For Wizard Kim-Wk3D

Chapter 11 Ebook

SINGLE AUDITS

Federal grants-in-aid to state and local governments total over $500 billion annually. Although grants-in-aid originate from more than 1,000 different programs administered by more than 30 federal departments and agencies, about 89.2 percent of the grants-in-aid in 2013 were made by five departments: the Department of Health and Human Services (64.7 percent), Department of Transportation (10.7 percent), Department of Agriculture (6.1 percent), Department of Housing and Urban Development (4.0 percent), and the Department of Education (3.8 percent).12

History of the Single Audit

Until the mid-1980s each federal agency established accounting, reporting, and auditing requirements for each program it administered, and these requirements differed from agency to agency. Accordingly, each agency had the right to make on-site audits of grant funds and often did so. Since even relatively small local governments might have several active federal grants (each with different accounting, reporting, and auditing requirements), the amount of time spent keeping track of conflicting requirements and providing facilities for a succession of different groups of auditors became extremely burdensome. Efforts were made in the 1960s to standardize grant accounting, reporting, and auditing requirements but with only modest success. In 1979, the Office of Management and Budget (OMB) required that federal fund audits be made on an organizationwide basis, rather than on a grant-by-grant basis. This concept is called the single audit.The OMB's experience led to the enactment of the Single Audit Act of 1984. The purposes of the act are to:

1. Improve the financial management of state and local governments with respect to federal financial assistance programs,

1. Establish uniform requirements for audits of federal financial assistance provided to state and local governments,

1. Promote the efficient and effective use of audit resources,

1. Ensure that federal departments and agencies rely upon and use audit work done pursuant to the Single Audit Act.

Studies by the GAO found that the Single Audit Act of 1984 and the related requirements imposed by OMB's guidance had improved accountability over federal assistance, strengthened the financial management of state and local governments and not-for-profit organizations, and reduced the overall audit burden. However, thousands of single audits were being imposed on small entities that in aggregate represented only a small percentage of total federal assistance.

Amendments to Single Audit Requirements

Recognizing the need to further improve the Single Audit Act, Congress passed the Single Audit Act Amendments of 1996 (P.L. 104–156). These amendments include one additional purpose: to reduce audit burdens on state and local governments, Indian tribes, and not-for-profit organizations.

Page 458

The 1996 amendments also extended the statutory requirement for single audit coverage to not-for-profit organizations, established a risk-based approach for selecting programs for audit testing, and increased administrative flexibility by giving OMB the authority to revise certain audit requirements periodically without seeking further amendments to the Single Audit Act.

The 1996 amendments essentially replaced the 1984 Act. Revisions to OMB guidance took place in 1997, 2003, and 2013. The current guidance for single audits is contained within an extensive OMB document, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, issued in December 2013.13 This single document provides streamlined guidelines for grant accounting and reporting and incorporates material previously issued in OMB “circulars.” Since the guidance replaces eight OMB circulars, it is often referred to as the “super circular,” “omni circular,” or Uniform Guidance (the abbreviation used in this chapter).14 It is anticipated that this guidance will be complemented by additional efforts to strengthen program outcomes through effective use of grant-making models, performance metrics, and evaluation.

Determining Who Must Have a Single Audit

Illustration 11–7 provides a flowchart to determine whether an entity must have a single audit or other type of audit. As Illustration 11–7 shows, nonfederal entities that expend $750,000 or more in a year in federal awards must have a single audit or a program-specific audit for that year. The election of a program-specific audit applies when an auditee expends federal awards under only one program or a cluster of related programs, and the program's (cluster's) laws, regulations, or grant agreements do not require an entitywide financial statement audit. A program-specific audit is usually performed on the financial statements of the particular program and examines matters related to the program such as internal controls and compliance with pertinent laws, regulations, and agreements. In many cases a program-specific audit guide will be available to provide detailed audit guidance for conducting the program-specific audit.

