CARE-Based Audit Methodology To Review and Evaluate Agency Accounting and Financial Management Systems
AFMD-84-75: Published: Sep 28, 1984. Publicly Released: Sep 28, 1984.
- Full Report:
GAO has developed a Controls and Risk Evaluation (CARE) based audit methodology to be used to: (1) identify agencies' accounting and financial management systems; (2) identify and evaluate the adequacy of controls in these systems; and (3) determine the degree of a system's compliance with GAO accounting principles, standards, and other requirements.
The CARE audit methodology includes general risk analysis, transaction flow review, compliance testing, and substantive testing. During general risk analysis, an auditor acquires an overview of an activity, gains an understanding of its general control environment and overall financial management structure, makes a preliminary determination of each identified system's internal control objectives and relevant accounting principles and standards, and applies a number risk ranking factors. For high-risk systems, a transaction flow review is suggested in which the auditor identifies the major types of transactions and refinement of internal control objectives. Through compliance tests and analysis, an auditor can design a set of test transactions to determine whether the processes and controls identified in the transaction flow review actually function as intended. After considering the potential impact of any deviations from requirements, an auditor can form an overall opinion of a system and its internal controls and may decide to perform substantive testing to determine the impact of deviations from standards and other requirements. GAO will usually report these deviations and their impacts to agency heads with recommendations for correction.