Add to collection(s) Add to saved
  1. Business
  2. Management

The Yellow Book

advertisement 
GAO Update:
What’s New in Government Auditing and
Internal Control Standards?
National State Auditors Association
2015 Annual Conference
June 12, 2015
Page 1
Session Objectives
• To discuss developments in Government Auditing Standards
(Yellow Book)
• To discuss GAO’s revision to the Standards for Internal
Control in the Federal Government (Green Book)
Page 2
Government Auditing Standards
Yellow Book
Update
Page 3
Yellow Book = “GAGAS”
GAGAS—Generally Accepted Government Auditing Standards:
• Broad statements of auditors’ responsibilities
• An overall framework for ensuring that auditors have the
competence, integrity, objectivity, and independence in
planning, conducting, and reporting on their work
• For financial audits and attestation engagements, incorporates
and builds on the AICPA standards (SASs and SSAEs)
Page 4
The 2011 Yellow Book: Applicability
• Chapters 1, 2, and 3 apply to all GAGAS engagements:
• Chapter 1: Government Auditing: Foundation and Ethical
Principles
• Chapter 2: Standards for Use and Application of GAGAS
• Chapter 3: General Standards
• Chapter 4: Standards for Financial Audits – applies only to
financial audits
• Chapter 5: Standards for Attestation Engagements – applies
only to attestation engagements
Page 5
The 2011 Yellow Book: Applicability (cont.)
• Chapters 6 and 7 apply only to performance audits:
• Chapter 6: Field Work Standards for Performance Audits
• Chapter 7: Reporting Standards for Performance Audit
• Appendix: Provides additional guidance (not requirements) for
all GAGAS engagements
• Interpretations: Available on the Yellow Book web page.
Provide additional guidance (not requirements) for areas of
particular interest or sensitivity
Page 6
Yellow Book Update
• Commonly Discussed Sections
• New Interpretation
• Future Plans for Revision
Page 7
Commonly Discussed Sections
•
Independence – Nonaudit services
•
Continuing Profession Education (CPE)
•
Peer Review
Page 8
Applying the Independence Framework
Conceptual Framework:
1. Identify threats to independence
2. Evaluate the significance of the threats identified, both
individually and in the aggregate
3. Apply safeguards as necessary to eliminate the threats or
reduce them to an acceptable level
4. Evaluate whether the safeguard is effective
Documentation Requirement: Para 3.24: When threats are not
at an acceptable level and require application of safeguards,
auditors should document the safeguards applied.
Page 9
Independence Conceptual Framework
Applying The Framework
Threats could impair independence
• Do not necessarily result in an independence impairment
Safeguards could mitigate threats
• Eliminate or reduce to an acceptable level
Page 10
Additional Documentation Requirements
1. Auditors must document application of safeguards in place
2. Auditors must document assessment of management’s skill,
knowledge, and experience (SKE) to oversee nonaudit
services
Page 11
Continuing Professional Education (CPE)
No revision to overall requirements
• Minimum of 24 hours of CPE every 2 years
• Government
• Specific or unique environment
• Auditing standards and applicable accounting principles
• Additional 56 hours of CPE for auditors involved in
• Planning, directing, or reporting on GAGAS assignments
or
• Charge 20 percent or more of time annually to GAGAS
assignments
• Minimum of 20 hours of CPE each year
Page 12
Peer Review Ratings
The peer review team uses professional judgment in deciding the
type of peer review report
Types of peer review ratings:
Page 13
New Interpretation: Peer Review Ratings
GAO developed interpretive guidance on assessing and
reporting on the results of peer reviews in government
environment:
• New report ratings do not change the thresholds for deficiency
reporting
• Matters identified during peer review that are not included in
report may be communicated orally or in writing
Page 14
Yellow Book Interpretations
•
Same authority as Yellow Book
•
Presented to Advisory Council
•
Addressed with key stakeholders
•
Posted to GAO website
Page 15
Future Plans for Revision
•
Areas being considered for revision include:
•
CPE
•
Competence
•
Further clarification of updates made in 2011
•
Updates for ASB attest section modifications
•
Peer review
Page 16
Standards for Internal Control
in the Federal Government
Going Green
Page 17
What’s in Green Book for
the Federal Government?