ILLUSTRATION 11–7

Determining Applicability of the Single Audit

Nonfederal entities that expend less than $750,000 of federal awards during the fiscal year generally are exempt from federal audit requirements for that year. Nonetheless, any federal awarding agency may conduct or arrange for additional audits it deems necessary. Such additional audits should be rare, should build upon work performed for other audits, and should be paid for by the federal agency conducting or requesting the audit. Some states have voluntarily adopted federal GAGAS and single audit requirements that may apply under state audit mandates, even if federal awards expended are less than $750,000 and no other federal audit requirement exists. In other states that do not mandate their own requirements for GAGAS audits or single audits, annual audits of local governments and not-for-profit organizations, when required, are performed in conformity with AICPA GAAS, discussed earlier in this chapter.

Page 459

The Uniform Guidance defines a nonfederal entity as a state or local government, Indian tribe, institution of higher education, or non-profit organization. Federal awards are defined as:

Federal financial assistance [defined by OMB as grants, loans, loan guarantees, property, cooperative agreements, interest subsidies, insurance, food commodities, direct appropriations, and other assistance] and federal cost-reimbursement contracts that nonfederal entities receive directly from federal awarding agencies or indirectly from pass-through entities.15

It is important to note that the required audit threshold is based on federal awards expended rather than received. Unfortunately, calculating federal awards expended is not as straightforward as it might seem. The basic rule is that a federal award has been expended at the point in time when activity occurs that requires the nonfederal entity to begin complying with laws, regulations, or contractual provisions relating to the award. Typical examples are expenditure/expense transactions (such as incurring labor costs, purchasing or using supplies, and paying utility bills) associated with grants, cost-reimbursement contracts, cooperative agreements, and direct appropriations; disbursement of funds by a pass-through entity to a subrecipient; the receipt of property; the receipt or use of program income (such as charges to program beneficiaries for services rendered and rental from program facilities); and the distribution or consumption of food commodities. Amounts expended would normally be determined using the entity's basis of accounting. Thus, either an expenditure or expense may enter into the calculation of federal awards expended. Federal noncash assistance received, such as free rent (if received by a nonfederal entity to carry out a federal program), food stamps, commodities, and donated property, should be valued at fair value at the time of receipt or the assessed value provided by the awarding federal agency.

Page 460

Certain federal awards are excluded from the calculation of awards expended. For example, Medicare and Medicaid payments for services provided are not included in the calculation unless required by the state.16

Single Audit Requirements

Pursuant to the 1996 amendments to the Single Audit Act of 1984 Subpart F of the OMB's Uniform Guidance mandates the following audit requirements for the single audit:

1. An annual audit must be performed encompassing the nonfederal entity's financial statements and schedule of expenditures of federal awards.

1. The audit must be conducted by an external federal, state, or local auditor in accordance with generally accepted government auditing standards (GAGAS) and cover the operations of the entire nonfederal entity. Alternatively, a series of audits that cover departments, agencies, and other organizational units is permitted if the series of audits encompasses the financial statements and schedule of expenditures of federal awards for each such department, agency, or other organizational unit, which in aggregate are considered to be a nonfederal entity.

1. The auditor must determine whether the financial statements are presented fairly in all material respects with GAAP and whether the schedule of expenditures of federal awards is presented fairly in relation to the financial statements taken as a whole.

1. For each major program, the auditor must obtain an understanding of the internal controls pertaining to the compliance requirements for the program, assess control risk, and perform tests of controls, unless the controls are deemed to be ineffective. (Note: OMB's Uniform Guidance requires the auditor to obtain an understanding of and conduct testing of internal controls to support a low assessed level of control risk; that is, as if high reliance will be placed on the internal controls.) In addition, for each major program the auditor shall determine whether the nonfederal entity has complied with laws, regulations, and contract or grant provisions pertaining to federal awards of the program. Auditors test compliance by determining if requirements listed for each program in the Compliance Supplementpublished by the OMB have been met. Auditors are required to use the Compliance Supplement,which details compliance auditing requirements for many federal programs, listed by Catalog of Federal Domestic Assistance (CFDA) title and number.

1. OMB's Uniform Guidance assigns certain responsibilities to federal awarding agencies and nonfederal entities that act as “pass-through” agents in passing federal awards to subrecipient nonfederal entities.

