This is the accessible text file for GAO report number GAO-08-586G entitled 'Financial Audit Manual: Volume 2: June 2008' which was released on July 28, 2008. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Financial Audit Manual: Volume 2: July 2008: United States Government Accountability Office: GAO-08-586G: July 2008: To Audit Officials, Agency Cfos, And Others Interested In Federal Financial Auditing And Reporting: This letter transmits the revised Financial Audit Manual (FAM) Volume 2 of the Government Accountability Office (GAO) and the President’s Council on Integrity and Efficiency (PCIE). GAO and the PCIE issued the joint FAM in July 2001. The FAM presents a methodology to perform financial statement audits of federal entities in accordance with professional standards. We have updated the FAM for significant changes that have occurred in auditing financial statements in the U.S. government since the last major revisions to the FAM were issued in July 2004. To help the FAM continue to meet the needs of the federal audit community and the public it serves, GAO and the PCIE created a joint FAM Working Group. The Group is comprised of auditors from GAO and several Offices of the Inspectors General experienced in conducting audits of federal entity financial statements. Through a collaborative effort, the FAM Working Group prepared a revised FAM Volume 2 that contains audit tools. A revised FAM Volume 1 that contains the audit methodology is being issued separately. FAM Volume 3, which contains checklists for Federal Accounting (FAM 2010) and Federal Reporting and Disclosures (FAM 2020), was issued on August 28, 2007 (GAO-07-1173G). On October 5, 2007, we issued exposure drafts of FAM Volumes 1 and 2 for an extended public comment period that ended on January 31, 2008. We received 15 letters of comment which have been considered in this issued version of FAM Volume 2, as well as FAM Volume 1. The revisions to the FAM are primarily due to changes in (1) professional auditing and attestation standards of the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA); (2) Government Auditing Standards issued by GAO; (3) audit and reporting guidance issued by the Office of Management and Budget (OMB); (4) accounting standards issued by the Federal Accounting Standards Advisory Board (FASAB); and (5) laws. Summary of Major Revisions and Improvements for FAM Volume 2: FAM Volume 2 incorporates changes based on (1) AICPA Statement of Auditing Standards (SAS) No. 100 through 114, which include the audit risk standards (SAS Nos. 104 through 111); (2) Government Auditing Standards (July 2007 Revision); (3) audit guidance in OMB Bulletin No. 07-04, Audit Requirements for Federal Financial Statements (September 4, 2007); and (4) financial reporting guidance in revised OMB Circular No. A-136, Financial Reporting Requirements (June 29, 2007). FAM Volume 2 also includes the effects on financial audits of FASAB accounting concepts and standards issued through May 31, 2007. This includes accounting, reporting, and disclosure requirements for social insurance, heritage assets and stewardship land, and earmarked funds. Finally, throughout the updated FAM Volume 2, revisions were made for new terminology, changes in the federal audit environment, and effects of applicable laws. A table of major changes to FAM Volume 2 is presented in attachment 1 to this letter. This FAM Volume 2 supersedes previously issued versions of FAM Volume 2 through July 2004 and can be used to audit federal entity financial statements for the fiscal year ended September 30, 2008. Should you need additional information, please contact us at fam@gao.gov or call GAO’s Financial Management and Assurance Assistant Directors Roger Stoltz, at (202) 512-9408; or Janet Krell, at (202) 512- 4716; Director Steve Sebastian at (202) 512-9521; or PCIE FAM Working Group Leaders Alex Biggs, at (202) 693-5258; or Joel Grover, at (202) 927-5768. Other GAO FAM Project Team and PCIE FAM Working Group members are presented in attachment 2 of this letter. Sincerely yours, /Signed/: McCoy Williams: Managing Director: Financial Management and Assurance: The Honorable Jon T. Rymer: Chairman, Audit Committee: President’s Council on Integrity U.S. Government Accountability Office and Efficiency: Attachments and enclosures: Attachment I: Table of Major Changes to FAM Volume 2: FAM section: Various; Major change: SAS references, particularly the audit risk standards (SAS No.104 through No. 111) have been codified in the appropriate AU section. FAM section: 650; Major change: Some clarifications and new terminology throughout were added for using the work of others. FAM section: 701A; Major change: Consistent with OMB audit guidance, performance measures are excluded from internal control definitions effective starting in fiscal year 2008 at FAM 701 A-8, II H. FAM section: 802; Major change: The general compliance checklist in FAM 802.06 lists five general laws for compliance consistent with OMB audit guidance while four other laws commonly assessed by auditors are now presented in FAM 802.07. FAM section: 803; Major change: New audit procedures for checking on Antideficiency Act violations were added at FAM 803-6, steps 7 and 8. FAM section: 902; Major change: Auditing related parties and intragovernmental activity and balances have been revised to be consistent with OMB auditing guidance. FAM section: 903; Major change: The discussion of full costing per SFFAS No. 30 was expanded at FAM 903.02. FAM section: 921; Major change: Treasury’s development and implementation of a new Government Wide Accounting (GWA) system that will have a significant impact on auditing Fund Balance with Treasury (FBWT) is discussed at FAM 921.11-.12. Treasury’s plan to discontinue use of certain suspense accounts is discussed at FAM 921.13. Because these changes are to occur over several years, auditors should reevaluate their FBWT audit procedures, some examples of which are now presented in FAM 921.17-.22. FAM section: 921A; Major change: Treasury processes and reports are being substantially revised as a result of the