This is the accessible text file for GAO report number GAO-01-765G
entitled 'Financial Audit Manual: Volumes 1 and 2' which was released
on August 01, 2001 and updated by GAO-03-466G entitled 'Financial
Audit Manual: Update to Part II - Tools' which was released on April
01, 2003.
This text file was formatted by the U.S. General Accounting Office
(GAO) to be accessible to users with visual impairments, as part of a
longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
[This page intentionally left blank.]
GAO/PCIE Financial Audit Manual:
(including April 2003 update):
This page was last revised April 28 ,2003:
Volume 1 - Methodology [PDF 1.5mb]
Cover to Volume 1 [PDF 8.3mb]
Section 100 - Foreword, Table of Contents, Introduction:
Section 200 - Planning:
Section 300 - Internal Control:
Section 400 - Testing:
Section 500 - Reporting:
Section Appendixes - Appendixes, Glossary, Abbreviations, Index:
Volume 2 - Tools [PDF 3.0mb]
Cover to Volume 2 [PDF 8.3mb]
Section 600 - Planning and General:
Section 700 - Internal Control:
Section 800 - Compliance:
Section 900 - Substantive Testing:
Section 1000, except for CFO Act Checklist - Reporting:
CFO Act Checklist, Beginning - Overview, General Items, Balance Sheet:
CFO Act Checklist, End - Statements of Net Cost, Changes in Net
Position, Budgetary Resources, Financing, Custodial Activity, Notes,
and Supplementary Information:
Other Related Guidance:
GAO's FFMIA Reporting:
Download zipped files that allow users to enter data:
Sections 300, 400, and 500 - SCE (FAM 395 H - both transaction-related
and line item-related), ARA (FAM 395 I), sampling documentation (FAM
495 E), example audit report and summaries of misstatements (FAM 595 A,
B, C, and D):
Sections 600 and 700 - example documentation and templates for using
the work of others (FAM 650 B and C), agreed-upon procedures (FAM 660
A, B, C, and D), and testing compliance with FFMIA (FAM 701 A and B):
Section 800 - general compliance checklist (FAM 802) and summary and
audit procedures for other acts (FAM 803, 808, 809, 810, 812, 813, 814,
816, and 817):
Sections 900 and 1000, except CFO Act checklist - example documentation
and templates for related parties, including intragovernmental activity
and balances (FAM 902 C), Fund Balance with Treasury (FAM 921 D),
management representations (FAM 1001 A), inquiries of legal counsel
(FAM 1002 A, B, C, and D), audit completion checklist (FAM 1003), and
subsequent events review (FAM 1005):
CFO Act checklist (FAM 1004):
Financial Audit Manual:
Foreword:
On behalf of the General Accounting Office (GAO) and the President's
Council on Integrity and Efficiency (PCIE), we are pleased to present
the first-ever GAO/PCIE Financial Audit Manual.
With passage of the Government Management and Reform Act of 1994,
executive branch Inspectors General and GAO gained statutory
responsibility for auditing agency and government-wide consolidated
financial statements, respectively. Since that time, GAO and the PCIE
community have worked cooperatively to ensure that these audits are of
the highest possible quality, consistency, and cost-effectiveness. This
manual is a natural outgrowth of that cooperation. More importantly,
the new manual represents our ongoing efforts to ensure that financial
statement audits achieve their intended outcomes of providing enhanced
accountability over taxpayer-provided resources.
We extend our thanks to the many individuals and organizations that
provided comments and insights to make the manual stronger. The Task
Force assembled by GAO and the PCIE also deserves much credit for its
dedication to completing this project.
Jeffrey C. Steinhoff
Managing Director
U.S. General Accounting Office
The Honorable Gregory H. Friedman:
Chair, Audit Committee:
President's Council on Integrity and Efficiency:
Signed by Jeffrey C. Steinhoff and Gregory H. Friedman:
[End of section]
CONTENTS:
:
100; INTRODUCTION.
200; PLANNING PHASE.
210; Overview.
220; Understand the Entity's Operations.
225; Perform Preliminary Analytical Procedures.
230; Determine Planning, Design, and Test Materiality.
235; Identify Significant Line Items, Accounts, Assertions, and RSSI.
240; Identify Significant Cycles, Accounting Applications, and
Financial Management Systems.
245; Identify Significant Provisions of Laws and Regulations.
250; Identify Relevant Budget Restrictions.
260; Identify Risk Factors.
270; Determine Likelihood of Effective Information System Controls.
275; Identify Relevant Operations Controls to Evaluate and Test.
280; Plan Other Audit Procedures.
* Inquiries of Attorneys.
* Management Representations.
* Related Party Transactions.
* Sensitive Payments.
* Reaching an Understanding with Management and Requesters.
* Other Audit Requirements.
285; Plan Locations to Visit.
290; Documentation.
* Appendixes to Section 200:
295 A; Potential Inherent Risk Conditions.
295 B; Potential Control Environment, Risk Assessment, Communication,
and Monitoring Weaknesses.
295 C; An Approach for Multiple-Location Audits.
295 D; Interim Substantive Testing of Balance Sheet Accounts.
295 E; Effect of Risk on Extent of Audit Procedures.
295 F; Types of Information System Controls.
295 G; Budget Controls.
295 H; Laws Identified in OMB Audit Guidance and Other General Laws.
295 I; Examples of Auditor Responses to Fraud Risk Factors.
295 J; Steps in Assessing Information System Controls.
300; INTERNAL CONTROL PHASE.
310; Overview.
320; Understand Information Systems.
330; Identify Control Objectives.
340; Identify and Understand Relevant Control Activities.
350; Determine the Nature, Timing, and Extent of Control Tests and of
Tests for Systems' Compliance with FFMIA Requirements.
360; Perform Nonsampling Control Tests and Tests for Systems'
Compliance with FFMIA Requirements.
370; Assess Controls on a Preliminary Basis.
380; Other Considerations.
390; Documentation.
Appendixes to Section 300:
395 A; Typical Relationships of Accounting Applications to Line Items/
Accounts.
395 B; Financial Statement Assertions and Potential Misstatements.
395 C; Typical Control Activities.
395 D; Selected Statutes Relevant to Budget Execution.
395 E; Budget Execution Process.
395 F; Budget Control Objectives.
395 F Sup; Budget Control Objectives - Federal Credit Reform Act
Supplement.
395 G; Rotation Testing of Controls.
395 H; Specific Control Evaluation Worksheet.
395 I; Account Risk Analysis Form.
400; TESTING PHASE.
410; Overview.
420; Consider the Nature, Timing, and Extent of Tests.
430; Design Efficient Tests.
440; Perform Tests and Evaluate Results.
450; Sampling Control Tests.
460; Compliance Tests.
470; Substantive Tests - Overview.
475; Substantive Analytical Procedures.
480; Substantive Detail Tests.
490; Documentation.
Appendixes to Section 400:
495 A; Determining Whether Substantive Analytical Procedures Will Be
Efficient and Effective.
495 B; Example Procedures for Tests of Budget Information.
495 C; Guidance for Interim Testing.
495 D; Example of Audit Matrix with Statistical Risk Factors.
495 E; Sampling.
495 F; Manually Selecting a Dollar Unit Sampling.
500; REPORTING PHASE.
510; Overview.
520; Perform Overall Analytical Procedures.
530; Determine Adequacy of Audit Procedures and Audit Scope.
540; Evaluate Misstatements.
550; Conclude Other Audit Procedures.
* Inquiries of Attorneys.
* Subsequent Events.
* Management Representations.
* Related Party Transactions.
560; Determine Conformity with Generally Accepted Accounting
Principles.
570; Determine Compliance with GAO/PCIE Financial Audit Manual.
580; Draft Reports.
* Financial Statements.
* Internal Control.
* Financial Management Systems.
* Compliance with Laws and Regulations.
* Other Information in the Accountability Report.
590; Documentation.
Appendixes to Section 500:
595 A; Example Auditor's Report - Unqualified.
595 B; Suggested Modifications to Auditor's Report.
595 C; Example Summary of Possible Adjustments.
595 D; Example Summary of Unadjusted Misstatements.
APPENDIXES.
A; Consultations.
B; Instances Where the Auditor "Must" Comply with the FAM.
GLOSSARY.
ABBREVIATIONS.
INDEX.
[End of table]
SECTION 100:
Introduction:
Table 1: Methodology Overview:
Figure 100.1: Methodology Overview:
Planning Phase:
Understand the entity's operations: Section: 220:
Perform preliminary analytical procedures: Section: 225:
Determine planning, design, and test materiality: Section: 230:
Identify significant line items, accounts, assertions, and RSSI:
Section: 235:
Identify significant cycles, accounting applications, and financial
management systems: Section: 240:
Identify significant provisions of laws and regulations: Section: 245:
Identify relevant budget restrictions: Section: 250:
Assess risk factors: Section: 260:
Determine likelihood of effective information system controls:
Section: 270:
Identify relevant operations controls to evaluate and test: Section:
275:
Plan other audit procedures: Section: 280:
Plan locations to visit: Section: 285:
Internal Control Phase:
Understand information systems: Section: 320:
Identify control objectives: Section: 330:
Identify and understand relevant control activities: Section: 340:
Determine the nature, timing, and extent of control tests and of tests
for systems' compliance with FFMIA requirements: Section: 350:
Perform nonsampling control tests and tests for systems' compliance
with FFMIA requirements: Section: 360:
Assess controls on a preliminary basis: Section: 370:
Testing Phase:
Consider the nature, timing, and extent of tests: Section: 420:
Design efficient tests: Section: 430:
Perform tests and evaluate results: Section: 440:
Sampling control tests: Section: 450:
Compliance tests: Section: 460:
Substantive tests: Section: 470:
Substantive analytical procedures: Section: 475:
Substantive detail tests: Section: 480:
Reporting Phase:
Perform overall analytical procedures: Section: 520:
Determine adequacy of audit procedures and audit scope: Section: 530:
Evaluate misstatements: Section: 540:
Conclude other audit procedures: Section: 550:
Inquire of attorneys:
Consider subsequent events:
Obtain management representations:
Consider related party transactions:
Determine conformity with generally accepted accounting
principles: Section: 560:
Determine compliance with GAO/PCIE Financial Audit Manual: Section: 570:
Draft reports: Section: 580:
[End of table]
.01: This introduction provides an overview of the methodology of the
General Accounting Office (GAO) and the President's Council on
Integrity and Efficiency (PCIE) for performing financial statement
audits of federal entities, describes how the methodology relates to
relevant auditing and attestation standards and Office of Management
and Budget (OMB) guidance, and outlines key issues to be considered in
using the methodology.
OVERVIEW OF THE METHODOLOGY:
.02 The overall purposes of performing financial statement audits of
federal entities include providing decisionmakers (financial statement
users) with assurance as to whether the financial statements are
reliable, internal control is effective, and laws and regulations are
complied with. To achieve these purposes, the approach to federal
financial statement audits involves four phases:
* Plan the audit to obtain relevant information in the most efficient
manner.
* Evaluate the effectiveness of the entity's internal control and, for
Chief Financial Officers (CFO) Act Agencies and components designated
by OMB, whether financial management systems substantially comply with
the requirements of the Federal Financial Management Improvement Act of
1996 (FFMIA): federal financial management systems requirements,
applicable federal accounting standards,[Footnote 1] and the U.S.
Government Standard General Ledger (SGL) at the transaction
level.[Footnote 2]
* Test the significant assertions related to the financial statements
and test compliance with laws and regulations.
* Report the results of audit procedures performed.
These phases are illustrated in figure 100.1 and are summarized below.
[Footnote 3]
Planning Phase:
.03: Although planning continues throughout the audit, the objectives
of this initial phase are to identify significant areas and to design
efficient audit procedures. To accomplish this, the methodology
includes guidance to help in
* understanding the entity's operations, including its organization,
management style, and internal and external factors influencing the
operating environment;
* identifying significant accounts, accounting applications, and
financial management systems; important budget restrictions,
significant provisions of laws and regulations; and relevant controls
over the entity's operations;
determining the likelihood of effective information systems (IS)
controls;
performing a preliminary risk assessment to identify high-risk areas,
including considering the risk of fraud; and:
planning entity field locations to visit.
Internal Control Phase:
.04: This phase entails evaluating and testing internal control to
support the auditor's conclusions about the achievement of the following
internal control objectives:
Reliability of financial reporting--transactions are properly
recorded, processed, and summarized to permit the preparation of the
principal statements and required supplementary stewardship
information (RSSI) in accordance with generally accepted accounting
principles (GAAP), and assets are safeguarded against loss from
unauthorized acquisition, use, or disposition.
Compliance with applicable laws and regulations--transactions are
executed in accordance with (a) laws governing the use of budget
authority and other laws and regulations that could have a direct and
material effect on the principal statements or RSSI and (b) any other
laws, regulations, and governmentwide policies identified by OMB in its
audit guidance.
OMB audit guidance requires the auditor to test controls that have been
properly designed to achieve these objectives and placed in operation,
to support a low assessed level of control risk. This may be enough
testing to give an opinion on internal control. GAO audits should be
designed to give an opinion on internal control.[Footnote 4] If the
auditor does not give an opinion, generally accepted government
auditing standards (GAGAS) require the report to state whether tests
were sufficient to give an opinion.
.05:
OMB's audit guidance includes a third objective of internal control,
related to performance measures. The auditor is required to understand
the components of internal control relating to the existence and
completeness assertions and to report on internal controls that have
not been properly designed and placed in operation, rather than to test
controls.
.06:
This manual also provides guidance on evaluating internal controls
related to operating objectives that the auditor elects to evaluate.
Such controls include those related to safeguarding assets from waste
or preparing statistical reports.
.07:
To evaluate internal control, the auditor identifies and understands
the relevant controls and tests their effectiveness. Where controls are
considered to be effective, the extent of substantive testing can be
reduced.
.08: The methodology includes guidance on:
* assessing specific levels of control risk,
* selecting controls to test,
* determining the effectiveness of IS controls, and:
* testing controls, including coordinating control tests with the
testing phase.
.09:
Also, during the internal control phase, for CFO Act agencies and their
components identified in OMB's audit guidance, the auditor should
understand the entity's significant financial management systems and
test their compliance with FFMIA requirements.
Testing Phase:
.10: The objectives of this phase are to (1) obtain reasonable assurance
about whether the financial statements are free from material
misstatements, (2) determine whether the entity complied with
significant provisions of applicable laws and regulations, and (3)
assess the effectiveness of internal control through control tests that
are coordinated with other tests.
.11: To achieve these objectives, the methodology includes guidance on:
* designing and performing substantive, compliance, and control tests;
* designing and evaluating audit samples;
* correlating risk and materiality with the nature, timing, and extent
of substantive tests; and:
* designing multipurpose tests that use a common sample to test several
different controls and specific accounts or transactions.
Reporting Phase:
.12: This phase completes the audit by reporting useful information
about the entity, based on the results of audit procedures performed in
the preceding phases. This involves developing the auditor's report on
the entity's (1) financial statements (also called Principal Statements)
and other information (management's discussion and analysis [MD&A] or
the overview, RSSI, other required supplementary information, and other
accompanying information), (2) internal control, (3) whether the
financial management systems substantially comply with FFMIA
requirements, and (4) compliance with laws and regulations. To assist
in this process, the methodology includes guidance on forming opinions
on the principal statements and conclusions on internal control, as
well as how to determine which findings should be reported. Also
included is an example report designed to be understandable to the
reader.
RELATIONSHIP TO APPLICABLE STANDARDS:
.13: The following section describes the relationship of this audit
methodology to applicable auditing standards, OMB guidance, and other
policy requirements. It is organized into three areas:
* relevant auditing standards and OMB guidance,
* audit requirements beyond the "yellow book," and:
* auditing standards and other policies not addressed in this manual.
Relevant Auditing Standards and OMB Guidance:
.14: This manual provides a framework for performing financial statement
audits in accordance with Government Auditing Standards (also known as
generally accepted government auditing standards or GAGAS) issued by
the Comptroller General of the United States ("yellow book");
incorporated generally accepted auditing standards (GAAS) and
attestation standards established by the American Institute of
Certified Public Accountants (AICPA); and OMB's audit guidance.
.15: This manual describes an audit methodology that both integrates the
requirements of the standards and provides implementation guidance. The
methodology is designed to achieve:
* effective audits by considering compliance with the CFO Act, FFMIA,
GAGAS, and OMB guidance;
* efficient audits by focusing audit procedures on areas of higher risk
and materiality and by providing an integrated approach designed to
gather evidence efficiently;
* quality control through an agreed-upon framework that can be followed
by all personnel; and:
* consistency of application through a documented methodology.
.16:
The manual supplements GAGAS and OMB's audit guidance. References are
made to Statements on Auditing Standards (preceded by the prefix "AU")
and Statements on Standards for Attestation Engagements (SSAE)
(preceded by the prefix "AT") of the Codification of Statements on
Auditing Standards, issued by the AICPA, that are incorporated into
GAGAS.
Audit Requirements Beyond the "Yellow Book":
.17:
In addition to meeting GAGAS requirements, audits of federal entities
to which OMB's audit guidance applies must be designed to achieve the
following objectives described in OMB's audit guidance:
* responsibility for performing sufficient tests of internal controls
that have been properly designed and placed in operation, to support a
low assessed level of control risk;
* expansion of the nature of controls that are evaluated and tested to
include controls related to RSSI, budget execution, and compliance with
laws and regulations;
* responsibility to understand the components of internal control
relating to the existence and completeness assertions relevant to the
performance measures included in the MD&A, in order to report on
controls that have not been properly designed and placed in operation;
* responsibility to consider the entity's process for complying with 31
U.S.C. 3512 (the Federal Managers' Financial Integrity Act (FMFIA));
* responsibility to perform tests at CFO Act agencies and components
identified by OMB to report on the entity's financial management
systems' substantial compliance with FFMIA requirements;
* responsibility to test for compliance with laws, regulations, and
governmentwide policies identified in OMB's audit guidance at CFO Act
agencies (regardless of their materiality to the audit); and:
* responsibility to consider conformity of the MD&A, RSSI, required
supplementary information, and other accompanying information with
FASAB requirements and OMB guidance.
.18:
To help achieve the goals of the CFO Act, GAO audits should be designed
to achieve the following objectives,[Footnote 5] in addition to those
described in OMB's audit guidance:
* Provide an opinion on internal control.
* Determine the effects of misstatements and internal control weaknesses
on (1) the achievement of operations control objectives, (2) the
accuracy of reports prepared by the entity, and (3) the formulation of
the budget.
* Determine whether specific control activities are properly designed and
placed in operation, even if a poor control environment precludes their
effectiveness.
* Understand the components of internal control relating to the
valuation assertion relevant to performance measures reported in the
MD&A in order to report on controls that have not been properly
designed and placed in operation.
Auditing Standards and Other Policies Not Addressed in the Manual:
.19: This manual was designed to supplement financial audit and other
policies and procedures adopted by GAO and Inspectors General (IGs). As
such, it was not intended to address in detail all requirements. For
example, report processing is not addressed.
.20: Updates to this manual that include additional audit guidance and
practice aids, such as checklists and audit programs, will be issued
from time to time. GAO and a team representing the PCIE audit committee
will be responsible for preparing the updates. There will be an
exposure process for significant updates.
KEY IMPLEMENTATION ISSUES:
.21: The auditor should consider the following factors in applying the
methodology to a particular entity:
* audit objectives,
* exercise of professional judgment,
* references to positions,
* use of IS auditors,
* compliance with policies and procedures in the manual,
* use of technical terms, and:
* reference to GAO/PCIE Financial Audit Manual (FAM).
Audit Objectives:
.22:
While certain federal entities are not subject to OMB audit guidance,
financial statement audits of all federal entities should be conducted
in accordance with this guidance to the extent applicable to achieve
the audit's objectives. The manual generally assumes that the objective
of the audit is to render an opinion on the current year financial
statements, a report on internal control, and a report on compliance.
Where these are not the objectives, the auditor should use judgment in
applying the guidance. In some circumstances, the auditor will expect
to issue a disclaimer on the current year financial statements (because
of scope limitations). In these circumstances, the auditor may develop
a multiyear plan to be able to render an opinion when the financial
statements are expected to become auditable.
Exercise of Professional Judgment:
.23:
In performing a financial statement audit, the auditor should exercise
professional judgment. Consequently, the auditor should tailor the
guidance in the manual to respond to situations encountered in an
audit. However, the auditor must exercise judgment properly, assuring
that, at a minimum, the work meets professional standards. Proper
application of professional judgment could result in additional or more
extensive audit procedures than described in this manual.
.24:
In addition, when exercising judgment, the auditor should consider the
needs of, and consult in a timely manner with, other auditors who plan
to use the work being performed. In turn, the auditor should coordinate
with other auditors whose work he or she wishes to use so that the
judgments exercised can satisfy the needs of both auditors. For
example, auditors of a consolidated entity (such as the US Government
or an entire department or agency) are likely to plan to use the work
of auditors of subsidiary entities (such as individual departments and
agencies or bureaus and components of a department). This coordination
can result in more economy, efficiency, and effectiveness of government
audits in general and avoid duplication of effort.
.25: Many aspects of the audit require technical judgments. The auditor
should ensure a person(s) with adequate technical expertise is (are)
available, especially in the following areas:
* quantifying planning materiality, design materiality, and test
materiality and using materiality as one consideration in determining
the extent of testing (see section 230);
* specifying a minimum level of substantive assurance based on the
assessed combined risk, analytical procedures, and detail tests (see
sections 470, 480, and 495 D);
* documenting whether selections are samples (intended to be
representative and projected to populations) or nonsampling selections
that are not projectible (see section 480);
* using sampling methods, such as dollar-unit sampling, classical
variables estimation sampling, or classical probability proportional to
size (PPS) sampling, for substantive or multipurpose testing (including
nonstatistical sampling) (see section 480);
* using sampling for control testing, other than attribute sampling using
the tables in section 450 to determine sample size when not performing
a multipurpose test;
* using sampling for compliance testing of laws and regulations, other
than attribute sampling using the tables in section 460 to determine
sample size when not performing a multipurpose test; and:
* placing complete or partial reliance on analytical procedures, using
test materiality to calculate the limit. The limit is the amount of
difference between the expected and recorded amounts that can be
accepted without further investigation (see section 475).
References to Positions:
.26: Various sections of this manual make reference to consultation with
audit management and/or persons with technical expertise to obtain
approval or additional guidance. Key consultations should be documented
in the audit workpapers. Each audit organization should document, in
the workpapers or its audit policy manual, the specific positions of
persons who will perform these functions. An IG using a firm to perform
an audit in accordance with this manual should clarify and document the
positions of the persons the firm should consult in various
circumstances.
* The Assistant Director is the top person responsible for the
day-to-day conduct of the audit.
* The Audit Director is the senior manager responsible for the technical
quality of the financial statement audit, reporting to the Assistant
Inspector General for Audit or, at GAO, to the Managing Director.
* The Reviewer is the senior manager responsible for the quality of the
auditor's reports, reporting to the Assistant Inspector General for
Audit (or higher position) or, at GAO, is the Managing Director or the
second partner. The Reviewer may consult with others.
* The Statistician is the person the auditor consults for technical
expertise in areas such as audit sampling, audit sample evaluation, and
selecting entity field locations to visit.
* The Data Extraction Specialist is the person with technical expertise
in extracting data from agency records.
* The Technical Accounting and Auditing Expert is the senior manager
reporting to the Assistant Inspector General for Audit or higher or, at
GAO, is the Chief Accountant. The Technical Accounting and Auditing
Expert advises on accounting and auditing professional matters and
related national issues. The Technical Accounting and Auditing Expert
reviews reports on financial statements and reports that contain
opinions on financial information.
* The Office of General Counsel (OGC) provides assistance to the auditor
in (1) identifying provisions of laws and regulations to test,
(2) identifying budget restrictions, and (3) identifying and resolving
legal issues encountered in the financial statement audit, such as
evaluating potential instances of noncompliance.
* The Special Investigator Unit investigates specific allegations
involving conflict-of-interest and ethics matters, contract and
procurement irregularities, official misconduct and abuse, and fraud in
federal programs or activities. In the offices of the IGs this is the
investigation unit; at GAO, it is Special Investigations. The Special
Investigator Unit provides assistance to the auditor by (1) informing
the auditor of relevant pending or completed investigations of the
entity and (2) investigating possible instances of federal fraud,
waste, and abuse.
Use of Information Systems Auditors:
.27: The audit standards (SAS 94) require that the audit team possess
sufficient knowledge of information systems (IS) to determine the
effect of IS on the audit, to understand the IS controls, and to design
and perform tests of IS controls and substantive tests. This is
generally done by having IS auditors as part of the audit team. IS
auditors should possess sufficient technical knowledge and experience
to understand the relevant concepts discussed in the manual and to
apply them to the audit. While the auditor is ultimately responsible
for assessing inherent and control risk, assessing the effectiveness of
IS controls requires a person with IS audit technical skills.
Specialized technical skills generally are needed in situations where,
(1) the entity's systems, automated controls, or the manner in which
they are used in conducting the entity's business are complex,
(2) significant changes have been made to existing systems or new
systems implemented, (3) data are extensively shared among systems, (4)
the entity participates in electronic commerce, (5) the entity uses
emerging technologies, or (6) significant audit evidence is available
only in electronic form. Appendix V of GAO's Federal Information System
Controls Audit Manual (FISCAM) contains examples of knowledge, skills,
and abilities needed by IS auditors. Certain financial auditors also
may possess IS audit technical skills. In some cases, the auditor may
require outside consultants to provide these skills.
Compliance With Policies and Procedures in the Manual:
.28: The following terms are used throughout the manual to describe the
degree of compliance with the policy or procedure required.
* Must: Compliance with this policy or procedure is mandatory unless an
exception is approved in writing by the Reviewer, [Footnote 6]such as
in certain instances when a disclaimer of opinion is anticipated.
* Should: Compliance with this policy or procedure is expected unless
there is a reasonable basis for departure from it. Any such departure
and the basis for it are to be documented in a memorandum. The
Assistant Director should approve this memorandum and copies should be
sent to the Audit Director and the Reviewer.
Generally Should: Compliance with this policy or procedure is strongly
encouraged. Departure from such policy or procedure should be discussed
with the Assistant Director or the audit manager.
* May: Compliance with this policy or procedure is optional.
When the auditor deviates from a policy or procedure that is expressed
by use of the term "must" or "should" in the FAM, he or she should
consider the needs of, and consult in a timely manner with, other
auditors who plan to use the work of the auditor and provide an
opportunity for the other auditors to review the documentation
explaining these deviation decisions.
Use of Technical Terms:
.29: The manual uses many existing technical auditing terms and
introduces many others. To assist you, a glossary of significant terms
is included in this manual.
Reference to GAO/PCIE Financial Audit Manual:
.30: When cited in workpapers, correspondence, or other communication,
the letters "FAM" should precede section or paragraph numbers from this
manual. For example, this paragraph should be referred to as FAM
100.30.
FOOTNOTES
[1] In October 1999 the American Institute of Certified Public
Accountants (AICPA) recognized the Federal Accounting Standards
Advisory Board (FASAB) as the accounting standards-setting body for
federal government entities under Rule 203 of the AICPA's Code of
Professional Conduct. Thus, FASAB standards are recognized as generally
accepted accounting principles (GAAP) for federal entities. FASAB
standards (Statement of Federal Financial Accounting Standards No. 8,
paragraph .40) allow government corporations and certain other federal
entities to report using GAAP issued by the Financial Accounting
Standards Board (FASB).
[2] Testing for FFMIA is most efficiently accomplished, for the most
part, as part of the work done in understanding agency systems in the
Internal Control phase of the audit.
[3] The methodology presented is for performance of a financial
statement audit. If the auditor is to use the work of another auditor,
see FAM section 650 (under revision).
[4] AICPA attestation standards allow the auditor to give an opinion on
internal control or on management's assertion about the effectiveness
of internal control (except that if material weaknesses are present,
the opinion must be on internal control, not management's assertion).
The example report in this manual assumes the opinion will be on
internal control directly.
[5] The manual refers specifically to objectives of GAO audits in various sections. Such objectives are optional for other audit organizations.
[6] Capitalized positions are described in paragraph 100.25.
SECTION 200:
Planning Phase:
Table 1: Methodology Overview:
Planning Phase:
* Understand the entity's operations: 220;
* Perform preliminary analytical procedures: 225;
* Determine planning, design, and test materiality: 230;
* Identify significant line items, accounts, assertions, and RSSI: 235;
* Identify significant cycles, accounting applications, and financial
management systems: 240;
* Identify significant provisions of laws and regulations: 245;
* Identify relevant budget restrictions: 250;
* Identify risk factors: 260;
* Determine likelihood of effective information system controls: 270;
* Identify relevant operations controls to evaluate and test: 275;
* Plan other audit procedures: 280;
* Plan locations to visit: 285.
Internal Control Phase:
* Understand information systems: 320;
* Identify control objectives: 330;
* Identify and understand relevant control activities: 340;
* Determine the nature, timing, and extent of control tests and of
tests for systems' compliance with FFMIA requirements: 350;
* Perform nonsampling control tests and tests for systems' compliance
with FFMIA requirements: 360;
* Assess controls on a preliminary basis: 370.
Testing Phase:
* Consider the nature, timing, and extent of tests: 420;
* Design efficient tests: 430;
* Perform tests and evaluate results: 440;
* Sampling control tests: 450;
* Compliance tests: 460;
* Substantive tests: 470;
* Substantive analytical procedures: 475;
* Substantive detail tests: 480.
Reporting Phase: Section:
* Perform overall analytical procedures: 520;
* Determine adequacy of audit procedures and audit scope: 530;
* Evaluate misstatements: 540;
* Conclude other audit procedures: 550;
* Inquire of attorneys;
* Consider subsequent events;
* Obtain management representations;
* Consider related party transactions;
* Determine conformity with generally accepted accounting
principles: 560;
* Determine compliance with GAO/PCIE Financial Audit Manual: 570;
* Draft reports: 580.
[End of table]
210: Overview:
.01: The auditor performs planning to determine an effective and
efficient way to obtain the evidential matter necessary to report on
the entity's Accountability Report (or annual financial statement).
The nature, extent, and timing of planning varies with, for example,
the entity's size and complexity, the auditor's experience with the
entity, and the auditor's knowledge of the entity's operations.
Procedures performed in the planning phase are shown in figure 200.1.
.02:
A key to a quality audit, planning requires the involvement of senior
members of the audit team. Although concentrated in the planning phase,
planning is an iterative process performed throughout the audit. For
example, findings from the internal control phase directly affect
planning the substantive audit procedures. Also, the results of control
and substantive tests may require changes in the planned audit
approach.
.03:
Auditors should consider the needs of, and consult in a timely manner
with, other auditors who plan to use the work being performed,
especially when making decisions that require the auditor to exercise
significant judgment.
220: Understand the Entity's Operations:
.01:
The auditor should obtain an understanding of the entity sufficient to
plan and perform the audit in accordance with applicable auditing
standards and requirements. In planning the audit, the auditor gathers
information to obtain an overall understanding of the entity and its
origin and history, size and location, organization, mission, business,
strategies, inherent risks, fraud risks, control environment, risk
assessment, communications, and monitoring. Understanding the entity's
operations in the planning process enables the auditor to identify,
respond to, and resolve accounting and auditing problems early in the
audit.
.02:
The auditor's understanding of the entity and its operations does not
need to be comprehensive but should include:
* entity management and organization,
* external factors affecting operations,
* internal factors affecting operations, and:
* accounting policies and issues.
.03:
The auditor should identify key members of management and obtain a
general understanding of the organizational structure. The auditor's
main objective is to understand how the entity is managed and how the
organization is structured for the particular management style.
.04:
The auditor should identify significant external and internal factors
that affect the entity's operations. External factors might include (1)
source(s) of funds, (2) seasonal fluctuations, (3) current political
climate, and (4) relevant legislation. Internal factors might include
(1) size of the entity, (2) number of locations, (3) structure of the
entity (centralized or decentralized), (4) complexity of operations,
(5) information system structure, (6) qualifications and competence of
key personnel, and (7) turnover of key personnel.
.05:
In identifying accounting policies and issues, the auditor should
consider:
* generally accepted accounting principles, including whether the
entity is likely to be in compliance;
* changes in GAAP that affect the entity; and:
* whether entity management appears to follow aggressive or
conservative accounting policies.
.06:
The auditor also should consider whether the entity will report any
required supplementary stewardship information (RSSI). This includes
stewardship property, plant, and equipment (PP&E) (heritage assets,
national defense assets, and stewardship land), stewardship investments
(nonfederal physical property, human capital, and research and
development), social insurance, and risk-assumed information. RSSI and
deferred maintenance, which is considered required supplementary
information, should be designated "unaudited.":
.07:
The auditor should develop and document a high-level understanding of
the entity's use of information systems (IS) and how IS affect the
generation of financial statement information, RSSI, and the data that
support performance measures reported in the MD&A (overview) of the
Accountability Report (CFO report). An IS auditor may assist the
auditor in understanding the entity's use of IS. Appendix I of the GAO
Federal Information System Controls Manual (FISCAM) can be used to
document this understanding.
.08:
The auditor gathers planning information through different methods
(observation, interviews, reading policy and procedure manuals, etc.)
and from a variety of sources, including:
* top-level entity management,
* entity management responsible for significant programs,
* Office of Inspector General (IG) and internal audit management
(including any internal control officer),
* others in the audit organization concerning other completed, planned
or in-progress assignments,
* personnel in OGC,
* personnel in the Special Investigator Unit, and:
* entity legal representatives.
.09:
The auditor gathers information from relevant reports and articles
issued by or about the entity, including:
* the entity's prior Accountability Reports;
* other financial information;
* FMFIA reports and supporting documentation;
* reports by management or the auditor about systems' substantial
compliance with FFMIA requirements;
* the entity's budget and related reports on budget execution;
* GAO reports;
* IG and internal audit reports (including those for performance audits
and other reviews);
* congressional hearings and reports;
* consultant reports; and:
* material published about the entity in newspapers, magazines, internet
sites, and other publications.
225: Perform Preliminary Analytical Procedures:
.01:
During the planning phase, preliminary analytical procedures are
performed to help the auditor:
* understand the entity's business, including current-year transactions
and events;
* identify account balances or transactions that may signal inherent or
control risks (see section 260);
* identify and understand the significant accounting policies;
* determine planning, design, and test materiality (see section 230);
and:
* determine the nature, timing, and extent of audit procedures to be
performed.
.02:
GAAS requires the auditor to perform preliminary analytical procedures
(AU 329). The resources spent in performing these procedures should be
commensurate with the expected reliability of comparative information.
For example, in a first-year audit, comparative information might be
unreliable; therefore, preliminary analytical procedures generally
should be limited.
.03:
The auditor generally should perform the following steps to achieve the
objectives of preliminary analytical procedures.
a. Compare current-year amounts with relevant comparative financial
information: The financial data used in preliminary analytical
procedures generally are summarized at a high level, such as the level
of financial statements. If financial statements are not available, the
budget or financial summaries that show the entity's financial position
and results of operations may be used.
The auditor compares current-year amounts with relevant comparative
financial information. Use of unaudited comparative data might not
allow the auditor to identify significant fluctuations, particularly if
an item consistently has been treated incorrectly. Also, the auditor
may identify fluctuations that are not really fluctuations due to
errors in the unaudited comparative data.
A key to effective preliminary analytical procedures is to use
information that is comparable in terms of the time period presented
and the presentation (i.e., same level of detail and consistent
grouping of detail accounts into summarized amounts used for
comparison).
The auditor may perform ratio analysis on current-year data and compare
the current year's ratios with those derived from prior periods or
budgets. The auditor does this to study the relationships among
components of the financial statements and to increase knowledge of the
entity's activities. The auditor uses ratios that are relevant
indicators or measures for the entity. Also, the auditor should
consider any trends in the performance indicators prepared by the
entity.
b. Identify significant fluctuations: Fluctuations are differences
between the recorded amounts and the amounts expected by the auditor,
based on comparative financial information and the auditor's knowledge
of the entity. Fluctuations refer to both unexpected differences
between current-year amounts and comparative financial information as
well as the absence of expected differences. The identification of
fluctuations is a matter of the auditor's judgment.
The auditor establishes parameters for identifying significant
fluctuations. When setting these parameters, the auditor generally
considers the amount of the fluctuation in terms of absolute size and/
or the percentage difference. The amount and percentage used are left
to the auditor's judgment. An example of a parameter is "All
fluctuations in excess of $10 million and/or 15 percent of the prior-
year balance or other unusual fluctuations will be considered
significant.":
c. Inquire about significant fluctuations: The auditor discusses the
identified fluctuations with appropriate entity personnel. The focus of
the discussion is to achieve the purposes of the procedures described
in paragraph 225.01. For preliminary analytical procedures, the auditor
does not need to corroborate the explanations since they will be tested
later. However, the explanations should appear reasonable and
consistent to the auditor. The inability of entity personnel to explain
the cause of a fluctuation may indicate the existence of control,
fraud, and/or inherent risks.
230: Determine Planning, Design, and Test Materiality:
.01:
Materiality is one of several tools the auditor uses to determine that
the planned nature, timing, and extent of procedures are appropriate.
As defined in Financial Accounting Standards Board (FASB) Statement of
Financial Concepts No. 2., materiality represents the magnitude of an
omission or misstatement of an item in a financial report that, in
light of surrounding circumstances, makes it probable that the judgment
of a reasonable person relying on the information would have been
changed or influenced by the inclusion or correction of the item.
.02:
Materiality is based on the concept that items of little importance,
which do not affect the judgment or conduct of a reasonable user, do
not require auditor investigation. Materiality has both quantitative
and qualitative aspects. Even though quantitatively immaterial, certain
types of misstatements could have a material impact on or warrant
disclosure in the financial statements for qualitative reasons.
.03:
For example, intentional misstatements or omissions (fraud) usually are
more critical to the financial statement users than are unintentional
errors of equal amounts. This is because the users generally consider
an intentional misstatement more serious than clerical errors of the
same amount.
.04:
GAGAS and incorporated GAAS require the auditor to consider materiality
in planning, designing procedures, and considering need for disclosure
in the audit report. AU 312 requires the auditor, in planning the
audit, to consider his/her preliminary judgment about materiality
levels. The "yellow book" states that materiality is a matter of
professional judgment influenced by the needs of the reasonable person
relying on the financial statements. Materiality judgments are made in
the light of surrounding circumstances and involve both quantitative
and qualitative considerations, such as the public accountability of
the auditee and the visibility and sensitivity of government programs,
activities, and functions.
.05:
The term "materiality" can have several meanings. In planning and
performing the audit, the auditor uses the following terms that relate
to materiality:
* Planning materiality is a preliminary estimate of materiality, in
relation to the financial statements taken as a whole, used to
determine the nature, timing, and extent of substantive audit
procedures and to identify significant laws and regulations for
compliance testing.
* Design Materiality is the portion of planning materiality that has
been allocated to line items, accounts, or classes of transactions
(such as disbursements). This amount will be the same for all line
items or accounts (except for certain intragovernmental or offsetting
balances as discussed in paragraph 230.10).
* Test materiality is the materiality actually used by the auditor in
testing a specific line item, account, or class of transactions. Based
on the auditor's judgment, test materiality can be equal to or less
than design materiality, as discussed in paragraph 230.13. Test
materiality may be different for different line items or accounts.
.06:
The following other uses of the term "materiality" relate principally
to the reporting phase:
* Disclosure materiality is the threshold for determining whether an
item should be reported or presented separately in the financial
statements or in the related notes. This value may differ from
planning materiality.
* FMFIA materiality is the threshold for determining whether a matter
meets OMB criteria for reporting matters under FMFIA as described in
paragraphs 580.35-.37.
* Reporting materiality is the threshold for determining whether an
unqualified opinion can be issued. In the reporting phase, the auditor
considers whether unadjusted misstatements are quantitatively or
qualitatively material. If considered to be material, the auditor would
be precluded from issuing an unqualified opinion on the financial
statements. See section 540.
Unless otherwise specified, such as through using the terms above, the
term "materiality" in this manual refers to the overall financial
statement materiality as defined in paragraph 230.01.
.07:
The following guidelines provide the auditor with a framework for
determining planning materiality. However, this framework is not a
substitute for professional judgment. The auditor has the flexibility
to determine planning materiality outside of these guidelines. In such
circumstances, the Audit Director should discuss the basis for the
determination with the Reviewer. The planning materiality selected and
method of determining planning materiality should be documented and
approved by the Audit Director.
.08:
The auditor should estimate planning materiality in relation to the
element of the financial statements that is most significant to the
primary users of the statements (the materiality base). The auditor
uses judgment in determining the appropriate element of the financial
statements to use as the materiality base. Also, since the materiality
base normally is based on unaudited preliminary information determined
in the planning phase, the auditor usually has to estimate the year-end
balance of the materiality base. To provide reasonable assurance that
sufficient audit procedures are performed, any estimate of the
materiality base should use the low end of the range of estimated
materiality so that sufficient testing is performed.
.09:
For capital-intensive entities, total assets may be an appropriate
materiality base. For expenditure-intensive entities, total expenses
may be an appropriate materiality base. Based on these concepts, the
materiality base generally should be the greater of total assets or
expenses (net of adjustments for intragovernmental balances and
offsetting balances). (See discussion of these adjustments in next
paragraph.) Other materiality bases that might be considered include
total liabilities, equity, revenues, and net cost to the government
(appropriations).
.10:
In considering a materiality base, the auditor should consider how to
handle significant intragovernmental balances (such as funds with the
U.S. Treasury, U.S. Treasury securities, and interentity balances) and
offsetting balances (such as future funding sources that offset certain
liabilities and collections that are offset by transfers to other
government entities). The auditor should establish a separate
materiality base for significant intragovernmental or offsetting
balances because combining all accounts may improperly distort the
nature, timing, and extent of audit procedures. For example, an entity
that collects and remits funds on behalf of other federal entities
could have operating accounts that are small in comparison to the funds
processed on behalf of other entities. In this example, the auditor
would compute separate planning materiality for auditing (1) the
offsetting accounts, using the balance of the offsetting accounts as
the materiality base and (2) the rest of the financial statements using
the materiality base guidance in paragraph 230.09.
.11:
Planning materiality generally should be 3 percent of the materiality
base. Although a mechanical means might be used to compute planning
materiality, the auditor should use judgment in evaluating whether the
computed level is appropriate. The auditor also should consider
adjusting the materiality base for the impact of such items as
unrecorded liabilities, contingencies, and other items that are not
incorporated in the entity's financial statements (and not reflected in
the materiality base) but that may be important to the financial
statement user.
.12:
Design materiality for the audit should be one-third of planning
materiality to allow for the precision of audit procedures. This
guideline recognizes that misstatements may occur throughout the
entity's various accounts. The design materiality represents the
materiality used as a starting point to design audit procedures for
line items or accounts so that an aggregate material misstatement in
the financial statements will be detected, for a given level of audit
assurance (discussed in paragraph 260.04).
.13:
Generally, the test materiality used for a specific test is the same as
the design materiality. However, the auditor may use a test materiality
lower than the design materiality for substantive testing of specific
line items and assertions (which increases the extent of testing) when:
* the audit is being performed at some, but not all, entity locations
(requiring increased audit assurance for those locations visited - see
section 285);
* the area tested is deemed to be sensitive to the financial statement
users; or:
* the auditor expects to find a significant amount of misstatements.
[Footnote 1]
235: Identify Significant Line Items, Accounts, Assertions, and RSSI:
.01:
The auditor should identify significant line items and accounts in the
financial statements and significant related financial statement
assertions. The auditor should also identify significant RSSI.[Footnote
2] In the internal control and testing phases, the auditor performs
control and substantive tests for each significant assertion for each
significant account. By identifying significant line items, accounts,
and the related assertions early in the planning process, the auditor
is more likely to design efficient audit procedures. Some insignificant
line items, accounts, and assertions may not warrant substantive audit
tests to the extent that they are not significant in the aggregate.
However, some line items and accounts with zero or unusual balances may
warrant testing, especially with regard to the completeness assertion.
.02:
Financial statement assertions, as defined by AU 326, are management
representations that are embodied in financial statement components.
Most of the auditor's work in forming an opinion on financial
statements consists of obtaining and evaluating evidential matter
concerning the assertions in such financial statements. The assertions
can be either explicit or implicit and can be classified into the
following broad categories:
* Existence or occurrence: An entity's assets or liabilities exist at a
given date, and recorded transactions have occurred during a given
period.
* Completeness: All transactions and accounts that should be presented
in the financial statements are so included.
* Rights and obligations: Assets are the rights of the entity, and
liabilities are the obligations of the entity at a given date.
* Valuation or allocation: Asset, liability, revenue, and expense
components have been included in the financial statements at
appropriate amounts.
* Presentation and disclosure: The particular components of the
financial statements are properly classified, described, and disclosed.
.03:
A line item or an account in the financial statements or RSSI should be
considered significant if it has one or more of the following
characteristics:
* Its balance is material (exceeds design materiality) or comprises a
significant portion of a material financial statement or RSSI amount.
* A high combined risk (inherent and control risk, as discussed in
paragraph 260.02) of material misstatement (either overstatement or
understatement) is associated with one or more assertions relating to
the line item or account. For example, a zero or unusually small
balance account may have a high risk of material understatement.
* Special audit concerns, such as regulatory requirements, warrant
added consideration.
The auditor should determine that any accounts considered insignificant
are not significant in the aggregate.
.04:
An assertion is significant if misstatements in the assertion could
exceed test materiality for the related line item, account, or
disclosure. Certain assertions for a specific line item or account,
such as completeness and disclosure, could be significant even though
the recorded balance of the related line item or account is not
material. For example, (1) the completeness assertion could be
significant for an accrued payroll account with a high combined risk of
material understatement even if its recorded balance is zero and (2)
the disclosure assertion could be significant for a contingent
liability even if no amount is recordable.
.05:
Assertions are likely to vary in degree of significance, and some
assertions may be insignificant or irrelevant for a given line item or
account. For example:
* The completeness assertion for liabilities may be of greater
significance than the existence assertion for liabilities.
* All assertions related to an account that is not significant (as
defined in paragraph 235.03) are considered to be insignificant.
The rights and obligations assertion for a revenue or expense account
is irrelevant.
.06: Significant line items, accounts, and assertions should be
identified in the Account Risk Analysis (ARA) or other appropriate
audit planning workpapers.
240: Identify Significant Cycles, Accounting Applications, and
Financial Management Systems:
.01:
In the internal control phase, the auditor evaluates controls for each
significant cycle and accounting application and determines whether
significant financial management systems substantially comply with
federal financial management systems requirements, federal accounting
standards, and the SGL at the transaction level. A cycle or an
accounting application should be considered significant if it processes
an amount of transactions in excess of design materiality or if it
supports a significant account balance in the financial statements or
significant RSSI. A financial management system generally consists of
one or more accounting applications. If one or more of the accounting
applications making up a financial management system are considered
significant, then that financial management system generally should be
considered significant for determining whether the system substantially
complies with FFMIA requirements. The auditor may identify other
cycles, accounting applications, or financial management systems as
significant based on qualitative considerations. For example, financial
management systems covered by FFMIA include not only systems involved
in processing financial transactions and preparing financial
statements, but also systems supporting financial planning, management
reporting, or budgeting activities, systems accumulating and reporting
cost information, and the financial portion of mixed systems, such as
benefit payment, logistics, personnel, and acquisition systems.
.02:
The entity's accounting system may be viewed as consisting of logical
groupings of related transactions and activities, or accounting
applications. Each significant line item/account is affected by input
from one or more accounting applications (sources of debits or
credits). Related accounting applications may be grouped into cycles by
the auditor and into financial management systems by the entity.
Accounting applications are classified as (1) transaction-related or
(2) line item/account-related.
.03:
A transaction-related accounting application consists of the methods
and records established to identify, assemble, analyze, classify, and
record (in the general ledger) a particular type of transaction.
Typical transaction-related accounting applications include billing,
cash receipts, purchasing, cash disbursements, and payroll. A line
item/account-related accounting application consists of the methods and
records established to report an entity's recorded transactions and to
maintain accountability for related assets and liabilities. Typical
line item/account-related accounting applications include cash
balances, accounts receivable, inventory control, property and
equipment, and accounts payable.
.04:
Within a given entity, there may be several examples of each accounting
application. For example, a different billing application may exist for
each program that uses a billing process. Accounting applications that
process a related group of transactions and accounts comprise cycles.
For instance, the billing, returns, cash receipts, and accounts
receivable accounting applications might be grouped to form the revenue
cycle. Similarly, related accounting applications also comprise
financial management systems.
.05:
For each significant line item and account, the auditor should use the
Account Risk Analysis form (ARA) (see section 395 I) or an equivalent
workpaper to document the significant transaction cycles (such as
revenue, purchasing, and production) and the specific significant
accounting applications that affect these significant line items and
accounts. For example, the auditor might determine that billing,
returns, cash receipts, and accounts receivable are significant
accounting applications that affect accounts receivable (a significant
line item). The Account Risk Analysis form provides a convenient way
for documenting the specific risks of misstatement for significant line
items for consideration in determining the nature, timing, and extent
of audit procedures. If an equivalent workpaper is used, rather than
the ARA, it should document the information discussed in section 395 I.
.06:
Related accounting applications may be grouped into cycles to aid in
preparing workpapers. This helps the auditor design audit procedures
that are both efficient and relevant to the reporting objectives. The
auditor may document insignificant accounts in each line item on the
ARA or equivalent, indicating their insignificance and consequent lack
of audit procedures applied to them. In such instances, the cycle
matrix may not be necessary. Otherwise, the auditor should prepare a
cycle matrix or equivalent document that links each of the entity's
accounts (in the chart of accounts) to a cycle, an accounting
application, and a financial statement or RSSI line item.
.07:
Based on discussions with entity personnel, the auditor should
determine the accounting application that is the best source of the
financial statement information. When a significant line item has more
than one source of financial data, the auditor should consider the
various sources and determine which is best for financial audit
purposes. The auditor needs to consider the likelihood of misstatement
and auditability in choosing the source to use. For audit purposes, the
best source of financial information sometimes may be operational
information prepared outside the accounting system.
.08:
Once the significant accounting applications are identified, the
auditor determines which computer systems are involved in those
applications. Those particular computer systems are then considered in
assessing computer-related controls using an appropriate methodology.
.09:
An appropriate methodology would require the auditor to obtain
sufficient knowledge of the information system relevant to financial
reporting to understand the accounting processing from initiation of a
transaction to its inclusion in the financial statements, including
electronic means used to transmit, process, maintain, and access
information (see AU 319.49, SAS 94). AU 319.61 requires documentation
of this understanding. OMB audit guidance notes that the components of
internal control include general and application controls. General
controls are the entitywide security management program, access
control, application software development and change control, system
software control, segregation of duties, and service continuity
control. Application controls are authorization control, completeness
control, accuracy control, and control over integrity of processing and
data files. OMB audit guidance also requires that, for controls that
have been properly designed and placed in operation, the auditor shall
perform sufficient tests to support a low assessed level of control
risk. The auditor should document the basis for believing that the
methodology used is appropriate to satisfy these requirements for
assessing general and application controls. The GAO Federal Information
System Controls Audit Manual (FISCAM) is designed to meet these
requirements. See section 295 J for a flowchart of steps generally
followed in assessing information system controls in a financial
statement audit. IS security controls are also addressed in OMB
Circular A-130, Management of Federal Information Resources, in the
National Institute of Standards and Technology's An Introduction to
Computer Security: The NIST Handbook, and in other publications.
245: Identify Significant Provisions of Laws and Regulations:
.01:
To design relevant compliance-related audit procedures, the auditor
identifies the significant provisions of laws and regulations. To aid
the auditor in this process, this manual classifies provisions of laws
and regulations into the following categories:
* Transaction-based provisions are those for which compliance is
determined on individual transactions. For example, the Prompt Payment
Act requires that late payments be individually identified and interest
paid on such late payments.
* Quantitative-based provisions are those that require the accumulation/
summarization of quantitative information for measurement. These
provisions may contain minimum, maximum, or targeted amounts
(restrictions) for the accumulated/summarized information. For
example, the Comprehensive Environmental Response, Compensation, and
Liability Act of 1980 prohibits the Environmental Protection Agency
from exceeding certain spending limits on specific projects.
* Procedural-based provisions are those that require the entity to
implement policies or procedures to achieve certain objectives. For
example, the Single Audit Act, as amended, requires the awarding entity
to review certain financial information on awardees.
.02:
The auditor should identify the significant provisions of laws and
regulations. For each significant provision, the auditor should study
and evaluate related compliance controls and should test compliance
with the provision. To identify such significant provisions, the
auditor should take these steps:
a. The auditor should review the lists of laws and regulations that OMB
and the entity have determined might be significant to others. The OMB
list is provided in an appendix of OMB's audit guidance and is included
in section 295 H. The entity is expected to develop a list that, for
CFO Act agencies and components listed in OMB audit guidance, should
include laws and regulations in OMB audit guidance, whether or not they
are material to the entity, because they have been determined to be
material to the consolidated financial statements of the United States
Government. In addition, the auditor should identify (with OGC
assistance) any laws or regulations (in addition to those identified by
OMB and the entity) that have a direct effect on determining amounts in
the financial statements. The meaning of direct effect is discussed
below in paragraph 245.03.
b. For each such law or regulation, the auditor should identify those
provisions that are significant. A provision should be considered
significant if (1) compliance with the provision can be measured
objectively and (2) it meets one of the following criteria for
determining that the provision has a material effect on determining
financial statement amounts:
* Transaction-based provisions: Transactions processed by the entity
that are subject to the provision exceed planning materiality in the
aggregate.
* Quantitative-based provisions: The quantitative information required
by the provision or by established restrictions exceeds planning
materiality.
* Procedural-based provisions: The provision broadly affects all or a
segment of the entity's operations that process transactions exceeding
planning materiality in the aggregate. For example, a provision may
require that the entity establish procedures to monitor the receipt of
certain information from grantees; in determining whether to test
compliance with this provision, the auditor should consider whether the
total amount of money granted exceeded planning materiality.
.03: A direct effect means that the provision specifies:
* the nature and/or dollar amount of transactions that may be incurred
(such as obligation, outlay, or borrowing restrictions),
* the method used to record such transactions (such as revenue
recognition policies), or:
* the nature and extent of information to be reported or disclosed in the
annual financial statements (such as the statement of budgetary
resources).
For example, entity-enabling legislation may contain provisions that
limit the nature and amount of obligations or outlays and therefore
have a direct effect on determining amounts in the financial
statements. If a provision's effect on the financial statements is
limited to contingent liabilities as a result of noncompliance
(typically for fines, penalties, and interest), such a provision does
not have a direct effect on determining financial statement amounts.
Laws identified by the auditor that have a direct effect might include
(1) new laws and regulations (not yet reflected on OMB's list) and (2)
entity-specific laws and regulations. The concept of direct effect is
discussed in AU 801 (SAS 74) and AU 317.
.04:
In contrast, indirect laws relate more to the entity's operating
aspects than to its financial and accounting aspects, and their
financial statement effect is indirect. In other words, their effect
may be limited to recording or disclosing liabilities arising from
noncompliance. Examples of indirect laws and regulations include those
related to environmental protection and occupational safety and health.
.05:
The auditor is not responsible for testing compliance controls over or
compliance with any indirect laws and regulations not otherwise
identified by OMB or the entity (see paragraph 245.02.a.). However, as
discussed in AU 317, the auditor should make inquiries of management
regarding policies and procedures for the prevention of noncompliance
with indirect laws and regulations. Unless possible instances of
noncompliance with indirect laws or regulations come to the auditor's
attention during the audit, no further procedures with respect to
indirect laws and regulations are necessary.
.06:
The auditor may elect to test compliance with indirect laws and
regulations. For example, if the auditor becomes aware that the entity
has operations similar to those of another entity that was recently in
noncompliance with environmental laws and regulations, the auditor may
elect to test compliance with such laws and regulations. The auditor
may also elect to test provisions of direct laws and regulations that
do not meet the materiality criteria in paragraph 245.02.b. but that
are deemed significant, such as laws and regulations that have
generated significant interest by the Congress, the media, or the
public.
.07:
The significant provisions identified by the above procedures are
intended to include provisions of all laws and regulations that have a
direct and material effect on the determining of financial statement
amounts and therefore comply with GAGAS, AU 801 (SAS 74), and OMB audit
guidance.
.08:
In considering regulations to test for compliance, the auditor should
consider externally imposed requirements issued pursuant to the
Administrative Procedures Act, which has a defined due process. This
would include regulations in the Code of Federal Regulations, but would
not include OMB circulars and bulletins. Such circulars and bulletins
generally implement laws, and the provisions of the laws themselves
could be considered for compliance testing. Internal policies, manuals,
and directives may be the basis for internal controls, but are not
regulations to consider for testing for compliance.
250: Identify Relevant Budget Restrictions:
.01: To evaluate budget controls (see section 295 G) and to design
compliance-related audit procedures relevant to budget restrictions,
the auditor should understand the following information (which may be
obtained from the entity or OGC):
* the Antideficiency Act (title 31 of the U.S. Code, sections 1341,
1342, 1349-1351, 1511-1519);
* the Purpose Statute (title 31 of the U.S. Code, section 1301);
* the Time Statute (title 31 of the U.S. Code, section 1502);
* OMB Circular A-34;
* title 7 of the GAO Policy and Procedures Manual for Guidance of Federal
Agencies;
* the Impoundment Control Act; and:
* the Federal Credit Reform Act of 1990.
.02: The auditor should read the following information relating to the
entity's appropriation (or other budget authority) for the period of
audit interest:
* authorizing legislation;
* enabling legislation and amendments;
* appropriation legislation and supplemental appropriation legislation;
* apportionments and budget execution reports (including OMB forms 132
and 133 and supporting documentation);
* Impoundment Control Act reports regarding rescissions and deferrals,
if any;
* the system of funds control document approved by OMB; and:
* any other information deemed by the auditor to be relevant to
understanding the entity's budget authority, such as legislative
history contained in committee reports or conference reports.
Although legislative histories are not legally binding, they may help
the auditor understand the political environment surrounding the entity
(i.e., why the entity has undertaken certain activities and the
objectives of these activities).
.03: Through discussions with OGC and the entity and by using the above
information, the auditor should identify all legally binding
restrictions on the entity's use of appropriated funds that are
relevant to budget execution, such as restrictions on the amount,
purpose, or timing of obligations and outlays ("relevant budget
restrictions"). Additionally, the auditor should consider any legally
binding restrictions that the entity has established in its fund
control regulations, such as lowering the legally binding level for
compliance with the Antideficiency Act to the allotment level.
.04:
The auditor should obtain an understanding of the implications if the
entity were to violate these relevant budget restrictions. In the
internal control phase, the auditor identifies and tests the entity's
controls to prevent or detect noncompliance with these relevant
restrictions. The auditor may elect to evaluate controls over budget
restrictions that are not legally binding but that may be considered
sensitive or otherwise important.
.05:
During these discussions with OGC and the entity, the auditor should
determine whether any of these relevant budget restrictions relate to
significant provisions of laws and regulations for purposes of testing
compliance.
.06:
For those entities that do not receive appropriated funds, the auditor
should identify budget-related requirements that are legally binding on
the entity. These requirements, if any, are usually found in the
legislation that created the entity or its programs (such as the
authorizing and enabling legislation) as well as any subsequent
amendments. Although budget information on these entities may be
included in the President's budget submitted to the Congress, this
information usually is not legally binding. In general, certain budget-
related restrictions (such as the Antideficiency Act) apply to
government corporations but not to government-sponsored enterprises.
Regardless, the auditor should consider the entity's budget formulation
and execution as part of the control environment, as discussed in
section 260.
260: IDENTIFY RISK FACTORS:
.01:
The auditor's consideration of inherent risk, fraud risk, control
environment, risk assessment, communication, and monitoring (parts of
internal control) affects the nature, timing, and extent of substantive
and control tests. This section describes (1) the impact of risk
factors identified during this consideration on substantive and control
tests, (2) the process for identifying these risk factors, and (3) the
auditor's consideration of the entity's process for reporting under
FMFIA (both for internal control (section 2 of FMFIA) and for financial
management systems' conformance with system requirements (section 4 of
FMFIA)) and for formulating the budget.
IMPACT ON SUBSTANTIVE TESTING:
.02:
AU 312 provides guidance on the consideration of audit risk and defines
"audit risk" as the risk that the auditor may unknowingly fail to
appropriately modify an opinion on financial statements that are
materially misstated. Audit risk can be thought of in terms of the
following three component risks:
* Inherent risk is the susceptibility of an assertion to a material
misstatement, assuming that there are no related internal controls.
* Control risk is the risk that a material misstatement that could occur
in an assertion will not be prevented or detected and corrected on a
timely basis by the entity's internal control. Internal control
consists of five components: (1) the control environment, (2) risk
assessment, (3) monitoring, (4) information and communication, and (5)
control activities (defined in paragraph 260.08 below). This section
will discuss the first three of the components and communication and
section 300 (Internal Control Phase) will discuss the information
systems and control activities.
* Detection risk is the risk that the auditor will not detect a material
misstatement that exists in an assertion.
AU 316 (SAS 82) requires the auditor to consider fraud risk, which is a
part of audit risk, making up a portion of inherent and control risk.
Fraud risk consists of the risk of fraudulent financial reporting and
the risk of misappropriation of assets that cause a material
misstatement of the financial statements. The auditor should
specifically consider and document the risk of material misstatements
of the financial statements due to fraud and keep in mind the
consideration of fraud risk in designing audit procedures. Considering
the risk of material fraud generally should be done concurrently with
the consideration of inherent and control risk, but it should be a
separate conclusion. The auditor also should consider the risk of fraud
throughout the audit. Section 290 includes documentation requirements
for the consideration of fraud risk.
.03:
Based on the level of audit risk and an assessment of the entity's
inherent and control risk, including the consideration of fraud risk,
the auditor determines the nature, timing, and extent of substantive
audit procedures necessary to achieve the resultant detection risk. For
example, in response to a high level of inherent and control risk, the
auditor may perform:
* additional audit procedures that provide more competent evidential
matter (nature of procedures);
* substantive tests at or closer to the financial statement date (timing
of procedures); or:
* more extensive substantive tests (extent of procedures), as discussed
in section 295 E.
.04:
Audit assurance is the complement of audit risk. The auditor can
determine the level of audit assurance obtained by subtracting the
audit risk from 1. (Assurance equals 1 minus risk).[Footnote 3] AU
350.48 uses 5 percent as the allowable audit risk in explaining the
audit risk model (95 percent audit assurance). The audit organization
should determine the level of assurance to use, which may vary between
audits based on risk. GAO auditors should use 95 percent. In other
words, the GAO auditor, in order to provide an opinion, should design
the audit to achieve at least 95 percent audit assurance that the
financial statements are not materially misstated (5 percent audit
risk). Section 470 provides guidance to the auditor on how to combine
(1) the assessment of inherent and control risk (including fraud risk)
and (2) substantive tests to achieve the audit assurance required by
the audit organization.
.05:
The auditor may consider it necessary to achieve increased audit
assurance if the entity is politically sensitive or if the Congress has
expressed concerns about the entity's financial reporting. In this
case, the level of audit assurance should be approved by the Reviewer.
RELATIONSHIP TO CONTROL ASSESSMENT:
.06:
Internal control, as identified in AU 319 (SAS 55 amended by SAS 78),
is a process--effected by an entity's governing body, management, and
other personnel--designed to provide reasonable assurance regarding the
achievement of objectives in the following categories (OMB audit
guidance expands the category definitions as noted):[Footnote 4]
* Reliability of financial reporting--transactions are properly
recorded, processed, and summarized to permit the preparation of the
financial statements and RSSI in accordance with generally accepted
accounting principles, and assets are safeguarded against loss from
unauthorized acquisition, use, or disposition. (Note that safeguarding
controls (see paragraphs 310.02-.04) are considered as part of
financial reporting controls, although they are also operations
controls.):
* Compliance with applicable laws and regulations--transactions are
executed in accordance with (a) laws governing the use of budget
authority and other laws and regulations that could have a direct and
material effect on the financial statements or RSSI, and (b) any other
laws, regulations, and governmentwide policies identified by OMB in its
audit guidance. (Note that budget controls are part of financial
reporting controls as they relate to the statements of budgetary
resources and of financing, but that they are also part of compliance
controls in that they are used to manage and control the use of
appropriated funds and other forms of budget authority in accordance
with applicable law. These controls are described in more detail in
section 295 G.):
* Effectiveness and efficiency of operations. These controls include
policies and procedures to carry out organizational objectives, such as
planning, productivity, programmatic, quality, economy, efficiency,
and effectiveness objectives. Management uses these controls to provide
reasonable assurance that the entity (1) achieves its mission,
(2) maintains quality standards, and (3) does what management directs
it to do. (Note that performance measures controls (those designed to
provide reasonable assurance about reliability of performance
reporting--transactions and other data that support reported
performance measures are properly recorded, processed, and summarized
to permit the preparation of performance information in accordance with
criteria stated by management) are included in operations controls.):
.07:
Some control policies and procedures belong in more than one category
of control. For example, financial reporting controls include controls
over the completeness and accuracy of inventory records. Such controls
are also necessary to provide complete and accurate inventory records
to allow management to analyze and monitor inventory levels to better
control operations and make procurement decisions (operations
controls).
.08:
The five components of internal control relate to objectives that an
entity strives to achieve in each of the three categories: financial
reporting (including safeguarding), compliance, and operations
(including performance measures) controls. The components are defined
in AU 319 as:
* The control environment sets the tone of an organization, influencing
the control consciousness of its people. It is the foundation for all
other components of internal control, providing discipline and
structure.
* Risk assessment is the entity's identification and analysis of
relevant risks to achievement of its objectives, forming a basis for
determining how the risks should be managed.
* Information and communication are the identification, capture, and
exchange of information in a form and time frame that enable employees
to carry out their responsibilities.
* Monitoring is a process that assesses the quality of internal control
performance over time.
* Control activities are the policies and procedures that help ensure
that management directives are carried out.
PROCESS FOR IDENTIFYING RISK FACTORS:
.09: In the planning phase, the auditor should (1) identify conditions
that significantly increase inherent, fraud, and control risk (based on
identified control environment, risk assessment, communication, or
monitoring weaknesses) and (2) conclude whether any identified control
risks preclude the effectiveness of specific control activities in
significant applications. The auditor identifies specific inherent
risks, fraud risks, and control environment, risk assessment,
communication, and monitoring weaknesses based on information obtained
earlier in the planning phase, primarily from understanding the
entity's operations and preliminary analytical procedures. The auditor
considers factors such as those listed in paragraphs 260.16-.51 in
identifying such risks and weaknesses. These factors are general in
nature and require the auditor's judgment in determining (1) the extent
of procedures (testing) to identify the risks and weaknesses and (2)
the impact of such risks and weaknesses on the entity and its financial
statements. Because this risk consideration requires the exercise of
significant audit judgment, it should be performed by experienced audit
team personnel.
.10:
The auditor considers the implications of these risk factors on related
operations controls. For example, inherent risk may be associated with
a material liability for loan guarantees because it is subject to
significant management judgment. In light of this inherent risk, the
entity should have strong operations controls to monitor the entity's
exposure to losses from loan guarantees. Potential weaknesses in such
operations controls could significantly affect the ultimate program
cost. Therefore, the need for operations controls in a particular area
or the awareness of operations control weaknesses related to these risk
factors should be identified and considered for further review, as
discussed in section 275.
.11:
Specific conditions that may indicate inherent or fraud risks or
control environment, risk assessment, communication, or monitoring
weaknesses are provided in sections 295 A and 295 B, respectively.
These sections are designed to aid the auditor in identifying these
risks and weaknesses but are not intended to be all inclusive. The
auditor should consider any other factors and conditions deemed
relevant.
.12:
The auditor identifies and documents any significant risk factors after
considering (1) his/her knowledge of the entity (obtained in previous
steps in the planning phase); (2) the risk factors discussed in
paragraphs 260.16-.51 and in sections 295 A and 295 B; and (3) other
relevant factors. These risks and weaknesses and their impact on
proposed audit procedures should be documented on the General Risk
Analysis (GRA) or equivalent (see section 290). The auditor also should
summarize and document any account-specific risks on the Account Risk
Analysis (ARA) or equivalent (see sections 290 and 395 I).
.13:
For each risk factor identified, the auditor documents the nature and
extent of the risk or weakness; the condition(s) that gave rise to that
risk or weakness; and the specific cycles, accounts, line items, and
related assertions affected (if not pervasive). For example, the
auditor may identify a significant risk that the valuation of the net
receivables line item could contain a material misstatement due to (1)
the materiality of the receivables and potential allowance, (2) the
subjectivity of management's judgment related to the loss allowance
(inherent risk), and (3) management's history of aggressively
challenging any proposed adjustments to the valuation of the
receivables (control environment weakness). The auditor should also
document other considerations that may mitigate the effects of
identified risks and weaknesses. For example, the use of a lock box (a
control activity) may mitigate inherent risks associated with the
completeness of cash receipts.
.14:
The auditor also should document, in the GRA or equivalent, the overall
effectiveness of the control environment, risk assessment,
communication, and monitoring, including whether weaknesses preclude
the effectiveness of specific control activities. The focus should be
on management's overall attitude, awareness, and actions, rather than
on specific conditions related to a control environment, risk
assessment, communication, or monitoring factor. This assessment will
be considered when determining the control risk associated with the
entity.
.15:
In assessing the control environment, risk assessment, communication,
and monitoring, the auditor should specifically assess the quality of
the entity's process for compliance with FMFIA (see paragraphs 260.43-
.47) and should obtain an overall understanding of the budget
formulation process (see paragraph 260.51).
INHERENT RISK FACTORS:
.16:
Inherent risk factors incorporate characteristics of an entity, a
transaction, or account that exist due to:
* the nature of the entity's programs,
* the prior history of audit adjustments, or:
* the nature of material transactions and accounts.
The assessment of inherent risk generally should be limited to
significant programs, transactions, or accounts. For each factor listed
below, section 295 A lists conditions that may indicate inherent risk.
a. Nature of the entity's programs: The mission/business of an entity
includes the implementation of various programs or services. The
characteristics of these programs or services affect the entity's
susceptibility to errors and fraud and sensitivity to changes in
economic conditions. For example, student loan guarantee programs may
be more susceptible to errors and fraud because of loans issued and
serviced by third parties.
b. Prior history of significant audit adjustments: Significant audit
adjustments identified in previous financial statement audits or other
audits often identify problem areas that may result in financial
statement misstatements. For example, the prior year's audit may have
identified the necessity for recording a contingent liability as the
result of certain economic conditions. The auditor could then focus on:
* determining whether similar conditions continue to exist;
* understanding management's response to such conditions (including
implementation of controls), if any; and:
* assessing the nature and extent of the related inherent risk.
c. Nature of material transactions and accounts: The nature of an
entity's transactions and accounts has a direct relation to the risk of
errors or fraud. For example, accounts involving subjective management
judgments, such as loss allowances, are usually of higher risk than
those involving objective determinations.
INFORMATION SYSTEMS (IS) EFFECTS ON INHERENT RISK:
Information systems (IS) do not affect the audit objectives for an
account or a cycle. However, IS can introduce inherent risk factors not
present in a manual accounting system. The auditor should (1) consider
each of the following IS factors and (2) assess the overall impact of
IS processing on inherent risk. The impact of these factors typically
will be pervasive in nature. An IS auditor may assist the auditor in
considering these factors and making this assessment. More detail on
assessing IS controls in a financial statement audit is available in
FISCAM, and a flowchart of the steps to follow is in section 295 J.
a. Uniform processing of transactions: Because IS process groups of
identical transactions consistently, any misstatements arising from
erroneous computer programming will occur consistently in similar
transactions. However, the possibility of random processing errors is
reduced substantially in computer-based information systems.
b. Automatic processing: The information system may automatically
initiate transactions or perform processing functions. Evidence of
these processing steps (and any related controls) may or may not be
visible.
c. Increased potential for undetected misstatements: Computers use and
store information in electronic form and require less human involvement
in processing. This increases the potential for individuals to gain
unauthorized access to sensitive information and to alter data without
visible evidence. Due to the electronic form, changes to computer
programs and data are not readily detectible. Also, users may be less
likely to challenge the reliability of computer output than manual
reports.
d. Existence, completeness, and volume of the audit trail: The audit
trail is the evidence that demonstrates how a specific transaction was
initiated, processed, and summarized. For example, the audit trail for
a purchase could include a purchase order, a receiving report, an
invoice, invoice register (purchases summarized by day, month, and/or
account), and general ledger postings from the invoice register. Some
computerized financial management systems are designed so that the
audit trail exists for only a short period (such as in on-line
systems), only in an electronic format, or only in summary form. Also,
the information generated may be too voluminous to allow effective
manual review. For example, one posting to the general ledger may
result from the computer summarization of information from hundreds of
locations.
e. Nature of the hardware and software used in IS: The nature of the
hardware and software can affect inherent risk, as illustrated below:
* The type of computer processing (on-line, batch-oriented, or
distributed) presents different levels of inherent risk. For example,
the inherent risk of unauthorized transactions and data entry errors
may be greater for on-line processing than for batch-oriented
processing.
* Peripheral access devices or system interfaces can increase inherent
risk. For example, Internet and dial-up access to a system increases
the system's accessibility to additional persons and therefore
increases the risk of unauthorized access to computer resources.
* Distributed networks enable multiple computer processing units to
communicate with each other, increasing the risk of unauthorized access
to computer resources and possible data alteration. On the other hand,
distributed networks may decrease the risk of conflicting computerized
data between multiple processing units.
* Applications software developed in-house may have higher inherent risk
than vendor-supplied software that has been thoroughly tested and is in
general commercial use.
f. Unusual or nonroutine transactions: As with manual systems, unusual
or nonroutine transactions increase inherent risk. Programs developed
to process such transactions may not be subject to the same procedures
as programs developed to process routine transactions. For example, the
entity may use a utility program to extract specified information in
support of a nonroutine management decision.
FRAUD RISK FACTORS:
.18:
The auditor is concerned with fraud that causes a material misstatement
of the financial statements. Fraud is distinguished from error in that
the action causing the misstatement in fraud is intentional. Two types
of misstatements are relevant in the auditor's consideration of fraud
in a financial statement audit--misstatements arising from fraudulent
financial reporting and misstatements arising from misappropriation of
assets.
.19:
Misstatements arising from fraudulent financial reporting are
intentional misstatements or omissions of amounts or disclosures in
financial statements to deceive financial statement users.
Misstatements arising from misappropriation of assets involve the theft
of an entity's assets causing the financial statements not to be
presented in conformity with GAAP.
.20:
Both types of fraud usually involve a pressure or incentive to commit
fraud and a perceived opportunity to do so. Many experts believe that
fraud requires that both be present. Fraud may be concealed through
falsified documentation. In a financial statement audit, the auditor
does not have a responsibility to authenticate documents. Fraud also
may involve collusion, which may cause evidence to appear persuasive
when it is not. Although fraud is usually concealed, the presence of
risk factors or other conditions may alert the auditor to a possibility
of fraud. For example, documents may be missing or records out of
balance. However, these conditions may be the result of errors rather
than fraud.
Identification of Fraud Risk Factors:
.21:
The auditor should specifically consider and document the risk of
material misstatement of the financial statements due to fraud and keep
the consideration in mind in designing audit procedures. Considering
the risk of material fraud generally should be done concurrently with
the consideration of inherent and control risk, but it should result in
specific identification of fraud risk factors that are present and the
auditor's response to the factors. Although fraud risk factors do not
necessarily indicate the presence of fraud, they have often been found
in situations where fraud has occurred.
.22:
As part of the consideration of fraud risk, in addition to obtaining
representations about fraud risk in the management representation
letter (see section 1001), the auditor should inquire of management (a)
to obtain management's understanding regarding the risk of fraud in the
entity and (b) to learn whether management has knowledge of fraud
perpetrated on or within the entity. In addition, if the entity has
established a program to prevent, deter, and detect fraud, the auditor
should ask the fraud prevention program managers whether the program
has identified fraud risk factors.
.23:
Inspectors general often report numerous cases of fraud and have
significant experience in this area. The auditor should obtain
information about instances of fraud identified by the IG, ask the
Special Investigator Unit to summarize how cases of reported fraud were
committed, and ask management whether controls have been strengthened,
to consider whether there is a risk of material fraud.
.24:
Fraud risk factors that relate to misstatements arising from fraudulent
financial reporting may be grouped in three categories as follows:
* Industry conditions. These factors involve the economic and regulatory
environment in which the entity operates.
* Operating characteristics and financial stability. These factors
pertain to the nature and complexity of the entity and its
transactions, the entity's financial condition, and its profitability.
* Management's characteristics and influence over the control
environment. These factors pertain to management's abilities,
pressures, style, and attitude relating to internal control and the
financial reporting process.
The first two of these categories contain factors that are also
inherent risk factors mentioned in the earlier paragraphs of this
section and the third category contains factors that are also control
risk factors as discussed in subsequent paragraphs. Examples of fraud
risk factors in each of these three categories in the federal
government are included in sections 295 A and B.
.25: Fraud risk factors that relate to misstatements arising from
misappropriation of assets may be grouped in two categories as follows:
* Susceptibility of assets to misappropriation. These factors pertain to
the nature of an entity's assets and the degree to which they are
subject to theft.
* Controls. These factors involve the lack of controls designed to
prevent or detect misappropriations of assets.
Examples of fraud risk factors in the first of these two categories in
the federal government are also included in section 295 A, and examples
of the second category are included in section 295 B.
.26: It is not necessary for the auditor to search for indications of
financial or other stress on employees that might make them likely to
commit fraud. However, if the auditor becomes aware of such
information, he or she should keep it in mind in considering the risk
of material misstatement due to fraud. Other similar information would
include disgruntled employees, anticipated layoffs, and known unusual
changes in behavior or lifestyle of employees with access to assets
susceptible to misappropriation.
The Auditor's Response to the Fraud Risk Consideration:
.27:
The risk of material misstatement due to fraud always exists to some
degree. The auditor should decide whether the audit procedures already
planned are sufficient to respond to the fraud risk factors found or
whether there is a need to modify the planned audit procedures. If
audit procedures need to be modified, the auditor should decide whether
an overall response is appropriate or whether the response should be
specific to a particular account balance, class of transactions, or
assertion or whether both an overall and a specific response are called
for. If it is not practicable, as part of a financial statement audit,
to modify planned audit procedures sufficiently to address the fraud
risk, the auditor should consider requesting assistance from the
Special Investigator Unit. See section 290 for documentation
re* quirements.
.28:
The auditor may decide that an overall response covering one or more of
the following is appropriate:
* Professional skepticism. Due professional care requires the exercise
of professional skepticism--an attitude that includes a questioning mind
and critical assessment of audit evidence. With an increased risk of
material misstatement due to fraud, professional skepticism may cause
the auditor to examine documentation of a different nature and greater
extent in support of material transactions, or to corroborate
management representations more extensively.
* Assignment of audit personnel. The qualifications and extent of
supervision of personnel assigned on an audit generally should be
commensurate with the level of fraud risk.
* Accounting principles and policies. With a greater risk of material
misstatement due to fraud, the auditor may have a greater concern about
whether management may apply accounting principles and policies in an
inappropriate manner to create a material misstatement of the financial
statements and may need to test more extensively.
* Controls. If increased fraud risk exists because of risk factors that
have control implications, the auditor may have to assess control risk
as high. However, understanding controls in this situation may be even
more important than otherwise. The auditor generally should understand
how controls (or lack thereof) relate to the fraud risk factors, while
noting the extent of management's ability to override controls.
.29: Also in an overall response, the nature, timing, and extent of
procedures related to certain accounts and assertions may be modified
as follows:
* The nature may be changed to obtain more reliable evidence or further
corroboration, such as from independent sources outside the entity. For
example, physical observation of certain assets may become more
important.
* The timing of substantive tests may be closer to or at year end.
* The extent of procedures may involve larger sample sizes or more
extensive analytical procedures.
.30:
The auditor may determine that a specific response is required due to
the types of risk factors identified and the accounts and assertions
that may be affected. Examples of specific responses are in section 295
I.
.31:
The consideration of fraud risk is a cumulative process that should be
ongoing throughout the audit. Fraud risk factors may be identified at
any time during the audit. Also, other conditions may be identified
during fieldwork that change or support a judgment regarding fraud
risk, such as discrepancies in the accounting records, conflicting or
missing evidential matter, or problematic or unusual relationships
between management and the auditor. Thus the auditor should continue to
be aware of the risk of fraud, and at the conclusion of the audit, the
auditor should consider whether the accumulated results of audit
procedures and other observations affect the consideration of the risk
of material misstatement due to fraud. (See section 540.):
CONTROL ENVIRONMENT FACTORS:
.32: As discussed in AU 319 (SAS 55 amended by SAS 78), control environment
risk factors incorporate management's attitude, awareness, and actions
concerning the entity's control environment. These factors include:
* integrity and ethical values,
* commitment to competence,
* management's philosophy and operating style,
* organizational structure,
* assignment of authority and responsibility,
* human resource policies and practices,
* management's control methods over budget formulation and execution,
* management's control methods over compliance with laws and
regulations, and:
* the functioning of oversight bodies (including congressional
committees).
.33: The auditor should obtain sufficient knowledge of the control
environment to determine whether the collective effect of these factors
establishes, enhances, or mitigates the effectiveness of specific
control activities. In making this determination, the auditor should
consider the following factors and their effect on internal control.
For each factor listed below, section 295 B lists conditions that may
indicate control environment weaknesses.
a. Integrity and ethical values: Control effectiveness cannot rise above
the integrity and ethical values of those who create, administer, and
monitor the controls. Integrity and ethical values are essential
elements of the control environment, affecting the design,
administration, and monitoring of the other components. Integrity and
ethical behavior result when the entity and its leaders have high
ethical and behavioral standards and properly communicate them and
reinforce them in practice. The standards include management's actions
to remove or reduce incentives and temptations that might prompt
personnel to engage in dishonest, illegal, or unethical acts. The
communication of entity values and behavioral standards to personnel
takes place through policy statements and codes of conduct and by
example.
b. Commitment to competence: Competence is the knowledge and skills
necessary to accomplish tasks required by an individual's job.
Commitment to competence includes management's consideration of the
competence levels for various jobs and the requisite skills and
knowledge.
c. Management's philosophy and operating style: Management's philosophy
and operating style encompass a broad range of beliefs, concepts, and
attitudes. Such characteristics may include management's approach to
taking and monitoring operational/program risks, attitudes and actions
toward financial reporting, emphasis on meeting financial and operating
goals, and management's attitude toward information processing,
accounting, and personnel.
d. Organizational structure: An entity's organizational structure
provides the overall framework for planning, directing, and controlling
operations. The organizational structure should appropriately assign
authority and responsibility within the entity. An organizational
structure includes the form and nature of an entity's organizational
units, including the data processing organization, and related
management functions and reporting relationships.
e. Assignment of authority and responsibility: An entity's policies or
procedures for assigning authority for operating activities and for
delegating responsibility affect the understanding of established
reporting relationships and responsibilities. This factor includes
policies relating to appropriate business practices, knowledge and
experience of key personnel, and resource allocations. It also includes
policies and communications to ensure that all personnel understand the
entity's objectives, how they contribute to these objectives, and how
and for what they will be held accountable.
f. Human resource policies and practices: Human resource policies and
practices affect an entity's ability to employ sufficient competent and
trustworthy personnel to accomplish its goals and objectives. Such
policies and practices include hiring, training, evaluating, promoting,
compensating, and assisting employees in the performance of their
assigned responsibilities by giving them the necessary resources.
g. Management's control methods over budget formulation and execution:
Management's budget control methods affect the authorized use of
appropriated funds. Budget formulation is discussed in more detail in
paragraph 260.51, and controls over budget execution (budget controls)
are addressed in more detail in section 300.
h. Management's control methods over compliance with laws and
regulations: Such methods have a direct impact on an entity's
compliance with applicable laws and regulations. (Compliance controls
are addressed in more detail in section 300).
i. The functioning of oversight groups: An entity's oversight groups
typically are responsible for overseeing both business activities and
financial reporting. The effectiveness of an oversight group is
influenced by its authority and its role in overseeing the entity's
business activities. In the federal government, oversight groups are
the Congress and the central agencies (OMB, Treasury, GSA, OPM, and
GAO). Within agencies, senior management councils may also have a role
in overseeing operations and programs.
RISK ASSESSMENT FACTORS:
.34: Risk assessment is an entity's internal process for identifying,
analyzing, and managing risks relevant to achieving the objectives of
reliable financial reporting, safeguarding of assets, and compliance
with budget and other laws and regulations. For example, risk
assessment may address how the entity analyzes significant estimates
recorded in the financial statements or how it considers the
possibility of unrecorded transactions. Risks can arise due to both
internal and external circumstances such as:
* changes in the operating or statutory environment,
* new personnel who may have a different focus on internal control,
* new or significantly changed information systems,
* rapid growth of programs which can strain controls,
* new technology which may change risks,
* new programs or activities which may introduce new control risks,
* restructurings or budget cutbacks which may include downsizing and
changes in supervision and segregation of duties, or:
* adoption of new accounting principles which may affect risks in
preparing financial statements.
.35: The auditor should gain sufficient knowledge of the entity's risk
assessment process to understand how management considers risks
relevant to the objectives of financial reporting (including
safeguarding), and compliance with budget and other laws and decides
what actions to take. This understanding may include how management
identifies risks, estimates their significance, assesses the likelihood
of occurrence, and relates them to financial reporting.
COMMUNICATION FACTORS:
.36:
Communication involves providing an understanding of individual roles
and responsibilities pertaining to internal control. It includes the
extent to which personnel understand how their activities relate to the
work of others and the means of reporting exceptions to an appropriate
higher level within the entity. Open communication channels help ensure
that exceptions are reported and acted on. Communication takes such
forms as policy manuals, accounting and financial reporting manuals,
and memoranda. Communication also may be electronic, oral, and through
the actions of management in demonstrating acceptable behavior.
.37:
The auditor should obtain sufficient knowledge of the means the entity
uses to communicate roles and responsibilities for, and significant
matters relating to financial reporting, safeguarding, and compliance
with budget and other laws and regulations.
MONITORING FACTORS:
.38:
Monitoring is the process by which management assesses the quality of
internal control performance over time. This may include ongoing
activities, such as regular management and supervision, or
communications from external parties, such as customer complaints or
regulator comments that may indicate areas in need of improvement. This
also may include separate evaluations, such as FMFIA work and IG or
internal auditor work, or a combination of ongoing activities and
separate evaluations.
.39:
The auditor should gain sufficient knowledge of the major types of
activities the entity uses to monitor internal control over financial
reporting, including safeguarding, and compliance with budget and other
laws and regulations and how those activities are used to initiate
corrective actions.
.40: The IG's office or internal audit is often an important part of
monitoring. The IG's office is responsible for (1) conducting and
supervising audits and investigations relating to programs and
operations, (2) providing leadership and coordination, including
recommending policies for programs and operations, and (3) keeping the
entity head and the Congress informed about problems and deficiencies,
including the progress of corrective actions. The auditor should assess
the effectiveness of the IG or internal audit as a monitoring control.
However, if the auditor is the IG, the office should not attempt to
assess its effectiveness as a control. Evaluating an IG's office or
internal audit includes consideration of its authority and reporting
relationships, the qualifications of its staff, and its resources. (In
using the work of the IG or internal auditors, refer to section 650.):
IS EFFECTS ON THE CONTROL ENVIRONMENT, RISK ASSESSMENT, COMMUNICATION,
AND MONITORING:
.41: IS affects the effectiveness of the control environment, risk
assessment, communication, and monitoring. For example, controls that
normally would be performed by separate individuals in manual systems
may be concentrated in one computer application and pose a potential
segregation-of-duties problem.
.42: The auditor should consider the following IS factors in making an
overall assessment of the control environment, risk assessment,
communication, and monitoring. An IS auditor may assist the auditor in
considering these factors:
a. Management's attitudes and awareness with respect to IS: Management's
interest in and awareness of IS functions is important in establishing
an organizationwide consciousness of control issues. Management may
demonstrate such interest and awareness by:
* considering the risks and benefits of computer applications;
* communicating policies regarding IS functions and responsibilities;
* overseeing policies and procedures for developing, modifying,
maintaining, and using computers and for controlling access to programs
and files;
* considering the inherent and control risk, including fraud risk,
related to IS;
* responding to previous recommendations or concerns;
* quickly and effectively planning for, and responding to, computerized
processing crises; and:
* depending on computer-generated information for key operating
decisions.
b. Organization and structure of the IS function: The organizational
structure affects the control environment. Centralized structures often
have a single computer processing organization and use a single set of
system and applications software, enabling tighter management control
over IS. In decentralized structures, each computer center generally
has its own computer processing organization, application programs, and
system software, which may result in differences in policies and
procedures and various levels of compliance at each location.
c. Clearly defined assignment of responsibilities and authority:
Appropriate assignment of responsibility according to typical IS
functional areas can affect the control environment. Factors to
consider include:
* how the position of the Chief Information Officer (CIO) fits into the
organizational structure;
* whether duties are appropriately segregated within the IS function,
since lack of segregation typically affects all systems;
* the extent to which management external to the IS function is involved
in major systems development decisions; and:
* the extent to which policies, standards, and procedures are documented,
understood, followed, and enforced.
d. Management's ability to identify and to respond to potential risk:
Computer processing, by its nature, introduces additional risk factors.
The entity should be aware of these risks and should develop
appropriate policies and procedures to respond to any IS issues that
might occur. Factors to consider include:
* the methods for monitoring incompatible functions and for enforcing
segregation of duties and:
* management's mechanism for identifying and responding to unusual or
exceptional conditions.
FEDERAL MANAGERS' FINANCIAL INTEGRITY ACT OF 1982:
.43:
In considering the control environment, risk assessment, communication,
and monitoring, the auditor should assess the quality of the FMFIA
process to provide evidence of management's control consciousness and
the overall quality of the control environment, risk assessment,
communication, and monitoring. In this regard, the quality of the FMFIA
process is a good indicator of management's (1) philosophy and
operating style, (2) assignment of authority and responsibility, and
(3) control methods for monitoring and follow-up. The FMFIA process
also may be the basis for management's assertion about the
effectiveness of internal control (section 2) and about the entity's
financial management systems' substantial compliance with FFMIA
requirements (section 4).
.44:
In considering the quality of the FMFIA process, the auditor generally
should perform the following procedures. If the entity does not issue
its own FMFIA report, the auditor should perform the following with
respect to information the entity contributes to the FMFIA report in
which the entity is included.
Read:
* the FMFIA report,
* important workpapers prepared by the entity in support of the FMFIA
report,
* IG reports on FMFIA compliance,
* OMB's most recent annual letter concerning FMFIA reporting, and:
* management's description of the FMFIA process.
Discuss the FMFIA process with appropriate entity management (including
management's opinion of the quality of the process).
Understand:
* how the FMFIA process is organized;
* who is assigned to manage the process, including the staffing level,
experience and qualifications of assigned personnel, and reporting
responsibilities; and:
* how the process finds and evaluates weaknesses.
* Identify the entity's actions on previously reported weaknesses and
examine agency documentation that demonstrates the results/
effectiveness of those actions.
* Determine whether the audit finds different issues from those
identified in the FMFIA process. (If so, see section 580 for reporting
on FMFIA.):
.45:
In assessing the quality of the FMFIA process, the auditor should
consider whether management procedures and supporting documentation are
sufficient to (1) provide management with reasonable assurance that
FMFIA objectives have been achieved and (2) meet OMB requirements. This
assessment is based on the auditor's overview and is not a result of
extensive tests. Factors for the auditor to consider may include:
* evidence of efforts to rectify previously identified material
weaknesses;
* management's commitment of resources to the FMFIA process, as
reflected in the skills, objectivity, and number of personnel
assigned to manage the process;
* extent to which management's methodology and assessment process
conform to the guidance in Circulars A-123 ( June 21, 1995) and A-127
(July 23, 1993 and revisions in Transmittal Memorandum No. 2, dated
June 10, 1999) and related OMB guidelines;
* IG and internal auditor involvement (if any);
* the process used to identify and screen material weaknesses as FMFIA
reports are consolidated and moved up the entity's hierarchy; and:
* the sources that identify material weaknesses, since items
identified by management personnel, rather than from IG, GAO, or
other external reports, demonstrate that the process can detect and
report weaknesses.
.46:
The auditor's assessment of the quality of the FMFIA process will
affect the auditor's ability to use information in the FMFIA report and
supporting documentation when identifying risks, testing controls, and
preparing workpapers. The higher the quality of the FMFIA process, the
more likely the auditor will be able to use the FMFIA findings in the
financial audit. The auditor should document the assessment of the
quality of the FMFIA process in the audit workpapers. Regardless, any
material weaknesses identified in the FMFIA report should be considered
in considering risk.
.47:
The reliance that the auditor places on management's FMFIA work depends
on a number of factors as discussed in FAM 650 (under revision).
Federal Financial Management Improvement Act of 1996:
.48:
As part of its FMFIA work, management determines whether its financial
management systems comply with the requirements found in OMB
Circular A-127, Financial Management Systems. Under FFMIA, the auditor
is required to report whether the financial management systems'
substantially comply with those requirements. Further, OMB issues
guidance that agencies and auditors should consider when addressing
compliance with FFMIA.
.49:
During the planning phase, the auditor generally should understand what
management did to determine that the entity's systems were in
substantial compliance in order to report under FMFIA. The entity may
have used the OMB FFMIA guidance, the GAO Financial Management Series
of checklists for Systems Reviewed Under the Federal Financial
Management Improvement Act of 1996, the draft JFMIP Financial
Management Systems Compliance Review Guide (http://www.financenet.gov/
financenet/fed/jfmip/fmscrg.pdf), or other tools. The auditor
generally should review this documentation in the internal control
phase of the audit to determine the degree to which he or she may rely
on it as discussed in section 650 (under revision). (See section 320.):
.50:
If the entity previously had an assessment made of its financial
management systems' substantial compliance with these requirements that
resulted in lack of substantial compliance, the auditor should read the
remediation plan required by FFMIA and note whether the plan appears
feasible and likely to remedy the deficiencies.
BUDGET FORMULATION:
.51: While assessing the control environment, risk assessment,
communication, and monitoring, the auditor should obtain an overall
understanding of the budget formulation process. The auditor does this
to understand better how misstatements and internal control weaknesses
affect the budget formulation process and, possibly, to consider the
budget process as a control. Based on discussions with entity
management responsible for the budget formulation process and review of
budget documents, the auditor should consider:
* the entity's process for developing and summarizing the budget,
* the nature and sufficiency of instructions and training provided to
individuals responsible for developing the budget,
* the extent that individuals involved in approving budget requests are
also involved in the budget formulation process,
* the general extent to which the budget is based on historical
information,
* the reliability of information on which the budget is based,
* the extent to which the budget formulation system is integrated with
the budget execution system, and:
* the extent of correlation between information developed in the budget
formulation process and the allotments and suballotments in the budget
execution system.
[End of section]
270 - DETERMINE LIKELIHOOD OF EFFECTIVE INFORMATION SYSTEM CONTROLS:
.01:
Controls are considered IS controls if their effectiveness depends on
computer processing. In the planning phase, the auditor (with the
assistance of the IS auditor and using FISCAM or another appropriate
methodology) should determine whether IS controls are likely to be
effective and should therefore be considered in the internal control
phase. The auditor may coordinate work done to meet the requirements of
Division A, Title X, Subtitle G (Government Information Security
Reform) of the National Defense Authorization Act for Fiscal Year 2001
(P.L. 106-398) with work done as part of the financial statement audit.
(See section 295 J for a flowchart of steps in assessing IS controls in
a financial statement audit.) The procedures to be performed build on
those procedures performed while understanding the entity's operations
and assessing the effects of IS on inherent risk and the control
environment, risk assessment, communication, and monitoring. AU 319
(SAS 55, as amended by SAS 78 and SAS 94) requires the auditor to
sufficiently understand each of the five components of internal
control--control environment, risk assessment, information and
communications, monitoring, and control activities--to plan the audit.
This understanding should include relevant IS aspects.
.02:
Computerized financial management systems are used extensively in the
federal government. While many of these systems are mainframe based,
numerous other technologies also exist. Some of these systems share
programs and data files with one another. Others may be networked into
major subsystems. In addition to producing financial and accounting
information, such systems typically generate other information used in
management decision-making.
.03:
As discussed in paragraph 260.06, the auditor evaluates and tests the
following types of controls in a financial statement audit:
* financial reporting controls,
* compliance controls, and:
* certain operations controls (to the extent described in section 275).
.04:
For each of the controls to be evaluated and tested, the auditor should
distinguish which are IS controls. IS controls--those whose
effectiveness depends on computer processing--can be classified into
three types (described in section 295 F):
* general controls,
* application controls, and:
* user controls.
Testing of technical IS controls should be performed by an IS auditor
as described in section 360. The audit team may assist the IS auditor
by testing user controls and application controls involving manual
follow-up.
.05:
In the planning phase, the auditor and the IS auditor should understand
each of the three types of IS controls to the extent necessary to
tentatively conclude whether IS controls are likely to be effective. If
they are likely to be effective, the auditor should consider specific
IS controls in determining whether control objectives are achieved (in
the internal control phase).
.06:
If IS controls are not likely to be effective, the auditor (with the
assistance of the IS auditor) should obtain a sufficient understanding
of control risks arising from IS to develop appropriate findings and to
plan substantive testing. Also, in the internal control phase, the
auditor generally should focus on the effectiveness of manual controls
in achieving control objectives. If IS controls are not likely to be
effective due to poor general controls and if manual controls do not
achieve the control objectives, the auditor should identify and
evaluate, but not test, any specific IS controls that are designed to
achieve the control objectives (to provide recommendations to improve
internal control).
.07:
In the planning phase, the auditor and the IS auditor generally limit
the understanding of general controls to those at an overall entity
level. However, obtaining this understanding generally requires visits
to selected installations. General controls related to an installation
level and to specific applications will be considered in more detail in
the internal control phase. In assessing general controls, the auditor
and the IS auditor should consider the results of past internal and
external reviews.
.08:
The auditor should keep in mind that, as stated in SAS 94, paragraph
66, in some circumstances, such as where a significant amount of
information is electronically initiated, recorded, processed, and
reported, it may not be practical or possible to restrict detection
risk to an acceptable level by performing only substantive tests for
one or more financial statement assertions. In such circumstances, the
auditor should test IS controls to obtain evidential matter about the
effectiveness of both the design and operation of controls to reduce
the assessed level of control risk.
[End of section]
275 - IDENTITY RELEVANT OPERATIONS CONTROLS TO EVAULATE AND TEST:
.01:
The overall intent of the CFO Act is to improve the quality of federal
financial management. Reliable financial information and effective
internal control are important to the quality of such federal financial
management. In a financial statement audit, the auditor draws a
conclusion about the effectiveness of certain financial reporting
(including safeguarding and budget) and compliance (including budget)
controls. For operations controls, the auditor:
* may evaluate certain operations controls considered relevant (see
paragraphs 275.02-.07),
* should evaluate and test operations controls that are relied on in
performing audit procedures (see paragraph 275.08), and:
* should understand the components of internal control relating to the
existence and completeness (and valuation is required for GAO audits)
assertions relevant to the performance measures reported in the MD&A,
in order to report on those controls that have not been properly
designed and placed in operation, but does not need to test those
controls, although he or she may decide to do so (see paragraph
275.09).
RELEVANT OPERATIONS CONTROLS:
.02:
For the potential operations control needs of the entity or for
operations control weaknesses identified through the procedures
described in paragraphs 275.04-.07, the auditor should determine
whether the evaluation of related controls should (1) be included in
the financial audit, (2) become a separate audit, or (3) not be
performed but any weaknesses be reported to the IG. In making this
determination, the auditor might consider the following factors:
* the significance of the operations control to the entity's
operations,
* the time required to identify and test the operations control,
* available resources, and:
* congressional interest.
.03:
Audit team management should agree on the operations controls that are
to be evaluated and tested as part of the financial audit. Such
operations controls should be documented in the workpapers. For
example, audit management may require that before evaluating and
testing a specific operations control, the audit team submit relevant
information to audit management on a standard form developed by the
audit team.
.04:
In the planning phase and throughout the audit, the auditor generally
should identify significant areas where the entity would be expected to
have operations controls. The auditor may become aware of these areas,
as well as potential weaknesses in operations controls, through:
* understanding the entity's operations.
* planning the audit procedures,
* understanding audit risks and weaknesses in financial reporting and
compliance controls,
* understanding the cause of misstatements noted, or:
* observations made during on-site fieldwork.
.05:
In obtaining an understanding of the entity's operations, the auditor
should identify those areas that are critical to such operations. For
each of these areas, the entity should have effective operations
controls. Also, in planning the audit, the auditor may identify
operations controls that could be evaluated in conjunction with planned
audit and other procedures. For example, the auditor may evaluate
whether management considered appropriate order quantities for each
inventory purchase selected in a test of inventory purchases.
.06:
The auditor identifies specific risks and weaknesses in planning and
performing the audit and in determining the causes of misstatements
requiring audit adjustments. The auditor should consider the
implications of those risks and weaknesses on the entity's operations
controls. For example, misstatements in inventory records may indicate
weaknesses in operations controls whose effectiveness depends on
accurate inventory records. This would include the operations controls
for maintaining proper inventory levels.
.07: The auditor should be alert to any opportunities to recommend
improvements to operations controls. Such opportunities could come to
light while visiting the entity's various locations and performing the
financial audit.
OPERATIONS CONTROLS RELIED ON IN THE AUDIT:
.08:
If any contemplated audit procedure relies on operations controls, the
auditor should identify and test such controls. For example, assume
that an auditor is using substantive analytical procedures, based on
entity-generated "per unit" statistics, to test the reasonableness of
certain operating costs. The auditor plans to compare such "per unit"
statistics with published costs incurred by similar operations. The
auditor will need to identify and test the entity's operations controls
over the production of these internal statistics.
OPERATIONS CONTROLS OVER REPORTED PERFORMANCE MEASURES:
.09:
OMB audit guidance requires the auditor to understand the design of
internal controls over the existence and completeness (see definition
in paragraph 235.02) assertions (and GAO has added valuation as a
requirement for its audits) related to the performance measures the
entity reports on in the MD&A and whether they have been placed in
operation. However, OMB does not require the auditor to test the
controls (determine operating effectiveness), although he or she may
decide to do so. The procedures the auditor performs to gain the
understanding do not need to be extensive but may consist of
discussions, observations, and walkthroughs (see AU 319.41-.43).
[End of section]
280 - PLAN OTHER AUDIT PROCEDURES:
.01:
The auditor should consider the following areas during the planning
phase, even though many related audit procedures will be applied during
the other phases.
INQUIRIES OF ATTORNEYS:
.02:
As discussed in AU 337 and section 550, the auditor should make
inquires of the entity's counsel and perform other audit procedures
regarding litigation, claims, and assessments. Because of the amount of
the time needed by management and the attorneys to gather and report
the necessary information (including the potential need for management
to inquire of Department of Justice attorneys on a case-specific
basis), the auditor should plan the following procedures (which are
described in more detail in AU 337) for an appropriate time in the
audit:
* making inquiries of management regarding their policies and
procedures used for identifying, evaluating, and accounting for
litigation, claims, and assessment;
* obtaining a description and evaluation of all such matters existing
as of the balance sheet date and through the date of management's
response (which should be near the end of fieldwork);
* obtaining evidence regarding attorneys used by the entity and
matters handled; and:
* sending letters of audit inquiry to attorneys (the auditor should
consider the aggregation of cases in deciding on the materiality to
include in the legal letter to ensure it is sufficiently low).
MANAGEMENT REPRESENTATIONS:
.03: As discussed in section 550, the auditor is required to obtain a
representation letter from management on specific matters prior to
completion of the audit. Particularly during first year audits and when
standards change, the auditor may want to discuss these required
representations with management early in the audit to identify and
resolve any difficulties related to obtaining these representations.
Note that for federal government auditors, these representations
include (1) the effectiveness of internal control, (2) financial
management systems' substantial compliance with FFMIA requirements, and
(3) compliance with laws and regulations. Additional guidance on
management representations is provided in AU 333, AU 801, SSAE 2, and
section 1001 (Part II). Also, per SAS 89, a summary of uncorrected
misstatements aggregated by the auditor is to be included or attached
to the letter, which shall state management's belief that the effects
of the misstatements are immaterial to the financial statements taken
as a whole, both individually and in the aggregate. (See section 595 D
for an example summary of uncorrected misstatements.):
RELATED PARTY TRANSACTIONS:
.04: AU 334 and section 1006 provide guidance on audit procedures that
should be performed to identify related parties and related party
transactions as well as examining these transactions for appropriate
disclosure in the financial statements. During the planning phase, the
auditor should perform procedures to identify and document related
parties and the nature of related party transactions that might need to
be disclosed in the financial statements and related notes. Such
information should be distributed to all members of the audit team for
use in summarizing and testing related party transactions and
identifying any additional related parties.
SENSITIVE PAYMENTS:
.05:
In the planning phase, the auditor should consider the audit procedures
that will be applied to sensitive payments. Sensitive payments
encompass a wide range of executive functions including executive
compensation, travel, official entertainment funds, unvouchered
expenses, and consulting services. See GAO's technical guideline 8.1.2,
Guide for Review of Sensitive Payments.
REACHING AN UNDERSTANDING WITH MANAGEMENT AND REQUESTERS:
.06: During planning, it is important that the auditor reach an
understanding with the entity's management and individuals contracting
for or requesting the audit, about the work to be performed, as
required by AU 310 and Amendment No. 2 to Government Auditing Standards
(paragraphs 4.6.3-4.6.9). If the audit is done based on the request of
a committee or member of Congress, the auditor should communicate with
that committee or member as well as management. If the audit is
required by law or is self-initiated, the auditor should communicate
with the committee members or staff who have oversight of the auditee
as well as management.
.07:
The auditor should communicate with management and the committee or
member in writing (preferred) or orally and document the understanding
reached in the workpapers. "Commitment" letters may be used to
communicate with Congress about the auditor's planned work. In drafting
commitment letters, the auditor should consider the matters required to
be communicated by the auditing standards. If the audit organization
has a general ongoing working relationship with Congress and prior
audit reports, there may already be an understanding with the
applicable committee or other requester.
.08:
Because of an ongoing working relationship with either a requester or
management, the auditor may affirm the contents of the prior audit
report, since the types of information included in the understanding
are generally included in the objectives, scope, and methodology
section of the audit report.
.09: Examples of the matters that are generally included in the
understanding are the objectives and limitations of the audit and
management's and the auditor's responsibilities. These are described in
AU 310.06-.07. GAGAS also requires the understanding to relate to the
auditor's responsibility for testing and reporting on compliance and
internal control.
OTHER AUDIT REQUIREMENTS:
.10:
GAGAS (section 4.7) also require the auditor to follow up on known
material findings and recommendations from previous audits. Generally,
a financial audit should cover areas that had findings and
recommendations in previous audits. However, the auditor should
consider whether any findings and recommendations from the prior year
financial audit need follow-up that would not otherwise be covered (for
example, findings at locations that would not otherwise be revisited).
.11: During planning, the auditor also should consider the additional
requirements in OMB audit guidance for legal letters, management
representation letters, and certain agreed-upon procedures. OMB audit
guidance has specific dates by which interim and updated legal letters
for CFO Act agencies are to be requested and received, specific formats
for summarizing the information in the letters, and a list of specific
officials to whom copies of the letters and summaries should be
forwarded. The guidance also has an example of a management
representation letter. In addition, the guidance requires that certain
agreed-upon procedures to be applied to agency payroll offices and
requires that reports be submitted to OPM by a specific date.
[End of section]
285 - PLAN LOCATIONS TO VISIT:
.01:
Most federal entities conduct operations, perform accounting functions,
and/or retain records at multiple locations. During planning, the
auditor needs to consider the effect of these multiple locations on the
audit approach. The auditor should develop an understanding of the
respective locations, including significant accounts and accounting
systems and cycles/applications. This understanding may be obtained
centrally or in combination with visits to field offices, as
appropriate. When planning locations to visit, the auditor should
consider whether certain locations warrant more extensive testing than
others, based on the following factors:
* Materiality or significance of locations to the overall entity: More
material locations, particularly those individually exceeding design
materiality, and significant cycles/accounting applications may
require more extensive testing.
* The results of the preliminary analytical procedures applied during
planning: Unusual results require follow-up, possibly including on-site
testing at specific locations causing such results.
* The results and the extent of audit procedures applied in prior years
by the auditor or others, including the time since significant
procedures were performed: Problems noted in prior audits could
indicate areas of concern for the current audit, and the effectiveness
of prior evidence ordinarily diminishes with the passage of time.
* The auditor's assessment of inherent risk, including the nature of
operations, sensitivity to economic conditions, and key management
turnover: Locations at which inherent risk is high generally warrant
more extensive testing than those where inherent risk is low.
* The auditor's preliminary assessment of control risk, including the
control environment, risk assessment, communications, and monitoring:
Locations at which control risk (particularly concerning the control
environment, risk assessment, communication, and monitoring) is high
warrant more extensive testing than those where control risk is low.
* The auditor's consideration of the risk of material misstatement due
to fraud: Locations at which the auditor has considered there may be a
greater risk of material misstatement due to fraud warrant more
extensive testing than those where he or she has considered a lower
risk of material misstatement due to fraud is present.
* The extent to which accounting records are centralized: A high
degree of centralization may enable the auditor to conduct the
majority of work at the central location, with only limited work at
other locations.
* The extent of uniformity of control systems (including computer
controls) throughout the entity: The number of locations visited is a
function of the uniformity of significant control systems. For example,
if there are two major procurement control systems, the auditor
generally should test each system to a sufficient extent. Where
locations develop or modify systems, more locations may require visits
than for those entities using centrally developed systems that cannot
be changed locally.
* The extent of work performed by other auditors: Work done by other
auditors may be used to reduce or eliminate tests at selected locations
or to assist in tests of locations not selected. (See section 650.):
* Special reporting or entity requirements: The auditor should select
sufficient locations to meet special needs, such as separate-location
reports.
.02:
The auditor should plan the general nature of audit procedures to be
performed at each location. The extent of testing may vary between
locations, depending on test materiality, control risk, and other
factors. Using common audit programs, workpaper formats, and indexes
for the various locations visited makes it easier to plan, review the
workpapers, and combine the results of all locations or funds to
improve effectiveness and efficiency.
.03:
The auditor should obtain an understanding of the procedures for
combining the locations' financial information to prepare the entity's
financial statements. The auditor should understand and test these
procedures during the audit, including any necessary adjustments and
eliminations.
.04:
One approach to stratifying the locations and selecting samples for
multiple-location audits is provided in section 295 C. This method
assumes that increased testing is not required at any location because
of the factors in paragraph 285.01. Other methods of selecting
locations for on-site testing may be used with the approval of the
Reviewer. For example, selecting fewer locations but more items to test
at each of those locations may be appropriate in some instances.
Although other methods generally will require more overall audit
testing than the method described in section 295 C, the costs of
performing additional work at fewer locations may be lower.
[End of section]
290 - DOCUMENTATION:
.01:
The auditor should document relevant information obtained during the
planning phase in the documents described in paragraphs 290.03-.06.
Also, as described in paragraph 290.07, the auditor should document the
understanding reached with requesters and management. Information that
is likely to be useful in future audits may be documented in a
permanent file.
.02:
As the audit work is performed, the auditors may become aware of
possible reportable conditions or other matters that should be
communicated to the auditee. A structured method to document these
matters will aid in communicating them to the audit team, management
for review, and the agency soon after their discovery. The auditor
generally should document the nature of the reportable condition and
the criteria, cause, potential effect, and suggestions for improvement
(as applicable) throughout the audit and discuss them with management
when identified, rather than waiting until the exit conference.
.03:
In the entity profile or an equivalent document, the auditor should
document the information gathered to gain an understanding of the
entity (section 220). This profile should briefly document such
elements as the entity's origin and history, size and location,
organization, mission, results of prior and current audits, and
accounting and auditing considerations. The auditor generally should
limit the information in the entity profile to that which is relevant
to planning the audit. This information may include documents prepared
by the entity, such as historical information or the mission of the
entity. If this and other documents were prepared in prior years, they
need only be updated for changes each year.
.04:
The General Risk Analysis or an equivalent document contains the
overall audit plan, including the strategy for conducting the audit,
and also should include information on the following areas:
a. Preliminary analytical procedures and the results of those
procedures (section 225): The auditor should document the following
information:
* data used and sources of financial data used for current-year amounts
and for developing expected amounts, including:
** the amounts of the financial items,
** the dates or periods covered by the data,
** whether the data are audited or unaudited,
** the person from whom the data were obtained (if applicable), and:
** the source of the information (for example, the general ledger trial
balance, prior-year audit workpapers, or prior-year financial
statements);
* parameters for identifying significant fluctuations;
* explanations for fluctuations identified and sources of these
explanations, including the name and title of the person(s) from whom
the explanations were obtained; and:
* the auditor's conclusion and consideration of the impact of the
results of preliminary analytical procedures on the audit.
b. Planning, design, and test materiality, including the basis for
their determination (section 230).
c. Methodology used in assessing computer-related controls (section
240): If the auditor uses a methodology other than the FISCAM, he or
she should document the basis for believing that the methodology is
appropriate.
d. Significant provisions of laws and regulations (section 245).
e. Relevant budget restrictions (section 250).
f. Level of audit assurance (section 260): The auditor should document
the overall level of audit assurance and the justification for the
level used. If the level of audit assurance chosen is 95 percent, the
auditor may reference the FAM.
g. Assessment of inherent risk and the overall effectiveness of the
control environment, risk assessment, communication, and monitoring,
including whether they preclude the effectiveness of specific control
activities (section 260): The auditor identifies and documents any
inherent risks or control risks arising from the control environment,
risk assessment, communication, and monitoring and associates them with
significant financial statement line items and assertions. For each
risk identified, the auditor documents the (1) nature and extent of the
risk, (2) condition(s) that gave rise to that risk, and (3) specific
cycles, accounts, line items, and related assertions affected (if not
pervasive). The auditor also documents conclusions on the overall
effectiveness of the control environment, risk assessment,
communication, and monitoring. In addition, the auditor generally
should document the entity's basis for its determination of substantial
compliance of its systems with FFMIA requirements.
h. Risk of material misstatement due to fraud (section 260): The
auditor should document:
* the fraud risk factors identified and:
* the auditor's response to those risk factors, either individually or
in combination.
i. Effects of IS (section 270): The auditor should document:
* a basic understanding of the IS aspects of the financial management
system, including the significance of IS to the entity (section 220);
* the inherent risks arising from IS (paragraph 260.17);
* the impact of IS on the control environment, risk assessment,
communication, and monitoring (paragraphs 260.41-.42); and:
* tentative conclusions on the likelihood that IS controls are operating
effectively (section 270).
When the auditor prepares documentation of the above information, the
IS auditor generally should review and agree with the content.
Tentative conclusions on the likelihood that IS controls are operating
effectively should also be reviewed and concurred to by the Audit
Director and Assistant Director as part of their reviews of the General
Risk Analysis or equivalent. If IS controls are not likely to be
effective, the auditor should document supporting evidence and
generally should report such findings as discussed in section 580.
j. Operations controls to be tested, if any (section 275).
k. Other planned audit procedures (section 280).
l.Locations to be visited (section 285): This information includes:
* the locations selected,
* the basis for selections,
* the general nature of procedures planned for each location,
* the determination of the number of items for testing,
* the allocation of those items among the selected locations, and:
* other procedures applied.
m. Staffing requirements.
n. Audit timing, including milestones.
o. Assistance from entity personnel.
.05:
The Cycle Matrix or equivalent links each of the entity's accounts (in
the chart of accounts) to a cycle, an accounting application, and a
financial statement line item or RSSI (paragraph 240.06). This
information may instead be incorporated into the Account Risk Analysis
or equivalent.
.06:
The Account Risk Analysis or equivalent contains the audit plan for
each significant line item and account and should identify significant
line items, accounts, assertions, and cycles/accounting applications
(sections 235 and 240, respectively). The auditor also summarizes and
documents the specific risks, other than pervasive risks, for use in
determining the nature, timing, and extent of the audit procedures. The
auditor may also include insignificant accounts in each line item ARA
or equivalent, indicating their insignificance and the consequent lack
of audit procedures applied to them. In such instances, the cycle
matrix or equivalent need not be prepared.
.07:
The auditor should document in the workpapers the understanding reached
with those requesting the audit and management about the work to be
performed, as described in section 280.
.08:
The auditor also should consider the needs of, and consult in a timely
manner with, other auditors who plan to use the work being performed,
especially in areas where the auditor makes decisions requiring
significant auditor judgment. Where the auditor deviates from a policy
or procedure expressed by use of the term "must" or "should" in the
FAM, he or she should provide an opportunity for the other auditors to
review the documentation of the reasons explaining these deviation
decisions.
[End of section]
295 A - POTENTIAL INHERENT RISK CONDITIONS:
.01:
The specific conditions listed below may indicate the presence of
inherent and/or fraud risks. This section is designed to aid the
auditor in considering each of the inherent risk factors described in
paragraph 260.16 and the fraud risk factors described in paragraphs
260.24-.25 relating to industry conditions, operating conditions and
financial stability, and susceptibility of assets to misappropriation,
but is not intended to be all inclusive. The auditor should consider
any other factors and conditions considered relevant.
.02: NATURE OF THE ENTITY'S PROGRAMS:
* Programs are significantly affected by new/changing governmental
regulations, economic factors, and/or environmental factors.
* Contentious or difficult accounting issues are associated with the
administration of a significant program(s).
* Major uncertainties or contingencies, including long-term
commitments, relate to a particular program(s).
* New (in existence less than 2 years) or changing (undergoing
substantial modification or reorganization) programs lack written
policies or procedures, lack adequate resources, have inexperienced
managers, lack adequate systems to measure performance, and generally
have considerable confusion associated with them.
* Programs that are being phased out (being eliminated within 1 or 2
years), lack adequate resources, lack personnel motivation and
interest, or involve closeout activities for which controls have not
been developed.
* Significant programs have a history of improper administration,
affecting operating activities.
* Significant programs have a history of inadequate financial
management
systems causing management to resort to extensive, costly, time-
consuming, ad hoc efforts to prepare financial statements by the
required deadline.
* Significant programs have minimal IG or internal audit coverage.
* Management faces significant pressure to obtain additional funding
necessary to stay viable and maintain levels of service considering the
financial or budgetary position of a program, including the need for
funds to finance major research and development or capital
expenditures.
* Management faces significant pressure to "use or lose" appropriated
funds in order to sustain future funding levels.
* Partisan politics between competing political parties or factions or
constituent groups create conflict and a lack of stability within the
entity or programs.
* Unusually rapid growth occurs in a program.
* Economic conditions are deteriorating among the group served by the
entity.
.03: HISTORY OF SIGNIFICANT AUDIT ADJUSTMENTS:
* The underlying cause of significant audit adjustments continues to
exist.
.04: NATURE OF MATERIAL TRANSACTIONS AND ACCOUNTS:
* New types of transactions exist.
* Significant transactions or accounts have minimal IG or internal
audit coverage.
* Significant related and/or third party transactions exist.
* Classes of transactions or accounts are:
** difficult to audit;
** subject to significant management judgments (such as estimates);
** susceptible to manipulation, loss, or misappropriation;
** susceptible to inappropriate application of an accounting policy;
and:
** susceptible to problems with realization or valuation.
* Accounts have complex underlying calculations or accounting
principles.
* Accounts in which the underlying activities, transactions, or events
are operating under severe time constraints.
* Significant interagency transactions or revenue sources create
incentives to shift costs or otherwise manipulate accounting
transactions.
* Accounts in which activities, transactions, or events involve the
handling of unusually large cash receipts, cash payments, or wire
transfers.
* Inventory or equipment have characteristics such as small size, high
value, high demand, marketability, or lack of ownership identification
that make them easily converted to cash (for example, pharmaceutical
inventory or military equipment with high street values).
* Assets are easily converted to cash, such as food stamps, benefits
vouchers, commodities, supplies, or materials.
* Assets are susceptible to personal, non-program/non-government use
such as cars, computers, telephones.
* Many payments are sent to post office boxes.
* Large amounts of payments are sent to outside recipients, as in the
cases of grants, medical care reimbursements, or other federal
financial assistance.
[End of section]
295 B - POTENTIAL CONTROL ENVIRONMENT, RISK ASSESSMENT,
COMMUNICATION, AND MONITORING WEAKNESSES:
.01:
The specific conditions listed below may indicate the presence of
control environment, risk assessment, communication, and monitoring
weaknesses and fraud risk. This section is designed to aid the auditor
in considering each of the control environment, risk assessment,
communication, and monitoring factors described in paragraphs 260.32-
.40 but is not intended to be all inclusive. The auditor should
consider any other factors and conditions considered relevant. (If the
auditor is doing a more detailed assessment of internal control than is
usual in a financial audit, he or she may refer to GAO's exposure draft
of Internal Control Management and Evaluation Tool for additional and
more detailed examples of internal control factors.):
CONTROL ENVIRONMENT:
.02: Integrity and Ethical Values:
* An appropriate "tone at the top" has not been established and
communicated throughout the entity, including explicit moral guidance
about what is right and wrong.
* No (or inadequate) formal code of conduct or other policies
regarding acceptable practices, conflicts of interest, or expected
standards of ethical and moral behavior exists, or employees are
unaware of it.
* Employees do not understand what behavior is acceptable or
unacceptable, or what to do if they encounter improper behavior.
* Bad news is covered up by management rather than making full
disclosure as quickly as possible.
* Management does not quickly address signs that problems exist.
* Employees feel peer pressure to cut corners.
* High decentralization leaves top management unaware of actions taken
at lower organizational levels and thereby reduces the chances of
getting caught.
* Everyday dealings with employees, auditors, the public, oversight
groups, etc., are not generally based on honesty and fairness (for
example, overpayments received or supplier underpayments are ignored,
or efforts are made to find a way to reject legitimate benefits
claims).
* Penalties for improper behavior are insignificant or unpublicized
and thus lose their value as deterrents.
* Management has displayed a loose attitude towards internal control,
for example, by not providing guidance on when intervention is allowed
or not investigating and documenting deviations.
* Pressure is felt to meet performance targets or deadlines that are
unrealistic.
* Management is under undue pressure from the administration to attain
an unqualified opinion on the financial statements, despite
significant internal control weaknesses.
* Management displays lack of candor in dealing with oversight
committee staff, recipients of the entity's services, or auditors
regarding decisions that could have an impact on the entity.
.03: Commitment to Competence:
* Jobs have not been analyzed to determine the knowledge and skills
needed.
* Employees do not seem to have the knowledge and skills they should
have to do their jobs, based on the level of judgment necessary.
* Supervision of employees does not compensate for lack of knowledge
and skills in their specific jobs.
.04: Management's Philosophy and Operating Style:
* Management lacks concern about internal control and the environment
in which specific controls function.
* Management demonstrates an aggressive approach to risk-taking.
* Management demonstrates an aggressive approach to accounting
policies.
* Management has a history of completing significant or unusual
transactions near the year's end, including transactions with related
parties.
* Management makes numerous adjusting journal entries, especially at
yearend.
* Management is reluctant to (1) consult auditors/consultants on
accounting issues, (2) adjust the financial statements for
misstatements, or (3) make appropriate disclosures.
* Management displays a significant disregard for regulatory, legal,
or oversight requirements or for IG, GAO, or Congressional authorities.
* Top-level management lacks the financial experience/background
necessary for the positions held.
* Management is slow to respond to crisis situations in both operating
and financial areas.
* Management uses unreliable and inaccurate information to make
business decisions.
* Unexpected reorganization or replacement of management staff or
consultants occurs frequently.
* Management and personnel in key areas (such as accounting, IS, IG,
and internal auditing) have a high turnover.
* Individual members of top management are unusually closely
identified with specific major projects.
* Overly optimistic information on performance of programs and
activities is disclosed.
* Financial estimates consistently prove to be significantly
overstated or understated.
* Obtaining adequate audit evidence is difficult due to a lack of
documentation and evasive or unreasonable responses to inquiries.
* Financial arrangements/transactions are unduly complex.
* Lack of interaction of adequate frequency between senior management
and operating management, particularly with geographically removed
locations.
* Management attitude toward IS and accounting functions is that these
are necessary "bean counting" functions rather than a vehicle for
exercising control over the entity's activities.
* Management is motivated to engage in fraudulent financial reporting
resulting from substantial political pressure creating an undue concern
about reporting positive financial accomplishments.
* Management is dominated, either entity-wide or at a specific
component, by a single person or small group without compensating
controls such as effective oversight by the IG, GAO, Congressional
committees, or other oversight body.
* One or more individuals with no apparent executive position(s) with
the entity appear to exercise substantial influence over its affairs
or over individual departments or programs (for example, a major
political donor or fundraiser).
* Management has significant grantee, cooperative agreement, or
contractor relationships for which there appears to be no clear
programmatic or governmental justification.
* Management appears more concerned with an unqualified opinion on the
financial statements rather than with fixing significant weaknesses in
its systems.
* Management has difficulty meeting reporting deadlines.
.05: Organizational Structure:
* The organizational structure is inappropriate for the entity's size
and complexity. General types of organizational structures include:
** federal centralized (managed and controlled on a day-to-day basis
by a centralized federal entity system),
** federal decentralized (managed and controlled on a day-to-day basis
by federal entity field offices or staffs),
** participant administered (managed and controlled on a day-to-day
basis by a nonfederal organization), and:
** other (managed and controlled on a day-to-day basis by some
combination of the above or by other means).
* The structure inhibits segregation of duties for initiating
transactions, recording transactions, and maintaining custody over
assets.
* It is difficult to determine the organization or individual(s) that
control(s) the entity, parts of the entity, or particular programs.
* Recent changes in the management structure disrupt the organization.
* Operational responsibilities do not coincide with the divisional
structure.
* Delegation of responsibility and authority is inappropriate.
* A lack of definition and understanding of delegated authority and
responsibility exists at all levels of the organization.
* Inexperienced and/or incompetent accounting personnel are
responsible for transaction processing.
* The number of supervisors is inadequate or supervisors are
inaccessible.
* Key financial staff have excessive work loads.
* Policies and procedures are established at inappropriate levels.
* A high degree of manual activity is required in capturing,
processing, and summarizing data.
* Activities are dominated and controlled by a single person or a
small group.
* The potential exists for entity officials to obtain financial or
other benefits on the basis of decisions made or actions taken in an
official capacity.
.06: Assignment of Authority and Responsibility:
* The entity's policies are inadequate regarding the assignment of
responsibility and the delegation of authority for such matters as
organizational goals and objectives; operating functions; and
regulatory requirements, including responsibility for information
systems and authorizations for changes.
* Appropriate control-related standards and procedures are lacking.
* The number of people, particularly in IS and accounting, with
requisite skill levels relative to the size and complexity of the
operations is inadequate.
* Delegated authority is inappropriate in relation to the assigned
responsibilities.
* Appropriate system of authorization and approval of transactions
(for example, in purchasing, grants, and federal financial assistance)
is lacking.
* Policies are inadequate regarding physical safeguards over cash,
investments, inventory, and fixed assets.
.07: Human Resource Policies and Practices:
* Human resource policies for hiring and retaining capable people are
inadequate.
* Standards and procedures for hiring, promoting, transferring,
retiring, and terminating personnel are insufficient.
* Training programs do not adequately offer employees the opportunity
to improve their performance or encourage their advancement.
* Written job descriptions and reference manuals are inadequate or
inadequately maintained.
* Communication of human resource policies and procedures at field
locations is inadequate.
* Policies on employee supervision are inappropriate or obsolete.
* Inappropriate remedial actions are taken in response to departures
from approved policies and procedures.
* Employee promotion criteria and performance evaluations are
inadequate in relation to the code of conduct.
* Job applicant screening procedures for employees with access to
assets susceptible to misappropriation are lacking.
* Training is inadequate regarding controls over payments to others for
grants, federal financial assistance, etc.
* Mandatory vacations are not required for employees performing key
control functions.
.08:
Management's Control Methods Over Budget Formulation and Execution:
* Little or no guidance material and instructions are available to
provide direction to those preparing the budget information.
* The budget review, approval, and revision process is not defined or
understood.
* Management demonstrates little concern for reliable budget
information.
* Management participation in directing and reviewing the budget
process is inadequate.
* Management is not involved in determining when, how much, and for
what purpose obligations and outlays can be made.
* The planning and reporting systems that set forth management's plans
and the results of actual performance are inadequate.
* Inadequate methods are used to identify the status of actual
performance and exceptions from planned performance and communicate
them to the appropriate levels of management.
* Noncompliance with Antideficiency Act, purpose, time, or other
budget-related restrictions has been previously reported.
.09:
Management's Control Methods Over Compliance with Laws and Regulations:
* Management is unaware of the applicable laws and regulations and
potential problems.
* A mechanism to inform management of the existence of illegal acts
does not exist.
* Management neglects to react to identified instances of noncompliance
with laws and regulations.
* Management is reluctant to discuss its approach toward compliance and
the reasonableness of that approach.
* Recurring public complaints have been received through "hotline"
allegations.
* Repeated instances of noncompliance or control weaknesses are
disclosed in FMFIA reports; congressional reports; consultants'
reports; and prior audits/evaluations by GAO, the IG, internal audit,
or others.
* Management is reluctant to provide evidential matter necessary to
evaluate whether noncompliance with laws and regulations has occurred.
* Management is not responsive to changes in legislative or regulatory
bodies' requirements.
* Policies and procedures for complying with laws and regulations are
weak.
* Policies on such matters as acceptable business practices, conflicts
of interest, and codes of conduct are weak.
* Management does not have an effective legal counsel.
.10: Oversight Groups (Including Congressional Committees):
* Oversight groups demonstrate little concern toward controls and the
speed with which internal and external auditors' recommendations are
addressed.
* Oversight groups have little involvement in and scrutiny of
activities.
* Little interaction occurs between oversight groups and the IG and
internal and external auditors.
* Oversight groups demonstrate little concern for compliance with
applicable laws, regulations, and contractual requirements.
RISK ASSESSMENT:
.11: Setting Objectives:
* Management has not established or communicated its overall objectives
to employees or oversight committees.
* No strategic planning has been done, or the strategic plan does not
support the objectives.
* The strategic plan does not address high-level resource allocations
and priorities.
* The strategic plan, budgets, and/or objectives are inconsistent.
* Management has not established activity-level objectives for all
significant activities, or the objectives are inconsistent with each
other or with the overall objectives.
* Objectives do not include measurement criteria.
.12: Analyzing Risks:
* Management has not adequately identified risks to achieving the
entity's objectives arising from external sources, including economic
conditions, the President, the Congress, OMB, and the media.
* Management has not adequately identified risks arising from internal
sources, such as human resources (ability to retain key people) or IS
(adequacy of back-up systems in the event of systems failure).
* Once risks are identified, management has not adequately analyzed the
risks, including estimating the significance of risks, assessing the
likelihood of their occurring, and determining needed actions.
.13: Managing Change:
* The mechanisms for identifying and communicating events, activities,
and conditions that affect operations or financial reporting objectives
are insufficient.
* Accounting and/or information systems are not modified in response
to changing conditions.
* No consideration is given to designing new or alternative controls
in response to changing conditions.
* Management is unresponsive to changing conditions.
COMMUNICATION:
.14: Internal Communication:
* The system for communicating policies and procedures is ineffective.
* Formal or informal job descriptions do not adequately delineate
specific duties, responsibilities, reporting relationships, and
constraints.
* Channels of communication for personnel reporting suspected
improprieties are inappropriate.
* Management fails to display and communicate an appropriate attitude
regarding internal control.
* Management is not effective in communicating and supporting the
entity's accountability for public resources and ethics, especially
regarding matters such as acceptable business practices, conflicts of
interest, and codes of conduct.
* Management is not receptive to employee suggestions of ways to
enhance productivity and quality or other similar improvements.
* Communication across the organization (for example, between
procurement and program activities) is inadequate to enable people to
discharge their responsibilities effectively.
.15: External Communication:
* Channels of communication with suppliers, contractors, recipients of
program services, and other external parties are not open and effective
for communicating information on changing needs.
* Outside parties have not been made aware of the entity's ethical
standards.
* Management does not appropriately follow up on information received
in communications from program service recipients, vendors,
regulators, or other external parties.
MONITORING:
.16: Ongoing Monitoring:
* Management is not sufficiently involved in reviewing the entity's
performance.
* Management control methods are inadequate to investigate unusual or
exceptional situations and to take appropriate and timely corrective
action.
* Management lacks concern for and does not effectively establish and
monitor policies for developing and modifying accounting systems and
control activities.
* Management's follow-up action is untimely or inappropriate in
response to communications from external parties, including
complaints, notification of errors in transactions with parties, and
notification of inappropriate employee behavior.
* Management does not periodically compare amounts recorded by the
accounting system with physical assets.
* Management allows large numbers of duplicate payments.
* Management does not respond to internal and external auditors'
recommendations to strengthen internal control.
* Management has strained relationships with the IG and/or its current
or predecessor external auditors.
* Management does not encourage and consider employee suggestions.
* Personnel do not periodically acknowledge compliance with the code
of conduct or sign off to evidence performance of critical control
functions.
* Management does not adequately monitor significant activities that
have been outsourced to contractors or information systems components
maintained by contractors.
.17: FMFIA or Similar Separate Evaluations:
* Management displays a disregard for fully complying with the FMFIA
process, reporting, results, and follow-up.
* Management displays a disregard for fully complying with or a
combative attitude towards the FFMIA process, reporting, results, and
follow-up.
* FMFIA or similar reviews are not conducted by personnel with
requisite skills or using a logical and appropriate methodology.
* Auditors note weaknesses that were not included in FMFIA and FFMIA
reports.
.18: Reporting Deficiencies:
* The entity does not have a mechanism for capturing and reporting
identified internal control deficiencies from both internal and
external sources resulting from ongoing monitoring or separate
evaluations.
* Deficiencies are not reported to the person with direct
responsibility and to a person at least one level higher or to more
senior management for specified types of deficiencies.
* Corrective actions on deficiencies do not take place on a timely
basis.
* Underlying causes of problems are not investigated.
* Follow-up to ensure that the necessary corrective action has taken
place is not done.
.19: The Effectiveness of Other Auditors:
* The audit staff are responsible for making operating decisions or for
controlling other original accounting work subject to audit.
* Audit management personnel are inexperienced for the tasks assigned.
* Training activities are minimal, including little or no participation
in formal courses and seminars and inadequate on-the-job training.
* Resources to effectively conduct audits and investigations are
inadequate.
* Audits are not focused on areas of highest exposure to the entity.
* Standards against which the auditor's work is measured are minimal
or nonexistent.
* Performance reviews are nonexistent or irregular.
* The audit planning process is nonexistent or inadequate, including
little or no concentration on significant matters and little or no
consideration of the results of prior audits and current developments.
* Supervision and review procedures are nonexistent or inadequate,
including little involvement in the planning process, in monitoring
progress, and in reviewing conclusions and reports.
* Workpaper documentation (audit programs, evidence of work performed,
and support for audit findings) is incomplete.
* An inadequate mechanism is used to keep the entity head and the
Congress informed about problems, deficiencies, and the progress of
corrective action.
* Audit coverage over payments made by others (such as states) for
grants, federal financial assistance, etc. is inadequate.
* The audit has an inadequate review of computer general and
application controls.
* The auditor does not use appropriate tools, such as audit software
and sampling.
* The audit department does not have a peer review every 3 years.
* The audit department does not have an annual internal inspection.
[End of section]
295 C - AN APPROACH FOR MULTIPLE-LOCATION AUDITS:
.01:
This section provides one approach for stratifying the locations and
selecting the samples for multiple-location audits. This method assumes
that the auditor first identifies locations to be tested each year
because of specific inherent or control risks. Other methods of
selecting locations for on-site testing may be used with the approval
of the Reviewer.