Compliance Audits

As noted in item (4) above, the Uniform Guidance requires the auditor to express an opinion that the auditee complied with laws, regulations, and grant or contract provisions that could have a direct and material effect on each major program. To gather sufficient evidence to support his or her opinion in such compliance audits, the auditor tests whether each major program was administered in conformity with administrative requirements contained in the Uniform Guidance. The auditor also tests for compliance with the detailed compliance requirements for major programs provided in the Compliance Supplement or other guidance provided by federal awarding agencies. The Compliance Supplement, updated by the OMB annually, identifies generic compliance requirements and suggested audit procedures for testing compliance with each requirement.17 A matrix in part 2 of the Supplement identifies which of the generic compliance requirements apply to specific federal funding sources. See Illustration 11–8 for an excerpt from part 2 that specifies general compliance requirements for funding programs under four federal agencies. Note that the first column identifies individual programs by CFDA.

ILLUSTRATION 11–8

Sample Matrix of Compliance Requirements

Page 462

Part 4 of the Supplement provides grant-specific program information, compliance requirements, and audit procedures for each federal funding source organized by 19 federal agencies and programs that distribute funding. Generally, compliance requirements relate to matters such as allowed and unallowed activities; allowed and unallowed costs; eligibility of program beneficiaries; responsibilities of the nonfederal entity regarding matching, level of effort, and earmarking; management of equipment and real property acquired from federal awards; and required reporting.

Part 4 of the Supplement

Auditee Responsibilities

The Uniform Guidance also details the responsibilities of auditees (nonfederal entities). Auditees are responsible for identifying all federal awards received and expended, and the federal programs under which they were received. Identification of the federal program includes the Catalog of Federal Domestic Assistance (CFDA) title and number, award number and year, and name of the federal agency. In addition, auditees are responsible for maintaining appropriate internal controls and systems to ensure compliance with all laws, regulations, and contract or grant provisions applicable to federal awards. Finally, auditees must prepare appropriate financial statements and the schedule of expenditures of federal awards, ensure that audits are properly performed and submitted when due, and follow up and take appropriate corrective action on audit findings. The latter requirement includes preparation of a summary schedule of prior audit findings and a corrective action plan for current year audit findings.

Selecting Programs for Audit

Illustration 11–9 shows the procedures and criteria for selecting major programs for audit as described in the Uniform Guidance. A major program is a federal award program selected for audit using the procedures described below and shown in Illustration 11–9 or by request of a federal awarding agency. Use of a risk-based approach for selecting major programs for audit ensures that audit effort is concentrated on the highest risk programs. The risk-based approach is applied as follows:18

ILLUSTRATION 11–9

Risk-Based Approach for Selecting Major Programs for Audit

1. Identify the “larger” federal programs and analyze them according to the Type A criteria. Programs not meeting Type A criteria are identified as Type B programs. Type A programs are determined using the following sliding scale:

 

Total Federal Awards Expended	Threshold for Type A Program
$750,000 to $100 million	Larger of $750,000 or 3% (.03) of total federal awards expended
More than $100 million to $10 billion	Larger of $3 million or .3% (.003) of total federal awards expended
More than $10 billion	Larger of $30 million or .15% (.0015) of total federal awards expended

Page 463

1. Identify low-risk Type A programs: programs previously audited in at least one of the two most recent audit periods as a major program, with no internal control deficiencies identified as material weaknesses, opinion modifications, or significant questioned costs in the most recent audit period; programs with no significant changes in personnel or systems that would have significantly increased risk; and programs that, in the auditor's professional judgment, are low risk, after considering such factors as the inherent risk of the program, the level of oversight exercised by federal awarding agencies and pass-through agencies, and the phase of a program in its life cycle. New programs, for example, tend to be more risky than more mature programs.

Page 464

1. Identify Type B programs that, based on the auditor's professional judgment and criteria discussed above, are high risk. The auditor is not expected to perform risk assessments on relatively small federal programs. Risk assessments are performed only for those Type B programs that exceed 25 percent (0.25) of the Type A threshold determined in Step 1. Note, however, that the auditor is not required to identify more high-risk Type B programs than at least one fourth the number of low-risk Type A programs identified as low-risk under Step 2.

1. At a minimum, audit as major programs all Type A programs not identified as low risk and high-risk Type B programs identified in Step 3.

