Auditing Techniques in Government Accounting
Chris Droussiotis
2013
Auditing Techniques in Government Accounting
Agenda:
 Monday, November 25, 2013
 10:00am – 12:00pm
 Overview of the methodology used by the Government Accountability Office (GAO) and the
President’s Council on Integrity and Efficiency (PCIE) for performing financial audits.
 Planning Phase of the audit
 2:00pm – 4:00pm
 Internal Control Phase of the audit
 Tuesday, November 26, 2013
 10:00am – 12:00pm
 Testing Phase of the audit
 2:00pm – 4:00pm
 Reporting Phase of the audit
 General overview of the audit tools
7/17/2016
2
Auditing Techniques in Government Accounting
Executive Summary:
 Overview of the methodology used by the Government Accountability Office
(GAO) and the President’s Council on Integrity and Efficiency (PCIE) for
performing financial audits.
 The audit methodology is organized by 4 phases: Planning Phase, Internal
Control Phase, Testing Phase and Reporting Phase.
 General overview of the audit tools
 General Overview of the newly issued checklists for Federal Accounting (FAM
2010) and Federal Reporting and Disclosure (FAM 2020).
7/17/2016
3
History / Introductions
Government Accountability Office:

GAO is the audit, evaluation and investigative arm of the US Congress – It is part of the legislative branch of
the US government

Established as the General Accounting Office by the Budget and Accounting Act of 1921 – basically checking
the government activity including the receipt, disbursement and application of public funds.

While most other countries have government entities similar to the GAO, their focus is primarily on conducting
financial audits. The GAO's auditors conduct not only financial audits, but also engage in a wide assortment of
performance audits. The performance audits may include the detection of fraud, waste and abuse, although
often these are not included in the scope.

GAO, a professional and non-partisan organization, also establishes standards for audits of gio as “The
Congressional Watch Dog” and “The Taxpayers’ Best Friend”.

