The following auditing standard is not the current version and does not reflect any amendments effective on or after December 31, 2016. The current version of the auditing standards can be found here.
AU Section 800
Compliance Auditing
AU Section 801
Compliance Auditing Considerations in Audits of Governmental Entities and Recipients of Governmental Financial Assistance
- (.01 - .02) Introduction and Applicability
- (.03 - .07) Effects of Laws on Financial Statements
- (.08 - .09) Government Auditing Standards
- (.10 - .20) Federal Audit Requirements
- (.21 - .23) Communications Regarding Applicable Audit Requirements
- (.24) Effective Date
(Supersedes SAS No. 68)
Source: SAS No. 74; SAS No. 75.
Effective for audits of financial statements and of compliance with laws and regulations for fiscal periods ending after December 31, 1994, unless otherwise indicated.
Introduction and Applicability
.01
This section [fn 1] is applicable when the auditor is engaged to audit a governmental entity under generally accepted auditing standards (GAAS), and engaged to test and report on compliance with laws and regulations under Government Auditing Standards (the Yellow Book) or in certain other circumstances involving governmental financial assistance, fn 2fn 3 such as single or organization-wide audits or program-specific audits under certain federal or state audit regulations. fn 4
.02
Specifically, this section provides general fn 5 guidance to the auditor to—
- Apply the provisions of section 317, Illegal Acts by Clients, relative to detecting misstatements resulting from illegal acts related to laws and regulations that have a direct and material effect on the determination of financial statement amounts in audits of the financial statements of governmental entities and other recipients of governmental financial assistance (paragraphs .03 through .07).
- Perform a financial audit in accordance with Government Auditing Standards, issued by the Comptroller General of the United States (paragraphs .08 and .09). fn 6
- Perform a single or organization-wide audit or a program-specific audit in accordance with federal audit requirements (paragraphs .10 through .20).
- Communicate with management if the auditor becomes aware that the entity is subject to an audit requirement that may not be encompassed in the terms of his or her engagement (paragraphs .21 through .23).
Effects of Laws on Financial Statements
.03
The Governmental Accounting Standards Board's (GASB's) Codification of Governmental Accounting and Financial Reporting Standards, section 1200.103, recognizes that governmental entities generally are subject to a variety of laws and regulations that affect their financial statements.
An important aspect of GAAP [generally accepted accounting principles] as applied to governments is the recognition of the variety of legal and contractual considerations typical of the government environment. These considerations underlie and are reflected in the fund structure, bases of accounting, and other principles and methods set forth here, and are a major factor distinguishing governmental accounting from commercial accounting.
For example, such laws and regulations may address the fund structure required by law, regulation, or bond covenant; procurement; debt limitations; and legal authority for transactions.
.04
Federal, state, and local governmental entities provide financial assistance to other entities, including not-for-profit organizations and business enterprises that are either primary recipients, subrecipients, fn 7 or beneficiaries. Among the forms of governmental financial assistance are grants of cash and other assets, loans, loan guarantees, and interest-rate subsidies. fn 8 By accepting such assistance, both governmental and nongovernmental entities may be subject to laws and regulations that may have a direct and material effect on the determination of amounts in their financial statements.
.05
Management is responsible for ensuring that the entity complies with the laws and regulations applicable to its activities. That responsibility encompasses the identification of applicable laws and regulations and the establishment of controls designed to provide reasonable assurance that the entity complies with those laws and regulations. The auditor's responsibility for testing and reporting on compliance with laws and regulations varies according to the terms of the engagement.
.06
Section 317 describes the auditor's responsibility, in an audit performed in accordance with GAAS, for considering laws and regulations and how they affect the audit. Thus, the auditor should design the audit to provide reasonable assurance that the financial statements are free of material misstatements resulting from violations of laws and regulations that have a direct and material effect on the determination of financial statement amounts.
.07
The auditor should obtain an understanding of the possible effects on financial statements of laws and regulations that are generally recognized by auditors to have a direct and material effect on the determination of amounts in an entity's financial statements. The auditor should also assess whether management has identified laws and regulations that have a direct and material effect on the determination of amounts in the entity's financial statements and obtain an understanding of the possible effects on the financial statements of such laws and regulations. The auditor may consider performing the following procedures in assessing such laws and regulations and in obtaining an understanding of their possible effects on the financial statements.
- Consider knowledge about such laws and regulations obtained from prior years' audits.
- Discuss such laws and regulations with the entity's chief financial officer, legal counsel, or grant administrators.
- Obtain written representation from management regarding the completeness of management's identification.
- Review the relevant portions of any directly related agreements, such as those related to grants and loans.