The percentage of coverage rule requires the auditing of as many major programs as necessary to ensure that at least 40 percent of total federal awards expended are audited. In addition to the possibility of reduced audit coverage resulting from individual Type A programs being classified as low risk, the Uniform Guidance also provides that the auditee itself can be classified as low risk and thereby receive even greater reduction in audit coverage. An auditee that meets the rather stringent criteria prescribed in Section 200.520 of the Uniform Guidance to be a low-risk auditee needs to have audited a sufficient number of major programs to encompass only 20 percent of total federal awards expended. In either percentage of coverage case, at a minimum, the major programs slated for audit in Step 4 must be audited.

Reports Required for the Single Audit

All auditors’ reports for the single audit must be submitted electronically to the federal clearinghouse designated by the OMB within the earlier of 30 days after receipt of the auditor's report(s) or nine months after the end of the audit period. Both the auditee and auditor have responsibilities for particular reports that comprise the reporting package. The reporting package consists of:

1. Financial statements and schedule of expenditures of federal awards.

1. Summary schedule of prior audit findings.

1. Auditors’ reports.

1. Corrective action plan.

The auditee is responsible for preparing all documents described in items (1), (2), and (4) above. The auditor is responsible for preparing the various auditors’ reports in item (3) and for following up on prior year audit findings, including assessing the reasonableness of the summary schedule of prior audit findings. In addition, both the auditee and auditor have responsibilities for completing and submitting the comprehensive data collection form, referred to as Form SF-SAC, that accompanies the reporting package to the clearinghouse. In general, the form provides for extensive descriptive data about the auditee, the auditor, identification of types and amounts of federal awards and major programs, types of reports issued by the auditor, and whether the auditor identified internal control deficiencies or significant noncompliance with laws, regulations, or grant provisions. Both a senior-level representative of the auditee and auditor must sign the data collection form, certifying its accuracy and completeness.

Auditor's Reports

The OMB Uniform Guidance specifies several reports that the auditor must submit for each single audit engagement. These reports can be in the form of separate reports for each requirement or a few combined reports. The auditor's report on the financial statements should indicate that the audit was conducted in accordance with GAAS and GAGAS. The required single audit reports, whether made as separate reports or combined, must include:19

Page 465

1. An opinion (or disclaimer of opinion) as to whether the financial statements are presented fairly in all material respects with GAAP and whether the schedule of expenditures of federal awards is fairly stated in all material respects in relation to the financial statements as a whole.

1. A report on internal control over financial reporting and compliance with federal statutes, regulations, and the terms and conditions of the federal award, noncompliance with which could have a material effect on the financial statements. This report must describe the scope of testing of internal control and compliance and the results of the tests, and where applicable, it will refer to the separate schedule of findings and questioned costs described in item (4) below.

1. A report on compliance for each major program and on internal control over compliance. This report must describe the scope of testing of internal control over compliance; include an opinion or modified opinion as to whether the auditee complied with federal statutes and regulations and the terms and conditions of federal awards that could have a direct and material effect on each major program; and refer to the separate schedule of findings and questioned costs described in item (4) below.

1. A schedule of findings and questioned costs, containing the following:

3. A summary of the auditor's results, including such information as type of opinion rendered on the financial statements, significant deficiencies or material weaknesses relating to internal control, material noncompliance affecting the financial statements, major programs audited, type of opinion on compliance for major programs and significant deficiencies or material weaknesses in internal control affecting major programs, other audit findings, identification of major programs, the dollar threshold used to distinguish between Type A and Type B programs, and a statement as to whether the auditee qualified as low risk.

3. Findings related to the audit of the financial statements required to be reported under GAGAS.

3. Audit findings and questioned costs. Audit findings are discussed next.

Reporting Audit Findings

As listed in item (4) above, auditors must prepare a schedule of findings and questioned costs. Audit findings reported in the schedule provide detail on matters such as internal control significant deficiencies or material weaknesses, instances of noncompliance, questioned costs, fraud and illegal acts, material violations of contract and grant agreements, and material abuse.