The GAO, a professional and non-partisan organization, also establishes standards for government
organizations, programs, activities, and functions, and of government assistance received by contractors,
nonprofit organizations, and other nongovernmental organizations (under Generally Accepted Government
Auditing Standards (GAGAS).
7/17/2016
4
History / Introductions
The President’s Council on Integrity and Efficiency (PCIE)
 PCIE primary responsibilities, to the American public, are to detect and prevent
fraud, waste, abuse and violations of law and to promote economy, efficiency and
effectiveness in the operations of the Federal Government.
 Organized in 7 committees: Audit, IT, Inspection & Evaluation, Investigations,
Integrity, Legislation and Professional Development
 PCIE was established in 1988
7/17/2016
5
History / Introductions
Government Performance Results Act of 1993
 Findings
1. Waste and inefficiency in Federal programs undermine the confidence of the American people in the
Government and reduces the Federal Government's ability to address adequately vital public needs;
1. Federal managers are seriously disadvantaged in their efforts to improve program efficiency and
effectiveness, because of insufficient articulation of program goals and inadequate information on
program performance; and
1. Congressional policymaking, spending decisions and program oversight are seriously handicapped by
insufficient attention to program performance and results.
 Purpose
1. Improve the confidence of the American people in the capability of the Federal Government, by
systematically holding Federal agencies accountable for achieving program results;
1. Initiate program performance reform with a series of pilot projects in setting program goals, measuring
program performance against those goals, and reporting publicly on their progress;
1. Improve Federal program effectiveness and public accountability by promoting a new focus on results,
service quality, and customer satisfaction;
1. Help Federal managers improve service delivery, by requiring that they plan for meeting program
objectives and by providing them with information about program results and service quality;
1. Improve congressional decision making by providing more objective information on achieving statutory
objectives, and on the relative effectiveness and efficiency of Federal programs and spending; and
7/17/2016 1. Improve internal management of the Federal Government.
6
Financial Audit Phases
PLANNING PHASE
INTERNAL CONTROL PHASE
FINANCIAL
AUDIT
PHASES
REPORTING PHASE
TESTING PHASE
7/17/2016
7
Phase One: Planning Phase
7/17/2016
8
Phase One: Planning Phase
Executive Summary
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
Goals & Objectives of the Planning Phase
Overview of the Planning Phase
Establishing an Understanding with the Client
Understand the Entity's Operations
Perform Preliminary Analytical Procedures
Determine Planning and Design Materiality and Tolerable Misstatement
Identify Significant Line Items, Accounts, Assertions, and RSSI
Identify Significant Cycles, Accounting Applications, and Financial Management Systems
Identify Significant Provisions of Laws and Regulations
Identify Relevant Budget Restrictions
Identify Risk Factors
Determine Likelihood of Effective IT System Controls
Identify Relevant Operations Controls to Evaluate and Test
Plan Other Audit Procedures
•
•
•
•
•
7/17/2016
Inquiries of Legal Counsel
Management Representations
Related Party Transactions
Sensitive Payments
Other Planning Issues
9
Phase One: Planning Phase
Goals & Objectives of this Phase
Although planning continues throughout the audit, the objectives of this
initial phase are to gain an understanding of the entity to be audited;
to understand its environment, including internal control; to identify
significant areas for audit; and to design effective and efficient audit
procedures. To accomplish this, the methodology includes guidance in
Establishing an understanding about the audit with the client, entity management, and those
charged with governance;
 Understanding the entity’s operations and its environment, including its organization,
management style, internal control, and internal and external factors influencing its operating
environment;
 Performing analytical procedures to assist in planning the audit;
 Identifying significant accounts, accounting applications, and financial management
systems; important budget restrictions; significant provisions of laws and regulations; and
relevant internal controls;
 Determining the likelihood of effective information technology (IT) systems controls;
 Identifying assertions and using them in planning the audit;
 Determining materiality for the financial statements including tolerable misstatement (test
materiality) for accounts and related assertions;
 Performing a preliminary risk assessment to determine the risk of material misstatement,
whether by error or fraud;
 Developing the audit strategy and audit plan, including entity field locations to visit.
Based on evidence obtained throughout the audit, the auditor should monitor and revise, if needed,
preliminary assessments made during the planning phase for risk and the likelihood of control
7/17/2016
10
effectiveness.
Planning Phase
Overview
•
•
The auditor must adequately plan the audit work.
The auditor should develop effective and efficient ways to obtain the
sufficient, appropriate evidence necessary to report on the federal
entity’s financial statements, internal controls, and compliance with
laws and regulations.
•
The nature, extent, and timing of planning varies with such factors as the entity’s size and
complexity, the auditor's experience with the entity, and the auditor’s knowledge of entity
operations.
•
The methodologies, strategy and procedures are based on the Financial Audit Manual (FAM)
prepared by the US GAO.
•
Senior, experienced members of the audit team should be involved in planning. Although
concentrated in the planning phase, planning is an iterative process performed throughout the
audit. For example, findings from the internal control phase directly affect planning the
substantive audit procedures. Also, the results of control and substantive tests may require
changes in the planned audit approach.
•
Auditors should consider the needs of, and consult in a timely manner with, other auditors who
plan to use the work being performed, especially when exercising significant professional
judgment.
7/17/2016
11
The Workflow Process
Establish Understanding with the Client
 Pre-engagement planning meeting/Timing
 Written understanding regarding the audit (scope, responsibilities,
feedback)
Controlling
Time –
feedback from
Client
Engagement Letter
Estimated Start Date
 Estimated date of entrance conference
 Auditor team performing the audit
Understand the Entity’s Operation
 Understand the entity and its environment
 Identify key members – management
 Identify significant external and internal factors
Perform Preliminary Analytical Procedures
 Develop Expectations
 Compare current year amounts to expectations & identify fluctuations
7/17/2016
1912
Determining Planning and Design Materiality and Tolerance
Misstatement
The term “materiality” has several meanings.

Planning materiality is a preliminary estimate of materiality in relation
to the financial statements taken as a whole primarily based on quantitative
measures. It is used to determine design materiality and tolerable misstatement,
which in turn are used to determine the nature, extent, and timing of substantive
audit procedures. It is also used to identify significant laws and regulations for compliance testing.

Design materiality is the portion of planning materiality that the auditor should allocate to line
items, accounts, or classes of transactions (such as disbursements). The auditor usually sets this
amount the same for all line items or accounts as this amount is usually sufficient for testing.

Tolerable misstatement (formerly test materiality) is the materiality the auditor should use to test
a specific line item, account, or class of transactions. Tolerable misstatement is defined as the
maximum error in a population (for example, a class of transactions or account balance) that
the auditor is willing to accept and may be referred to as tolerable error in other standards. Based
on the auditor’s judgment, the auditor may set tolerable misstatement equal to or less than design
materiality and may set different amounts of tolerable misstatement for different line items or
accounts.
7/17/2016
13
Identify Significant Line Items, Accounts and Assertions

