Upload
lowri
View
67
Download
6
Tags:
Embed Size (px)
DESCRIPTION
Single Audit Guidelines. Florida GFOA Annual Conference June 25, 2013. Presented by. Presented by:. Stephen W. Blann , CPA, CGFM, CGMA Director of Governmental Audit Quality Rehmann. Agenda. Single Audit Overview Single Audit Updates SAS 117: Compliance Audits - PowerPoint PPT Presentation
Citation preview
Single Audit Guidelines
Florida GFOAAnnual Conference
June 25, 2013
Presented by
Presented by:
Stephen W. Blann, CPA, CGFM, CGMADirector of Governmental Audit QualityRehmann
2
Agenda• Single Audit Overview• Single Audit Updates
– SAS 117: Compliance Audits– SAS 119: Supplementary Information– Audit Guide: GAS/A-133 Audits– A-133 Compliance Supplement– OMB’s proposed changes
3
Agenda• Yellow Book Overview• Yellow Book Updates
– 2011 Revision– CPE Requirements– Independence Conceptual Framework
4
Components of a Single Audit
• Financial statement audit (GAAS)• Conducted in accordance with
Government Auditing Standards (GAGAS or the “Yellow Book”)
• Compliance audit of federal awards expended (A-133)
5
Components of a Single AuditFinancial Statement Audit
• Results in an opinion on whether the financial statements are fairly presented in accordance with generally accepted accounting principles
6
Components of a Single AuditGovernment Auditing
Standards• Builds on the foundation of generally
accepting auditing standards• Adds additional requirements for auditor
independence and continuing professional education
• Results in a report (not an opinion) on matters related to internal control over financial reporting that came to the auditors’ attention during the audit
7
Components of a Single AuditCompliance Audit of Federal
Awards• Builds on the foundation of GAAS and
GAGAS• Adds compliance testing for “major
programs”• Results in:
1. an opinion on major program compliance2. a report (not an opinion) on matters related
to internal control over compliance that came to the auditors’ attention during the audit
3. an opinion on the Schedule of Expenditures of Federal Awards (SEFA) in-relation-to the financial statements
8
9
Single Audit OverviewDetermine
NeedSelect Major
Programs
Test IC and
Compliance
Reporting
10
Single Audit OverviewDetermine
NeedSelect Major
Programs
Test IC and
Compliance
Reporting
• Obtain Schedule of Expenditures of Federal Awards (SEFA) from client
• Threshold for single audit is $500,000 in current year
• Test SEFA in accordance with SAS 119 sufficient to render an in-relation-to opinion
11
Single Audit OverviewDetermine
NeedSelect Major
Programs
Test IC and
Compliance
Reporting
• Consider by CFDA number or cluster• Divide programs into Type A and B
– Cut-off starts at $300,000 and goes up to $3,000,000 as federal expenditures range from $10M-$100M
• Assess risk of Type A programs– Type A programs that are not low-risk are major– Type A programs that are low-risk are temporarily set
aside, but may still be major• May only be low-risk if previously audited with no findings
12
Single Audit OverviewDetermine
NeedSelect Major
Programs
Test IC and
Compliance
Reporting
• If necessary, assess risk of larger Type B programs– Only required if there is a low-risk Type A program– “Larger” Type B programs are $100,000 or more
(threshold starts to increase at $33M)– High-risk programs may be selected as major
• Risk assessment is based on auditor judgment• Select one high-risk Type B program for each low-risk Type A
program (limited to half of the high-risk Type B programs)
13
Single Audit OverviewDetermine
NeedSelect Major
Programs
Test IC and
Compliance
Reporting
• Determine if percentage of coverage is met– Required to test 50% of SEFA– For low-risk auditees, only test 25% of SEFA