- Review the minutes of meetings of the legislative body and governing board of the governmental entity being audited for the enactment of laws and regulations that have a direct and material effect on the determination of amounts in the governmental entity's financial statements.
- Inquire of the office of the federal, state, or local auditor, or other appropriate audit oversight organization about the laws and regulations applicable to entities within their jurisdiction, including statutes and uniform reporting requirements.
- Review information about compliance requirements, such as the information included in the Compliance Supplements issued by OMB: Compliance Supplement for Single Audits of State and Local Governments and Compliance Supplement for Audits of Institutions of Higher Learning and Other Non-Profit Institutions, Catalog of Federal Domestic Assistance, issued by the Government Printing Office, and state and local policies and procedures.
Government Auditing Standards
.08
Government Auditing Standards contains standards for audits of government organizations, programs, activities, and functions and of government assistance received by contractors, not-for-profit organizations, and other nongovernment organizations. These standards, which include designing the audit to provide reasonable assurance of detecting material misstatements resulting from noncompliance with provisions of contracts or grant agreements that have a direct and material effect on the determination of financial statement amounts, are to be followed when required by law, regulation, agreement, contract, or policy. fn 9
.09
For financial audits, Government Auditing Standards prescribes fieldwork and reporting standards beyond those required by GAAS. The general standards of Government Auditing Standards relate to qualifications of the staff, independence, due professional care, and quality control.
Federal Audit Requirements
.10
Although the scope and reporting requirements of an audit of a recipient of federal financial assistance in accordance with federal audit regulations vary, the audits generally have the following elements in common.
- The audit is to be conducted in accordance with GAAS and Government Auditing Standards.
- The auditor's consideration of internal control is to include obtaining and documenting an understanding of internal control established to ensure compliance with the laws and regulations applicable to the federal financial assistance. In some instances, federal audit regulations mandate a "test of controls" to evaluate the effectiveness of the design and operation of the policies and procedures in preventing or detecting material noncompliance.
- The auditor is to issue a report on the consideration of internal control described above.
- The auditor is to determine and report on whether the federal financial assistance has been administered in accordance with applicable laws and regulations (that is, compliance requirements). [fn 10]
.11
A recipient of federal financial assistance may be subject to a single or organization-wide audit or to a program-specific audit. A number of federal audit regulations permit the recipient to "elect" to have a program-specific audit, whereas other federal audit regulations require a program-specific audit in certain circumstances. In planning the audit, the auditor should determine and consider the specific federal audit requirements fn 11 applicable to the engagement, including the issuance of additional reports. As noted in paragraph .10 of this section, federal audit regulations for both single or organization-wide audits and program-specific audits generally require consideration of internal control beyond what is normally required by GAAS and Government Auditing Standards and a determination of whether applicable compliance requirements have been met.
Compliance Requirements Applicable to Federal Financial Assistance Programs
.12
Compliance requirements applicable to federal financial assistance programs are usually one of two types: general and specific. General requirements involve national policy and apply to all or most federal financial assistance programs. fn 12
.13
Specific requirements apply to a particular federal program and generally arise from statutory requirements and regulations. The OMB's Compliance Supplements set forth general and specific requirements for many of the federal programs awarded to state and local governments and to not-for-profit organizations, as well as suggested audit procedures to test for compliance with the requirements.
.14
For program-specific audits, the auditor should consult federal grantor agency audit guides to identify general requirements that are statutory and regulatory requirements pertaining to certain federal programs, specific requirements for a particular program, and suggested audit procedures to test for compliance with the requirements.
.15
In addition to those identified in the OMB's Compliance Supplements or federal grantor agency audit guides, specific requirements may also be enumerated in grant agreements or contracts.
.16
Generally, the auditor is required to determine whether the recipient has complied with the general and specific requirements. The form of the report and the required level of assurance to be provided in the report may vary, depending on the requirements of a particular agency or program. For example, if reporting on compliance requirements, the auditor may be required to report findings relating to compliance with those requirements or the auditor may be required to express an opinion on whether the recipient has complied with the requirements applicable to its major fn 13 federal financial assistance programs. fn 14
Evaluating Results of Compliance Audit Procedures on Major Federal Financial Assistance Programs
.17
In evaluating whether an entity has complied with laws and regulations that, if not complied with, could have a material effect on each major federal financial assistance program, the auditor should consider the effect of identified instances of noncompliance on each such program. In doing so, the auditor should consider—
- The frequency of noncompliance identified in the audit.
- The adequacy of a primary recipient's system for monitoring subrecipients and the possible effect on the program of any noncompliance identified by the primary recipient or the auditors of the subrecipients.