The auditor should identify significant line items and accounts in the financial statements and
significant related financial statement assertions. These line items and accounts include budgetrelated information such as that presented in the statement of budgetary resources, the
reconciliation of the net cost of operations to budget note disclosure, and disclosure of the
components of net position.
Assertions are identified as follows:
 Existence or occurrence: Recorded transactions and events occurred during the given period,
are properly classified, and pertain to the entity. An entity’s assets, liabilities, and net position exist
at a given date.
 Completeness: All transactions and events that should have been recorded are recorded in the
proper period. All assets, liabilities, and net position that should have been recorded have been
recorded in the proper period and properly included in the financial statements.
 Rights and obligations: The entity holds or controls the rights to assets, and liabilities are the
obligations of the entity at a given date.
 Accuracy/valuation or allocation: Amounts and other data relating to recorded transactions and
events have been recorded appropriately. Assets, liabilities, and net position are included in the
financial statements at appropriate amounts, and any resulting valuation or allocation adjustments
are properly recorded. Financial and other information is disclosed fairly and at appropriate
amounts.
 Presentation and disclosure: The financial and other information in the financial statements is
appropriately presented and described and disclosures are clearly expressed. All disclosures that
should have been included in the financial statements have been included. Disclosed events and
transactions have occurred and pertain to the entity.
7/17/2016
14
Identify Significant Line Items, Accounts and Assertions
ASSERTIONS:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
Occurrence
Completeness
Accuracy
Cutoff
Classification
Existence
Rights and Obligations
Completeness
Valuation and Allocation
Occurrence and Rights and Obligations
Completeness
Classification and Understandability
Accuracy and Valuation
7/17/2016
Assertions about classes of
transaction and events for the
period under audit
Assertions about account
balances at the period end
Assertions about presentation
and disclosure
15
Identify Significant Cycles, Accounting Applications and Financial
Management Systems
•
Identify controls for each significant cycle and accounting application and asses the risk of
material misstatement
•
•
Group related accounting applications into financial management systems.
A transaction-related accounting application consists of the methods and records established to
identify, assemble, analyze, classify, and record (in the general ledger) a particular type of
transaction.
•
The auditor should determine the accounting application that is the best source of the financial
statements information.
•
Once the auditor identifies significant accounting applications, the auditor should determine which
information systems are involved in those applications. The auditor should then evaluate those
particular information systems by assessing information-related controls using an appropriate
methodology.
•
The auditor should obtain sufficient knowledge of the information systems relevant to the
financial reporting to understand the accounting processing form initiation of the transaction to its
inclusion on the financial statements, including electronics means used to transmit, process,
maiantain and access information.
7/17/2016
16
Identify Significant Provisions of Laws and Regulations
 To design relevant compliance-related audit procedures,
the auditor should identify the significant provisions of
laws and regulations.
 Transaction-based provisions are those for which compliance
is determined on individual transactions. For example, the Prompt
Payment Act requires that late payments be individually identified
and interest paid on such late payments.
 Quantitative-based provisions are those that require the accumulation/summarization of
quantitative information for measurement. These provisions may contain minimum,
maximum, or targeted amounts (restrictions) for the accumulated/summarized information.
For example, the Comprehensive Environmental Response, Compensation, and Liability Act
of 1980 prohibits the Environmental Protection Agency from exceeding certain spending
limits on specific projects.
 Procedural-based provisions are those that require the entity to implement policies or
procedures to achieve certain objectives. For example, the Single Audit Act, as amended,
requires the awarding entity to review certain financial information about recipients.
7/17/2016
17
Identify Relevant Budget Restrictions
 To evaluate budget controls and the design compliance related audit procedures
relevant to budget restrictions, the auditor should obtain and read information on
policies and procedures based on legislation.
 Identify any legally binding restrictions in its fund control regulations
 Understand the implication if the entity were to violate these relevant budget restrictions
 For the entities that do not receive appropriate funds, the auditor should identify budgetrelated requirements that are legally binding on the entity.
7/17/2016
18
Identify Risk Factors
•
The auditor should perform risk assessments at the financial statement and relevant
assertions levels based on an appropriate understanding of the entity and its
environment, including its internal control. The auditor’s assessments of inherent risk,
fraud risk, and the internal control components of the control environment, risk
assessment, communication, and monitoring affect the auditor’s assessment of the
risks of material misstatement..





7/17/2016
Inherent Risk
Control Risk
Material Misstatement Risk
Detection Risk
Fraud Risk
19
Identify Likelihood of Effective IT System Controls
•
Controls are IT system controls if their effectiveness depends on computer
processing. In the planning phase, the auditor, with the assistance of an IT specialist
should determine whether IT system controls are likely to be effective and should
therefore be considered in the internal control phase.
 Financial Reporting Controls
 Compliance Controls
 Certain operations controls
7/17/2016
20
Steps in Assessing IT System Controls
7/17/2016
21
Identify Relevant Operations Controls to Evaluate and Test
 In a financial statement audit, the auditor draws a conclusion about the effectiveness
of certain financial reporting (including safeguarding and budget) and compliance
(including budget) controls. For operations controls, the auditor
 May evaluate certain operations controls considered relevant
 Should evaluate and test operations controls that are relied on in performing audit
procedures
 Should understand the components of internal control relating to the assertions for existence
and completeness relevant to the performance measures reported in the MD&A in order to
report on controls that have not been properly designed and placed in operation.
7/17/2016
22
Plan Other Audit Procedures
 The auditor generally should plan for performing procedures in the
following areas during other phases of the audit:




Inquiries of Legal Counsel
Management Representations
Related Party Transactions
Sensitive Payments
7/17/2016
23
Other Plans and Items




Plan Locations to Visit
Documentation
Other Risks
Other Controls, Communication and Monitoring
7/17/2016
24
Examples of Audits for discussions
 Fraud Risk Example
 Misstatement Examples
 Management Estimates
 Revenue Recognition
 Inventory Quantities
7/17/2016
25
Phase Two: Internal Control Phase
7/17/2016
26
Phase Two: Internal Control Phase
Executive Summary
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Goals & Objectives
Overview of the Internal Control Phase
Understand Information Systems
Identify Control Objectives
Identify and Understand Relevant Control Activities
Determine the Nature, Extent, and Timing of Control Tests and Compliance with FFMIA
Perform Nonsampling Control Tests and Test Compliance with FFMIA
Assess Internal Control on a Preliminary Basis
Other Considerations
Documentation
7/17/2016
27
Phase Two: Internal Control Phase
Goals & Objectives of this Phase
This phase entails understanding, evaluating, and testing internal control to
support the auditor’s conclusions about the achievement of the following
internal control objectives
Reliability of financial reporting—transactions are properly recorded, processed, and
summarized to permit the preparation of the financial statements and other supplementary
stewardship information in accordance with U.S. GAAP, and assets are safeguarded against
loss from unauthorized acquisition, use, or disposition.
 Compliance with applicable laws and regulations—transactions are executed in accordance
with (a) laws governing the use of budget authority and other laws and regulations that could
have a direct and material effect on the financial statements or required supplementary
stewardship information, and (b) any other laws, regulations, and government wide policies
identified by OMB in its audit guidance.
7/17/2016
28
Internal Control Phase
Overview
•
In the internal control phase, the auditor should continue the risk
assessment procedures begun in the planning phase. The auditor
should expand the understanding of the entity’s internal control
gained during the planning phase of the audit for all types of controls,
and for financial reporting controls, assess control risk separately for
each significant financial statement assertion in each significant cycle
or accounting application. The auditor should.

Determine whether the internal control is adequately designed and placed in operation to
prevent or detect misstatements;

Assess the control risk component of the risk of material misstatement;

Plan the nature, extent, and timing of control tests;

Perform any nonsampling control tests of control effectiveness for internal controls that have
been properly designed and placed in operation to support a low assessed level of control risk.
7/17/2016
29
Understand Information Systems

The auditor should obtain an understanding of the entity’s information systems (whether automated or manual),
including the processes relevant to financial reporting, for processing and reporting of


Accounting (including RSSI), budget, compliance, and operations data(including performance measures reported in the MD&A)
and
maintaining accountability for the related assets, liabilities, equity, RSSI, and budgetary resources
The auditor should perform sufficient system walk-through to confirm the understanding of significant information
about such systems.

For each significant cycle and accounting application identified for significant line items and assertions the auditor
should obtain an understanding of and should document
Accounting
System

 Procedures by which transactions are initiated, authorized, recorded, processes, summarized
and reported in the financial statements
 Nature of type of related records
 Process of resolving incorrect information
 Process of reconciling transaction details the general ledger
 Process by which the information systems capture events and conditions.
 Process used to prepare the entity’s financial statements
Budget
Accounting
System
7/17/2016
Compliance
System
Operations
System
30
Identify Control Objectives
 The auditor should identify control objectives for each type of control that if achieved, would
provide the entity with reasonable assurance that individual and aggregate misstatements
(whether caused by error or fraud), losses, or noncompliance material to the financial statements
would be prevented or detected. The Statement of Social Insurance, and nonmonetary information
in the financial statements, such as physical units of heritage assets, the objectives would relate to
controls that would provide reasonable assurance that misstatements, losses, or noncompliance
that would be considered material by users of the information would be prevented or detected.
Control objectives involve:




Financial reporting controls to prevent or detect misstatements in significant financial statement
assertions and RSSI. These includes safeguarding controls to safeguard assets against loss from
unauthorized acquisition, use, or disposition, and segregation-of duties controls to prevent one person from
controlling multiple aspects of a transaction allowing that person to both cause and conceal misstatements
whether errors or fraud.
Compliance controls to comply with significant provisions of applicable laws and regulations.
Budget controls to execute transactions in accordance with budget authority.
Operations controls to achieve the performance desired by management for planning, productivity, quality,
economy, efficiency, or effectiveness of the entity's operations. These include performance measures
controls to report the data used to measure the en
Financial
Reporting
Controls
7/17/2016
Compliance
Controls
Budget
Controls
Operations
Controls
31
Identify and Understand Relevant Control Activities
 Factors to Consider when evaluating whether controls are likely to achieve
 Directness
 Selectivity
 Manner of application
 Frequency of applications
 Experience and skills of personnel
 Follow-up.
7/17/2016
32
Determine the Nature, Extent and Timing of Control Tests and
Compliance
 Identify Relevant Control Activities to Test
 Perform Walk-throughs to Determine Whether Controls Are in Operation
 Document Control Activities to Be Tested
 Determine the Nature of Control Tests
 Determine the Extent of Control Tests
 Determine the Timing of Control Tests
 Determine the Nature, Extent, and Timing for Compliance
7/17/2016
33
Assess Internal Control on a Preliminary Basis

Based on the evaluation of internal control and results of nonsampling control tests, the auditor should preliminarily
assess the effectiveness of internal control during the period (for reporting on internal control in a nonopinion report
and for determining the risk of material misstatement used to determine the nature, extent, and timing of further
audit procedures) and as of the end of the period, if the auditor is expressing an opinion on internal control as of
that point in time.

Information System Results

Financial Reporting Controls
 Low, Moderate, High

Budget Controls

Compliance Controls

Operations Controls

Revaluation of Control Risk and the Risk of Material Misstatement
7/17/2016
34
Other Considerations
 Multiyear Testing
 Partial-Year Controls
 Planned Changes in Controls
 Documentation
 Cycle Memorandums and Flowcharts
 Prepare a Worksheet
7/17/2016
35
Control Sheet Example
7/17/2016
36
Budget Execution Process
7/17/2016
37
Control Evaluation Worksheet
7/17/2016
38
Control Evaluation Worksheet
7/17/2016
39
Control Evaluation Worksheet
7/17/2016
40
Control Evaluation Worksheet
7/17/2016
41
Accounting Risk Analysis Form
7/17/2016
42
Accounting Risk Analysis Form
7/17/2016
43
Phase Three: Testing Phase
7/17/2016
44
Phase Three: Testing Phase
Executive Summary
1. Goals & Objectives of the Testing Phase
2. Overview of the Testing Phase
3. Design the Nature, Extent, Timing, of
Further Audit Procedures
4. Design Tests
5. Perform Tests and Evaluate Results
6. Sampling Control Tests
7. Compliance Tests
8. Substantive Procedures – Overview
9. Substantive Analytical Procedures
10. Substantive Detail Tests
7/17/2016
45
Phase Three: Testing Phase
Goals & Objectives of this Phase
The objectives of this phase are to
(1) Obtain reasonable assurance about whether the financial
statements are free of material misstatements,
(2) Determine whether the entity complied with significant provisions of applicable laws and
regulations, and
(3) Assess the effectiveness of internal control through testing controls in coordination with other
tests.
7/17/2016
46
Testing Phase
Overview





Audit evidence is all the information used by the auditor in arriving at
the conclusions on which the auditor’s reports are based and includes
the information contained in the accounting records underlying the
Financial statements and other information.
During the testing phase of the audit, the auditor gathers evidence to
report on the entity’s financial statements, internal control, whether
entity systems are in substantial compliance and the entity’s compliance with significant
provisions of laws and regulations.
Sampling is often used in audit testing. The auditor uses professional judgment, as well as
knowledge of statistical sampling methods in applying sampling. The following sections
provide a framework for applying sampling to financial audits, but are not a comprehensive
discussion.
The auditor should consult with the statistician for assistance in designing and evaluating
samples and determine the costs and benefits when deciding the appropriate type of sampling
to use.
During this phase, the auditor performs activities for each type of test to determine the nature,
extent, and timing of further audit procedures, design tests and perform tests and evaluate
results.
7/17/2016
47
Testing Phase
Overview
The types of procedures performed in the testing phase are:

Sampling control tests that may be performed by the auditor to
obtain evidence about the achievement of specific control objectives.
If the auditor obtains sufficient evidence regarding control objectives
through nonsampling control tests (such as observation, inquiry, and
walk-throughs including inspection of documents), sampling control tests
are not necessary.

Compliance tests are performed by the auditor to obtain evidence about compliance with
significant provisions of laws and regulations.

