AU Section 800
AU Section 801
Compliance Auditing Considerations in Audits of Governmental Entities and Recipients of Governmental Financial Assistance
(Supersedes SAS No. 68)
Source: SAS No. 74; SAS No. 75.
Effective for audits of financial statements and of compliance with laws and regulations for fiscal periods ending after December 31, 1994, unless otherwise indicated.
Introduction and Applicability
This section [fn 1] is applicable when the auditor is engaged to audit a governmental entity under generally accepted auditing standards (GAAS), and engaged to test and report on compliance with laws and regulations under Government Auditing Standards (the Yellow Book) or in certain other circumstances involving governmental financial assistance, fn 2fn 3 such as single or organization-wide audits or program-specific audits under certain federal or state audit regulations. fn 4
Specifically, this section provides general fn 5 guidance to the auditor to—
- Apply the provisions of section 317, Illegal Acts by Clients, relative to detecting misstatements resulting from illegal acts related to laws and regulations that have a direct and material effect on the determination of financial statement amounts in audits of the financial statements of governmental entities and other recipients of governmental financial assistance (paragraphs .03 through .07).
- Perform a financial audit in accordance with Government Auditing Standards, issued by the Comptroller General of the United States (paragraphs .08 and .09). fn 6
- Perform a single or organization-wide audit or a program-specific audit in accordance with federal audit requirements (paragraphs .10 through .20).
- Communicate with management if the auditor becomes aware that the entity is subject to an audit requirement that may not be encompassed in the terms of his or her engagement (paragraphs .21 through .23).
Effects of Laws on Financial Statements
The Governmental Accounting Standards Board's (GASB's) Codification of Governmental Accounting and Financial Reporting Standards, section 1200.103, recognizes that governmental entities generally are subject to a variety of laws and regulations that affect their financial statements.
An important aspect of GAAP [generally accepted accounting principles] as applied to governments is the recognition of the variety of legal and contractual considerations typical of the government environment. These considerations underlie and are reflected in the fund structure, bases of accounting, and other principles and methods set forth here, and are a major factor distinguishing governmental accounting from commercial accounting.
For example, such laws and regulations may address the fund structure required by law, regulation, or bond covenant; procurement; debt limitations; and legal authority for transactions.
Federal, state, and local governmental entities provide financial assistance to other entities, including not-for-profit organizations and business enterprises that are either primary recipients, subrecipients, fn 7 or beneficiaries. Among the forms of governmental financial assistance are grants of cash and other assets, loans, loan guarantees, and interest-rate subsidies. fn 8 By accepting such assistance, both governmental and nongovernmental entities may be subject to laws and regulations that may have a direct and material effect on the determination of amounts in their financial statements.
Management is responsible for ensuring that the entity complies with the laws and regulations applicable to its activities. That responsibility encompasses the identification of applicable laws and regulations and the establishment of controls designed to provide reasonable assurance that the entity complies with those laws and regulations. The auditor's responsibility for testing and reporting on compliance with laws and regulations varies according to the terms of the engagement.
Section 317 describes the auditor's responsibility, in an audit performed in accordance with GAAS, for considering laws and regulations and how they affect the audit. Thus, the auditor should design the audit to provide reasonable assurance that the financial statements are free of material misstatements resulting from violations of laws and regulations that have a direct and material effect on the determination of financial statement amounts.
The auditor should obtain an understanding of the possible effects on financial statements of laws and regulations that are generally recognized by auditors to have a direct and material effect on the determination of amounts in an entity's financial statements. The auditor should also assess whether management has identified laws and regulations that have a direct and material effect on the determination of amounts in the entity's financial statements and obtain an understanding of the possible effects on the financial statements of such laws and regulations. The auditor may consider performing the following procedures in assessing such laws and regulations and in obtaining an understanding of their possible effects on the financial statements.
- Consider knowledge about such laws and regulations obtained from prior years' audits.
- Discuss such laws and regulations with the entity's chief financial officer, legal counsel, or grant administrators.