- Whether any instances of noncompliance identified in the audit resulted in questioned costs, as discussed below, and, if they did, whether questioned costs are material to the program. fn 15
.18
The criteria for classifying a cost as a questioned cost vary from one federal agency to another. In evaluating the effect of questioned costs on the opinion on compliance, the auditor considers the best estimate of total costs questioned for each major federal financial assistance program (hereafter referred to as likely questioned costs), not just the questioned costs specifically identified (hereafter referred to as known questioned costs). When using audit sampling, as defined in section 350, Audit Sampling, in testing compliance, the auditor should project the amount of known questioned costs identified in the sample to the items in the major federal financial assistance program from which the sample was selected.
.19
Regardless of the auditor's opinion on compliance, federal audit regulations may require him or her to report any instances of noncompliance found and any resulting questioned costs. In reporting instances of noncompliance, the auditor should follow the provisions of Government Auditing Standards. For purposes of reporting questioned costs, the auditor is not required to report likely questioned costs; rather, the auditor should report only known questioned costs.
.20
When evaluating the results of compliance audit procedures on federal financial assistance programs, the auditor also should consider whether identified instances of noncompliance affect his or her opinion on the entity's financial statements (see paragraph .06).
Communications Regarding Applicable Audit Requirements
.21
Management is responsible for obtaining audits that satisfy relevant legal, regulatory, or contractual requirements. Auditors should exercise due professional care in ensuring that they and management understand the type of engagement to be performed. If a proposal, contract, or engagement letter is used, an auditor should consider including in it a statement about the type of engagement and whether the engagement is intended to meet specific audit requirements.
.22
GAAS do not require the auditor to perform procedures beyond those he or she considers necessary to obtain sufficient competent evidential matter to form a basis for the opinion on the financial statements. However, if during a GAAS audit of the financial statements the auditor becomes aware that the entity is subject to an audit requirement that may not be encompassed in the terms of the engagement, the auditor should communicate to management and the audit committee, or to others with equivalent authority and responsibility, that an audit in accordance with GAAS may not satisfy the relevant legal, regulatory, or contractual requirements. fn 16 For example, the auditor will be required to make this communication if an entity engages an auditor to perform an audit of its financial statements in accordance with GAAS and the auditor becomes aware that by law, regulation, or contractual agreement the entity also is required to have an audit performed in accordance with one or more of the following:
- Government Auditing Standards
- The Single Audit Act of 1984 and OMB Circular A-128, Audits of State and Local Governments
- OMB Circular A-133, Audits of Institutions of Higher Education and Other Nonprofit Institutions
- Other compliance audit requirements, such as state or local laws or program-specific audits under federal audit guides
.23
The communication required by paragraph .22 of this section may be oral or written. If the communication is oral, the auditor should document the communication in the working papers. The auditor should consider how the client's actions in response to such communication relate to other aspects of the audit, including the potential effect on the financial statements and on the auditor's report on those financial statements. Specifically, the auditor should consider management's actions (such as not arranging for an audit that meets the applicable requirements) in relation to the guidance in section 317.
Effective Date
.24
The provisions of this section are effective for audits of financial statements and of compliance with laws and regulations for fiscal periods ending after December 31, 1994. Early application of this section is encouraged.
Footnotes (AU Section 801 — Compliance Auditing Considerations in Audits of Governmental Entities and Recipients of Governmental Financial Assistance):
[fn 1] [Footnote deleted to reflect conforming changes necessary due to the issuance of Statement on Standards for Attestation Engagements No. 10.]
fn 2 Guidance for engagements related to management's written assertion about either (a) an entity's compliance with the requirements of specified laws, regulations, rules, or contracts not involving governmental financial assistance, or (b) the effectiveness of an entity's internal control structure over compliance with specified requirements is provided in AT section 601, Compliance Attestation. [Footnote revised, January 2001, to reflect conforming changes necessary due to the issuance of Statement on Standards for Attestation Engagements No. 10.]
fn 3 When engaged to perform an agreed-upon procedures engagement for which the objective is to report in accordance with this section, the auditor may consider the guidance in AT section 201, Agreed-Upon Procedures Engagements. [Footnote added, effective for reports on agreed-upon procedures engagements dated after April 30, 1996, by Statement on Auditing Standards No. 75. Footnote revised, January 2001, to reflect conforming changes necessary due to the issuance of Statement on Standards for Attestation Engagements No. 10.]