Substantive procedures are performed by the auditor to obtain evidence that provides
reasonable assurance about whether the financial statements and related assertions are free
of material misstatement.
7/17/2016
48
Designing Further Audit Procedures

Audit Evidence: Audit evidence is all the information used by the auditor in arriving at the
conclusions on which the auditor’s reports are based. Obtaining evidence is a cumulative
process, and the auditor should use the results of the risk assessment procedures and results
of control tests as the basis for designing and performing further audit procedures.

The auditor should design clear audit procedures to show a linkage and response to this
assessed level of risk and to determine:

Significance of risk

Likelihood that a material misstatement will occur

Characteristics of the class of transactions, account/line item balance or disclosure involved

Nature of the specific controls used by the entity, in particular , whether they are manual or automated

Whether the auditor expects to obtain audit evidence to determine if the entity’s controls are effective in
preventing or detecting material misstatements.
.
7/17/2016
49
Determine the Nature of Tests

Further audit procedures consist of either tests of controls or substantive procedures or a
combined approach.

The auditor should determine the nature of sampling control tests, compliance tests, and
substantive procedures that will best achieve the audit objectives.

Substantive procedures are classified as follows:

Substantive analytical procedures: Substantive analytical procedures involve the comparison of the
recorded test amount with the auditor’s expectation of the recorded amount and the investigation of any
significant differences between these amounts.


Detail tests can be classified in two general categories – sampling and nonsampling.



Sampling methods involve the selection of individual items from a population with the objective of reaching a conclusion
on all the items in the population (including those not selected for testing).
Nonsampling methods involve selections to reach a conclusion only on the items tested. When using nonsampling, the
auditor must assess the risk of material misstatement in the items not tested.
The higher the auditor’s assessment of risk of material misstatement, the more reliable and
relevant is the audit evidence needed from substantive procedures. The auditor should
determine the nature of the population and the objectives of the test procedures. For tests that
involve sampling, efficiencies can be achieved by using a common sample for each test.
.
7/17/2016
50
Design Tests
In Designing the test, the auditor may use a sample of property additions to
1.
2.
Substantively test the amount of additions and
Test financial reporting controls over property acquisition.
NEXT: Perform Tests and Evaluate Results:




Sampling Control Tests,
Compliance Tests, and
Substantive Procedures.
If the results of tests are different than what was expected for purposes of designing the tests,
the auditor may expand the sample to test additional items.
Next: Evaluating the Risk of Material Misstatement

Evaluating the risk of material misstatement due to errors or fraud is a cumulative ongoing
process throughout the audit. During testing, the auditor may become aware of additional fraud
risk factors or other conditions that may affect the auditor’s evaluation of the risk of material
misstatement, such as



7/17/2016
Discrepancies in the accounting records,
Conflicting or missing evidential matter, or
Problematic or unusual relationships between management and the entity being audited.
51
Statistical Process via Sampling
Set the objectives – i.e Deviations (the auditor may define a deviation in cash disbursements as
“invoice not approved and initialed by an authorized individual
Population
Method of Selection
Sample Size
7/17/2016
52
Compliance Tests
Transaction-Based Provisions

To test transaction-based provisions, the auditor should use sampling to select specific
transactions for testing compliance. The auditor may use the same sample to test financial
reporting, compliance, or operations controls and/or substantive tests, as appropriate
(multipurpose testing).

The auditor should determine confidence level based on compliance control risk.

7/17/2016
For example, if the auditor determines compliance controls are effective, the auditor may use an 80
percent confidence level or if ineffective, a 95 percent confidence level. Tolerable rate is the rate of
transactions not in compliance that could exist in the population without causing the auditor to believe the
noncompliance rate is too high. GAO auditors generally use a 5 percent tolerable rate. Since the auditor
will assess the impact of all identified noncompliance, many auditors use zero as the expected
population deviation rate.
53
Sampling Control Tests
Quantitative-Based Provisions

Occurrence/validity: Recorded amounts are not valid.

Completeness: Not all amounts that should have been recorded are recorded.

Cutoff: Obligations, expended authority, and outlays are not recorded in the proper period.

Accuracy: Obligations, expended authority, and outlays are not recorded at the proper
amounts.

Classification: Obligations, expended authority, and outlays are not recorded in the proper
account by program and by object, if applicable, including the proper appropriation year if the
account has multiple years.

Summarization: Transactions are not properly summarized to the respective account totals
7/17/2016
54
Evaluating Test Results
The auditor should





Discuss such possible instances with OGC and, when appropriate, the Special Investigator
Unit and conclude whether noncompliance has occurred and the implications of any
noncompliance;
Identify the weakness in compliance controls that allowed the noncompliance to occur, if not
previously identified during compliance control testing;
Report any material weakness and other significant deficiencies in compliance controls and
determine the effect, if any, on the report (or opinion) on internal control
Determine the implications of any instances of noncompliance on the financial statements;
Report instances of noncompliance, as appropriate
7/17/2016
55
Test of Details
Test of Details
Tests of details are procedures applied to individual items selected by the
auditor for testing and include:

Confirmation of a balance or transaction and the related terms (such as the terms of
payment), by obtaining and evaluating direct communication from a third party, such as for
accounts receivable or accounts payable.

Physical observation by inspecting, counting, and applying related audit procedures for
tangible assets, such as inventory or property, plant, and equipment.

Examination of supporting documents to determine whether a balance is properly stated,
such as examining invoices for expenses and the purchase of inventory and property.

Recalculation by checking the mathematical accuracy of entity records by footing, crossfooting, or recomputing amounts and tracing journal postings, subsidiary ledger balances, and
other details to corresponding general ledger accounts.
For example, the auditor may recalculate unit cost extensions in an inventory list, foot the list
(whether prepared manually or by computer), and trace the total to the general ledger amount.
7/17/2016
56
Sampling Control Tests
•
•
•
•
•
•
•
Determining Mix of Substantive Procedures
.11 In determining an appropriate mix of substantive analytical procedures and
detail tests, the auditor generally should use the audit matrix in Table
470.2, which illustrates the integration of such tests for each level of risk of
material misstatement, when the auditor is using a desired overall audit
assurance of 95 percent. The audit standards use the term detection risk
which is 1 minus the audit assurance form detail tests.
7/17/2016
57
Statistical Procedures
Amount of Difference to Be Explained

When obtaining explanations, the auditor should discuss with entity personnel the model and
assumptions used to develop the expectation.

7/17/2016
58
Example of Adequate Explanation






7/17/2016
Assume that the auditor assessed tolerable misstatement to be $25 million.
Additionally, assume that the auditor has determined, after evaluating the risk of
material misstatement, to perform a substantive analytical procedure with a limit of $5
million.
The auditor estimated interest expense at $80 million by multiplying the average loan
balance of $1 billion by an average interest rate of 8 percent. Both of these averages
were computed through a simple average of beginning-of-year and end-of-year
amounts.
The recorded amount of interest expense, $95 million, is higher than the estimated
amount by $15 million and exceeds the limit by $10 million.
An explanation from entity personnel that ”we borrowed more money this year and
interest rates are higher than last year” would not be adequate since it explains why
interest is likely to be higher but not how much higher (it corroborates direction, not
amount).
The auditor should ask management to quantify the explanation by indicating when
interest rates changed and when amounts borrowed changed. The auditor should
then corroborate the information provided.
59
Example of Adequate Explanation

Management determined that interest rates increased during the year and then fell
and were computed to average 9 percent based on the attached monthly weighted
average. Additionally, $100 million was borrowed and repaid during the year, and the
additional borrowings were outstanding for 6 months. Therefore, the average loan
balance was actually $50 million higher and the average interest rate was 1 percent
higher than the figures used in the original estimate.

Therefore, 97% of the interest expense in excess of the expectation can be explained
as follows (in thousands): The auditor examined correspondence from lenders and
loan statements to corroborate these explanations. The auditor was satisfied that
these covered the significant factors and that it was not necessary to obtain an
explanation for the remaining $.5 million or 3 percent difference. The auditor
concluded that interest expense is not misstated and no amounts are posted to the
Schedule of Uncorrected Misstatements
7/17/2016
60
Example of Adequate Explanation

The auditor may compute monetary unit sample size either manually or by using
computer software. To calculate a monetary-unit sample size manually, the auditor
uses the monetary unit amount of the population (usually dollars), tolerable
misstatement and confidence level.
When calculating sample size manually, the auditor may use the statistical risk factor
to determine sample sizes for the appropriate confidence level.


The statistical risk factors are used in the following formulas to determine the
sampling interval and sampling size for MUS:
1.
2.

7/17/2016
sampling interval = tolerable misstatement ÷ statistical risk factor
sample size = recorded amount ÷ sampling interval
Sample sizes are stated in whole numbers. Uneven amounts are rounded up to the
next whole number. For example, a sample size of 40.2 items is rounded up to 41
items.
61
Example of Adequate Explanation
7/17/2016

For example, to test a recorded amount of $30 million with a tolerable
misstatement of $900,000 and a 95 percent confidence level, the
statistical risk factor is 3.0. The sampling interval is $300,000 (tolerable
misstatement of $900,000 divided by the statistical risk factor of 3.0).