Regarding reporting on internal controls, item (4a) above refers to significant deficiencies or material weaknesses. A deficiency exists when “the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct misstatements on a timely basis,” and it includes material weaknesses and significant deficiencies.20 A material weakness is a deficiency in internal control “such that there is a reasonable possibility that a material misstatement of the entity's financial statements will not be prevented, or detected and corrected on a timely basis”; a significant deficiency is a deficiency in internal control “that is less severe than a material weakness, yet important enough to merit attention by those charged with governance.”21 Under GAGAS, auditors should include in the audit report any deficiencies in internal control that are significant within the context of the audit objectives based upon the audit work performed; deficiencies that are not significant to the objectives of the audit may be included in the report or communicated in writing to officials of the audited entity, unless inconsequential (par. 7.19).

Page 466

A questioned cost arises from an audit finding, generally relating to noncompliance with a law, regulation, or agreement, whose costs are either not supported by adequate documentation or appear unreasonable. Cost principles to be followed by nonfederal entities in the administration of federal awards are prescribed in the OMB Uniform Guidance, which defines concepts such as direct and indirect costs, allowable and unallowable costs, and methods for calculating indirect cost rates. These cost principles are described in Chapter 12.

In auditing a major program, the Uniform Guidance requires that known questioned costs exceeding $25,000 shall be reported in the schedule of findings and questioned costs. A known questioned cost is one that the auditor has specifically identified in performing audit procedures. In evaluating the impact of a known questioned cost, the dollar impact also includes a best estimate of “likely questioned costs.” Thus, the auditor must also report known questioned costs if the likely questioned costs exceed $25,000, even if the known dollar amount is zero. Nonmajor programs are not normally audited for compliance (except for audit follow-up of a program that was previously audited as a major program); however, if the auditor becomes aware of a known questioned cost in a nonmajor program, he or she must also report it in the schedule of findings and questioned costs.

Other Single Audit Requirements

The GAGAS (yellow book) requires that auditors make their audit personnel and audit documentation available to other auditors and to oversight officials from federal awarding agencies and cognizant agents, so that auditors may use others’ work and avoid duplication of efforts. Federal agency access also includes the right to obtain copies of the working papers, which should be retained for a minimum of three years.

The Uniform Guidance provides that a cognizant agency for audit responsibilities will be designated for each nonfederal entity expending more than $50 million a year in federal awards. The cognizant agency will be the federal awarding agency that provides the predominant amount of direct funding unless the OMB specifically designates a different cognizant agency. Among the cognizant agency's responsibilities are providing technical audit advice and liaison to auditees and auditors, obtaining or conducting quality control reviews of selected audits made by nonfederal auditors, communicating to affected parties the deficiencies identified by quality control reviews (including, when necessary, referral of deficiencies to state licensing agencies and professional bodies for possible disciplinary action), and promptly communicating findings of irregularities and illegal acts to affected federal agencies and appropriate federal law enforcement agencies. Nonfederal entities expending less than $50 million in federal awards are assigned an oversight agency.The oversight agency is the agency that makes the predominant amount of direct funding to the nonfederal entity. An oversight agency has responsibilities similar to a designated cognizant agency, but they are less extensive.

12 Based upon 2013 data available at  USAspending.gov .

13 See United States Office of Management and Budget, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, 78 FR 78589, published in the Federal Register on December 26, 2013, available at  https://federalregister.gov/a/2013-30465 . Upon implementation, this guidance will also be available on the OMB Web site.

14 OMB Circular A-133, Audits of States, Local Governments, and Non-Profit Organizations, was the primary document covering single audit guidance; while Circular A-50 addressed single audit follow-up. The remaining superseded circulars set forth cost principles and administrative requirements under grant programs, contracts, and other agreements, to state and local governments (OMB Circulars A-87 and A-102), educational institutions (OMB Circulars A-21 and A-110), other not-for-profit organizations (OMB Circulars A-122 and A-110), and in general (OMB Circular A-89).

15 Office of Management and Budget, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, 78 FR 78589, §200.38.

16 Ibid., §200.502

17 The 2014 Compliance Supplement contains 14 general compliance requirements; however, in drafting the Uniform Guidance, the OMB disclosed plans to reduce the number of general compliance requirements over time.