• Reflects federal internal control standards required per
Federal Managers’ Financial Integrity Act (FMFIA)
• Serves as a base for OMB Circular A-123
• Written for government
• Leverages the COSO Framework
• Uses government terms
Page 18
What’s in Green Book for
State and Local Governments?
• Is an acceptable framework for internal control on the state
and local government level under OMB’s Uniform Guidance
for Federal Awards
• Written for government
• Leverages the COSO Framework
• Uses government terms
Page 19
OMB’s Uniform Guidance for Federal Awards
§ 200.61 Internal controls.
Internal controls means a process, implemented by a nonFederal entity, designed to provide reasonable assurance
regarding the achievement of objectives in the following
categories:
(a) Effectiveness and efficiency of operations;
(b) Reliability of reporting for internal and external use; and
(c) Compliance with applicable laws and regulations.
Page 20
OMB’s Uniform Guidance for Federal Awards
§ 200.303 Internal controls.
The non-Federal entity must:
(a) Establish and maintain effective internal control over the
Federal award that provides reasonable assurance that the nonFederal entity is managing the Federal award in compliance with
Federal statutes, regulations, and the terms and conditions of the
Federal award. These internal controls should be in compliance
with guidance in ‘‘Standards for Internal Control in the Federal
Government’’ issued by the Comptroller General of the United
States and the ‘‘Internal Control Integrated Framework’’, issued
by the Committee of Sponsoring Organizations of the Treadway
Commission (COSO).
Page 21
What’s in Green Book for
Management and Auditors?
• Provides standards for management
• Provides criteria for auditors
• Can be used in conjunction with other standards, e.g.
Yellow Book
Page 22
Green Book Through the Years
1983
Present
Page 23
Updated COSO Framework
Released
May 14, 2013
Page 24
The COSO Framework
• Relationship of Objectives and Components
•
Direct relationship between objectives (which are what
an entity strives to achieve) and the components (which
represent what is needed to achieve the objectives)
• COSO depicts the relationship
in the form of a cube:
•
Three objectives: columns
•
Five components: rows
•
Organizational structure: third dimension
Source: COSO
Page 25
From COSO to Green Book: Harmonization
COSO
Green
Book
Page 26
Revised Green Book: Standards for
Internal Control in the Federal Government
Overview
Components
Page 27
Revised Green Book: Overview
• Explains fundamental concepts of internal control
Overview
Components
• Addresses how components, principles, and attributes relate
to an entity’s objectives
• Discusses management evaluation of internal control
• Discusses additional considerations
Page 28
Fundamental Concepts
• What is internal control in Green Book?
• OV1.01 Internal control is a process effected by an entity’s
oversight body, management, and other personnel that
provides reasonable assurance that the objectives of an
entity will be achieved.
• What is an internal control system in Green Book?
• OV1.04 An internal control system is a continuous built-in
component of operations, effected by people, that provides
reasonable assurance, not absolute assurance, that an
entity’s objectives will be achieved.
Page 29
Fundamental Concepts (cont.)
Put simply, internal control is a process to help entities achieve
objectives.
Page 30
Overview: Components, Principles, and
Attributes
Overview
Achieve Objectives
Components
Components
Principles
Attributes
Page 31
Revised Green Book: Principles
Page 32
Components and Principles
Page 33
Component, Principle, Attribute
Page 34
Overview: Components and Principles
• In general, all components and principles are
required for an effective internal control system
Overview
Components
• Entity should implement relevant principles
• If a principle is not relevant, document the rationale of how, in
the absence of that principle, the associated component could
be designed, implemented, and operated effectively
OV2.05: The 17 principles support the effective design,
implementation, and operation of the associated components
and represent requirements necessary to establish an effective
internal control system.
Page 35
Overview: Attributes
• Attributes are considerations that can contribute to
the design, implementation, and operating
effectiveness of principles
Overview
Components
OV2.07 excerpt: The Green Book contains additional information
in the form of attributes. . . Attributes provide further
explanation of the principle and documentation requirements
and may explain more precisely what a requirement means
and what it is intended to cover, or include examples of
procedures that may be appropriate for an entity.