STRATIFYING THE LOCATIONS:
.02:
Unless a dollar-unit sampling method is used, which automatically
stratifies the population, the auditor stratifies the locations by
separating them into an appropriate number of relatively homogeneous
groups or strata. Stratification can improve the efficiency of the
sample result (reduce the uncertainty of the estimate) by grouping
items together that are expected to behave similarly with respect to
the audit measure. Stratification can also be used to ensure that items
of special interest receive adequate coverage in the sample. The
stratification should be based on relative size and/or qualitative
factors, such as inherent or control risk. If exact information is not
available, estimates may be used. Criteria for stratifying may include
one or more of the following relative factors:
* the amount of assets;
* the amounts of revenue and expenses incurred or processed at the
location;
* the number of personnel, where payroll costs are significant;
* the amount of appropriations;
* a concentration of specific items (such as a stratum consisting of
significant inventory storage locations, of which those selected will
undergo only inventory procedures);
* the nature and extent of inherent and control risk, including fraud
risk and sensitive matters or the turnover of key management; and:
* special reporting requirements, such as separate reports, special
disclosures, or supplementary schedules.
.03:
For example, the auditor may stratify locations, based on the amount of
total assets, into the following strata: (1) individually material
locations (top stratum), (2) relatively significant locations
(intermediate stratum), and (3) relatively insignificant locations
(bottom stratum). If an entity has 100 locations and if the total
amount of assets is determined to be the relevant criterion for
stratifying locations, the first three columns of table 295 C.1 may
represent an acceptable stratification.
.04: SELECTING LOCATIONS:
The auditor selects locations for on-site testing using one of the
following methods for each stratum: (These methods are described in
more detail in section 480.):
* Dollar-unit sampling (DUS) or classical variables sampling using a
multistage approach may be used as described in section 480.
* Another representative sampling method may be used when appropriate.
The auditor should consult with the Statistician if classical variables
sampling or another representative sampling method is used.
* Nonrepresentative selection (nonsampling) is used when the auditor
determines that it is effective to select locations on a
nonrepresentative basis and to apply substantive analytical procedures
and/or other substantive tests to locations that are not tested on-
site.
.05:
Table 295 C.1 illustrates a possible DUS sample for each stratum, using
design materiality of $3 million and 95-percent assurance. For a DUS
sample, the sampling interval would be $1 million, and the preliminary
estimate of the sample size would be 100 ($100 million divided by
$1 million). Section 400 provides additional information on calculating
the amounts in the table and the various selection methods.
Table 295 C.1: EXAMPLE OF DUS SAMPLING:
[See PDF for image]
[A] The preliminary estimate of sample size is computed by dividing the
total balance by the sampling interval of $1,000,000. Refer to section
400 for additional information concerning sampling.
[B] The actual number of items tested in the top stratum may be fewer
than the preliminary estimate of sample size because a top stratum
selection may include more than one sample item. For example, if the
implicit sampling interval is $1,000,000, a $2 million selection would
include two of the sample items.
[End of table]
TESTING THE ITEMS:
.06: The auditor determines the number of items to be tested at each
location, and then selects and tests those items. For each line item/
account the auditor should determine the total number of items to be
tested, based on the applicable selection method and population, test
materiality, and risk factors, as described in sections 480 and 495 E.
.07:
The auditor should perform analytical and other procedures, as
applicable, for both the locations selected and those not selected.
Generally, the auditor should perform supplemental analytical
procedures, including comparisons of locations with each other and with
other years' information, for all locations, regardless of the
selection method. When nonrepresentative selection is used, the auditor
must apply appropriate substantive analytical procedures and/or other
substantive procedures for locations not tested on-site, unless those
locations are immaterial in total. Section 400 provides guidance on
substantive and supplemental analytical procedures. Specific matters
noted during the audit--for example, cutoff errors at one or more
locations--may warrant increased or different audit procedures at
locations not previously selected for on-site testing.
.08:
In evaluating the result of a sample, the auditor estimates the
effects, both quantitative and qualitative, on the financial statements
taken as a whole, of any misstatements noted, as discussed in sections
480 and 540. In visiting selected locations, in addition to the issues
concerning evaluation of samples in those sections, the auditor should
exercise judgment and should apply the following additional procedures:
a. Determine if apparent misstatements are, in fact, misstatements that
have not been corrected at some level in the entity.
b. Ask management to identify the cause of the misstatement.
c. Obtain evidence as to whether the same or similar types of
misstatement exist at other locations (including locations not tested
on-site). If the evidence is highly persuasive that the misstatement
does not exist at other locations and the Audit Director concurs, the
auditor may treat the effect on the entity the same as that on the
location. (See paragraph 480.40 for a discussion of requirements for
deciding whether evidence is highly persuasive.):
d. If the misstatement is not isolated to the location, determine
whether there is evidence that the misstatement exists in other than a
similar proportion throughout the entity. If such evidence exists, the
auditor should obtain evidence of the incidence rate and should
determine the effect on the entity; additional testing may be required.
If no such evidence exists, the auditor should project the misstatement
to the entity.
.09:
In a nonrepresentative selection, the auditor should consider the
possible effects of misstatements on locations not visited and
determine whether additional audit procedures are required. Because the
selection is not representative, the misstatements cannot be projected
to the entity as a whole.
.10: The auditor should evaluate the sufficiency of audit procedures
applied. The auditor should use judgment and should consider all
relevant factors to determine whether the audit objectives are met,
considering the specific circumstances.
[End of section]
295 D - INTERIM SUBSTANTIVE TESTING OF BALANCE SHEET ACCOUNTS:
.01:
The auditor may consider performing significant substantive tests of
balance sheet line items/accounts as of a date before the balance sheet
date. If such interim tests are performed, the auditor should also
apply audit procedures to the transactions during the "roll forward
period" between the interim testing date and the balance sheet date
(year end).
.02:
Because evidence obtained as of the year end about an asset or
liability balance provides a higher level of assurance than that
obtained as of a prior or subsequent date, the audit risk generally
increases as the length of the roll forward period increases. Although
generally accepted auditing standards do not require moderate or low
control risk to use interim testing, the auditor should consider
inherent, control, and fraud risk in determining whether substantive
tests of the roll forward period can be designed to provide a
reasonable basis for extending the audit conclusions from the interim
testing date to the year end.
.03:
The additional audit procedures that should be performed during the
roll forward period ordinarily increase the overall audit costs.
However, by performing these procedures before the year's end, the
auditor may be able to:
* more quickly identify and address significant audit and accounting
issues, such as problem areas and complex or unusual transactions,
enabling the entity to correct misstatements or the auditor to modify
the audit plan;
* complete the audit and issue the audit report earlier; and:
* improve staff utilization and enable a smaller number of staff
members to perform the audit by allocating the total audit hours over
a longer period before the report issuance date.
.04: Generally, the auditor should not perform interim tests for an
assertion with a high control or combined risk. In such instances, all
substantive testing of balance sheet line items/accounts generally
should be performed as of the year end. If the preliminary assessment
of control and combined risk is moderate or low and exceptions are
noted in the tests of controls, the auditor should use judgment,
considering the nature, cause, and estimated effects of the exceptions,
to determine whether revisions of the preliminary control and combined
risk assessments and audit plan are warranted.
.05:
In determining whether to apply interim testing, the auditor should
consider the following factors:
* The assessment of inherent, control, and fraud risk: The auditor
should consider the risk of misstatement during the roll forward
period, as well as all other relevant factors, including business
conditions that may make management more susceptible to pressures,
causing a misstatement of the financial statements. As combined risk
(inherent and control risk) and fraud risk increase, so does the
extent of the additional procedures that should be applied to the roll
forward period, possibly making interim testing much more costly than
testing the year-end balance. However, the auditor may be able to
apply interim testing to certain assertions for which combined risk is
assessed at lower levels while testing the other assertions as of the
year end.
* The anticipated comparability of the internal controls and the
nature of the line item/account balances from the interim testing date
to the year end: To extend the audit conclusions from the interim date
to the year-end date, it is essential that no significant changes in
internal control occur from the interim date to the year-end date and
that the line item/account balances consist of similar types of items
at both dates.
* The amount of the line item/account balance at the interim testing
date in relation to the expected year-end balance: A significant
increase in the amount of the line item/account balance between
interim and year-end dates would diminish the auditor's ability to
extend the audit conclusions to the year end. In addition, applying
substantive interim tests to a large line item/account balance may be
inefficient if the year-end balance is expected to be lower than the
balance at the interim date.
* The length of the roll forward period: The longer the roll forward
period, the more difficult it is to control the increased audit risk.
The roll forward period generally should not be longer than 3 months.
* The anticipated level of transaction activity during the roll forward
period: Interim testing generally decreases in effectiveness and
efficiency as the level of transaction activity during the roll forward
period increases, particularly if there are large or unusual
transactions during this period.
* The ease with which substantive procedures can be applied to test
the transactions during the roll forward period: As the difficulty of
such procedures increases, the efficiency of interim testing generally
decreases.
* The availability of information to test roll forward period activity
using substantive analytical procedures, detail tests, or a combination
of both: If sufficient information is not available, interim testing is
not appropriate.
* The timing of the audit, staffing and scheduling requirements, and
reporting deadlines: Tight deadlines or the unavailability of necessary
staff to perform audit procedures at the year's end may necessitate
interim testing.
.06:
In determining the timing of audit tests, the auditor should consider
the relationships between line items/accounts that are affected by the
same transactions. For example, if the auditor applies interim testing
to inventory, the audit risk associated with inventory-related accounts
payable, including cutoff matters, should be considered. The auditor
may apply substantive procedures to each of the related line items/
accounts as of the same interim testing date or may apply other
procedures to obtain sufficient audit assurance.
.07:
The auditor should document in the ARA (or equivalent) line items/
accounts (and assertions, where applicable) to which interim testing is
applied. The factors considered when concluding that the use of interim
testing is appropriate should be documented in the GRA or equivalent.
[End of section]
295 E - EFFECT OF RISK ON EXTENT OF AUDIT PROCEDURES:
.01:
The concepts of materiality and risk interrelate and sometimes are
confused. The auditor determines materiality based on the users'
perceived concerns and needs. The auditor assesses risk based on (but
not limited to) knowledge of the entity, its business (purpose),
applicable laws and regulations, and internal control.
.02:
The auditor considers both materiality and risk in (1) determining the
nature, timing, and extent of audit procedures and (2) evaluating the
results of audit procedures. The evaluation of risk usually does not
affect materiality. However, risk affects the extent of testing needed.
The higher the auditor's assessment of inherent and control risk
(combined risk), including fraud risk, the higher the required level of
substantive assurance from the audit procedures. The discussion of
consideration of risk in planning begins at paragraph 260.02.
Consideration of risk in determining sample size is discussed in
section 470.
.03:
As an example, assume that the auditor is testing accounts receivable
using dollar-unit sampling techniques described in section 480.
Following are the pertinent data for this test:
* Accounts receivable total $2.5 million.
* Test materiality is $100,000.
If the auditor assesses combined risk as low, the sample size would be
25 items; if combined risk is assessed as high, the sample size would
be 75 items. The increase in the assessment of risk caused the required
sample size to triple with the same test materiality.
.01:
As discussed in paragraph 270.04, the auditor should identify IS
controls. Such controls should be tested by an IS auditor as described
in section 300 and in accordance with the FISCAM or other appropriate
methodology. IS controls can be classified into three types:
* general controls,
* application controls, and:
* user controls.
GENERAL CONTROLS:
.02:
General controls are the policies and procedures that apply to an
entity's overall computer operations and that create the environment in
which application controls and certain user controls, which are control
activities, operate. They are classified as:
* entitywide security management program that provides a framework and
continuing cycle of activity for managing risk, developing security
policies, assigning responsibilities, and monitoring the adequacy of
the entity's computer-related controls;
* access control that limits or detects access to computer resources
(data, programs, equipment, and facilities), thereby protecting these
resources against unauthorized modification, loss, and disclosure;
* application software development and change control that prevents
unauthorized programs or modifications to an existing program from
being implemented;
* system software control that limits and monitors access to the
powerful programs and sensitive files that (1) control the computer
hardware and (2) secure applications supported by the system;
* segregation of duties that means having policies, procedures, and an
organizational structure established so that one individual cannot
control key aspects of computer-related operations and thereby conduct
unauthorized actions or gain unauthorized access to assets or records;
and:
* service continuity control to ensure that when unexpected events
occur, critical operations continue without interruption or are
promptly resumed and critical and sensitive data are protected.
Chapter 3 of the FISCAM has detailed guidance on evaluating and testing
general controls.
.03:
General controls are established at an (1) entity and/or installation/
system level and (2) application level. For example, consider the
following general controls related to security access:
* In evaluating general controls at the entity or installation level,
the IS auditor considers security on an overall basis. For instance,
the IS auditor may evaluate the entity's use of security access
software, including its proper implementation.
* When evaluating general controls at the application level, the IS
auditor reviews security controls that limit access to particular
applications and related computer files. Thus, the IS auditor may focus
on how security access software restricts access to payroll
applications and related files (such as the employee master file and
payroll transaction files) to authorized users.
* Finally, security is typically built into the application itself to
further restrict authorized access. This security is usually
accomplished by means of menus and other restrictions programmed into
the application software. Thus, a payroll clerk may have access to
payroll applications but may be restricted from access to a specific
function, such as reviewing or updating payroll data on payroll
department employees.
.04: The effectiveness of general controls is a significant factor in
determining the effectiveness of application controls and certain user
controls. Without effective general controls, application controls may
be rendered ineffective by circumvention or modification. For example,
the production and review of an exception report of unmatched items can
be an effective application control. However, this control would be
ineffective if the general controls permitted unauthorized program
modifications such that certain items would be inappropriately excluded
from the report. Certain user controls are also affected by general
controls. For example, a user control may be the comparison of manually
calculated batch totals with computer-generated totals. Such a
procedure would be ineffective if the general controls permitted
unauthorized modifications of the program such that the program would
print the desired batch totals without summarizing the detail.
APPLICATION CONTROLS:
.05: Application controls are incorporated directly into individual
computer applications to provide reasonable assurance of accurate and
reliable processing. Application controls address three major
operations:
* data input,
* data processing, and:
* data output.
.06: FISCAM, in chapter 4, uses control categories that better tie in
with the methodology used in the FAM. These categories relate to the
financial statement assertions and are as follows.
* Authorization control. This category is most closely aligned with the
financial statement accounting assertion of existence or occurrence
and, therefore, focuses on the validity of transactions. Consequently,
it includes controls designed to ensure that transactions are
appropriately authorized and approved and represent economic events
that actually occurred during a given period.
* Completeness control. This category directly relates to the financial
statement accounting assertion on completeness and deals with whether
all valid transactions are recorded. Also included in this category are
reconciliation controls, which not only help detect misstatements
relating to transaction completeness, but can also be used to identify
the cutoff and summarization misstatements associated with both the
existence or occurrence and completeness assertions.
* Accuracy control. This category most directly relates with the
financial statement assertion on valuation or allocation, which deals
with whether transactions are recorded at correct amounts. This control
category, however, is not limited to valuation, and also includes
controls designed to ensure that transactions are properly classified
and entered into the application correctly.
* Control over integrity of processing and data files. These
application controls are not limited directly to one specific
accounting application assertion, and if deficient could nullify other
application controls and allow the occurrence of unauthorized
transactions, as well as contribute to incomplete and inaccurate
data.
USER CONTROLS:
.07:
User controls are manual comparisons of computer output (generally
totals) to source documents or other input (including control totals).
For example, a manual calculation of total hours worked may be
reconciled to a corresponding computer-generated total from the payroll
processing application. Where user controls are used, computer-
generated information should be manually compared with reliable
information prepared or verified independently of the computer.
.08:
In certain circumstances, user controls may function independently of
general controls. For example, a user control may be to manually check
the accuracy and completeness of IS-computed transactions against
manually prepared records. With the concurrence of the IS auditor, such
control activities may be evaluated and tested without testing general
controls.
[End of section]
295 G - BUDGET CONTROLS:
.01:
Budget controls are management's policies and procedures for managing
and controlling the use of appropriated funds and other forms of budget
authority. Budget controls are part of the internal controls covered in
OMB's audit guidance. During planning, the auditor should assess
related inherent risk and the control environment, risk assessment,
communication, and monitoring and should obtain an understanding of the
budget accounting system.
.02:
Certain controls may achieve both financial reporting and other control
objectives. Accordingly, to maximize efficiency, the auditor should
coordinate the evaluation of budget controls with that of financial
reporting, compliance, and operations controls, to the extent possible.
.03:
Budget authority is authority provided by law to enter into financial
obligations which will result in immediate or future outlays involving
government funds (2 U.S.C. 622(2)). The Congress provides an entity
with budget authority and may place restrictions on the amount,
purpose, and timing of the obligation or outlay of such budget
authority.
.04:
The three forms of budget authority follow:
* Appropriations are the most common form of budget authority. An
appropriation is an authorization by an act of the Congress that
permits federal agencies to incur obligations and to make payments out
of the Treasury for specified purposes. Appropriations do not represent
cash actually set aside in the Treasury for purposes specified in the
appropriation acts. Appropriations represent amounts that agencies may
obligate during the period specified in the appropriation acts.
* Borrowing authority is statutory authority that permits federal
agencies to borrow and obligate and expend borrowed funds (title 7 of
the GAO Policies and Procedures Manual). Usually, the amount that may
be borrowed and the purposes for which the borrowed funds are to be
used are stipulated by the authorizing statute.
* Contract authority is statutory authority that permits obligations
to be incurred before appropriations or in anticipation of receipts to
be credited to a revolving fund or other account (offsetting
collections). By definition, contract authority is unfunded and must
subsequently be funded by an appropriation or offsetting collections
to liquidate the obligations incurred under the contract authority.
.05:
Offsetting collections are collections of a business-or market-oriented
nature and intragovernmental transactions. If, pursuant to law, they
are deposited to receipt accounts and are available for obligation,
they are considered budget authority and referred to as offsetting
receipts. Contract authority and immediate availability of offsetting
receipts for use are the usual forms of budget authority for revolving
funds. Offsetting collections may also include reimbursements for
materials or services provided to other government entities.
.06:
Borrowing and contract authority are sometimes called "back door
authority," which refers to any type of budget authority that is
provided by legislation outside the normal appropriations process.
[End of section]
295 H - LAWS IDENTIFIED IN OMB AUDIT GUIDANCE AND OTHER GENERAL LAWS:
.01:
When identifying significant provisions of laws and regulations (see
paragraph 245.02), the auditor should consider the following laws and
regulations identified in OMB audit guidance in addition to any others
that could have a direct and material effect on the financial
statements and RSSI. Following each listed law is the subsection in FAM
section 800 (under revision) that contains the compliance summary and
audit program for that law.
* Antideficiency Act (codified as amended in 31 U.S.C. 1341, 1342,
1351, and 1517). (FAM section 803). Provisions: 31 U.S.C.
1341(a)(1)(A) and (C), and 31 U.S.C. 1517(a).
* Provisions Governing Claims of the United States Government as
provided primarily in sections 3711-3720E of Title 31, Unites States
Code (including provisions of the Debt Collection Improvement Act of
1996, Pub. L. No. 104-134, 110 Stat. 1321-358, which also is codified
in various sections of 5 U.S.C., 18 U.S.C., 26 U.S.C., 31 U.S.C., and
42 U.S.C.). (FAM section 809). Provisions: 31 U.S.C. 3711, 31 U.S.C.
3717(a), (b), (c), (e), and (f), and 31 U.S.C. 3719.
* Federal Credit Reform Act of 1990, Pub. L. No. 100-508, 104 Stat.
1388-610 (codified in various sections of 2 U.S.C.). (FAM section 808).
Provisions: 2 U.S.C. 661(b) and (e).
* Pay and Allowance System for Civilian Employees as provided
primarily in Chapters 51-59 of Title 5, United States Code. (FAM
section 812). Provisions: 5 U.S.C. 5332 and 5343 and 29 U.S.C. 206.
* Prompt Payment Act (codified as amended in 31 U.S.C. 3901-3907).
(FAM section 810). Provisions: 31 U.S.C. 3902(a), (b), and (f) and 31
U.S.C. 3904.
OMB audit guidance lists the specific provisions for each law above
that the CFO Act agency is expected to test at a minimum.
.02:
The auditor should also consider whether any other general or entity-
specific laws are significant laws for the audited entity, per FAM
sections 245 and 802. The following are some general laws for which we
have included in section 800 (under revision) a compliance summary for
internal control testing and a compliance audit program. See FAM
section 802 (Part II), General Compliance Checklist, and the referenced
section for each law for internal control and compliance testing.
* Civil Service Retirement Act, 5 U.S.C. 8331 et. seq. (FAM section
813).
* Federal Employees' Compensation Act, 5 U.S.C. 8101 et. seq. (FAM
section 816).
* Federal Employees Health Benefits Act, 5 U.S.C. 8901 et. seq. (FAM
section 814).
* Federal Employees Retirement System Act of 1986. This becomes
increasingly material each year as the number of employees covered by
this act increases and those covered by the Civil Service Retirement
Act decreases. We will include a new FAM section on the compliance
summary and audit program for this act.
[End of section]
295 I - EXAMPLES OF AUDITOR RESPONSES TO FRAUD RISK FACTORS:
.01:
As discussed in section 260, the auditor is required by AU 316 (SAS 82)
to consider the risk of material misstatement to the financial
statements due to fraud. Misstatements due to fraud may arise from
fraudulent financial reporting or from misappropriation of assets.
Examples of fraud risk factors the auditor may encounter in the federal
government are found in sections 295 A and B (inherent and control risk
factors). Depending on the nature of the programs audited, the auditor
may need to consider further risk factors. The auditor generally should
consider the cases the IG has investigated or is investigating to
obtain ideas of specific risk factors to look for.
.02:
In considering the risk factors in those sections, the auditor should
note that some of these fraud risk factors will exist in entities where
circumstances do not present a risk of material misstatement. Also,
specific controls may exist to mitigate fraud risk, even where risk
factors are present. The auditor should consider whether identified
risk factors, individually and in combination, present a risk of
material misstatement of the financial statements.
.03:
In addition to the overall responses to the presence of fraud risk
factors affecting professional skepticism, assignment of personnel,
accounting principles and policies, controls, and/or modification of
the nature, timing, and extent of procedures discussed in section 260,
the auditor may decide that a specific response to the fraud risk
factors identified is required. These are examples of specific
responses:
* Conduct surprise or unannounced visits or procedures (such as
inventory observations or cash counts).
* Request that physical inventory be taken closer to year end.
* Contact major customers and suppliers orally and in writing for
confirmations, request confirmations of specific persons in the
organizations, or request confirmation of more or different
information.
* Review year-end adjusting entries in detail and investigate any that
appear unusual.
* For significant and unusual transactions, especially near year end,
investigate the possibility of related parties (see section 1006).
* Perform substantive analytical procedures at a detailed level, such
as by location, line of business, or month.
* Interview personnel in areas where fraud risk factors are a concern
to obtain their insights about the risk and whether or how controls
address the risk.
* Discuss with other auditors who are auditing departments, locations,
or
programs of the entity, the extent of work necessary to assure that the
risk of material misstatement due to fraud resulting from transactions
and activities among these components is adequately addressed.
* If a specialist's work is particularly significant, perform
additional procedures with respect to some or all of the specialist's
assumptions, methods, or findings to determine that the findings are
not unreasonable, or engage another specialist to do that (see section
650).
* Perform additional or more focused analytical procedures concerning
budget to actual variances and their underlying causes.
* Test a larger sample of disbursement transactions for validity.
.04: If there is an increased risk of material misstatement due to
fraudulent financial reporting, example responses include:
* Revenue recognition. Confirm with customers relevant contract terms
and absence of side agreements.
* Inventory quantities. Review inventory records to identify
locations, areas, or items for specific attention during or after
physical inventory. It may be important to count all locations on the
same date, or to observe some locations on an unannounced basis. The
auditor may examine the contents of boxed items more rigorously,
investigate how boxes are stacked or labeled and the quality of the
contents, or he or she may do additional testing of count sheets or
tags or maintain copies to minimize the risk of subsequent alteration.
* Allowance for loan losses. Perform more detailed analytical
procedures (such as analyzing specific credit lines rather than the
portfolio taken as a whole), increase the sample size of loans to
conclude as to the accuracy of credit risk and adequacy of loan loss
allowances for specific loans, or increase the number of confirmation
requests to gain further evidence as to existence.
.05:
If there is an increased risk of material misstatements due to
misappropriation of assets, example responses include the following:
* Evaluate control risk differently at different locations when the
risk is greater at specific locations (such as when a large amount of a
specific type of asset that is particularly susceptible to such risk is
present at some locations), requiring a different response at different
locations.
* With a particular asset that is highly susceptible to
misappropriation, understanding and testing controls may be important.
Also, physical inspection of such assets at or near year end may be
appropriate, as well as analytical procedures using a narrow precision
in the auditor's expectation.
* In some programs, consider additional participant eligibility
testing, including unannounced visits to intake centers or work sites
to test the existence and identity of participants, or observe benefit
payment distribution to identify "ghost" participants, or use
confirmation requests to test the existence of program participants.
[End of section]
295 J - STEPS IN ASSESSING INFORMATION SYSTEM CONTROLS:
.01:
As discussed in section 260, the following are the steps the auditor
and the IS auditor generally follow in assessing IS controls in a
financial statement audit. However, the audit team may decide to test
the effectiveness of the general controls even if they are not likely
to be effective, or the team may decide to review application controls
even though general controls are not effective. The team may decide to
do this to be able to make better recommendations on how to fix weak
controls.
Steps in Assessing Information System Controls In a Financial
Statement Audit:
[See PDF for image]
[End of figure]
[End of section]
FOOTNOTES
[1] If the auditor uses software to calculate sample size, he or she
should understand how the software considers expected misstatements.
For example, if the auditor uses Interactive Data Extraction and
Analysis (IDEA) to calculate sample size when test materiality is lower
than design materiality, because the auditor expects misstatements, the
auditor should use design materiality in IDEA because he or she
separately inputs the expected misstatement. See paragraph 480.27.
[2] The auditor is not required to opine on RSSI, but, per OMB audit
guidance, internal control over RSSI should be tested the same as
internal control over the financial statements.
[3] Assurance is not the same as statistical confidence. Assurance is a
combination of quantitative measurement and auditor judgment.
[4] See also GAO's Standards for Internal Control in the Federal
Government, GAO/AIMD-00-21.3.1, November 1999.
SECTION 300:
Internal Control Phase:
Figure 300.1: Methodology Overview
Planning Phase:
* Understand the entity's operations: Section 220:
* Perform preliminary analytical procedures: Section 225:
* Determine planning, design, and test materiality: Section 230:
* Identify significant line items, accounts, assertions, and RSSI:
Section 235:
* Identify significant cycles, accounting applications, and financial
management systems: Section 240:
* Identify significant provisions of laws and regulations: Section 245:
* Identify relevant budget restrictions: Section 250:
* Assess risk factors: Section 260:
* Determine likelihood of effective information system controls:
Section 270:
* Identify relevant operations controls to evaluate and test: Section
275:
* Plan other audit procedures: Section 280:
* Plan locations to visit: Section 285:
Internal Control Phase:
* Understand information systems: Section 320:
* Identify control objectives: Section 330:
* Identify and understand relevant control activities: Section 340:
* Determine the nature, timing, and extent of control tests and of
tests for systems’ compliance with FFMIA requirements: Section 350:
* Perform nonsampling control tests and tests for systems’ compliance
with FFMIA requirements: Section 360:
* Assess controls on a preliminary basis: Section 370:
Testing Phase:
* Consider the nature, timing, and extent of tests: Section 420:
* Design efficient tests: Section 430:
* Perform tests and evaluate results: Section 440:
** Sampling control tests: Section 450:
** Compliance tests: Section 460:
** Substantive tests: Section 470:
*** Substantive analytical procedures: Section 475:
*** Substantive detail tests: Section 480:
Reporting Phase:
* Perform overall analytical procedures: Section 520:
* Determine adequacy of audit procedures and audit scope: Section 530:
* Evaluate misstatements: Section 540:
* Conclude other audit procedures: Section 550:
** Inquire of attorneys:
** Consider subsequent events:
** Obtain management representations:
** Consider related party transactions:
* Determine conformity with generally accepted accounting principles:
560:
* Determine compliance with GAO/PCIE Financial Audit Manual: Section
570:
* Draft reports: Section 580:
[End of figure]
310 - OVERVIEW:
.01:
In the internal control phase, the auditor should gain an understanding
of internal control and obtain evidence about the effectiveness of
internal control to (1) assess control risk, (2) determine the nature,
timing, and extent of control, compliance, and substantive testing, and
(3) form an opinion or report on internal control over financial
reporting and compliance. Control risk should be assessed separately
for each significant financial statement assertion in each significant
cycle/accounting application (including RSSI). (See figure 300.1.) The
auditor also should gain an understanding of the components of internal
control relating to the existence and completeness assertions (and
valuation for GAO audits) (see definitions of assertions in paragraph
235.02) relevant to the performance measures reported in the MD&A
(overview) of the Accountability Report in order to report on controls
that have not been properly designed and placed in operation. The
auditor is not required to test performance measures controls, but he
or she may decide to do so.
.02:
The entity's management is responsible for establishing and maintaining
internal control to provide reasonable assurance that the entity's
objectives will be met. In a financial statement audit, the auditor
evaluates those internal controls designed to provide reasonable
assurance that the following objectives are met (also see paragraph
310.10 for the auditor's responsibility for performance measures
controls):
* Reliability of financial reporting ("financial reporting controls")
--transactions are properly recorded, processed, and summarized to
permit the preparation of the financial statements and RSSI in
accordance with generally accepted accounting principles, and assets
are safeguarded against loss from unauthorized acquisition, use, or
disposition;
* Compliance with applicable laws and regulations ("compliance
controls") --transactions are executed in accordance with (a) laws
governing the use of budget authority and other laws and regulations
that could have a direct and material effect on the principal
statements or RSSI, and (b) any other laws, regulations, and
governmentwide policies identified by OMB in its audit guidance.
.03:
The auditor should determine whether such internal control provides
reasonable assurance that misstatements, losses, or noncompliance,
material in relation to the financial statements, would be prevented or
detected during the period under audit. In addition, if the auditor
intends to opine on internal control, he or she makes a separate
conclusion on internal control as of the end of the period.
Additionally, the auditor may test certain operations controls and
should understand performance measures controls, as discussed in the
planning phase (section 275).
.04:
Internal control over safeguarding assets constitutes a process,
effected by an entity's governing body, management, and other
personnel, designed to provide reasonable assurance regarding
prevention or timely detection of unauthorized acquisition, use, or
disposition of the entity's assets that could have a material effect on
the financial statements. As used in this manual, safeguarding
controls, a part of financial reporting controls, relate to protecting
assets from loss arising from misstatements in processing transactions
and handling the related assets. Section 395 C includes a list of
typical safeguarding controls. Safeguarding controls examined as part
of a financial statement audit do not relate to the loss of assets
arising from management's operating business decisions, such as
incurring expenditures for equipment or material that might prove to be
unnecessary. (Such controls are operations controls.) Safeguarding
controls consist of (1) controls that prevent or detect unauthorized
access (direct or indirect) to assets and (2) segregation of duties.
Safeguarding controls are considered as part of financial reporting
controls.
.05:
Just as safeguarding controls are part financial reporting and part
operations controls, budget controls are part financial reporting and
part compliance controls. Budget controls that provide reasonable
assurance that budgetary transactions, such as obligations and outlays,
are properly recorded, processed, and summarized to permit the
preparation of the financial statements, mainly the statements of
budgetary resources and financing, in accordance with GAAP, are
financial reporting controls. Budget controls are generally also
compliance controls in that they provide reasonable assurance that
transactions are executed in accordance with laws governing the use of
budget authority. Some budget controls may be compliance controls only;
for example, controls over allotments, to prevent Antideficiency Act
violations.
.06:
The auditor must evaluate and test certain controls. AU 319 (SAS 55
amended by SAS 78) permits the auditor to assess control risk at a high
(maximum) level and forgo evaluation and testing of financial reporting
controls if the auditor believes evaluating their effectiveness would
be inefficient. However, because OMB audit guidance requires the
auditor to perform sufficient tests of internal controls that have been
properly designed and placed in operation to support a low assessed
level of control risk, the auditor may not elect to forgo control tests
solely because it is more efficient to extend compliance and
substantive audit procedures.
.07:
The following are the types of controls to test:
* financial reporting controls (including certain safeguarding and
budget controls) for each significant assertion in each significant
cycle/accounting application (identified in section 240),
* compliance controls for each significant provision of laws and
regulations (identified in section 245), including budget controls for
each relevant budget restriction (identified in section 250), and:
* operations controls for each operations control (1) relied on in
performing financial audit procedures or (2) selected for testing by
the audit team. The auditor also should understand performance measures
controls, but is not required to test them. However, the auditor may
decide to test them (see section 275).
.08:
The auditor is not required to test controls that have not been
properly designed and placed in operation. Thus, internal controls that
are not effective in design (or in operation, based on prior years'
testing) do not need to be tested. If the auditor determined in a prior
year that controls in a particular accounting application were
ineffective and if management indicates that controls have not
improved, the auditor need not test them. On the other hand, if
controls have been determined to be effective in design and placed in
operation, the auditor must perform sufficient tests of their
effectiveness to support a low assessed level of control risk. In such
cases, the auditor may consider using a rotation approach to testing
controls over the various accounting applications, as described in
section 395 G. If the auditor expects to disclaim an opinion because of
scope limitations or inadequate controls, the auditor may limit
internal control work to updating the understanding of controls and
whether they have been placed in operation. The auditor may do this by
inquiring as to whether previously identified control weaknesses have
been corrected. In the year the auditor expects to issue an opinion on
the financial statements, the auditor needs a basis of sufficient work
on internal control.
.09:
In the internal control phase, the auditor should perform and document
the following procedures:
* Understand the entity's information systems for financial reporting,
compliance with laws and regulations, and relevant operations
(including reported performance measures) (see section 320).
* Identify control objectives (see section 330).
* Identify and understand relevant control activities that effectively
achieve the control objectives (see section 340).
* Determine the nature, timing, and extent of control testing (not
necessary for performance measures controls) (see section 350).
* Perform control tests that do not involve sampling (nonsampling
control tests - see section 360).[Footnote 1] (Sampling control tests,
if necessary, are performed in the testing phase, as discussed in
section 450.) Testing is not required for performance measures
controls.
* On a preliminary basis, based on the evidence obtained, assess (1)
the effectiveness of financial reporting, compliance, and relevant
operations controls and (2) control and combined risk (see section
370). (Combined risk, which includes inherent and control risk, is
discussed in paragraph 370.09).
.10:
OMB's audit guidance also defines internal control over performance
measures as a process, effected by management and other personnel,
designed to provide reasonable assurance that the following objective
is met:
* Reliability of performance reporting--transactions and other data
that support reported performance measures are properly recorded,
processed, and summarized to permit the preparation of performance
information in accordance with criteria stated by management.
OMB requires the auditor to obtain an understanding of the components
of internal control over performance measures included in the MD&A
relating to the existence and completeness assertions (for GAO audits,
the valuation assertion is also included in the understanding) and to
report deficiencies in the design of those controls that have not been
properly designed and placed in operation. Note that the auditor is not
required to test internal control over performance measures.
.11:
In gaining an understanding of an entity's internal control, the
auditor should obtain knowledge about the design of relevant controls
and whether they have been placed in operation. In obtaining knowledge
about whether controls have been placed in operation, the auditor
determines whether the entity is using them, rather than merely having
them written in a manual, for example. This differs from determining a
control's operating effectiveness, which is concerned with how the
control was applied, the consistency with which it was applied, and by
whom. Gaining an understanding of internal control does not require
that the auditor obtain knowledge about operating effectiveness.
[End of section]
320 - UNDERSTAND INFORMATION SYSTEMS:
.01:
The auditor should obtain an understanding of the entity's information
systems (including methods and records) for processing and reporting
accounting (including RSSI), compliance, and operations data (including
performance measures reported in the MD&A (overview) of the
Accountability Report).[Footnote 3] The information systems are part of
the information and communication component of internal control. The
communication portion of this component was considered in section 260.
The auditor should obtain sufficient knowledge of each type of system
to understand the information in paragraphs 320.03-.07. The auditor may
use an IS auditor to assist in understanding and documenting the IS
aspects of these systems. The understanding of the systems should be
documented in cycle memorandums or other narratives and flow charts.
.02:
The auditor should perform sufficient system walkthroughs to confirm
the understanding of significant information about such systems.
However, if the auditor already has a sufficient understanding of the
systems as a result of procedures performed in the preceding year,
discussion of any system changes with management may be substituted for
the walkthroughs. In a walkthrough of an accounting system, the auditor
traces one or more transactions from initiation through all processing
to inclusion in the general ledger, observing the processing in
operation and examining related documents. Because walkthroughs are
important in understanding the transaction process and in determining
appropriate audit procedures, they should be performed for all
significant accounting applications. Walkthroughs of budget
accounting, compliance, and operations systems (including reported
performance measures) should provide the auditor with evidence about
the functioning of such systems. This walkthrough is to confirm the
understanding of the system. The IS aspects of each system should be
incorporated into the audit workpapers, supplemented by additional flow
charts, narratives, and checklists, as considered necessary.
ACCOUNTING SYSTEM(S):
.03:
The auditor should obtain an understanding of and should document the
following for each significant cycle and accounting application
(including those dealing with RSSI):
* The manner in which transactions are initiated;
* The nature and type of records, journals, ledgers, and source
documents, and the accounts involved;
* The processing involved from the initiation of transactions to their
inclusion in the financial statements, including the nature of computer
files and the manner in which they are accessed, updated, and deleted;
and:
* The process used to prepare the entity's financial statements and
budget information, including significant accounting estimates,
disclosures, and computerized processing.
.04:
Understanding the processing involved will be important in determining
whether the financial management systems substantially comply with
federal financial management systems requirements, federal accounting
standards, and the SGL at the transaction level, so the auditor can
report as required by FFMIA. If the entity is likely to receive an
unqualified opinion and to have no material weaknesses in internal
control, the auditor should test, (for efficiency, this could be done
while performing nonsampling control tests (see section 350)),
significant information the entity provides to support its assertion
about the substantial compliance of its systems.
BUDGET ACCOUNTING SYSTEM(S):
.05:
Through discussions with individuals responsible for accounting for
budget execution, the auditor should understand and document the
entity's process for:
* Developing and requesting apportionments from OMB;
* Establishing and allocating allotments within the entity, including
reprogramming of allotments;
* Establishing and recording commitments, if applicable;
* Establishing, recording, and monitoring obligations (undelivered
orders);
* Establishing and recording expended authority (delivered orders);
* Establishing and recording outlays;
* Monitoring supplemental appropriations;
* Recording transactions in and adjustments to expired accounts; and:
* Monitoring canceled (closed) accounts.
COMPLIANCE SYSTEM(S):
.06:
The compliance system includes the entity's policies and procedures to
monitor overall compliance with laws and regulations applicable to the
entity. Through discussions with entity management, the auditor should
understand and document the entity's process for:
* Identifying and documenting all laws and regulations applicable to
the entity;
* Monitoring changes in applicable laws and regulations and responding
on a timely basis;
* Establishing policies and procedures for complying with specific laws
and regulations and clearly documenting and communicating these
policies and procedures to appropriate personnel;
* Assuring that an appropriate number of competent individuals at
appropriate levels within the entity monitor the entity's compliance
with applicable laws and regulations; and:
* Investigating, resolving, communicating, and reporting any
noncompliance with laws and regulations.
OPERATIONS SYSTEM(S) (INCLUDING REPORTED PERFORMANCE MEASURES):
.07:
Through discussions with appropriate entity personnel, the auditor
should understand and document any entity systems in which operations
controls to be evaluated and tested operate, and any systems that
produce the data used in performance measures reported in the MD&A
(overview) of the Accountability Report. For example, if the auditor
intends to evaluate and test an operations control that is dependent on
certain statistical information, the auditor should understand how such
statistical information is developed. Also, although the auditor is not
required to test controls over a system producing data used in
performance measures (unless it is an accounting or other system tested
for other reasons), he or she should understand the system and the
design of internal control related to the existence, completeness, and,
for GAO audits, valuation (see definition in paragraph 235.02)
assertions and whether they have been placed in operation. Thus, the
auditor should understand and document the following:
* How the entity determines the performance measures to report,
including their relationship to the entity's mission;
* The source of the information used in performance measures;
* The processing involved from the initial source information to its
inclusion in performance measures; and:
* The process used to prepare the performance measures from the system-
produced data.
[End of section]
330 - IDENTIFY CONTROL OBJECTIVES:
.01:
The auditor should identify control objectives for each type of control
that, if achieved, would provide the entity with reasonable assurance
that misstatements (whether caused by error or fraud), losses, or
noncompliance material in relation to the principal statements would be
prevented or detected. For RSSI, the objectives would relate to
controls that would provide reasonable assurance that misstatements,
losses, or noncompliance that would be considered material by users of
the information would be prevented or detected. Such objectives should
cover the following general areas:
* Financial reporting controls: Prevent or detect aggregate
misstatements in significant financial statement assertions, including
assertions relating to RSSI and the statements of budgetary resources
and financing. Also, Safeguarding controls: Safeguard assets against
loss from unauthorized acquisition, use, or disposition.
* Compliance controls: Comply with significant provisions of applicable
laws and regulations. Also, Budget controls: Execute transactions in
accordance with budget authority.
* Operations controls: For each relevant operations control, achieve
the performance level desired by management for the planning,
productivity, quality, economy, efficiency, or effectiveness of the
entity's operations. For performance measures controls, report the
data used to measure the entity's performance in accordance with
criteria stated by management.
Paragraphs 330.02-.11 describe the process for identifying control
objectives for each type of control.
FINANCIAL REPORTING CONTROLS:
.02: The auditor should evaluate and test financial reporting controls
for each significant assertion in each significant line item or
account, including RSSI and the statements of budgetary resources and
financing. (See paragraph 235.02 for a discussion of financial
statement assertions.) The first step in developing control objectives
for financial reporting controls is to consider the types of
misstatements that might occur in each significant assertion in each
significant line item or account. One or more potential misstatements
can occur in each financial statement assertion. For example, for the
existence or occurrence assertion, potential misstatements can occur
in the following four areas:
* Validity: Recorded transactions do not represent economic events that
actually occurred.
* Cutoff: Transactions are recorded in a different period from that in
which the economic events occurred.
* Summarization: Transactions are summarized improperly, resulting in
an overstated total.
* Substantiation: Recorded assets and liabilities of the entity do not
exist at a given date.
For each potential misstatement, there are one or more control
objectives that, if achieved, would prevent or detect the potential
misstatement. These potential misstatements and control objectives
provide the auditor the primary basis for assessing the effectiveness
of an entity's control activities.
Identifying Potential Misstatements and Control Objectives:
.03: As discussed in section 240, the auditor identifies the
significant accounting applications that provide a source of
significant entries to each significant line item or account. For
example, as illustrated in section 395 A, (1) sources of significant
entries to cash typically include the cash receipts, cash
disbursements, payroll, and cash accounting applications, and (2)
sources of significant entries to accounts receivable typically
include the billing, cash receipts, and accounts receivable accounting
applications. Such accounting applications should have been identified
in the cycle matrix or ARA or equivalent documentation.
.04: The auditor should understand how potential misstatements in
significant accounting applications could affect the related line item
or account at an assertion level. For example, an overstatement of cash
receipts typically results in (1) an overstatement of the cash account
(by overstating the debit to cash) and (2) an understatement of
accounts receivable (by overstating the credit to accounts receivable).
To illustrate this concept using the assertions, a misstatement in the
existence or occurrence assertion for cash receipts typically results
in misstatements in (1) the existence or occurrence assertion for the
cash account and (2) the completeness assertion for accounts
receivable.
.05:
The following general rules may be used to determine the effect of
transaction-related accounting applications on line items/accounts:
[See PDF for image]
[End of table]
.06: For each potential misstatement in the accounting application,
the auditor should identify related control objectives that prevent or
detect the potential misstatement. Section 395 B includes a list of
potential misstatements that could occur in each assertion in an
accounting application and related control objectives. The auditor
should exercise judgment in determining which potential misstatements
and control objectives to use. The list included in section 395 B
should be tailored to the accounting application and to the entity and
may be supplemented with additional objectives or subobjectives.
.07:
If the above procedures were performed and documented by line item or
account, a given application might be addressed two or more times. For
example (see section 395 A), the purchasing accounting application
typically would be addressed in evaluating controls relating to the
inventory, property, liabilities, and expenses accounts. To avoid such
duplication, the auditor should use a Specific Control Evaluation (SCE)
worksheet or equivalent to document the procedures discussed in
paragraphs 330.03-.06. The SCE groups potential misstatements and
control objectives by accounting application (within each cycle),
providing a format to perform and document the evaluation and testing
of internal controls efficiently. See section 395 H for an example of a
completed SCE worksheet. GAO has developed sample forms in WordPerfect
and MS Word for preparing the ARA and SCE worksheets.
The Need for Testing Safeguarding Controls and Segregation-of-Duties
Controls:
.08:
Safeguarding controls and segregation-of-duties controls are often
critical to the effectiveness of controls over liquid (easily sold or
traded), readily marketable assets (such as cash, inventories, or
property) that are highly susceptible to theft, loss, or
misappropriation in material amounts. These controls are also important
when there is an increased risk of fraud. Before selecting specific
control activities to test, the auditor should determine whether
safeguarding controls are relevant. If the auditor determines that (1)
the asset is highly liquid or marketable and (2) material amounts are
susceptible to theft, loss, or misappropriation, the auditor should
identify control objectives for safeguarding such assets and evaluate
and test safeguarding controls. On the other hand, if the asset is not
liquid or marketable or if material amounts are not readily susceptible
to theft, loss, or misappropriation, the need to test safeguarding
controls may be lessened. (Testing for segregation of duties is
discussed in paragraphs 360.11-.12. Other safeguarding controls are
considered in connection with financial reporting controls, as part of
the existence assertion.):
BUDGET CONTROLS:
.09:
The objectives of budget controls are to provide reasonable assurance
that the entity (1) properly records, processes, and summarizes
transactions to permit the preparation of the statements of budgetary
resources and financing in accordance with GAAP and (2) executes
transactions in accordance with budget authority. Section 395 F
presents a list of budget control objectives, organized by steps in the
budget process. In addition, section 395 D presents a list of selected
statutes relevant to the budget and section 395 E describes budget
steps of interest to the auditor in evaluating an entity's budget
controls. Budget control objectives may be documented in a separate SCE
worksheet for budget controls, in a memo, or incorporated in an SCE
with related financial reporting controls.
COMPLIANCE CONTROLS:
.10:
The objective of compliance controls is to provide reasonable assurance
that the entity complies with significant provisions of applicable laws
and regulations. Compliance control objectives should be tailored to
the related provision and may be documented in a separate SCE worksheet
for compliance controls, in a memo, or incorporated into an SCE with
related financial reporting controls.
OPERATIONS CONTROLS:
.11:
The objectives of operations controls are to provide reasonable
assurance that the entity effectively and efficiently meets its goals.
The objective of performance measures controls is to provide reasonable
assurance that the data that support performance measures reported in
the MD&A (overview) of the Accountability Report are properly recorded
and accounted for to permit the preparation of reliable and complete
performance information. Operations control objectives should be
tailored to the related provision and may be documented in a separate
SCE worksheet for operations controls, in a memo, or incorporated into
an SCE with related financial reporting controls.
[End of section]
340 - IDENTIFY AND UNDERSTAND RELEVANT CONTROL ACTIVITIES:
.01:
For each control objective, based on discussions with entity personnel,
the auditor should identify the control activities designed and
implemented to achieve the specific control objective.[Footnote 4] Such
controls may be recorded in the auditor's informal notes and/or
interview write-ups for use in the following procedure, but each
control activity need not be formally documented on the SCE worksheet
at this time. The auditor should first screen the activities to
identify those that are effective and efficient to test. An IS auditor
may assist the auditor in identifying and understanding IS controls.
BASIC UNDERSTANDING OF EFFECTIVENESS OF CONTROL ACTIVITIES:
.02:
The auditor should obtain a sufficient understanding of the identified
control activities to determine whether they are likely to achieve the
control objectives, assuming an effective control environment, risk
assessment, communication, and monitoring, appropriate segregation of
duties, and effective general controls. The purpose of this assumption
is to identify any weaknesses in the specific control activities that
should be corrected. When other internal control components are poor,
there is inadequate segregation of duties, or poor general controls
preclude the effectiveness of specific control activities that would
otherwise be effective, the testing of such specific control activities
may be limited to determining whether such controls are in place. To
accomplish this, the auditor might (1) discuss the cycle and specific
controls with management and then (2) perform walkthroughs by observing
the controls in place or examining several items of documentary
evidence of their existence.
FACTORS TO CONSIDER:
.03:
When evaluating whether controls are likely to achieve the control
objectives, the factors that the auditor should consider include (1)
directness, (2) selectivity, (3) manner of application, and (4) follow-
up. In determining whether control objectives are achieved, the auditor
should consider both manual and IS controls, if likely to be effective
(see section 270).
.04:
Directness refers to the extent that a control activity relates to a
control objective. The more direct the relationship, the more effective
that activity may be in achieving the objective. For example,
management reviews of inventory reports that summarize the inventory by
storage facility may be less effective in preventing or detecting
misstatements in the existence assertion for inventory than a periodic
physical inventory, which is more directly related to the existence
assertion.
.05:
Selectivity refers to the magnitude of the amount, or the significance
of other criteria or distinguishing characteristics, that a specific
control will identify as an exception condition. Examples of
selectivity thresholds are (1) a requirement for additional approvals
of all payments to vendors in excess of $25,000 and (2) management
reviews of all payments to vendors not on an entity's approved vendor
list. When determining whether a control is likely to be effective, the
auditor should consider the likelihood that items that do not meet the
selectivity threshold could, in the aggregate, result in material
misstatements of financial statements, material noncompliance with
budget authority, material noncompliance with significant provisions of
laws and regulations, or significant ineffective or inefficient use of
resources. The auditor also should consider the appropriateness of the
specified criteria used to identify items on a management or exception
report. For example, IS input controls (such as the matching of vendor
invoices with receiving reports and purchase orders) that require exact
matches of data from different sources before a transaction is accepted
for processing may be more effective than controls that accept
transactions that fall within a broader range of values. On the other
hand, controls based on exception reports that are limited to selected
information or use more selective criteria may be more effective than
lengthy reports that contain excessive information.
.06:
Manner of application refers to the way in which an entity places a
specific control into operation. The manner of application can
influence the effectiveness of a specific control. The auditor should
consider the following factors when determining the effectiveness of
controls:
* Frequency of application: This refers to the regularity with which
controls are applied. Generally, the more frequently a control is
applied, the greater the likelihood that it will be effective.
* Experience and skills of personnel: This refers to whether the person
applying a control has the necessary knowledge and expertise to
properly apply it. The lesser the person's experience and skills, the
less likely that the control will be effective. Also, the effective
application of a control is generally adversely affected if the
technique (1) is performed by an employee who has an excessive volume
of work or (2) is not performed carefully.
.07:
Follow-up refers to the procedures followed when a control identifies
an exception condition. A control's effectiveness is dependent on the
effectiveness of follow-up procedures. To be effective, these
procedures should be applied on a timely basis and should (1) determine
whether control exceptions represent misstatements and (2) correct all
misstatements noted. For example, as a control, an accounting system
may identify and put exception transactions into a suspense file or
account. Lack of timely follow-up procedures to (1) reconcile and
review the suspense file or account and (2) correct items in the
suspense file or account would render the control ineffective.
.08:
When evaluating whether controls are likely to be effective, the
auditor should consider whether the controls also are applied
effectively to adjustments/corrections made to the financial records.
Such adjustments/corrections may occur at the transaction level, during
summarization of the transactions, or may be posted directly to the
general ledger accounts.
.09:
Based on the understanding of control activities and the determination
as to whether they are likely to achieve the control objectives, the
auditor reassesses control risk to decide whether to test controls. If
control risk is high because the control activities for a particular
accounting application are not effective in design or not effective in
operation (based on prior years' testing of the control activities and
management's indication that they have not improved), the auditor does
not need to test the controls. If they are effective, the auditor must
test them, but may consider using a rotation approach to testing the
controls, as discussed in section 395 G.
[End of section]
350 - DETERMINE THE NATURE, TIMING, AND EXTENT OF CONTROL TESTS AND OF
TESTS FOR SYSTEMS' COMPLIANCE WITH FFMIA REQUIREMENTS:
.01:
For each control objective, the auditor should (1) identify specific
relevant control activities to test, (2) perform walkthroughs to be
sure that those controls are in operation, (3) document these control
activities on the SCE worksheet or equivalent, (4) determine the nature
and timing of control tests, and (5) determine the extent of control
tests. Internal control includes IS controls, as discussed further in
paragraphs 360.03-.10 and the FISCAM. For the controls over performance
measures reported in the MD&A (overview) of the Accountability Report,
the auditor does not need to test controls (although he or she may
decide to do so), but should identify the activities likely to achieve
the objectives, perform walkthroughs to be satisfied that the controls
have been placed in operation, and document the controls.
.02: The auditor also should determine the nature, timing, and extent
of tests for compliance of the entity's systems with federal financial
management systems requirements (these requirements are established by
OMB Circular A-127 and include the Joint Financial Management
Improvement Program's series of system requirements documents), federal
accounting standards (GAAP - see section 560), and the SGL at the
transaction level in order to report in accordance with FFMIA.
Substantial compliance includes the ability of the financial management
systems to routinely provide reliable and timely financial information
for managing day-to-day operations as well as to produce reliable
financial statements, have effective internal control, and comply with
legal and regulatory requirements.
.03: If it is likely that the financial statement opinion will be
unqualified and internal control will be determined to be effective,
the auditor should plan to test the systems' compliance with the
requirements. Many nonsampling control tests will also test for
compliance with the systems requirements and the SGL, although
determining compliance with federal accounting standards (GAAP) will
also require substantive testing. In designing control and substantive
tests, the auditor should keep in mind the need to report whether the
entity's financial management systems are in substantial compliance
with FFMIA requirements so that the control and other tests may serve
this dual purpose. In addition, for purposes of FFMIA financial
management systems include systems that produce the information
management uses day-to-day, not just systems that produce annual
financial statements. Thus, the auditor should test the financial
management systems used for managing financial operations and
supporting financial planning, management reporting, budgeting
activities, and systems accumulating and reporting cost information,
including the financial portion of mixed systems.
.04: For agencies with longstanding, well-documented financial
management
systems weaknesses that severely affect the systems' ability to comply
with FFMIA requirements, the auditor need not perform specific tests of
the systems' compliance with the FFMIA requirements. The auditor will
generally have adequate information about the systems to describe the
instances of lack of substantial compliance and make recommendations,
as required by FFMIA, by gaining an understanding of the systems and
performing internal control and substantive testing. The auditor also
should understand management's process for determining whether its
systems comply with the FFMIA requirements and report any deficiencies
in management's process (for example, management has not compared its
systems with JFMIP systems requirements). The auditor's report should
make clear that there may be other areas of noncompliance.
.05: Similarly, if it is likely that the opinion on the financial
statements will not be unqualified, that the entity has material
weaknesses or reportable conditions in internal control, or that it has
significant noncompliance with legal and regulatory requirements, then
the auditor may limit the scope of testing performed to support an
FFMIA assessment. However, if the auditor is concerned that he or she
may find it difficult to convince management of the systems'
noncompliance without specific tests, the auditor should perform them.
Also, the auditor should recognize that if controls have improved and/
or an unqualified opinion can be expressed, the auditor will need to
test systems for FFMIA compliance.
IDENTIFY RELEVANT CONTROL ACTIVITIES TO TEST:
.06: For each control objective identified in Section 330, the auditor
should identify the control activity, or combination of control
activities, that is likely to (1) achieve the control objective and (2)
maximize the overall efficiency of control tests. In doing this, the
auditor should consider (1) the extent of any inherent risk[Footnote 5]
and control environment, risk assessment, communication, or monitoring
weaknesses,[Footnote 6] including those related to IS (as documented in
the ARA and/or GRA document or equivalent (see section 260)) and (2)
the tentative determination of the likelihood that IS controls will be
effective, as determined in the planning phase (see section 270). The
auditor should test only the control activities necessary to achieve
the objective. For example, the entity may have several controls that
are equally effective in achieving an objective. In such a case, the
auditor should select and test the control activity that is most
efficient to test, considering such factors as (1) the extent to which
a control achieves several control objectives and thereby reduces the
number of controls that would ordinarily need to be tested and (2) the
time that will be required to test the control.
.07: For those control objectives for which the auditor preliminarily
determines that effective control activities exist or are likely to
exist, the auditor should test the selected control activities, as
discussed in sections 360 and 450. The auditor may test all, or only
certain control activities (because others are not likely to be
effective), related to a control objective. However, the auditor may
not elect to forgo control tests solely because it is more efficient to
extend substantive or compliance audit procedures. If, in any phase of
the audit, the auditor determines that control activities selected for
testing are, in fact, ineffective in design or operation, the auditor
should discontinue the specific control evaluation of related control
objectives and should report resulting weaknesses in internal control
as discussed in section 580. If the entity's management does not agree
with the auditor's conclusion that effective control activities do not
exist or are unlikely to exist, the auditor may need to perform
procedures sufficient to support that conclusion.
.08: Before testing controls the auditor believes will be effective,
the auditor may elect to complete the ARA or equivalent tentatively,
assuming that such controls are effective.
PERFORM WALKTHROUGHS TO DETERMINE WHETHER THOSE CONTROLS ARE IN
OPERATION:
.09: Before performing control tests, the auditor should perform one or
more walkthroughs to determine whether the control activities are
functioning in the manner understood by the auditor. These
walkthroughs, designed to confirm the auditor's understanding of the
control activities, differ from those performed to confirm the
auditor's understanding of the systems in which they operate (see
paragraph 320.02). Through observations, inspection, and discussions
with personnel responsible for applying or maintaining each control
(including walkthroughs), the auditor should determine whether each
control has, in fact, been placed in operation. If a control has not
been placed in operation, the auditor should consider whether other
controls are likely to achieve the related control objective(s) and
should consider testing such controls.
DOCUMENT CONTROL ACTIVITIES TO BE TESTED:
.10: The auditor should document the control activities to be tested on
the SCE worksheet or equivalent. (See an illustration in section 395
H.) (Other components of internal control are generally tested by
observation and inquiry in the planning phase. See paragraph 260.09.)
Controls that satisfy more than one control objective may be listed
(and evaluated) only once and referred to, when applicable, on
subsequent occasions. For each control to be tested, the auditor should
determine whether the control is an IS control. An IS auditor generally
should review and concur with the auditor's identification of IS
controls.
DETERMINE THE NATURE AND TIMING OF CONTROL TESTS:
.11: To obtain additional evidence of the effectiveness of specific
controls, the auditor should select the combination of control tests
(observation, inquiry, or inspection) to be performed and determine the
timing of such tests. No one specific control test is always necessary,
applicable, or equally effective in every circumstance. In fact, a
combination of these types of control tests is usually needed to
provide the necessary level of assurance. In determining the types of
tests to apply, the auditor should select the tests that are effective
and most efficient, as discussed in paragraphs 350.15-.18. Specific
types of control tests and methods to apply them are discussed below.
.12: Observation - The auditor conducts observation tests by observing
entity personnel actually performing control activities in the normal
course of their duties. Observation generally provides highly reliable
evidence that a control activity is properly applied when the auditor
is there to observe it; however, it provides no evidence that the
control was in operation at any other time. Consequently, observation
tests should be supplemented by corroborative evidence obtained from
other tests (such as inquiry and inspection) about the operation of
controls at other times.
.13: Inquiry - The auditor conducts inquiry tests by making either oral
or written inquiries of entity personnel involved in the application of
specific control activities to determine what they do or how they
perform a specific control activity. Such inquiries are typically open
ended. Generally, evidence obtained through inquiry is the least
reliable audit evidence and generally should be corroborated through
other types of control tests (observation or inspection). The
reliability of evidence obtained from inquiry depends on various
factors, such as the following:
The competence, experience, knowledge, independence, and integrity of
the person of whom the inquiry was made. The reliability of evidence is
enhanced when the person possesses these attributes.
Whether the evidence was general or specific. Evidence that is specific
is usually more reliable than evidence that is general.
The extent of corroborative evidence obtained. Evidence obtained from
several entity personnel is usually more reliable than evidence
obtained from only one.
Whether the evidence was provided orally or in writing. Generally,
evidence provided in writing is more reliable than evidence provided
orally.
.14: Inspection - The auditor conducts inspection tests by examining
documents and records for evidence (such as the existence of initials
or signatures) that a control activity was applied to those documents
and records. System documentation, such as operations manuals, flow
charts, and job descriptions, may provide evidence of control design
but do not provide evidence that controls are actually operating and
being applied consistently. To use system documentation as part of the
evidence of effective control activities, the auditor should obtain
additional evidence on how the controls were applied. Inspection is
generally a reliable source of audit evidence and is frequently used in
multipurpose testing. Because evidence of performance is documented,
this type of test can be performed at any time. The evidence previously
obtained from (1) the inspection of documents in walkthroughs (in which
inspection is performed to a lesser extent than in sampling control
tests) and (2) observation or inquiry tests may provide sufficient
evidence of control effectiveness. However, if the auditor needs
additional evidence, sampling items for inspection should be
considered. Since documentary evidence generally does not provide
evidence concerning how effectively the control was applied, the
auditor generally should supplement inspection tests with observation
and/or inquiry of persons applying the control. For example, the
auditor generally should supplement inspection of initials on documents
with observation and/or inquiry of the individual(s) who initialed the
documents to understand the procedures they followed before initialing
the documents. The auditor may also reperform the control being tested
to determine if it was properly applied.
.15: The type of control test or tests the auditor selects depends on
(1) the nature of the control to be tested and (2) the timing of and
period covered by the control test.
.16: The nature of the control influences the type of evidential matter
that is available. For example, if the control provides documentary
evidence, the auditor may decide to inspect the documentation. For
other controls, such documentation may not be available or relevant.
For example, segregation-of-duties controls generally do not provide
documentary evidence. In such circumstances, the auditor may obtain
evidential matter about the effectiveness of the control's operation
through observation or inquiry.
.17: The timing of and period covered by the control test require
consideration. The evidential matter should relate to the audit period
and, unless it is documentary evidence, should be obtained during the
audit period, when sufficient corroborative evidence is most likely to
be available. When the evidence relates to only a specific point in
time, such as evidence obtained from observation, the auditor should
obtain additional evidence that the control was effective during the
entire audit period. For example, the auditor may observe the control
in operation during the audit period and use inquiry and inspection of
procedures manuals to determine that the control was in operation
during the entire audit period. Paragraph 380.02 provides guidance
concerning situations when new controls are implemented during the
year.
.18: When selecting a particular control test from among equally
effective tests, the auditor should select the most efficient test. For
example, the auditor may find that inquiry, observation, and
walkthroughs (tests of controls that do not involve sampling) provide
sufficient evidence that the control was effective during the year and
are most efficient to test. When sampling is considered necessary, the
auditor should consider performing multipurpose tests to enhance audit
efficiency (see sections 430 and 450).
DETERMINE THE EXTENT OF NONSAMPLING CONTROL TESTS:
.19: After selecting the nature of control tests to be performed, the
auditor should determine the extent of control tests (including IS
controls). This determination is based on the information gathered in
developing an understanding of internal control, the nature of the
control to be tested, the nature and availability of evidential matter,
and the auditor's determination of the amount of additional evidence
needed. For each control activity considered necessary to achieve the
control objectives, the auditor should test the control activity to
determine whether it achieves the control objectives. Relevant
financial reporting, budget, compliance, and operations controls
generally should be tested to the same level of assurance. The extent
of this testing is discussed in section 360 for nonsampling control
tests and in section 450 for sampling control tests.
.20: Controls that do not leave documentary evidence of existence or
application generally cannot be tested with sampling procedures. When
control activities, such as segregation of duties, do not leave
documentary evidence, the auditor should test their effectiveness by
observation and/or inquiry. For example, the auditor may obtain
evidential matter about the proper segregation of duties by (1) direct
observation of the control activities being applied at a specific time
during the audit period and (2) inquiry of the individual(s) involved
about applying the activities at other times during the audit period.
The appropriate extent of observation and inquiry is not readily
quantifiable. To determine whether a control is effective, the auditor
should consider whether sufficient evidence has been obtained to
support the preliminary assessment of control effectiveness (see
section 370).
DETERMINE THE NATURE, TIMING, AND EXTENT OF TESTS FOR SYSTEMS'
COMPLIANCE WITH FFMIA REQUIREMENTS:
.21: If the auditor believes it is likely that the opinion on the
financial statements will be unqualified (or qualifications will not
relate to the entity's ability to prepare reliable financial statements
or provide reliable financial information when needed), that internal
control will be determined to be effective, and that the auditor will
find no instances of noncompliance with legal and regulatory
requirements, then the auditor should test each of the elements of
systems' compliance with FFMIA requirements. Also, the auditor may need
to test for systems' compliance with FFMIA requirements in other
circumstances, as discussed in paragraph 350.05.
.22: The determination of substantial compliance with the requirements
requires auditor judgment. To assist the auditor in making these
judgments, he or she should identify any management-developed
documentation for its assertion about the systems' conformance with
systems requirements in its FMFIA section 4 report and any work it may
have done for FFMIA. The documentation may include the Financial
Management Series of Checklists for Systems Reviewed Under the Federal
Financial Management Improvement Act of 1996 or other tools. The issues
discussed earlier in this section with regard to nature, timing, and
extent of control tests also apply to tests of systems' compliance with
FFMIA requirements. These tests generally should be done concurrently
with nonsampling control tests as described in section 360.
.23: Management's documentation may be the basis for tests of the
systems' compliance. If, for example, management provides the auditor
with a checklist detailing the functions the systems are able to
perform, the auditor generally should select some significant functions
from the checklist and determine whether the systems perform them. This
may be done based on knowledge the auditor has acquired from gaining an
understanding of the systems, as well as by additional observation,
inquiry, inspection, and walkthroughs as discussed earlier in this
section for control tests. If management has not provided
documentation, testing may be based directly on the FFMIA requirements.
If management is unable to provide any documentation, the auditor
should ask why there is no documentation and how management knows
whether it is in compliance. Lack of documentation often indicates that
the systems do not substantially comply with FFMIA.
[End of section]
360 - PERFORM NONSAMPLING CONTROL TESTS AND TESTS FOR SYSTEMS'
COMPLIANCE WITH FFMIA REQUIREMENTS:
.01:
The auditor should design and conduct tests of control activities that
are effective in design to confirm their effectiveness in operation.
(The auditor should refer to paragraph 380.02 if control activities
were not effective in design during the entire audit period.) The
auditor should perform the following procedures in connection with
control tests:
* Request an IS auditor to test IS controls.
* Perform nonsampling control tests. (Sampling control tests are
performed in the testing phase, as discussed in section 450.):
* Evaluate the results of nonsampling control tests.
.02:
Similarly, the auditor should design and conduct tests of the financial
management systems' compliance with the three FFMIA requirements, if he
or she determined such tests were necessary (see paragraphs 350.02-.05
and 350.21-.23). Many nonsampling control tests will also serve as
tests for compliance with FFMIA requirements, especially the systems
requirements and the SGL, although testing for federal accounting
standards (GAAP) will include substantive testing, done as part of the
testing phase.
TESTS OF IS CONTROLS:
.03:
In an entity that uses information systems to perform accounting
functions, the auditor might identify controls whose effectiveness
depends on the computer (IS controls). Such IS controls are discussed
in more detail in section 295 F. Due to the technical nature of certain
IS controls, an IS auditor should perform or supervise tests of such
controls and should document conclusions on the effectiveness of IS
controls during the audit period. The financial auditor may perform
tests of less technical IS controls but the IS auditor should supervise
such testing to evaluate the results and to consider such controls in
relation to other IS controls.
.04:
If IS controls are identified for testing, an IS auditor should
evaluate the effectiveness of:
* general controls at the entity or installation level;
* general controls as they relate to the application to be tested; and:
* specific application controls and/or user controls, unless the IS
controls that achieve the control objectives are general controls.
.05:
The IS auditor should determine whether overall or installation-level
general controls are effectively designed and operating by:
* identifying applicable general controls,
* determining how those controls function, and:
* evaluating and testing the effectiveness of those controls.
The IS auditor should consider knowledge obtained in the planning
phase. At the conclusion of this step, the IS auditor should document
the understanding of general controls and should conclude whether such
controls are effectively designed and operating as intended.
Tests of General Controls at the Installation Level:
.06:
General controls ordinarily are tested through a combination of
procedures, including observation, inquiry, inspection (which includes
a review of documentation on systems and procedures), and reperformance
using appropriate test software. Although sampling is generally not
used to test general controls, it may be used to test certain controls,
such as those involving approvals.
.07:
If general controls are not effectively designed and operating as
intended, the auditor will generally be unable to obtain satisfaction
that application controls are effective. In such instances, (1) the IS
auditor should discuss the nature and extent of risks resulting from
ineffective general controls with the audit team and (2) the auditor
should consider whether manual controls achieve the control objectives
that the IS controls were supposed to achieve. However, if manual
controls do not achieve the control objectives, the IS auditor should
determine whether any specific IS controls are designed to achieve the
objectives. If not, the auditor should develop appropriate findings
principally to provide recommendations to improve internal control. If
specific IS controls are designed to achieve the objectives, but are in
fact ineffective due to poor general controls, testing would typically
not be necessary, except to support findings.
Tests of General Controls at the Application Level:
.08:
Based on favorable conclusions reached on general controls at the
entity or installation level, the IS auditor should evaluate and test
the effectiveness of general controls for those applications within
which application controls or user controls are to be tested.
.09:
If general controls are not operating effectively within the
application, application controls and user controls generally will be
ineffective. In such instances, the IS auditor should discuss the
nature and extent of risks resulting from ineffective general controls
with the audit team and should determine whether to proceed with the
evaluation of application controls and user controls.
Tests of Application Controls and User Controls:
.10:
The IS auditor generally should perform or supervise tests of those
application controls and user controls necessary to achieve the control
objectives where the overall and application-level general controls
were determined to be effective.
NONSAMPLING CONTROL TESTS:
.11:
The auditor should (1) develop a detailed control test audit program
that incorporates the nature, timing, and extent of planned nonsampling
control tests, including tests for compliance with FFMIA requirements
and (2) perform nonsampling control tests according to the audit
program. The following paragraphs discuss the testing of segregation of
duties.
Segregation of Duties:
.12:
Nonsampling control tests relating to segregation of duties require
special consideration. Such controls are designed to reduce the
opportunities for any person to be in a position both to perpetrate and
to conceal misstatements, especially fraud, in the normal course of
duties. Typically, an entity achieves adequate segregation of duties by
establishing controls (such as segregating asset custody from
recordkeeping functions) to prevent any person from having uncontrolled
access to both assets and related records. Paragraph 330.08 describes
situations in which the auditor should test segregation of duties.
.13:
The auditor may use the following method to test segregation-of-duties
controls:
a. Identify the assets to be controlled through the segregation of
duties.
b. Identify the individuals who have authorized access (direct or
indirect) to the assets. Direct access exists when the individual is
authorized to handle the assets directly (such as during the processing
of cash receipts). Indirect access exists when the individual is
authorized to prepare documents that cause the release or transfer of
assets (such as preparing the necessary forms to request a cash
disbursement or transfer of inventory).
c. For each individual with authorized access to assets, determine
whether there are sufficient asset access controls. Asset access
controls are those controls that are designed to provide assurance that
actions taken by individuals with authorized access to assets are
reviewed and approved by other individuals. For example, an approval of
an invoice for payment generally provides asset access controls
(relating to cash) over those individuals authorized to prepare
supporting documentation for the transaction. If IS provides access to
assets, evaluation and testing of IS controls should be designed to
identify (1) individuals (including IS personnel) who may use the
computer to obtain access and (2) asset access controls over such
individuals.
d. For individuals with authorized access to assets over which asset
access controls are insufficient, determine whether such individuals
can affect any recording of transactions in the accounting records. If
so, segregation of duties is insufficient, unless such access to
accounting records is controlled. For example, the person who processes
cash receipts may also be able to record entries in the accounting
records. Such a person may be in a position to manipulate the
accounting records to conceal a shortage in the cash account, unless
another individual reviews all accounting entries made by that person.
In an IS accounting system, access to assets frequently provides access
to records. For example, generation of a check may automatically record
a related accounting entry. In such circumstances, a lack of asset
access controls would result in inadequate segregation of duties, and
the auditor should consider whether other controls would mitigate the
effects of this lack of asset access control.
EVALUATING THE RESULTS OF NONSAMPLING TESTS:
.14:
The auditor should investigate and understand the reasons for any
deviations from control activities noted during nonsampling control
tests. The auditor may find, for example, that significant
subpopulations were not subject to controls or that controls were not
applied during a specific period during the year. In such instances,
the auditor should conclude whether controls are effective for at least
some parts of the population. For example, an otherwise effective
control may not have been applied effectively in one month due to
personnel turnover. For all but that month, the auditor may assess
controls as effective and reduce related testing. The auditor also
should consider whether other controls can achieve the related control
objective(s).
.15:
Additionally, the auditor should gather sufficient evidence to report
the control weakness. As discussed in paragraphs 580.37-.58, the
significance of the weakness will determine how the auditor reports the
finding and therefore which elements of the finding (condition, cause,
criteria, effect, and recommendation or suggestion) need to be
developed.
.16:
Finally, the auditor may make preliminary conclusions as to whether the
entity's financial management systems substantially comply with federal
financial management systems requirements, federal accounting
standards (GAAP), and the SGL at the transaction level. However, a
final conclusion as to compliance, especially with federal accounting
standards, needs to wait for the results of substantive testing.
[End of section]
370 - ASSESS CONTROLS ON A PRELIMINARY BASIS:
.01:
Based on the evaluation of internal control and results of nonsampling
control tests, the auditor should preliminarily assess the
effectiveness of internal control during the period (for reporting on
internal control in a non-opinion report and for determining the extent
of procedures to be performed in the testing phase) and/or as of the
end of the period (for an opinion on internal control). Considerations
for assessing the effectiveness of IS controls and each type of control
(financial reporting (including safeguarding and budget), compliance,
and operations) are discussed in paragraphs 370.06-.14 below and in the
FISCAM.
.02:
To assess the effectiveness of internal control, the auditor considers
whether the control objectives are achieved. For each control objective
that is not fully achieved, the auditor should obtain sufficient (1)
information to develop comments in the auditor's report or management
letter (see paragraphs 580.32-.61) and (2) evidence to support the
preliminary assessment of the effectiveness of internal control.
INFORMATION SYSTEM RESULTS:
.03:
Based on the procedures performed, the IS auditor should discuss
conclusions on the effectiveness of IS controls with the audit team and
obtain concurrence. The auditor should (1) incorporate the IS auditor's
conclusions into the audit workpapers for each IS control tested and
(2) perform tests of application controls (principally manual follow-up
of exceptions) or user controls identified by the IS auditor for the
audit team to test.
.04:
If IS controls are determined to be effective, the auditor may also ask
the IS auditor to identify any IS controls within the applications
tested using the above procedures that were not previously identified
by the auditor. For example, such IS controls might achieve control
objectives not otherwise achieved through manual controls or might be
more efficient or effective to test than manual controls. The IS
auditor can assist the auditor in determining the cost effectiveness of
searching for and testing additional IS controls. Decisions made in
response to these considerations should be documented, including a
description of the expected scope of the IS auditor's work.
.05:
Audit programs and supporting workpapers should be prepared to document
the procedures for evaluating and testing the effectiveness of IS
controls. Such workpapers should be included in the audit workpapers.
FINANCIAL REPORTING CONTROLS:
.06:
Based on procedures performed and before sampling control
tests,[Footnote 7] if any, the auditor should form a preliminary
conclusion about (1) the effectiveness of financial reporting controls
as of the end of the period and (2) the assessed level of control and
combined risk during the period for each significant assertion in each
significant line item or account. Combined risk is the risk that, prior
to the application of substantive audit procedures, a material
misstatement exists in a financial statement assertion. Combined risk
consists of the risks that (1) a financial statement assertion is
susceptible to material misstatement (inherent risk) and (2) such
misstatement is not prevented or detected on a timely basis by the
entity's internal control (control risk). The use of professional
judgment is essential in assessing both control and combined risk.
.07:
Preliminary assessment of control risk. For each significant assertion
in each significant account, the auditor should assess control risk at
one of the following three levels:
* Low control risk: The auditor believes that controls will prevent or
detect any aggregate misstatements that could occur in the assertion in
excess of design materiality.
* Moderate control risk: The auditor believes that controls will more
likely than not prevent or detect any aggregate misstatements that
could occur in the assertion in excess of design materiality.
* High control risk: The auditor believes that controls will more
unlikely than likely prevent or detect any aggregate misstatements that
could occur in the assertion in excess of design materiality.
.08:
In assessing control risk in a line item/account assertion, the auditor
should consider the aggregate magnitude of misstatements that might not
be prevented or detected in significant accounting applications that
affect the line item or account. For example, the cash receipts, cash
disbursements, and payroll accounting applications typically affect the
cash account. Accordingly, the auditor should consider the risk that
aggregate misstatements could arise from a combination of those
accounting applications and not be prevented or detected by controls.
.09:
Preliminary assessment of combined risk. In assessing combined risk,
the auditor should consider the likelihood that a material misstatement
would occur (inherent risk) and not be prevented or detected on a
timely basis by the entity's internal control (control risk). This
preliminary assessment of combined risk should be consistent with the
auditor's assessment of inherent risk and control risk. For each
significant assertion in each significant account, the auditor should
assess combined risk at one of the following three levels:
* Low combined risk: Based on the evaluation of inherent risk and
control
risk, but prior to the application of substantive audit procedures, the
auditor believes that any aggregate misstatements in the assertion do
not exceed design materiality.
* Moderate combined risk: Based on the evaluation of inherent risk and
control risk, but prior to the application of substantive audit
procedures, the auditor believes that it is more likely than not that
any aggregate misstatements in the assertion do not exceed design
materiality.
* High combined risk: Based on the evaluation of inherent risk and
control risk, but prior to the application of substantive audit
procedures, the auditor believes that it is more unlikely than likely
that any aggregate misstatements in the assertion do not exceed design
materiality. As a result, the auditor will need to obtain most, if not
all, audit reliance from substantive tests.
.10: The minimum substantive assurance level required for substantive
tests
varies directly with combined risk. In other words, as combined risk
increases, so does the minimum substantive assurance level. Section 470
discusses the assurance level. The auditor should document the
preliminary assessment of control risk and combined risk in the ARA or
equivalent.
COMPLIANCE CONTROLS:
.11: Based on the results of compliance control tests and other audit
procedures, the auditor should:
* conclude whether the entity's internal control provides reasonable
assurance that the entity complied with the significant provisions of
laws and regulations and executed transactions in accordance with
budget authority during the period (to assess control risk, to test
compliance as discussed in section 460, and/or to report (non-opinion
report) on internal control) and/or as of the end of the period (to
support the opinion on internal control) and:
* report weaknesses in compliance controls that come to the auditor's
attention (see paragraphs 580.32-.61).
If compliance controls are effective in preventing or detecting
noncompliance with relevant provisions of laws and regulations during
the period, the extent of compliance testing can be less than if such
controls were not effective, as discussed in section 460.
.12: When forming conclusions on internal control related to budget
execution, the auditor should consider the impact of any unadjusted
misstatements noted in the proprietary accounts and should determine
any impact on the budgetary amounts. If the budgetary amounts are also
misstated, the auditor should consider whether these misstatements are
indications of weaknesses in internal control related to budget
execution. If audit evidence indicates that internal control might not
provide reasonable assurance that the entity executed transactions in
accordance with budget authority, the auditor should discuss the legal
implications with OGC.
OPERATIONS CONTROLS:
.13:
If the results of control tests indicate that operations controls were
not effective during the period, the auditor should not place reliance
on the ineffective operations controls when performing other audit
procedures. Based on gaining an understanding of performance measures
systems and other procedures (which may include optional tests of
controls), the auditor will have an understanding of the design of
performance measures controls as they relate to the existence and
completeness assertions (for GAO audits, the valuation assertion is
also included in the understanding) and whether they have been placed
in operation. The auditor should report weaknesses in performance
measures controls that come to his or her attention. See paragraphs
580.32-.61 regarding reporting of control weaknesses.
REEVALUATION OF CONTROL RISK AND COMBINED RISK ASSESSMENT:
.14: After completing the testing phase, discussed in section 400, the
auditor should reevaluate the preliminary assessment of control risk
for financial reporting controls and control effectiveness for
compliance and operations controls. If the test results are contrary to
the preliminary assessment, the auditor should reconsider the adequacy
of the audit procedures performed and perform additional procedures as
considered necessary.
[End of section]
380 - OTHER CONSIDERATIONS:
ROTATION TESTING OF CONTROLS:
.01:
When the entity's control environment, risk assessment, communication,
and monitoring are strong and inherent and fraud risk are low, using a
rotation approach for testing controls may be appropriate for IS
controls. When appropriate, based primarily on favorable results from
prior tests and limited work in the current year, the auditor may test
IS internal controls of certain cycles/applications on a rotating basis
rather than every year. Rotation is generally not appropriate for use
in first-time audits where an opinion is expressed or for audits of
entities that do not have strong control environments, risk assessment,
communication, and monitoring. Section 395 G provides additional
requirements and guidelines for rotation testing of controls.
PARTIAL-YEAR CONTROLS:
.02:
In certain situations, such as when new controls are implemented during
the year, the auditor may elect to test controls only for the period
that the new controls were operating. In such situations, the extent of
control testing should remain similar, but be concentrated over the
period the new controls are in place. For any portion of the audit
period that financial reporting, budget, and compliance controls were
not tested directly or through a rotation plan (see paragraph 380.01),
the auditor should assume that such controls were ineffective for
purposes of designing compliance and substantive tests.
PLANNED CHANGES IN CONTROLS:
.03:
The auditor may become aware of an entity's plans to implement new
accounting or control systems after the audit period ends. Even though
new systems or controls are planned, the auditor should evaluate and
test controls in effect through the end of the audit period to (1)
provide support for the report on internal controls, (2) recommend any
improvements to the current system that should be considered in
designing the new systems or controls, and/or (3) obtain audit evidence
to reduce substantive testing in the current audit. During the current
audit, the auditor may elect to review controls designed into the new
system.
[End of section]
390 - DOCUMENTATION:
.01:
In addition to preparing a control testing audit program and other
workpapers relevant to the internal control phase, the auditor should
prepare the documents described in paragraphs 390.04-.07 or their
equivalent.
.02:
In the audit program, the auditor generally should explain the
objectives of audit procedures. Also, written guidance, either within
or accompanying the audit program to explain possible exceptions, their
nature, and why they might be important, may help auditors focus on key
matters, more readily determine which exceptions are important, and
identify significant exceptions.
.03:
As the audit work is performed, the auditors may become aware of
possible reportable conditions or other matters that should be
communicated to the auditee. The auditor generally should document and
communicate these as described in paragraph 290.02.
CYCLE MEMORANDUM AND FLOWCHART:
.04:
The auditor is required to document (AU 319.44) the understanding
gained of each component of internal control, among them, the
information system (AU 319.36). The auditor should prepare sufficient
documentation to clearly describe and illustrate the accounting system;
such documentation may include memorandums and flowcharts. Flowcharts
provide a good mechanism to document the process and need not be
extremely detailed. In some systems, particularly IS, it is difficult
to understand the system without a flowchart. For each significant
cycle, the auditor should prepare a cycle memorandum or equivalent, and
a complementary flowchart of the cycle and component accounting
application(s) is also recommended. To the extent relevant, these
documents should include the following accounting systems information
for financial reporting controls:
* The cycle memorandum or equivalent should (1) identify the cycle
transactions, each significant accounting application, and each
significant financial management system included in the cycle, (2)
describe interfaces with other cycles, (3) identify financial statement
line items and general ledger accounts included in the cycle, (4)
describe the operating policies and procedures relating to the
processing of cycle transactions (see paragraph 320.03),[Footnote 8]
and (5) identify major internal controls (overview only). The cycle
memorandum may also include information on FFMIA requirements
considered to this point, such as systems requirements and the SGL.
* The flowchart should complement the related cycle memorandum and
summarize the significant transaction flows in terms of (1) input and
report documents, (2) processing steps, (3) files used, (4) units
involved, and (5) interfaces with other cycles and accounting
applications.[Footnote 9]
.05: The auditor should document the understanding of compliance and
relevant operations (including performance measures) control systems in
a memorandum and, if applicable, a flowchart addressing each point
discussed in paragraphs 320.05-.07.
SPECIFIC CONTROL EVALUATION WORKSHEET:
.06: The auditor should document the evaluation of specific control
activities in the SCE worksheet or equivalent. Control tests should be
documented in a control test audit program and in accompanying
workpapers. Any IS control tests should also be documented in the audit
workpapers, as discussed in paragraph 370.05. Section 395 H presents an
example of a completed SCE worksheet.
UPDATING THE ACCOUNT RISK ANALYSIS FORM:
.07:
The auditor should update the ARA form or equivalent by completing the
internal control phase columns, as illustrated in section 395 I.
[End of section]
395 A - TYPICAL RELATIONSHIPS OF ACCOUNTING APPLICATIONS TO LINE ITEMS/
ACCOUNTS:
This section illustrates the typical relationships between accounting
applications and line items or accounts. For example, sources of
significant accounting entries to cash typically include the cash
receipts, cash disbursements, payroll, and cash accounting
applications. For each significant line item or account, the auditor
should develop an understanding of how potential misstatements in
significant accounting applications could affect the related line item
or account. In turn, control objectives and relevant control techniques
to achieve those objectives should be identified.
[See PDF for image]
[End of table]
[End of section]
395 B - FINANCIAL STATEMENT ASSERTIONS AND POTENTIAL MISSTATEMENTS:
This section lists potential misstatements that could occur in each
financial statement assertion within an accounting application,
together with related control objectives. The auditor should use
judgment to tailor this information to the accounting application and
to the entity and should consider supplementing this list with other
control objectives or subobjectives. The assertions, potential
misstatements, and control objectives illustrated in this section can
be used in preparing the first, fourth, and fifth columns of the SCE
worksheet, which is illustrated in section 395 H. However, this section
is provided as a reference and does not require completion as a form.
[See PDF for image]
Note: Segregation-of-duties controls are a type of safeguarding control
and are often crucial to the effectiveness of controls, particularly
over liquid, readily marketable assets that are highly susceptible to
theft, loss, or misappropriation. Such controls are designed to reduce
the opportunities for any person to be in a position to both perpetrate
and conceal fraud. The lack of segregation-of-duties controls may be
pervasive and affect several misstatements. Paragraph 330.08 discusses
when segregation-of-duties controls should be tested.
[End of table]
[End of section]
395 C - TYPICAL CONTROL ACTIVITIES:
AUTHORIZATION:
.01:
Authorization controls are designed to provide reasonable assurance
that (1) transactions, (2) events from which they arise, and (3)
procedures under which they are processed are authorized in accordance
with laws, regulations, and management policy. Typical authorization
controls include:
* documented policies establish events or transactions that the
entity is authorized to engage in by law, regulation, or management
policy;
* documented policies and procedures exist for processing transactions
in accordance with laws, regulations, or management policy; and:
* master files include only authorized employees, customers, or
suppliers.
APPROVAL:
.02:
Approval controls are designed to provide reasonable assurance that
appropriate individuals approve recorded transactions in accordance
with management's general or specific criteria. Typical approval
controls include the following:
* Specific transactions are approved by persons having the authority to
do so (such as the specific approval of purchases by the procurement
officer or other designated individual with procurement authority) in
accordance with established policies and procedures.
* Transactions are compared with predetermined expectations (invoice
terms are compared with agreed-upon prices, input is checked for valid
data type for a particular field, etc.), and exceptions are reviewed by
someone authorized to approve them.
* Transactions are compared with approved master files (such as
approved customer credit limits or approved vendors) before approval
or acceptance, and exceptions are reviewed by someone authorized to
approve them.
* Key records are matched before a transaction is approved (such as
the matching of purchase order, receiving report, and vendor invoice
records before an invoice is approved for payment).
* Before acceptance, changes to data in existing files are
independently approved, evidenced by either documentary or on-line
approval of input before processing.
SEGREGATION OF DUTIES:
.03:
Segregation-of-duties controls are designed to reduce the opportunities
for someone to both perpetrate and conceal errors or fraud in the
normal course of duties. Typically, an entity achieves adequate
segregation of duties by establishing controls (such as segregating
asset custody from recordkeeping functions) to prevent any person from
having uncontrolled access to both assets and records. See paragraphs
330.08 and 360.11 for additional discussions of segregation-of-duties
controls.
DESIGN AND USE OF DOCUMENTS AND RECORDS:
.04:
The purpose of controls over the design and use of records is to help
provide reasonable assurance that transactions and events are properly
recorded. Such controls typically include the following.
* Prenumbered forms are used to record all of an entity's transactions,
and accountability is maintained for the sequence of all numbers used.
(For example, prenumbered billing documents, vouchers, purchase orders,
etc., are accounted for in numerical sequence when they are used, and
any numbers missing from the sequence are investigated).
* Receiving reports, inspection documents, etc., are matched with
billing notices, such as vendor invoices, or other documents used to
record delivered orders and related liabilities to provide assurance
that all and only valid transactions are recorded.
* Transaction documents (such as vendor invoices or shipping documents)
are stamped with the date and tracked (through periodic supervisory
reviews) to provide assurance that transactions are recorded promptly.
* Source documents are canceled after processing (for example, invoices
are stamped, perforated, or written on after they are paid) to provide
assurance that the same documents will not be reused and will not
result in recording transactions more than once. Also, only original
documents are used to process transactions.
ADEQUATE SAFEGUARDS OVER ACCESS TO AND USE OF ASSETS AND RECORDS:
.05: Access controls are designed to protect assets and records against
physical harm, theft, loss, misuse, or unauthorized alteration. These
controls restrict unauthorized access to assets and records. Evaluation
of segregation of duties is also required for persons who have
authorized access to assets and records. Typical access controls
follow:
* Cash receipt totals are recorded before cash is transmitted for
deposit.
* Secured facilities (locked rooms, fenced areas, vaults, etc.) are
used. Access to critical forms and equipment (such as check signing
machines and signature stamps) is limited to authorized personnel.
* Access to programs and data files is restricted to authorized
personnel. (For example, manual records, computer terminals, and backup
files are kept in secured areas to which only authorized persons can
gain access.):
* Assets and records are protected against physical harm. (For example,
intruder alarms, security guards, fire walls, a sprinkler system, etc.,
are used to prevent intentional or accidental destruction of assets and
records).
* Incoming and outgoing assets are counted, inspected, and received or
given up only on the basis of proper authorization (such as a purchase
order, contract, or shipping order) in accordance with established
procedures.
* Procedures are established to provide reasonable assurance that
current files can be recovered in the event of a computer failure. (For
example, the entity has implemented a backup and recovery plan, such as
using on-premises or off-premises file backup, off-site storage of
duplicate programs and operating procedures, and standby arrangements
to use a second processing facility if the entire data center is
destroyed).
* Access to critical forms and records is restricted. (For example,
secured conditions are established and maintained for manual records
and media used to access assets, such as blank checks or forms for the
release of inventory).
INDEPENDENT CHECKS:
.06:
Controls in this category are designed to provide independent checks
on the validity, accuracy, and completeness of processed data. The
following procedures are typical of this category of controls:
* Calculations, extensions, additions, and accounting classifications
are independently reviewed. (For example, arithmetic on vouchers is
independently recomputed, and transactions and accounting
classifications are subsequently reviewed).
* Assets on hand are periodically inspected and counted, and the results
are compared with asset records. (For example, inventories are
inspected and physically counted at the end of each year and compared
with inventory records).
* Subsidiary ledgers and records are reconciled to general ledgers.
* The entity promptly follows up on complaints from vendors, customers,
employees, and others.
* Management reviews performance reports. (For example, the warehouse
manager reviews performance reports on the accuracy and timeliness of
fulfilling shipping orders and recording them in the sales processing
system).
* Data from different sources are compared for accuracy and completeness.
(For example, the cash journal entry is compared with the authenticated
bank deposit slip and with the detailed listing of cash receipts
prepared independently when mail was opened, and units billed are
compared with units shipped).
* Actual operating results (such as personnel cost or capital
expenditures for a particular organizational component or an entity as
a whole) are compared with approved budgets, and variances are
explained.
VALUATION OF RECORDED AMOUNTS:
.07:
Controls in this category are designed to provide assurance that assets
are valued at appropriate amounts. Typical valuation controls follow:
* Periodically, the condition and marketability of assets are evaluated.
(For example, inventory is periodically reviewed for physical damage,
deterioration, or obsolescence, or receivables are evaluated for
collectibility).
* Recorded data are compared with information from an independent third
party. (For example, recorded cash is reconciled to bank statements,
and suppliers' accounts are reconciled to monthly statements from
suppliers).
* Assessed values (such as independent appraisals of assets) are
compared with the accounting records.
SUMMARIZATION OF ACCOUNTING DATA:
.08: Controls in this category are designed to provide assurance that
transactions are accurately summarized and that any adjustments are
valid. Typical controls in this category include the following:
* The sources of summarized data (such as subsidiary ledgers, journals,
and/or other records) are compared with the underlying subsidiary
records and/or documents before the data are accepted for inclusion in
summarized records and reports. (For example, journal entries are
compared to source documents, and the daily summaries of journal
entries are compared with to the individual journal entries before the
summarized entries are posted to the general ledger.):
* Procedures are followed to check the completeness and accuracy of
data summarization, and exceptions are reviewed and resolved by
authorized persons. (For example, batch totals are compared with
appropriate journals, hash totals are compared at the beginning and
end of processing, and totals passed from one system or application to
another are compared).
RIGHTS AND OBLIGATIONS:
.09:
Controls in this category are designed to provide assurance that (1)
the entity owns recorded assets, with the ownership supported by
appropriate documentation, (2) the entity has the rights to its assets
at a given date, and (3) recorded liabilities reflect the entity's
legal obligations at a given date. The following procedures are typical
of this category of controls:
* Policies and procedures are documented (such as policy, procedures,
and training manuals, together with organization charts) for initiating
transactions and for identifying and monitoring those transactions and
accounts warranting attention with respect to ownership.
* Policies and procedures are documented for initiating and monitoring
transactions and accounts related to obligations.
* Significant transactions require the approval of senior management.
* Reported results and balances are compared with plans and
authorizations.
PRESENTATION AND DISCLOSURE:
.10:
Controls in this category are designed to provide assurance that (1)
accounts are properly classified and described in the financial
statements, (2) the financial statements are prepared in conformance
with GAAP, and (3) footnotes contain all information required to be
disclosed. The following procedures are typical of this category of
controls:
* Policies and procedures are documented for accumulating and
disclosing financial information in the financial statements by
appropriate personnel. Responsibility is assigned to specific
individuals.
* Policies and procedures are documented for preparing financial
statements by authorized personnel having sufficient experience and
expertise to assure compliance with GAAP.
* Policies and procedures are documented (such as policy and procedures
manuals, together with organization charts) for properly classifying
and describing financial information in the financial statements.
* Reports are periodically substantiated and evaluated by supervisory
personnel. Procedures are implemented to detect errors and omissions
and to evaluate recorded balances.
* A written chart of accounts containing a description of each account
is used, such as the SGL. Journal entries are prepared, reviewed,
compared with supporting details where necessary, and approved each
accounting period.
* Appropriate processing procedures are used, including control or
batch totals, etc. Written cutoff and closing schedules are also used.
* The same chart of accounts is used for both budgeting and reporting,
and variances between actual and planned results are analyzed.
[End of section]
395 D - SELECTED STATUTES RELEVANT TO BUDGET EXECUTION:
.01:
Antideficiency Act: This statute places limitations on the obligation
and expenditure of government funds. Expenditures and obligations may
not exceed the amounts available in the related appropriation or fund
accounts. Unless allowed by law, amounts may not be obligated before
they are appropriated. Additionally, the amount of obligations and
expenditures may not exceed the amount of the apportionments received.
(See 31 U.S.C. sections 1341-1342, 1349-1351, and 1511-1517 for further
information.):
.02: Purpose statute: This statute states that appropriations may be
obligated and expended only for the purposes stated in the
appropriation. (See 31 U.S.C. 1301 for further information.):
.03:
Time statute: This statute states that appropriations may be obligated
or expended only during the period of availability specified by law.
(See 31 U.S.C. 1502 for further information.) Annual or multiple year
appropriations often are referred to as "fixed accounts." Fixed
accounts are available for obligation for a definite period of time.
"No year" authority or accounts are resources that are available for
obligation for an indefinite period of time, usually until the purposes
for which they were provided are carried out.
[End of section]
395 E - BUDGET EXECUTION PROCESS:
The steps of a simplified budget process are illustrated in the
following table.
[See PDF for table]
[End of table]
.02:
The following budget execution process is of interest to the auditor
when testing the statement of budgetary resources and when evaluating
an entity's internal control relating to budget execution:[Footnote 10]
* Congress provides an entity with an appropriation (or other budget
authority), which is authority provided by law to enter into
obligations that result in immediate or future outlays (2 U.S. 622(2)).
The Secretary of the Treasury issues warrants, which establish the
amount of moneys authorized to be withdrawn from the central accounts
maintained by Treasury.
* OMB makes an apportionment, which is a distribution of amounts
available for obligation. Apportionments divide amounts available for
obligation by specific periods (usually quarters), activities,
projects, or objects, or a combination thereof. The amounts so
apportioned limit the amount of obligations that may be incurred.
* The entity head (or other authorized employee) makes an allotment,
which is an authorization to subordinates to incur obligations within a
specified amount. The total amount allotted by an entity may not exceed
the amount apportioned by OMB. The entity, through its fund control
regulations, establishes allotments at a legally binding level for
complying with the Antideficiency Act. Suballotments and allowances are
further administrative divisions of funds, usually at a more detailed
level (i.e., suballotments are divisions of allotments established as
needed).
* The entity may make a commitment, which is an administrative
reservation of an allotment or of other funds in anticipation of their
obligation. Commitments are not required by law or regulation nor are
they considered formal/official use of budget authority. Rather,
commitments are used by entities for financial planning in the
acquisition of goods and services and control over obligations and the
use of budget authority.
* The entity incurs an obligation, which is the amount of orders placed,
contracts awarded, services received, and similar transactions during a
given period that will require payments during the same or future
periods. Obligations need to comply with legal requirements before they
may be properly recorded against appropriation accounts (title 7 of the
GAO Policies and Procedures Manual). These legal requirements include
consideration of whether the purpose, the amount, and the timing of
when the obligation was incurred are in accordance with the
appropriation. Additionally, there are legal requirements concerning
the documentary evidence necessary for recording an obligation. The
term "obligation" in this manual refers to orders for goods and
services that have not been delivered (undelivered orders).
The entity records expended authority, which is the reduction of an
obligation by the receipt and acceptance of goods and services ordered.
Expended authority means that the budget authority has been used to
acquire goods or services.[Footnote 11]
* The entity records an "outlay," which, as used in the President's
budget, Congressional budget documents, and the statement of budgetary
resources, refers to payments made to liquidate obligations for goods
and services. The statement of budgetary resources reconciles
obligations incurred net of offsetting collections to net outlays.
* The appropriation account expires when, according to the restrictions
contained in the appropriation, the appropriation is no longer
available for new obligations. Adjustments may be made for valid
obligations that were either (1) recorded at an estimated amount that
differs from the actual amount[Footnote 12] or (2) incurred before the
authority expired, but were not recorded. Adjustments may be recorded
for 5 years after the appropriation expires. For both expired accounts
and closed accounts, the entity's obligations and expenditures may not
exceed the related budget authority. The auditor should refer to OMB
Circular A-34 (2000), sections 30.6-.10, for additional guidance on
these types of adjustments and transactions.
Examples of valid adjustments to expired accounts within the 5-year
period include adjustments for (1) canceled orders or orders for which
delivery is no longer likely, (2) refunds received in the current
period that relate to recovery of erroneous payments or accounting
errors, (3) legal and valid obligations that were previously
unrecorded, and (4) differences between the estimated and actual
obligation amounts.
* After the 5-year period, the budget authority
for the expired accounts
is canceled and the expired accounts are closed. No further adjustments
or outlays may be made in those closed accounts. Payments for any
outstanding unliquidated obligations in closed accounts may be made
from unexpired appropriations that have the same general purpose (but
are limited in aggregate to 1 percent of the current year
appropriation). For both expired accounts and closed accounts, the
entity's obligations and expenditures may not exceed the related budget
authority. The auditor should refer to OMB Circular A-34 (2000),
sections 30.6-10, for additional guidance on these types of adjustments
and transactions.
[End of section]
395 F - BUDGET CONTROL OBJECTIVES:
.01:
This section lists budget control objectives by steps in the budget
process. The auditor may consider these control objectives for either
or both of the audit of the statement of budgetary resources
(evaluation of financial reporting controls) and/or as part of the
compliance control evaluation. The auditor may evaluate many of these
controls at the same time as controls over expenses, disbursements, and
liabilities.
a. Appropriations (or other forms of budget authority): The recorded
appropriation (or other form of budget authority) is the same as that
made available in the appropriation or other appropriate legislation,
including restrictions on amount, purpose, and timing.
b. Apportionments: The recorded apportionments agree with the OMB
apportionments (as indicated on the apportionment schedules), and the
total amount apportioned does not exceed the total amount
appropriated.[Footnote 13]
c. Allotments/suballotments: The total amount allotted does not exceed
the total amount apportioned.
d. Commitments: The auditor may not be concerned with controls over
budgetary commitments because commitments are not required by law or
regulation nor are they considered formal/official use of budget
authority. Controls over budgetary commitments are considered a type of
operations control.
The auditor should consider evaluating controls over commitments if the
entity is using commitments and relying on controls over commitments to
achieve the control objectives relating to obligations. If controls
over commitments are evaluated, the auditor should apply the same
control objectives used for obligations and expenditures, as discussed
below.
e. Obligation transactions: The following control objectives relate to
obligation transactions (undelivered orders):
* Validity: Obligations recorded are valid. An obligation is considered
valid only if it meets these criteria:
The obligation has been incurred. This is usually evidenced by
appropriate supporting documentation, such as a purchase order or
binding contract.
The auditor should be alert for instances of "block obligating" or
"block dumping," which occur when an entity records obligations to
"reserve" funds even though the goods or services have not been
ordered. This is most likely to occur near the expiration of the
appropriation. The auditor should be alert for such signs as large,
even-amount obligations near the end of the fiscal year for annual
appropriations or during the last year of a multiyear appropriation
account.
The purpose of the obligation is one for which the appropriation was
made.
The obligation was incurred within the time that the appropriation was
made available for new obligations.
The obligation did not exceed the amount allotted or appropriated by
statute, nor was it incurred before the appropriation became law,
unless otherwise provided by law.
The obligation complies with any other legally binding restrictions,
such as obligation ceilings, identified in the planning phase.
The obligation has not subsequently been canceled nor the goods or
services received.
For adjustments to obligations in expired accounts, the following
objectives also are to be met:
If the adjustment represents a "contract change" as defined in OMB
Circular A-34 (2000), the auditor should refer to section 30.7 of that
circular for reporting and approval requirements.
The adjustment does not cause the entity to exceed the amount allotted
or appropriated by statute.
The adjustment is recorded during the period when the account is
available for adjustments (5 years) and was made for a valid obligation
incurred before the authority expired.
New obligations may not be recorded in expired accounts.
* Completeness: All obligation transactions are recorded.
* Valuation: Obligations are recorded at the best available estimate of
actual cost.
* Cutoff: Obligations are recorded in the proper period.
* Classification: Obligations are recorded in the proper appropriation
or fund accounts (also by program and by object, if applicable),
including
the proper appropriation year if the account has multiple years.
Examples of programmatic account classifications are "school lunch
program" and "nutrition education and training." Examples of object
account classifications are "salaries," "rent," and "travel.":
f. Expended authority transactions: The following control objectives
relating to expended authority transactions, as defined in section 395
E, are generally the same as those for obligation transactions:
* Validity: For all expended authority transactions, recorded expended
authority transactions have occurred. This occurrence is usually
evidenced by appropriate supporting documentation. For expended
authority transactions (or adjustments to expended authority
transactions) in expired accounts, the following objectives also are to
be met:
The expended authority transaction does not cause the entity to exceed
the amount appropriated by statute:
The expended authority transaction is recorded during the period when
the account is available for adjustments (5 years).
The expenditure is not made out of a closed account.
* Completeness: All expended authority transactions and adjustments are
recorded.
* Valuation: Expended authority transactions and adjustments are
recorded at the correct amount.
* Cutoff: Expended authority transactions and adjustments are recorded
in the proper period.
* Classification: Expended authority transactions and adjustments are
recorded in the proper appropriation or fund accounts (also by program
and by object, if applicable), including the proper appropriation year
if the account has multiple years.
g. Outlay transactions: The following control objectives relate to
outlay transactions (to be considered while auditing cash
disbursements):
* Validity: Outlays are supported by sufficient evidence such as
contractor invoices and receiving reports. The outlay is recorded
against an obligation made during the period of availability of the
appropriation (not made out of a closed account) and is for a purpose
for which the appropriation was provided as evidenced by being in an
amount not exceeding the obligation, as adjusted, authorizing the
outlay. Use of "first-in, first-out" or other arbitrary means to
liquidate obligations based on outlays is not generally acceptable
unless supporting evidence demonstrates that, in fact, these estimating
techniques reasonably represent the manner in which costs are incurred
and should be charged to unliquidated obligations. Accrual of
liabilities based on incurred but unbilled contractor costs alone is
not sufficient evidence of validity (i.e., it does not ensure that the
purpose, time, and amount provisions of an appropriation are met).
Internal control over liquidation of the corresponding obligation by
outlays is a safeguard against improper payments, including erroneous,
duplicative, or fraudulent contractor billings.
* Completeness: All outlays and adjustments are recorded in a timely
manner.
* Classification: Outlays are recorded in the proper accounts (both by
program and by object, if applicable), including the proper
appropriation year if the account has multiple years. This is evidenced
by "matching" the outlay to the underlying obligation.
h. Obligation and expended authority balances: The following control
objectives relate to obligation and expended authority balances as of a
point in time:
* Summarization: Recorded balances of obligation and expended authority
accounts as of a given date are supported by appropriate detailed
records that are accurately summarized and reconciled to the
appropriation or fund account balance, by year, for each account.
* Substantiation: Recorded account balances are supported by valid
obligations and expended authority transactions.
* Limitation: Total undelivered orders plus total expended authority
transactions do not exceed the amount of the appropriation or other
statutory limitations (such as obligation ceilings) that may exist by
appropriation period. These other statutory limitations may limit the
amount of obligations that can be incurred by program or object
classification. In addition, total payments of outstanding unliquidated
obligations that relate to closed accounts cannot exceed the limits
described in A-34 (2000), section 30.10 (for annual accounts, 1 percent
of the account's current year appropriation, for multiyear accounts, 1
percent of all appropriations that are available for obligation for the
same purpose - this is a single, cumulative limit).
i. Appropriation account balances: The following control objectives
relate to appropriation account balances as of a point in time:
* Fixed appropriation accounts are identified by fiscal year after the
end of the period in which they are available for obligation until they
are closed. (31 USC 1553(a)):
* Fixed appropriation accounts are closed on September 30th of the 5th
fiscal year after the end of the period that they are available for
obligation. Any remaining balance (whether obligated or unobligated) in
the account is canceled and is no longer available for obligation or
expenditure for any purpose. (31 USC 1552(a)). For example, at the end
of fiscal year 1995, the entity should only have accounts for fixed
appropriations that expired at the end of fiscal years 1991, 1992,
1993, 1994, and 1995. All fixed appropriations that expired prior to
these dates should have been closed and canceled as of the end of
fiscal year 1995.
* Appropriation accounts that are available for obligation for an
indefinite period are closed if (1) the entity head or the President
determines that the purposes for which the appropriation was made have
been carried out and (2) no disbursement has been made against the
appropriation for two consecutive fiscal years. (31 USC 1555):
j. Recording of cash receipts related to closed appropriation accounts:
(to be considered only if such amounts are expected to exceed design
materiality):
* Collections authorized or required to be credited to an
appropriation account but not received before the account is closed
are deposited in the Treasury as miscellaneous receipts. (31 USC 1552
(b)):
[End of section]
395 F Sup - BUDGET CONTROL OBJECTIVES - FEDERAL CREDIT REFORM ACT
SUPPLEMENT:
.01:
The Federal Credit Reform Act (FCRA) contains many provisions regarding
the recording and reporting of activity related to direct loans, loan
guarantees, and modifications of these items for budget accounting
purposes. (Definitions of these and other FCRA terms are included in
the notes to this supplement.) For transactions and account balances
related to these types of activities, the auditor should consider each
of the budget control objectives listed in FAM 395 F and supplement
them with the following budget control objectives related to FCRA.
Additional guidance on FCRA accounting for budget purposes is included
in OMB Circular A-34 (2000), section 70, Federal Credit Programs. Also,
see Federal Financial Accounting and Auditing Technical Release No. 3,
Preparing and Auditing Direct Loan and Loan Guarantee Subsidies Under
the Federal Credit Reform Act, issued by FASAB's Accounting and
Auditing Policy Committee (AAPC) in July 1999.
a.
Obligation transactions: Obligation transactions include direct loan
obligations, loan guarantee commitments, and modifications that change
the cost of an outstanding direct loan or loan guarantee (except
modifications within the terms of existing contracts or through other
existing authorities). The following are supplemental control
objectives related to obligation transactions under FCRA:
* Valuation: Obligations are recorded at the best available estimate of
actual cost.
** The cost of a direct loan is recorded as the net present value, at
the time when the loan is disbursed, of the following cash flows:
*** loan disbursements,
*** estimated principal repayments,
*** estimated interest payments, and:
*** estimated amounts and timing of any other payments by or to the
government over the life of the loan. These amounts include fees,
penalties, and other recoveries. Administrative costs and any
incidental effects on governmental receipts and outlays are excluded.
(2 USC 661a(5)(A) and (B)):
These estimated cash flows include the effects of the timing and
amounts of expected defaults and prepayments. These cash flows are
discounted using the appropriate rate as described below.
** The cost of a loan guarantee is recorded as the net present value,
at the time when the related guaranteed loan is disbursed, of the
following cash flows:
*** estimated amounts and timing of payments by the government for
defaults, delinquencies, interest subsidies, or other payments,
excluding administrative costs; and:
*** estimated amounts and timing of payments to the government for
origination and other fees, penalties, and recoveries. (2 USC
661a(5)(A) and (C)):
Any incidental effects on governmental receipts and outlays are
excluded. These cash flows are discounted using the appropriate rate as
described below.
** The cost of a modification is recorded as the difference between the
current estimated net present value of the cash flows under the
existing direct loan or guarantee contract and the estimated net
present value of the cash flows under the modified contract. The cash
flows for each of these calculations is discounted at the rate for
modifications described below. (2 USC 661a(5)(D)):
** The discount rate used to estimate the net present values described
above is the average interest rate, in effect when the obligation is
incurred, for marketable Treasury securities of similar maturity to the
related loan. For modifications, the discount rate used is the average
rate, in effect at the time of modification, for marketable Treasury
securities with a maturity similar to the remaining maturity of the
modified loan. (2 USC 661a(5)(E)):
b. Expended authority transactions: Expended authority transactions
include transactions that occur when loans are disbursed. The following
are supplemental control objectives related to expended authority
transactions under FCRA:
* Valuation: Expended authority transactions are recorded at the proper
amount. The same specific criteria for the amounts of FCRA obligations
are also applicable to expended authority transactions.
* Cutoff: Expended authority transactions are recorded in the proper
period.
** Expended authority transactions for the cost of loans or guarantees
are recorded in the fiscal year in which the direct or guaranteed
loan is disbursed or its costs altered. (2 USC 661c(d)(2)):
* Classification/Presentation and Disclosure: Amounts are recorded in
the proper account and reported appropriately.
** Differences in subsequent years between original estimated cost and
reestimated costs are recorded in a separately identified subaccount in
the credit program account and shown as a change in program costs and a
change in net interest. (2 USC 661c(f)):
** Funding for the administration of a direct loan or loan guarantee
program is recorded in separately identified subaccounts within the
same budget account as the program's cost. (2 USC 661c(g)):
** Cash disbursements for direct loan obligations or loan guarantee
commitments made on or after October 1, 1991, are made out of the
financing account. (2 USC 661a(7)):
c. Obligation and expended authority balances: The following are
supplemental control objectives related to obligation and expended
authority balances under FCRA as of a point in time:
* Limitation: Total obligations plus total expended authority
transactions do not exceed the amount of the appropriation or other
statutory limitations that may exist by appropriation period.
** Direct loan obligations made on or after October 1, 1991, do not
exceed the available appropriation or other budget authority.
** Modifications made to direct loan obligations or direct loans do
not exceed the available appropriation or other budget authority. (The
auditor should discuss applicability of this budget restriction to
direct loans and direct loan obligations that were outstanding prior to
October 1, 1991, with OGC prior to performing control or compliance
tests.):
** Obligations for new loan guarantee commitments made on or after
October 1, 1991, do not exceed the available appropriation or other
budget authority.
** Modifications made to loan guarantee commitments or outstanding loan
guarantees do not exceed the available appropriation or other budget
authority. (The auditor should discuss applicability of this budget
restriction to loan guarantees, or loan guarantee commitments that were
outstanding prior to October 1, 1991, with OGC prior to performing
control or compliance tests.):
d. Cash receipts: The following are supplemental control objectives
related to cash receipts under FCRA:
* Classification: Cash receipts are recorded in the proper account.
** Cash receipts related to direct loans obligated or loan guarantees
committed prior to October 1, 1991, are recorded in the liquidating
accounts. (2 USC 661f(b)):
** Cash receipts related to direct loan obligated or loan guarantees
committed on or after October 1, 1991, are recorded in the financing
account. (2 USC 661a(7)):
Note 1: A direct loan is a disbursement of funds by the government to
a nonfederal borrower under a contract that requires the repayment of
such funds with or without interest. The term also includes the
purchase of, or participation in, a loan made by another lender. The
term does not include the acquisition of a federally guaranteed loan in
satisfaction of default claims or the price support loans of the
Commodity Credit Corporation. (2 USC 661a(1)):
Note 2: A direct loan obligation is a binding agreement by a federal
agency to make a direct loan when specified conditions are fulfilled by
the borrower. (2 USC 661a(2)):
Note 3: A loan guarantee is any guarantee, insurance, or other pledge
with respect to the payment of all or a part of the principal or
interest on any debt obligation of a nonfederal borrower to a
nonfederal lender, but does not include the insurance of deposits,
shares, or other withdrawable accounts in financial institutions. (2
USC 661a(3)):
Note 4: A loan guarantee commitment is a binding agreement by a federal
agency to make a loan guarantee when specified conditions are fulfilled
by the borrower, the lender, or any other party to the guarantee
agreement. (2 USC 661a(4)):
Note 5: Costs are defined as the estimated long-term cost to the
government of a direct loan or loan guarantee, calculated on a net
present value basis, or modification thereof, excluding administrative
costs and any incidental effects on governmental receipts or outlays (2
USC 661a(5)). These calculations are described in further detail under
the valuation control objective for obligations in FAM 395 F.
Note 6: A credit program account is a budget account associated with
each program account into which an appropriation to cover the cost of a
direct loan or loan guarantee program is made and from which such cost
is disbursed to the financing account. (2 USC 661a(6)):
Note 7: A liquidating account is a budget account that includes all
cash flows to and from the government resulting from direct loan
obligations or loan guarantee commitments made prior to October 1,
1991. These accounts are required to be shown on a cash basis. (2 USC
661a(8)):
Note 8: A financing account is a nonbudget account(s) associated with
each credit program account that holds balances, receives the cost
payment from the credit program account, and also includes all other
cash flows to and from the government resulting from direct loan
obligations or loan guarantee commitments made on or after October 1,
1991. (2 USC 661a(7)):
Note 9: Modifications are government actions that alter the estimated
cost of an outstanding direct loan or loan guarantee from the current
estimate of cash flows (2 USC 661c(9)); for example, a policy change
affecting the repayment period or interest rate for a group of existing
loans. Changes within the terms of existing contracts or through other
existing authorities are not considered modifications under FCRA. In
addition, "work outs" of individual loans, such as a change in the
amount or timing of payments to be made, are not considered
modifications. The effects of these changes should be included in the
annual reestimates of the estimated net present value of the
obligations.
Note 10: OMB Circular A-34, section 70.2(x) instructs agencies to make
annual reestimates to adjust the net present value of direct loans and
loan guarantee obligations for changes in the estimated amounts of
items such as defaults and the timing of payments. Permanent indefinite
authority has been provided for reestimates.
[End of section]
395 G - ROTATION TESTING OF CONTROLS:
OVERVIEW:
.01:
Rotation testing of controls, as discussed in paragraph 380.01, may be
considered for testing financial reporting controls of an entity with
multiple significant accounting cycles/applications, provided that
effective financial reporting controls within all significant cycles/
applications have been evaluated and tested within a sufficiently
recent period of years. Under a rotation plan, such controls are tested
in different cycles/applications each year such that each cycle/
application is selected for testing, as described in sections 310-380,
at least once during a rotation period of several years, but not
necessarily every year. For example, a rotation plan for an entity with
five significant cycles/applications might include tests of two or
three cycles/applications annually, covering all cycles/applications
in a two or three year period. Rotation testing should be limited to
computerized applications that have strong computer general controls
because computer programs ordinarily function consistently in the
absence of programming changes, reducing the probability of random
errors.
.02:
Less extensive work must be performed annually for financial reporting
controls in significant cycles/applications not selected for testing.
This work consists of:
*
updating the auditor's understanding of the control environment, risk
assessment, communication, and monitoring, accounting system, and
financial reporting control activities, including performing
walkthroughs, and:
* performing any other procedures that may be necessary under the
specific circumstances to support the report on internal control and
the evaluation of internal controls relied on in performing certain
audit procedures.
.03:
The auditor's decision to use rotation is made on a cycle-by-cycle or
application-by-application basis, so some cycles/applications might be
tested annually and others by rotation. In rotation testing, the
auditor relies on cumulative audit evidence and knowledge, including
that gathered in prior years, to support the assessment of and report
on internal control. Accordingly, rotation may be used only when all
the following conditions exist:
* The auditor possesses a "foundation" of audit evidence on which to
develop current audit conclusions.
* Control risk is low; the control environment, risk assessment,
communication, and monitoring are strong; and inherent and fraud risk
factors are reasonably low.
* Financial reporting controls over all significant cycles/applications
have been evaluated and tested during a sufficiently recent period
(generally within 3 years).
* Recurring audits of the entity enable a rotation plan to be effective.
* No specific reporting or risk issues preclude the use of rotation.
(For example, cycles/applications do not affect such sensitive areas
as loan loss reserves.):
.04:
Ordinarily, the following cycles/applications should be subjected to
tests of financial reporting controls and should be excluded from
rotation testing:
* any cycle/application that is disproportionately significant.
* any cycle/application that has undergone major change since financial
reporting controls were most recently tested.
The auditor should consider whether assets susceptible to loss or
theft, such as cash on hand or imprest funds, also should be excluded
from rotational testing.
.05:
The foundation of audit evidence to support a rotation plan, which is
updated and increased through limited tests and other relevant audit
evidence, may be obtained from one or a combination of the following:
* evidence gathered in one or more prior audits and:
* the current or prior work of another auditor, after the auditor
considers the requirements of FAM section 650.
CIRCUMSTANCES UNDER WHICH ROTATION TESTING MAY BE USED:
.06:
The auditor should exercise judgment in determining whether to use
rotation. Factors that the auditor should consider include the
following:
* The results and extent of the auditor's prior experiences with the
entity and its cycles/applications, including the length of time since
financial reporting controls were tested.
The effectiveness of prior evidence ordinarily diminishes with the
passage of time.
* The importance of the cycles/applications to the overall entity and
the nature of the audit assertion or assertions involved.
As the significance of cycles/applications and assertions increases,
the frequency of testing thereof ordinarily increases.
* The auditor's assessment of inherent and fraud risk.
The effectiveness of rotation ordinarily diminishes as inherent and
fraud risk increase.
* The auditor's preliminary assessment of control risk.
The effectiveness of rotation ordinarily diminishes rapidly as control
risk increases.
* The extent to which control is centralized or decentralized.
The effectiveness of rotation ordinarily diminishes rapidly as control
becomes more decentralized.
* The number and relative sizes of the respective cycles/applications.
The efficiency of rotation ordinarily increases as the number and size
of cycles/applications increase.
* The nature and extent of audit evidence about internal controls that
may result from substantive testing in the current audit.
Information obtained concurrently with substantive testing might
provide evidence about the functioning of cycles/applications.
* The extent of oversight provided by others.
Work performed by others might be used to reduce tests of financial
reporting controls. (See FAM section 650.):
* Any special reporting or entity requirements.
The auditor should perform sufficient tests to meet any special
requirements, such as a special report on the functioning of a specific
cycle/application.
.07:
For any rotation testing plan, the auditor should document in a
memorandum approved by the Reviewer:
* the schedule for testing all significant cycles/applications;
* the reasons for using such a plan;
* any limitations on the use of such a plan; and:
* any other significant aspects, including descriptions of any
modifications to rotation plans established in previous years. A
rotation plan should be reevaluated annually.
[End of section]
395 H - SPECIFIC CONTROL EVALUATION WORKSHEET:
The auditor should use the SCE worksheet or equivalent to document the
evaluation of control activities in the internal control phase. This
section illustrates an SCE worksheet for the cash receipts application
for a hypothetical federal government entity, "XYZ Agency" (XYZ). (See
page 395 H-3.):
An SCE worksheet should be prepared for each significant accounting
application. The auditor generally should use the SCE worksheet to
document the evaluation of compliance (including budget) and operations
controls. The worksheet may be completed for financial reporting
controls as follows:
1. List each assertion that is relevant to the accounting application.
While all five financial statement assertions relate to line item/
account-related accounting applications, the existence or occurrence,
completeness, and valuation assertions relate principally to
transaction-related accounting applications, as illustrated at section
395 B. Therefore, assertions relevant to cash receipts would be
existence or occurrence, completeness, and valuation.
2. From the Account Risk Analysis (see section 240), list the
significant line items or accounts that the accounting application
affects. For example, cash and accounts receivable are ordinarily
affected by cash receipts.
3. Document the assertions for each of the line items or accounts
identified in step 2 that relate to each accounting application
assertion (see section 330).
4. For each significant account assertion, identify the potential
misstatements that could occur in the accounting application and the
related control objectives, based on the generic list of potential
misstatements and control objectives included in section 395 B. This
list should be tailored to the accounting application and the entity
and, if necessary, should be supplemented with additional objectives or
subobjectives.[Footnote 14]
5. List control activities selected for testing that achieve each
control objective identified above and indicate whether each is an IS
control. Section 395 C illustrates typical control activities to
achieve financial reporting control objectives. User controls where the
user would be able to detect misstatements in the computer-generated
information independently of IS is not an IS control.
6. Document the effectiveness of control activities in achieving the
control objectives in relation to each potential misstatement and
cross-reference to the audit procedures in the testing program. (The
overall assessment of financial reporting controls should be documented
in the ARA document, as illustrated in section 395 I.):
[See PDF for image]
[End of table]
FOOTNOTES
[1] The auditor should consider coordinating sampling control tests
with substantive audit procedures and/or tests of compliance with laws
and regulations (multipurpose tests) to maximize efficiency. See
section 450 for further discussion.
[2] The auditor should consider coordinating sampling control tests
with substantive audit procedures and/or tests of compliance with laws
and regulations (multipurpose tests) to maximize efficiency. See
section 450 for further discussion.
[3] As indicated in paragraphs 260.27-.31, the FMFIA report and its
supporting documentation may be considered as a starting point for
evaluating internal control. The auditor may use management's
documentation of systems and internal control where appropriate.
Management's tests of controls may be used by the auditor in testing
controls, if such tests were executed by competent individuals
independent of the controls. (See AU 322 (SAS 65) and section 650 for
further information.)
[4] Section 395 C presents a list of typical control activities that an
entity may establish to help prevent or detect misstatements in
financial statement assertions.
[5] Assertions that have high inherent risk normally require stronger
or more extensive controls to prevent or detect misstatements than
assertions without such risk.
[6] Control environment, risk assessment, communication, and monitoring
weaknesses may result in ineffective control activities. If so, the
auditor should still identify and test specific control activities, but
the extent of such testing should be limited, as discussed in paragraph
340.02.
[7] The auditor may assess control and combined risk on a preliminary
basis at an earlier point in the audit, if preferred.
[8] Specific relevant control activities will be documented later in
the specific control evaluation worksheet or equivalent, after related
control objectives have been identified. (See paragraphs 330.02-.11.)
[9] Although the auditor may gather information on control activities
in preparing the flowchart, such techniques should be documented in the
SCE worksheet or equivalent, if applicable, and need not be documented
in the flowchart.
[10] For additional information on budget execution, see OMB Circular
A-34, Instructions on Budget Execution, November 3, 2000.
[11] In the normal flow of business, when obligations are incurred, a
credit to "undelivered orders" or "unexpended obligations - unpaid" is
recorded. When the goods or services are received, the obligation is
reduced and a credit to "expended authority - unpaid" (a payable) is
recorded. When the obligation is paid and the outlay is made, the
transaction is credited to "expended authority - paid." For additional
transaction details, see the U.S. Standard General Ledger Accounting
Transactions Supplement of the Treasury Financial Manual.
[12] Amounts of commitments, obligations, and expended authority may
differ for a particular item acquired. Commitments are made at
"initial" estimates, obligations at "later" estimates," and expended
authority at "actual" amounts.
[13] OMB apportionments may, as a result of impoundments (rescissions
or deferrals), be less than the amount of the apportionments requested
by the entity. The auditor should notify OGC of any impoundments that
come to his or her attention. OMB may also approve amounts available
different from those requested by time period, activities, projects, or
objects.
[14] In the SCE worksheet, the auditor may either commingle the
documentation of compliance (including budget) and operations controls
with that of financial reporting controls to the extent relevant or
present each of these types of controls in a separate SCE. To complete
the SCE worksheet for these controls, the auditor begins by inserting
relevant control objectives and performs steps 5 and 6 above.
[End of section]
SECTION 400:
Testing Phase:
Figure 400.1: Methodology Overview
Planning Phase:
* Understand the entity's operations: Section 220:
* Perform preliminary analytical procedures: Section 225:
* Determine planning, design, and test materiality: Section 230:
* Identify significant line items, accounts, assertions, and RSSI:
Section 235:
* Identify significant cycles, accounting applications, and financial
management systems: Section 240:
* Identify significant provisions of laws and regulations: Section 245:
* Identify relevant budget restrictions: Section 250:
* Assess risk factors: Section 260:
* Determine likelihood of effective information system controls:
Section 270:
* Identify relevant operations controls to evaluate and test: Section
275:
* Plan other audit procedures: Section 280:
* Plan locations to visit: Section 285:
Internal Control Phase:
* Understand information systems: Section 320:
* Identify control objectives: Section 330:
* Identify and understand relevant control activities: Section 340:
* Determine the nature, timing, and extent of control tests and of
tests for systems’ compliance with FFMIA requirements: Section 350:
* Perform nonsampling control tests and tests for systems’ compliance
with FFMIA requirements: Section 360:
* Assess controls on a preliminary basis: Section 370:
Testing Phase:
* Consider the nature, timing, and extent of tests: Section 420:
* Design efficient tests: Section 430:
* Perform tests and evaluate results: Section 440:
** Sampling control tests: Section 450:
** Compliance tests: Section 460:
** Substantive tests: Section 470:
*** Substantive analytical procedures: Section 475:
*** Substantive detail tests: Section 480:
Reporting Phase:
* Perform overall analytical procedures: Section 520:
* Determine adequacy of audit procedures and audit scope: Section 530:
* Evaluate misstatements: Section 540:
* Conclude other audit procedures: Section 550:
** Inquire of attorneys:
** Consider subsequent events:
** Obtain management representations:
** Consider related party transactions:
* Determine conformity with generally accepted accounting principles:
560:
* Determine compliance with GAO/PCIE Financial Audit Manual: Section
570:
* Draft reports: Section 580:
[End of figure]
410 - OVERVIEW:
.01:
During the testing phase, the auditor gathers evidence to report on the
financial statements, internal control, whether the entity's systems
are in substantial compliance with the three requirements of FFMIA, and
the entity's compliance with significant provisions of laws and
regulations. (See figure 400.1.) The following types of tests are
performed in the testing phase:
* Sampling control tests may be performed to obtain evidence about the
achievement of specific control objectives. If the auditor obtains
sufficient evidence regarding control objectives through the use of
nonsampling control tests (such as observation, inquiry, and
walkthroughs including inspection of documents), sampling control tests
are not necessary, as discussed in section 350. Further guidance on
sampling control tests begins in section 450.
* Compliance tests are performed to obtain evidence about compliance
with significant provisions of laws and regulations. Further guidance
on compliance tests is in section 460.
* Substantive tests are performed to obtain evidence that provides
reasonable assurance about whether the financial statements and related
assertions are free of material misstatement. Further guidance on
substantive tests is in section 470.
.02:
Sampling is often used in these tests. Sampling requires the exercise
of professional judgment as well as knowledge of statistical sampling
methods. The following sections provide a framework for applying
sampling to financial audit situations, but are not meant to be a
comprehensive discussion. Additional background and guidance on
sampling is provided in the Audit Guide Audit Sampling (2001
issue),[Footnote 1] published in 1999 by the American Institute of
Certified Public Accountants and in Using Statistical Sampling
published by GAO (accession number 129810). The auditor should consider
whether he or she needs to consult with the Statistician for assistance
in designing and evaluating samples. The auditor should consider the
costs and benefits in determining which type of sampling to use.
.03:
During this phase, the auditor performs the following activities for
each type of test:
* Consider the nature, timing, and extent of tests:
* Design efficient tests:
* Perform tests:
* Evaluate results:
Each of these processes is discussed below.
[End of section]
420 - CONSIDER THE NATURE, TIMING, AND EXTENT OF TESTS:
CONSIDER THE NATURE OF TESTS:
.01:
The auditor determines the testing methods that will best achieve the
audit objectives for sampling control tests, compliance tests, and
substantive tests. Testing methods generally can be classified as
either analytical procedures or detail tests. Analytical procedures
involve the comparison of the recorded test amount with the auditor's
expectation of the recorded amount and the investigation of any
significant differences between these amounts. Detail tests can be
classified in two general categories: sampling and nonsampling.
Sampling methods involve the selection of individual items from a
population with the objective of reaching a conclusion on all the items
in the population (including those not selected for testing).
Nonsampling methods involve selections to reach a conclusion only on
the items tested. Nonsampling requires the auditor to assess the risk
of misstatement in the items not tested.
.02:
The testing method selected by the auditor is a matter of the auditor's
judgment, considering the objectives of the test, the nature of the
population, the results of procedures performed during the planning and
internal control phases (including combined risk assessment and test
materiality), and possible efficiencies. For tests that involve
sampling, efficiencies can be achieved by using a common sample for
each test. These potential efficiencies are discussed further in
section 430.
CONSIDER THE TIMING OF TESTS:
.03:
As discussed in section 295 D, the auditor may choose to conduct tests
before or after the balance sheet date (interim testing) or to conduct
all tests as of the balance sheet date. Section 495 C provides guidance
on interim testing, tests of the period between the interim date and
the balance sheet date (the rollforward period), and related
documentation.
CONSIDER THE EXTENT OF TESTS:
.04:
For each type of test, the auditor determines, based on judgment, the
extent of tests to be performed. Generally, the extent of sampling
control tests is a function of the auditor's preliminary assessment of
the effectiveness of controls and the number of control deviations
expected. The extent of compliance tests is a function of the
effectiveness of compliance controls. The extent of substantive tests
is a function of combined risk and test materiality.
[End of section]
430 - DESIGN EFFICIENT TESTS:
.01:
After considering the general nature, timing, and extent of the tests
to be performed, the auditor should design specific tests. The auditor
should coordinate similar tests to maximize efficiency. For tests that
involve sampling, efficiencies can be realized by performing numerous
tests on a common sample (multipurpose testing).[Footnote 2] The
auditor generally should minimize the number of separate sampling
applications performed on the same population by attempting to
effectively achieve as many objectives as possible using the items
selected for testing.
.02:
As discussed in section 480, there are several methods of selecting
items for testing. When determining the selection method to use during
a multipurpose test, the auditor generally should use the method
considered most appropriate for substantive detail tests in the
particular situation. Use of this selection method is usually the most
efficient because sampling control and compliance tests generally can
be based on any type of sample.
.03:
For example, the auditor might use a sample of property additions to
(1) substantively test the amount of additions and (2) test financial
reporting controls over property acquisition. If a substantive test
would require 135 sample items and if the test of financial reporting
controls would require 45 sample items, the auditor should select 135
items in the sample but test controls relating only to 45. The 45 items
for control testing should be selected randomly or systematically (with
a random start) from the 135 sample items. For example, beginning from
a random start, every third item selected for substantive testing
should be tested for controls. If appropriate, the auditor may test
controls relating to all sample items to provide additional assurance
concerning controls.
[End of section]
440 - PERFORM TESTS AND EVALUATE RESULTS:
.01:
The auditor should perform the planned tests and should evaluate the
results of each type of test separately, without respect to whether the
items were chosen as part of a multipurpose test. Guidance on
performing and evaluating the results is presented for each type of
test in the following sections:
* Section 450 - Sampling control tests,
* Section 460 - Compliance tests, and
* Section 470 - Substantive tests.
.02:
Sometimes, tests performed with the expectation of obtaining certain
results give other results. When this happens, the auditor may wish to
expand a sample to test additional items. Unless planned for in
advance, this generally cannot be done simply, as discussed in
paragraphs 450.17, 460.02, and 480.28; the auditor should consult with
the Statistician in such cases.
.03:
The auditor should keep in mind that the consideration of the risk of
material misstatement due to fraud (discussed in section 260 for
planning) is a cumulative process that should be ongoing throughout the
audit. During testing, the auditor may become aware of additional fraud
risk factors or other conditions that may affect the auditor's
consideration of fraud risk factors identified during planning, such as
discrepancies in the accounting records, conflicting or missing
evidential matter, or problematic or unusual relationships between the
auditor and the entity being audited. The auditor should consider
whether fraud risk factors or other conditions identified require
additional or different audit procedures. (See section 540.):
.04:
For CFO Act agencies and components listed in OMB audit guidance the
auditor is required to report on the substantial compliance of their
financial management systems with the requirements of FFMIA. The
auditor should conclude on substantial compliance at the completion of
the audit work based on work done in the internal control and testing
phases, as discussed in section 540.
[End of section]
450 - SAMPLING CONTROL TESTS:
.01:
Controls that leave documentary evidence of their existence and
application may be tested by inspecting this evidence. If sufficient
evidence cannot be obtained through walkthroughs in combination with
other observation and inquiry tests, the auditor generally should
obtain more evidence by inspecting individual items selected using
sampling procedures. The auditor may use multipurpose testing to use
the same sample to test controls and/or compliance and/or balances
(substantive test). This is usually more efficient. Alternatively, the
auditor may design a sample to test controls alone. In this case, the
auditor generally should use random attribute sampling (described
beginning in paragraph 450.05) to select items for sampling control
tests.
.02:
When planning sampling control tests, the auditor should determine (1)
the objectives of the test (including what constitutes a deviation),
(2) the population (including sampling unit and frame), (3) the method
of selecting the sample, and (4) the sample design and resulting sample
size. The auditor should document the sampling plan in the workpapers.
See section 495 E for example workpapers for documenting samples.
OBJECTIVES OF THE TEST:
.03:
The auditor should clearly indicate the objectives of the specific
control test. In designing samples for control tests, the auditor
ordinarily should plan to evaluate operating effectiveness in terms of
the rate of deviations in units or dollars from prescribed controls.