18 OMB Uniform Guidance, §200.518.

19 Ibid, §200.515.

20 American Institute of Certified Public Accountants, Codification of Statements on Auditing Standards, AU-C Section 265.07, available at  http://www.aicpa.org/Research/Standards/AuditAttest/Pages/ClarifiedSAS.aspx .

21 Ibid.

SPECIAL TOPICS RELATED TO AUDITS OF GOVERNMENTS AND NOT-FOR-PROFITS

Single Audit Quality

Single Audit quality has been an area of concern for decades. It came to the forefront when a 1986 General Accounting Office (GAO) study revealed that 34 percent of the 120 governmental audits examined were substandard or problematic.22 While subsequent professional guidance and educational requirements have helped to improve governmental audit quality, a 2007 project undertaken by the GAO, the OMB, the AICPA, the President's Council on Integrity and Efficiency (PCIE), and the National State Auditors Association indicated that some quality issues remain.

Results of the 2007 project's statistical analysis led researchers to conclude that 48.6 percent of the single audits were of acceptable quality.23 Another 16.0 percent were of limited reliability (i.e., there were significant deficiencies), while 35.5 percent of the single audits were unacceptable (i.e., there were material reporting errors and/or deficiencies so severe that the opinion on at least one major program could not be relied upon). The most prevalent problems discovered related to not documenting an understanding of internal controls over compliance requirements (56.5 percent), not documenting the testing of internal controls on at least some compliance requirements (61.0 percent), and not documenting compliance testing of at least some compliance requirements (59.6 percent). As can be seen, the problem areas relate directly to and are unique to the single audit—major program compliance requirements.

As was the case in the mid-1980s, the AICPA, GAO, OMB, and other agencies are currently active in governmental audit activities. The AICPA has created a Governmental Audit Quality Center ( www.aicpa.org/gaqc ) to promote the importance of quality governmental audits and the value of such audits to purchasers of governmental audit services. The GAO and OMB provide frequent updates to GAGAS and federal fund audit requirements and guidelines. Furthermore, these organizations agree that auditor selection processes can serve a vital role in ensuring a quality governmental audit.24

When seeking an external auditor, governments and not-for-profits should prepare a formal request for proposal (RFP). Requests for proposals should include information about the governmental entity and cover the scope of services (financial audit, Single Audit, and any additional compliance auditing), the auditing standards to be followed (GAAS, GAGAS, or state-mandated standards), reports to be issued, assistance to be provided to the auditor, and other considerations. Engagement specifics, such as the timing of the audit, work schedules, estimated hours, prior year audit fees, and due date, are also important. Finally, the RFP should also specify the required qualifications of the auditing firm in terms of experience, staff size, licensing and training, and independence. Government officials should examine auditor proposals submitted in response to the RFP to evaluate potential auditors.

Page 468

The Impact of SOX

The Sarbanes-Oxley (SOX) Act of 2002, Congress's response to corporate accounting scandals of the late 1990s and early 2000s, applies to publicly held companies, their public accounting firms, and other issuers.25 However, some states, such as California, have passed SOX-type regulations for not-for-profit organizations (NFPs).

Indirectly, SOX has impacted governments and not-for-profits as the AICPA moves to align the GAAS standards with those issued by the Public Company Accounting Oversight Board (PCAOB). This alignment is reflected in the issuance of several new auditing standards since the enactment of SOX. SOX has also indirectly affected all entities by altering the funding status of the standards-setting bodies—FASB and GASB. Finally, members of not-for-profit boards of directors and elected officials frequently have business backgrounds. As a result, board members and officials are often interested in applying SOX-related practices used in business to the not-for-profits and governments they represent. Two areas where SOX can lead to improvements in government and not-for-profit governance are audit committees and internal controls.