implementation of the GWA system and other changes. FAM section: 921D; Major change: The audit program was eliminated. FAM section: 931; Major change: This new section provides guidance on auditing heritage assets and stewardship land as a result of SFFAS No. 29. FAM section: 941; Major change: This new section provides guidance on auditing the Statement of Social Insurance as a result of SFFAS Nos. 17, 25, 26, and 28. FAM section: 1001; Major change: This section on management representation letters has been revised to be consistent with changes in professional standards. The effect of a change in management on representation letters was added at FAM 1001.19. FAM section: 1001A; Major change: The example management representation letter was changed to group representations by category (financial statements, internal control, fraud, etc.) Representations were added for Antideficency Act violations at FAM 1001 A.27, Statement of Social Insurance at FAM 1001 A.28-.36, consistency of budget information required by OMB audit guidance at FAM 1001 A.37, and earmarked funds at FAM 1001 A.38. “Government-wide polices” was deleted at FAM 1001 A.13 b. FAM section: 1002; Major change: A table for analyzing contingent losses was added to FAM 1002.06 and a new FAM 1002.12 was added for certain legal claims where no monetary damages are being sought. FAM 1002.16 expanded the discussion and timing of interim and final legal letters. FAM section: 1003; Major change: The audit completion checklist was revised to be consistent with new professional standards and the revised FAM. [End of table] Attachment 2: GAO FAM Project Team: McCoy Williams, Managing Director: Steven J. Sebastian, Director: Robert F. Dacey, Chief Accountant: Abraham D. Akresh, Senior Level Expert for Auditing Standards: Roger R. Stoltz, Assistant Director: Janet M. Krell, Assistant Director: Corinne P. Robertson, Senior Auditor and Project Manager: William E. Boutboul, Project Manager: Charles R. Fox, Project Manager: Suzanne Murphy, Project Manager: Vera M. Seekins, Senior Auditor: Sharon O. Byrd, Audit Sampling Specialist: Francis L. Dymond, Assistant General Counsel: Jacquelyn N. Hamilton, Deputy Assistant General Counsel: PCIE FAM Working Group Members: The Honorable John P. Higgins, Jr., Chairman, Audit Committee, PCIE: Alex Biggs, PCIE Working Group Leader, Office of Inspector General, U.S. Department of Labor: Joel Grover, PCIE Working Group Leader, Office of Inspector General, U.S. Department of Treasury: Debra Alford, Office of Inspector General, U.S. Department of Defense: Morgan Aronson, Office of Inspector General, U.S. Department of Interior: Ade Bankole, Office of Inspector General, U.S. Department of Treasury: Susan Barron, Office of Inspector General, U.S. Department of Treasury: Paul Curtis, Office of Inspector General, Environmental Protection Agency: Mary Harmison, Office of Inspector General, Federal Trade Commission: Mark L. Hayes, Office of Inspector General, U.S. Department of Justice: David S. Laun, Office of Inspector General, U.S. Department of Justice: Marie Maguire, Office of Inspector General, National Science Foundation: Kelly A. McFadden, Office of Inspector General, U.S. Department of Justice: Joon Park, Office of Inspector General, U.S. Department of Labor: Kieu Rubb, Office of Inspector General, U.S. Department of Treasury: Gregory Spencer, Office of Inspector General, U.S. Department of Education: Contents-FAM Volume 2-Tools: Planning And General: Introduction to FAM Volume 2 – Tools: Using the Work of Others: Summary of Audit Procedures and Documentation for Review of Other Auditors’ Work: Example Audit Procedures for Using the Work of Others: Example Reports When Using the Work of Others: Agreed-Upon Procedures: Example Agreed-Upon Procedures Engagement Letter: Example Representation Letter from Responsible Entity on Agreed-Upon Procedures Engagement: Agreed- Upon Procedures Engagement Completion Checklist: Example Agreed-Upon Procedures Report: Internal Control (See also FAM 900): Assessing Agency Systems with the Federal Financial Management Improvement Act (FFMIA): Example Audit Procedures for Testing Systems Compliance with FFMIA: Summary Schedule of Instances of Systems Noncompliance with FFMIA: Compliance: General Compliance Checklist: Antideficiency Act: Federal Credit Reform Act of 1990: Provisions Governing Claims of the U.S. Government (31 U.S.C. 3711- 3720E) (Including the Debt Collection Improvement Act of 1996) (DCIA): Prompt Payment Act: Pay and Allowance System for Civilian Employees, as Provided Primarily in Chapters 51-59 of Title 5, U.S. Code: Civil Service Retirement Act, 5 U.S.C. Chapter 83: Federal Employees Health Benefits Act, 5 U.S.C. Chapter 89: Federal Employees’ Compensation Act (FECA), 5 U.S.C. Chapter 81: Federal Employees’ Retirement System Act of 1986 (FERS), 5 U.S.C.: Chapter 84: Substantive Testing: Related Parties, Including Intragovernmental Activity and Balances: Example Account Risk Analysis for Intragovernmental Activity and Balances: Example Specific Control Evaluation for Intragovernmental Accounts: Example Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: Auditing Cost Information: Auditing Fund Balance with Treasury (FBWT): Treasury Processes and Reports Related to FBWT Reconciliation: Example Account Risk Analysis for Fund Balance with Treasury: Example Specific Control Evaluation for Fund Balance with Treasury: Auditing Heritage Assets and Stewardship Land: Auditing the Statement of Social Insurance: Reporting: Management Representations: A Example Management Representation Letter: Inquiries of Legal Counsel: Example Audit Procedures for Inquiries of Legal Counsel: Example Legal Letter Request: Example Legal Representation Letter: Example Management Summary Schedule: Financial Statement Audit Completion Checklist: Subsequent Events Review: Section 600: Planning and General: 601 – Introduction to FAM Volume 2 – Tools: .01: Volume 2 of the GAO/PCIE Financial Audit Manual (FAM) consists of tools to assist the auditorp[Footnote 1] in performing a financial statement audit of a federal entity. These