• Clean single audit for two years (no material findings)• Filed on time with the Clearinghouse
– Select additional programs (auditor’s choice) until coverage is met
14
Single Audit OverviewDetermine
NeedSelect Major
Programs
Test IC and
Compliance
Reporting
• For each major program, determine which compliance areas to test– Applicable per the A-133 Compliance Supplement– Applicable to the auditee– Have a direct and material effect on compliance
15
Single Audit OverviewDetermine
NeedSelect Major
Programs
Test IC and
Compliance
Reporting
• Compliance areasA.Activities allowed or unallowedB.Allowable costs/cost principlesC.Cash managementD.Davis-Bacon ActE. EligibilityF. Equipment and real property
managementG.Matching, level of effort, and
earmarking
H.Period of availability of federal funds
I. Procurement/suspension and debarment
J. Program incomeK.Real property acquisition and
relocation assistanceL. ReportingM. Subrecipient monitoringN.Special tests and provisions
16
Single Audit OverviewDetermine
NeedSelect Major
Programs
Test IC and
Compliance
Reporting
• Testing memos– Compliance requirement– Tests of compliance– Internal controls over compliance– Tests of internal controls over compliance– Conclusions
• Identify and test “individually important items” before sampling
17
Single Audit OverviewDetermine
NeedSelect Major
Programs
Test IC and
Compliance
Reporting
• In-relation-to opinion on the SEFA• Yellow Book report
– Internal control over financial reporting– Compliance with laws, regulations, and grant
agreements• A-133 report
– Compliance for each major program– Internal control over compliance
18
Single Audit OverviewDetermine
NeedSelect Major
Programs
Test IC and
Compliance
Reporting
• Schedule of Findings and Questioned Costs– Summary of Auditors Results– Financial statement findings– Federal awards findings
• Summary Schedule of Prior Audit Findings– Status of prior federal award findings
• Data Collection Form and reporting package– Submitted online
19
Single Audit Overview• Contents of a Single Audit
– Independent Auditor’s Report on the SEFA– Schedule of Expenditures of Federal Awards– Notes to the SEFA– Yellow Book report– A-133 report– Schedule of Findings and Questioned Costs– Summary Schedule of Prior Audit Findings
20
Single Audit Overview• SEFA requirements
– List of federal programs by agency– List programs within a cluster– Name of pass-through entity and identifying
number assigned by the pass-through entity– CFDA number or other identifying number
when CFDA not available
21
Single Audit Overview• SEFA requirements
– Total federal awards expended for each program (CFDA number or cluster)
– Significant accounting policies used in preparation of the SEFA
– Amounts passed-through to subrecipients– Value of any non-cash assistance received
and loans or loan guarantees outstanding at year end
22
Single Audit Overview• Optional SEFA elements
– Grant period– Total award amount– Beginning accrued (deferred) revenue– Current year cash receipts– Ending accrued (deferred) revenue– Amounts expended in prior periods on multi-
year grants
23
Single Audit Overview• Notes to SEFA
– Basis of presentation• SEFA presents only federal grant activity• Presented in accordance with A-133
– Summary of significant accounting policies• Basis of accounting (reference to Note 1)• Expenditures recognized in accordance
with Federal Cost Principles (A-87, A-122, or A-21)
– Pass-through agencies
24
Single Audit Overview• Schedule of Findings and
Questioned CostsSection I - Summary of Auditors’ ResultsSection II - Financial Statement Findings– Numbered as 2013-FS-1, etc.Section III - Federal Award Findings– Numbered as 2013-SA-1, etc.
