CDFM Module 3 competency 4 - Auditing

What did CFO Act require?

Federal agencies to prepare financial statements

Largest 24 federal deps/agencies had to create office of CFO

New position - Deputy Director for management - created in OMB.

What is the lasting impact of the CFO Act?

Transformed the federal financial management system from backroom function, out of sight out of mind, to a boardroom function, a key component of planning and decision-making at the executive level.

What does the FIAR methodology do?

Maximizes potential for successful financial statement audits by considering methods financial statement auditors use to assess financial statement accuracy in accordance with auditing standards codified by American Institute of CPAS (AICPA).

What's the primary purpose of an FS audit?

To receive an unmodified opinion

In addition to reporting on financial statement audits, performed in accordance with GAGAS, what types of reports are required?

Reports on ICOFR

What standards does GAGAS incorporate?

AICPA Statements on Auditing Standards (SAS)

What are the most crucial aspects of an agency to have sorted out to pass a FS audit?

financial reports and assets

What are the two priority areas related to achieving a successful audit USD(C) has designated?

Improving budgetary information and mission critical asset information

What does the FIAR guidance provide in terms of path for DoD agencies to follow?

It provides a critical path for all DoD entities to follow and balances need for short-term accomplishments against long-term goal of achieving an unmodified opinion

List the 4 FIAR waves

1. Appropriations received audits (been completed)
2. Statement of Budgetary Resources Audit (including FBwT reconciliation)
3. Mission Critical Asset E&C Audit
4. Full financial statements audit

What does the SBR show?

The flow of funds

What does wave 2 involve?

All processes, internal controls, systems and supporting documentation that will be within scope of an SBR audit

What does wave 3 include?

E&C, assets recorded in APSR - doesn't include valuation (which is included in wave 4)

what does wave 4 involve?

assertions include all material reporting entity line items (costs), account balances, financial transactions affecting the BS, SNC, and statement of changes in net position not covered in previous waves.

Most of that previous work pertains to resolving any disconnects in interdependencies within the financial accounts (e.g., correlation between unobligated balances and unpaid obligations)

What did the 2014 NDAA require?

DoD to ensure financial statements are validated and ready for audit NLT Sept 30 2017

what did the 2011 NDAA require?

To perform a business case analysis examining options for valuing and reporting assets on DoD FS.

What was the conclusion of the 2011 business case analysis?

valuing assets at historical cost would not be worth the cost of executing this exercise. SFFAS 48 was released.

SFFAS 3 requires implementation of new acquisition processes/controls to ensure historical costs are preserved

Net book value of assets, over time, becomes immaterial (assumption)

What % of DoD General Fund budgetary data was under independent audit in 2015?

91%

why are audits of federal gov. entities important?

Essential for public accountability and control

Required by legislation

What is the other name for GAGAS?

the "Yellow Book" - auditing standards

What is the scope of the GAS?

ethical principles
general standards for all audits and engagements
field work standards
reporting standards
non-audit work

Who must follow GAS?

US GAO
Federal OIGs
Other federal auditors, including army/Navy/AF groups
Military internal review groups
non-federal auditors when auditing federal organizations, programs, activities, and functions

What are key standards for auditors to maintain in a gov audit?

Impendence
Professional judgement
competence
control and assurance

What does independence comprise?

Independence of Mind
Independence of appearance

what are independence of mind and appearance?

Mind - permits performance of audit without being professional judgement being compromised

Appearance - absence o circumstances that would cause reasonable/informed third party to conclude that integrity, objectivity, or processional skepticism of audit org. or member of audit team had been compromised.

What are some threats to auditor independence?

Self-interest - financial or other interest influences

Self-review - threat that auditor/organization will not evaluate results o previous judgements made or services performed fairly

Bias - political/ideological leanings influence

familiarity - relationship with management/family

Undue influence - external influence affects auditor's judgement

Management Participation - threat that results from auditor's taking role of management or otherwise preforming management functions on behalf of entity undergoing audit

Structural threat - threat that audit organization's placement within organization will lead to biased work

what are the key aspects of auditor professional judgement?

Exercise reasonable care and diligence
maintain integrity and objectivity
carefully select the methodology and procedures for gathering info

what are the key aspects of auditor competence?

standards require:
staff collectively possess adequate professional competency for task required
80 hours of continuing education every two years
should be knowledgeable of GAGAS and be able to communicate clearly and effectively

What are the key aspects of audit quality control and assurance?

Two components:

1. Audit orgs. must establish system to provide reasonable assurance that it and its people comply with prof. standards and applicable legal requirements.

2. Must have an external peer review performed by reviewers independent of the audit org. being reviewed at least once every three years.

What are GAO standards in conducting audits and attestation engagements?

Contain requirements, guidance, and considerations for audits and attestation engagements conducted in accordance with GAGAS:

1. standards for financial audits
2. field work standards for performance audits
3. standards for attestation engagements

What is the GAO Yellow book's main focus?