fn 4 A single or organization-wide audit is an audit of an entity's financial statements and of compliance with regulations relating to governmental financial assistance. Examples are audits required by the Single Audit Act of 1984 and Office of Management and Budget (OMB) Circular A-128, Audits of State and Local Governments, OMB Circular A-133, Audits of Institutions of Higher Education and Other Nonprofit Institutions, or the Connecticut Single Audit Act. A program-specific audit is an audit of one governmental financial assistance program in accordance with federal or state laws, regulations or audit guides, such as the U.S. Department of Education's Student Financial Assistance Audit Guide, or the U.S. Department of Housing and Urban Development's (HUD's) Consolidated Audit Guide for Audits of HUD Programs, relative to that program. An auditor may also be engaged to test and report on compliance with other federal, state, and local laws and regulations that are beyond the scope of this section. (For additional guidance, see footnote 2.) [Footnote renumbered by the issuance of Statement on Auditing Standards No. 75, September 1995.]
fn 5 Specific guidance is provided in the AICPA Audit and Accounting Guide Audits of State and Local Governmental Units, and in Statement of Position (SOP) 98-3, Audits of States, Local Governments, and Not-for-Profit Organizations Receiving Federal Awards. [Footnote renumbered by the issuance of Statement on Auditing Standards No. 75, September 1995.]
fn 6 In practice, Government Auditing Standards, or the Yellow Book, is sometimes referred to as generally accepted government auditing standards (GAGAS). Government Auditing Standards includes standards for financial and performance audits. The references to Government Auditing Standards in this section encompass only the standards that apply to financial audits, not the performance audit standards. The auditor should be aware that Government Auditing Standards is revised periodically and should ensure that the currently effective version is being followed. [Footnote renumbered by the issuance of Statement on Auditing Standards No. 75, September 1995.]
fn 7 A subrecipient is an entity that receives governmental financial assistance when the assistance is initially received by another entity (the primary recipient) that distributes the assistance for the government program that created and provided the assistance. As used in this section, recipient means either a primary recipient or a subrecipient. [Footnote renumbered by the issuance of Statement on Auditing Standards No. 75, September 1995.]
fn 8 For purposes of this section, financial assistance, as defined by the Single Audit Act of 1984 and OMB Circular A-128, does not include contracts to provide goods or services to a governmental entity or arrangements in which a nongovernmental entity purchases insurance from the government. Federal awards, as defined by OMB Circular A-133, means financial assistance and federal cost-type contracts used to buy services or goods for the use of the federal government. Federal awards do not include procurement contracts to vendors under grants or contracts used to buy goods or services. For example, financial assistance does not include a contract to design and manufacture aircraft for the U.S. Air Force or the purchase of deposit insurance by a financial institution. In addition, although Medicaid funds paid by the federal government to states constitute financial assistance, most Medicaid arrangements between the states and health-care providers are contracts for services that are not considered to be financial assistance. [Footnote renumbered by the issuance of Statement on Auditing Standards No. 75, September 1995.]
fn 9 Some states have adopted regulations that require local governments within the states to have their audits conducted in accordance with Government Auditing Standards. In addition, some states require that recipients of state financial assistance be audited in accordance with Government Auditing Standards. [Footnote renumbered by the issuance of Statement on Auditing Standards No. 75, September 1995.]
[fn 10] [Footnote renumbered by the issuance of Statement on Auditing Standards No. 75, September 1995. Footnote deleted to reflect conforming changes necessary due to the issuance of Statement on Auditing Standards No. 85.]
fn 11 Such requirements may be set out in an engagement letter or audit contract. In some instances, a written engagement letter is required by the federal grantor agency. [Footnote renumbered by the issuance of Statement on Auditing Standards No. 75, September 1995.]
fn 12 General requirements also may be referred to as common requirements. Detailed guidance on evaluating the results of testing general requirements can be found in the AICPA Audit and Accounting Guide Audits of State and Local Governmental Units, and in SOP 92-9, [Footnote renumbered by the issuance of Statement on Auditing Standards No. 75, September 1995.]
fn 13 A major federal financial assistance program is defined by a federal regulation or law or by the federal grantor agency's audit guide. [Footnote renumbered by the issuance of Statement on Auditing Standards No. 75, September 1995.]
fn 14 Detailed testing and reporting guidance on single or organization-wide audits and program-specific audits is provided in the AICPA Audit and Accounting Guide Audits of State and Local Governmental Units and in SOP 92-9. [Footnote renumbered by the issuance of Statement on Auditing Standards No. 75, September 1995.]
fn 15 In auditing compliance with requirements governing major federal financial assistance programs, the auditor's consideration of materiality differs from that in an audit of the financial statements in accordance with GAAS. [Footnote renumbered by the issuance of Statement on Auditing Standards No. 75, September 1995.]
fn 16 For entities that do not have an audit committee, "others with equivalent authority or responsibility" may include the board of directors, the board of trustees, the owner in owner-managed entities, the city council, or the legislative standing committee. [Footnote renumbered by the issuance of Statement on Auditing Standards No. 75, September 1995.]