The SOX legislation requires audit committees of public companies, subsets of the board of directors, to (1) appoint and oversee the auditor, (2) resolve disagreements between management and its auditor, (3) establish procedures to receive complaints from employees who “blow the whistle” on those responsible for fraud, (4) ensure auditor independence, and (5) review the audit report and other written communications. A state or local government or not-for-profit organization that establishes an audit committee, at a minimum, signals to the public that the auditors report to the board that hired them, not to management.26

Section 404 of SOX requires managers of publicly traded companies to accept responsibility for the effectiveness of the entity's internal control system. The act of “certifying” requires that managers present a written assertion not only that they have adopted some framework for internal controls, but also that they test these controls and can document the effectiveness of the internal control system. The OMB reexamined its internal control requirements for federal agencies in light of the Sarbanes-Oxley Act of 2002 and revised OMB Circular A–123, “Management's Responsibility for Internal Control.” This circular “provides guidance to Federal managers on improving the accountability and effectiveness of Federal programs and operations by establishing, assessing, correcting, and reporting on internal control.”27

Managers of government and not-for-profit entities could benefit from voluntarily adopting certain requirements of the Sarbanes-Oxley Act, such as creation of an audit committee, monitoring the independence of auditors, and certification of internal controls and financial statements by the chief executive or financial officer of the entity.

Page 469

Auditing Guidance

As demonstrated throughout this chapter, audits of governments and not-for-profit organizations encompass unique issues for auditors. Fortunately, numerous resources are available to guide auditors in these specialized engagements. In addition to the often-mentioned version for state and local governments, the AICPA publishes industry-specific audit and accounting guides for not-for-profit organizations and health care entities. If a single audit or GAGAS audit is required, the audit guide entitled Government Auditing Standards and Circular A-133 Audits may be pertinent. The AICPA also issues annual audit risk alerts for each of the areas covered by an audit guide. State CPA societies and numerous professional organizations, such as the National Association of Nonprofit Accountants & Consultants, the National Association of College and University Business Officers, and the Healthcare Financial Management Association, also provide guidance for understanding and applying new accounting issuances, which can be helpful to the auditor.

22 U.S. General Accountability Office (U.S. GAO), CPA Quality: Many Governmental Audits Do Not Comply with Professional Standards, AFMD 86-33 (Washington, DC: Government Printing Office, 1986).

23 The information in this paragraph is from the Report on National Single Audit Sampling Project, June 2007 (Washington, DC: President's Council on Integrity and Efficiency, 2007).

24 See Stephen J. Gauthier, An Elected Official's Guide to Auditing (Chicago: Government Finance Officers Association, 1992), for recommendations regarding the selection of auditing services for governmental entities.

25 For more detailed information, students are directed to the Act itself (P.L. 107–204) and the Public Company Accounting Oversight Board (PCAOB) Web site ( www.pcaobus.org ).

26 The AICPA produced Audit Committee Toolkits for both government and not-for-profit organizations to provide guidance for establishing and working with audit committees.

27 OMB Circular A–123 revised, “Management's Responsibility for Internal Control” (Washington, DC: OMB), December 21, 2004.

Key Terms

Attestation engagements, 451

Audit findings, 465

Cognizant agency for audit responsibilities, 466

Compliance audit, 460

Engagement letter, 446

Financial audits, 451

Generally accepted auditing standards (GAAS), 442

Generally accepted government auditing standards (GAGAS), 450

Major programs, 462

Material weakness, 465

Materiality, 449

Nonaudit work, 456

Opinion units, 449

Oversight agency, 466

Performance audits, 451

Program-specific audit, 458

Questioned cost, 466

Risk-based approach, 462

Significant deficiency, 465

Single audit, 457

Selected References

American Institute of Certified Public Accountants. Audit and Accounting Guide. State and Local Governments. New York: AICPA, 2014.

———. Audit Guide. Government Auditing Standards and Circular A–133 Audits. New York: AICPA, 2014.

Comptroller General of the United States. Government Auditing Standards. Washington, DC: Superintendent of Documents, U.S. Government Printing Office, 2011.

Office of Management and Budget, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, 78 FR 78589, published in the Federal Register on December 26, 2013, available at  https://federalregister.gov/a/2013-30465 . (Upon implementation, this guidance will also be available on the OMB Web site.)

———. Circular A–133, Compliance Supplement. March 2014, available at  http://www.whitehouse.gov/omb/circulars/a133_compliance_supplement_2014

President's Council on Integrity and Efficiency, Audit Committee. Report on National Single Audit Sampling Project. Washington, DC: Superintendent of Documents, U.S. Government Printing Office, June 2007.