Additional requirements, guidance, considerations beyond the SAS Statements

for financial audits, AICPA standards address planning, consideration of internal control and the need for evidence to support auditor's opinion. the Yellow Book lists additional requirements for performing financial audits

T/F: The Yellow book doesn't require field work in performance audits and attestation engagements

False

Y/N: The AICPA doesn't have separate standards for performance audits

Yes

What are the yellow book field work standards for performance audits?

Standards for planning, including consideration of IC, evidence, supervising staff, audit documentation.

Yellow book provides guidance in form of framework for auditors that considers:

1. reasonable assurance (whether evidence is sufficient and appropriate)
2. concept of significance (similar to financial auditor materiality)
3. Audit risk (possibility that findings, conclusions, recs, or assurance may be improper or incomplete)

What does yellowbook provide?

Provides auditors with guidance for writing audit and attestation engagement reports

what do AICPA standards address for financial audits?

1. compliance with GAAP
2. consistence of application of accounting principles
3. whether management's disclosures are reasonable and adequate
4. type of auditor opinion

what is an attestation engagement

In compliance attestation engagements, CPAs address an organization's compliance with specified requirements, or its internal control over compliance with specific laws and regulations.

Who does DODIG report to?

Reports to the SECDEF directly

What does the DODIG do?

Provides leadership
conducts, supervises, monitors, and initiates audits and investigations << emphasized
recommends policies for economy, efficiency, and effectiveness
recommends policies for prevention/detection of fraud/abuse

What did the Inspector General Act of 1978 require?

that Federal inspectors general comply with Comptroller gen's standards for audits. Under that requirement, DODIG serves as independent and objective official in DoD.

IG serves an independent and objective official in DoD

How is quality control achieved in DoD

through establishment of QC program based on GAGAS guidance

Provides reasonable assurance that doD auditors have complied with applicable auditing standards and doD audit policies

What does the DoD audit handbook do?

Supplements policy guidance contained in Yellow Book and provides policies designed to maintain integrity of internal operations of the OIG for auditing organization

Who do the Naval audit service and Army/AF audit agencies report to?

Service secretary or under secretary (respective)

Who are the main audit groups within DoD?

DODIG
Army Audit Agency
Naval Audit Service
AF Audit Agency

Does the GAO perform audits?

Yes - part of legislative branch

GAO, by law, is required to audit the consolidated FS for the entire federal government

Who does GAO report to?

congress

Who heads the GAO?

Comptroller General
15-year appointment

What types of audits does GAO perform?

Mainly performance but it does financial as well - logistics, HR, readiness, maintenance.

What must DoD internal audits achieve?

Make sure that:

1. Plans are established, including strategic planning requirements established by GPRA 1994 and GPRMA 2010
2. Written policies/procedures are provided to guide audit staff
3. Policies procedures include receiving, controlling, screening, and assuring appropriate disposition of allegations involving waste, mismanagement, fraud, and abuse

When can doD contract for non-federal auditors to perform audit services on DoD projects?

1. Expertise required to perform audit not available within DoD audit organization
2. temp. assistance is required to meet audit-reporting requirements mandated by law or DoD regulations

What are the types of audits?

Financial
Performance
Attestation

Which type of audit is most common?

Performance audits

What are two conditions of all federal audits?

They are all intitiated/conducted by basic legislative authority or in response to congressional or other requests (often by management)

Generally defined as financial, performance, or attestation

What does the GMRA 1994 require as it relates to audits?

Treasury to annually prepare and submit to Pres. and congress audited FS of the preceding FY, covering all accounts and associated activities of the Exec. branch of US

What does the DCAA do?

the Defense Contract Audit Agency audits all necessary contract audits of DoD - provides accounting and financial advisory services regarding contracts and subcontracts to all DoD components responsible for procurement and contract administration.

Provides these services in connection with negotiation, administration, and settlement of contracts and subcontracts

Who does DCAA report to?

USD comptroller

Summarize what a financial audit entails

They determine whether

1. financial info presented in accordance with established or stated criteria
2. adhered to specific financial compliance requirements
3. An intenral control structure over financial reporting and/or safeguarding of assets tha tis suitably designed and implemented to achieve control objectives

Objectives for financial audits are predetermined and not defined by audit org Generic objective is to provide opinion on whether FS are presented fairly in all material respects.

Summarize what a performance audit entails

Program effectiveness, economy, efficiency
internal control
compliance with applicable laws, regulations, and public policies
prospective analyses (analysis or conclusions about information that is based on assumptions about events that may occur in the future along with possible actions that the audited entity may take in response to future events).

do performance audit objectives differ based on audit org?

Yes, typically. common generic objective is to assess the adequacy of performance and, if poor, appraise consequences and determine cause and actions that might be taken to improve performance.

Summarize what a attestation audit entails

Auditors issue opinion as result of examination. Consclusion as the result of a review, and, a report as the result of an agreed-upon procedures relating to a subject matter or assertion made by management

Is the risk of fraud and abuse considered across all audits?