This involves defining (1) the specific control to be tested and (2)
the deviation conditions. The auditor should define control deviations
in terms of control activities not followed. For example, the auditor
might define a deviation in cash disbursements as "invoice not approved
and initialed by authorized individual.":
POPULATION:
.04:
In defining the population, the auditor should identify the whole set
of items on which the auditor needs to reach a conclusion and from
which the sample should be drawn. This includes (1) describing the
population, (2) determining the source document or the transaction
documents to be tested, and (3) defining the period covered by the
test. When multiple locations are involved, the auditor may consider
all or several locations as one population for sampling if the controls
at each location are components of one overall control system. Before
combining locations into one population, the auditor should consider
such factors as (1) the extent of uniformity of the controls and their
applications at each location, (2) whether significant changes can be
made to the controls or their application at the local level, (3) the
amount and nature of centralized oversight or control over local
operations, and (4) whether there could be a need for separate
conclusions for each location. If the auditor concludes that the
locations should be separate populations, he or she should select
separate samples at each location; he or she should evaluate the
results of each sample separately.
METHOD OF SELECTION:
.05:
The auditor should select a sample that he or she expects to be
representative of the population. For tests of controls, attribute
sampling achieves this objective. Attribute sampling requires random
selection of sample items without considering the transactions' dollar
amount or other special characteristics. IDEA or other software may be
used to make random selections.
SAMPLE SIZE:
.06:
In designing attribute samples for which inspection is the principal
source of evidence of control effectiveness, the auditor should
determine the objectives of the sample. For financial reporting control
tests, the objective is to support the preliminary assessment of
control risk as either moderate or low. For compliance and operations
control tests, the objective is to support the preliminary assessment
of the control as effective. In addition, for financial reporting and
compliance control tests, there is an objective of obtaining evidence
to support the auditor's report on internal control.
.07:
To determine the sample size, the auditor uses judgment to determine
three factors: the confidence level, the tolerable rate (maximum rate
of deviations from the prescribed control that the auditor is willing
to accept without altering the preliminary assessment of control
effectiveness), and the expected population deviation rate (expected
error rate). Once the auditor determines these factors, he or she may
use software (such as IDEA) or tables to determine sample size and to
determine how many deviations the auditor may find without having to
change the control risk assessment. GAO uses Tables I and II. Table I
on the following page may be used to determine the sample sizes
necessary to support these preliminary assessments of controls and to
conclude on the effectiveness of the controls. Tables I and II are used
to evaluate the test results. The AICPA has other examples in its
guidance, and the GAO factors are within the range of the AICPA
examples. If an auditor chooses to use factors other than Tables I and
II, he or she should consult with the Statistician.
.08:
Tables I and II are based on a 90 percent confidence level. (This
confidence level used at GAO is generally appropriate because the
auditor obtains additional satisfaction regarding controls through
other tests such as substantive tests, inquiry, observation, and
walkthroughs.):
.09:
Tables I and II are each based on different tolerable rates. Table I is
based on a tolerable rate of 5 percent, and Table II is based on a
tolerable rate of 10 percent. Each table shows various sample sizes and
the maximum number of deviations that may be detected in each sample to
rely on the controls at the determined control risk level. (See
paragraphs 450.13-.15 for a discussion of the evaluation of test
results.)[Footnote 3]
Figure 450.1: Sample Sizes and Acceptable Numbers of Deviations; (90%
Confidence Level).
TABLE I: (Tolerable rate of 5%):
(Use for determining sample sizes in all cases):
Sample size: 45; Acceptable Number of Deviations: 0.
Sample size: 78; Acceptable Number of Deviations: 1
Sample size: 105; Acceptable Number of Deviations: 2.
Sample size: 132; Acceptable Number of Deviations: 3.
Sample size: 158; Acceptable Number of Deviations: 4.
Sample size: 209; Acceptable Number of Deviations: 6
[End of table]
TABLE II: (Tolerable rate of 10%)
(Use for evaluating sample results only if preliminary assessment of
financial reporting control risk is low and deviations exceed Table I):
Sample size: 45; Acceptable Number of Deviations: 1.
Sample size: 78; Acceptable Number of Deviations: 4.
Sample size: 105; Acceptable Number of Deviations: 6.
Sample size: 132; Acceptable Number of Deviations: 8.
Sample size: 158; Acceptable Number of Deviations: 10.
Sample size: 209; Acceptable Number of Deviations: 14.
[End of table]
[End of table]
.10:
For financial reporting controls, if the preliminary assessment of
control risk is low or moderate, Table I may be used to determine
sample size. OMB audit guidance requires the auditor to perform
sufficient control tests to justify a low assessed level of control
risk, if controls have been properly designed and placed in operation.
.11:
For compliance and operations controls, sample sizes may also be
determined using Table I.
.12:
The auditor may use the sample size indicated for 0 acceptable
deviations (45 items). If no deviations are expected, the sample size
will be the most efficient for assessing control effectiveness; if no
deviations are found, the sample will be sufficient to support the
assessment of control risk. However, the auditor may use a larger
sample size if control deviations are expected to occur but not exceed
the acceptable number of deviations for the table.
EVALUATING TEST RESULTS:
Financial Reporting Controls:
.13:
To evaluate sample results, the auditor needs the sample size, the
number of deviations, and the confidence level. The auditor may use
software (such as IDEA) or tables to evaluate results.[Footnote 4] If
the auditor used Table I to determine sample size, and deviations are
noted that exceed the acceptable number for the sample size, the
auditor should follow the guidance below in deciding how to revise the
preliminary assessment of control risk:
* Low control risk: If the preliminary assessment of control risk is
low and if deviations are noted that exceed the acceptable number for
Table I, but not Table II, control risk may be assessed as moderate.
For example, if the original sample was 45 items, the auditor may
reduce the assessment of control risk to a moderate level if there is
not more than 1 deviation. If the auditor finds more than 1 deviation
with a sample size of 45 items, the auditor concludes that the
controls being tested are not operating effectively and should
reassess control risk as high.
* Moderate control risk: If the preliminary assessment of control risk
is moderate and if control deviations exceed the acceptable number for
Table I, the auditor should conclude that control risk is high. The
preliminary assessment of control risk is based on the assumption that
the controls operate as designed. If the preliminary assessment of
control risk is moderate and if control tests indicate that the control
is not operating as designed (deviations exceed the acceptable number
in Table I), the auditor should conclude that the control is
ineffective and revise the control risk assessment to high.
Compliance Controls:
.14:
If Table I is used to determine sample size and deviations are noted
that exceed the acceptable number for the sample sizes shown in Table
I, the auditor should conclude that the compliance control is not
effective. The auditor also should determine whether any deviations
noted ultimately resulted in noncompliance with a budget-related or
other law or regulation.
Operations Controls:
.15:
If Table I is used to determine sample size and deviations are noted
that exceed the acceptable number for the sample sizes shown in Table
I, the auditor should conclude that the operations control is not
effective. The auditor should not place reliance on ineffective
operations controls when performing other auditing procedures.
OTHER CONSIDERATIONS:
.16:
If, during the testing of sample items, the number of deviations
exceeds the acceptable number of deviations in Table I or II (as
applicable), the auditor concludes that the controls are not operating
as designed. However, the auditor should consider whether there are
other reasons for continuing to test the remaining sample items. For
example, audit team management should determine whether additional
information (such as an estimate of the population rate of occurrence)
is needed to report control weaknesses as described in paragraphs
580.31-.57. The significance of the weakness will determine how the
auditor reports the finding and, therefore, which elements of the
finding (condition, cause, criteria, possible effect, and
recommendation or suggestion) need to be developed. Or, the auditor may
want to include an interval estimate in the report. The auditor should
consult with audit team management and the Statistician in deciding
whether to complete the testing of the sample.
.17:
If an unacceptable number of deviations is noted in the original sample
and the auditor believes the use of a larger sample size might result
in an acceptable number of deviations, the auditor should consult with
the Statistician before selecting additional sample items. The
selection and evaluation of additional sample items cannot be based on
Tables I or II or on the formulas used by IDEA.
.18:
The auditor should consult with the Statistician when projecting the
rate of sample control deviations to a population for disclosure in a
report. While typically stated as a percentage of transactions, the
deviation rate is expressed as a percentage of dollars in the
population if sampling control tests are performed on a sample selected
using DUS (see paragraphs 480.14-.23).
[End of section]
460 - COMPLIANCE TESTS:
.01:
The type of provision of a law or regulation and the assessment of the
effectiveness of compliance controls affect the nature and extent of
compliance testing. Based on the type of provision (as discussed in
paragraph 245.01) the compliance tests discussed below should be
performed.
TRANSACTION-BASED PROVISIONS:
.02:
To test transaction-based provisions, the auditor should use sampling
to select specific transactions for testing compliance. The selection
of transactions to test may be combined with tests of financial
reporting, compliance, or operations controls and/or with substantive
tests, as appropriate. If the selection is solely for compliance
testing, the auditor generally should use a random attribute sample
(see paragraph 450.05). To determine sample size, the auditor needs to
make judgments as to confidence level, tolerable rate, and expected
population deviation rate. Confidence level should be related to
compliance control risk. For example, if the auditor determines
compliance controls are effective, he or she may use an 80 percent
confidence level; if ineffective, a 95 percent confidence level.
Tolerable rate is the rate of transactions not in compliance that could
exist in the population without causing the auditor to believe the
noncompliance rate is too high. GAO auditors should use 5 percent for
this. Since the auditor will assess the impact of all identified
noncompliance, many auditors use zero as the expected population
deviation rate. Using the above factors yields the following sample
sizes:
[See PDF for image]
[End of figure]
Since the auditor usually reports compliance on an entitywide basis,
the auditor may use these sample sizes on an entitywide basis.
Evaluation of test results is discussed in paragraph 460.07. The
auditor should test the entire sample, even if instances of
noncompliance are detected. If compliance controls were assessed on a
preliminary basis as effective and the results of testing indicated
that this assessment is not appropriate, in the above example, the
auditor should consult with the Statistician to determine the
appropriate sample size and selection procedures. The auditor cannot
merely choose the other sample size, but may, for example, increase the
sample size from 32 to 65 by using sequential sampling and randomly
selecting 33 additional items. The Statistician should also evaluate
the results when a test is expanded.
QUANTITATIVE-BASED PROVISIONS:
.03:
Generally, effective compliance controls should provide reasonable
assurance that the accumulation/summarization of information is
accurate and complete. If the compliance controls do not provide such
reasonable assurance, the auditor should test the accumulation of
information directly for existence, completeness, and summarization.
Such tests may be either samples or nonsampling selections and
generally should be designed to detect misstatements that exceed an
auditor-determined percentage of the total amount of the summarized
information or the amount of the restriction stated in the provision,
if any (GAO generally uses 5 percent for this test materiality). (The
amount of the restriction is described in paragraph 245.01.) Such tests
may be discontinued if significant misstatements are noted that would
preclude compliance. The test for compliance is the comparison of the
accumulated/summarized information with any restrictions on the amounts
stated in the identified provision.
.04:
For example, if provisions of budget-related laws and regulations are
considered significant and if related budget and consequently
compliance controls are ineffective, the auditor should test the
summarized information directly for the following potential
misstatements in budget execution information:
* Validity: Recorded amounts are not valid. (See section 395 F for
validity criteria for obligations, expended authority, and outlays.):
* Completeness: Not all amounts are recorded.
* Cutoff: Obligations, expended authority, and outlays are not recorded
in the proper period.
* Recording: Obligations, expended authority, and outlays are not
recorded at the proper amount.
* Classification: Obligations, expended authority, and outlays are not
recorded in the proper account by program and by object, if applicable,
including the proper appropriation year if the account has multiple
years. (Examples of program and object classifications are provided in
section 395 F.):
* Summarization: Transactions are not properly summarized to the
respective account totals.
.05:
An example of audit procedures to test for these misstatements is
included in section 495 B.
PROCEDURAL-BASED PROVISIONS:
.06:
In testing compliance controls relating to a procedural-based
provision, the auditor generally would obtain sufficient evidence to
conclude whether the entity performed the procedure and therefore
complied with the provision. For example, the auditor's tests of
compliance controls concerning receipt of information from grantees
generally would provide evidence of whether such information was
received and therefore whether the entity complied. If compliance
control tests do not provide sufficient evidence to determine
compliance, the auditor should perform additional procedures, as
considered necessary, to obtain such evidence.
EVALUATING TEST RESULTS:
.07:
For any possible instances of noncompliance noted in connection with
the procedures described above or other audit procedures, the auditor
should:
* discuss such possible instances with OGC and, when appropriate, the
Special Investigator Unit and conclude whether noncompliance has
occurred and the implications of any noncompliance;
* identify the weakness in compliance controls that allowed the
noncompliance to occur, if not previously identified during compliance
control testing;
* report the nature of any weakness in compliance controls and consider
modification of the report on internal control as appropriate (see
paragraphs 580.31-.55);
* consider the implications of any instances of noncompliance on the
financial statements; and:
* report instances of noncompliance, as appropriate. (See paragraphs
580.67-.75.):
[End of section]
470 - SUBSTANTIVE TESTS - OVERVIEW:
.01:
In the internal control phase, the auditor preliminarily assesses the
level of combined (inherent and control) risk for each significant
assertion within each significant line item or account (see section
370). Substantive audit procedures should be applied to all significant
assertions in significant financial statement line items and accounts.
The auditor's objective during substantive tests is to determine
whether the assertions are materially misstated and to form an opinion
about whether the financial statements are presented fairly in
accordance with GAAP. To determine if significant assertions are
misstated, the auditor should consider designing substantive tests to
detect each of the potential misstatements in assertions that were
developed in the internal control phase (see section 330). In addition,
the auditor should consider whether efficiencies can be achieved by
using the concepts of directional testing, as discussed in paragraphs
470.14-.16.
.02:
Based on the level of expected overall audit assurance determined in
the planning phase of the audit (see paragraph 260.04), the auditor
should establish the minimum levels of substantive assurance for each
level of combined risk. For example, based on the audit risk model in
AU 350 and a desired overall audit assurance of 95 percent, GAO
considers the following minimum levels of substantive assurance for
each level of combined risk to be appropriate:
Low combined risk: 63%:
Moderate combined risk: 86%:
High combined risk: 95%:
Substantive assurance is the auditor's judgment that all of the
auditor's substantive tests will detect misstatements that in total
exceed materiality. Substantive assurance, which relates to the entire
audit and correlates directly with the level of combined risk, is not
the same as confidence level, which is for a specific sample. The
higher the risk, the more substantive assurance required.
TYPES OF SUBSTANTIVE TESTS:
.03:
There are two general types of substantive tests: (1) substantive
analytical procedures and (2) tests of details. To achieve the required
substantive assurance (discussed above) the auditor may use either of
these tests or a combination of the two. The type of test to use and
the amount of reliance to place on each type of procedure, within the
framework of the audit matrix (discussed in paragraph 470.10), is a
matter of the auditor's judgment and should be based on effectiveness
and efficiency considerations.
Substantive analytical procedures:
.04:
Substantive analytical procedures involve the comparison of a recorded
amount with the auditor's expectation of that amount and investigation
of any significant differences to reach a conclusion on the recorded
amount. Analytical procedures involve a study of plausible
relationships among both financial and nonfinancial data. A basic
premise is that plausible relationships among data may reasonably exist
and continue in the absence of errors, fraud, or changes in
circumstances. (See AU 329.):
.05:
Substantive analytical procedures may be performed at one of three
levels for an assertion, as follows:
* Complete: The auditor relies solely on analytical procedures for all
of the assurance required from substantive procedures. The procedure
is so persuasive that the auditor believes that it will detect any
aggregate misstatements that exceed test materiality.
* Partial: The auditor relies on a combination of analytical procedures
and tests of details to obtain an appropriate level of substantive
assurance. For partial assurance, the auditor believes that the
analytical procedures should detect any aggregate misstatements that
exceed test materiality.
* None: The auditor does not rely on analytical procedures for
substantive assurance. All substantive assurance will be obtained from
tests of details. In this situation, supplemental analytical
procedures may be performed to increase the auditor's understanding of
account balances and transactions, but not to provide any additional
substantive assurance. These procedures are similar in scope to those
performed on an overall basis at the financial statement level (see
section 520).
.06:
To determine whether to perform complete or partial substantive
analytical procedures, the auditor should consider the effectiveness or
persuasiveness and efficiency of such procedures. In so doing, the
auditor should consider the factors discussed in detail in section 495
A.
Detail tests:
.07:
Detail tests are test procedures that are applied to individual items
selected for testing and include:
* Confirming a balance or transaction or the related terms, such as
accounts receivable or accounts payable, by obtaining and evaluating
direct communication from a third party.
* Physically observing, inspecting, or counting tangible assets, such
as inventory or property, plant, and equipment, and applying related
procedures.
* Examining supporting documents to determine whether a balance is
properly stated. For example, the auditor might examine invoices for
property and equipment purchases.
* Recalculating, or checking mathematical accuracy of entity records by
footing or crossfooting or by recomputing amounts and tracing journal
postings, subsidiary ledger balances, and other details to
corresponding general ledger accounts. For example, the auditor might
recalculate unit cost extensions in an inventory list, foot the list
(whether prepared manually or by computer), and trace the total to the
general ledger amount.
.08:
Detail tests are generally used in combination to provide sufficient
substantive assurance about an assertion. For example, to test the
valuation of accounts receivable, the auditor might confirm balances,
recalculate the aging schedule, examine documents supporting the aging
and specific delinquent accounts, and discuss collectibility with
management. On the other hand, a single detail test procedure might
provide substantive assurance about more than one of the five financial
statement assertions. For example, a physical observation of inventory
might provide evidence about existence, valuation, and presentation and
disclosure.
.09:
The minimum extent of detail testing to be performed is based on the
combined risk assessment and the amount of assurance obtained from
substantive analytical procedures, as illustrated in the Audit Matrix
(figure 470.1).
DETERMINING MIX OF SUBSTANTIVE TESTS:
.10:
In determining an appropriate mix of analytical procedures and detail
tests, the auditor should consider the following matrix (figure 470.1)
which illustrates the integration of such tests for each level of
combined risk, when the auditor is using a desired overall audit
assurance of 95 percent. GAO auditors should use this audit matrix.
Figure 470.1: Audit Matrix:
Assessed combined risk level: Low; Substantive assurance: 63%;
Substantive assurance from analytical procedures[A]: Complete; Minimum
substantive assurance from detail tests: 0%; Substantive assurance
from analytical procedures[A]: Partial; Minimum substantive assurance
from detail tests: 50%; Substantive assurance from analytical
procedures[A]: None; Minimum substantive assurance from detail tests:
86%.
Assessed combined risk level: Moderate; Substantive assurance: 86%;
Substantive assurance from analytical procedures[A]: Complete; Minimum
substantive assurance from detail tests: 0%; Substantive assurance
from analytical procedures[A]: Partial; Minimum substantive assurance
from detail tests: 77%; Substantive assurance from analytical
procedures[A]: None; Minimum substantive assurance from detail tests:
86%.
Assessed combined risk level: High; Substantive assurance: 95%;
Substantive assurance from analytical procedures[A]: Complete; Minimum
substantive assurance from detail tests: 0%; Substantive assurance
from analytical procedures[A]: Partial; Minimum substantive assurance
from detail tests: 92%; Substantive assurance from analytical
procedures[A]: None; Minimum substantive assurance from detail tests:
95%.
[A] Complete assurance from analytical procedures requires procedures
that are extremely effective and persuasive to serve as the sole source
of audit evidence for achieving the audit objective. This level of
effectiveness or persuasiveness is very difficult to achieve when
combined risk is assessed as high. Therefore, complete reliance on
analytical procedures for substantive assurance in these situations is
rare, particularly for balance sheet accounts.
[End of table]
.11:
Additional factors to consider in determining an appropriate mix of
analytical procedures and detail tests include the following:
* The nature and significance of the assertion being tested: Analytical
procedures are generally more likely to be effective for assertions
related to net cost statement accounts than for those related to
balance sheet accounts. Significant assertions generally require more
or higher quality audit evidence that may not be available from
analytical procedures.
* The nature of the combined risk: Substantive tests should be designed
to address the specific type and level of combined risk for each
assertion. For example, for certain loss claim liabilities, detail
tests might be used to search subsequent claim payments for potential
liabilities in testing the completeness assertion, while analytical
procedures might be applied to test the related valuation assertion by
evaluating the amounts per claim.
* The availability of different types of evidence: Using evidence that
can be readily obtained may be more efficient. For example, in federal
government audits, the availability of budgets and other information
may assist in performing analytical procedures.
* The quality of the respective types of evidence available: The higher
the quality of a type of evidence, the greater the level of assurance
the auditor may derive from that type (see paragraph 470.13).
* The anticipated effectiveness of analytical procedures: Detail tests
should be used if analytical procedures are not expected to be
effective.
.12:
When determining the types of substantive tests to use, the auditor's
goal should be to choose the mix of effective procedures that are
considered to be the most efficient in combination with sampling
control tests and compliance tests. The auditor should exercise
judgment when assessing the effectiveness or persuasiveness of all
audit procedures, particularly analytical procedures.
.13:
When considering a procedure's relative effectiveness, the auditor is
concerned about the expected quality of the evidence. The quality of
evidence obtained in a substantive test depends highly on the
circumstances under which it is obtained and should be evaluated with
professional skepticism. The following are generalizations about
evidence:
* Evidence obtained from independent third parties provides a higher
level of assurance than that obtained from sources in the entity.
* Evidence obtained directly by the auditor through confirmation,
physical examination, vouching, or recalculation provides a higher
level of assurance than that obtained indirectly, such as through
inquiry.
* Documentary evidence provides a higher level of assurance than oral
representations.
* Evidence obtained at or near the balance sheet date concerning an asset
or liability balance provides a higher level of assurance than that
obtained before or after the balance sheet date, because the audit risk
generally increases with the length of the intervening period.
* The lower the control risk associated with an entity's internal
control, the higher the assurance concerning the information subject to
that internal control.
OTHER EFFICIENCIES:
.14: In planning tests, the auditor should consider the relationships
between recorded amounts to help in achieving efficiencies. For
example, in double-entry accounting, a misstatement in one account
affects at least one other (related) account. This relationship gives
rise to the opportunity for testing more than one account with a single
test. Similarly, the relationship between budgetary and
proprietary[Footnote 6] accounts may provide the opportunity for
efficiencies in testing.
.15:
In double-entry accounting, a misstatement in one account affects at
least one other (related) account. For example, a misstatement of
accrued payroll typically results in a misstatement of payroll expense.
In this example, a substantive test of accrued payroll should detect
misstatements in both accrued payroll and payroll expense. In designing
substantive tests, after considering combined risk and developing an
understanding of each related account, the auditor should consider the
effect of such tests on related accounts. For example, a test of
revenue for completeness may provide substantive evidence about the
completeness of accounts receivable. In many instances where double-
entry accounting is used, it may be efficient to (1) design an overall
strategy that tests certain accounts substantively for either existence
or completeness (the two assertions most affected by testing related
accounts) and (2) rely on such tests to detect misstatements in the
related accounts. For example, the auditor might test (1) assets and
expenses directly for existence and (2) liabilities, equity, and
revenue for completeness, thereby indirectly testing the related
accounts for existence or completeness, as applicable. This logic is
called a directional testing approach.
.16:
In some instances, the auditor may need to supplement a directional
testing approach to address specific combined risks. For example, if
inherent and control risk factors warrant, the auditor might test both
existence and completeness in a test of cutoff as of the balance sheet
date. During initial financial statement audits, the auditor generally
should test both existence and completeness directly, when those
assertions are significant, because the cumulative knowledge about the
interaction of accounts may be limited.
.17:
The audit assurance that can be obtained from directional testing is
diminished in balance-sheet-only audits if related accounts are not
also tested and in audits of entities having single-entry accounting
systems (since double-entry account interrelationships do not exist).
In these instances, the auditor should test both existence and
completeness directly when those assertions are significant.
.18:
To maximize efficiency, the auditor should combine the testing of
budgetary and proprietary accounts where the combination is
appropriate. For example, the auditor may combine tests of outlays (on
the statement of budgetary resources) with tests of cash disbursements
(used to test net costs).
.19:
If an entity has budget accounting records but does not maintain
separate proprietary accounting records, or the proprietary records are
incomplete, the auditor should directly test expended authority
produced by the budget system and the items necessary to reconcile the
budget to the proprietary accounts.
.20:
Also, if (1) relevant budget restrictions relate to significant
quantitative-based provisions of laws and regulations and (2) budget
controls are not effective, the auditor should test the accumulation of
budget amounts (see paragraphs 460.03-.05).
[End of section]
475 - SUBSTANTIVE ANALYTICAL PROCEDURES:
.01:
This section provides guidance on the application of substantive
analytical procedures. Analytical procedures are sometimes referred to
as fluctuation analysis, flux analysis, predictive tests, or analytical
review. These procedures consist of comparing recorded account balances
with the auditor's expectations. The auditor develops an expectation or
estimate of what the recorded amount should be based on an analysis and
understanding of relationships between the recorded amounts and other
data. This estimate is then used to form a conclusion on the recorded
amount. A basic premise underlying analytical procedures is that
plausible relationships among data may reasonably be expected to
continue unless conditions are known that would change the
relationship. (For further information, refer to AU 329 or the Audit
Guide Analytical Procedures.):
.02:
Scanning account detail and recomputation are two other audit
procedures related to analytical procedures. Scanning consists of
searching for unusual items in the detail of account balances. Scanning
is an appropriate tool to investigate the cause of a significant
fluctuation, but it is not considered a substantive analytical
procedure on its own. Unusual items identified through scanning should
be investigated to obtain substantive assurance about the unusual
items. The auditor may independently compute an estimate of an account
balance, which is sometimes referred to as recomputation or an overall
test of reasonableness. These recomputations are considered substantive
analytical procedures. When making recomputations, the auditor should
assess the reliability of the data used and should follow the steps
used for performing substantive analytical procedures.
.03:
The risk of forming the incorrect conclusion on the account balance
tested may be higher for substantive analytical procedures than for
detail tests because of the procedures' extensive use of the auditor's
judgment. Accordingly, quality control is of critical importance. To
help maintain a high level of quality in these procedures, the
assessment of the amount of reliance to place on the procedures, the
design of the procedures, and the formulation of conclusions on the
results of these procedures should be performed or closely supervised
and reviewed by experienced audit team personnel.
PERFORMING SUBSTANTIVE ANALYTICAL PROCEDURES:
.04:
If substantive analytical procedures are used, the auditor should
perform steps a. through l. below:
a. Determine the amount of the limit. The limit is the amount of
difference between the auditor's expectation and the recorded amount
that the auditor will accept without investigation. The determination
of the limit is a matter of the auditor's judgment; some guidelines are
provided in paragraph 475.05. The guidelines consider the amount of
substantive assurance desired from analytical procedures.
b. Identify a plausible, predictable relationship and develop a model
to calculate an expectation of the recorded amount. Consider the type
of misstatements that could occur and how those misstatements would be
detected by the model.
c. Gather data for developing the expectation, and perform appropriate
procedures to establish the reliability of the data. The reliability of
these base data is subject to the auditor's judgment. The reliability
of data is discussed further in section 495 A.
d. Develop the expectation of the recorded amount using the information
obtained during the previous steps. The preciseness of the expectation
is subject to the auditor's judgment and is discussed further in
section 495 A.
e. Compare the expectation with the recorded amount, and note the
difference.
f. Obtain explanations for differences that exceed the limit, since such
differences are considered significant.
g. Corroborate explanations for significant differences.
h. Determine whether the explanations and corroborating evidence
provide sufficient evidence for the desired level of substantive
assurance. If unable to obtain a sufficient level of substantive
assurance from analytical procedures, perform additional procedures as
discussed in paragraphs 475.12-.17 and consider whether the difference
represents a misstatement.
i. Consider whether the assessment of combined risk remains appropriate,
particularly in light of any misstatements identified. Revise the
assessment of combined risk, if necessary, and consider the effects on
the extent of detail tests.
j. Document (on the Summary of Possible Adjustments as discussed in
540.04) the amount of any misstatements detected by substantive
analytical procedures and their estimated effects. The limit (the
amount of the difference between the recorded amount and the
expectation that does not require explanation) is not considered a
known or likely misstatement and is not posted to the Summary of
Possible Adjustments.
k. Conclude on the fair presentation of the recorded amount.
l. Include documentation of work performed, results, and conclusions in
the workpapers. Required documentation is discussed in section 490.
GUIDELINES FOR ESTABLISHING THE LIMIT:
.05:
As discussed above, the limit is the amount of the difference between
the expected and recorded amounts that can be accepted without further
investigation. GAO uses the following guidelines in establishing the
limit for each level of reliance on analytical procedures for
substantive assurance:
* Complete reliance: The limit is 20 percent or less of test
materiality.
* Partial reliance: The limit is 30 percent or less of test materiality.
* No reliance: Substantive analytical procedures are not needed.
Auditors using different limits should document the basis for the limit
used.
INVESTIGATING SIGNIFICANT DIFFERENCES:
Causes of significant differences:
.06:
Differences between the expectation and the recorded amount typically
relate to either factors not included in the model (such as specific
unusual transactions or changes in accounting policies), a lack of
preciseness of the model, or misstatements (either errors or fraud).
Amount of Difference to Be Explained:
.07:
When obtaining explanations, it is usually helpful to review with
entity personnel the model and assumptions used to develop the
expectation. Entity personnel will then be in a better position to
provide the auditor with a relevant explanation. If the amount of the
difference exceeds the limit, the auditor generally should try to
obtain an explanation for the entire difference between the recorded
amount and the expectation. The portion of the difference that exceeds
the limit must be explained (see figure 475.1). If the difference does
not exceed the limit, an explanation is not required. The auditor
should identify and corroborate all significant factors that may cause
the expectation to differ from the actual amount, regardless of whether
the factors increase or decrease the difference.
Figure 475.1: Amount of Difference Explained When:
Recorded Amount Exceeds Limit:
[See PDF for image]
[End of figure]
Corroboration of explanations:
.08:
The relevance and reliability of corroborating evidence may vary
significantly; therefore, the extent of corroboration of explanations
is left to the auditor's judgment. Corroboration may consist of
examining supporting documentation or corroborating explanations
received from accounting department personnel with personnel from the
appropriate operating department, who should be knowledgeable about the
entity's operations. The explanations for the fluctuations should be
quantified and should address the direction and magnitude of the event
causing the fluctuation. The auditor should corroborate all
explanations received. In determining whether sufficient corroborating
evidence has been obtained, the auditor should consider the guidelines
for complete and partial assurance discussed in paragraph 470.05. In
evaluating explanations the auditor should consider whether the
difference could be caused by error or fraud.
Example of an adequate explanation for a significant fluctuation:
.09:
Assume that the auditor determined test materiality to be $25 million.
Additionally, assume that the auditor has determined, after considering
any inherent and control risks, that a substantive analytical procedure
should be performed with a limit of $5 million. The auditor estimated
interest expense at $80 million by multiplying the average loan balance
of $1 billion by the average interest rate of 8 percent. Both of these
averages were computed through a simple average of beginning-of-year
and end-of-year amounts. The recorded amount of interest expense, $94.5
million, is higher than the estimated amount by $14.5 million and
exceeds the limit by $9.5 million.
.10:
An explanation from entity personnel that "we borrowed more money this
year and interest rates are higher than last year" would not be
adequate. This explanation needs to be quantified and corroborated.
.11:
An example of an adequate explanation follows:
Based on a review of correspondence from lenders, interest rates
increased during the year and then fell and were computed to average 9
percent based on a monthly average. Additionally, loan statements from
lenders indicate that $100 million was borrowed and repaid during the
year, and the additional borrowings were outstanding for 6 months.
Therefore, the average loan balance was actually $50 million higher and
the average interest rate was 1 percent higher than the figures used in
the auditor's original estimate.
Therefore, the interest expense in excess of the expectation can be
explained as follows (in thousands):
$1,000,000 X 1% = $10,000 + 50,000 X 9% = 4,500:
Total difference explained: $14,500:
Course of action in the event of inadequate explanations or
corroborating evidence:
.12:
If an explanation and/or corroborating evidence does not adequately
explain the fluctuation sufficient to provide either complete or
partial assurance, the auditor must perform additional substantive
procedures. These procedures may consist of:
* increasing the effectiveness of the substantive analytical procedures
by making the expectation more precise in order to obtain the amount of
desired assurance,
* performing tests of details and placing no reliance on the
substantive analytical procedures that were ineffective, or:
* treating the difference as a misstatement.
.13:
The auditor should consider the relative efficiency of each of these
options. Deciding whether to perform additional substantive procedures
is a matter of the auditor's judgment. The additional procedures must
provide the auditor with adequate assurance that aggregate
misstatements that exceed test materiality have been identified.
.14:
To increase the persuasiveness or effectiveness of an analytical
procedure, the auditor generally needs to make the expectation more
precise. The auditor can do so by:
* building a more sophisticated model by identifying more key factors
and relationships,
* disaggregating the data (such as using monthly instead of annual
data[Footnote 7]), or
* using more reliable data or obtaining greater confidence in the
data's reliability by corroborating the data to a greater extent.
Measuring the precision of the expectation and the impact of changing
each of these factors on the procedure's effectiveness is difficult and
is left to the auditor's judgment.
.15:
If detail tests are used to test the account balance because adequate
explanations cannot be obtained or corroborated, the auditor still must
obtain an overall understanding of the current-year financial
statements when applying the required overall analytical procedures at
the financial statement level. As discussed in section 520,
significantly less work is needed to obtain this overall understanding
of the financial statements than when using analytical procedures as a
substantive test.
.16:
Additionally, if analytical procedures originally performed as a
substantive test do not provide the required assurance, the auditor may
be able to use those procedures to supplement an understanding of the
account balances or transactions after obtaining substantive assurance
through detail tests.
.17:
When the auditor places no reliance on substantive analytical
procedures, all substantive assurance is provided by detail tests. In
this situation, less rigorous, supplemental analytical procedures may
be used to increase the auditor's understanding of the account balances
and transactions after performing the detail tests. When using
supplemental analytical procedures, the auditor uses judgment to
determine which fluctuations require explanations.
[End of section]
480 - SUBSTANTIVE DETAIL TESTS:
POPULATION TO BE TESTED:
.01:
In designing detail tests, the assertion tested affects the choice of
the population (an account balance or a portion of an account balance)
from which items are selected. For example, the existence assertion
deals with whether recorded assets or liabilities exist as of a given
date and whether recorded transactions have occurred during a given
period. To detail test the existence assertion, the auditor should test
the recorded account balance by (1) selecting items from those that
compose the account balance and (2) then testing those items to
evaluate whether such inclusion in the account balance is proper. For
example, to test an expense account for existence, the auditor might
select individual expense amounts included in the balance from a detail
general ledger and then examine invoices that support the expense
amount. It would be inappropriate to select invoices directly and then
trace invoice amounts to inclusion in the general ledger balance.
.02:
For the existence assertion, the test population should agree with or
be reconciled to the recorded amount of the account balance being
tested. The auditor should test reconciling items, if any, in an
appropriate manner. If this is not done, the conclusion applies only to
the test population (the available items), not the recorded population.
.03:
Conversely, the completeness assertion deals with whether all
transactions and accounts that should be presented in the financial
statements are so included. To detail test the completeness assertion,
the auditor should select from an independent population of items that
should be recorded in the account. The auditor should (1) select items
that should be recorded from a source that is likely to contain all the
items that should be recorded and (2) determine whether they are
included in the recorded balance. For example, to test completeness of
recorded revenue, the auditor might select shipments from a shipping
log (which is believed to be reasonably complete), trace them to
recorded revenue amounts, and then test the summarization of those
amounts to inclusion in the general ledger revenue balance. To test
completeness of recorded accounts payable, the auditor might select
from payments made subsequent to year-end plus invoices on hand but not
yet paid and trace those in which the receipt of goods or services
occurred before year-end to inclusion in year-end accounts payable
(those where the receipt occurred after year-end should be tested for
exclusion from accounts payable).
SELECTION METHODS FOR DETAIL TESTS:
.04:
Detail tests may be applied to any of the following:
* all items composing the population;
* a nonrepresentative selection (nonsampling selection) of items; and:
* a representative selection (sample) of items composing the population.
Flowchart 1 (section 495 E) illustrates the process of deciding the
selection method.
.05:
Detail testing of all items composing the population is generally most
appropriate for populations consisting of a small number of large
items. For example, several large accounts receivable or investments
might compose an entire balance.
.06:
Detail testing of a nonrepresentative selection (nonsampling selection)
is appropriate where the auditor knows enough about the population to
identify a relatively small number of items of interest, usually
because they are likely to be misstated or otherwise have a high risk.
(Nonrepresentative selections may also be used to test controls by
using inquiry, observation, and walkthrough procedures and to obtain
planning information, for example, by performing a walkthrough to
understand the items in the population.) While the dollar amount is
frequently the characteristic that indicates that an item is of
interest, other relevant characteristics might include an unusual
nature (such as an item identified on an exception report), an
association with certain entities (such as balances due from high-risk
financially troubled entities), or a relationship to a particular
period or event (such as transactions immediately before and after the
year-end date). The effects of any misstatements found should be
evaluated; however, unlike sampling, the results of procedures applied
to items selected under this method apply only to the selected items
and must not be projected to the portion of the population that was not
tested. Accordingly, the auditor must apply appropriate analytical and/
or other substantive procedures to the remaining items, unless those
items are immaterial in total or the auditor has already obtained
enough assurance that there is a low risk of material misstatement in
the population.
.07:
Detail testing of a representative selection (sample) of items
composing the population is necessary where the auditor cannot
efficiently obtain sufficient assurance (based on the assessed combined
risk and other substantive procedures including analytical procedures)
about the population from nonrepresentative selections. The auditor
selects sample items in such a way that the sample and its results are
expected to be representative of the population. Each item in the
population must have an opportunity to be selected, and the results of
the procedures performed are projected to the entire population. (In
random selection, each item has an equal chance of selection (see
glossary for further discussion of definition); in dollar-unit sampling
(DUS), each dollar has an equal chance of selection; in classical
variables estimation sampling, each item in a stratum has an equal
chance of selection.):
.08:
The auditor may use a nonrepresentative selection for part of the
population and a sample for the remainder of the population. For
example, the auditor might select all inventory items with a book
amount greater than $10,000,000, all items that have not had any
activity in the previous 6 months, and a statistical sample of the
balance of the population. The auditor would project the misstatements
in the statistical sample to the population of items less than
$10,000,000 with activity in the last 6 months. The auditor would also
compute a combined evaluation for the three selections by adding the
results of the 100 percent selections to the conclusion for the
statistical selections.
.09:
The auditor should document in the workpapers (usually in the audit
program) whether a selection is intended to be a representative
selection (a sample projectable to the population) or a
nonrepresentative selection (not projectable to the population); if it
is a nonrepresentative selection, the auditor also should document the
basis for concluding that enough work has been done to obtain
sufficient assurance that the items not tested are free from aggregate
material misstatement.
REPRESENTATIVE SELECTIONS (SAMPLING):
.10:
The following paragraphs provide an overview of sampling, primarily
with respect to the existence and valuation assertions. Similar
concepts and methods apply to the completeness assertion, except that
the population for selection differs. (See paragraphs 480.01-.03.):
.11:
AU 350.45 indicates that samples may be either statistical or
nonstatistical. In statistical sampling, the auditor uses probability
theory to determine sample size, select the sample, and evaluate the
results for the purpose of reaching a conclusion about the population.
Statistical sampling permits the auditor to objectively determine
sample size (based on subjective decisions about risk and materiality),
objectively select the sample items, and objectively evaluate the
results; thus, the auditor using statistical sampling determines
objectively whether enough work has been performed. Because of these
advantages, when a sample is necessary, the auditor should use
statistical sampling. Software such as Interactive Data Extraction and
Analysis (IDEA)[Footnote 8] allows the auditor to quickly perform the
calculations necessary for statistical sampling.
.12:
In nonstatistical sampling, the auditor considers statistical concepts,
but does not explicitly use them to determine sample size, select the
sample,[Footnote 9] or evaluate the results. Because the auditor using
statistical sampling objectively considers the same factors that the
auditor using nonstatistical sampling should subjectively consider, the
size of a nonstatistical sample should not be less than the size of a
properly calculated statistical sample.
.13:
The auditor who uses nonstatistical sampling generally should first
calculate a statistical sample size (generally using dollar-unit
sampling), then add at least 25 percent. The 25 percent is protection
because the nonstatistical sample is not as objective as the
statistical sample. The auditor who wishes to use nonstatistical
sampling for a particular test should obtain the approval of the
Reviewer, in consultation with the Statistician, before performing the
test. Approval is not needed to use nonrepresentative selections
(nonsampling) since they do not involve projections.
.14:
In sampling, the sample must be selected from all the items that
compose the population so that each item has an opportunity for
selection (in statistical sampling, the auditor can determine the
probability of selection). For example, the auditor might select sample
items from a list of all accounts receivable balances that is
reconciled to the related account balance. Selecting sample items from
file drawers is not a valid selection method for any type of sampling
unless the auditor has determined that all items composing the
population are included in the drawers.
.15:
For statistical samples, sample items should be selected using random
or dollar-unit selection methods. Computer software may be used. Manual
selection should be based on random number tables, a computer-based
random number generator, or through use of systematic selection (every
nth item with a random start between 1 and n). For example, the auditor
might begin with a random start and then choose every nth item, where n
is the sampling interval. The sampling interval would be determined by
dividing the number of items in the population by the desired number of
selections.
.16:
The sample size is a function of the size of the population, the
desired confidence level (based on the amount of substantive assurance
the auditor requires from detail tests, as shown on the audit matrix in
section 495 D), test materiality (based on design materiality, expected
misstatements, and other factors discussed in paragraph 230.13), and
the sample selection method.
.17:
Once the auditor decides that a sample is necessary, the choice of the
sample selection method to be used is a matter of the auditor's
judgment concerning the most efficient method to achieve the audit
objectives. The following methods of sample selection are available for
substantive testing:
* dollar-unit sampling (DUS)--see paragraph 480.21,
* classical variables estimation sampling--see paragraph 480.32, and:
* classical probability proportional to size (PPS) sampling (evaluating a
PPS sample using a classical variables sampling approach)--see
paragraph 480.34.
Attributes sampling may be used for tests of controls and for tests of
compliance with laws and regulations. To use any sampling method for
substantive testing that is not listed in this paragraph, the auditor
should consult with the Statistician. (Stratification and/or use of
ratio estimates and regression estimates often lead to smaller sample
sizes. Multistage samples may reduce time and travel costs.):
.18:
Each of these methods yields a valid projected (likely) misstatement,
and a valid upper limit at the desired confidence level. In addition,
classical PPS and classical variables sampling yield a valid two-sided
confidence interval (DUS yields a valid upper limit). The auditor
chooses the method based on the test objectives and efficiency.
.19:
When deciding the sampling method, the auditor should consider whether
the dollar amounts of the individual items composing the population are
available (such as on a detail listing or a computer file), the
expected amount of misstatements, and the relative cost and efficiency
of each appropriate sampling method. Flowchart 2 (section 495 E)
summarizes the process of choosing the sampling method once the auditor
has decided a sample is necessary. The subsequent pages of the
flowchart indicate the steps that the auditor generally should perform
for each sampling method. Example workpapers to document attribute,
dollar-unit, and classical variables sampling are in section 495 E.
.20:
If the dollar amounts of the individual items composing the population
are known, the auditor should use DUS, classical PPS, or classical
variables estimation sampling. If dollar amounts of these individual
items are not known, see paragraph 480.36.
SAMPLE SELECTION:
Dollar-unit sampling (DUS):
.21:
Dollar-unit sampling (DUS)[Footnote 10] is a type of statistical
sampling that the auditor generally should use when:
a. the dollar amounts of individual items in the population are known,
b. the primary objective is to test the overstatement of the population
(see below for testing a population related to the line item),
c. the auditor expects that the total dollar amount of misstatement in
the population is not large,[Footnote 11] and:
d. the amount of misstatement in an individual item cannot exceed the
selected amount.[Footnote 12]
DUS is also known as probability proportional to size (PPS) and
monetary unit sampling (MUS). DUS works best in populations where the
total misstatement is not large and where the objective is to test for
overstatement of a population. When the objective is understatement of
a line item, the auditor often is able to define a related population
to test for overstatement. For example, to test for understatement of
accounts payable, the auditor would select a DUS of subsequent
disbursements. See also paragraph 480.36.
.22:
In a manually applied DUS, a sampling interval (n) is used to select
every nth dollar from the dollars in the individual items that compose
the population. These items might be recorded amounts for individual
receivable balances, inventory items, invoices, or payroll expenses.
The item that contains the nth dollar is selected for testing. DUS is
representative of all dollars in the population; however, larger items
have a higher probability of selection (for example, a $2,000 item has
an approximately twenty times greater probability of selection than a
$100 item).
.23:
When the total misstatement in the population is not large, DUS will
yield the smallest sample size for a given population, test
materiality, and desired confidence level when all statistical sampling
methods are considered. When the auditor expects that the population
contains a large amount of misstatement, he or she should use classical
variables sampling (see footnote 3 and paragraph 480.33).
.24:
In DUS, the auditor may compute the sample size manually (paragraphs
480.24-.26) or by using computer software (paragraph 480.27). To
calculate a dollar-unit sample size manually, the auditor uses the
dollar amount of the population, test materiality (see section 230),
and required confidence level. The auditor calculating sample size
manually may use the statistical risk factor from figure 480.1 to
determine sample sizes for the appropriate confidence level, as
discussed below.
Figure 480.1: Statistical Risk Factors:
Confidence Level: 50%; Statistical; Risk Factor[A]: 0.7.
Confidence Level: 63%; Statistical; Risk Factor[A]: 1.0.
Confidence Level: 77%; Statistical; Risk Factor[A]: 1.5.
Confidence Level: 86%; Statistical; Risk Factor[A]: 2.0.
Confidence Level: 92%; Statistical; Risk Factor[A]: 2.5.
Confidence Level: 95%; Statistical; Risk Factor[A]: 3.0.
[A] These are based on the Poisson distribution, which approximates the
binomial distribution. Therefore, the sample size computed using this
table may differ slightly from the sample size computed using IDEA.
[End of table]
Section 495 D contains the audit matrix with the appropriate risk
factor for each level of combined risk and reliance on substantive
analytical procedures. See paragraph 480.27 for guidance on using IDEA
to compute sample size.
.25:
The statistical risk factors are used in the following formulas to
determine the sampling interval and sample size for DUS:
1. sampling interval = test materiality ÷ statistical risk factor:
2. sample size = recorded amount ÷ sampling interval:
Sample sizes should be stated in whole numbers. Uneven amounts should
be rounded up to the next whole number. For example, a sample size of
40.2 items should be rounded up to 41 items.
.26:
For example, to test a recorded amount of $30 million with a test
materiality of $900,000 and a 95 percent confidence level, the
statistical risk factor would be 3.0. The sampling interval would be
$300,000 (test materiality of $900,000 divided by the statistical risk
factor of 3.0). Essentially, from a random start, every 300,000th
dollar is selected. Therefore, the preliminary estimate of sample size
of 100 items is calculated by dividing the recorded amount of $30
million by the sampling interval of $300,000. Because the amount of
certain items might equal or exceed the sampling interval, a selection
might include more than 1 sample item (for example, a $600,000
selection would include 2 of the 100 estimated sample items: $600,000/
$300,000 = 2), thereby making the actual number of items tested fewer
than 100.
.27:
When the auditor uses the IDEA software to calculate sample size, the
inputs are materiality, expected total dollar amount of misstatements
in the population, confidence level, and the dollar amount of the
population. Whether the auditor should input design materiality or test
materiality depends on why the auditor reduced design materiality to
get test materiality (see paragraph 230.13). If the auditor reduced
design materiality to test materiality because not all entity locations
are being tested or because the area is sensitive to financial
statement users, the auditor should input test materiality. If the
auditor reduced design materiality to test materiality solely because
misstatements were expected, the auditor should input design
materiality rather than test materiality. The reason for this is that
the auditor inputs the expected dollar amount of misstatements in the
population, and the software considers it in adjusting materiality (if
the auditor inputs test materiality, the adjustment will have been made
twice).
.28:
It is difficult to select additional items for a dollar-unit sample
after the original sample is selected. If the auditor believes that
extension of the sample might be necessary, the auditor generally
should plan for that possibility and consult with the Statistician. For
example, the auditor might use a 95 percent confidence level
(statistical risk factor of 3.0) to select the sample but test only the
number of items necessary to achieve the planned confidence level. The
items tested should be spread evenly throughout all of the items
selected. For example, in a manual selection, if a statistical risk
factor of 1.5 is appropriate based on the planned confidence level, the
auditor would make selections using a statistical risk factor of 3.0
(twice as many selections as the factor of 1.5) and initially test
every other selection (beginning with a random start).
.29:
If the preliminary assessment of combined risk or reliance on
substantive analytical procedures is not supported by the results of
testing, the substantive assurance needed from detail tests increases,
and the auditor would then test the additional items selected in the
initial sample.
.30:
If additional sample items are not selected during the initial sample
and it is necessary to select additional items, the auditor should
consult with the Statistician to determine how to select the additional
sample items. Selection of these additional items may be more complex
and less efficient than if they were chosen during the initial sample.
.31:
Section 495 F describes how to manually select items using DUS.
Computer software, such as IDEA, generally should be used to select a
dollar-unit sample.[Footnote 13] The choice of selection method used
should be based on efficiency considerations.
Classical variables estimation sampling:
.32:
Classical variables estimation sampling is a type of statistical
sampling that the auditor should consider when the auditor expects that
one or more of the following exist in the population: the dollar amount
of misstatement in the population is large (see footnote 3); individual
misstatements may exceed the selected amount of sampling units;
significant understatements cannot be identified using other tests;
there are no book amounts for each sampling unit; or the auditor cannot
add the dollar amounts in the population (see flowchart 2 in section
495 E).
.33:
Classical variables estimation sampling is useful because it frequently
results in smaller sample sizes in higher misstatement situations than
those that would be obtained using DUS. Because applying this method is
somewhat complex, the auditor should consult with the Statistician
before using it. Classical variables sampling and classical PPS require
knowledge of the population to determine sample size. In many audits,
the auditor learns about the population over several audits and
improves the plan each time.
Classical PPS Sampling:
.34:
Classical PPS Sampling is a type of statistical sampling that the
auditor should use when he or she is testing for overstatement of the
defined population and finds a large misstatement rate. The sample is
selected the same way as a dollar-unit sample (proportional to size).
Since there is no exact way to determine sample size, the auditor uses
DUS to calculate sample size. However, since classical PPS sampling is
used when there are large misstatement rates, the auditor uses a
conservative (high) estimate of the expected misstatement to avoid
needing subsequently to expand the sample size to obtain a sufficient
sample size.
.35:
Since classical PPS yields a valid measure of likely misstatement and
precision, it may be used whenever the only reason for using classical
variables sampling otherwise is the expected large misstatement rate.
Sampling when dollar amounts are not known:
.36:
DUS cannot be used if the dollar amounts of individual items in the
population are not known. Classical variables estimation sampling might
be used, but this has some difficulties: there is no way to accurately
calculate the sample size without the individual dollar amounts, and
the method is inefficient unless the auditor finds a large misstatement
rate. Lack of individual dollar amounts usually occurs when testing the
completeness assertion where the selection is made from a population
independent of the population being tested (see paragraphs 480.01-.03).
In one approach, the auditor might select a random or systematic sample
of the individual items. For example, items might be randomly selected
from a shipping log to test the completeness assertion for revenue.
.37:
For this type of test, the sample size may be approximated from the
total dollar amount of either the population that the auditor is
sampling from (the total dollars of the shipping log if the total
dollar amount is available) or the dollar amount of the population that
the auditor is testing (the total recorded revenue). Because this
method is less efficient than DUS, the preliminary estimate of sample
size for this sample should exceed the sample size that would result
from using DUS. GAO auditors should use at least a 25 percent increase
in sample size.[Footnote 14]
.38:
The auditor should consult with the Statistician in performing the
evaluation. If the misstatement rate is large, they should consider
using classical variables estimation sampling. While attribute sampling
may be used to estimate the misstatement rate in the population, this
will yield acceptable results only if just one or two misstatements are
found. The auditor generally should use the upper limit of the
misstatement rate to make a conservative estimate of the dollar amount
of misstatement in the population. If the upper limit is less than
materiality, the auditor has evidence that the population is free of
material misstatement.
EVALUATION OF SAMPLE RESULTS:
.39:
Evaluation involves several steps:
a. Projecting the results of the sample to the population (for
nonstatistical samples, making a judgment about likely misstatement in
the population).
b. Calculating either the upper limit of misstatement in the
population or an interval estimate of misstatement or of the
population audited value at the desired confidence level (for
nonstatistical samples, considering the risk of further misstatement).
c. Considering the qualitative aspects of misstatements.
d. Reaching a conclusion as to whether the population is fairly stated.
e. Considering the effect of misstatements on the financial statements
taken as a whole.
Steps a. and b. are usually done with software such as IDEA in
consultation with the Statistician.
.40:
The effects of any misstatements detected in a sample should be
projected to the population. In doing so, the auditor should ask the
auditee to determine the cause of any misstatement found. The auditor
should project all misstatements unless he or she has obtained highly
persuasive evidence that the misstatement is not representative of the
entire population. If the evidence is highly persuasive that a
misstatement is not representative of the population, the auditor
should (1) perform procedures to test that the same type of
misstatement does not exist elsewhere in the population, (2) evaluate
the misstatement that is not representative, (3) evaluate the sample,
excluding the misstatement that is not representative, and (4) obtain
the approval of the Audit Director that the evidence is highly
persuasive. The projected misstatement amount should be included in the
Summary of Possible Adjustments as a likely misstatement, the
evaluation of which is discussed in section 540.
.41:
At the conclusion of the test, the auditor also should consider whether
the assessment of combined risk remains appropriate, particularly in
light of any misstatements identified. If the preliminary combined risk
assessment was not appropriate, the auditor should consult with the
Reviewer to determine whether the extent of substantive procedures is
adequate.
.42:
When understated amounts are detected in any sample designed primarily
to test the existence assertion (i.e., designed to test primarily for
overstatement), the auditor should consult with the Statistician in
evaluating the sample results.
Calculating the projected misstatement for DUS:
.43:
If the auditor does not use software to evaluate sample results, he or
she may calculate projected misstatement as follows. For a misstatement
detected in which the item equals or exceeds the amount of the sampling
interval (each of which is selected for testing), the projected
misstatement is the amount of the misstatement detected. For any other
misstatement detected, the projected misstatement is computed as
follows: (1) divide the amount of misstatement by the recorded amount
of the sample item and (2) multiply the result by the amount of the
sampling interval. The sum of all projected misstatements represents
the aggregate projected misstatement for the sample. For example,
assume the following two misstatements are detected in a sample for
which the sampling interval is $300,000: (1) a $50,000 misstatement
detected in a $500,000 item (which exceeds the amount of the sampling
interval) results in a projected misstatement of $50,000, and (2) a
$100 misstatement in a $1,000 sample item represents a 10 percent
misstatement, which results in a projected misstatement of $30,000 (10
percent of the $300,000 sampling interval). In this case, the aggregate
projected misstatement is $80,000.
Converting a DUS to a Classical PPS sample:
.44:
If a dollar-unit sample results in a large number of misstatements, it
is likely that the evaluation calculated using the method illustrated
above would indicate that the upper limit of misstatement in the
population exceeds materiality (IDEA indicates the number of
misstatements that would yield acceptable results). However, if there
are a large number of misstatements,[Footnote 15] the auditor, in
consultation with the Statistician, should evaluate the sample using
classical PPS. This evaluation is complex and cannot be done directly
using IDEA.
Evaluating the results of a classical variables estimation sample:
.45:
The auditor should consult with the Statistician in evaluating the
results of a classical variables estimation sample.
Evaluating the results of other samples:
.46:
When misstatements are detected in a sample for which guidance on
evaluation is not described above, the auditor should consult with the
Statistician.
EFFECTS OF MISSTATEMENTS ON THE FINANCIAL STATEMENTS:
.47:
The quantitative and qualitative effects of all misstatements detected
in the audit --both known and likely --must be evaluated in relation to
the financial statements as a whole. Section 540 provides guidance on
this evaluation.
[End of section]
490 - DOCUMENTATION:
.01:
The auditor should document the nature, timing, and extent of tests
performed during this phase of the audit, as well as the conclusions
reached. The auditor should specifically identify the procedures used
to obtain substantive assurance for an account balance. This
identification is particularly important if detail tests are relied on
for complete substantive assurance and supplemental analytical
procedures are performed to increase the auditor's understanding of the
account balances and transactions.
.02:
For example, assume an entity incurs and accounts for operating
expenses at 50 locations. After considering the guidance in section 295
C regarding multiple-location audits, the auditor decides to obtain all
the required substantive assurance from detail tests. The auditor
subjects all operating expenses to a statistical sample and visits only
the locations for which selections were made. Assume that the auditor
decides to obtain additional knowledge of the current-year operations,
particularly for locations not visited, through supplemental analytical
procedures at all locations. These procedures consist of comparing
current-year operating expenses with prior-year audited information by
location and between locations.
.03:
In the above situation, the auditor is obtaining the entire required
amount of substantive assurance from detail tests. The comparison of
the current-and prior-year amounts is considered a supplemental
analytical procedure and does not provide substantive audit assurance
that the auditor may use to reduce the detail tests. During this
supplemental analytical procedure, the auditor may detect misstatements
that were not detected during the detail tests. The auditor must
consider the implications of these misstatements to determine if the
original assessment of combined risk was appropriate and if the amount
of substantive testing performed (the detail tests) was adequate. Even
though misstatements may be detected during supplemental analytical
procedures, these procedures cannot be relied on for substantive
assurance.
.04:
In the audit program, the auditor generally should explain the
objectives of audit procedures. Also, written guidance either within or
accompanying the audit program to explain possible exceptions, their
nature, and why they might be important, may help auditors focus on key
matters, more readily determine which exceptions are important, and
identify significant exceptions.
.05:
The auditor also should document, usually in the audit program, whether
a selection is intended to be a representative selection (a sample
projectable to the population) or a nonrepresentative selection (not
projectable to the population). If it is a nonrepresentative selection,
the auditor also should document the basis for concluding that enough
work has been done to obtain sufficient assurance that the items not
tested are free from aggregate material misstatement.
.06:
As the audit work is performed, the auditors may become aware of
possible reportable conditions or other matters that should be
communicated to the auditee. The auditor generally should document and
communicate these as described in paragraph 290.02.
.07:
Documentation of this phase should specifically include (see section
495 E for example workpapers):
For tests involving sampling:
** the sampling method used and any key factors regarding selection;
** the sample size and the method of determining it;
** the audit procedures performed; and:
** the results of tests, including evaluations of sample results, and
conclusions.
For substantive analytical procedures:
** the model used to develop the expectation and the basis for the
model;
** the data used and the data sources;
** the auditor's assessment of the reliability of the data used and
procedures performed to establish or increase the amount of
reliability, if applicable;
** the amount of the limit and the criteria for establishing the limit;
** explanations for fluctuations considered significant, sources of
these explanations, and corroborating evidence obtained;
** the additional procedures performed and related conclusions if
misstatements are detected or if the initial procedures are not
considered adequate; and:
** conclusions regarding findings, including proper treatment of any
misstatements detected and assessment of any other effects of these
misstatements.
Interim testing procedures (see section 495 C for documentation
guidance).
Any misstatements detected (which also should be referenced to their
posting on the Summary of Possible Adjustments (see section 540) where
they will be considered further).
[End of section]
495 A - DETERMINING WHETHER SUBSTANTIVE ANALYTICAL PROCEDURES WILL BE
EFFICIENT AND EFFECTIVE:
.01:
The following factors should be considered when determining whether
analytical procedures will be effective and efficient as a substantive
test:
* nature of the account balance, the specific audit objective
(including the assertions being tested), and any identified inherent
or control risks;
* expected availability and reliability of explanations for fluctuations
and related corroborating evidence;
* plausibility and predictability of the relationship;
* availability and reliability of data; and:
* preciseness of the expectation.
NATURE OF THE ACCOUNT BALANCE, THE SPECIFIC AUDIT OBJECTIVE, AND ANY
IDENTIFIED INHERENT OR CONTROL RISKS:
.02:
Analytical procedures are usually more effective for testing net cost
statement amounts than balance sheet amounts. Balance sheet amounts are
more difficult to predict because they are as of a specific point in
time. Additionally, net cost statement amounts generally have
relationships with various types of other data, such as cost of sales
as a percentage of sales, interest expense as a function of the debt
balance and interest rates, or sales revenue as a function of the
number of units shipped and the average sales price. Analytical
procedures are usually less effective for testing amounts that are
subject to management discretion or are unpredictable, such as repairs
or miscellaneous expenses.
.03:
The auditor should consider the specific audit objective, including the
assertions being tested, and any identified inherent and control risks
to determine whether substantive analytical procedures will be
effective and efficient in achieving the audit objective and level of
assurance. The procedures need to be more effective if fraud, inherent,
and control risks have been identified. The auditor can obtain three
levels of substantive assurance from analytical procedures--complete,
partial, or none. The effectiveness and the amount of assurance
provided by an individual procedure are matters of the auditor's
judgment and are difficult to measure.
.04:
As discussed, the auditor may choose to rely completely on analytical
procedures when the level of combined risk has been assessed as high.
In these cases, the analytical procedures should be extremely effective
and persuasive to serve as the sole source of audit evidence for
achieving the audit objective. This level of effectiveness is very
difficult to achieve when combined risk is assessed as high; therefore,
complete reliance on analytical procedures for substantive assurance in
these situations is rare, particularly for balance sheet accounts.
EXPECTED AVAILABILITY AND RELIABILITY OF EXPLANATIONS FOR FLUCTUATIONS
AND RELATED CORROBORATING EVIDENCE:
.05:
Explanations for fluctuations and related, reliable corroborating
evidence may not always be readily available. This audit evidence is
essential to using analytical procedures as a substantive test. The
relative ease of obtaining explanations for significant differences and
relevant, reliable corroborating evidence should be considered when
determining whether analytical procedures will be the most efficient
and effective substantive test.
PLAUSIBILITY AND PREDICTABILITY OF THE RELATIONSHIP:
.06:
Relationships between the amount being tested (the recorded amount) and
other data are an essential component of substantive analytical
procedures. The relationships identified and used for these procedures
should be good indicators of the account balance of the item being
tested. To be considered a good indicator of the recorded balance, the
relationship between the recorded amount and the other data should be
plausible and predictable.
Plausibility:
.07:
If one set of data provides a reasonable basis for predicting another
set of data, the relationship between the two sets of data is
considered to be plausible. As the plausibility of the relationship
increases, so does the effectiveness of analytical procedures as a
substantive test.
.08:
For example, there is a plausible relationship between payroll expense,
the average number of employees, and the average pay rate. This
relationship generally is effective for estimating payroll expense for
salaried employees. Alternatively, there is not usually a plausible
relationship between revenue and interest expense; therefore, this
relationship would not be used for testing.
Predictability:
.09:
The more predictable the relationship is, the more effective the
substantive analytical procedure will be. Relationships are more
predictable in a stable environment. As relationships become more
complex as a result of increases in the number and type of contributing
factors, related amounts become more difficult to effectively and
efficiently predict.
.10:
For example, payroll expense generally is very predictable if there is
little employee turnover during the period, if all employees receive
the same percentage raise at the same time, and if all employees are
salaried. Payroll expense becomes more difficult to predict if any of
these factors changes (e.g., high turnover resulting in a different mix
of employee pay, a wide range of raises awarded at different times, or
a mix of hourly and salaried employees). Therefore, to effectively
estimate payroll expense, the auditor may need to use a more complex
relationship that considers these factors.
.11:
The relationships identified may be between the recorded amount and
either prior-year or current-year data, using financial or nonfinancial
data, including underlying business factors. For example, the auditor
may estimate current-year (1) interest expense using current-year
audited, long-term debt amounts and interest rate information or (2)
sales revenue based on the auditor's estimate of the expected gross
margin percentage applied to the audited cost of sales amounts. When
using current-year relationships, the data used to estimate the
recorded amount must be audited by a method other than a substantive
analytical procedure that uses a relationship with the recorded amount.
.12:
The auditor should exercise caution when using prior-year amounts as
the basis for the expectation of the current-year recorded amount. The
workpapers must document why, in the auditor's judgment, the prior-year
amount, and any adjustments to that amount, have a plausible and
predictable relationship with the current-year recorded amount. Any
adjustments to the prior amount, such as for the effects of inflation,
must be supported by reliable data and must be corroborated.
Additionally, the prior-year amount must meet the criteria discussed
below for reliable data. The easiest way to meet these criteria is if
the prior-year amount is audited.
.13:
As an example of prior-year relationship, assume that the payroll
raises for the year were authorized at 5 percent and that the number
and salary mix of employees have remained relatively stable. In this
example, the auditor might reasonably expect current-year payroll
expense to be 5 percent higher than the prior-year's payroll expense.
However, the auditor would need to test the reliability of the
percentage pay increase and the assumptions regarding the number and
mix of employees.
AVAILABILITY AND RELIABILITY OF DATA:
Availability of Data:
.14:
Data needed to perform analytical procedures as a substantive test may
not always be readily available. The relative ease of obtaining
relevant, reliable data should be considered when determining whether
analytical procedures will be the most efficient and effective
substantive test.
Reliability of Data:
.15:
The reliability of the data used is important in determining the
effectiveness of the substantive analytical procedures. The more
reliable the data are, the more effective these procedures will be as a
substantive test. In assessing the reliability of data, which is a
matter of auditor judgment, the auditor should consider the following:
* the source of the data, including whether the data are audited or
unaudited;
* conditions under which the data were gathered, including related
internal controls; and:
* other knowledge the auditor may have about the data.
Sources of Data:
.16:
Data obtained from an independent source outside the entity are
generally more reliable than data obtained from inside the entity;
however, the auditor should determine if the outside information is
comparable to the item being tested. This issue of comparability is
particularly important if the auditor is using industry statistics.
.17:
Data obtained from entity sources are considered more reliable if the
sources are independent of the accounting function and if the data are
not subject to manipulation by personnel in the accounting function. If
multiple data sources are used, the reliability of all sources should
be considered.
Audited versus unaudited data:
.18:
The auditor should consider whether the data are audited or unaudited
because audited data are considered more reliable than unaudited data.
If data are audited by the entity's IG office, they may be as reliable
as data audited by independent auditors if the IG's work is considered
adequate. (See FAM section 650.):
.19:
Unaudited data are not considered reliable unless procedures are
followed to establish their reliability. These procedures could consist
of either tests of controls over data production or tests of the data.
The extent of such procedures is left to the auditor's judgment. For
example, interest rates from an entity's loan register may be used to
estimate interest income. The reliability of this information may be
established by including the interest rate on loan confirmations that
are sent to the borrowers or by reviewing original loan documents.
Conditions under which the data were gathered:
.20:
Another consideration of internal data is whether the data were
developed under a reliable system with adequate financial reporting or
operations controls. In some instances, testing operations controls may
be appropriate to assess the reliability of the data used for
substantive analytical procedures. The extent of this testing is a
matter of the auditor's judgment.
.21:
If the system used to develop internal data is computerized rather than
manual, the auditor must perform additional procedures before relying
on the data. The auditor must test either (1) the general controls and
the specific application controls over the IS system that generated the
report or (2) the data in the report.
.22:
An auditor might choose to test operations controls when using entity-
prepared statistics for a substantive analytical procedure. For
example, the auditor might choose to use Air Force statistics to test
the reasonableness of its Airlift Services aircraft operating costs.
The auditor might compare the per hour fuel and maintenance costs for
Airlift Services cargo and passenger aircraft with the "block hour"
costs incurred by major airlines for similar aircraft as published by
Aviation Week and Space Technology. The auditor should first determine
if the industry statistics are comparable, e.g., if the statistics are
for the same or similar types of aircraft and if the types of items
included in maintenance costs are similar. If appropriate, the auditor
should identify and test the internal controls over the production of
these operating statistics.
PRECISENESS OF THE EXPECTATION:
.23:
The expectation, the auditor's estimate of the account balance, should
be precise enough to provide the desired level of substantive
assurance. When determining how precise the expectation should be, the
auditor should determine the proper balance between effectiveness and
efficiency. Any work to make the expectation more precise than the
desired level of assurance is unnecessary and inefficient.
.24:
To maximize efficiency, the auditor should conduct procedures at the
minimum level of effort that can reasonably be expected to provide the
assurance needed. If the audit objective cannot be achieved with the
original expectation, the auditor may be able to perform additional
procedures to make the expectation more precise. The preciseness of the
expectation and changes in this preciseness are difficult to measure in
quantifiable terms, unless the auditor uses regression analysis for the
analytical procedures. If the auditor uses regression analysis, he or
she should consult with the Statistician.
.25:
Factors that influence the expectation's preciseness follow:
* The identification and use of key factors when building the model
based on the relationships identified by the auditor: The expectation
generally becomes more precise as additional key factors are
identified.
* The reliability of the data used to develop the expectation: The
expectation becomes more precise as the reliability of the data
increases.
* The degree of disaggregation of the data: The expectation becomes
more precise as the disaggregation of the data increases.
[End of section]
495 B - EXAMPLE PROCEDURES FOR TESTS OF BUDGET INFORMATION:
.01:
This section includes example procedures auditors may perform in
testing budget information for the statements of budgetary resources
and financing.
.02:
In addition, if budget controls are ineffective and quantitative
provisions of budget-related laws and regulations are considered
significant, the auditor should perform audit procedures sufficient to
detect the types of budget information misstatements listed in
paragraph 460.04. Following is an example of procedures for testing
obligation and expended authority transactions for these misstatements.
(Test materiality for determination of sample sizes is discussed in
paragraph 460.03.):
* Validity, cutoff, recording, and classification: Select obligations
recorded as of the end of the audit period and expended authority
transaction recorded during the audit period. Determine if each
selected item is a valid obligation or expended authority transaction
based on the criteria set forth in section 395 F and if each is
recorded in the appropriate period. If the obligation or expended
authority transaction is not recorded or is recorded in the incorrect
period, determine the effects of this misstatement on budget amounts
and consider whether the auditor's evaluation of budget controls is
affected.
Also determine if each selected item is:
** recorded at the proper amount and:
** classified in the proper appropriation or fund account (also by
program and by object, if applicable), including the proper
appropriation year.
* Completeness and cutoff: First, select obligations and expended
authority transactions recorded during the period following the balance
sheet date. Second, examine open purchase orders, unpaid invoices, and
contracts as of the report date. Third, select items representing
payments by Treasury or cash disbursements by the entity during the
audit period. (Substantive detail test selections of expenses and
additions to inventory, property, and prepaid accounts may be used for
this purpose if the populations from which they are selected are
complete.) For each selection, determine whether the obligation or
expended authority transaction is recorded in the proper period. If it
is not recorded or is recorded in the incorrect period, determine the
effects of this misstatement on budget amounts and consider any impact
on the evaluation of budget controls.
If the selected obligation or expended authority transaction relates to
the audit period and is recorded in that period, determine if it is:
** recorded at the proper amount and:
** classified in the proper appropriation or fund account (also by
program and by object, if applicable), including the proper
appropriation year.
* Summarization: Test the footing of the detail of the obligation
account balance recorded as of the end of the audit period and expended
authority accounts recorded during the audit period. Then reconcile the
total of these details to the recorded totals for obligation and
expended authority accounts as of the end of the audit period. (Audit
software is often an effective tool for footing the transactions
recorded in the accounts and for simultaneously selecting items for
this test.):
.03:
The audit procedures discussed above for testing expended authority
transactions should be coordinated with the audit of the other
financial statement amounts. For example, if appropriate, the tests of
accounts payable for completeness may be coordinated with the selection
of subsequent obligations and expended authority transactions described
above.
.04:
Following is an example of procedures for testing outlay transactions.
These audit procedures also should be coordinated with the audit of the
other financial statement amounts, chiefly cash disbursements.
* Validity and classification: Select outlays recorded during the audit
period. Determine if an invoice and receiving report supports each
selected outlay and determine the obligation that was liquidated by the
outlay. Examine the support for the obligation and determine if the
invoice billed for goods or services is related to (or properly
"matches") the obligation (and, in turn, the appropriation). Obtain the
accounting data of the matched obligation to include appropriation and
year. Match these data to the type of services paid for of the selected
outlay. Determine if the related appropriation authorizes payment for
the services billed and paid.
.05:
The auditor also generally should audit upward and downward adjustments
of prior year obligations. If any of these adjustments relate to closed
accounts, the auditor generally should determine whether the
adjustments are in compliance with the requirements of the National
Defense Authorization Act for fiscal year 1991, section 1405(a),
Closing Appropriation Accounts, 31 U.S.C. 1551-1558.
[End of section]
495 C - MISSTATEMENTS IN INTERIM TESTING:
MISSTATEMENTS IN INTERIM BALANCES:
.01:
The auditor should use judgment to determine whether any misstatements
detected in interim tests (see section 295 D for a discussion of
factors to consider in deciding whether to use interim substantive
testing of balance sheet accounts) warrant a revision of (1) the
auditor's combined risk assessment and (2) the nature, timing, and
extent of planned audit procedures. In determining the effects of such
misstatements, the auditor should consider all relevant factors,
including:
* the nature and cause of the misstatement,
* the estimated effects on the overall line item/account balance,
* whether the entity has subsequently corrected the misstatement, and
* the impact of the misstatement on other parts of the audit.
.02:
Any financial statement misstatements detected should be discussed with
entity management. Based on the nature and cause of the misstatements
detected, the auditor should determine, and obtain supporting evidence
on, whether the misstatements are isolated or are likely to occur in
the remainder of the line item/account balance at the interim testing
date and at the year's end. (See paragraph 480.40 for a discussion of
the need to project all misstatements unless evidence is highly
persuasive that a misstatement is isolated and the Audit Director
approves.) The auditor should encourage management to correct any such
misstatements in the population. Based on the following guidance, the
auditor should use judgment to determine the extent, if any, that
interim testing can be relied on, in conjunction with substantive tests
of the rollforward period, to provide evidence on the year-end line
item/account balance:
* If the misstatements are not material when projected to the entire
population and are expected to be representative of the misstatements
of the year-end balance, the auditor may rely on the results of the
interim testing.
* If the auditor has obtained highly persuasive evidence that the
misstatements are isolated (generally by nature, cause, or extent), the
auditor may be able to rely on unaffected parts of the interim testing
and apply procedures at the year's end to test only those financial
statement assertions associated with the misstatements. For example, in
interim testing of inventory, the auditor might determine that the
misstatements concern only the costing of inventory; accordingly,
reliance could be placed on other parts of the interim testing, such as
those for the accuracy of the physical count, and only cost testing and
related procedures would be required at the year's end.
* If the misstatements are material or pervasive, it might be necessary
to place no reliance on the interim testing and to perform extensive
substantive testing of the line item/account balance as of the balance
sheet date.
.03:
For any misstatements found during interim testing, the auditor should
use judgment to evaluate, in a manner appropriate for the
circumstances, the effects on the year-end balance.
TESTING THE ROLLFORWARD PERIOD:
.04:
Because the auditor reports on the financial statements as of the
year's end, not the interim test date, additional procedures must be
performed to extend the interim conclusions to the year's end. The
auditor should perform substantive tests of the rollforward period
activity or the year-end balance. For example, after interim testing of
the accounts receivable balance, the auditor might examine supporting
documents for selected debits and credits to the balance during the
rollforward period and/or might apply analytical procedures to compare
the amount of rollforward activity, on a month-by-month basis, with
that of preceding months or similar periods of preceding years.
.05:
The auditor should determine the extent of the required substantive
procedures based on the assessment of combined risk and test
materiality, in substantially the same manner as for other substantive
tests. In some instances, the auditor may determine that specific
combined risk warrants additional substantive procedures at the year's
end (such as cutoff tests). If control risk is moderate or low, the
auditor should determine whether the internal controls as of the
interim testing date were in place and were functioning effectively
during the rollforward period (generally by reference to the results of
tests of financial reporting controls which generally cover the entire
year under audit for significant systems).
DOCUMENTATION:
.06:
The auditor should document:
* the line items/accounts (and assertions, where applicable) to which
interim testing is applied;
* the factors considered when determining whether to use interim
testing;
* the audit procedures used to test interim balances and the rollforward
period (including tests of controls, findings, and conclusions); and:
* the effects of any misstatements found during interim testing.
The following table illustrates the correlation between combined risk
and the substantive assurance obtained from substantive analytical
procedures and detail test. This example is based on 95 percent audit
assurance.[Footnote 16] The table also provides the statistical risk
factors to be used when the auditor manually computes sample size using
DUS (see paragraph 480.17).
[End of section]
495 D - EXAMPLE OF AUDIT MATRIX WITH STATISTICAL RISK FACTORS:
Figure 495 D.1: Example Audit Matrix:
Assessed combined risk level: Low; Substantive assurance: 63%;
Substantive assurance from analytical procedures[A]: Complete; Minimum
confidence level for detail tests: 0%; Statistical risk factor[B]:
N/A[C]; Substantive assurance from analytical procedures[A]: Partial;
Minimum confidence level for detail tests: 50%; Statistical risk
factor[B]: 0.7; Substantive assurance from analytical
procedures[A]: None; Minimum confidence level for detail tests:
63%; Statistical risk factor[B]: 1.0.
Assessed combined risk level: Moderate; Substantive assurance: 86%;
Substantive assurance from analytical procedures[A]: Complete; Minimum
confidence level for detail tests: 0%; Statistical risk factor[B]:
N/A; Substantive assurance from analytical procedures[A]: Partial;
Minimum confidence level for detail tests: 77%; Statistical risk
factor[B]: 1.5; Substantive assurance from analytical
procedures[A]: None; Minimum confidence level for detail tests:
86%; Statistical risk factor[B]: 2.0.
Assessed combined risk level: High; Substantive assurance: 95%;
Substantive assurance from analytical procedures[A]: Complete; Minimum
confidence level for detail tests: 0%; Statistical risk factor[B]:
N/A; Substantive assurance from analytical procedures[A]: Partial;
Minimum confidence level for detail tests: 92%; Statistical risk
factor[B]: 2.5; Substantive assurance from analytical procedures[A]:
None; Minimum confidence level for detail tests: 95%; Statistical risk
factor[B]: 3.0.
[A] Complete assurance from analytical procedures requires procedures
that are extremely effective and persuasive to serve as the sole source
of audit evidence for achieving the audit objective. This level of
effectiveness or persuasiveness is very difficult to achieve when
combined risk is assessed as high. Therefore, complete reliance on
analytical procedures for substantive assurance in these situations is
rare, particularly for balance sheet accounts.
[B] Based on the Poisson distribution; used if sample size computed
manually.
[C] Not applicable.
[End of table]
[End of section]
495 E - SAMPLING:
SAMPLING FLOWCHARTS AND EXAMPLE WORKPAPERS:
.01:
This section contains sampling flowcharts (pages 495 E-2 through 495 E-
6) and example workpapers for sampling (pages 495 E-7 through 495 E-
19).
.02:
Flowchart 1 (page 495 E-2) is to assist the auditor in deciding
selection method: nonrepresentative selections versus sampling
(statistical or nonstatistical). Flowchart 2 (page 495 E-3) is to help
the auditor determine which type of sampling to use in various
situations. The second, third, and fourth pages of this flowchart are
to assist the auditor in performing attribute, dollar unit, and
classical variables estimation sampling.
.03:
Example workpapers for documenting sampling are given for attribute
sampling (pages 495 E-7 through 495 E-10), for dollar unit sampling
(pages 495 E-11 through 495 E-15), and for classical variables sampling
(pages 495 E-16 through 495 E-19).
[See PDF for images]
[End of figures]
[End of section]
495 F - MANUALLY SELECTING A DOLLAR UNIT SAMPLE:
.01:
Even though auditors usually use software (such as IDEA) to select a
dollar-unit sample, it is helpful to understand the process for
manually selecting a dollar-unit sample. To select a dollar-unit sample
manually, the following steps should be performed:
a. Determine the sampling interval using the following formula:
sampling interval = test materiality ¸ statistical risk factor:
b. Clear the calculator:
c. Select and document a random start and enter as a negative number in
the calculator. The random start should be a number between 1 and the
sampling interval.
d. Enter the positive amounts in the test population (items) until the
calculator's running subtotal becomes positive. The item that caused
the subtotal to become positive is the item selected for testing.
[See page 495 F-3. Note that the calculator subtotals were positive for
invoices #3, 10, 17, 19, and 24.]
Do not enter into the calculator any items in the population with zero
or credit balances. These items should be accumulated separately and
tested in conjunction with tests of completeness of the account balance
or class of transactions if they are expected to be significant.
e. After each selection, subtract the sampling interval until the
subtotal is negative. Even if the last item in the population is
selected, the sampling interval should be subtracted until the
subtotal is negative.
[See page 495 F-3. For invoice #19, the auditor had to subtract the
sampling interval twice to get a negative subtotal.]
f. Repeat steps d. and e. until all items in the test population have
been entered into the calculator and the ending subtotal is negative.
g. To test the footing of the population, reconcile the sample to the
recorded amount of the test population as follows:
Add:
(a) Random start:
(b) Sampling interval multiplied by the number of times the sampling
interval was subtracted during selection of the sample:
(c) The remaining subtotal on the calculator.
The total should equal the test population amount.
If the total on the reconciliation is not equal to the population
amount, there is either an error in the total population amount or
there was an error in entering the population items into the adding
machine.
The auditor should consider the amount of any difference when
determining whether investigation of the difference is necessary.
Immaterial amounts generally do not require investigation.
[See page 495 F-4 for an example reconciliation to test the footing.]
[PAGE 495 F-3]: Example of Systematic Selection for DUS:
[See PDF for image]
[End of table]
PAGE 495 F-4:
Reconciliation of book amounts footed to test population:
Random start: $6,000:
+ Sampling interval x number of times subtracted: 300,000:
($50,000 x 6):
+ Remaining subtotal: (14,400):
Population total: $291,600:
[End of section]
FOOTNOTES
[1] The FAM generally uses the same terminology as the Audit Guide.
[2] Many factors influence efficiency in addition to number of sampling
applications, such as sample size, number of locations it is necessary
to visit to achieve audit objectives, nature of the audit procedures,
extent of review required, whether rework can be avoided by designing
easy-to-follow procedures.
[3] Tables I and II assume a large population (generally over 5,000
items). If the population is small, the auditor may ask the
Statistician to calculate a reduced sample size and to evaluate the
results. Generally, the effect is small unless the sample size per the
table is more than 10 percent of the population.
[4] Using the AICPA guidance, the auditor computes the deviation rate
and the upper limit at the desired confidence level (usually the same
confidence level used to determine sample size). If the upper limit of
deviations is less than the tolerable rate, the results support the
control risk assessment. If not, the control risk should be increased
in designing substantive tests.
[5] Tolerable rate of 5 percent, expected population deviation rate of
0, and a large population (see footnote on page 450-3). If the
population is small, the auditor may ask the Statistician to compute a
reduced sample size and to evaluate the results.
[6] The proprietary accounting system supports the accrual basis of
accounting.
[7] If the data are disaggregated, the limit is still applied on an
annual basis.
[8] IDEA is the primary software GAO uses. It is distributed by
Audimation Services, Inc., Houston, Texas.
[9] Usually the auditor applying nonstatistical sampling will select a
"haphazard sample." A haphazard sample is a sample consisting of
sampling units selected without conscious bias, that is, without any
special reason for including or excluding items from the sample. It
does not consist of sampling units selected in a careless manner;
rather it is selected in a way the auditor expects to be representative
of the population.
Since a haphazard sample is not the same as a statistical sample, the
auditor using a haphazard sample cannot calculate precision at a given
confidence level. However, AICPA guidance indicates that the auditor
may use the haphazard sample to make a judgment of what a statistical
sample might have shown. For example, he or she might use the haphazard
sample to make a judgment as to the likely misstatement in areas that
are not very significant. Even though the judgment will not be a
statistical projection, it may assist the auditor in determining
whether the possible misstatement could be material. Thus, the auditor
should not avoid making the judgment.
Professional standards and the FAM do not use the term "judgment
sample." All selections (including statistical selections) require
judgment. The term "judgment sample" is often used to refer to
nonrepresentative selections, although it sometimes refers to
nonstatistical samples.
[10] See Dollar Unit Sampling, by Leslie, Teitlebaum, and Anderson
(Copp Clark Pitman, 1979), for a more technical discussion of DUS.
[11] This expectation affects the efficiency of the sample, not its
effectiveness. GAO auditors who use IDEA to calculate sample size
(based on the binomial distribution) generally use classical variables
estimation sampling when they expect that more than 30 percent of the
sampling units contain misstatements (no matter what the size of the
misstatement). When GAO auditors expect that 10 percent or fewer of the
sampling units contain misstatements, GAO auditors generally use
dollar-unit sampling. When GAO auditors expect between 10 and 30
percent of the sampling units contain misstatements, GAO auditors
consult with the Statistician. If a large misstatement rate is found,
the auditor, in consultation with the Statistician, should consider
whether to use classical PPS to evaluate the sample to obtain a smaller
precision. Other auditors, in consultation with their Statisticians,
may use different rules of thumb in deciding when to use DUS versus
classical variables estimation sampling.
[12] This means, for example, that an item that has a selected amount
of $1,000 cannot be misstated by more than $1,000. This is usually not
an issue in testing existence or valuation (overstatement). However, it
might be an issue in testing completeness (understatement). Thus, if
understatements larger than the selected amount are expected, classical
variables estimation sampling generally should be used.
[13] IDEA offers two methods of selecting a dollar-unit sample. The
auditor generally should use the cell method rather than the fixed
interval method. In the cell method, the program divides the population
into cells such that each cell is equal in size to an interval. Then
the program selects a random dollar in each cell. The random dollar
selected identifies the transaction, account, or line item to be tested
(sometimes called the logical unit).
[14] The 25 percent is a rough estimate that is used because there is
no way to calculate the correct sample size.
[15] As a general rule, this means 10 misstatements if the sample size
is between 75 and 100, 10 percent if the sample size is between 100 and
300, and 30 if the sample size is over 300. Minimum sample size for
classical PPS is 75.
[16] Audit assurance is not the same as statistical confidence level.
Assurance is a combination of quantitative measurement and auditor
judgment.
[End of section]
SECTION 500: Reporting Phase:
Figure 500.1: Methodology Overview:
Planning Phase:
* Understand the entity's operations: Section 220:
* Perform preliminary analytical procedures: Section 225:
* Determine planning, design, and test materiality: Section 230:
* Identify significant line items, accounts, assertions, and RSSI:
Section 235:
* Identify significant cycles, accounting applications, and financial
management systems: Section 240:
* Identify significant provisions of laws and regulations: Section 245:
* Identify relevant budget restrictions: Section 250:
* Assess risk factors: Section 260:
* Determine likelihood of effective information system controls:
Section 270:
* Identify relevant operations controls to evaluate and test: Section
275:
* Plan other audit procedures: Section 280:
* Plan locations to visit: Section 285:
Internal Control Phase:
* Understand information systems: Section 320:
* Identify control objectives: Section 330:
* Identify and understand relevant control activities: Section 340:
* Determine the nature, timing, and extent of control tests and of
tests for systems’ compliance with FFMIA requirements: Section 350:
* Perform nonsampling control tests and tests for systems’ compliance
with FFMIA requirements: Section 360:
* Assess controls on a preliminary basis: Section 370:
Testing Phase:
* Consider the nature, timing, and extent of tests: Section 420:
* Design efficient tests: Section 430:
* Perform tests and evaluate results: Section 440:
** Sampling control tests: Section 450:
** Compliance tests: Section 460:
** Substantive tests: Section 470:
*** Substantive analytical procedures: Section 475:
*** Substantive detail tests: Section 480:
Reporting Phase:
* Perform overall analytical procedures: Section 520:
* Determine adequacy of audit procedures and audit scope: Section 530:
* Evaluate misstatements: Section 540:
* Conclude other audit procedures: Section 550:
** Inquire of attorneys:
** Consider subsequent events:
** Obtain management representations:
** Consider related party transactions:
* Determine conformity with generally accepted accounting principles:
560:
* Determine compliance with GAO/PCIE Financial Audit Manual: Section
570:
* Draft reports: Section 580:
[End of figure]
[End of section]
510 - OVERVIEW:
.01:
Based on the work in the preceding phases, the auditor must form
conclusions on the information in the financial statements, the
entity's internal control, the financial management systems'
substantial compliance with the three FFMIA requirements, the entity's
compliance with laws and regulations, and other information
(management's discussion and analysis (or the overview of the reporting
entity), required supplementary information (unaudited RSSI is
considered required supplementary information), and other accompanying
information). Additionally, findings coming to the auditor's attention
should be reported in an appropriate manner. The following sections
provide guidance to assist the auditor in making these determinations
and in formulating the report type and form. Guidance is also provided
on other activities that should be performed by the auditor during the
reporting phase. (See figure 500.1.):
[End of section]
520 - PERFORM OVERALL ANALYTICAL PROCEDURES:
PURPOSES OF OVERALL ANALYTICAL PROCEDURES:
.01:
As the audit nears completion, the auditor must perform overall
analytical procedures as required by GAAS (AU 329). These procedures,
which are part of the reporting phase, have the following purposes:
* to determine if an adequate understanding of all fluctuations and
relationships in the financial statements has been obtained from other
audit procedures,
* to determine if other audit evidence is consistent with explanations
for fluctuations documented during overall analytical procedures, and:
* to assist the auditor in forming an opinion on the financial
statements
that is consistent with the conclusions reached during tests of
individual account balances and classes of transactions.
.02:
If overall analytical procedures indicate that an adequate
understanding of relationships and fluctuations has not been obtained
or if there are inconsistencies in audit evidence gathered from other
audit procedures, further inquiries and testing are necessary to obtain
an adequate understanding or to resolve the inconsistencies.
.03:
The auditor may find it effective and efficient to perform overall
analytical procedures in more detail than the financial statement level
(supplemental analytical procedures) and then use the results of these
procedures to "roll up" into and support the overall analytical
procedures at the financial statement level. For example, the auditor
might perform overall analytical procedures at the account level and
roll them up to the financial statement line item to which they belong.
.04:
The auditor may choose to use analytical procedures to obtain complete
or partial substantive assurance for certain accounts or to perform
supplemental analytical procedures when detail tests are used
exclusively to obtain substantive assurance. The information obtained
during these procedures can be used as the basis for explanations of
fluctuations for overall analytical procedures.
.05:
Having the auditor who conducted the detail tests on an account also
conduct supplemental analytical procedures usually maximizes
efficiency and effectiveness by building on the knowledge of the
account obtained during detail tests.
.06:
Overall analytical procedures should be coordinated with the auditor's
evaluation of the MD&A (overview of the entity) included in the
Accountability Report (annual financial statement). For example, the
auditor should use the MD&A, if available, to assist in performing
overall analytical procedures and should use the results of the
analytical procedures to assist in forming conclusions about the
information in the MD&A.
PERFORMANCE OF OVERALL ANALYTICAL PROCEDURES:
.07:
The auditor should take the following steps to achieve the purposes of
overall analytical procedures described above:
* Compare current-year amounts with comparative financial information
and with budget execution information: This information may be on a
summarized level, such as the level of financial statements, or a more
detailed level, as discussed in paragraph 520.03. If available, audited
prior-year information that is comparable to the current-period
information should be used for comparison. If audited prior-year
information is not available, the auditor should use any other
information that provides a reasonable basis for comparison. The
audited, final amounts for the current year must be used for these
procedures. The auditor may also perform ratio analysis on current-year
data and compare these with ratios derived from prior periods or
budgets.
* Identify significant fluctuations: The auditor should establish
parameters for determining if a fluctuation is significant.
Fluctuations identified are a matter of the auditor's judgment. The
auditor should also consider the absence of expected fluctuations when
identifying significant fluctuations.
* Understand identified fluctuations: The auditor should understand all
significant fluctuations identified. The causes for the fluctuations
should be briefly described and referenced to corroborating evidence in
the workpapers. If the auditor does not understand the cause of the
fluctuation or if the understanding is not consistent with the evidence
in the workpapers, the auditor should perform appropriate procedures to
obtain an understanding or to resolve any inconsistencies.
* Consider the results of overall analytical procedures: The auditor
should consider these results to determine if an adequate understanding
of significant fluctuations was obtained and evidence is consistent and
adequate to support the report on the financial statements.
[End of section]
530 - DETERMINE ADEQUACY OF AUDIT PROCEDURES AND AUDIT SCOPE:
.01:
In the planning phase, the auditor determined planning materiality
based on preliminary information. Based on planning materiality, the
auditor determined design and test materialities, which affected the
extent of testing. In light of the final assessment of combined risk,
the overall level of audit assurance used, and the audited materiality
base, the auditor should consider whether the extent of substantive
audit procedures was sufficient (i.e. appropriateness of sample sizes
for detail tests and the limit for investigation of differences during
substantive analytical procedures). When there are questions regarding
the adequacy of work performed, the auditor should consult with the
Reviewer to determine the necessity of additional procedures.
.02:
When determining whether an opinion can be expressed on the financial
statements, any limitations on the nature, timing, or extent of work
performed should be considered. Additional guidance on scope
limitations and their impact is provided in paragraphs 580.14-.18.
[End of section]
540 - EVALUATE MISSTATEMENTS:
OVERVIEW:
.01:
The auditor may detect misstatements during substantive tests or other
procedures. These misstatements should be evaluated in both
quantitative and qualitative terms. Based on this evaluation, the
auditor should determine the type of report to issue on the financial
statements.
.02:
Additionally, the auditor needs to consider the implications of
misstatements on the following.
* The auditor's evaluation of internal control (see paragraphs 580.32-
.61):
Consider whether the misstatements indicate control weaknesses that had
not been previously identified, whether the assessment of the controls
remains appropriate, and whether the categorization of control
weaknesses for reporting purposes is appropriate.
* The consideration of the risk of material misstatement due to fraud
(see paragraphs 540.18-.21):
Consider whether the accumulated results of audit procedures and other
observations would change the risk of material misstatement due to
fraud identified during planning.
* The auditor's evaluation of the financial management systems'
substantial compliance with the three FFMIA requirements (see paragraph
580.62-.66):
Consider whether the misstatements would have a significant impact on
the auditor's conclusions with respect to the financial management
systems' substantial compliance with the three FFMIA requirements.
* The entity's compliance with laws and regulations (see paragraphs
580.67-.75):
Consider whether the misstatements would change the auditor's
conclusions with respect to the entity's compliance with laws and
regulations.
* budget formulation and execution:
Consider whether the misstatements would have a significant impact on
budget related matters for purposes of reporting budget control
weaknesses, reporting on the statements of budgetary resources and
financing, and reporting on compliance with budget-related provisions
of laws and regulations.
* Other reports:
Consider whether the misstatements and any underlying internal control
weaknesses affect reported performance measures or other reports
prepared by the entity that are (1) used for management decision-making
or (2) distributed outside the entity.
.03:
The auditor should follow the guidance in sections 475 (substantive
analytical procedures) and 480 (substantive detail tests) regarding
evaluation of individual misstatements from a quantitative standpoint.
Following that guidance, the auditor should quantify the effects of the
misstatements and classify them as follows:
* known misstatement: the amount of misstatement actually found or
* likely misstatement: the auditor's best estimate of the amount of the
misstatement (including the known misstatement). For sampling
applications, this amount is the projected misstatement. (Also see
paragraph 540.11.):
ACCUMULATION OF MISSTATEMENTS:
.04:
To evaluate the aggregate effects of misstatements on the financial
statements, the auditor should accumulate the adjustments necessary to
correct all known and likely misstatements on the Summary of Possible
Adjustments. This schedule should include all misstatements detected by
the auditor, including any that the entity corrected during the audit.
It is important to consider all misstatements to have a record of the
impact of the audit, bring all misstatements to the attention of the
appropriate level of management, and assist the auditor in evaluating
the risk of further misstatement as a part of the consideration of
unadjusted misstatements (paragraphs 540.11-.12). An example format is
included as section 595 C. The Reviewer should review the Summary of
Possible Adjustments. Per AU 312.40, the auditor may designate an
amount below which misstatements need not be accumulated. This amount
should be set so that any such misstatements, either individually or
when aggregated with other such misstatements, would not be material to
the financial statements, after the possibility of further undetected
misstatements is considered.
.05:
The financial statements usually include various estimates made by
management, such as the recoverability of assets (allowances for
doubtful accounts receivable or loans) and liabilities for loan
guarantees. If the recorded amount falls outside of a range of amounts
that the auditor considers reasonable, the auditor should consider the
difference between the recorded amount and the closest end of the
auditor's range to be a likely misstatement to be included in the
Summary of Possible Adjustments and should discuss the difference with
entity management.
.06:
Additionally, the auditor should consider whether management's
estimates consistently overstate or understate components of the
financial statements, such as total assets or total expenditures. If
so, the auditor should consider the effects on the financial statements
in addition to any unadjusted misstatements when determining the
appropriate type of opinion. Further guidance on evaluating estimates
is provided in AU 312.36 and AU 342.
REVIEW OF MISSTATEMENTS WITH MANAGEMENT:
.07:
After accumulating and summarizing the adjustments, the auditor:
* must bring all misstatements found (except those below the auditor-
designated amount at which misstatements need not be accumulated) to
the attention of appropriate entity management;
* should encourage entity management to adjust the entity's records to
correct all known misstatements; and:
* should encourage entity management to determine the cause of the
likely misstatements and to make appropriate adjustments; unless the
entity's analysis determines another adjustment is appropriate, the
auditor should encourage entity management to establish valuation
allowances for likely misstatements, net of known misstatements (since
the likely misstatement represents the best estimate of the correction
needed).
.08:
In presenting the proposed adjustments to management, the auditor
should remind management that SAS 89 requires the audited entity to
indicate in the management representation letter that the unadjusted
misstatements, individually or in the aggregate, are not material to
the financial statements taken as a whole. SAS 89 also requires that a
summary of the unadjusted misstatements be attached to the
representation letter. Thus, management may consider some of the same
factors presented in paragraphs 540.09-.16.
CONSIDERATION OF UNADJUSTED MISSTATEMENTS:
.09:
If entity management declines to record adjustments for any
misstatements, the auditor considers the potential effects of these
misstatements on the auditor's report in both quantitative and
qualitative terms. The auditor should prepare a Summary of Unadjusted
Misstatements, following the format provided in section 595 D or
equivalent. Overall guidance on evaluating misstatements is provided in
AU 312.34-.40. If total unadjusted likely misstatements are material,
the auditor should modify the opinion on the financial statements (see
paragraph 580.22). Misstatements, individually or in the aggregate, are
material if, in light of surrounding circumstances, it is probable that
the judgment of a reasonable person relying on the information would
have been changed or influenced by the correction of the items. The
concept of materiality includes both quantitative and qualitative
considerations. Deciding whether and how to modify the opinion based on
the materiality of total unadjusted likely misstatements is a
significant auditor's judgment. The decision and the basis for it
should be documented. The Audit Director should be involved in the
decision and review the documentation related to it. Also, the Reviewer
should review and approve the documentation of the decision.
Quantitative Considerations:
.10:
Although there is some point where unadjusted likely misstatements
would generally be considered material, there is no single amount that
can be used for deciding to modify the opinion. Instead, the auditor
should follow a process that considers a number of quantitative factors
in reaching this decision.
.11:
The auditor should add an allowance for further misstatement to the
unadjusted likely misstatement. This risk of further misstatement
relates to the imprecision of audit procedures. This risk includes the
allowance for sampling risk (the combined precision of all sampling
applications), an allowance for imprecision of analytical and other
substantive audit procedures, and an allowance for unaudited immaterial
account balances. The Statistician should compute the combined
precision for all sampling applications.
.12:
This total of likely misstatement plus allowance for further
misstatement should then be considered in relation to planning
materiality and the relative importance of the misstated items to
readers of the financial statements to determine whether the financial
statements as a whole may be materially misstated. For example, if the
aggregate unadjusted likely misstatement is $10 million and the
allowance for imprecision of audit procedures is probably no more than
$15 million, the auditor should determine whether the total
($25 million) materially misstates the financial statements taken as a
whole. The Reviewer should be consulted in considering these issues.
.13:
The auditor's report addresses the fair presentation of the financial
statements as a whole. When considering the effects of any unadjusted
misstatements on the financial statements, the auditor should bear in
mind that he/she is taking less responsibility for individual line
items in the financial statements and in any combining statements and
supplemental schedules than for the financial statements as a whole.
Qualitative Considerations:
.14:
The auditor should consider numerous qualitative factors when
determining the effect of unadjusted misstatements on the auditor's
report. The auditor may choose to modify or qualify the report on the
financial statements, even if the amounts of any unadjusted
misstatements are not quantitatively material. Examples of
misstatements for which the auditor may consider issuing a modified or
qualified report include:
* misstatements of account balances or transactions that are considered
sensitive to the financial statement users;
* misstatements that offset one another in the aggregate but are
individually significant; and:
* misstatements that have a significant effect on the MD&A (overview)
presented by management, including the entity's performance indicators.
Treatment of Unadjusted Misstatements Detected in Prior Periods:
15
The auditor should consider the effects on the current-period financial
statements of any misstatements detected in prior periods. If corrected
in the current period, the auditor should record the impact on current-
period financial statements in the Summary of Possible Adjustments. If
uncorrected, the auditor should consider the misstatement in
combination with current-period misstatements. Guidance is provided in
AU 312.37.
Treatment of Misstatements That Arose in Prior Periods But Were
Detected in the Current Period:
16
If, during the audit of the current period, the auditor detects a
misstatement that arose in a prior period but was not previously
detected, the auditor should determine if the misstatement is material
to the prior-or current-period financial statements. If the
misstatement is considered to be material, the auditor should consult
the Reviewer to determine the effects on the current-period statements
and the auditor's report. Any material misstatements of this type
should be discussed with entity management and should be included on
the Summary of Possible Adjustments if not corrected through a prior-
period adjustment to the financial statements.
MANAGEMENT DISAGREEMENT WITH LIKELY MISSTATEMENTS:
17
If management disagrees with the auditor's likely misstatements and if
the disagreement involves amounts that are material, the auditor may
consider the following options:
* The entity may perform procedures, such as reviewing all or
substantially all of the items in the relevant population, to refine
the estimated amount of the misstatement. In these situations, the
auditor should test management's procedures and conclusions.
* The auditor may believe that sufficient evidence has already been
obtained and may form his/her opinion on the financial statements based
on his/her estimate.
* The auditor may want to increase assurance in the likely misstatements
in order to convince entity management of the amount or to support the
report on the financial statements. For example, the auditor may choose
to increase his/her assurance in the likely misstatement by testing
additional items. These additional procedures will most likely increase
the auditor's assurance in the previous findings but generally will not
materially affect the amount of the likely misstatement. Before
deciding to perform additional procedures, the auditor should obtain
agreement from entity management on the extent of additional evidence
needed to be persuasive to them. The auditor also should consult with
the Reviewer before beginning any of these additional procedures.
* The Audit Director may decide not to expend additional resources to
resolve the disagreement, for example, because additional testing is
unlikely to provide different conclusions. If the auditor believes the
estimate is sufficiently accurate, he or she would express a qualified
or adverse opinion, depending on the materiality of the item to the
financial statements taken as a whole. If the auditor believes the
estimate is not sufficiently accurate, he or she would qualify or
disclaim an opinion for a scope limitation, depending on the
materiality of the item to the financial statements taken as a whole.
RECONSIDERATION OF FRAUD RISK:
18
The consideration of the risk of material misstatement due to fraud is
a cumulative process that should be ongoing throughout the audit. The
auditor should consider whether the audit test results indicate the
need for a change in the original consideration of fraud risk made in
planning (see section 260) or whether the results indicate a need for
additional or different audit procedures.
19
When audit tests identify misstatements, the auditor should consider
whether these may be indicative of fraud. If the auditor determines
that misstatements are or may be the result of fraud, he or she should
consult with the Audit Director and the Reviewer who will determine
whether to seek help from the Special Investigator Unit and/or OGC. If
the effect is not material to the financial statements, the auditor
should consider the implications, especially regarding the
organizational position of the individual(s) involved. If the person
involved in the fraud is a relatively low-level employee, there is
little significance to the audit, although the misstatement should be
reported at least to the next level of management. However, if the
person is of a higher level of management, even though the amount of
misstatement found is immaterial, the auditor should consider whether
it may indicate a more pervasive problem and should reevaluate fraud
risk as well as the assessment of inherent and control risk; the
assignment of personnel; and the nature, timing, and extent of
substantive testing.
20
If the misstatement is or may be the result of fraud and the effect
could be material or the auditor is unable to evaluate whether the
effect is material, he or she, in consultation with the issue area
director, should (1) consider the implications on other aspects of the
audit (see previous paragraph), (2) discuss the matter with at least
the next level of entity management and with senior management, (3)
consider whether to attempt to obtain additional evidence to determine
whether material fraud has occurred or is likely to have occurred and
the effect on the financial statements and the audit report, and (4)
consider whether to advise entity management to consult with its
general counsel.
21
Fraud involving senior management and fraud that causes a material
misstatement of the financial statements should be included in the
audit report in the compliance section and in the report on the
financial statements section if the financial statements are misstated.
When the auditor identifies evidence of these cases, the Special
Investigator Unit and/or OGC should be consulted. If the auditor has
identified fraud risk factors that have continuing control
implications, the auditor should consider whether these risk factors
represent reportable conditions that should then be included in the
audit report in the internal control section.
FINANCIAL MANAGEMENT SYSTEMS:
22
For audits of the CFO Act agencies and components identified by OMB in
its audit guidance, the auditor should determine whether the entity's
financial management systems comply substantially with the three
requirements of FFMIA. Federal financial management systems
requirements and the SGL at the transaction level were considered in
sections 350 and 360. At this point, the auditor should reassess those
preliminary conclusions and conclude on the federal accounting
standards based on the results of control, compliance, and substantive
testing and evaluation of misstatements found. If the auditor concludes
that the systems do not comply with the requirements, he or she should
report the noncompliance. In addition, if the auditor concluded the
systems were not in substantial compliance with FFMIA based on limited
testing, he or she should report that the work on FFMIA would not
necessarily disclose all instances of lack of substantial compliance
with FFMIA requirements. (See section 580.):
[End of section]
550 - CONCLUDE OTHER AUDIT PROCEDURES:
.01:
To issue the auditor's report, procedures in the following areas should
be concluded during the reporting phase:
* inquiries of attorneys (see paragraphs 550.02.-.03),
* subsequent events (see paragraphs 550.04.-.06),
* management representations (see paragraphs 550.07-.11), and:
* related party transactions (see paragraph 550.12).
INQUIRIES OF ATTORNEYS:
.02:
In considering any contingent liabilities or uncertainties that may
affect the entity or its financial statements, the auditor should make
inquiries of the entity's counsel regarding litigation, claims, and
assessments. Guidance on these inquiries, as well as on interpreting
and using responses received from counsel, is provided in AU 337 and
9337 and OMB audit guidance (see also section 280).
.03:
The inquiries and responses should cover the entire period under audit
and the subsequent period through completion of fieldwork (the date of
the auditor's report). A response should be obtained from counsel at
the approximate end of fieldwork. If a long period elapses from end of
fieldwork to report issuance, a subsequent update generally should be
obtained, either written or oral (and documented in the workpapers),
for material events to report issuance.
SUBSEQUENT EVENTS:
.04:
Events or transactions may occur after the balance sheet date but
before the audit report is issued. Such events or transactions that
have a material effect on the financial statements and therefore
require adjustment to or disclosure in the financial statements are
referred to as subsequent events. AU 560 provides guidance on
determining whether a particular subsequent event requires adjustment
to or disclosure in the financial statements (see also section 1005).
.05:
To identify subsequent events that would require either adjustment to
or disclosure in the financial statements, the auditor should follow
the procedures described in AU 560.10-12 (see also section 1005). These
procedures should be performed at or near the completion of fieldwork.
If a long period elapses from end of fieldwork to report issuance, the
procedures generally should be updated for material events through the
issuance of the auditor's report. The auditor should follow the
guidance in AU 530 on dating the auditor's report if any subsequent
events are identified that affect the report.
.06:
The auditor generally has no obligation to perform procedures to
identify subsequent events after the report is issued. If the auditor
becomes aware of facts that might have affected the report if they had
been known before issuance, the auditor should follow the guidance in
AU 561.
MANAGEMENT REPRESENTATIONS:
.07:
The auditor is required to obtain written representations from
management as part of the audit. These representations supplement the
other audit procedures performed by the auditor but are not a
substitute for them. Written representations help avoid any
misunderstandings that could arise if only oral representations were
received from management. In some circumstances, corroborating evidence
for representations may not be readily available, such as for those
involving management's intent concerning a future transaction or
business decision. AU 333.06, AT 501.44 (SSAE 10, paragraph 5.44), and
AU 801.07 provide examples of the written representations usually
obtained from management (see also sections 1001 and 1001 A).
Additionally, the auditor may request representations on other matters.
.08:
Federal government auditors should obtain further representations from
management in addition to those required by generally accepted auditing
standards. These are management assertions about the effectiveness of
internal control and about substantial compliance of financial
management systems with the three requirements of FFMIA.
.09:
If management refuses to provide the requested written representations,
the auditor considers this a limitation on the audit scope and modifies
the report (see paragraphs 580.14-.18). In these situations, the
auditor should consider the reliability of other representations
received from management during the audit.
.10:
The representation letter should be signed by members of management
who, in the auditor's view, are responsible for and knowledgeable,
directly or through others, about the matters in the representation
letter, as discussed in AU 333.09.
.11:
The representation letter should be dated as of the date of the
auditor's report. If there is a significant delay between the report
date and the issuance of the report, the auditor should consider
obtaining updated management representations.
RELATED PARTY TRANSACTIONS:
.12:
The auditor should be aware of the possible existence of relationships
with related parties and material related party transactions that could
affect the financial statements. AU 334 provides guidance on
identifying related parties, examining related party transactions, and
considerations for disclosure (see also section 1006).
[End of section]
560 - DETERMINE CONFORMITY WITH GENERALLY ACCEPTED ACCOUNTING
PRINCIPLES:
.01:
Generally accepted accounting principles (GAAP) for federal government
entities are developed by the Federal Accounting Standards Advisory
Board (FASAB), an entity created by GAO, OMB, and Treasury. FASAB was
recognized by the American Institute of Certified Public Accountants
(AICPA) as the body to establish GAAP for federal governmental entities
under Rule 203, "Accounting Principles," of the AICPA's Code of
Professional Conduct. Pursuant to the resolution adopted by the AICPA
Council on October 19, 1999, Statements of Federal Financial Accounting
Standards (SFFAS) issued by FASAB are recognized as GAAP for the
applicable federal governmental entities. FASAB develops federal
accounting concepts or standards and transmits them to the Comptroller
General, the Secretary of the Treasury, and the Director of OMB (the
three principals). The accounting concepts or standards become final 90
days after transmittal, provided no principal advises FASAB of an
objection during the 90 days. The concepts or standards are then issued
by FASAB.
.02:
Federal executive agencies are to follow the hierarchy of accounting
principles given below. This means that the entity is to use the
guidance in item "a" unless that item is silent about a particular
topic. In that case, the entity is to use the guidance in item "b,"
unless it also does not address the topic, and so on to item "c," or
"d," until guidance addressing the topic is found. This hierarchy is
recognized by the AICPA as GAAP for applicable federal entities,
according to SAS 91:
a. FASAB Statements and Interpretations plus AICPA and FASB
pronouncements if made applicable to federal governmental entities by a
FASAB Statement or Interpretation.
b. FASAB Technical Bulletins and the following pronouncements if
specifically made applicable to federal governmental entities by the
AICPA and cleared by FASAB: AICPA Industry Audit and Accounting Guides
and AICPA Statements of Position.
c. AICPA AcSEC Practice Bulletins if specifically made applicable to
federal governmental entities and cleared by FASAB and Technical
Releases of its Accounting and Auditing Policy Committee.
d. Implementation guides published by FASAB staff and practices that are
widely recognized and prevalent in the federal government.
.03:
In the absence of a pronouncement in the above hierarchy, the auditor
may consider other accounting literature, including FASAB Concepts
Statements; pronouncements in categories "a" through "d" above when not
specifically made applicable to federal governmental entities; FASB and
GASB Concepts Statements; GASB Statements, Interpretations, and
Technical Bulletins; AICPA Issues Papers; International Accounting
Standards of the International Accounting Standards Committee;
pronouncements of other professional associations or regulatory
agencies; AICPA Technical Practice Aids; and accounting textbooks,
handbooks, and articles.
.04:
Entities are required to summarize the significant accounting policies
used in the notes to the principal statements.
.05:
The auditor should review the financial statements for conformity with
GAAP and should identify any instances of nonconformity. Such
nonconformity may include incomplete disclosure or use of an accounting
principle that is contrary to GAAP. A Checklist for Reports Prepared
Under the CFO Act is in section 1004 (Part II) for reviewing the
financial statements for appropriate and adequate disclosure in
accordance with GAAP.
.06:
The auditor should consider the impact of nonconformity with GAAP on
the financial statements and should determine the effects, if any, on
the auditor's report (see paragraph 580.22).
[End of section]
570 - DETERMINE COMPLIANCE WITH GAO/PCIE FINANICAL AUDIT MANUAL:
.01:
The auditor must determine whether the audit was conducted in
accordance with GAGAS, OMB audit guidance, and GAO/PCIE financial audit
methodology. The auditor should use the audit completion checklist
included in section 1003 (Part II) for determining and documenting
compliance.
[End of section]
580 - DRAFT REPORTS:
.01:
At the conclusion of the audit, the auditor finalizes the draft of the
auditor's report(s), which includes the auditor's conclusions on:
* the financial statements (see paragraphs 580.10-.31);
* internal control (see paragraphs 580.32-.61);
* whether the financial management systems substantially comply with
the requirements of FFMIA: federal financial management systems
requirements, federal accounting standards (GAAP), and the SGL at the
transaction level (see paragraphs 580.62-.66); and:
* compliance with laws and regulations (see paragraphs 580.67-.75);
* the MD&A (see requirements in SFFAS No. 15) and other information
included in the Accountability Report (including RSSI) (see paragraphs
580.76-.81).
.02:
The auditor's report should clearly identify the entity audited, the
Accountability Report on which the auditor is reporting, and the period
covered by the Accountability Report.
.03:
The report should be dated as of the completion of fieldwork. If a
subsequent event occurs after that time that requires disclosure in the
report, the auditor should follow the guidance in AU 530 with respect
to dating the report.
REPORT FORMAT:
.04:
An example of an unqualified auditor's report is presented in section
595 A. The auditor may use another reporting format, such as issuing
separate reports on the financial statements (see AU 508) and on
internal control and compliance (see AICPA Audit and Accounting Guide:
Audits of State and Local Governmental Units or OMB audit guidance) and
should document the reasons for deviations from the language required
by the professional standards. GAO auditors also should document the
reasons for deviations from the example reporting format or language in
sections 595 A and/or B. The example report includes the following
sections:
Introduction;
Significant Matters (when applicable);
Conclusions on:
** financial statements,
** internal control,
** financial management systems' substantial compliance with FFMIA
requirements,
** compliance with laws and regulations, and:
** consistency of other information;
Objective, Scope, and Methodology; and
Agency Comments and Our Evaluation (if applicable).
.05:
The introduction summarizes the auditor's conclusions on the entity's
financial statements, internal control, financial management systems'
substantial compliance with the three FFMIA requirements, and
compliance with laws and regulations.
.06:
A significant matters section is included if any of the following
situations exist:[Footnote 1]
* significant limitations on the scope of the audit (paragraphs 580.14-
.18, .34-.36, and .73-.75);
* uncertainties for which the auditor disclaimed an opinion (paragraph
580.19);
* material departures from generally accepted accounting principles
(paragraph 580.22);
* material weaknesses in internal control (including performance
measures controls) or other weaknesses that the auditor has decided to
describe in the audit report (paragraphs 580.51-.55);
* material conflicts between the Summary of Management's Report on
Internal Controls prepared under FMFIA and the results of the auditor's
evaluation of internal control (paragraph 580.61);
* instances of lack of substantial compliance with the three
requirements of FFMIA (paragraphs 580.63-.66):
* instances of noncompliance that are reportable under GAGAS or OMB
audit guidance, that is, any that are not clearly inconsequential
(paragraphs 580.71-.72);
* material inconsistencies between other information (MD&A, required
supplementary information, including RSSI, and other accompanying
information) and the financial statements, or material nonconformity of
the other information with OMB guidance for such information
(paragraphs 580.76-.80); or
* any other significant matters coming to the auditor's attention, that
in his/her judgment, should be communicated to the entity head, OMB,
and the Congress.
This section should be phrased similar to an executive summary. Matters
should be described in nontechnical language so that report users can
readily grasp their significance. Other sections of the report would
not repeat this narrative, but would refer to it using phrases such as
"as described above." If two or more of the above items affect the same
area, the auditor should combine the discussion of the situations to
the extent possible. Each significant matter should begin with a
summary heading. Also, if significant matters exist, the auditor's
report should indicate that such matters were considered in forming the
audit conclusions (as discussed in section 595 B, note 1).
.07:
The conclusions section of the report is used to report the auditor's
overall conclusions on the financial statements, internal control,
financial management systems' substantial compliance with the three
requirements of FFMIA, compliance with laws and regulations, and
consistency of other information.
.08:
The objectives, scope, and methodology section includes a discussion of
management's and the auditor's responsibilities, what the auditor did
to fulfill his/her responsibilities, the scope of the auditor's work on
internal control, and a statement that the audit was performed in
accordance with GAGAS and OMB's audit guidance.
.09:
The remainder of this section provides guidance on forming conclusions
on the financial statements, internal control, financial management
systems' substantial compliance with the three requirements of FFMIA,
compliance with laws and regulations, and other information.
* Example report wording of an unqualified auditor's report is included
in section 595 A.
* Section 595 B provides guidance on modifying the report based on the
auditor's conclusions. In some cases, when findings are extensive, the
report format may also be modified.
FINANCIAL STATEMENTS:
.10:
Under GAAS, the fourth standard of reporting on financial statements
follows (see AU 508.04):
"The report shall either contain an expression of opinion regarding the
financial statements, taken as a whole, or an assertion to the effect
that an opinion cannot be expressed. When an overall opinion cannot be
expressed, the reasons therefor should be stated. In all cases where an
auditor's name is associated with financial statements, the report
should contain a clear-cut indication of the character of the auditor's
work, and the degree of responsibility the auditor is taking.":
.11:
When reporting on financial statements, the auditor considers the
following areas: (1) audit scope, (2) uncertainties, (3) consistency,
and (4) departures from GAAP. Each of these areas and their effects on
the report are discussed below.
.12:
The auditor considers these four areas and the results of all audit
procedures performed to determine if an opinion can be expressed on the
financial statements and, if so, the type of opinion. If an opinion
cannot be expressed, the auditor should issue a disclaimer report. If
an opinion can be expressed, the auditor may issue one of the following
opinion types: unqualified, unqualified with an explanatory paragraph,
qualified, or adverse.
.13:
The auditor should formulate the type of report on the financial
statements following the guidance provided below and in sections 595 A
and 595 B.
Audit Scope:
.14:
To express an opinion, first the auditor must determine if the audit
has been conducted in accordance with GAGAS and OMB audit guidance. If
the auditor is not able to perform all procedures considered necessary,
the scope of the audit is considered to have been limited or
restricted.
.15:
Restrictions on the scope of the auditor's work may be imposed by the
entity or may be caused by circumstances beyond the entity's control.
Scope limitations may result from the timing of the audit work; the
inability to obtain sufficient, competent evidential matter; or
inadequate accounting records. If the audit scope has been limited, the
auditor should refer to the guidance in AU 508.22-.28 to determine
whether to qualify or disclaim an opinion.
.16:
When determining if sufficient competent evidence has been obtained,
the auditor should consider the impact of any misstatements on the
audit scope from a qualitative standpoint. The auditor should also
consider whether the audit scope is adequate in light of any
misstatements or other findings that indicate noncompliance with laws
and regulations.
.17:
Whether to qualify or disclaim an opinion because of a scope limitation
is a matter of the auditor's judgment. The auditor should assess how
important the omitted procedures were to his/her ability to form an
opinion on the financial statements. This assessment is influenced by
the nature, significance, and magnitude of the items to which the
omitted procedures relate. For example, the potential effect of a scope
limitation on a material account is likely to be greater than on an
immaterial account.
.18:
If the audit scope is adequate for expressing an opinion, the auditor
determines the appropriate type of opinion. Three areas that the
auditor should consider when forming the opinion are uncertainties,
consistency, and departures from GAAP.
Uncertainties:
.19:
Uncertainties are matters affecting the financial statements whose
outcome is expected to be resolved at a future date when conclusive
evidential matter will become available. Uncertainties may be related
to the resolution of litigation or the valuation of assets, such as
real estate owned. Uncertainties include the contingencies discussed in
SFFAS No. 5 (amended by SFFAS No. 12), estimates covered by AICPA
Statement of Position 94-6, as well as other matters. Guidance on
considering uncertainties and their effects on the auditor's report is
provided in AU 508.29-.32 (SAS 79). Depending on the nature of the
uncertainty, the auditor may need to add an explanatory paragraph or
disclaim an opinion, as discussed in AU 508. Because of the nature of
uncertainties, conclusive evidence cannot be expected to exist at the
time of the audit. Management is responsible for estimating the effect
of future events on the financial statements or determining that a
reasonable estimate cannot be made and making required disclosures. The
auditor generally should give an unqualified opinion if, in his or her
judgment, evidence is sufficient to support management's analysis of
the nature of the uncertainty and its presentation or disclosure in the
financial statements. (The auditor may add a matter of emphasis
paragraph; see AU 508.19.) Additionally, if the uncertainty involves a
scope limitation (unavailable or insufficient evidence to support
recorded amounts or disclosure relating to the uncertainty) a
qualification or disclaimer may be appropriate as discussed in
paragraphs 580.28-.29 and .31 (see AU 508.29-.32). If the uncertainty
involves a departure from accounting principles (inadequate disclosure,
inappropriate accounting principles, and unreasonable accounting
estimates), the auditor may need to express a qualified or adverse
opinion as discussed in paragraphs 580.28-.29 and .30, respectively
(see AU 508.45-.49).
Consistency:
.20:
The auditor is concerned with comparability between the financial
statements for all periods presented or with the prior period if only 1
year is presented. A lack of comparability may be caused by an
inconsistency in the accounting principles used; the method of applying
these principles; or other factors, such as the classification of
accounts for reporting purposes. For first-year audits, the auditor
should determine if accounting principles are consistent with the prior
period, following the guidance in AU 420.22 -.25. Guidance on the
auditor's consideration of accounting and other changes that may affect
the consistency of the financial statements may be found in AU 420.
Inconsistencies may result in an explanatory paragraph or departure
from GAAP. Guidance on reporting on a lack of consistency is provided
in AU 508.16-.18.
.21:
If the entity has a change in accounting principles when it first
adopts FASAB standards, the auditor should include a paragraph on
consistency in the audit report, regardless of whether or not the
financial statements of the previous period are presented. The
paragraph should state that the entity adopted SFFAS No. X, as
discussed in note XX. The SFFASs generally specify what disclosures are
required upon adoption.
Departure from GAAP:
.22:
The auditor must consider whether the financial statements are
materially affected by a departure from GAAP. If such a departure
exists, the auditor should determine the extent of the effects of the
departure on the financial statements, considering both quantitative
and qualitative factors, as discussed in AU 508.35-.36. The auditor
also should consider whether adequate disclosures have been made in the
financial statements and related notes (see AU 431 and AU 508.41-.44)
and should evaluate whether any changes in accounting principles used
by the entity are appropriate (see AU 508.50-.57). Depending on the
extent of the departure, the auditor should express either a qualified
or adverse opinion. Guidance on reporting these departures is included
in AU 508.37-.40 for qualified opinions and AU 508.58-.60 for adverse
opinions (see section 595 B for modifications to be made to the
auditor's report). In rare cases when compliance with accounting
principles would result in misleading financial statements, a departure
from GAAP may not result in a qualified or adverse opinion (see AU
508.14 -.15).
Types of reports:
.23:
As discussed, the auditor may express various types of opinions or may
disclaim an opinion. Guidance on reporting is included in AU 411, 420,
431, 504, 508, and 558. Additionally, section 595 A includes an example
of an unqualified report. Section 595 B includes specific changes to be
made to the unqualified report under various circumstances. Each type
of report is discussed in paragraphs 580.24-.31.
Unqualified Opinion:
.24:
In an unqualified opinion on the financial statements, the auditor
concludes that the financial statements and accompanying notes present
fairly, in all material respects, the assets, liabilities, and net
position of the entity at the end of the period, and the net costs,
changes in net position, budgetary resources, reconciliation of net
costs with budgetary obligations, and custodial activity (if
applicable) for the period then ended, in conformity with generally
accepted accounting principles.
.25:
If, in the auditor's judgment, he/she cannot make this conclusion (for
reasons discussed in paragraphs 580.14-.22) the auditor's report on the
financial statements should be modified. This report modification may
take the form of an explanatory paragraph, or the opinion expressed in
the report may be qualified or adverse. Additionally, if the auditor
opines only on the balance sheet, the auditor should follow the
guidance in AU 508.33-.34.
Explanatory Paragraphs:
.26:
An auditor may express an unqualified opinion and also include
explanatory paragraphs in the report. An explanatory paragraph may be
included in either the significant matters section or the opinion on
the financial statements section of the auditor's report based on the
auditor's judgment about its significance. The following types of
situations usually require the addition of an explanatory paragraph or
other explanatory language. (See AU 508.11 for further guidance.):
* The auditor's opinion refers to another auditor's report.
* The predecessor auditor's report is not presented for comparative
financial statements.
* The accounting principles or their method of application materially
changes between periods. (See paragraph 580.20 for a discussion of
consistency.):
* Certain circumstances exist relating to reports on comparative
financial statements. (See AU 508.68-.69 and .72-.74.):
* Supplementary information required by FASAB or OMB has been omitted,
the presentation of such information departs materially from FASAB or
OMB guidelines or is materially inconsistent with information in the
financial statements, the auditor is unable to complete prescribed
procedures concerning such information, or the auditor is unable to
remove substantial doubts about whether the supplementary information
conforms to FASAB or OMB guidelines. (See AU 558 for guidance on
required supplementary information.):
* There is substantial doubt about the entity's ability to continue to
carry out its mission without substantial additional resources or
changes in operations (see AU 341).
.27:
An explanatory paragraph may also be added to emphasize a matter, such
as significant transactions with related parties, as discussed in AU
508.19. Also, although not required, an explanatory paragraph may be
added when the financial statements are affected by uncertainties
concerning future events whose outcome cannot be reasonably estimated
as of the report date. (See paragraph 580.19 for a discussion of
uncertainties.):
Qualified Opinion:
.28:
A qualified opinion states that except for the effects of the matter to
which the qualification relates, the financial statements present
fairly, in all material respects, the assets, liabilities, net
position, net costs, changes in net position, budgetary resources,
reconciliation of net costs with budgetary obligations, and custodial
activities (if applicable) in conformity with GAAP. Guidance on
qualified opinions is provided in various paragraphs of AU 508.
.29:
The following situations may require a qualified opinion, as discussed
in AU 508.20:
* The audit scope is limited (see paragraphs 580.14-.18.):
* Based on the audit results, the auditor believes that a departure
from GAAP had a material effect on the financial statements but has
decided not to express an adverse opinion (see paragraph 580.22).
AU 508.21 provides guidance on qualified opinions. Section 595 B
provides guidance on specific report modifications for qualified
opinions.
Adverse Opinion:
.30:
An adverse opinion states that the financial statements do not fairly
present the assets, liabilities, net position, net costs, changes in
net position, budgetary resources, reconciliation of net costs with
budgetary obligations, or custodial activities (if applicable) in
conformity with generally accepted accounting principles. This type of
opinion is expressed on the financial statements taken as a whole when
there are material departures from GAAP as discussed in paragraph
580.22. Guidance on adverse opinions is provided in AU 508.58-.60.
Section 595 B provides specific report modifications for adverse
opinions.
Disclaimer Report:
.31:
In a disclaimer report, the auditor does not express an opinion on the
financial statements. A disclaimer report is appropriate when the audit
scope is not sufficient to enable the auditor to express such an
opinion, as discussed in paragraphs 580.14-.18, or when there are
material uncertainties involving a scope limitation, as discussed in
paragraph 580.19. AU 508.61-.63 provides guidance on issuing disclaimer
reports. The reasons that caused the auditor to disclaim an opinion
should be described in the significant matters section of the report
following the guidance in AU 508.25-.26. Specific guidance on the
wording of disclaimer reports is included in section 595 B.
INTERNAL CONTROL:
.32:
Federal financial auditors may take one of two different approaches to
reporting on internal control: (1) management provides an assertion
about the effectiveness of its internal control and the auditor
expresses an opinion on internal control (see paragraphs 580.38-
.48)[Footnote 2] or (2) the auditor reports weaknesses found but does
not give an opinion (see paragraphs 580.49-.50). (OMB audit guidance
requires management to include representations about internal control
in the management representation letter in either case.) GAO auditors
generally express an opinion on internal control. In either case, the
auditor considers whether internal control is sufficient to meet the
following control objectives insofar as those objectives pertain to
preventing or detecting misstatements, losses, or noncompliance that
would be material in relation to the financial statements:
* Reliability of financial reporting--transactions are properly
recorded, processed, and summarized to permit the preparation of the
financial statements and RSSI in accordance with GAAP, and assets are
safeguarded against loss from unauthorized acquisition, use, or
disposition.
* Compliance with applicable laws and regulations--transactions are
executed in accordance with laws governing the use of budget authority
and other laws and regulations that could have a direct and material
effect on the financial statements or RSSI and any other laws,
regulations, and governmentwide policies identified by OMB in its audit
guidance.
The auditor also should report any reportable conditions detected in
performance measures controls but does not need to express an opinion
on whether internal control is sufficient to meet the objective that
data supporting performance measures are properly recorded, processed,
and summarized to permit preparation of performance information in
accordance with criteria stated by management.
Classifying Control Weaknesses:
.33:
The following definitions and guidelines should be used for classifying
internal control weaknesses:
* A material weakness is a reportable condition (see below) in which
the design or operation of one or more of the internal control
components does not reduce to a relatively low level the risk that
misstatements, whether caused by errors or fraud, losses, or
noncompliance in amounts that would be material in relation to the
financial statements, RSSI, or a performance measure or aggregation of
related performance measures may occur and not be detected within a
timely period by employees in the normal course of their assigned
duties.[Footnote 3]
* Reportable conditions are matters coming to the auditor's attention
that in the auditor's judgment, should be communicated because they
represent significant deficiencies in the design or operation of
internal control, which could adversely affect the entity's ability to
meet the internal control objectives described in the report.
.34:
The auditor should consider whether reportable conditions, in
combination, result in material weaknesses. If so, the auditor should
consider them to be material weaknesses in concluding as to the
effectiveness of internal control and reporting findings, as discussed
in paragraphs 580.42-.48 and 580.51-.58. Additional guidance on
classification of internal control weaknesses is provided in AU 325.
.35:
OMB has provided guidance, supplementing Circulars A-123 (June 21,
1995) and A-127 (July 23, 1993 and revisions in Transmittal Memorandum
No. 2, dated June 10, 1999), on materiality for reporting matters under
FMFIA. The term "material weakness" as used by OMB in this guidance
(FMFIA material weakness) is different from the above definition.
Management and the auditor should evaluate the material weaknesses
reported under FMFIA to determine whether they meet the auditor's
definitions of material weakness and reportable condition for reporting
as part of management's assertion about the effectiveness of internal
control (see paragraph 580.33).
.36:
According to OMB criteria, an internal control weakness is an FMFIA
material weakness under A-123 if it is significant enough to be
reported outside the agency, as determined by the agency head (that is,
included in the annual Integrity Act report to the President and the
Congress).
.37:
According to OMB criteria (A-127), nonconformance of entity budget or
accounting information and financial systems is material for FMFIA
reporting under A-123 if it is material, as judged by the agency head,
when weighed against other agency deficiencies.
Opinion on Internal Control:
.38:
The auditor's evaluation of the entity's internal control and the
results of other audit procedures form the basis for the auditor's
opinion on internal control. The opinion may be unqualified,
unqualified with reference to reportable conditions, qualified, or
adverse. Additionally, there may be restrictions on the scope of the
procedures that result in a qualified opinion or a disclaimer report
(see paragraphs 580.39-.49). The auditor should communicate any
identified internal control weaknesses (including weaknesses in
operations controls), as discussed in paragraphs 580.51-.58, and
consider the effects of such weaknesses on other reports prepared by
the entity (paragraph 580.60).
Scope of Procedures:
.39:
To express an unqualified opinion on internal control, the auditor must
have an assertion from management about the effectiveness of internal
control and must be able to perform all of the procedures considered
necessary, as described in sections 300 and 450. If there is a
restriction on the scope of the audit (i.e., not all of these
procedures can be performed), the auditor may need to qualify or
disclaim the opinion on internal control. Scope restrictions may be
imposed by the entity or may be due to other circumstances. The
decision of whether to qualify or disclaim an opinion is a matter of
the auditor's judgment regarding the importance of the omitted
procedures to forming an opinion on internal control. However, if a
significant scope restriction is imposed by the entity, the auditor
should disclaim an opinion.
.40:
When determining the severity of a scope limitation on internal
control, the auditor should consider the control objectives listed in
the report--financial reporting, including safeguarding assets, and
compliance with laws and regulations. If the scope of work on internal
control relevant to one of these objectives is limited, the auditor may
need to qualify or disclaim the opinion on internal control regarding
that objective. Also, the auditor should determine whether that
limitation affects his/her ability to opine on the other objective. If
a scope limitation is encountered for a control objective, the auditor
should exercise judgment in determining if it is appropriate to give an
unqualified opinion on internal control over either objective. In the
case of a scope limitation, the auditor should review the guidance in
AT 501.59-.62 (SSAE 10, paragraphs 5.59-.62) and consult with the
Reviewer to determine the appropriate type of opinion. Section 595 B
contains example language for situations in which (1) the auditor is
satisfied that the scope limitation affects only one control objective
and that it is considered appropriate to give an opinion on internal
control over the other objective and (2) the auditor believes a
disclaimer report on internal control, as a whole, is appropriate due
to a scope limitation.
.41:
If the auditor has determined that an opinion can be expressed on one
or both of the control objectives, the type of opinion to be given
depends on whether any internal control weaknesses are identified and
the significance of such weaknesses. In concluding as to the
effectiveness of internal control, weaknesses should be categorized, in
order of decreasing significance, as (1) material weaknesses, (2)
reportable conditions that are not considered to be material weaknesses
(other reportable conditions), and (3) other weaknesses less
significant than reportable conditions (other weaknesses). Each of
these types of weaknesses and its effects on the auditor's conclusion
on internal control is discussed below. If no material weaknesses or
other reportable conditions are identified, the auditor concludes that
internal control is effective in meeting the control objectives.
Effects of Control Weaknesses on the Auditor's Conclusion as to the
Effectiveness of Internal Control:
.42:
Based on the types of weaknesses noted, the auditor should conclude as
to the effectiveness of internal control as of the end of the audit
period, as discussed in paragraphs 580.43-.47. Management also
concludes as to the effectiveness of internal control in deciding what
assertion to make.
Material weaknesses:
.43:
If material weaknesses exist at the end of the audit period, the
auditor should conclude that the entity's internal control is
ineffective or effective "except for" the weakness for the control
objective(s) that the weakness affects. The existence of a material
weakness precludes a conclusion that internal control is effective for
that objective. If a material weakness relates only to one control
objective, the auditor should determine whether internal control is
effective in achieving the other control objective. The auditor should
exercise judgment when concluding that the effects of a material
weakness are isolated to one control objective.
.44:
The auditor also should exercise judgment in deciding whether it is
appropriate in the circumstances to conclude that "except for" a
material weakness, internal control is effective for the objective.
