How are the GAGAS organized (topics covered in the Yellow Book)
Foundations and ethical principles
General standards
Standards for financial audits andattestation engagements
Field work and reporting standards for performance audits
GAGAS covers audits of which entities?
Government organizations, programs, activities, and functions
Government assistance received by contractors, NFP organizations, and others
Define unconditional requirements
GAGAS standards with which the auditor must comply
Define presumptively mandatory requirements.
GAGAS standards with which the auditor shouldcomply
An explanation is needed if these standards are not followed
What are the 3 primary types of government audits?
Financial Statements
Attestation
Performance
True / False: GAGAS allows for entities to use and obtain an audit using OCBOA.
True
What subjects are typically the source of a government attestation engagement?
Compliance with specific laws, regulations, rules, contracts, or grants
Effectiveness of internal control over compliance with specified requirements
Presentation of MD&A
Reliability and performance measures
Which standards apply to a government attestation engagement?
SSAEs + GAGAS
What is the general purpose of a performance audit?
To contribute to public accountability by finding ways to become more resourceful.
What are the 4 primary objectives of a performance audit? To report on the…
Effectiveness, economy and efficiency
Internal controls
Compliance, and
Provide a prospective analysis
What questions must be answered to ensure the effectiveness, economy, and efficiency portion of a performance audit?
Effectiveness: did the org. achieve the legislative, regulatory, or organizational goals
Economy: how well did the org. perform regarding cost benefit or cost effectiveness
Efficiency: provide performance measures
What questions must be answered to ensure the internal control portion of a performance audit?
Did the org. effectively & efficiently achieve their missions, goals, objectives
Are resources used in compliance with laws, rules, regulations
Are proper security measures employed on and is a disaster plan in place for IT systems
What questions must be answered to ensure the compliance portion of a performance audit?
Has the org. met compliance criteria of laws, regulations, contracts, etc
Has the appropriate target population been served
What is included in the prospective portion of a performance audit?
Analysis or conclusions about information based on assumptions about possible future events, along with possible actions that the org. may take in response.
True / False: In a GAGAS audit, the auditor should evaluate whether appropriate corrective actions on findings from a previous audit or attestation engagement have been addressed.
True
In a GAGAS audit, how does the auditor evaluate whether appropriate corrective actions on findings from a previous audit or attestation engagement have been addressed?
Inquire of management about the status.
Define abuse per GAGAS and provide a couple of examples. Clarify the difference between abuse and fraud.
Deficient or improper behavior, including the misuse of authority or position, for gain.
Abuse vs fraud: Abuse is not illegal, but it does extend what would be normally acceptable expenditures for the benefit of one person.
creating unneeded overtime
requesting staff perform personal errands for a supervisor or manager
making expensive or extravagant travel arrangement
selecting vendors contrary to policy
True / False: The auditor is required to detect abuse and report on it to the org.
False
Abuse is subjective. The auditor should be aware of quantitatively or qualitatively material abuse and perform further testing, but is not required to detect abuse.
What is a finding? What components are included in a report on a finding?
A specific negative event.
Report on the (1) criteria that has been violated, (2) the condition in which the finding exists, (3) the cause, and (4) the effect or potential effect.
True / False: Evidence of a GAGAS quality review is required before the audit report is issued.
False
Evidence of a supervisory review is needed; not a quality review.
What two areas must the auditor include in a report when performing a governmental financial audit?
Statements regarding the scope of the auditor’s testing, and any findings, regarding internal control. The auditor does not need to state an opinion unless the scope of evidence is sufficient and appropriate to do so. The report should include significant deficiencies and material weaknesses.
Statements regarding the scope of the auditor’s testing, and any findings, regarding compliance with laws, regulations, contracts, and grant agreements. The report should include fraud, noncompliance, or abuse that has a material effect on the FS.
The auditor’s report must include a listing of findings along with which other item in its report on internal control and compliance?
Management’s responses to the findings
The auditor may report findings to outside parties only when these situations occur.
Management fails to satisfy legal or regulatory requirements to report
Management fails to take time and appropriate steps to respond to known or likely fraud, noncompliance, or abuse.
When are responses from management included in the auditor’s report? When are they documented but excluded?
Included when they are in writing
Documented but excluded when capturing an oral response
The org.’s response to the auditor’s findings contradicts or fails to fully address the auditor’s comments. How should the auditor respond?
Evaluate the validity of the audited org’s comments
Explain the basis for the disagreement
The org.’s refuses or is unavailable to respond to the auditor’s findings. How should the auditor respond?
Disclose that the audited org did not provide comments.
Who may receive the auditor’s report on an audit performed under GAGAS?
Those charged with governance of the audited entity
Officials of the audited entity
Oversight bodies who arrange for the audits
Officials or those with authority who may be responsible for acting on audit findings
All other authorized to receive reports
True / False: The auditor may perform early reporting of a deficiency or noncompliance to management
True – the sooner the better so that management can take corrective action
How is a report on a FS audit the same as or different from a GAAS report when also applying GAGAS?
The general report is the same as that for GAAS, except
The auditor’s responsibility paragraph must also include that the audit was conducted under GAAS and GAGAS in the United States
An other-matter paragraph is added referencing the Yellow Book report on internal controls and compliance.
True / False: GAGAS require a written report on the auditor’s understanding of internal control, assessment of control risk, negative assurance, or disclosure of significant deficiencies and material weaknesses.