tools are generally organized according to the phases of the audit and are presented in * FAM 600, the planning phase and general issues; * FAM 700, the internal control phase; * FAM 800, compliance; * FAM 900, substantive testing; and * FAM 1000, the reporting phase. .02: Many of the tools in the various FAM sections include activities that would be performed during other phases of the audit. Thus, the auditor may refer to the FAM sections in volume 2 early in the audit. For example, FAM 701, Assessing Compliance of Agency Systems with the Federal Financial Management Improvement Act, includes procedures that would be performed throughout the audit, not just during the internal control phase, although many of them would be performed then. Also, FAM 902, Related Parties, Including Intragovernmental Activity and Balances, has procedures that the auditor may decide to perform in the planning and internal control phases of the audit as well as during the testing phase. .03: The audit procedures presented in the examples in this and other FAM sections of volume 2 are examples of some of the audit steps typically performed in each area. They are used in conjunction with the appropriate FAM sections. In using these procedures, the auditor uses professional judgment to add additional procedures, delete irrelevant procedures, modify procedures, indicate the extent and timing of procedures, and change the terminology to that used by the federal entity to be audited. The auditor may integrate these steps with the audit programs for related line items. For example, tests of intragovernmental activity and balances in FAM 902 may be integrated with tests of accounts receivable and payable, and, to improve effectiveness, the auditor may coordinate those tests with related nonintragovernmental activity and balances. 650 - Using the Work of Others: .01: In many financial statement audits, the auditor uses the work and reports of other auditors and specialists that may include CPA firms, inspectors general[Footnote 2] (IG), state auditors, and internal auditors. Specialists include actuaries and information systems (IS) personnel. The auditor may contract with a CPA firm to perform parts of an audit, or to perform the entire audit. The auditor expressing the opinion on the financial statements is usually “the principal auditor” as defined by AU 543.02, but this is a matter of professional judgment. .02: FAM 650 provides guidance to auditors on designing and performing oversight and other procedures when using the work of other auditors and specialists. Various professional standards also provide guidance in this area. These standards include AU 543, “Part of Audit Performed by Other Independent Auditors;” AU 322, “The Auditor’s Consideration of the Internal Audit Function in an Audit of Financial Statements;” AU 336, “Using the Work of a Specialist;”[Footnote 3] and AU 315 “Communications Between Predecessor and Successor Auditors.” These standards have different requirements depending on whether the auditor is using the work of an independent auditor, an internal auditor, or a specialist. .03: In the federal environment, the auditor may use the work of other auditors and specialists in various situations. For example: * Audits of federal entity financial statements, either consolidated or individual bureaus, agencies, funds, or other components, by IGs or CPA firms in accordance with GAGAS (which includes U.S. GAAS) and OMB audit guidance. * CPA firms, IGs, or specialists engaged to do parts of an audit (for example, review information system (IS) controls, review actuarial calculations, or test specific accounts). * Reports on the processing of transactions by service organizations (i.e. SAS No. 70 reviews under AU 324). * Single audits or audits of federal funds provided to units of state and local governments performed by state auditors and CPA firms. * Work performed by internal audit functions (or equivalent, such as a program review office or those performing A-123 internal control reviews). * Work performed by internal audit staff who provide direct assistance to the auditor. .04: AU 543.13 states that in some circumstances the auditor may find it appropriate to participate in discussions regarding the accounts with management personnel of the component whose financial statements are being audited by other auditors and/or to make supplemental tests of such accounts. The determination of the extent of additional procedures, if any, to be applied rests with the principal auditor alone in the exercise of professional judgment and in no way constitutes a reflection on the adequacy of the other auditor’s work. An auditor transmitting the other auditor’s opinion is not a principal auditor; neither is the auditor expressing negative assurance on the other auditor’s work. However, if the auditor assumes responsibility for the opinion on the financial statements on which the auditor reports without making reference to the audit performed by the other auditor, the auditor taking responsibility should determine the extent of procedures to be undertaken. .05: FAM 650 provides guidance in making the judgments necessary for the auditor to use the work of others, including the: * type of reporting (FAM 650.09-.10); * evaluation of the other auditors’ or specialists’ independence and objectivity (FAM 650.11-.24); * evaluation of the other auditors’ or specialists’ qualifications (FAM 650.25-.35); and: * determination by the auditor on the level of review (FAM 650.36-.42 and: FAM 650 A). .06: The auditor should coordinate with the other auditor whose work is to be used. In turn, the other auditor should determine the needs of the auditor who plans to use the work being performed so that the professional judgments exercised by both auditors can satisfy the needs of both. This is best done before major work is started. For example, auditors of a consolidated entity (such as the U.S. government or an entire department or federal entity) are likely to plan to use the work of other auditors of subsidiary entities (such as individual departments, agencies, bureaus, funds, or