25
Single Audit Overview• Summary Schedule of Prior Audit
Findings – Brief description and status
26
Single Audit Overview• Elements of a finding
– Finding number/short name
– Finding type (compliance/controls)
– Federal program(s)– Criteria– Condition
– Cause– Effect– Questioned costs– Recommendation– View of Responsible
Officials
Single Audit Updates
SAS 117: Compliance Audits
27
Applicability• Establishes applicability of financial
auditing guidance in compliance audits
• Applicable for compliance audits subject to:– Generally accepted auditing
standards, and– Government Auditing Standards, and– A governmental audit requirement that
requires an auditor to express an opinion on compliance
SAS 117: Compliance Audits
28
Applicability• Commonly applicable to:
– Single audits (OMB Circular A-133)– HUD audits (Consolidated Audit Guide)
• Not applicable to:– Examinations (follow SSAEs not SASs)– Agreed-Upon Procedures engagements
SAS 117: Compliance Audits
29
Applicability• Compliance audits are usually
performed in conjunction with a financial statement audit– SAS 117 does not apply to the
financial statement audit component of such engagements
SAS 117: Compliance Audits
30
Applicability• In general, all AICPA Statements on
Auditing Standards (AU Sections) and supplementary Yellow Book guidance should be adapted and applied to compliance audits– (e.g., replace “misstatement” with
“noncompliance”)
SAS 117: Compliance Audits
31
Applicability• A detailed list of non-applicable AU
Sections is provided in Appendix A– Auditors are not required to make a
literal translation of each procedure that might be performed in a financial statement audit, but rather to obtain sufficient appropriate audit evidence to support the auditor’s opinion on compliance
SAS 117: Compliance Audits
32
Management’s Responsibilities
• A compliance audit is based on the premise that management is responsible for the entity’s compliance, including:1. Identifying programs and
understanding compliance requirements
2. Establishing and maintaining effective internal controls over compliance
continued…
SAS 117: Compliance Audits
33
Management’s Responsibilities
• A compliance audit is based on the premise that management is responsible for the entity’s compliance, including:3. Evaluating and monitoring the
entity’s compliance4. Taking corrective action when
instances of noncompliance are identified
SAS 117: Compliance Audits
34
Objectives• The auditor’s objectives in a
compliance audit are to:1. Obtain sufficient appropriate audit
evidence to form an opinion and report on whether the entity complied in all material respects with the applicable compliance requirements
continued…
SAS 117: Compliance Audits
35
Objectives• The auditor’s objectives in a
compliance audit are to:2. Identify audit and reporting
requirements that are supplementary to GAAS and Government Auditing Standards, if any, and perform additional procedures to address those requirements
SAS 117: Compliance Audits
36
Requirements• Adapt and apply AU Sections to the
objectives of the compliance audit, using professional judgment
• Establish materiality• Identify applicable compliance
requirements• Perform risk assessment
procedures
SAS 117: Compliance Audits
37
Requirements• Assess the risks of material
noncompliance• Perform further audit procedures in
response to assessed risks• Follow any supplementary audit
requirements
SAS 117: Compliance Audits
38
Requirements• Obtain written representations
from management• Consider subsequent events• Evaluate the sufficiency and
appropriateness of audit evidence and form an opinion
SAS 117: Compliance Audits
39
Requirements• Report on compliance (and, if
required, on internal control over compliance)
• Document all procedures and conclusions
SAS 117: Compliance Audits
40
Reporting• SAS 117 added the phrase “direct
and material” to report language– Report on Compliance With
Requirements That Could Have a Direct and Material Effect on Each Major Program and on Internal Control Over Compliance in Accordance With OMB Circular A-133
SAS 117: Compliance Audits
41
Reporting• Illustrative Auditor’s Reports
http://www.aicpa.org/InterestAreas/GovernmentalAuditQuality/Resources/IllustrativeAuditorsReports/Pages/IllustrativeAuditorReportsforClarity.aspx
• Updated for Clarity Standards– New report sections and restricted use
language
SAS 117: Compliance Audits
42
Single Audit Updates
SAS 119: Supplementary Information
43
in Relation to• Effective for periods ending on or
after 12/31/2011• Addresses the auditor’s
responsibility when engaged to report on whether SI is fairly stated, in all material respects, in relation to the financial statements taken as a whole– Applies to SEFA
SAS 119: Supplementary Information
the Financial Statements as a Whole
44
Objectives• The auditor’s objectives when
reporting on SI in relation to the financial statements as a whole are to:– Evaluate the presentation of the SI in
relation to the financial statements as a whole; and
– Report on whether the SI is fairly stated, in all material respects, in relation to the financial statements as a whole
SAS 119: Supplementary Information
45
Requirements• Determine that SI was derived
from and directly relates to the underlying accounting records used to prepare the F/S
• SI must relate to the same period as the FS
SAS 119: Supplementary Information
46
Requirements• FS must have been audited by the
same auditor (adverse opinion or disclaimer not permitted)
• SI must accompany the audited FS, or else the audited FS must be readily available
SAS 119: Supplementary Information
47
Requirements• Auditor must perform procedures
on the SI, such as:– Inquire of management about the
purpose of the SI, and the methods used to prepare it
– Compare SI to the audited FS for consistency
continued…
SAS 119: Supplementary Information
48
Requirements• Auditor must perform procedures
