisionmakers to act on the auditors' findings and recommendations. Although findings should be presented clearly and forthrightly, the auditors should keep in mind that one of their objectives is to persuade, and that this can best be done by avoiding language that generates defensiveness and opposition. Although criticism of past performance is often necessary, the report should emphasize needed improvements. Convincing 7.60 Being convincing requires that the audit results be responsive to the audit objectives, the findings be presented persuasively, and the conclusions and recommendations follow logically from the facts presented. The information presented should be sufficient to convince the readers to recognize the validity of the findings, the reasonableness of the conclusions, and the benefit of implementing the recommendations. Reports designed in this way can help focus the attention of responsible officials on the matters that warrant attention and can help stimulate correction. Clear 7.61 Clarity requires that the report be easy to read and understand. Reports should be written in language as clear and simple as the subject permits. 7.62 Use of straightforward, nontechnical language is essential to simplicity of presentation. If technical terms and unfamiliar abbreviations and acronyms are used, they should be clearly defined. Acronyms should be used sparingly. 7.63 Logical organization of material, and accuracy and precision in stating facts and in drawing conclusions, are essential to clarity and understanding. Effective use of titles and captions and topic sentences make the report easier to read and understand. Visual aids (such as pictures, charts, graphs, and maps) should be used when appropriate to clarify and summarize complex material. Concise 7.64 Being concise requires that the report be no longer than necessary to convey and support the message. Too much detail detracts from a report, may even conceal the real message, and may confuse or discourage readers. Also, needless repetition should be avoided. 7.65 Although room exists for considerable judgment in determining the content of reports, those that are complete, but still concise, are likely to achieve greater results.
Contents Previous Next	Report Distribution 7.66 The fifth reporting standard for performance audits is: Written audit reports are to be submitted by the audit organization to the appropriate officials of the auditee and to the appropriate officials of the organizations requiring or arranging for the audits, including external funding organizations, unless legal restrictions prevent it. Copies of the reports should also be sent to other officials who have legal oversight authority or who may be responsible for acting on audit findings and recommendations and to others authorized to receive such reports. Unless restricted by law or regulation, copies should be made available for public inspection. 7.67 Audit reports should be distributed in a timely manner to officials interested in the results. Such officials include those designated by law or regulation to receive such reports, those responsible for acting on the findings and recommendations, those of other levels of government who have provided assistance to the auditee, and legislators. However, if the subject of the audit involves material that is classified for security purposes or is not releasable to particular parties or the public for other valid reasons, auditors may limit the report distribution. 7.68 When nongovernment audit organizations are engaged, the engaging government organization should ensure that the report is distributed appropriately. If the nongovernment audit organization is to make the distribution, the engagement agreement should indicate what officials or organizations should receive the report. 7.69 Internal auditors should follow their entity's own arrangements and statutory requirements for distribution. Usually, they report to their entity's top managers, who are responsible for distribution of the report. If you have questions about Government Auditing Standards, send email to yellowbook@gao.gov. Updated 8/13/99