Page 36
Overview: Management Evaluation
Overview
An effective internal control system requires
that each of the five components are:
Overview
Components
• Effectively designed, implemented, and operating
• Operating together in an integrated manner
Management evaluates the effect of deficiencies on the internal
control system
A component is not effective if related principles are not
effective
Page 37
Overview: Additional Considerations
The impact of service organizations on an entity’s
internal control system
Overview
Components
Discussion of documentation requirements in the Green Book
Applicability to state, local, and quasi-governmental entities as
well as not-for-profits
Cost/Benefit and Large/Small Entity Considerations
Page 38
Revised Green Book: Standards
• Control Environment
Overview
Components
• Risk Assessment
• Control Activities
• Information and Communication
• Monitoring
Page 39
Revised Green Book: Standards
• Explains principles for each component
Overview
Components
• Includes further discussion of considerations for principles
in the form of attributes
Page 40
Control Environment
Page 41
Risk Assessment
Page 42
Control Activities
Page 43
Information & Communication
Page 44
Monitoring
Page 45
Controls Across Components
Page 46
Documentation Requirements
• Excerpt from OV2.06: If management determines a principle is
not relevant, management supports that determination with
documentation that includes the rationale of how, in the
absence of that principle, the associated component could be
designed, implemented, and operated effectively.
Page 47
Documentation Requirements (cont.)
• Control Environment
• 3.09: Management develops and maintains documentation
of its internal control system.
• Control Activities
• 12.02: Management documents in policies the internal
control responsibilities of the organization.
Page 48
Documentation Requirements (cont.)
• Monitoring
• 16.09: Management evaluates and documents the results
of ongoing monitoring and separate evaluations to identify
internal control issues.
• 17.05: Management evaluates and documents internal
control issues and determines appropriate corrective
actions for internal control deficiencies on a timely basis.
• 17.06: Management completes and documents corrective
actions to remediate internal control deficiencies on a
timely basis.
Page 49
Accessibility of Green Book
• Comments raised during exposure identified new need:
• How do we make the Green Book more accessible to our
user community?
Page 50
The Green Book Layout
• Changed the layout of the Green Book itself to make it more
user friendly:
• Introduced a highlights page
• Facsimile page
• Graphics throughout the overview and standards
Page 51
Highlights Page
Page 52
Facsimile Page
Page 53
Cube as Navigation Aid
Page 54
The Green Book in Action
• Relationship between the Green Book and Yellow Book
Page 55
Green Book and Yellow Book
• Can be used by
management to
understand
requirements
• Can be used by
auditors to
understand criteria
Page 56
The Yellow Book: Framework for Audits
• Findings are composed of:
• Condition (What is)
• Criteria (What should be)
• Cause
• Effect (Result)
• Recommendation (as applicable)
Page 57
Linkage Between Criteria (Yellow Book) and
Internal Control (Green Book)
• Green Book provides criteria for
the design, implementation, and
operating effectiveness of an
effective internal control system
Page 58
The Yellow Book: Framework for Audits
• Findings are composed of:
• Condition (What is)
• Criteria (What should be)
• Cause
• Effect (Result)
• Recommendation (as applicable)
Page 59
Linkage Between Findings (Yellow Book) and
Internal Control (Green Book)
• Findings may have causes that
relate to internal control
deficiencies
Page 60
Effective Date
• Green Book effective beginning fiscal year 2016 and for the
FMFIA reports covering that year
• Management, at its discretion, may elect early adoption of the
Green Book
Page 61
Where to Find Us
• The Yellow Book is available on GAO’s website at:
www.gao.gov/yellowbook
• The Green Book is available on GAO’s website at:
www.gao.gov/greenbook
• For technical assistance, contact us at:
yellowbook@gao.gov or greenbook@gao.gov
or call (202) 512-9535
Page 62
Thank You
Questions?
Page 63
Related documents
The Green Book
The Green Book
The New 2006 Yellow Book
The New 2006 Yellow Book
Components
Components
Green Book
Green Book
Revisions to GAO's Standards for Internal Control, USA
Revisions to GAO's Standards for Internal Control, USA
BEC 2015 AICPA Released Questions Testlet
BEC 2015 AICPA Released Questions Testlet
Handout 2.1 - Office of the State Controller
Handout 2.1 - Office of the State Controller
1 The best definition of an accounting system is: a Journals, ledgers
1 The best definition of an accounting system is: a Journals, ledgers
PowerPoint Presentation - Road Safety Audit - Vej
PowerPoint Presentation - Road Safety Audit - Vej
Download
advertisement