other components). This coordination can result in more efficient and effective government audits and avoid duplication of effort. In addition, both auditors should coordinate throughout the audit so that the timing needs of the auditor and the other auditor are met. The auditor should provide instructions on audit procedures to be performed, materiality considerations, reporting format, and any other information deemed appropriate. The other auditor should perform the requested procedures in accordance with these instructions and report the findings solely for use by the auditor (AU 9543.03). The other auditor should also provide full and timely access to appropriate individuals and audit documentation for review by the auditor (GAGAS par. 4.23). This may occur on an ongoing basis during the audit, although this work may not be completely reviewed. .07: In this coordination, the auditor should inform other auditors on how their work and report will be used. AU 543.07 indicates that if the auditor’s report will name the other auditor, the principal auditor should obtain permission to do so and should present the other auditor’s report together with its report. For CPA firms, this permission may be obtained as part of the contracting process. As a professional courtesy, the auditor generally should also provide other auditors with a draft of its report to avoid surprises before final issuance. .08: When there is a difference of opinion, the auditor should confer with the other auditor in an attempt to reach an agreement as to the procedures that would be necessary to satisfy both auditors’ professional judgments. If both auditors are unable to reach agreement, see FAM 650.54-.56. FAM 650 B contains example audit procedures for using the work of others, which depend on the professional judgments made. Types of Reporting: .09: There are various types of reporting when using the work of other auditors and specialists. The type of reporting depends on the degree of responsibility the auditor accepts and the work the other auditors and specialists will perform. Factors for the auditor to evaluate in deciding which type of reporting to use include the degree of assurance to provide, legal requirements, and cost-benefit considerations. The amount of resources required varies by type of report and generally increases in the order presented below. The auditor generally should decide the type of reporting in planning the engagement. The auditor generally should discuss the type of reporting with the other auditors or specialists early in the audit. The auditor exercises professional judgment in making these decisions and should document the basis for the decisions. AU 504.03 indicates that an auditor is associated with financial statements when the auditor has consented to the use of its name in a report, document, or written communication containing the financial statements. The type of reporting will depend on the auditor’s association with the report: a. No association with report. In this situation, the other auditors or specialists provide the report directly to the audited entity and/or to significant users. The auditor may use this method when procuring the audit but not acting as “the auditor.” Examples are when there is no legal requirement for a separate audit report, or the user does not need a separate audit report, or a separate audit report would provide no additional information. When the auditor is required by law to perform the audit, the auditor should not use this option as the auditor is associated with the report. b. Association with report. In this situation, there are two possible types of transmittal letters: one expressing no assurance and one expressing negative assurance on the other auditors’ work. For either type, the auditor is associated with the financial statements as described in AU 504. The fourth standard of reporting was amended by SAS No. 113 in AU 150.02 to state “In all cases where an auditor’s name is associated with financial statements, the auditor should clearly indicate the character of the auditor’s work, if any, and the degree of responsibility the auditor is taking, in the auditor’s report.” Because the auditor did not perform the audit, the auditor should disclaim an opinion and should not express its concurrence with the other auditors’ opinion. The auditor may use this approach when the auditor did not perform the audit but wants to issue a report or letter. The auditor may also expand the letter to highlight certain findings or information or to indicate that certain procedures were performed. See example 1 of FAM 650 C for wording for both types of transmittal letters which: * Express no assurance. For this letter, the auditor issues a transmittal letter without reviewing the other auditors’ audit documentation. In these situations, the transmittal should be clear as to the limitations of the work of the auditor who generally has the responsibility to monitor audit contracts, as applicable, to meet the requirements of statutory audit provisions, such as in the IG Act, CFO Act, or Accountability of Tax Dollars Act of 2002. * Express negative assurance. This letter indicates that the auditor reviewed the other auditors’ or specialists’ report and related audit documentation, inquired of their representatives, and found no instances where the other auditors did not comply, in all material respects, with U.S. GAAS or GAGAS. c. The auditor issues a report that refers to other auditors’ reports and indicates a division of responsibilities. To use this approach, the auditor has two decisions to make: (1) whether the auditor may serve as the principal auditor (AU 543.01-.03) and (2) whether the auditor will refer to the work of the other auditors (AU 543.01-.10). For audits of federal entities, auditors may be designated by law.