Agreed Upon Procedures and Audit Evidence Requirements ASMC-PDI 2010 Gregory N. Sinclitico Assistant Auditor General 2 June 2010 Financial Management and Comptroller http://secnavportal.donhq.navy.mil/navalauditservices Agreed Upon Procedures (AUP) • What are they: – A type of accepted work recognized by the auditing profession used to give a level of assurance that applies specific procedures to a specific subject area. – An auditor is engaged by a client to issue a report of findings based on specific procedures performed. – GAO Government Auditing Standards (Yellow Book) 1.23c and 6.13b/ Statement on Auditing Standards (SAS) AT 201.03 2 Typical Agreed Upon Procedure Memo • Memo exchanged and signed among all parties (activities and Audit Service) • Memo details: – Objective – Criteria – Scope – Access requirements – Tests to perform – Sampling approach – Communication – Reporting/Distribution photo by Sergeant Joseph R. Chenelly 3 Agreed Upon Procedure Subject Areas • Accuracy/reliability of performance measures • Activity compliance with laws, instructions and policies • Internal controls over financial reporting • Quantity, condition and valuation of inventory or assets 4 Typical Agreed Upon Procedures Objectives • Verify if audit trails and internal controls exist for financial statement information • Verify if corrective actions have been taken on deficiencies noted in the Financial Improvement Plan photo by Mass Communication Specialist 3rd Class Michael Croft 5 Examples of Typical AUP Tests • Determine whether: – Audit trails exist for acquisitions, disposal or financial reporting – Equipment is properly monitored in the record system – Inventories are performed and fully documented – Perform partial book (records)-to-floor and floor-to-book inventories – Reconciliations are performed and fully documented 6 Agreed Upon Procedures • Reporting details: – Criteria used – Tests performed – Results of specific tests – Related internal controls tested • AUP is a “results-only” report • Report distribution is generally limited to the parties involved in the agreement • Report can be released under the Freedom of Information Act by the Auditor General photo by Mass Communication Specialist 3rd Class Josue L. Escobosa 7 Agreed Upon Procedures Will Not… • Provide negative assurance (“We found nothing…”) • Address materiality/significance of results • Report on any differences between the AUP and a full-scope audit • Render an opinion or any level of assurance 8 Completed AUP Engagements • • • • • Navy Other Liabilities Account - General Fund (FY2005) Navy Environmental Liabilities Account - GF (FY2005) NRL Working Capital Fund F/S (FY2008) MSC Working Capital Fund F/S (FY2009) NAVFAC Working Capital Fund F/S (FY2010) • Marine Corps FBWT Account (FY 2006) • Marine Corps Real Property Account (FY 2007) • Marine Corps Personal Property Account (FY 2008) • TRICARE Management Activity Financial Improvement Initiative (FY 2007) 9 Audit Evidence Requirements photo by Mass Communication Specialist 1st Class Geronimo Aquino 10 Audit Evidence (GAO Yellow Book 7.55-7.67) • Auditors: – Must obtain sufficient, appropriate evidence to provide a “reasonable” basis for their findings and conclusions • Sufficient = a judgmental measure – What is enough? » Enough to persuade a knowledgeable person the conclusion is “reasonable” • Appropriate = a qualitative measure that address relevancy, validity and reliability 11 4 Types of Audit Evidence • Documentary – Existing information: contract records, receipts, invoices, electronic data, etc. • Physical – Inspection or observation of people, property or events • Analytical – Activity-based/auditor-based comparisons, calculations, ratios and/or metric results, etc… • Testimonial – Inquiries, interviews or questionnaires 12 Audit Trails and Source Documentation • What are audit trails? – Records (either paper or electronic) that enable someone to reconstruct a transaction – Should be able to clearly answer the “who”, “what”, “when”, “where”, “why” and “how” questions • What is source documentation? – Evidence of initial input into the accounting process, and serves as transaction evidence – Serves as a part of the audit trail should validation of a transaction be necessary – Describes the basic facts of a transaction, such as: • Who authorized the event? • What was the event? • When did it occur? • Where did it occur? • Why did it occur? • How much was spent on the event? 13 Management Assertions: 5 Categories • Existence or Occurrence (do assets physically exist?) • Completeness (are all transactions included?) • Rights and Obligations (does the entity own the assets and/or owe the liabilities?) • Valuation or Allocation (are values accurate?) • Presentation and Disclosure (do the financial statements contain all required information?) 14 How Types of Evidence Support Assertions Evidence Existence & Occurrence Completeness Rights & Obligations Valuation Presentation & Disclosure X X X X X X X X X X X X X X X X X X X PHYSICAL Direct Inspection & Observation TESTIMONIAL Inquiries, Interviews, & Questionnaires DOCUMENTARY (Samples) Relevant Laws & Agency Regulations Documents of Public Record Contracts, Agreements, Deeds, & Leases Certified Appraisals Transfer & Shipping Reports Inventory Reports Purchase Orders, Receiving Reports, Invoices Payment Vouchers, Checks or EFT# Maintenance Records Systems Reports & Client Prepared Schedules X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X ANALYTICAL Comparisons, Ratios, Expected Relationships 15 Existence or Occurrence • Assets and liabilities exist at a given date and recorded transactions have occurred during a given period. – Audit Tests (Evidence Required): • Observe inventories • Test transactions between a preliminary physical inventory date and the balance sheet; reconcile results • Obtain confirmation from third parties • Other tests (i.e., receipts/transfers, disposal procedures and book-to-floor) 16 Completeness • All transactions and accounts that should be presented in the financial statements are included. – Audit Tests (Evidence Required): • Test transactions for proper recording and classification • Test purchases to determine if they are properly recorded • Other tests: sight-backs (floor-to-book); consumable and pilferable items 17 Rights and Obligations • Assets are the rights of the entity and liabilities are the obligations of the entity at a given date. – Audit Tests (Evidence Required): • Test records and determine if recorded property is owned by the entity as evidenced by contracts, invoices, receipt/transfer documents or other applicable records. 18 Valuation or Allocation • Asset, liability, equity, revenue and expense components have been included in the financial statements at appropriate amounts. – Audit Tests (Evidence Required): • Test records and determine if they are recorded in the proper category and at the right cost for the proper accounting period • Test for actual, historical or depreciated costs 19 Presentation and Disclosure • Particular components of the financial statements are properly classified, described and disclosed. – Audit Tests (Evidence Required): • Test whether footnotes contain all information required to be disclosed • Test categories (are they properly recorded as acquisitions, disposals, repairable, expendable, salvageable) 20 Real and Personal Property Source Documentation • Audit trails exist within iNFADS and DPAS • Real and personal property source documentation to support “rights and obligations” is maintained (DD-1354 and DD-1348) • Real and personal property transactions are capitalized at DON’s threshold • Source documentation to support disposals is being maintained for real and personal property • Real property capital improvements and repairs are categorized and reported 21 Real and Personal Property Internal Control • Monthly reconciliations of real and personal property are performed • Resource Elevations Analysis (REAs) ensure that real and personal property inventories are performed, and that source documentation was maintained • Perform existence and completeness testing of real and personal property • Real and personal property financial information is input timely into DPAS/iNFADS 22 The Goal: Sustainment Maintaining an audit readiness condition through the execution of regular, consistent, and well-controlled (internal controls) business processes photo by Photographer’s Mate 1st Class David M. Tilton 23 Contact Information Thank you for your time and attention Gregory Sinclitico 202-433-6401 Gregory.Sinclitico@navy.mil Barbara McCabe 202-433-6871 Barbara.McCabe@navy.mil 24