Yes

In FS audits, interested in non compliance with there may be a material impact

In attestation, practitioner (eq. to auditor) reviews for errors, fraud, illegal act, violations of contracts or grant agreements, or abuse that could have material effect on subject matter

What are the Yellow Book principles that govern non-audit services

1. Non-audit services should not involve preforming management functions or making management decisions
2. audit orgs. should not audit their own work or provide non-audit services in situations where non-audit services are significant or material to subject matter of audits.

How do audit organizations select the areas for audit coverage?

By identifying:

1. Regulatory and statutory requirements
2. Specific concerns of management and congress
3. high-risk areas

How does GPRA affect federal overall audit plan?

planning influenced by GPRA because requires fed agencies to be more effective in planning, budgeting, executing, evaluating, and accounting for federal programs. Intended to change way many programs operate and are managed. DoD IA orgs. should develop strat. plans that align their goals with parent orgs.

When is an audit plan prepared?

After considering most important areas are select for audit coverage by identifying audit areas, considering regulatory/statutory reqs, identifying what is consistent with GPRA management plan, identifying specific concerns of management and congress, and identifying high-risk areas.

What are the phases of a government audit?

Plan - define audit objectives/scope/methodology
Review - gather evidence to support conclusions/recs
report - prepare written report on audit

What is the basic tool used by auditors to organize and control audits referred to as?

the audit program

What are the key areas of the audit planning phase?

Defining OSM (objective, scope. methodology)

additionally, evaluating whether aduited entity has taken appropriate corrective action to address findings and recs from prior adits

What are the key areas of the audit review phase?

gathering audit evidence that is:
sufficient (quantity)
appropriate (quality)

What areas hsould be considered when gathering information?

Prior performance
performance of similar entities (if applicable)
findings or recommendations that have been previously reported

What muse evidence be, according to AICPA and GAO?

They state that evidence must be sufficient and approrpiate to afford a reasonable basis for auditor's opinion.

for attestations, AICPA and GAO state evidence must be sufficient to provide a basis for the conclusion expressed in the report

do auditors verify computer based data is accurate?

Yes - they should obtain evidence that it is accurate. Often done by performing physical inventory. Indepdent verification necessary regardless of whether date are provided to aduditors or if auditors extract them

^^ will be scenario

trust but verify is common theme here (3.4.26)

Can an auditor claim cost savings if their recommendation leads to reduction of approved program?

Yes

What standard do auditors follow for the report phase?

GAGAS

What does GAGAS require of auditors during the audit report phase?

That they prepare written or electronic audit reports that:

1. communicate results of audit to management
2. make audit information available for timely use by management
3. comply with standards for form, content, and distribution

What do AICPA standards require for the audit report phase?

whether statements wre in accordance with GAAP
inconsistencies with last year
whether informative disclosures were reasonably adequate
statement of opinion regarding financial statements

What does yellow book say about the audit report phase?

says that auditors must follow GAO's added standards

- reporting auditor's compliance with GAGAS
- reporting on internal control and compliance with provisions of laws, regulations, contracts, grant agreements
- communicating deficiencies in internal control fraud, with provisions of laws, regulations, contracts, grant agreements
- reporting views of responsible officials
- reporting confidential or sensitive information
- distributing reports

What are the types of audit opinions?

1. Unmodified (best)
2. Modified (exception)
3. Disclaimer (unable to render an opinion, not enough facts)
4. statement of adverse (material misstatement of fact and failure to follow GAAP

what would not be included in a performance audit report?

Areas of future audits

Who is responsible for resolving audit findings and recommendations?

auditee management

what are elements of performance audit reports?

Must be:

retrievable, suitable form
contents must include objectives, scope, methodology, findings, compliance with yellow book
distribution
quality elements

What are the elements of audit findings?

Condition
Criteria
Cause
Effect
recommendation (fifth element)

What are potential benefits of audit reports?

Monetary - expressed in financial terms. May be classified as funds put to better use or as questioned cost

Non monetary - valuable to gov. but cannot be expressed in monetary terms (e.g., operational readiness, personnel safety, data accuracy, compliance with laws/regulations, streamlining organizations and processes)

If there is excess equipment that has not been evaluated for value by the aduitor, should it be expressed as having monetary value on an audit report?

No

What is audit review of internal control?

Provides reasonable assurance that organization's objectives are being achieved:

Required for all audits and attestation engagements
Useful in designing the nature, timing, and extent of further audit procedures

What requires auditors to review internal controls?

GAGAS

How can internal controls affect an audit?

Based on auditor's internal control assessment, they may modify the nature, timing, and extent of their audit procedures. Poorly controlled aspects of a program have higher risk of failure, so auditors may focus on those. May limit testing in areas that are well controlled.

What standards do auditors apply when evaluating ICs?

GAO Green Book