Essentially, from a random start, every 300,000th dollar is selected.
Therefore, the preliminary estimate of sample size of 100 items is
calculated by dividing the recorded amount of $30 million by the
sampling interval of $300,000. Because the amount of certain items
might equal or exceed the sampling interval, a selection might include
more than 1 sample item (for example, a $600,000 selection includes 2
of the 100 estimated sample items – $600,000/$300,000 2), thereby
making the actual number of items tested fewer than 100.
62
Example of Systematic Selection for MUS
7/17/2016
63
Flowchart – Testing Using Attribute Sampling
7/17/2016
64
Phase Four: Reporting Phase
7/17/2016
65
Phase Four: Reporting Phase
Executive Summary
1.
Goals & Objectives
2.
Overview of the Reporting Phase
3.
Perform Overall Analytical Procedures
4.
Reassess Materiality and Risk
5.
Evaluate Misstatements
6.
Conclude Other Audit Procedures
7.
Determine Conformity with U.S. Generally Accepted Accounting Principles
8.
Determine Compliance with GAO/PCIE Financial Audit Manual
9.
Draft Reports
1.
Financial Statements
2.
Internal Control
3.
Financial Management Systems
4.
Compliance with Laws and Regulations
5.
Other Information in the Annual Financial Report
6.
Dating the Auditor’s Report
7/17/2016
66
Phase Four: Reporting Phase
Goals & Objectives of this Phase
This phase completes the audit based on the results of
audit procedures performed in the preceding phases.
This involves developing the auditor's report on the entity’s
1. Annual financial statements and supplementary information
2. Its internal control
3. Whether the financial management systems substantially comply with FFMIA
requirements (for CFO Act agencies)
4. Its compliance with laws and regulations. T
.
7/17/2016
67
Reporting Phase
Overview

Based on the work in the preceding phases, the auditor must
decide how to report on:
1.
2.
3.
4.
7/17/2016
The financial statements taken as a whole.
Management’s discussion and analysis, required supplementary and stewardship
information, and other information presented with the financial statements.
The entity's internal control for financial reporting and compliance with laws and
regulations.
The entity’s compliance with laws and regulations.
68
Evaluate Misstatements



Accumulation of Misstatements
Review of Misstatements with Management and Those Charged with Governance
Consideration of Uncorrected Misstatements







Quantitative Considerations
Qualitative Considerations
Treatment of Uncorrected Misstatements Detected in Prior Periods
Treatment of Misstatements that Arose in Prior Periods But were Detected in the Current
Period
Management Disagreement with Likely Misstatements
Reconsideration of Fraud Risk
Financial Management Systems
7/17/2016
69
Conclude Other Audit Procedures

The auditor should perform procedures to
7/17/2016

Obtain legal representations

Identify material subsequent events

Obtain management representations

Assess related party transactions

Communicate with those charged with governance
70
Other Reporting

Determine Conformity with U.S. Generally Accepted Accounting Principles (GAAP)

Determine Compliance with GAO/PCIE Financial
7/17/2016
71
Reports
Auditor’s report on

UNQUALIFIED OPINION
QUALIFIED OPINION

Financial statements

Internal control

Financial management systems’ substantial compliance with FFMIA

Requirements (for CFO Act agencies

Compliance with laws and regulations

Consistency of other information;

Objective, scope, and methodology;

Agency comments and auditor evaluation.
7/17/2016
ADVERSE OPIONION
DISCLAIMER OPINION
72
Reporting Examples
7/17/2016
73
Reporting Examples
7/17/2016
74
Reporting Examples
7/17/2016
75
Reporting Examples
7/17/2016
76
Reporting Examples
7/17/2016
77
Planning & General
7/17/2016
78
Audit Procedures (At Entry Level)
Communicate with the other auditors:
Review:
(objectives of the work discuss their procedures and
results, attend key entrance and exit meetings).
 audit procedures (plan)
 conclusions about significant issues and their
resolution (often in audit summary)
 account risk analysis (ARA)
Review:
 specific control evaluations (SCE)
(audit strategy, scope of work, audit summary,
memorandum, summary of uncorrected,
misstatements, analytical procedures, completion
checklist, determination of planning and design
materiality representation letters).
 cycle memo
 flowcharts
 determination of tolerable misstatement
 sampling plan
 other auditors’ key documentation
 high risk accounts, estimates, and judgments
Read:
 analytical procedures
(other auditor’s report, financial statements and
notes, supplementary information, MDA and other
accompanying information, Management’s response)
7/17/2016
79
Documentation
Auditor prepared:
 audit strategy
 memo documenting entrance and exit
conference
 MEMOS DOCUMENTING KEY MEETINGS
ATTENDED AND DISCUSSIONS WITH AUDITED
ENTITY MANAGEMENT
 results of review of documentation
 SUPPLEMENTAL TESTDOCUMENTATION
summary memo.
7/17/2016
80