CARE-Based Audit Methodology To Review and Evaluate Agency Accounting and Financial Management Systems

AFMD-84-75: Published: Sep 28, 1984. Publicly Released: Sep 28, 1984.

Additional Materials:


Office of Public Affairs
(202) 512-4800

GAO has developed a Controls and Risk Evaluation (CARE) based audit methodology to be used to: (1) identify agencies' accounting and financial management systems; (2) identify and evaluate the adequacy of controls in these systems; and (3) determine the degree of a system's compliance with GAO accounting principles, standards, and other requirements.

The CARE audit methodology includes general risk analysis, transaction flow review, compliance testing, and substantive testing. During general risk analysis, an auditor acquires an overview of an activity, gains an understanding of its general control environment and overall financial management structure, makes a preliminary determination of each identified system's internal control objectives and relevant accounting principles and standards, and applies a number risk ranking factors. For high-risk systems, a transaction flow review is suggested in which the auditor identifies the major types of transactions and refinement of internal control objectives. Through compliance tests and analysis, an auditor can design a set of test transactions to determine whether the processes and controls identified in the transaction flow review actually function as intended. After considering the potential impact of any deviations from requirements, an auditor can form an overall opinion of a system and its internal controls and may decide to perform substantive testing to determine the impact of deviations from standards and other requirements. GAO will usually report these deviations and their impacts to agency heads with recommendations for correction.

Jul 18, 2018

Jul 17, 2018

Jul 16, 2018

Jun 28, 2018

May 31, 2018

May 24, 2018

May 10, 2018

Apr 17, 2018

Apr 5, 2018

Looking for more? Browse all our products here