Management should exercise judgment in deciding what assertion to make
about the effectiveness of internal control. By definition, a material
weakness is a very significant condition (see paragraph 580.33) that
could allow misstatements, losses, or noncompliance of such a magnitude
that the judgment of a reasonable person relying on the information
would have been changed or influenced. If, after careful consideration,
the auditor determines that although a material weakness, the weakness
is not severe enough to judge that internal control for that objective
is ineffective, he or she may conclude that internal control for that
objective is effective "except for" the material weakness. However, if
the auditor determines that the material weakness(es) is(are)
significant enough that he or she cannot judge internal control to be
effective for that objective, even "except for" the material
weakness(es), he or she should conclude that internal control is
ineffective for that objective. Factors the auditor should consider in
deciding whether an "except for" conclusion is appropriate are:
* whether there is a single material weakness related to the objective
or several,
* whether the material weakness relates to ancillary areas that are
less significant or to one of the more significant aspects of the
entity, and
* whether the material weakness is limited to one or a few assertions
that are not generally considered the most significant ones related to
the line item or the assertions are quite significant.
.45:
If a material weakness is presented in a report that also includes an
unqualified opinion on the financial statements, a statement should be
added to the unqualified opinion to indicate that material
misstatements may nevertheless occur in other financial information
reported by the entity as a result of the material weakness. Example
report modifications for material weaknesses are provided in section
595 B.
Reportable conditions other than material weaknesses:
.46:
If reportable conditions other than those considered to be,
individually or in combination, material weaknesses exist at the end of
the audit period, the auditor generally may conclude that the controls
are effective in achieving the control objectives. However, the
auditor's report should be revised (see section 595 B) to highlight
that the work performed identified the need to improve certain internal
controls.
Weaknesses that do not meet the criteria for reportable conditions:
.47:
Weaknesses that do not meet the criteria for reportable conditions
(paragraph 580.33) do not affect the auditor's conclusion as to the
effectiveness of internal control. They may be reported in a management
letter or orally.
Type of Opinion:
.48:
As described in paragraphs 580.39-.41, if the auditor is unable to
apply all the audit procedures he or she considers necessary in the
circumstances, a scope limitation exists and the report on internal
control may need to be a qualified opinion or a disclaimer of opinion.
If all the procedures considered necessary were performed, the opinion
may be one of the following.
* If the auditor and management agree as to the effectiveness of
internal control and there are no material weaknesses or other
reportable conditions in internal control, the opinion on internal
control is unqualified (see section 595 A).
* If the auditor and management agree as to the effectiveness of
internal control and there are no material weaknesses in internal
control, but there is(are) other reportable condition(s), the auditor
modifies the report on internal control by stating that internal
control is effective but could be improved and by referring to the
reportable condition(s) (see section 595 B).
* If the auditor and management agree as to the effectiveness of
internal control and there are material weaknesses in internal
control, the auditor modifies the opinion on internal control by (1)
referring to the material weakness(es) noted in management's assertion
(which states that internal control with respect to one or both of the
internal control objectives--financial reporting, including
safeguarding, or compliance--is either effective "except for" the
material weakness (qualified opinion) or ineffective (adverse
opinion)) and (2) describing the material weakness(es). (See section
595 B.):
* If the auditor and management disagree as to the effectiveness of
internal control, either because (1) management does not agree that
material weakness(es) exist or (2) management does not appropriately
modify its assertion about the effectiveness of internal control in
light of the material weakness(es), the auditor's opinion is also
adverse. (The existence of a material weakness precludes management
from asserting that its internal control is effective for that
objective.) Thus, an adverse opinion is appropriate if management
states that internal control is effective "except for" the material
weakness(es) when, in the auditor's judgment, the material weakness(es)
is(are) so severe that internal control is ineffective (see paragraph
580.44 and section 595 B).
The auditor should consult with the Reviewer on the opinion on internal
control, especially in instances where he or she concludes that a
material weakness is isolated to one control objective or that internal
control is effective "except for" a material weakness.
Nonopinion Report:
.49:
If the purpose of the audit is not to render an opinion on internal
control, the auditor should report material weaknesses and other
reportable conditions in internal control, or state that no material
weaknesses were found. (See sections 595 A and/or B.) If, in the
auditor's judgment, material weaknesses were so significant that the
auditor concludes internal control was ineffective for one or more
objectives, he or she may state that conclusion in the report. (See
section 595 B.):
.50:
The AICPA, in SAS No. 87, states that a report on internal control in
which no opinion is issued is a by-product report, a report that
provides a limited degree of assurance about internal control. When no
opinion is issued, the report on internal control is not the primary
objective of the engagement. SAS 87 states that the auditor should
indicate the intended use of the internal control report because of the
potential for misunderstanding related to a by-product report's limited
degree of assurance. Because the distribution of government audit
reports is not restricted, the reports should explain their
limitations. (See section 595 A where, in a footnote explaining changes
for a nonopinion internal control section, the example report cautions
the reader that the internal control testing performed may not be
sufficient for other purposes.):
Where to Report Control Weaknesses:
.51:
The means of communicating weaknesses in internal control depends on
the type of weakness, as discussed in paragraph 580.33. Each type of
weakness is discussed in paragraphs 580.52-.55 below.
Reportable conditions (including material weaknesses):
.52:
If, in the auditor's judgment, a reportable condition is considered to
be a significant matter that should be communicated to the entity head,
OMB, and the Congress, it should be described in the auditor's report.
Any material weakness identified by the auditor should be reported in
this manner. These matters should be included in the significant
matters section of the auditor's report and combined with related
matters to the extent possible as discussed in paragraph 580.06. If
management's assertion about the effectiveness of internal control is
printed with the audit report, the auditor's report should refer to the
discussion of the material weakness (or other reportable condition) in
management's assertion.
.53:
The significant matters section of the auditor's report should be
limited to summarized information. As such, control weaknesses included
in the significant matters section generally should be limited to
providing the reader with an understanding of the nature and extent of
the weakness. If more complete information concerning the weakness is
provided in other reports issued prior to or at the same time as the
auditor's report, a reference to such other reports (such as date and
title or report number) generally should be included in the auditor's
report.
.54:
Reportable conditions not considered to be significant matters
individually, as described in paragraph 580.52, should be listed in the
significant matters section or in the internal control section of the
report. Related weaknesses should be combined. Such weaknesses may be
reported in more detail in a management letter (or other written
communication). The opinion or report on internal control generally
should refer to such letters or communications. To the extent that any
such weaknesses contribute to significant matters, they should be
described in conjunction with the related significant matter.
.55:
The auditor may report weaknesses that do not meet the criteria for
reportable conditions in a management letter (including the elements
that are reported in the management letter as discussed in paragraph
580.57), orally communicate the weakness to an appropriate level of
entity management, or determine that no further consideration is
necessary. The auditor should document any oral communication or the
basis for the decision not to communicate the weakness.
What to Report About Control Weaknesses:
.56:
Control weaknesses identified by the auditor are considered to be
findings. The "yellow book" (paragraph 6.49) describes the four
elements of a finding:
* criteria (what should be),
* condition (what is),
* cause (why the condition occurred), and
* effect (the nature of the possible past or future impact).
.57:
Fully developing each of the four elements of a finding is not always
necessary. The auditor should use judgment in applying the resources to
investigate a control weakness, based on the elements that are to be
reported. For each reportable condition, the minimum extent to which
the elements of a finding should be developed depends on how it is
communicated.
* Reportable conditions reported in the auditor's report: The auditor
should identify at least the criteria, condition, cause, and possible
asserted effect (as to nature, not necessarily amount) to permit
federal officials to determine the effect and to take prompt and proper
corrective action. Each reported finding should include a
recommendation.
* Reportable conditions reported in a management letter: The auditor
should identify at least the condition and the criteria and generally
should identify the possible asserted effect. Also, the auditor should
provide suggestions for improvements. The auditor should consider the
benefits of identifying the cause, which would generally strengthen the
suggested improvement.
In discussing each reportable condition that meets FMFIA reporting
criteria, the auditor should state whether the reportable condition was
identified in the entity's FMFIA report or in the FMFIA report of the
organization of which the entity is a part.
.58:
For weaknesses that do not meet the criteria for reportable conditions,
developing all of the elements of a finding is generally not necessary.
The auditor should apply judgment to limit the resources applied to
investigate this type of control weakness.
Other Considerations:
.59:
To communicate audit findings promptly, the auditor should consider
issuing reports and/or management letters during the audit. In such
instances, the audit report describes significant matters and the
general nature of other reportable conditions (as discussed in
paragraphs 580.52-.54) and refers to such reports and/or management
letters. The reference generally should be sufficient to allow the
reader to request these reports and/or management letters. For example,
titles and dates or accession numbers generally should be included.
.60:
The auditor should consider whether internal control weaknesses,
particularly material weaknesses, could affect information in other
reports generated by the entity for external distribution or internal
decision-making. The auditor should make inquiries and consider other
knowledge obtained during the audit concerning use of reports affected
by the weaknesses. The auditor should determine, based on his/her
judgment, whether such reports are significant and likely to contain
inaccuracies as a result of such control weaknesses that would likely
influence the judgment of the report users. If so, the auditor
generally should describe, in the auditor's report, the nature of such
reports and the effect of control weaknesses on them. In determining if
such reports are significant, the auditor should consider whether user
judgments or management decisions based on such reports could affect
the entity in amounts that would be material in relation to the
financial statements.
Reporting on management's FMFIA reports:
.61:
In the internal control section of the auditor's report, the auditor
considers whether material weaknesses, other reportable conditions, or
financial management systems' nonconformances identified during the
audit were identified in management's FMFIA report. The auditor should
investigate any material weaknesses, other reportable conditions, or
systems' nonconformances discovered during the audit that were not
included in the entity's FMFIA report or the FMFIA report of the
organization of which the entity is a part. If the auditor found
reportable conditions or systems' nonconformances that should have been
reported under FMFIA (see paragraphs 580.35-.37), he or she should
refer to them and should determine whether management's FMFIA process
has weaknesses that should be reported. Such weaknesses might result
from one of the following problems.
* Management did not initially recognize internal control weaknesses or
systems' nonconformances, perhaps due to a lack of training or
understanding or to limitations in the scope of the FMFIA process. (For
example, certain areas were not reviewed annually or certain types of
controls or systems were not reviewed.):
* Management did not recognize that identified weaknesses were FMFIA
material weaknesses or systems' nonconformances.
* Management relied on controls that the auditor concluded were
ineffective.
* Management failed to report identified weaknesses due to
inappropriate report preparation (perhaps due to errors in aggregating
the internal control weaknesses or systems' nonconformances of
branches or agencies).
FINANCIAL MANAGEMENT SYSTEMS:
.62:
FFMIA requires the auditor to report whether the financial management
systems of CFO Act agencies or the components designated by OMB comply
substantially with three federal financial management systems
requirements. These requirements, also required by OMB Circular A-127,
are:
* federal financial management systems requirements, including those
found in the JFMIP functional requirements documents;
* applicable federal accounting standards, which are now recognized as
GAAP (see section 560); and:
* the SGL at the transaction level.
Reporting on Systems' Substantial Compliance with FFMIA Requirements:
.63:
Specific guidance for FFMIA reporting when the auditor determines that
the financial management systems are in substantial compliance with the
three FFMIA requirements will be provided in the future. OMB and GAO
are reviewing this reporting issue and FFMIA implementation generally,
which may result in revision to OMB Bulletin No. 01-02 and additional
guidance in the FAM.
.64:
If the auditor finds lack of substantial compliance with any of the
three requirements, see section 595 B for reporting guidance; the lack
of substantial compliance should be discussed in the significant
matters section of the audit report. Frequently, lack of substantial
compliance is related to material weaknesses or other reportable
conditions in internal control. If so, the discussion should be
combined in the significant matters section to avoid redundancy.
.65:
If the the auditor finds that the entity's systems did not
substantially comply with the requirements, the auditor is required by
FFMIA to identify the entity or organization responsible for the
systems found not to comply; include pertinent facts, including nature
and extent of the noncompliance, areas in which there is substantial
but not full compliance, primary reason or cause, and any relevant
comments from management or responsible employees; and make
recommendations of remedial actions and time frames for implementing
the recommendations. This information also should be included in the
significant matters section and/or a recommendation section, if either
is used.
Scope of Procedures:
.66:
If the auditor is unable to perform all the procedures considered
necessary, as discussed in section 350, the scope of the audit is
restricted. Generally, if the scope of the audit is restricted, such as
due to unavailability of needed information from the system, the
auditor reports that the financial management systems are not in
substantial compliance with FFMIA requirements. Also, if the auditor
concluded the systems were not in substantial compliance with FFMIA
based on limited testing, he or she should report that the work on
FFMIA would not necessarily disclose all instances of lack of
substantial compliance with FFMIA requirements. (See section 595 B.):
COMPLIANCE WITH LAWS AND REGULATIONS:
.67:
The auditor reports on the results of compliance testing and on
compliance matters (including fraud--see section 540) coming to his or
her attention during procedures other than compliance tests. The manner
in which noncompliance is reported depends on the significance of the
noncompliance and whether such noncompliance is material to the
financial statements, as described below. The auditor should consult
with OGC regarding conclusions on the entity's compliance with laws and
regulations.
.68:
The following definitions and guidelines should be used for classifying
noncompliance detected during the audit.
* Reportable noncompliance includes all matters coming to the auditor's
attention except those that in the auditor's judgment, are clearly
inconsequential.
* Material noncompliance is reportable noncompliance in which a failure
to comply with laws or regulations results in misstatements that are
material to the financial statements. Any instances of material
noncompliance should be described in the significant matters section of
the audit report.
.69: Reportable noncompliance, other than material noncompliance,
should be described in the significant matters section of the
auditor's report if, in the auditor's judgment, it is considered to be
a significant matter that should be communicated to the entity head,
OMB, and the Congress. Otherwise, the auditor should list the
reportable noncompliance in the significant matters section or in the
compliance section of the report. Related instances of noncompliance
should be combined. Such noncompliance may be reported in detail in
another report or in the management letter, and that other report or
management letter should be referred to in the auditor's report. To
the extent that any such noncompliance contributes to significant
matters, it should be described in conjunction with the related
significant matter.
.70:
Noncompliance that does not meet the criteria for reportable
noncompliance may be orally communicated to an appropriate level of
entity management, or the auditor may determine that no further
consideration is necessary. The auditor should document any oral
communication in the workpapers.
Reporting on compliance tests:
.71:
The auditor states directly whether any reportable noncompliance was
detected during compliance tests. This type of direct statement is
illustrated in section 595 A for a situation in which the compliance
tests disclosed no reportable noncompliance. If reportable
noncompliance is noted, the statement should be modified as shown in
section 595 B, and the reportable noncompliance should be discussed in
the significant matters section of the auditor's report according to
the guidance in paragraphs 580.69-.70.
.72:
The AICPA, in SAS No. 87, states that a report on compliance with laws
and regulations in which no opinion is issued is a by-product report, a
report that provides a limited degree of assurance about compliance.
When no opinion is issued, the report on compliance is not the primary
objective of the engagement. SAS 87 states that the auditor should
indicate the intended use of the compliance report because of the
potential for misunderstanding related to a by-product report's limited
degree of assurance. Because the distribution of government audit
reports is not restricted, the reports should explain their
limitations. (See section 595 A in the objectives, scope, and
methodology section).
Scope of procedures:
.73:
The auditor should be able to perform all of the procedures considered
necessary to obtain sufficient evidence to report on compliance with
laws and regulations. If the auditor is unable to perform all of the
procedures for each of the significant provisions of laws and
regulations, he or she may be able to report on the laws and
regulations tested; however, the auditor should modify the report to
alert the reader that not all of the laws that were considered
necessary were tested. See section 595 B for report modifications.
.74:
If the scope limitation is so significant that the auditor believes
that any statement could be misleading, he or she may omit it.
Significant scope limitations should be described in the significant
matters section of the auditor's report, and the auditor's report
should be modified as described in section 595 B. The auditor should
also consider the effect of such a scope limitation on the opinion on
the financial statements.
.75:
If weaknesses in compliance controls are identified but no instances of
noncompliance are found during compliance testing, the auditor should
reconsider whether controls or other mitigating factors prevented or
detected instances of noncompliance. If sufficient additional controls
or other mitigating factors are not identified, the auditor should
consult with the Reviewer and OGC concerning the appropriate reporting
of such weaknesses and compliance tests.
OTHER INFORMATION IN THE ACCOUNTABILITY REPORT:
.76:
As discussed in OMB Bulletin, Form and Content of Agency Financial
Statements, certain other information is to be included in the annual
financial statement. This information consists of MD&A (the overview of
the reporting entity), required supplementary information including
RSSI, and other accompanying information.
.77:
GAAP require the reporting of certain RSSI: stewardship property,
plant, and equipment (PP&E) and its condition (reported in units,
including heritage assets, national defense PP&E, and stewardship
land); stewardship investments (including nonfederal physical
property, such as highways; human capital, such as expenditures for
training and education; and research and development); risk-assumed
information (such as pension and deposit insurance projections); and
social insurance information. OMB and GAO, which are responsible for
determining audit scope related to this information, do not require
RSSI to be audited. RSSI presented should be marked "unaudited.":
.78:
As this information is "required supplementary information," the
auditor should apply procedures consistent with AU 558. As discussed in
AU 558, the auditor should compare the consistency of the information
with the financial statements and should discuss the methods of
measurement and presentation with entity officials.
.79:
If there are no material inconsistencies or nonconformance with OMB
guidance that come to the auditor's attention during these or other
audit procedures, the auditor should state this as shown in section 595
A. (Although AU 558.08 requires reporting on the other information only
if material inconsistencies or nonconformances with OMB guidance are
found, OMB audit guidance requires the auditor to report based on AU
551.15.) If material inconsistencies or instances of nonconformance are
noted and are not remedied by the entity, the auditor should describe
these situations in the significant matters section of the auditor's
report and refer to the discussion in the significant matters section
as illustrated in section 595 B.
.80:
The auditor should also consider whether circumstances that resulted in
modification of the auditor's report, such as a scope limitation or
departure from GAAP, also affect this other information and disclose
these effects in the discussion of those circumstances in the
significant matters section of the report as described in section 595
B.
.81:
Following the objectives, scope, and methodology section of the report,
there generally should be a section on agency comments. The auditor
should allow the audited entity to review a draft of the report prior
to issuance and provide either written or oral comments on it to assure
the report is fair, objective, accurate, and complete. Written comments
are generally preferred, especially when the report is sensitive or
controversial, when significant disagreements exist, or when the report
makes wide-ranging recommendations. Oral comments are preferred when
there is a time-critical need to expedite issuance and the auditor has
worked closely with the agency so that it is familiar with the findings
and issues addressed in the draft, which are not expected to cause
disagreements or controversy. If the report is unqualified, the entity
may decide not to comment on it. The auditor should briefly
characterize the overall response to the draft and summarize the major
points made in the comments, whether written or oral, in the final
section of the report. If agency officials concurred with all the
findings, conclusions, and recommendations, the auditor should state
that they concurred, mention actions the agency has agreed to take, and
provide responses the auditor has to those actions. If agency officials
disagree with or have concerns regarding portions of the report, the
auditor should discuss these concerns fully and provide the auditor's
response to them. Written comments generally should be included as an
appendix to the report if they relate to the message.
[End of section]
590 - DOCUMENTATION:
.01:
The auditor should document the nature and extent of work performed in
the reporting phase and the related conclusions. Such documentation
should include:
* evaluation of misstatements,
* inquiries of attorneys,
* subsequent events,
* management representations,
* related party transactions, and
* procedures performed to determine consistency of the other
information in the Accountability Report with the financial statements
and on conformity with OMB guidelines on form and content of financial
statements.
SPECIFIC DOCUMENTATION CONSIDERATIONS:
Audit Summary Memorandum:
.02:
At the completion of the audit, an audit summary memorandum should be
prepared that summarizes the audit results and demonstrates the
adequacy of the audit procedures and the reasonableness of the
conclusions on the financial statements, internal control, substantial
compliance of the financial management systems with the FFMIA
requirements, the entity's compliance with laws and regulations, MD&A
(the overview of the entity), required supplementary information
(including RSSI), and other accompanying information.
.03:
The audit summary memorandum generally should refer to other workpapers
where this information is described in more detail. The memorandum
should briefly summarize and allow the reader to easily refer in the
workpapers to:
* any significant changes from the auditor's original assessment of the
control environment, risk assessment, communication, and monitoring or
inherent or control risks and significant revisions of audit
procedures;
* additional fraud risk factors or other conditions (beyond those
considered in planning--section 260) identified during the audit that
caused the auditor to believe that an additional response was required
and any further response that the auditor concluded was appropriate;
* significant accounting, auditing, or reporting issues;
* any limitations on the audit scope and the auditor's assessment of
whether the audit procedures were adequate to support conclusions on
the financial statements, internal control, the systems' substantial
compliance with FFMIA requirements, compliance with laws and
regulations, MD&A, required supplementary information (including
RSSI), and other accompanying information;
* the auditor's conclusions on whether the audit evidence obtained
supports the conclusions on the financial statements, internal control,
the systems' substantial compliance with FFMIA requirements, compliance
with laws and regulations, MD&A, required supplementary information
(including RSSI), and other accompanying information;
* the auditor's conclusion on whether the audit was done in compliance
with GAGAS, OMB audit guidance, and the GAO/PCIE Financial Audit Manual
and whether the report is appropriate;
* the auditor's conclusion on whether the entity's financial statements
comply with generally accepted accounting principles;
* significant subsequent events, if any;
* the Summary of Unadjusted Misstatements;
* a summary of internal control weaknesses and a comparison of those
the auditor found to the weaknesses reported in management's assertion
about the effectiveness of internal control;
* a summary of instances of lack of substantial compliance with FFMIA
requirements, including areas in which there is substantial but not
full compliance;
* a summary of instances of noncompliance with laws and regulations; and:
* the documentation of overall analytical procedures.
Overall Analytical Procedures:
.04:
The following items should be documented in the workpapers for overall
analytical procedures:
* Data used and sources of data: The documentation on the specific
financial data used for the current-year amounts and the data used for
comparison should include the amounts of the financial items; the dates
or periods covered by the data; whether the data were audited or
unaudited; the persons from whom the data were obtained, if applicable;
and the source of the information (e.g., the general ledger trial
balance, prior-year audit workpapers, or prior-year financial
statements).
* Parameters for identifying significant fluctuations: These parameters
are left to the auditor's judgment.
* Explanations for significant fluctuations and sources of these
explanations: Explanations obtained should be consistent with
corroborating evidence in the workpapers and should be referenced to
this work.
* Auditor's conclusions on the results of the procedures: The auditor's
conclusions on the results of overall analytical procedures generally
should be documented in the reporting phase workpapers.
Considering Weaknesses in Internal Control:
.05:
The basis for considering internal control weaknesses as material
weaknesses, other reportable conditions, or as not reportable, should
be documented in the workpapers. Any oral communications of control
weaknesses that are not included in a written report should be
documented in the workpapers. Procedures performed to determine the
effects of misstatements and weaknesses in internal control on other
reports prepared and used by the entity also should be documented.
Reporting Lack of Substantial Compliance With FFMIA Requirements:
.06:
The basis for considering whether noncompliances with FFMIA
requirements represent lack of substantial compliance should be
documented in the workpapers.
Reporting Instances of Noncompliance:
.07:
The basis for classification of instances of noncompliance as material
noncompliance, other reportable noncompliance, or as not reportable
should be documented in the workpapers. Any oral communications of
noncompliance that are not included in a written report should be
documented in the workpapers.
[End of section]
595 A - EXAMPLE AUDITOR'S REPORT - UNQUALIFIED:
In our audit of [name of entity] for fiscal year [year], we found:
* the financial statements are presented fairly, in all material
respects, in conformity with U.S. generally accepted accounting
principles,
* [entity] had effective internal control over financial reporting
(including safeguarding assets) and compliance with laws and
regulations,[Footnote 4]
* [FFMIA reporting, see note 2 below],[Footnote 5] and:
* no reportable noncompliance with laws and regulations we tested.
The following sections discuss in more detail (1) these conclusions and
our conclusions on Management's Discussion and Analysis and other
supplementary information and (2) the scope of our audit.
Opinion on Financial Statements:
The financial statements including the accompanying notes present
fairly, in all material respects, in conformity with U.S. generally
accepted accounting principles, [name of entity's] assets, liabilities,
and net position; net costs; changes in net position; budgetary
resources; reconciliation of net costs to budgetary obligations; and
custodial activity (if applicable)[Footnote 6] as of September 30, 20XX
and for the year then ended.
Opinion on Internal Control[Footnote 7]
[Entity] maintained, in all material respects, effective internal
control over financial reporting (including safeguarding assets) and
compliance as of [end of fiscal year] that provided reasonable
assurance that misstatements, losses, or noncompliance material in
relation to the financial statements or to stewardship information
would be prevented or detected on a timely basis. Our opinion is based
on criteria established under 31 U.S.C. 3512 (c), (d), the Federal
Managers' Financial Integrity Act, and the Office of Management and
Budget (OMB) Circular A-123, Management Accountability and Control [or
other criteria].
Systems' Compliance With FFMIA Requirements[Footnote 8]
Compliance With Laws and Regulations:
Our tests for compliance with selected provisions of laws and
regulations disclosed no instances of noncompliance that would be
reportable under U.S. generally accepted government auditing standards
or OMB audit guidance. However, the objective of our audit was not to
provide an opinion on overall compliance with laws and regulations.
Accordingly, we do not express such an opinion.
Consistency of Other Information:
Management's Discussion and Analysis, required supplementary
information (including stewardship information), and other
accompanying information contain a wide range of data, some of which
are not directly related to the financial statements. We do not express
an opinion on this information. However, we compared this information
for consistency with the financial statements and discussed the methods
of measurement and presentation with [name of entity] officials. Based
on this limited work, we found no material inconsistencies with the
financial statements or nonconformance with OMB guidance.
Objectives, Scope, and Methodology:
Management is responsible for (1) preparing the financial statements in
conformity with generally accepted accounting principles, (2)
establishing, maintaining, and assessing internal control to provide
reasonable assurance that the broad control objectives of the Federal
Managers' Financial Integrity Act are met, (3) ensuring that [entity's]
financial management systems substantially comply with FFMIA
requirements, and (4) complying with applicable laws and regulations.
We are responsible for obtaining reasonable assurance about whether (1)
the financial statements are presented fairly, in all material
respects, in conformity with generally accepted accounting principles
and (2) management maintained effective internal control, the
objectives of which are the following:[Footnote 9]
* Financial reporting: Transactions are properly recorded, processed,
and summarized to permit the preparation of financial statements and
stewardship information in conformity with generally accepted
accounting principles, and assets are safeguarded against loss from
unauthorized acquisition, use, or disposition.
* Compliance with laws and regulations: Transactions are executed in
accordance with laws governing the use of budget authority and with
other laws and regulations that could have a direct and material effect
on the financial statements and any other laws, regulations, and
governmentwide policies identified by OMB audit guidance.
We are also responsible for[Footnote 10] (1) testing whether [entity's]
financial management systems substantially comply with the three FFMIA
requirements, (2) testing compliance with selected provisions of laws
and regulations that have a direct and material effect on the financial
statements and laws for which OMB audit guidance requires testing, and
(3) performing limited procedures with respect to certain other
information appearing in the Accountability Report.
In order to fulfill these responsibilities, we (1) examined, on a test
basis, evidence supporting the amounts and disclosures in the financial
statements, (2) assessed the accounting principles used and significant
estimates made by management, (3) evaluated the overall presentation of
the financial statements, (4) obtained an understanding of internal
control related to financial reporting (including safeguarding assets),
compliance with laws and regulations (including execution of
transactions in accordance with budget authority), and performance
measures reported in Management's Discussion and Analysis of the
Accountability Report, (5) tested relevant internal controls over
financial reporting, and compliance, and evaluated the design and
operating effectiveness of internal control, (6) considered the process
for evaluating and reporting on internal control and financial
management systems under the Federal Managers' Financial Integrity Act,
(7) tested whether [entity's] financial management systems
substantially complied with the three FFMIA requirements, and (8)
tested compliance with selected provisions of the following laws and
regulations [list laws and regulations].
We did not evaluate all internal controls relevant to operating
objectives as broadly defined by the Federal Managers' Financial
Integrity Act, such as those controls relevant to preparing statistical
reports and ensuring efficient operations. We limited our internal
control testing to controls over financial reporting and compliance.
Because of inherent limitations in internal control, misstatements due
to error or fraud, losses, or noncompliance may nevertheless occur and
not be detected. We also caution that projecting our evaluation to
future periods is subject to the risk that controls may become
inadequate because of changes in conditions or that the degree of
compliance with controls may deteriorate.[Footnote 11]
We did not test compliance with all laws and regulations applicable to
[entity]. We limited our tests of compliance to those laws and
regulations required by OMB audit guidance that we deemed applicable to
the financial statements for the fiscal year ended [date]. We caution
that noncompliance may occur and not be detected by these tests and
that such testing may not be sufficient for other purposes.
We performed our work in accordance with U.S. generally accepted
government auditing standards and OMB audit guidance.
Agency Comments and Our Evaluation:
In commenting on a draft of this report (see appendix x), [entity]
concurred with the facts and conclusions in our report.
[End of section]
595 B - SUGGESTED MODIFICATIONS TO AUDITOR'S REPORT:
This section suggests how to modify each major section of the
unqualified auditor's report on the Accountability Report (annual
financial statement) illustrated in section 595 A for each of the
situations listed below.
Situations relating to the financial statements:
1. Scope limitation resulting in a qualified opinion on the financial
statements: 595 B-3:
2. Scope limitation resulting in a disclaimer of an opinion on the
financial statements: 595 B-3:
3. Uncertainty resulting in the addition of an explanatory paragraph:
595 B-4:
4. Lack of consistency in the application of accounting principles
resulting in the addition of an explanatory paragraph: 595 B-4:
5. Departure from generally accepted accounting principles resulting
in a qualified opinion on the financial statements: 595 B-5:
6. Departure from generally accepted accounting principles resulting
in an adverse opinion on the financial statements: 595 B-5:
Situations relating to internal control:
7. Scope limitation resulting in a disclaimer of opinion on internal
control: 595 B-6:
8. Scope limitation resulting in a qualified opinion on internal
control: 595 B-7:
9. Material weaknesses in internal control: 595 B-9:
10. Reportable conditions (other than material weaknesses) in internal
control: 595 B-12:
11. The purpose was not to give an opinion on internal and other
reportable conditions were found: 595 B-14:
12. The purpose was not to give an opinion on internal control and one
or a few material weaknesses were found: 595 B-16:
13. The purpose was not to give an opinion on internal control and
many material weaknesses were found: 595 B-18:
Situations relating to financial management systems' substantial
compliance with FFMIA requirements:
14. Lack of financial management systems' substantial compliance with
FFMIA requirements: 595 B-20:
Situations relating to compliance with laws and regulations:
15. Scope limitation--some laws and regulations could not be tested:
595 B-21:
16. Scope limitation--all laws and regulations could not be tested--
disclaimer: 595 B-22:
17. Material noncompliance with laws and regulations: 595 B-23:
18. Reportable noncompliance (other than material noncompliance) with
laws and regulations: 595 B-24:
Situations relating to the consistency of other information in the
Accountability Report (management' discussion and analysis (or
overview), required supplementary information (including stewardship
information), and other accompanying information):
19. Material inconsistency between other information and the principal
statements: 595 B-26:
20. Nonconformance of other information with OMB guidance: 595 B-27:
21. Any situation that caused the auditor to modify the report on the
financial statements, internal control, or compliance with laws and
regulations that also affects other information: 595 B-28:
Financial Statements:
Situation: 1. Scope limitation--qualified opinion (see paragraph 580.
14);
Introduction: First bullet: "Evidence about [identify account(s)
affected by the scope limitation] in the financial statements was not
available because of limitations on the scope of our work. Otherwise,
we found the financial statements are presented fairly in conformity
with generally accepted accounting principles”;
Significant Matters (See Note 1): Describe significant limitations on
the scope of the work;
Opinion or Conclusion: "Qualified Opinion on Financial Statements:
"Because of the limitation on the scope of our work described above,
we cannot determine if the financial statements' presentation of
[identify account(s) affected by the scope limitation] is free of
material misstatement. Otherwise, the financial statements including
the accompanying notes present fairly..”
Objectives, Scope, and Methodology: After the last sentence add: "We
considered the limitations on the scope of our work in forming our
conclusions.”
Situation: 2. Scope limitation--disclaimer (see paragraph 580.14);
Introduction: First bullet "We are unable to give an opinion on the
fiscal year [year] financial statements of [name of entity] because of
limitations on the scope of our work. Thus, the financial statements
may be unreliable.";
Significant Matters (See Note 1): Describe scope limitations that
caused the disclaimer of the opinion and conclude with the following
statement: "Because of this limitation on the scope of our work, we
are unable to give an opinion on the financial statements.";
Opinion or Conclusion: "Disclaimer of Opinion on Financial Statements:
"As described above, we are unable to give an opinion on the financial
statements."
Objectives, Scope, and Methodology: Because we did not audit the
financial statements, delete all references to the auditor's
responsibility for auditing the financial statements and how that
responsibility was fulfilled. (See note 2.).
Situation: 3. Uncertainty --explanatory paragraph (see paragraph 580.
19);
Introduction: No changes;
Significant Matters (See Note 1) No changes. (See note 7.)
Opinion on Financial Statements (see note 7) After the opinion,
include an explanatory paragraph describing the uncertainty.
No changes.
Situation: 4. Lack of consistency in the application of accounting
principles--explanatory paragraph (see paragraph 580.20);
Introduction: No changes;
Significant Matters (See Note 1) No changes. (See note 7.)
Opinion on Financial Statements (see note 7) After the opinion,
include an explanatory paragraph explaining the accounting change. For
example "As discussed in Note X to the financial statements, the
entity changed its method of computing depreciation in fiscal year
[year]."
No changes.
Situation: 5. Departure from GAAP--qualified opinion (see paragraph
580.22);
Introduction: First bullet "Entity departed from generally accepted
accounting principles in [identify account(s) affected by the
departure from GAAP]. Otherwise the financial statements are presented
fairly in conformity with generally accepted accounting principles."
Significant Matters (See Note 1): Describe material departures from
GAAP.
Opinion or Conclusion: "Qualified Opinion on Principal Statements
"Except for the departure from U.S. generally accepted accounting
principles described above, the financial statements, including the
accompanying notes, present fairly .."
Objectives, Scope, and Methodology: No changes.
Situation: 6. Departure from GAAP--adverse opinion (see paragraph 580.
22);
Introduction: First bullet "The financial statements are not presented
fairly in conformity with generally accepted accounting principles."
Significant Matters (See Note 1): Describe material departures from
GAAP.
"Adverse Opinion on Financial Statements "Because of the departure
from U.S. generally accepted accounting principles described above,
the financial statements, including the accompanying notes, do not
present fairly .."
No changes.
[End of table]
Internal Control:
Situation: 7. Scope limitation--disclaimer (see paragraph 580.39);
Bullets: Second bullet: "We are unable to give an opinion on internal
control because of limitations on the scope of our work;"
Significant Matters (See Note 1): Describe limitations on the scope of
work that caused the disclaimer of the opinion and conclude with the
following statement "Because of this limitation on the scope of our
work, we are unable to give an opinion on internal control."
Opinion or Conclusion: "Disclaimer of Opinion on Internal Control "As
described above, we are unable to give an opinion on internal control."
Objectives, Scope, and Methodology: Because we did not perform
adequate procedures to give an opinion on internal control, delete all
references to the auditor's responsibility for giving such an opinion
and how that responsibility was fulfilled. (See note 3.).
Situation: 8. Scope limitation on one objective--qualified opinion
(see paragraph 580.39) (continued on next page);
Bullets: Second bullet "We are unable to give an opinion on internal
control over [state objective affected, for example, financial
reporting] because of limitations on the scope of our work. We found
that management had effective internal control over [state objective
not affected, for example, compliance with laws and regulations.]"
Significant Matters (See Note 1): Describe significant limitations on
the scope of the work. This should follow the discussion of a scope
restriction on the audit of the financial statements, if any, and
should conclude with the following statement "Because of this
limitation on the scope of our work, we are unable to give an opinion
on internal control over [state the affected control objective, such
as financial reporting]."
Opinion or Conclusion: "Qualified Opinion on Internal Control "As
described above, we are unable to give an opinion on internal control
over [state control objective affected]. However, we did evaluate
internal control over [list control objective not affected by scope
limitation]."
Objectives, Scope, and Methodology: State the opinion on the other
objective: "[Entity] maintained in all material respects effective
internal control over [list unaffected areas, for example, financial
reporting or compliance] as of [end of fiscal year] that provided
reasonable assurance that [list unaffected areas, for example,
misstatements and losses or noncompliance] material in relation to the
financial statements or to stewardship information would be prevented
or detected on a timely basis. Our opinion is based on.. [continue
with second sentence].
After the last sentence add "We considered the limitations on the
scope of our work in forming our conclusions.".
Situation: 9. Material weakness in internal control relevant to one or
more control objective(s) (see paragraph 580.43) (continued on next
page);
Bullets: Second bullet "[Entity] did not have effective internal
control over [state objective(s) affected, for example, financial
reporting], but had effective internal control over [state objective
not affected, for example, compliance with laws and regulations]."
Significant Matters (See Note 1): Describe material weaknesses in
internal control and include the term "material weakness" in the
description. Indicate whether management in FMFIA reports reported
each weakness. Add the following to address the possible effects of
material weaknesses on other reports "These deficiencies in internal
control may adversely affect any decision by management that is based,
in whole or in part, on information that is inaccurate because of the
deficiencies. Unaudited financial information reported by [name of
entity], including budget information, also may contain misstatements
resulting from these deficiencies."
Opinion or Conclusion: "Adverse Opinion on Internal Control "Because
of the material weakness(es) in internal control described above,
[entity] did not maintain effective internal control over [state
objective(s) affected, for example, financial reporting or compliance]
as of [end of fiscal year], which thus did not provide reasonable
assurance that [state control objective(s) affected, such as
misstatements and losses or noncompliance] material in relation to the
financial statements or to stewardship information would be prevented
or detected on a timely basis." If controls were effective over one
objective, add the following "However, [entity] maintained in all
material respects effective internal control over [state objective not
affected, such as compliance or financial reporting] as of [date of
fiscal year-end] that provided reasonable assurance that [state
appropriate effect(s) such as, noncompliance or misstatements and
losses] material in relation to the financial statements or to
stewardship information would be prevented or detected on a timely
basis." Continue with sentence about the basis of the opinion. Opinion
on Financial Statements If the opinion on financial statements is
unqualified, include the following at the end of the opinion on the
financial statements "However, misstatements may nevertheless occur in
other financial information reported by [name of entity] as a result
of the internal control weakness(es) described above." If the report
also includes reportable conditions other than material weaknesses,
see note 6.
Objectives, Scope, and Methodology: No changes unless both control
objectives are affected by material weakness(es). In that Situation:
delete the sentences of caution on projection of the evaluation of
controls to future periods that begins "Because of inherent
limitations [delete rest of paragraph]..".
Situation: 10. Reportable conditions (other than material weaknesses)
(see paragraph 580.46) (continued on next page);
Bullets: Second bullet "Although internal controls should be improved,
[entity] had effective internal control over.."
Significant Matters (See Note 1): For reportable conditions considered
to be significant matters that should be communicated to the entity
head, OMB, and the Congress (as defined in paragraph 580.52) Describe
the weaknesses and indicate (1) that the weaknesses are not material
weaknesses and (2) whether the weak-nesses were reported by management
in the summary of FMFIA reports. For reportable conditions that are
not considered to be significant matters individually (as defined in
paragraph 580.52) List the weaknesses. Combine related weaknesses.
Opinion or Conclusion: Opinion on Internal Control No change to the
two sentences. Following that, continue "However, our work identified
the need to improve certain internal control, as described above and
in [identify other reports or management letters that discuss these
internal control weaknesses in more detail by reference to date and
GAO document number]. These weaknesses in internal control, although
not considered to be material weaknesses, represent significant
deficiencies in the design or operations of internal control, which
could adversely affect the entity's ability to meet the internal
control objectives listed above or meet OMB criteria for reporting
matters under FMFIA." If reportable conditions are included as
significant matters and the opinion on the financial statements is
unqualified, include the following "In addition, misstatements may
occur in other financial information reported by [name of entity] as a
result of the internal control weakness(es) described above." If the
report also includes material weaknesses, see note 6.
Objectives, Scope, and Methodology: No changes.
Situation: 11. The purpose was not to give an opinion on internal
control and other reportable conditions were found (see paragraph
580.49)
Bullets: Second bullet "No material weaknesses in internal control
over financial reporting (including safeguarding assets) and
compliance and its operation, although internal control should be
improved."
Significant Matters (See Note 1): If reportable conditions considered
to be significant matters that should be communicated to the entity
head, OMB, and the Congress (as defined in paragraph 580.52) were
found Describe the weaknesses and indicate (1) that the weaknesses are
not material weaknesses and (2) whether the weaknesses were reported
by management in the summary of FMFIA reports. If reportable
conditions are not considered to be significant matters individually
(as defined in paragraph 580.52) List the weaknesses. Combine related
weaknesses.
Opinion or Conclusion: "Consideration of Internal Control "We
considered internal control over financial reporting and compliance.
"We do not express an opinion on internal control over financial
reporting and compliance because the purpose of our work was to
determine our procedures for auditing the financial statements and to
comply with OMB audit guidance, not to express an opinion on internal
control. However, our work identified the need to improve certain
internal controls, as described above. These weaknesses in internal
control, although not considered material weaknesses, represent
significant deficiencies in the design or operation of internal
control, which could adversely affect the entity's ability to meet the
internal control objectives listed in the objectives, scope, and
methodology or meet OMB criteria for reporting matters under FMFIA. A
material weakness is a condition in which the design or operation of
one or more of the internal control components does not reduce to a
relatively low level the risk that errors, fraud, or noncompliance in
amounts that would be material to the financial statements may occur
and not be detected promptly by employees in the normal course of
performing their duties. Our internal control work would not
necessarily disclose all material weaknesses."
Objectives, Scope, and Methodology: See note 8.
Situation: 12. The purpose was not to give an opinion on internal
control and one or a few material weaknesses were found (see paragraph
580.49) (continued on next page);
Bullets: Second bullet "Material weakness(es) over [briefly describe
area affected by material weakness(es), for example, reporting
expenditures]."
Significant Matters (See Note 1): Describe material weaknesses found
and include the term "material weakness" in the description. Indicate
whether each weakness was reported by management in FMFIA reports. Add
the following to address the possible effects of material weaknesses
on other reports "These deficiencies in internal control may adversely
affect any decision by management that is based, in whole or in part,
on information that is inaccurate because of the deficiencies.
Unaudited financial information reported by [name of entity],
including budget information, also may contain misstatements resulting
from these deficiencies."
Opinion or Conclusion: "Consideration of Internal Control "We
considered internal control over financial reporting and compliance.
"We do not express an opinion on internal control over financial
reporting and compliance because the purpose of our work was to
determine our procedures for auditing the financial statements and to
comply with OMB audit guidance, not to express an opinion on internal
control. However, we found the material weakness(es) described above.
A material weakness is a condition in which the design or operation of
one or more of the internal control components does not reduce to a
relatively low level the risk that errors, fraud, or noncompliance in
amounts that would be material to the financial statements may occur
and not be detected promptly by employees in the normal course of
performing their duties. Our internal control work would not
necessarily disclose all material weaknesses."
Objectives, Scope, and Methodology: See note 8.
Situation: 13. The purpose was not to give an opinion on internal
control and many material weaknesses were found (see paragraph 580.49)
(continued on next page);
Bullets: Second bullet "Material weaknesses in internal control that
resulted in ineffective controls over [state objectives(s) affected,
for example, financial reporting]."
Significant Matters (See Note 1): Describe material weaknesses found
and include the term "material weakness" in the description. Indicate
whether each weakness was reported by management in FMFIA reports. Add
the following to address the possible effects of material weaknesses
on other reports "These deficiencies in internal control may adversely
affect any decision by management that is based, in whole or in part,
on information that is inaccurate because of the deficiencies.
Unaudited financial information reported by [name of entity],
including budget information, also may contain misstatements
resulting from these deficiencies."
Opinion or Conclusion: "Consideration of Internal Control "We
considered internal control over financial reporting and compliance.
"We do not express an opinion on internal control over financial
reporting and compliance because the purpose of our work was to
determine our procedures for auditing the financial statements and to
comply with OMB audit guidance, not to express an opinion on internal
control. However, we found the material weakness(es) described above,
which resulted in ineffective controls over [state objective(s)
affected, for example, financial reporting]. A material weakness is a
condition in which the design or operation of one or more of the
internal control components does not reduce to a relatively low level
the risk that errors, fraud, or noncompliance in amounts that would be
material to the financial statements may occur and not be detected
promptly by employees in the normal course of performing their duties.
Our internal control work would not necessarily disclose all material
weaknesses."
Objectives, Scope, and Methodology: See note 8.
[End of table]
Financial Management Systems' Substantial Compliance with FFMIA
Requirements:
Situation: 14. Lack of financial management systems' substantial
compliance with FFMIA requirements (see paragraph 580.64);
Bullets: Third bullet "[entity's] financial management systems did not
substantially comply with the requirements of FFMIA."
Significant Matters (See Note 1): Describe instances of lack of
substantial compliance of financial management systems with federal
financial management systems requirements, federal accounting
standards, or the SGL at the transaction level. Indicate whether each
instance was reported by management in FMFIA reports. In addition, as
required by FFMIA, identify the entity or organization responsible for
the systems found not to comply include the nature and extent of the
noncompliance, areas in which there was substantial but not full
compliance, primary reason or cause, and relevant management comments
and make recommendations (in the recommendation section) and set time
frames for implementing recommendations.
Opinion or Conclusion: Systems' Compliance With FFMIA Requirements
"Our work disclosed instances, described above, in which [entity's]
financial management systems did not substantially comply with
[specify the requirements where a lack of substantial compliance was
found, such as federal financial management systems requirements or
the U.S. Government Standard General Ledger at the transaction level]."
See section 595A, footnote 2, re reporting on other requirements.
Objectives, Scope, and Methodology: Add "Our work on FFMIA would not
necessarily disclose all instances of lack of substantial compliance
with FFMIA requirements.".
[End of table]
Compliance with Laws and Regulations:
Situation: 15. Scope limitation --some laws could not be tested (see
paragraph 580.73);
Bullets: Fourth bullet "No reportable noncompliance with laws and
regulations we tested however, we could not test compliance with
certain laws we considered necessary because of limitations on the
scope of our work."
Significant Matters (See Note 1): Describe significant scope
limitations, including a list of the laws not tested.
Opinion or Conclusion: "Compliance With Laws and Regulations "Our
tests for compliance with selected provisions of laws and regulations
disclosed no instances of noncompliance that would be reportable under
U.S. generally accepted government auditing standards or OMB audit
guidance however, as discussed above, we could not test for compliance
with all the laws we considered necessary."
Objectives, Scope, and Methodology: Exclude laws not tested from list
of laws. After the last sentence add "We considered the limitations on
the scope of our work in forming our conclusions."
Situation: 16. Scope limitation --all laws could not be tested--
disclaimer (see paragraph 580.73);
Bullets: Fourth bullet "We were unable to test [entity's] compliance
with laws and regulations because of limitations on the scope of our
work."
Significant Matters (See Note 1): Describe scope limitation. Conclude
with "Because of this limitation on the scope of our work, we were
unable to test [entity's] compliance with laws and regulations."
Opinion or Conclusion: Compliance With Laws and Regulations Omit
statement regarding compliance with laws and regulations. Replace with
"We were unable to test for compliance with the laws we considered
necessary accordingly, we are unable to report on the entity's
compliance with laws and regulations." Omit the last two sentences.
Objectives, Scope, and Methodology: Delete all references to the
auditor's responsibility for testing compliance with laws and
regulations and how that responsibility was fulfilled. (See note 4.).
Situation: 17. Material noncompliance with laws and regulations (see
paragraph 580.68)
Bullets: Fourth bullet "Reportable noncompliance with laws and
regulations we tested."
Significant Matters (See Note 1): Describe the material noncompliance
and place the findings in proper perspective to give readers a basis
for judging the prevalence and consequences of the conditions. Although it is not necessary to use the word "material," a fuller description is necessary than for reportable noncompliance that is not material.
Opinion or Conclusion: Compliance with Laws and Regulations "Except as
noted above, our tests for compliance with the provisions of selected
laws and regulations disclosed no other instances of noncompliance
that would be reportable under U.S. generally accepted government
auditing standards or OMB audit guidance." [Continue paragraph with
last two sentences.]
Objectives, Scope, and Methodology: No changes.
Situation: 18. Reportable noncompliance (other than material
noncompliance)(see paragraph 580.69);
Bullets: Fourth bullet "Reportable noncompliance with laws and
regulations we tested."
Significant Matters (See Note 1): For noncompliance that is considered
to be a significant matter that should be communicated to the entity
head, OMB, and the Congress
Describe the noncompliance. Indicate that the noncompliance is not
material to the financial statements. For reportable noncompliance
that is not considered to be significant List the noncompliance.
Combine related instances of noncompliance.
Opinion or Conclusion: Compliance With Laws and Regulations "Except as
noted above, our tests for compliance with selected provisions of
laws and regulations disclosed no other instances of noncompliance
that would be reportable under U.S. generally accepted government
auditing standards or OMB audit guidance." [Continue paragraph with
last two sentences.]
Objectives, Scope, and Methodology: No changes.
[End of table]
Consistency of Other Information (MD&A (Overview), Required
Supplementary Information (including Stewardship Information), and
Other Accompanying Information):
Situation: 19. Material inconsistency between other information and
financial statements (see paragraph 580.79)
Bullets: No changes.
Significant Matters (See Note 1): Describe material inconsistency.
Opinion or Conclusion: Consistency of other information Omit statement
that we found no material inconsistencies. Add "As discussed above,
the [list type(s) of other information in the Accountability Report
(or annual financial statement)--MD&A (or overview), required
supplementary information (including stewardship information), other
accompanying information--that is not consistent with the financial
statements] is inconsistent with the financial statements." If certain
type(s) of information are consistent, add "Otherwise, we found no
other material inconsistencies with the financial statements and the
[state type(s) of information not affected] or nonconformance with OMB
guidance."
Objectives, Scope, and Methodology: No changes.
Situation: 20. Nonconformance of other information with OMB guidance
(see paragraph 580.79);
Bullets: No changes.
Significant Matters (See Note 1): Describe nonconformance with OMB
guidance.
Opinion or Conclusion: Consistency of other information Omit statement
that we found no nonconformance with OMB guidance. Add "As discussed
above, the [list the type(s) of other information in the
Accountability Report (or annual financial statement)--MD&A (or
overview), required supplementary information, or other accompanying
information--that is not in conformity] does not conform with OMB
guidance." If certain type(s) of other information conforms to OMB
guidance, add "Otherwise, we found no other material inconsistencies
with the financial statements or nonconformance of the [state type(s)
of information not affected] with OMB guidance."
Objectives, Scope, and Methodology: No changes.
Situation: 21. Any Situation: that caused the auditor to modify the
report on the financial statements, internal control, or compliance
with laws and regulations that also affects other information (see
paragraph 580.80)
Bullets: No changes.
Significant Matters (See Note 1): In the discussion of the Situation:
include the effects on the other information in the Accountability
Report.
Opinion or Conclusion: Consistency of other information Omit statement
that we found no inconsistency or nonconformance (or modify to refer
only to unaffected type(s) of other information in the Accountability
Report--MD&A (overview), required supplementary information, or other
accompanying information ) if considered to be misleading in light of
the particular Situation: . Omit statement that we found no
inconsistencies or nonconformance if there is a scope limitation that
resulted in a disclaimer of a report on the financial statements.
Objectives, Scope, and Methodology: If a scope limitation on the work
on the principal statements, internal control, or compliance with laws
and regulations results in the omission of the statement that we found
no inconsistency of other information, delete all references to the
auditor's responsibility for this other information and how we
fulfilled that responsibility. (See note 5.).
[End of table]
Note 1: Significant matters:
If a significant matters section is included in the auditor's report,
add the following statement in quotation marks to the introduction
immediately preceding "The following sections describe..":
"Described below are significant matters considered in performing our
audit and forming our conclusions.":
Note 2: Disclaimer due to a scope limitation on financial statements:
In the "Objectives, Scope and Methodology" section delete the following
words in quotation marks.
We are responsible for obtaining reasonable assurance about whether
"(1)the financial statements are presented fairly, in all material
respects, in conformity with generally accepted accounting principles],
and (2)" [continue with rest of paragraph].
Delete the following:
" (1) examined, on a test basis, evidence supporting the amounts and
disclosures in the financial statements,
(2) assessed the accounting principles used and significant estimates
made by management,
(3) evaluated the overall presentation of the financial statements,":
Add the following words in quotation marks:
We performed our work in accordance with U.S. generally accepted
government auditing standards and OMB audit guidance. "We considered
the limitations on the scope of our work in forming our conclusions.":
Note 3: Disclaimer of opinion on internal control due to a scope
limitation:
In the ":Objectives, Scope, and Methodology" section, delete the
following words in quotations marks:
We are responsible for obtaining reasonable assurance about whether
"(1)" the financial statements are presented fairly, in all material
respects, in conformity with generally accepted accounting principles
"and (2) management maintained effective internal control, the
objectives of which are the following:
* Financial reporting: Transactions are properly recorded, processed,
and summarized to permit the preparation of financial statements and
stewardship information in conformity with generally accepted
accounting principles, and assets are safeguarded against loss from
unauthorized acquisition, use, or disposition.
* Compliance with laws and regulations: Transactions are executed in
accordance with laws governing the use of budget authority and with
other laws and regulations that could have a direct and material effect
on the financial statements and any other laws, regulations, and
governmentwide policies identified by OMB audit guidance." [continue
with rest of paragraph]
Delete the following:
"(4)obtained an understanding of internal control related to financial
reporting (including safeguarding assets), compliance with laws and
regulations (including execution of transactions in accordance with
budget authority), and performance measures reported in Management's
Discussion and Analysis (or the overview) of the Accountability Report;
(5)tested relevant internal controls over financial reporting
(including safeguarding assets), compliance, and evaluated the design
and operating effectiveness of internal control;
(6)considered the process for evaluating and reporting on internal
control and financial management systems under the Federal Managers'
Financial Integrity Act of 1982," ..[continue with rest of paragraph]
"We did not evaluate all internal controls relevant to operating
objectives as broadly defined by FMFIA, such as those controls relevant
to preparing statistical reports and ensuring efficient operations. We
limited our internal control testing to those controls over financial
reporting and compliance. Because of inherent limitations in internal
control, misstatements due to error or fraud, losses, or noncompliance
may nevertheless occur and not be detected. We also caution that
projecting our evaluation to future periods is subject to the risk that
controls may become inadequate because of changes in conditions or that
the degree of compliance with controls may deteriorate.":
Add the following words in quotation marks:
We performed our work in accordance with U.S. generally accepted
government auditing standards and OMB audit guidance. "We considered
the limitations on the scope of our work in forming our conclusions.":
Note 4: Disclaimer of a report on compliance with laws and regulations
due to a scope limitation:
In the objectives, scope and methodology section, delete the following
words in quotation marks:
We are also responsible for "(1)" testing whether [entity's] financial
management systems substantially comply with the three FFMIA
requirements, "(2) testing compliance with selected provisions of laws
and regulations that have a direct and material effect on the financial
statements and laws for which OMB audit guidance requires testing," and
"(3)" performing limited procedures with respect to certain other
information appearing in the Accountability Report.
Delete the following:
"(8)tested compliance with selected provisions of the following laws
and regulations [do not list any laws and regulations].":
Add the following words in quotation marks:
We performed our work in accordance with U.S. generally accepted
government auditing standards and OMB audit guidance. "We considered
the limitations on the scope of our work in forming our conclusions.":
Note 5: Disclaimer of a report on the financial statements, internal
control, or compliance with laws and regulations:
If scope limitations on our work on the financial statements, internal
control, or compliance with laws and regulations result in the omission
of the statement that we found no inconsistency of other information,
delete the following words in quotation marks from the objectives,
scope, and methodology section:
We are also responsible for .. "and (3) performing limited procedures
with respect to certain other information appearing in the
Accountability Report.":
Add the following words in quotation marks:
We performed our work in accordance with U.S. generally accepted
government auditing standards and OMB audit guidance. "We considered
the limitations on the scope of our work in forming our conclusions.":
Note 6: Reporting both material weaknesses and other reportable
conditions in the significant matters section:
If both material weaknesses and other reportable conditions are
included in the significant matters section, the opinion on internal
control should include the changes for material weaknesses first, and
then should continue with an additional paragraph for reportable
conditions that begins "Our work also identified the need to improve
certain internal controls..":
Note 7: Explanatory paragraphs:
Explanatory paragraphs may be included in either the significant
matters section or the opinion section of the report as discussed in
paragraph 580.26.
Note 8:No management assertion about the effectiveness of internal
control:
In the objectives, scope, and methodology section, delete the following
words in quotations marks:
We are responsible for obtaining reasonable assurance about whether
"(1)" the financial statements are presented fairly, in all material
respects, in conformity with generally accepted accounting principles
"and (2) management maintained effective internal control, the
objectives of which are the following:
* Financial reporting: Transactions are properly recorded, processed,
and summarized to permit the preparation of financial statements and
stewardship information in conformity with generally accepted
accounting principles, and assets are safeguarded against loss from
unauthorized acquisition, use, or disposition.
* Compliance with laws and regulations: Transactions are executed in
accordance with laws governing the use of budget authority and with
other laws and regulations that could have a direct and material effect
on the financial statements and any other laws, regulations, and
governmentwide policies identified by OMB audit guidance." ..
[continue with rest of paragraph]
Insert the following words in quotation marks into the sentence
following the objectives:
We are also responsible for "obtaining a sufficient understanding of
internal control over financial reporting and compliance to plan the
audit and for" testing compliance with ..
Add the following sentence at the end of the paragraph that begins, "We
did not evaluate all internal controls..":
"In addition, we caution that our internal control testing may not be
sufficient for other purposes.":
[End of section]
595 C - EXAMPLE SUMMARY OF POSSIBLE ADJUSTMENTS:
[See PDF for image]
[End of table]
[End of section]
595 D - EXAMPLE SUMMARY OF UNADJUSTED MISSTATEMENTS:
.01:
The Summary of Unadjusted Misstatements, as discussed in paragraph
540.09, is used to accumulate known and likely misstatements that are
identified by the auditor but not corrected by the entity in the
principal statements. The source of these unadjusted misstatements is
the Summary of Possible Adjustments (section 595 C).
[See PDF for image]
[End of table]
FOOTNOTES
[1] The auditor may include certain other matters in this section as
discussed in paragraphs 580.26-.27.
[2] If the auditor finds no material weaknesses in internal control,
the auditor may express an opinion on management's assertion, rather
than opining directly on internal control.
[3] This definition is used to determine whether a material weakness
exists. Abbreviated language is used in an opinion report (see section
595 A).
[4] If the auditor does not express an opinion on internal control, the
following should replace the second bullet:
"* no material weaknesses in internal control over financial reporting
(including safeguarding assets) and compliance with laws and
regulations,"
[5] Specific guidance for FFMIA reporting will be provided in the
future. OMB and GAO are reviewing this reporting issue and FFMIA
implementation generally, which may result in revision to OMB Bulletin
No. 01-02 and additional guidance in the FAM.
[6] This list assumes the entity follows GAAP issued by FASAB. If the
entity follows GAAP issued by FASB (government corporations and others
such as the U.S. Postal Service), modify the list accordingly.
[7] If the auditor does not express an opinion on internal control,
this section should be replaced with the following:
"Consideration of Internal Control
"In planning and performing our audit, we considered [entity's]
internal control over financial reporting and compliance. [Here the
auditor should include a footnote stating the objectives of internal
control, which are reasonable assurance that the two bullets in the
objectives, scope, and methodology section are achieved.] We did this
to determine our procedures for auditing the financial statements and
to comply with OMB audit guidance, not to express an opinion on
internal control. Accordingly, we do not express an opinion on internal
control over financial reporting and compliance. However, for the
controls we tested, we found no material weaknesses in internal control
over financial reporting (including safeguarding assets) and
compliance. A material weakness is a condition in which the design or
operation of one or more of the internal control components does not
reduce to a relatively low level the risk that errors, fraud, or
noncompliance in amounts that would be material to the financial
statements may occur and not be detected promptly by employees in the
normal course of performing their duties. Our internal control work
would not necessarily disclose all material weaknesses."
[8] See footnote 2.
[9] If the auditor does not express an opinion on internal control,
delete the numbers in parentheses, put a period after "generally
accepted accounting principles," and delete the rest of the sentence
including the two bullets.
[10] If the auditor does not express an opinion on internal control,
insert the following after the "for," "(1) obtaining a sufficient
understanding of internal control over financial reporting and
compliance to plan the audit," and renumber the following phrases.
[11] If the auditor does not express an opinion on internal control,
add at the end of this paragraph, "In addition, we caution that our
internal control testing may not be sufficient for other purposes."
[End of section]
CONTENTS - PART II - TOOLS:
600: PLANNING AND GENERAL:
601: Introduction to Part II - Tools:
650: Using the Work of Others:
650 A: Summary of Audit Procedures and Documentation for Review of
Other Auditors' Work:
650 B: Example Audit Procedures for Using the Work of Others:
650 C: Example Reports When Using the Work of Others:
660: Agreed-Upon Procedures:
660 A: Example Agreed-Upon Procedures Engagement Letter:
660 B: Example Representation Letter from Responsible Entity on Agreed-
Upon Procedures Engagement:
660 C: Agreed-Upon Procedures Completion Checklist:
660 D: Example Agreed-Upon Procedures Report:
700: INTERNAL CONTROL (See also section 900).
701: Assessing Compliance of Agency Systems with the Federal Financial
Management Improvement Act (FFMIA):
701 A: Example Audit Procedures for Testing Compliance with FFMIA:
701 B: Summary Schedule of Instances of Noncompliance with FFMIA:
800: COMPLIANCE:
801: Reserved:
802: General Compliance Checklist:
803: Antideficiency Act:
804: Reserved:
805: Reserved:
806: Reserved:
807: Reserved:
808: Federal Credit Reform Act of 1990:
809: Provisions Governing Claims of the U.S. Government (31
U.S.C. 3711-3720E) (Including the Debt Collection Improvement Act of
1996) (DCIA):
810: Prompt Payment Act:
811: Reserved:
812: Pay and Allowance System for Civilian Employees, as
Provided Primarily in Chapters 51-59 of Title 31, U.S. Code:
813: Civil Service Retirement Act:
814: Federal Employees Health Benefits Act:
815: Reserved:
816: Federal Employees' Compensation Act:
817: Federal Employees' Retirement System Act of 1986:
900: SUBSTANTIVE TESTING:
901: Reserved:
902: Related Parties, Including Intragovernmental Activity and
Balances:
902 A: Example Account Risk Analysis for Intragovernmental Activity
and Balances:
902 B: Example Specific Control Evaluation for Intragovernmental
Accounts:
902 C: Example Audit Procedures for Intragovernmental and Other
Related Parties' Activity and Balances:
903: Auditing Cost Information:
921: Auditing Fund Balance with Treasury (FBWT):
921 A: Treasury Processes and Reports Related to FBWT Reconciliation:
921 B: Example Account Risk Analysis for Fund Balance with Treasury:
921 C: Example Specific Control Evaluation for Fund Balance with
Treasury:
921 D: Example Audit Procedures for Fund Balance with Treasury:
1000: REPORTING:
1001: Management Representations:
1001 A: Example Management Representation Letter:
1002: Inquiries of Legal Counsel:
1002 A: Example Audit Procedures for Inquiries of Legal Counsel:
1002 B: Example Legal Letter Request:
1002 C: Example Legal Representation Letter:
1002 D: Example Management Summary Schedule:
1003: Financial Statement Audit Completion Checklist:
1004: Checklist for Reports Prepared Under the CFO Act:
1005: Subsequent Events Review:
1006: Reserved: (For Related Parties, see section 902):
[End of section]
SECTION 600:
Planning and General:
601 - INTRODUCTION TO PART II-TOOLS:
.01:
Part II of the GAO/PCIE Financial Audit Manual (FAM) consists of tools
to assist the auditor[Footnote 1] in performing a financial statement
audit. These tools are generally organized according to the phases of
the audit: tools in section 600 deal with the planning phase and
general issues; section 700, the internal control phase; section 800,
compliance; section 900, substantive testing; and section 1000, the
reporting phase.
.02:
Many of the tools in the various sections include activities that would
be performed during other phases of the audit. Thus, the auditor should
refer to the sections in part II early in the audit. For example,
section 701, Assessing Compliance of Agency Systems with the Federal
Financial Management Improvement Act, includes procedures that would be
performed throughout the audit, not just during the internal control
phase, although many of them would be performed then. Also, section
902, Related Parties, Including Intragovernmental Activity and
Balances, has procedures that the auditor may decide to perform in the
planning and internal control phases of the audit as well as during the
testing phase.
.03:
The audit procedures presented in the examples in this and other
sections of part II (tools) of the GAO/PCIE FAM are examples of some of
the audit steps typically performed in each area. They should be used
in conjunction with the appropriate FAM sections. In using these
procedures, the auditor should use judgment to add additional
procedures, delete irrelevant procedures, modify procedures, indicate
the extent and timing of procedures, and change the terminology to that
used by the audited entity. The auditor may integrate these steps with
the audit programs for related line items. For example, tests of
intragovernmental activity and balances (section 902) may be integrated
with tests of accounts receivable and payable, and, to improve
efficiency, the auditor may coordinate those tests with related
nonintragovernmental activity and balances.
[End of section]
650-USING THE WORK OF OTHERS:
.01:
In many audits, the auditor uses the work and reports of other auditors
and specialists. Other auditors include CPA firms, Inspectors General,
state auditors, and internal auditors. Specialists include actuaries
and information systems auditors. The audit organization may contract
with a CPA firm to perform parts of or the entire audit. The audit
organization should use FAM 650 to design and perform appropriate
oversight and other procedures to use the work of other auditors and
specialists. (The audit organization using the work of other auditors
and specialists is referred to below as "the auditor.") This section
provides guidance on using the work of other auditors and specialists
and the nature and extent of procedures the auditor should perform.
.02:
Various professional standards provide guidance in this area. These
standards include AU 543, "Part of Audit Performed by Other Independent
Auditors"; AU 322, "The Auditor's Consideration of the Internal Audit
Function in an Audit of Financial Statements"; AU 336, "Using the Work
of a Specialist";[Footnote 2] and AU 315 (SAS No. 84), "Communication
Between Predecessor and Successor Auditors." These standards have
different requirements depending on whether the other organization is
an independent auditor, an internal auditor, or a specialist.
.03:
The auditor may use the work of other auditors and specialists in
various situations, for example:
* audits by Inspectors General or CPA firms in accordance with the GAO/
PCIE FAM;
* CPA firms or specialists hired to do parts of an audit (for example,
review information systems controls, review actuarial calculations,
test specific accounts);
* single audits or audits of federal funds performed by state auditors
and CPA firms;
* work performed by internal auditors; and:
* internal audit staff who provide direct assistance to the auditor.
.04:
AU 543.13 states: "In some circumstances the principal auditor may
consider it appropriate to participate in discussions regarding the
accounts with management personnel of the component whose financial
statements are being audited by other auditors and/or to make
supplemental tests of such accounts. The determination of the extent of
additional procedures, if any, to be applied rests with the principal
auditor alone in the exercise of his professional judgment and in no
way constitutes a reflection on the adequacy of the other auditor's
work. Because the principal auditor in this case assumes responsibility
for his opinion on the financial statements on which he is reporting
without making reference to the audit performed by the other auditor,
his judgment must govern as to the extent of procedures to be
undertaken.":
.05:
The above paragraph makes clear that the principal auditor exercises
considerable judgment in deciding what procedures are necessary to use
the work of the other auditor. FAM 650 provides guidance in making the
judgments necessary to use the work of others. These judgments include:
* the type of reporting (see paragraphs 650.09-.10),
* the auditor's evaluation of the other auditors' or specialists'
independence and objectivity (see paragraphs 650.11-.24),
* the auditor's evaluation of the other auditors' or specialists'
qualifications (see paragraphs 650.25-.35), and:
* the auditor's determination of the level of review (see paragraphs
650.36-.41).
.06:
The auditor should coordinate with other auditors whose work he or she
wishes to use. In turn, the other auditor should consider the needs of
auditors who plan to use the work being performed so that the judgments
exercised by both auditors could satisfy the needs of both. This is
best done before major work is started. For example, auditors of a
consolidated entity (such as the U.S. government or an entire
department or agency) are likely to plan to use the work of auditors of
subsidiary entities (such as individual departments and agencies or
bureaus and components of a department). This coordination can result
in more economy, efficiency, and effectiveness of government audits in
general and avoid duplication of effort. In addition, the coordination
needs to be ongoing throughout the audit so that the timing needs of
both the auditor and the other auditors are met. The other auditors
should make their audit documentation available for review by the
auditor on an ongoing basis during the audit.
.07:
In this coordination, the auditor should inform the other auditor how
his or her work and report will be used. AU 543.07 indicates that if
the auditor's report will name the other auditor, the auditor should
obtain permission to do so and should present the other auditor's
report together with the principal auditor's report. For CPA firms,
this permission may be obtained through the contracting process. The
auditor also should provide the other auditors a draft of the report as
a courtesy.
.08:
When there is a difference of opinion between the two auditors, the
principal auditor generally should confer with the other auditor to
reach agreement with him or her as to the procedures necessary to
satisfy both auditors' professional judgments. If both auditors are
unable to reach agreement, see paragraphs 650.54 to .56. Section 650 B
contains example audit procedures for using the work of others, which
depend on the judgments made.
TYPES OF REPORTING:
.09:
There are various types of reporting when using the work of other
auditors and specialists. The type of reporting depends on the degree
of responsibility the auditor accepts and the work performed by the
auditor. Factors for the auditor to consider in deciding which type of
reporting to use include the amount of assurance the auditor wishes to
provide, legal requirements, and cost-benefit considerations. The
degree of resources required varies by type of report and generally
increases in the order presented below. The type of reporting should be
decided in planning the job and generally should be discussed with the
other auditors or specialists. In deciding the type of reporting, the
auditor should consider AU 504.03, which states that an auditor is
"associated with financial statements when he has consented to the use
of his name in a report, document, or written communication containing
the statements." (Section 650 C contains examples of wording for two
types of reporting.) The types of reporting are as follows.
a.
No association with report--In this situation, the other auditors' or
specialists' report is provided directly to the auditee and/or to
significant users. The auditor may use this method when the auditor
merely procures the audit but is not acting as "the auditor." For
example, if there is no legal requirement for a separate report by the
auditor, the user does not need a separate report from the auditor, and
a separate report would provide no additional information. When the
auditor is required by law to perform the audit, he or she should not
use this option since he or she is associated with the report.
b.
Auditor transmittal letter--There are two types of transmittal letters,
one expressing no assurance and one expressing negative assurance on
the other auditors' work. For either type, the auditor is associated
with the financial statements as described in AU 504. The fourth
standard of reporting states, (in the last sentence) "where an
auditor's name is associated with financial statements, the report
should contain a clear-cut indication of the character of the auditor's
work, if any, and the degree of responsibility the auditor is taking."
Because the auditor did not perform an audit, the auditor should
disclaim an opinion and should not express concurrence with the other
auditors' opinion. The auditor may use this approach when there is no
legal requirement for the auditor to express an opinion or concurrence
but the auditor is required to or wants to issue a report or letter.
The auditor may expand the letter to highlight certain findings or
information or to indicate that certain procedures were performed. See
example 1 of section 650 C for wording for both types of transmittal
letters.
* Auditor transmittal letter expressing no assurance--For this letter,
the auditor issues a transmittal letter without reviewing the other
auditors' documentation. In these situations, the transmittal should be
clear as to the limitations of the auditor's work. The auditor still
has the responsibility to monitor any contract and meet the
requirements of the IG Act, as amended, CFO Act, and Accountability of
Tax Dollars Act of 2002, if applicable.
* Auditor transmittal letter expressing negative assurance--This letter
indicates that the auditor reviewed the other auditors' or specialists'
report and related documentation and inquired of their representatives
and states that the auditor found no instances where the other auditors
did not comply, in all material respects, with Government Auditing
Standards (GAGAS).
c.
The auditor issues a report that refers to other auditors' reports and
indicates a division of responsibilities--To use this approach, the
auditor has two decisions to make: (1) whether the auditor may serve as
the principal auditor (AU 543.01-.03) and (2) whether the auditor
should refer to the work of the other auditors (AU 543.01-.10). The
auditor should exercise considerable judgment in making these decisions
and should document the basis for the decisions. One consideration the
auditor may use in deciding whether the auditor is the principal
auditor is whether the auditor has sufficient knowledge of the entire
entity, including portions audited by other auditors. Another
consideration is the materiality and importance of the consolidated
assets, liabilities, expenses, revenues, or net position he or she has
not audited. The auditor may issue a report that refers to other
auditors when (1) the other auditors have reported on financial
statements for a component entity that is part of the entity whose
financial statements the auditor is reporting on and (2) the auditor
does not wish to take responsibility for the other auditors' work. (See
AU 543.09 for example wording. This approach may be used only for CPA
firms or for other auditors who are organizationally independent [see
paragraph 650.14]; it may not be used for internal auditors or
specialists.) However, if the reader of the report could question the
basis for the principal auditor issuing the opinion because of the
significant materiality and importance of the portion of the financial
statements audited by the other auditors, the auditor should consider
whether there is a need to issue a report that does not mention the
other auditors' work, which may require additional work (see 650.09 e
below).
d.
The auditor issues a report that expresses concurrence with the other
auditors' report and conclusions--The auditor may use this approach
when other auditors have reported on financial statements and the
auditor needs or wants to provide more assurance than what is provided
by the transmittal letter.[Footnote 3] Expressing concurrence means
that the auditor would have reached the same opinion or conclusion had
he or she done the audit. Therefore, the auditor needs to do the same
level of work as he or she would have done to take responsibility for
the other auditor's work.[Footnote 4] The auditor usually accomplishes
this by (1) reviewing the audit documentation and (2) having
discussions with entity management and/or performing supplemental
tests. See example 2 in section 650 C for report wording. This approach
may be used only for CPA firms or for other auditors who are
organizationally independent (see paragraph 650.14). This report should
not be used for specialists, since AU 336.15 prohibits reference to a
specialist's report unless the auditor issues a qualified or adverse
opinion or a disclaimer of opinion based on the specialist's work. This
approach also should not be used for internal auditors. AU 322.19 notes
that the responsibility to report on the financial statements rests
with the auditor and cannot be shared with internal auditors.[Footnote
5]
e.
The auditor issues a report that does not mention the other auditors'
or specialists' work--In this situation, the auditor issues the report
in section 595 A and/or B (as if no other auditors or specialists were
involved). This means the auditor takes responsibility for the other
auditors' or specialists' work. (See 650.09 c above for a discussion of
principal auditor issues.) The auditor may use this approach when the
other auditors have done part of the audit; the approach also may be
used when the other auditors have done substantially the entire
audit.[Footnote 6] The auditor usually accomplishes this by (1)
reviewing the audit documentation and (2) having discussions with
entity management and/or performing supplemental tests. The auditor
also should use this approach when using the work of specialists and
internal auditors, because professional standards do not permit
referring to specialists' or internal auditors' work (unless, for
specialists, the auditor issues a qualified or adverse opinion or a
disclaimer of opinion based on the specialist's work). GAO uses this
approach in the audit of the consolidated financial statements of the
United States Government.
.10: The following chart presents an overview of the work the auditor
generally should perform for each type of report or letter. "Yes" means
some of that category of work generally should be performed. "No" means
that the category is generally not required for the report or letter.
The extent of work in each category depends on the auditor's judgment.
See paragraph 650.36 for discussion on level of review.
Type of reporting: No association with report (paragraph 650.09 a):
Auditor transmittal letter expressing no assurance (paragraph 650.09
b, first bullet): Evaluate the other auditors' independence and
objectivity (paragraphs 650.11-.24): No[A]; Evaluate the other
auditors' qualifications (paragraphs 650.25-.35): No; Level of Review
(paragraphs 650.36-.42): None; Hold discussions and/or perform
supplemental tests (paragraphs 650.43-.47): No.
Type of reporting: Auditor transmittal letter expressing no assurance
(paragraph 650.09 b, first bullet): Evaluate the other auditors'
independence and objectivity (paragraphs 650.11-.24): Yes; Evaluate
the other auditors' qualifications (paragraphs 650.25-.35): Yes; Level
of Review (paragraphs 650.36-.42): Low or none; Hold discussions and/
or perform supplemental tests (paragraphs 650.43-.47): No.
Type of reporting: Auditor transmittal letter expressing negative
assurance (paragraph 650.09 b, second bullet): Evaluate the other
auditors' independence and objectivity (paragraphs 650.11-.24): Yes;
Evaluate the other auditors' qualifications (paragraphs 650.25-.35):
Yes; Level of Review (paragraphs 650.36-.42): Moderate or low; Hold
discussions and/or perform supplemental tests (paragraphs 650.43-.47):
No.
Type of reporting: Report refers to the other auditors' report and
indicates a division of responsibilities (paragraph 650.09 c):
Evaluate the other auditors' independence and objectivity (paragraphs
650.11-.24): Yes; Evaluate the other auditors' qualifications
(paragraphs 650.25-.35): Yes; Level of Review (paragraphs 650.36-.42):
Low or None; Hold discussions and/or perform supplemental tests
(paragraphs 650.43-.47): No.
Type of reporting: Report concurs with the other auditors' report or
does not mention the other auditors' work (paragraph 650.09 d and e):
Evaluate the other auditors' independence and objectivity (paragraphs
650.11-.24): Yes; Evaluate the other auditors' qualifications
(paragraphs 650.25-.35): Yes; Level of Review (paragraphs 650.36-.42):
High, moderate or low; Hold discussions and/or perform supplemental
tests (paragraphs 650.43-.47): Yes for internal auditors' work
(should include supplemental tests); Yes for auditors' work for high
level of review; No for auditor's work for moderate or low level of
review.
[A] If the auditor contracts with the other auditors, the contracting
process generally will require the auditor to evaluate the other
auditors' independence, objectivity, and qualifications and to monitor
performance under the contract.
[End of table]
EVALUATING THE OTHER AUDITORS' OR SPECIALISTS' INDEPENDENCE AND
OBJECTIVITY:
.11:
Unless the auditor has no association with the report, the auditor
should evaluate the other auditors' or specialists' independence and
objectivity. Where the auditor has previously used the work of the same
other auditors, the auditor generally should update the previous
evaluation. GAGAS 3.11 indicates that audit organizations and
individual auditors should be free from personal and external
impairments to independence, should be organizationally independent,
and should maintain an independent attitude and appearance. The auditor
should first evaluate organizational independence. Different standards
apply to CPA firms, other organizationally independent auditors,
internal auditors, and specialists.
.12:
For CPA firms and specialists, the contracting process is designed to
select a firm that is independent and objective. The statement of work
or request for proposal should ask the firms to represent that they are
independent and objective with respect to the auditee and should
request the firms to describe in their proposals all work, including
nonaudit services, they have done for the auditee in the last several
years (see GAGAS Amendment No. 3, Independence, and Answers to
Independence Questions). The technical evaluation panel should evaluate
whether the nature and extent of this work or other factors cause an
independence or objectivity issue. In this evaluation, the panel may
consider, for example, whether (1) the other auditors will need to
audit their own work or (2) whether the other auditors made management
decisions or performed management functions.
.13:
If possible,[Footnote 7] the auditor should have a role in contracting
for the CPA firm or specialist. When the auditor does not participate
in contracting for the CPA firm or specialist, the auditor generally
should obtain an overview of the contracting process; this generally
should include reading the statement of work or request for proposal
and the proposal of the firm selected, and understanding the
evaluations of the panel selecting the firm. The auditor should
determine whether the firm provided a representation as to independence
and objectivity (usually in its proposal). If the firm has not provided
a representation as to independence and objectivity, the auditor should
obtain a representation from the firm. If the auditor is not familiar
with the firm, the auditor should inquire of professional organizations
(such as the American Institute of Certified Public Accountants or the
Public Company Accounting Oversight Board established by the Sarbanes-
Oxley Act of 2002) as to the firm's professional reputation and
standing.
.14:
For government auditors, the auditor should decide whether the other
audit organization is organizationally independent to report externally
or whether it should be considered an internal audit organization. The
auditor may refer to the work of organizationally independent
government auditors but should not refer to the work of internal audit
organizations in the audit report; generally more extensive review and
supervision are necessary when dealing with internal auditors. The
auditor should obtain written representations from the head of the
government audit organization that to the best of his or her knowledge,
the organization and the individual auditors doing the work are
independent of the entity being audited. This means that the individual
auditors are free of personal impairments to independence and maintain
an independent attitude and appearance; it also means that the
organization is free from external impairments and is organizationally
independent (see GAGAS 3.11). The representation letter may indicate
the general criteria for determining independence, such as "under the
criteria in GAGAS." The representations should be for the period of the
financial statements to the date of the other auditors' report. Since
the decision on the independence and objectivity of the other auditors
is needed to plan the auditor's work, the auditor generally should
obtain oral representations early in the audit, with written
representations at the end of the audit.[Footnote 8]
.15:
Government auditors may be presumed to be free from organizational
impairments to independence when reporting externally to third parties
if their audit organization is organizationally independent of the
audited entity. Government audit organizations may meet the requirement
for organizational independence in a number of ways. There is a
presumption that a government audit organization is organizationally
independent (GAGAS 3.30.1) if the audit organization is:
a. "assigned to a level of government other than the one to which the
audited entity is assigned (federal, state, or local), for example, a
federal auditor auditing a state government program, or:
b. "assigned to a different branch of government within the same level
of government as the audited entity, for example, a legislative auditor
auditing an executive branch program.":
.16:
There is also a presumption of organizational independence if the head
of the audit organization (GAGAS 3.30.2) meets one of the following:
a. "is directly elected by voters of the jurisdiction being audited,
b. "is elected or appointed by a legislative body, subject to removal
by a legislative body, and reports the results of audits to and is
accountable to a legislative body,
c. "is appointed by someone other than a legislative body, so long as
the appointment is confirmed by a legislative body and removal from the
position is subject to oversight or approval by a legislative body, and
reports the results of audits to and is accountable to a legislative
body, or:
d. "is appointed by, accountable to, reports to, and can only be
removed by a statutorily created governing body, the majority of whose
members are independently elected or appointed and come from outside
the organization being audited.":
.17:
If the other audit organization or its head meets one of the above
criteria, the auditor need not perform any procedures concerning
organizational independence other than to obtain a representation
letter from the head of the audit organization as noted in paragraph
650.14 (see paragraph 650.23 for tests of personal independence).
However, if the auditor encounters evidence that the audit organization
might not be organizationally independent, the auditor should consider
the need for inquiries and other procedures; the auditor should then
evaluate the results of these procedures.
.18:
In addition to the presumptive criteria, GAGAS recognize that there may
be other organizational structures under which a government audit
organization could be free from organizational impairments. These other
structures should provide sufficient safeguards to prevent the audited
entity from interfering with the audit organization's ability to
perform the work and report the results impartially. For the audit
organization to be considered free from organizational impairments to
report externally under a structure different from the ones listed
above, the audit organization (GAGAS 3.30.3) should have all of the
following safeguards:
a. "statutory protections that prevent the abolishment of the audit
organization by the audited entity,
b. "statutory protections that require that if the head of the audit
organization is removed from office, the head of the agency should
report this fact and the reasons for the removal to the legislative
body,
c. "statutory protections that prevent the audited entity from
interfering with the initiation, scope, timing, and completion of any
audit,
d. "statutory protections that prevent the audited entity from
interfering with the reporting on any audit, including the findings,
conclusions, and recommendations, or the manner, means, or timing of
the audit organization's reports,
e. "statutory protections that require the audit organization to
report to a legislative body or other independent governing body on a
recurring basis,
f. "statutory protections that give the audit organization sole
authority over the selection, retention, and dismissal of its staff,
and:
g. "statutory access to records and documents that relate to the
agency, program, or function being audited.":
.19:
If the head of the audit organization concludes that the organization
has all the safeguards listed above, the audit organization may be
considered free from organizational impairments to independence when
reporting externally. The audit organization should document the
statutory provisions in place that provide these safeguards. The
external quality assurance reviewer will review these provisions to
determine whether the necessary safeguards are present.
.20:
The auditor using the work of other auditors who meets these
requirements should request a representation letter (see paragraph
650.14) from the head of the audit organization; the auditor should
review the above documentation and discuss it with the head of the
audit organization. He or she also may discuss the matter with the
external quality assurance reviewer, legal counsel for the audit
organization, and his or her own legal counsel.
.21:
If the auditor decides that the government audit organization is not
organizationally independent to report externally (either because it
does not meet the criteria in GAGAS or for another reason), the auditor
should determine whether the other auditors are organizationally
independent to report internally. These auditors are internal auditors.
The Institute of Internal Auditors' (IIA) Standards for the
Professional Practice of Internal Auditing defines internal auditing as
"an independent, objective assurance and consulting activity designed
to add value and improve an organization's operations. It helps an
organization accomplish its objectives by bringing a systematic,
disciplined approach to evaluate and improve the effectiveness of risk
management, control, and governance processes." GAGAS contain guidance
on organizational independence for government internal auditors. For
example, internal auditors should be outside the staff or line
management function of the unit under audit. They should report their
results and be accountable to the head or deputy of their agency. IIA
standards require internal auditors to be objective for the activities
they audit. These GAGAS and IIA standards of independence for internal
auditors differ from independence under the AICPA Code of Professional
Conduct or independence for external auditors under GAGAS. The auditor
generally should determine whether the internal auditors whose work is
to be used are independent of the activities they audit. The auditor
also should consider the organizational status of the head of the audit
organization, including (GAGAS 3.30.5) whether the head:
* "is accountable to the head or deputy head of the government entity;
* "is required to report the results of the audit organization's work
to the head or deputy head of the government entity, and:
* "is located organizationally outside the staff or line management
function of the unit under audit.":
.22:
If the auditor concludes that the internal auditors are not independent
under GAGAS and IIA standards, the auditor should treat the work as if
the auditee prepared it. If the auditor concludes that the internal
auditors are independent under GAGAS and IIA standards, the auditor may
use their work to the extent permitted by AU 322. In either case, the
auditor may not issue a report referring to or concurring with the work
of internal auditors.
.23:
In addition to evaluating the other auditors' organizational
independence, the auditor should evaluate whether the audit team has
any personal impairments. For both internal auditors and
organizationally independent government audit organizations, the
auditor generally should ask how the other auditors monitor the
personal independence of individual staff members, especially those
doing the work the auditor would like to use.
.24:
The auditor should document the work performed and the conclusions
reached as to independence and objectivity. The documentation should
indicate the auditor's conclusion as to whether the other auditors are
independent and objective and the basis for that conclusion. The
auditor should consult with the Reviewer if there are questions about
the other auditors' independence or objectivity.
EVALUATING THE OTHER AUDITORS' OR SPECIALISTS' QUALIFICATIONS:
.25:
After evaluating the other auditors' or specialists' independence and
objectivity, the auditor should evaluate the other auditors' or
specialists' qualifications to perform the specific tasks required.
This involves evaluating the qualifications of the firm or audit
organization and evaluating the qualifications of the specific audit
team. Where the auditor has previously used the work of the same other
auditors, the auditor generally should update the previous evaluation.
.26:
For CPA firms and specialists, qualifications are generally evaluated
through the contracting process. The firm submits resumes for the audit
team and demonstrates why its team is qualified to do the work. CPA
firms should be asked to submit their latest peer review report (or
inspection report specified by the Public Company Accounting Oversight
Board), letter of comments, and response to the peer review report. The
firm generally submits its plan for doing the work. The purpose of the
technical evaluation panel under the contracting process is to select a
qualified firm.
.27:
Where the auditor did not participate in the contracting process, the
auditor should consider how the qualifications of the firm were
evaluated. For example, did the evaluation panel review resumes of the
team; review the audit approach; and read the peer review report, the
related letter of comments, and the firm's response to the peer review
report? The auditor should read these documents and reach a conclusion
as to qualifications.
.28:
For auditors other than CPA firms, the auditor should ask whether the
audit organization had a peer review and the date of that review. IGs
have peer reviews performed every 3 years by other IGs. Most state
auditors also have peer reviews every 3 years. To comply with GAGAS,
the audit organization should have a peer review every 3 years. The IIA
standards indicate that, "[e]xternal assessments, such as quality
assurance reviews, should be conducted at least once every five years
by a qualified, independent reviewer or review team from outside the
organization.". While reviews under the IIA standard are not designed
to report whether the audit organization's quality control adheres to
GAGAS, they do provide evidence about whether the work adheres to a
recognized set of professional standards. The auditor should read the
peer review report, the letter of comments, and the audit
organization's response. Where the audit organization has received an
unqualified peer review report recently (usually less than 1 year ago),
further review of the audit organization's qualifications is generally
not required.
.29:
Where the peer review report is not recent, the auditor also should
review the results of the audit organization's internal inspection
program. If the peer review is not recent, the inspection is important
in highlighting new quality control issues. The inspection generally
should include reviews of documentation, interviews of staff members,
and tests of functional areas. Where the inspection is recent (usually
within the past year) and the inspection report is unqualified, further
review of the audit organization's qualifications is generally not
required.
.30:
Where the peer review or inspection report is qualified or adverse, the
auditor should evaluate whether the quality control system has since
been strengthened to allow the auditor to use the other auditors' work.
The auditor may review the organization's action plan for improving
quality controls. Inspection results are helpful in determining whether
quality controls have improved since the peer review. The auditor
should consider the effect of the remaining weaknesses in determining
the nature and extent of procedures the auditor will perform.
.31:
Where the peer review is not recent and there is no inspection program,
the auditor generally should obtain an overview of the important
policies and procedures in the functional areas:
* independence, integrity, and objectivity (see above);
* personnel management (includes recruiting and hiring, advancement,
professional development and training, and assigning personnel to
assignments);
* audit performance (includes supervision and consultation);
* acceptance and continuance of assignments; and:
* monitoring programs.
.32:
This information usually is obtained through interviews of the audit
organization's management and staff and through reading the audit
organization's quality control summary document, if one has been
written. The auditor also may read the organization's manuals and other
guidance for conducting audits.
.33:
In addition to evaluating the audit organization's qualifications, the
auditor also should evaluate the overall qualifications of the other
auditors' team assigned to do the work. Reviewing resumes of key team
members may accomplish this. The auditor should consider the specific
education, training, certifications, and experience of key team
members. In evaluating qualifications, the auditor should consider the
specific role of staff members on the job. When the auditor has
knowledge of qualifications from prior experience with key team
members, the auditor should inquire about experience in the time since
the last audit.
.34:
Where the auditor is not fully satisfied as to the other auditors'
qualifications, the auditor generally should perform a more detailed
review of the documentation and/or perform supplemental tests of key
line items (see paragraph 650.36). The auditor also may help the other
auditors improve future audits.
.35:
If the auditor has significant concerns about the other auditors'
independence, objectivity, or qualifications, the auditor should revise
the audit approach. For example, the auditor may:
* contract with another firm,
* ask the other auditors to substitute more highly qualified or
objective staff members,
* do the audit without using the other auditors' work, treating any
work done by the other auditors as prepared by the auditee,
* divide the work so that the other auditors test the areas where they
are qualified, and the auditor does the rest of the audit, or:
* issue a disclaimer of opinion.
PLANNING THE REVIEW AND TESTING OF THE OTHER AUDITORS' OR SPECIALISTS'
WORK:
After evaluating the other auditors' or specialists' independence,
objectivity, and qualifications, the auditor should develop a written
plan for reviewing and, if necessary, testing the work done. This plan
documents the level of review the auditor believes necessary. The level
of review is high,[Footnote 9] moderate, or low.[Footnote 10] The plan
should be reconsidered as the work progresses. The level of review is a
judgment the auditor makes; this judgment generally should be made for
each material line item and should consider the following factors:
a. The type of report or letter the auditor will issue (less review is
needed for a transmittal letter than for reports in which the auditor
takes responsibility for the other auditors' work). (See paragraph
650.10.):
b. Whether the other auditors issue a disclaimer of opinion because of
a scope limitation (less work is needed to concur with a scope
limitation than to concur with an unqualified opinion). (See paragraph
650.37.):
c. Whether the auditor's report might contain a disclaimer because of a
scope limitation (less work is needed if the auditor's report will
contain a scope limitation). (See paragraph 650.39.):
d. The other auditors' independence, objectivity, and integrity (both
for the audit team and for the other audit organization) including
whether the other audit organization is an independent auditor or an
internal auditor (the level of review increases as independence,
objectivity, and integrity decreases).
e. The other auditors' qualifications to perform the work the auditor
wishes to use (both for the audit team and for the other audit
organization) (the level of review increases as the other auditors'
qualifications decrease).
f. The auditors' prior experience with the other auditors (both for the
audit team and for the other audit organization) (the level of review
decreases as the auditor has favorable experience in working with the
other auditors).
g. The materiality of the line item in relation to the financial
statements the auditor is reporting on, taken as a whole (the level of
review increases as the line item becomes more material).
h. The combined risk (combination of inherent risk and control risk)
and the risk of material fraud for the line item and assertion in the
financial statements the other auditors are auditing (the level of
review increases as the combined risk and the risk of material fraud
increase).
.37:
If the other auditors' work had a scope limitation, this generally
affects the level of review (except for transmittal letters with no
assurance). If the other auditors disclaim an opinion on the financial
statements because of a scope limitation, the auditor should issue a
disclaimer of opinion (unless the financial statements the other
auditors audited are not material to the financial statements the
auditor is auditing). It will not take much review to be satisfied that
the disclaimer is appropriate. Discussions with entity management and/
or supplemental tests are not required in this situation, and the
review of documentation may be limited to summary documentation. Thus,
the level of review is usually low or no review (see footnote 6).
However, the auditor may decide to do additional work to learn about
the entity, to help the other auditor plan future audits, or to help
management correct the causes of the scope limitation.
.38:
If the other auditors' work had a scope limitation that results in a
qualified opinion, this generally needs a moderate or high level of
review to determine whether the other auditors should have disclaimed
an opinion and that the only issues are those relating to the
qualification.
.39:
A scope limitation on the auditor's work that results in a disclaimer
also may affect the level of review. Since the auditor has already
decided that not enough work can be done on the overall financial
statements, no amount of review of the other auditors' work is likely
to change that conclusion. Thus, as in the situation above, discussions
with entity management and/or supplemental tests are not required, the
review of the other auditors' documentation may be limited to summary
documentation, and the level of review is usually low or no review (see
footnote 6). However, the auditor may decide to do additional work to
learn about the entity, to help the other auditor plan future audits,
or to help management correct the causes of the scope limitation.
.40:
A scope limitation on the auditor's work that results in a qualified
opinion needs a similar amount of work as an unqualified opinion.
.41:
Section 650 A illustrates the work that generally should be performed
for each level of review for each significant line item as well as what
to retain in the documentation.
REVIEW OF DOCUMENTATION:
.42: The extent of the auditor's review of the other auditors' or
specialists' documentation depends on the level of review and is a
judgment based on the factors in paragraph 650.36. For the low level of
review, the review of documentation may be limited to key summary
planning and completion documentation. For the moderate level, the
auditor generally should review more of the other auditors' or
specialists' documentation, especially those evidencing important
decisions. For financial statement audits, these include the General
Risk Analysis (GRA) or audit plan or equivalent documents; the Account
Risk Analysis (ARA) (or equivalent documentation) for significant
accounts; the Specific Control Evaluations (SCE) (or equivalent
documentation) for significant applications; the documentation for
high-risk accounts, estimates, and judgments; the analytical
procedures; the audit completion checklist (or equivalent
documentation); the audit summary memorandum; and the summary of
possible adjustments. For the high level of review, the auditor
generally should review all of the items for the moderate level of
review plus the important detailed documentation.
DISCUSSIONS AND/OR SUPPLEMENTAL TESTS WHERE LEVEL OF REVIEW IS HIGH:
.43:
AU 543.13 states: "In some circumstances the principal auditor may
consider it appropriate to participate in discussions regarding the
accounts with management personnel of the component whose financial
statements are being audited by other auditors and/or to make
supplemental tests of such accounts." "In some circumstances" is
interpreted to mean when the level of review is high. Thus, where the
level of review is high, the auditor should (1) review audit
documentation and (2)hold discussions with auditee management and/or
perform tests of original documents. The objective of these additional
procedures is for the auditor to obtain additional evidence about
whether key items are properly handled and well supported. For example,
the auditor generally should discuss key items with auditee management,
especially estimates and judgments; this discussion generally should be
with the other auditors present. The auditor generally should attend
the entrance and exit conferences and other key meetings held by other
auditors or specialists. The auditor should consider that for key items
that are high risk, discussions with management may not provide
sufficient evidence and supplemental tests may need to be performed.
.44:
Supplemental tests may be a selection of the other auditors' work,
additional tests of the accounting records, or both. To perform
supplemental tests, the auditor should have access to the entity's
personnel and their books and records. The auditor may coordinate
access to the entity's personnel and records through the other auditor.
The auditor and the other auditor also may jointly perform parts of a
test, where the sample is planned jointly and the results are evaluated
jointly. Although supplemental tests are usually performed only when
the level of review is high, the auditor may decide to perform
supplemental tests in other situations to learn about the entity, to
help the other auditor plan future audits, or to help management
correct problems.
.45:
Where the other auditor is an internal auditor, the auditor should
perform supplemental tests. Accordingly, for internal auditors,
supplemental tests generally should be of greater scope (see AU
322.26).
.46:
The auditor generally should limit discussions with entity management
and/or supplemental tests to line items that are both high combined
risk and material to the financial statements the auditor is reporting
on, especially in areas involving estimates and judgments or in areas
on which users place extensive reliance. The auditor's supplemental
tests generally should include some items that the other auditor tested
that appear to be exceptions to determine whether they were
appropriately considered in formulating an opinion. The auditor should
consider performing supplemental tests while the other auditors are at
the auditee location and have access to records; this can minimize the
inconvenience to the auditee.
.47:
It is not necessary to perform supplemental tests of the work of
specialists. As indicated in AU 336.12, the auditor should understand
the methods and assumptions used by the specialists, test the data
provided to the specialists (extent of testing is based on risk and
materiality), and evaluate whether the specialists' findings support
the financial statement assertions. If the auditor believes the
findings are unreasonable, the auditor should apply additional
procedures and/or consider the need to obtain another specialist.
SUBSEQUENT EVENTS REVIEW AND DATING OF THE AUDITOR'S REPORT:
.48: The auditor's report should be dated when the auditor completes
fieldwork. If the other auditors' or specialists' report is dated
earlier and the auditor's report does not mention the other auditors'
report or concurs with the other auditors' report (example 2 of section
650 C), the subsequent events review should be updated to the date of
the auditor's report. The auditor may ask the other auditors to update
the subsequent events work to the required date, or the auditor may
update the subsequent events review. Since this requires additional
work, the auditor should attempt to complete fieldwork when the other
auditors complete fieldwork. This issue should be considered in
planning. It is not necessary to update the subsequent events review
when the auditor issues a transmittal letter (example 1 of section 650
C).
STAFFING THE REVIEW OF THE OTHER AUDITORS' OR SPECIALISTS' WORK:
.49:
When staffing the review, the auditor should consider that the other
auditors or specialists may already have reviewed the work at several
levels. The auditor's staff reviewing the work generally should have
enough experience in financial statement auditing to understand the
judgments that need to be made and to interact with the higher levels
of the other audit organization. Most of the review generally should be
done by or under the direction of an assistant director or a manager
who has significant experience in performing and reviewing financial
statement audit work. Supplemental tests may be done by less
experienced staff members and supervised by an assistant director or an
experienced audit manager. Primary review of the experienced audit
manager's or assistant director's documentation should be performed by
the audit director or an assistant director designated by the audit
director. However, the assistant director or audit manager should
review the documentation of supplemental tests performed by the less
experienced staff members. Because of the high level of financial
statement auditing experience of staff members doing and reviewing this
work, secondary review should be performed only in very high-risk
situations.
.50:
When the other auditors' work involves the review of computer controls,
an information systems auditor in a management role generally should do
the auditor's review. An audit assistant director should review the
information systems auditor's documentation to determine that related
audit objectives were achieved.
EVALUATING THE WORK:
.51:
After the auditor has completed the review of the other auditors' work,
and, if necessary, the supplemental testing, the auditor should
determine whether the work is sufficient and acceptable for the
auditors' use. The auditor should summarize the evaluation in the audit
summary memorandum.
.52:
Sometimes, the other auditors use methodologies or audit approaches
that are different from those the auditor would have used. The auditor
should recognize that auditing requires a great deal of professional
judgment and that there often are alternative ways to achieve audit
objectives. Thus, the auditor should first understand the basis for the
nature, timing, and extent of the other auditors' procedures. The
auditor should evaluate whether sufficient evidence has been obtained
to meet the auditor's objectives; usually the auditor should consider
materiality and combined risk for the particular line item in this
evaluation. If the auditor has concerns about whether the other
auditors' work provides sufficient evidence, the auditor should discuss
the matter with the audit director and the Reviewer before formally
discussing the issue with the other auditors.
.53:
The auditor should consider the significance of the test results to the
audit of the financial statements the auditor is reporting on. As an
example, the other auditors might have selected a nonstatistical sample
and/or the sample size might be smaller than the sample size the
auditor would have selected. The auditor might decide that this
provides sufficient evidence in an area that is less material or is not
risky. However, if the area is material or risk is high, the auditor
might conclude that sufficient evidence has not been obtained and that
additional work is needed. In this case, after consulting with the
audit director and the Reviewer, the auditor generally should either
ask the other auditors to perform additional tests or perform the
additional tests; if the additional testing is not done, the auditor
should consider the effect of this scope limitation on the auditor's
report. Since reaching this conclusion after the work is performed is
inefficient, when the level of review is high, the auditor generally
should coordinate or concur with major planning decisions before audit
work is started.
.54:
Sometimes, the auditor may disagree with the conclusions or judgments
of the other auditors. In this case, the auditor should consider the
other auditors' work as well as any other evidence necessary to
determine the appropriate conclusion.
.55:
The auditor should then discuss the issue with the other auditors to
attempt to resolve the disagreement. It is important to attempt to
resolve disagreements to reduce confusion that may arise from differing
auditor views. In planning the audit, the auditor should try to
identify potential disagreements early. Once identified, the auditor
should discuss the issues with the other auditors as early as possible
so that they can be resolved timely.
.56:
If the auditor does not reach agreement with the other auditors, the
auditor should consider how to report. For very material disagreements,
the auditor may decide not to transmit the other auditors' report,
instead issuing a disclaimer of opinion due to a scope limitation or
doing additional work, if necessary, to issue an appropriate opinion.
In less material disagreements, the auditor may transmit the other
auditors' report, issue the transmittal letter or report, and describe
the disagreement and the basis for the auditor's conclusions.
DOCUMENTING THE REVIEW OF OTHER AUDITORS' OR SPECIALISTS' WORK:
.57:
Regardless of the type of reporting or the level of review, the
auditor's documentation should contain the items listed in section 650
A under "documentation.":
.58:
In addition, where the auditor performs supplemental tests of the
accounting records, the auditor's documentation should contain a
description of the work (this may be a list of the documents the
auditor examined or tick marks on a copy of the other auditors'
documentation if that is the basis for the selection) and the auditor's
conclusion. It is not necessary to retain copies of the documents
examined.
.59:
It is important to distinguish between the auditor's responsibilities
to review the documentation of other auditors versus what the auditor
might copy and retain from that documentation. The auditor should use
judgment in deciding which of the other auditors' or specialists'
documents to copy and retain. Copies of documents readily available
from the other auditors or the auditee (such as invoices and contracts)
need not be retained. Section 650 A indicates what documentation the
auditor generally should retain.
.60:
The auditor may decide to retain other documentation if it might be
useful in understanding the entity, training staff members, planning
future audits, reviewing the documentation, or writing the report.
Documentation in this category includes the entity profile (or
equivalent), the general risk analysis or audit plan, the audit
programs, the ARA and SCE forms (or equivalent), the trial balance or
lead schedules, the management representation letter, and the attorney
representation letter. Auditors often find it helpful to keep copies of
documents in case questions are raised in review but not to include
those copies in the documentation unless they are needed to document
the work performed. Documents should not be retained if they are no
longer needed. The audit plan or audit program may indicate which
documents to retain.
USING INTERNAL AUDIT STAFF TO PROVIDE DIRECT ASSISTANCE TO THE AUDITOR:
.61:
Sometimes the auditor or the auditee requests that internal auditors
provide direct assistance to the auditor. Before this is done, the
auditor should be satisfied with the independence, objectivity, and
qualifications of the staff assigned to do the work requested. AU
322.27 indicates that in these situations "the auditor should inform
the internal auditors of their responsibilities, the objectives of the
procedures they are to perform, and matters that may affect the nature,
timing, and extent of procedures.. The auditor should also inform the
internal auditors that all significant accounting and auditing issues
identified during the audit should be brought to the auditor's
attention." The auditor should direct, review, test, and evaluate the
work done by internal auditors to the extent appropriate based on the
auditor's evaluation of risk, materiality, objectivity, and
qualifications.
USING AGENCY SPECIALISTS:
.62:
Many agencies have actuaries, security specialists, statistical
specialists, and other specialists whose work the auditor would like to
use. Unless these specialists are part of an organization that is
organizationally independent or under contract to such an organization,
the auditor should evaluate their work as the work of any auditee
employee. The auditor generally should use specialists in the audit
organization or contract for outside specialists to develop and
implement appropriate tests.
MULTIPLE LEVELS OF OTHER AUDITORS:
.63:
Sometimes there are several levels of other auditors. For example, the
IG might hire a CPA firm to do an audit. The IG may issue a report
concurring with the CPA's report or a letter transmitting the CPA's
report; GAO may then use the work of the IG.
.64:
In these situations, each audit organization should follow the guidance
in section 650. The IG should evaluate the independence (see paragraphs
650.11-. 24) and qualifications of the other auditors (see paragraphs
650.25-. 35), should review the audit documentation (see paragraph
650.42), and may need to have discussions with entity management and/or
perform supplemental tests of key accounts (see paragraphs 650.43-. 47)
(depending on the level of review deemed appropriate). GAO should
evaluate the qualifications of the IG organization (by reading the peer
review report, the letter of comments, and the audit organization's
response as described in paragraph 650.25) and the team doing the
monitoring, should review the IG's documentation, and may perform
supplemental tests. When GAO finds that the IG has done and documented
adequate work including discussions with management and/or supplemental
tests, GAO's discussions and/or supplemental tests would be quite
limited--perhaps a walk-through of work done in high-risk and material
areas. Often, GAO may attend fewer meetings than the IG staff attends
and would concentrate the review on the IG's documentation. GAO may
then issue a report on the financial statements.
.65: Because of the potential for inefficiency, there should be close
coordination between the various auditors. The IG and GAO may perform
the review jointly. Sometimes, a memorandum of understanding might be
useful in documenting responsibilities. A chart that describes the
review to be done by each organization may be useful. The following is
a useful format for this chart (with more detail added as necessary
under each phase):
[See PDF for image]
[End of table]
REPORTS ON OTHER AUDITORS' WORK:
.66:
The auditor may be asked to issue a report evaluating work done by
other auditors in a situation where the auditor is not using the work
of the other auditors. For example, the auditor might be asked to
evaluate an audit done by a CPA firm. While AU 543, 322, and 336 are
not directed towards these situations, the guidance in FAM 650 is
helpful in planning and reporting on these assignments.
[End of section]
650 A-SUMMARY OF AUDIT PROCEDURES AND DOCUMENTATION FOR REVIEW OF
OTHER AUDITORS' WORK:
.01:
The table in this section indicates the work that generally should be
performed for each level of review, as well as what generally should be
retained in the documentation. The table does not include work on other
auditor's independence, objectivity, and qualifications. (See
paragraphs 650.11-.35 for a discussion of that work.) Where the other
auditor uses equivalent documents, review those documents.
.02:
In the table, steps to be performed and documents to be retained at the
low level of review are indicated by regular font. The moderate level
of review includes the low level plus those in bold letters. The high
level of review includes the moderate level plus those in BOLD
CAPITALS.
AUDIT PROCEDURES.
At entity level:
* Communicate with the other auditors:
- as to the objectives of the work;
- discuss their procedures and results;
* Attend key entrance and exit meetings;
* COORDINATE OR CONCUR IN SIGNIFICANT PLANNING DECISIONS BEFORE MAJOR
WORK IS STARTED;
* Review:
- general risk analysis;
- audit plan;
- scope of work;
- audit summary memorandum;
- summary of unadjusted misstatements;
- analytical procedures;
- completion checklist;
- determination of planning and design materiality;
- information systems background;
- general and application controls documentation (done by information
systems auditor);
- representation letters;
- key documentation;
* Read:
- other auditor's report;
- financial statements and notes;
- stewardship report and required supplementary information;
- other accompanying information;
- management's response;
For significant line items, accounts, or applications:
* Review:
- audit program;
- conclusions about significant issues and their resolution (often in
audit summary)
- conclusions about line items;
- account risk analysis (ARA);
- specific control evaluations (SCE);
- cycle memo;
- flowcharts;
- determination of test materiality; sampling plan;
- other auditors' key documentation;
- documentation for high-risk accounts, estimates, and judgments;
analytical procedures; evaluation of sample results;
- summary of possible adjustments;
* PARTICIPATE IN DISCUSSIONS WITH MANAGEMENT PERSONNEL AND/OR PERFORM
SUPPLEMENTAL TESTS OF the line items (especially key items, estimates
and judgments); COMPARE CONCLUSIONS.
[End of table]
DOCUMENTATION.
Retain:
* Auditor prepared:
- audit plan;
- audit program;
- memo documenting entrance and exit conference;
- MEMOS DOCUMENTING KEY MEETINGS ATTENDED and discussions with auditee
management;
- results of review of documentation;
- SUPPLEMENTAL TEST DOCUMENTATION;
summary memo;
* Other auditor prepared:
* At entity level:
- other auditor's report;
- final financial statements and notes;
- stewardship report;
- management letter;
- other auditor's unadjusted misstatements, estimate of the
imprecision of audit procedures, and comparison with materiality;
- audit completion checklist;
- other auditor's audit summary memo;
* At line item level:
- documentation that supports exceptions;
- other auditor's documentation evidencing significant judgments and
conclusions;
Optional:
- entity profile;
- general risk analysis;
- other auditor's audit plan;
- other auditor's audit program;
- account risk analyses;
- specific control evaluations;
- sampling plan;
- trial balance;
- lead schedules;
- evaluation of sample results;
- management representation letter;
- legal representation letter.
[End of table]
[End of section]
650 B - EXAMPLE AUDIT PROCEDURES FOR USING THE WORK OF OTHERS:
This program is appropriate when using the work of other auditors or
the work of specialists to perform a full or partial audit of financial
statements. The steps should be tailored to the circumstances and the
planned level of review by deleting inapplicable steps, modifying the
steps, and adding additional steps. When the other auditors or
specialists have done only part of an audit, many of the steps below
may be deleted. Many of the steps also may be deleted for the low level
of review or when the auditor plans to issue a transmittal letter. The
program consists of three sections: evaluating independence,
objectivity, and qualifications for CPA firms and specialists;
evaluating independence, objectivity, and qualifications for
government auditors; and monitoring the work (for all types of other
auditors and for specialists). The auditor generally should use one of
the first two sections and the third section. A separate form generally
should be used for each other auditor or specialist.
[See PDF for image]
[End of table]
Step:
EVALUATING INDEPENDENCE, OBJECTIVITY, AND QUALIFICATIONS FOR
GOVERNMENT AUDITORS; Independence and objectivity: 1. For all
government audit organizations, obtain written representation from the
head of the audit organization that the audit organization and the
individual auditors are independent of the entity being audited;
2. Determine whether the audit organization meets ONE of the criteria
in paragraph 650.15, or the head meets ONE of the criteria in paragraph
650.16; If the organization (or its head) meets one of these
criteria, no further work is needed unless the auditor finds contrary
evidence as to independence and objectivity in other parts of the
audit. Indicate which criterion is met; document the evaluation of any
other evidence obtained. (Go to step 6.)
3. If the audit organization (or its head) does not meet any of the
criteria in step 2, determine whether it meets ALL of the criteria in
paragraph 650.18;
4. Review the audit organization's documentation of how it meets the
requirements of step 3. Discuss with head of audit organization
(consider discussing with external quality control reviewer, legal
counsel for audit organization, and auditor's legal counsel). (Go to
step 6.);
5. If the audit organization does not meet the criteria for
organizational independence to report externally, determine whether the
organization is an independent internal audit organization under GAGAS
and IIA standards. Determine whether the internal auditors are
objective for the activities they audit. Consider the organizational
status of the head of the audit organization, including whether the
head; is accountable to the head or deputy head of the government
entity,; is required to report the results of the audit organization's
work to the head or deputy head of the government entity, and; is
located organizationally outside the staff or line management function
of the unit under audit;
6. For all government audit organizations, obtain an understanding of
organization's policies to enhance the objectivity of individual
auditors, including; policies to prohibit auditors from auditing areas
where relatives are employed,; policies to prohibit auditors from
auditing areas where they were recently assigned or are scheduled to be
assigned after they complete their tour of duty in auditing, and;
policies to require representations as to objectivity and lack of
conflicts of interest from each auditor;
7. Prepare memorandum documenting work performed and conclusions as to
independence and objectivity;
Qualifications:
8. Read the latest peer review report, letter of
comments, and the audit organization's response. Note date of report
and whether it is unqualified. If report is recent (usually within the
past year) and unqualified, go to step 12;
9. If the peer review is not recent, review the latest inspection
report, if any, and the organization's response. Note date of report
and whether it is unqualified. If the inspection is recent (usually
within the past year) and unqualified, go to step 12;
10. If the organization has not had a recent peer review or
inspection, obtain an overview of the important policies and procedures
in the functional areas (through interviews of management and staff and
through reading the summary quality control document, if any). Consult
with Reviewer before performing this step;
11. If the peer review or inspection report was qualified or adverse,
determine whether the quality control system has since been
strengthened. Review the organization's action plan for strengthening
its quality control system. Consider the effect of remaining weaknesses
in determining the level of review;
12. Inquire how the audit organization determined the staffing for the
audit. Evaluate the overall qualifications of the team performing the
work. Review resumes and consider for key team members: educational
level, professional certifications, and professional experience;
continuing professional education, especially whether key team members
have received training and have current knowledge in the type of work
done; supervision and review of work; whether the audit team has
adequate sources for consultation and use of specialists, especially
for audit sampling, audit methodology, and review of computer controls;
and; quality of documentation, reports, and recommendations;
13. If the auditor has significant concerns about the audit
organization's or team's objectivity or qualifications, the auditor, in
developing the audit plan, may either; ask the audit organization to
substitute more objective or highly qualified staff members; do the
work, treating any work done by the other auditors as prepared by the
auditee; divide the work so that the other auditors test the areas
where they are qualified and the auditor does the rest of the audit;
or; issue a disclaimer of opinion;
[End of table]
Step:
MONITORING THE WORK (FOR ALL TYPES OF OTHER AUDITORS AND FOR
SPECIALISTS):
1. Develop a plan for reviewing the other auditors' or
specialists' work and, if necessary, performing supplemental tests of
the accounting records. Determine the level of review for each line
item;
2. Monitor the planning of the audit (FOR MODERATE AND HIGH LEVEL OF
REVIEW); Attend entrance meeting and key planning meetings; Review
the entity profile; Review the General Risk Analysis or equivalent
document (and audit plan if prepared as a separate document) (FOR ALL
LEVELS OF REVIEW); Review the determination of planning materiality
and design materiality; Have an information systems auditor review the
information resource management background information and the
documentation for review of general and application controls; Document
line items and applications to be reviewed; For each such line item,
review the Account Risk Analyses, the Specific Control Analyses, the
cycle flowcharts, the cycle memoranda, the determination of test
materiality, and the audit program or equivalent documents;
3. Monitor the execution of the audit (for reports following example 2
of section 650 C or section 595 A and/or B WHERE LEVEL OF REVIEW IS
HIGH); Attend key meetings, especially those discussing high-risk
areas, significant estimates and judgments, and the other auditors'
conclusions; Discuss key items with auditee management, especially
significant estimates and judgments; Perform supplemental tests of the
accounting records; ** Generally do for high risk and material line
items, especially in areas involving estimates and judgments or ones
that users rely on extensively; ** Generally do while the other
auditors are at the auditee location and have access to the records;
** Examine some of the same documents the other auditors examined or
make own selection or both; ** Compare results of other auditors' work
to results of supplemental tests; ** Document scope of supplemental
testing and conclusions reached;
4. Monitor the completion of the audit (items with * are usually not
necessary for LOW level of review); Review the overall analytical
procedures; *Review the key documentation for the line item and for
completing the audit; consider evaluations of sample results. (For
example, were projections appropriate? Was appropriate action taken
based on sample results?); *Determine whether the subsequent events
review was updated to the date of the auditor's report; Review the
audit summary memorandum, conclusions about line items, and summary of
possible adjustments; Review the audit completion checklist (or
equivalent document); Review the management representation letter and
the legal representation letter; *Attend key exit conference(s); Read
the other auditors' report, the financial statements, the notes, the
other accompanying information, and management's response;
5. Prepare summary memorandum;
6. Write the auditor's report or transmittal letter;
[End of table]
[End of section]
650 C - EXAMPLE REPORTS WHEN USING THE WORK OF OTHERS:
EXAMPLE 1 - TRANSMITTAL LETTER:
We contracted with the independent certified public accounting firm of
[name of firm] to audit the financial statements of [name of entity] as
of [date] and for the year then ended. The contract required that the
audit be done in accordance with U.S. generally accepted government
auditing standards; OMB's bulletin, Audit Requirements for Federal
Financial Statements; and the GAO/PCIE Financial Audit Manual.
In its audit of [name of entity], [name of CPA firm] found:
* the financial statements were fairly presented, in all material
respects, in conformity with U.S. generally accepted accounting
principles,
* [entity] had effective[Footnote 11] internal control over financial
reporting (including safeguarding assets) and compliance with laws and
regulations,
* [entity's] financial management systems substantially
complied[Footnote 12] with the requirements of the Federal Financial
Management Improvement Act of 1996 (FFMIA), and:
* no reportable noncompliance with laws and regulations it tested.
[Name of CPA firm] also described the following significant matters:
[Discuss significant matters].
[For transmittal letters expressing no assurance, use the following
paragraph:]
[Name of CPA firm] is responsible for the attached auditor's report
dated [date] and the conclusions expressed in the report. We do not
express opinions on [name of entity]'s financial statements or internal
control or on whether [entity]'s financial management systems
substantially complied with FFMIA; or conclusions on compliance with
laws and regulations.
[For transmittal letters expressing negative assurance, use the
following paragraph:]
In connection with the contract, we reviewed [name of CPA firm]'s
report and related documentation and inquired of its representatives.
Our review, as differentiated from an audit in accordance with U.S.
generally accepted government auditing standards, was not intended to
enable us to express, and we do not express, opinions on [name of
entity]'s financial statements or internal control[Footnote 13] or on
whether [entity]'s financial management systems substantially complied
with FFMIA;[Footnote 14] or conclusions on compliance with laws and
regulations. [Name of CPA firm] is responsible for the attached
auditor's report dated [date] and the conclusions expressed in the
report. However, our review disclosed no instances where [name of CPA
firm] did not comply, in all material respects, with U.S. generally
accepted government auditing standards.[Footnote 15]
EXAMPLE 2 - REPORT CONCURRING WITH OTHER AUDITORS' OPINION (PRESENTING
REPORT OF OTHER AUDITORS AFTER THE AUDITOR'S REPORT)[Footnote 16]
Under [citation of statute], we are responsible for auditing [name of
entity]. To help fulfill these responsibilities, we contracted with
[name of firm], an independent certified public accounting firm. [Name
of firm]'s report dated [date] is attached.
We concur[Footnote 17] with [name of firm]'s report that indicated:
* the financial statements were fairly presented, in all material
respects, in conformity with U.S. generally accepted accounting
principles,
* [entity] had effective internal control over financial reporting
(including safeguarding assets) and compliance with laws and
regulations,
* [entity's] financial management systems substantially complied with
the requirements of the Federal Financial Management Improvement Act of
1996 (FFMIA), and:
* no reportable noncompliance with laws and regulations it tested.
Details of their conclusions are in their report.
OBJECTIVES, SCOPE, AND METHODOLOGY:
Management is responsible for (1) preparing the financial statements in
conformity with U.S. generally accepted accounting principles, (2)
establishing, maintaining, and assessing internal control to provide
reasonable assurance that the broad control objectives of 31 U.S.C.
3512 (c), (d) (Federal Managers' Financial Integrity Act) are met, (3)
ensuring that [entity]'s financial management systems substantially
comply with FFMIA requirements, and (4) complying with applicable laws
and regulations.
We are responsible for obtaining reasonable assurance about whether (1)
the financial statements are presented fairly, in all material
respects, in conformity with U.S. generally accepted accounting
principles, and (2) management maintained effective internal control,
the objectives of which are the following:
* Financial reporting: Transactions are properly recorded, processed,
and summarized to permit the preparation of financial statements and
stewardship information in conformity with U.S. generally accepted
accounting principles, and assets are safeguarded against loss from
unauthorized acquisition, use, or disposition.
* Compliance with laws and regulations: Transactions are executed in
accordance with laws governing the use of budget authority and with
other laws and regulations that could have a direct and material effect
on the financial statements and any other laws, regulations, and
governmentwide policies identified by OMB audit guidance.
We are also responsible for (1) testing whether [entity's] financial
management systems substantially comply with the three FFMIA
requirements, (2) testing compliance with selected provisions of laws
and regulations that have a direct and material effect on the financial
statements and laws for which OMB audit guidance requires testing, and
(3) performing limited procedures with respect to certain other
information appearing in the Accountability Report.
To help fulfill these responsibilities, we contracted with the
independent certified public accounting (CPA) firm of [name of firm] to
perform a financial statement audit in accordance with U.S. generally
accepted government auditing standards; OMB's bulletin, Audit
Requirements for Federal Financial Statements; and the GAO/PCIE
Financial Audit Manual. We evaluated the nature, timing, and extent of
the work, monitored progress throughout the audit, reviewed the
documentation of the CPA firm, met with partners and staff members,
evaluated the key judgments, met with officials of [entity being
audited], performed independent tests of the accounting records, and
performed other procedures we deemed appropriate in the circumstances.
We conducted our work in accordance with U.S. generally accepted
government auditing standards.
[End of section]
660 - AGREED-UPON PROCEDURES:
.01:
In an engagement to apply agreed-upon procedures, a client engages an
auditor to perform specific procedures on subject matter and report on
the results to assist users in evaluating subject matter or an
assertion. Agreed-upon procedures should be performed in accordance
with the Statements on Standards for Attestation Engagements (SSAE).
The auditor should read appropriate sections (e.g., AT 101, Attest
Engagements, and AT 201, Agreed-Upon Procedures Engagements) and
thoroughly understand them before performing agreed-upon procedures.
.02:
An agreed-upon procedures engagement may be applied to a variety of
subject matter. The engagement will vary depending on the needs of the
user. The engagement may assist entity management by providing
information for making decisions and give report users information on
important areas. Examples of agreed-upon procedures are:
* compare payroll information reported to the Office of Personnel
Management with the entity's payroll records and general ledger;
* compare entity reconciliations of intragovernmental activity and
balances with supporting documentation and compare amounts with the
financial statements and with reports to the Department of the Treasury
(Treasury);
* trace tax collections from the master file to deposit confirmations,
determine whether they were recorded in the appropriate period and in
the correct tax class;
* trace amounts on the entity's financial statements to an "account
grouping worksheet," foot the worksheet, read the CFO's explanation for
any differences, and compare the explanation with supporting
documentation; and:
* examine official receipt documents to determine whether they were
included in the weekly deposit; compare deposit amounts to amounts
reported on the statement of funding.
.03:
In agreed-upon procedures engagements, all parties involved, which
include the report users, the entity responsible for the subject matter
(which may or may not be the same as the user), and the auditor, should
clearly understand the procedures to be applied. Since users may have
different needs, the nature, timing, and extent of the agreed-upon
procedures also may differ. Therefore, the users, and not the auditor,
assume the responsibility for the sufficiency of the design and extent
of the procedures since they best understand their own needs, although
the auditor may assist the user in designing the procedures.
.04:
The auditor should establish and document an understanding with the
users regarding the nature, timing, and extent of the agreed-upon
procedures to be performed. The auditor may document this understanding
using an engagement letter to the users. (See example in section 660
A.):
.05:
The subject matter should be capable of evaluation against criteria
that are suitable and available to users. Suitable criteria should have
objectivity, measurability, completeness, and relevance. The
procedures should be subject to reasonably consistent measurement and
the criteria should be agreed upon. The auditor should not perform
overly subjective procedures or use terms with uncertain meaning unless
they are defined within the agreed-upon procedures.
.06:
The auditor need not perform additional procedures beyond the agreed-
upon procedures. If matters come to the auditor's attention by other
means that significantly contradict the subject matter (or assertion),
the auditor should include these matters in the report. For example, if
during the course of applying agreed-upon procedures regarding an
entity's operation, the auditor becomes aware of a material weakness
related to the assertion by means other than the agreed-upon
procedures, the auditor should include this matter in the report. This
may be done by mentioning the material weakness with a footnote
reference to another report where it is described in detail.
.07:
Where circumstances impose restrictions on the performance of the
agreed-upon procedures, the auditor should attempt to obtain agreement
from the users of the report to modify the agreed-upon procedures. When
agreement cannot be obtained (for example, when the agreed-upon
procedures are published by a regulatory agency that will not modify
the procedures), the auditor should describe restrictions in the report
or withdraw from the engagement.
WRITTEN REPRESENTATIONS:
.08:
The auditor should determine if a representation letter is necessary.
The auditor may determine that a representation letter is necessary,
for example, if (1) the responsible entity is so large there is a risk
as to whether one person knows whether pertinent information has been
made available to the auditor, (2) the subject matter depends on
estimates, judgments, or future events (i.e., whether the subject
matter is less objective and fact-based and more subjective), or
(3) the user of the report believes written representations should be
obtained. Although generally not required (unless specifically required
by another attestation standard, such as in a compliance engagement) a
representation letter may nonetheless be a useful means of documenting
the responsible entity's representations. (See FAM section 660 B for an
example representation letter for an agreed-upon procedures
engagement.):
.09:
The responsible entity's refusal to furnish written representations
determined by the auditor to be necessary constitutes a scope
limitation. In such circumstances, the auditor should do one of the
following:
* disclose in the report the inability to obtain representations from
the responsible entity,
* withdraw from the engagement, or:
* change the engagement to another form of engagement (e.g., a
performance audit).
DOCUMENTATION:
.10: In accordance with GAGAS, the auditor should prepare and maintain
documentation in connection with an agreed-upon procedures engagement
that is appropriate for the engagement. They should contain sufficient
information to enable an experienced auditor having no previous
connection with the engagement to ascertain from them the evidence that
supports the auditors' agreed-upon procedures report.
.11:
Although the quantity, type, and content of documentation varies with
the circumstances, ordinarily it should be sufficient to demonstrate
that the work was adequately planned and supervised and sufficient
evidential matter was obtained to provide a reasonable basis for the
report.
.12:
The auditor generally should prepare a summary memorandum that recaps
the work performed and refers to the detailed documentation. This
memorandum generally should include the auditor's conclusion on whether
the work was performed in accordance with GAGAS, including the
attestation standards, and the GAO/PCIE FAM and whether the report is
appropriate. (See FAM section 660 C for an agreed-upon procedures
completion checklist.):
REPORTING:
.13:
An auditor should report on the agreed-upon procedures in the form of
results. The auditor should not provide any opinion or negative
assurance about whether the subject matter or the assertion is fairly
stated based on the criteria. The report should include information
such as the identification of the entities that agreed to the
procedures and took responsibility for the sufficiency of the design
and extent of the procedures for their purposes, as shown in the
example report in FAM section 660 D.
.14:
The auditor should report all results arising from application of the
agreed-upon procedures. The concept of materiality does not apply to
results to be reported in an agreed-upon procedures engagement unless
the users of the report agree to the definition of materiality. This
could be included in the engagement letter. Any agreed-upon materiality
limits should be described in the report.
.15:
The auditor should include a statement indicating that the report is
intended for the specified users who have agreed upon the procedures
performed and taken responsibility for the sufficiency of the design
and extent of the procedures for their needs. However, since
governmental reports are generally a matter of public record, the
distribution of the report is not limited.
.16:
The auditor may have performed agreed-upon procedures on an element,
account, or item of financial statements and also audited the same
financial statements. If the audit report on the financial statements
includes a departure from a standard report, the auditor generally
should include a reference to the audit report and the departure from
the standard report in the agreed-upon procedures report.
.17:
The auditor also may include explanatory language about such matters as
the following:
* stipulated facts, assumptions, or interpretations (including the
source);
* description of the condition of records, controls, or data to which the
procedures were applied;
* explanation that the auditor has no responsibility to update the
report; or:
* explanation of sampling risk.
.18:
The auditor should state the results in definitive, rather than
qualified, language and avoid vague or ambiguous language. The
following table provides examples of appropriate and inappropriate
descriptions of findings.
Examples of appropriate/inappropriate description of findings:
Procedures agreed-upon: Based on the total tax liability, select and
recompute the 50 largest excise tax returns from the quarter ended
September 30 and compare these amounts with the certified audit file;
Description of findings: Appropriate: Recomputed amounts for the
selected excise tax returns agreed with the amounts in the certified
audit file; Description of findings: Inappropriate: Nothing came to
our attention as a result of applying this procedure.
Procedures agreed-upon: Select a random sample of 45 Treasury SF-224
reconciliations; determine if XYZ reported revenue receipts were
properly classified and reconciled to Treasury FMS records;
Description of findings: Appropriate: Revenue receipts selected
randomly from the monthly Treasury SF-224 reconciliation process
were properly classified and agreed with Treasury FMS records;
Description of findings: Inappropriate: The revenue receipts
approximated the amount shown in the Treasury FMS records.
Procedures agreed-upon: Examine personnel files of 40 individuals
randomly selected from the timekeeping records for the year; determine
if all the selected files contain a current and approved Notification
of Personnel Action; Description of findings: Appropriate: Thirty
of the selected files contained a current and approved Notification of
Personnel Action. Ten files did not contain a current and approved
Notification of Personnel Action (list and identify exceptions);
Description of findings: Inappropriate: Some of the personnel files
did not contain a current and approved Notification of Personnel Action.
[End of table]
Other Report Issues:
.19:
The report should be addressed to the users who have agreed upon the
procedures to be performed (see paragraph 660.03). The date of
completion of the agreed-upon procedures should be used as the date of
the agreed-upon procedures report. If the audit organization's
procedure is to date reports with the issue date, the date of
completion of fieldwork may be stated in the report (e.g., "We
completed the agreed-upon procedures on [date].").
.20:
Agency comments should be obtained from the entity responsible for the
subject matter. If time constraints present problems, oral comments may
be obtained.
[End of section]
660 A - EXAMPLE AGREED-UPON PROCEDURES ENGAGEMENT LETTER:
[Date]
Management of ABC Agency:
Subject: Fiscal Year 20X1 Agreed-Upon Procedures for the Tax Trust
Fund:
Dear Management Official:
Based on our discussions, we agree to perform agreed-upon procedures to
assist ABC Agency in determining the completeness and accuracy of
receipts transferred to the tax trust fund. XYZ Agency is responsible
for the information to which these procedures will be applied.
This letter documents our agreement to perform these agreed-upon
procedures related to fiscal year 20X1. We will perform these
procedures in accordance with U.S. generally accepted government
auditing standards, which incorporate the financial audit and
attestation standards established by the American Institute of
Certified Public Accountants (AICPA). The procedures are included in
the enclosure to this letter. We will meet with you as needed to
discuss the agreed-upon procedures, results, and other issues that may
arise.
We are not engaged to perform, and will not perform, an examination,
the objective of which would be to express an opinion on the amount of
receipts transferred to the tax trust fund. Accordingly, we will not
express such an opinion. Were we to perform additional procedures,
other matters might come to our attention that we would report to you.
Our report will be intended solely for your information and use and
should not be used by those who have not agreed to the procedures or
taken responsibility for the sufficiency of the procedures for their
purposes. However, the report will be a matter of public record and its
distribution will not be limited.
Unless we hear from you, we will assume your concurrence with these
procedures and their sufficiency for your purposes.[Footnote 18] Please
contact me at [telephone number] if you or your staff have any
questions.
Sincerely yours,
[Name of Director]
Director:
Enclosure:
cc: XYZ Agency:
Agreed-Upon Procedures for Tax Receipts and Refunds:
General:
* Compare fiscal year 20X1 tax collections for the ABC tax trust fund
per XYZ's Statement of Custodial Activity with:
**the trust fund's accounting records and:
**ABC's consolidated financial statements.
* Obtain explanations and examine supporting documentation for
differences.
Sampling:
A. Use dollar unit sampling (DUS) and an 80-percent confidence level to
select a sample of ABC tax trust fund tax revenue receipts and refunds
for fiscal year 20X1. Use $300 million as the test materiality, which
is 1 percent of the total revenue collected. Use an expected aggregate
misstatement of $100 million, or one-third of test materiality. The
projected sample size for this population is expected to be 40
transactions.
For the sample items selected:
* Receipts testing --Compare tax receipts transactions (for example
cash receipts, federal tax deposit (FTD) receipts, reversals, and
adjustments) with source documents to determine whether the amounts
agree, the transactions are recorded in the appropriate period based on
the transaction date, and they are properly categorized as ABC tax
trust fund receipts.
* Refunds testing --Compare refund transactions with the source
documents (for example, payment vouchers, FTD coupons, tax returns) to
determine whether the amounts agree, the transactions are recorded in
the appropriate period based on the transaction date, and they are
properly categorized as ABC tax trust fund refunds.
B. Use DUS and the same sampling parameters as above to extract
statistical samples of total XYZ revenue receipts and refunds for
fiscal year 20X1.
For the sample items selected:
* Test whether the tax receipt or refund amounts and tax category from
source documentation agrees with amounts recorded for each of the
revenue receipts or refunds sample items.
[End of section]
660 B - EXAMPLE REPRESENTATION LETTER FROM RESPONSIBLE ENTITY ON
AGREED-UPON PROCEDURES ENGAGEMENT:
[XYZ Agency letterhead]
[Date]
Dear Auditor:
In connection with the agreed-upon procedures engagement for XYZ's
budget execution process for the period from October 1, 20X0 through
September 30, 20X1, we confirm to the best of our knowledge and belief,
the following representations made to you in performing these agreed-
upon procedures.
* We acknowledge responsibility for XYZ's budget execution process.
* We acknowledge responsibility for selecting the criteria [state
criteria] and for determining the appropriateness of the criteria for
our purposes.
* Our budget execution process is [state assertion about budget
execution process based on the criteria selected].
* We know of no matters that would contradict our assertion about our
budget execution process.
* There have been no communications from regulatory or oversight
agencies concerning our budget execution process or noncompliance with
budgetary laws or the Antideficiency Act.
* We have made available to you all records and related data pertaining
to our budget execution process during the period from October 1, 20X0
through September 30, 20X1.
* XYZ's budget execution process is designed to meet the requirements
of the Antideficiency Act.
* The accounting records and fund status reports are checked quarterly
to determine whether all source documents that affect the appropriation
and fund balance have been recorded properly, accurately, and on a
timely basis.
* The agency's accounting system provides timely disclosure of total
valid obligations incurred to date and total budgetary resources
available for obligations within each apportionment.
* The system also provides timely disclosure of the authorization or
creation of commitments, obligations, or expenditures that exceed
apportionments and allotments.
* We are not aware of instances of noncompliance with the above-stated
procedures.
* There has been no fraud involving management, employees, or
contractor staff who have significant roles in the operation of our
budget execution process.
* We have no plans or intentions that would materially affect our
budgetary process or operations.