- Obtain written representation from management regarding the completeness of management's identification.
- Review the relevant portions of any directly related agreements, such as those related to grants and loans.
- Review the minutes of meetings of the legislative body and governing board of the governmental entity being audited for the enactment of laws and regulations that have a direct and material effect on the determination of amounts in the governmental entity's financial statements.
- Inquire of the office of the federal, state, or local auditor, or other appropriate audit oversight organization about the laws and regulations applicable to entities within their jurisdiction, including statutes and uniform reporting requirements.
- Review information about compliance requirements, such as the information included in the Compliance Supplements issued by OMB: Compliance Supplement for Single Audits of State and Local Governments and Compliance Supplement for Audits of Institutions of Higher Learning and Other Non-Profit Institutions, Catalog of Federal Domestic Assistance, issued by the Government Printing Office, and state and local policies and procedures.
Government Auditing Standards
Government Auditing Standards contains standards for audits of government organizations, programs, activities, and functions and of government assistance received by contractors, not-for-profit organizations, and other nongovernment organizations. These standards, which include designing the audit to provide reasonable assurance of detecting material misstatements resulting from noncompliance with provisions of contracts or grant agreements that have a direct and material effect on the determination of financial statement amounts, are to be followed when required by law, regulation, agreement, contract, or policy. fn 9
For financial audits, Government Auditing Standards prescribes fieldwork and reporting standards beyond those required by GAAS. The general standards of Government Auditing Standards relate to qualifications of the staff, independence, due professional care, and quality control.
Federal Audit Requirements
Although the scope and reporting requirements of an audit of a recipient of federal financial assistance in accordance with federal audit regulations vary, the audits generally have the following elements in common.
- The audit is to be conducted in accordance with GAAS and Government Auditing Standards.
- The auditor's consideration of internal control is to include obtaining and documenting an understanding of internal control established to ensure compliance with the laws and regulations applicable to the federal financial assistance. In some instances, federal audit regulations mandate a "test of controls" to evaluate the effectiveness of the design and operation of the policies and procedures in preventing or detecting material noncompliance.
- The auditor is to issue a report on the consideration of internal control described above.
- The auditor is to determine and report on whether the federal financial assistance has been administered in accordance with applicable laws and regulations (that is, compliance requirements). [fn 10]
A recipient of federal financial assistance may be subject to a single or organization-wide audit or to a program-specific audit. A number of federal audit regulations permit the recipient to "elect" to have a program-specific audit, whereas other federal audit regulations require a program-specific audit in certain circumstances. In planning the audit, the auditor should determine and consider the specific federal audit requirements fn 11 applicable to the engagement, including the issuance of additional reports. As noted in paragraph .10 of this section, federal audit regulations for both single or organization-wide audits and program-specific audits generally require consideration of internal control beyond what is normally required by GAAS and Government Auditing Standards and a determination of whether applicable compliance requirements have been met.
Compliance Requirements Applicable to Federal Financial Assistance Programs
Compliance requirements applicable to federal financial assistance programs are usually one of two types: general and specific. General requirements involve national policy and apply to all or most federal financial assistance programs. fn 12
Specific requirements apply to a particular federal program and generally arise from statutory requirements and regulations. The OMB's Compliance Supplements set forth general and specific requirements for many of the federal programs awarded to state and local governments and to not-for-profit organizations, as well as suggested audit procedures to test for compliance with the requirements.
For program-specific audits, the auditor should consult federal grantor agency audit guides to identify general requirements that are statutory and regulatory requirements pertaining to certain federal programs, specific requirements for a particular program, and suggested audit procedures to test for compliance with the requirements.
In addition to those identified in the OMB's Compliance Supplements or federal grantor agency audit guides, specific requirements may also be enumerated in grant agreements or contracts.
