Governmental Auditing Standards: GAAS, Yellow Book and Single Audit Act of 1984 | CPA Exam FAR

This page covers Government Auditing Standards and Single Audits issued by Government Accountability Office  which is commonly known as the “Yellow Book”.

Government Auditing Standards - Yellow Book Course

The Single Audit Act of 1984

Sources of Auditing Standards

Auditing standards in the United States are issued primarily by the American Institute of Certified Public Accountants (AICPA) through pronouncements of the Auditing Standards Board (ASB) and other AICPA appointed groups. There are various Audit and Accounting Guides, including “State and Local Governments” (AAG-SLG), “Not-for-Profit Entities,” and “Health Care Entities.” In addition there is an Audit Guide covering government auditing standards and Single Audits, “Government Auditing Standards and Single Audits” (AAG-GAS). These AAGs have been reviewed and cleared by the ASB and are considered authoritative. In addition to AICPA guidance, the United States Government Accountability Office (GAO) issues “Government Auditing Standards,” which is commonly known as the “Yellow Book” due to the color of its cover. The AICPA auditing standards are referred to as generally accepted auditing standards (GAAS), and the GAO “Yellow Book” standards are known as generally accepted government auditing standards (GAGAS). The GAGAS begins with GAAS as its base and adds additional requirements to address accountability needs of governments and is used primarily by the federal government and those states, local governments, and not-for-profit organizations receiving federal financial assistance. Even those governments that do not receive any federal financial assistance may choose to utilize GAGAS.

Although not directly affecting the audits of government, public companies that must register with the Securities and Exchange Commission (SEC) must be audited in accordance with standards issued by the Public Company Accounting Oversight Board (PCAOB). Outside the United States, other nations largely follow International Standards on Auditing issued by the International Auditing and Assurance Standards Board. Recognizing the need for consistency in auditing standards world-wide, the AICPA has undergone a major project to converge its standards with international standards whenever possible while avoiding unnecessary conflicts with PCAOB. Audit standards should be distinguished from audit procedures. Audit standardsare guidelines that deal with overall audit quality, whereas procedures are the actual work that is performed. Standards govern the auditor’s judgment in deciding which procedures will be used, the way they will be used, when they will be used, and the extent to which they will be used. No listing of audit procedures is attempted here.

  1. Financial audits typically are concerned primarily with providing reasonable assurance about whether financial statements are presented fairly in all material respects in conformity with:

    • generally accepted accounting principles (GAAP), or

    • a comprehensive basis of accounting other than GAAP (OCBOA).

  2. Other objectives originating with financial audits, which provide for different levels of assurance and entail various scopes of work, may include (a) providing special reports for specified elements, accounts, or items of a financial statement; (b) reviewing interim financial information; (c) issuing letters for underwriters and certain other requesting parties; (d) reporting on the processing of transactions by service organizations; and (e) auditing compliance with regulations relating to federal award expenditures and other governmental financial assistance in conjunction with or as a by-product of a financial statement audit.