Sincerely yours,
Management, XYZ Agency:
[End of section]
660 C - AGREED-UPON PROCEDURES COMPLETION CHECKLIST:
Entity:
Job code:
Principal report:
.01:
This checklist is a tool to help auditors comply with the requirements
for agreed-upon procedures engagements. No specific signatures are
required on the checklist in the planning phase.
.02:
Several of the last questions include steps in GAO's quality control
process, including the GAO workpaper set, second partner review, and
review by the Technical Accounting and Auditing Expert (Chief
Accountant at GAO) when that person is not the second partner. GAO
auditors should complete these questions and forms. IG auditors and
other auditors may use these questions and forms or may substitute
questions and forms that consider their reporting style and quality
control.
Step:
1. Has the audit team documented an understanding with the users?
2. Does the documentation cover the following? The nature of the
engagement; Identification of the subject matter, the responsible
entity, and the criteria; Identification of the users of the report;
Auditor's responsibilities; Reference to GAGAS and the attestation
standards; Agreement on procedures; Disclaimers expected; Any
involvement of a specialist; Materiality limits;
3. Was an entrance conference held with the responsible entity?
4. Has the auditor determined whether a letter of representation from
the responsible entity is necessary? (Note: This is not a requirement.);
5. Were applicable laws and regulations documented if part of the
procedures?
6. Were review responsibilities communicated to individuals on the
assignment?
7. Does the documentation contain the following? The scope and
methodology, including any sampling criteria used; Documentation of
the work performed to support reported results; Descriptions of
transactions and records examined; Evidence of supervisory review;
8. Does the documentation record that the applicable standards were
followed (AT 201 and AT 101)?
9. Does the documentation record a reasonable basis for the results of
the agreed-upon procedures?
10. Does the summary memorandum summarize the results of the
procedures and refer to the documentation?
11. Were any deviations from the standard reporting elements
documented and the basis approved by the assistant director with
copies of the documentation sent to the audit director and Reviewer
(AT 201.31)?
12. Was the report referenced?
13. Did the assistant director review the following? Understanding with
the client; Memorandum of entrance conference with the responsible
entity; Completed work programs; Memorandums on key engagement
issues; Summary of the results of the procedures; Memorandum of exit
conference with the responsible entity; Deviations from standard
reporting language; Financial schedules/statements; Agreed-upon
procedures report; GAO workpaper set (or equivalent);
14. Did the audit director review the following? Understanding with the
client; Summary of results of the procedures; Memorandum of exit
conference with responsible entity; Deviations from standard reporting
language; Agreed-upon procedures report; GAO workpaper set (or
equivalent);
15. Did the assistant director or the auditor in charge determine that
all significant review notes were resolved appropriately?
16. Did the assistant director initial all documentation bundle covers
to indicate that all documentation was sufficiently reviewed?
17. Is the report appropriate as to the following? Wording; Scope of
work; GAGAS; Explanatory paragraphs;
18. Was the report reviewed by the following? Office of the General
Counsel; Technical Accounting and Auditing Expert; Second partner (or
equivalent), if not Technical Accounting and Auditing Expert;
19. Is the agreed-upon procedures report dated appropriately or does
the report indicate when the auditor completed fieldwork? (AT 201);
[End of table]
Second Partner's (OR EQUIVALENT) Concurrence on Agreed-Upon Procedures
work:
Objective of second partner (or equivalent) review: To objectively
review significant engagement matters to conclude, based on all facts
the second partner (or equivalent) has knowledge of, that no matters
were found that caused the second partner (or equivalent) to believe
that (1) the procedures were not performed in accordance with GAGAS,
which incorporate financial audit and attestation standards established
by the American Institute of Certified Public Accountants and (2) the
report does not meet professional standards and audit organization
policies;
Procedures: Before the report was issued, I performed the
following procedures:
* as necessary, discussed significant engagement issues with the audit
director;
* read documentation of key decisions and consultations;
* read the agreed-upon procedures report;
* and; confirmed with the audit director that there are no unresolved
issues;
Conclusions: Based on all the relevant facts of which I have
knowledge, I found no matters that caused me to believe that (1) the
agreed-upon procedures were not performed in accordance with GAGAS and
the AICPA's attestation standards related to agreed-upon procedures
engagements and (2) the report is not in accordance with professional
standards and audit organization policies.
Title
Signature
Date.
TECHNICAL ACCOUNTING AND AUDITING EXPERT'S Concurrence on Agreed-Upon
Procedures work.
Objective of review: When the Technical Accounting and Auditing
Expert is not the second partner (or equivalent), the Technical
Accounting and Auditing Expert should read the report. The Technical
Accounting and Auditing Expert should then sign the conclusions below;
Conclusions: Based on my reading of the report, I found no matters
that caused me to believe that (1) the agreed-upon procedures were not
performed in accordance with GAGAS and the AICPA's attestation
standards related to agreed-upon procedures engagements and (2) the
report is not in accordance with professional standards and audit
organization policies.
Title
Signature
Date.
[End of section]
660 D - EXAMPLE AGREED-UPON PROCEDURES REPORT:
[Date]
Management of ABC Agency:
Subject: Applying Agreed-Upon Procedures: Count of Cash and Related
Items:
Dear Management Official:
We have performed the procedures contained in the enclosure to this
letter, which we agreed to perform and with which you concurred, solely
to meet your needs for an independent count of cash and cash-related
items as of September 30, 20X1.
We conducted our work in accordance with U.S generally accepted
government auditing standards, which incorporate financial audit and
attestation standards established by the American Institute of
Certified Public Accountants. These standards also provide guidance
when performing and reporting the results of agreed-upon procedures.
You are responsible for the adequacy of the procedures to meet your
objectives and we make no representation in that respect. The
procedures we agreed to perform consist of counting amounts for cash
and related receipts and comparing combined totals to the authorized
amounts. The enclosure contains the agreed-upon procedures and our
results.
We were not engaged to perform, and did not perform, an examination,
the objective of which would have been to express an opinion on the
amount of cash on hand. Accordingly, we do not express such an opinion.
Had we performed additional procedures, other matters might have come
to our attention that we would have reported to you. We completed our
agreed-upon procedures on [date of completion].
We provided a draft of this letter, along with the enclosure, to your
representatives for review and comment. They agreed with the results
presented in this letter and its enclosure.
This letter is intended solely for the use of the management of ABC
Agency and should not be used by those who have not agreed to the
procedures or have not taken responsibility for the sufficiency of the
procedures for their purposes. However, the report is a matter of
public record and its distribution is not limited.
If you have any questions, please call [name, title, and telephone
number].
Sincerely yours,
[Name of Director]
Director:
Enclosure:
Results OF CASH COUNTS:
Procedures:
We counted and totaled cash on hand for the petty cash fund as of
[date]. We also listed and totaled the receipts on hand evidencing
disbursements from the fund. Finally, we compared the combined total of
cash and receipts available to the amount authorized for the fund
($500).
Results:
We counted cash totaling $258.96 and scheduled 14 receipts totaling
$174.85. The combined total of cash and receipts on hand accounted for
$433.81 of the $500 in authorized petty cash funds. In addition, the
custodian provided us two separate Expense Summary Report and Petty
Cash Itemization Sheets and related receipts for an additional $65.09,
which had been submitted for reimbursement to the fund. Thus, the
unexplained difference between the authorized amount and the total cash
and receipts evidencing petty cash fund disbursements was $1.10.
FOOTNOTES
[1] The term "auditor," throughout the FAM includes individuals who may
be titled auditor, analyst, evaluator, or have a similar position
description.
[2] The AICPA also issued Practice Alert 2002-02, Use of Specialists.
[3] For example, a certain audit may be required by law, in which the
auditor, although allowed to hire other auditors to do the work, is
required to give his or her own opinion. In the absence of such a
requirement, a report expressing concurrence is generally not cost-
effective because of the resources required.
[4] In this instance both the other auditor and the auditor that
expresses concurrence are principal auditors because both have
sufficient knowledge of the overall financial statements and the
important issues, and the concurring auditor, by reason of the level of
work done, has also audited the financial statements.
[5] There may be situations where the auditor is asked to provide a
separate opinion in addition to presenting the other auditors' report.
In these situations, the auditor should follow the wording in section
595 A and/or B and should add the following in lieu of the introduction
to the first paragraph on page 595 A-5:
"To help fulfill these responsibilities, we contracted with the
independent certified public accounting firm of [insert firm name] to
perform a financial statement audit in accordance with U.S. generally
accepted government auditing standards, OMB's bulletin, Audit
Requirements for Federal Financial Statements, and the GAO/PCIE
Financial Audit Manual. The report of [name of CPA firm] dated [date]
is attached. We evaluated the nature, timing, and extent of the work,
monitored progress throughout the audit, reviewed the documentation of
[name of CPA firm], met with partners and staff members of [name of
firm], evaluated the key judgments, met with officials of [entity being
audited], performed independent tests of the accounting records [if
applicable], and performed other procedures we deemed appropriate in
the circumstances. Our opinions expressed above are consistent with the
opinions of [name of CPA firm]. Thus, in this audit, we:" (continue
with numbered items).
[6] For example, a number of other auditors may have audited individual
components of an entity and the auditor may audit the consolidation
process. The auditor may choose to use this approach if the auditor has
sufficient knowledge of the entire entity and does additional work (see
paragraph 650.10).
[7] Under the CFO Act and the Government Management Reform Act, if the
IG is not doing the audit, he or she is required to determine the CPA
firm that will do the work.
[8] Obtaining a representation from the head of the audit organization
is similar to the procedure for CPA firms under AU 543.10b.
[9] Some situations may require significantly more work than the work
shown for the high level. In those situations, the auditor generally
should perform significant supplemental tests; in some cases, the audit
may be a joint audit.
[10] In some situations, the auditor may decide less review or no
review is necessary. These situations typically involve entities or
line items that are very small in relation to the financial statements
taken as a whole. In these situations the auditor may decide to read
the other auditors' report and the financial statements and ask
questions if anything seems unusual.
[11] If the other auditors did not provide an opinion on internal
control, change this to "there were no material weaknesses in internal
control" (and include a definition of material weakness in a footnote).
[12] If the other auditors did not provide an opinion (i.e., did not
give positive assurance) on whether the entity's systems complied with
FFMIA, change this to "no instances in which entity's financial
management systems did not substantially comply" (i.e., negative
assurance).
[13] If the other auditors did not provide an opinion on internal
control, change this to read "conclusions about the effectiveness of
internal control."
[14] If the other auditors did not provide an opinion on FFMIA, change
"opinion" to "conclusions."
[15] If the auditor found that the other auditors did not comply with
GAGAS, or if the auditor disagrees with the other auditors'
conclusions, see paragraphs 650.54-.56.
[16] This example assumes the other auditors opined on internal control
and on whether the financial management systems substantially complied
with FFMIA. If the other auditors provided negative assurance,
appropriate changes should be made.
[17] If the auditor does not concur with the other auditors' report,
see paragraphs 650.54-.56.
[18] The auditor may request the users to document their agreement with
the procedures and their sufficiency for their purposes by signing the
engagement letter and returning it to the auditor.
[End of section]
SECTION 700:
Internal Control:
701 - ASSESSING COMPLIANCE OF AGENCY SYSTEMS WITH THE FEDERAL FINANCIAL
SYSTEMS WITH THE FEDERAL FINANCIAL MANAGEMENT IMPROVEMENT ACT (FFMIA):
.01:
FFMIA emphasizes the need for agencies to have systems that can
generate timely, reliable, and useful information with which to make
informed decisions and to ensure ongoing accountability. FFMIA requires
the 24 CFO Act departments and agencies[Footnote 1] to implement and
maintain financial management systems that comply substantially with
(1) federal financial management systems requirements, (2) applicable
federal accounting standards, and (3) the U.S. Government Standard
General Ledger (SGL) at the transaction level. The law also requires
auditors to report whether agency financial management systems comply
with the FFMIA requirements. OMB has provided FFMIA implementation
guidance to help agencies and their auditors determine compliance. This
section also provides guidance for assessing agency systems' compliance
with FFMIA. It explains FFMIA's requirements and discusses audit issues
related to testing for compliance with the act. An example audit
program is included as section 701 A.
FFMIA REQUIREMENTS:
.02:
OMB Circular A-127, Federal Financial Systems,[Footnote 2] also
addresses the three FFMIA requirements. OMB Circular A-127 prescribes
policies and standards for executive branch departments and agencies to
follow in developing, operating, evaluating, and reporting on financial
management systems (see www.whitehouse.gov/omb/financial). In its
FFMIA implementation guidance, OMB identifies the applicable
requirements from Circular A-127 that should be assessed when making an
FFMIA compliance determination.[Footnote 3] OMB, in Circular A-127,
refers to the federal financial management systems requirements, a
series of publications issued by the Joint Financial Management
Improvement Program (JFMIP), as the source of governmentwide
requirements for financial management systems software functionality.
JFMIP has developed a framework to describe the basic elements of an
integrated financial management system, including the core financial
system. Agency financial management systems fall into four categories:
core financial systems, other financial and mixed systems[Footnote 4]
(such as procurement, property, budget, payroll, and travel systems),
shared systems,[Footnote 5] and departmental executive information
systems (systems to provide information to all levels of management.):
.03:
JFMIP has developed publications of systems requirements for the core
financial system and for some of the mixed or feeder systems (see
www.jfmip.gov). The systems requirements in the publications are stated
as either mandatory (required) or value-added (optional). Agencies
should use the mandatory functional and technical requirements in
planning system improvement projects, whereas value-added requirements
should be used as needed. The core financial management system affects
all financial event transaction processing because it maintains
reference tables used for editing and classifying data, controls
transactions, and maintains security. The core financial management
system consists of six functional areas: general ledger management,
funds management, payment management, receivable management, cost
management, and reporting. OMB Circular A-127 requires agencies to use
for agency core financial management systems commercial-off-the-shelf
(COTS) software that has been tested and certified through the JFMIP
software certification process. According to JFMIP, core financial
management system certification does not mean that agencies that
install qualified software packages will have financial systems that
are in compliance with FFMIA. Many other factors can affect the
capability of the systems to comply with FFMIA, including modifications
made to the JFMIP-certified core financial management system software,
and the validity and completeness of data from feeder systems. JFMIP's
certification process does not eliminate or significantly reduce the
need for agencies to develop and conduct a comprehensive testing effort
to ensure that the software product meets their requirements:
.04:
The federal accounting standards, the second requirement of FFMIA, are
promulgated by the Federal Accounting Standards Advisory Board (FASAB).
FASAB develops accounting standards after considering the financial and
budgetary information needs of Congress, executive agencies, and other
users of federal financial information as well as comments from the
public (see www.fasab.gov). FAM section 560 describes the relationship
of the FASAB standards to the hierarchy of accounting principles.
.05:
Implementing the SGL at the transaction level is also a requirement of
FFMIA. The SGL provides a uniform chart of accounts and guidance for
use in standardizing federal agency accounting and supports the
preparation of standard external reports required by OMB and Treasury
(see www.fms.treas.gov/ussgl). The SGL is defined in the latest
supplement, which is released annually, to the Department of the
Treasury's Treasury Financial Manual (TFM). The supplement is composed
of five major sections (1) chart of accounts, (2) account descriptions,
(3) accounting transactions, (4) SGL attributes, and (5) report
crosswalks. Each agency should implement a chart of accounts that is
consistent with the SGL and meets the agency's information needs. OMB
Circular A-127 states that application of the SGL at the transaction
level means that financial management systems will process transactions
following the definitions and defined uses of the general ledger
accounts as described in the SGL. Transaction detail supporting SGL
accounts are required to be available in the financial management
systems and directly traceable to specific SGL account codes. In
addition, the criteria for recording financial events in all financial
management systems should be consistent with accounting transaction
definitions and processing rules defined in the SGL.
.06:
OMB's FFMIA implementation guidance requires the CFO act agency
auditors to perform tests of the compliance of the entity's systems
with FFMIA. Auditors who are reporting that agency financial management
systems do not substantially comply with FFMIA requirements are to
include in their reports (1) the entity or organization responsible for
the financial management systems that have been found not to be
substantially compliant and all pertinent facts relating to the
noncompliance, (2) the nature and extent of the noncompliance including
areas in which there is substantial but not full compliance, (3) the
primary reason or cause of the noncompliance, (4) the entity or
organization responsible for the noncompliance, (5) any relevant
comments from any responsible officer or employee, and (6) a statement
with respect to the recommended remedial actions for each instance of
noncompliance and the time frames for implementing these actions. FFMIA
as well as OMB's FFMIA implementation guidance require agencies to
report whether the agencies' financial management systems comply with
FFMIA's requirements and prepare remediation plans that include
resources, remedies, and intermediate target dates necessary to bring
the agency's financial management systems into substantial compliance.
.07:
According to OMB's FFMIA implementation guidance, auditors are to plan
and perform their audit work in sufficient detail to enable them to
determine the degree of compliance and report on instances of
noncompliance for all of the applicable FFMIA requirements. The
guidance describes specific minimum requirements from Circular A-127
that agency systems should meet to achieve compliance and provides
indicators of compliance. The indicators included in OMB's
implementation guidance are characterized as examples and are not all-
inclusive. The four primary factors OMB identifies as critical to
assessing compliance with FFMIA are determining whether agencies
can:[Footnote 6]
* Prepare financial statements and other required financial and budget
reports using information generated by the financial management
system(s);
* Provide reliable and timely financial information for managing current
operations;
* Account for their assets reliably, so that they can be properly
protected from loss, misappropriation, or destruction; and,
* Do all of the above in a way that is consistent with federal
accounting standards and the Standard General Ledger.
AUDIT ISSUES:
.08:
While financial statement audits will offer some assurances regarding
FFMIA compliance, auditors should design and implement additional
testing to satisfy the criteria in FFMIA. For example, in performing
financial statement audits, auditors generally focus on the capability
of the financial management systems to process and summarize financial
information that flows into agency financial statements. In contrast,
FFMIA requires auditors to assess whether an agency's financial
management systems comply with systems requirements. To do this,
auditors need to consider whether agency systems provide complete,
accurate, and timely information for managing day-to-day operations.
This is based on Congress' expectation, in enacting FFMIA, that agency
managers would have any necessary information to measure performance on
an ongoing basis rather than just at year-end. Financial statement
auditors generally review performance measure information for
consistency with the financial statements, but do not assess whether
managers have the performance-related information to manage during the
fiscal year.
.09:
As a result of the overlapping scope and nature of FFMIA assessments
and financial statements audits, the auditor should use, where
appropriate, the audit work performed as part of the financial
statement audit. In the example audit program (FAM 701 A) for testing
compliance with FFMIA, several procedures indicate that the auditor may
have performed the procedure as part of the financial statement audit;
whereas, other procedures needed to assess FFMIA compliance require
additional work not normally contemplated by financial statement
auditors. The determination of FFMIA compliance need not be performed
simultaneously with the financial statement audit. The determination of
FFMIA compliance may be performed by different staff or staggered
throughout the assessment time frame. While the example audit program
provides steps the auditor should perform, the auditor may tailor the
steps to satisfy the objectives or intent of the step if the step
cannot be completed as described. Because of the broad scope of federal
operations and the many variations that can and do flow from such a
broad scope, the degree of specificity in the example audit program
varies. For example, each agency will likely need and use a variety of
internal reports for managing current operations. These reports may be
on line or in hard copy. Auditors will need to use their skills and
professional judgment to assess the adequacy of these reports that are
essential to having FFMIA compliance. Auditors may also rely on other
work products that address the objectives of the example audit
procedures.
.10:
As discussed in FAM section 350, the auditor need not perform specific
tests of the systems compliance with FFMIA requirements for agencies
with longstanding, well-documented financial management systems
weaknesses that severely affect the systems' ability to comply with
FFMIA requirements. The auditor should understand management's process
for determining whether its systems comply with FFMIA requirements and
report any deficiencies in management's process along with previously
identified problems.
.11:
FAM paragraphs 580.62 through .66 and FAM section 595 A provide FFMIA
reporting guidance. When reporting a lack of substantial compliance,
the auditor should refer to FAM 595 B for suggested modifications to
the report. FAM Part III, section 1603, provides guidance that GAO will
use to provide an affirmative statement when reporting on compliance
with FFMIA.
[End of section]
701 A - EXAMPLE AUDIT PROCEDURES FOR TESTING COMPLIANCE WITH FFMIA:
Entity:
Date of review:
Job code:
Objective: FFMIA requires the 24 major departments and agencies covered
by the CFO Act to implement and maintain financial management systems
that comply substantially with (1) federal financial management systems
requirements, (2) applicable federal accounting standards, and (3) the
U.S. Government Standard General Ledger (SGL) at the transaction level.
OMB also requires certain designated entities to determine FFMIA
compliance. The objective of this audit program is to assess whether
agencies' systems' comply with FFMIA.
FFMIA example audit procedures: Description of Procedure:
I. Planning (May be combined with the work to plan the financial
statement audit);
A. To understand the FFMIA requirements, read:
Federal Financial Management Improvement Act, P.L. 104-208; Audit
Requirements for Federal Financial Statements (OMB Bulletin); OMB
Memorandum, January 4, 2001, Revised Implementation Guidance for the
Federal Financial Management Improvement Act; JFMIP Publications of
Federal Financial Management System Requirements including the
Framework and Core Financial System Requirements; Form and Content of
Agency Financial Statements (OMB Bulletin); FASAB Standards; Treasury
Financial Manual (TFM) sections related to the SGL (see transmittal
letter S2-01-02 and TFM Part 2, Chapter 4000); OMB Circular No. A-123,
Management Accountability and Control; OMB Circular No. A-127,
Financial Management Systems; OMB Circular No. A-130, Management of
Federal Information Resources; Government Information Security Reform
(GISR) legislation, Floyd D. Spence National Defense Authorization Act
for Fiscal Year 2001, Pub. L. 106-398.
B. Read the prior year's workpapers and audit report to identify (1)
the auditors' FFMIA determinations, (2) reported instances of
noncompliance with FFMIA, and (3) material weaknesses and reportable
conditions related to the agency's financial management systems;
Prepare a schedule of the previously identified problems to follow up
on the status of these specific problems. See section 701 B for an
example of the schedule.
C. Read the most recent FMFIA report, IG reports, GAO reports, internal
control workpapers from the financial statement audit or other reports
related to financial systems and consider the impact of any reported
weaknesses on the FFMIA assessment; Obtain an update on the status
of the issues and document problems identified in the schedule in
section 701 B.
D. Read the cycle memoranda for each of the audit cycles completed for
the current year audit. Document issues related to FFMIA compliance in
the schedule in section 701 B.
E. From the work performed in part I (planning), decide whether it is
necessary to perform the remaining test steps. If the information
gathered indicates "longstanding, well-documented financial management
systems weaknesses" that preclude compliance with FFMIA requirements,
then: Document recognition of longstanding, well-documented
financial management systems weaknesses and identify the source for
this conclusion; Obtain and document an understanding of management's
process for determining whether its systems comply with FFMIA
requirements. Report any deficiencies identified in management's
process; Complete step V (summary), except for completion of the
schedule in FAM section 701 B.
II. Testing for Compliance with Federal Financial Management Systems
Requirements;
A. Ask whether the agency has an agencywide inventory of
its systems. If so, obtain the inventory and any supporting
documentation.
B. From the agency's inventory of systems, identify the core financial
management systems and the feeder systems;
1. Document the key internal
controls and the information flows between the core financial systems
and the feeder systems in a flowchart or narrative. (This step may be
performed as part of the internal control phase);
a. Determine whether
the feeder systems are integrated or interfaced with the core financial
system. Note: Feeder systems that are integrated with the core
financial system share data tables. Therefore, reconciliations should
not be necessary;
b. If the feeder systems interface with the core
systems, determine whether reconciliations are performed between the
systems. If reconciliations are performed, determine how often and by
whom; assess the adequacy of the reconciliation, including follow-up
activities and supervisory review;
c. Through interviews with agency
management and reading of systems documentation, determine if the
agency's systems have detective controls (i.e., batch control or hash
totals or supervisory reviews) and preventive controls (i.e. segregated
duties, appropriate authorizations, or access controls) to process
transactions properly and timely. (May be performed as part of the
internal control phase).
2. Using the documentation prepared in step II.B.1 above, identify
those JFMIP financial management systems requirements that are
applicable to the agency's operations. For example, for those agencies
that do not have grant or loan programs, the auditor would not need to
assess whether JFMIP requirements related to grants or loans are
applicable. Document the results.
C. Determine whether the agency's core financial management system and
the financial portions of its applicable feeder systems, as identified
in step II.B.2 above, conform to JFMIP's federal financial management
systems requirements; Ask whether the agency's core financial
management system is a JFMIP-certified COTS system. If so, ask which
version of the software is being used and obtain the agency's JFMIP
certification for that software version. [Agencies replacing software
to meet core financial system requirements must use JFMIP-certified
core financial management systems as required by OMB Circular A-127,
but it is not a noncompliance issue for FFMIA purposes.].
1. Ask whether there have been significant changes in the agency's
automated business processes since compliance testing with JFMIP
requirements was last performed. If so, ask whether the agency has
performed an assessment of any new functionality using the JFMIP system
requirements documents, GAO checklists, or similar tools. Document the
results.
2. For those agencies with a core financial management system that is
not a JFMIP-certified COTS and for any feeder systems, obtain any
analyses performed by agency management to support its FFMIA and FMFIA
assessments that document how the agency's systems conform to the
applicable JFMIP systems requirements. If management has not performed
an analysis of systems functionality, go to step C.5.
3. Select several important functions that management has reported as
complying with the systems requirements and determine if management's
assessment can be relied upon.
4. If management's results cannot be relied upon for each system,
perform an assessment of the functionality of the applicable systems
using JFMIP system requirement documents, GAO checklists or other
similar tools.
5. Document in section 701 B, the instances and related impact in which
the agency's systems did not comply with JFMIP requirements.
D. Ask if management receives appropriate reports that are significant
to performing day-to-day management operations;
1. Determine the adequacy of reports used to manage day-to-day
operations;
a. For reports that are
produced by the agency's financial management systems, ask
knowledgeable users, read the agency's financial management systems
documentation, and from other audit work, use professional judgment to
determine if the reports produced by the systems are timely, useful,
reliable, complete, and appropriately summarized for the management
level receiving the report. Use professional judgment, agency policy,
and/or criteria evident from each report to determine its timeliness
and accuracy; i.e., if a report is due by the 10th of each month,
verify it was provided by the 10th OF EACH MONTH. IF ONLY ON-LINE ACCESS
IS PROVIDED FOR IMPORTANT internal reports, through observation,
documentation, and inquiry--such as obtaining systems logs and asking
key managers about their work habits--assess whether the reports were
available and accessed. Through inquiry and observation, assess if
management uses the reports to manage operations. Ask management what
improvements are needed in the current reporting methods. Document the
results;
b. If the reports were not produced by the agency's financial
management systems, ask how the reports were prepared and perform a
similar assessment as described in step D.1.a.
2. Determine whether appropriate levels of management are receiving
adequate and timely management information. See FAM paragraph 903.12
for questions related to determining FFMIA compliance with SFFAS No.
4;
a. Using professional judgment and industry best practices, identify
internal management performance-related information that should be
available for managing day-to-day operations;
b. Determine whether
appropriate levels of management are receiving the information
identified in step D.2.a;
c. If full costing is not used in these
management reports, assess whether the lack of full cost information
affects the usefulness of the information. Review management's
justification that full costing would not be beneficial for the
internal reports. This may need to be assessed on a case-by-case
basis.
3. Include any deficiencies identified and related impact in the
schedule shown in section 701 B.
E. Identify the agency's external reports that are related to financial
management such as those used for budget formulation and execution,
fiscal management of agency programs, funds management, payments and
receipts management, and to support the legal, regulatory, and other
special requirements of the agency;
1. Through interviews with
knowledgeable users and reading of the agency's financial management
system documentation, determine if the reports are produced by the
systems;
a. For external reports that are tested as part of the financial
statement audit, include any deficiencies identified and the related
impact in section 701 B;
b. For external reports that are not tested as
part of the financial statement audit, using professional judgment
select several reports and assess whether the reports are reliable,
timely, and complete. Include any deficiencies identified and the
related impact in section 701 B.
2. As an indicator of systems deficiencies, determine the magnitude and
type of adjustments made by both management and the auditors to derive
financial statements after the end of the accounting period.
F. Determine if the agency's financial management systems track
financial events and summarize information to facilitate the
preparation of auditable financial statements. This determination can
result from work performed as part of the financial statement audit.
Document the deficiencies and the related impact in the schedule shown
in section 701 B.
G. Determine if the financial management systems enable the agency to
prepare, execute, and report on the agency's budget in accordance with
the requirements of OMB Circular No. A-11. This determination can
result from work performed as part of the financial statement audit.
Document the deficiencies and the related impact in the schedule shown
in section 701 B.
H. Determine if the agency's financial management systems capture and
produce the financial information required to measure program
performance;
1. Identify the agency's performance measures from its
most recent accountability report that include data from the agency's
financial management systems.
2. Ask agency management whether an assessment was performed of the
validity of the financial data used to derive the performance measures.
If so, obtain and review the assessment and any supporting
documentation.
3. If agency management has not assessed the validity of the financial
data used to derive the agency's performance measures, include this
deficiency in section 701 B.
4. Determine if recent GAO or IG reports have addressed the validity of
financial data used to derive performance measures.
5. If any deficiencies were identified, include them along with the
related impact in the schedule shown in FAM section 701 B.
I. Coordinate with the Information Security (IS) auditors to determine
if the agency has implemented and maintains a program to provide
adequate security for all agency information that is collected,
processed, transmitted, stored, or disseminated in financial
management systems;
1. Have the IS auditors review the annual management evaluation and the
annual independent evaluation conducted in accordance with the
Government Information Security Reform (GISR) legislation.
2. Document the deficiencies and related impact identified by the IS
auditors in the schedule shown in section 701 B.
J. Determine if the financial management systems include internal
control to safeguard resources against waste, loss, and misuse, and
whether reliable data are obtained, maintained, and disclosed in system
generated reports. Some of the information needed to make this
determination may be obtained from the work performed in the internal
control phase of the financial statement audit, and other systems
internal control weaknesses may be identified from other audit reports
reviewed and steps performed in this program. Document the results in
section 701 B.
III. Testing for Compliance with the Federal Accounting Standards;
A. Determine if the agency's financial statements are compiled in
accordance with applicable accounting standards;
1. Ask agency
management and review financial statement audit results to determine
whether any FASAB standards are not applicable. Document the results.
Analyze the resultant list of applicable/inapplicable FASAB standards
for reasonableness and use the list as a reference in performing these
steps.
2. Determine if any issues reported as part of the financial statement
audit were related to the lack of the agency's implementation of the
accounting standards in their systems or the standards were not
properly applied because of inadequate or improperly implemented manual
procedures. Document the results in the schedule shown in section 701
B.
B. Perform tests to determine if the agency's cost accounting systems
* use the agency's accounting classification elements to identify and
establish unique cost objects to capture, accumulate, and report costs
and revenues;
* allocate and distribute the full cost and revenue of
cost objects as defined by OMB including services provided by one
federal entity to another for external reporting; and
* transfer cost
data directly to and from other cost systems/applications that produce
or allocate cost information;
Also, see step II.D.2 of this audit program.
C. From the deficiencies identified in performing steps in part II
(testing for compliance with federal financial management systems
requirements) and from tests conducted as part of the financial
statement audit, determine if the financial systems record and
summarize transactions in accordance with applicable accounting
standards. Note that the systems functionality assessments performed in
step II. B. should have determined any compliance issues related to
accounting standards since the accounting standards are used as a
source for systems functionality requirements. Document the results and
the related impact in the schedule shown in section 701 B.
IV: Testing for Compliance with the SGL:
A. Determine whether the agency
financial management systems use financial data that can be traced
directly to SGL accounts to produce reports providing financial
information for both internal and external reporting;
1. Ask agency
management and from the documentation prepared in step II.B.1 above,
determine how financial transaction data are summarized from the
financial systems to the core financial system.
2. Compare the agency's chart of accounts to the SGL accounts and
identify any deviations.
3. Review all of the standard entries allowed by the core financial
system to determine if these entries conform to the SGL posting rules.
4. Document any deficiencies and the related impact in the schedule
shown in section 701 B.
B. Ask whether the agency uses a crosswalk from its chart of accounts
for its core financial management system to the SGL. If so, perform
tests to determine the accuracy of the crosswalk;
1. Trace all SGL accounts to the crosswalk.
2. Identify any SGL accounts that are not included in the crosswalk.
Identify any agency accounts not associated with an SGL account in the
crosswalk.
3. Compare the posting rules used by the system to those included in
the SGL to determine whether the posting rules used by the system
conform to the SGL.
4. Document deficiencies and the related impact in the schedule shown
in section 701 B.
V. Summary;
A. Summarize the results of the work performed above and assess
the agency's compliance with the federal financial management systems
requirement of FFMIA;
1. Finalize the schedule of the FFMIA
noncompliances identified in the schedule prepared in FAM section 701
B.
2. Read the agency's management representation letter covering the
fiscal year under audit to obtain the agency management's FFMIA
determination;
a. Document the entity or organization responsible for the
financial management systems that have been found not to comply;
b. Document all facts pertaining to the:
i. nature and extent of the
noncompliance and areas where there is substantial but not full
compliance;
ii. primary reason or cause of the noncompliance;
iii. impact of
the noncompliance;
iv. entity or organization responsible for the
noncompliance; and;
v. relevant comments from any responsible officer or
employee;
c. Assess the recommended remedial actions for each instance of
noncompliance and the time frames for implementing these actions.
Include this assessment in the schedule in section 701 B.
3. After reviewing the nature and extent of deficiencies identified,
conclude whether the systems deficiencies identified constitute lack of
substantial compliance with FFMIA. Consider the four factors in
paragraph 701.07 from OMB's FFMIA implementation guidance when drawing
this conclusion.
4. Prepare the FFMIA section of the report. See FAM paragraphs 580.62
through .66 and sections 595 A, 595 B, and 1603, as appropriate.
[End of section]
701 B - SUMMARY SCHEDULE OF INSTANCES OF NONCOMPLIANCE WITH FFMIA:
[See PDF for image]
[End of table]
FOOTNOTES
[1] OMB also requires certain designated entities to determine FFMIA
compliance.
[2] OMB is considering revising this guidance.
[3] OMB did not include certain elements of Circular A-127, section 7,
in its FFMIA implementation guidance because some of the elements are
not essential to satisfying the requirements of FFMIA and to the
ability of an agency's systems to provide reliable, timely, and useful
information necessary for federal managers' responsibilities.
Accordingly, those elements are not included in this section.
[4] Mixed systems are any information systems that support both
financial and non-financial functions of the federal government. Mixed
systems can also be feeder systems.
[5] Shared systems are governmentwide systems used by agencies with
information and data definitions common to all users.
[6] OMB is considering revising this guidance.
[End of section]
SECTION 800:
Compliance:
802 - General Compliance Checklist:
.01:
The compliance testing section consists of a General Compliance
Checklist (questionnaire) for identifying laws and regulations for
compliance testing and supplements for the laws OMB requires auditors
of CFO Act agencies to test for (see section 295 H) and other laws of
general applicability auditors may consider during federal financial
audits. The compliance supplements provide detailed guidance for
assessing the effectiveness of compliance controls and testing
compliance with the significant provisions of each law.
.02:
The General Compliance Checklist (Form 802), or equivalent, generally
should be completed for federal financial audits. If an individual law
is considered to be significant for purposes of compliance testing, the
related supplement should be completed. Supplements should be completed
only for laws required to be tested for CFO Act agencies and for other
laws identified for compliance testing on the General Compliance
Checklist. Use of these documents is described below.
.03:
To understand and evaluate compliance controls, the auditor also should
follow the guidance in FAM 260 on identifying risk factors and in FAM
320 on understanding information systems. The FAM also provides
additional guidance on compliance considerations for all audit phases.
INSTRUCTIONS FOR GENERAL COMPLIANCE CHECKLIST:
.04:
The checklist contains a summary of each law. The auditor generally
should use this checklist or equivalent to determine which of these
laws are considered to be significant for purposes of testing
compliance, as discussed in FAM 245. The auditor should indicate
whether each law meets the criteria for significance by placing a check
mark in the appropriate column (yes or no). OMB audit guidance requires
auditors of CFO Act agencies to test for five of the laws, as noted in
section 295 H. Auditors also may test for the other four laws if they
have determined they are material to the financial statements being
audited.
.05:
The auditor may need to use estimates or interim information in the
preliminary column. The final amounts (based on the audited amounts or
the final amounts of available budget authority) are used to determine
whether all laws that would be significant in quantitative terms have
been identified for control and compliance testing. The sources of all
amounts included in this checklist should be documented. If the law is
considered to be significant from a qualitative standpoint, the reasons
for this conclusion should be documented.
.06:
Supplements to the General Compliance Checklist (Form 802):
Supplement number:
Law: Antideficiency Act (required for CFO Act agencies); Supplement
number: 803.
Law: Federal Credit Reform Act of 1990 (required for CFO Act
agencies); Supplement number: 808.
Law: Provisions Governing Claims of the U.S. Government as provided
primarily in 31 U.S.C. 3711-3720E (Including the Debt Collection
Improvement Act of 1996 (DCIA)) (required for CFO Act agencies);
Supplement number: 809.
Law: Prompt Payment Act (required for CFO Act agencies); Supplement
number: 810.
Law: Pay and Allowance System for Civilian Employees as Provided
Primarily in Chapters 51-59 of Title 5, U.S. Code (required for CFO
Act agencies); Supplement number: 812.
Law: Civil Service Retirement Act; Supplement number: 813.
Law: Federal Employees Health Benefits Act; Supplement number: 814.
Law: Federal Employees' Compensation Act; Supplement number: 816.
Law: Federal Employees' Retirement System Act of 1986; Supplement
number: 817.
[End of table]
Entity:
Period of financial statements:
Job code:
Description of Law:
Antideficiency Act - 31 U.S.C. 1341, 1342, 1514, 1517:
This law
imposes restrictions on the amounts of budgetary authority that may be
obligated or expended. As discussed in FAM 250, the auditor should
obtain information on the entity's budget authority, from sources such
as appropriation legislation, and identify all legally binding
restrictions on budget execution;
Do the amounts of any legally
binding budget execution restrictions on budget authority in effect
during the audit period exceed planning materiality or are provisions
of the Antideficiency Act otherwise considered to be significant?
(OMB audit guidance requires auditors of CFO Act agencies to test for
compliance with this law.);
Individual appropriations: (Preliminary; Final):
budget authority: (Preliminary; Final):
Planning materiality: (Preliminary; Final):
If yes, complete compliance supplement 803;
Federal Credit Reform Act of 1990 (FCRA), 2 U.S.C. 661-661f;
This law
contains numerous provisions relating to the recording of activity
related to direct loans, loan guarantees, and related modifications for
budget accounting purposes. The law provides that after October 1,
1991, an agency may incur new direct loan obligations or make new loan
guarantee commitments only to the extent that Congress has provided
budget authority to cover the costs of the loan or loan guarantee;
Does the entity's budget authority available during the audit period
for direct loan obligations, loan guarantee commitments, or any related
modifications exceed planning materiality or are provisions of the FCRA
of 1990 otherwise considered to be significant?
(OMB audit guidance
requires auditors of CFO Act agencies to test for compliance with this
law.);
Total appropriations or other budget authority available during the
fiscal year for costs of FCRA activities (direct loans, loan
guarantees, and related modifications): (Preliminary; Final)
Planning materiality: (Preliminary; Final)
If yes, complete compliance supplement 808.
Provisions Governing Claims of the U.S. Government, Including the Debt
Collection Improvement Act of 1996 (DCIA):
These provisions address
the collection of amounts owed to the federal government. Interest
generally accrues from the date that a notice stating the amount due
and the interest policies is first mailed to the debtor. Interest
generally accrues at a rate established by the Secretary of the
Treasury. Administrative costs and penalties shall also be charged;
The provisions also require the entity to take all appropriate steps to
collect the debt before discharging it and to notify Treasury about
delinquent debt for administrative offset, collection by a debt
collection center, or tax refund offset. Entities shall also
participate in a computer match of delinquent debt with federal
employees, and when collection actions are terminated, the entity
holding delinquent debt shall sell it. Provisions also require the
entity (or entities making loans the government guarantees) to notify
credit-reporting agencies about delinquent debt and not make or
guarantee loans to persons who owe delinquent debt;
Does the
cumulative amount of receivables created during the audit period that
are subject to provisions governing claims of the U.S. government,
including DCIA, exceed planning materiality; does the amount of
receivables at the end of the audit period that are subject to
provisions governing claims of the U.S. government, including DCIA,
exceed planning materiality; or are provisions governing claims of the
U.S. government, including the DCIA, otherwise considered to be
significant?
(OMB audit guidance requires auditors of CFO Act agencies to test for
compliance with this law.)
Provisions Governing Claims of the U.S. Government, Including the Debt
Collection Improvement Act of 1996 (DCIA):
Cumulative amount of; receivables created during the; audit period
that are subject to; provisions governing claims of; the U.S.
government, including; DCIA: (Preliminary; Final) or:
Amount of receivables at the end of the audit period that are subject
to provisions governing claims of the U.S. government, including DCIA:
(Preliminary; Final).
Planning materiality: (Preliminary; Final)
If yes, complete compliance supplement 809;
Note: These
provisions of the law generally do not apply to amounts payable to the
entity under the Internal Revenue Code, the Social Security Act, or
tariff laws. Those laws contain specific provisions for these amounts.
Prompt Payment Act, 31 U.S.C. 3901 et seq:
The Prompt Payment Act requires federal entities to make payments for
property or services by
the due date specified in the related contract or, if a payment date is
not specified in the contract, generally 30 days after the invoice for
the amount due is received. If payments are not made within the
appropriate period, the entity shall pay an interest penalty. Also,
discounts offered by vendors may be taken only during the specified
period. If they are taken after the time period has expired, an
interest penalty shall be paid;
Do the entity's payments for
property or services subject to the Prompt Payment Act for the audit
period exceed planning materiality or are provisions of the Prompt
Payment Act otherwise considered to be significant?
(OMB audit
guidance requires auditors of CFO Act agencies to test for compliance
with this law.);
Amount of payments made for property and services subject to the
Prompt Payment Act: (Preliminary; Final)
Planning materiality: (Preliminary; Final)
If yes, complete compliance supplement 810;
Pay and Allowance System for Civilian Employees as Provided Primarily
in Chapters 51-59 of Title 5, U.S. Code;
These laws require that
employees be paid at the appropriate rates established by law,
including general pay increases, and that employees be paid at least
minimum wage;
Does the entity's payroll expense for the audit period
exceed planning materiality or are related provisions of the Pay and
Allowance System for Civilian Employees (as provided primarily in
Chapters 51-59 of Title 5, U.S. Code) otherwise considered to be
significant?
(OMB audit guidance requires auditors of CFO Act
agencies to test for compliance with this law.);
Payroll expense: (Preliminary; Final)
Planning materiality: (Preliminary; Final)
If yes, complete compliance supplement 812;
It is not expected that the entity's
expense for performance awards, cash awards, overtime, travel,
transportation, subsistence, or allowances for the audit period would
exceed planning materiality. However, if these items or related
provisions of the Pay and Allowance System for Civilian Employees are
otherwise considered to be significant, the auditor should consult with
the Office of General Counsel (OGC) for specific provisions to be
considered for compliance testing;
Civil Service Retirement Act, 5 U.S.C. 8331 et seq:
This law
provides retirement benefits to employees who were hired prior to
January 1, 1984. For each employee, the entity withholds a percentage
of basic pay from the employee's compensation and contributes an equal
amount for retirement. The employee and entity amounts are remitted to
Treasury;
Does the entity's expense for retirement costs under the
Civil Service Retirement Act for the audit period exceed planning
materiality or are provisions of the Civil Service Retirement Act
otherwise considered to be significant?
Expense for retirement contributions: (Preliminary; Final)
Planning materiality: (Preliminary; Final)
If yes, complete compliance supplement 813.
Federal Employees Health Benefits Act, 5 U.S.C. 8901 et seq:
This
law provides health insurance coverage to employees who elect health
insurance benefits. For each employee who elects coverage, the entity
pays an amount set by OPM for insurance costs. The entity portion
cannot exceed 75 percent of the insurance cost. The employee pays the
remainder of the total cost. Information on the employee and entity
cost of the insurance is published by OPM. The entity withholds the
amount of the employee's portion of the cost from the employee's pay
and remits this amount, along with its own contribution, to Treasury;
Does the entity's expense for health insurance costs for the audit
period exceed planning materiality or are provisions of the Federal
Employees Health Benefits Act otherwise considered to be significant?
Expense for health insurance: (Preliminary; Final);
Planning materiality: (Preliminary; Final);
If yes, complete compliance supplement 814;
Federal Employees' Compensation Act, 5 U.S.C. 8101 et seq:
This law
provides for the compensation of employees injured or disabled while
performing their duties. Claims are paid out of the Federal Employees'
Compensation Fund. Federal entities are billed annually by the fund for
claims paid on their behalf;
Does the entity's expense for the audit
period for benefits paid by the Federal Employees' Compensation Fund on
the entity's behalf exceed planning materiality or are provisions of
the Federal Employees' Compensation Act otherwise considered to be
significant?
Expense for Compensation Fund claims: (Preliminary; Final);
Planning materiality: (Preliminary; Final);
If yes, complete compliance supplement 816;
Federal Employees' Retirement System Act of 1986, 5 U.S.C. 8401 et
seq:
This law provides retirement benefits for employees who were
hired after December 31, 1983. For each employee, the entity withholds
a percentage of basic pay from the employee's compensation and
contributes an amount equal to the employing agency's applicable normal
cost percentage less the employee deduction rate for retirement. The
employee and entity amounts are remitted to Treasury;
Does the
entity's expense for retirement costs under the Federal Employees'
Retirement System Act for the audit period exceed planning materiality
or are provisions of the Federal Employees' Retirement System Act of
1986 otherwise considered to be significant?
Expense for retirement contributions: (Preliminary; Final);
Planning materiality: (Preliminary; Final);
If yes, complete compliance supplement 817.
Other laws; Perform the following procedures and include references
to supporting documentation:
1. As described in FAM 245.02, read the
list of laws and regulations identified by the entity as significant to
others. (See [EMPTY].);
2. With OGC assistance, identify any other laws or
regulations that have a direct effect on determining financial
statement amounts. Determine whether any such laws or regulations are
material to the financial statements. (See [EMPTY].);
3. Consider whether to
test compliance with any indirect laws or regulations and make
inquiries of management as discussed in FAM 245.04-.06.
(See [EMPTY].);
4. For all laws or regulations identified for testing above, identify
significant provisions using the criteria in FAM 245.02. Test
compliance controls and compliance as described in FAM 300 and 460;
Are any other laws or regulations identified for compliance testing?
If yes, attach a list of the laws or regulations identified to this
form and reference it to control and compliance work performed.
[End of table]
INSTRUCTIONS FOR COMPLIANCE SUPPLEMENTS:
.07:
Each compliance supplement consists of (1) a compliance summary, (2) a
compliance audit program, and (3) notes.
Compliance Summary:
.08:
For each law identified for compliance testing on the General
Compliance Checklist, the auditor generally should complete the related
compliance summary or equivalent. The compliance summary is designed to
assist the auditor in planning compliance control tests and summarizing
the results of compliance control tests and compliance tests for
reporting the results of the work performed.
.09:
The first column contains a description of the specific provisions of
the law that have been identified for compliance testing, the type of
provision, and the reference to the law.
.10:
The second column contains the objective related to the specific
provision to be used for both compliance control and compliance
testing.
.11:
The auditor should identify the control activities that the entity has
in place to achieve each objective and document the control activity in
the third column. If the entity does not have a control activity that
achieves the objective, the auditor should document this condition in
the third column.
.12:
The fourth column is used to indicate whether the control activity is
information system (IS)-related as described in FAM 270.04. IS controls
are those the effectiveness of which depends on computer processing.
They can generally be classified into general, application, and user
controls. Testing of IS controls generally should be performed by an IS
auditor, although the audit team may assist the IS auditor.
.13:
The auditor should design control tests to determine whether the
control activities that have been identified in the third column are in
place and operating effectively. A control activity is considered to be
effective if it achieves the control objective. The control testing
program and the control tests should be recorded in the documentation.
The results of these tests and the auditor's conclusions on the
effectiveness of the compliance controls should be documented in the
fifth column of the Compliance Summary. A reference to supporting
documentation should be included in this column.
.14:
Compliance tests should be performed using the related Compliance Audit
Program as described below. The results of the compliance tests should
be indicated in the last column of the Compliance Summary along with a
reference to the supporting documentation.
Compliance Audit Program:
.15:
A compliance audit program has been developed for the provisions
identified on the related compliance summary for each law. For each law
identified for compliance testing on the General Compliance Checklist,
the auditor generally should perform each step of the related
compliance audit program. Because the subject matter of some laws is
closely related to matters the auditor will be planning to test for
other parts of the audit, the auditor should consider coordinating with
that other testing and designing multipurpose tests. For example,
payroll compliance testing could be performed using multipurpose tests
of payroll controls and/or substantive payroll testing. The auditor
generally should initial in the "performed by" column of the compliance
audit program when he or she performs the procedure. A reference to the
documentation recording the work performed for each step generally
should be included in the last column of the compliance audit program.
803 - ANTIDEFICIENCY ACT:
Note: Complete this compliance summary or prepare equivalent
documentation only if provisions of the Antideficiency Act are
considered to be significant as indicated on Form 802 - General
Compliance Checklist.
OMB guidance on budget execution, including the Antideficiency Act, is
included in OMB Circular A-11, Part 4.
[See PDF for image]
[End of table]
Note: Complete this program or prepare equivalent documentation only if
provisions of the Antideficiency Act are considered to be significant
as indicated on Form 802 - General Compliance Checklist. The procedures
in this program are designed to test compliance with the provisions
listed on the Compliance Summary for this law.
Audit Procedures:
1. List the appropriations or other budget authority and the related
budget accounts that were identified for compliance testing on Form 802
- General Compliance Checklist. Per page 802-3, the auditor should
identify all legally binding restrictions on budget execution, from
sources such as appropriation legislation;
(The following tests for
compliance with the Antideficiency Act should be coordinated with tests
of the Statement of Budgetary Resources and with tests of expenses.)
2. As discussed in FAM 460.03, the auditor needs assurance that the
summarized budget information (obligations and expenditures) used for
compliance tests is reasonably accurate and complete. This assurance
may be provided through effective controls (usually the budget
controls) or, if the controls are not effective, through substantive
testing of budget amounts for validity, completeness, cutoff,
recording, classification, and summarization as described in FAM 495
B;
For the accounts listed in step 1, document if this assurance is
provided through effective controls (as indicated on Form 803 -
Compliance Summary) or if substantive tests of the budget information
are necessary;
If the controls are not considered to be effective in
meeting some or all of the budget control objectives listed in FAM 395
F, perform substantive tests of the budget amounts (obligations and
expenditures) as discussed in FAM 495 B. These substantive tests should
be performed only for those potential misstatements for which the
entity does not have effective budget controls;
After the auditor is
satisfied as to the reasonableness of the budget amounts to be used for
the compliance tests, perform the compliance tests in steps 3 and 4.
3. Compare the actual amounts of budget obligations and expenditures
with the related appropriation or other budget authority listed in step
1. If the entity does not appear to have complied with the provision,
perform step 5. (31 U.S.C. 1341(a)(1)(A) and (C)).
4. Determine the entity's legally binding level of budget authority
(below the appropriation level) that was identified during the planning
phase. This level is usually the apportionment level unless the entity
has elected a lower level, such as allotments;
Compare the amount of
actual obligations and expenditures to the legally binding level of
restrictions on budget authority identified for compliance testing (the
apportionment or allotment level). If the entity does not appear to
have complied with the provision, perform step 5. (31 U.S.C. 1517(a)).
5. If the entity does not appear to be in compliance based on the
results of tests performed, discuss these matters with OGC and, when
appropriate, the Special Investigator Unit to conclude if noncompliance
actually has occurred and the implications of such noncompliance;
For any noncompliance noted, the auditor should
* identify the
weakness in controls that allowed the noncompliance to occur, if not
previously identified during control testing;
* report the nature of
any weakness in controls and consider modification of the opinion on
internal control as appropriate (see FAM 580.32-.61);
* consider the
implications of any instances of noncompliance on the financial
statements, and
* report instances of noncompliance, as appropriate
(see FAM 580.67-.75.).
6. Document conclusions on compliance with each provision on Form 803
- Compliance Summary.
[End of table]
Note 1: Entities are required to establish regulations that provide for
a system of administrative controls over their execution of budget
authority (31 U.S.C. 1514(a)). As discussed in FAM 250.03, the entity
may elect to lower the level at which budget limitations are legally
binding in these regulations. For example, the entity may elect to
reduce the legally binding limit on the obligation and expenditure of
budget funds from the apportionment to the allotment level. The auditor
should determine the level at which the entity's legally binding limit
has been established.
Note 2: The auditor should consider the results of the evaluation and
testing of budget controls. These controls relate to the execution of
budget authority and usually are the same controls that are used to
comply with the Antideficiency Act. Accordingly, additional
consideration of controls that achieve the compliance objective
generally is not necessary if the auditor has assessed whether the
entity achieves all of the budget control objectives listed in FAM 395
F. The auditor should reference this compliance summary to the budget
control evaluation and testing and perform any additional procedures
considered necessary to conclude if compliance controls are effective.
[End of section]
808 - FEDERAL CREDIT REFORM ACT OF 1990:
Note: Complete this compliance summary or prepare equivalent
documentation only if provisions of the Federal Credit Reform Act of
1990 (FCRA) are considered to be significant as indicated on Form 802 -
General Compliance Checklist.
OMB guidance on FCRA is included in OMB Circular A-11, part 5, Federal
Credit Programs.
[See PDF for image]
[End of table]
Note: Complete this program or prepare equivalent documentation only if
provisions of the Federal Credit Reform Act (FCRA) are considered to be
significant as indicated on Form 802 - General Compliance Checklist.
The procedures in this program are designed to test compliance with the
provisions listed on the Compliance Summary.
OMB guidance on FCRA is included in OMB Circular A-11, part 5, Federal
Credit Programs.
Audit Procedures:
1. List the appropriations or other budget authority and the related
budget accounts that were identified for compliance testing on Form 802
- General Compliance Checklist.
2. As discussed in FAM 460.03, the auditor needs assurance that the
summarized budget information (obligations and expenditures) used for
compliance tests is reasonably accurate and complete. This assurance
may be provided through effective controls (usually the budget
controls) or, if the controls are not effective, through substantive
testing of budget amounts for validity, completeness, cutoff,
recording, classification, and summarization as described in FAM 495
B.
For the accounts listed in step 1, document whether this
assurance is provided through effective controls (as indicated on Form
808 - Compliance Summary) or whether substantive tests of the budget
information are necessary.
If the controls are not considered to be
effective in meeting some or all of the budget control objectives
listed in FAM 395 F, plus the supplemental objectives for FCRA listed
in FAM 395 F Sup, perform substantive tests of the budget amounts
(obligations and expenditures) as discussed in FAM 495 B. These
substantive tests should be performed only for those potential
misstatements for which the entity does not have effective budget
controls.
After the auditor is satisfied as to the reasonableness of
the budget amounts to be used for the compliance tests, perform the
compliance tests in steps 3 and 4.
3. For each appropriation account or other budget authority listed in
step 1, perform the following procedures that are applicable for direct
and guaranteed loan programs that have a positive subsidy (i.e., cash
outflows exceed cash inflows); (for direct and guaranteed loan programs
that have a negative subsidy (i.e., cash inflows exceed cash outflows),
perform step 4).
(a) Compare the amount of obligations for direct
loans to the amount of the available appropriation or other budget
authority. (Note: This budget restriction is applicable only to
obligations for direct loans made on or after October 1, 1991.).
3. (b) Compare the amount of obligations for modifications of direct
loan obligations or outstanding direct loans to the amount of available
budget authority. (Note: The sale of a direct loan is considered a
modification. Discuss applicability of this budget restriction to
direct loans and direct loan obligations that were outstanding prior to
October 1, 1991, with OGC prior to performing compliance test.).
3. (c) Compare the amount of obligations for loan guarantee commitments
to the amount of the available appropriation or other budget authority.
(Note: This budget restriction is only applicable to obligations for
loan guarantee commitments made on or after October 1, 1991.).
3. (d) Compare the amount of obligations for modifications of loan
guarantee commitments or outstanding loan guarantees to the amount of
available budget authority. (Note: Discuss applicability of this budget
restriction to loan guarantees and loan guarantee commitments that were
outstanding prior to October 1, 1991, with OGC prior to performing
compliance test.) (2 U.S.C. 661c(b) and (e)).
If the amounts of
obligations in any of these comparisons exceed the available budget
authority, the entity may not be in compliance. Perform step 5;
4. Direct and guaranteed loan programs that have a negative subsidy
(cash inflows exceed cash outflows) do not receive an appropriation.
However, such programs have a loan limit that cannot be exceeded, i.e.,
a maximum number of loans that can be made or guaranteed. For these
programs, compare the total number and dollar volume of loans made to
the loan limit in the applicable Presidents' Budget. Perform step 5.
5. If the entity does not appear to be in compliance based on the
results of tests performed, discuss these matters with OGC and, when
appropriate, the Special Investigator Unit to conclude if noncompliance
actually has occurred and the implications of such noncompliance.
For any noncompliance noted, the auditor should:
* identify the
weakness in controls that allowed the noncompliance to occur, if not
previously identified during control testing;
* report the nature of
any weakness in controls and consider modification of the report on
internal control as appropriate (see FAM 580.32-.61);
*consider the
implications of any instances of noncompliance on the financial
statements; and
* report instances of noncompliance, as appropriate (see FAM 580.67-
.75).
6. Document conclusions on compliance with each provision on Form 808
- Compliance Summary.
[End of table]
Note 1: A direct loan is a disbursement of funds by the government to a
non-federal borrower under a contract that requires the repayment of
such funds with or without interest. The term also includes the
purchase of, or participation in, a loan made by another lender. The
term does not include the acquisition of a federally guaranteed loan in
satisfaction of default claims or the price support loans of the
Commodity Credit Corporation. (2 U.S.C. 661a(1)):
Note 2: A direct loan obligation is a binding agreement by a federal
agency to make a direct loan when specified conditions are fulfilled by
the borrower. (2 U.S.C. 661a(2)):
Note 3: A loan guarantee is any guarantee, insurance, or other pledge
with respect to the payment of all or a part of the principal or
interest on any debt obligation of a nonfederal borrower to a
nonfederal lender, but does not include the insurance of deposits,
shares, or other withdrawable accounts in financial institutions. (2
U.S.C. 661a(3)):
Note 4: A loan guarantee commitment is a binding agreement by a federal
agency to make a loan guarantee when specified conditions are fulfilled
by the borrower, the lender, or any other party to the guarantee
agreement. (2 U.S.C. 661a(4)):
Note 5: Appropriations or other budget authority to cover the cost of
budget obligations for direct loan obligations and loan guarantee
commitments must be made in advance by Congress. For revolving or other
funds that otherwise would be available for these budget obligations,
Congress must enact a limit on the use of such funds for these purposes
to make them available for use. (2 U.S.C. 661c(b)):
Note 6: Costs are defined as the estimated long-term cost to the
government of a direct loan or loan guarantee, calculated on a net
present value basis, excluding administrative costs and any incidental
effects on governmental receipts or outlays. These calculations are
described in further detail under the valuation control objective for
obligations in FAM 395 F. (2 U.S.C. 661a(5)):
Note 7: There is an exemption from this requirement for entitlements
(mandatory programs such as the guaranteed student loan program and the
VA home loan guaranty program) and credit programs of the Commodity
Credit Corporation existing on the date of enactment of the act
(November 5, 1990). (2 U.S.C. 661c(c)):
Note 8: Modifications are government actions that alter the estimated
net present value of a direct loan or loan guarantee for which an
obligation has been recorded, for example, the sale of a direct loan,
per SFFAS No. 2, paragraph 53, or a policy change affecting the
repayment period or interest rate for a group of existing loans.
(Changes within the terms of existing contracts or through other
existing authorities are not considered to be modifications. Also,
"work outs" of individual loans, such as a change in the amount or
timing of payments to be made, are not considered modifications.) The
effects of these changes should be included in the annual reestimates
of the estimated net present value of the obligations. Permanent
indefinite authority is provided by FCRA for these reestimates.
Note 9: Discuss applicability of this budget restriction to direct
loans, direct loan obligations, loan guarantees, or loan guarantee
commitments that were outstanding prior to October 1, 1991, with OGC
prior to performing control or compliance tests.
Note 10: The auditor should consider the results of the evaluation and
testing of budget controls and testing of the Statement of Budgetary
Resources. These controls relate to the execution of budget authority
and usually are the same controls that are used to comply with the
Antideficiency Act and the Federal Credit Reform Act. Accordingly,
additional consideration of controls that achieve the compliance
objective generally is not necessary if the auditor has assessed
whether the entity achieves all of the budget control objectives listed
in FAM 395 F, including the supplemental control objectives for the
Federal Credit Reform Act. The auditor should reference to the budget
control evaluation and testing and perform any additional procedures
considered necessary to conclude if compliance controls are effective.
[End of section]
809 - PROVISIONS GOVERNING CLAIMS OF THE U.S. GOVERNMENT (31 U.S.C.
3711-3720) (INCLUDING THE DEBT COLLECTION IMPROVMENT ACT OF 1996
(DCIA)):
Note: Complete this compliance summary or prepare equivalent
documentation only if provisions governing claims of the U.S.
government, as provided primarily in sections 3711-3720E of Title 31,
U.S. Code (including provisions of the Debt Collection Improvement Act
of 1996), are considered significant, as indicated on Form 802 -
General Compliance Checklist.
OMB Guidance on FCRA is included in OMB Circular A-11, part 5, Federal
Credit Programs:
[See PDF for image]
[End of table]
Note: Complete this program or prepare equivalent documentation only if
provisions governing claims of the United States government as provided
primarily in sections 3711-3720E of Title 31, U.S. Code (including
provisions of the Debt Collection Act of 1996) are considered
significant, as indicated on Form 802 - General Compliance Checklist.
The procedures in this program are designed to test compliance with the
provisions listed on the Compliance Summary.
OMB Guidance on FCRA is included in OMB Circular A-11, part 5, Federal
Credit Programs:
Audit Procedures:
1. Based on the preliminary assessment of compliance control
effectiveness (as documented on Form 809 - Compliance Summary), select
a sample of amounts owed to the entity during or at the end of the
audit period. (The sample size will vary based on the expected
effectiveness of compliance controls, as discussed in FAM 460.02).
Document the sampling approach using the documentation in FAM section
495 E. See note 8 regarding sampling efficiencies and completeness of
the sample population.
2. For each item selected in step 1 obtain the loan file or other
supporting documentation and note the following information as of the
date selected for testing:
* due date of debt;
* amount owed;
* date the notice of the amount due and the interest policies is first
mailed to the debtor;
* amount of interest accrued and other administrative
charges and penalties charged, if any; and
* number of days the debt is
past due, if any;
Perform step 3 if the debt is past due;
Perform step 4 if the debt is not past due.
3. If the amount selected is past due:
(a) Calculate the number of
days that interest should be accrued on the debt as of the date
selected for testing. Interest generally accrues from the date that the
notice of the amount due is first mailed to the debtor. (See note 1.)
Compare the auditor's calculation with the calculation performed by the
entity and obtain explanation and examine support for any differences.
(31 U.S.C. 3717(b)).
3. (b) Determine the interest rate that should be used to accrue
interest on the debt. The rate is published in the Federal Register and
should be the rate that was in effect on the date that the notice of
the amount due is first mailed to the debtor. (The web site for the
Federal Register is: http://www.access.gpo.gov/su_docs/aces/
aces140.html.) Compare the auditor's determination of the rate to the
rate used by the entity and obtain explanation and examine support for
any differences. (31 U.S.C. 3717(a) and (c)).
3. (c) Calculate the amount of interest that should be owed as of the
date selected for testing using the number of days tested in (a) and
the interest rate tested in (b). Compare the auditor's calculation to
the amount calculated by the entity and obtain explanation and examine
support for any differences. See notes 2 and 3 regarding the waiver of
interest.
3. (d) Obtain the entity's schedule of administrative charges and late
payment penalties and determine if the appropriate amounts were charged
to the debtor. See note 3 regarding the waiver of these charges. (31
U.S.C. 3717(e) and (f)).
4. If the debt is not past due, determine through examination of the
entity's records whether
(a) interest, administrative charges, or penalties are not being
charged; and
(b) the debtor had no
outstanding nontax delinquent federal debt at the time the loan was
obtained. (31 U.S.C. 3720 B).
5. The objectives listed below relate to procedural-based provisions. As
discussed in FAM 460.06, sufficient procedures usually are performed in
conjunction with tests of compliance controls for these procedural-
based provisions to conclude on the entity's compliance without
performing additional procedures. Additional procedures should not be
performed to obtain evidence regarding compliance with the provisions
related to the following objectives unless sufficient evidence
regarding compliance was not obtained during compliance control tests
documented on Form 809 - Compliance Summary;
(a) Claims of more than
$100,000 (excluding interest, penalties, and administrative costs) are
referred to the Justice Department for compromise, termination, or
suspension. See note 4. (31 U.S.C. 3711 );
(b) Claims delinquent for a
period of 180 days have been referred to Treasury for collection. See
notes 5, 6, and 7. (31 U.S.C. 3711 (g)).
6. If the entity does not appear to be in compliance based on the
results of tests performed, discuss these matters with OGC and, when
appropriate, the Special Investigator Unit to conclude if noncompliance
actually has occurred and the implications of such noncompliance;
For any noncompliance noted, the auditor should
*identify the
weakness in compliance controls that allowed the noncompliance to
occur, if not previously identified during compliance control testing
* report the nature of any weakness in compliance controls and consider
modification of the conclusion on internal control as appropriate (see
FAM 580.32-.61)
* consider the implications of any instances of
noncompliance on the financial statements; and
* report instances of noncompliance, as appropriate (see FAM 580.67-
.75).
7. Document conclusions on compliance with each provision on Form 809
- Compliance Summary.
[End of table]
Note 1: Claims are amounts owed to the government, including amounts
owed for loans insured or guaranteed by the government. The term
"claim" is used interchangeably with the term "debt" in this law. (31
U.S.C. 3701(b))
Interest normally accrues from the date that notice of the debt and the
agency's interest policies is first mailed to the debtor. If the agency
sends a bill to the debtor in advance of the due date and that bill
states the interest policies, interest would accrue from the due date
specified in the bill.
The provisions regarding accrual of interest and other charges do not
apply to the extent that a statute, related regulation, loan agreement,
or contract provides otherwise, or if a claim is under a contract
executed before October 25, 1982, that is in effect on October 25,
1982. (31 U.S.C. 3717(g)) Accrual of interest and penalties under this
law does not apply to amounts owed by other agencies of the federal
government, a state government or a unit of general local government or
to amounts payable to the entity under the Internal Revenue Code, the
Social Security Act, or tariff laws. (31 U.S.C. 3701 (c) and (d)) This
law, however, does not preclude the charging of interest to state and
local governments under authority provided under other laws.
Note 2:
The entity shall waive the collection of interest on a claim (or
any portion of the claim) that is paid within 30 days after the date on
which interest began to accrue. The agency may extend this 30-day
period. (31 U.S.C. 3717(d)) Interest that is either accrued or
collected on claims that are paid within the 30-day period would
usually not be material or otherwise significant for purposes of
compliance testing. If the auditor considers this provision to be
significant for compliance testing, this form should be tailored to
include the appropriate testing procedures.
Note 3:
The entity has the authority to waive the collection of
interest, penalties, and administrative charges. The entity should
follow its own regulations when determining whether a waiver is
appropriate. Such regulations should be in conformity with the
standards set jointly by the Comptroller General, the Attorney General,
and the Secretary of the Treasury described in 31 CFR 901.9. (31 U.S.C.
3717(h)):
The entity may increase an administrative claim (debt not based on an
extension of government credit through direct loans, guarantees, or
insurance, including fines, penalties, and overpayments) annually by
the cost of living adjustment in lieu of charging interest and
penalties. (31 U.S.C. 3717(i)):
Note 4:
Compromise is the term used when an amount less than the total
amount of the claim is accepted by the entity as payment in full.
Suspension refers to the temporary deferral of collection activities
until collection activity is expected to be more successful.
Termination refers to stopping of collection activities.
Only the Justice Department has the authority to compromise, terminate,
or suspend collection on claims that are greater than $100,000
(excluding interest, penalties, and administrative charges). Pursuant
to 31 CFR Parts 902.1 and 903.1, entities generally should use a Claims
Collection Litigation Report (CCLR) to refer such matters to the
Justice Department.
Note 5:
Exceptions to the requirement to transfer nontax debt delinquent
for a period of 180 days to Treasury for collection are:
(a)a debt or claim that:
(1)is in litigation or foreclosure;
(2)will be disposed of under an asset sales program within 1 year after
becoming eligible for sale, or later than 1 year if consistent with an
asset sales program and a schedule established by the entity and
approved by OMB;
(3)has been referred to a private collection contractor for collection
for a period determined by Treasury;
(4)has been referred by, or with the consent of, Treasury to a debt
collection center for a period determined by Treasury; or:
(5)will be collected under internal offset, if such offset is
sufficient to collect the claim within 3 years after the date the debt
or claim is first delinquent; and:
(b)
to any other specific class of debt or claim, as determined by Treasury
at the request of an entity. (31 U.S.C. 3711(g)(2)) Examples include:
(1)
debts in bankruptcy meeting the criteria for an automatic stay (11
U.S.C. 362),
(2) foreign debt considered uncollectable by Treasury due to foreign
diplomacy considerations and affairs of state,
(3) debts in forbearance or appeals.
Note 6: Exceptions to the requirement to notify Treasury of nontax debt
delinquent over 180 days for administrative offset are a claim that has
been outstanding for more than 10 years or when a statute explicitly
prohibits using administrative offset or setoff to collect the type of
claim involved. (31 U.S.C. 3716(e)) Also, this section does not
prohibit the use of any other administrative offset authority existing.
(31 U.S.C. 3716 (d)):
Prior to referring debts to Treasury, an agency shall inform the debtor
of the amount and nature of the debt (such as overpayment, etc.), and
actions which may be taken to enforce recovery of a delinquent debt.
These include:
(a) offset of any payments which the debtor is due, including tax
refunds, and salary;
(b) referral of the debt to a private collection agency;
(c) referral of the debt to the Department of Justice or agency
counsel for litigation;
(d) reporting of the debt to a credit bureau;
(e)
reporting of the debt, if discharged, to IRS as a potential taxable
income.
In the future, the agency also will need to inform the debtor that the
debt may be subject to administrative wage garnishment, his/her
identity may be published or publicly disseminated, and/or the debt may
be sold.
The notice must tell the debtor that he/she has the opportunity:
(a) to inspect and copy records relating to the debt,
(b) for a review by the agency; and:
(c) to enter into a written repayment agreement.
Note 7: Before an entity refers past-due debt to Treasury for reduction
of tax refund, it must:
(a) notify the person incurring such debt that the entity proposes to
refer to Treasury for tax refund offset,
(b) give such person at least 60 days to present evidence that all or
part of the debt is not past due or not legally enforceable,
(c)
consider any evidence presented by such person and determine that an
amount of such debt is past due and legally enforceable,
(d)
satisfy such other conditions Treasury may prescribe to ensure the
above determination is valid and that the entity has made reasonable
efforts to obtain payment, and:
(e)
certify that reasonable efforts have been made by the entity to obtain
payment. (31 U.S.C. 3720A (b)):
Treasury issues regulations prescribing the times at which entities
shall submit notices of past-due legally enforceable debts, the manner
of submitting them, and the information to be contained in them. The
regulations also specify the minimum amount of debt that may be
referred for tax refund offset and the fee the entity shall pay to
reimburse Treasury for its costs.
Note 8: If multipurpose testing is used for the compliance test and/or
compliance control test and/or a substantive test of accounts or loans
receivable details, the sample items for the compliance test and/or
compliance control test should be selected using the sampling method
used for the substantive test as described in FAM 430. Otherwise, the
items should be selected using attribute sampling as discussed in FAM
460.02.
As with all sampling applications, the auditor should consider the
completeness of the test population. For efficiency, the auditor should
consider using records that were tested for validity, accuracy, and
completeness (as well as the other financial statement assertions) in
conjunction with substantive tests of the population.
[End of section]
810 - PROMPT PAYMENT ACT:
Note: Complete this compliance summary or prepare equivalent
documentation only if provisions of the Prompt Payment Act are
considered to be significant as indicated on Form 802 - General
Compliance Checklist.
OMB guidance on the Prompt Payment Act is included in 5 CFR Part 1315.
[See PDF for image]
[End of table]
Note: Complete this program or prepare equivalent documentation only if
provisions of the Prompt Payment Act are considered to be significant
as indicated on Form 802 - General Compliance Checklist. The procedures
in this program are designed to test compliance with the provisions
listed on the Compliance Summary.
OMB Guidance on the Prompt Payment Act is included in 5 CFR Part 1315.
Audit Procedures:
1. Based on the preliminary assessment of compliance control
effectiveness (as documented on Form 810 - Compliance Summary), select
a sample of payments from throughout the audit period. (The sample size
will vary based on the expected effectiveness of compliance controls as
discussed in FAM 460.02.) Document the sampling approach using the
documentation in FAM section 495 E. See note 6 regarding sampling
efficiencies and completeness of the population;
2. For each item selected in step 1, obtain the supporting
documentation for the payment such as the invoice voucher package;
(a) Document the following items in the documentation:
* invoice number;
* payee;
* invoice amount;
* invoice date;
* invoice receipt date
(or other date used for determining compliance with this law - see step
2 (b));
* payment date;
* amount of interest penalty paid, if any;
* amount of discount taken, if any; and appropriation account(s)
charged for the expenditure and interest penalty, if any.
2. (b) For each item selected, note whether the payment was made by the
required due date. The required due date may be the date specified in
the contract or, if a date is not specified, 30 days after receipt of
the invoice (31 U.S.C. 3903(a)(1)(A) and (B)). If payment is for meat
or meat food products, perishable agricultural products, dairy products
or construction contracts, consult with OGC to determine payment due
date. Specific payment due dates to avoid interest penalties are
established by law for these items. (31 U.S.C. 3903(a)(2), (3), (4),
and (6));
The invoice receipt date is the later of (1) the date the
entity's designated representative or office actually receives a proper
invoice or (2) the 7th day after the date on which, in accordance with
the terms and conditions of the contract, the property is actually
delivered or performance of the services is actually completed (unless
the entity accepted the property or services before the 7th day or a
longer acceptance period is specified in the contract). If the date of
actual invoice receipt is not indicated, the entity must use the
invoice date. (31 U.S.C. 3901(a)(4)(A) and (B));
If the payment was made prior to the payment due date, perform step 3;
If the payment was made after the payment due date, perform step 4;
If a discount was taken, perform step 5.
3. If the payment was made prior to the payment due date, and no
discount was taken, determine that no interest penalty was paid;
(Note: If the entity did not take advantage of a discount for which it
was eligible or if an interest penalty was paid when it was not owed,
the auditor generally should determine the cause of these items for
purposes of reporting findings.).
4. If the payment was made after the payment due date, determine
whether;
(a) an interest penalty was paid;
(b) the amount of the interest penalty was properly calculated; and
(c) the interest penalty was paid out of the appropriation used to pay
the related expenditures;
Review the accounting codes indicated on the expense
voucher. Determine whether the accounting codes used to record the
interest penalty are the same as those used for the related expenditure
and whether the codes and amounts agree with those recorded in the
budgetary accounting records. (See step 6 regarding proper
summarization of amounts.) (31 U.S.C. 3902 (a), (b), and (f));
Investigate any differences between the amount of interest penalty
calculated by the auditor and the amount paid by the entity, including
any instances when an interest penalty was owed but not paid. See note
5. Investigate any instances when the proper appropriation account was
not charged;
See note 2 regarding the interest rate to be used. See
notes 3 and 4 regarding the period the penalty should cover.
5. If a discount was taken, determine whether it was taken during the
specified period the discount was available. If the discount was taken
during the specified period, further consideration is not necessary;
If any discounts are taken after the appropriate time period, determine
whether;
(a) an interest penalty was paid,;
(b) the amount of the
interest penalty was properly calculated, and
(c) the interest
penalty was charged against the appropriation used for the related
expenditures;
Review the budget accounting codes indicated on the
expense voucher. Determine whether the budget accounting codes
indicated on the voucher for the interest penalty are the same as those
used for the related expenditure. Determine whether the codes and
amounts on the voucher agree with those recorded in the budgetary
accounting records. (See step 6 regarding proper summarization of the
budgetary amounts.) (31 U.S.C. 3902 (a), (b), and (f), and 31 U.S.C.
3904);
Interest penalties should be calculated on the amount of the
discount. The penalty accrues on the amount of the discount from the
last date specified that the discounted amount may be paid (31 U.S.C.
3904). See note 2 regarding the interest rate to be used to calculate
the interest penalty;
Investigate any differences between the amount of
interest penalty calculated by the auditor and the amount paid by the
entity, including any instances when an interest penalty was owed but
not paid. Investigate any instances when the proper appropriation
account was not charged.
6. Consider the procedures performed on the entity's budget controls
over summarization of expenditure balances as discussed in FAM 395 F;
If the auditor has assessed the entity's controls as effective in
achieving the control objective of summarization of expenditure
balances, further procedures are not necessary to obtain assurance as
to whether interest penalties are paid out of the proper appropriation
account;
If the auditor has assessed the controls as ineffective,
the auditor should perform procedures to determine if the entity has
properly summarized the expenditure balances as described in FAM 495
B.
7. If the entity does not appear to be in compliance based on the
results of tests performed, discuss these matters with OGC and, when
appropriate, the Special Investigator Unit to conclude if noncompliance
actually has occurred and the implications of such noncompliance;
For any noncompliance noted, the auditor should:
* identify the
weakness in compliance controls that allowed the noncompliance to
occur, if not previously identified during compliance control testing;
* report the nature of any weakness in compliance controls and consider
modification of the opinion on internal control as appropriate (see FAM
580.32-.61);
* consider the implications of any instances of
noncompliance on the financial statements; and
* report instances of
noncompliance, as appropriate (see FAM 580.67-.75).
8. Document conclusions on compliance with each provision on Form 810
- Compliance Summary.
[End of table]
Note 1: The required due date is generally the date specified in the
contract or, if a date is not specified, 30 days after receipt of the
invoice (31 U.S.C. 3903(a)(1)(A) and (B)) If payment is for meat or
meat food products, perishable agricultural products, dairy products or
construction contracts, consult with OGC to determine payment due date.
Specific payment due dates to avoid interest penalties are established
by law for these items. (31 U.S.C. 3903(a)(2), (3), (4), and (6)):
The invoice receipt date is established as the later of (1) the date
the entity's designated representative or office actually receives a
proper invoice or (2) the 7th day after the date on which, in
accordance with the terms and conditions of the contract, the property
is actually delivered or performance of the services is actually
completed, unless the entity accepted the property or services before
the 7th day or a longer acceptance date is specified in the contract.
If the date of actual invoice receipt is not indicated, the entity must
use the invoice date. (31 U.S.C. 3901(a)(4)(A) and (B)):
Note 2: Interest shall be calculated at the rate set by the Secretary of
the Treasury under section 12 of the Contract Disputes Act of 1978 (41
U.S.C. 611) that is in effect at the time the entity accrues the
obligation to pay a late payment interest penalty. The rates are
published in the Federal Register. (31 U.S.C. 3902(a)):
Note 3: The interest penalty shall be paid for the period beginning on
the day after the required payment date and ending on the date on which
payment is made. (31 U.S.C. 3902(b)):
An interest penalty not paid after any 30-day period shall be added to
the principal amount of the debt, and a penalty accrues thereafter on
the combined amount of principal and interest. (31 U.S.C. 3902(e)):
Note 4: A payment is deemed to be made on the date a check for payment
is dated or an electronic transfer is made. (31 U.S.C. 3901 (a)(5)):
Note 5: The temporary unavailability of funds to make a timely payment
due for property or services does not relieve the entity head of the
obligation to pay interest penalties under this law. (31 U.S.C. 3902
(d)):
Note 6: If multipurpose testing is used for the compliance test and/or
compliance control test and/or a substantive test of payments details,
the sample items for the compliance test and/or compliance control test
should be selected using the sampling method used for the substantive
test as described in FAM 430. Otherwise, the items should be selected
using attribute sampling as discussed in FAM 460.02.
As with all sampling applications, the auditor should consider the
completeness of the test population. For efficiency, the auditor should
consider using records that were tested for validity, accuracy, and
completeness (as well as the other financial statement assertions) in
conjunction with substantive tests of the population.
[End of section]
812 - PAY AND ALLOWANCE SYSTEM FOR CIVILIAN EMPLOYEES, AS PROVIDED
PRIMARILY IN CHAPTERS 51-59 OF TITLE 5, U.S. CODE:
Note: Complete this compliance summary or prepare equivalent
documentation only if provisions of the Pay and Allowance System for
Civilian Employees, as provided primarily in Chapters 51-59 of Title 5,
U.S. Code, are considered to be significant as indicated on Form 802 -
General Compliance Checklist.
[See PDF for image]
[End of table]
Note: Complete this program or prepare equivalent documentation only if
provisions of the Pay and Allowance System for Civilian Employees, as
provided primarily in Chapters 51-59 of Title 5, U.S. Code, are
considered to be significant as indicated on Form 802 - General
Compliance Checklist. The procedures in this program are designed to
test compliance with the provisions listed on the Compliance Summary.
Audit Procedures:
Note: These tests are closely related to procedures performed for
substantive tests of payroll expense details. Use of multipurpose
testing in this situation is strongly encouraged.
1. Based on the preliminary assessment of compliance control
effectiveness (as documented on Form 812 - Compliance Summary), select
an appropriate sample of disbursements from the payroll records
throughout the audit period. (The sample size will vary based on the
expected effectiveness of compliance controls as discussed in FAM
460.02). Document the sampling approach using the documentation in FAM
section 495 E. See note 2 regarding sampling efficiencies and
completeness of the population.
2. For each item selected in 1, note the following information:
* employee name;
* pay period (number and dates);
* amount of gross pay for the period;
* pay rate;
* total hours worked; and number of hours worked
at regular pay and other pay (i.e., overtime, premium pay, etc.).
3. For each item selected in 1, obtain the employee's personnel file
and note the following in effect for the pay period selected: the
employee's grade and step and the employee's pay rate.
4. For each item selected in 1,
(a) Calculate the amount of gross
pay using the hours worked and the employee's pay rate indicated on the
payroll records. Compare the amount of gross pay calculated by the
auditor to the amount shown on the payroll records for the selected pay
period and obtain explanation and examine support for any differences.
Note: To convert basic annual amount to a daily, weekly or biweekly
amount, divide the annual rate by 2,087 for an hourly rate. Multiply
the hourly rate by number of either daily hours, 40 for weekly, or 80
for biweekly amounts. (5 U.S.C. 5504)
4. (b) Compare the employee's pay rate in the payroll records to the
appropriate pay rate for the employee's approved grade and step on the
pay schedules established by executive order. (Use the approved grade
and step indicated in the employee's personnel records for this test.)
Obtain explanation and examine support for any differences between the
actual pay rate for the period selected and the authorized amounts. (5
U.S.C. 5332, 5343, and 5383);
If the employee's pay is not set by
these pay schedules, determine whether the amount paid is properly
authorized and whether the pay rate is at least minimum wage. (29
U.S.C. 206)
5. If the entity does not appear to be in compliance based on the
results of tests performed, discuss these matters with OGC and, when
appropriate, the Special Investigator Unit to conclude if noncompliance
actually has occurred and the implications of such noncompliance.;
For any noncompliance noted, the auditor should; identify the
weakness in compliance controls that allowed the noncompliance to
occur, if not previously identified during compliance control testing;
* report the nature of any weakness in compliance controls and consider
modification of the opinion on internal control as appropriate (see FAM
580.32-.61);
* consider the implications of any instances of
noncompliance on the financial statements; and
* report instances of noncompliance, as appropriate (see FAM 580.67-
.75)
6. Document conclusions on compliance with each provision on Form 812
- Compliance Summary.
[End of table]
Note 1: To convert basic annual amount to a daily, weekly, or biweekly
amount, divide the annual rate by 2,087 for an hourly rate. Multiply
the hourly rate by number of either daily hours, 40 for weekly, or 80
for biweekly amounts. (5 U.S.C. 5504):
Note 2: If multipurpose testing is used for the compliance test and/or
compliance control test and a substantive test of payroll expense
details, the sample items for the compliance test and/or compliance
control test should be selected using the sampling method used for the
substantive test. Otherwise, the items should be selected using
attribute sampling, as discussed in FAM 460.02.
As with all sampling applications, the auditor should consider the
completeness of the population. For efficiency, the auditor should
consider using records that were tested for validity and completeness
(as well as the other financial statement assertions) in conjunction
with substantive tests of payroll or other payroll related compliance
tests.
Note 3: If the entity outsources payroll processing, the entity remains
responsible for compliance. Dividing responsibility for payroll
processing activities between the entity and the service organization
could make payroll testing more complicated, although the same testing
should be performed. The auditor may accomplish that testing with the
assistance of the service organization's auditor, who may issue an
internal control report on the service organization under AU 324
(SAS 70). Or the service organization's auditor may assist the entity
auditor by performing agreed-upon procedures at the service
organization (e.g., substantive testing) under AT 201 (see FAM 660).
[End of section]
813 - CIVIL SERVICE RETIREMENT ACT:
Note: Complete this compliance summary or prepare equivalent
documentation only if provisions of the Civil Service Retirement Act
are considered to be significant as indicated on Form 802 - General
Compliance Checklist.
[See PDF for table]
[End of table]
Note: Complete this program or prepare equivalent documentation only if
provisions of the Civil Service Retirement Act are considered to be
significant as indicated on Form 802 - General Compliance Checklist.
The procedures in this program are designed to test compliance with the
provisions listed on the Compliance Summary.
Audit Procedures:
1. Based on the preliminary assessment of compliance control
effectiveness (as documented on Form 813 - Compliance Summary), select
a sample of expense amounts for individuals' gross pay from the payroll
disbursement records for the audit period for employees covered by the
Civil Service Retirement Act system (CSRS). (See note 1.);
(The
sample size will vary based on the expected effectiveness of compliance
controls, as discussed in FAM 460.02). Document the sampling approach
using the documentation in FAM section 495 E. See note 3 regarding
sampling efficiencies and completeness of the population;
These tests should be coordinated with other tests of payroll-related
expenses and with the agreed-upon procedures agency auditors perform
for the Office of Personnel Management (OPM), per OMB audit guidance,
if performed;
2. For each selection made in 1, document the following for the pay
period selected:
* the amount withheld for the cost of retirement benefits;
* the amount of basic pay; and
* if indicated in the
payroll disbursement records, document the retirement plan under which
the withholdings were made (CSRS or FERS). (Only employees covered by
CSRS should be included in this compliance test. See FAM 817 for the
FERS compliance test.).
3. For each item selected in 1, obtain the employee's personnel file
and note the following:
* employee hire date,
* amount of basic pay, and
*the retirement plan under which the employee is covered.
4. For each selection made in 1,
(a) Compare the amount of basic pay
indicated in the employee's personnel file with the amount indicated in
the payroll records and obtain an explanation and examine support for
any differences. (This procedure would be performed only if not already
performed as part of other testing.).
(b) Calculate the amount of the withholdings for retirement costs
based on 7 percent of basic pay for executive branch employees (see
note 2 for percentages for other employees) for the selected pay period
and document the amount in the documentation. Compare to the actual
amount withheld for the selected pay period and obtain an explanation
and examine support for any differences. (5 U.S.C. 8334(a)(1)).
(c) Determine whether the entity contributed an equal amount for the
employee's retirement for the selected pay period. Obtain explanation
and examine support for any differences between the employee and entity
contributions. (5 U.S.C. 8334(a)(1)).
5. Determine whether amounts contributed by the entity are charged to
the appropriation or fund used to pay the employee for the selected pay
period by performing the following procedures:
(a) Review the accounting codes indicated on the supporting
documentation;
(b) Determine whether the accounting codes used to record the entity
contribution are the same as those used for the related payroll
expenditure and whether the codes and amounts agree with those recorded
in the budgetary accounting records. (This step assumes other payroll
testing would have included checking that the codes represent the
proper appropriation.).
(c) Consider the procedures performed on the entity's budget
controls over summarization of expenditure balances as discussed in FAM
395 F; If the auditor has assessed the entity's controls as
effective in achieving the control objective of summarization of
expenditure balances, further procedures are not necessary to obtain
assurance as to whether the entity's contributions are paid out of the
proper appropriation account; If the auditor has assessed the
controls as ineffective, the auditor should perform procedures to
determine whether the entity has properly summarized the expenditure
balances as described in FAM 495 B. (5 U.S.C. 8334 (a)(1)).
6. Determine whether the entity has effective controls over the proper
summarization of (a) the amounts withheld from employees for retirement
costs under this law and (b) the entity contributions for remittance to
Treasury. If the entity does not have effective controls for
summarization, test the summarization of the totals that include the
items selected for testing in step 1.
7. Compare the combined totals of employee withholdings and entity
contributions that include each selection made in step 1 to the deposit
made to Treasury and the remittance sent to OPM and obtain an
explanation and examine support for any differences. The funds should
be deposited in the Treasury to the credit of the Civil Service
Retirement and Disability Fund. (5 U.S.C. 8334(a)(2)).[Empty].
[Empty].
8. If the entity does not appear to be in compliance based on the
results of tests performed, discuss these matters with OGC and, when
appropriate, the Special Investigator Unit to conclude if noncompliance
actually has occurred and the implications of such noncompliance;
For any noncompliance noted, the auditor should;
* identify the
weakness in compliance controls that allowed the noncompliance to
occur, if not previously identified during compliance control testing;
* report the nature of any weakness in compliance controls and consider
modification of the opinion on internal control as appropriate (see FAM
580.32-.61);
* consider the implications of any instances of
noncompliance on the financial statements; and
* report instances of
noncompliance, as appropriate (see FAM 580.67-.75).
9. Document conclusions on compliance with each provision on Form 813
- Compliance Summary.
[End of table]
Note 1: Employees may be covered by the Civil Service Retirement Act
(CSRS) or the Federal Employees' Retirement System Act (FERS),
generally depending on their employment date.
Note 2: The percentage to be withheld for the service period after
December 31, 2000, for (1) executive branch employees is 7 percent and
(2) Congressional employees is 7.5 percent. The percentage to be
withheld for the service period between January 1, 2001 and
December 31, 2002, for Members of Congress is 8.5 percent. The
percentage withheld for service after December 31, 2002, for Members of
Congress is 8 percent. (5 U.S.C. 8334(a)(1)):
Note 3: If multipurpose testing is used for the compliance test and/or
compliance control test and a substantive test of payroll expense
details, the sample items for the compliance test and/or compliance
control test should be selected using the sampling method used for the
substantive test. Otherwise, the items should be selected using
attribute sampling, as discussed in FAM 460.02.
As with all sampling applications, the auditor should consider the
completeness of the population. For efficiency, the auditor should
consider using records that were tested for validity and completeness
(as well as the other financial statement assertions) in conjunction
with substantive tests of payroll or other payroll related compliance
tests.
Note 4: If the entity outsources payroll processing, the entity remains
responsible for compliance. Dividing responsibility for payroll
processing activities between the entity and the service organization
could make payroll testing more complicated, although the same testing
should be performed. The auditor may accomplish that testing with the
assistance of the service organization's auditor, who may issue an
internal control report on the service organization under AU 324
(SAS 70). Or the service organization's auditor may assist the entity
auditor by performing agreed-upon procedures at the service
organization (e.g., substantive testing) under AT 201 (see FAM 660).
[End of section]
814 - FEDERAL EMPLOYEES HEALTH BENEFITS ACT:
Note: Complete this compliance summary or prepare equivalent
documentation only if provisions of the Federal Employees Health
Benefits Act are considered to be significant as indicated on Form 802
- General Compliance Checklist.
[See PDF for image]
[End of table]
Note: Complete this program or prepare equivalent documentation only if
provisions of the Federal Employees Health Benefits Act are considered
to be significant as indicated on Form 802 - General Compliance
Checklist. The procedures in this program are designed to test
compliance with the provisions listed on the Compliance Summary.
Audit Procedures:
1. Based on the preliminary assessment of compliance control
effectiveness (as documented on Form 814 - Compliance Summary), select
a sample of expense amounts for individuals' gross pay from the payroll
disbursement records for the audit period;
(The sample size will
vary based on the expected effectiveness of compliance controls, as
discussed in FAM 460.02). Document the sampling approach using the
documentation in FAM section 495 E. See note 2 regarding sampling
efficiencies and completeness of the population.
These tests should
be coordinated with other tests of payroll-related expenses and with
the agreed-upon procedures agency auditors perform for OPM, per OMB
audit guidance, if performed.
2. For each selection made in step 1, document the employee, the pay
period selected, and the amount withheld for the pay period selected,
if any, for the cost of health insurance. If available, document the
health plan enrollment code.
3. For each selection made in step 1, obtain the employee's personnel
file and note whether the employee elected health insurance coverage
for the period to which payroll disbursement relates. Such coverage
should be indicated on OPM form SF 2809;
If the employee did not
elect health insurance coverage, ask why amounts are being withheld for
the cost of insurance and determine whether any entity contributions
are being made inappropriately as well.
4. If the employee identified in step 3 elected coverage, perform the
following steps:
(a) Obtain the schedule of health insurance costs
for all plans published by OPM. Using the enrollment code for the plan
selected by the employee on OPM form SF 2809, calculate the employee's
portion of the health insurance cost and record it in the
documentation. Compare it to the amount actually withheld for the
selected pay period and obtain an explanation and examine support for
any differences. (5 U.S.C. 8906(d));
(b) For each employee in (a), determine the appropriate amount of
the entity's contribution for its share of health insurance costs by
using the OPM schedule of costs. Compare it to the amount actually
contributed by the entity for the employee's health insurance for the
selected pay period and obtain an explanation and examine support for
any differences. (See note 1 for part-time career employees.) (5 U.S.C.
8906(b)(1));
(c) For each employee in (b), determine if amounts contributed by
the entity are charged to the appropriation or fund that is used to pay
the employee for the selected pay period by performing the following
procedures:
(1) Review the accounting codes indicated on the
supporting documentation;
(2) Determine whether the accounting codes
used to record the entity contribution are the same as those used for
the related payroll expenditure and whether the codes and amounts agree
with those recorded in the budgetary accounting records. (This step
assumes other payroll testing would have included checking that the
codes represent the proper appropriation.);
(c) (3) Consider the procedures performed on the entity's budget
controls over summarization of expenditure balances as discussed in FAM
395 F;
If the auditor has assessed the entity's controls as
effective in achieving the control objective of summarization of
expenditure balances, further procedures are not necessary to obtain
assurance as to whether the entity's contributions are paid out of the
proper appropriation account;
If the auditor has assessed the
controls as ineffective, the auditor should perform procedures to
determine whether the entity has properly summarized the expenditure
balances as described in FAM 495 B. (5 U.S.C. 8906(f)).
5. Determine whether the entity has effective controls over the proper
summarization of the amounts withheld from employees for health
insurance costs under this law and the entity contributions for
remittance to Treasury. If the entity does not have effective controls
for summarization, test the summarization of the totals that include
the items selected for testing in step 1.;
6. Compare the total cost of health insurance on the entity's records
(employee and employer portions) for the selected pay period to the
deposit made to Treasury and the documentation sent to OPM and obtain
an explanation and examine support for any differences. The funds
should be deposited in the Treasury to the credit of the Employees
Health Benefits Fund. (5 U.S.C. 8909);
7. If the entity does not appear to be in compliance based on the
results of tests performed, discuss these matters with OGC and, when
appropriate, the Special Investigator Unit to conclude if noncompliance
actually has occurred and the implications of such noncompliance;
For any noncompliance noted, the auditor should
* identify the
weakness in compliance controls that allowed the noncompliance to
occur, if not previously identified during compliance control testing;
* report the nature of any weakness in compliance controls and consider
modification of the opinion on internal control as appropriate (see FAM
580.32-.61);
* consider the implications of any instances of
noncompliance on the financial statements; and
* report instances of noncompliance, as appropriate (see FAM 580.67-
.75).
8. Document conclusions on compliance with each provision on Form 814
- Compliance Summary.;
[End of table]
Note 1:
For part-time career employees, the biweekly entity contribution
shall be calculated on a prorata basis based on the ratio of number of
scheduled part-time hours to the number of scheduled regular hours for
an employee serving in a comparable position on a full-time basis. (5
U.S.C. 8906(b)(3)):
Note 2: If multipurpose testing is used for the compliance test and/or
compliance control test and a substantive test of payroll expense
details, the sample items for the compliance test and/or compliance
control test should be selected using the sampling method used for the
substantive test. Otherwise, the items should be selected using
attribute sampling, as discussed in FAM 460.02.
As with all sampling applications, the auditor should consider the
completeness of the test population. For efficiency, the auditor should
consider using records that were tested for validity and completeness
(as well as the other financial statement assertions) in conjunction
with substantive tests of payroll or other payroll related compliance
tests.
Note 3: If the entity outsources payroll processing, the entity remains
responsible for compliance. Dividing responsibility for payroll
processing activities between the entity and the service organization
could make payroll testing more complicated, although the same testing
should be performed. The auditor may accomplish that testing with the
assistance of the service organization's auditor, who may issue an
internal control report on the service organization under AU 324
(SAS 70). Or the service organization's auditor may assist the entity
auditor by performing agreed-upon procedures at the service
organization (e.g., substantive testing) under AT 201 (see FAM 660).
[End of section]
816 - FEDERAL EMPLOYEES COMPENSATION ACT:
Note: Complete this compliance summary or prepare equivalent
documentation only if provisions of the Federal Employees' Compensation
Act are considered to be significant as indicated on Form 802 - General
Compliance Checklist.
[See PDF for figure]
[End of table]
Note: Complete this program or prepare equivalent documentation only if
provisions of the Federal Employees' Compensation Act are considered to
be significant as indicated on Form 802 - General Compliance Checklist.
The procedures in this program are designed to test compliance with the
provisions listed on the Compliance Summary for this law.
Audit Procedures:
Note: The provisions identified for testing are procedural-based
provisions. As discussed in FAM 460.06, sufficient procedures usually
are performed in conjunction with tests of compliance controls for
these procedural-based provisions to conclude on the entity's
compliance without performing additional procedures. Additional
procedures should not be performed to obtain evidence regarding
compliance with the provisions related to the following objectives
unless sufficient evidence regarding compliance was not obtained during
compliance control tests documented on Form 816 - Compliance Summary.
1. Reference to conclusions on compliance controls on Form 816 -
Compliance Summary and indicate whether any additional procedures are
necessary.
2. If the entity does not appear to be in compliance based on the
results of tests performed, discuss these matters with OGC and, when
appropriate, the Special Investigator Unit to conclude if noncompliance
actually has occurred and the implications of such noncompliance;
For any noncompliance noted, the auditor should;
* identify the weakness in compliance controls that allowed the
noncompliance to occur, if not previously identified during compliance
control testing;
* report the nature of any weakness in compliance controls and consider
modification of the opinion on internal control as appropriate (see FAM
580.32-.61);
* consider the implications of any instances of
noncompliance on the financial statements; and report instances of
noncompliance, as appropriate (see FAM 580.67-.75).
3. Document conclusions on compliance with each provision on Form 816
- Compliance Summary.
[End of table]
Note 1: A statement showing the total cost of benefits and other
payments made from the Employees' Compensation Fund during the
preceding July 1 through June 30 expense period on account of the
injury or death of employees or individuals under the jurisdiction of
the entity is required to be provided by the Secretary of Labor to the
entity by August 15 of each year. (5 U.S.C. 8147):
Note 2: Entities not dependent on an annual appropriation shall make the
required deposit to Treasury from funds under its control during the
first 15 days of October after receipt of the statement showing the
costs paid on the entity's behalf. (5 U.S.C. 8147):
[End of section]
817 - FEDERAL EMPLOYEES' RETIREMENT SYSTEM ACT OF 1986:
Note: Complete this compliance summary or prepare equivalent
documentation only if provisions of the Federal Employees' Retirement
System Act of 1986 are considered significant as indicated on Form 802
- General Compliance Checklist.
[See PDF for image]
[End of table]
Note: Complete this program or prepare equivalent documentation only if
provisions of the Federal Employees' Retirement System Act of 1986 are
considered significant as indicated on Form 802 - General Compliance
Checklist. The procedures in this program are designed to test
compliance with the provisions listed on the Compliance Summary.
Audit Procedures:
1. Based on the preliminary assessment of compliance control
effectiveness (as documented on form 817 - Compliance Summary), select
a sample of expense amounts for individuals' gross pay from the payroll
disbursement records for the audit period for employees covered by the
Federal Employees' Retirement System (FERS). (See note 1.);
(The
sample size will vary based on the expected effectiveness of compliance
controls as discussed in FAM 460.02). Document the sampling approach
using the documentation in FAM section 495 E. See note 4 regarding
sampling efficiencies and completeness of the sample population;
These tests should be coordinated with other tests of payroll-related
expenses and with the agreed-upon procedures agency auditors perform
for OPM, per OMB audit guidance, if performed.
2. For each selection made in 1, document the following for the pay
period selected:
* the amount withheld for the cost of retirement
benefits,
* the amount of basic pay, and
* if indicated in the
payroll disbursement records, document the retirement plan under which
the withholdings were made (CSRS or FERS). (Only employees covered by
FERS should be included in this compliance test. See FAM 813 for the
CSRS compliance test.).
3. For each item selected in 1, obtain the employee's personnel file
and note the following:
* employee hire date,
* amount of basic pay, and
* the retirement plan under which the employee is covered.
4. For each selection made in 1,
(a) Compare the amount of basic pay
indicated in the employee's personnel file with the amount indicated in
the payroll records and obtain an explanation and examine support for
any differences. (This procedure would be performed only if not already
performed as part of other testing.).
(b) Calculate the amount of the withholdings for retirement costs
based on 0.8% of basic pay for most employees (see note 2 for
percentages for certain employees) for the selected pay period and
record the amount in the documentation. Compare to the actual amount
withheld for the selected pay period and obtain an explanation and
examine support for any differences. (5 U.S.C. 8422(a)(1)).
(c) Determine whether the entity contributed the correct amount for
the employee's retirement for the selected pay period. Obtain an
explanation and examine support for any differences between the entity
contributions and the amount calculated using OPM's normal cost
percentage. (5 U.S.C. 8423(a)(1) and 5 U.S.C. 8401(23)).
5. Determine if amounts contributed by the entity are charged to the
appropriation or fund used to pay the employee for the selected pay
period by performing the following procedures:
(a) Review the accounting
codes indicated on the supporting documentation;
(b) Determine whether
the accounting codes used to record the entity contribution are the
same as those used for the related payroll expenditure and whether the
codes and amounts agree to those recorded in the budgetary accounting
records. (This step assumes other payroll testing would have included
checking that the codes represent the proper appropriation.);
(c) Consider the procedures performed on the entity's budget controls
over summarization of expenditure balances as discussed in FAM 395 F;
If the auditor has assessed the entity's controls as effective in
achieving the control objective of summarization of expenditure
balances, further procedures are not necessary to obtain assurance as
to whether the entity's contributions are paid out of the proper
appropriation account;
If the auditor has assessed the controls as
ineffective, the auditor should perform procedures to determine whether
the entity has properly summarized the expenditure balances as
described in FAM 495 B. (5 U.S.C. 8423(a)(1)).
6. Determine whether the entity has effective controls over the proper
summarization of the amounts withheld from employees for retirement
costs under this law and the entity contributions for remittance to
Treasury. If the entity does not have effective controls for
summarization, test the summarization of the totals that include the
items selected for testing in step 1.
7. Compare the combined totals of employee withholdings and entity
contributions that include each selection made in step 1 to the deposit
made to Treasury and the remittance sent to OPM and obtain explanation
and examine support for any differences. The funds should be deposited
in the Treasury to the credit of the Civil Service Retirement and
Disability Fund. (5 U.S.C. 8422(c) and 5 U.S.C. 8401(6)).
8. If the entity does not appear to be in compliance based on the
results of tests performed, discuss these matters with OGC and, when
appropriate, the Special Investigator Unit to conclude if noncompliance
actually has occurred and the implications of such noncompliance;
For any noncompliance noted, the auditor should;
* identify the
weakness in compliance controls that allowed the noncompliance to
occur, if not previously identified during compliance control testing;
* report the nature of any weakness in compliance controls and
consider modification of the conclusion on internal control as
appropriate (see FAM 580.32-.61);
* consider the implications of any instances of
noncompliance on the financial statements; and
* report instances of
noncompliance, as appropriate (see FAM 580.67-.75).
9. Document conclusions on compliance with each provision on Form 813 -
Compliance Summary.
[End of table]
Note 1: Employees may be covered by the Civil Service Retirement Act
(CSRS) or the Federal Employees' Retirement System Act (FERS),
generally depending on their employment dates.
Note 2: For most employees, the percentage to be withheld is 0.8 percent
(7 percent less the Social Security tax rate). For congressional
employees, Members of Congress, and law enforcement officers,
firefighters, air traffic controllers, and nuclear materials couriers,
the withholding rates are higher. (See 5 U.S.C. 8422(a)(1).).
Note 3: The Office of Personnel Management (OPM) computes the normal
cost percentage. For FY 2002, it is 11.5 percent for regular employees.
For congressional employees, Members of Congress, and law enforcement
officers, firefighters, air traffic controllers, and nuclear materials
couriers, the normal cost percentages are higher. OPM lists the
percentages in its Benefits Administration Letters, accessible on its
Internet site, http://www.opm.gov/asd/htm/bal01.htm (where the 2
digits after "bal" represent the calendar year of the letters). (5
U.S.C. 8401(23)):
Note 4: If multipurpose testing is used for the compliance test and/or
compliance control test and a substantive test of payroll expense
details, the sample items for the compliance test and/or compliance
control test should be selected using the sampling method used for the
substantive test. Otherwise, the items should be selected using
attribute sampling, as discussed in FAM 460.02.
As with all sampling applications, the auditor should consider the
completeness of the test population. For efficiency, the auditor should
consider using records that were tested for validity and completeness
(as well as the other financial statement assertions) in conjunction
with substantive tests of payroll or other payroll related compliance
tests.
Note 5: If the entity outsources payroll processing, the entity remains
responsible for compliance. Dividing responsibility for payroll
processing activities between the entity and the service organization
could make payroll testing more complicated, although the same testing
should be performed. The auditor may accomplish that testing with the
assistance of the service organization's auditor, who may issue an
internal control report on the service organization under AU 324 (SAS
70). Or the service organization's auditor may assist the entity
auditor by performing agreed-upon procedures at the service
organization (e.g., substantive testing) under AT 201 (see FAM 660).
[End of section]
SECTION 900:
Substantive Testing:
902 - RELATED PARTIES, INCLUDING INTRAGOVERNMENTAL ACTIVITY AND
BALANCES:
.01:
This section provides detailed guidance on the procedures that the
auditor should perform with respect to related parties, as described in
FAM sections 280 and 550. AU 334 (SAS No. 45) provides general guidance
on the procedures that should be performed to identify related party
relationships and transactions so that the auditor may satisfy him or
herself that they are appropriately accounted for and disclosed. In
addition, the American Institute of Certified Public Accountants
(AICPA) has issued a toolkit for accountants and auditors titled,
Accounting and Auditing for Related Parties and Related Party
Transactions[Footnote 1]. This toolkit includes selected authoritative
accounting and auditing literature, an illustrative audit program,
disclosure checklist, confirmation letter, and letter to other auditors
and is available at the AICPA's website: http://www.aicpa.org/news/
relpty1.htm.
.02:
The federal government in its entirety is an economic entity. Federal
entities are components of the U.S. government; therefore, transactions
between federal entities are considered intragovernmental. Within the
federal government, many reporting entities rely on other federal
entities to help them achieve their missions and fulfill their
operating objectives. These arrangements may be voluntary, stipulated
by law, or established by mutual agreement of the entities involved and
may not be carried out on an arm's-length basis. In many cases, the
entity receiving goods or services will reimburse the providing entity
in accordance with some agreed-upon price, which may or may not
represent market value. Often, however, one entity provides goods or
services to another entity free of charge (without reimbursement). For
example, the General Services Administration, in some cases, provides
property management services and contract award and administration to
other entities without charge.
.03:
In addition, certain federal entities can significantly influence the
operating policies of the transacting entities. For example, the Office
of Management and Budget (OMB) provides policy and/or general
management guidance to other federal entities, and the Office of
Personnel Management (OPM) helps federal entities recruit nationwide
and sets human resources management rules with the federal entities'
involvement; administers the systems for setting federal compensation
and benefits; manages federal employee health and life insurance
programs; and operates the retirement program for federal employees.
.04:
Thus, in the federal government, the most significant related parties
are other federal government entities. Other possible related parties
outside of the federal government include states, members of the
entity's management, and individuals and firms with which members of
management may be related.
.05:
The auditor should consider the possible existence of related parties
with material activity and balances that could affect the financial
statements, including intragovernmental activity and balances. The
identification of related parties and activity and balances is
important because of (1) the requirement under U.S. generally accepted
accounting principles to disclose material related-party transactions
and certain control relationships, (2) the instances of fraudulent
financial reporting and misappropriation of assets that have been
facilitated by the use of an undisclosed related party, and (3) the
potential for distorted or misleading financial statements in the
absence of adequate disclosure.
.06:
The reason for disclosing related party information is that financial
statement users may need that information to make informed judgments.
As stated above, if parties are related, the transactions between them
may not be based on an arm's-length relationship. For example, certain
goods or services may be donated or be at an amount that does not
represent market value, thus affecting the cost of the receiving
entity's operations. In addition, if the entity has transactions with
another entity based on a common control situation, such as when the
entity controls or can significantly influence the management or
operating policies of the transacting entity, the users of financial
statements should know the nature of the relationship since this
control relationship could result in operating results or financial
positions significantly different from those that would have been
achieved in the absence of such relationship.
.07:
Disclosures generally should include the nature of the relationship
between the entity and its related parties, a description of the
transactions, including donations, dollar amounts of transactions that
occurred during the period, and amounts due to or from related parties
as of the end of the period. Disclosures could include aggregation of
similar transactions by type. In cases of common control relationships,
the nature of the control relationship generally should be disclosed
even if there are no transactions between the entities. Disclosure of
related party transactions is not required for transactions between
components of the audited entity that are eliminated in consolidation.
However, if separate statements of the components are issued, the
disclosures should be presented in the separate component statements.
.08:
The following paragraphs discuss intragovernmental activity and
balances, then other related parties.
INTRAGOVERNMENTAL ACTIVITY AND BALANCES:
.09:
Intragovernmental amounts represent activity and balances within or
between federal entities. Intradepartmental amounts are activity and
balances within the same department (a department here means any
department, agency, administration or other entity designated by OMB as
a financial reporting entity that is not part of a larger financial
reporting entity other than the government as a whole).
Interdepartmental amounts are activity and balances between two
different departments. The intradepartmental and interdepartmental
amounts are subsets of intragovernmental activity and balances.
Intragovernmental activity includes:
* Intragovernmental fiduciary transactions such as:
** Transactions with the Department of Labor (Labor) relating to the
Federal Employee's Compensation Act, including routine payments to
Labor;
** Transactions with the OPM relating to employee benefit programs (the
Federal Employees' Retirement System, the Civil Service Retirement
System, and federal employees' life insurance and health benefits
programs) including routine payments, imputed financing, and accruals;
** Investments in federal securities issued by Treasury's Bureau of the
Public Debt, including interest accruals, interest income and expense,
and amortization of premiums and discounts; and:
** Borrowings from the Treasury and the Federal Financing Bank,
including interest accruals, interest income, and expenses;
* Goods and services provided from one federal entity to another (trade
transactions) including any related revenues earned, costs incurred,
and reimbursable costs (including both interdepartmental and
intradepartmental activity);
* Transfers between entities based on agreements or legislative
authority, expended appropriations, taxes and fees collected,
collections for others, accounts receivable from appropriations,
transfers payable, and custodial revenue (including both
interdepartmental and intradepartmental activity); and:
* Imputed costs such as fiduciary transactions with OPM and Labor
mentioned above and costs of litigation paid by the judgment fund
(including both interdepartmental and intradepartmental activity).
.11:
Activity and balances between federal entities (interdepartmental
transactions) should be eliminated at the U.S. Government's
Consolidated Financial Statements level, while the activity and
balances within the same department (intradepartmental) should be
eliminated at the department's consolidated financial statements level.
Accounting and Reporting Guidance:
.12:
In accounting for and reporting of related parties, including
intragovernmental activity and balances, the entity should refer to
Statements of Federal Financial Accounting Standards (SFFAS),
Statements of Financial Accounting Standards, OMB guidance, and
Treasury guidance. The following paragraphs illustrate these relevant
documents.
.13:
SFFAS No. 4, Managerial Cost Accounting Concepts and Standards, and
related interpretations address the accounting standards for
interentity cost activities. SFFAS No. 5, Accounting for Liabilities of
the Federal Government, addresses interentity liabilities, including
federal debt, pensions and retirement benefits. Also, SFFAS No. 7,
Accounting for Revenue and Other Financing Sources and Concepts for
Reconciling Budgetary and Financial Accounting, addresses interentity
revenue and requires disclosure of the nature of intragovernmental
exchange transactions in which an entity provides goods or services at
a price less than full cost or does not charge a price at all. The
reporting entities should also consult with the funding and
administering agencies, such as OPM, for information needed to properly
record interentity costs. Note that SFFAS No. 4 directs OMB to
designate the costs of goods and services received from other
departments that should be recognized, which it has done in the
guidance mentioned below.
.14:
Statement of Financial Accounting Standards No. 57, Related Party
Disclosures, defines related parties and provides examples of related
party transactions and general guidance on disclosures of transactions
between related parties. Footnote disclosures generally should include
disclosure of the nature of the relationship between the entity and its
related parties, a description of the transactions, including
donations, dollar amounts of transactions that occurred during the
period, and amounts due to or from related parties as of the end of the
period.
.15:
The OMB bulletin titled Form and Content of Agency Financial Statements
indicates that federal entities should:
* Present intragovernmental amounts by trading partner (reciprocal
federal entity) as required supplementary information (RSI).
Intragovernmental asset and liability categories reported as RSI should
agree with the intragovernmental asset and liability line items
reported on the balance sheet. The intragovernmental RSI may be limited
to the consolidated departmentwide financial statements of the Chief
Financial Officers (CFO) Act departments and agencies covered by the
form and content bulletin. The intragovernmental RSI reporting
requirement does not extend to federal components that are required to
prepare financial statements. All amounts should be net of intraentity
transactions.
* Reconcile intragovernmental asset, liability, and revenue amounts
reported as RSI with their trading partners; and:
* Report intragovernmental gross cost to generate earned revenue from
trade transactions, as well as total entity gross cost and earned
revenue, by budget functional classification.
OMB also has issued a memorandum titled Business Rules for
Intragovernmental Transactions that requires agencies to use the same
methodology in accounting for certain intragovernmental transactions,
which should help in reconciliation.
.16:
To emphasize the agency management's responsibility for identifying
intragovernmental activity and balances and reconciling data with
relevant trading partners, the entity should include specific
representations in the management representation letter that
intragovernmental, including intradepartmental, transactions have been
properly accounted for, reconciled with trading partners, and disclosed
(see FAM section 1001). If such disclosure is included in the financial
statements and the auditor believes that the disclosure is not
supported by management, or if management refuses to disclose related
party transactions, the auditor generally should give a qualified or
adverse opinion because of the inadequate disclosure, depending on
materiality, and include the necessary disclosures in a separate
paragraph in the audit report.
.17:
Treasury Financial Manual (TFM) section "Federal Intragovernmental
Transactions Process" and the Federal Intragovernmental Transactions
Accounting Policies Guide (Guide) provide governmentwide procedures for
federal entities to account for and reconcile transactions occurring
within and between each other. The procedures in these guides do not
apply to transactions between federal entities and nonfederal entities.
The TFM and the Guide are available at the Treasury/Financial
Management Service's (FMS) websites (http://fms.treas.gov/tfm/vol1/
v1p2c400.html and http://www.fms.treas.gov/cfs/dev/index.html).
.18:
The TFM includes procedures for CFO Act departments to reconcile and
confirm with their trading partners intragovernmental activity and
balances as of and for the fiscal year ended September 30. Each
department's CFO is to provide the department Inspector General (IG)
with representations indicating whether the department completed the
reconciliation. In addition, the department is to describe
noncompliance with the reconciliation requirements. (See TFM.) These
CFO representations should be included in the management representation
letter (see above).
.19:
The Guide provides detailed guidance on accounting and reconciling
intragovernmental balances. According to the Guide, federal entities
should identify trading partners[Footnote 2] for all intragovernmental
transactions and accumulate detail and summary information for each
activity by trading partner from their accounting records. The trading
partner code may be incorporated (1) as part of account coding
classification or (2) in the customer/vendor identification code in
accounts receivable and payable systems. These codes are the same as
the Treasury index agency code used by the Treasury to prepare the
governmentwide consolidated financial statements. If the two-digit
Treasury index agency code is not adequate to identify the trading
partner, entities may expand the partner code to components below the
department level and communicate these codes to their trading partners.
.20:
Federal entities also should use Standard General Ledger (SGL) account
attributes to indicate the nature of account balances and to identify
intragovernmental transactions. For example, the federal "F" and
nonfederal "N" attributes used in conjunction with an SGL account in
the Federal Agencies' Centralized Trial Balance System (FACTS) I
submissions enable Treasury/FMS to prepare elimination entries for the
governmentwide financial statements. When the federal attribute "F" is
used with an SGL account, a trading partner should be designated for
each transaction posted to the account.
Audit History:
.21:
Prior years' audits of several federal entities' financial statements
have identified instances where entities did not identify, summarize,
or reconcile intragovernmental activity and balances by trading
partner. Controls over the intragovernmental transactions were not
adequate. For example, one department instructed its components to make
buyer's intragovernmental transaction amounts agree with seller's
information without requiring an adequate reconciliation or
verification if goods or services were provided. Similar issues were
also identified concerning activity and balances within the same entity
(intradepartmental). Accordingly, there was no assurance that the
entity records contained fairly stated balances.
Intragovernmental Payment and Collection (IPAC) System[Footnote 3]
.22:
IPAC is the primary method used by most federal entities to
electronically bill and/or pay for services and supplies within the
government, and to communicate to the Treasury and the trading partner
agency that the online billing and/or payment for services and supplies
has occurred. IPAC, however, is not intended to be a control over the
intragovernmental transactions (reciprocal accounts). The auditor
should understand that IPAC was not designed as an accounting system
and does not require trading partners to record transactions at the
same time or in the same amounts. In addition, unreconciled IPAC
differences could affect the existence and completeness of
intragovernmental activity and balances.
.23:
The IPAC billing entity initiates an IPAC transaction either as a
collection or a payment. The IPAC customer entity receives an IPAC
transaction either as a payment or a collection. Monthly, the Treasury
compares the customer and billing entities' Statement of Transactions
with the IPAC data. If there is a difference, a Statement of
Differences, including a detailed list of all transactions charged or
credited to a particular agency location code, is generated monthly.
Entities should investigate the differences and make any necessary
corrections on their next Statement of Transactions.
.24:
The auditor should examine the entity's IPAC reconciliation procedures
to determine if the entity performs the reconciliation and researches
and resolves differences reflected on the statement of differences
properly and timely. The auditor may coordinate with the Fund Balance
with Treasury (FBWT) procedures to assess the effectiveness of the
entity's IPAC reconciliation.
.25:
The auditor should also design procedures to understand whether the
entity uses other systems (standard forms used to transfer funds
between appropriations, credit cards, and others) in addition to the
IPAC system to process intragovernmental activity and balances. The
auditor should determine whether these systems affect the fairness of
intragovernmental activity and balances. (See audit procedures below
and FAM section 902 C.):
Audit Procedures:
.26:
The auditor should consider audit risk and materiality in determining
the nature, timing, and extent of procedures for auditing
intragovernmental activity and balances and in evaluating the results
of these procedures. Throughout the audit, the auditor should consider
the possible existence of material intragovernmental activity and
balances that could affect the financial statements. The auditor should
evaluate all the information available concerning material
intragovernmental activity and balances and determine that the
financial statement disclosures are adequate and appropriate.
.27:
During the planning phase, the auditor should assess inherent, fraud,
and control risk. In assessing the inherent risk related to
intragovernmental activity and balances, there are several conditions
that the auditor should consider. For example, inherent risk may exist
because of the nature of the intragovernmental activity, such as a
significant volume of transactions and number of trading partners or
complex transactions. The auditor should assess the impact of inherent
and control risk on control testing and substantive testing. The
auditor should determine whether similar conditions continue to exist
and understand management's response to such conditions.
.28:
In assessing inherent and control risk, the auditor should obtain an
understanding of management responsibilities and the relationship of
each component to the total department and of each department to other
departments. The auditor should obtain an understanding of the entity's
operations to identify, respond to, and resolve accounting and auditing
problems early in the audit. For example, the auditor should know what
trading partners the entity has, the nature of intragovernmental
transactions that occur, the volume and dollar amount of transactions,
and management's attitude and awareness with respect to reconciliations
of intragovernmental activity and balances.
.29:
The auditor should assess the effectiveness of the entity's internal
control over intragovernmental activity and balances. The auditor
should identify the policies and procedures that pertain to the
entity's ability to record, process, summarize, and report
intragovernmental activity and balances by trading partner. The agency
should emphasize the importance of identifying and classifying
intragovernmental transactions by trading partner when they are
initiated and on all documentation thereafter; without this initial
identification, the system will not be able to keep track of them.
.30:
Without proper and timely reconciliation of intragovernmental activity
and balances, misstatements in these account balances at the component
and/or department level could materially affect the balances at the
governmentwide level (as well as at the department or component level).
In addition, when preparing consolidated financial statements, the
preparer must eliminate intragovernmental activity and balances within
and between departments or components. Because the amounts reported for
entity trading partners for certain intragovernmental accounts could be
significantly out of balance, the preparer would not be able to
eliminate these accounts in the consolidated financial statements. The
auditor may advise the entity about the need for monthly confirmation
and reconciliation of these transactions with trading partners. Annual
or quarterly reconciliations are generally not sufficient to detect and
resolve misstatements promptly.
.31:
If the auditor determines that the entity's reconciliation control for
intragovernmental transactions is not effectively designed and placed
in operation, the auditor should consider the effect on the financial
statements. Where intragovernmental transactions are or could be
material, significant additional work is usually necessary to express
an unqualified opinion. In some cases where the auditor finds material
weaknesses in the intragovernmental reconciliation control and no other
mitigating controls exist, the auditor may decide to modify the audit
opinion (see FAM section 580).
.32:
The TFM contains agreed-upon procedures for the department inspectors
general to perform for federal intragovernmental activity and balances.
These procedures are intended to assist with accounting for and
eliminating intragovernmental activity and balances in the preparation
of department and governmentwide financial statements and reports. The
IG should perform these procedures regardless of the opinion on the
department consolidated financial statements.
.33:
To avoid duplicate procedures, the auditor should consider the agreed-
upon procedures contained in the TFM when designing the tests for
intragovernmental activity and balances. Examples of the account risk
analysis (ARA), specific control evaluation (SCE), and audit procedures
for the audit of intragovernmental activity and balances are in
sections 902 A, 902 B, and 902 C. The ARA, SCE(s), and audit procedures
generally should be customized for the particular entity. For example,
if the auditor determines that the intragovernmental accounts
receivable line item is significant, the auditor generally should
prepare a separate ARA, SCE(s), and audit procedures for the
intragovernmental accounts receivable account and its related
accounting applications. (Note that a single SCE for a line-item/
account-related accounting application is presented. There are likely
transaction-related accounting applications listed on the ARA that also
would have SCEs.) In addition, to improve efficiency, the auditor may
coordinate tests of intragovernmental activity and balances with tests
of nonfederal activity and balances.
OTHER RELATED PARTIES:
.34:
To effectively plan and perform an audit, the auditor should understand
the entity's organization and its characteristics. The auditor should
consider the possible existence of other related parties and other
related party transactions throughout the audit to satisfy him or
herself that they are properly accounted for and disclosed (see
paragraph 902.07). Other related parties may include states that
federal entities made payments to in carrying out or executing their
federal programs. Examples of these programs are Department of Health
and Human Services grants to states for Medicaid,[Footnote 4]
Department of Transportation Federal Highway Administration programs
such as federal aid for highways and highway safety construction
programs, and Department of Labor State Unemployment Insurance and
Employment Service Operations.
.35:
The auditor may attempt to detect these relationships by inquiry of
management, reviewing major contracts/agreements, and reading
financial disclosure statements. The documentation generally should
include the names of related parties so all audit staff may become
aware of transactions with them. Work done to test transactions with
such parties may be coordinated with sensitive payments work, as
discussed in paragraph 280.05.
.36:
In addition to the procedures on related parties, the auditor also
generally should inquire about other parties that may not be related
parties, but that the agency may wish to disclose because of a public
perception that they might be related, although professional standards
do not require disclosure if the parties are not related (as defined in
AU 334). Section 902 C shows examples of audit procedures for other
related parties as well as for intragovernmental activity and balances.
The steps should be customized for the particular audited entity.
PRACTICE AIDS:
.37:
The following practice aids are appended:
Section 902 A - Example Account Risk Analysis (ARA),
Section 902 B - Example Specific Control Evaluation (SCE), and:
Section 902 C - Example Audit Procedures:
[End of section]
902 A - EXAMPLE ACCOUNT RISK ANALYSIS FOR INTRAGOVERNMENTAL ACTIVITY
AND BALANCES:
[See PDF for image]
[End of figure]
[End of section]
902 B - EXAMPLE SPECIFIC CONTROL EVALUATION FOR INTRAGOVERNMENTAL
ACCOUNTS:
[See PDF for image]
[End of figure]
[End of section]
902 C - EXAMPLE AUDIT PROCEDURES FOR INTRAGOVERNMENTAL AND OTHER
RELATED PARTIES' ACTIVITY AND BALANCES:
Entity:
Period of financial statements:
Job code:
Audit Procedures[1]:
Planning Phase:
Obtain an understanding of the entity's operations
that are significant to the audit of intragovernmental and other
related party activity and balances (see FAM section 220).
1. To obtain an understanding of significant accounting and auditing
issues, read the entity's prior year's accountability and auditors'
reports.
2. To identify the entity's accounting and reporting requirements and
applicable auditing standards for intragovernmental and other related
party activity and balances, read the following:
a. SFFAS No. 4,
Managerial Cost Accounting Concepts and Standards; SFFAS No. 5,
Accounting for Liabilities of the Federal Government; SFFAS No. 7,
Accounting for Revenue and Other Financing Sources and Concepts for
Reconciling Budgetary and Financial Accounting; Statement of Financial
Accounting Standards No. 57, Related Party Disclosures; AU Section 334,
Related Parties; AU Section 558, Required Supplementary Information;
OMB bulletin on Form and Content of Agency Financial Statements;
Treasury/Financial Management Service's (FMS) Federal
Intragovernmental Transactions Accounting Policies Guide; and Treasury
Financial Manual section "Federal Intragovernmental Transactions
Process.";
b. The entity's internal procedures for identifying, accounting,
reconciling and reporting intragovernmental and other related party
activity and balances.
c. The entity's process for identifying, classifying, and reporting
intragovernmental activity and balances requiring elimination at the
consolidated departmentwide or governmentwide level.
3. To identify the impact of systems/methods for processing, accounting
and financial reporting of intragovernmental and other related party
activity and balances,
a. Interview the entity's key management about,
for example, the systems/methods that are used to process
intragovernmental and other related party activity and balances (e.g.,
IPAC, credit cards, standard forms used to transfer funds between
appropriations, and others).
b. Obtain estimates of the approximate number and dollar amount of
intragovernmental and other related party activity and balances (this
could be based on the prior year) that are processed by each
significant system/method (see FAM section 270).
c. Consider coordinating this work with the audit of like nonfederal
activity and balances (i.e., similar transactions by the entity with
parties other than other federal entities).
4. To identify the intragovernmental and other related party activity
and balances;
a. Ask the entity management:
i. Names of all related parties
(intragovernmental and others) and whether there were transactions with
them during the period. Other possible related parties outside of
government might be states, management, and individuals and firms with
which members of management may be related or otherwise be able to
significantly influence the management or operating policies.
ii. The nature and terms of all significant activities and balances.
For example,
* for a seller entity,
** Obtain information on the types of significant revenues, any markup
percentage(s) over full cost, and the settlement/payment due date.
** Inquire as to how the full cost of products and services sold is
determined.
* for a buyer entity,
** Inquire about the minimum requirements (business
rules) that must be met before an intragovernmental trading partner may
provide goods or services.
* Inquire as to amounts, if any, that are in dispute at year-end.
iii.
Whether the audited entity receives services without reimbursement or
for less than full reimbursement, for example, donated services, such
as space or detailed employees. If so, ask if the entity is complying
with GAAP and/or OMB requirements with respect to accounting and
reporting treatment of these transactions. Also, if applicable, ask
about the approximate fair value and/or financial statement disclosure
for such goods and/or services.
iv. Whether the entity centrally maintains contracts, agreements, and
support for the terms of all significant transactions with related
parties.
b. Review, if any:
i. The entity policy for advance approval of related party
transactions by senior management.
ii.
The entity policy for requiring disclosure by employees to appropriate
officials of potential conflicts of interest, such as related party
transactions by employees of the entity. Also determine if summaries of
such transactions are communicated to financial management for its
consideration.
iii. Vendor and customer master file listings, major contracts, and
IPAC activity for intragovernmental or other related parties.
c. Ask Treasury/FMS regarding entities historically reporting
intragovernmental transactions with the audited entity.
5.
Provide audit staff with the names of known intragovernmental and other
related party trading partners, a description of the nature of
significant transactions with each, and such other information as
considered necessary to assist them in planning and performing other
sections of the audit.
6. Summarize the results.
7.
Document the auditor's preliminary assessment of risks related to the
intragovernmental and other related party activity and balances in the
ARA form or equivalent.
II. Internal Control Phase:
Understand the internal control the entity
has in place for identifying, accounting for, eliminating, and
reporting intragovernmental and other related party activity and
balances (existence, completeness, valuation, rights and obligations,
presentation and disclosure) (see FAM section 320).
1. Determine through
inquiry of management, walkthroughs, review of prior years'
documentation and other means, how and when the entity identifies
intragovernmental and other related party transactions.
a. Whether the
entity identifies the transactions by trading partner when they are
initiated and on all documentation thereafter.
b. If the entity uses trading partner codes, the relationship of such
codes to other document identifiers such as vendor codes. For example,
trading partner codes may be integral to each vendor code, or it may be
necessary to crosswalk vendor codes to a file of trading partner
codes.
c. If the entity does not use trading partner codes, determine how the
entity identifies, analyzes, and accumulates intragovernmental
activity and balances. For example, the entity may derive such amounts
through off-line manual processes after the fact.
d. When the entity recognizes each significant category of
intragovernmental and other related party transactions. For example,
when an invoice is received, when processed through IPAC, when goods or
services are received, when notified by the seller that an agreed-upon
stage of completion has been achieved. Consider whether the entity's
policy in recording intragovernmental and other related party
transactions is appropriate.
e.
Whether the entity and its trading partners use consistent reciprocal
ledger accounts and categories of activity and balances for recording
and reconciling such amounts. If so, ask what processes are in place to
provide management with reasonable assurance that trading partners are
recognizing reciprocal transactions in the same period, for the same
amount, and by consistent or compatible accounting methods.
f. If the entity complies substantially with the SGL at the transaction
level as it applies to intragovernmental activity and balances. (Note:
The SGL accounts used should include attributes for intragovernmental
activity and balances that identify (a) that these accounts contain
intragovernmental transactions (e.g., attribute "F") and (b) the
trading partner (e.g., Treasury trading partner code "20").);
g. Policies and procedures for confirming intragovernmental and other
related party activity and balances with trading partners.
h.
How often the entity reconciles its related party activity and balances
with its trading partners. Also inquire as to whether adjustments
identified as necessary through the reconciliation process have been
properly recognized in the financial records. If not, ask why. If the
entity did not perform reconciliations, ask why not.
i.
Whether the selling and buying entities have established processes to
facilitate the timely reconciliation of activity and balances. (Note:
The selling entity is typically responsible for furnishing detailed
transaction information to facilitate reconciliation.);
j. What the entity's year-end cut-off procedures related to the
intragovernmental and other related party activity are. Determine if
procedures provide assurance that intragovernmental activities
occurring in the current period are recorded in the current period.
(Since the reconciliation process should detect cutoff errors, see
above for reconciliation procedures with trading partners.);
k. What the entity's policies and procedures are for intraentity
elimination.
l.
Whether the entity maintains transaction logs or detailed records of
transactions to identify the postings to SGL accounts and to facilitate
the reconciliation process. The logs should include sufficient
information to enable identification and location of the supporting
documents.
m.
Whether the entity reviews and approves monthly account analyses of
intragovernmental accounts and examines budget-to-actual and trend
analyses.
2. Coordinate with the results of audit procedures for other cycles to
determine if the entity has internal control issues related to
intragovernmental and other related party activity and balances. For
example, to determine if the entity has control issues related to
intragovernmental activity and balances, coordinate with the results of
FBWT audit procedures to determine if the entity has issues on its
FBWT/IPAC reconciliation such as material unreconciled amounts and aged
unreconciled IPAC differences.
3. Perform walk-throughs of processes for identifying, accounting,
reconciling, confirming, eliminating, and reporting intragovernmental
and other related party activity and balances to obtain or update the
auditor's understanding of these procedures and preliminarily assess
the effectiveness of these controls.
a. Walkthrough the process from
initiation to recording in the general ledger and inclusion in the
financial statements or elimination for each significant type of
intragovernmental and other related party activity and balances.
b. Walk through the management/entity approval process of payments to
trading partners. (Note: Prior audits have identified instances where
payment controls for intragovernmental transactions were not
sufficient, for example, the seller entity made payments to trading
partners without verifying whether goods or services were provided.);
c. Identify and document differences in process for nonfederal and
intragovernmental and other related party activities and balances.
d. If the entity performs reconciliations of intragovernmental activity
and balances with trading partners during the year, the auditor should
walk through both interim and year-end reconciliation processes.
4. Prepare or update the cycle memorandum, flowchart, and ARA and SCE
forms (See FAM sections 390, 395 H and I, and 902 A and B) or
equivalents.
III. Testing Phase:
A. For intragovernmental accounts, if the auditor
preliminarily determines that the entity's reconciliation and
confirmation controls with trading partners are effectively designed
and placed in operation, test the entity's policies and procedures to
determine if the reconciliation and confirmation controls are effective
and if intragovernmental balances appear reasonable.
1. Obtain final
yearend reconciliations/confirmations of intragovernmental activity
and balances for each trading partner and supporting documentation; or
obtain the entity CFO responses for intragovernmental activity and
balances and the supporting documentation for the final reconciliation/
confirmations. (See the Treasury Financial Manual (TFM) sections on CFO
procedures/representations and on IG Agreed-Upon Procedures for Federal
Intragovernmental Activity and Balances);
2. Compare the amounts in the reconciliations to supporting
documentation.
3.
Trace the adjustments, if any, identified in the reconciliation process
to the entity's financial records.
4. Compare the amounts, excluding intra-departmental activity and
balances, in the audited department consolidated financial statements
to such amounts in the department's final FACTS I or FACTS Notes
reports to FMS.
5. Prepare an agreed-upon procedures report. (Note: The procedures in
steps 1 to 4 above are agreed-upon procedures for intragovernmental
activity and balances. See the TFM, volume 1, section on IG Agreed-Upon
Procedures for Federal Intragovernmental Activity and Balances. Also
see FAM section 660.);
6.
