Government Auditing Standards 2018 Revision (Hot Off the Press)

By Charles Hall | Auditing , Local Governments

Yellow Book Independence: When Should You Apply Safeguards?

By Charles Hall | Auditing

In some me Yellow Book audits, you need to apply safeguards to lessen threats to independence. This article provides you with guidance about those safeguards.

When I was a kid living in Donalsonville, Georgia, my mother would drive into our open garage, leave the keys in the ignition (where they remained for the evening), and then would walk into our home (which had not been locked all day).

Over time, I noticed that she left the keys in the car less and less, and we began to lock the doors of our home. At one point we even bought deadlocks.

Why?

It seems our neighbors were, from time to time, having small thefts, and one even had a burglar in the home as they returned one afternoon.

My parents were responding to risks. The greater the thefts and burglaries, the greater the safeguards.

Safeguards Required by Yellow Book

Whenever an external auditor performs nonattest services (e.g., preparation of financial statements), then the auditor should consider whether the nonattest service adversely affects his independence.

The Government Auditing Standards (known as the Yellow Book) requires that safeguards be applied whenever independence threats are significant – but only if they are significant – in order to eliminate or reduce such threats to an acceptable level.

Yellow Book Independence Safeguards

Examples of safeguards that may eliminate or reduce significant threats to an acceptable level include the following:

• Discussing independence issues with those charged with governance of the entity
• Assigning separate engagement personnel for the audit and nonaudit service
• Obtaining secondary reviews of the nonaudit services by professional personnel who were not members of the audit engagement team (e.g., second partner review of financial statements prepared by the external audit firm)
• Discussing the significance of the threats to management participation or self-review with the engagement team and emphasizing the risks associated with such threats
• Educating management on the nonaudit services performed by reviewing and explaining the reason and basis for all significant transactions, as well as authoritative standards, so that management is in a position to determine or approve all assumptions and judgments and take responsibility for the nonaudit services
• When financial statement preparation is the nonaudit service being performed, determining that there has been review of the financial statements and successful completion of a disclosure checklist by the audited entity

Not all safeguards listed would be appropriate for all significant threats identified and, often, may require combinations of more than one safeguard. When determining the type and number of safeguards to be applied, the auditor should consider the significance of the threats, both individually and in the aggregate.

Some safeguards have a higher level of mitigation of threats than others. Also safeguards that involve personnel who are independent of the audit process are generally more effective than those who are not independent.

Determining which safeguards to apply involves professional judgment and is dependent on the facts and circumstances of each specific situation.

Prohibited Services

Finally remember that safeguards cannot be used to ameliorate risk related to prohibited services (e.g., the external audit firm signs checks for the client); if the external auditor performs prohibited services, then safeguards cannot remedy the lack of independence. Examples of prohibited services follow:

• Setting policies and the strategic direction for the audited entity
• Directing and accepting responsibility for the actions of the audited entity’s employees in the performance of their routine, recurring activities
• Having custody of an audited entity’s assets
• Accepting responsibility for designing, implementing, or maintaining internal control

Preparing Financial Statements 

Yellow Book Independence Documentation is Important

By Charles Hall | Accounting and Auditing , Local Governments

I just received the June 2016 AICPA Reviewer Alert (a monthly newsletter for peer reviewers). It provides the following Yellow Book independence documentation guidance:

Yellow Book contains specific requirements for documentation related to independence which may be in addition to the documentation that auditors have previously maintained. The 2011 Yellow Book Chapter 3 emphasizes that documentation is required for the evaluation of each of the elements of independence, which consists of:

1. Management’s ability to oversee the nonaudit services, including whether management has skills, knowledge, and experience
2. Significant threats that require the application of safeguards along with the safeguards applied
3. Understanding established with the audited entity regarding the nonaudit services to be performed

Failure to document one or more of these elements is considered a departure from professional standards that causes the engagement to be deemed nonconforming. The reviewed firm and reviewer should be aware that verbal explanation and vague completion of a checklist does not provide for a thoughtful evaluation and documentation of management’s abilities related to each nonaudit service and will be unlikely sufficient to comply with the standards.

Yellow Book Independence Forms

All firms that perform Yellow Book engagements need to make sure their system of quality control provides guidance for documentation of the three items listed above. Consider using the AICPA’s 2011 Yellow Book Independence form. The electronically fill-able version is $28 for AICPA members and can be found here. The free PDF version can be found here.

For information about determining if your client’s skill, knowledge, and experience are sufficient, click here.

Yellow Book Independence and Preparing Financial Statements – Sufficient SKE

By Charles Hall | Accounting and Auditing , Fraud

Are you a CPA that prepares city or county financial statements for an audit client? If yes, are you independent under the Yellow Book independence standards?

Yellow Book Independence

The 2011 Yellow Book (effective for periods ending after December 15, 2012; http://www.gao.gov/yellowbook) requires that the external auditor document the CPA firm’s independence when the firm also provides nonaudit services (such as preparation of financial statements).  Many small governments have their external auditors prepare their financial statements.

This independence determination will largely hinge on one factor: whether the city or county has a person with sufficient skill, knowledge or experience (SKE) to qualify as a reviewer.

If the government has no one with sufficient SKE, then the external auditor is not independent and can’t ethically perform the audit.

Examples of SKE

Consider the following potential reviewer scenarios:

1. A 15 year mayor who is a businessman, no accounting education, no formal training in reading governmental financial statements, he understands the fund level statements but can’t grasp the reconciliation between the government-wide financial statements and the fund level financial statements.