[Footnote 4] The auditor exercises professional judgment in making these decisions and should document the basis for the decisions. One consideration in deciding whether the auditor is the principal auditor is sufficient knowledge of the entire entity, including portions audited by other auditors. Another consideration is the materiality and importance of the consolidated assets, liabilities, expenses, revenues, or net position the auditor has not audited. The auditor may issue a report that refers to other auditors when (1) the other auditors have reported on financial statements for a component entity that is part of the entity whose financial statements the principal auditor is reporting on and (2) the principal auditor does not wish to take responsibility for the other auditors’ work. (See AU 543.09 for example wording.) This approach may be used only for CPA firms or for other auditors that are organizationally independent (see FAM 650.14) and should not be used for internal auditors or specialists. However, a reader of the report could question the basis for the principal auditor issuing the opinion because of the significant materiality and importance of the portion of the financial statements audited by the other auditors. In this case, the principal auditor should determine whether there is a need to issue a report that does not mention the other auditors’ work, which may require additional work (see FAM 650.09 e). d. The auditor issues a report that expresses concurrence with the other auditors’ report and conclusions. The auditor may use this approach when other auditors have reported on financial statements and the principal auditor needs or wants to provide more assurance than what is provided in the transmittal letter. For example, a certain audit may be required by law, in which the auditor, although allowed to hire other auditors to do the work, is required to give its opinion. In the absence of such a requirement, a report expressing concurrence is generally not cost-effective because of the resources required. Expressing concurrence means that the auditor would have reached the same opinion or conclusion had it done the audit. Therefore, the auditor should do the same level of work it would have done to take responsibility for the other auditor’s work. In this instance both the other auditor and the auditor that expresses concurrence are principal auditors because both have sufficient knowledge of the overall financial statements and the important issues, and the concurring auditor, by reason of the level of work done, has also audited the financial statements. The auditor usually accomplishes this by reviewing the audit documentation of the other auditor, having discussions with entity management, and/or performing supplemental tests, (see example 2 in FAM 650 C for report wording). This approach may be used only for CPA firms or for other auditors who are organizationally independent (see FAM 650.14). The auditor should not use this report for specialists, since AU 336.15 prohibits reference to a specialist’s report unless the auditor issues a qualified or adverse opinion or a disclaimer of opinion based on the specialist’s work. The auditor also should not use this approach for internal auditors. AU 322.19 states that the responsibility to report on the financial statements rests with the auditor and cannot be shared with internal auditors.[Footnote 5] e. The auditor issues a report that does not mention the other auditors’ or specialists’ work. In this situation, the auditor issues the example report in FAM 595 A and/or FAM 595 B (as if no other auditors or specialists were involved). This means the auditor takes responsibility for the other auditors’ or specialists’ work. (See FAM 650.09 c for a discussion of principal auditor issues.) The auditor may use this approach when the other auditors have done part of the audit. (This approach also may be used when the other auditors have done substantially the entire audit.) For example, a number of other auditors may have audited individual components of an entity and the auditor may audit the consolidation process. The auditor may use this approach if the auditor has sufficient knowledge of the entire entity and does additional work (see FAM 650.10). The auditor generally should accomplish this by reviewing the audit documentation, having discussions with entity management, and/or performing supplemental tests. The auditor also should use this approach when using the work of specialists and internal auditors because professional standards do not permit referring to specialists’ or internal auditors’ work (unless, for specialists, the auditor issues a qualified or adverse opinion or a disclaimer of opinion based on the specialists’ work). GAO uses this approach in the audit of the consolidated financial statements of the U.S. government. .10: Table 650.1 presents an overview of the work the auditor generally shouldperform for each type of report or letter. “Yes” means that the auditor should perform some of that category of work. “No” means that the auditor need not perform that category of work. The extent of work in each category depends on the auditor’s professional judgment. See FAM 650.36 for discussion on the level of review. Table 650-1: Overview of Work Performed for Each Type of Reporting: Type of reporting: No association with report (FAM 650.09 a); Evaluate the other auditors' independence and objectivity (FAM 650.22- .24): No[A]; Evaluate the other auditors' qualifications (FAM 650.25-.35): No; Level of review (FAM 650.36-.42): None; Hold discussions and/or perform supplemental tests (FAM 650.43-.47): No. Type of reporting: Auditor transmittal letter expresses no assurance (FAM 650.09 b, first bullet); Evaluate the other auditors' independence and objectivity (FAM 650.22- .24): Yes; Evaluate the other auditors' qualifications (FAM 650.25-.35): Yes; Level of review (FAM 650.36-.42): Low or none; Hold discussions and/or perform supplemental tests (FAM 650.43-.47): No. Type of reporting: Auditor transmittal letter expresses negative assurance (FAM 650.09 b, second bullet); Evaluate the other auditors' independence and objectivity (FAM 650.22- .24): Yes; Evaluate the other auditors' qualifications (FAM 650.25-.35): Yes; Level of review (FAM 650.36-.42): Moderate or low; Hold discussions and/or perform supplemental