on the SI, such as:– Evaluate the appropriateness and
completeness of the presentation– Obtain written representations from
management• The date of the auditor’s report on
SI should not be earlier than the date these procedures are completed
SAS 119: Supplementary Information
49
Reporting• Additional language in:
– Auditors’ opinion– SAS 114 letter
SAS 119: Supplementary Information
50
Auditors’ OpinionReport on Schedule of Expenditures of Federal Awards Required by OMB Circular A-133We have audited the financial statements of the governmental activities, the business-type activities, the aggregate discretely presented component units, each major fund, and the aggregate remaining fund information of Example Entity as of and for the year ended June 30, 20X1, and the related notes to the financial statements, which collectively comprise Example Entity’s basic financial statements. We issued our report thereon dated August 15, 20X1, which contained unmodified opinions on those financial statements. (continued…)
SAS 119: Supplementary Information
51
Auditors’ OpinionOur audit was conducted for the purpose of forming opinions on the financial statements that collectively comprise the basic financial statements. The accompanying schedule of expenditures of federal awards is presented for purposes of additional analysis as required by OMB Circular A-133 and is not a required part of the basic financial statements. Such information is the responsibility of management and was derived from and relates directly to the underlying accounting and other records used to prepare the basic financial statements. (continued…)
SAS 119: Supplementary Information
52
Auditors’ OpinionThe information has been subjected to the auditing procedures applied in the audit of the financial statements and certain additional procedures, including comparing and reconciling such information directly to the underlying accounting and other records used to prepare the basic financial statements or to the basic financial statements themselves, and other additional procedures in accordance with auditing standards generally accepted in the United States of America. In our opinion, the schedule of expenditure of federal awards is fairly stated in all material respects in relation to the basic financial statements as a whole.
SAS 119: Supplementary Information
53
SAS 114 LetterOur responsibility for the supplementary information accompanying the financial statements, as described by professional standards, is to evaluate the presentation of the supplementary information in relation to the financial statements as a whole and to report on whether the supplementary information is fairly stated, in all material respects, in relation to the financial statements as a whole. We made certain inquiries of management and evaluated the form, content, and methods of preparing the information to determine that the information complies with accounting principles generally accepted in the United States of America, the method of preparing it has not changed from the prior period, and the information is appropriate and complete in relation to our audit of the financial statements. We compared and reconciled the supplementary information to the underlying accounting records used to prepare the financial statements or to the financial statements themselves.
SAS 119: Supplementary Information
Other Information in Documents Containing Audited Financial Statements
54
GAS and A-133 Audits• 2013 update
– Scheduled for release in May/June(not available when these slides went to press)
AICPA Audit Guide
55
Compliance Supplement• 2013 edition expected in June
(not available when these slides went to press)• Expected changes:
– Part 2, Matrix of Compliance Requirements• Many areas no longer identified as
applicable for various programs• Intent is for auditors to focus on
“important” compliance requirements
OMB Circular A-133
56
Compliance Supplement• Expected changes:
– Part 3, Compliance Requirements• Procurement and Suspension and
Debarment requirements clarified• FFATA reporting to be dropped as an audit
requirement– Part 4, Specific Programs
• Many ARRA programs removed
OMB Circular A-133
57
58
Proposed Changes• In February 2013, OMB posted a
proposed rule– Over 200 pages long– Comment period closed June 2, 2013– Would combine all grant circulars and
related guidance into a single document
OMB Circular A-133
Proposed Changes• Threshold for a single audit• Increased from $500k to $750k
• Type A/B Threshold• Increased from $300k to $500k
• High-Risk Type A programs• Material noncompliance, material
weakness or questioned costs > 5% (currently, SD is enough for high-risk)
OMB Circular A-133
59
Proposed Changes• Type B programs• Large Type B threshold changed to
25% of Type A threshold• Only required to test ¼ of high-risk
Type B programs (instead of ½)• Percent of coverage• Coverage reduced from 50% to 40%• Low-risk coverage reduced from 25%
to 20%
OMB Circular A-133
60
Proposed Changes• Low-Risk Auditee Status• Explicitly considers timing of DCF
submission• No going concern comments permitted
• Compliance Areas• List of 14 areas reduced to 6• Deleted areas may be shifted to
special tests and provisions
OMB Circular A-133
61
Proposed Changes• Findings• Questioned costs increased from $10k
to $25k• More detail required
• Federal cost principles simplified• Indirect costs• Time and effort reporting
OMB Circular A-133
62
Proposed Changes• Effective date unknown• AICPA is pushing for adequate time to
prepare/train• May allow thresholds to move up first,
and other changes to follow
OMB Circular A-133
63
Yellow Book Updates
64
Yellow Book Overview• Generally Accepted Government
Auditing Standards or “GAGAS”• Issued by the Comptroller General
of the United States• Government Accountability Office
(GAO)– Investigative arm of Congress– Independent and nonpartisan
65
Yellow Book Overview• When is a YB Audit Required?