2. Second year finance director with no prior accounting experience, graduated from a two year college with a degree in general business.

3. Finance director with 25 years experience and is a CPA, member of GFOA, trains others in governmental accounting.

4. Finance director with a high school education but has extensive governmental accounting training from the Carl Vinson Institute, could if he liked, create the financial statements from scratch.

As you can see, the independence assessment will sometimes be black and white, but sometimes there will be shades of gray.

An Alternative

If the auditor can’t get comfortable with the SKE of the government’s financial statement reviewer, there is one alternative: the local government can hire someone outside the government with sufficient SKE to be the reviewer (for example a CPA not affiliated with the external audit firm).

At the end of the day, the local government must have a designated person (either internally or externally) with sufficient SKE for the audit firm to be independent.

Yellow Book CPE Requirements – A Summary

By Charles Hall | Accounting and Auditing , Local Governments

What are the requirements for Yellow Book continuing professional education (CPE)?

Below we will address (1) who is subject to the Yellow Book CPE requirements and (2) what CPE classes satisfy those requirements.

Overview

First realize there are two rules:

1. The 80-hour rule (every two years)
2. The 24-hour rule (every two years)

Then you must answer:

1. Who is subject to each rule?
2. What classes qualify for each rule?

The 24 Hour Rule – Who is Subject?

The answer: each auditor performing work on a Yellow Book audit; if as an auditor you work on the engagement, you are subject to this rule. If your audit report contains a Yellow Book report (usually located just after the notes to the financial statements), then that engagement is subject to generally accepted government auditing standards (GAGAS).

The 80-Hour Rule – Who is Subject?

The answer: Auditors who are involved in any amount of:

1. Planning,
2. Directing, or
3. Reporting on GAGAS assignments
and
4. Those auditors who are not involved in those activities but charge 20 percent or more of their time annually to GAGAS assignments.

I interpret 1., 2. and 3. as mainly partners, managers, and in-charges. 4. relates to staff who support the audit.

So a staff person that does not meet the criteria in 4., but still works on a Yellow Book engagement must still satisfy the 24-hour rule (but not the 80-hour rule).

What Classes Qualify?

The Yellow Book states, “Determining what subjects are appropriate for individual auditors to satisfy both the 80-hour and the 24-hour requirements is a matter of professional judgment to be exercised by auditors in consultation with appropriate officials in their audit organizations.”

First we see that there is judgment in what qualifies (no bright yellow lines). But there are differences in the 80-hour rule and the 24-hour rule; otherwise, there would be only one category.

The 80-Hour Rule – Classes that Qualify

The 80-hour rule is broad (encompassing any CPE that enhances the auditor’s professional proficiency); so, for example, CPE classes about writing skills or using Excel would qualify. (Taxation CPE usually does not qualify unless the class addresses audit-related issues. For example, a 1040 tax class does not qualify.)

For those subject to the 80 hour rule, at least 20 hours of CPE should be taken in each year of the two-year period; a total of 80 hours is to be taken in the two-year period.

The 24-Hour Rule – Classes that Qualify

Each auditor performing work under GAGAS should complete, every 2 years, at least 24 hours of CPE that directly relates to government auditing, the government environment, or the specific or unique environment in which the audited entity operates.

The 24-hour rule is specific to:
(1) Government auditing,
(2) The government environment or
(3) To the specific or unique environment in which the audited entity operates.

Government Auditing

Classes directly related to standards used in governmental auditing qualify; since GAGAS incorporates the AICPA statements on auditing standards (SASs) for field work and reporting, then audit classes that include a study of the SASs as they relate to the audit of your governmental entity would qualify. The same is true of pronouncements issued by the FASB. Single Audit classes also obviously qualify.

Government Environment

CPE dealing with Governmental Accounting Standards (GASB pronouncements) will qualify for the 24-hour rule since the class focuses on accounting standards in the government environment.

If you audit a county or a city, then most any CPE dealing with GASB pronouncements or governmental issues (e.g., sales taxes) will satisfy the 24-hour rule; also classes dealing with compliance with laws and regulations qualify.

Classes addressing economic conditions, fiscal trends, and pressures facing the governmental entity qualify.

Specific or Unique Environment in Which the Audited Entity Operates

Suppose you audit electric membership corporations (EMCs) subject to the Yellow Book; a CPE class about electrical supply grids qualifies. Or if you audit banks subject to Yellow Book requirements (e.g., FHA loans), then a CPE class dealing with lending qualifies. These classes address issues in the unique environment in which the audited entity operates.

Two-Year Cycle

An audit organization can adopt a standard 2-year period for all of its auditors to simplify administration of the CPE requirements.

Carryover Credit

Auditors are not allowed to carry over hours taken in excess of the 24-hour or 80-hour rule to the next reporting period.

Proration of Hours for New-Hires (or Those Newly Assigned to a Yellow Book Audit)

You will prorate the hourly requirements based on the remaining 6-month intervals in your two-year reporting period. For example, you hire someone on May 1, 2013 and your two-year cycle ends December 31, 2013. There is only one remaining 6-month period. If you are subject to the 24 hour rule, then you will multiply 25% (one six-month period divided by the four six-month periods in the two-year cycle) times 24 to compute the hours required: 6 hours.

GAO Guidance

Click here for the April 2005 GAO publication: Government Auditing Standards, Guidance on GAGAS Requirements for Continuing Professional Education.