tests (FAM 650.43-.47): No. Type of reporting: Report refers to the other auditors’ report and indicates a division of responsibilities (FAM 650.09 c); Evaluate the other auditors' independence and objectivity (FAM 650.22- .24): Yes; Evaluate the other auditors' qualifications (FAM 650.25-.35): Yes; Level of review (FAM 650.36-.42): Low or none; Hold discussions and/or perform supplemental tests (FAM 650.43-.47): No. Type of reporting: Report concurs with the other auditors’ report or does not mention the other auditors’ work (FAM 650.09 d and e); Evaluate the other auditors' independence and objectivity (FAM 650.22- .24): Yes; Evaluate the other auditors' qualifications (FAM 650.25-.35): Yes; Level of review (FAM 650.36-.42): High, moderate, or low; Hold discussions and/or perform supplemental tests (FAM 650.43-.47): Yes for internal auditors’ work (should include supplemental tests); yes for auditors’ work for high level of review; no for auditor’s work for moderate or low level of review. [End of table] Evaluating the Other Auditors’ or Specialists’ Independence and Objectivity: .11: Unless the auditor has no association with the report, the auditor should evaluate the other auditors’ or specialists’ independence and objectivity. Where the auditor has previously used the work of the same other auditor, the auditor generally should update the previous evaluation. Under GAGAS, chapter 3, audit organizations and individual auditors should be free both in fact and appearance from personal, external, and organizational impairments to independence. The auditor should first evaluate organizational independence. Different standards apply to CPA firms, other organizationally independent auditors, internal auditors, and specialists. .12: For CPA firms and specialists, the auditor may use a contracting process that is part of its organization or a procurement function within the entity to be audited. The auditor should determine whether the firm selected represented [in the statement of work (SOW) or request for proposal (RFP)] that it (and the assigned engagement team) * is independent and objective with respect to the audited entity; * will remain independent throughout the audit; * will disclose any independence issues discovered; and * will immediately notify the COTR if it considers submitting a proposal on any contracts involving the audited entity to permit evaluation of whether its auditors’ independence could be impaired. Firms should be asked to describe in their proposals all work, including nonaudit services, they have done for the audited entity in the last several years. See GAGAS, chapter 3, and Government Auditing Standards: Answers to Independence Questions (GAO-02-870G, July 2002). The auditor generally should determine whether the SOW or RFP indicate that “The government will determine whether a firm is independent for the purpose of performing an audit of financial statements of the federal entity.” This avoids a potential dispute where, for example, the firm does substantial nonaudit work for the entity to be audited that the auditor views as a conflict. The technical evaluation panel should evaluate whether the nature and extent of nonaudit services or other factors causes an independence or objectivity issue, either in fact or in appearance. In this evaluation, the panel generally should determine whether (1) the other auditors will need to audit their own work or (2) whether the other auditors made management decisions or performed management functions. .13: The auditor generally should have a role in contracting for the CPA firm or specialist.[Footnote 6] When the auditor does not participate in contracting for the CPA firm or specialist, the auditor generally should obtain an overview of the contracting process, including: * reading the SOW or RFP; * reviewing the proposal of the firm selected; and: * understanding the evaluations of the panel selecting the firm. The auditor should determine whether the firm provided a representation as to independence and objectivity (usually in its proposal). If the firm has not provided a representation as to independence and objectivity, the auditor should obtain a representation from the firm. If the auditor is not familiar with the firm, the auditor should inquire of professional organizations, such as the AICPA or the Public Company Accounting Oversight Board (PCAOB), as to the firm’s professional reputation and standing. .14: For government auditors, the auditor should decide whether the other auditor is organizationally independent to report externally or whether to consider it as an internal audit organization. The auditor may refer to the work of organizationally independent government auditors but should not refer to the work of internal audit organizations in the audit report. The auditor generally should perform more extensive review and supervision when dealing with internal auditors. The auditor should obtain written representations from appropriate officials[Footnote 7] of the government audit organization that to the best of their knowledge, the organization and the individual auditors doing the work are independent of the entity being audited. This means that the individual auditors are free of personal impairments to independence and maintain an independent attitude and appearance. It also means that the auditor is free from external impairments and is organizationally independent (see GAGAS, chapter 3). The representation letter may indicate the general criteria for determining independence, such as “under the criteria in GAGAS.” The auditor should obtain representations for the period of the financial statements to the date of the other auditors’ report. Since the auditor decides on the independence and objectivity of the other auditors to plan its work, the auditor generally should obtain oral representations early in the audit and written representations at the end of the audit. .15: Government auditors may be presumed to be free from organizational impairments to independence when reporting externally to third parties ifthey are organizationally