Consider whether these agreed-upon procedures are sufficient to achieve
financial statement audit objectives. For example, whether the agreed
upon procedures are applied to all significant assertions for all
significant intragovernmental activity and balances. Typically these
procedures alone will not be sufficient for financial statement audit
purposes.
7. If the agreed-upon procedures are not sufficient, then design
additional procedures that in combination with the agreed-upon
procedures will be sufficient. For example:
Reconciliation/confirmation (existence, completeness, valuations,
rights and obligations, and classification):
* OMB's bulletin on Form and Content of
Agency Financial Statements requires an entity to reconcile and confirm
intragovernmental activity and balances with trading partners
semiannually, beginning with the six-month period ending March 31, 2002
and quarterly, beginning with the three-month period ending December
31, 2002. If the entity performed monthly, quarterly, or semiannual
reconciliations, test reconciliations to determine if the entity's
reconciliation control is effective throughout the year.
* There should
be a separate reconciliation/confirmation for each trading partner.
* This reconciliation/confirmation also may be used for within entity
reconciliation/confirmation (intraentity).
a. Determine the completeness
of population: Determine if the entity performed reconciliations and
confirmations for all trading partners by comparing the trading
partners on the reconciliations and confirmation forms to subsidiary
records or the entity's trading partner list obtained during the
planning phase.
b. For each reconciliation/confirmation:
i. Determine if the
reconciliation/confirmation was reviewed and approved by the
appropriate personnel.
ii.
Compare the total amounts and SGL accounts of the activity and balances
reported on the reconciliation/confirmation form with the general and
subsidiary ledger accounts, and the total amounts to audited financial
statements and footnote disclosures. If differences are found, document
each such difference. Consider potential impact on financial statements
and post the differences identified to summary of unadjusted
misstatements.
iii.
Test whether the entity used appropriate SGL accounts and whether these
SGL accounts include the proper attribute(s) to indicate that they
result from intragovernmental transactions. (Note: For example, when
the federal attribute "F" is used with an SGL account, a trading
partner should be designated for each transaction posted to the
account.) Entities can modify SGL accounts listed on the form to be
more specific.
iv.
Consider whether the entity is using the reciprocal accounts delineated
in the FMS Guide. Entities should use these accounts to account for
intragovernmental activity and balances in the specified categories.
Use of these reciprocal accounts will facilitate the reconciliation and
confirmation process.
v. For fiduciary activity and balances, compare amounts on the
reconciliation forms to amounts on the Intragovernmental Fiduciary
Confirmation System. (Note: Fiduciary activity and balances include
loans from the Federal Financing Bank and Bureau of Public Debt,
investments with Bureau of Public Debt, Federal Employees Compensation
Act transactions with Labor, and employee benefit transactions with
OPM. The seller entity--Bureau of Public Debt, Treasury, Federal
Financing Bank, Labor, and OPM--will make balances information and
other details available through the Intragovernmental Fiduciary
Confirmation System for the buyer entities' use in reconciling amounts
to their records. The Intragovernmental Fiduciary Confirmation System
is the official confirmation system for federal entities that engage in
fiduciary intragovernmental transactions with Bureau of Public Debt,
Federal Financing Bank, OPM, and Labor.);
vi. For transfers, test whether;
* the classification of transfers as expenditure or nonexpenditure is
proper, and
* the accounting and reporting are appropriate.
vii.
For trust fund transfers such as highway and airport trust funds, also
test whether the trust fund amounts are properly accounted for and
maintained in accordance with laws that established these funds. (Note:
Test either by the trust fund auditor or as agreed-upon procedures by
the auditor who audits the entity that collects the revenue for it.);
Reconciliation adjustments and differences (all intragovernmental
categories); (Note: Exhibit I to FAM 902 C provides an illustration of
a reconciliation tool that may be used to summarize reconciling items
and prove amounts between a buyer and a seller entity.);
c. Determine whether adjustments, if any, are supported and timely:
i. Trace the
adjustments and reconciling items identified in the reconciliation
process to the entity general and subsidiary ledgers.
ii. Examine the adjustments and supporting documents to determine if
* The
entity timely and properly performed the research and identified causes
for differences.
* The adjustments are agreed upon by both entities and
made to proper SGL accounts. (Note: Examples of adjustments and
reconciling items are:
** Adjustments in estimated accruals: For
example, the seller entity has recorded unbilled revenue and the buyer
entity was not timely advised of the estimated accrual.
** Adjustments
due to timing differences: For example, timing differences caused by a
buyer entity's delay in recording IPAC transactions into proper SGL
accounts.
** Reconciling item for capitalization of assets: For
example, the buyer entity purchased property and equipment or inventory
and recorded them as assets.);
iii.
Obtain or prepare aging of outstanding unadjusted reconciling amounts
for all significant intragovernmental balance sheet accounts. Identify
old and/or unusual reconciling items and obtain explanations from the
entity.
iv. Review final yearend reconciliation for any accounting policy
differences and determine if the entity explains the causes of these
differences on the final reconciliation. The causes of these
differences might be differences in accounting standard requirements,
for example, amortization methods for discounts and premiums. For
example, one trading partner uses the interest method and the other
trading partner uses the straight-line method to amortize discounts/
premiums. (Note: There should be no material unresolved differences on
the final year-end reconciliation forms. The entity should resolve all
differences with trading partners.);
v. Determine the extent of unadjusted differences at year-end. Assess
their materiality on the financial statement line item and the overall
financial statements.
vi. If adjustments are made subsequent to the completion of the
confirmations (during the audit period), determine if the entity
revised the reconciliation and confirmation and submitted the updated
data to FMS.
8.
Summarize the results of testing: (1) conclude on the effectiveness of
the entity's reconciliation and confirmation controls and (2) propose
adjustments, if necessary.
9. Determine whether the results of testing and the nature of
misstatements indicate that combined risk should be assessed
differently and whether the audit procedures should be revised.
B. For intragovernmental activity and balances, if the auditor
preliminarily determines that the entity's reconciliation/
confirmation control with trading partners is not effective, or if the
reconciliations and/or confirmations are not performed by the entity,
the auditor should consider the effect on substantive tests and on the
audit report. In some cases, the auditor may decide to modify the audit
opinion when no reconciliation and other mitigating controls existed.
However, when intragovernmental activity and balances are material,
significant additional work may be necessary to express an unqualified
opinion such as:
1. Coordinate work with other related line items to test
existence, completeness, valuation, rights and obligations, and
classification of intragovernmental activity and balances. For
example,
a. In conjunction with cash receipts, revenues, and accounts
receivable testing, determine if intragovernmental accounts receivable
were collected subsequent to test date. Examine supporting
documentation for the posting of collections to the cash records;
determine if intragovernmental revenues and receivables are included in
nonfederal balances.
b. Test completeness of intragovernmental activity and balances by
reviewing vendor and customer master files to determine if
intragovernmental vendors and customers are properly included in
intragovernmental accounts.
c. Consider sending confirmation requests to trading partners for both
balance sheet and net cost activity and balances. Especially if
combined risk is assessed as high, consider applying similar
confirmation procedures as to the nonfederal accounts.
Cut off test (existence and completeness);
d. Determine if there are
unrecorded transactions and if the transactions are recorded in the
correct period.
i. Coordinate with the FBWT audit team to review results
of the FBWT reconciliation tests. For example, review IPAC transactions
reconciliations and the recording of IPAC transactions in accounting
systems; consider how timely and whether appropriate; review IPAC
transactions after 9/30-subsequent billing and collecting
transactions-to determine unrecorded transactions as of 9/30.
ii. Search for unrecorded sales revenue, accounts receivable, purchases,
and accounts payable (completeness). For example,
* To search for
unrecorded sales revenue and accounts receivable, select sales invoices
for trading partners recorded in the xx-day period subsequent to year-
end. Trace the selected invoices to shipping records or evidence of
service performance. Determine whether the sales revenue and accounts
receivable were recorded in the correct period. Alternatively, select
from shipping records to trading partners prior to year-end and trace
to sales invoices.
* To test the completeness of amounts recorded as accounts payable at the
balance-sheet date, select disbursements after the end of the audit
period and test if the amounts were recorded in accounts payable.
2. Review the test results of other related line items to determine if
there are issues related to existence, completeness, valuation, rights
and obligations, and classification in the tested accounts and
transactions and the impact on the intragovernmental activity and
balances. In testing these other accounts, consider whether items
tested were from trading partners.
3. Summarize the results and propose adjustments, if necessary.
4. Determine if the results of testing and the nature of misstatements
indicate that combined risk should be assessed differently and whether
the audit procedures should be revised.
Control and substantive tests of details--other related parties:
C.
Attain satisfaction about the purpose, nature, and extent of material
other related party transactions and their effect on the financial
statements. Coordinate with sensitive payments work, including the
review of executive compensation, travel, official entertainment funds,
unvouchered expenses, and consulting services (see FAM section
280.05).
1. Based on the work performed during the planning and internal
control phases, determine and document the methodology used to select
the transactions for testing.
* Examine all transactions,
* Dollar unit sampling (DUS),
* Classical variables estimation sampling, or
* Other (describe).
2. For the selected transactions,
a. examine documentation such as invoices, contracts, agreements, and
receiving and shipping reports;
b. determine whether the transactions have been properly approved;
c. confirm transaction terms and amounts with the other party to the
transaction; and;
d.
test the compilation of amounts that may be disclosed in the financial
statements for reasonableness.
3. Summarize the results.
4. Determine if the results of testing and the nature of misstatements
indicate that combined risk should be assessed differently and if the
audit procedures should be revised.
Substantive analytical procedures (FAM 475):
D. Substantive
analytical procedures: Perform analytical procedures to assess whether
balances are reasonable and reflect appropriate activities (existence
and completeness). If the entity performs reconciliation and
confirmation of intragovernmental activity and balances and the auditor
places reliance on those tests of details, less rigorous, supplemental
analytical procedures may be used to increase the auditor's
understanding of intragovernmental activity and balances after
performing tests of details in Testing, step III.A, above. However, in
the absence of adequate reconciliation and confirmation controls, some
or all of these procedures may be necessary to obtain sufficient
evidence, if possible. For example,
1. Develop expectations of the
accounts payable and receivable balances overall or for all significant
trading partners in light of the payment cycle during the year. Then,
compare the recorded balance overall or by trading partner to the
expected amount and investigate differences in the recorded balance if
differences exceed (insert an amount such that the total
uninvestigated difference for all trading partners, including those not
selected, does not exceed the limit).
2.
Develop expectations of recorded intragovernmental sales overall or for
all significant trading partners based on independent data; for
example, consider using trading partners' orders. Then compare the
expectations to the recorded sales amounts and investigate differences
in the recorded balance if differences exceed (insert an amount
such that the total uninvestigated difference for all trading partners,
including those not selected, does not exceed the limit).
3. Examine accounting records, for example, accounts receivable and
payable, for large, unusual, or nonrecurring activity or balances. For
example, consider expectations as to the types of intragovernmental
activity and balances and trading partners based on the planning work.
Then, examine significant unexpected/unusual intragovernmental
activity and balances and intragovernmental activity or balances with
unexpected trading partners. Document the definition of significant.
4. Summarize the results of testing and determine if adjustments are
necessary.
Elimination (existence, completeness, and valuation):
E. Test
consolidation/elimination for transactions occurring within the entity
(intraentity) to determine whether the elimination is appropriate and
supportable.
1. Obtain a list of each component entity's intraentity
transactions identified for elimination and each component entity's
reconciliation of its intraentity activity and balances with its
respective trading partners. This step may be done in conjunction with
the test of reconciliation (see step III.A above).
2. Review the entity's eliminating journal entries and supporting
documentation for elimination entries of the entitywide consolidated
financial statements. Determine whether elimination journal entries
are
a. approved by management and;
b. supported by schedules summarizing the SGL accounts that are
combined to total the amounts eliminated.
3. Summarize the results.
4. Determine if the results of testing and the nature of misstatements
indicate that combined risk should be assessed differently and if the
audit procedures should be revised.
IV. Reporting Phase:
To determine if the presentation and disclosures
of intragovernmental and other related party balances comply with GAAP
and OMB requirements:
1. Determine whether financial reports are prepared
in accordance with the OMB bulletin on Form and Content of Agency
Financial Statements. For example,
a. Review the balance sheet and
determine whether it is properly classified and line items are
correctly reported as intragovernmental or nonfederal.
b. Read the required supplementary information (RSI) to determine if
intragovernmental amounts and the related federal trading partners for
assets, liabilities, earned revenue from trade (buy/sell) transactions
and nonexchange revenue are presented as RSI. The gross cost to
generate earned revenue from trade transactions should be presented by
budget functional classification in the notes to the financial
statements.
c. Read disclosures for the Statement of Net Cost in the notes to the
departmentwide financial statements and determine if the department
includes a separate disclosure of intragovernmental gross cost and
earned revenue by budget functional classification as required by OMB's
form and content bulletin. Gross cost and earned revenue should be net
of intradepartment transactions (consolidated).
2.
Read the entitywide financial statements, notes, and RSI; compare the
reported intragovernmental and other related party (if any) activity
and balances with the test results.
3. Request that the entity's management include, in the representation
letter, representations related to intragovernmental and other related
party activity and balances. (See FAM section 1001 for guidance.);
4. Communicate with trading partner entities' auditors (with auditee's
permission) to consider whether issues identified by the other auditors
affect the auditor' s conclusions on intragovernmental transactions.
5.
Read the various current period Agreed-Upon Procedures (AUP) reports to
consider whether the findings will affect the auditor's conclusion and/
or if additional procedures need to be performed. For example,
a. The AUP
report on employee withholdings and employer contributions that are
reported on the Report of Withholdings and Contributions for Heath
Benefits, Life Insurance and Retirements. This AUP report is to assist
OPM in assessing the reasonableness of the Retirement, Health Benefits,
and Life Insurance Withholdings/Contributions and Supplemental
Semiannual Headcount report submitted to OPM (see OMB audit guidance).
b.
The AUP report on FACTS I verification. This AUP report is to evaluate
the department's management assertion that it compared the department's
summarized FACTS I data to its consolidated financial statements and to
determine whether such data is in agreement.
6. Summarize the results and determine if adjustments are necessary.
7. Conclude whether intragovernmental and other related party activity and
balances have been adequately accounted for and properly disclosed in
the financial statements.
[End of table]
Exhibit I: Reconciliation of Seller Entity Intragovernmental Earned
Revenue with Buyer Entity Cost:
[See PDF for image]
[End of section]
903 - AUDITING COST INFORMATION:
.01:
This section provides general guidance for considering cost information
and planning audit procedures. The auditor should coordinate these
procedures with procedures on auditing various line items and accounts.
The auditor is concerned about cost information for a number of
reasons. First, the auditor should obtain sufficient evidence to
determine whether the costs are fairly stated in the financial
statements and appropriately classified. Proper classification at the
agency level also contributes to proper classification of costs in the
consolidated financial statements of the U.S. government. Second, for
CFO Act agencies and components designated by OMB, the auditor is
concerned about the entity's financial management systems' substantial
compliance with the three requirements of FFMIA. Third, cost
information is important to the MD&A, although the auditor does not
opine on the MD&A. The most relevant accounting standard for cost
information is Statement of Federal Financial Accounting Standards
(SFFAS) No. 4, Managerial Cost Accounting. This standard has relevance
both to external financial reporting and to cost information for
internal management reporting.
STATEMENT OF FEDERAL FINANCIAL ACCOUNTING STANDARDS NO. 4, MANAGERIAL
COST ACCOUNTING:
.02:
SFFAS No. 4 establishes the concepts and standards for providing
reliable and timely information on the full cost of federal programs,
their activities, and outputs. The objectives of managerial cost
information specified in SFFAS No. 4 are:
* To provide program managers with relevant and reliable information
relating costs to outputs and activities. With this information,
program managers should understand the costs of the activities they
manage. The cost information should assist them in improving
operational efficiency.
* To provide relevant and reliable cost information to assist Congress
and executives in making decisions about allocating federal resources,
authorizing and modifying programs, and evaluating program performance.
* To provide consistency between costs reported in general purpose
financial reports and costs reported to program managers. This includes
standardizing terminology to improve communication among federal
organizations and users of cost information.
.03:
The first two objectives primarily address the managerial use of cost
information in improving operating efficiency and cost effectiveness,
making planning and budgeting decisions, and measuring performance. The
third objective primarily addresses external financial reporting. That
objective can be achieved by reporting cost information in financial
statements that is consistent with costs generated by the cost
accounting process. Because of the differences in the three objectives,
some requirements in SFFAS No. 4 are relevant to managerial decision
making and operations improvement, while some requirements are relevant
to external financial reporting.
.04:
The cost accounting concepts section of SFFAS No. 4 (paragraphs 41-66)
establishes the overall goals of cost accounting for federal agencies.
Managerial cost accounting should be a fundamental part of the
financial management system and, to the extent practicable, be
integrated with the other parts of the system. Managerial costing
should use a basis of accounting, recognition, and measurement that is
appropriate for the intended purpose. Cost information developed for
various purposes should be drawn from a common data source, and output
reports should be reconcilable to each other.
.05:
The five fundamental standards for managerial cost accounting set forth
in SFFAS No. 4 (paragraphs 67-162) are important for the auditor. These
standards will lead to the development of accurate and consistent cost
information for internal and external reporting by federal agencies.
The five standards are:
* Requirement for cost accounting: Each reporting entity should
accumulate and regularly report the cost of its activities for
management information.
* Responsibility segments: Management of each reporting entity should
define and establish responsibility segments and report the costs of
each segment's outputs.
* Full costs: Reporting entities should report the full costs of
outputs, which is the total amount of resources used to produce the
output, including direct and indirect costs.
* Interentity costs: Each entity's costs should incorporate the full
cost of goods and services received from other entities. As directed by
SFFAS No. 4, paragraph 110, OMB has designated, in its bulletin, Form
and Content of Agency Financial Statements, the costs of goods and
services received from other entities that should be recognized.
* Costing methodology: The costs of resources that directly or
indirectly contribute to the production of outputs should be
accumulated and assigned to outputs using appropriate methodologies.
(See paragraph 903.07.):
AUDIT PROCEDURES FOR FINANCIAL STATEMENT OPINION:
.06:
As part of understanding the entity's operations, the auditor should
obtain an overview of how the entity meets these standards. This may be
done by inquiry, observation, and walkthrough procedures. Substantive
tests of the cost accounting system are usually necessary. The auditor
should consider coordinating tests with other control and substantive
tests. Based on the auditor's understanding of the agency's operations,
the auditor should determine whether the statement of net costs is
designed to include all the costs of the agency's programs. Also, in
testing the statement of net costs, the auditor should test the
financial statement assertions related to costs including whether
expenses are properly classified in the statement of net costs, and in
the notes by budget functional classification, as required by OMB's
form and content guidance. The following (see FAM section 395 B) are
examples of subassertions related to costs:
Existence or occurrence:
* Validity: (1) Recorded costs, underlying goods and services used, and
related processing procedures are authorized by federal laws,
regulations, and management policy. (2) Recorded costs are approved by
appropriate individuals in accordance with management's general or
specific criteria. (3) Recorded costs represent goods and services that
were actually used and are properly classified.
* Cutoff: Costs recorded in the current period represent goods and
services used during the current period.
* Summarization: (1) The summarization of recorded costs is not
overstated. (2) Costs are assigned to appropriate classifications in
the financial statements.
Completeness:
* Transaction completeness: All valid costs are recorded and properly
classified.
* Cutoff: All goods and services used in the current period should be
recorded in the current period.
* Summarization: The summarization of recorded costs is not
understated.
Valuation or allocation:
* Accuracy: (1) Costs are recorded at correct amounts. (2) Costs are
recorded using appropriate assignment methodologies.
* Measurement: Costs included in the financial statements are properly
measured.
Presentation and disclosure:
* Account classification: Cost accounts are properly classified and
described in the financial statements.
* Consistency: The financial statement costs are based on accounting
principles that are applied consistently from period to period.
* Disclosure: The financial statements and footnotes contain all
information required to be disclosed.
.07:
SFFAS No. 4 discusses three methods of assigning costs: directly
tracing costs, assigning costs on a cause-and-effect basis, and
allocating costs on a reasonable and consistent basis. Although the
standard discusses these three methods in relation to assigning costs
to responsibility segments and outputs, the methods are also applicable
to assigning costs to financial statement line items in the statement
of net costs, generally by program, and in the notes by budget
functional classification. The different methods of assigning costs may
require different auditing procedures for determining whether costs are
properly classified in the statement of net costs by program and in the
notes by budget functional classification.
.08:
For example, for directly traced costs (such as materials used in
production or employees who worked on an output), the auditor generally
should test whether costs were assigned to the appropriate program and/
or budget functional classification.
.09:
Costs may be assigned on a cause-and-effect basis, by grouping costs
into cost pools where an intermediate activity may be a link between
the cause and the effect. For example, an information technology
department may provide support to other departments. The information
technology department may assign costs to other departments on a cause-
and-effect basis by first assigning costs to an intermediate activity,
such as hardware installation or software design. Then the costs in
these pools may be further assigned to other departments based on their
use of these technical services. In auditing these types of costs, the
auditor should test whether costs are assigned to the appropriate cost
pool (hardware installation, software design), but also whether the
costs are appropriately summarized in the pool. Then, when costs are
assigned to other departments, the auditor should test whether costs
assigned are based on appropriate usage information, whether the cost
assignments are reasonable and consistent, and whether they are
mathematically accurate.
.10:
Costs may be allocated if it is not economically feasible to directly
trace or assign costs on a cause-and-effect basis. This is commonly
done with costs such as general management, depreciation, rent,
maintenance, security, and utilities used in common by various
segments. These costs are generally accumulated in cost pools and
allocated to segments or outputs (or programs or budget functional
classifications) based on a relevant common denominator such as number
of employees, square footage of office space, or amount of direct costs
incurred in segments. In auditing these allocated costs, the auditor
should test whether the costs are assigned to the appropriate cost pool
and summarized appropriately. The auditor also should determine whether
the allocation basis is reasonable and consistent and test the
mathematical allocation. In addition, the auditor should determine
whether an allocation rather that directly tracing costs or assigning
them on a cause-and-effect basis is appropriate in the circumstances.
.11:
The entity exercises judgment in determining the line item/programs
included in its statement of net costs. The auditor should consider
whether classifications are reasonable in the circumstances.
Federal Financial Management Improvement Act of 1996 (FFMIA):
.12:
For audits of the CFO Act agencies and components identified by OMB
audit guidance, the auditor should determine whether the agency's
financial management systems comply substantially with the three
requirements of FFMIA (see paragraph 100.02 and FAM section 701). To
determine compliance with SFFAS No. 4 for the purposes of FFMIA, the
auditor should ask these questions, which relate to the standards
discussed in paragraph 903.05:
* Does the agency regularly accumulate and report the costs of its
activities to management?
* Has the agency defined its major programs and responsibility segments
for the purpose of delineating costs?
* Does the agency properly accumulate costs by those programs and
segments?
* Has the agency accounted for the full costs (including interentity
costs) of products, services, or outputs to be externally reported at
the entitywide level?
* Has the agency accounted for the costs of resources that contribute
to the production of outputs by individual responsibility segment using
appropriate costing methodologies?
* Has the agency reported those costs in the year-end financial
statements on the accrual basis of accounting?
* Are the costs reported for external financial reporting and those
reported for internal management reporting consistent and reconcilable?
* Is the reported management cost information consistent, timely, and
comprehensive?
* Is the cost information reported in such a manner that management can
determine answers to appropriate questions about costs of outputs?
* How does management determine whether costs are appropriate?
* How does management determine the entity's compliance with FFMIA?
This inquiry is frequently combined with the procedures in paragraph
903.06, the outcome of which should be considered in concluding about
the entity's compliance with the cost accounting requirements under
FFMIA. Also, the auditor should review evidence supporting management's
assertions in response to these questions, as further discussed in
section 701, Assessing Compliance of Agency Systems with the Federal
Financial Management Improvement Act (FFMIA).
MANAGEMENT'S DISCUSSION AND ANALYSIS (MD&A):
.13:
The auditor does not provide an opinion on the MD&A. Thus, the main
concern is consistency of information, rather than testing the
reliability of the cost data in the MD&A. The auditor should read the
MD&A for consistency with the financial statements and with the
auditor's knowledge of the entity. Testing generally should be limited
to data in the financial statements, as discussed in paragraph 903.06,
not the MD&A. Analytical procedures may be used to consider the
reasonableness of cost data in the MD&A. Based on this comparison, the
auditor should consider whether additional testing is needed.
.14:
Although costs reported in internal and external reports should be
consistent, they may differ in the degree of detail and reporting
frequency. Cost information for management may require more frequent
and timely reporting. It also may require more specific and detailed
information regarding the costs of specific activities or outputs. By
comparison, external reports could be less frequent, and the cost
information more aggregated, such as on a suborganization or program
basis.
[End of section]
921 - AUDITING FUND BALANCE WITH TREASURY (FBWT):
.01:
This section provides guidance in auditing the Fund Balance with
Treasury (FBWT) account. It explains key agency and Treasury processes
and procedures related to FBWT accounts and discusses audit issues.
Practice aids, including example Account Risk Analysis (ARA) and
Specific Control Evaluation (SCE) forms and suggested audit procedures
for the FBWT line item, are included in appendices.
.02:
The FBWT account (SGL account 1010) is an asset account representing
the unexpended spending authority in agencies' appropriations. Federal
agencies record their budget spending authority in FBWT accounts and
increase or decrease these accounts as they collect or disburse funds.
Most agencies maintain several fund balance accounts funded by
different types of appropriations, such as annual 1-year appropriations
and/or multiyear appropriations that are included in the financial
statement FBWT line item. The FBWT account also serves as one of
several mechanisms to prevent agencies' disbursements from exceeding
appropriated amounts.
.03:
In the federal government, Treasury serves as the central banker. Most
agencies use the banking services provided by Treasury's Financial
Management Service (FMS) and do not keep cash in separate bank
accounts. Some agencies have authority to disburse funds on their own
behalf. These agencies still maintain FBWT accounts and follow
Treasury's reporting and reconciliation requirements.
.04:
Unlike commercial banking institutions, Treasury does not keep
independent accounting records of each agency's FBWT accounts. Instead,
Treasury uses monthly data reported by the agencies to calculate
agencies' FBWT balances and requires agencies to perform detailed
reconciliations of FBWT accounts to maintain the accuracy and
reliability of agencies' fund balance records. Effective
reconciliations also serve as a detection control for identifying
unauthorized and unrecorded transactions at the agencies and Treasury.
.05:
Treasury requires agencies to maintain FBWT accounts and to perform a
two-part reconciliation process each month.
* First, agencies should reconcile differences identified by Treasury
between cash receipts and disbursements transactions reported by
agencies to those reported by other sources of financial data, such as
the Federal Reserve, commercial banks, other federal agencies, and the
FMS regional financial centers. Treasury reports differences identified
to agencies each month on "Statements of Differences."[Footnote 5]
* Second, agencies should reconcile differences between their records
and Treasury records of the monthly activity recorded in the FBWT
accounts. Each month Treasury provides appropriation, fund, and
receipt account ledgers, which include a rollforward of the previous
month's balance, the current month's cash activity reported by the
agency and other account activity (supplemental appropriations,
rescissions, nonexpenditure transfers, entries reported by other
agencies) to compare to their records.
Differences remain until reconciled by the agencies and represent
potential misstatements in agencies' financial statements and budget
execution reports.
Audit Issues:
.06:
Many agencies have problems in reconciling the transaction activity in
their FBWT accounts. Ineffective FBWT reconciliations contribute to
agencies' inability to prepare auditable financial statements. Without
effective agency reconciliations of receipt and disbursement activity,
the agency FBWT balance -the amount of funds available to it for
expenditure in each appropriation - may contain material misstatements,
and auditors generally would be unable to determine whether FBWT is
fairly stated.
.07:
Prior audits of agencies' financial statements identified instances in
which agencies were not timely reconciling their FBWT accounts.
Instead, some agencies adjusted their accounts to show the amounts
reported by Treasury and/or recorded differences in suspense accounts
without adequately researching the causes of the differences.
Unreconciled differences recorded in suspense accounts could represent
transactions that have not been recorded by the agency to the
appropriate accounts. Only after researching its accounting records and
reports can an agency determine the cause of the problem and make the
proper adjustments to its FBWT accounts (and related asset, liability,
expense, or revenue accounts) or advise Treasury to correct its
records.
.08:
There were instances in which agencies did not receive Statements of
Differences from Treasury, even though unreconciled differences
existed. Some agencies did not use their accounting records to prepare
monthly reports to Treasury. Instead, they reported the same amounts
recorded in OPAC and CASHLINK to avoid Statements of Differences;
generally these agencies tracked differences in suspense accounts.
Because Treasury uses these sources to compare with the amounts
reported by the agency, Treasury did not identify differences; thus, no
Statements of Differences were issued. Also, some agencies cleared
Statements of Differences by reporting adjustments to Treasury before
researching and resolving differences. Therefore, amounts reported on
Statements of Differences might not always be an adequate indicator of
reconciliation problems or an adequate measure of the extent of
outstanding unreconciled differences. Auditors should design tests to
obtain an understanding of the agency's reconciliation procedures in
order to assess the effect of its reconciliation process on the
financial statements and to determine the level of audit procedures
required after considering the materiality of unreconciled differences.
.09:
Because Treasury's record of an agency's FBWT is the result of the
activity reported to Treasury by the agency itself, and is not obtained
from another source, the reconciliation process is a key control over
FBWT accounts.
.10:
One year's successful audit of the reconciliation of FBWT activity will
generally not result in an auditable balance because the auditor faces
the issue of auditing the beginning balance. Except for the first year
of an appropriation, the balances in most FBWT accounts are included in
the FBWT line item rollforward from year to year until the account is
closed, which can be 5 years or more, depending on the type of
appropriation.
.11:
In an initial audit, the auditor should design tests to obtain
assurance on the FBWT beginning balance. This may require testing of
FBWT reconciliations performed in prior years or other audit procedures
that provide assurance on the FBWT line item. For example, in some
instances detailed audit procedures over beginning balances related to
other financial statement accounts that affect FBWT could provide
assurance. In tests of other account balances, the auditor may be able
to determine that old errors were written off or other appropriate
adjustments were made to FBWT and that the fund balances from prior
years and remaining unadjusted reconciling differences are immaterial.
Audit Approach:
.12:
Because Treasury relies on the monthly data reported by the agencies to
calculate agencies' FBWT balances, confirmation of FBWT account
balances with Treasury does not provide competent evidence. Therefore,
the auditor needs to obtain competent evidence through tests of the
agency's FBWT reconciliation process.
.13:
Since most assets, liabilities, revenues, and expenses stem from or
result in cash transactions, misstatements in the receipt or
disbursement activity recorded in the FBWT accounts affect the balances
of various financial statement accounts. Even though net FBWT account
balances may be immaterial as of the date of the financial statements,
the gross receipt and disbursement transactions flowing through the
FBWT account during the fiscal year are usually material. Therefore,
the auditor should test the reconciliation of the transaction activity
flowing through the account. In addition, the auditor should assess the
impact of gross unreconciled differences on the FBWT and other
financial statement line items.
.14:
The auditor should design an audit program that includes steps to
determine whether the agency:
* prepares monthly reports to Treasury using the same detailed
accounting records of collection and disbursement transactions that
are used to prepare the agency's financial statements;
* researches and resolves the underlying causes of differences between
amounts reported by Treasury and agency records each month and makes
the proper adjustments; and:
* monitors suspense account activity - including maintaining detailed
records of unreconciled differences charged to the account and
maintaining records that age the differences - and performs procedures
to timely and properly clear the account.
.15:
The auditor also should design procedures to determine the magnitude of
the agency's gross unreconciled differences at year-end by analyzing
the Treasury Statements of Differences reports and agency suspense
account items in terms of their aggregate absolute values and resulting
impact on the financial statements. (Since each difference represents a
potential misstatement, the roll-up and netting of charges and credits
can significantly understate the total outstanding differences.):
Practice Aids:
.16: The following practice aids are appended to this section:
* Section 921 A - Treasury Processes and Reports Related to FBWT
Reconciliation.
* Section 921 B - Example Account Risk Analysis (ARA).
* Section 921 C - Example Specific Control Evaluation (SCE). (Note that a
single SCE of the line item/account-related accounting application for
FBWT is presented. There are transaction-related accounting
applications listed on the ARA that affect FBWT, such as cash receipts
and cash disbursements, that would require transaction related SCEs.):
* Section 921 D - Example Audit Procedures.
.17:
These aids are not all inclusive. They do not include tests of other
accounts, such as Other Cash on Deposit bank accounts and Imprest
Funds. Also, for agencies that write their own checks, the aids do not
discuss or include tests of controls over check stock. If material, the
auditor should apply appropriate additional tests. The aids provide the
auditor with a framework for designing tests of FBWT accounts. Auditors
should use professional judgment in designing audit programs for their
particular agency after considering materiality, audit risks, and
internal control.
.18:
The auditor should use judgment in determining the most effective and
efficient method to achieve the audit objectives. When possible, the
FBWT audit procedures should be coordinated with other tests. For
example, many procedures may be performed in conjunction with tests of
agency cash receipts and cash disbursements. Others may be included as
part of compliance testing.
[End of section]
921 A - TREASURY PROCESSES AND REPORTS RELATED TO FBWT RECONCILIATION:
[See PDF for image]
[End of table]
[End of section]
921 B - EXAMPLE ACCOUNT RISK ANALYSIS FOR FUND BALANCE WITH TREASURY:
[See PDF for image]
[End of figure]
[End of section]
921 C - EXAMPLE SPECIFIC CONTROL EVALUATION FOR FUND BALANCE WITH
TREASURY:
[See PDF for image]
[End of figure]
[End of section]
921 D - EXAMPLE AUDIT PROCEDURES FOR FUND BALANCE WITH TREASURY:
FBWT Example Audit Procedures:
Planning Phase; FB-1:
A. To obtain an understanding of the agency's
accounting and reporting requirements for Fund Balance with Treasury
(FBWT) accounts, read the following documents:
* Treasury Financial
Manual, Volume I, part 2, chapter 5100 - Reconciling Fund Balance with
Treasury accounts, http://fms.treas.gov/fundbalance.
* Current OMB bulletin, Form and Content of Agency Financial
Statements.
* Statements of Federal Financial Accounting Standards (SFFAS No. 1).
* Agency
accounting policies and procedures for the Fund Balance with Treasury
Accounts.
B. Read prior year documentation, financial statements, and related
auditor's reports to determine if there were any audit issues/
reportable conditions related to FBWT.
Internal Control Phase; FB-2:
A. To obtain an understanding of the
agency's internal controls over FBWT accounts, perform the following:
1. Interview key agency staff about the FBWT procedures and controls in
place at the agency.
a. Determine what method the agency uses to disburse
funds (FMS regional finance centers, on its own behalf, and/or both
methods).
b. Obtain an understanding of the significant accounting
systems and controls used in reporting and accounting for FBWT
transactions.
c. Identify FBWT line item general ledger accounts.
d. Obtain
an understanding of the agency's FBWT reconciliation procedures. Ask
* if and how the agency tracks differences between the agency's and
Treasury FBWT records;
* what suspense accounts, if any, are used by the
agency to track unreconciled differences;
* if the agency has a process/system for aging unreconciled
differences; and;
* how the agency reports and handles differences.
B. Walk through the FBWT reconciliation process and determine whether
reconciliation controls have been placed in operation.
Testing Phase; FB-3:
A. To determine whether the agency's reconciliation
of the monthly SF 224, 1219/1220 or 1218/1221 Statement of
Transactions/Accountability report submitted to Treasury, to the
applicable general ledger (G/L) accounts is effective (existence):
1. Obtain a list of the agency's Agency Location Codes (ALCs). Agency
ALCs can be obtained through the GOALS. ALCs indicate the agency's
method of disbursement. Four digit ALCs indicate a non-Treasury
disbursing agency. Eight digit ALCs indicate a Treasury disbursing
agency.
2. Obtain the monthly Statements of Transactions (SF 224) or
Statements of Accountability/Transactions (SF 1219/1220 or 1218/1221)
for each ALC for the fiscal year, or for the period being audited if
testing at an interim date.
3. Select the individual Statements of Transactions (SF
224) or Statements of Accountability/Transactions (SF 1219/1220 or
1218/1221) to be tested (use separate forms to document the sampling
plan). Indicate selection method.
* Dollar unit sampling (DUS),
* Classical Variables Estimation Sampling, or
* Other (describe)
For each statement selected:
a. Compare the ALC on the SF 224 or SF 1219/1220 or 1218/1221 to the
agency's list of ALCs.
b. Trace monthly collection and disbursement amounts reported on
the SF 224, SF 1219/1220 or SF 1218/1221 to amounts recorded in the
agency's official accounting records (G/L).
c. Trace any prior period
adjustment amounts reported on the SF 224, SF 1219/1220 or SF 1218/1221
to supporting documentation and the agency's G/L.
d. Examine supporting documentation for any differences.
B. Summarize the results of testing.
C. Determine whether the results of testing indicate that combined risk
should be assessed differently and whether the audit procedures should
be revised.
FB-4:
A. To determine whether the agency is properly reconciling
collection and disbursement differences identified by Treasury
(existence and completeness):
1. Obtain the following Treasury reports
for each ALC for each month of the fiscal year, or for the period being
audited if testing at an interim date.
* Final month-end Statements of
Differences (FMS 6652). Note: To obtain the population of Statements of
Differences, obtain the initial month-end Statements of Differences
issued by Treasury. Treasury issues month-end Statements of Differences
for each accounting month (when differences are identified) and
continues to send statements for that month until the difference is
cleared. To obtain the initial differences reports for the period being
audited, obtain the reports that show the same accounting date and
audit date on the statement, indicating that this is the initial
statement of differences issued for that month.
* Advice of Check Issued
Discrepancy reports (FMS 5206). (Note: This step applies only for
agencies that disburse their own funds - Non-Treasury Disbursing
Offices (NTDO) agencies.);
* Treasury letters notifying the agency of
outstanding differences between amounts reported on the SF 1219/1220 or
SF 1218/1221 and its check issued summary reports. (Note: This step
applies only for NTDO agencies.);
Select the individual statements/letters to be tested (use separate
forms to document the sampling plan). Indicate selection method:
* Dollar unit sampling (DUS),
* Classical variables estimation sampling, or
* Other (describe).
For each statement/letter selected:
a. Compare the ALC number on the statement/report to the agency's list
of ALCs.
b.
Examine the agency's reconciliation files/documentation supporting the
reconciliation of the difference, and determine if differences were
adequately researched and resolved.
c. Trace resulting adjustments, if any, to subsequent month Treasury
reporting (SF 224, 1219/1220, or 1218/1221) and/or the agency general
ledger accounts to determine if adjustments were properly recorded.
(Note: reconciling items do not always result in adjustments to the G/
L and/or Treasury records. The resulting adjustment, if any, depends on
the cause of the difference. For example, an adjustment to the agency's
G/L is not necessary when a bank error caused the difference. The bank
is responsible for reporting the adjustment to Treasury.);
B.
Summarize the results of testing and conclude on the effectiveness of
the agency's reconciliation controls.
C.
Determine if the results of testing indicate that combined risk should
be assessed differently and if the audit procedures should be revised.
FB-5:
A. To determine if the agency's monthly reconciliation of its G/L to
Treasury records is effective (existence and completeness):
1. For the months that correspond to the Statements of Differences
selected above, obtain the Undisbursed Appropriation Account ledgers
(FMS 6653) and Receipt Account ledgers (FMS 6655) sent by Treasury and
the agency's reconciliation.
* Trace the FMS 6653/6655 balance per the
agency reconciliation to the FMS 6653/6655 reports sent by Treasury.
* Trace
the G/L account balances per the reconciliation to the appropriate G/L
accounts.
* Trace account activity per the FMS 6653/6655 to the agency
G/L. (Note: Typical activity, other than agency disbursements and
receipts, may include supplemental appropriations, non-expenditure
transfers, and entries reported by other agencies.);
* Examine supporting documentation for reconciling items.
* Determine if the appropriate
adjustments were made to the general ledger or that Treasury had been
notified of needed corrections.
B.
Summarize the results of testing and conclude on the effectiveness of
the agency's reconciliation controls.
C.
Determine if the results of testing indicate that combined risk should
be assessed differently and if the audit procedures should be revised.
FB-6:
A. To determine whether the agency's year-end (September)
reconciliation of FBWT accounts is effective (existence and
completeness):
1. Obtain the Agency's year-end (September) FBWT
reconciliation and Treasury's September Undistributed Appropriation
Account Ledger (FMS 6653) and Receipt Account Ledger (FMS 6655).
* Trace
appropriation, fund, and receipt account balances reported on the
Treasury account ledgers to the agency's reconciliation.
* Trace the
appropriation, fund, and receipt account balances reported on the
Treasury account ledgers to the agency general ledger.
* Examine supporting documentation for reconciling items.
* Determine if appropriate adjustments were made to the G/L and/or
reported to Treasury.
2. Obtain the year-end (September) Statements of Differences reports
issued by Treasury (FMS 6652, and/or FMS 5206 and Treasury notification
letters).
* Trace reported differences to the agency's reconciliation to
determine if all differences were included in the FBWT reconciliation.
* Examine supporting documentation and determine if differences were
adequately resolved.
* Trace resulting adjustments to supplemental
Statements of Transactions/Accountability or subsequent month Treasury
reporting (SF 224, 1219/1220, or 1218/1221) and/or the agency general
ledger.
3. Summarize the results of testing.
FB-7:
A. To determine the extent of unreconciled differences at year-end
and the potential impact on the agency FBWT account balance:
1. Determine
if unresolved differences reported by Treasury on Statements of
Differences as of September 30 for the fiscal year being audited were
subsequently resolved and properly accounted for.
* Obtain the
Statements of Differences for the months subsequent to year-end
(October through end of fieldwork).
* Identify unreconciled differences
outstanding at 9/30 that were subsequently resolved.
* Determine if the
differences were adequately researched and resolved.
* Determine if the
appropriate adjustments were made to the agency FBWT accounts or that
Treasury had been notified of needed corrections.
2. Determine the extent of unreconciled differences included in
suspense accounts that are not included on Statements of Differences.
* Obtain suspense account transaction detail report as of 9/30 for the
year being audited.
* Obtain suspense account transaction detail report
for months subsequent to year-end (October through end of fieldwork).
* Identify unreconciled differences outstanding at 9/30 that were
subsequently resolved.
* Determine if the differences were adequately researched and resolved.
* Determine if the appropriate adjustments were
made to the agency FBWT accounts or that Treasury had been notified of
needed corrections.
3. Assess the materiality of all unreconciled differences outstanding
(at absolute value).
4. Summarize test results.
5.
Document the potential effect of material unreconciled differences on
the FBWT line item and other financial statement accounts.
FB-8;
A. To determine if the agency recorded warrants, appropriation
transfers, and rescissions properly, perform the following (rights and
obligations):
1. For first year appropriations, obtain copies of the
appropriation legislation and U.S. Treasury Appropriation Warrants (FMS
6200) for the fiscal year.
* Compare the warrants to the appropriation
legislation.
* Trace amounts reported on the appropriation warrants to
beginning appropriation balances recorded in the general ledger FBWT
accounts.
* Examine supporting documentation for any differences/reconciling
items.
2.
For other than first year appropriations, trace the beginning balances
recorded in the general ledger to audited ending balances of the prior
fiscal year financial statements. (Note: If this is a first year audit,
additional work may be necessary to substantiate the beginning FBWT
account balance. For example, the auditor may need to consider if the
reconciliation process has been effective over the life of the
appropriations. This may require review of prior year
reconciliations.);
3. For appropriation activity occurring during the fiscal year being
audited (supplemental appropriations, rescissions, and nonexpenditure
transfers), obtain copies of related legislation for supplemental
appropriation and rescission warrants and U.S. Treasury Non-Expenditure
Transfer Authorizations form (FMS 1151) for the fiscal year.
* Compare
supplemental appropriations and rescissions recorded in the agencies'
FBWT account to appropriation legislation and to U.S. Treasury
warrants.
* Compare non-expenditure transfer amounts recorded in the
agencies' FBWT account to approved Non-Expenditure Transfer
Authorizations form (FMS 1151).
4. Examine supporting documentation for any differences/reconciling
items.
FB-9:
A. To determine the existence and completeness of the appropriation,
fund, and receipt accounts included in the FBWT financial statement
balance (existence, completeness, presentation and disclosure):
1. Obtain the agency "crosswalk" of G/L accounts included in the FBWT
line item and the September Treasury Undisbursed Appropriation Account
Trial Balance and Receipt Account Trial Balance.
* Trace account balances
listed on the Treasury trial balances to the agency crosswalk of G/L
accounts included in the FBWT line item.
* Determine the status of
accounts (i.e., open, expired, canceled) and assess whether the account
is appropriately included in the FBWT line item.
* Obtain an explanation
and determine the appropriateness of accounts omitted from or included
in the crosswalk that were not included in the Treasury trial balance.
IV. Reporting Phase; FB-10; To determine if the FBWT balance appears
reasonable (analytical procedure):
1. Compare the G/L accounts that
constitute the FBWT with expectations and obtain explanation for any
unexpected changes (e.g., credit balances, new accounts, closed
accounts) or the absence of expected changes.
2. Determine if additional testing is necessary.
B. To assess whether the presentation of the financial statements and
footnote disclosures for the FBWT line item are in accordance with U.S.
generally accepted accounting principles (SFFAS No. 1) (presentation
and disclosure) (see GAO/PCIE FAM, Part II, section 1004-Financial
Reporting: Checklist for Reports Prepared under the CFO Act):
1.
Determine if the agency has presented and disclosed FBWT in the notes
to the financial statements in accordance with U.S. generally accepted
accounting principles.
2. Determine if material unreconciled differences are disclosed and
explained in the notes to the financial statements.
3.
Determine if material unreconciled differences that were written off by
the agency during the fiscal year being audited are disclosed in the
notes to the financial statements.
4. Determine if material restrictions, if any, have been properly
disclosed.
FB-11:
A. Prepare proposed audit adjustments, if any.
B. Conclude if the FBWT line item is fairly stated and if the controls
over FBWT are effective.
FOOTNOTES
[1] These tools are based on the best practices guidance received from
the participating accounting and auditing firms and the AICPA
publication, Practice Alert No. 95-3, Auditing Related Parties and
Related Party Transactions, which is available at http://www.aicpa.org/
members/div/secps/lit/practice/953.htm.
[2] Trading partners are agencies, bureaus, programs or other entities
(within or between entities) participating in transactions with each
other.
[3] The Intragovernmental Payment and Collection (IPAC) system replaced
the Online Payment and Collection (OPAC) system in December 2001.
[4] Medicaid assists states in providing medical care to their low-
income populations by granting federal matching payments under the
Social Security Act to states with approved plans.
[5] The banking system data is reported via CASHLINK, other federal
agencies via IPAC (which replaced OPAC in December 2001), and FMS
regional financial centers via GOALS. See FAM section 921 A for more
detail on the Treasury processes and reports related to FBWT
reconciliation.
[End of section]
SECTION 1000:
Reporting:
1001 - MANAGEMENT REPRESENTATIONS:
.01:
This section deals with the management representations that the auditor
is required to obtain from current management as part of the audit, as
described in sections 280 and 550. It covers the four general areas of
representations: representations about the financial statements,
internal control, financial management systems' substantial compliance
with the requirements of the Federal Financial Management Improvement
Act of 1996 (FFMIA), and compliance with laws and regulations. In the
AICPA standards, these representations are discussed in sections AU 333
(SAS 85), AT 501.44 (from Statement on Standards for Attestation
Engagements (SSAE) Number 10, paragraph 5.44), and AU 801. OMB audit
guidance also contains guidance on management representations letters.
.02:
Written representations from management ordinarily confirm oral
representations given to the auditor, indicate and document the
continuing appropriateness of those representations, and reduce the
possibility of misunderstanding. Management representations are not a
substitute for audit procedures. If a representation is contradicted by
other audit evidence, the auditor should investigate the circumstances
and consider the reliability of the representation. Also, the auditor
should then consider whether it is appropriate to rely on other
management representations. Management's refusal to furnish written
representations is a scope limitation sufficient to preclude an
unqualified opinion.
.03:
The specific representations obtained will depend on the circumstances
of the engagement and the nature and basis of presentation of the
financial statements. These representations apply to all the financial
statements and all periods covered by the audit report. In addition to
the representations given in the AICPA standards, the auditor generally
should consider the need to obtain representations on other matters
based on the circumstances of the audited entity. Also, the
representations given in the example representation letter in section
1001 A should be deleted if inapplicable or customized to the situation
of the entity being audited.
.04:
The management representation letter should be obtained from the
highest level of the audited entity. The officials who sign the
management representation letter should be those who, in the auditor's
view, are responsible for and knowledgeable, directly or through
others, about the matters in the representation letter. These officials
should generally be the head of the entity and the CFO, or equivalent.
Additional management representation letters should be obtained from
any component units for which separate reports are to be issued.
.05:
The management representation letter should be on the audited entity's
letterhead. The representations should be as of a date no earlier than
the date of the auditor's report--the end of fieldwork. To ensure the
letter is ready in time, a draft letter generally should be provided to
and discussed with management early in the audit and updated for
circumstances found throughout the audit. Where management signs the
letter after the end of fieldwork, the letter should state that the
representations are as of the date of the audit report. If management
signs the letter before the end of fieldwork, the auditor generally
should obtain a separate letter to update the representations to the
end of fieldwork. However, where the time difference is short, the
auditor may update the representations orally and document the update
in the workpapers.
.06:
Although the management representation letter generally should be
addressed to the Comptroller General (at GAO) or the agency IG, the
audit team should consider having the entity deliver it directly to a
member of the team to avoid any delays in receiving the letter.
.07:
Especially for large audited entities, management may need to specify a
materiality threshold in the management representation letter, below
which items would not be considered exceptions. The auditor should be
satisfied that such a materiality threshold is so far below design
materiality that even many items below this level would not, in the
aggregate, approach design materiality. For example, a threshold that
is 5 percent (or less) of design materiality may be sufficiently low.
The materiality level may be different for different representations
and would not apply to those representations not directly related to
amounts in the financial statements (such as responsibility for the
statements).
REPRESENTATIONS RELATING TO THE FINANCIAL STATEMENTS:
.08:
Paragraph AU 333.06 lists 17 management representations that are
ordinarily included in a GAAS audit if applicable. These generally
relate to management acknowledging its responsibility for the financial
statements and its belief that the financial statements are fairly
presented in conformity with generally accepted accounting principles;
completeness of financial information; recognition, measurement, and
disclosure; and subsequent events. Examples of additional
representations that may be appropriate depending on an entity's
business or industry are given in appendix B to AU 333. The auditor may
review section AU 333 for items that could be added to the
representations, many of which would have to be modified in the federal
government environment. (OMB has added a representation dealing with
intragovernmental transactions and their reconciliations for CFO Act
agencies and components.):
.09:
Appendix B of AU 333 gives example language for the following
situations:
General:
* Unaudited interim information accompanies the financial statements.
* The impact of a new accounting principle is not known.
* There is justification for a change in accounting principles.
* Financial circumstances are strained, with disclosure of management's
intentions and the entity's ability to continue as a going concern.
* The possibility exists that the value of specific significant long-
lived assets or certain identifiable intangibles may be impaired.
* The work of a specialist has been used by the entity.
Cash:
* Disclosure is required of compensating balances or other arrangements
involving restrictions on cash balances, line of credit, or similar
arrangements.
Financial instruments:
* Management intends to and has the ability to hold to maturity debt
securities classified as held to maturity.
* Management considers the decline in value of debt or equity securities
to be temporary.
* Management has determined the fair value of significant financial
instruments that do not have readily determinable market values.
* There are financial instruments with off-balance-sheet risk and
financial instruments with concentrations of credit risk.
Receivables:
* Receivables have been recorded in the financial statements.
Inventories:
* Excess or obsolete inventories exist.
Deferred charges:
* Material expenditures have been deferred.
Debt:
* Short-term debt could be refinanced on a long-term basis, and
management intends to do so.
Contingencies:
* Estimates and disclosures have been made of environmental remediation
liabilities and related loss contingencies.
* Agreements may exist to repurchase assets previously sold.
Pension and postretirement benefits:
* An actuary measured pension liabilities and costs.
* There is involvement with a multiemployer plan.
* Postretirement benefits have been eliminated.
* Employee layoffs that would otherwise lead to a curtailment of a
benefit plan are intended to be temporary.
* Management intends to either continue to make or not make frequent
amendments to its pension or other postretirement benefit plans, which
may affect the amortization period of prior service cost, or management
has expressed a substantive commitment to increase benefit obligations.
Sales:
* There may be losses from sales commitments.
* There may be losses from purchase commitments.
* Nature of the product or industry indicates the possibility of
undisclosed sales terms.
.10:
The auditor generally should consider the need for additional
customizing of the example representation letter given in section 1001
A and for the additional representations in paragraph 1001.09. Many of
the representations may have to be qualified, especially in an initial
audit or in later audits where significant problems remain. For
instance, where the example representation letter states that there are
no violations of laws or regulations, the entity may need to add at the
end of the statement, "except as follows:" and describe the violations.
.11:
In addition, the auditor generally should consider whether
circumstances may require that additional descriptive items be included
in the representation letter, especially as support for conclusions the
auditor makes in the audit. This is important where the corroborating
information that can be obtained by procedures other than inquiry is
limited. For example, the letter should include descriptions of (1) the
reasons for audited-entity-imposed scope limitations, such as lack of
availability of certain records, (2) the basis for material liability
estimates, key asset valuations, or the probability of contingencies,
and (3) significant plans or intentions for the entity. For example, if
the entity has a pension plan outside of the Civil Service Retirement
System or the Federal Employees' Retirement System, an item should
state that the entity does not plan to terminate the plan and that
management believes the actuarial assumptions and methods used to
measure pension liabilities and costs for financial reporting purposes
are appropriate in the circumstances.
REPRESENTATIONS RELATING TO INTERNAL CONTROL:
.12:
Internal control representations when the auditor opines on internal
control are found in AT 501.44 (SSAE 10, paragraph 5.44). These
representations relate to management's (1) acknowledging its
responsibility for internal control, (2) stating that management has
assessed the effectiveness of its internal control and specifying the
control criteria used, (3) stating management's assertion about the
effectiveness of its internal control based on the control criteria,
(4) stating that management has disclosed to the auditor all
significant deficiencies in the design or operation of internal control
that could adversely affect the entity's ability to meet the internal
control objectives and pointing out those that are material weaknesses
(using the definition in the representation letter, which is the
definition in AU 325), (5) describing any fraud, and (6) stating
whether there were any changes to internal control subsequent to the
end of the reporting period. Where the auditor is not opining on
internal control, he or she should delete representations 2 and 3
above. Depending on circumstances, the auditor should consider
modifying representation 4 above to remove the phrase "pointing out
those that are material weaknesses. " The auditor also should modify the
introductory paragraph to the representation letter.
.13:
For items 2 and 3, the auditor expects entities to use criteria
established under FMFIA and OMB Circular A-123 in their FMFIA internal
control assessment. Standards in GAO's green pamphlet Standards for
Internal Control in the Federal Government were established as
standards for federal entities to follow, and they were incorporated by
OMB into Circular A-123. The November 1999 update to these standards
(GAO/AIMD-00-21.3.1) is effective for fiscal year 2000 FMFIA reports
and incorporates concepts from the private sector guidance Internal
Control--Integrated Framework by the Committee of Sponsoring
Organizations (COSO) of the Treadway Commission. Entities should
summarize in the representation letter any material weaknesses relating
to financial reporting (including safeguarding), compliance (including
budget), and performance measures controls. Example wording for the
representations is given in section 1001 A for the case where
management asserts that its internal control as of the date of the
financial statements provided reasonable assurance that misstatements,
losses, or noncompliance material in relation to the financial
statements or required supplementary stewardship information would be
prevented or detected on a timely basis. If there are material
weaknesses, management should include a brief description of them in
its representation letter and modify its assertion accordingly.
.14:
For entities that have not formally assessed the effectiveness of their
internal control, AT 501 (SSAE 10, chapter 5) provides that the auditor
may assist management in its assessment by gathering or preparing
information that management can use in evaluating the effectiveness of
its internal control. The auditor may also use the information in
forming an opinion on internal control. Thus, the example
representations are appropriate for inclusion in the management
representation letter if management and the auditor agree on the
conclusions regarding the effectiveness of internal control.
REPRESENTATIONS RELATING TO FINANCIAL MANAGEMENT SYSTEMS' SUBSTANTIAL
COMPLIANCE WITH FFMIA REQUIREMENTS:
15:
FFMIA requires the auditor who performs a CFO Act audit to report
whether the entity's financial management systems comply substantially
with (1) federal financial management systems requirements, (2)
applicable federal accounting standards (now recognized as generally
accepted accounting principles), and (3) the SGL at the transaction
level. In order to report in accordance with FFMIA, the auditor should
obtain representations from management as to the entity's systems'
compliance with these requirements.
.16:
The auditor should obtain representations that management takes
responsibility for complying substantially with the FFMIA requirements,
stating that it has assessed the systems' compliance, stating the
criteria used, and asserting the systems' substantial compliance (or
lack thereof). The criteria should be the requirements in OMB Circular
A-127, Financial Management Systems (which incorporates the SGL, the
JFMIP Federal Financial Management Systems Requirements documents, and
other OMB circulars). These requirements are further described,
including indicators of substantial compliance, in OMB's FFMIA
implementation guidance for CFOs and IGs, referenced in OMB's audit
guidance.
REPRESENTATIONS RELATING TO COMPLIANCE WITH LAWS AND REGULATIONS:
.17:
AU 801.07 suggests that a representation relating to compliance with
laws and regulations state that management has identified and disclosed
to the auditor all laws and regulations that have a direct and material
effect on the financial statements.
.18:
In addition, AT 601 (SSAE 10, chapter 6) deals with compliance
attestation. The auditor is not required to follow this standard
because it does not apply to audits reporting on compliance as part of
an audit of financial statements or on audits reporting in accordance
with Government Auditing Standards. However, in situations in which the
auditor believes additional representations regarding compliance may be
needed, examples are given in AT 601. 68 (SSAE 10, paragraph 6. 68).
EFFECT OF CHANGE IN MANAGEMENT ON REPRESENTATION LETTER:
.19:
Sometimes management is reluctant to sign representations for periods
when it did not manage the entity. The auditor should explain to
management that by issuing the financial statements, it is making the
assertions implicit in the financial statements. Management may wish to
understand the transactions and controls supporting the financial
statements, and the auditor should help it do so. Where a change in
management is expected, the auditor may advise the new management to
obtain representations from the old management about the period prior
to the change.
[End of section]
1001 A - EXAMPLE MANAGEMENT REPRESENTATION LETTER:
[Entity Letterhead]
[Date of auditor's report and completion of fieldwork]
The Honorable [name of Inspector General or Comptroller General]
[Inspector or Comptroller] General [of the United States]
[Name of agency] [or U.S. General Accounting Office]
Washington, D. C.
Dear [name]:
This letter is in connection with your audits of the [entity's] balance
sheet as of September 30, 20X1 and 20X2, [or dates of audited financial
statements] and the related statements of net costs, changes in net
position, budgetary resources, financing, and custodial activity [if
applicable], for the years then ended for the purposes of (1)
expressing an opinion as to whether the financial statements are
presented fairly, in all material respects, in conformity with
generally accepted accounting principles, (2) expressing an opinion [or
reporting] on [entity's] internal control as of September 30, 20X2 [or
date of latest audited financial statements], (3) reporting whether the
[entity's] financial management systems substantially comply with
federal financial management systems requirements, applicable federal
accounting standards (generally accepted accounting principles), and
the U.S. Government Standard General Ledger at the transaction level as
of September 30, 20X2, and (4) testing for compliance with applicable
laws and regulations.
Certain representations in this letter are described as being limited
to matters that are material. For purposes of this letter, matters are
considered material if they involve $X or more. Items also are
considered material, regardless of size, if they involve an omission or
misstatement of accounting information that, in the light of
surrounding circumstances, makes it probable that the judgment of a
reasonable person relying on the information would be changed or
influenced by the omission or misstatement.
We confirm, to the best of our knowledge and belief, the following
representations made to you during the audits (these representations
are as of [date of completion of fieldwork], pertain to both years'
financial statements, and update the representations we provided in the
prior year):
1. We are responsible for the fair presentation of the financial
statements and stewardship information in conformity with generally
accepted accounting principles.
2. The financial statements are fairly presented in conformity with
generally accepted accounting principles.
3. We have made available to you all:
a. financial records and related data,
b. where applicable, minutes of meetings of the Board of Directors [or
other similar bodies, such as congressional oversight committees] or
summaries of actions of recent meetings for which minutes have not been
prepared, and:
c. communications from the Office of Management and Budget (OMB)
concerning noncompliance with or deficiencies in financial reporting
practices.
4. There are no material transactions that have not been properly
recorded in the accounting records underlying the financial statements
or disclosed in the notes to the financial statements.
5. We believe that the effects of the uncorrected financial statement
misstatements summarized in the accompanying schedule are immaterial,
both individually and in the aggregate, to the financial statements
taken as a whole. [An example accompanying schedule is included in
section 595 C. ] [If management believes that certain of the identified
items are not misstatements, management's belief may be acknowledged by
adding to the representation, for example, "We believe that items XX
and XX do not constitute misstatements because [description of
reason]. "] [This representation is required for audits of financial
statements for periods beginning on or after December 15, 1999. ]
6. The [entity] has satisfactory title to all owned assets, including
stewardship property, plant, and equipment; such assets have no liens
or encumbrances; and no assets have been pledged.
7. We have no plans or intentions that may materially affect the
carrying value or classification of assets and liabilities.
8. Guarantees under which the [entity] is contingently liable have been
properly reported or disclosed.
9. Related party transactions and related accounts receivable or
payable, including assessments, loans, and guarantees, have been
properly recorded and disclosed.
10. All intraentity transactions and balances have been appropriately
identified and eliminated for financial reporting purposes, unless
otherwise noted. All intragovernmental transactions and balances have
been appropriately recorded, reported, and disclosed. We have
reconciled intragovernmental transactions and balances with the
appropriate trading partners for the four fiduciary transactions
identified in Treasury's Intra-governmental Fiduciary Transactions
Accounting Guide, and other intragovernmental asset, liability, and
revenue amounts as required by OMB Bulletin 97-01, as amended.
11. There are no:
a. possible violations of laws or regulations whose effects should be
considered for disclosure in the financial statements or as a basis for
recording a loss contingency,
b. material liabilities or gain or loss contingencies that are required
to be accrued or disclosed that have not been accrued or disclosed, or:
c. unasserted claims or assessments that are probable of assertion and
must be disclosed that have not been disclosed.
12. We have complied with all aspects of contractual agreements that
would have a material effect on the financial statements in the event
of noncompliance.
13. No material events or transactions have occurred subsequent to
September 30, 20X2 [or date of latest audited financial statements],
that have not been properly recorded in the financial statements and
stewardship information or disclosed in the notes.
14. There has been no material fraud (intentional misstatements or
omissions of amounts or disclosures in financial statements and
misappropriation of assets that could have a material effect on the
financial statements or stewardship information) or any fraud involving
management or employees who have significant roles in internal control.
[If there were any incidents of fraud meeting the foregoing criteria,
they should be described. ]
15. We are responsible for establishing and maintaining internal
control.
16. Pursuant to the Federal Managers Financial Integrity Act, we have
assessed the effectiveness of [entity's] internal control in achieving
the following objectives:
a. reliability of financial reporting--transactions are properly
recorded, processed, and summarized to permit the preparation of
financial statements and stewardship information in accordance with
generally accepted accounting principles, and assets are safeguarded
against loss from unauthorized acquisition, use or disposition;
b. compliance with applicable laws and regulations--transactions are
executed in accordance with (i) laws governing the use of budget
authority and with other laws and regulations that could have a direct
and material effect on the financial statements and (ii) any other
laws, regulations, and governmentwide policies identified by OMB in its
audit guidance; and:
c. reliability of performance reporting--transactions and other data
that support reported performance measures are properly recorded,
processed, and summarized to permit the preparation of performance
information in accordance with criteria stated by management.
17. Those controls in place on September 30, 20X2 [or date of latest
audited financial statements], provided reasonable assurance that the
foregoing objectives are met.
[If there are material weaknesses, the foregoing representation should
be modified to read:
Those controls in place on September 30, 20X2, provided reasonable
assurance that the foregoing objectives are met except for the effects
of the material weaknesses discussed below or in the attachment.
or: Internal controls are not effective.
or: Internal controls do not meet the foregoing objectives. ]
18. We have disclosed to you all significant deficiencies in the
design or operation of internal control that could adversely affect
the entity's ability to meet the internal control objectives and
identified those we believe to be material weaknesses. [This item is
not required if the auditor is not opining on internal control. ]
19, There have been no changes to internal control subsequent to
September 30, 20X2 [or date of latest audited financial statements], or
other factors that might significantly affect it. [If there were
changes, describe them, including any corrective actions taken with
regard to any significant deficiencies or material weaknesses. ] [This
item is not required if the auditor is not opining on internal
control. ]
20. We are responsible for implementing and maintaining financial
management systems that comply substantially with federal financial
management systems requirements, federal accounting standards
(generally accepted accounting principles), and the U.S. Government
Standard General Ledger at the transaction level.
21. We have assessed the financial management systems to determine whether
they comply substantially with these federal financial management
systems requirements. Our assessment was based on guidance issued by
OMB.
22.
The financial management systems complied substantially with federal
financial management systems requirements, federal accounting
standards, and the U.S. Government Standard General Ledger at the
transaction level as of [date of the latest financial statements].
[If the financial management systems substantially comply with only one
or two of the above elements, this representation should be modified as
follows:
As of [date of financial statements], the [entity's] financial
management systems comply substantially with [specify which of the
three elements for which there is substantial compliance (e.g., federal
accounting standards and the SGL at the transaction level)], but did
not comply substantially with [specify which of the elements for which
there was a lack of substantial compliance (e.g., federal financial
management systems requirements)], as described below (or in an
attachment). ]
[If the financial management systems do not comply substantially with
any of thee three elements, the following paragraph should be used
instead:
As of [date of financial statements], the [entity's] financial
management systems do not comply substantially with the federal
financial management systems requirements. ]
[If there is a lack of substantial complliance with one or more of the
three requirements, identify herein or in an attachment all the facts
pertaining to the noncompliance, including the nature and extent of the
noncompliance and the primary reason or cause of the noncompliance. ]
23.
We are responsible for [entity's] compliance with applicable laws and
regulations.
24.
We have identified and disclosed to you all laws and regulations that
have a direct and material effect on the determination of financial
statement amounts.
25.
We have disclosed to you all known instances of noncompliance with laws
and regulations.
__:
[Name of Head of Entity]
[Title]
__:
[Name of Chief Financial Officer]
[Title]
[End of section]
1002 - INQUIRIES OF LEGAL COUNSEL
.01:
This section provides guidance on procedures for the auditor to perform
to obtain evidence that the financial accounting and reporting of
contingencies[Footnote 1] regarding litigation, claims, and
assessments conform with U.S. generally accepted accounting principles
(GAAP), as described in FAM sections 280 and 550. This section
discusses the accounting and reporting guidance and audit procedures
for inquiries of legal counsel concerning litigation, claims, and
assessments, and includes examples of a legal representation letter
request, a legal representation letter response, including the
Department of Justice's standard forms for legal contingencies, and
management's schedule for summarizing the information contained in the
legal response.
ACCOUNTING AND REPORTING GUIDANCE:
.02:
Entity management is responsible for implementing policies and
procedures to identify, evaluate, account for, and disclose litigation,
claims, and assessments as a basis for the preparation of financial
statements in conformity with GAAP.
.03:
Statement of Federal Financial Accounting Standards (SFFAS) No. 5,
Accounting for Liabilities of the Federal Government, as amended by
SFFAS No.12, Recognition of Contingent Liabilities Arising from
Litigation: An Amendment of SFFAS No. 5, Accounting for Liabilities of
the Federal Government, contains accounting and reporting standards for
loss contingencies, including those arising from litigation, claims,
and assessments. [Footnote 2] The Federal Accounting Standards Advisory
Board (FASAB) Interpretation No. 2, Accounting for Treasury Judgment
Fund Transactions, clarifies GAAP related to claims to be paid through
the Treasury Judgment Fund. [Footnote 3] Statement of Financial
Accounting Standards No. 5, Accounting for Contingencies, also provides
guidance for financial accounting and reporting for loss and gain
contingencies for those entities following GAAP for nongovernmental
entities. The definition of probable for legal contingencies is now
essentially the same in Statement of Financial Accounting Standard No.
5 and SFFAS No. 5, since SFFAS No.12 has amended the latter.
.04:
A contingency is an existing condition, situation, or set of
circumstances involving uncertainty as to possible gain or loss to an
entity. The uncertainty will ultimately be resolved when one or more
future events occur or fail to occur. When a loss contingency exists,
the likelihood that the future event or events will confirm the loss or
impairment of an asset or the incurrence of a liability can range from
probable to remote. SFFAS Nos. 5 and 12 use the terms probable,
reasonably possible, and remote to identify three areas within the
range of potential loss, as follows:
* Probable--For pending or threatened litigation and unasserted claims,
the future confirming event or events are likely to occur. (For other
contingencies, the future event or events are more likely than not to
occur.):
* Reasonably possible--The chance of the future event or events
occurring is more than remote but less than probable.
* Remote--The chance of the future event or events occurring is slight.
.05:
A liability and the related cost for an estimated loss from a loss
contingency should be recognized (accrued by a charge to income)
when[Footnote 4]
a. a past event or exchange transaction has occurred,
b. a future outflow or other sacrifice of resources is probable, and:
c. the future outflow or sacrifice of resources is measurable.
.06:
Disclosure of the nature of an accrued liability for loss
contingencies, including the amount accrued, may be necessary for the
financial statements not to be misleading. For example, if the amount
recognized is large or unusual, disclosure should be considered.
However, if no accrual is made for a loss contingency because one or
more of the conditions in paragraph 1002.05 are not met, disclosure of
the contingency should be made when there is at least a reasonable
possibility that a loss has been incurred. The disclosure should
include the nature of the contingency, and an estimate of the possible
liability or range of possible liability, if estimable, or a statement
that such an estimate cannot be made. In addition, if the Judgment Fund
might be involved in the payment of the possible loss, the federal
entity involved in the litigation should discuss the Judgment Fund's
role in a note to the financial statements.
.07:
Although management often relies on advice of legal counsel about the
(a) likelihood of an unfavorable outcome and (b) estimates of the
amount or range of potential loss for litigation, claims, and
assessments, management is ultimately responsible for determining
whether these contingencies are probable, reasonably possible, or
remote. Management does this to decide whether they should be
recognized as liabilities and/or disclosed in the notes to the
financial statements. Thus, the Office of Management and Budget's (OMB)
audit guidance requires CFO Act agency management to prepare a schedule
summarizing legal contingencies including whether they are probable,
reasonably possible, or remote, and whether (and in what amounts) they
have been accrued or disclosed in the financial statements (see example
summary schedule in FAM section 1002 D).
AUDIT PROCEDURES:
.08:
The auditor should design procedures to test the entity's accounting
for and disclosure of litigation, claims, and assessments. AU 337 (SAS
12) provides guidance on the procedures to identify litigation, claims,
and assessments so that the auditor may obtain evidence that they are
appropriately accounted for and disclosed. AU 9337 provides auditing
interpretations of AU 337. OMB guidance for audits of federal financial
statements also contains procedures for inquiries of legal counsel.
(See FAM section 1002 A for example audit procedures.):
.09: The auditor should obtain evidence relevant to the following factors
with respect to litigation, claims, and assessments:
a. The existence of a condition, situation, or set of circumstances
indicating uncertainty as to the possible loss to an entity arising
from litigation, claims, and assessments.
b. The period in which the underlying causes for legal action occurred.
c. The likelihood of an unfavorable outcome (probable, reasonably
possible, or remote).
c. The amount or range of potential loss, if estimable.
.10:
The auditor should discuss with management the events or conditions
that should be considered in the accounting for and reporting of
litigation, claims, and assessments. The auditor should perform audit
procedures to corroborate the information provided by management,
including requesting that management send a legal letter request to the
entity's legal counsel. An example audit program is in FAM section 1002
A. The audit procedures should be modified, as appropriate, for the
particular entity.
.11:
A letter from legal counsel to the auditor, in response to a legal
letter request from management to legal counsel, is the auditor's
primary means of corroborating the information furnished by management
concerning the accuracy and completeness of litigation, claims, and
assessments. The legal letter request may include a list of pending or
threatened litigation, claims, and assessments or a request by
management that legal counsel prepare the list. The legal letter
request also may include a list of unasserted claims and assessments
considered probable of assertion, and that, if asserted, would have at
least a reasonable possibility of an unfavorable outcome, to which
legal counsel has devoted substantive attention on the entity's behalf
in the form of legal consultation or representation (or a statement
that management is not aware of any matters meeting the criteria).
Legal counsel then would supplement management's information about
those unasserted claims and assessments, including an explanation of
matters where his or her views differ from those expressed by
management in the legal letter request. In the federal government,
where the general counsel may be part of management, the general
counsel may instead provide the list of unasserted claims or
assessments meeting the above criteria. The legal letter request should
also include a request for legal counsel to make a statement that he or
she will advise management about unasserted claims and assessments that
should be considered for disclosure. (See the example request and
response in FAM sections 1002 B and 1002 C.):
Timing of Legal Letter Request and Responses:
.12:
The audit procedures for inquiries of legal counsel concerning
litigation, claims, and assessments should be performed on a timely
basis to give priority to the resolution of potential problem areas and
to complete other procedures. To meet deadlines, the auditor, entity
management, and legal counsel should coordinate the timing of legal
letter requests, responses (including interim responses), and related
management schedules. The auditor and the entity management should
consider the due dates for providing legal letter responses for the
entity financial statements as well as for the U.S. Government's
Consolidated Financial Statements. (OMB sometimes provides these dates
for the governmentwide audit.) The due dates should enable the auditors
to timely complete their work, including the potential need for
management to inquire of Department of Justice legal counsels on a
case-specific basis.
.13:
In addition, when an entitywide audit team uses the work of entity
component audit teams, the entitywide and component audit teams should
coordinate the timing of legal letter requests, responses, and
management schedules and consider the due dates for the component
financial statements as well as the entitywide financial statements.
The entitywide team generally should receive copies of the component
letters.
.14:
The legal counsel's response should include matters that existed at the
balance sheet date and through the end of fieldwork. The effective date
(the latest date covered by the legal counsel's review) should be as
close as feasible to the completion of fieldwork. If the effective date
is substantially in advance of the end of fieldwork (for example,
earlier than 2 weeks before end of fieldwork), the auditor should
contact the legal counsel for an updated response. To avoid this
situation, the legal letter request should clearly specify the period
the legal counsel's response should cover and the date the auditor
should receive the response.
.15:
To assist the auditor in completing the review of legal matters in a
timely manner (and to assist management in preparing the financial
statements), the auditor may ask management to request legal counsel to
submit a preliminary or interim response covering matters that existed
at the balance sheet date and through a point in time reasonably before
the end of fieldwork so that a preliminary evaluation of the
significance of material legal matters can be made. Then, the legal
counsel should submit a final or updated response covering matters
through the end of fieldwork. The updated response generally should
contain only changes or a statement indicating there are no changes
from the interim response. (See FAM section 1002 B for an example legal
letter request that includes requests for interim and updated responses
from legal counsel.):
Determining a Materiality Level:
.16:
The auditor may limit the inquiry to matters that are considered
individually or collectively material to the financial statements,
provided the entity and the auditor have reached an understanding and
agreement on the materiality level. The materiality level, if used,
should be documented in the legal letter request and in the response.
.17:
In determining a materiality level for the legal letter, the auditor
should set the level sufficiently low that the cases not included in
the legal letter would not be material to the financial statements
taken as a whole when aggregated with (1) other cases not included in
the letter, (2) all other types of contingencies, (3) all other items
that would not be adjusted because they are judged immaterial
(unadjusted misstatements), (4) all other amounts in the financial
statements that would not be tested directly because they were judged
to be immaterial, and (5) all other items resolved on the basis of
materiality considerations. For example, 2. 5 percent of design
materiality is used for individual cases in the U. S Government's
Consolidated Financial Statements and 5 percent of design materiality
is used for the aggregate of all cases.
.18:
In aggregating cases, the auditor and the entity may use two levels of
aggregation. First, similar cases (such as employment discrimination
cases, harbor maintenance fee cases, spent nuclear fuel cases, or
military promotion board challenges) should be aggregated and treated
as a group and compared with the individual materiality level. The
aggregation generally should include a list of the individual cases
that are aggregated and a discussion of the items of information
requested to be included in the legal letter for the aggregated cases
(see FAM sections 1002 B and 1002 C). Second, all cases not included in
the legal letter individually or as part of a group of similar cases
should be aggregated. A higher materiality level may be used for such
an aggregation; however, this higher materiality level should be set
sufficiently low that the cases not included in the legal letter would
not be material to the financial statements taken as a whole when
aggregated with the other items listed in the previous paragraph.
.19:
Where the entity engages more than one legal counsel, the auditor
should exercise caution so that matters considered not material
individually would not, when aggregated, exceed the materiality limit.
In addition, when separate legal representation letters are issued on
individual components/bureaus of a consolidated entity because of
individual component audits, the auditor may determine materiality
levels for each component/bureau.
Legal Counsels from Whom Information Should Be Requested:
.20:
Most federal agencies have a general counsel who has primary
responsibility for and knowledge about the entity's litigation, claims,
and assessments. The auditor should request entity management to send a
legal letter request to the general counsel. In addition, the auditor
should ask the management and/or general counsel whether the entity
used outside legal counsel whose engagement may be limited to
particular matters (e.g., specific litigation).
.21:
In the federal government, the main legal counsel outside of the entity
is the Department of Justice. [Footnote 5] The entity's management, its
legal counsel, or the auditor may consult with Justice as well as other
outside legal counsel to assure completeness and accuracy of the
presentation of matters related to litigation, claims, and assessments.
Such consultation may include requesting a list of pending litigation,
claims, and assessments from Justice or other outside legal counsel, or
discussion of specific cases.
.22:
The legal response should cover all litigation, claims, and assessments
pertaining to the federal reporting entity, including matters handled
by Justice and other outside legal counsel on behalf of the entity. If
the general counsel has overall responsibility for handling and
evaluating litigation, claims, and assessments, his or her evaluation
and responses ordinarily would be considered adequate. However,
evidential matter obtained from inside legal counsel is not a
substitute for information that outside legal counsel refuses to
furnish to the auditor.
.23:
Where there is no general counsel and management has not consulted
legal counsel, the auditor should obtain a written representation from
management that legal counsel has not been consulted. Such
representation may be incorporated as an item in the management
representation letter. (See FAM sections 550 and 1001.) (An example
item is: "We are not aware of any pending or threatened litigation,
claims, or assessments or unasserted claims or assessments that are
required to be accrued or disclosed in the financial statements in
accordance with SFFAS No. 5. We have not consulted legal counsel
concerning litigation, claims, or assessments. "):
Evaluation of Responses:
.24:
Written responses from legal counsel will vary considerably in the
scope of information provided and in the opinion expressed. In
preparing the responses, legal counsels should consider the guidance
contained in the American Bar Association's Statement of Policy
Regarding Lawyers' Responses to Auditors' Requests for Information (ABA
Policy Statement) (included in its entirety in AU 337 C). If legal
counsel does not follow the ABA Policy Statement in responding to the
auditor, the legal counsel's response nevertheless should meet the
requirements of AU 337.
.25:
The response should cover all components included in the financial
statements being audited. Legal counsel generally should indicate the
disposition of cases included in the prior year's letter that are no
longer contingencies.
.26:
The auditor should evaluate each response in terms of sufficiency as
evidence and consider (a) the possible limitations on the scope of
legal counsel's responses and (b) the lack of sufficient opinion on the
resolution of a case. AU 9337 provides guidance in evaluating legal
counsel's responses. The auditor also should consider the legal
counsel's response in light of any other information that comes to the
auditor's attention.
Possible Limitations on the Scope of Legal Counsel's Responses:
.27:
When legal counsel limits his/her responses, the auditor should
determine whether the limitation affects the auditor's report. A legal
counsel may appropriately limit responses to certain matters; for
example, to matters that (a) the legal counsel has given substantive
attention to in the form of legal consultation or representation and
(b) are considered individually or collectively material to the
financial statements, provided the entity and the auditor have reached
an understanding on materiality levels. These limitations are
acceptable and not limitations on the scope of the audit.
.28:
The following are examples of limitations on legal counsel's responses
that are not acceptable to the auditor and that would ordinarily result
in a scope limitation:
a. Legal counsel refuses to furnish the requested information. When
legal counsel refuses to furnish the information requested in the legal
letter request, the auditor should consider this matter as a scope
limitation sufficient to preclude an unqualified opinion.
b.
Legal counsel excludes matters requested. The legal counsel's responses
may not address all information requested. The auditor should compare
legal counsel's response with the legal letter request and determine
whether legal counsel has addressed all the information requested. If
legal counsel excluded any of the requested matters, the auditor should
obtain responses for those matters from legal counsel. If the auditor
is unable to obtain all the information needed, the auditor should
consider this a scope limitation that could be sufficient to preclude
an unqualified opinion.
c.
Legal counsel indicates that certain information is being withheld due
to attorney-client privilege. Under the American Bar Association (ABA)
Code of Professional Responsibility, legal counsel is required to
preserve the confidences and secrets of the client. Legal counsel may
disclose confidences to the auditor only with the consent of the
client. If the legal letter request is prepared in accordance with AU
337, the auditor should expect that legal counsel would be responsive;
otherwise the scope of the audit would be restricted. (On the other
hand, explanatory language in the legal letter request or in legal
counsel's response emphasizing that management or legal counsel does
not intend to waive attorney-client privilege or attorney work-product
privilege does not result in a scope limitation.):
Lack of Sufficient Opinion on the Resolution of a Case:
.29:
The following are examples of the legal counsel's responses that lack
sufficient opinion on the resolution of a case.
a.
Uncertainties. A legal counsel may be unable to respond concerning the
likelihood of an unfavorable outcome of litigation, claims, and
assessments or the amount or range of potential loss, because of
inherent uncertainties. In these circumstances, the auditor ordinarily
will conclude that the financial statements are affected by an
uncertainty concerning the outcome of a future event, which is not
susceptible to reasonable estimation. The auditor should follow the
guidance in FAM section 580 for reporting on uncertainties.
b. Unclear responses. Legal counsels sometimes use general terms to
indicate their evaluation of the outcome of a case. The ABA Policy
Statement states that legal counsel may, in the appropriate
circumstances, communicate to the auditor his/her view that an
unfavorable outcome is "probable" or "remote. " The legal letter
responses may include phrases that mean remote or probable. The phrases
below are examples of opinions that provide sufficient clarity that the
likelihood of an unfavorable outcome is remote:
* "We are of the opinion that this action will not result in any
liability to the entity. ":
* "We believe that the plaintiff's case against the entity is without
merit. ":
The following are examples of opinions that indicate significant
uncertainty as to whether the entity will prevail:
* "In our opinion, the entity has a substantial chance of prevailing in
this action. " (A "substantial chance," a "reasonable opportunity," and
similar terms indicate more uncertainty than an opinion that the entity
will prevail.):
* "It is our opinion that the entity will be able to assert meritorious
defenses to this action. " (The term "meritorious defenses" indicates
that the court will not summarily dismiss the entity's defenses; it
does not indicate legal counsel's opinion that the entity will
prevail.):
.30:
To avoid unclear and incomplete responses, the auditor generally should
ask management to request legal counsel to use Justice's standard forms
to describe legal contingencies (see pages 1002 C-4 to 6 for examples
of these forms). When legal counsel does not indicate whether the
unfavorable outcome is probable or remote, management and the auditor
should conclude that the outcome is reasonably possible and the case
should be considered for disclosure. (Management, with legal counsel's
advice, determines whether cases are probable, reasonably possible, or
remote, to decide whether they should be recognized as liabilities and/
or disclosed in the notes to the financial statements.):
.31:
If the auditor is not certain about the legal counsel's evaluation, the
auditor should discuss the matters with the legal counsel and entity
management (and document the oral discussion) and/or obtain written
clarification in a follow-up letter. Sometimes legal counsel may give a
clearer indication of likelihood orally. If legal counsel is unable to
give a clear evaluation of the likelihood of an unfavorable outcome,
management should disclose the uncertainty and the auditor should
consider the uncertainty's effect on the audit report.
Example Legal Letter Request:
.32:
The legal letter request, which the auditor may assist management to
draft, should be on the audited entity's letterhead, signed by the
Chief Financial Officer (CFO), or equivalent, and request a reply
directly to the auditor and a copy to management by specified due
dates. FAM section 1002 B shows an example legal letter request that
includes requests for interim and updated responses from legal counsel
and matters that should be covered in the letter.
Example Legal Counsel's Responses and Management's Schedule:
.33:
The General Counsel should respond on General Counsel letterhead to the
auditor with a copy to management by the agreed-upon due dates. The
response should indicate that it is provided for the auditor's use in
connection with the audit.
.34:
FAM section 1002 C shows an example of a legal counsel response,
including the legal representation letter and Justice's legal
contingency standard forms for each case or group of cases,
respectively. Justice's forms (pages 1002 C-4 to 6) are on Justice's
website: http://www. usdoj. gov/civil/forms/forms. htm.
.35:
FAM section 1002 D shows an example of management's schedule that
documents how the information contained in the legal counsel's
responses was considered in preparing the financial statements.
Management should include each case discussed in the legal letter and
indicate (1) the amount accrued for probable cases and (2) note
disclosure for reasonably possible cases, probable cases where the
amount cannot be estimated, and probable cases where a range of amounts
above the accrued amount is estimated. The electronic templates for FAM
sections 1002 C (pages 1002 C-1 to 3) and 1002 D are on OMB's website:
http://www. whitehouse. gov/omb/bulletins/index. html.
PRACTICE AIDS:
.36: The following practice aids are appended:
Section 1002 A - Example Audit Procedures;
Section 1002 B - Example Legal Letter Request;
Section 1002 C - Example Legal Representation Letter, including
Justice's Example Legal Contingencies Forms; and:
Section 1002 D - Example Management Summary Schedule.
[End of section]
1002 A - EXAMPLE AUDIT PROCEDURES FOR INQUIRIES OF LEGAL COUNSEL:
Entity:
Period of financial statements:
Job code:
Example Audit Procedures:
I. Testing Procedures:
1. Ask management about the entity's policies and
procedures for identifying, evaluating, and accounting for litigation,
claims, and assessment.
2. Obtain from management a description and evaluation of litigation,
claims, and assessments existing as of the balance sheet date and
through the date of management's response (which should be near the end
of fieldwork). (This may instead be obtained from the entity's legal
counsel.).
3.
To determine whether an outside legal counsel is performing services
for the entity, inquire of management whether outside legal counsel has
been used by the entity and matters handled. Ask management for a list
of pending litigation, claims, and assessments from the Department of
Justice and/or examine correspondence and invoices from other outside
legal counsel (e.g., for legal fees), if any.
4.
Ask whether the entity has changed its general counsel or outside legal
counsel or the general counsel or outside legal counsel has resigned or
has indicated an intention to resign. If so, determine if there are
matters that may affect the financial statements. For example, in
appropriate circumstances, a legal counsel may be required by the ABA
Code of Professional Responsibility to resign the engagement if the
legal counsel's advice concerning disclosures is disregarded by the
entity.
5. To identify litigation, claims, and assessments read minutes of
management meetings, contracts, loan agreements, leases, and
correspondence from other government entities and discuss pertinent
items with management.
6. If information comes to the auditor's attention that may indicate a
potential contingency with respect to litigation, claims, or
assessments that may require adjustment to or disclosure in the
financial statements, discuss with the entity its possible need to
consult legal counsel. Depending on the severity of the matter, refusal
by the entity to consult legal counsel in those circumstances may
result in a scope limitation. Consider the effect of such a limitation
on the auditor's report.
7.
Request entity management to send a legal letter request to the general
counsel asking counsel to respond directly to the auditor. (Obtain a
copy of the legal letter request.) Consider whether to also request
legal letters from any outside legal counsel. The legal letter should
cover litigation, claims, and assessments pertaining to the reporting
entity, including matters handled by the Department of Justice or other
outside legal counsel. (See Sections 1002 B for an example legal letter
request.) Coordinate with management and legal counsel to;
* determine
the timing of legal letter requests and responses and related
management's summary/schedules of information contained in legal
responses and;
* determine a materiality level to be included in the
legal representation letter.
8.
Read the legal letter responses and management's schedules to identify
litigation, claims, and assessments.
9.
Compare the description and evaluation of the current year's legal
letter responses to the prior year's audit documentation. If this
comparison indicates that certain legal matters in the prior year are
no longer included, discuss these matters with management or legal
counsel to obtain an understanding of the reasons for the changes.
10.
Determine whether the information in the legal representation letter is
consistent with management's schedule summarizing the information in
the letter and related supporting documentation.
11.
Discuss with legal counsel if the information obtained is not complete,
clear, or consistent.
12.
Evaluate legal counsel's responses and determine the effects of the
responses on liabilities and related note disclosures in the financial
statements and on the auditor's report.
13.
If a response date is substantially in advance of the audit report
date, for example, earlier than 2 weeks prior to date of auditors'
report, obtain a written or oral update response. (The longer the
period between the legal letter and the audit report date, the more
important a written update becomes.).
II. Reporting Procedures:
Obtain a representation from management in
the management representation letter (see FAM sections 550 and 1001)
that the entity has disclosed all unasserted claims that legal counsel
has advised are probable of assertion that, if asserted, would have at
least a reasonable possibility of an unfavorable outcome and must be
disclosed.
1. Discuss the description and evaluation of litigation,
claims, and assessments obtained with management to determine if,
subsequent to the date of legal counsel's response, there have been any
changes in status of the matters, changes in management's evaluation of
the outcome, or additional matters to be considered.
2.
If there are significant changes in the status of the matters or new
matters, obtain a written confirmation or updated response from legal
counsel.
3. Have management include in the management representation letter
representations related to contingencies and determine if they are
appropriately accrued and disclosed as required by SFFAS No. 5, as
amended. If management has not consulted legal counsel, obtain a
written representation from management that legal counsel has not been
consulted. This representation may be incorporated in the management
representation letter (see FAM sections 550 and 1001).
4. Read the entity's financial statements and notes and:
a. consider the
adequacy of financial statement disclosure for contingencies with
respect to litigation, claims, and assessments.
b. determine if the financial statement disclosures for contingencies
with respect to litigation, claims, and assessments are prepared in
accordance with the OMB guidance on form and content of agency
financial statements; and.
c.
for federal entities involved in litigation for which the Judgment Fund
is a likely source of judgment or settlement, determine if a note to
the financial statements discusses the Judgment Fund's role in the
payment of a possible loss, as required by FASAB Interpretation No. 2,
Accounting for Treasury Judgment Fund Transactions.
5. Document conclusions reached concerning the accounting for and
disclosure of litigation, claims, and assessments, determine if
adjustments are necessary, and consider whether modification of the
auditor's report is appropriate (see FAM section 580).
[End of section]
1002 B - EXAMPLE LEGAL LETTER REQUEST:
[Audited Entity Letterhead]
Date: [date]
To: General Counsel:
From: Chief Financial Officer [signed]
Subject: [Auditor's] Audits of the Fiscal Years 20X1 and 20X0
Financial Statements:
Pursuant to 31 U.S.C.3515, [Auditor name] is performing audits of the
financial statements of [entity] as of and for the fiscal years ended
September 30, 20X1, and 20X0. In performing audits of government
entities, auditors comply with Government Auditing Standards, issued by
the Comptroller General of the United States (the "yellow book"). For
financial statement audits, Government Auditing Standards incorporate
the fieldwork and reporting standards of the American Institute of
Certified Public Accountants (AICPA) and the Statements on Auditing
Standards that interpret them. Consistent with the procedures contained
in AU 337 of the AICPA's Codification of Statements on Auditing
Standards, [Auditor] has inquired about litigation, claims, and
assessments to obtain evidence as to the financial accounting and
reporting of such matters with respect to the financial statements. The
purpose of this letter is to request your assistance in responding to
that inquiry. The American Bar Association Statement of Policy
Regarding Lawyers' Responses to Auditors' Request for Information
(December 1975) provides relevant guidance for the lawyer 's response
to the Auditor's request.
In accordance with Statement of Federal Financial Accounting Standards
(SFFAS) Number 5, Accounting for Liabilities of the Federal Government,
as amended by SFFAS Number 12, and Interpretation Number 2 of SFFAS
Numbers 4 and 5, [entity] reports certain information in its financial
statements and notes concerning contingent liabilities for litigation,
claims, and assessments. We request that you provide [Auditor] (with a
copy to me) with information on matters with respect to which you have
been engaged and to which you have devoted substantive attention on
behalf of the [entity] in the form of legal consultation or
representation. You should furnish an interim response by [agreed-upon
date], including matters that existed as of September 30, 20X1, and
from that date through at least [interim date]. You should furnish an
updated response by [agreed-upon date], that is effective no earlier
than [agreed-upon date], that includes any changes from the interim
response or furnish a statement that there are no changes.
Include any cases with respect to which you have been engaged and to
which you have devoted substantive attention on behalf of the [entity]
in the form of legal consultation or representation, even those cases
for which you believe the Judgment Fund or some financing source other
than [entity]'s budgetary resources will pay any potential loss. Under
generally accepted accounting principles, these amounts should be
included as liabilities or disclosure items in the [entity]'s financial
statements. Cases similar in nature should be aggregated where
appropriate. It would be helpful if you could list the matters in order
of the amount of potential loss, starting with the largest.
Pending or Threatened Litigation (excluding unasserted claims):
We and [Auditor] have determined that any matters for which the amount
of potential loss exceeds $XX, individually or in the aggregate, could
be material to the financial statements. Please provide to [Auditor]
the information described below about pending or threatened litigation
where the amount of potential loss exceeds $XX:
1. The nature of the matter. Include a description of the case or cases
and amount claimed, if specified.
2. The progress of the case to date.
3. The government's response or planned response (for example, to
contest the case vigorously or to seek an out-of-court settlement).
4. An evaluation of the likelihood of unfavorable outcome. Please
categorize likelihood as probable (an unfavorable outcome is likely to
occur), reasonably possible (the chance of an unfavorable outcome is
less than probable but more than remote), or remote (the chance of an
unfavorable outcome is slight).
5. An estimate of the amount or range of potential loss, if one can be
made, for losses considered to be probable or reasonably possible.
6. The name of the [entity]'s legal counsel handling the case and
names of any outside legal counsel/other lawyers representing or
advising the government in the matter (Department of Justice or
outside law firms).
Unasserted Claims and Assessments:
[If legal counsel is a part of management use this paragraph. ] Please
provide the following information for all unasserted claims and
assessments that you consider to be probable of assertion and which, if
asserted, would have at least a reasonable possibility (more that
remote) of an unfavorable outcome in an amount over $XX, individually
or in the aggregate, involving matters to which you have devoted
substantive attention.
[If the legal letter request will be sent to a legal counsel that is
not part of management, such as an outside legal counsel, use this
paragraph. ] We have provided an attachment to this request that lists
the unasserted claims and assessments that we believe are probable of
assertion and which, if asserted, would have at least a reasonable
possibility (more than remote) of an unfavorable outcome in an amount
over $XX, individually or in the aggregate, involving matters to which
you have devoted substantive attention. Please provide the following
information for each matter and for any additional matters that you
believe meet these criteria.
1. A description of the nature of the matter.
2. The government's planned response if the claim is asserted.
3. An evaluation of the likelihooD of an unfavorable outcome.
(Categorize likelihood as probable (likely to occur) or reasonably
possible (less than probable but more than remote).):
4. An estimate of the amount or range of potential loss, if one can be
made.
Please specifically confirm to [Auditor] that our understanding of the
following is correct: Whenever, in the course of performing legal
services for us, with respect to a matter recognized to involve an
unasserted possible claim or assessment that may call for financial
statement disclosure, if you have formed a professional conclusion that
we should disclose or consider disclosure concerning such possible
claim or assessment, as a matter of professional responsibility to us,
you will (1) advise us of your conclusion and (2) consult with us
concerning the question of such disclosure and the applicable
requirements of SFFAS No. 5, as amended.
Please separately identify any cases with respect to which you have
been engaged and to which you have devoted substantive attention on
behalf of the [entity] in the form of legal consultation or
representation for which you believe another government entity will be
responsible for any potential liability.
Please specifically identify the nature of and reasons for any
limitations on your response to this request.
Please address your reply to [Auditor], and contact him/her at (phone
number), when your reply is available for pick up, and send a copy of
your reply to me. Do not hesitate to contact me or [Auditor] if you
have any questions about this request.
[End of section]
1002 C - EXAMPLE LEGAL REPRESENTATION LETTER:
[General Counsel Letterhead]
[Date]
[Auditor]
[Title]
[Agency or Firm Name]
[City]
Subject: Legal Response in Connection with the Fiscal Years 20X1 and
20X0 Financial Statement Audits of [entity name]
Dear [Auditor]:
As General Counsel of [entity], I am writing in response to the legal
letter request from the [entity]'s Chief Financial Officer (CFO) dated
[date], in connection with the audit of [entity]'s financial statements
as of and for the fiscal years ended September 30, 20X1 and 20X0. [In
an interim response, add "I will, as further requested by the CFO,
provide an updated response by [date]. "]
I call your attention to the fact that as General Counsel for [entity],
I have general supervision of [entity]'s legal affairs. [If the general
legal supervisory responsibilities of the person signing the letter are
limited, set forth a clear description of those legal matters over
which such person exercises general supervision, indicating exceptions
to such supervision and situations where primary reliance should be
placed on other sources. ] In such capacity, I have reviewed litigation
and claims threatened or asserted involving [entity] and have consulted
with outside legal counsel about them when I have deemed appropriate.
Subject to the foregoing and to the last paragraph of this letter, I
advise you that since [insert date of beginning of fiscal year period
under audit] neither I, nor any of the lawyers over whom I exercise
general legal supervision, have given substantive attention to, or
represented [entity] in connection with loss contingencies [over the
amount of (state materiality level agreed to with auditor and stated in
request letter)] coming within the scope of clause (a) of Paragraph 5
of the Statement of Policy referred to in the last paragraph of this
letter, except as follows:
[Describe litigation and claims that fit the foregoing criteria as
follows (it is recommended that general counsels use the attached
Department of Justice forms (one for pending or threatened litigation,
another for unasserted claims) to describe the cases):][Footnote 6]
Pending or Threatened Litigation (excluding unasserted claims):
1. Nature of the matter (include a description of the case or cases and
amount claimed, if specified).
2. Progress of the case to date.
3. Current or intended response.
4. Evaluation of the likelihood of an unfavorable outcome (categorize
likelihood as probable, reasonably possible, or remote).
5. Estimated amount or range of potential loss, if determinable, for
losses considered to be probable or reasonably possible.
6. Name of [entity]'s legal counsel handling the case and names of any
outside legal counsel representing or advising the government in the
matter.
With respect to matters that have been specifically identified as
contemplated by clauses (b) or (c) of paragraph 5 of the ABA Statement
of Policy, I advise you, subject to the last paragraph of this letter,
as follows:
Unasserted Claims and Assessments (considered to be probable of
assertion and which, if asserted, would have at least a reasonable
possibility of an unfavorable outcome):
1. Nature of the matter.
2. Intended response if claim would be asserted.
3. Evaluation of the likelihood of an unfavorable outcome. (Categorize
likelihood as probable or reasonably possible.):
4. Estimated amount or range of potential loss, if determinable.
The information set forth herein is [(as of the date of this letter) or
(as of (insert date), the date on which we commenced our internal
review procedures for purposes of preparing this response)], except as
otherwise noted. [If an interim response, add "Upon submission of the
updated response, which is due on [date],"] I disclaim any undertaking
to advise you of changes that, thereafter, may be brought to my
attention or the attention of our lawyers over whom I exercise general
legal supervision.
This response is limited by, and in accordance with, the ABA Statement
of Policy Regarding Lawyers' Responses to Auditors' Requests for
Information (December 1975); without limiting the generality of the
foregoing, the limitations set forth in such statement on the scope and
use of this response (Paragraphs 2 and 7) are specifically incorporated
herein by reference, and any description herein of any "loss
contingencies" is qualified in its entirety by Paragraph 5 of the
statement and the accompanying commentary (which is an integral part of
the statement). Consistent with the last sentence of Paragraph 6 of the
ABA Statement of Policy, this will confirm as correct [entity]'s
understanding that whenever, in the course of performing legal services
for [entity] with respect to a matter recognized to involve an
unasserted possible claim or assessment that may call for financial
statement disclosure, I have formed a professional conclusion that the
entity must disclose or consider disclosure concerning such possible
claim or assessment, I, as a matter of professional responsibility to
[entity], will so advise [entity] and will consult with [entity]
concerning the question of such disclosure and the applicable
requirements of Statement of Federal Financial Accounting Standards
(SFFAS) Number 5, Accounting for Liabilities of the Federal Government,
as amended by SFFAS Number 12, and Interpretation Number 2 of SFFAS
Numbers 4 and 5. [Describe any other or additional limitation as
indicated by Paragraph 4 of the statement. ]
Sincerely yours,
[Name of General Counsel]
[Title]
cc: Chief Financial Officer:
SUGGESTED DEPARTMENT OF JUSTICE FORM: PENDING OR THREATENED
LITIGATION.
AGENCY/COMPONENT:
Amount of potential loss exceeds the agency/component materiality
threshold of:
1. Case name. (Include case citation, case number, and other names by
which the case or group of cases is commonly known.):
2. Nature of matter. (Include a description of the case or cases and
amount claimed, if specified.):
3. Progress of the case:
4. The government's response or planned response. (For example, to
contest the case vigorously or to seek an out-of-court settlement.):
5. An evaluation of the likelihood of unfavorable outcome. (Choose
one.):
PROBABLE - An unfavorable outcome is likely to occur:
REASONABLY POSSIBLE - the chance of an unfavorable outcome is less
than probable but more than remote:
REMOTE - the chance of an unfavorable outcome is slight:
6. An estimate of the amount or range of potential loss (if one can be
made, for losses considered to be probable or reasonably possible):
7. The name and phone number of the government attorney handling the
case (and names and phone numbers of any outside legal counsel/other
lawyers representing or advising the government in the matter.):
8. The sequence number (based on the total number of pending or
threatened cases in litigation, claims, and assessments the agency/
component is submitting. e.g., Number of ) (#) (total):
SUGGESTED DEPARTMENT OF JUSTICE FORM:
UNASSERTED CLAIMS AND ASSESSMENTS:
[See PDF for image]
[End of figure]
[End of section]
1002 D - Example Management Summary Schedule:
[See PDF for image]
[End of figure]
[End of section]
1003 - FINANCIAL STATEMENT AUDIT COMPLETION CHECKLIST:
Entity:
Job Code:
Principal Report:
Other Reports (including management letters and testimonies):
INSTRUCTIONS:
.01:
This checklist is a tool to help auditors of financial statements
comply with generally accepted government auditing standards (GAGAS)
and with OMB audit guidance. This checklist should be completed before
the report is issued and should be prepared by the audit manager and
reviewed by the assistant director and audit director. If the audit is
conducted at multiple sites, the site supervisor may complete parts of
the checklist for each site (with the audit manager completing an
overall checklist). While parts of the checklist are useful in audit
planning, no specific signatures are required on the checklist in the
planning phase.
.02:
The detailed questions in this checklist are to be answered "N/A" (not
applicable), "Yes," or "No. " Check N/A when the item does not exist or
when the item exists but is judged to be not material. It is not
necessary to create additional documentation to support the Yes
answers, but a column is provided to give a workpaper reference ("W/
P"). All No answers should be discussed at the end of this checklist.
Because the checklist is designed for the wide range of financial
statement audits, there will be many "not applicable" answers. If the
reason why a question is not applicable is not obvious, the auditor
should document the reason on the checklist or in an attachment. The
questions are summarized; for most questions, there is a reference to
professional literature that provides more detail.
.03:
Section V has questions on GAO's report considerations; section VI has
questions on GAO's quality control. GAO auditors should complete these
sections. IG auditors and other auditors may use these sections or may
substitute forms that consider their reporting style and quality
controls.
.04:
As noted in FAM 650, auditors whose work GAO and the IGs use may
complete this checklist and the "Checklist for Reports Prepared under
the CFO Act. " Where this has been done, GAO or IG auditors should
review the checklists prepared by the other auditors.
.05:
The FAM includes a separate "Checklist for Reports Prepared under the
CFO Act" (section 1004) that covers accounting, financial reporting,
and disclosure issues and should be completed for all entities
reporting under generally accepted accounting principles promulgated by
FASAB. When the report covers financial statements prepared using
generally accepted accounting principles promulgated by FASB, the
auditor should prepare the appropriate AICPA disclosure checklist.
.06:
GAO auditors should prepare the "GAO workpaper set" that provides
guidance on workpapers. IG and other auditors may develop similar
tools.
.07:
For GAO's financial audits, a second partner review should be performed
and the Chief Accountant should read the report. These reviews by the
second partner and/or Chief Accountant are documented on the last two
pages of this checklist. IG auditors and other auditors should consider
the need for similar reviews.
CONTENTS:
Section:
I. Planning and Concluding the Audit:
II. Key Audit Areas:
III. Consultation:
IV. Report:
V. GAO's Report Considerations:
VI. GAO's Quality Control:
VII. Explanation of "No" Answers and Other Comments:
VIII. Conclusions:
IX. Second Partner's concurrence:
X. Chief Accountant's concurrence:
References:
AICPA Professional Standards (vol.1): AU:
GAO/PCIE Financial Audit Manual: FAM:
Government Auditing Standards, as amended: GAGAS:
section I: Planning and Concluding the Audit:
1. Do the workpapers document that the audit team has established an
understanding with the client as to the objectives of the work,
management's responsibilities, auditors' responsibilities, and
limitations of the work? (FAM 280);
2. Were entrance conferences held?
3. Does the entity profile (or equivalent) document an understanding
of the entity sufficient to plan the audit? (FAM 290.03);
4. Do the workpapers contain an adequate general risk analysis or the
equivalent? (FAM 290.04);
5. Did the audit team adequately perform and document the following
planning steps? (FAM 290.04);
a. Perform preliminary analytical procedures (FAM 225);
b. Determine planning, design, and test materiality (FAM 230);
c. Identify significant laws and regulations (FAM 245);
d. Identify relevant budget restrictions (FAM 250);
e. Understand the budget formulation process (FAM 260.51);
f. Assess inherent risk and the overall
effectiveness of the control environment, risk assessment,
communication, and monitoring, including whether weaknesses in the
control environment, risk assessment, communication, and monitoring
preclude the effectiveness of specific control activities (FAM 260);
g. Assess the risk of fraud (FAM 260);
h. Design the audit to achieve
an acceptable level of audit assurance that the financial statements
are not materially misstated (GAO uses 95 percent) (FAM 260.04);
i. Consider the effects of information technology, including service
centers (FAM 220, 260.17, 260.41-42, and 270);
j. Assess the FMFIA process (FAM 260.43);
k. Consider operations controls to be tested (FAM 275);
l. Understand performance measures controls (FAM 275);
m. Plan other procedures (representation letters, related party
transactions, sensitive payments) (FAM 280);
n. Consider locations to be visited (FAM 285);
o. Plan procedures to test whether the entity's financial management
systems substantially comply with the requirements of FFMIA
(FAM 350.20);
p. Consider staffing requirements;
q. Consider timing of procedures and milestones (FAM 295 D);
r. Consider assistance from entity personnel;
6. Does the general risk analysis or the equivalent reflect
appropriate consideration of findings and recommendations from previous
audits that could affect the current audit objectives? (GAGAS, par.
4.10);
7. Did the audit team identify budget controls for each relevant
budget restriction and perform sufficient work to support the
conclusions on internal control? (FAM 250, 310.05, 330.09);
8. Did the audit team identify compliance controls and perform
sufficient work to support the conclusions on internal control? (FAM
245, 310.05, 330.09);
9. If the audit team used the work of others (CPA firms, IGs, internal
auditors, or specialists), did the audit team meet the requirements of
FAM 650?
10. Did the audit team perform overall analytical procedures,
including documentation of the following?;
a. Expectations;
b. Data/sources;
c. Parameters;
d. Explanations/corroboration;
e. Conclusions (FAM 590.04);
11. Do the workpapers indicate that the audit team properly performed
the following procedures in the reporting phase of the audit? (FAM
590.01);
a. Evaluate misstatements (FAM 540);
b. Bring all misstatements to the attention of entity management (FAM
540.07);
c. Obtain attorneys' representations (FAM 550.02);
d. Review subsequent events (FAM 550.04 and 1005);
e. Obtain management representations (FAM 550.08 and 1001);
f. Identify and test related party transactions (FAM 550.12 and 1006);
g. Review the consistency of other information accompanying the
financial statements (FAM 580.76);
12. Does the audit summary memorandum or equivalent properly summarize
or refer to workpapers addressing the following? (FAM 590.02-.03);
a. Changes from original risk assessments;
b. Additional fraud risk factors or other conditions identified during
the audit calling for an additional response and the additional
response;
c. The basis for conclusions on significant auditing, accounting, and
reporting issues;
d. Conclusions on adequacy of procedures;
e. Unadjusted misstatements;
f. Conclusions on financial statements;
g. Conclusions on internal control;
h. Conclusions on whether the entity's financial
management systems meet the requirements of FFMIA;
i. Conclusions on
compliance with laws and regulations;
j. Conclusions on the
consistency of accompanying information with the principal statements;
13. Do the workpapers document that the following occurred?;
a. Deviations from the "should" procedures in the FAM and the basis
therefor were approved by the assistant director with copies of the
documentation sent to the audit director and the Reviewer;
b. Deviations from the "must" procedures in the FAM were approved by
the Reviewer (FAM 100.27);
Section II: Key Audit Areas:
Answer these questions for each key audit area or cycle. Indicate the
key audit areas and cycles these questions apply to:
1. Did the audit
team prepare the following documentation summarizing considerations in
planning and performing the work in the key audit areas and cycles?;
a. Cycle Matrix or an equivalent (or documentation in Account Risk
Analysis or an equivalent) showing links between accounts, cycles,
applications and line items (FAM 290.05);
b. Account Risk Analysis or an equivalent (FAM 290.06);
c. Cycle Memorandum and/or flowchart or equivalents (FAM 390.04-.05);
d. Specific Control Evaluation or an equivalent (FAM 390.06);
e. Written audit program (AU 311.05);
2. If conditions changed during the course of the audit, was the audit
program modified as appropriate in the circumstances? (AU 311.05);
3. When the audit team performed sampling, did it properly determine
and document the following?;
a. The method used in relation to test objectives;
b. Sample size and the method of determining it;
c. Tests performed;
d. Results (misstatements and deviations found);
e. Evaluation (including projection to the population);
f. Conclusion (FAM 490.06);
4. When the audit team performed substantive analytical procedures,
did it properly document the following?;
a. Expectations and the method used to develop them;
b. Data sources/reliability;
c. Limit/criteria;
d. Client explanations and corroborating evidence;
e. Additional steps needed;
f. Conclusions (FAM 490.06);
5. When the audit team performed interim testing, did it do the
following?;
a. Test the rollforward period;
b. Properly document:
i. The basis for using interim testing;
ii. The procedures performed;
iii. The effects of any misstatements found (FAM 495C.06);
6. Did the audit team evaluate the reasonableness of significant
accounting estimates made by management? (AU 342);
7. Were known and likely misstatements identified in the testing of
the key area carried forward to the summary of possible adjustments?
(FAM 540.04)
8. Did an information systems auditor review the specific control
evaluation to evaluate the audit team's decision on which controls are
computer-related (including controls relating to service-center-
produced records)? (FAM 350.09);
9. Based on the inherent and control risk, did the audit team perform
adequate substantive tests of the following? (If not a key area, check
the N/A box.);
Fund Balance with Treasury (FBWT);
Consider these issues:
* Did the audit team test the agency's year-end reconciliation
of Fund Balances with Treasury to Treasury account ledgers and trial
balance reports (Financial Management Service (FMS) Forms 6653, 6655)?;
* Did the audit team determine whether the auditee did the following?;
a. Researched and resolved differences before making adjustments;
b. Recorded any necessary adjustments in the agency's FBWT accounts;
c. Reported the adjustments to Treasury;
d. Disclosed in the notes to the financial statements material
unreconciled differences and budget clearing account differences at
year-end, and material unreconciled differences written off by the
agency during the year?;
* Fund Balance with Treasury (continued); Did the audit team assess
(at absolute value) the materiality of unreconciled differences, such
as those reported on the Statement of Differences (FMS form 6652) and
those included in budget clearing accounts (such as budget accounts
F3875, F3878, F3879)? (GAO/AIMD-97-104R);
Receivables; Consider these issues:
* Where practical, were
accounts receivable confirmed and appropriate follow-up steps taken,
including second requests and alternate procedures? (AU 330.30-.31);
* If substantive test were performed prior to year-end, was there an
adequate review of transactions from the interim date to the balance
sheet date? (AU 313.08-.09);
* If a significant number and amount of
accounts receivable were not confirmed, were other appropriate auditing
procedures performed? (AU 330.31-.32)
Inventories; Consider these issues:
* Were physical inventories
observed at all locations where material amounts were located? (AU
331);
* If perpetual inventory records are maintained, do the
workpapers indicate that differences disclosed by the physical
inventory (or cycle counts) are properly reflected in the financial
statements? (AU 331);
* When the physical inventory is taken at a date
other than the balance sheet date (or where rotating procedures are
used), did the auditor consider inventory transactions between the
inventory date(s) and the balance sheet date? (AU 313.08-09);
* Do the
workpapers contain evidence that counts were correctly made and
recorded (was control over inventory tags or count sheets maintained)
and test count quantities were reconciled with the counts reflected in
the final inventory? (AU 331.09);
* Were there adequate tests of the
following?;
a. Clerical accuracy of the inventory;
b. Costing methods and substantiation of costs used in pricing all
elements of the inventory;
c. Cutoff;
* Were analytical procedures used to test the overall valuation of
inventories?
Investments; Consider these issues:
* Was a summary schedule
prepared (or obtained) and details tested with respect to the
description, purchase price and date, changes during the period,
income, market value, etc. of investments?;
* Were securities either examined or confirmed? (AU 332.04)
Property, Plant, and Equipment; Consider these issues:
* Was a summary schedule prepared (or obtained) to show beginning
balances, changes during the period and ending balances for the
following?;
a. Property, plant, and equipment;
b. Accumulated depreciation;
* If samples were used to determine opening balances, were the
samples appropriate?;
* Did the audit team perform tests of completeness, such
as by testing from disbursements to property records?;
* Do the tests appear adequate and were proper conclusions drawn?;
Liabilities; Consider these issues:
* Did the audit team perform an adequate search for unrecorded
liabilities?;
*Did the audit team
consider expenses that might require accrual (e.g., pensions,
compensated absences, other postretirement benefits, or postemployment
benefits provided to former or inactive employees prior to retirement),
and whether accrued expenses were reasonably stated?;
Revenue and Expenses; Consider these issues:
* Did the audit team
compare revenue and expenses for the period to expectations, based on
the budget and the results of the preceding period? (AU 329);
* Were significant variances and fluctuations from expectations
explained? (AU 329);
* Did the audit team consider the following?;
a. The entity's revenue recognition policy;
b. Unusual transactions;
* Do tests appear adequate and were proper conclusions drawn?;
Statement of Budgetary Resources; Consider these issues:
* Were appropriate procedures applied, such as the following?;
a. Understanding and testing the budget execution controls;
b. Tests of the process of preparing the statement;
c. Tests of undelivered orders;
d. Review of reconciliation to the President's Budget
Section III: Consultation:
1. Where warranted by the complexity or unusual nature of an issue
(for example, issues where the FAM requires consultation, issues not
discussed in FAM or professional standards, going concern, economic
dependency, issues arising after report issuance), was there
appropriate consultation with specialists, including the following?;
* The Reviewer (FAM Appendix A);
* The Statistician (FAM Appendix A);
* The Office of General Counsel (FAM Appendix A);
* The Technical Accounting and Auditing Expert? (FAM 100.25);
2. Were significant consultations appropriately documented? (FAM
100.24);
3. Were the persons consulted made aware of all relevant facts and
circumstances?;
Section IV: Report:
1. Does the auditor's report include the following?;
a. Introduction;
b. Significant matters (if applicable);
c. Conclusions on:
i. Financial statements;
ii. Internal control;
iii. Whether the entity's financial management systems substantially
complied with the requirements of the Federal Financial Management
Improvement Act of 1996 (FFMIA);
iv. Compliance with laws and regulations;
v. Consistency of other information with financial statements;
d. Objectives, scope, and methodology, including description of all
instances where GAGAS and OMB audit guidance were not followed;
e. Agency comments (FAM 580.04, 580. 81);
2. Is the auditor's report appropriate as to the following?;
a. Wording;
b. Scope of work;
c. Generally accepted accounting principles;
d. Explanatory paragraphs;
e. Opinion on financial statements;
f. Conclusions on internal control;
g. Conclusions on whether the entity's financial management systems
substantially comply with the requirements of FFMIA;
h. Reporting on compliance with laws and regulations (FAM 580);
3. Is background material (purpose, authority, and functions of
programs/activities) limited to what is necessary?;
4. Is the auditor's report dated in conformity with professional
standards? (AU 530) (FAM 1601);
5. Does the auditor's report cover all periods for which financial
statements are presented? (AU 508. 65);
6. If the financial statements of a prior period are presented and
have been audited by a predecessor auditor whose report is not
presented, does the auditor's report refer to the predecessor auditor's
report? (AU 508. 74);
7. Does the auditor's report describe the responsibility the auditor
is taking for supplementary information, including stewardship
information? (AU 551; FAM 580.79);
8. a. When illegal acts involve funds received from other governmental
entities, did the audit team satisfy itself that the audited entity
notified the proper officials of those entities within a reasonable
time?;
b. If the entity did not, or was unable to do so because the
top official was involved, did the audit team report these acts to the
officials of those other governmental entities? (GAGAS, par. 5.23);
9. Does the auditor's report include the following?;
a. Identification of which matters are reportable conditions and which
of the reportable conditions are material weaknesses (GAGAS, par.
5.27);
b. Reference to a separate letter, if applicable, describing
nonreportable conditions (GAGAS, par. 5.28);
c. Presentation of fraud, illegal acts, and reportable noncompliance
with laws and regulations (GAGAS, par. 5.18);
10. When appropriate, did the audit team issue a separate report on
fraud, abuse, or illegal acts or indications of such acts? (GAGAS, par
5.21)
11. Did the report disclose the status of all known, but uncorrected,
significant or material findings and recommendations from prior audits
that affect current audit objectives? (GAGAS par. 4.10);
12. Do the workpapers document a reasonable basis for the following?;
a. The opinion about whether the financial statements and disclosures
comply in all material respects with generally accepted accounting
principles (FAM 560);
b. The conclusions on internal control;
c. The conclusions on whether the entity's financial management
systems substantially comply with the requirements of FFMIA;
d. The conclusions about compliance with laws and regulations;
13. Do the workpapers document a reasonable basis for reported
findings, including the following? (FAM 590.05-06);
a. Internal control weaknesses;
b. Instances of the entity's financial management systems lack of
substantial compliance with the requirements of FFMIA;
c. Instances of noncompliance with laws and regulations;
14. Do the findings include (where appropriate) the following?;
a. Condition (describe the existing situation);
b. Criteria (state what we are comparing to);
c. Cause (reflect reason or reasons why the condition and criteria
differ);
d. Effect (describe the result of the difference between the condition
and criteria);
15. Are recommendations and suggestions reasonable, doable, and cost-
effective?
16. Does the presentation of agency comments include the following?;
a. Type of comments obtained (oral, written);
b. Title of the most senior official(s) involved;
c. Accurate characterization of general agreement or disagreement with
the report;
d. Description of the substance of the comments;
e. Resolution of all substantive comments;
Section V: GAO's Report Considerations:
1. Overall, does the report have the following characteristics?;
a.
Professional (the work reflects an understanding of the issues, an
awareness of the external environment, including sensitivity to
relevant trends, and a practical approach to what can be done to deal
with the problems noted);
b. Accurate (presents information or
findings accurately; contains no notable errors in logic or
reasoning);
c. Objective (presentation is fair and impartial; tone is constructive
and objective);
d. Fact-based (states information and findings
completely, includes all necessary facts and/or explanations,
distinguishes between fact and unproven or uncorroborated material,
resolves conflicting evidence);
e. Balanced (presents sound and
logical evidence to support conclusions, does not use adjectives or
adverbs to characterize evidence in a way that implies criticism or
conclusions by innuendo, appropriately recognizes positive aspects of
the programs or issues reviewed);
f. Timely and useful (provides
relevant and timely information);
g. Clear and concise (presentation
is clear, concise, and well organized; message is presented logically;
writing style is adapted to the audience);
Section VI: GAO's Quality Control:
1. Was the report reviewed by the following?;
a. Audit Director;
b. Office of the General Counsel;
c. Chief Accountant;
d. Second Partner;
2. Did the audit director review the following? (FAM 1301.17);
a. General risk analysis or equivalent;
b. Account risk analyses or equivalent for material areas with high
combined risk;
c. Memoranda on key accounting and auditing issues;
d. Summary memoranda for material areas with high or moderate combined
risk;
e. Management representation letter;
f. Legal representation letter;
g. Summary of
unadjusted misstatements;
h. Audit summary memorandum;
i. Exit conference memorandum;
j. Financial statements;
k. GAO workpaper set (FAM 1301.17);
3. Did the assistant director review the following? (FAM 1301.17);
a. Entity profile or equivalent;
b. General risk analysis or equivalent;
c. Account risk analyses or equivalent;
d. Initial audit programs;
e. Lead schedules;
f. Completed audit programs;
g. Memoranda on key accounting and auditing issues;
h. Summary memoranda;
i. Checklist for reports prepared under the CFO Act (for statements
using GAAP promulgated by FASAB);
j. Financial reporting and
disclosure checklist (for statements using GAAP promulgated by FASB);
k. Management representation letter;
l. Legal representation letter;
m. Summary of unadjusted misstatements;
n. Exit conference memorandum;
o. Audit summary memorandum;
p. Financial statements;
q. GAO workpaper set (FAM 1301.17);
4. Did the assistant director or audit manager determine that all
significant review notes were resolved appropriately? (FAM 1301.24);
5. Did an assistant director initial all workpaper bundle covers to
indicate that all workpapers were sufficiently reviewed? (FAM 1301.05);
6. Were review notes, superseded versions of workpapers, and draft
reports (except the referenced draft and the draft sent to the agency
for comment), including review notes and superseded versions in
electronic form, placed in a separate folder to be retained until the
report is issued (unless the audit director decides to retain them
until the next audit)? (FAM 1301.24);
7. Were review responsibilities communicated to all individuals on the
assignment? (FAM 1301.19);
8. Were workpapers prepared by an information systems auditor reviewed
by an information systems auditor for technical content and by a member
of the audit team to determine that related audit objectives were
achieved? (FAM 1301.20);
9. For areas that are both material and have high combined risk, did
the audit director or assistant director perform secondary reviews of
the workpapers? (FAM 1301.12);
10. Were all workpapers prepared by the audit director or assistant
directors read by audit managers or auditors in charge to determine
their consistency with any related workpapers? (FAM 1301.15);
11. If the workpapers indicated a difference of opinion between
engagement personnel or between engagement personnel and a specialist
or other person consulted, was the difference resolved appropriately
and was the basis of the resolution documented? (FAM 1302);
Section VII: Explanation of "NO" Answers and Other Comments:
The following pages are provided for comments on all "no" answers or to
expand upon any of the "yes" answers.
[See PDF for image]
[End of figure]
Section VIII: Conclusions: Based on your review and knowledge, do you
believe the following?; Yes; No*.
1. The audit team performed the engagement, in all material respects,
in accordance with generally accepted government auditing standards
(which include generally accepted auditing standards) and applicable
OMB guidance or the auditor's report was appropriately modified;
2. The financial statements conformed, in all material respects, with
generally accepted accounting principles or the auditor's report was
appropriately modified
3. The auditor's report was appropriate in the circumstances;
4. The documentation on this engagement supports: The auditor's
opinion on the financial statements; The auditor's conclusions on
internal control; The auditor's conclusions on whether the entity's
financial; management systems substantially comply with the
requirements of FFMIA; The auditor's conclusions on compliance with
laws; and regulations;
5. The audit team complied, in all material respects, with the audit
organization's policies and procedures
* If any of the above 5 statements have "no" responses, please describe
the response in a memorandum to the Reviewer.
Date of completion of fieldwork:
Audit Manager Date:
Assistant Director Date:
Audit Director Date:
Section IX: Second Partner's Concurrence:
Objective of second partner review: To objectively review
significant auditing, accounting, and reporting matters and to
conclude, based on all facts the second partner has knowledge of, that,
except as discussed in the report, no matters were found that caused
the second partner to believe that (1) the audit was not performed in
accordance with GAGAS and OMB audit guidance (if applicable), (2) the
financial statements are not, in all material respects, in accordance
with generally accepted accounting principles, and (3) the report does
not meet professional standards and GAO's policies and core values.
Procedures: Before the report was issued, I performed the following
procedures. Discussed significant auditing, accounting, and
reporting issues with the Audit Director, Discussed the audit team's
identification of high-risk balances and transactions and the audit of
those balances and transactions, Reviewed documentation on the
resolution of significant auditing, accounting, and reporting issues,
including documentation of consultation with specialists such as the
Chief Accountant, Statistician and IS professionals, Reviewed the
summary of unadjusted misstatements, Read the financial statements and
audit report, Confirmed with the Audit Director that there are no
unresolved issues.
Conclusion: Based on all the relevant facts of
which I have knowledge, I found no matters, except as discussed in the
report, that cause me to believe that (1) the audit was not performed
in accordance with GAGAS and OMB audit guidance (if applicable),
(2) the financial statements are not, in all material respects, in
accordance with generally accepted accounting principles, and (3) the
report is not in accordance with professional standards and GAO's
policies and core values.
Section X: Chief Accountant's Concurrence.
When the Chief Accountant is not the second partner, the Chief
Accountant should read the report. The Chief Accountant should then
sign the conclusion below. Conclusion: Based on my reading of the
report, I found no matters, except as discussed in the report, that
cause me to believe that (1) the audit was not performed in accordance
with GAGAS and OMB audit guidance (if applicable), (2) the financial
statements are not, in all material respects, in accordance with
generally accepted accounting principles, and (3) the report is not in
accordance with professional standards and GAO policies and core
values.
[End of section]
Reporting:
1004 - Financial Reporting: Checklist for Reports Prepared Under the
CFO Act:
Contents:
Abbreviations:
Sections:
I: Overview:
II: General Items:
III: Balance Sheet:
IV: Statement of Net Cost:
V: Statement of Changes in Net Position:
VI: Statement of Budgetary Resources:
VII: Statement of Financing:
VIII: Statement of Custodial Activity:
IX: Notes to Financial Statements (Significant Accounting Policies):
X: Supplementary Information:
Abbreviations:
AcSEC: Accounting Standards Executive Committee:
AICPA: American Institute of Certified Public Accountants:
CFO Act: Chief Financial Officers Act of 1990:
COTS: commercial-off-the-shelf software:
CSRS: Civil Service Retirement System:
FASAB: Federal Accounting Standards Advisory Board:
FASB: Financial Accounting Standards Board:
FERS: Federal Employees Retirement System:
FFMIA: Federal Financial Management Act:
FIFO: first-in, first-out:
FY: fiscal year:
GAAP: generally accepted accounting principles:
GDP: gross domestic product:
GPRA: Government Performance and Results Act of 1993:
HI: Hospital Insurance (Medicare Part A):
IMF: International Monetary Fund:
Imple. Guide: Implementation Guide:
IRS: Internal Revenue Service:
LIFO: last-in, first-out:
MD&A: Management Discussion and Analysis:
MRS: Military Retirement System:
NRV: net realizable value:
OASDI: Old Age, Survivors, and Disability Insurance (Social Security):
OMB: Office of Management and Budget:
OMB Bull.: OMB Bulletin:
OPEB: Other Postemployment Benefits:
ORB: Other Retirement Benefits:
PP&E: property, plant, and equipment:
RRB: Railroad Retirement Benefits:
RSSI: Required Supplementary Stewardship Information:
SFAS: Statement of Financial Accounting Standards:
SFFAC: Statements of Federal Financial Accounting Concepts:
SFFAS: Statements of Federal Financial Accounting Standards:
SGL: U.S. Government Standard General Ledger:
SMI: Supplementary Hospital Insurance (Medicare Part B):
SOP: Statement of Position:
UI: unemployment insurance:
UTF: Unemployment Trust Fund:
Section I Overview:
Introduction:
The Chief Financial Officers Act of 1990 and the Government Management
and Reform Act of 1994 require, among other mandates, that agencies'
chief financial officers submit annual reports to their agency heads
and to the Office of Management and Budget (OMB). These annual reports
should contain audited financial statements of their agencies. The
financial statements are to be presented in accordance with the Federal
Accounting Standards Advisory Board's (FASAB) approved statements and
OMB Bulletin 97-01, Form and Content of Financial Statements, as
revised.
The checklist has been issued to assist agencies in preparing these
statements and auditors in auditing them. Use of this checklist is not
a requirement. Rather, it is intended to help provide for a systematic,
organized, and structured approach to preparing or reviewing agency
financial statements. Furthermore, it must be noted that, while the
questions contained in the checklist are taken from authoritative
sources, the checklist itself is not authoritative, nor is it a
comprehensive guide. Preparers and auditors should also consult
financial management regulations for the individual agencies, as the
regulations may have specific guidance when the standards allow
alternatives or management flexibility.
Checklist Organization:
The checklist has 10 sections: an overview section; a section related
to general items in the financial statements; a section for each of the
six financial statements; and two additional sections. The six sections
reflecting the financial statements are organized by the line items in
financial statements to allow the user to proceed through each
statement from the beginning to the end. The final two sections cover
disclosures in the footnotes related to significant accounting policies
and required supplementary information.
Since the financial statements are interrelated, some questions
concerning line items in one financial statement may also pertain to
line items in another statement. For example, the questions covering
loans receivable in the balance sheet section may also include
questions on the related interest income and subsidy expense appearing
in the statements of financing and net cost. The questions on related
line items appearing in more than one statement are covered only in the
first statement in which the line item appears. In the preceding
example, questions concerning interest income and subsidy expense would
appear only in the balance sheet. Further, questions related to
footnote disclosure would also appear only under the line item of the
initial financial statement and would not be duplicated in the related
financial statement except for the section on notes to the financial
statements about significant accounting policies.
Except for sections I, II, VI, and IX, the first page of each section
contains a list showing the number of questions in the section. This
checklist has 715 questions as follows.
General Items Related to the Financial Statements:
Balance Sheet:
Statement of Net Cost:
Statement of Changes in Net Position:
Statement of Budgetary Resources:
Statement of Financing:
Statement of Custodial Activity:
Notes to Financial Statements (Significant Accounting Policies):
Supplementary Information:
Authoritative Guidance:
Each question in this guide is referenced to a source. The sources
cited are (1) the Statements of Federal Financial Accounting Standards
(SFFAS) and (2) OMB Bulletin 97-01, Form and Content of Financial
Statements (including the 1998 and 2000 revisions).
FASAB-recommended statements approved by the principals include
Statements of Federal Financial Accounting Concepts (SFFAC) and
Statements of Federal Financial Accounting Standards (SFFAS). The three
approved accounting concept statements are #1 Objectives of Federal
Financial Reporting, 1993, #2 Entity and Display, 1995, and #3
Management's Discussion and Analysis - Concepts, 1999. The nineteen
SFFAS standards are:
1. Accounting for Selected Assets and Liabilities, 1993.
2. Accounting for Direct Loans and Loan Guarantees, 1993.
3. Accounting for Inventory and Related Property, 1994.
4. Managerial Cost Accounting Concepts and Standards, 1995.
5. Accounting for Liabilities of the Federal Government, 1997.
6. Accounting for Property, Plant, and Equipment, 1995.
7. Accounting for Revenue and Other Financing Sources, 1996.
8. Supplementary Stewardship Reporting, 1996.
9. Deferral of the Effective Date of Managerial Cost Accounting
Standards for the Federal Government in SFFAS No.4, 1998.
10. Accounting for Internal Use Software, 1998.
11. Amendments to Accounting for Property, Plant, and Equipment -
Definitional Changes, 1998 - Amending SFFAS No. 6 and SFFAS No 8:
Accounting for Property Plant and Equipment and Supplementary
Stewardship Reporting.
12. Recognition of Contingent Liabilities Arising from Litigation: An
Amendment of SFFAS No. 5, 1998 - Accounting for Liabilities of the
Federal Government.
Deferral of Paragraph 65.2 - Material Revenue-Related Transactions
Disclosures, 1998 - Amending SFFAS No. 7, Accounting for Revenue and
Other Financing Sources.
14. Amendments to Deferred Maintenance Reporting, 1999 - Amending SFFAS
No. 6, Accounting for Property, Plant, and Equipment and SFFAS No. 8,
Supplementary Stewardship Reporting.
Management's Discussion and Analysis, 1999.
16. Amendments to Accounting for Property, Plant, and Equipment -
Measurement and Reporting for Multi-Use Heritage Assets, 1999 -
Amending SFFAS No. 6 and SFFAS No. 8, Accounting for Property, Plant,
and Equipment and Supplementary Stewardship Reporting.
17. Accounting for Social Insurance, 1999.
Amendments to Accounting Standards For Direct Loans and Loans
Guarantees, 2000.
Technical Amendments to Accounting Standards for Direct Loans and Loan
Guarantees In Statement of Federal Financial Accounting Standards No. 2,
2001.
OMB Bulletin 97-01 as amended (Jan. 7, 2000) as well as the attachment
to OMB Memo M-00-05, OMB Bulletin 97-01 Technical Amendments as amended
January 7, 2000, provide the detailed requirements for the form and
content of financial statements.
How to Use This Guide:
To the right of each question are two columns. The first column
provides for a "yes," "no," or "NA" answer to each question. The third
column provides for an explanation for the answer checked in one of the
first three columns. A "yes" answer should indicate that the financial
statements contain the information asked by the question. For each
"yes" answer, the explanation column should include the page number or
location in the financial statements where the information can be
found. Also, other materials, such as accounting records, studies or
working papers, or other documents, should be referenced or listed in
the column where appropriate.
A "no" answer indicates that the information asked in the question is
not included in the financial statements. The fourth column should
provide an explanation. Examples of explanations for a "no" answer
might include: (1) the federal entity is working to have the
information available for the statements in subsequent years, (2)
management believes that the information does not enhance the
usefulness of the statements, (3) the cost of compiling the information
exceeds the benefit of providing it, and (4) the items are not
material. However, it must be noted that explanations 1 - 3 do not
necessarily imply that the information is not needed for fair
presentation and compliance with the Federal Financial Management
Improvement Act (FFMIA) of 1996; only explanation 4 implies this. Also,
support, such as a cost-benefit analysis, should be referenced or
listed in the column, where appropriate.
An "N/A" answer might indicate that the question does not apply to the
federal entity. For example, most federal agencies do not administer
loan, loan guarantee, or loan insurance programs and, therefore, do not
have credit program receivables and related property. Consequently, the
questions on these receivables, property, and subsidies would not
apply. A simple explanation indicating that the reporting entity does
not administer loan programs would appear in the explanation column of
the first question in the series.
Section II: General Items Related to the Financial Statements:
There are 28 questions in this section. All the questions relate to the
overall financial statements and are not further divided into
categories.
General Items (1 - 28):
1.
Does the entity's annual financial statement consist of the following
items?;
a. management's discussion and analysis (MD&A) of the reporting
entity;
b. financial statements and related notes;
c. required supplementary stewardship information;
d. required supplementary information;
e. other
accompanying information that in management's judgment provides users
with relevant information (OMB Bull. 97-01 as amended (Jan. 7, 2000),
pp. 4 & 5).
