Single Audit Guidelines

Single Audit Guidelines

Florida GFOAAnnual Conference

June 25, 2013

Presented by

Presented by:

Stephen W. Blann, CPA, CGFM, CGMADirector of Governmental Audit QualityRehmann

2

Agenda• Single Audit Overview• Single Audit Updates

– SAS 117: Compliance Audits– SAS 119: Supplementary Information– Audit Guide: GAS/A-133 Audits– A-133 Compliance Supplement– OMB’s proposed changes

3

Agenda• Yellow Book Overview• Yellow Book Updates

– 2011 Revision– CPE Requirements– Independence Conceptual Framework

4

Components of a Single Audit

• Financial statement audit (GAAS)• Conducted in accordance with

Government Auditing Standards (GAGAS or the “Yellow Book”)

• Compliance audit of federal awards expended (A-133)

5

Components of a Single AuditFinancial Statement Audit

• Results in an opinion on whether the financial statements are fairly presented in accordance with generally accepted accounting principles

6

Components of a Single AuditGovernment Auditing

Standards• Builds on the foundation of generally

accepting auditing standards• Adds additional requirements for auditor

independence and continuing professional education

• Results in a report (not an opinion) on matters related to internal control over financial reporting that came to the auditors’ attention during the audit

7

Components of a Single AuditCompliance Audit of Federal

Awards• Builds on the foundation of GAAS and

GAGAS• Adds compliance testing for “major

programs”• Results in:

1. an opinion on major program compliance2. a report (not an opinion) on matters related

to internal control over compliance that came to the auditors’ attention during the audit

3. an opinion on the Schedule of Expenditures of Federal Awards (SEFA) in-relation-to the financial statements

8

9

Single Audit OverviewDetermine

NeedSelect Major

Programs

Test IC and

Compliance

Reporting

10


NeedSelect Major

Programs

Test IC and

Compliance

Reporting

• Obtain Schedule of Expenditures of Federal Awards (SEFA) from client

• Threshold for single audit is $500,000 in current year

• Test SEFA in accordance with SAS 119 sufficient to render an in-relation-to opinion

11


NeedSelect Major

Programs

Test IC and

Compliance

Reporting

• Consider by CFDA number or cluster• Divide programs into Type A and B

– Cut-off starts at $300,000 and goes up to $3,000,000 as federal expenditures range from $10M-$100M

• Assess risk of Type A programs– Type A programs that are not low-risk are major– Type A programs that are low-risk are temporarily set

aside, but may still be major• May only be low-risk if previously audited with no findings

12


NeedSelect Major

Programs

Test IC and

Compliance

Reporting

• If necessary, assess risk of larger Type B programs– Only required if there is a low-risk Type A program– “Larger” Type B programs are $100,000 or more

(threshold starts to increase at $33M)– High-risk programs may be selected as major

• Risk assessment is based on auditor judgment• Select one high-risk Type B program for each low-risk Type A

program (limited to half of the high-risk Type B programs)

13


NeedSelect Major

Programs

Test IC and

Compliance

Reporting

• Determine if percentage of coverage is met– Required to test 50% of SEFA– For low-risk auditees, only test 25% of SEFA

• Clean single audit for two years (no material findings)• Filed on time with the Clearinghouse

– Select additional programs (auditor’s choice) until coverage is met

14


NeedSelect Major

Programs

Test IC and

Compliance

Reporting

• For each major program, determine which compliance areas to test– Applicable per the A-133 Compliance Supplement– Applicable to the auditee– Have a direct and material effect on compliance

15


NeedSelect Major

Programs

Test IC and

Compliance

Reporting

• Compliance areasA.Activities allowed or unallowedB.Allowable costs/cost principlesC.Cash managementD.Davis-Bacon ActE. EligibilityF. Equipment and real property

managementG.Matching, level of effort, and

earmarking

H.Period of availability of federal funds

I. Procurement/suspension and debarment

J. Program incomeK.Real property acquisition and

relocation assistanceL. ReportingM. Subrecipient monitoringN.Special tests and provisions

16


NeedSelect Major

Programs

Test IC and

Compliance

Reporting

• Testing memos– Compliance requirement– Tests of compliance– Internal controls over compliance– Tests of internal controls over compliance– Conclusions

• Identify and test “individually important items” before sampling

17


NeedSelect Major

Programs

Test IC and

Compliance

Reporting

• In-relation-to opinion on the SEFA• Yellow Book report

– Internal control over financial reporting– Compliance with laws, regulations, and grant

agreements• A-133 report

– Compliance for each major program– Internal control over compliance

18


NeedSelect Major

Programs

Test IC and

Compliance

Reporting

• Schedule of Findings and Questioned Costs– Summary of Auditors Results– Financial statement findings– Federal awards findings

• Summary Schedule of Prior Audit Findings– Status of prior federal award findings

• Data Collection Form and reporting package– Submitted online

19

Single Audit Overview• Contents of a Single Audit

– Independent Auditor’s Report on the SEFA– Schedule of Expenditures of Federal Awards– Notes to the SEFA– Yellow Book report– A-133 report– Schedule of Findings and Questioned Costs– Summary Schedule of Prior Audit Findings

20

Single Audit Overview• SEFA requirements

– List of federal programs by agency– List programs within a cluster– Name of pass-through entity and identifying

number assigned by the pass-through entity– CFDA number or other identifying number

when CFDA not available

21

Single Audit Overview• SEFA requirements

– Total federal awards expended for each program (CFDA number or cluster)

– Significant accounting policies used in preparation of the SEFA

– Amounts passed-through to subrecipients– Value of any non-cash assistance received

and loans or loan guarantees outstanding at year end

22

Single Audit Overview• Optional SEFA elements

– Grant period– Total award amount– Beginning accrued (deferred) revenue– Current year cash receipts– Ending accrued (deferred) revenue– Amounts expended in prior periods on multi-

year grants

23

Single Audit Overview• Notes to SEFA

– Basis of presentation• SEFA presents only federal grant activity• Presented in accordance with A-133

– Summary of significant accounting policies• Basis of accounting (reference to Note 1)• Expenditures recognized in accordance

with Federal Cost Principles (A-87, A-122, or A-21)

– Pass-through agencies

24

Single Audit Overview• Schedule of Findings and

Questioned CostsSection I - Summary of Auditors’ ResultsSection II - Financial Statement Findings– Numbered as 2013-FS-1, etc.Section III - Federal Award Findings– Numbered as 2013-SA-1, etc.

25

Single Audit Overview• Summary Schedule of Prior Audit

Findings – Brief description and status

26

Single Audit Overview• Elements of a finding

– Finding number/short name

– Finding type (compliance/controls)

– Federal program(s)– Criteria– Condition

– Cause– Effect– Questioned costs– Recommendation– View of Responsible

Officials

Single Audit Updates

SAS 117: Compliance Audits

27

Applicability• Establishes applicability of financial

auditing guidance in compliance audits

• Applicable for compliance audits subject to:– Generally accepted auditing

standards, and– Government Auditing Standards, and– A governmental audit requirement that

requires an auditor to express an opinion on compliance


28

Applicability• Commonly applicable to:

– Single audits (OMB Circular A-133)– HUD audits (Consolidated Audit Guide)

• Not applicable to:– Examinations (follow SSAEs not SASs)– Agreed-Upon Procedures engagements


29

Applicability• Compliance audits are usually

performed in conjunction with a financial statement audit– SAS 117 does not apply to the

financial statement audit component of such engagements


30

Applicability• In general, all AICPA Statements on

Auditing Standards (AU Sections) and supplementary Yellow Book guidance should be adapted and applied to compliance audits– (e.g., replace “misstatement” with

“noncompliance”)


31

Applicability• A detailed list of non-applicable AU

Sections is provided in Appendix A– Auditors are not required to make a

literal translation of each procedure that might be performed in a financial statement audit, but rather to obtain sufficient appropriate audit evidence to support the auditor’s opinion on compliance


32

Management’s Responsibilities

• A compliance audit is based on the premise that management is responsible for the entity’s compliance, including:1. Identifying programs and

understanding compliance requirements

2. Establishing and maintaining effective internal controls over compliance

continued…


33

Management’s Responsibilities

• A compliance audit is based on the premise that management is responsible for the entity’s compliance, including:3. Evaluating and monitoring the

entity’s compliance4. Taking corrective action when

instances of noncompliance are identified


34

Objectives• The auditor’s objectives in a

compliance audit are to:1. Obtain sufficient appropriate audit

evidence to form an opinion and report on whether the entity complied in all material respects with the applicable compliance requirements

continued…


35

Objectives• The auditor’s objectives in a

compliance audit are to:2. Identify audit and reporting

requirements that are supplementary to GAAS and Government Auditing Standards, if any, and perform additional procedures to address those requirements


36

Requirements• Adapt and apply AU Sections to the

objectives of the compliance audit, using professional judgment

• Establish materiality• Identify applicable compliance

requirements• Perform risk assessment

procedures


37

Requirements• Assess the risks of material

noncompliance• Perform further audit procedures in

response to assessed risks• Follow any supplementary audit

requirements


38

Requirements• Obtain written representations

from management• Consider subsequent events• Evaluate the sufficiency and

appropriateness of audit evidence and form an opinion


39

Requirements• Report on compliance (and, if

required, on internal control over compliance)

• Document all procedures and conclusions


40

Reporting• SAS 117 added the phrase “direct

and material” to report language– Report on Compliance With

Requirements That Could Have a Direct and Material Effect on Each Major Program and on Internal Control Over Compliance in Accordance With OMB Circular A-133


41

Reporting• Illustrative Auditor’s Reports

http://www.aicpa.org/InterestAreas/GovernmentalAuditQuality/Resources/IllustrativeAuditorsReports/Pages/IllustrativeAuditorReportsforClarity.aspx

• Updated for Clarity Standards– New report sections and restricted use

language


42

Single Audit Updates

SAS 119: Supplementary Information

43

in Relation to• Effective for periods ending on or

after 12/31/2011• Addresses the auditor’s

responsibility when engaged to report on whether SI is fairly stated, in all material respects, in relation to the financial statements taken as a whole– Applies to SEFA


the Financial Statements as a Whole

44

Objectives• The auditor’s objectives when

reporting on SI in relation to the financial statements as a whole are to:– Evaluate the presentation of the SI in

relation to the financial statements as a whole; and

– Report on whether the SI is fairly stated, in all material respects, in relation to the financial statements as a whole


45

Requirements• Determine that SI was derived

from and directly relates to the underlying accounting records used to prepare the F/S

• SI must relate to the same period as the FS


46

Requirements• FS must have been audited by the

same auditor (adverse opinion or disclaimer not permitted)

• SI must accompany the audited FS, or else the audited FS must be readily available


47

Requirements• Auditor must perform procedures

on the SI, such as:– Inquire of management about the

purpose of the SI, and the methods used to prepare it

– Compare SI to the audited FS for consistency

continued…


48

Requirements• Auditor must perform procedures

on the SI, such as:– Evaluate the appropriateness and

completeness of the presentation– Obtain written representations from

management• The date of the auditor’s report on

SI should not be earlier than the date these procedures are completed


49

Reporting• Additional language in:

– Auditors’ opinion– SAS 114 letter


50

Auditors’ OpinionReport on Schedule of Expenditures of Federal Awards Required by OMB Circular A-133We have audited the financial statements of the governmental activities, the business-type activities, the aggregate discretely presented component units, each major fund, and the aggregate remaining fund information of Example Entity as of and for the year ended June 30, 20X1, and the related notes to the financial statements, which collectively comprise Example Entity’s basic financial statements. We issued our report thereon dated August 15, 20X1, which contained unmodified opinions on those financial statements. (continued…)


51

Auditors’ OpinionOur audit was conducted for the purpose of forming opinions on the financial statements that collectively comprise the basic financial statements. The accompanying schedule of expenditures of federal awards is presented for purposes of additional analysis as required by OMB Circular A-133 and is not a required part of the basic financial statements. Such information is the responsibility of management and was derived from and relates directly to the underlying accounting and other records used to prepare the basic financial statements. (continued…)


52

Auditors’ OpinionThe information has been subjected to the auditing procedures applied in the audit of the financial statements and certain additional procedures, including comparing and reconciling such information directly to the underlying accounting and other records used to prepare the basic financial statements or to the basic financial statements themselves, and other additional procedures in accordance with auditing standards generally accepted in the United States of America. In our opinion, the schedule of expenditure of federal awards is fairly stated in all material respects in relation to the basic financial statements as a whole.


53

SAS 114 LetterOur responsibility for the supplementary information accompanying the financial statements, as described by professional standards, is to evaluate the presentation of the supplementary information in relation to the financial statements as a whole and to report on whether the supplementary information is fairly stated, in all material respects, in relation to the financial statements as a whole. We made certain inquiries of management and evaluated the form, content, and methods of preparing the information to determine that the information complies with accounting principles generally accepted in the United States of America, the method of preparing it has not changed from the prior period, and the information is appropriate and complete in relation to our audit of the financial statements. We compared and reconciled the supplementary information to the underlying accounting records used to prepare the financial statements or to the financial statements themselves.


Other Information in Documents Containing Audited Financial Statements

54

GAS and A-133 Audits• 2013 update

– Scheduled for release in May/June(not available when these slides went to press)

AICPA Audit Guide

55

Compliance Supplement• 2013 edition expected in June

(not available when these slides went to press)• Expected changes:

– Part 2, Matrix of Compliance Requirements• Many areas no longer identified as

applicable for various programs• Intent is for auditors to focus on

“important” compliance requirements

OMB Circular A-133

56

Compliance Supplement• Expected changes:

– Part 3, Compliance Requirements• Procurement and Suspension and

Debarment requirements clarified• FFATA reporting to be dropped as an audit

requirement– Part 4, Specific Programs

• Many ARRA programs removed

OMB Circular A-133

57

58

Proposed Changes• In February 2013, OMB posted a

proposed rule– Over 200 pages long– Comment period closed June 2, 2013– Would combine all grant circulars and

related guidance into a single document

OMB Circular A-133

Proposed Changes• Threshold for a single audit• Increased from $500k to $750k

• Type A/B Threshold• Increased from $300k to $500k

• High-Risk Type A programs• Material noncompliance, material

weakness or questioned costs > 5% (currently, SD is enough for high-risk)

OMB Circular A-133

59

Proposed Changes• Type B programs• Large Type B threshold changed to

25% of Type A threshold• Only required to test ¼ of high-risk

Type B programs (instead of ½)• Percent of coverage• Coverage reduced from 50% to 40%• Low-risk coverage reduced from 25%

to 20%

OMB Circular A-133

60

Proposed Changes• Low-Risk Auditee Status• Explicitly considers timing of DCF

submission• No going concern comments permitted

• Compliance Areas• List of 14 areas reduced to 6• Deleted areas may be shifted to

special tests and provisions

OMB Circular A-133

61

Proposed Changes• Findings• Questioned costs increased from $10k

to $25k• More detail required

• Federal cost principles simplified• Indirect costs• Time and effort reporting

OMB Circular A-133

62

Proposed Changes• Effective date unknown• AICPA is pushing for adequate time to

prepare/train• May allow thresholds to move up first,

and other changes to follow

OMB Circular A-133

63

Yellow Book Updates

64

Yellow Book Overview• Generally Accepted Government

Auditing Standards or “GAGAS”• Issued by the Comptroller General

of the United States• Government Accountability Office

(GAO)– Investigative arm of Congress– Independent and nonpartisan

65

Yellow Book Overview• When is a YB Audit Required?

– Single Audits – Certain grant agreements – State regulation– Voluntarily

• GFOA Recommended Practice: Audit Procurement

66

2011 Yellow Book• Incorporates the AICPA’s “clarity

standards”• Effective dates:

– FYE 12/31/2012 for financial audits and attestation engagements

– FYE 12/31/2011 for performance audits

– Early implementation is not permitted

67

Chapters1. Government Auditing: Foundation

and Ethical Principles– Introduction– Purpose and Applicability of GAGAS– Ethical Principles

68

2011 Yellow Book

Chapters2. Standards for Use And Application

– Introduction– Types of GAGAS Audits and Attestation

Engagements– Use of Terminology to Define GAGAS

Requirements– Relationship between GAGAS and Other

Professional Standards– Stating Compliance with GAGAS in the

Auditors’ Report69

2011 Yellow Book

Chapters3. General Standards

– Introduction– Independence– Professional Judgment– Competence– Quality Control and Assurance

70

2011 Yellow Book

Chapters4. Standards for Financial Audits

– Introduction– Additional GAGAS Requirements for

Performing Financial Audits– Additional GAGAS Reporting Requirements

for Financial Audits– Additional GAGAS Considerations for

Financial Audits

71

2011 Yellow Book

Chapters5. Standards for Attestation

Engagements– Introduction– Examination Engagements– Review Engagements– Agreed-Upon Procedures Engagements

72

2011 Yellow Book

Chapters6. Field Work Standards for

Performance Audits– Introduction– Reasonable Assurance– Significance in a Performance Audit– Audit Risk– Planning– Supervision– Obtaining Sufficient, Appropriate Evidence– Audit Documentation

73

2011 Yellow Book

Chapters7. Reporting Standards for

Performance Audits– Introduction– Reporting– Report Contents– Distributing Reports

74

2011 Yellow Book

Significant Changes• Reorganized chapters• Removed sections that duplicated

AICPA guidance (as this guidance is incorporated by reference)

• Removes special guidance on reporting restated financial statements

75

2011 Yellow Book

Significant Changes• Requirements for CPE clarified• New conceptual framework for

independence added (previous Q&A Guide superseded)

76

2011 Yellow Book

CPE• Two levels of CPE required• All staff performing GAGAS audits

need 24 hours every 2 years in topics of:– Government auditing– The governmental environment– Specific or unique environment of

clients77

2011 Yellow Book

CPE• Additional requirement (80 hours

every 2 years) if:– Responsible for planning, directing, or

reporting on GAGAS audits; or– 20% or more of total time is spent on

GAGAS audits– Additional 56 hours must “enhance

the auditor’s professional proficiency”

78

2011 Yellow Book

CPE• External specialists should be

qualified and maintain professional competence in their areas of specialization but are not required to meet GAGAS CPE requirements

• Internal specialists are subject to GAGAS requirements

79

2011 Yellow Book

IndependenceConceptual Framework

• In all matters relating to the audit work, the audit organization and the individual auditor, whether government or public, must be independent

• It is impossible to define every situation that may impact independence, so GAGAS establish a conceptual framework to address it

80

IndependenceConceptual Framework

• Framework:1. Identify threats to independence2. Evaluate the significance of threats

identified3. Apply safeguards as necessary to

eliminate threats or reduce them to an acceptable level

81

IndependenceThreats

• Threats to independence are circumstances that could impair independence– Threats are conditions to be

evaluated using the conceptual framework

– Threats do not necessarily impair independence

82

IndependenceTypes of Threats

• Self-interest threat• Self-review threat• Bias threat• Familiarity threat• Undue influence threat• Management participation threat• Structural threat

83

IndependenceSafeguards

• Safeguards are controls designed to eliminate or reduce to an acceptable level threats to independence:– Under the conceptual framework, the

auditor applies safeguards that address the specific facts and circumstances under which threats to independence exist

– In some cases, multiple safeguards may be necessary to address a threat

84

IndependenceApplication

• Auditors should evaluate threats both individually and in the aggregate– Threats can have a cumulative effect

on independence • Some threats can be eliminated or

reduced to an acceptable level, while others cannot

85


• Threats to independence are not at an acceptable level if:– The threat could impact the auditor’s

ability to perform an audit without being affected by influences that compromise professional judgment; or

– A reasonable and informed third party would conclude that the auditor’s integrity, objectivity, or professional skepticism has been compromised86


• If threats to independence are not at an acceptable level:– Apply safeguards– Document the threats identified and

safeguards applied– Evaluate both qualitative and

quantitative factors to determine whether independence of both mind and appearance are maintained

87


• If independence is impaired:– Decline to perform a prospective

engagement– Terminate an audit in progress– Recall any reports issued in a period

during which it is subsequently determined that independence was impaired

88

IndependenceNonaudit Services

• Providing nonaudit services may create threats to an auditor’s independence– Auditors should consider and

document potential threats from nonaudit services

– A critical component is management’s ability to effectively oversee the nonaudit service to be performed89


• Providing nonaudit services may create threats to an auditor’s independence– The audited entity should designate

an individual who possesses suitable skill, knowledge, or experience, and who understands the services to be performed sufficiently to oversee them

– This individual is not required to possess the expertise to perform or re-perform the services

90


• Auditors performing nonaudit services should ensure that management:– Assumes all management

responsibilities– Oversees all nonaudit services by

designating a individual (preferably within senior management) who possess suitable skill, knowledge, or experience91


• Auditors performing nonaudit services should ensure that management:– Evaluates the adequacy and results of

all services performed– Accepts responsibility for the results

of any nonaudit services

92


• Document the understanding with management/those charged with governance in writing:– Objectives of the nonaudit service– Services to be performed– Audited entity’s acceptance of its

responsibilities– The auditor’s responsibilities– Any limitations of the nonaudit

service93


• Routine activities:– Relate directly to the performance of

an audit (such as providing advice and responding to questions)

– Typically insignificant in terms of time and cost, and do not result in a formal report or work product

– Not considered nonaudit services and are exempt from the conceptual framework94


• Routine activities:– Providing advice on an accounting

matter as an ancillary part of the overall financial audit

– Researching and responding to technical questions on relevant tax laws as an ancillary part of providing tax services

– Providing advice to the audited entity on routine business matters95


• Routine activities:– Educating the audited entity on

matters within the technical expertise of the auditors

– Providing information to the audited entity that is readily available to the auditors, such as best practices and benchmarking studies

96


• Routine activities do not include:– Financial statement preparation– Cash to accrual conversions– Reconciliations

• These are considered nonaudit services under GAGAS, and are subject to the conceptual framework

97

IndependenceDocumentation

• Documentation of independence considerations:– Provides evidence of the auditor’s

judgments in forming conclusions regarding compliance with independence requirements

– Is required under the GAGAS quality control and assurance requirements

98

IndependenceDocumentation

• Documentation of independence considerations:– Threats to independence that require

the application of safeguards, and the safeguards applied

– Consideration of management’s ability to effectively oversee nonaudit services

– Auditor’s understanding with the entity when performing nonaudit services

99

Questions and Answers…

100

For more information...

Stephen W. Blann, CPA, CGFM, CGMA

Director of Governmental Audit Quality616.975.2810

[email protected]/government

101