independent of the audited entity. Government auditors may meet the requirement for organizational independence in a number of ways. There is a presumption that a government auditor is organizationally independent (GAGAS, chapter 3) if the auditor is assigned to: a. a level of government other than the one to which the audited entity is assigned (federal, state, or local), for example, a federal auditor auditing a state government program; or: b. a different branch of government within the same level of government as the audited entity, for example, a legislative auditor auditing an executive branch program. .16: There is also a presumption of organizational independence if the head of the government audit organization (GAGAS, chapter 3) meets one of the following criteria: a. directly elected by voters of the jurisdiction being audited; b. elected or appointed by a legislative body, subject to removal by a legislative body, and reports the results of audits to and is accountable to a legislative body; c. appointed by someone other than a legislative body, so long as the appointment is confirmed by a legislative body and removal from the position is subject to oversight or approval by a legislative body, and reports the results of audits to and is accountable to a legislative body; or: d. appointed by, accountable to, reports to, and can only be removed by a statutorily created governing body, the majority of whose members are independently elected or appointed and come from outside the organization being audited. .17: If the other auditor or its head meets one of the above criteria, the auditor need not perform any procedures concerning organizational independence other than to obtain a representation letter from an appropriate official of the government audit organization as noted in FAM 650.14 (see FAM 650.23 for tests of personal independence). However, if the auditor encounters evidence that the other auditor might not be organizationally independent, the auditor should determine the need for inquiries and other procedures, and then evaluate the results of these procedures. .18: In addition to the presumptive criteria, GAGAS recognizes that there may be other organizational structures under which a government audit organization could be free from organizational impairments. The auditor should determine whether these other structures provide sufficient safeguards to prevent the audited entity from interfering with the government auditor’s ability to perform the work and report the results impartially. For the auditor to determine that the government audit organization is free from organizational impairments to report externally under a structure different from the ones listed above, the government auditor (GAGAS, chapter 3) should have all of the following safeguards: a. statutory protections that prevent the audited entity from abolishing the government audit organization; b. statutory protections that require that if the head of the government audit organization is removed from office, the head of the federal entity report this fact and the reasons for the removal to the legislative body; c. statutory protections that prevent the audited entity from interfering with the initiation, scope, timing, and completion of any audit; d. statutory protections that prevent the audited entity from interfering with the reporting on any audit, including the findings and conclusions, or the manner, means, or timing of the government audit organization’s reports; e. statutory protections that require the government audit organization to report to a legislative body or other independent governing body on a recurring basis; f. statutory protections that give the government audit organization sole authority over the selection, retention, and dismissal of its staff; and: g. statutory access to records and documents related to the federal entity, program, or function being audited, and access to government officials or other individuals as needed to conduct the audit. .19: If the auditor concludes that the government audit organization has all the safeguards listed in FAM 650.18, the auditor may determine that the governmental auditor is free from organizational impairments to independence when reporting externally. The auditor should document the statutory provisions in place that provide these safeguards. .20: When using the work of other government auditors that meet these requirements, the auditor should request a representation letter (see FAM 650.14) from an appropriate official of the government audit organization. The auditor should review this document and as necessary discuss it with appropriate officials of the government audit organization, the external quality assurance reviewer, legal counsel for the government audit organization, and the auditor’s legal counsel. .21: If the auditor decides that the government audit organization is not organizationally independent to report externally (either because it does not meet the criteria in GAGAS or for another reason), the auditor should determine whether the other auditor is organizationally independent to report internally. Such auditors are internal auditors. The Institute of Internal Auditors’ (IIA), International Standards for the Professional Practice of Internal Auditing defines internal auditing as “an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.” GAGAS contain guidance on organizational independence for government internal auditors. For example, internal auditors should be outside the staff or line management function of the unit under audit. They should report their results and be accountable to the head or deputy of their federal entity. IIA standards require internal auditors to be objective for the activities they audit. These GAGAS and IIA standards of independence for internal auditors differ from independence under the AICPA Code of Professional Conduct or independence for external auditors under GAGAS. The auditor generally should determine whether the internal auditors whose work is to be used are independent of the activities they audit. The auditor also should