2. Do the principal statements and notes include the following six
statements?;
a. Balance Sheet;
b. Statement of Net Cost;
c. Statement of Changes in Net Position;
d. Statement of Budgetary Resources;
e. Statement of Financing;
f. Statement of Custodial Activity (OMB Bull. 97-01 as amended
(Jan. 7, 2000), p. 5).
3.
Does the entity use the following hierarchy as its sources of guidance
in preparing its financial statements?;
a. Statements and interpretations
of the Federal Financial Accounting Standards Advisory Board (FASAB) as
well as applicable AICPA and FASB pronouncements;
b. FASAB technical
bulletins and, if specifically made applicable to federal government
entities by FASAB, AICPA Industry Audit and Accounting Guides and AICPA
Statements of Position;
c. AICPA AcSEC Practice Bulletins if specifically
made applicable to federal government entities and cleared by FASAB, as
well as Technical Releases of the Accounting and Auditing Policy
Committee of FASAB;
d. accounting principles published by other authoritative standard-
setting bodies;
i. in the absence of other guidance in the first three parts of this
hierarchy, and;
ii. if the use of such
accounting principles improves the meaningfulness of the financial
statements; (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 7;
Statement on Auditing Standards (SAS) No. 91 - Federal Generally
Accepted Accounting Principles (GAAP) Hierarchy.
4.
Do the descriptions and displays meet the authoritative standard that
governs the nature and purpose of the statements, the recognition and
measurement of items in the statements, and the required disclosures?
(OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 10, item 2);
5.
When presenting dollar amounts in the statements and the notes, does
the entity do the following?;
a. round dollar amounts to the nearest whole
dollar, thousand, or million based on informative value to the
reporting entity;
b. maintain the chosen rounding level throughout the
financial statements and footnotes;
c. adjust the individual line items
for differences created by rounding so that totals equal the sum of the
addends in a column (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 10,
item 5).
6. Does the entity present comparative financial statements with full
footnote disclosure? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 10,
item 3).
7. Are immaterial but related line items combined? (OMB Bull. 97-01 as
amended (Jan. 7, 2000), p. 10, item 6).
8.
Are the statement line items, footnotes, and lines or columns that are
not informative for the reporting entity excluded? (OMB Bull. 97-01 as
amended (Jan. 7, 2000), p. 10, item 7).
9.
Are material balances excluded from the "other" category and separately
reported and designated by name? (OMB Bull. 97-01 as amended (Jan. 7,
2000), p. 10, item 8).
10.
Are footnotes sequentially numbered? (OMB Bull. 97-01 as amended (Jan.
7, 2000), p. 10, item 10).
11.
Do total amounts presented in the footnotes tie to the amounts
presented in the body of the financial statements? (OMB Bull. 97-01, p.
10, item 10).
Financial statements may be aggregated or disaggregated in different
ways depending upon the nature of the statements. (OMB Bull. 97-01 as
amended (Jan. 7, 2000), p. 11, item 11).
12. When agencies present disaggregated information for component
organizations, does the total column for the entity as a whole reflect
consolidated totals net of intra-entity transactions? (OMB Bull. 97-01
as amended (Jan. 7, 2000), p. 11, item 11).
When a reporting entity presents its financial statements in a single
column format, the statements are referred to as consolidating
statements. Financial statements that use a multicolumn format to
present information on an entity's major components or lines of
business as well as the consolidated amounts are referred to as
consolidating statements. (OMB Bull. 97-01 as amended (Jan. 7, 2000),
p. 11, item 11).
13.
Are intra-entity transactions needed to arrive at the consolidated
amounts presented in a column on the face of the consolidating
statements? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 11, item
11).
14.
Does the reporting entity include franchise funds and other
intragovernmental support revolving funds among the activities covered
by its financial statements? (OMB Bull. 97-01 as amended (Jan. 7,
2000), p. 11, item 11).
15.
If information about the assets, liabilities, costs, and revenues of
these franchise funds and intragovernmental support revolving funds is
not separately disclosed in the entity's financial statements, is this
information reported as required supplementary information? (OMB Bull.
97-01 as amended (Jan. 7, 2000), p. 11, item 11).
The Department of the Treasury will issue separate guidance providing
a crosswalk from the accounts or the Standard General Ledger (SGL) to
required financial statements (OMB Bulletin 97-01 as amended (Jan. 7,
2000), p. 11, item 13).
16.
If the entity it not yet using the accounts and data elements of the
SGL, are the ledger accounts and data elements used crosswalked to
those of the SGL? (OMB Bulletin 97-01 as amended (Jan. 7, 2000), p. 11,
item 13).
17.
Does the MD&A provide a clear and concise description of the reporting
entity and its mission, activities, program and financial results, and
financial condition? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p.
12).
18.
Does the MD&A, at a minimum, contain sections that address the
following items concerning the entity?;
a. mission and organizational structure;
b. performance goals, objectives, and results;
c. financial statements;
d. systems controls and legal compliance;
e. forward-looking
information, either as a separate section of MD&A or incorporated with
the sections listed above;
f. important problems that need to be addressed
and action taken or planned, either as a separate section of the MD&A
or incorporated with the sections listed above (SFFAS 15, par. 2 - 4;
OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 12).
19. Does the entity's mission statement have the following attributes?;
a.
a clear articulation of what the entity's major programs and activities
are intended to accomplish;
b. consistency with the entity's strategic
plan? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 12);
20.
Are the entity's programs and financial results expressed in terms of
objective and relevant measures that disclose the extent to which its
programs are achieving their intended objectives? (OMB Bull. 97-01 as
amended (Jan. 7, 2000), p. 12).
21.
Has the entity attempted to develop and report objective measures that
provide information about the cost effectiveness of programs? (OMB
Bull. 97-01 as amended (Jan. 7, 2000), p. 13).
22.
Are the reported measures of program and financial performance
consistent with the agency's strategic plan? (OMB Bull. 97-01, p. 12);
23. Do the entity's performance measures meet the following criteria?;
a. clearly set forth;
b. objective and quantifiable;
c. meaningful and relevant;
d. related to measures developed in the entity's strategic planning
processes;
e. capable of presenting the outputs and outcomes of the
programs, not just inputs or processes (OMB Bull. 97-01 as amended
(Jan. 7, 2000), p. 13).
24.
Does the entity's presentation of its performance measures include the
following?;
a. both positive and negative results;
b. presentation of future
and historical trends, if possible;
c. use of charts and graphs, whenever
possible, for easy identification of trends;
d. explanation of the significance of trends;
e. comparisons of actual results to goals or benchmarks;
f. variations from goals and trends;
g. other explanatory
information that helps readers understand the significance of the
measures, results, and any variations from goals or plans (OMB Bull.
97-01 as amended (Jan. 7, 2000), p. 13).
25.
Does the entity explain what needs to be done and what is planned to
improve financial or program performance? (OMB Bull. 97-01 as amended
(Jan. 7, 2000), p. 14).
26.
Do the performance measures presented in the MD&A include the following
criteria?;
a. related to program purposes and goals;
b. consistent with
measures previously included in budget documents and other materials
related to implementation of the Government Performance and Results Act
(GPRA);
c. linked to the programs presented in the Statement of Net Cost;
d.
limited to the entity's most significant program and financial measures
(OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 14).
27.
Are the less significant program and financial measures presented as
"other accompanying information?" (OMB Bull. 97-01 as amended (Jan. 7,
2000), p. 14).
28.
Does the entity note the following in the section on limitations of the
"Financial Statements?";
a. the financial statements have been prepared to
report the financial position and results of operations of the entity,
pursuant to the requirements of 31 U.S.C.3515(b);
b. while the statements
have been prepared from the books and records of the entity in
accordance with the formats prescribed by OMB, the statements are in
addition to the financial reports used to monitor and control budgetary
resources that are prepared from the same books and records;
c. the
statements should be read with the realization that they are for a
component of the U.S. government (OMB Bull. 97-01 as amended (Jan. 7,
2000), p. 14).
Section III: Balance Sheet:
The questions related to the balance sheet are contained under 23 line
items. The question numbers related to each line item follow.
Question numbers:
General items: 1 - 4:
Assets:
1. Fund Balance with Treasury: 5 - 17:
2. Investments: 18 - 26:
3. Accounts Receivable (Net): 27 - 47:
4. Interest Receivable (Net): 48 - 51:
5. Credit Program Receivables: 52 - 92:
6. Cash and Other Monetary Assets: 93 - 95:
7. Inventory and Related Property: 96 - 112:
8. Operating Materials and Supplies: 113 - 120:
9. Stockpile Materials: 121 - 131:
10. Seized Property: 132 - 141:
11. Forfeited Property: 142 - 149:
12. Goods Held Under Price Support and Stabilization Programs:
150 - 163:
13. General Property, Plant, and Equipment (Net): 164 - 195:
14. Software: 196 - 226:
15. Other Assets: 227 - 238:
Liabilities:
16. Liabilities in General: 239 - 240:
17. Interest Payable: 241 - 248:
18. Liabilities for Loan Guarantees: 249 - 262:
19. Lease Liabilities: 263 - 266:
20. Federal Debt and Related Interest: 267 - 278:
21. Pensions, Other Retirement Benefits, and Postemployment Benefits:
279 - 287:
22. Other Liabilities: 288 - 318:
Net Position:
23. Unexpended Appropriations and Cumulative Results of Operations:
319 - 322:
General Items (1 - 4): Explanation.
The Balance Sheet presents, as of a specific time, amounts of future
economic benefits (assets) owned or managed by the reporting entity
exclusive of items subject to stewardship reporting, amounts owed by
the entity (liabilities), and amounts that comprise the difference (net
position). (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 17).
1.
Does the Balance Sheet display assets, liabilities, and net position?
(OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 15 & 16);
Entity assets are assets that the reporting entity has authority to use
in its operations. Nonentity assets are assets that are held by an
entity but are not available to the entity as, for example, income tax
receivables. (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 17).
2.
Are entity assets separately reported from nonentity assets? (OMB Bull.
97-10 as amended (Jan. 7, 2000), pp. 15 & 17).
Intragovernmental assets are claims of a federal entity against other
federal entities; conversely, intragovernmental liabilities are claims
against the entity by other federal entities. (OMB Bull. 97-01 as
amended (Jan. 7, 2000), pp. 17 & 22).
3.
Are intragovernmental assets and liabilities reported separately from
governmental assets and liabilities that arise from transactions of the
federal government or a federal government entity with nonfederal
entities, the federal reserve, and government-sponsored enterprises?
(OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 15, 17, & 22);
.
Liabilities covered by budgetary resources are liabilities covered by
realized budgetary resources as of the balance sheet date. Budgetary
resources include: (1) new budget authority, (2) spending authority
from offsetting collections credited to an appropriation or fund
account, (3) recoveries of unexpired budget authority through downward
adjustment or prior year obligations (4) unobligated balances of
budgetary resources of the beginning of the year or net transfers or
prior-year balances during the year, and (5) permanent indefinite
appropriations or borrowing authority, which have been enacted and
signed into law as of the balance sheet date and may be apportioned by
OMB without further congressional action or a contingency having to be
met. (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 22).
4.
Are liabilities covered by budgetary resources separately reported from
liabilities not covered by budgetary resources? (OMB Bull. 97-01 as
amended (Jan. 7, 2000), p. 22).
Assets; Fund Balance with Treasury (5 - 17):
A federal entity's fund balance with the Treasury is the aggregate
amount of funds in the entity's accounts with Treasury for which the
entity is authorized to make expenditures and pay liabilities. From the
reporting entity's perspective, a fund balance with Treasury is an
asset. From the perspective of the federal government as a whole, the
fund balance is neither an asset nor a liability. It instead represents
a commitment to make resources available to federal or other entities.
(SFFAS 1, par. 31).
5. Is the fund balance with Treasury reported as an intragovernmental
asset? (SFFAS 1, par. 31; OMB Bull. 97-01 as amended (Jan. 7, 2000), p.
15).
6. Are amounts disclosed as fund balances in deposit, suspense, and
clearing accounts that are not available to finance entity activities
reported as nonentity assets? (OMB Bull. 97-01 as amended (Jan. 7,
2000), p. 18).
7. Is foreign currency translated into U.S. dollars at exchange rates
determined by the Treasury at the financial reporting date? (SFFAS 1,
par. 32; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 18);
8. Does the entity's fund balance with Treasury also include the
following?;
a. clearing account balances;
b. balances for direct loan and loan guarantee activities;
c. funds actually borrowed from Treasury under statutory authority;
d. the dollar equivalent of foreign currency account balances (SFFAS
1, par. 32 & 35).
9.
Does the entity's fund balance with Treasury exclude contract authority
or unused authority to borrow? (SFFAS 1, par. 34).
10.
Does the entity record an increase in its fund balance with Treasury
when it does at least one of the following?;
a. receives appropriations,
reappropriations, continuing resolutions, appropriation restorations,
and allocations;
b. receives transfers and reimbursements from other agencies;
c. borrows from the Treasury, Treasury, Federal Financing Bank,
or other entity;
d. collects and credits amounts to its appropriations or
fund accounts that the entity is authorized to spend or use to offset
its expenditures (SFFAS 1, par. 33).
11.
Does the entity record a decrease in its fund balance with Treasury
when at least one of the following occurs?;
a. Treasury makes disbursements to pay liabilities or to purchase
assets, goods, and services;
b. Treasury makes investments in U.S. securities.
c. Treasury's expired appropriations are cancelled.
d. Treasury makes transfers and
reimbursements to other entities or the Treasury.
e. Treasury's
appropriations are rescinded or sequestered. (SFFAS 1, par. 36);
12.
Are any restrictions related to future uses of fund balances disclosed?
(SFFAS 1, par. 38; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 44,
item B).
13.
Are discrepancies between fund balances in Treasury's records and
general ledger accounts explained and corrected, if necessary? (SFFAS
1, par. 39; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 44, item B);
14.
Are amounts held for special purposes (such as collections pending
litigation outcome or held as an agent for others) disclosed as "other
fund types?" (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 44, item
A).
15. Are fund balances representing amounts (1) obligated but not yet
disbursed and (2) unobligated: disclosed separately? (SFFAS 1, par. 37
& 38).
16.
Are fund balances disclosed by fund type? (OMB Bull. 97-01 as amended
(Jan. 7, 2000), p. 43 & 44, item A).
17.
Are unexpended appropriations recognized as capital and included under
funds with Treasury when they are made available for apportionment?
(SFFAS 7, par. 71).
Assets; Investments (18 - 26):
Investments in federal securities include (a) nonmarketable par value
Treasury securities, (b) market-based Treasury securities, (c)
marketable Treasury securities, and (d) securities issued by other
federal entities. Nonfederal securities include those issued by state
and local governments, private corporations, and government-sponsored
enterprises. (SFFAS 1, par. 62; OMB Bull. 97-01 as amended (Jan. 7,
2000), p. 18).
18. Are investments in federal securities reported separately from
investments in nonfederal securities? (SFFAS 1, par. 67; OMB Bull. 97-
01 as amended (Jan. 7, 2000), p. 18).
19.
Are investments initially recorded and reported at their acquisition or
amortized costs? (SFFAS 1, par. 68 & 69; OMB Bull. 97-01 as amended
(Jan. 7, 2000), p. 18 & pp. 46 & 47, note 4).
20.
Are investments acquired in exchange for nonmonetary assets recognized
at the fair value of either (whichever is more determinable) the
securities acquired or the assets given up? (SFFAS 1, par. 68);
21.
Subsequent to acquisition, are investments reported at their carrying
amount adjusted for amortized premium or discount? (SFFAS 1, par. 70 -
71; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 18 & pp. 46 & 47,
note 4).
22.
Is the interest method (i.e., effective interest rate multiplied by the
carrying amount) used in amortizing the premium or discount over the
life of the security? (SFFAS 1, par. 71).
23. Is the market value of market-based and marketable securities
disclosed? (SFFAS 1, par. 72; OMB Bull. 97-01 as amended (Jan. 7,
2000), pp. 46 & 47, note 4).
24. Are investments grouped by type of security, such as marketable or
market-based Treasury securities? (SFFAS 1, par. 72).
25.
Are investment securities, which initially were expected to be held to
maturity, reported at market value in the balance sheet if they are for
sale and have experienced more than a temporary reduction in value?
(SFFAS 1, par. 72 & 73; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp.
46 & 47, note 4).
26. Does the entity disclose any other information relative to
understanding the nature of reported investments, such as permanent
impairments? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 47);
Assets; Accounts Receivable (Net) (27 - 47):
Entity receivables are amounts due from other federal or nonfederal
entities. Nonentity receivables are amounts that the entity is to
collect on behalf of the federal government or other entities. Not
included in this category are receivables related to direct or
guaranteed loans, which are reported separately. (SFFAS 1, par. 43; OMB
Bull. 97-01 as amended (Jan. 7, 2000), p. 47, note 5).
27.
Is a receivable recognized when a federal entity establishes a claim
based on legal provisions or when goods or services are provided?
(SFFAS 1, par. 41).
28. If the exact amount of a receivable is unknown, is a reasonable
estimate made? (SFFAS 1, par. 41).
29. Are entity and nonentity accounts receivable reported separately?
(SFFAS 1, par. 43; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 15 &
p. 47, note 5).
30.
If cash has not been received at the time revenue is recognized, is a
receivable recorded and allowance for bad debts, if needed,
established? (SFFAS 7, par. 39 & 129 - 131).
31. Is an account receivable arising from a nonexchange transaction
recognized when a collecting entity establishes a specifically
identifiable, measurable, and legally enforceable claim to cash or
other assets? (SFFAS 7, par. 53, 61 & 62 & footnote 9; SFFAS 1, par.
41).
32. Is a receivable associated with nonexchange revenue for taxes and
duties recognized upon completion of the entity's established
assessment process? (SFFAS 7, par. 53).
33.
Is an interentity receivable recognized when (1) a legally enforceable
claim exists between a collecting entity and a recipient entity for the
transfer or repayment of taxes or duties and (2) payment of such a
claim is probable and measurable (SFFAS 7, par. 60).
34.
Are assessments recognized as accounts receivable if an enforceable
claim for taxes and duties exists in the following instances?;
a. tax returns filed by the taxpayer;
b. customs documents filed by the importer;
c.
taxpayer agreements to assessments at the conclusion of an audit or as
a substitute for a tax return (or importer agreements to supplemental
assessments);
d. court actions determining an assessment;
e. taxpayer (or importer) agreements to pay an assessment on an
installment plan;
f.
receivables determined to be currently not collectable but with future
collection potential (SFFAS 7, par. 53, 54, 170, & 171);
Compliance assessments are proposed assessments by the collecting
entity in definitive amounts, but with which the taxpayer (or importer)
still has the right to disagree or object. (SFFAS 7, par. 55.1);
Preassessment works-in-process are assessments not yet officially
asserted by the collecting entity that are subject to a taxpayer's
right to conference in response to initial information notices. (SFFAS
7, par. 55.2).
35.
Do nonexchange-related accounts receivable for taxes and duties exclude
the following?;
a. amounts received or due with tax returns received after
the close of the reporting period;
b. compliance assessments;
c. preassessment work-in-process amounts (SFFAS 7, par. 54);
36.
Are compliance assessments reclassified and recognized as an account
receivable in the following instances?;
a. the taxpayer files an amended tax return;
b. a protest or retention period lapses;
c. a court action settles the matter in the government's favor;
d. the taxpayer (or importer) agrees to pay or;
e. a compromise payment plan is accepted (SFFAS 7, par. 55.1 & 178 -
180).
37.
Is an allowance for uncollectible amounts based on an analysis of both
individual accounts receivable and groups of accounts receivable as
prescribed by SFFAS No.1? (SFFAS 1, par. 44 - 51; SFFAS 7, par. 56);
38.
Is this allowance for estimated uncollectable accounts receivables
periodically adjusted to reflect the latest information? (SFFAS 1, par.
45).
39.
Are amounts for preassessment work in progress excluded from accounts
receivable? (SFFAS 7, par. 55. B).
40.
Are intragovernmental accounts receivable reported separately from
receivables from nonfederal entities? (SFFAS 1, par. 42; OMB Bull. 97-
01 as amended (Jan. 7, 2000), p. 15).
41.
Are losses due to uncollectable amounts measured through a systematic
methodology, which is based on an analysis of both individual accounts
and a group of accounts as a whole? (SFFAS 7, par. 46);
42.
Are accounts that represent significant amounts individually analyzed
to determine the loss allowance? (SFFAS 1, par. 47).
43.
Is the loss estimation for individual accounts based on the following?;
a. the debtor's ability to pay;
b. the debtor's payment record and willingness to pay;
c. the probable recovery of amounts from secondary
sources including liens, garnishments, cross collections, and other
applicable collection tools (SFFAS 1, par. 47).
44.
If information is not available or if the nature of the receivables
does not lend itself to individual account analysis, are the potential
losses assessed on a group basis? (SFFAS 1, par. 48).
45.
If potential losses are assessed on a group basis, are the receivables
separated into groups of homogeneous accounts with similar risk
characteristics? (SFFAS 1, par. 49 - 51).
46. Does the reporting entity disclose the following?;
a. the major categories of account receivables by amount and type;
b. the methodology used to estimate the allowance for uncollectible
amounts;
c. the dollar
amount of the allowance for uncollectable accounts (SFFAS 1, par. 52;
OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 18 & p. 47, note 5);
47.
Are losses on receivables recognized when it is more likely than not
that the receivables will not be totally collected (i.e., there is a
greater than 50 percent chance of loss)? (SFFAS 1, par. 44);
Assets; Interest Receivable (Net) (48 - 51):
48.
Is interest earned but not received recognized as interest receivable
and reported as interest receivable? (SFFAS 1, par. 53; OMB Bull. 97-01
as amended (Jan. 7, 2000), p. 18).
49.
Does interest receivable exclude interest on accounts receivable and
investments determined to be uncollectible? (SFFAS 1, par. 54; OMB
Bull. 97-01 as amended (Jan. 7, 2000), p. 18).
50.
Is interest accrued on uncollectible amounts receivable disclosed
until: (1) the interest payment requirement has been officially waived
or (2) the related debt has been written off? (SFFAS 1, par. 55);
51.
Is interest receivable from federal entities reported separately from
interest receivable from nonfederal entities? (SFFAS 1, par. 56);
Assets; Credit Program Receivables (52 - 92):
The Federal Credit Reform Act of 1990 divides loans and loan guarantees
into two groups: pre-1992 and post-1991. Pre-1992 refers to direct loan
obligations or loan guarantee commitments made prior to fiscal year
1992;
post-1991 refers to direct loan obligations or loan guarantee
commitments made after fiscal year 1991. (OMB Bull. 97-01 as amended
(Jan. 7, 2000), p. 55).
52.
Is interest receivable related to pre-1992 and post-1991 direct loans
and are acquired defaulted guaranteed loans reported as a component of
credit program receivables and related foreclosed property? (OMB Bull.
97-01 as amended (Jan. 7, 2000), p 18).
53.
Are loan amounts broken out by group (pre-1992 and post-1991) and loan
program and disclosed in a note to the financial statements? (OMB Bull.
97-01 as amended (Jan. 7, 2000), pp. 49 & 50).
54.
Are credit program receivables considered an entity asset if at least
one of the following criteria is met?;
a. The entity has the authority
to either determine the use of the funds collected.
b. The entity is
legally obligated to use the funds to meet entity obligations (e.g.,
loans to Treasury). (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 19);
55.
If a loan guarantee program is generating a negative subsidy and the
lender had not disbursed the loan as of the balance sheet date, does
the entity record and include this amount as part of the total
undelivered orders? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 19 &
p. 71, note 15).
56.
Are special receipt accounts for negative subsidies and downward
subsidy reestimates included in the credit reporting entity's financial
statements? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 19);
57.
Are any assets in these special receipt accounts shown as nonentity
assets offset by intragovernmental liabilities covered by budgetary
resources? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 19);
58. Do the notes disclose other relevant and appropriate information
related to direct loans and loan guarantees including the following?
a. commitments to guarantee;
b. management's method for accruing interest
revenue and recording interest receivable;
c. management's policy for
accruing interest on nonperforming loans (OMB Bull. 97-01 as amended
(Jan. 7, 2000), p. 58, item K).
For post-1991 loans and guarantees, a subsidy expense is recognized in
the year it is disbursed. For pre-1992 loans and guarantees, a loss and
liability need not be recognized until it is more likely than not that
a loan (either direct or guaranteed) will go into default. (SFFAS 2,
par. 24 & 39).
59.
Are post-1991 direct loans recognized as assets at the present value
(discounted at a comparable Treasury rate) of their estimated net cash
inflows? (SFFAS 2, par. 22 & app. B, part I A).
60.
Is the difference between the outstanding principal of post-1991 direct
loans and the present value of their net cash flows recognized as a
subsidy cost allowance? (SFFAS 2, par. 22 & app. B, part I A);
61.
Are the components of the present value of post-1991 direct loans
receivable (i.e., principal, interest, estimated net value of
foreclosed property, and allowance for subsidy costs) disclosed? (OMB
Bull. 97-01 as amended (Jan. 7, 2000), pp. 50 & 56, item C);
62.
When post-1991 guaranteed loans go into default, is the value of the
assets related to defaulted guaranteed loans receivable included in the
reported credit program receivables? (OMB Bull. 97-01 as amended (Jan.
7, 2000), pp. 51 & 57, item E).
63.
When post-1991 loans are written off, is the unpaid principal removed
from unpaid loans receivable and charged against the allowance for
subsidy costs? (SFFAS 2, par. 61).
64.
Are the following components of the assets that are related to post-
1991 direct and defaulted guaranteed loans receivable disclosed by loan
program?;
a. loans receivable, gross;
b. interest receivable;
c. estimated net realizable value of foreclosed property;
d. allowance for subsidy costs (present value);
e. the total value of related assets (i.e., the
sum of a - c less d) (OMB Bull. 97-01 as amended (Jan. 7, 2000), items
C & E, pp. 50, 51, 56 item C, & 57 item E).
65. Are losses of pre-1992 direct loans obligated recognized (and a
corresponding allowance amount set up) when it is more likely than not
that the direct loans will not be totally collected? (SFFAS 2, par. 39
& app. B, part II A).
66.
Are allowances for uncollectible pre-1992 loans reestimated each year?
(SFFAS 2, par. 39).
67.
Are the following components of assets related to pre-1992 direct loans
receivable disclosed by loan program?;
a. loans receivable, gross;
b. interest receivable;
c. foreclosed property;
d. present value allowance (if the present value method is used);
e. allowance for loan losses (if the
allowance method is used) (SFFAS 2, par. 39; OMB Bull. 97-01 as amended
(Jan. 7, 2000), pp. 49 & 56 item B).
68.
Are the following components of defaulted guaranteed loans from pre-
1992 guarantees disclosed by loan program?;
a. defaulted guaranteed loans receivable, gross;
b. interest receivable;
c. the estimated net value of related foreclosed property;
d. the present value allowance (if the present value method is used);
e. the allowance for loan losses (if the allowance for loss method is
used);
f. defaulted guaranteed loans
receivable, net (i.e., depending on the method used: the sum of a, b, &
c less d or a, b, & c less e) (OMB Bull. 97-01 as amended (Jan. 7,
2000), items D1 & D2, pp. 50, 56, & 57).
A loan modification is a federal government action that directly or
indirectly alters the estimated subsidy cost and the present value of
outstanding loans or the liability of loan guarantees. A direct
modification changes the subsidy cost by altering the terms of existing
contracts or through the sale of direct loans. An indirect modification
changes the subsidy costs by altering the way loans and loan guarantees
are administered. A modification does not include subsidy cost
reestimates, routine administrative workouts of troubled loans, and
other actions permitted within existing contract terms. (SFFAS 2, par.
41-44).
69.
When post-1991 loans are modified, is their existing book value changed
to an amount equal to the present value (discounted at the Treasury
rate in effect when the loans were first disbursed after adjusting for
the interest rate re-estimate) of the loans' net cash inflows that are
projected under the modified terms from the time of the modification to
the loans' maturity? (SFFAS 2, par. 46 & app. B, part I D(4));
70.
When pre-1992 loans are directly modified do they meet the following
conditions?;
a. They are transferred from the liquidating account to a
financing account.
b. Their book value is recorded at their post-
modification value (i.e., the present value of the net cash flows under
post-modification terms discounted at the current Treasury rate).
(SFFAS 2, par. 47 & app. B, part II B(4)).
71.
Are subsequent (direct) modifications of pre-1992 loans treated as a
modification of post-1991 loans? (SFFAS 2, par. 47).
72.
When pre-1992 loans are indirectly modified do they meet the following
conditions?;
a. they are kept in a liquidating account;
b. their bad debt
allowance is reassessed and adjusted to reflect amounts that would not
be collected due to the modification (SFFAS 2, par. 47);
73.
Does the entity disclose the following by program in the notes to the
financial statements?;
a. the nature of the modification of direct loans
or loan guarantees;
b. the discount rate used in calculating the modification expense;
c. the basis for recognizing a gain or loss related
to the modification (SFFAS 2, par. 56 & OMB Bull. 97-01 as amended
(Jan. 7, 2000), pp. 54 & 58 item K).
74.
When post-1991 and pre-1992 loans are sold is the sale treated as a
direct modification? (SFFAS 2, par. 53).
75.
Does the agency disclose the expectation that proceeds from the sale of
its loans will differ from the reported face value of the loans or the
value of their related assets? (OMB Bull. 97-01 as amended (Jan. 7,
2000), p. 55, item A, 5[TH] par.).
Foreclosed property is any asset, which is assumed to be held for sale,
that is received in satisfaction of a loan receivable or as a result of
payment of a claim under a guaranteed or insured loan (excluding
commodities acquired under price support programs). Pre-1992 foreclosed
property refers to property associated with direct loans obligated or
loan guarantees committed before October 1, 1991. Post-1991 foreclosed
property refers to property associated with direct loans obligated or
loan guarantees committed after September 30, 1991 (SFFAS 3, par. 79 &
80).
76.
Is post-1991 foreclosed property valued at the net present value of the
projected future cash flows associated with the property? (SFFAS 3,
par. 81).
77.
Is pre-1992 foreclosed property recorded at cost and adjusted to the
lower of cost or net realizable value? (SFFAS 3, par. 81);
78.
Is any difference between cost and net realizable value carried in a
valuation allowance? (SFFAS 3, par. 81).
79.
In estimating sales proceeds, has the entity considered its historical
experience in selling property as well as the nature of the sale?
(SFFAS 3, par. 82).
80. Were the estimated future cash flows of post-1991 foreclosed property
(i.e., sales proceeds, rent, holding and selling expenses) or acquired
loans discounted at the original (or Treasury) discount rate in effect
at the time the underlying loan or guarantee was granted? (SFFAS 2,
par. 57, 59; SFFAS 3, par. 82 - 83; SFFAS 19, par. 7(e));
81.
Is the net present value of post-1991 foreclosed property adjusted
periodically to recognize both changes in the expected future cash
flows and accrual of interest due to the passage of time? (SFFAS 3,
par. 84).
82.
Are any adjustments in the carrying amounts of post-1991 foreclosed
property included in the presentation of "interest income" and the
reestimate of "subsidy expense?" (SFFAS 3, par. 84).
83. For post-1991 foreclosed property are the following true?;
a. Third party claims are recorded at their net present value at the
time of the foreclosure.
b. Any periodic changes in net present value of the claim
are reflected in "interest income" and "subsidy expense. " (SFFAS 3,
par. 87).
84. Are receipts or disbursements associated with acquiring and holding
post-1991 foreclosed property charged or credited to foreclosed
property? (SFFAS 3, par. 88).
85. When the government acquires foreclosed assets in full or partial
settlement of post-1991 loans, is the present value of the government's
claim against the borrowers reduced by the amount settled as a result
of the foreclosure? (SFFAS 2, par. 60).
86.
If a lender, debtor, or other third party has a legitimate claim to a
post-1991 foreclosed asset, is the net present value of the estimated
claim recognized as a special contra-valuation allowance? (SFFAS 2,
par. 58; SFFAS 3, par. 87).
87.
Is pre-1992 foreclosed property recorded at cost and adjusted, if
necessary, to the lower of cost or net realizable value? (SFFAS 3, par.
81 & 85).
88.
Is the net realizable value based on an estimate of the market value of
the property adjusted for any expected losses consistent with
historical experience, abnormal market conditions, and time limitations
as well as any other costs of the sale? (SFFAS 3, par. 81 & 86);
89. Is the estimate of market value based on one of the following
criteria?;
a. the market value of the property if an active market exists;
b. the market value of similar properties if no active market exists;
c. a reasonable forecast of expected cash flows adjusted for
estimates of all holding costs, including any cost of capital (SFFAS 3,
par. 85).
90.
For pre-1992 foreclosed property, are third-party claims recorded at
the expected amount of cash required to settle the claims? (SFFAS 3,
par. 87).
91.
If foreclosed property is not sold but placed into operation, is the
asset transfer treated in the same manner as a sale to a third party?
(SFFAS 3, par. 90).
92.
When the government acquires foreclosed assets in full or partial
settlement of a direct or guaranteed loan (pre-1992 and post-1991), is
the following information disclosed?;
a. valuation basis for foreclosed property;
b. changes from prior-year's accounting methods, if any;
c. restrictions on the use/disposal of property;
d. balances by categories (i.e., pre-1992 and post-1991 foreclosed
property);
e. number of
properties held and average holding period by type or category and;
f.
number of properties for which foreclosure proceedings are in process
at the end of the period (SFFAS 3, par. 91; OMB Bull. 97-01 as amended
(Jan. 7, 2000), item K, pp. 58 & 59).
Assets; Cash and Other Monetary Assets (93 - 95):
Cash (including imprest funds) consists of: coins, paper currency,
negotiable instruments (such as checks, money orders, and bank drafts),
demand deposits, and foreign currencies stated in U.S. dollars at the
financial statement date exchange rate. (SFFAS 1, par. 27; OMB Bull.
97-01 as amended (Jan. 7, 2000), p. 19);
Other monetary assets
consist of other items such as gold, special drawing rights, and U.S.
reserves in the International Monetary Fund (IMF). (OMB Bull. 97-01 as
amended (Jan. 7, 2000), p. 19 & p. 45, item C).
93.
Are entity cash (amounts held and authorized to be spent by the entity)
and nonentity cash (amounts held on behalf of other entities such as
Treasury) separately reported? (SFFAS 1, par. 28 & 29; OMB Bull. 97-01
as amended (Jan. 7, 2000), p. 19).
94.
Are the components of cash and other monetary assets disclosed and
described in a note to the financial statements? (OMB Bull. 97-01 as
amended (Jan. 7, 2000), p. 19 & pp. 44 & 45, note 3).
95.
If cash is restricted, is the nature and reason disclosed? (SFFAS 1,
par. 30; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 45, note 3, item
E).
Assets; Inventory and Related Property (96 - 112); Yes, No, or; N/
A:
Inventory is tangible personal property that is (a) held for sale, (b)
in process of production for sale, or (c) to be consumed in the
production of goods for sale or in the provision of services for a fee.
Inventory does not include other assets held for sale such as (a)
stockpile materials, (b) seized and forfeited property, (c) foreclosed
property, and (d) goods held under price support and stabilization
programs. (SFFAS 3, par. 17).
96.
Is inventory categorized and either separately reported or disclosed in
the notes as the following?;
a. inventory held for current sale;
b. inventory held in reserve for future sale;
c. excess, obsolete, and unserviceable inventory;
d. inventory held for repair (SFFAS 3, par. 18,
27, 29, & 32; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 59, note
8).
97.
Is inventory valued at historical cost, latest acquisition cost, or net
realizable value? (SFFAS 3, par. 20 & 26).
98.
If inventory is valued at historical cost, does that cost include the
purchase amount and all other costs incurred to bring the inventory
into its current condition and location? (SFFAS 3, par. 21);
99.
Are one of the following historical cost flow assumptions used to value
inventory?;
a. first-in, first out (FIFO);
b. weighted average;
c. moving average;
d. any other valuation method (such as a standard cost system)
whose results reasonably approximate "a" "b" or "c" (SFFAS 3, par. 22);
100.
Are abnormal costs, such as excessive handling or rework costs, charged
to expenses for the period? (SFFAS 3, par. 21).
101.
Is donated inventory valued at its fair value at the time of donation?
(SFFAS 3, par. 21).
102.
Is inventory acquired through exchange of nonmonetary assets (e.g.,
barter) valued at the fair value of the asset received at the time of
the exchange? (SFFAS 3, par. 21).
103.
If the latest acquisition cost method of inventory valuation is used,
is the latest invoice price (actual cost) applied to all like units,
including those acquired through donation and nonmonetary exchange?
(SFFAS 3, par. 23).
104.
Under the latest acquisition cost method, is the inventory revalued
periodically (or at least by the end of the fiscal year)? (SFFAS 3,
par. 23).
105.
If the latest acquisition cost method is used to value inventory, is
the reported cost of goods sold adjusted by the difference between the
beginning and ending unrealized holding gains and losses? (SFFAS 3,
par. 25).
106.
If inventory is valued at net realizable value, does it meet the
following criteria?;
a. There is an inability to determine approximate cost.
b. There is immediate marketability at quoted prices.
c. There
is unit interchangeability (e.g., petroleum reserves). (SFFAS 3, par.
26).
107.
Is excess, obsolete, and unserviceable inventory valued at its expected
net realizable value? (SFFAS 3, par. 30).
108.
When inventory is declared excess, obsolete, or unserviceable is the
difference between the carrying amount and the expected net value
recognized as a loss (or gain) and either separately reported or
disclosed? (SFFAS 3, par. 30).
109.
Are any subsequent adjustments to the inventory's net value or any loss
(or gain) upon disposal recognized as losses (or gains)? (SFFAS 3, par.
30).
110.
When inventory is held for repair is it valued using either of the
following?;
a. the allowance method (i.e., it is valued at the same
value as a serviceable item and a contra-asset repair allowance account
is set up);
b. the direct method (original carrying value of the
inventory less estimated repair costs) (SFFAS 3, par. 32 & 33);
111.
If inventory is transferred to "inventory held for repair," are
estimated prior-period repair costs either credited to the repair
allowance or to the inventory and reported as an adjustment to equity?
(SFFAS 3, par. 34).
112: Does the entity disclose the following about its inventory?;
a. the general composition;
b. the basis for determining inventory values
(including the valuation method and any cost flow assumptions);
c. changes from prior years' accounting methods, if any;
d. balances for the major categories of inventory if not broken out in
the financial statements;
e. restrictions on the sale of inventory;
f. the decision criteria for categorizing inventory;
g. changes in the criteria for
categorizing inventory (SFFAS 3, par. 28, 31, & 35; OMB Bull. 97-01 as
amended (Jan. 7, 2000), p. 59, note 8)
Assets; Operating Materials and Supplies (113 - 120); Yes, No, or;
N/A:
Operating materials and supplies are tangible personal property to be
consumed in normal operations. Excluded are (a) operating materials and
supplies acquired to construct real property and equipment for the
entity's use, (b) stockpile materials, (c) price stabilization goods,
(d) foreclosed property, (e) seized and forfeited property, and (f)
inventory. (SFFAS 3, par. 36).
113.
Are operating materials and supplies categorized and reported or
disclosed as the following?;
a. operating materials and supplies held for use;
b. operating materials and supplies held in reserve for future use;
c. excess, obsolete, or unserviceable operating materials and
supplies (SFFAS 3, par. 36, 37, 45, & 47; OMB Bull. 97-01 as amended
(Jan. 7, 2000), p. 60, note 8)
114.
Are operating materials and supplies recognized and reported as assets
when produced or purchased? (SFFAS 3, par. 38).
115.
Are operating materials and supplies valued at historical cost,
including all appropriate purchase and production costs incurred to
bring the items to their current condition and location? (SFFAS 3, par.
43).
116.
Are donated operating materials and supplies valued at their fair value
at the time of donation? (SFFAS 3, par. 43).
117.
Are operating materials and supplies acquired through exchange of
nonmonetary assets (e.g., barter) valued at the fair value of the asset
received at the time of the exchange? (SFFAS 3, par. 43);
118.
Is one of the following historical cost flow assumptions used to value
ending materials and supplies under the consumption method?;
a. first-in, first out (FIFO);
b. weighted average;
c. moving average or;
d. any other
valuation method (such as a standard cost system) whose results
reasonably approximate "a," "b," or "c" (SFFAS 3, par. 42 & 44);
119.
Does the entity disclose the following information about its operating
materials and supplies?;
a. general composition;
b. balances in each operating material and supply category;
c. change from prior years' accounting methods;
d. basis for valuation (including valuation method
and any cost flow assumptions);
e. restrictions on the use of materials and supplies, if any;
f. decision criteria for identifying each category
to which material and supplies are assigned;
g. changes in the criteria
for identifying the category to which the operating materials and
supplies are assigned (SFFAS 3, par. 46, 49 & 50; OMB Bull. 97-01 as
amended (Jan. 7, 2000), p. 60).
120.
Are excess, obsolete, and unserviceable operating materials valued at
their estimated net realizable value? (SFFAS 3, par. 48);
Assets; Stockpile Materials; (121 - 131):
Stockpile materials are strategic and critical materials held due to
statutory requirements for use in national defense, conservation, or
national emergencies. Not included under this category are (a) items
held for sale or use in normal operations, (b) items held for use in
the event of an agency's operating emergency or contingency, and (c)
price support and stabilization goods. (SFFAS 3, par. 51).
121.
Are stockpile materials recognized and reported as assets when acquired
(i.e., recognized as assets using the consumption method)? (SFFAS 3,
par. 52).
122.
Are stockpile materials valued using an acceptable historical cost flow
method (i.e., FIFO, weighted average, moving average, or other
equivalent method)? (SFFAS 3, par. 53).
123.
Does the cost of stockpile materials include all appropriate costs
incurred in bringing the materials to their current condition and
location? (SFFAS 3, par. 53).
124.
If stockpile materials have either suffered a permanent decline in
value below cost or have become damaged or decayed, has their value
been reduced to net realizable value? (SFFAS 3, par. 54);
.
125.
Is the resultant decline in value recognized as a loss or expense in
the period in which it occurs? (SFFAS 3, par. 54).
126.
When stockpile materials are authorized to be sold, are those materials
disclosed as stockpile materials held for sale? (SFFAS 3, par. 55);
127.
Are the stockpile materials authorized for sale valued using the same
basis used before they were authorized for sale? (SFFAS 3, par. 55);
128.
Is any difference between the carrying amount (i.e., purchase price or
cost) of the stockpile materials held for sale and their estimated
selling price disclosed? (SFFAS 3, par. 55).
129.
If stockpile materials are sold, is the cost removed from stockpile
materials and reported as a cost of goods sold? (SFFAS 3, par. 55);
.
130.
Is any gain (or loss) from the sale of stockpile materials recognized
as a gain (or loss) at that time? (SFFAS 3, par. 55).
131.
Does the entity disclose the following information about its stockpile
materials?;
a. general composition;
b. basis for valuing stockpile materials,
including valuation method and any cost flow assumptions;
c. changes from prior-year's accounting methods, if any;
d. restrictions on the use of the
material;
e. balances in each category of stockpile material (i.e.,
stockpile materials held and held for sale);
f. criteria for grouping stockpile material held for sale;
g. any changes in criteria for
categorizing stockpile materials held for sale (SFFAS 3, par. 56; OMB
Bull. 97-01 as amended (Jan. 7, 2000), p. 60).
Assets; Seized Property (132 - 141):
Seized property includes monetary instruments, real property, and
tangible personal property belonging to others in actual or
constructive possession of a custodial agency. (SFFAS 3, par. 59);
There may be as many as three government entities involved with seized
property: (1) the seizing agency, (2) the custodial agency and (3) a
"central fund" set up for financial record-keeping. (SFFAS 3, par. 57).
132.
If seized monetary assets are reported, is a corresponding liability
also reported? (SFFAS 3, par. 61; and OMB Bull. 97-01 as amended (Jan.
7, 2000), p. 20).
133.
If the central fund is other than the seizing or custodial entity, does
the custodial entity maintain sufficient internal records to carry out
its stewardship responsibility? (SFFAS 3, par. 60).
134.
Does the custodial agency recognize seized monetary instruments as
assets at their market values and set up corresponding liabilities?
(SFFAS 3, par. 61 & 65).
135.
Is the existence of seized property other than monetary instruments
disclosed in a note to the statements and accounted for in the entity's
property management records? (SFFAS 3, par. 62).
136.
Is seized property valued at its market value when seized (or as soon
thereafter as reasonably possible if the market value cannot be readily
determined)? (SFFAS 3, par. 63).
137.
Is the market value of seized property based on the value of the
property assuming an active market exists for the property? (SFFAS 3,
par. 63).
138.
If no active market exists for the property in the general area in
which it was seized, is a value in the principle market nearest the
place of seizure used? (SFFAS 3, par. 63).
139.
Is the valuation of property seized under the Internal Revenue Code
based on the taxpayer's equity (market value less any third-party
liens)? (SFFAS 3, par. 64).
140.
Does the entity disclose and present by type of seized property in its
custody the following?;
a. an explanation of what constitutes a seizure and a general
description of the property;
b. valuation method(s);
c. changes from prior years' accounting methods, if any and;
d. analysis of change
in seized property (including dollar value and number of seized
properties) that are on hand at the beginning of the year, seized
during the year, disposed of during the year, and on hand at the end of
the year (SFFAS 3, par. 66; OMB Bull. 97-01 as amended (Jan. 7, 2000),
p. 61).
141. Does the entity also disclose the method of disposal of seized
property, if material? (SFFAS 3, par. 66; OMB Bull. 97-01 as amended
(Jan. 7, 2000), p. 61).
Assets; Forfeited property(142 - 149):
Forfeited property consists of (a) property acquired through forfeiture
proceedings, (b) property acquired to satisfy a tax liability, and (c)
unclaimed and abandoned merchandise. (SFFAS 3, par. 67 & 68).
142. When a forfeiture judgment is obtained for seized monetary
instruments:
a. Are they reclassified as forfeited monetary instruments
at the current market value?;
b. Is a revenue credit recognized in an
amount equal to the value of the monetary asset?;
c. Is the liability
associated with the seized monetary instrument classification removed?
(SFFAS 3, par. 69).
143. When a forfeiture judgment is obtained for real, tangible, and
intangible property:
a. Is the property recorded as an asset at its fair
value at the time of forfeiture?;
b. Is an allowance account (contra-asset
account) established for liens or claims from third party claimants
against forfeited property?;
c. Is an offsetting deferred revenue credit recognized?;
d. Is revenue recognized upon sale and the merchandise and
deferred revenue (referred to in "a" and "c" above) removed from the
accounts? (SFFAS 3, par. 70, 72, 75, 76, & 77; SFFAS 6, par. 33);
144.
Does the entity disclose the following information about forfeited
property under its control (including forfeited property) which may be
donated or destroyed but not booked as an asset or sold due to legal
restrictions?;
a. composition of the property;
b. valuation method(s);
c. changes from prior year's accounting methods;
d. analysis of the changes
in forfeited property by type and dollar amount that includes:
i. number of forfeitures on hand at the beginning of the year;
ii. additions;
iii. disposals and method of disposition;
iv. end of the year balances;
e. restrictions on use or disposition of the property and, if
available;
f. estimates of the value of property to be distributed to other
federal,
state, and local agencies in future reporting periods? (SFFAS 3, par.
71 & 78; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 61);
145.
If the entity reclassifies forfeited property not held for sale to
property held for donation or use:
a. Is revenue recognized upon approval of distribution or use of
property?;
b. Is the associated deferred revenue reversed on the books? (SFFAS 3,
par. 73 & 74).
146.
Is a distinction maintained in the entity's accounting reports between
revenue arising from the sale of forfeited property and revenue arising
from forfeited property being transferred, donated, or placed into
official use? (SFFAS 3, par. 75).
147. Is property acquired by the government to satisfy a taxpayer's
liability recorded when title to the property passes to the federal
government, and is a credit made to the related account receivable?
(SFFAS 3, par. 76).
148.
Is the property forfeited in satisfaction of a taxpayer's liability
valued at its market value less any third party liens? (SFFAS 3, par.
76).
149.
Upon sale of the forfeited property mentioned in the previous question,
is revenue recognized in the amount of the sale proceeds, and are the
property and third party liens removed from the accounts? (SFFAS 3,
par. 76).
Assets; Goods Held Under Price Support; and Stabilization Programs (150
- 163):
Goods acquired under price support and stabilization programs (i.e.,
commodities) are items of commerce or trade (usually farm commodities)
having an exchange value. Producers of the goods: (1) are either given
nonrecourse loans under which they can, at their option, repay the loan
with interest or surrender their commodity pledged as collateral for
the loan or (2) may enter into purchase agreements that allow the
producer of the option to sell commodities to the government (the
Commodity Credit Corporation) at the price support rate. (SFFAS 3, par.
92, 93, & 94).
150.
Are nonrecourse loans recognized as assets at face value when the loan
principal is disbursed? (SFFAS 3, par. 96).
151. Is interest accrued on nonrecourse loans? (SFFAS 3, par. 96);
152.
Is a valuation allowance set up to recognize losses on nonrecourse
loans when it is "more likely than not" (i.e., more than a 50-percent
chance) that loans will not be totally collected? (SFFAS 3, par. 102);
153.
Is this allowance reestimated on each financial reporting date? (SFFAS
3, par. 102).
154.
When the entity has entered into a purchase agreement and there is an
expected loss:
a. Is a loss (i.e., the difference between the contract
price and the net realizable value of the commodities) recognized if it
is probable that a loss has been incurred and is reasonably
measurable?;
b. Is a corresponding liability recognized? (SFFAS 3, par. 97
& 103).
155. If the contingent loss arising from a purchase agreement is not
recognized because it is less than probable or is not reasonably
measurable, is the contingent loss disclosed if it is at least
"reasonably possible that a loss may occur?" (SFFAS 3, par. 98);
156.
When commodities are acquired to satisfy a nonrecourse loan or purchase
agreement, are they recognized and reported as assets at the lower of
cost or net realizable value? (SFFAS 3, par. 99 & 104);
157.
Does the cost for the commodities acquired through a nonrecourse loan
settlement include the following amounts?;
a. loan principal (excluding interest);
b. processing and packaging costs incurred after acquisition;
c. other costs (e.g., transportation) incurred in taking title to the
commodity (SFFAS 3, par. 105).
158.
Does the cost for commodities acquired though a purchase agreement
include the following amounts?;
a. the unit price agreed upon in the
purchase agreement multiplied by the number of units purchased;
b. other costs incurred in taking title to the commodity (SFFAS 3,
par. 106);
159. Is any adjustment necessary to reduce the carrying amount of the
acquired commodities to the lower of cost or net realizable value
recognized as a loss in the current period and recorded in a commodity
valuation allowance? (SFFAS 3, par. 99 & 107).
160.
Conversely, are recoveries of previously recorded losses in the current
period recognized up to the point of any previously recognized losses
on the commodities, and is the commodity valuation allowance reduced
accordingly? (SFFAS 3, par. 107).
161.
When commodities acquired to satisfy the terms of a nonrecourse loan or
purchase agreement are sold:
a. Are revenues recognized?;
b. Is the carrying
amount of the commodities removed from the asset account and reported
as a cost of goods sold? (SFFAS 3, par. 100).
162.
When commodities are held for purposes other than sale, is the carrying
amount reported as an expense and removed from the commodity asset
account upon transfer? (SFFAS 3, par. 101).
163.
Is the following information related to goods held under price support
and stabilization programs disclosed?;
a. basis for valuing commodities
including valuation method and cost flow assumptions (e.g., FIFO,
weighted average);
b. changes from prior-year's accounting methods;
c. restrictions on the use, disposal, or sale of commodities;
d. analysis of
the changes in dollar amount and volume of commodities, including
those;
i. on hand at the beginning of the year;
ii. acquired during the year;
disposed of during the year by method of disposition;
iii. on hand at the end of the year;
iv. on hand at year's end and estimated to be donated or
transferred during the coming period;
v. received as a result of surrender of collateral related to
nonrecourse loans outstanding;
vi. dollar value
and volume of purchase agreement commitments (SFFAS 3, par. 108 & 109;
OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 62).
Assets; General Property/Plant/Equipment (Net); (164 - 195); Yes, No,
or; N/A:
General property, plant, and equipment (PP&E) are any property, plant,
and equipment used in providing goods or services. (SFFAS 6, par. 23).
164.
Has the entity established, disclosed, and consistently followed
appropriate capitalization thresholds for property, plant, and
equipment (PP&E) suitable to its financial and operational conditions?
(SFFAS 6, par. 13, 148, & 149).
165.
Does the entity follow a policy that ensures that its PP&E consists of
tangible assets that meet the following criteria?;
a. They have estimated useful lives of 2 years or more.
b. They are not intended for sale in the
ordinary course of operations.
c. They are acquired or constructed with
the intention of being used or being available for use by the entity.
(SFFAS 6, par. 17).
166. Does PP&E also consist of the following items?;
a. assets acquired through capital leases;
b. property owned by the reporting entity in the hands of
others (e.g., state and local governments, colleges and universities,
federal contractors);
c. land rights (SFFAS 6, par. 18).
Capital leases are leases that transfer substantially all the benefits
and risks of ownership to the lessee. Operating leases are leases in
which the federal entity does not assume the risks of ownership of
PP&E. Multiyear service contracts and multiyear purchase agreements for
expendable commodities are not capital leases. (SFFAS 6, par. 20,
footnote 22; SFFAS 5, par. 43).
167.
Does the entity classify a lease as a capital lease if at its inception
the lease meets one or more of the following criteria?;
a. The lease
transfers ownership of the property to the lessee by the end of the
lease term.
b. The lease contains an option to purchase the leased
property at a bargain price.
c. The lease term is equal to or greater
than 75 percent of the estimated economic life of the leased property,
and the beginning of the lease term does not fall within the last 25
percent of the total estimated economic life of the property.
d. The
present value of rental and other minimum lease payments, excluding
that portion of the payments representing executory cost, equals or
exceeds 90 percent of the fair value of the leased property, and the
beginning of the lease term does not fall within the last 25 percent of
the total estimated economic life of the property. (SFFAS 6, par. 20;
SFFAS 5 par. 43).
168.
Does the general PP&E asset line item exclude the following items?;
a. items held in anticipation of physical consumption such as operating
materials and supplies;
b. items the federal entity has a reversionary interest in;
c. national defense PP&E;
d. heritage assets (except multiuse heritage assets);
e. stewardship land (i.e., land not included in general
PP&E) (SFFAS 6, par. 19, 21, 57, 58, 150 & 151; SFFAS 11, par. 7; SFFAS
16, par. 6).
169.
In determining the level at which the entity categorizes its PP&E, has
the entity considered the following factors?;
a. the cost of maintaining
different accounting methods for property and the usefulness of the
information;
b. the diversity of the PP&E (e.g., useful lives, value,
alternative uses);
c. the future disposition of the PP&E;
d. the programs being served by the PP&E (SFFAS 6, par. 22).
170.
Does the entity categorize an asset under general PP&E if it has one or
more of the following characteristics?;
a. It could be used for alternative purposes (e.g., by other federal
programs, state or local
governments, or nongovernmental entities) but is used to produce goods
or services or to support the mission of the entity.
b. It is used for
business-type activities.
c. It is used by entities in activities whose
costs can be compared to those of other entities performing similar
activities (e.g., federal hospital services in comparison to other
hospitals). (SFFAS 6, par. 23; OMB Bull. 97-01 as amended (Jan. 7,
2000), p. 21).
171.
Is PP&E of entities operating as business-type activities categorized
as general PP&E whether or not it meets the definition of other PP&E
categories (e.g., heritage assets)? (SFFAS 6, par. 24; OMB Bull. 97-01
as amended (Jan. 7, 2000), p. 21).
172.
Are lands and land rights specifically acquired for or in connection
with general PP&E included in general PP&E? (SFFAS 6, par. 25; OMB
Bull. 97-01 as amended (Jan. 7, 2000), p. 21).
173.
Is all general PP&E recorded at cost? (SFFAS 6, par. 26);
174.
Does the cost of general PP&E include all costs incurred to bring the
PP&E to a form and location suitable for its intended use, such as the
following?;
a. amounts paid to vendors;
b. transportation charges to the point of initial use;
c. handling and storage costs;
d. labor and other
direct or indirect production costs (for assets produced or
constructed);
e. costs of engineering, architectural, and other outside
services for designs, plans, specifications, and surveys;
f. acquisition
and preparation costs of buildings and other facilities;
g. an appropriate
share of the cost of the equipment and facilities used in construction
work;
h. fixed equipment and related installation costs required for
activities in a building or facility;
i. direct costs of inspection,
supervision, and administration of construction contracts and
construction work;
j. legal and recording fees and damage claims;
k. fair
value of facilities and equipment donated to the government;
l. material amounts of interest costs paid (SFFAS 6, par. 26).
175.
Is the recognized cost of general PP&E acquired under a capital lease
the lower of either the fair value of the asset or liability for the
capital lease at its inception? (SFFAS 6, par. 29).
176.
Is the cost of general PP&E acquired through donation, will, or
judicial process, excluding forfeiture, capitalized at estimated fair
value at the time acquired by the government? (SFFAS 6, par. 30);
177.
Is general PP&E transferred from other federal entities capitalized at
the book value recorded by the transferring entity? (SFFAS 6, par. 31);
.
178.
Is the asset capitalized at the fair value at the time of the transfer
from another federal entity if the receiving entity cannot reasonably
ascertain the book value of the PP&E transferred? (SFFAS 6, par. 31);
.
179.
If general PP&E is acquired through exchange with a nonfederal entity,
is it capitalized at the fair value of the PP&E surrendered at the time
of the exchange? (SFFAS 6, par. 32).
180.
If, however, the fair value of the PP&E acquired through exchange is
more readily determinable than that of the PP&E surrendered, is the
acquired general PP&E capitalized at the acquired PP&E's fair value?
(SFFAS 6, par. 32).
181.
If the fair values of the exchanged PP&E are not determinable, is the
acquired general PP&E capitalized at the book value of the PP&E
surrendered? (SFFAS 6, par. 32).
182.
If cash is included in an exchange of general PP&E, is the cost of PP&E
acquired increased or decreased, respectively, by the amount of cash
surrendered or received? (SFFAS 6, par. 32).
183.
Is PP&E recognized when title passes to the acquiring entity or when
PP&E is delivered to the entity or to an agent of the entity? (SFFAS 6,
par. 34).
184.
If general PP&E is under construction, is it recorded as construction
work in process until it is placed into service? (SFFAS 6, par. 34);
185.
Do estimates of useful life of general PP&E consider such factors as
physical wear and tear and technological change? (SFFAS 6, par. 35);
186.
Except for land and land rights of unlimited duration, is general PP&E
less its estimated salvage/residual value depreciated in a rational and
systematic manner over its estimated useful life? (SFFAS 6, par. 35,
122, & 136; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 21);
187.
Are changes in estimated useful life or salvage and residual value of
general PP&E accounted for in the period of change and future periods?
(SFFAS 6, par. 35).
188.
Are depreciation and amortization expenses accumulated in contra asset
accounts? (SFFAS 6, par. 36).
189.
Are costs that either extend the useful life of existing general PP&E
or enlarge or improve its capacity capitalized and depreciated/
amortized over the remaining useful life of the asset? (SFFAS 6, par.
37).
190.
When general PP&E is disposed of, retired, or removed from service, is
the asset removed from the asset accounts along with the associated
accumulated depreciation/amortization? (SFFAS 6, par. 38);
191.
Are the differences between the book value and the amounts realized
upon removal of service, retirement, or disposal of general PP&E
recognized as a current-period gain or loss? (SFFAS 6, par. 38);
192.
If prior to disposal, retirement, or removal from service, a general
PP&E asset no longer provides service in the operations of the entity:
a. Is it removed from the corresponding asset and contra asset
accounts?;
b. Is its net realizable value recorded in an appropriate
asset account?;
c. Is the difference between its book value and net
realizable value recorded as a current period gain or loss? (SFFAS 6,
par. 39).
193.
If historical cost information for existing general PP&E has not been
maintained, are cost estimates based on either of the following costs?;
a. the cost of similar assets at the time of acquisition;
b. the current cost
of similar assets discounted for inflation since the time of
acquisition (SFFAS 6, par. 40).
194.
If general PP&E would have been substantially depreciated or amortized
had it been recorded upon acquisition, does the entity weigh
materiality and cost-benefit in considering either of the following
alternatives?;
a. Record only improvements made during the period beyond
the initial expected useful life of general PP&E.
b. Make an aggregate
entry for whole classes of PP&E (e.g., entire facilities rather than a
building-by-building estimate). (SFFAS 6, par. 42).
195. Does the entity make the following minimum disclosures about its
general PP&E?;
a. the cost, associated accumulated depreciation, and book
value by major class (e.g., building and structures, fixtures,
equipment);
b. the estimated useful lives for each major class;
c. the method(s) of depreciation for each major class;
d. capitalization threshold(s) including any changes in thresholds(s)
during the period;
e. restrictions on the use or convertibility of general PP&E;
f. in the
period in which SFFAS 6 standards are implemented, adjustments to the
PP&E and related contra asset accounts by major class (e.g., buildings,
equipment, and vehicles) (SFFAS 6, par. 44 & 45; OMB Bull. 97-01 as
amended (Jan. 7, 2000), p. 62, note 9).
Assets; Software (196 - 226):
Software includes the application and operating system programs,
procedures, rules, and any associated documentation pertaining to the
operation of a computer system or program. "Internal use software" is
software that is purchased from commercial vendors "off the shelf,"
internally developed, or contractor-developed solely to meet the
entity's internal or operational needs. (SFFAS 10, par. 8).
196.
Does the entity capitalize the cost of software when such software
meets the following criteria?;
a. specifically identifiable;
b. determinate life of 2 years or more;
c. not intended for sale in the ordinary course of operations;
d. acquired or constructed with the intention of being used
by the entity;
e. meets the criteria for general property, plant, and
equipment (SFFAS 10, par. 15, 38, & 48).
197.
Are capitalized software costs included under general PP&E or reported
separately if the following criteria apply?;
a. The costs are intended to be primarily recovered through user
charges.
b. The feasibility has been
proven. (OMB 97-01 as amended (Jan. 7, 2000), p. 21).
198.
Does the capitalized development cost of internally developed software
include the full cost (i.e., direct and indirect cost) incurred during
the software development stage? (SFFAS 10, par. 16).
199.
Are capitalized software development costs limited to costs incurred
after the following steps have been taken?;
a. Management authorizes and
commits to a computer software project and believes that it is more
likely than not that the project will be completed and the software
will be used to perform the intended function with an estimated service
life of 2 years or more.
b. The conceptual formulation, design, and
testing of possible software project alternatives (i.e., preliminary
design stage) have been completed. (SFFAS 10, par. 11, 12, 16, 45, 62,
& 64).
200.
Do software capitalization costs include those for new software and
documentation manuals? SFFAS 10, par. 17, 60, & 61).
201.
Do the capitalized costs for commercial off-the-shelf (COTS) software
include the amount paid to the vendor? (SFFAS 10, par. 18);
202.
Do the capitalized costs for contractor-developed software include the
amount paid to a contractor to design, program, install, and implement
the software? (SFFAS 10, par. 18).
203. Does the entity capitalize material internal costs incurred to
implement the commercial-off-the-shelf software (COTS) or contractor-
developed software and otherwise make it ready for use? (SFFAS 10, par.
18).
204.
Does the entity expense all data conversion costs, including the cost
to develop or obtain the relevant software, related to internally
developed, contractor-developed, or COTS software? (SFFAS 10, par. 14,
19, & 69).
205.
Does the entity expense costs (e.g., ongoing training for users,
preventive maintenance) incurred after the completion of final
acceptance testing? (SFFAS 10, par. 14 & 20).
206.
Does the entity treat software that serves both internal uses and
stewardship purposes (e.g., a global positioning system) as internal
use software and capitalize it to the extent such software meets
criteria for general PP&E? (SFFAS 10, par. 15 & 21).
207.
Is computer software that is integrated into general PP&E and necessary
to operate it, rather than perform an application, considered part of
the PP&E of which it is an integral part, and is it capitalized and
depreciated accordingly? (SFFAS 10, par. 22).
208.
If the entity purchased software as part of a package of products and
services, does it use a reasonable estimate in allocating the cost
difference between capitalizable and noncapitalizable (i.e., expense)
elements? (SFFAS 10, par. 23).
209.
Does the entity expense software costs that are not susceptible to
allocation between maintenance and relatively minor enhancements?
(SFFAS 10, par. 23).
210.
Has the entity established realistic and defensible capitalization
thresholds for its internal-use software including bulk purchases of
software programs and modules or components of a total software system?
(SFFAS 10, par. 24 & 68).
211.
Does the entity capitalize the acquisition cost of enhancements to
existing internal-use software, as well as related modules, when it is
more likely than not that they will result in significant additional
capabilities? (SFFAS 10, par. 25, 42, 43, & 73).
212.
Does the entity expense the cost of minor enhancements resulting from
ongoing systems maintenance as well as the purchase of enhanced
versions of software for a minimal charge? (SFFAS 10, par. 26 & 73);
213.
Are material expenditures to add capability and functionality to
computer software capitalized? (SFFAS 10, par. 27).
214.
If the expensed repair or upgrades of computer software extends its
useful life, is the amortization period adjusted? (SFFAS 10, par. 27,
42, & 43).
215.
Does the entity recognize a loss upon impairment of computer software
if either of these conditions apply?;
a. The software is no longer
expected to provide substantive service and will be removed from
service.
b. A significant reduction occurs in the capabilities functions
of the software (or module thereof). (SFFAS 10, par. 28, 29, 30, 75 &
76).
216.
If the impaired software is to remain in use, is the loss due to
impairment measured as the difference between the book value and either
of the following amounts?;
a. the cost to acquire software that would
perform similar remaining functions (i.e., unimpaired functions);
b. the
portion of book value attributable to the remaining functional elements
of the software (SFFAS 10, par. 29).
217.
If the loss due to impairment cannot be determined, is the book value
of the software amortized over the remaining useful life of the
software? (SFFAS 10, par. 29).
218.
If impaired software is to be removed from use, is the loss due to
impairment measured as the difference between the book value and net
realizable value (NRV)? (SFFAS 10, par. 30 & 44).
219.
Does the entity transfer the NRV, if any, to an appropriate asset
account until such time as the software is disposed of and the NRV
realized? (SFFAS 10, par. 30).
220.
If the entity's managers conclude that, "more likely than not,"
developmental software (or a module thereof) will not be completed and
placed in service, is the accumulated book value (or the balance in a
work-in-process account, if applicable) reduced to reflect the expected
NRV and recognized as a loss? (SFFAS 10, par. 31).
221.
Does the entity amortize capitalized software in a systematic and
rational manner over the estimated useful life of the software? (SFFAS
10, par. 32 & 70).
222.
Does amortization of capitalized software not begin until successful
completion of testing? (SFFAS 10, par. 33, 41, & 71).
223.
If the use of software is dependent on the completion of another or
other software module(s), does the amortization not begin until the
complementary module(s) have successfully completed testing? (SFFAS 10,
par. 33).
224. Are additions to the book value or changes in useful life of
capitalized software treated prospectively (i.e., during the period of
change and future periods only) when the software is amortized? (SFFAS
10, par. 34).
225.
When the entity replaces existing internal-use software with new
software, is the unamortized cost of the old software expensed when the
new software has successfully completed testing? (SFFAS 10, par. 34);
226.
Does the entity disclose, if material, the following information
regarding its capitalized software?;
a. the cost, associated amortization, and book value;
b. the estimated useful life for each major class of software;
c. the method(s) of amortization (SFFAS 10, par. 35; SFFAS 6, par. 45).
Assets; Other Assets(227 - 238):
227.
Are other assets listed and described in a note to the financial
statements and broken out by homogenous groups within the major
categories of assets (i.e., entity versus nonentity, and
intragovernmental versus other entity assets)? (OMB Bull. 97-01 as
amended (Jan. 7, 2000), p. 48, note 6).
Advances are cash outlays made by a federal entity to its employees,
contractors, grantees, or others to cover the recipient's anticipated
expenses or as advance payments for the costs of goods and services
acquired by an entity. (SFFAS 1, par. 57);
Prepayments are payments
made by a federal entity to cover certain periodic expenses before
those expenses are incurred (SFFAS 1, par. 58).
228.
Are advances and prepayments recorded as assets and disclosed in the
notes? (SFFAS 1, par. 59; OMB Bull. 97-01 as amended (Jan. 7, 2000), p.
19).
229.
Are amounts of advances or prepayments --remaining after related goods
or services have been received, contract terms have been met, progress
payments have been made, or prepaid expenses have expired --transferred
to accounts receivable? (SFFAS 1, par. 59).
230.
Are advances and prepayments that are made to federal entities
accounted for and reported separately from those made to nonfederal
entities? (SFFAS 1, par. 61).
231.
Are advances and prepayments paid out reported separately (i.e., not
netted) from advances and prepayments received? (SFFAS 1, par. 60);
Property, plant, and equipment are classified as heritage assets if
they have
(1) historical or natural significance;
(2) cultural, educational, or artistic importance; or
(3) significant architectural
characteristic. (SFFAS 6, par. 57).
232.
If the predominant use is in general government operations (e.g., main
U.S. Treasury building, which is a heritage asset used as an office
building), is acquisition, betterment, or reconstruction of all
multiuse heritage assets capitalized as general PP&E and depreciated
over the useful life of the assets? (SFFAS 16, par. 6 & 9; OMB Bull.
97-01 as amended (Jan. 7, 2000), p. 21).
233.
Does the entity also include a footnote disclosure explaining that
"physical quantity" information for the multiuse heritage assets is
included in supplemental stewardship reporting for heritage assets?
(SFFAS 16, par. 9).
234.
Are multiuse heritage assets acquired through donation or devise
recognized as general PP&E at the assets' fair value? (SFFAS 16, par.
11).
235.
Is the fair value amount of such assets acquired through donation or
devise recognized as "nonexchange revenue," as defined in SFFAS 7 in
the Statement of Change in Net Position? (SFFAS No.16, par. 11);
Land is defined as the solid part of the surface of the earth. Excluded
from the definition of land are depletable resources, such as timber
and other continental shelf resources. (SFFAS 6, par. 66 & 67).
236.
Are land and land rights owned by the federal government, except those
acquired for or in connection with general PP&E, referred to as
stewardship land in the entity's annual report? (SFFAS 6, par. 68, 137
& 228).
237.
Are significant structures that have been acquired with stewardship
land and have a significant operating use treated as general PP&E
(i.e., capitalized and depreciated) if used in operations? (SFFAS 6,
par. 70 & 232).
238.
Is the cost of a structure acquired with stewardship land that is to be
used in operations included in the acquisition cost of the land if one
of the following apply?;
a. The structure's value is insignificant
compared to the value of the land.
b. The structure has little or no inherent value.
c. The structure is merely a byproduct of the acquisition
of the land. (SFFAS 6, par. 70).
Liabilities; Liabilities in General (239 - 240); Yes, No, or, N/A;
Explanation.
Liabilities of federal agencies are reported under two major
categories: (1) liabilities covered by budgetary resources and (2)
liabilities not covered by budgetary resources. Within each of these
two categories, liabilities are classified as (1) intragovernmental
liabilities, which are amounts owed to other federal entities or (2)
governmental liabilities, which are amounts owed to nonfederal entities
by the federal government or an entity within the federal government.
(SFFAS 1, par. 21; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 16 &
22);
A liability for federal accounting purposes is a probable and
measurable future outflow or other sacrifice of resources as a result
of past transactions or events. (SFFAS 5, par. 19, 20, & 21; OMB Bull.
97-01 as amended (Jan. 7, 2000), p. 22);
Probable refers to that
which can reasonably be expected or is believed to be more likely than
not on the basis of available evidence or logic. However, in the
context of assessing the outcome of matters of pending or threatened
litigation and unasserted claims and recognizing an associated
liability, "probable" refers to that which is likely, not to that which
is "more likely than not. " (SFFAS 5, par. 33; SFFAS 12, par. 10);
Measurable refers to that which can be quantified in monetary units
with sufficient reliability to be reasonably estimable. (SFFAS 5, par.
34).
239.
Are liabilities recognized when incurred regardless of whether they are
covered by available budgetary resources (including those liabilities
related to appropriations cancelled under "M" account legislation)?
(OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 22);
240. Does the federal entity recognize a liability for probable and
measurable future outflows or other sacrifices of resources arising
from one or more of the following events?;
a. past exchange transactions;
b. government-related events, such as government-caused damages;
c. government-acknowledged events, such as natural disasters, for which
the government has taken formal responsibility for the related costs;
d.
nonexchange transactions that, according to current law and applicable
policy, are unpaid amounts due as of the reporting date. (SFFAS 5, par.
19 - 34; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 22);
Liabilities; Interest Payable (241 - 248);
Explanation.
Accounts payable are amounts owed by a federal entity for goods and
services received from, progress in contract performance made by, and
rents due to other entities. (SFFAS 1, par. 74; OMB Bull. 97-01 as
amended (Jan. 7, 2000), p. 22).
241.
Do accounts payable exclude amounts related to ongoing continuous
expenses, such as salary and related benefits expense, which are
classified as other current liabilities? (SFFAS 1, par. 75);
242.
Are accounts payable owed to other federal agencies reported separately
from those owed to the public? (SFFAS 1, par. 76; OMB Bull. 97-01 as
amended (Jan. 7, 2000), pp. 16 & 22).
243.
When an entity accepts title to goods, whether the goods are delivered
or in transit, does the entity recognize a liability for the unpaid
cost of goods? (SFFAS 1, par. 77).
244.
If invoices for goods, for which the entity has accepted the title, are
not available, does the entity estimate the amount owed? (SFFAS 1, par.
77).
245.
For facilities or equipment constructed or manufactured by contractors
or grantees according to agreements or contract specifications, are
amounts recorded as payable based on an estimate of work completed
under the contract or the agreement in accordance with the federal
entity's engineering and management evaluation of actual performance
progress and incurred costs? (SFFAS 1, par. 78 & 79).
246.
Are accounts payable covered by budgetary resources separately reported
from those not covered by budgetary resources? (SFFAS 1, par. 80; OMB
Bull. 97-01 as amended (Jan. 7, 2000), pp. 16 & 22).
247.
Is interest incurred but unpaid on liabilities and late payments and
refunds recognized as interest payable and reported as a liability at
the end of each period? (SFFAS 1, par. 81; OMB Bull. 97-01 as amended
(Jan. 7, 2000), p. 22).
248.
Is interest payable to federal entities reported separately from
interest payable to the public? (SFFAS 1, par. 82).
Liabilities; Liabilities for Loan Guarantees (249 - 262); N/A;
Explanation.
A loan guarantee is any guarantee, insurance (but not deposit
insurance), or other pledge with respect to the payment of all or part
of the principal or interest on any debt obligation of a nonfederal
borrower to a nonfederal lender. (SFFAS 2, app. C);
The Federal Credit
Reform Act of 1990 requires federal entities to estimate and budget for
the costs arising from default of guaranteed loans made after fiscal
year (FY) 1991 (i.e., post 1991). (SFFAS 2, par. 7; OMB 97-01 as
amended (Jan. 7, 2000), p. 55).
249.
Is the present value of estimated net cash outflows from post-1991
(i.e., committed after September 30, 1991) loan guarantees recognized
as a liability? (SFFAS 2, par. 7 & 23).
250.
Does the entity disclose by loan program the face value of guaranteed
loans outstanding and the amount of outstanding principal guaranteed?
(SFFAS 2, par. 23; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 51,
note 7, item F & p. 55, 1[ST] par.).
251.
Does the entity disclose by loan program the estimated liabilities
arising from post-1991 loan guarantees? (OMB Bull. 97-01 as amended
(Jan. 7, 2000), p. 52, note 7, item G & p. 57, item G);
252.
Is a liability for a pre-1992 (i.e., committed before October 1, 1991)
loan guarantee recognized when it is more likely than not that the loan
guarantee will require a future cash outflow to pay a default claim?
(SFFAS 2, par. 39 & app. B, part IV A).
253.
Is the face value of pre-1992 guaranteed loans outstanding and related
liability broken out by loan program and disclosed in a note to the
financial statements? (OMB Bull. 97-01 as amended (Jan. 7, 2000), note
7, items A & G; pp. 49, 52, 55, item A 1[ST] par. & p. 57, item G);
254.
Are the liabilities for the pre-1992 loan guarantees reestimated each
year as of the date of the financial statements? (SFFAS 2, par. 39);
255. Does the entity disclose, by loan program, whether pre-1992 loan
guarantees are reported on a present-value basis1 or under the
allowance-for-loss method?2 (OMB Bull. 97-01 as amended (Jan. 7, 2000),
p. 52 items, G1 & G2; p. 55, item A, 4[TH] par. & p. 57, item G);
.
256.
When the total loan guarantee liability for all of the credit programs
is negative, is this reported as an asset? (OMB Bull. 97-01 as amended
(Jan. 7, 2000), p. 23).
257.
However, if a loan guarantee liability is the result of both positive
and negative amounts of the various components, is the total shown as a
liability, and are the negative components (of the loan guarantee
liability) disclosed? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p.
23).
A "modification" is a federal government action, including new
legislation or administrative action, that directly or indirectly
alters the estimated subsidy cost and the present value of outstanding
direct loans or the liability of loan guarantees. (SFFAS 2, par. 41);
Direct modifications are actions that change the subsidy cost by
altering the terms of existing contracts or by selling loan assets.
(SFFAS 2, par. 42);
Indirect modifications are actions that change the
subsidy cost by legislation that alters the way in which an outstanding
portfolio of direct loans or guarantees is administered. (SFFAS 2, par.
43).
258.
When post-1991 loan guarantees are modified, is the existing book value
of the related liability changed to an amount equal to the present
value3 of net cash outflows that are projected under the modified terms
from the time of the modification to the loan's maturity? (SFFAS 2,
par. 50 & app. B, part III D(4); SFFAS 19, par. 7(d));
.
259.
When pre-1992 loan guarantees are directly modified:
a. Are they
transferred from the liquidating account to a financing account?;
b. Is the existing book value of the liability of the modified loan
guarantees changed to an amount equal to their post-modification
liability (i.e., the present value of the net cash outflows under post-
modification terms discounted at the current Treasury rate)? (SFFAS 2,
par. 51 & app. B, part IV B(4)).
260.
If pre-1992 loan guarantees are indirectly modified: Are they kept in
a liquidating account?;
b. Is the related liability reassessed and
adjusted to reflect any change in the liability resulting from the
modification? (SFFAS 2, par. 51).
261.
Are subsequent modifications of pre-1992 loan guarantees treated as a
modification of post-1991 loan guarantees? (SFFAS 2, par. 51);
262.
If a post-1991 or pre-1992 loan is sold with a recourse provision, is
the present value (discounted at the Treasury rate in effect at the
time of the sale) of the estimated losses recognized as a subsidy
expense and loan guarantee liability? (SFFAS 2, par. 53 & 54 & app. B,
part I F(3)).
Liabilities; Lease Liabilities (263 - 266):
Capital leases are leases that transfer substantially all of the
benefits and risks of ownership to the lessee. (SFFAS 5, par. 43).
263.
Is the amount recorded by the lessee as a liability under a capital
lease arrangement the lesser of the following amounts?;
a. the present
value of rental and other minimum lease payments (excluding executory
costs) during the lease term;
b. the fair value of the property at the
inception of the lease (SFFAS 5, par. 43 & 44).
264.
Does the entity use the applicable Treasury borrowing rate to determine
the interest rate charged on a capital lease unless the following
apply?;
a. It is practicable for the lessee to learn the implicit rate
computed by the lessor.
b. The implicit rate is less than the Treasury
borrowing rate. (SFFAS 5, par. 45).
265.
During the lease term is each minimum payment allocated between a
reduction of the obligation and interest expense so as to produce a
constant periodic rate of interest on the remaining balance of the
liability? (SFFAS 5, par. 46).
266.
Does the entity disclose in a note to the statements the following
information about its capital leases?;
a. gross amounts of assets under capital lease by major asset category;
b. a description of the lease
arrangements, for example: future funding commitments, lease terms,
renewal options, escalation clauses, restrictions, and amortization
periods;
c. future payments due, by major asset category, and deductions
for imputed interest and executory costs for all noncancellable leases
with terms longer than 1 year;
d. a breakout of portions of the capital
lease liability covered by budgetary resources and not covered by
budgetary resources (OMB Bull. 97-01 as amended (Jan. 7, 2000), note
12, pp. 67 & 69, item A).
Liabilities; Federal Debt and Related Interest; (267 - 278);
Explanation.
Debts are amounts borrowed from the Treasury, the Federal Financing
Bank, other federal agencies, or the public under general or special
financing authority such as Treasury bills, notes, bonds, and FHA
debentures. (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 23).
267.
Does the entity accounting for federal debt identify the amount of the
outstanding debt liability at any given time and the related interest
cost for each accounting period? (SFFAS 5, par. 48).
268.
Are fixed-value securities with known redemption or maturity amounts
valued at their original face (par) value net of any unamortized
discount or premium? (SFFAS 5, par. 50).
The straight-line method for amortizing a bond premium or discount
reduces it in equal amounts over the life of the bond. (A. N. Mosch and
E. John Larsen, Intermediate Accounting, McGraw-Hill Book Company,
fifth edition 1982, p. 612.);
The interest method for amortizing a
bond premium or discount reduces the discount or premium by the
difference between the effective interest and stated interest on the
bond. (SFFAS 1, app. B).
269.
Is either the straight line or interest method of discount or premium
amortization used if the following conditions are met?;
a. The short-term
securities have a maturity of 1 year or less.
b. In the case of longer-
term securities, the difference between the amount of amortization
under the interest and straight-line methods is immaterial. (SFFAS 5,
par. 50).
270.
Is the interest method used for amortizing any discount or premium if
the conditions listed in the previous question are not met? (SFFAS 5,
par. 51).
271. If the entity has issued variable value securities of unknown
redemption or maturity values, are they appraised at their original
value and periodically revalued on the basis of the regulations or
offering language? (SFFAS 5, par. 52).
272.
Are old currencies issued by the federal government and not yet
redeemed or written off identified as a federal debt liability at face
value? (SFFAS 5, par. 55).
273.
Are the beginning balance, net borrowing, and ending balances of debt
disclosed? (SFFAS 5, par. 48; OMB Bull. 97-01 as amended (Jan. 7,
2000), note 10, p. 63).
274. Are the following categories of debt disclosed?;
a. total public debt
(reported by the Treasury Department only) broken out by debt;
b. total
agency debt issued under special financing authority (e.g., FHA
debentures and TVA bonds) broken out by debt held by the government
accounts and debt held by the public;
c. other debt broken out by debt
owed to the Treasury, debt owed to the Federal Financing Bank, and debt
owed to other federal agencies (OMB Bull. 97-01 as amended (Jan. 7,
2000), note 10, pp. 63 & 64).
275.
Is all debt owed to Treasury, the Federal Financing Bank, or other
federal agencies reported under intragovernmental liabilities and
disclosed as intragovernmental debt? (OMB Bull. 97-01 as amended (Jan.
7, 2000), p. 16 & note 10, pp. 63 & 64).
276.
Is all debt owed to the public reported and disclosed as such? (OMB
Bull. 97-01 as amended (Jan. 7, 2000), p. 16 & note 10, pp. 63 & 64);
277.
Are the names of the agencies disclosed, other than Treasury or Federal
Financing Bank, to which intragovernmental debt is owed, and are the
amounts disclosed? (OMB Bull. 97-01 as amended (Jan. 7, 2000), note 10,
p. 64).
278.
Is other information relative to debt disclosed (e.g., maturity dates,
redemption or call of debt owed to the public before maturity dates,
write-offs of debts owed to Treasury or the Federal Financing Bank)?
(OMB Bull. 97-01 as amended (Jan. 7, 2000), note 10, p. 64);
Liabilities; Pensions, Other Retirement Benefits, and Postemployment
Benefits (279 - 287):
Federal employee and veterans benefits include the actuarial portion of
pensions, other retirement benefits, and other postemployment benefits.
They do not include liabilities related to ongoing continuous expenses
such as employees' accrued salary, accrued annual leave, unpaid
portions of employee benefits, and other benefits that are currently
due. These items are reported under the "other liabilities" line item.
(OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 23);
In the context of
accounting for pensions, other retirement benefits (ORB), and other
postemployment benefits, the "administrative entity" manages and
accounts for the pension or other employee plan, while the "employer
entity" employs federal workers and generates employee costs, for which
it would typically receive a salary and expense appropriation. (SFFAS
5, par. 57, footnote 38);
The "aggregate entry age normal" actuarial
cost method is one under which the expenses or liabilities arising from
the actuarial present value of projected pension benefits are allocated
on a level basis over the earnings or the service of the group between
entry age and assumed exit ages. The portion of the actuarial present
value allocated to a valuation year is called "normal cost. " (SFFAS 5,
par. 64).
279.
Is the aggregate entry age normal actuarial cost method used to
calculate, for the administrative entity financial statements, the
liabilities arising from pension and ORB expenses? (SFFAS 5, par. 64 &
82).
280.
If other actuarial cost methods are used, does the entity provide an
explanation? (SFFAS 5, par. 64).
281.
Does the administrative entity report pension and ORB assets separately
from liabilities as opposed to netting them out? (SFFAS 5, par. 68 &
85).
282.
Does the administrative entity carry pension and ORB assets at their
acquisition cost, adjusted for amortization, if appropriate? (SFFAS 5,
par. 68 & 85).
283.
Does the administrative entity disclose the market value of pension and
ORB investments in market-based and marketable securities? (SFFAS 5,
par. 68 & 85).
284.
Does the employer entity recognize the long-term other postemployment
benefits liability as the present value of future payments discounted
at the Treasury borrowing rate for securities of similar maturity?
(SFFAS 5, par. 95).
285.
Does the administrative entity disclose and report separately the
liabilities arising from pensions, other retirement benefits, and other
postemployment benefits that are covered by budgetary resources and the
liabilities that are not covered by budgetary resources? (OMB Bull. 97-
01 as amended (Jan. 7, 2000), pp. 16 & 23 & note 13, p. 70);
286.
Does the administrative entity disclose the assumptions used to
calculate the liability for pensions, other retirement benefits, and
other postemployment benefits? (SFFAS 5, par. 67 & 83; OMB Bull. 97-01
as amended (Jan. 7, 2000), note 13, p. 70).
287.
If the assumptions for a pension plan differ from the assumptions used
by the three primary plans --Civil Service Retirement System (CSRS),
Federal Employees Retirement System (FERS), and Military Retirement
System (MRS) --does the administrative entity disclose how and why the
assumptions differ from those of the primary plans? (SFFAS 5, par. 67;
OMB Bull. 97-01 as amended (Jan. 7, 2000), note 13, p. 70);
Liabilities; Other Liabilities (288 - 318):
Unless they are reported separately, other liabilities cover
liabilities not recognized in other categories. They include, but are
not limited to: capital leases, insurance, advances and prepayments,
deposit funds held in escrowand accrued liabilities and liabilities for
losses, claims, and other contingencies. Claims and other contingencies
include: indemnity agreements, adjudicated claims, commitments to
international institutions, and clean-up costs. (SFFAS 1, par. 83 - 86;
OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 24).
288.
Do all federal insurance and guarantee programs (except social
insurance and loan guarantee programs) recognize a liability for unpaid
claims incurred resulting from insured events that have occurred as of
the reporting date? (SFFAS 5, par. 104; OMB Bull. 97-01 as amended
(Jan. 7, 2000), p. 24).
289.
Do federal insurance programs accrue a contingent liability when an
existing condition, situation, or set of circumstances involving
uncertainty as to possible loss exists, and when the following
conditions apply?;
a. The uncertainty will be resolved when one or more
probable future events occur or fail to occur.
b. Future outflow or other
sacrifice of resources is probable and measurable. (SFFAS 5, par. 104 &
108; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 24);
290.
When insurance payments and losses extend beyond the current year, are
net losses calculated on a present-value basis to reflect the time
value of money? (SFFAS 5, par. 109).
291.
Does the entity report under "required supplementary stewardship
information" (RSSI) the major assumptions and "risks assumed" (i.e.,
the present value of unpaid losses net of associated premiums based on
risk inherent in the insurance or guarantee coverage) for all sponsored
insurance programs (except for social insurance, life insurance, and
loan guarantee programs)? (SFFAS 5, par. 105, 106, & 109);
292.
Does the entity also report under RSSI the indicators of the range of
uncertainty around insurance-related estimates and sensitivity of the
estimates to changes in major assumptions? (SFFAS 5, par. 114);
The liability for future policy benefits is the present value of future
outflows to be paid to (or on behalf of) policyholders, less the
present value of future related premiums. In general, for whole life
policies, the liability for future policy benefits should be no less
than the cash surrender value that accrues to the benefit of the
policyholder. (SFFAS 5, par. 116).
293.
Does the entity also recognize a liability for future insurance policy
benefits (such as death or disability)? (SFFAS 5, par. 104; OMB Bull.
97-01 as amended (Jan. 7, 2000), p. 24).
294.
Are liabilities for future benefits of whole life insurance policies
reported and disclosed in accordance with private sector standards
(i.e., FASB SFAS 60, 97, & 120; AICPA SOP 95-1)? (SFFAS 5, par. 117 &
191 - 193; OMB Bull. 97-01 as amended (Jan. 7, 2000), note 14, p. 70);
295.
Does the liability for future benefits relating to participating life
insurance contracts equal the sum of the following amounts?;
a. the net-
level premium reserve for death and endowment policy benefits;
b. liability for terminal dividends and;
c. any premium deficiency (SFFAS 5, par. 118 & 120).
296.
Has the entity made an assessment to compare the liability for future
policy benefits using actuarial assumptions applicable at the time the
contract was made (contract assumptions) with the liability for future
policy benefits using assumptions that consider the following factors?;
a.
current economic conditions (i.e., current and expected investments and
expected long-term yields);
b. experience (i.e., mortality, morbidity, and termination rates)
(SFFAS 5, par. 119).
297.
Does the entity disclose the components of the liability for future
policy benefits of whole life insurance contracts along with a
description of each amount and explanation of its projected use? (SFFAS
5, par. 121; OMB Bull. 97-01 as amended (Jan. 7, 2000), note 14, p.
70).
298.
Does the reporting entity disclose and break out the following items?;
a. the portion of other liabilities covered by budgetary resources and
the portion not covered by budgetary resources;
b. the portion of other
liabilities payable to governmental (i.e., federal) entities and the
portion payable to nonfederal entities;
c. the portion of other
liabilities that are noncurrent and the portion that are current (SFFAS
1, par. 83 - 86; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 16 & 24
& note 11, pp. 65 & 66).
299.
Does the agency record "unearned revenue" as a liability if it requests
advances or progress payments prior to receipt of cash, and does it
record the amounts? (SFFAS 7, par. 37).
300.
Are amounts payable for refunds, refund offsets, and drawbacks
recognized as liabilities when measurable and legally payable under
established processes of the collecting entity? (SFFAS 7, par. 57 &
app. E).
301.
Do amounts payable for refunds include refund claims filed by the
taxpayer in which the government has determined the amount payable and
identified the payee? (SFFAS 7, par. 57).
302.
Are filed claims for refunds, even if reasonably estimable, excluded
from payables if administrative actions have not been completed as of
the close of the reporting period? (SFFAS 7, par. 58. A);
303. Are unasserted claims for refunds, even if reasonably estimable,
excluded from payables? (SFFAS 7, par. 58. B).
304. Are voluntarily made deposits pending settlements and judgments
separately recognized as deposit liabilities? (SFFAS 7, par. 59);
A loss contingency is an existing condition, situation, or set of
circumstances involving uncertainty as to possible loss to an entity.
The uncertainty should ultimately be resolved when one or more future
events occur or fail to occur. (SFFAS 5, par. 35; OMB Bull. 97-01 as
amended (Jan. 7, 2000), p. 24 & note 16, p. 71).
305. Does the entity recognize estimated losses for claims or other
contingencies if the following conditions apply?;
a. A past event or exchange transaction has occurred.
b. A future outflow or other sacrifice of resources is probable.
c. The future outflow or sacrifice
of resources is measurable. (SFFAS 5, par. 33 & 38; SFFAS 12, par. 10 &
11; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 24);
306.
If any one of the conditions for recognizing a contingent liability are
not met and there is at least a "reasonable possibility" 20 that a loss
or additional loss may be incurred, does the entity disclose the nature
of the contingency and the following?;
a. an estimate of the possible liability;
b. an estimate of the range of the possible liability;
c. a statement that such an estimate cannot be made (SFFAS 5, par. 36,
38, 40, & 41).
307.
If no amount within the range of possible liabilities is a better
estimate than any other amount:
a. Is the minimum amount in the range of possible liabilities
recognized?;
b. Is the range and a description of the
nature of the contingency disclosed? (SFFAS 5, par. 39);
308. If information about remote contingencies, or related to remote
contingencies, is included in general-purpose federal financial
reports, is the information labeled to avoid the misleading
implication that there is more than a remote chance of a loss of that
amount? (SFFAS 5, par. 42).
309.
If material, does the entity separately disclose a contingent liability
for environmental clean-up costs for PP&E if the following criteria
apply?;
a. They are related to a past transaction or event.
b. The related
costs are probable and measurable. (SFFAS 5, par. 38 & SFFAS 6, par. 91
- 93; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 24);
310. When clean-up costs are paid, are the payments recognized as a
reduction in the liability for clean-up costs? (SFFAS 6, par. 100);
311.
If clean-up costs have not been previously recognized, is a liability
recognized for the portion of the estimated total clean-up cost that is
attributable to either the portion of the physical capacity used or the
portion of the estimated useful life that has passed, since the PP&E
was placed into service? (SFFAS 6, par. 104).
312. When clean-up costs are recognized for the first time, is the
offsetting charge for any liability for clean-up costs shown as a
"prior-period adjustment?" (SFFAS 6, par. 105).
313. Are the amounts of prior-period adjustments arising from belated
recognition of clean-up costs and liabilities disclosed and, if
possible, associated with current and prior periods? (SFFAS 6, par.
105).
314.
Are any subsequent changes (made in periods following implementation)
in estimated total clean-up cost immediately expensed (if costs are to
be recovered though user charges) and reflected in the related
liability balance? (SFFAS 6, par. 104).
315. Does the entity also disclose the following information?;
a. the sources
(i.e., applicable laws and regulations) of clean-up requirements;
b. the method for assigning estimated total clean-up costs to current
operating periods (e.g., physical capacity versus passage of time);
c. the unrecognized portion of estimated total clean-up costs
associated with general PP&E;
d. the material changes in total estimated clean-up costs
due to changes in laws, technology, or plans;
e. the portion of change in
an estimate that relates to prior-period operations;
f. the nature of
estimates and the disclosure of information regarding possible changes
due to inflation, deflation, technology, or applicable laws and
regulations (SFFAS 6, par. 107 - 111).
Social insurance programs provide for the maintenance and distribution
of incomes and medical benefits during periods of unemployment,
disability, and retirement. These programs are Social Security,
Medicare, and Railroad Retirement Benefits, Black Lung Benefits, and
Unemployment Insurance. Expense and liability recognition for these
programs is the same for both the consolidated governmentwide entity as
for the component entities. (SFFAS 17, par. 2, 4, 14, & 30).
316.
Does the entity recognize a liability for social insurance benefits due
and payable including claims incurred but not reported? (SFFAS 17, par.
22, 59 - 63, & 113).
317.
Does the liability for unemployment insurance include the following
amounts?;
a. amounts due to states and territories for benefits they have
paid to beneficiaries but for which they have not withdrawn funds from
the federal unemployment trust fund (UTF) as of the fiscal year-end;
b. estimated amounts to be withdrawn from UTF and benefits paid by
states and territories after fiscal year-end for compensatory days
occurring prior to fiscal year-end (SFFAS 17, par. 23).
318.
Does the entity separately report items within other liabilities if the
amounts are material? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p.
24).
Net Position; Unexpended Appropriations & Cumulative Results of
Operations (319 - 322):
319.
Does the line item "unexpended appropriations" include both the portion
of the entity's appropriation represented by undelivered orders and
unobligated balances? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p.
25).
320.
Does the entity break out and disclose the portion of unexpended
appropriations represented by undelivered orders and unobligated
amounts? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 71, note 15);
.
321.
Does the entity disclose its estimate of obligations related to
cancelled appropriations for which it has a contractual commitment for
payment? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 71, note 16);
.
322. Does the line item "cumulative results of operations" include the
following items?;
a. the net results of operations since inception;
b. the cumulative amount of prior-period adjustments;
c. the cumulative
amount of donations and transfers of assets in and out of the entity's
control (i.e., constructive ownership) without reimbursement;
d. the cumulative amounts related to investment in capitalized assets,
such as PP&E (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 25);
Section IV: Staetment of Net Cost:
The questions related to the Statement of Net Cost are presented under
three general captions and 12 line items. The question numbers related
to each caption and line item follow.
Question Numbers:
Cost Accounting in General:
1. Overall Requirements: 1 - 16:
2. Responsibility Segments: 17 - 21:
3. Full Cost: 22 - 30:
4. Interentity Costs: 31 - 36:
5. Costing Methodology: 37 - 45:
Revenues: 46 - 69:
Costs:
6. Pensions and Other Retirement and Postemployement Benefits: 70 -
94:
7. Inventory, Materials, Supplies, and Commodities: 95 - 103:
8. Property, Plant, and Equipment: 104 - 118:
9. Clean-up Costs: 119 - 127:
10. Interest: 128 - 129:
11. Insurance and Subsidies: 130 - 133:
12. Credit Programs: 134 - 182:
Cost Accounting in General Overall Requirements (1 - 16); Yes, No,
or; N/A:
The Statement of Net Cost is designed to show separately the components
of the net cost of the reporting entity's operations for the period.
The statement and any related supporting schedules classify revenue and
cost information by suborganization or responsibility segment. (OMB
Bull. 97-01 as amended (Jan. 7, 2000) , p. 27);
Information presented
in the Statement of Net Costs mostly depends on the agency properly
implementing SFFAS No. 4, Managerial Cost Accounting Standards for the
Federal Government. SFFAS No. 4 essentially defines how costs are
determined and provides guidance for defining and structuring
responsibility segments. (OMB Bull. 97-01 as amended (Jan. 7, 2000), p.
27);
Managerial cost accounting is the process of accumulating,
measuring, analyzing, interpreting, and reporting cost information
useful to both internal and external groups concerned with the way in
which the organization uses, accounts for, safeguards, and controls its
resources to meet its objectives. (SFFAS 4, par. 42);
A cost
accounting "system" is a continual and systematic cost accounting
process that may be designed to accumulate and assign costs to a
variety of objects routinely or as desired by management. (SFFAS 4,
par. 74);
Cost finding is a method for determining the cost of
producing goods or services using appropriate procedures, for example,
special cost studies or analyses. (SFFAS 4, par. 76).
1.
Is the classification of suborganization and major programs for which
costs are reported consistent with the entity's mission and outputs?
(OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 27).
2.
Are net costs reported for the entity as a whole and for specific
suborganizations and major programs? (OMB Bull. 97-01 as amended
(Jan. 7, 2000), p. 27).
3.
Does the Statement of Net Costs include a combined total column? (OMB
Bull. 97-01 as amended (Jan. 7, 2000), pp. 26 & 28).
4.
Does the combined total column include a note alerting readers that the
combined statement of financing or equivalent schedules do not include
intra-agency eliminations? (OMB Bull. 97-01 as amended (Jan. 7, 2000),
p. 28).
5.
Are the costs related to the production of goods and services provided
to other programs reported separately from the costs of goods,
services, transfers, and grants provided to the public? (OMB Bull. 97-
01 as amended (Jan. 7, 2000), p. 28).
6.
Are costs that cannot be directly traced, assigned on a cause-and-
effect basis, or reasonably allocated to segments and their outputs and
programs reported on the Statement of Net Cost as "Costs not assigned
to programs?" (OMB 97-01, pp. 26 & 29; SFFAS 7 Imple. Guide, par. 32);
.
7.
Is earned revenue that is insignificant or cannot be attributed to
particular outputs or programs reported separately as a deduction in
arriving at the net cost of operations of the suborganization or
reporting entity as a whole? (OMB 97-01 as amended (Jan. 7, 2000), pp.
26 & 29).
8.
Does the reporting entity regularly accumulate and report the costs of
its activities either by means of cost accounting systems or cost
finding techniques? (SFFAS 4, par. 70).
9.
Has the entity established appropriate procedures and practices to
enable the consistent and regular collection, measurement,
accumulation, analysis, interpretation, and communication of cost
information? (SFFAS 4, par. 68 & 70).
10.
Does the cost accounting data collected by the entity provide
information needed to determine and report service efforts,
accomplishments, and information required by the Government Performance
and Results Act of 1993 (GPRA)? (SFFAS 4, par. 69).
11.
In general, does the reporting entity use a cost accounting system or
cost finding technique that can perform at least a certain minimum
level of cost accounting as well as provide basic cost information
necessary to accomplish the objectives associated with planning,
decision-making, control, and reporting? (SFFAS 4, par. 71);
.
12.
Specifically, does the reporting entity's cost accounting system or
cost finding technique, at a minimum, do the following?;
a. Collect cost
information by responsibility segments, which have been identified by
management.
b. Define outputs for each responsibility segment.
c. Measure
the full cost (including the cost of goods or services provided by
other entities) of outputs so that total operational costs and total
unit costs of outputs can be determined.
d. Use a costing methodology
(e.g., activity-based, job order, and standard costing) that is
appropriate for management's needs and the operating environment.
e. Provide information needed to determine and report service efforts,
accomplishments, and information necessary to meet the requirements of
GPRA (or interface with a system that provides such information).
f. Rely
on the Standard General Ledger as a basis for integrating its cost
information with its general financial accounting capability.
g. Supply
cost data precise enough to provide reliable and useful information to
internal and external users in making evaluations or decisions.
h.
Accommodate management's special cost information needs. (SFFAS 4, par.
71).
13. Are all cost accounting activities, processes, and procedures
documented? (SFFAS 4, par. 71).
14.
In determining the appropriate detail for its cost accounting processes
and procedures, has the reporting entity considered the following?;
a. nature of its operations;
b. the precision desired and needed in cost information;
c. the practicality of data collection and processing;
d. the availability of electronic data-handling facilities;
e. the cost of
installing, operating, and maintaining the cost accounting processes;
f. any specific information needs of management (SFFAS 4, par. 72);
15.
Has the entity used similar or compatible cost accounting processes
throughout its component units? (SFFAS 4, par. 73).
16.
Does the entity provide appropriate variations of the Statement of Net
Cost based on the types of programs that it carries out and OMB
guidance? (SFFAS 7 Imple. Guide, par. 33; OMB Bull. 97-01 as amended
(Jan. 7, 2000), pp. 28 & 30).
Cost Accounting in General; Responsibility Segments (17 - 21);
Explanation.
A responsibility segment is a component of a reporting entity that is
responsible for carrying out a mission, conducting a major line of
activity, or producing one or a group of related products or services.
(SFFAS 4, par. 78).
17.
Has the management of the reporting entity defined and established, as
needed, responsibility segments to perform managerial cost accounting
functions? (SFFAS 4, par. 77).
18.
Does management designate or establish responsibility segments based on
the following?;
a. the entity's organization structure;
b. its lines of responsibility and missions;
c. its output of goods and services;
d. budget accounts and funding authorities (SFFAS 4, par. 86);
19.
For each responsibility segment, can the entity do the following?;
a.
Define and accumulate outputs and, if feasible, quantify each type of
output in units.
b. Accumulate costs and quantitative units of resources
consumed in producing the outputs.
c. Assign costs to outputs and
calculate the cost per unit of each type of output, if possible.
d.
Establish lower level cost centers, as needed. (SFFAS 4, par. 79 & 88);
20.
Does the reporting entity include supporting schedules in the Notes to
the Financial Statements if the suborganization's summary information
provided in the Statement of Net Cost does not fully display the
suborganization's major programs and activities? (OMB Bull. 97-01 as
amended (Jan. 7, 2000), pp. 71 & 72).
21.
Does the reporting entity disclose gross cost and earned revenue, by
budget functional classification? (OMB Bull. 97-01 as amended (Jan. 7,
2000), p. 73).
Cost Accounting in General; Full Cost (22 - 30):
Full cost is the sum of all costs required by a cost object including
the costs of activities performed by other entities regardless of
funding sources. (SFFAS 4, app. B);
Cost object (or cost objective)
is an activity, output, or item whose cost is to be measured --or in a
broad sense, an organizational division, function, task, product,
service, or customer. (SFFAS 4, app. B);
Direct costs are costs that
can be specifically identified with an output. (SFFAS 4, par. 89);
Indirect costs are costs of resources that are jointly or commonly used
to produce two or more types of outputs but are not specifically
identifiable with any of the outputs. (SFFAS 4, par. 91);
Output is
any product or service generated from the consumption of resources.
(SFFAS 4, par. 89).
22.
Does the reporting entity report include all direct costs in the full
cost of outputs? (SFFAS 4, par. 89 & 90).
23. Does the reporting entity also include the following?;
a. indirect costs incurred within a responsibility segment;
b. the costs of support services
that a responsibility segment receives from other segments and entities
(SFFAS 4, par. 91, 122, & 123).
24.
Are those general management and administrative support costs that
cannot be traced, assigned, or allocated to responsibility segments and
outputs identified and reported as costs not assigned to programs?
(SFFAS 4, par. 92).
25.
Are the costs of employee benefits included as part of the cost of
outputs? (SFFAS 4, par. 93 - 96).
26.
Are other postemployment benefits reported as expenses for the period
during which a future outflow or other sacrifice of resources is
probable and measurable on the basis of an event occurring on or before
the accounting date? (SFFAS 4, par. 96 - 97).
27.
Are the costs of transfer payments for welfare, insurance, grants, and
other public assistance programs and the costs of operating those
programs separately identified? (SFFAS 4, par. 98 - 101; OMB Bull. 97-
01 as amended (Jan. 7, 2000), pp. 28 & 72).
28.
Are incurred depreciation expenses included in the full costs of
outputs that the segment produces? (SFFAS 4, par. 102);
.
29.
Are the costs of acquiring or constructing national defense PP&E and
heritage PP&E treated as a program cost or period expense but excluded
from the full cost of outputs? (SFFAS 4, par. 103; SFFAS 11, par. 7);
.
30.
Are other nonproduction costs, such as reorganization costs and
nonrecurring clean-up costs resulting from facility abandonment, also
excluded from the full cost of outputs and treated as current-period
expenses? (SFFAS 4, par. 104).
Cost Accounting in General; Interentity Costs (31 - 36):
Within the federal government, some reporting entities rely on other
federal entities to help them achieve their missions. Often, this
involves providing goods or services, with or without reimbursement.
The reporting entity generally must account for the full cost of goods
or services provided to or received from other federal entities. (SFFAS
4, par. 105 - 106).
31.
Does the reporting entity include in its Statement of Net Cost the full
costs of goods and services received from other federal entities?
(SFFAS 4, par. 105).
32.
Does the entity providing goods or services to another reporting entity
recognize in its accounting records, as well as disclose to the
receiving entity, the full cost of goods and services provided? (SFFAS
4, par. 108; OMB Bull. 97-01 as amended (Jan. 7, 2000) , pp. 26 & 28);
33. Is recognition of interentity costs that are not fully reimbursed
limited to material items that have the following attributes?;
a. are significant to the receiving entity;
b. form an integral or necessary part of the receiving entity's
output;
c. can be identified or matched
to the receiving entity with reasonable precision (SFFAS 4, par. 105 &
112).
34.
Are the costs of broad, general support services provided by a federal
entity to other federal entities excluded from the costs of the
recipient entity unless such services are integral to the receiving
entity (e.g., Treasury check-writing services provided for the Social
Security Administration)? (SFFAS 4, par. 112).
35.
If the receiving entity can not get complete information on the full
cost of goods or services provided by another reporting entity, does
one of the following apply?;
a. The receiving entity uses a reasonable
estimate of the cost.
b. If an estimate of the cost cannot be made, the
estimated market value of the received goods or services is used.
(SFFAS 4, par. 109).
36.
Are interentity and intra-entity expenses and financing sources
eliminated for any consolidated financial statements covering both
entities? (SFFAS 4, par. 109).
Cost Accounting in General; Costing Methodology (37 - 45);
Explanation.
Entities are not required to use a particular costing system or costing
methodology, but the costing system or methodology used should be
appropriate to the entity's operating environment and used
consistently. Four examples of acceptable (but not necessarily mutually
exclusive) costing methodologies are activity-based costing, job order
costing, process costing, and standard costing. (SFFAS 4, par. 144 -
162);
Cost accumulation is the process of collecting cost data in an
organized way by responsibility segment. (SFFAS 4, par. 117);
Cost
assignment is a process that identifies accumulated costs with
reporting periods and cost objects. Three methods of cost assignment
are direct tracing, cause and effect, and allocation that is reasonable
and consistent. (SFFAS 4, par. 120, 124 - 137, & app. E);
Cost object
or cost objective is an activity, output, or item the cost of which is
to be measured. (SFFAS 4, par. 121 & app. E).
37.
Is the entity's accounting system capable of identifying costs with
responsibility segments? (SFFAS 4, par. 118).
38.
Are costs related to the production of goods and services provided to
other programs (governmental) reported separately from the costs of
goods, services, transfers, and grants provided to the public? (OMB
Bull. 97-01 as amended (Jan. 7, 2000), pp. 26 & 28).
39.
Are costs related to the production of outputs reported separately from
costs that are not related to the production outputs (i.e.,
nonproduction costs)? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 26
& 28).
40. Are the costs of resources consumed by responsibility segments
classified by type of resource, such as costs of employees, materials,
capital, utilities, rent? (SFFAS 4, par. 119).
41. Are data on the quantity of units (e.g., staff days, gallons of
gasoline consumed) related to the various cost categories maintained,
when appropriate and feasible? (SFFAS 4, par. 119).
42.
Are costs assigned to outputs using the methods in the following order
of preference?;
a. directly tracing costs used in the production of an
output, wherever feasible and economically practicable;
b. assigning costs on a cause-and-effect basis to, for example, cost
pools;
c. allocating
costs on a reasonable and consistent basis (SFFAS 4, par. 124);
43.
For cost allocation purposes, do indirect costs assigned to a given
cost pool have similar characteristics? (SFFAS 4, par. 136);
44.
Are common costs assigned to activities either on a cause-and-effect
basis, if feasible, or through reasonable allocations? (SFFAS 4, par.
139, 140, 142, & 143).
45. Are the full costing methodologies that are most appropriate to a
segment's operating environment used and followed consistently, and if
improvements or refinements are made, are they documented and
explained? (SFFAS 4, par. 145 & 146).
Revenues (46 - 69):
Revenues are inflows of resources that the government demands, earns,
or receives by donation. Revenue comes from two sources: exchange
transactions and nonexchange transactions. (SFFAS 7, par. 30);
Nonexchange revenues are inflows of resources that the government
demands or receives by donation. Nonexchange revenues are primarily
derived from the government's power to demand payments from the public
(e.g., taxes, duties, fines). (SFFAS 7, par. 30 & 48);
Exchange
revenues and gains are inflows of resources to a government entity that
the entity has earned. They are earned when each party to the
transaction sacrifices value and receives value in return. (SFFAS 7,
par. 30, 33 & app. C);
The gross cost of a program consists of the full
cost of the outputs produced by a program plus any nonproduction costs
that can be assigned to the program (nonproduction costs are costs
linked to events other than the production of goods and services). (OMB
Bull. 97-01 as amended (Jan. 7, 2000), p. 27);
The net cost of
operations consists of gross cost less related exchange revenues (or in
this context, the cost of the entity to the taxpayer). (OMB Bull. 97-01
as amended (Jan. 7, 2000), p. 27).
46.
Are earned revenues deducted from the gross costs of suborganizations
and programs if practical and possible and, if not, from the costs of
the entity as a whole? (OMB Bull. 97-04 as amended (Jan. 7, 2000), p.
29).
47.
In its Statement of Net Costs, does the entity show the following?;
a. the
gross cost of providing goods or services that earned exchange revenue;
b. exchange revenue earned;
c. the resulting difference between a and b to
determine net costs (SFFAS 7, par. 43 & 120 - 125; SFFAS 7 Imple.
Guide, par. 7, 8 & 42 - 47; OMB Bull. 97-01 as amended (Jan. 7, 2000),
pp. 26 & 27, 5[TH] par.).
48.
Does the entity also break out the gross costs of providing goods,
services, benefit payments, or grants that did not earn exchange
revenue? (SFFAS 7, par. 43 & 120; SFFAS 7 Imple. Guide, par. 32, 33, &
41; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 27);
.
49.
Is the net amount of gains (or losses) subtracted from (or added to)
the gross cost to determine net cost? (SFFAS 7, par. 44);
.
50.
If exchange (or earned) revenue is immaterial or cannot be associated
with a particular output or program, is it reported separately, as
appropriate, as a deduction in arriving at net cost of the program,
suborganization, or reporting entity as a whole? (SFFAS 7, par. 44,
SFFAS 7 Imple. Guide, par. 45. 6; OMB Bull. 97-01 as amended (Jan. 7,
2000), p. 29).
51.
Are nonexchange revenues and other financing sources excluded from
calculating net cost? (SFFAS 7, par. 44).
52.
If the entity incurs virtually no cost in connection with earning
exchange revenue, is such revenue not recognized in the Statement of
Net Cost, but shown as a financing source on the Statement of Changes
in Net Position or (if appropriate) Statement of Custodial Activity?
(SFFAS 7, par. 45. A & 140 - 146; SFFAS 7 Imple. Guide, par. 50 - 58);
.
53.
If the collecting entity transfers exchange revenue to a second entity,
does the second entity follow similar revenue recognition (i.e., match
revenues against actual costs unless no costs are incurred)? (SFFAS 7,
par. 45. B).
54.
Is the full amount of exchange revenues reported regardless of whether
the entity is permitted to retain the revenues? (OMB Bull. 97-01 as
amended (Jan. 7, 2000), p. 29, 1[ST] par.).
55.
Does a reporting entity that provides goods or services to the public
or other government entity disclose the following in a note or
narrative?;
a. a pricing policy that differs from the full cost or
market pricing guidance set forth in OMB Circular No. A-25 and the
possible effect on demand and revenue if prices were raised to reflect
the market or full cost;
b. prices set by law or executive order that
are not based on full cost or market price and the possible effect on
demand and revenue if prices were raised to reflect the market or full
cost;
c. the nature of intragovernmental exchange transactions in which
goods or services are provided free or at less than full cost and the
reasons for disparities between billing and full cost;
d. the full
amount of any expected loss when specific goods or services are
provided or made to order under a contract and a loss is both probable
and measurable (SFFAS 7, par. 46, 47, & 163 - 167)
56.
Is custodial collected nonexchange revenue, that is legally retained by
the collecting entity as reimbursement for the cost of collection,
recognized as exchange revenue in determining the collecting entity's
net cost of operations? (SFFAS 7, par. 60.3).
57.
Is revenue received from the public or other government entity in
return for providing goods or services recognized and reported in the
Statement of Net Cost as earned or exchange revenue? (SFFAS 7, par. 34,
35, 36 (a) & (c), 270, & 271; OMB Bull. 97-01 as amended (Jan. 7,
2000), p. 29).
58.
Is exchange revenue broken out by major category and linked, where
possible, to the net costs of related outputs, programs, organizations,
or suborganizations in the Statement of Net Cost? (SFFAS 7, par. 43;
SFFAS 7 Imple. Guide, par. 42 - 47; OMB Bull. 97-01 as amended (Jan. 7,
2000), p. 29).
59.
If an exchange transaction is likely to be unusual or nonrecurring for
a particular entity, is a gain or loss recognized rather than a revenue
or expense? (SFFAS 7, par. 35, 133, 238, 329 & 330).
60.
If specific goods or services are made to order under terms of a
contract, is exchange revenue (and any probable loss or gain)
recognized in proportion to costs of goods and services acquired to
fulfill the contract? (SFFAS 7, par. 36(b)).
61.
When goods are kept in inventory so that they are available to
customers when ordered, is exchange revenue recognized when the goods
are delivered to the customer? (SFFAS 7, par. 36(c)).
62.
If services are rendered continually or the right to use an asset
extends continually over time, is exchange revenue recognized in
proportion to the passage of time or the use of the asset? (SFFAS 7,
par. 36(d)).
63.
Is interest received on intragovernmental loans recognized as exchange
revenue if the source of borrowed funds is predominately exchange
revenue? (SFFAS 7, par. 36(d) & 154 - 161).
64.
When an asset other than inventory is sold, is any gain (or loss)
recognized when the asset is delivered to the purchaser? (SFFAS 7, par.
36(e)).
65.
When advance fees or payments are received, such as for large-scale,
long-term projects, is revenue recognized only as the cost of providing
the corresponding goods and services? (SFFAS 7, par. 37 & 113 - 119);
.
66.
Is the measurement for revenue from exchange transactions based on the
actual price received or receivable under established pricing
arrangements? (SFFAS 7, par. 38).
67.
If the realization of the full amount of exchange revenue is not
probable due to credit losses, is an expense recognized and is the
allowance for bad debts increased? (SFFAS 7, par. 40);
.
68.
If recognized exchange revenue is not likely to be realized for reasons
apart from credit losses (e.g., returns and allowances), is the
probable amount recognized as a revenue adjustment? (SFFAS 7, par. 41 &
129).
69.
Is exchange revenue recognized regardless of whether the entity retains
the revenue for its own use or transfers it to other entities? (SFFAS
7, par. 43).
Costs; Pensions and Other Retirement and; Postemployment Benefits (70 -
94):
Pension benefits include all retirement, disability, and survivor
benefits financed through a pension plan, including unfunded pension
plans. Required federal payments to social insurance plans (i.e.,
Social Security and Medicare) and matching federal payments to defined
contribution pension plans are also considered to be plan expenses.
(SFFAS 5, par. 61);
Costs of pensions and other retirement benefits
(ORB), whether they are paid for in part or in total by other
governmental entities, are included in the costs of program outputs.
(OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 28);
Recognition of
other postemployment benefits (OPEB) is linked to the occurrence of an
OPEB event rather than the production of an output. OPEB costs are
generally treated as period expenses. Special-purpose cost studies may
distribute OPEB costs over a number of prior years to determine the
cost of outputs OPEB recipients helped produce. (SFFAS 4, par. 96 &
97);
In accounting for pensions, (ORB), and OPEB, the "administrative
entity" typically manages and accounts for the related assets and
liabilities. The "employer entity" accounts for the related costs of
pensions, ORB and OPEB. For these costs the employer entity receives a
salary and expense appropriation, imputes a financing source, or both.
(SFFAS 5, par. 57, footnote 38, & par. 78 & 93);
The "aggregate entry
age normal" actuarial cost method is one under which the expenses or
liabilities arising from the actuarial present value of projected
pension benefits is allocated on a level basis over the earnings or the
service of the group between entry age and assumed exit ages. The
portion of the actuarial present value of pension plan and benefits and
expenses that is allocated to a valuation year is called "normal cost"
(SFFAS 5, par. 64 & app. E).
70.
Are pensions and ORB recognized as expenses at the time of employment?
(SFFAS 5, par. 59).
71.
Is the "aggregate entry age normal" actuarial cost method (or other
actuarial cost method, if the results are not materially different and
an explanation is provided) used to calculate pension expense, the
liability for the administrative entity financial statements, and the
expense for the employer entity financial statements? (SFFAS 5, par.
64).
72.
When using the "aggregate entry age normal" actuarial cost method, does
the entity allocate pension expenses on the basis of a level percentage
of earnings? (SFFAS 5, par. 64).
73.
Does the administrative entity base its actuarial assumptions for
pension plans on the experience of the covered groups, long-term
trends, and guidance of the American Academy of Actuaries? (SFFAS 5,
par. 65).
74.
Does the administrative entity base its interest rate assumptions on
the estimated long-term investment yield for a pension plan or, if the
plan is not being funded, on some other appropriate long-term
assumption (e.g., the federal long-term borrowing rate)? (SFFAS 5, par.
66).
75.
Does the administrative entity disclose the assumptions used to
calculate pension benefit expenses? (SFFAS 5, par. 67);
76.
When a new pension plan is initiated or current one amended, does the
administrative entity immediately recognize all past service costs or
gains as well as all actuarial gains and losses, without amortization?
(SFFAS 5, par. 69 & 70).
Normal cost or service cost is the actuarial present value of benefits
attributed by the pension plan's benefit formula to services rendered
by employees during an accounting period. (SFFAS 5, par. 74, footnote
45).
77.
Does the administrative entity disclose the following components of
reported pension benefit expenses?;
a. normal cost;
b. interest on pension liability during the period;
c. prior service cost from plan amendments
(or the initiation of a new plan) during the period, if any;
d. actuarial
gains or losses during the period, if any (SFFAS 5, par. 71 & 72; OMB
Bull. 97-01 as amended (Jan. 7, 2000), note 13, p. 70);
78.
Does the administrative entity report pension plan revenue for the sum
of contributions from the following entities?;
a. the employer;
b. its employees;
c. financing from the general fund to cover prior service or
other costs for which contributions were not provided by the employer
or employee;
d. interest on the plan's investments (SFFAS 5, par. 73 &
78).
79.
In the financial report, does the employer entity recognize a pension
expense report that equals the service cost for its employees for the
accounting period, less the amount contributed by the employees, if
any? (SFFAS 5, par. 74, 77, & 78).
80.
Is the employer entity's pension expense balanced by either of the
following?;
a. a decrease to its "fund balance with Treasury" for the
amount of its contribution to the pension plan, if any;
b. an increase to
an account representing an intragovernmental imputed financing source
(e.g., "imputed financing - expenses paid by other agencies") (SFFAS 5,
par. 75).
81.
If the employer entity is also the administrative entity, does it also
report the liability and recognize the expense for all components of
the pension plan's cost? (SFFAS 5, par. 71 & 76).
ORB includes all retirement benefits other than pension benefits. The
predominant ORB in the federal government is retirement health
benefits. (SFFAS 5, par. 58 & 79).
82.
Is the "aggregate entry age normal" actuarial cost method (or other
actuarial cost method, if the results are not materially different and
an explanation is provided) used to calculate the ORB expense and
liability for the administrative entity financial statements and the
expense for the employer entity financial statements? (SFFAS 5, par. 82
& 88).
83. Are expenses and other liabilities attributable to ORB expenses
allocated based on the service rendered by each employee? (SFFAS 5,
par. 82 & 83).
84.
Do the amounts calculated for financial reports prepared for ORB plans
reflect the following?;
a. general actuarial and economic assumptions
that are consistent with those used for pensions;
b. a health care cost
trend assumption that is consistent with Medicare projections or other
authoritative sources appropriate for the population covered by the
plan (SFFAS 5, par. 83).
85.
Does the administrative entity discount the projected ORB costs at the
rate of expected return of plan assets, if the plan is being funded, or
on some other long-term assumptions (e.g., the long-term federal
government borrowing rate) for unfunded plans? (SFFAS 5, par. 84);
.
86. Does the administrative entity disclose the assumptions used to
calculate projected ORB costs? (SFFAS 5, par. 83).
87.
Is the accrual period for ORB based on the expected retirement age
rather than the age when the employee becomes eligible for pension
benefits? (SFFAS 5, par. 84).
88. When a new ORB plan is initiated or current one amended, does the
administrative entity immediately recognize all past and prior service
costs or gains as well as all actuarial gains and losses, without
amortization? (SFFAS 5, par. 86 & 87).
89.
Does the administrative entity disclose the following components of
reported ORB (e.g., health insurance) expenses?;
a. normal cost;
b. interest on the ORB liability during the period;
c. prior (and past)
service cost from plan amendments (or the initiation of a new plan)
during the period, if any;
d. any gains/losses due to a change in the medical inflation rate
assumption;
e. other actuarial gains or losses
during the period, if any (SFFAS 5, par. 88; OMB Bull. 97-01 as amended
(Jan. 7, 2000), note 13, p. 70).
90. Does the administrative entity report ORB revenue for the sum of
contributions from the employer entity and its employees? (SFFAS 5,
par. 89).
91.
Does the employer entity recognize ORB expenses on a per employee basis
in its financial report as the net of normal cost and employee
contributions? (SFFAS 5, par. 90 & 93).
92.
If the employer entity is also the administrative entity, does it also
report the liability and recognize the expense for all components of
the pension plan's cost? (SFFAS 5, par. 88 & 92).
OPEB are provided to former or inactive employees, beneficiaries, and
covered dependents outside pension or ORB plans. Postemployment
benefits can include salary continuation, severance benefits,
counseling and training, continuation of health care or other benefits,
unemployment workers' compensation, and veterans' disability
compensation benefits paid by the employer. (SFFAS 4, par. 96; SFFAS 5,
par. 57).
93.
Are OPEB expenses recognized as an expense at the time the benefit is
provided? (SFFAS 5, par. 59).
94.
Does the employer recognize an expense and a liability for OPEB - such
as severance pay, training, and health care - when a future outflow or
other sacrifice of resources is probable (i.e., more likely than not)
and measurable? (SFFAS 5, par. 94 & 95).
Costs; Inventory, Material, Supplies, and Commodities (95 - 103);
Explanation.
95.
Upon sale or use, is the cost of inventory expensed and removed from
the inventory asset account? (SFFAS 3, par. 19).
96.
To arrive at the historical cost of ending inventory and cost of goods
sold, is one of the following cost flow assumptions used?;
a. first-in, first-out;
b. weighted average;
c. moving average;
d. any other valuation method
(such as a standard cost system) whose results reasonably approximate
a, b, or c (SFFAS 3, par. 22).
97.
Are operating materials and supplies expensed using the consumption
method (i.e., reported as an operating expense as they are issued to
the end user for current operations)? (SFFAS 3, par. 38 & 39);
98.
Are operating materials and supplies expensed upon purchase if they
meet one of the following attributes?;
a. they are of insignificant amounts;
b. they are in the hands of the end user for use in normal
operations;
c. it is cost effective to immediately expense rather than
to capitalize (i.e., apply the purchase method rather than the
consumption method of accounting) (SFFAS 3, par. 40 & 41);
99.
Are inventory and operating materials acquired through a nonmonetary
exchange valued at the fair value of the items received at the time of
the exchange, and is the difference between the fair value of the
acquired items and the recorded amount surrendered reported as a gain
or loss? (SFFAS 3, par. 21 & 43).
100.
Are abnormal costs associated with inventory and operating materials
and supplies, such as excessive handling or rework costs, charged to
operations of the period? (SFFAS 3, par. 21 & 43).
101.
Are any unrealized gains or losses, which are reflected in periodic
inventory or operating materials and supplies revaluations, captured in
a designated allowance account? (SFFAS 3, par. 17, 23 & 24);
102.
Is the cost of stockpile materials removed from the corresponding asset
account and reported as an operating expense when issued for use or
sale? (SFFAS 3, par. 52).
103.
Are abnormal costs of stockpile materials, such as excessive handling
and rework costs, expensed in current operations? (SFFAS 3, par. 53);
A common expense related to PP&E that is included in the Statement of
Net Cost is depreciation. Other current expenses related to PP&E are
all costs of acquiring and maintaining federal mission and heritage
PP&E and stewardship land. (SFFAS 6, par. 35, 53, 61, & 69);
Depreciation expense is calculated through systematic and rational
allocation of the cost of general PP&E, less its estimated salvage or
residual value, over its estimated useful life. (GAO/AIMD-21.1.1 SFFAS
6, par. 35).
104.
Is depreciation of general PP&E recognized as an expense of the period?
(SFFAS 6, par. 35).
105.
If historical cost information has not been maintained for existing
general PP&E, does the entity depreciate or amortize the estimated
residual values over its remaining useful life in a systematic and
rational manner? (SFFAS 6, par. 35, 40, & 41).
106.
In an exchange transaction with a nonfederal entity, is the difference
between the book value (i.e., cost less accumulated depreciation) of
general PP&E surrendered and the cost of PP&E acquired recognized as
either a gain or a loss? (SFFAS 6, par. 32).
107.
In the event that cash consideration is included in the exchange, is
the cost of general PP&E either increased by the amount of cash
consideration surrendered or decreased by the amount of cash
consideration received? (SFFAS 6, par. 32).
108.
Is the expected net realizable value of a general PP&E asset that has
been prematurely removed from service adjusted at the end of each
accounting period, and is any adjustment made recognized as either a
gain or loss? (SFFAS 6, par. 39).
109.
When assets have been removed from general PP&E in anticipation of
disposal, retirement, or removal from service, has the entity stopped
recording depreciation and amortization expenses for such assets?
(SFFAS 6, par. 38).
110.
Is the cost of acquiring, constructing, improving, reconstructing, or
renovating --as well as the cost incurred to bring national defense
PP&E to its current condition and location --recognized as an expense
on the Statement of Net Cost when incurred, and is this disclosed in
the notes as a "cost of national defense PP&E?" (SFFAS 6, par. 53 &
SFFAS 8, par. 65-67, & 119; SFFAS 11, par. 7 & 16; OMB Bull. 97-01 as
amended (Jan. 7, 2000), pp. 28 & 73, 1[ST] par.).
111.
Are costs to acquire, improve, reconstruct, or renovate heritage
assets, other than multiuse heritage assets, recognized on the
Statement of Net Cost for the period in which the costs are incurred?
(SFFAS 16, par. 8; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 28 &
73).
112.
Do the recognized costs of heritage assets also include all costs
incurred during the period to bring the items to their current
condition? (SFFAS 16, par. 8).
113.
If the fair value of donated or bequeathed heritage assets is not known
or reasonably estimable, is information as to the type and quantity of
assets received disclosed? (SFFAS 16, par. 10; OMB Bull. 97-01 as
amended (Jan. 7, 2000), p. 73, 2[ND] par.).
114.
Are costs to acquire, as well as costs incurred to bring the
stewardship land to its current condition or intended use, recognized
as a cost of the period incurred and disclosed as "Cost of Stewardship
Land?" (SFFAS 6, par. 69 & 73; SFFAS 8, par. 77 & 119; OMB Bull. 97-01
as amended (Jan. 7, 2000), pp. 29, 4[TH] par. & 73, 1st par.);
.
115.
Is the fair value, if known and material, of stewardship land acquired
through donation or devise disclosed in notes to the Statement of Net
Cost? (SFFAS 6, par. 71; OMB Bull. 97-01 as amended (Jan. 7, 2000), p.
73, 2[ND] par.).
116.
If the fair value of donated or willed stewardship land is not
estimable, is information as to the type and quantity of assets
received disclosed in notes to the Statement of Net Cost, if material?
(SFFAS 6, par. 71; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 73,
2[ND] par.).
117.
If land included in general PP&E is transferred to another federal
entity to be used as stewardship land, is the cost to the receiving
entity of the transferred land recognized at the book value on the
transferring entity's books? (SFFAS 6, par. 72).
118.
If the receiving entity does not know the book value of the transferred
land, is the transfer disclosed in the notes to the Statement of Net
Cost, if material? (SFFAS 6, par. 72).
Costs; Clean-up Costs (119 - 127):
Clean-up costs are the costs of removing, containing, or disposing of
(1) hazardous waste from property or (2) material or property that
consists of hazardous waste upon permanent or temporary closure or
shutdown of associated PP&E. Clean-up costs may include, but are not
limited to, decontamination, decommissioning, site restoration, site
monitoring, closure, and postclosure costs (SFFAS 6, par. 85 & 87).
119.
When general PP&E is placed into service, does the entity estimate the
associated clean-up costs? (SFFAS 6, par. 94).
120.
In estimating clean-up costs and liability, has the entity considered
the following?;
a. the level of restoration to be performed;
b. current legal and regulatory requirements;
c. current technology;
d. current costs (i.e.,
the costs of acquiring during the current period all goods and services
included in the clean-up estimate) (SFFAS 6, par. 95);
121.
Are estimated clean-up costs periodically revised to account for
material changes due to inflation or deflation and changes in
regulations, plans, or technology? (SFFAS 6, par. 96 & 189);
122.
When general PP&E is placed into service, does the entity do the
following?;
a. estimate and disclose total clean-up costs;
b. apportion
clean-up costs over the useful life of the asset in a rational and
systematic manner, based on the physical capacity of the PP&E or, if
physical capacity is not useful or estimable, on the estimated useful
life;
c. begin expensing and accumulating a liability on a pro rata basis
for unfunded clean-up expenses (SFFAS 6, par. 97-98, 186, 188, & 234-
239).
123.
If clean-up costs are reestimated, are the cumulative changes related
to current and past operations of general PP&E immediately recognized
as an expense and is the corresponding liability adjusted? (SFFAS 6,
par. 99 & 190).
124.
When stewardship PP&E is placed into service, does the entity expense
the total estimated clean-up costs and establish a liability in the
period the asset is placed into service? (SFFAS 6, par. 101);
.
125.
If clean-up costs for stewardship PP&E are reestimated, are any
adjustments to the liability associated with clean-up costs expensed in
the period of the change in estimate? (SFFAS 6, par. 102);
.
126.
Are payments for clean-up costs for stewardship PP&E recognized as a
reduction in the liability for clean-up costs? (SFFAS 6, par. 103);
127. Does the entity disclose the following?;
a. the applicable laws and regulations covering clean-up requirements;
b. the method for assigning
estimated total clean-up costs to current operating periods (e.g.,
physical capacity versus passage of time);
c. the unrecognized portion of
estimated total clean-up costs for clean-up costs associated with
general PP&E;
d. material changes in total estimated clean-up costs due to
changes in laws, technology, or plans, as well as the portion of the
change in clean-up cost estimates that relate to prior-period
operations;
e. the nature of estimates and information regarding possible
changes due to inflation, deflation, technology, or applicable laws and
regulations (SFFAS 6, par. 107 - 111: OMB Bull. 97-01 as amended (Jan.
7, 2000), p . 71, note 17)
Costs; Interest (128 -129):
Interest costs are generally related to securities and other debt
instruments issued by the U.S. Treasury or other federal agencies.
(SFFAS 5, par. 47 - 48).
128.
Does the related interest cost of federal debt include the following?;
a.
the accrued (prorated) share of the nominal interest incurred during
the accounting period;
b. the amortized discounts or premiums for each
accounting period for fixed value securities;
c. the amount of change in
the current value for the accounting period for variable value
securities (SFFAS 5, par. 53).
129.
If securities are retired before maturity, is the difference between
the reacquisition price and net carrying value recognized as a gain or
loss? (SFFAS 5, par. 54).
Costs; Insurance and Subsidies (130 -133):
Federal insurance and guarantee programs are established to subsidize
providing insurance to achieve social objectives or assume risks that
private sector entities are unwilling or unable to assume. For life
insurance, a premium deficiency occurs if the liability for future
policy benefits using current conditions exceeds the liability for
future policy benefits using contract conditions. (SFFAS 5, par. 97,
102, & 120).
130. If an insured event has occurred as of the financial statement
reporting date, has the federal entity recognized an expense and, if
the claim has not been paid, a liability? (SFFAS 5, par. 104 & 109);
131.
Are changes in estimates of claims resulting from: (1) the present
value calculations, (2) the continual review process, and (3)
differences between the estimates and actual payments for claims,
recognized as charges against operations of the period in which the
estimates are changed or payments are made? (SFFAS 5, par. 109);
132.
If the liability for future [life insurance] policy benefits using
current conditions exceeds the liability for future policy benefits
under contract conditions (resulting in a premium deficiency), is the
difference recognized as a change to operations in the current period?
(SFFAS 5, par. 120).
133.
Does the entity recognize an expense for social insurance benefits paid
during the reporting period plus any increase (or less any decrease) in
the liability for social insurance from the end of the prior-period to
the end of the current period? (SFFAS 17, par. 22 & 59);
Costs; Credit Programs (134 - 182):
In accordance with the Credit Reform Act of 1990, a subsidy expense is
recognized for direct or guaranteed loans disbursed during the fiscal
year. The amount of the subsidy expense equals the present value of
estimated cash outflows over the life of the loans minus the present
value of the estimated cash inflows. The discount rate used to
calculate the present value is the average interest rate on marketable
Treasury securities of similar maturity to the cash flows of the direct
loan or loan guarantee for which the estimate is being made (SFFAS 2,
par. 6, 7, 24, 30 & 31; SFFAS 19, par. 6, 7 (a) & (b) ).