  3. Attestation engagements concern examining, reviewing, or performing agreed-upon procedures on a subject matter or assertion and reporting on the results. Attestation engagements can cover a broad range of financial or nonfinancial subjects, can be part of a financial audit or performance audit, and may include reports on the following: An entity’s internal control over financial reporting An entity’s compliance with requirements of specified laws, regulations, rules, contracts, or grants The effectiveness of an entity’s internal control over compliance with specified requirements, such as those governing the budgeting for, accounting for, and reporting on grants and contracts Management’s Discussion and Analysis (MD&A) presentation Prospective financial statements or pro-forma financial information The reliability of performance measures Final contract cost Allowability and reasonableness of proposed contract amounts Agreed-upon procedures Service Organization Control Reports to provide assurance regarding information processed by outside service organizations The primary distinction between category 2 and attestation engagements is that category 2 starts with the audit of the financial statements, with any additional tests and procedures often being included in the initial planning and incorporated into and performed simultaneously with the financial statement audit. Attestation engagements are performed independent from the financial statement audit under a completely separate set of standards that do not presume or rely on the financial audit process. Taken together, audit and attest will often be referred to under the broad umbrella of “assurance services.” GAGAS addressing the unique needs of government adds a fourth category of auditing: Performance audits entail both: an objective and systematic examination of evidence to provide an independent assessment of program performance and management compared with objective criteria, and assessments that provide a prospective focus or that synthesize information on best practices or cross-cutting issues. Performance audits provide information to improve program operations and facilitate decision making by those who oversee programs or initiate corrective action. Performance audits encompass a wide variety of objectives and may entail a broad or narrow scope of work and apply a variety of methodologies; involve various levels of analysis, research, or evaluation; generally provide findings, conclusions, and recommendations; and result in the issuance of a report. Program effectiveness and results audit objectives address the effectiveness of a program and typically measure the extent to which a program is achieving its goals and objectives. Economy and efficiency audit objectives concern whether an entity is acquiring, protecting, and using its resources in the most productive manner to achieve program objectives. Internal control audit objectives relate to management’s plans, methods, and procedures used to meet its mission, goals, and objectives. Internal control includes the processes and procedures for planning, organizing, directing, and controlling program operations, and the system put in place for measuring, reporting, and monitoring program performance. Compliance audit objectives relate to compliance criteria established by laws, regulations, contract provisions, grant agreements, and other requirements that could affect the acquisition, protection, and use of the entity’s resources and the quantity, quality, timeliness, and cost of services the entity produces and delivers. Financial audits and attestation engagements typically are performed by independent public accountants and auditors or by state auditors, whereas performance audits typically are performed by internal audit divisions of a government or by a subunit of a state audit organization. The U.S. Government Accountability Office has published extensive guidance for conducting performance audits. The primary focus of this chapter, however, is on external financial audits and single audits. In-depth discussions of attestation engagements and performance audits are beyond the scope of the chapter. External Auditor Classifications External audits are performed by persons who are independent of the administrative organization of the unit audited. There are three groups of independent auditors: (1) those who are officials of the governmental unit being examined, (2) those who are officials of a government other than the one being examined, and (3) independent certified public accountants (CPAs) licensed by their state or jurisdiction to perform audits. Most states and a few municipalities have an independent auditor either elected by the people or appointed by the legislative body. In such cases, the auditor is directly responsible to the legislative body or to the citizenry, not to the chief executive or anyone else in the executive branch of the government. Election of the independent auditor works well in some jurisdictions, but in others only minimal qualifications are needed to seek the office and the auditor may be elected “on the coattails” of the governor. The elected auditor’s independence and effectiveness may be significantly impaired in the latter situation. The term auditor is sometimes applied to the principal accounting officer of a state or county. In such cases the auditor is not, of course, an independent external auditor. State audit agencies in some states are responsible for auditing local governmental units, either routinely or at the request of the units or state officials. Such audit agencies do not necessarily audit any of the state agencies, although some do. Most local governmental audits are performed by independent certified public accountants, however. State audit agencies are increasingly (1) setting standards for the scope and minimum procedures of local government audits in their jurisdiction, (2) reviewing reports prepared by independent public auditors to ensure compliance with the standards, (3) performing “spot check” or test audit procedures when audit coverage appears to be insufficient, and (4) accumulating reliable and useful statewide statistics on local government finance. Those governments that use independent CPAs to perform their audit will typically acquire those services through a competitive selection process known as a request for proposal (RFP). The term proposal in government is often associated with acquiring professional services that are more subjective in nature and are not “bids” that are used to acquire commodities, goods, or services. An RFP will request the auditor to provide information regarding the firm’s knowledge of governmental accounting and auditing, specific audit approach, experience and references for similar engagements, the identity of the engagement team, peer reviews of the audit quality, and the proposed audit fees. To ensure objectivity, governments will often provide the criteria for selecting the winning proposer as part of the RFP. Governments should not simply select the proposer with the lowest audit fees, for that can often lead to poor quality; rather, governments should balance quality and experience with a fair price.