– Single Audits – Certain grant agreements – State regulation– Voluntarily
• GFOA Recommended Practice: Audit Procurement
66
2011 Yellow Book• Incorporates the AICPA’s “clarity
standards”• Effective dates:
– FYE 12/31/2012 for financial audits and attestation engagements
– FYE 12/31/2011 for performance audits
– Early implementation is not permitted
67
Chapters1. Government Auditing: Foundation
and Ethical Principles– Introduction– Purpose and Applicability of GAGAS– Ethical Principles
68
2011 Yellow Book
Chapters2. Standards for Use And Application
– Introduction– Types of GAGAS Audits and Attestation
Engagements– Use of Terminology to Define GAGAS
Requirements– Relationship between GAGAS and Other
Professional Standards– Stating Compliance with GAGAS in the
Auditors’ Report69
2011 Yellow Book
Chapters3. General Standards
– Introduction– Independence– Professional Judgment– Competence– Quality Control and Assurance
70
2011 Yellow Book
Chapters4. Standards for Financial Audits
– Introduction– Additional GAGAS Requirements for
Performing Financial Audits– Additional GAGAS Reporting Requirements
for Financial Audits– Additional GAGAS Considerations for
Financial Audits
71
2011 Yellow Book
Chapters5. Standards for Attestation
Engagements– Introduction– Examination Engagements– Review Engagements– Agreed-Upon Procedures Engagements
72
2011 Yellow Book
Chapters6. Field Work Standards for
Performance Audits– Introduction– Reasonable Assurance– Significance in a Performance Audit– Audit Risk– Planning– Supervision– Obtaining Sufficient, Appropriate Evidence– Audit Documentation
73
2011 Yellow Book
Chapters7. Reporting Standards for
Performance Audits– Introduction– Reporting– Report Contents– Distributing Reports
74
2011 Yellow Book
Significant Changes• Reorganized chapters• Removed sections that duplicated
AICPA guidance (as this guidance is incorporated by reference)
• Removes special guidance on reporting restated financial statements
75
2011 Yellow Book
Significant Changes• Requirements for CPE clarified• New conceptual framework for
independence added (previous Q&A Guide superseded)
76
2011 Yellow Book
CPE• Two levels of CPE required• All staff performing GAGAS audits
need 24 hours every 2 years in topics of:– Government auditing– The governmental environment– Specific or unique environment of
clients77
2011 Yellow Book
CPE• Additional requirement (80 hours
every 2 years) if:– Responsible for planning, directing, or
reporting on GAGAS audits; or– 20% or more of total time is spent on
GAGAS audits– Additional 56 hours must “enhance
the auditor’s professional proficiency”
78
2011 Yellow Book
CPE• External specialists should be
qualified and maintain professional competence in their areas of specialization but are not required to meet GAGAS CPE requirements
• Internal specialists are subject to GAGAS requirements
79
2011 Yellow Book
IndependenceConceptual Framework
• In all matters relating to the audit work, the audit organization and the individual auditor, whether government or public, must be independent
• It is impossible to define every situation that may impact independence, so GAGAS establish a conceptual framework to address it
80
IndependenceConceptual Framework
• Framework:1. Identify threats to independence2. Evaluate the significance of threats
identified3. Apply safeguards as necessary to
eliminate threats or reduce them to an acceptable level
81
IndependenceThreats
• Threats to independence are circumstances that could impair independence– Threats are conditions to be
evaluated using the conceptual framework
– Threats do not necessarily impair independence
82
IndependenceTypes of Threats
• Self-interest threat• Self-review threat• Bias threat• Familiarity threat• Undue influence threat• Management participation threat• Structural threat
83
IndependenceSafeguards
• Safeguards are controls designed to eliminate or reduce to an acceptable level threats to independence:– Under the conceptual framework, the
auditor applies safeguards that address the specific facts and circumstances under which threats to independence exist
– In some cases, multiple safeguards may be necessary to address a threat
84
IndependenceApplication
• Auditors should evaluate threats both individually and in the aggregate– Threats can have a cumulative effect
on independence • Some threats can be eliminated or
reduced to an acceptable level, while others cannot
85
IndependenceApplication
• Threats to independence are not at an acceptable level if:– The threat could impact the auditor’s
ability to perform an audit without being affected by influences that compromise professional judgment; or
– A reasonable and informed third party would conclude that the auditor’s integrity, objectivity, or professional skepticism has been compromised86
IndependenceApplication
• If threats to independence are not at an acceptable level:– Apply safeguards– Document the threats identified and
safeguards applied– Evaluate both qualitative and
quantitative factors to determine whether independence of both mind and appearance are maintained
87
IndependenceApplication
• If independence is impaired:– Decline to perform a prospective
engagement– Terminate an audit in progress– Recall any reports issued in a period
during which it is subsequently determined that independence was impaired
88
IndependenceNonaudit Services
• Providing nonaudit services may create threats to an auditor’s independence– Auditors should consider and
document potential threats from nonaudit services
– A critical component is management’s ability to effectively oversee the nonaudit service to be performed89
IndependenceNonaudit Services
• Providing nonaudit services may create threats to an auditor’s independence– The audited entity should designate
an individual who possesses suitable skill, knowledge, or experience, and who understands the services to be performed sufficiently to oversee them
– This individual is not required to possess the expertise to perform or re-perform the services
90
IndependenceNonaudit Services
• Auditors performing nonaudit services should ensure that management:– Assumes all management
responsibilities– Oversees all nonaudit services by
designating a individual (preferably within senior management) who possess suitable skill, knowledge, or experience91
IndependenceNonaudit Services
• Auditors performing nonaudit services should ensure that management:– Evaluates the adequacy and results of
all services performed– Accepts responsibility for the results
of any nonaudit services
92
IndependenceNonaudit Services
• Document the understanding with management/those charged with governance in writing:– Objectives of the nonaudit service– Services to be performed– Audited entity’s acceptance of its
responsibilities– The auditor’s responsibilities– Any limitations of the nonaudit
service93
IndependenceNonaudit Services
• Routine activities:– Relate directly to the performance of
an audit (such as providing advice and responding to questions)
– Typically insignificant in terms of time and cost, and do not result in a formal report or work product
– Not considered nonaudit services and are exempt from the conceptual framework94
IndependenceNonaudit Services
• Routine activities:– Providing advice on an accounting
matter as an ancillary part of the overall financial audit
– Researching and responding to technical questions on relevant tax laws as an ancillary part of providing tax services
– Providing advice to the audited entity on routine business matters95
IndependenceNonaudit Services
• Routine activities:– Educating the audited entity on
matters within the technical expertise of the auditors
– Providing information to the audited entity that is readily available to the auditors, such as best practices and benchmarking studies
96
IndependenceNonaudit Services
• Routine activities do not include:– Financial statement preparation– Cash to accrual conversions– Reconciliations
• These are considered nonaudit services under GAGAS, and are subject to the conceptual framework
97
IndependenceDocumentation
• Documentation of independence considerations:– Provides evidence of the auditor’s
judgments in forming conclusions regarding compliance with independence requirements
– Is required under the GAGAS quality control and assurance requirements
98
IndependenceDocumentation
• Documentation of independence considerations:– Threats to independence that require
the application of safeguards, and the safeguards applied
– Consideration of management’s ability to effectively oversee nonaudit services
– Auditor’s understanding with the entity when performing nonaudit services
99
Questions and Answers…
100
For more information...
Stephen W. Blann, CPA, CGFM, CGMA
Director of Governmental Audit Quality616.975.2810
[email protected]/government
101