134.
Are the following true of the present values of estimated net cash
outflows resulting from the post-1991 direct or loan guarantee
programs?;
a. They are discounted at the interest rate of marketable
Treasury securities with similar maturities.
b. They are recognized as
expenses in the year the loan is disbursed. (SFFAS 2, par. 24 & app. B,
part I A; SFFAS 19, par 6).
135.
Are the following components of estimated subsidy costs (and offsetting
receipts) of post-1991 loans and guarantees separately recognized and
disclosed?;
a. the interest subsidy costs;
b. default costs;
c. the present value of fees and other collections;
d. other subsidy costs
(SFFAS 2, par. 25 - 29, & app. B, part I A & III A; OMB Bull. 97-01 as
amended (Jan. 7, 2000), items H & I, pp. 53, 54, 57, & 58);
136.
Is the subsidy cost allowance for post-1991 direct loans amortized
using the interest method? (SFFAS 2, par. 30, app. B, part I B(2);
SFFAS 19, par. 7(a) ).
137.
If the effective interest for post-1991 direct loans is less than the
nominal interest, is the subsidy cost allowance increased by the
difference and recognized as a reduction in interest income? (SFFAS 2,
par. 30 & app. B, part I B(2); SFFAS 19, par. 7(a) ).
138.
If the effective interest for post-1991 direct loans is greater than
the nominal interest, is the subsidy cost allowance decreased by the
difference and recognized as an increase in interest income? (SFFAS 2,
par. 30 & app. B, part I B(2); SFFAS 19, par. 7(a)).
139.
Is interest accrued and compounded on the liabilities of post-1991 loan
guarantees at the interest rate that was originally used to calculate
the present value of the loan guarantee liabilities when the guaranteed
loans were disbursed? (SFFAS 2, par. 31 & app. B, part III B(2));
.
140.
Is the interest accrued and compounded on the liabilities of post-1991
direct loan guarantees recognized as an interest expense? (SFFAS 2,
par. 31 & app. B, part III B(2)).
Two kinds of reestimates for the subsidy cost allowance for outstanding
direct loans and the liability for outstanding loan guarantees are (1)
interest rate reestimates and (2) technical/default reestimates. An
interest rate reestimate results from changing the interest rates from
those that were assumed in budget preparation and used in calculating
the subsidy expense to the interest rates that are prevailing during
the periods in which the direct or guaranteed loans are disbursed. A
technical/default reestimate results from changes in projected cash
flows of outstanding direct loans and loan guarantees after
reevaluating the underlying assumptions and other factors (except for
interest rate reestimates) that affect cash flow projections as of the
financial statement date. (SFFAS 18, par. 9);
Cohort, as it is used
here, is a budget term that refers to all direct loans or loan
guarantees of a program for which a subsidy appropriation is provided
for a given fiscal year, even if disbursements occur in subsequent
years. For direct loans and loan guarantees for which a subsidy
appropriation is provided for one fiscal year, the cohort will be
defined for that fiscal year. For direct loans and loan guarantees for
which multiple year or no-year appropriations are provided, the cohort
is defined by the year of obligation. (SFFAS 18, glossary).
141.
Does the entity measure and disclose reestimates of allowances for
subsidy costs of post-1991 loans and liabilities for guarantees in two
components separately, specifically: the interest rate reestimate and
the technical/default reestimate? (SFFAS 18, par. 9).
142.
Is any increase (or decrease) in the subsidy cost allowance of post-
1991 direct loans or loan guarantee liabilities resulting from the
reestimates recognized as a subsidy expense (or a reduction in subsidy
expense)? (SFFAS 2, par. 32 & app. B, parts I B(1) & III B(I); SFFAS
18, par. 9; OMB Bull. 97-01 OMB Bull. 97-01 as amended (Jan. 7, 2000),
item H. 2, pp. 52 & 57 & item I. 2, pp. 54 & 58).
143.
If the assumed interest rates used in calculating the subsidy expenses
for cohorts from which direct or guaranteed loans are disbursed differs
from the rates prevailing at the time of the loan disbursement, is an
interest rate reestimate for those cohorts made as of the date of the
financial statements? (SFFAS 18, par. 9 (A)).
144.
Do technical/default reestimates take into consideration all factors
that may have affected various components of projected cash flows,
including defaults, delinquencies, recoveries, and prepayments? (SFFAS
18, par. 9 (B)).
145.
Are technical/default reestimates for each cohort made each year as of
the date of the financial statements? (SFFAS 18, par. 9 (B));
146.
In a note to the financial statement, does the entity display
reconciliation between the beginning and ending balances of the
following?;
a. the subsidy cost allowances for outstanding direct loans;
b.
the liability for outstanding loan guarantees reported in the entity's
balance sheet (SFFAS 18, par. 10, 18 - 30, & app. B).
147.
Does the reconciliation of beginning and ending subsidy cost allowances
and loan guarantee liability balances include changes in the
following?;
a. interest subsidy costs, default costs, fees and other
collections, and other subsidy costs;
b. interest rate and technical/default restimates;
c. other adjustments (SFFAS 2, par. 25 - 29; SFFAS 18, par. 10 & app.
B).
148. For direct loans, do other adjustments include loan
modifications, fees received, loans written off, foreclosed property
or other recoveries acquired, and subsidy allowance amortization?
(SFFAS 18, par. 10 & app. B, schedule A).
149.
For loan guarantees, do other adjustments include loan guarantee
modifications, fees received, interest supplements paid, claim payments
made to lenders, foreclosed property or other recoveries acquired, and
interest accumulated on the loan guarantee liability? (SFFAS 18, par.
10 & app. B, schedule B).
150.
In its notes to the financial statements, does the entity include a
description of the characteristics of the program it administers,
including the following?;
a. the total amount of direct or guaranteed
loans disbursed for the current and preceding reporting years;
b. interest subsidy costs, default costs, fees and other collections,
and other subsidy costs;
c. interest rate and technical/default restimates
(SFFAS 2, par. 25 - 29; SFFAS 18, par. 10 & 11 (A)).
151.
Does the reporting entity disclose, at the program level, the subsidy
rates for the following?;
a. interest subsidy costs;
b. default costs (net of recoveries);
c. fees and other collections;
d. other costs
estimated for direct loans and loan guarantees in the current year's
budget for the current year's cohorts (SFFAS 18, par. 11 (B), 31 & 33 -
38).
152.
If the entity uses trend data to display significant fluctuations in
subsidy rates, are these data accompanied by an analysis that explains
the underlying causes for the fluctuations? (SFFAS 18, par. 11 (B) &
32).
153.
Does the reporting entity disclose, discuss, and explain events and
changes in economic conditions, other risk factors, legislation, credit
policies, and subsidy estimation methodologies and assumptions that
have had a significant and measurable effect on subsidy rates, subsidy
expenses, and subsidy reestimates? (SFFAS 18, par. 11 (C), 39, 41, & 43
- 49).
154.
Do changes in legislation or credit policies include, for example,
changes in borrowers' eligibility, the levels of fees or interest rates
charged to borrowers, the maturity of loan terms, and the percentage of
a private loan that is guaranteed? (SFFAS 18, par. 11 (C) & 42);
155.
Does the disclosure and discussion also include events and changes that
have occurred and are more likely than not to have a significant
impact, but whose effects are not measurable at the reporting date?
(SFFAS 18, par. 11 (C) & 41).
156.
Are default costs estimated and periodically reestimated for each post-
1991 loan and loan guarantee program on the basis of separate cohorts
and risk categories? (SFFAS 2, par. 33).
157.
In estimating default costs, has the entity considered the following
factors?;
a. loan performance experience;
b. the current and forecasted
international, national, or regional economic conditions that may
effect the performance of the loans;
c. financial and other relevant characteristics of borrowers;
d. the value of collateral to loan
balance;
e. changes in recoverable value of collateral;
f. newly developed events that could affect the loans' performance;
g. improvements in methods to reestimate defaults (SFFAS 2, par. 34).
158.
In estimating and reestimating current and projected future default
costs for each group, cohort, and risk category of loan and guarantee,
has the agency used a consistent and systematic methodology?; (SFFAS 2,
par. 35 & 36).
159.
Are unbudgeted subsidy expenses resulting from reestimates disclosed in
a note to the financial statements? (OMB Bull. 97-01 OMB Bull. 97-01 as
amended (Jan. 7, 2000), item K, p. 58).
160.
Is interest (at the discount rate in effect when the loans were first
disbursed) accrued on post-1991 direct loans, including amortized
interest, recognized as interest income? (SFFAS 2, par. 37 & app. B,
part I B(2) & C).
161.
Is interest (at the original discount rate) accrued on debt to the
Treasury arising from post-1991 direct loans recognized as interest
expense? (SFFAS 2, par. 37 & app. B, part I B(2) & C);
162.
Is interest (at the discount rate in effect when the loans were first
disbursed) accrued on liability of post-1991 loan guarantees recognized
as interest expense? (SFFAS 2, par. 37 & app. B, part III B(2) & C);
163.
Is interest (at the original discount rate) due from the Treasury on
uninvested funds associated with post-1991 loan guarantee liabilities
recognized as interest income? (SFFAS 2, par. 37 & app. B, part III
B(2) & C).
164.
Are costs for administering credit activities (such as salaries, legal
fees, and servicing) incurred in support of direct loan and guaranteed
loan programs recognized as administrative expenses and not included in
direct loan and loan guarantee subsidy costs? (SFFAS 2, par. 38 & app.
B, part I C).
165.
Are administrative expenses for loans and guarantees broken out and
disclosed by program, if material? (OMB Bull. 97-01 OMB Bull. 97-01 as
amended (Jan. 7, 2000), note 7, item J, pp. 54 & 58).
166.
Are losses (as well as valuation allowances and corresponding
liabilities) of direct loans obligated and loan guarantees committed
before October 1, 1992, recognized when it is likely that the direct
loans will not be totally collected or that the loan guarantees will
require a future cash outflow to pay default claims? (SFFAS 2, par.
39).
167.
If, at the time of the foreclosure, the expected net realizable value
of pre-1992 foreclosed property is less than the cost (i.e., the
carrying amount of the loan), is the loss charged to operations and
tracked in a valuation allowance account? (SFFAS 3, par. 86);
.
168.
If the pre-1992 foreclosed asset's net realizable value subsequently
increases or decreases, does the entity credit or charge this amount to
results of operations and adjust the valuation allowance? (SFFAS 3,
par. 86).
169.
Upon sale, is any difference between the net carrying amount of
foreclosed property and the net proceeds of the sale recognized as a
component of operating results? (SFFAS 3, par. 89).
170.
For post-1991 foreclosed property, is interest income accrued from the
previous periodic adjustment in the carrying amount up to the sale
date? (SFFAS 3, par. 89).
171.
Is the resulting difference between the adjusted carrying amount of the
post-1991 foreclosed property and the net sales proceeds recognized as
a reestimate of "subsidy expense?" (SFFAS 3, par. 89);
172. For pre-1992 foreclosed property, is the difference between the
carrying amount and net sales proceeds recognized as a gain or a loss
on the sale of foreclosed property? (SFFAS 3, par. 89);
The cost of the modification is the excess of the premodification value
of a direct loan (or postmodification liability of loan guarantees)
over the postmodification value of a direct loan (or premodification
liability of loan guarantees), both of which have been discounted at
the Treasury rate in effect when the modification occurred. (SFFAS 2,
par. 45, notes 3 & 4 & par. 49, notes 6 & 7; SFFAS 19, par. 6);
When
a loan or loan guarantee is modified, the book value of a direct loan
will generally decrease, while the liability for a loan guarantee will
typically increase. The book value of the loan or guarantee is
discounted at the Treasury rate originally used to calculate the
present value of the direct loan or loan guarantee liability when the
loan was originally disbursed. (SFFAS 2, par. 48 & 50, app. B parts I D
(4 & 5), II B (4), III B (4), & IV B (4) );
A gain from a modification
occurs when the cost of a modification is greater than the decrease in
book value of a direct loan (or increase in the liability of a loan
guarantee). (SFFAS 2, par. 46, par. 48 note 5, par. 50 & par. 52
footnote 8; SFFAS 19, par. 7 );
Conversely, a loss from a
modification occurs when the cost of a modification is less than the
decrease in book value of a direct loan (or increase in the liability
of a loan guarantee) that was discounted at the Treasury rate in effect
when the loan was made. (SFFAS 2, par. 46, par. 48 note 5, par. 50 &
par. 52 note 8; SFFAS 19, par. 7);
A sale of a post-1991 loan and
pre-1992 direct loan is treated as a direct modification of the loans
sold. The cost of modification is determined on the basis of the
premodification value of the loans sold. (SFFAS 2, par. 53 & 54).
173.
If pre-1992 or post-1991 loans are modified, is the excess of the
premodification value over the post-modification value0 recognized as a
modification expense or cost? (SFFAS 2, par. 45 & app. B, parts I D(1 -
3) & II B(1 - 3)).
174.
If the cost of modifying pre-1992 or post-1991 loans is greater than
the decrease in the loans' book value1, is the difference recognized as
a gain? (SFFAS 2, par. 48 & app. B, parts I D(4 & 5) & II B (4 & 5));
.
175.
If the cost of modifying pre-1992 or post-1991 loans is less than the
decrease in the loans' book value, is the difference recognized as a
loss? (SFFAS 2, par. 48 & app. B, parts I D(4 & 5), & part II B(4 &
5));
.
176.
If pre-1992 or post-1991 loan guarantees are modified, is the excess of
the postmodification liability2 over the premodification liability
recognized as a modification expense? (SFFAS 2, par. 49 & app. B, parts
III D(1 - 3), & IV B (1 - 3)).
177.
If the premodification value of post-1991 and pre-1992 loans sold
exceeds the net proceeds from the sale, is the excess treated as the
cost of modification and recognized as a modification expense? (SFFAS
2, par. 45 & 53 & app. B, part I F(1)).
178.
If a loan is sold with recourse, are estimated losses recognized as a
subsidy expense and loan guarantee liability? (SFFAS 2, par. 54);
.
179.
If the cost of modifying pre-1992 or post-1991 loan guarantees is
greater than the increase in the book value of the related loan
guarantee liabilities,5 is the difference recognized as a gain? (SFFAS
2, par. 52 & app. B, parts III D (4 & 5) & IV B (5)).
180.
If the cost of modifying pre-1992 or post-1991 loan guarantees is less
than the increase of the related loan guarantee liabilities, is the
difference recognized as a loss? (SFFAS 2, par. 52 & app. B, parts III
D(4 & 5) & IV B (5)).
181.
If the modification expense arising from a loan sale is greater than
the book value loss, is the difference recognized as a gain? (SFFAS 2,
par. 55 & app. B, part I F(2)).
182.
If the modification expense arising from a loan sale is less than the
book value loss, is the difference recognized as a loss? (SFFAS 2, par.
55 & app. B, part I F (2)).
Section V: Statement of Changes in Net Position:
The 37 questions in this section are related to the Statement of
Changes in Net Position:
Question Numbers:
1. Net Cost of Operations: 1 - 2:
2. Appropriations Used: 3 - 4:
3. Taxes and Other Nonexchange Revenues: 5 - 12:
4. Donations: 13:
5. Imputed Financing: 14:
6. Transfers: 15 - 18:
7. Modifications: 19 - 24:
8. Prior-period Adjustments: 25 - 31:
9. Unexpended Appropriations: 32 - 33:
10. Net Position: 34 - 37:
Changes in Net Position (1 - 37):
The Statement of Changes in Net Position reports the beginning net
position, the items that caused net position to change during the
reporting period, and the ending net position. (SFFAS 7 Imple. Guide,
par. 63; OMB 97-01 as amended (Jan. 7, 2000), p. 32).
1.
Does the amount reported for "net cost of operations" correspond to the
amount reported on the current year's Statement of Net Cost? (OMB Bull.
97-01 as amended (Jan. 7, 2000), p. 32).
2.
Is nonexchange revenue recognized as a financing source in calculating
the net results of operations (and not as a deduction in determining
the net cost of operations)? (SFFAS 7, par. 60).
3.
Are "appropriations used" recognized as a financing source in
determining the net results of operations when, under authority of the
appropriation, goods and services are received or benefits or grants
are provided? (SFFAS 7, par. 72, 212, 214, 331, & 332; OMB 97-01 as
amended (Jan. 7, 2000), p. 32).
4.
Do appropriations used exclude the following appropriations?;
a. appropriations of dedicated tax receipts and donations;
b.
appropriations used by collecting entities to provide refunds of monies
deposited to Treasury or trust funds;
c. appropriations used for
repayment of debt (SFFAS 7, par. 332; OMB 97-01 as amended (Jan. 7,
2000), p. 32).
5.
Does the entity recognize taxes and other nonexchange revenues to which
it is legally entitled and which it does not transfer to other
entities? (SFFAS 7, par. 48, 49, & 176; SFFAS 7 Imple. Guide, par. 65 &
95).
6. Is nonexchange revenue recognized when the government's claim to
resources can be characterized as follows?;
a. specifically identifiable;
b. legally enforceable;
c. reasonably measurable;
d. more likely than not collectable (SFFAS 7, par. 48).
7. Are the following transactions recognized as taxes and other
nonexchange revenues from the public?;
a. individual and corporate income
taxes, social insurance taxes and contributions, excise taxes, estate
and gift taxes, and customs duties;
b. social insurance taxes and contributions paid by federal employees;
c. deposits by states for unemployment trust funds;
d. user fees and harbor maintenance trust fund payments;
e. customs service fees;
f. deposits of earnings from the Federal Reserve System;
g. donations;
h. fines and penalties;
i. penalties due to
delinquent taxes in connection with custodial activity;
j. forfeitures
(SFFAS 7, par. 49, 61 - 63, 242 - 257, 260 - 269, & 305; SFFAS 7 Imple.
Guide, par. 99 - 103).
8.
Is seignorage recognized as an "other" financing source when coins are
delivered to the Federal Reserve banks in return for deposits? (SFFAS
7, par. 305).
9.
Are the following transactions recognized as nonexchange revenue from
other federal government entities?;
a. interest on Treasury securities
held by trust funds and special funds (except revolving trust funds)
when the predominant source of funds is from nonexchange revenue;
b. interest received by one fund from another;
c. employer contributions to social insurance programs (SFFAS 7, par.
306 - 310).
10.
Does the general fund recognize all nonexchange revenue not recognized
by trust funds and other recipient entities? (SFFAS 7, par. 60. 4);
11.
Does the general fund recognize, in succeeding periods, revenue that is
determined, after the books have been closed for the period, to have
been properly transferable (or improperly transferred) to other
recipient entities? (SFFAS 7, par. 60. 4).
12.
Are the following transactions recognized as nonexchange gains or
losses from other federal government entities?;
a. retirement of debt securities prior to maturity held by trust funds
and special funds;
b. cancellation of debt (SFFAS 7, par. 311 - 313).
13.
Is revenue arising from donations of nonfinancial resources measured at
the estimated fair value of the contribution at the time of the
donation? (SFFAS 3, par. 43; SFFAS 6, par. 30; SFFAS 7, par. 62, 258,
259, & 361; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 32);
14.
Does the reporting entity recognize an imputed financing source for
costs funded through other federal entities as well as nonreimbursed
costs of goods and services provided by other federal entities? (SFFAS
4, par. 109; SFFAS 5, par. 75, 77, 78, 91, & 93; SFFAS 7, par. 70, 73,
220, & 333 - 337; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 32);
.
15.
When assets are transferred among governmental entities without
reimbursement:
a. Does the receiving entity recognize the transfer-in as
an increase in financing sources in its statement of net position?;
b. Does the transferring entity recognize the transfer-out as a
decrease
in financing sources in its statement of net position? (SFFAS 7, par.
74, 220(b), par. 344 - 346; SFFAS 7 Imple. Guide, par. 65; OMB Bull.
97-01 as amended (Jan. 7, 2000), pp. 32 & 33).
16.
Are transferred assets recorded at the book value of the transferring
entity, or, if the receiving entity does not know the book value, is
the asset recorded at its estimated fair value as of the date of the
transfer? (SFFAS 7, par. 74; OMB Bull. 97-01 as amended (Jan. 7, 2000),
pp. 32 & 33).
17.
Is revenue recognized by the recipient entities as the sum of the
following?;
a. cash or cash equivalents transferred to them by the
collecting entities;
b. the net change in any related interentity balances
between the collecting and the receiving entities (i.e., the amount to
be transferred to the recipient entities from the collecting entity or
vice versa) (SFFAS 7, par. 60).
18.
Is noncustodial exchange revenue transferred to another government
entity or to the Treasury recognized as a "transfer-out" in determining
the net results of operations? (SFFAS 7, par. 75 & note 18);
A modification means a federal government action, including new
legislation or administration action, that directly or indirectly
alters the estimated subsidy cost and present value of outstanding
loans or the liability of loan guarantees. (SFFAS 2, par. 41).
19.
Is a gain from the modification of post-1991 loans reported as a
reduction in financing source and paid to the Treasury as a
"modification adjustment transfer?" (SFFAS 2, par. 48, & app. B, part I
D(5)).
20.
Is a loss from the modification of post-1991 loans reported as a
financing source when the reporting entity receives from the Treasury a
"modification adjustment transfer?" (SFFAS 2, par. 48 & app. B, part I
D(5)).
21.
Is a gain resulting from a modification of post-1991 loan guarantees
reported as a reduction in financing source and paid to the Treasury as
a "modification adjustment transfer?" (SFFAS 2, par. 52 & app. B, part
III D(5)).
22.
Is a loss resulting from a modification of post-1991 loan guarantees
reported as a financing source when the reporting entity receives from
the Treasury a "modification adjustment transfer" to offset the
difference? (SFFAS 2, par. 52 & app. B, part III D(5));
23.
Is a gain on the sale of a post-1991 loan reported as a reduction in
financing source and paid to the Treasury as a "modification adjustment
transfer?" (SFFAS 2, par. 55 & app. B, part I F(2)).
24.
Is a loss on the sale of a post-1991 loan reported as a financing
source when the reporting entity receives from the Treasury a
"modification adjustment transfer?" (SFFAS 2, par. 55 & app. B, part I
F(2)).
25.
Are prior-period adjustments limited to corrections of errors and
accounting changes with retroactive effect, including changes caused by
the adoption of new federal financial accounting standards? (SFFAS 7,
par. 76; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 33);
26.
Are prior-period adjustments recognized as changes in cumulative
results of operations (rather than as an element of net results of
operations for the period)? (SFFAS 7, par. 76; OMB Bull. 97-01 as
amended (Jan. 7, 2000), p. 33).
27.
If cost information for existing general PP&E has not been maintained,
are the estimated values recorded in the appropriate asset and contra-
asset accounts and the difference shown as a "prior-period adjustment"
in the statement of changes in net position? (SFFAS 6, par. 40 & 43);
28.
If national defense, heritage PP&E, and stewardship land had been
previously recognized as assets and contra-assets for balance sheet
reporting, has the entity performed the following operations?;
a. netted out these accounts, charged the residual to "net position";
b. shown the
net change as a "prior-period adjustment" in the statement of changes
in net position (SFFAS 6, par. 55; SFFAS 11, par. 7; SFFAS 16, par.
14).
29.
Conversely, if multiuse heritage assets are capitalized, is the asset
fair value added to the balance sheet and reported as a "prior-period
adjustment? (SFFAS 16, par. 15).
30.
If stewardship PP&E has been placed into service as of September 30,
1997, is a liability recognized, disclosed, and an adjustment made to
net position as a "prior-period adjustment" for the following
amounts?;
a. the portion of estimated clean-up costs incurred to date;
b. the estimated total clean-up costs as a liability if costs are not
intended
to be recovered primarily through user charges (SFFAS 6, par. 16 & 104
- 106; OMB 97-01 as amended (Jan. 7, 2000), p. 74).
31.
If prior-period adjustments are made to the current year's assets and
liabilities and offset against net position:
a. Are the amounts and
circumstances disclosed in the notes?;
b. Are the published financial
statements presenting prior-year financial information left unchanged?
(SFFAS 6, par. 55, 56, 63, 65, 75, 76, 105, & 106).
32.
Are unexpended appropriations reduced as appropriations are used?
(SFFAS 7, par. 71).
33.
Are unexpended appropriations adjusted for other changes in budgetary
resources, such as rescissions and transfers? (SFFAS 7, par. 71);
.
34.
Is the "Net Position - Beginning Period" consistent with "Net Position
- End of Period" on the prior-year's balance sheet? (OMB Bull. 97-01 as
amended (Jan. 7, 2000), p. 33).
35.
Is "Net Position - End of Period" reported in the Statement of Changes
in Net Position consistent with "Total Net Position" reported in the
current year's Balance Sheet? (OMB Bull. 97-01 as amended (Jan. 7,
2000), pp. 16 & 33).
36.
Is the sum of the net increase or decrease in unexpended appropriations
and the net change in the cumulative results of operations recognized
as the "Change in Net Position?" (SFFAS 7, par. 71; SFFAS 7 Imple.
Guide, par. 65 & 121, figure 3 & 4; OMB Bull. 97-01 as amended (Jan. 7,
2000), pp. 31 & 33).
37.
Is the difference between "Net Position - Beginning of Period" and "Net
Position - End of Period" equal to the "Change in Net Position?" (SFFAS
7, par. 71; SFFAS 7 Imple. Guide, par. 121, figures 3; OMB Bull. 97-01
as amended (Jan. 7, 2000), pp. 31 & 33).
Section VI: Statement of Budgetary Resources:
The four questions in this section concern the Statement of Budgetary
Resources:
Statement of Budgetary Resources; (1 - 4):
The budget is the primary financial planning and control tool of the
government. The Statement of Budgetary Resources and the related
disclosures provide information about how budgetary resources were made
available as well as their status at the end of the period. (SFFAS 7,
par. 77; SFFAS 7 Imple. Guide, par. 68; OMB Bull. 97-01 as amended
(Jan. 7, 2000), p. 36).
1.
If the reporting entity's financing comes either wholly or partially
from budgetary resources, does the entity present in a "Statement of
Budgetary Resources" the following disclosures?;
a. total budgetary
resources available during the period including, if applicable;
i. new budget authority;
ii. direct spending authority;
iii. unobligated balances at
the beginning of the period or transferred in during the period;
iv. spending authority from offsetting collections;
v. adjustments to budgetary authority;
b. the status of budgetary resources consisting, when
applicable, of;
i. obligations incurred;
ii. unobligated balances that remain available at the end of the
period.
iii. unobligated balances that are unavailable at the
end of period, except to adjust or liquidate obligations chargeable to
prior-period appropriations;
c. a statement of outlays during the period that displays;
i. obligations incurred less spending authority from
offsetting collections and adjustments;
ii. obligated balances at the beginning of the period;
iii. obligated balances transferred;
iv. obligated
balances net at end of extra period (SFFAS 7, par. 77; & SFFAS 7,
Imple. Guide, par. 68 - 69; OMB Bull. 97-01 as amended (Jan. 7, 2000),
pp. 35 & 36).
2.
Is the recognition and measurement of budgetary information reported on
the Statement of Budgetary Resources based on budget terminology,
definitions, and guidance in OMB Circular A-34, Instructions on Budget
Execution, dated December 26, 1995? (SFFAS 7, par. 78; SFFAS 7, Imple.
Guide, par. 69; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 36, 2[ND]
par.).
3.
Is the information for each of the entity's major budget accounts
presented as required supplementary information? (SFFAS 7, par. 78; OMB
Bull. 97-01 as amended (Jan. 7, 2000), p. 80).
4.
Does the entity disclose the following information about the status of
its budgetary assets?;
a. the amount of budgetary resources obligated for
undelivered orders at the end of the period;
b. available borrowing and
contract authority at the end of the period;
c. repayment requirements,
financing sources for repayment, and other terms of borrowing authority
used;
d. material adjustments during the reporting period to budgetary
resources available at the beginning of the year and an explanation
thereof;
e. existence, purpose, and availability of permanent indefinite
appropriations;
f. information about legal arrangements affecting the use
of unobligated balances of budget authority, such as time limits,
purpose, and obligation limitations;
g. explanations of any material
differences between the budgetary resources reported in the Statement
of Budgetary Resources and "actual" amounts in the Budget of the U.S.
government;
h. the amount of unfunded liabilities, and an explanation that
includes identification of balance sheet components, when unfunded
liabilities do not equal the total financing sources yet to be
provided;
i. the amount of any capital infusion received during the
reporting period (SFFAS 7, par. 79 & 209 - 212; SFFAS 7 Imple. Guide,
par. 70-71; OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 74 & 75);
.
Section VII: Statement of Financing:
The ten questions in this section are related to the Statement of
Financing.
Question Numbers:
1. General: 1:
2. Obligations and Nonbudgetary Resources: 2 - 3:
3. Resources That Do Not Fund Net Cost of Operations: 4 - 5:
4. Costs That Do Not Require Resources: 6 - 7:
5. Financing Sources Yet to be Provided: 8:
6. Net Cost of Operations: 9:
7. Disclosures: 10:
Statement of Financing (1 - 10):
Accrual-based measures used in the Statement of Net Cost differ from
the obligation-based measures used in the Statement of Budgetary
Resources. The Statement of Financing is designed to report those
differences and facilitate the reconciliation between the two
statements. (SFFAS 7, par. 80; SFFAS 7 Imple. Guide, par. 72 - 73; OMB
Bull. 97-01 as amended (Jan. 7, 2000), p. 38).
1.
Does the reconciliation between the budgetary and financial accounting
information explain the relationship between budgetary resources
obligated by the entity during the period and the net cost of
operations? (SFFAS 7; par. 80, 91 - 94, & 217; SFFAS 7 Imple. Guide,
par. 74 - 75);
2.
To arrive at "total adjusted obligations and nonbudgetary resources,"
are "obligations incurred" reduced by such adjustments as the
following?;
a. offsetting collections to expenditure accounts (e.g.,
receipts from the sale of capitalized assets, collections of loan
principle, and related interest and reimbursements for services
provided);
b. exchange revenues not in the budget;
c. transfers-out of assets
in the amount of their book value (SFFAS 7, par. 80; SFFAS 7 Imple.
Guide, par. 77 - 81, 121 (figure 11), 140 - 152, 155, & 168 - 170; OMB
Bull. 97-01 as amended (Jan. 7, 2000), pp. 37 & 38);
3.
To arrive at "total obligations as adjusted and nonbudgetary
resources," are "obligations incurred" increased by such adjustments as
the following?;
a. imputed financing for cost subsidies;
b. transfers-in of
assets in the amount of the book value, if known, or for the fair
market value, if not known;
c. financing sources other than exchange
revenues that are not in the budget;
d. donations not accounted for in the
budget (SFFAS 7, par. 80; SFFAS 7 Imple. Guide, par. 77 - 81, 121
(figure 16), 140 - 141, & 146 - 152; OMB Bull. 97-01 as amended (Jan.
7, 2000), pp. 37 & 38);
4.
Are adjusted obligations and nonbudgetary resources reduced by certain
changes in resources that do not fund net costs of operations,
including the following?;
a. the amount of net increases in undelivered
but obligated orders for goods, services, and benefits;
b. the cost of any
capitalized good or service acquired during the year;
c. loans made (less subsidy expense);
d. financing sources that fund costs of prior periods
(e.g., appropriations for credit subsidies expensed in prior periods or
decreases in unfunded liabilities, such as reductions in accrued annual
leave liabilities);
e. other resources that do not fund net costs of
operations (SFFAS 7, par. 81; SFFAS 7 Imple. Guide, par. 82 - 85, 121
(figures 11 & 16), 127 - 139, & 153 -167; OMB Bull. 97-01 as amended
(Jan. 7, 2000), pp. 37 & 38);
5.
Are adjusted obligations and nonbudgetary resources increased by
certain changes in resources that do not fund net costs of operations,
including the following?;
a. the amount of net decreases in undelivered
and obligated orders for goods, services, and benefits;
b. Collections of loan principal and related subsidy expenses;
c. removal of undepreciated
portions of capitalized assets disposed of during the year;
d. other
offsetting adjustments (SFFAS 7, par. 81; SFFAS 7 Imple. Guide, par. 82
- 85, 142 - 145, 146 - 152, & 153 - 167; OMB Bull. 97-01 as amended
(Jan. 7, 2000), pp. 37 & 38);
6.
Are certain costs that do not require financing by either budgetary or
nonbudgetary resources (e.g., depreciation and losses or expenses
arising from revaluation of assets) added to adjusted obligations and
nonbudgetary resources to arrive at net costs of operations? (SFFAS 7,
par. 81; SFFAS 7 Imple. Guide, par. 86 - 89 & 121 (figures 11 & 16);
OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 37, 38, & 39);
7.
If the reimbursement for goods or services provided by one federal
entity to another federal entity is less than the full cost, does the
recipient entity recognize the difference in its accounting records as
a financing source? (SFFAS 4, par. 109, 114, & 115);
8. Are costs that are recognized in the current period but are to be
financed in future periods (e.g., accrued expenses such as increases in
annual leave, subsidy reestimates, and increases in postretirement
benefit liabilities) reported as "financing sources yet to be
provided?" (SFFAS 7, par. 81; SFFAS 7 Imple. Guide, par. 90 - 93 & 121
(figures 6 & 11); OMB Bull. 97-01 as amended (Jan. 7, 2000), pp. 37 &
39);
9. Does the net cost of operations on the Statement of Financing agree
with the net cost of operations on the Statement of Net Cost? (OMB
Bull. 97-01 as amended (Jan. 7, 2000), p. 39); Accrual-based
measures used in the obligation-
based measures used in the Statement of Budgetary Resources. The
Statement of Financing is designed to report those differences and
facilitate the reconciliation between the two statements. (SFFAS 7,
par. 80; SFFAS 7 Imple. Guide, par. 72 - 73; OMB Bull. 97-01 as amended
(Jan. 7, 2000), p. 38)
10.
Are adjustments to the total of obligations and nonbudgetary resources
presented and explained in a manner that clarifies the relationship
between the obligation basis used in the budget and the accrual basis
used in financial accounting? (SFFAS 7, par. 80 - 82);
Section VIII: Statement of Custodial Activity:
The 26 questions in this section are related to the Statement of
Custodial Activity:
Question Numbers:
1. General: 1 - 2:
2. Sources of Collections: 3 - 8:
3. Disposition of Collections: 9 - 12:
4. Disclosures: 13 - 17:
5. Dedicated Collections and Other Accompanying Information: 18 - 26:
Statement of Custodial Activity (1 - 26):
Entities that collect nonexchange revenue for the General Fund of the
Treasury, a trust fund, or other recipient entities account for the
collection and disposition of these revenues in a Statement of
Custodial Activity. (SFFAS 7 Imple. Guide, par. 58; OMB Bull. 97-01 as
amended (Jan. 7, 2000), p. 41).
1.
If the entity collects exchange revenue on behalf of other entities and
recognizes little or no costs in earning that revenue, does the entity
account for it as a custodial activity? (SFFAS 7, par. 45, 140 - 145, &
270 - 279; SFFAS 7 Imple. Guide, par. 51 - 57; OMB Bull. 97-01 as
amended (Jan. 7, 2000), p. 41).
2.
If the collecting entity is not legally entitled to retain a portion or
all of the collected nonexchange revenue, is the receipt and
disposition of that revenue reported in the Statement of Custodial
Activity? (SFFAS 7, par. 48, 49, & 176; SFFAS 7 Imple. Guide, par. 58 -
62 & 95; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 41);
.
3.
Does the collecting entity measure taxes and duties on a cash basis and
then modify that with an accrual adjustment to determine the amount of
revenue to be recognized? (SFFAS 7, par. 49 & 52).
4.
Except for deposits, are cash collections based on amounts actually
received during the period? (SFFAS 7, par. 50 & 59).
5.
Are the components of cash collections classified by source and nature
of collection, such as by type of tax or duty? (OMB Bull. 97-01 as
amended (Jan. 7, 2000), p. 41).
6.
Are cash refunds of nonexchange revenue based on refunds of taxes and
duties during the period? (SFFAS 7, par. 51).
7.
Do cash refunds of nonexchange revenue for taxes and duties include
"refund offsets" and "drawbacks?" (SFFAS 7, par. 51).
8.
Are accrual adjustments separately reported in a footnote? (SFFAS 7,
par. 52; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 41);
9.
Is the disposition of collections, including amounts transferred to
others, amounts yet to be transferred, and amounts retained by the
collecting entity reported and broken out by recipient? (OMB Bull. 97-
01 as amended (Jan. 7, 2000), pp. 40, 41, & 42).
10.
Does the collecting entity report the change in liability for accrued
and collected revenue yet to be transferred? (SFFAS 7 Imple. Guide,
par. 61; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 41);
11.
Are collections retained by the entity separately reported and treated
as a disposition of collections revenue? (OMB Bull. 97-01 as amended
(Jan. 7, 2000), p. 42).
12.
In the statement of custodial activity, do total sources of collections
equal total disposition of collections (revenue) so that the net
custodial activity is zero? (SFFAS 7 Imple. Guide, par. 61; OMB Bull.
97-01 as amended (Jan. 7, 2000), pp. 40 & 42).
13.
If custodial revenues are immaterial and incidental to the entity's
primary mission and are not reported separately, are the sources and
amounts of the collections and the amounts distributed to others
disclosed in the accompanying footnotes? (OMB Bull. 97-01 as amended
(Jan. 7, 2000), pp. 41 & 75).
14. Does the collecting entity disclose and explain the following
information?;
a. the basis of accounting when application of the general
rule for recognizing nonexchange revenue (i.e., specifically
identifiable, legally enforceable, and reasonably estimable) results in
a modified cash basis of accounting;
b. the specific potential accruals
that are not made as a result of using the modified cash basis
accounting;
c. the practical and inherent limitations affecting the
accrual of taxes and duties;
d. the use of accrual-based accounting, if
applicable (SFFAS 7, par. 48 & 64; OMB Bull. 97-01 as amended (Jan. 7,
2000), p. 75.
15. Do entities that collect taxes and duties disclose the following
information in a note or narrative?;
a. basis of accounting;
b. factors
affecting the collectability and timing of taxes and other nonexchange
revenues;
c. cash collections and refunds by tax year and type of tax for
the reporting period (SFFAS 7, par. 65.1 & 65. 3; OMB Bull. 97-01 as
amended (Jan. 7, 2000), p. 75).
16.
If trust fund revenues are not recorded in accordance with applicable
law, do the collecting and recipient entities disclose the reasons?
(SFFAS 7, par. 66).
17.
If refunds are material in relation to gross collections, are they
separately disclosed by components? (OMB Bull. 97-01 as amended (Jan.
7, 2000), p. 39).
Dedicated collections are funds held with the expectation that they
will be held for and applied to the purposes for which the funds were
dedicated. Such funds include all funds within the budget classified as
trust funds, those funds within the budget that are classified as
"special funds" but that are similar in nature to trust funds, and
those funds within the federal universe (inside or outside the budget)
that are fiduciary in nature. (SFFAS 7, par. 83; OMB Bull. 97-01 as
amended (Jan. 7, 2000), p. 75).
18.
Does the management of a reporting entity identify, track, and disclose
the receipts and expenditures of dedicated trust funds, "special
funds," and fiduciary or deposit funds (both inside and outside the
budget) that are under its purview? (SFFAS 7, par. 83, 226, 230 - 233,
& 370; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 75);
19.
Does management provide separate financial information about these
dedicated funds if they are material to the reporting entity, the
beneficiary, or the contributors? (SFFAS 7, par. 84, 226, 230 - 233, &
370).
20.
If a separate report is made to beneficiaries of or contributors to
dedicated collections and the funds are not material to the reporting
entity, are those immaterial funds combined for disclosure purposes?
(SFFAS 7, par. 84 & 85).
21.
Is the following information reported for individual funds that account
for dedicated collections?;
a. a description of each fund's purposes,
and how the administrative entity accounts for and reports the fund and
its authority to use those collections;
b. the sources of revenue or
other financing for the period and an explanation of the extent to
which they are inflows of resources to the government or the result of
intragovernmental flows;
c. condensed information about assets and
liabilities showing investments in Treasury securities, other assets,
liabilities due and payable to beneficiaries, other liabilities, and
fund balance;
d. condensed information on net cost and changes to fund
balance showing revenues by type (exchange or nonexchange), program
expenses, other expenses, other financing sources, and other changes in
fund balance;
e. the amounts of any revenues --other financing sources
or costs attributable to the fund under accounting standards --that are
not legally allowable as credits or charges to the fund (SFFAS 7, par.
85).
22.
If revenues, other financing sources, or costs (such as item "e" of the
previous question) are associated with but not legally allowable to a
fund, does the larger reporting entity of which the fund is a component
recognize them? (SFFAS 7, par. 86; OMB Bull. 97-01 as amended (Jan. 7,
2000), p. 75).
23.
If more than one reporting entity is responsible for carrying out a
program financed with dedicated collections, does the entity with the
largest share of the activity take responsibility for reporting all
revenues, other financing sources, assets, liabilities, and costs of
the fund? (SFFAS 7, par. 87; OMB Bull. 97-01 as amended (Jan. 7, 2000),
p. 75).
24.
Are trust funds allowed to recognize revenue from excise taxes on the
basis of assessments if information on actual collections is not
currently available from the collecting entity? (SFFAS 7, par. 60.1);
25.
Is the amount of revenue accrued and recognized by the social security
trust fund based on the best available information (i.e., on the basis
of the higher of the amount of Internal Revenue Service (IRS)
assessments or the amounts actually reported by employers to Social
Security)? (SFFAS 7, par. 60.2 & 177).
26.
Does the collecting entity report the following as other accompanying
information?;
a. income tax burden borne by different classes of taxpayers
and the effects of tax rates, deductions, credits, etc. (required of
IRS);
b. applicable information on the size of the tax gap, including;
i.
explicit definitions of the estimated amounts reported (e.g., whether
the tax gap includes estimates on illegally earned income);
ii. appropriate explanations of the limited reliability of the
estimates;
iii. cross
references to portions of the tax gap due from identified noncompliant
taxpayers and importers;
c. appropriate explanations and qualifications,
if information about tax expenditures related to entity programs is
present;
d. a description of the basis for the estimates and appropriate
cautionary language about reliability, if information about estimated
directed flows of resources related to an entity's programs is
presented (SFFAS 7, par. 69.1 - 69. 4, 108, & 192 - 202; OMB Bull. 97-01
as amended (Jan. 7, 2000), p. 82).
Section IX: Notes to Financial Statements:
The four questions in this section concern the disclosure of
significant accounting policies:
Notes to Financial Statements; (1 - 4):
1. Does the entity identify and describe accounting principles and
applications it follows in a note to the financial statements? (OMB
Bull. 97-01 as amended (Jan. 7, 2000) , p. 43, note 1);
2. Does the entity's disclosure of its accounting policies include its
rationale for the valuation, recognition, and allocation of assets,
liabilities, expenses, revenues, and other financing sources? (OMB
Bull. 97-01 as amended (Jan. 7, 2000), p. 43, note 1);
3.
Does the entity disclose any significant changes in its composition or
manner in which it aggregates information for financial reporting
purposes? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 43, note 1);
4.
If the changes have resulted in a new reporting entity, has the entity
restated prior-period financial statements to correspond to the
changes? (OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 43, note 1);
Section X: Supplementary Information:
The questions related to the Supplementary Information are organized in
the following nine categories.
Question Numbers:
Required Supplementary Stewardship Information: Property, Plant and
Equipment: 1 - 19:
Required Supplementary Stewardship Information:
Stewardship Investments: 20 - 41:
Required Supplementary Stewardship Information:
Risk Assumed Information: 42 - 46:
Required Supplementary Information: Custodial Activity: 47 - 48:
Required Supplementary Information: Segment Information: 49 - 50:
Required Supplementary Information: Deferred Maintenance: 51 - 54:
Required Supplementary Information: Intragovernmental Amounts: 55 -
67:
Required Supplementary Stewardship Information:
Social Insurance Programs: 68 - 94:
Required Supplementary Information:
Management Discussion and Analysis: 95 - 101:
Required Supplementary Stewardship Information: Property, Plant, and
Equipment (1 - 19):
The standards for reporting on the federal government's stewardship
cover (1) certain resources entrusted to it that are identified as
stewardship property, plant, and equipment (PP&E) and stewardship
investments and (2) certain responsibilities assumed by it, identified
as the current services assessment, that cannot be measured in
traditional financial reports. PP&E consists of items whose
characteristics resemble those of general PP&E traditionally
capitalized in financial statements. However, because of the nature of
these assets, valuation may be difficult, and matching costs with
specific periods would not be meaningful. Stewardship PP&E include
* heritage assets, such as federal monuments and memorials, that are of
historical, natural, cultural, educational, architectural, or artistic
significance;
* national defense PP&E such as military weapons systems;
and;
* stewardship land, such as national forests and parks, that have
not been acquired for or in connection with general PP&E. (SFFAS 8,
par. 9, 10, 11, & 17; SFFAS 11, par. 3, 4 & 7; OMB Bull. 97-01 as
amended (Jan. 7, 2000), p. 76).
1. Are heritage assets reported as Required Supplementary Stewardship
Information (RSSI) accompanying the financial statements rather than as
asset amounts on the balance sheet? (SFFAS 8, par. 17, 19,21, & 46; OMB
Bull. 97-01 as amended (Jan. 7, 2000), p. 76).
2.
Are heritage assets reported in RSSI in terms of physical units rather
than in terms of cost, fair value, or other monetary values? (SFFAS 8,
par. 46; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 76);
3. Does the reporting entity provide relevant RSSI in the financial
statements, such as the following information about its heritage
assets?;
a. a description of each major category of heritage asset;
b. a
breakout by type of heritage asset of the number of physical units
added, withdrawn, and on hand at the end of the reporting year;
c. a
description of the methods of acquisition and withdrawal of heritage
assets;
d. a description of the condition of the assets if not already
disclosed in a note to the financial statements;
e. a reference to the
Required Supplementary Information, if deferred maintenance has been
reported for the assets (SFFAS 8, par. 50; OMB Bull. 97-01 as amended
(Jan. 7, 2000), p. 77).
National defense PP&E are (1) the PP&E components of weapons systems
and support PP&E owned by the Department of Defense or its component
entities for use in the performance of military missions and (2)
vessels held in a preservation status by the Maritime Administration's
National Defense Reserve Fleet. (SFFAS 11, par. 8).
4.
Is National defense PP&E reported as RSSI? (SFFAS 8, par. 68; SFFAS 11,
par. 16 & 22 - 24; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 77);
5. Do national defense PP&E components include the following items?;
a. weapons systems PP&E (e.g., aircraft, ships, and tanks);
b. weapons
systems supporting principal end items (e.g., radars, guidance systems,
engines);
c. weapons systems supporting real property (e.g., ammunition
bunkers, missile silos);
d. mission support PP&E (e.g., nontactical
vehicles such as fuel tankers, combat operations centers, crypto
systems, and field security systems) (SFFAS 11, par. 9 & 14);
6.
Does national defense PP&E also include PP&E items in the possession of
contractors? (SFFAS 11, par. 10 & 11).
7. Does national defense PP&E exclude the following items?;
a. manufacturing and testing equipment;
b. operating materials and supplies;
c. stockpiled materials (SFFAS 11, par. 12 & 13).
8.
Is national defense PP&E valued and reported in RSSI using either of
the following methods?;
a. the total cost method;
b. the latest acquisition
cost method (SFFAS 8, par. 60, 62, 63, & 121; SFFAS 11, par. 22 - 24;
OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 77).
9.
Is the valuation method chosen used on a consistent basis and, if any
change in method is made, is it justified? (SFFAS 8, par. 61; OMB Bull.
97-01 as amended (Jan. 7, 2000), p. 77).
10.
Do the costs assigned to an item of national defense PP&E also include
all costs incurred to bring PP&E to a form and location suitable for
its intended use? (SFFAS 8, par. 64).
11.
Does the reporting entity include in its RSSI the acquisition-in-
process costs of its national defense PP&E? (SFFAS 8, par. 67; SFFAS
11, par. 16 & 22 - 24).
12. Does the reporting entity include, at a minimum, in its RSSI the
following information about its national defense PP&E?;
a. a description
of major types of national defense PP&E including assigned values and
valuation method;
b. a description of the methods of acquisition and
withdrawal at the major program or category level;
c. beginning value;
d. value added;
e. value withdrawn;
f. revaluations;
g. ending value;
h. the overall
condition of the assets (unless this is already reported elsewhere in
the report, in which case a note will suffice);
i. a reference to the
applicable information if deferred maintenance is reported for the
assets (SFFAS 8, par. 17 & 68; SFFAS 11, par. 16 & 22 - 24; SFFAS 14,
par. 10; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 77);
13.
Are federal land and land rights not acquired for or in connection to
items of general PP&E reported as stewardship land in the RSSI of the
financial statements? (SFFAS 8, par. 73 - 74).
14.
Is stewardship land quantified and reported in terms of physical units
(e.g., acres) in the RSSI rather than as monetary amounts? (SFFAS 8,
par. 75 - 76, 125, & 126; OMB Bull. 97-01 as amended (Jan. 7, 2000), p.
77).
15.
If a structure acquired with stewardship land has a significant
operating use (e.g., a recently constructed hotel or employee-housing
block), is its cost capitalized and treated as general PP&E? (SFFAS 8,
par. 78).
16.
If the fair value of stewardship land acquired through donation or
devise is known and material, is it disclosed in the notes to the
financial statements? (SFFAS 8, par. 79).
17.
If the fair value of the stewardship land acquired through donation or
devise is not estimable, is information as to the type and quantity of
the assets disclosed? (SFFAS 8, par. 79).
18.
Are costs incurred to prepare stewardship land for its intended use
expensed as a part of the cost of stewardship land? (SFFAS 8, par.
80);
.
19.
With regard to stewardship land, does the reporting entity include in
its RSSI the following information?;
a. the number of physical units of
stewardship land broken out by principal organization and category of
major use;
b. acquisitions, withdrawals, and ending balances broken out by
major categories;
c. methods of acquisition and withdrawal of stewardship land;
d. the condition of the stewardship land, unless it is already
reported elsewhere in the report (in which case a reference to the
information will suffice);
e. a reference to the applicable information if
deferred maintenance is reported for the assets. (SFFAS 8, par. 81;
SFFAS 14, par. 10; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 77);
Required Supplementary Stewardship Information: Stewardship
Investments (20 - 41):
Stewardship investments are made by the federal government for the
benefit of the nation. When incurred, they are treated as expenses in
calculating net cost, but they are also separately reported as RSSI to
highlight their long-term benefit. (OMB Bull. 97-01 as amended (Jan. 7,
2000), pp. 76 & 77);
Stewardship investment includes: federally
financed purchases, construction, or major renovation or physical
property, including major equipment owned by state and local
governments (i.e., grants for nonfederal physical property);
expenses
incurred for education and training programs (except those for federal
civilian and military personnel) that are intended to increase or
maintain national productive capacity (i.e., human capital costs);
expenses incurred to support the search for new or refined knowledge
and ideas and their application in order to increase or maintain
national productive capacity or yield other future benefits (i.e.,
research and development costs). (SFFAS 8, par. 83, 89, 90, & 96; OMB
Bull. 97-01 as amended (Jan. 7, 2000), p. 78).
20. Are nonfederal physical property investments reported in nominal
dollars on the basis of "expenses incurred" and measured on the same
basis of accounting used for financial statement purposes? (SFFAS 8,
par. 84).
21.
Are investments in nonfederal physical property and related cash grants
recognized and reported as expenses in arriving at the net cost of
operations? (SFFAS 8, par. 85; OMB Bull. 97-01 as amended (Jan. 7,
2000), p. 78).
22.
Does the reporting entity provide in its RSSI a narrative description
and nominal dollar breakout by meaningful category of expenses incurred
for programs that fund the purchase, renovation, and replacement of
PP&E owned by state and local governments for the year being reported
on as well as at least the preceding 4 years? (SFFAS 8, par. 84 - 87 &
122; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 79);
.
23.
Does the reporting entity also include in its RSSI a description of
federally owned physical property transferred to state and local
governments for the year being reported on as well as at least the
preceding 4 years? (SFFAS 8, par. 87 & 128; OMB Bull. 97-01 as amended
(Jan. 7, 2000), p. 79).
24. If expense data for the purchase of PP&E for state and local
governments for the year being reported and for the preceding 4 years
are not available, does the entity report outlay data, if available?
(SFFAS 8, par. 87).
25.
If neither historical expense nor outlay data are available for the
year being reported on and the preceding 4 years, has the entity begun
to report expense data for the current year? (SFFAS 8, par. 87);
.
26.
Are expenses incurred for program costs, contracts, or grants with
split purposes reported in RSSI on the basis of a logical allocation?
(SFFAS 8, par. 86, 92, & 98).
27.
If an allocation of costs is not feasible, are the total expenses
reported on the basis of the predominant application of the costs
incurred for investments in nonfederal physical property, human
capital, and research and development? (SFFAS 8, par. 86, 92, & 98);
.
28.
Does the entity report in its RSSI the amounts of significant
contributions from state, local, private, and other sources to its
investments in nonfederal physical property, human capital, and
research and development? (This is not required, but encouraged.)
(SFFAS 8, par. 88, 95, & 101).
29. Is the investment in human capital based on expenses incurred,
measured, and accounted for in accordance with SFFAS 4? (SFFAS 8, par.
91).
30.
Does the reporting entity include in its RSSI the dollar amount and a
narrative description of its "investment in human capital" for the year
being reported on as well as the preceding 4 years? (SFFAS 8, par. 91 &
94; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 79);
.
31.
Does the entity link its investments in human capital to outcomes that
can be described in financial, economic, or quantitative terms? (SFFAS
8, par. 93; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 76);
.
32.
If outcome data are not available, does the reporting entity report
output data that best provide indications of the intended program
outcomes? (SFFAS 8, par. 93).
33.
If expense data for the investments in human capital for the year being
reported and for the preceding 4 years are not available, does the
entity report outlay data, if available? (SFFAS 8, par. 94);
.
34.
If neither historical expense nor outlay data for the investments in
human capital are available for the year being reported on and the
preceding 4 years, has the entity begun to report expense data for the
current year? (SFFAS 8, par. 94).
35.
Is expense or outlay data for investments in human capital reported at
a meaningful category or level (e.g., by major program or department)?
(SFFAS 8, par. 94).
36.
Is the investment in research and development based on expenses
incurred, measured, and accounted for in accordance with SFFAS 4?
(SFFAS 8, par. 97).
37.
Does the entity link its investments in research and development to
program outcome data (e.g., narrative discussions of major discoveries
and applications) that can be described in financial, economic, or
quantitative terms? (SFFAS 8, par. 93 & 99; OMB Bull. 97-01 as amended
(Jan. 7, 2000), pp. 78 & 79).
38.
If outcome data are not available, does the reporting entity use output
(e.g., number of publications, patents, scientific and engineering
personnel funded) data that best provide indications of the intended
program outcomes? (SFFAS 8, par. 99).
39.
Does the reporting entity include in its RSSI the dollar amount and a
narrative description of its investment in major research and
development programs for the year being reported on as well as the
preceding 4 years? (SFFAS 8, par. 100; OMB Bull. 97-01 as amended (Jan.
7, 2000), p. 79).
40.
If expense data for the investments in research and development for the
year being reported and for the preceding 4 years are not available,
does the entity report outlays, if available? (SFFAS 8, par. 100);
.
41.
If neither historical expense nor outlay data are available for the
year being reported on and the preceding 4 years, has the entity begun
to report expense data for the current year? (SFFAS 8, par. 100);
Required Supplementary Stewardship Information: Risk Assumed
Information (42 - 46):
An assessment of stewardship responsibilities has two major
components: - risk-assumed information, which is generally measured by
the present value of unpaid expected losses net of associated premiums
(but not yet recognized as a contingent liability) based on the risk
inherent in the insurance or guarantee coverage in force (SFFAS 5, par.
105 & 106; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 79) and; -
current services assessments, which provide receipt and outlay data on
the basis of projections of future activities. Data on current service
assessments would be presented as RSSI accompanying the consolidated
financial statements of the federal government. (SFFAS 8, par. 101,
102, & 105).
42.
Does the entity include in RSSI the current amount and periodic changes
of "risk assumed" arising from insurance and guarantee programs? (SFFAS
5, par. 105, 106, 110; OMB Bull. 97-01 as amended (Jan. 7, 2000), p.
79).
43.
Does the current service assessment provide a summary of projected
outlays for the current base year and at least 6 years subsequent to
the base year for defense, Social Security, Medicare, net interest
functions, etc. ? (SFFAS 8, par. 103).
44.
Does the current service assessment identify estimated receipts by
major source (e.g., income taxes, social insurance taxes) that will be
used to fund projected outlays for the current base year and 6
subsequent years? (SFFAS 8, par. 103).
45.
Does the current service assessment also provide an estimate of the
current and projected (over the subsequent 6 years) deficit or surplus
of receipts? (SFFAS 8, par. 103).
46.
Are current service assessment data included in the consolidated
financial report of the U.S. government identical to the projected data
published in the President's Budget for the same period (i.e., the base
year [or last completed fiscal year] and 6 years subsequent to the base
year)? (SFFAS 8, par. 104).
Required Supplementary Information: Custodial Activity (47 - 48):
47.
Do entities that collect taxes and duties provide the following
supplementary information?;
a. a discussion of the factors affecting the
collectability of compliance assessments recognized as taxes
receivable;
b. if reasonably estimable, claims for refunds not yet accrued
but likely to be paid when administrative action is complete;
c. management's best estimates of unasserted claims for refunds;
d. amount of
assessments defined as written-off (i.e., no further collection
potential) that continues to be statutorily collectable;
e. amounts by
which related trust funds may be overfunded or underfunded in
comparison with the requirements of the law, if reasonably estimable
(SFFAS 7, par. 67.1 - 67. 4, 106, & 177; OMB Bull. 97-01 as amended
(Jan. 7, 2000), p. 80).
48.
If the entity receiving funds from the collecting entity is itself a
trust fund, does it provide as supplementary information amounts by
which related trust funds may be overfunded or underfunded in
comparison with the requirements of the law, if reasonably estimable?
(SFFAS 7, par. 67. 4, 68, & 177; OMB Bull. 97-01 as amended (Jan. 7,
2000), p. 80).
Required Supplementary Information: Segment Information (49 - 50):
49.
Do all franchise and other intragovernmental support revolving funds
report the following supplementary information?;
a. a brief description
of the services provided by the fund and the identity of the fund's
major customers (i.e., organizations that account for more than 15
percent of the fund's revenues);
b. a summary for the reporting period,
by product or line of business, including the following items;
i. the full cost of goods and services provided;
ii: the related exchange revenues;
iii: the excess of costs over exchange revenues (OMB Bull.
97-01 as amended (Jan. 7, 2000), pp. 80 & 81).
50.
If a franchise fund or other intragovernmental support revolving fund
is not separately reported on the entity's principal statements, does
the entity report as Required Supplementary Information a summary of
the fund's assets, liabilities, and net position that includes the
following items as of the reporting date?;
a. fund balance;
b. accounts receivable;
c. property, plant, and equipment;
d. other assets;
e. liabilities due and payable for goods and services received;
f. deferred revenues;
g. other liabilities and cumulative results of operations (OMB
Bull. 97-01 as amended (Jan. 7, 2000), p. 80).
Required Supplementary Information; Deferred Maintenance (51 - 54):
Maintenance is the act of keeping fixed assets in acceptable condition.
Maintenance includes preventive maintenance, normal repairs,
replacement of parts and structural components, and other activities
needed to preserve the asset so that it continues to provide acceptable
services and achieves its expected life. Maintenance excludes
activities aimed at expanding the capacity of an asset or otherwise
upgrading it to serve needs different from, or significantly greater
than, originally intended. (SFFAS 6, par. 78);
Deferred maintenance is
maintenance that was not performed when it should have been, or was
scheduled to be, and that, therefore, is put off or delayed for a
future period. (SFFAS 6, par. 77).
51.
Does the entity report under required supplementary information the
following information for each major category of its PP&E (i.e.,
general, national defense, heritage, and stewardship)?;
a. the identity
(e.g., building, equipment, land) of each major class of asset for
which maintenance was deferred;
b. the method of measuring deferred
maintenance (SFFAS 6, par. 21, 83, & 171 -178; SFFAS 11, par. 7; SFFAS
14, par. 1; OMB Bull. 97-01 as amended (Jan. 7, 2000), p. 73);
Condition assessment surveys are periodic inspections of PP&E - based
on generally accepted and consistently applied method - to determine PP
& E's current condition and the estimated cost to correct any
deficiencies. (SFFAS 6, par. 81).
52.
If the condition assessment survey method is used to measure deferred
maintenance, is the following information presented for each major
class of PP&E?;
a. a description of requirements or standards for
acceptable operating condition;
b. any changes in the condition requirements or standards;
c. asset condition and a range estimate of the
dollar amount of maintenance needed to return it to its acceptable
operating condition (SFFAS 6, par. 80, 83, & 233);
Life-cycle costing is an acquisition or procurement technique that
considers operating, maintenance, and other costs in addition to the
acquisition cost of assets. (SFFAS 6, par. 82).
53. If the total life-cycle cost method is used to measure deferred
maintenance, is the following information presented for each major
class of PP&E?;
a. the original date of the maintenance forecast and an
explanation for any changes to the forecast;
b. prior-year balance of the cumulative deferred maintenance amount;
c. the dollar amount of
maintenance that was defined by the professionals who designed, built,
or managed the PP&E as required maintenance for the reporting period;
d.
the dollar amount of maintenance actually performed during the period;
e. the difference between the forecast and actual maintenance;
f. any
adjustments to the scheduled amounts deemed necessary by the managers
of the PP&E;
g. the ending cumulative balance for the reporting period for
each major class of asset experiencing deferred maintenance (SFFAS 6,
par. 83);
54.
If management elects to break out deferred maintenance by critical and
noncritical amounts needed to bring each class of asset to its
acceptable operating condition, does it also include its definition of
these categories? (SFFAS 6, par. 84);
Required Supplementary Information: Intragovernmental Amounts (55 -
67):
Intragovernmental amounts represent transactions between federal
entities included in the Financial Report of the United States
Government. These transactions include activity (consolidated or net of
intra-entity transactions) with federal CFO Act and non-CFO Act entries
as identified in the Treasury Financial Manual. The intragovernmental
supplementary information may be limited to the consolidated agencywide
financial statements of the 24 executive departments and agencies
covered by appendix A of OMB Bulletin No. 98-08. (Attachment to OMB
Memo M-00-05, of Jan. 7, 2000, Technical Amendments to OMB Bull. 97-01,
pp. 3 & 4.
55. Does the entity report as required supplementary information and
intragovernmental amounts for the following items?;
a. assets;
b. liabilities;
c. nonexchange revenue;
d. for certain reporting entities,
earned revenue from trade (buy/sell) transactions along with the gross
cost to generate such revenue (Attachment to OMB Memo M-00-05, of Jan.
7, 2000, Technical Amendments to OMB Bull. 97-01, p. 3, 5[TH] par.);
56. Does the entity report intragovernmental assets, liabilities, and
earned revenue from trade transactions and nonexchange revenue by
trading partner (reciprocal federal entity)? (Attachment to OMB Memo M-
00-05, of Jan. 7, 2000, Technical Amendments to OMB Bull. 97-01, p. 3);
57.
Does the entity report intragovernmental gross cost to generate earned
revenue from trade transactions by budget functional classification?
(Attachment to OMB Memo M-00-05, of Jan. 7, 2000, Technical Amendments
to OMB Bull. 97-01, p. 3).
58.
Do intragovernmental asset and liability categories reported as
requiring supplementary information agree with the intragovernmental
asset and line items reported on the balance sheet? (Attachment to OMB
Memo M-00-05, of Jan. 7, 2000, Technical Amendments to OMB Bull. 97-01,
p. 3).
59.
Are transactions with components of federal departments and agencies
(e.g., Forest Service of the USDA) included in the activity reported
for the federal department or agency? (Attachment to OMB Memo M-00-05,
of Jan. 7, 2000, Technical Amendments to OMB Bull. 97-01, p. 4);
60. Does the entity reconcile the following amounts with its trading
partners?;
a. investments in federal securities issued by the Department
of the Treasury, Bureau of the Public Debt;
b. borrowings from Treasury and the Federal Financing Bank;
c. transactions with the Department of
Labor relating to the Federal Employees Compensation Act;
d. transactions
with the Office of Personnel Management relating to employee benefit
programs (Attachment to OMB Memo M-00-05, of Jan. 7, 2000, Technical
Amendments to OMB Bull. 97-01, p. 4, 3[RD] par.).
61.
Does the entity also reconcile intragovernmental asset, liability, and
revenue amounts0 with its trading partners at least annually as of the
fiscal year end? (Attachment to OMB Memo M-00-05, of Jan. 7, 2000,
Technical Amendments to OMB Bull. 97-01, p. 4, 4[TH] par.);
62.
Do intragovernmental assets and liabilities reported as required
supplementary information agree with the intragovernmental asset and
liability line items and totals on the reporting entity's consolidated
agencywide balance sheet? (Attachment to OMB Memo M-00-05, of Jan. 7,
2000, Technical Amendments to OMB Bull. 97-01, pp. 5 & 6);
63. For each intragovernmental asset and liability line item on the
consolidated agencywide balance sheet, does the entity identify in the
supplementary information the trading partner balances that make up the
line item? (Attachment to OMB Memo M-00-05, of Jan. 7, 2000, Technical
Amendments to OMB Bull. 97-01, pp. 5 & 6).
64.
If intragovernmental transactions with a trading partner are material
in one asset or liability category but immaterial in another category,
does the entity report transactions with the trading partner for each
category? (Attachment to OMB Memo M-00-05, of Jan. 7, 2000 Technical
Amendments to OMB Bull. 97-01, 2000, pp. 5 & 6).
65.
If the entity has total intragovernmental earned revenues from trade
transactions (net of intra-entity activity) of greater than $500
million, does it report such intragovernmental revenues by trading
partner? (Attachment to OMB Memo M-00-05, of Jan. 7, 2000, Technical
Amendments to OMB Bull. 97-01, p. 7).
66.
If the entity reports intragovernmental earned revenues, does it also
report, by budget functional classification, the gross cost of goods,
services, and other transactions that generated the intragovernmental
earned revenues? (Attachment to OMB Memo M-00-05, of Jan. 7, 2000,
Technical Amendments to OMB Bull. 97-01, p. 7).
67. Does the entity report, by trading partner, intragovernmental
nonexchange revenues transferred in and out? (Attachment to OMB Memo M-
00-05, of Jan. 7, 2000, Technical Amendments to OMB Bull. 97-01, p. 7);
Required Supplementary; Information; Social Insurance Programs (68 -
94):
Social insurance programs covered by SFFAS 17, Accounting for Social
Insurance, have five common characteristics. They are;
a. financing from participants or their employers;
b. eligibility from taxes and fees paid and time worked in covered
employment;
c. benefits not directly related to taxes and fees paid;
d. benefits prescribed in law; and;
e. programs intended for the general public.
The social insurance programs specifically covered by SFFAS 17 are;
a. Old-Age, Survivors, and
Disability Insurance (OASDI - i.e., Social Security);
b. Hospital
Insurance (HI or Medicare Part A) and Supplementary Medical Insurance
(SMI or Medicare Part B);
c. Railroad Retirement Benefits (RRB);
d. Black Lung Benefits; and;
e. Unemployment Insurance (UI).
The standard for
consolidated governmentwide accounting and reporting for social
insurance programs is the same as that for component entities unless
otherwise indicated (SFFAS 17, par. 14, 15, 29, 44, 45, & app. D -
glossary).
68.
In general, does the entity responsible for a given social insurance
program provide a clear and concise description of the program
including its financing, calculation of benefits, and actuarial status?
(SFFAS 17, par. 24, 110 - 112, & 131 - 149).
69. Does this description include the following information?;
a. discussion of the long-term sustainability and financial condition
of the program;
b. an
illustration and explanation of the long-term trends revealed in the
data (SFFAS 17, par. 24 & 80 - 85).
70. Does the consolidated governmentwide financial report explain the
relationship of the social insurance program(s) to governmentwide
financing, including the intragovernmental nature of trust fund assets
and government debt? (SFFAS 17, par. 31).
71.
Does the reporting entity describe statutory or other material changes,
and implications thereof, affecting the program after the current
fiscal year? (SFFAS 17, par. 24).
72.
Are projections and estimates based on the entity's best estimates of
demographic and economic assumptions? (SFFAS 17, par. 25);
73. Does the entity disclose significant assumptions used in making
estimates and projections? (SFFAS 17, par. 25).
74. Are all projections and estimates made as of a date (i.e., the
valuation date) as close to the end of the fiscal year (i.e., current
year) being reported on as possible and no more than one year prior to
the end of the current year? (SFFAS 17, par. 26).
75.
Does the entity consistently follow this valuation date from year to
year? (SFFAS 17, par. 26).
76.
Does information on the financial and actuarial status of the social
insurance programs include actuarial projections that are indicative of
long-term sustainability and show the annual cash flows in nominal
dollars for current and future participants? (SFFAS 17, par. 27 (1));
77. Are the actuarial projections of cash flow amounts reported for at
least every fifth year in the projection period? (SFFAS 17, par. 17 (1)
(a)).
78. Does the cash flow information show the following amounts?;
a. total cash
inflow from all sources (i.e., by and on behalf of participants) less
net interest on intragovernmental borrowing and lending;
b. total cash outflow (SFFAS 17, par. 27 (1) (a)).
79.
When cash flow projections are made for the consolidated governmentwide
entity, is interest on intragovernmental borrowing and lending
excluded? (SFFAS 17, par. 32).
80. Does the narrative accompanying the cash flow data include
identification of any year or years during the projection period when
cash outflow exceeds cash inflow, with and without interest, on
intragovernmental borrowing or lending? (SFFAS 17, par. 27 (1) (a), 87,
88, 116, & 117).
81.
Does the narrative provide an explanation of the significance of the
cash flow "cross-over points" where cash outflows begin exceeding cash
inflows? (SFFAS 17, par. 27 (1) (a) & 32 (1) (a)).
82.
Do the cash flow projections (net of interest on intragovernmental
borrowing/lending) for Medicare Part A (HI ) and Social Security
(OASDI) include an estimate of cash flows as a percentage of taxable
payroll? (SFFAS 17, par. 27 (1) (b), 89, 118 - 120, & app. D - glossary
).
83. Do the cash flow projections (net of interest on intragovernmental
borrowing/lending) for HI, OASDI, and Medicare Part B (SMI) include an
estimate of cash flows as a percentage of gross domestic product?
(SFFAS 17, par. 27 (1) (b), 46, 47, 89, & 121 - 122 & app. D -
glossary).
84.
Does the entity disclose its estimate of the ratio of the number of
contributors to the number of beneficiaries during the same projection
period as for cash flow projections (e.g., 75 years)? (SFFAS 17, par.
27 (2), 90, & 130).
85.
At a minimum, is the ratio of contributors to beneficiaries reported
for the beginning and end of the projection period? (SFFAS 17, par. 27
(2)).
86. For all enumerated social insurance programs except Unemployment
Insurance (UI), does the responsible entity present a statement of
actuarial present values of the following items?;
a. all future
expenditures during the projection period related to benefit payments;
i. to or on behalf of current participants who have not yet attained
retirement age;
ii. to or on behalf of current participants who have attained
retirement age;
iii. to or on behalf of those who are expected to become plan
participants;
b. all future contributions and tax income from
or on behalf of current and future participants described in "a";
c. cash
flow derived from subtracting "b" from "a"; (SFFAS 17, par. 27 (3) (a)
- (g), 40 - 42, 91 - 103, & 115).
87. With the exception of Unemployment Insurance (UI), does the entity
disclose in the notes of the fund balance, as of the valuation date,
the accumulated excess of all past cash receipts, including interest on
investments over all cash disbursements? (SFFAS 17, par. 27 (2) (a) &
(3) (h), 42, & 113).
88.
Does the entity also disclose how it calculated the actuarial net
present value of future benefits and contributions from or on behalf of
current participants of all social insurance programs but UI? ( SFFAS
17, par. 27 (2) (a) & (3) (i)).
89. If available, does the entity provide estimates of the actuarial
present values and fund balances of the social insurance programs
(except UI) under its purview for each of the 4 preceding years? (SFFAS
17, par. 27 (3) (j) & 28).
90. For all social insurance programs except UI, does the responsible
entity illustrate the sensitivity of the projections of cash flows and
actuarial present values to changes in the most significant individual
assumptions? (SFFAS 17, par. 27 (4) (a), 48, 49, & 123 - 129);
91.
At a minimum, do the Social Security and Medicare programs analyze
assumptions regarding the following factors?;
a. birth and death rates;
b. net immigration;
c. real wage differential;
d. real interest rate; (SFFAS 17, par. 27 (4) (a) & 123 - 129).
92. Does the sensitivity analysis for UI programs show the effects of
increasing the unemployment rate as follows?;
a. by approximately 1 percentage point;
b. to a level that puts significant stress on the system
(e.g., to simulate the largest recession occurring within the last 25
years) (SFFAS 17, par. 27 (4) (b) & 159 - 160).
93. Does information on the UI program provide a state-by-state analysis of
the relative solvency of individual state programs, including the ratio
of each state's current accumulated fund balance to the highest level
of annual benefit payments experienced by that state over the last 20
years? (SFFAS 17, par. 27 (5) & 159 - 160).
94.
Does the consolidating entity break out and separately identify, at a
minimum, the following information on social insurance programs?;
a. cash
flow projections net of intragovernmental borrowing and lending for, at
a minimum, the OASDI, HI, and SMI programs;
b. net cash flows as a percentage of taxable payroll for OASDI and HI;
c. net cash flows as a
percentage of gross domestic product (GDP) for the Social Security and
Medicare programs;
d. the ratio of contributors to beneficiaries for OASDI and HI;
e. the actuarial present values for all covered social insurance
programs (except UI) for the current and proceeding 4 years;
f.
sensitivity analyses for all social insurance programs including OASDI,
HI, SMI, and UI;
g. state-by-state analysis of the UI program (SFFAS 17, par. 32).
Required Supplementary Information: Management Discussion and
Analysis; (95 - 101):
95. Does the entity include as required supplementary information
management discussion and analysis (MD&A) of the financial statements
and related information? (SFFAS 15, par. 1, 12, & 13; SFFAC 3, par. 1 &
2).
96.
Does the MD&A provide a clear and concise description of the reporting
entity and its mission, activities, program and financial performance,
systems controls, legal compliance, financial position, and financial
condition? (SFFAS 15, par. 2; SFFAC 3, par. 1).
97.
Is the MD&A balanced, providing both positive and negative information?
(SFFAS 15, par. 1; SFFAC 3, par. 29).
98.
Does the MD&A contain sections that discuss the following information
about the entity?;
a. mission and organizational structure;
b. performance goals, objectives, and results;
c. financial statements and;
d. systems,
controls and legal compliance (SFFAS 15, par. 2; SFFAC 3, par. 9, 11,
13, 15 - 17, 25 - 27, & 42 - 49).
99. Does the MD&A include forward-looking information regarding the
possible future effects of the most important currently known demands,
risks, uncertainties, events, conditions, and trends? (SFFAS 15, par. 3
& 21; SFFAC 3, par. 6, 9, 14, & 30 - 36).
100.
Does the MD&A discuss important problems that need to be addressed as
well as actions that have been taken or planned? (SFFAS 15, par. 4;
SFFAC 3, 40 & 41).
101.
Does the MD&A limit itself to the most important matters that could,
for example, contribute the following results?;
a. lead to significant
actions or proposals by top management of the reporting unit;
b. be
significant to the managing, budgeting, and oversight functions of
Congress and the administration;
c. significantly affect the judgment of
citizens about the efficiency and effectiveness of their federal
government (SFFAS 15, par. 5 & 6; SFFAC 3, par. 28 & 29);
[End of section]
1005 - SUBSEQUENT EVENTS REVIEW:
.01:
This section deals with the subsequent events review that the auditor
is required to perform as part of the audit, as described in section
550. AU 560 describes and provides guidance on the types of subsequent
events requiring evaluation by the auditor as well as the procedures
that generally should be performed to discover whether such events have
occurred.
.02:
Subsequent events are those events or transactions that may occur or
become known subsequent to the date of the financial statements but
before the audit report is issued and that have a material effect on
the financial statements and thus require adjustment or disclosure.
.03:
Two types of subsequent events may occur:
* Events occurring after the date of the financial statements that
provide additional information about conditions existing at the date of
the financial statements and that affect amounts recorded (or which
should be recorded) in the financial statements. For example, a
subsequent event may reveal that an accounting estimate is materially
incorrect and that the financial statements should be adjusted.
* Events occurring after the date of the financial statements that
provide information about conditions that did not exist at the date of
the financial statements. These events should not result in adjustments
to the financial statements, but disclosure of them may be necessary to
prevent the statements from being misleading. For example, a fire or
flood after year-end may cause a significant loss.
.04:
The purpose of a subsequent events review is to determine whether all
subsequent events that have a material effect on the financial
statements have been considered and treated appropriately in the
financial statements. The subsequent period covered is from the date of
the financial statements to the date of the audit report, which is the
date of the completion of fieldwork.
AUDIT PROCEDURES:
.05:
At or near the completion of fieldwork, the auditor generally should
perform specific procedures to be satisfied that he or she is aware of
all subsequent events that may require adjustment to or disclosure in
the financial statements. These procedures are in addition to
substantive tests that may be applied to transactions occurring after
the date of the financial statements, such as examining subsequent
disbursements to test completeness of accounts payable. The following
program describes audit procedures that may be performed as part of a
subsequent events review. The procedures generally should be customized
for the particular audited entity.
Entity:
Period of financial statements:
Job code
Subsequent Events Review Program; Audit procedure:
I. Read Interim Financial Statements;
A. Compare the latest available
interim financial statements, if any, with the financial statements
under audit to identify any unusual adjustments and investigate any
significant variations.
B. Inquire as to whether the interim statements
have been prepared on the same basis as the annual statements.
C. For
items in the statement of net costs, compare to similar interim
financial statements of the prior year; consider expectations and
investigate any significant variations.
D. If interim financial
statements are not available: 1. Compare interim internal financial
reports or analyses, budgets, or cash-flow forecasts, considering any
adjustments to the internal reports that may be necessary to make
meaningful comparisons. 2. Review the accounting records prepared since
the date of the financial statements for material transactions that may
require adjustment to or disclosure in the financial statements, such
as by scanning the general ledger and/or journals for material, unusual
entries.
II. Make Inquiries of Management as to: A. Whether any significant
contingent liabilities or commitments existed at the date of the
financial statements or at the date of the inquiry. B. Whether any
significant changes occurred in the financial condition of the entity
or in net position or long-term debt. C. The current status of items in
the financial statements that were accounted for on the basis of
tentative, preliminary, or inconclusive data. D. Whether any
significant changes in estimates were made with respect to amounts
included or disclosed in the financial statements, or any significant
changes in assumptions or factors were considered in determining
estimates. E. Whether any unusual adjustments have been made during the
period from the date of the financial statements to the date of
inquiry. F. Whether any significant events occurred subsequent to the
date of the financial statements, such as commitments or plans for
major capital expenditures; lawsuits filed or settled other than those
disclosed in the lawyers' letters; changes in accounting and financial
policies; or losses as a result of fire, flood, or other disaster.
III. Read Minutes; A. Read the available minutes of meetings of agency
management committees or other appropriate groups, including the period
after the date of the financial statements, for information about
events or transactions authorized or discussed which may require
adjustment to or disclosure in the financial statements. B. With regard
to meetings for which no minutes are available, inquire about matters
dealt with at such meetings and conclusions reached.
IV. Cover Subsequent Events in Lawyers' Letters; A. Confirm litigation,
claims, and assessments with the entity's legal counsel. See section
550 and AU 337.
V. Cover Subsequent Events in Management Representation Letter; A. Have
management include representations in its management representation
letter as to whether any events occurred subsequent to the date of the
financial statements that would require adjustment to or disclosure in
the financial statements. See section 1001.
VI. Other; A. Use other sources of information to learn of subsequent
events, such as: 1. Talk to inspector general or internal audit
department. 2. Talk to program divisions. 3. Read newspapers. B. Make
additional inquiries or perform additional procedures deemed necessary
to resolve any questions raised in the foregoing audit steps. C.
Prepare a summary memo documenting the results of the above and
conclusions reached.
[End of section]
1006 - RESERVED:
[For related parties, see FAM section 902]
Federal Financial Management Improvement Act of 1996 Reporting:
The Federal Financial Management Improvement Act of 1996 (FFMIA)
states: "Each audit … shall report whether the agency financial
management systems … comply substantially with … [the three
requirements]. ":
To meet the Act's requirement to provide an affirmative statement as to
whether the entity's financial management systems substantially comply
with the Act's three requirements, GAO's approach will be to provide an
opinion. GAO will use the following wording in the introduction to the
financial statement audit report when it is reporting that the
financial management systems were in substantial compliance with the
three requirements of FFMIA:
* "[entity's] financial management systems substantially complied with
the requirements of the Federal Financial Management Improvement Act of
1996 (FFMIA), and":
When reporting that the entity's financial management systems were in
substantial compliance with the three requirements of FFMIA, GAO will
use the following language in the body of the financial statement audit
report:
Systems' Compliance With FFMIA Requirements:
[Entity's] financial management systems, as of [end of fiscal year],
substantially complied with the following requirements of FFMIA: (1)
federal financial management systems requirements, (2) federal
accounting standards, and (3) the U.S. Government Standard General
Ledger (SGL) at the transaction level. Our opinion is based on criteria
established under FFMIA, OMB Circular A-127, Financial Management
Systems (which includes the Joint Financial Management Improvement
Program's series of system requirements documents), generally accepted
accounting principles, and the SGL.
GAO is working with the Office of Management and Budget (OMB) on this
issue and FFMIA implementation generally, which may result in revision
to OMB Bulletin No.01-02 and additional guidance in the FAM.
[End of section]
FOOTNOTES
[1] Environmental and disposal liabilities are a type of contingency
that is often a significant issue.
[2] SFFAS No. 7 has guidance for reporting claims for tax refunds.
Rather than recognizing probable claims and disclosing other claims in
the notes to the financial statements, SFFAS No. 7 indicates that other
claims for refunds that are probable should be included as
supplementary information.
[3] A permanent, indefinite appropriation, commonly known as the
Judgment Fund, is available to pay final judgments, settlement
agreements, and certain types of administrative awards against the
United States when payment is not otherwise provided for. The Secretary
of the Treasury certifies all payments from the fund. (See 31 U.S.C.
1304, Judgments, awards, and compromise settlements.) FASAB
Interpretation No. 2 clarifies how federal entities should report the
costs and liabilities arising from claims to be paid by the Judgment
Fund and how the Judgment Fund should account for the amounts that it
is required to pay on behalf of federal entities.
[4] If the Judgment Fund will pay the claim, the entity should still
recognize the liability and cost at this time. Once the claim is
settled or a court judgment is assessed and the Judgment Fund is
determined to be the appropriate source for payment, the entity should
reduce the liability by recognizing an (imputed) financing source. Note
that for Judgment Fund payments made under the Contract Disputes Act
and in employment discrimination cases, the entity should instead
establish a payable to reimburse the Judgment Fund.
[5] The Accounting and Auditing Policy Committee (AAPC) guidance
(Technical Release No.1) clarifies FASAB Interpretation No. 2, with
respect to the Department of Justice's role related to legal letters in
cases in which Justice's legal counsels are handling legal matters on
behalf of other federal reporting entities. The letter from the
entity's general counsel may provide sufficient evidence for the
auditor. If the auditor determines that additional evidence is needed
about a specific case, the auditor may request entity management and
legal counsel to send a legal letter request to Justice, directed to
the lead Justice legal counsel handling the case, asking that person to
provide a description and evaluation directly to the auditor.
[6] It is expected that cases or matters will be aggregated where
appropriate.
[End of section]
APPENDIXES:
CONSULTATIONS:
REVIEWER:
.01:
The paragraphs listed below refer to situations in which the auditor
should consult with the Reviewer:
100.27; Departing from a policy or procedure designated as "must" in
the manual (for deviations from a "should" the auditor should send a
memorandum to the Reviewer rather than consult).
230.07; Using an amount for planning materiality that does not follow
the guidelines in the manual.
260.05; Using an increased overall audit assurance.
285.04, 295 C; Using a plan other than that described in section 295 C
for selecting locations to visit.
395 G.07; Planned rotation of IS control testing.
480.13; Using nonstatistical sampling.
480.41; Determining the adequacy of substantive procedures in light of
any reassessment of combined risk.
530.01; Determining the need to perform additional procedures when
there are questions about the adequacy of work performed.
540.04, 595 C; Reviewing the Summary of Possible Adjustments.
540.09; Reviewing documentation of a decision to modify the opinion
based on the materiality of total unadjusted likely misstatements.
540.12; Considering the materiality of unadjusted misstatements and
their effects on the financial statements.
540.16; Determining the effects on the auditor's report, if any, of
material misstatements detected in the current year that arose during
prior periods but were not detected during prior audits.
540.17; Considering the performance of additional procedures to
increase assurance in projected misstatements.
540.19; Considering whether misstatements may be the result of fraud.
580.40; Determining the appropriate type of opinion on internal control
when there is a scope limitation.
580.48; Considering the opinion on internal control.
580.74; Determining the effects on the auditor's report if weaknesses
are found in compliance controls but no instances of noncompliance are
detected.
[End of table]
STATISTICIAN:
.02: The following paragraphs refer to situations in which the auditor
should consult with the Statistician:
295 C.04; 480.33; Using classical variables sampling or another
representative sampling method to select locations.
410.03; Consulting for assistance in designing and evaluating samples.
440.02, 450.17, 460.02, 480.28, 480.30; Expanding the sample size
to test additional items.
450.07; Determining sample sizes for tests of controls when not using
Tables I and/or II.
450.09; (footnote), 460.02; (footnote); Computing reduced sample sizes
and evaluating results for small populations.
450.16; Continuing to test a sample when deviations exceed the
acceptable number.
450.18; Projecting the rate of sample control deviations to a
population for a report.
480.13; Using nonstatistical sampling.
480.17; Using a method of sampling other than attributes, dollar-unit,
classical variables estimation, or classical probability-proportional-
to-size sampling.
480.21; (footnote); Deciding when to use DUS versus classical variables
estimation sampling.
480.38; Sampling when dollar amounts are not known.
480.39; Evaluating sample results for substantive tests.
480.42; Evaluating samples designed to test existence when
understatements are found.
480.44; Evaluating dollar-unit samples when a significant number of
misstatements is found.
480.45; Evaluating classical variables estimation sampling.
480.46; Evaluating the results of other samples.
495 A.24; Using regression analysis for analytical procedures.
540.11; Computing the combined precision for all sampling
applications.
[End of table]
OGC:
.03:
The paragraphs listed below refer to situations in which the auditor
should consult with OGC:
245.02a; Identifying laws and regulations that have a direct effect on
determining amounts in the financial statements.
250.01, 250.03, 250.05; Identifying relevant budget restrictions.
370.12; Determining the legal implications of indications that internal
control might not provide reasonable assurance that the entity executed
transactions in accordance with budget authority.
395 F.01; (footnote); Identifying any impoundments (rescissions or
deferrals) as a result of evaluating budgetary controls.
395F; Sup.01c.; Determining, prior to performing control or compliance
tests, the applicability of budget restrictions to modifications made
to direct loans, direct loan obligations, loan guarantees, or loan
guarantee commitments that were outstanding prior to October 1, 1991.
460.07; Evaluating possible instances of noncompliance noted in
connection with compliance testing.
540.19, 540.21; Considering whether misstatements may be the result of
fraud.
580.66; Concluding on the entity's compliance with laws and
regulations.
580.74; Determining the effects on the auditor's report if weaknesses
are found in compliance controls but no instances of noncompliance are
detected.
[End of table]
[End of section]
Appendix B:
INSTANCES WHERE THE AUDITOR "MUST" COMPLY WITH THE FAM:
.01:
In the paragraphs listed below the word "must" is used to indicate a
situation in which the auditor is required to comply with the FAM:
100.04 (footnote): In opining on internal control, the opinion must be
on internal control and not management's assertion if material
weaknesses are present.
100.17:
The audit must be designed to achieve the objectives of OMB audit
guidance.
100.23:
The auditor must exercise judgment properly, assuring that, at a
minimum, the work meets professional standards.
295 C.07:
The auditor must apply analytical or other substantive
procedures to locations not tested in using nonrepresentative sample
selection, unless immaterial.
310.06:
The auditor must evaluate and test certain controls.
310.08:
The auditor must test the effectiveness of controls if the
controls have been determined to be effective in design.
340.09: The auditor must test controls that are likely to be effective.
395 G.02: In using rotation testing of controls, the auditor must
annually perform some work in areas not selected for testing.
475.07: In order to rely on a substantive analytical procedure, a
difference that exceeds the limit must be explained.
475.12: In performing a substantive analytical procedure, if the
explanation is not adequate to explain the difference, the auditor must
do additional substantive testing.
475.13: Additional procedures must provide adequate assurance that
misstatements that exceed test materiality are identified.
475.15: The auditor must obtain an overall understanding of current-year
financial statements in using overall analytical procedures at the
financial statement level.
480.06: When using nonrepresentative selection, the auditor must not
project results to the portion of the population not tested and must
apply other procedures to the remaining items unless immaterial.
480.07: In representative sampling, each item in the population must have
the opportunity to be selected.
480.14: In sampling, sample items must be selected from all items so that
each item has an opportunity to be selected.
480.47: The auditor must evaluate the quantitative and qualitative
effects of known and projected misstatements in relation to the
financial statements as a whole.
490.03: The auditor must consider the implications of misstatements
detected in applying supplemental analytical procedures.
495 A.11:
In using analytical procedures, if an account is compared with
another current year amount, that amount must be audited by means other
than an analytical procedure using its relationship to this account.
495 A.12:
In analytical procedures, the auditor must document why a prior
year amount has a plausible and predictable relationship with the
current year amount, and adjustments must be supported by reliable data
and corroborated. (Four "musts" in paragraph.):
495 A.21: In using computer-produced data in performing analytical
procedures, the auditor must either test the IS controls in the system
or test the reliability of the data produced. (Two "musts" in
paragraph.):
495 C.04: The auditor must perform additional procedures to extend the
results of interim testing to year-end.
510.01: The auditor must conclude on the financial statements, internal
control, FFMIA requirements, compliance, and other information
included.
520.01: The auditor must perform overall analytical procedures.
520.07(First bullet.): In overall analytical procedures, the auditor
must use audited, final current-year amounts.
540.07: The auditor must bring all misstatements found to management's
attention (except those below the auditor-designated amount at which
misstatements need not be accumulated).
570.01, 580.14: The auditor must determine whether the audit was
conducted in accordance with GAGAS, OMB audit guidance, and the GAO/
PCIE financial audit methodology, and document the conclusion on
compliance in the workpapers.
580.22: The auditor must consider whether the financial statements are
materially affected by a departure from generally accepted accounting
principles.
580.39: In order to express an opinion on internal control, the auditor
must have a management assertion about the effectiveness of internal
control and must be able to perform all the procedures considered
necessary. (Two "musts" in paragraph.):
[End of section]
GLOSSARY:
[This page intentionally left blank.]
:
Accountability report: An agency's accountability report
integrates the (1) Federal Managers' Financial Integrity Act (FMFIA)
Report; (2) Chief Financial Officers' (CFO) Act Annual Report,
including audited financial statements; (3) Management's Report on
Final Action as required by the Inspector General Act; (4) the Debt
Collection Improvement Act, Civil Monetary Penalty Act and Prompt
Payment Act reports; and (5) available information on agency
performance compared with the agency's stated goal and objectives.
Accounting applications: The procedures and records used to
identify, record, process, summarize, and report a class of
transactions. Common accounting applications are (1) billings,
(2) accounts receivable, (3) cash receipts, (4) purchasing and
receiving, (5) accounts payable, (6) cash disbursements, (7) payroll,
(8) inventory control, and (9) property and equipment.
Accounting system: The methods and records established to
identify, assemble, analyze, classify, record, and report an entity's
transactions and to maintain accountability for the related assets and
liabilities.
Activity: In cost accounting, an activity is the actual work
task or step performed in producing and delivering products and
services. An aggregation of actions performed within an organization
that is useful for purposes of activity-based costing.
Analytical procedures: The comparison of recorded account
balances with expectations developed by the auditor, based on an
analysis and understanding of the relationships between the recorded
amounts and other data, to form a conclusion on the recorded amount. A
basic premise underlying the application of analytical procedures is
that plausible relationships among data may reasonably be expected to
continue unless there are known conditions that would change the
relationships.
Annual financial statement: As defined by OMB, the annual
financial statement comprises; ; an overview of the reporting entity
(or Management's Discussion and Analysis, MD&A), the financial
statements and related notes, required supplementary stewardship
information, required supplementary information, and; other
accompanying information.
Application controls: Management's control activities that are
incorporated directly into individual computer applications to provide
reasonable assurance of accurate and reliable procession. Application
controls address (1) data input, (2) data processing, and (3) data
output. FISCAM categories of application controls that more closely tie
into the FAM methodology are (1) authorization control,
(2) completeness control, (3) accuracy control, and (4) control over
integrity of processing and data files.
Appropriation: The most common form of budget authority; an
authorization by an act of the Congress that permits federal agencies
to incur obligations and to make payments out of the Treasury for
specified purposes. Appropriations do not represent cash actually set
aside in the Treasury for purposes specified in the appropriation acts.
They represent limitations of amounts that agencies may obligate during
the period specified in the appropriation acts.
Assertions: Management's representations that are embodied in
the account balance, transaction class, and disclosure components of
the financial statements. The primary assertions (described in
paragraph 235.02) are; ; Existence or occurrence; Completeness; Rights
and obligations; Valuation or allocation; Presentation and disclosure.
Assessing control risk: The process of evaluating the
effectiveness of an entity's internal control in preventing or
detecting misstatements in financial statement assertions.
Assurance, level of: The complement of audit risk, which is an
auditor judgment. This is not the same as confidence level, which
relates to an individual sample.
Attributes sampling: Statistical sampling that reaches a
conclusion about the population in terms of a rate of occurrence.
Audit risk: The overall risk that the auditor may unknowingly
fail to appropriately modify his or her opinion on financial statements
that are materially misstated. This is an auditor judgment.
Back door authority: Any type of budget authority that is
provided by legislation outside the normal appropriations process. (See
contract authority.).
Base data: Data used to develop the expectation in an
analytical procedure.
Borrowing authority: Statutory authority that permits
obligations to be incurred but requires that funds be borrowed to
liquidate the obligations (see title 7 of the GAO Policies and
Procedures Manual for Guidance of Federal Agencies). Usually, the
amount that may be borrowed and the purposes for which the borrowed
funds must be used are stipulated by the authorizing statute. Borrowing
authority sometimes is referred to as back door authority.
Budget authority: Authority provided by law (1) to enter into
obligations that will result in immediate or future outlays involving
government funds or (2) to collect offsetting receipts (2 U.S.C.
622(2)). The Congress provides an entity with budget authority and may
place restrictions on the amount, purpose, and timing of the obligation
or expenditure of such authority. The three forms of budget authority
are; ; appropriations; borrowing authority; contract authority.
Budget controls: Management's policies and procedures to
manage and control the use of appropriated funds and other forms of
budget authority. (These are considered part of financial reporting and
compliance controls.).
Budget functional classification: A way of grouping budgetary
resources so that all budget authority and outlays of on-budget and
off-budget federal entities and tax expenditures can be presented
according to national needs being addressed. To the extent feasible,
functional classifications are made without regard to entity or
organizational distinctions.
Case study: See nonsampling selection.
Cause and effect basis: In cost accounting, a way to group
costs into cost pools in which an intermediate activity may be a link
between the cause and the effect.
Classical probability proportional to size sampling: A
sampling approach where the sample is selected proportional to the size
(usually dollar amount) of an item and the evaluation is performed
using variables methods (not dollar unit sampling).
Classical variables estimation sampling: A sampling approach
that measures precision using the variation of the underlying
characteristic of interest. This method includes mean per unit
sampling, difference estimation, ratio estimation, and regression
estimation.
Closed account: A budget account for which the expired budget
authority has been canceled.
Combined precision: A judgment of precision for all tests in
the audit. Used at the end of the audit to evaluate the results of all
tests.
Combined risk: The auditor's judgment of the combined inherent
and control risk (high, moderate, or low); the risk that the financial
statements contain material misstatements before audit.
Common data source: In cost accounting, this includes all
financial and non-financial data, such as environmental data, that are
necessary for budgeting and financial reporting, as well as evaluation
and decision information developed as a result of prior reporting and
feedback.
Compliance control: A process, effected by management and
other personnel, designed to provide reasonable assurance that
transactions are executed in accordance with (1) laws governing the use
of budget authority and other laws and regulations that could have a
direct and material effect on the financial statements or required
supplementary stewardship information and (2) any other laws,
regulations, and governmentwide policies identified in OMB audit
guidance.
Compliance tests: Tests to obtain evidence on the entity's
compliance with significant laws and regulations.
Confidence interval: The projected misstatement or point
estimate plus or minus precision at the desired confidence level.
Confidence level: The probability associated with the
precision; the probability that the true misstatement is within the
confidence interval. This is not the same as level of assurance.
Contingency: An existing condition, situation, or set of
circumstances involving uncertainty as to possible gain or loss.
Contract authority: Statutory authority that permits
obligations to be incurred before appropriations or in anticipation of
receipts to be credited to a revolving fund or other account
(offsetting collections). By definition, contract authority is unfunded
and must subsequently be funded by an appropriation to liquidate the
obligations incurred under the contract authority or by the collection
and use of receipts.
Control environment: A component of internal control, in
addition to risk assessment, monitoring, information and communication,
and control activities. The control environment sets the tone of an
organization, influencing the control consciousness of its people. It
is the foundation for all other components of internal control,
providing discipline and structure. The control environment represents
the collective effect of various factors on establishing, enhancing, or
mitigating the effectiveness of specific control activities. Such
factors include (1) integrity and ethical values, (2) commitment to
competence, (3) management's philosophy and operating style,
(4) organizational structure, (5) assignment of authority and
responsibility, (6) human resource policies and practices, (7) control
methods over budget formulation and execution, (8) control methods over
compliance with laws and regulations, and (9) oversight groups.
Control risk: The risk that a material misstatement that could
occur in an assertion will not be prevented or detected on a timely
basis by the entity's internal controls (classified as high, moderate,
or low). This is an auditor judgment.
Control activities (techniques): A component of internal
control, in addition to the control environment, risk assessment,
monitoring, and information and communication. The policies and
procedures that help ensure that management directives are carried
out.
Control tests: Tests of a specific control activity to assess
its effectiveness in achieving control objectives.
Core financial management system (CFMS): As developed by
JFMIP, a system that consists of six functional areas: general ledger
management, funds management, payment management, receivable
management, cost management, and reporting, and affects all financial
event transaction processing because it maintains reference tables used
for editing and classifying data, controls transactions, and maintains
security.
Cost: The monetary value of resources used or sacrificed or
liabilities incurred to achieve an objective, such as to acquire or
produce a good or to perform an activity or service.
Costing methodology: Methodology for accumulating the costs of
resources that directly or indirectly contribute to the production of
outputs and assigning those costs to outputs.
Department (per FASAB Interpretation No. 6): Any department,
agency, administration, or other financial reporting entity (see SFFAC
No. 2) that is not part of a larger financial reporting entity other
than the government as a whole. Used in distinguishing inter-and
intradepartmental activity and balances.
Design materiality: The portion of planning materiality that
the auditor allocates to line items or accounts. This amount should be
the same for all line items or accounts (except for certain offsetting
balances as discussed in paragraph 230.10). The auditor should set
design materiality for the audit as one-third of planning materiality.
(See discussion in paragraph 230.12.).
Detection risk: The risk that audit procedures will not detect
a material misstatement that exists in the financial statements. The
auditor determines the desired detection risk based on combined risk
and audit risk. (In statistical terms, beta risk or type II risk.).
Errors: Unintentional misstatements or omissions of amounts or
disclosures in financial statements.
Expectation: The auditor's estimate of an account balance in
an analytical procedure.
Expected misstatement: The dollar amount of misstatements the
auditor expects in a population.
Expired account: A budgetary account in which the balances are
no longer available for incurring new obligations because the time
available for incurring such obligations has expired. After 5 years,
these accounts are canceled and are then considered to be closed
accounts.
Federal financial management systems requirements: One of the
three requirements of FFMIA. They include the requirements of OMB
Circulars A-127, A-123, and A-130 and the JFMIP Federal Financial
Management Systems Requirements series.
Financial reporting control: A process, effected by management
and other personnel, designed to provide reasonable assurance that
transactions are properly recorded, processed, and summarized to permit
the preparation of the financial statements and required supplementary
stewardship information in accordance with GAAP, and that assets are
safeguarded against loss from unauthorized acquisition, use, or
disposition.
Financial statements (also called principal statements): The
components of a federal entity's annual financial statement (also
referred to as the Accountability report), which are; ; Balance Sheet;
Statement of Net Cost; Statement of Changes in Net Position; Statement
of Budgetary Resources; Statement of Financing; Statement of Custodial
Activity (if applicable); Related Notes.
Fraud: Although fraud is a broad legal concept, the auditor is
interested in fraudulent acts that cause a material misstatement of
financial statements. Fraud is distinguished from error because fraud
is intentional whereas error is unintentional. Two relevant types of
misstatements are those arising from fraudulent financial reporting and
those arising from misappropriation of assets.
Fraudulent financial reporting: Intentional misstatements or
omissions of amounts or disclosures in financial statements to deceive
financial statement users. This may involve acts such as manipulation,
falsification, or alteration of accounting records or supporting
documents; misrepresentation or intentional omission of events,
transactions, or other significant information in the financial
statements; or intentional misapplication of accounting principles
relating to amounts, classification, manner of presentation, or
disclosure.
Full cost: In cost accounting, the sum of all costs required
by a cost object including the costs of activities performed by other
entities regardless of funding sources.
Fund Balance with Treasury account (FBWT): An asset account
representing the unexpended spending authority in agencies'
appropriations. Also serves as a mechanism to prevent agencies'
disbursements from exceeding appropriated amounts.
General controls: Management's policies and procedures that
apply to an entity's overall computer operations and that create the
environment in which application controls and certain user controls
(which are control activities) operate. They are classified in the
FISCAM as (1) entitywide security management program, (2) access
control, (3) application software development and change control, (4)
system software, (5) segregation of duties, and (6) service continuity
control.
Generally accepted accounting principles (GAAP): The
accounting principles that the entity should use. For federal executive
agencies, these are federal accounting standards following the
hierarchy listed in SAS 91. The standards issued by FASAB are the first
level of the hierarchy. For government corporations, generally accepted
accounting principles are commercial generally accepted accounting
principles issued by FASB.
Haphazard sample: A sample consisting of sampling units
selected without any conscious bias, that is, without any special
reason for including or omitting items from the sample. It does not
consist of sampling units selected in a careless manner, but is
selected in a manner that can be expected to be representative of the
population.
Information and communication: A component of internal control
in addition to the control environment, risk assessment, monitoring,
and control activities. The identification, capture, and exchange of
information in a form and time frame that enable people to carry out
their responsibilities. The accounting system and accounting manuals
are examples of this component.
Information systems (IS) auditor: A person with specialized
technical knowledge and skills who can understand the IS concepts
discussed in the manual and apply them to the audit.
IS controls: Controls whose effectiveness depends on computer
processing, including general, application, and user controls
(described in section 295 F).
Inherent risk: The susceptibility of an assertion to a
material misstatement, assuming there are no related specific control
activities. This is an auditor judgment.
Interdepartmental amounts: Activity and balances between two
different departments. (See department.) The intradepartmental and
interdepartmental amounts are subsets of intragovernmental activity and
balances.
Interentity: Activities or balances between two or more
agencies, departments, or bureaus. (See inter-and intradepartmental.).
Internal control: A process, effected by an entity's
management and other personnel, to provide reasonable assurance that
the entity's specific objectives are achieved. Following are the types
of internal controls:; ; financial reporting (including safeguarding
and budget); compliance (including budget); operations.
Intradepartmental amounts: Activity and balances within the
same department. (See department.) The intradepartmental and
interdepartmental amounts are subsets of intragovernmental activity and
balances.
Intragovernmental amounts: Activity and balances occurring
within or between federal departments.
Intragovernmental Payment and Collection System (IPAC): The
primary method used by most federal agencies to electronically bill
and/or pay for services and supplies within the government. Used to
communicate to the Treasury and the trading partner agency that the
online billing and/or payment for services and supplies has occurred.
Joint Financial Management Improvement Program (JFMIP): The
joint undertaking of the U.S. Department of the Treasury, the U.S.
General Accounting Office, the Office of Management and Budget, and the
Office of Personnel Management to improve financial management in the
federal government. The source of governmentwide requirements for
financial management systems software functionality that describes the
basic elements of an integrated financial management system (including
the core financial system).
Judgment fund: A permanent and indefinite appropriation that
is available to pay final judgments, settlement agreements, and certain
types of administrative awards against the United States when payment
is not otherwise provided for. The Secretary of the Treasury certifies
all payments from the fund.
Known misstatement: The amount of misstatement found by the
auditor.
Likely misstatement: The auditor's best estimate of the amount
of the misstatement in the tested population (including known
misstatement). For sampling applications, this amount is the projected
misstatement.
Limit: Used in performing substantive analytical procedures,
the limit is the amount of difference between the expectation and the
recorded amount that the auditor will accept without investigation.
Therefore, the auditor should investigate amounts that exceed the limit
during analytical procedures.
Materiality: The magnitude of an item's omission or
misstatement in a financial statement that, in the light of surrounding
circumstances, makes it probable that the judgment of a reasonable
person relying on the information would have been changed or influenced
by the inclusion or correction of the item (FASB Statement of Financial
Concepts No. 2). See planning materiality, design materiality, and test
materiality.
Misappropriation of assets: Theft of an entity's assets
causing the financial statements not to be presented in conformity with
GAAP.
Monitoring: A component of internal control in addition to the
control environment, risk assessment, information and communication,
and control activities. The process by which management assesses
internal control performance over time. It may include ongoing
activities, separate evaluations, or a combination of both.
Multipurpose testing: Performing several tests, such as
control tests, compliance tests, and substantive tests, on a common
selection, usually a sample.
Nonsampling selection: A selection of items to reach a
conclusion only on the items selected. Sometimes called a case study,
the auditor using a nonsampling selection may not project the results
to the population, but should be satisfied that there is a low risk of
material misstatement in the untested items.
Obligation ceiling: A limit set by the Congress on the amount
of obligations and expenditures the entity may incur even though the
budget authority (such as an appropriation) is greater than this
limit.
Offsetting collections: Collections of a business-or market-
oriented nature and intragovernmental transactions. If, pursuant to
law, they are deposited to receipts accounts and are available for
obligation, they are considered budget authority and referred to as
offsetting receipts. Contract authority and immediate availability of
offsetting receipts for use are the usual forms of budget authority for
revolving funds.
Operations controls: Management's policies and procedures to
carry out organizational objectives, such as planning, productivity,
programmatic, quality, economy, efficiency, and effectiveness
objectives.
Output: Any product or service generated from the consumption
of resources. This can include information generated by the completion
of a task or activity.
Overall analytical procedures: Analytical procedures
performed as an overall financial statement review during the audit
reporting phase.
Performance measures controls: Policies and procedures
management uses to assure data that support performance measures
reported in the MD&A of the Accountability report are properly
recorded, processed, and summarized to permit preparation of
performance information in accordance with criteria stated by
management.
Planning materiality: The auditor's judgment of the total
amount of misstatements that would be material in relation to the
financial statements to be audited; used for planning the audit scope.
The auditor determines an appropriate base (usually the greater of
assets, liabilities, revenues, or expenses); then the auditor
multiplies by a percent, usually 3 percent.
Point estimate: Most likely amount of the population
characteristic based on the sample.
Population: The items comprising a financial statement line
item, account balance, or class of transactions from which selections
are made for audit testing.
Precision: The difference between the point estimate and the
upper or lower limit. Thus, precision tells the auditor how close the
point estimate could be from the true population amount.
Preliminary analytical procedures: Analytical procedures
performed during the audit planning phase.
Principal statements: See financial statements.
Probable: The chance of the future confirming event(s)
occurring is likely, for pending or threatened litigation and
unasserted claims. (For other contingencies, the future event or events
are more likely than not to occur.).
Projected misstatement: An estimate of the misstatement in a
population, based on the misstatements found in the examined sample
items; represents misstatements that are probable. The projected
misstatement includes the known misstatement.
Providing agency: The agency providing services, products,
goods, transfer funds, investments, debt, and/or incurring the
reimbursable costs. This includes bureaus, departments, and/or programs
within agencies. The providing agency is the seller. The providing
agency is the agency transferring out funds to another agency
(transfers-out) when appropriations are transferred without the
exchange of goods or services.
Random sample: A sample selected so that every combination of
the same number of items in the population has an equal chance of
selection. A random sample should be selected by using computer
software or a random number table. A systematic sample with a random
start, although not technically meeting the definition, may generally
be evaluated as if it were a random sample.
Reasonably possible: The chance of the future event or events
occurring is more than remote but less than probable.
Receiving agency: The agency receiving services, products,
goods, transfer funds, purchasing investments, and/or borrowing from
Treasury (or other agency). This includes bureaus, departments, and/or
programs within agencies. The receiving agency is the purchaser. The
receiving agency is the agency receiving transfers of funds (transfers
in) when appropriations are transferred without the exchange of goods
or services.
Reciprocal accounts: Corresponding SGL accounts that should be
used by a providing and receiving agency to record like intra-
governmental transactions. For example, the providing entity's accounts
receivable would normally be reconciled to the reciprocal account,
accounts payable, on the receiving entity's records.
Recorded amount: The financial statement amount being tested
by the auditor in the specific application of substantive tests.
Reimbursable activity: In intragovernmental activity, similar
to goods or services, except the amounts billed to the receiving entity
by the providing entity are based on actual costs incurred instead of
on fees.
Related parties: Affiliates, management of the entity, their
immediate families, and other parties the entity deals with if one
party controls or can significantly influence the management or
operating policies of the other to an extent that one of the parties
might be prevented from fully pursuing its own separate interests.
Remote: The chance of the future event or events occurring is
slight.
Responsibility segment: In cost accounting, a significant
organizational, operational, functional, or process component that has
the following characteristics: (a) its manager reports to the entity's
top management, (b) it is responsible for carrying out a mission,
performing a line of activities or services, or producing one or a
group of products, and (c) for financial reporting and cost management
purposes, its resources and results of operations can be clearly
distinguished, physically and operationally, from those of other
segments of the entity.
Risk: See audit risk, inherent risk, control risk, detection
risk.
Risk assessment: A component of internal control in addition
to the control environment, monitoring, information and communication,
and control activities. The entity's identification and analysis of
relevant risks to achievement of its objectives, forming a basis for
determining how the risks should be managed.
Safeguarding controls: Internal controls to protect assets
from loss from unauthorized acquisition, use, or disposition arising
from misstatements in processing transactions and handling the related
assets. Safeguarding controls are considered part of financial
reporting controls. Some safeguarding controls are operations
controls.
Sample: Items selected from a population to reach a conclusion
about the population as a whole. (Compare with nonsampling selection.).
Sampling: The application of audit procedures to fewer than
all items composing a population to reach a conclusion about the entire
population. The auditor selects sample items in such a way that the
sample and its results are expected to be representative of the
population. Each item must have an opportunity to be selected, and the
results of the procedures performed must be projected to the entire
population.
Sampling interval: The amount between two consecutive sample
items, used in selecting the items in systematic sampling. In dollar-
unit sampling, this amount may be determined by dividing the test
materiality by a statistical risk factor.
Sampling risk: The risk that the auditor's conclusion based on
a sample might differ from the conclusion that would be reached by
applying the test in the same way to the entire population.
Specific control evaluation (SCE): Evaluating the
effectiveness of the design and operation of specific control
activities. This process is documented on the SCE worksheet.
Standard General Ledger (SGL): A uniform chart of accounts and
guidance for standardizing federal agency accounting. Composed of five
major sections: (1) chart of accounts, (2) account descriptions, (3)
accounting transactions, (4) SGL attributes, and (5) report crosswalks.
Prescribed by the Department of the Treasury in its Treasury Financial
Manual.
Standard General Ledger (SGL) at the transaction level: One of
the three requirements of FFMIA. Implementing the SGL at the
transaction level means that the entity's general ledger is in full
compliance with the SGL chart of accounts descriptions and posting
rules, that transactions from feeder systems are fed into the general
ledger following SGL requirements through an automated or, in certain
cases, a manual interface, that detail supporting these transactions
can be traced back to the source transactions in the feeder systems,
and that the feeder systems process transactions consistent with SGL
account descriptions and posting rules.
Statistical sampling: Sampling that uses the laws of
probability for selecting and evaluating a sample from a population for
the purpose of reaching a conclusion about the population.
Stewardship information: Required supplementary stewardship
information includes (1) stewardship property, plant, and equipment
(property owned by the federal government including: heritage assets
[PP&E of historical, natural, cultural, educational, or artistic
significance], national defense PP&E [weapons systems and vessels], and
stewardship land [land other than that acquired for, or in connection
with, general PP&E]), (2) stewardship investments (items treated as
expenses in calculating net cost but meriting special treatment to
highlight their substantial investment and long-term-benefit nature,
including: nonfederal physical property [grants provided for properties
financed by the federal government but owned by the state and local
governments], human capital [education and training programs financed
by the federal government for the benefit of the public], and research
and development [basic and applied]), (3) stewardship responsibilities
(current services assessment showing receipt and outlay data on the
basis of projections of future activities--required in the consolidated
statements of the U.S. government only--and social insurance
information), and (4) risk-assumed information on insurance and
guarantee programs (generally, the present value of unpaid expected
losses net of associated premiums).
Stratification: Separation of a population into what the
auditor believes are relatively homogeneous groups, each of which is
referred to as a stratum, usually to improve sampling efficiency in a
classical variables estimation sample.
Stratified sample: A classical variables estimation sample
where the auditor first stratifies the population then selects a random
sample from each stratum.
Substantive analytical procedures: Analytical procedures used
as substantive tests.
Substantive assurance: The auditor's judgment that the
assurance provided by all substantive tests of an assertion will detect
misstatements that exceed materiality. Not the same as confidence
level.
Substantive tests: Specific tests to detect material
misstatements in an assertion relating to the account balance,
transaction class, and disclosure components of financial statements.
Suitable criteria: In agreed upon procedures engagements,
suitable standards that have the attributes of objectivity,
measurability, completeness, and relevance.
Supplemental analytical procedures: Analytical procedures to
increase the auditor's understanding of account balances and
transactions when detail tests are used as the sole source of
substantive assurance.
Systematic sampling: A method of selecting a sample in which
every nth item is selected. See random sample.
Test materiality (tolerable misstatement): The maximum
misstatement that the auditor can tolerate in a population. This
materiality is used in determining the extent of a specific substantive
test. (In statistical terms, margin or bound of error.) Test
materiality is design materiality, reduced when; the audit is being
performed at some, but not all, entity locations (requiring increased
audit assurance for those locations visited); the area tested is
deemed to be sensitive to the users of the financial statements; or;
the auditor expects to find a significant amount of misstatements.
Tolerable misstatement: See test materiality.
Tolerable rate: In attribute sampling for control testing, the
maximum rate of deviation from a prescribed control that the auditor
would be willing to accept without altering the assessment of the
effectiveness of the control. For tests of compliance with laws and
regulations, the tolerable rate is the maximum rate of noncompliance
that the auditor would accept in the population without reporting the
noncompliance. (In statistical terms, margin or bound of error.).
Top stratum item: An item in a dollar-unit sample that equals
or exceeds the amount of the sampling interval or implicit sampling
interval. Top stratum items are tested 100 percent.
Trading partner code: As assigned by the U.S. Department of
the Treasury, trading partner code is the attribute defined within the
accounting for a transaction used to identify the trading partner
entity. The trading partner code is illustrated next to the SGL account
and is a two-digit number.
Trading partners: As defined by the U.S. Department of the
Treasury, trading partners are agencies, bureaus, programs, or other
entities (within or between agencies/ departments) participating in
transactions with each other.
Transfers: Funding moved from one entity to another based on
an agreement between the providing entity and the receiving entity.
Treasury Financial Manual (TFM): The Treasury Financial Manual
(TFM) is Treasury's official publication for financial accounting and
reporting of all receipts and disbursements of the federal government.
Provides procedures for federal agencies to account for and reconcile
transactions occurring within and between each other. Includes
procedures for CFO Act agencies to reconcile and confirm with their
trading partners intragovernmental activity and balances.
Universe: See population.
User controls: Manual comparisons of computer output
(generally totals) to source documents or other input (including
control totals). .
Walkthroughs: Audit procedures to help the auditor understand
the actual operation of significant aspects of accounting system
processing and control techniques. Walkthroughs of financial reporting
controls consist of tracing one or more transactions from initiation,
through all processing, to inclusion in the general ledger; observing
the processing and applicable controls in operation; making inquiries
of personnel applying the controls; and examining related documents.
[End of table]
FISCAM has a glossary of IS terms.
[End of section]
ABBREVIATIONS:
AAPC: Accounting and Auditing Policy Committee.
ABA: American Bar Association.
AcSEC: Accounting Standards Executive Committee of the AICPA.
AICPA: American Institute of Certified Public Accountants.
ALC: agency locator code.
ARA: Account Risk Analysis.
AT: Reference to Statements on Standards for Attestation Engagements in
the sections of the Codification of Statements on Auditing Standards.
AU: Reference to Statements on Auditing Standards in the sections of
the Codification of Statements on Auditing Standards.
AUP: agreed-upon procedures.
CFO: Chief Financial Officer.
COSO: Committee of Sponsoring Organizations of the Treadway Commission.
CSRS: Civil Service Retirement System.
DUS: dollar-unit sampling.
DCIA: Debt Collection Improvement Act.
FACTS: Federal Agencies' Centralized Trial Balance System.
FAM: GAO/PCIE Financial Audit Manual.
FASAB: Federal Accounting Standards Advisory Board.
FASB: Financial Accounting Standards Board.
FBWT: fund balance with Treasury.
FCRA: Federal Credit Reform Act.
FERS: Federal Employees' Retirement System.
FISCAM: Federal Information System Controls Audit Manual.
FFMIA: Federal Financial Management Improvement Act of 1996.
FMFIA: Federal Managers' Financial Integrity Act of 1982.
FMS: Financial Management Service.
GAAP: generally accepted accounting principles.
GAAS: generally accepted auditing standards.
GAGAS: generally accepted government auditing standards.
GAO: General Accounting Office.
G/L: general ledger.
GRA: General Risk Analysis.
IG: Inspector General.
IPAC: Intragovernmental Payments and Collection System.
IS: Information Systems.
JFMIP: Joint Financial Management Improvement Program.
MD&A: management's discussion and analysis.
NTDO: Non-Treasury Disbursing Office.
OGC: Office of General Counsel.
OMB: Office of Management and Budget.
OPM: Office of Personnel Management.
PCIE: President's Council on Integrity and Efficiency.
PP&E: property, plant, and equipment.
RSI: required supplementary information.
RSSI: required supplementary stewardship information.
SAS: Statement on Auditing Standards.
SCE: Specific Control Evaluation.
SF: standard form.
SFFAC: Statement of Federal Financial Accounting Concepts.
SFFAS: Statement of Federal Financial Accounting Standards.
SGL: U.S. Government Standard General Ledger.
SSAE: Statement on Standards for Attestation Engagements.
TFM: Treasury Financial Manual.
W/P: workpaper.
[End of table]
[End of section]
INDEX:
Account Risk Analysis (ARA):
Control risk and combined risk, Preliminary assessment of: 370.10:
Documentation of internal control phase: 390.07:
Documentation of planning phase: 235.06, 290.06:
Sample completed form: 395 I:
Accounting application:
Audit requirements for internal controls: 310.06:
Description: 240.02:
Documentation: 390.04:
Potential misstatements: 330.06:
Relation to line items/accounts: 330.05, 395 A:
Walkthrough procedures: 320.02:
Accounting principles and policies:
Determining compliance with: 560.01:
Accounting systems:
Understanding: 320.01:
Analytical procedures:
Overall: 520.01:
Preliminary: 225.01:
Substantive: 470.04, 475.01:
Supplemental: 470.05, 475.17, 520.03:
Application controls:
See IS controls:
Assertions:
Audit requirements for internal controls: 310.06:
Combined risk, Preliminary assessment of: 370.09:
Control risk, Preliminary assessment of: 370.07:
Control activities, Effectiveness of: 340.02:
Definition: 235.02:
Management, about internal control:
See Internal control:
Relation to potential misstatements and control objectives: 330.02:
Significant: 235.04:
Audit assurance:
Guidelines: 260.04:
Audit matrix: 470.10:
With statistical risk factors: 495 D:
Audit reports:
See Report on Accountability Report (annual financial statement):
See Report on financial statements:
Audit risk:
Definition: 260.02:
Guidelines: 260.04:
Audit sampling:
See Sampling:
Audit scope: 530.01, 580.14, 580.39, 580.66, 580.73:
Audit summary memorandum: 590.02:
Auditing standards and related OMB guidance:
Audit requirements beyond "yellow book" (GAGAS): 100.16:
Determine compliance with: 570.01:
Relevant standards: 100.13:
Standards and other policies not addressed: 100.18:
Budget:
Audit requirements: 310.05:
Controls: 260.06, 295 G, 310.04:
Budget accounting system: 320.05:
Control objectives: 330.09, 395 F:
Execution statutes: 395 D:
Execution steps: 395 E:
Formulation, understanding: 260.32:
Definition: 260.06:
Documentation: 390.05:
Preliminary assessment of effectiveness: 370.11:
Reporting: 370.11, 580.32:
Restrictions, identifying: 250.01:
Tests of budget information, example: 495 B:
Combined risk:
Assurance level for substantive tests, Relationship to: 370.10, 470.02:
Definition: 370.09:
Effect on audit procedures: 295 E:
Reevaluation of assessment: 370.14:
Compliance with laws and regulations:
Checklist, General compliance: 802:
Identifying significant laws and regulations: 245.01:
Laws identified in OMB audit guidance: 295 H:
Material noncompliance, definition: 580.68:
Reportable noncompliance, definition: 580.68:
Reporting on: 580.71:
Scope of procedures: 580.73:
Supplements, Compliance: 803 - 816:
See Compliance controls:
See Compliance tests:
Compliance controls:
Audit programs: 803 - 816:
Audit requirements: 310.07:
Compliance system: 320.06:
Control objectives: 330.10:
Definition: 260.06:
Documentation: 390.05:
Effect on compliance tests: 370.11, 460.02, 460.03, 460.06:
Preliminary assessment of effectiveness: 370.11:
Reporting requirements: 370.11, 580.32:
Compliance tests:
Definition: 410.01:
Evaluation of results: 460.07:
Procedural-based provisions: 460.06:
Quantitative-based provisions: 460.03:
Tests of budget information for use in: 495 B:
Transaction-based provisions: 460.02:
Control environment: 260.43:
Documentation: 290.04:
Factors for consideration: 260.32:
IS effects on: 260.41:
Potential weaknesses: 295 B:
Weaknesses: 260.09:
Control objectives:
Identifying: 330.01:
Potential misstatements, Relationship to: 330.02:
See Budget controls:
See Compliance controls:
See Financial reporting controls:
See Operations controls:
See Safeguarding controls:
Control risk:
Assessment of: 370.06, 370.14:
Combined risk, Component of: 370.09:
Definition: 260.02:
Documentation of assessment: 370.10:
Control activities:
Definition: 260.08:
Documentation: 340.01, 390.06:
Effectiveness of: 340.02:
Efficiency of testing: 350.06:
Factors for evaluating design effectiveness: 340.03:
Identification: 340.01:
IS controls, Identification of: 350.10:
Segregation of duties: 330.08:
Specific control evaluation: 340.01, 390.06:
Typical, List of: 395 C:
Understanding: 340.02:
Control tests:
Attribute sampling: 450.01:
Control Assessment, Relation to: 370.01:
Documentation: 390.06, 395 H, 450.02, 490.06:
Efficiency considerations: 350.18:
Evaluation of results, nonsampling tests: 360.14:
Control tests (continued):
Evaluation of results, sampling tests: 450.13:
Evidence, Documentary: 350.16:
Inquiry: 350.13:
IS controls, Performing tests of: 360.03:
IS controls, Evaluating results of: 370.03:
Inspection: 350.14:
Multiple locations, Impact on sampling control tests of: 450.04:
Nature: 350.11:
Nonsampling tests: 350.19:
Observation: 350.12:
Partial-year controls: 380.02:
Planned changes in controls: 380.03:
Population, sampling control tests: 450.04:
Rotation testing of controls: 380.01, 395 G:
Sample size: 450.06:
Samples, Design of: 450.02:
Sampling control tests: 410.01, 450.01:
Segregation of duties: 330.08, 360.12, 395 C.03:
Selection of: 350.18:
Timing: 350.1:
Tolerable rate of deviations, sampling control tests: 450.08:
Cycle:
Audit requirements for internal controls: 310.06:
Documentation: 390.04:
Identification: 240.01:
Cycle matrix: 240.06, 290.05:
Detail tests: 470.07, 480.01:
Detection risk: 260.02:
Differences in estimates: 540.05:
Discussion and analysis:
See Management's discussion and analysis:
Dual-purpose tests:
See Multipurpose testing:
Entity profile: 290.03:
Errors:
See Misstatements:
FFMIA:
Conclude: 460.07:
Determine nature, timing, extent of tests: 350.02-.05, 350.21-.23:
Documentation: 590.02-.03, 590.07:
Planning: 260.48-.50:
Reporting: 580.63-.66:
Requirements: 100.09, 320.04:
Testing: 360.02, 360.16:
Understanding accounting systems: 320.04:
Financial reporting controls:
Accounting system: 320.03:
Audit requirements: 310.06:
Control objectives: 330.01:
Definition: 260.06:
Documentation: 390.04:
Preliminary assessment of control risk: 370.06:
Reporting requirements: 580.32:
Sampling control tests: 450:
Flowcharts, Use of: 390.04:
FMFIA:
Assessing: 260.43, 580.61:
Material weakness: 580.35:
Reliance on management's process: 260.47, 320.01:
Reporting on management's reports: 580.61:
Fraud risk:
Auditor responses: 295 I:
Consideration: 260.01:
Continuing assessment: 440.03:
Documentation: 290.04, 590.03:
Factors: 260.18:
Reassessment: 540.18:
GAO/PCIE Financial Audit Manual, Compliance with: 570.01:
General Controls:
See IS controls:
General Risk Analysis (GRA): 290.04:
Information and communication: 320.01:
Information Systems (IS) controls:
See IS controls:
Inherent risk:
Definition: 260.02:
Documentation: 290.04:
Identifying: 260.09:
IS effects on: 260.17:
Risk factors: 260.16, 295 A:
Inquiries of attorneys: 280.02, 550.02:
Interim testing: 295 D, 495 C:
Internal control:
Audit requirements: 310.06:
Classifying control weaknesses: 580.33:
Components: 260.08:
Effects of control weaknesses on internal control opinion: 580.42:
Management assertion about: 550.08, 580.38-.48:
Material weakness: 580.33:
Nonopinion report: 580.49:
Opinion report: 580.38:
Reportable condition: 580.33:
Reporting on: 580.32:
Reporting on management's FMFIA reports: 580.35, 580.61:
Reporting weaknesses: 580.51:
Scope of procedures: 580.39:
See Budget controls:
See Compliance controls:
See Control activities:
See Control environment:
Internal control (continued):
See Financial reporting controls:
See Information and communication:
See Monitoring:
See Operations controls:
See Risk assessment:
IS controls:
Application controls: 295 F.05:
Assessing: 295 J:
Control activities, Identification for testing: 350.10:
Determining likelihood of effective: 270.01:
Develop high-level understanding: 220.07:
Documentation: 290.04, 370.05:
Effects on inherent risk: 260.17:
Effects on the control environment, risk assessment,
communication, and monitoring: 260.41:
General controls: 295 F.02:
Information system (IS): 320.01:
IS auditor, Use of: 100.27, 220.07, 260.17, 260.42,
270.01, 320.01, 340.01, 350.10, 360.03:
Testing: 360.03:
Types of: 295 F:
User controls: 295 F.07:
Laws and regulations:
See Compliance with laws and regulations:
Management's discussion and analysis (MD&A): 100.12, 220.07,
520.06, 580.76-.80, 590.06:
Coordination with overall analytical procedures: 520.06:
Reporting on: 580.79:
Management letter: 580.54, 580.69:
Management representations: 280.03, 550.07, 1001:
Materiality:
Base, Definition and use of: 230.08:
Definition of: 230.01:
Design: 230.05, 230.12:
Disclosure: 230.06:
FMFIA: 230.06:
Guidelines: 230.07:
Planning: 230.05, 230.08, 230.11:
Reporting: 230.06:
Test: 230.05, 230.13:
Misstatements:
Budgetary amounts: 370.12:
DUS sample: 480.43:
Effects on auditor's report: 540.09:
Effects on financial statements: 480.47, 540.04:
Evaluation of misstatements: 540.01:
Known and likely: 540.03:
Results of other samples: 480.46:
Review with management: 540.07:
Substantive analytical procedures: 475.12:
Summary of Possible Adjustments: 540.04, 595 C:
Summary of Unadjusted Misstatements: 540.09, 595 D:
Monitoring: 260.08, 260.38:
Documentation: 290.04:
Factors for consideration: 260.38:
IS effects on: 260.46:
Potential weaknesses: 295 B:
Weaknesses: 260.09:
Multipurpose testing, Definition of: 430.01:
Multiple-location audits:
Locations to visit: 285.01, 295 C:
Operations, Understanding the entity's:
See Understanding the entity's operations:
Operations controls:
Audit requirements: 310.06:
Control objectives: 330.11:
Definition: 260.06:
Documentation: 390.05:
Identify for evaluation and testing: 275.01:
Operations system: 320.07:
Preliminary assessment of effectiveness: 370.13:
Reporting requirements: 370.13, 580.32:
Other accompanying information: 100.12, 580.76-.80, 590.02:
Other auditors, Using the work of: 100.02, 100.24, 100.28, 210.03,
285.01, 290.08, 295 B.19, 295 I.03, 395 G.05, 580.26, 650:
Overall analytical procedures:
Documentation: 590.04:
Performance: 520.01:
Overview:
See Management's discussion and analysis:
Performance measures controls: 275.09:
See Operations controls:
Positions, References to: 100.25:
Potential misstatements:
Accounting applications, Relation to: 330.04:
Assertions, Relation to: 330.02:
Control objectives, Relation to: 395 B:
Line item/account, Relation to: 330.04:
Typical, List of: 395 B:
Preliminary analytical procedures: 225.01:
Professional judgment: 100.23:
Related party transactions: 280.04, 550.12, 1006:
Report on Accountability Report (annual financial statement):
Compliance with laws and regulations: 580.71:
Dating: 580.03:
Example, unqualified: 595 A:
Example, various modifications: 595 B:
Financial statements: 580.10:
Internal controls: 580.32:
Other information (MD&A [overview], RSSI, required:
supplementary information and other:
accompanying information): 580.76:
Report format: 580.04:
Significant matters section: 580.06:
Report on financial statements:
Adverse: 580.30:
Consistency: 580.20:
Departure from established accounting principles: 580.22:
Disclaimer: 580.31:
Explanatory paragraphs: 580.26:
Qualified: 580.28:
Scope limitations: 580.15:
Uncertainties: 580.19:
Unqualified: 580.24:
Representation letter from management:
See Management representations:
Representation letter, Legal:
See Inquiries of attorneys:
Representative sampling:
See Sampling:
Required supplementary stewardship information (RSSI): 100.12, 220.06,
580.76-.80, 590.02:
Risk:
See Audit risk:
See Combined risk:
See Control risk:
See Detection risk:
See Fraud risk:
See Inherent risk:
Risk assessment (as part of an entity's internal control): 260.08,
260.34:
Documentation: 290.04:
Identification: 260.09:
IS effects on: 260.17:
Factors for consideration: 260.34:
Potential weaknesses: 295 B:
Rotation testing of controls: 380.01, 395 G:
Safeguarding controls: 260.06, 310.04:
See Financial reporting controls:
Sampling:
Attribute sampling: 450.01, 450.06:
Classical variables estimation sampling: 480.32, 480.45:
Control tests: 410.01, 450.01:
Dollar-unit sampling (DUS): 480.21, 480.43:
Evaluation of sample results: 450.13, 480.39:
Flowcharts and example workpapers: 495 E:
Other sampling methods: 480.13, 480.34:
Population: 450.04, 480.01:
Representative selections (sampling): 480.10:
Selection methods for detail tests: 480.04:
Sensitive payments: 280.05:
Significant cycles/accounting applications:
Audit requirements for internal controls: 310.06:
Documentation: 290.05, 390.04:
Identifying: 240.01:
Relationship to line items/accounts: 240.03, 330.03:
Significant line items, accounts, assertions, and RSSI:
Documentation: 290.06:
Identifying: 235.01:
Specific control evaluation worksheet (SCE):
Control objectives, Documentation of: 330.07:
Control activities, Documentation of: 340.01, 350.07:
Sample completed worksheet: 395 H:
Statistical risk factors: 480.24, 495 D:
Stewardship information:
Reporting: 580.77:
See Required supplementary stewardship information (RSSI):
Subsequent events: 550.04, 1005:
Substantive analytical procedures: 475.01:
Considerations for use: 495 A:
Documentation: 490.06:
Establishment of limit, guidelines: 475.05:
Increasing effectiveness of: 475.14:
Investigation of differences: 475.06:
Levels of: 470.05:
Performance of: 475.04:
Substantive tests:
Definition: 410.01:
Determining mix: 470.10:
Directional testing: 470.14:
Levels of assurance: 470.02:
Types of tests: 470.03:
See Detail tests:
See Substantive analytical procedures:
Summary of Possible Adjustments: 540.04, 595 C:
Summary of Unadjusted Misstatements: 540.09, 595 D:
Supplemental analytical procedures: 470.05, 475.17, 520.03:
Understanding the entity's operations: 220.01:
Accounting issues and policies: 220.05:
Documentation: 290.03:
IS220.07:
Sources of information: 220.08:
User controls:
See IS controls:
Walkthrough procedures:
Control techniques, Operation of: 350.09:
Processing systems, Understanding of: 320.01:
Use as limited control test: 340.02:
Yellow book:
See Auditing standards and related OMB guidance:
[End of section]
GAO's Mission:
The General Accounting Office, the investigative arm of Congress,
exists to support Congress in meeting its constitutional
responsibilities and to help improve the performance and accountability
of the federal government for the American people. GAO examines the use
of public funds; evaluates federal programs and policies; and provides
analyses, recommendations, and other assistance to help Congress make
informed oversight, policy, and funding decisions. GAO's commitment to
good government is reflected in its core values of accountability,
integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through the Internet. GAO's Web site ( www.gao.gov ) contains
abstracts and full-text files of current reports and testimony and an
expanding archive of older products. The Web site features a search
engine to help you locate documents using key words and phrases. You
can print these documents in their entirety, including charts and other
graphics.
Each day, GAO issues a list of newly released reports, testimony, and
correspondence. GAO posts this list, known as "Today's Reports," on its
Web site daily. The list contains links to the full-text document
files. To have GAO e-mail this list to you every afternoon, go to
www.gao.gov and select "Subscribe to e-mail alerts" under the "Order
GAO Products" heading.
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. General Accounting Office
441 G Street NW,
Room LM Washington,
D.C. 20548:
To order by Phone:
Voice: (202) 512-6000:
TDD: (202) 512-2537:
Fax: (202) 512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov
Automated answering system: (800) 424-5454 or (202) 512-7470:
Public Affairs:
Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S.
General Accounting Office, 441 G Street NW, Room 7149 Washington, D.C.
20548: