Single Audit Guidelines Florida GFOA Annual Conference June 25, 2013 Presented by.

Single Audit Guidelines

Florida GFOAAnnual Conference

June 25, 2013

Presented by

Presented by:

Stephen W. Blann, CPA, CGFM, CGMA

Director of Governmental Audit QualityRehmann

2

Agenda

• Single Audit Overview• Single Audit Updates

– SAS 117: Compliance Audits– SAS 119: Supplementary Information– Audit Guide: GAS/A-133 Audits– A-133 Compliance Supplement– OMB’s proposed changes

3

Agenda

• Yellow Book Overview• Yellow Book Updates

– 2011 Revision– CPE Requirements– Independence Conceptual Framework

4

Components of a Single Audit

• Financial statement audit (GAAS)• Conducted in accordance with

Government Auditing Standards (GAGAS or the “Yellow Book”)

• Compliance audit of federal awards expended (A-133)

5


Financial Statement Audit• Results in an opinion on whether the

financial statements are fairly presented in accordance with generally accepted accounting principles

6


Government Auditing Standards

• Builds on the foundation of generally accepting auditing standards

• Adds additional requirements for auditor independence and continuing professional education

• Results in a report (not an opinion) on matters related to internal control over financial reporting that came to the auditors’ attention during the audit

7


Compliance Audit of Federal Awards

• Builds on the foundation of GAAS and GAGAS

• Adds compliance testing for “major programs”

• Results in:1. an opinion on major program compliance2. a report (not an opinion) on matters related

to internal control over compliance that came to the auditors’ attention during the audit

3. an opinion on the Schedule of Expenditures of Federal Awards (SEFA) in-relation-to the financial statements

8

9

Single Audit Overview

Determine Need

Select Major

Programs

Test IC and

Compliance

Reporting

10


Determine Need

Select Major

Programs

Test IC and

Compliance

Reporting

• Obtain Schedule of Expenditures of Federal Awards (SEFA) from client

• Threshold for single audit is $500,000 in current year

• Test SEFA in accordance with SAS 119 sufficient to render an in-relation-to opinion

11


Determine Need

Select Major

Programs

Test IC and

Compliance

Reporting

• Consider by CFDA number or cluster• Divide programs into Type A and B

– Cut-off starts at $300,000 and goes up to $3,000,000 as federal expenditures range from $10M-$100M

• Assess risk of Type A programs– Type A programs that are not low-risk are major– Type A programs that are low-risk are temporarily set

aside, but may still be major• May only be low-risk if previously audited with no findings

12


Determine Need

Select Major

Programs

Test IC and

Compliance

Reporting

• If necessary, assess risk of larger Type B programs– Only required if there is a low-risk Type A program– “Larger” Type B programs are $100,000 or more

(threshold starts to increase at $33M)– High-risk programs may be selected as major

• Risk assessment is based on auditor judgment• Select one high-risk Type B program for each low-risk Type A

program (limited to half of the high-risk Type B programs)

13


Determine Need

Select Major

Programs

Test IC and

Compliance

Reporting

• Determine if percentage of coverage is met– Required to test 50% of SEFA– For low-risk auditees, only test 25% of SEFA

• Clean single audit for two years (no material findings)• Filed on time with the Clearinghouse

– Select additional programs (auditor’s choice) until coverage is met

14


Determine Need

Select Major

Programs

Test IC and

Compliance

Reporting

• For each major program, determine which compliance areas to test– Applicable per the A-133 Compliance Supplement– Applicable to the auditee– Have a direct and material effect on compliance

15


Determine Need

Select Major

Programs

Test IC and

Compliance

Reporting

• Compliance areasA.Activities allowed or unallowed

B.Allowable costs/cost principles

C.Cash management

D.Davis-Bacon Act

E. Eligibility

F. Equipment and real property management

G.Matching, level of effort, and earmarking

H.Period of availability of federal funds

I. Procurement/suspension and debarment

J. Program income

K.Real property acquisition and relocation assistance

L. Reporting

M. Subrecipient monitoring

N.Special tests and provisions

16


Determine Need

Select Major

Programs

Test IC and

Compliance

Reporting

• Testing memos– Compliance requirement– Tests of compliance– Internal controls over compliance– Tests of internal controls over compliance– Conclusions

• Identify and test “individually important items” before sampling

17


Determine Need

Select Major

Programs

Test IC and

Compliance

Reporting

• In-relation-to opinion on the SEFA• Yellow Book report

– Internal control over financial reporting– Compliance with laws, regulations, and grant

agreements• A-133 report

– Compliance for each major program– Internal control over compliance

18


Determine Need

Select Major

Programs

Test IC and

Compliance

Reporting

• Schedule of Findings and Questioned Costs– Summary of Auditors Results– Financial statement findings– Federal awards findings

• Summary Schedule of Prior Audit Findings– Status of prior federal award findings

• Data Collection Form and reporting package– Submitted online

19


• Contents of a Single Audit– Independent Auditor’s Report on the SEFA– Schedule of Expenditures of Federal Awards– Notes to the SEFA– Yellow Book report– A-133 report– Schedule of Findings and Questioned Costs– Summary Schedule of Prior Audit Findings

20


• SEFA requirements– List of federal programs by agency– List programs within a cluster– Name of pass-through entity and identifying

number assigned by the pass-through entity– CFDA number or other identifying number

when CFDA not available

21


• SEFA requirements– Total federal awards expended for each

program (CFDA number or cluster)– Significant accounting policies used in

preparation of the SEFA– Amounts passed-through to subrecipients– Value of any non-cash assistance received

and loans or loan guarantees outstanding at year end

22


• Optional SEFA elements– Grant period– Total award amount– Beginning accrued (deferred) revenue– Current year cash receipts– Ending accrued (deferred) revenue– Amounts expended in prior periods on multi-

year grants

23


• Notes to SEFA– Basis of presentation

• SEFA presents only federal grant activity• Presented in accordance with A-133

– Summary of significant accounting policies• Basis of accounting (reference to Note 1)• Expenditures recognized in accordance

with Federal Cost Principles (A-87, A-122, or A-21)

– Pass-through agencies

24


• Schedule of Findings and Questioned CostsSection I - Summary of Auditors’ ResultsSection II - Financial Statement Findings– Numbered as 2013-FS-1, etc.

Section III - Federal Award Findings– Numbered as 2013-SA-1, etc.

25


• Summary Schedule of Prior Audit Findings – Brief description and status

26


• Elements of a finding– Finding

number/short name– Finding type

(compliance/controls)

– Federal program(s)– Criteria– Condition

– Cause– Effect– Questioned costs– Recommendation– View of Responsible

Officials

Single Audit Updates

SAS 117: Compliance Audits

27

Applicability

• Establishes applicability of financial auditing guidance in compliance audits

• Applicable for compliance audits subject to:– Generally accepted auditing

standards, and– Government Auditing Standards, and– A governmental audit requirement that

requires an auditor to express an opinion on compliance


28

Applicability

• Commonly applicable to:– Single audits (OMB Circular A-133)– HUD audits (Consolidated Audit Guide)

• Not applicable to:– Examinations (follow SSAEs not SASs)– Agreed-Upon Procedures engagements


29

Applicability

• Compliance audits are usually performed in conjunction with a financial statement audit– SAS 117 does not apply to the

financial statement audit component of such engagements


30

Applicability

• In general, all AICPA Statements on Auditing Standards (AU Sections) and supplementary Yellow Book guidance should be adapted and applied to compliance audits– (e.g., replace “misstatement” with

“noncompliance”)


31

Applicability

• A detailed list of non-applicable AU Sections is provided in Appendix A– Auditors are not required to make a

literal translation of each procedure that might be performed in a financial statement audit, but rather to obtain sufficient appropriate audit evidence to support the auditor’s opinion on compliance


32

Management’s Responsibilities

• A compliance audit is based on the premise that management is responsible for the entity’s compliance, including:1. Identifying programs and

understanding compliance requirements

2. Establishing and maintaining effective internal controls over compliance

continued…


33

Management’s Responsibilities

• A compliance audit is based on the premise that management is responsible for the entity’s compliance, including:3. Evaluating and monitoring the

entity’s compliance4. Taking corrective action when

instances of noncompliance are identified


34

Objectives

• The auditor’s objectives in a compliance audit are to:1. Obtain sufficient appropriate audit

evidence to form an opinion and report on whether the entity complied in all material respects with the applicable compliance requirements

continued…


35

Objectives

• The auditor’s objectives in a compliance audit are to:2. Identify audit and reporting

requirements that are supplementary to GAAS and Government Auditing Standards, if any, and perform additional procedures to address those requirements


36

Requirements

• Adapt and apply AU Sections to the objectives of the compliance audit, using professional judgment

• Establish materiality• Identify applicable compliance

requirements• Perform risk assessment

procedures


37

Requirements

• Assess the risks of material noncompliance

• Perform further audit procedures in response to assessed risks

• Follow any supplementary audit requirements


38

Requirements

• Obtain written representations from management

• Consider subsequent events• Evaluate the sufficiency and

appropriateness of audit evidence and form an opinion


39

Requirements

• Report on compliance (and, if required, on internal control over compliance)

• Document all procedures and conclusions


40

Reporting

• SAS 117 added the phrase “direct and material” to report language– Report on Compliance With

Requirements That Could Have a Direct and Material Effect on Each Major Program and on Internal Control Over Compliance in Accordance With OMB Circular A-133


41

Reporting

• Illustrative Auditor’s Reportshttp://www.aicpa.org/InterestAreas/GovernmentalAuditQuality/Resources/IllustrativeAuditorsReports/Pages/IllustrativeAuditorReportsforClarity.aspx

• Updated for Clarity Standards– New report sections and restricted use

language


42

Single Audit Updates

SAS 119: Supplementary Information

43

in Relation to

• Effective for periods ending on or after 12/31/2011

• Addresses the auditor’s responsibility when engaged to report on whether SI is fairly stated, in all material respects, in relation to the financial statements taken as a whole– Applies to SEFA


the Financial Statements as a Whole

44

Objectives

• The auditor’s objectives when reporting on SI in relation to the financial statements as a whole are to:– Evaluate the presentation of the SI in

relation to the financial statements as a whole; and

– Report on whether the SI is fairly stated, in all material respects, in relation to the financial statements as a whole


45

Requirements

• Determine that SI was derived from and directly relates to the underlying accounting records used to prepare the F/S

• SI must relate to the same period as the FS


46

Requirements

• FS must have been audited by the same auditor (adverse opinion or disclaimer not permitted)

• SI must accompany the audited FS, or else the audited FS must be readily available


47

Requirements

• Auditor must perform procedures on the SI, such as:– Inquire of management about the

purpose of the SI, and the methods used to prepare it

– Compare SI to the audited FS for consistency

continued…


48

Requirements

• Auditor must perform procedures on the SI, such as:– Evaluate the appropriateness and

completeness of the presentation– Obtain written representations from

management• The date of the auditor’s report on

SI should not be earlier than the date these procedures are completed


49

Reporting

• Additional language in:– Auditors’ opinion– SAS 114 letter


50

Auditors’ Opinion

Report on Schedule of Expenditures of Federal Awards Required by OMB Circular A-133We have audited the financial statements of the governmental activities, the business-type activities, the aggregate discretely presented component units, each major fund, and the aggregate remaining fund information of Example Entity as of and for the year ended June 30, 20X1, and the related notes to the financial statements, which collectively comprise Example Entity’s basic financial statements. We issued our report thereon dated August 15, 20X1, which contained unmodified opinions on those financial statements. (continued…)


51

Auditors’ Opinion

Our audit was conducted for the purpose of forming opinions on the financial statements that collectively comprise the basic financial statements. The accompanying schedule of expenditures of federal awards is presented for purposes of additional analysis as required by OMB Circular A-133 and is not a required part of the basic financial statements. Such information is the responsibility of management and was derived from and relates directly to the underlying accounting and other records used to prepare the basic financial statements. (continued…)


52

Auditors’ Opinion

The information has been subjected to the auditing procedures applied in the audit of the financial statements and certain additional procedures, including comparing and reconciling such information directly to the underlying accounting and other records used to prepare the basic financial statements or to the basic financial statements themselves, and other additional procedures in accordance with auditing standards generally accepted in the United States of America. In our opinion, the schedule of expenditure of federal awards is fairly stated in all material respects in relation to the basic financial statements as a whole.


53

SAS 114 Letter

Our responsibility for the supplementary information accompanying the financial statements, as described by professional standards, is to evaluate the presentation of the supplementary information in relation to the financial statements as a whole and to report on whether the supplementary information is fairly stated, in all material respects, in relation to the financial statements as a whole. We made certain inquiries of management and evaluated the form, content, and methods of preparing the information to determine that the information complies with accounting principles generally accepted in the United States of America, the method of preparing it has not changed from the prior period, and the information is appropriate and complete in relation to our audit of the financial statements. We compared and reconciled the supplementary information to the underlying accounting records used to prepare the financial statements or to the financial statements themselves.


Other Information in Documents Containing Audited Financial Statements

54

GAS and A-133 Audits

• 2013 update– Scheduled for release in May/June

(not available when these slides went to press)

AICPA Audit Guide

55

Compliance Supplement

• 2013 edition expected in June(not available when these slides went to press)

• Expected changes:– Part 2, Matrix of Compliance

Requirements• Many areas no longer identified as

applicable for various programs• Intent is for auditors to focus on

“important” compliance requirements

OMB Circular A-133

56

Compliance Supplement

• Expected changes:– Part 3, Compliance Requirements

• Procurement and Suspension and Debarment requirements clarified

• FFATA reporting to be dropped as an audit requirement

– Part 4, Specific Programs• Many ARRA programs removed

OMB Circular A-133

57

58

Proposed Changes

• In February 2013, OMB posted a proposed rule– Over 200 pages long– Comment period closed June 2, 2013– Would combine all grant circulars and

related guidance into a single document

OMB Circular A-133

Proposed Changes

• Threshold for a single audit• Increased from $500k to $750k

• Type A/B Threshold• Increased from $300k to $500k

• High-Risk Type A programs• Material noncompliance, material

weakness or questioned costs > 5% (currently, SD is enough for high-risk)

OMB Circular A-133

59

Proposed Changes

• Type B programs• Large Type B threshold changed to

25% of Type A threshold• Only required to test ¼ of high-risk

Type B programs (instead of ½)

• Percent of coverage• Coverage reduced from 50% to 40%• Low-risk coverage reduced from 25%

to 20%

OMB Circular A-133

60

Proposed Changes

• Low-Risk Auditee Status• Explicitly considers timing of DCF

submission• No going concern comments permitted

• Compliance Areas• List of 14 areas reduced to 6• Deleted areas may be shifted to

special tests and provisions

OMB Circular A-133

61

Proposed Changes

• Findings• Questioned costs increased from $10k

to $25k• More detail required

• Federal cost principles simplified• Indirect costs• Time and effort reporting

OMB Circular A-133

62

Proposed Changes

• Effective date unknown• AICPA is pushing for adequate time to

prepare/train• May allow thresholds to move up first,

and other changes to follow

OMB Circular A-133

63

Yellow Book Updates

64

Yellow Book Overview

• Generally Accepted Government Auditing Standards or “GAGAS”

• Issued by the Comptroller General of the United States

• Government Accountability Office (GAO)– Investigative arm of Congress– Independent and nonpartisan

65

Yellow Book Overview

• When is a YB Audit Required?– Single Audits – Certain grant agreements – State regulation– Voluntarily

• GFOA Recommended Practice: Audit Procurement

66

2011 Yellow Book

• Incorporates the AICPA’s “clarity standards”

• Effective dates:– FYE 12/31/2012 for financial audits

and attestation engagements– FYE 12/31/2011 for performance

audits– Early implementation is not permitted

67

Chapters

1. Government Auditing: Foundation and Ethical Principles– Introduction– Purpose and Applicability of GAGAS– Ethical Principles

68

2011 Yellow Book

Chapters

2. Standards for Use And Application– Introduction– Types of GAGAS Audits and Attestation

Engagements– Use of Terminology to Define GAGAS

Requirements– Relationship between GAGAS and Other

Professional Standards– Stating Compliance with GAGAS in the

Auditors’ Report

69

2011 Yellow Book

Chapters

3. General Standards– Introduction– Independence– Professional Judgment– Competence– Quality Control and Assurance

70

2011 Yellow Book

Chapters

4. Standards for Financial Audits– Introduction– Additional GAGAS Requirements for

Performing Financial Audits– Additional GAGAS Reporting Requirements

for Financial Audits– Additional GAGAS Considerations for

Financial Audits

71

2011 Yellow Book

Chapters

5. Standards for Attestation Engagements– Introduction– Examination Engagements– Review Engagements– Agreed-Upon Procedures Engagements

72

2011 Yellow Book

Chapters

6. Field Work Standards for Performance Audits– Introduction– Reasonable Assurance– Significance in a Performance Audit– Audit Risk– Planning– Supervision– Obtaining Sufficient, Appropriate Evidence– Audit Documentation

73

2011 Yellow Book

Chapters

7. Reporting Standards for Performance Audits– Introduction– Reporting– Report Contents– Distributing Reports

74

2011 Yellow Book

Significant Changes

• Reorganized chapters• Removed sections that duplicated

AICPA guidance (as this guidance is incorporated by reference)

• Removes special guidance on reporting restated financial statements

75

2011 Yellow Book

Significant Changes

• Requirements for CPE clarified• New conceptual framework for

independence added (previous Q&A Guide superseded)

76

2011 Yellow Book

CPE

• Two levels of CPE required• All staff performing GAGAS audits

need 24 hours every 2 years in topics of:– Government auditing– The governmental environment– Specific or unique environment of

clients

77

2011 Yellow Book

CPE

• Additional requirement (80 hours every 2 years) if:– Responsible for planning, directing, or

reporting on GAGAS audits; or– 20% or more of total time is spent on

GAGAS audits– Additional 56 hours must “enhance

the auditor’s professional proficiency”

78

2011 Yellow Book

CPE

• External specialists should be qualified and maintain professional competence in their areas of specialization but are not required to meet GAGAS CPE requirements

• Internal specialists are subject to GAGAS requirements

79

2011 Yellow Book

Independence

Conceptual Framework• In all matters relating to the audit

work, the audit organization and the individual auditor, whether government or public, must be independent

• It is impossible to define every situation that may impact independence, so GAGAS establish a conceptual framework to address it

80

Independence

Conceptual Framework• Framework:

1. Identify threats to independence2. Evaluate the significance of threats

identified3. Apply safeguards as necessary to

eliminate threats or reduce them to an acceptable level

81

Independence

Threats• Threats to independence are

circumstances that could impair independence– Threats are conditions to be

evaluated using the conceptual framework

– Threats do not necessarily impair independence

82

Independence

Types of Threats• Self-interest threat• Self-review threat• Bias threat• Familiarity threat• Undue influence threat• Management participation threat• Structural threat

83

Independence

Safeguards• Safeguards are controls designed

to eliminate or reduce to an acceptable level threats to independence:– Under the conceptual framework, the

auditor applies safeguards that address the specific facts and circumstances under which threats to independence exist

– In some cases, multiple safeguards may be necessary to address a threat

84

Independence

Application• Auditors should evaluate threats

both individually and in the aggregate– Threats can have a cumulative effect

on independence • Some threats can be eliminated or

reduced to an acceptable level, while others cannot

85

Independence

Application• Threats to independence are not at

an acceptable level if:– The threat could impact the auditor’s

ability to perform an audit without being affected by influences that compromise professional judgment; or

– A reasonable and informed third party would conclude that the auditor’s integrity, objectivity, or professional skepticism has been compromised

86

Independence

Application• If threats to independence are not

at an acceptable level:– Apply safeguards– Document the threats identified and

safeguards applied– Evaluate both qualitative and

quantitative factors to determine whether independence of both mind and appearance are maintained

87

Independence

Application• If independence is impaired:

– Decline to perform a prospective engagement

– Terminate an audit in progress– Recall any reports issued in a period

during which it is subsequently determined that independence was impaired

88

Independence

Nonaudit Services• Providing nonaudit services may

create threats to an auditor’s independence– Auditors should consider and

document potential threats from nonaudit services

– A critical component is management’s ability to effectively oversee the nonaudit service to be performed89

Independence

Nonaudit Services• Providing nonaudit services may

create threats to an auditor’s independence– The audited entity should designate

an individual who possesses suitable skill, knowledge, or experience, and who understands the services to be performed sufficiently to oversee them

– This individual is not required to possess the expertise to perform or re-perform the services

90

Independence

Nonaudit Services• Auditors performing nonaudit

services should ensure that management:– Assumes all management

responsibilities– Oversees all nonaudit services by

designating a individual (preferably within senior management) who possess suitable skill, knowledge, or experience91

Independence

Nonaudit Services• Auditors performing nonaudit

services should ensure that management:– Evaluates the adequacy and results of

all services performed– Accepts responsibility for the results

of any nonaudit services

92

Independence

Nonaudit Services• Document the understanding with

management/those charged with governance in writing:– Objectives of the nonaudit service– Services to be performed– Audited entity’s acceptance of its

responsibilities– The auditor’s responsibilities– Any limitations of the nonaudit

service93

Independence

Nonaudit Services• Routine activities:

– Relate directly to the performance of an audit (such as providing advice and responding to questions)

– Typically insignificant in terms of time and cost, and do not result in a formal report or work product

– Not considered nonaudit services and are exempt from the conceptual framework

94

Independence


– Providing advice on an accounting matter as an ancillary part of the overall financial audit

– Researching and responding to technical questions on relevant tax laws as an ancillary part of providing tax services

– Providing advice to the audited entity on routine business matters

95

Independence


– Educating the audited entity on matters within the technical expertise of the auditors

– Providing information to the audited entity that is readily available to the auditors, such as best practices and benchmarking studies

96

Independence

Nonaudit Services• Routine activities do not include:

– Financial statement preparation– Cash to accrual conversions– Reconciliations

• These are considered nonaudit services under GAGAS, and are subject to the conceptual framework

97

Independence

Documentation• Documentation of independence

considerations:– Provides evidence of the auditor’s

judgments in forming conclusions regarding compliance with independence requirements

– Is required under the GAGAS quality control and assurance requirements

98

Independence

Documentation• Documentation of independence

considerations:– Threats to independence that require

the application of safeguards, and the safeguards applied

– Consideration of management’s ability to effectively oversee nonaudit services

– Auditor’s understanding with the entity when performing nonaudit services

99

Questions and Answers…

100

For more information...

Stephen W. Blann, CPA, CGFM, CGMA

Director of Governmental Audit Quality616.975.2810

[email protected]/government

101

Single Audit Guidelines Florida GFOA Annual Conference June 25, 2013 Presented by.

Documents

Transcript of Single Audit Guidelines Florida GFOA Annual Conference June 25, 2013 Presented by.