Generally, the auditor is required to determine whether the recipient has complied with the general and specific requirements. The form of the report and the required level of assurance to be provided in the report may vary, depending on the requirements of a particular agency or program. For example, if reporting on compliance requirements, the auditor may be required to report findings relating to compliance with those requirements or the auditor may be required to express an opinion on whether the recipient has complied with the requirements applicable to its major fn 13 federal financial assistance programs. fn 14
Evaluating Results of Compliance Audit Procedures on Major Federal Financial Assistance Programs
In evaluating whether an entity has complied with laws and regulations that, if not complied with, could have a material effect on each major federal financial assistance program, the auditor should consider the effect of identified instances of noncompliance on each such program. In doing so, the auditor should consider—
- The frequency of noncompliance identified in the audit.
- The adequacy of a primary recipient's system for monitoring subrecipients and the possible effect on the program of any noncompliance identified by the primary recipient or the auditors of the subrecipients.
- Whether any instances of noncompliance identified in the audit resulted in questioned costs, as discussed below, and, if they did, whether questioned costs are material to the program. fn 15
The criteria for classifying a cost as a questioned cost vary from one federal agency to another. In evaluating the effect of questioned costs on the opinion on compliance, the auditor considers the best estimate of total costs questioned for each major federal financial assistance program (hereafter referred to as likely questioned costs), not just the questioned costs specifically identified (hereafter referred to as known questioned costs). When using audit sampling, as defined in section 350, Audit Sampling, in testing compliance, the auditor should project the amount of known questioned costs identified in the sample to the items in the major federal financial assistance program from which the sample was selected.
Regardless of the auditor's opinion on compliance, federal audit regulations may require him or her to report any instances of noncompliance found and any resulting questioned costs. In reporting instances of noncompliance, the auditor should follow the provisions of Government Auditing Standards. For purposes of reporting questioned costs, the auditor is not required to report likely questioned costs; rather, the auditor should report only known questioned costs.
When evaluating the results of compliance audit procedures on federal financial assistance programs, the auditor also should consider whether identified instances of noncompliance affect his or her opinion on the entity's financial statements (see paragraph .06).
Communications Regarding Applicable Audit Requirements
Management is responsible for obtaining audits that satisfy relevant legal, regulatory, or contractual requirements. Auditors should exercise due professional care in ensuring that they and management understand the type of engagement to be performed. If a proposal, contract, or engagement letter is used, an auditor should consider including in it a statement about the type of engagement and whether the engagement is intended to meet specific audit requirements.
GAAS do not require the auditor to perform procedures beyond those he or she considers necessary to obtain sufficient competent evidential matter to form a basis for the opinion on the financial statements. However, if during a GAAS audit of the financial statements the auditor becomes aware that the entity is subject to an audit requirement that may not be encompassed in the terms of the engagement, the auditor should communicate to management and the audit committee, or to others with equivalent authority and responsibility, that an audit in accordance with GAAS may not satisfy the relevant legal, regulatory, or contractual requirements. fn 16 For example, the auditor will be required to make this communication if an entity engages an auditor to perform an audit of its financial statements in accordance with GAAS and the auditor becomes aware that by law, regulation, or contractual agreement the entity also is required to have an audit performed in accordance with one or more of the following:
- Government Auditing Standards
- The Single Audit Act of 1984 and OMB Circular A-128, Audits of State and Local Governments
- OMB Circular A-133, Audits of Institutions of Higher Education and Other Nonprofit Institutions
- Other compliance audit requirements, such as state or local laws or program-specific audits under federal audit guides
The communication required by paragraph .22 of this section may be oral or written. If the communication is oral, the auditor should document the communication in the working papers. The auditor should consider how the client's actions in response to such communication relate to other aspects of the audit, including the potential effect on the financial statements and on the auditor's report on those financial statements. Specifically, the auditor should consider management's actions (such as not arranging for an audit that meets the applicable requirements) in relation to the guidance in section 317.
The provisions of this section are effective for audits of financial statements and of compliance with laws and regulations for fiscal periods ending after December 31, 1994. Early application of this section is encouraged.