determine the organizational status of the head of the audit organization. For the audit organization to be considered free from organizational impairments to report internally to management, the head of the audit organization (GAGAS, chapter 3) should meet all criteria: a. is accountable to the head or deputy head of the government entity, or those charged with governance; b. is required to report the results of the audit organization’s work to the head or deputy head of the government entity and those charged with governance; c. is located organizationally outside the staff or line management function of the unit under audit; d. has access to those charged with governance; and: e. is sufficiently removed from political pressures to conduct audits and report findings, opinions, and conclusions objectively without fear of political reprisal. .22: If the auditor concludes that the internal auditors are not independent under GAGAS and IIA standards, the auditor should treat the work as if the audited entity prepared it. If the auditor concludes that the internal auditors are independent under GAGAS and IIA standards, the auditor may use their work to the extent permitted by AU 322. In either case, the auditor should not issue a report referring to or concurring with the work of internal auditors. .23: In addition to evaluating the other auditors’ organizational independence, the auditor should evaluate whether the audit team has any personal impairments. For both internal auditors and rganizationally independent government audit organizations, the auditor generally should ask how the other auditors monitor the personal independence of individual staff members, especially those doing the work the auditor would like to use. .24: The auditor should document the work performed and the conclusions reached as to independence and objectivity. The documentation should indicate the auditor’s conclusion as to whether the other auditors are independent and objective and the basis for that conclusion. The auditor should consult with the reviewer if there are questions about the other auditors’ independence or objectivity. Evaluating Other Auditors’ or Specialists’ Qualifications: .25: After evaluating the other auditors’ or specialists’ independence and objectivity, the auditor should evaluate their qualifications to perform the specific tasks required. This involves evaluating the qualifications of the firm or audit organization and evaluating the qualifications of the specific audit team. Where the auditor has previously used the work of the same other auditors, the auditor generally should update the previous evaluation. .26: For CPA firms and specialists, the auditor generally should evaluate qualifications through the contracting process, usually by using a technical evaluation panel to select a qualified firm. A firm submits résumés for its audit team members, demonstrates why its team is qualified to do the work, and submits its plan for doing the audit. Each CPA firm should submit its latest peer review report, letter of comments, and response to the peer review report. The firm should also agree to submit updated peer review reports during the period of the contract. If the peer review report was issued more than three years earlier, the evaluation panel may obtain documentation relating to the internal quality control policies and procedures of the selected firm, or read the firm’s inspection report and response.[Footnote 8] A CPA firm may also be asked to submit its latest public inspection report prepared by the PCAOB, but these reports pertain to audits of publicly traded companies and related quality controls. However, to the extent they raise issues about quality controls or methodology, they may be applicable to audits of federal entities.[Footnote 9] .27: Where the auditor did not participate in the contracting process, the auditor should determine how the qualifications of a firm were evaluated. For example, did the technical evaluation panel review: * Résumés of the team members? * The audit approach? * The peer review report and related letter of comments (if any)? * The firm’s response to the peer review report? The auditor should read these documents and reach a conclusion as to qualifications. .28: For auditors other than CPA firms, the auditor should ask whether the audit organization had a peer review and the date of that review. IGs have peer reviews performed every 3 years by other IGs. Most state auditors also have peer reviews every 3 years. To comply with GAGAS, the audit organization should have a peer review every 3 years. The IIA standards indicate that “[e]xternal assessments, such as quality assurance reviews, should be conducted at least once every five years by a qualified, independent reviewer or review team from outside the organization.” While reviews under the IIA standard are not designed to report whether the audit organization’s quality control adheres to GAGAS, they do provide evidence about whether the work adheres to a recognized set of professional standards. The auditor should read the peer review report, the letter of comments, and the audit organization’s response. Where the audit organization has received an unqualified peer review report recently (usually less than 3 years ago), the auditor generally need not perform further review of the audit organization’s qualifications. .29: Where the peer review report is not recent, the auditor generally should review the results of the audit organization’s internal inspection program for any new quality control issues. The inspection generally should include reviews of audit documentation, interviews of staff members, and tests of functional areas. Where the inspection is recent (usually within the past year) and the inspection report is unqualified, the auditor generally need not perform further review of the audit organization’s qualifications. .30: Where the peer review or inspection report is qualified or adverse, the auditor should evaluate whether the quality control system has since been strengthened to allow the auditor to use the other auditors’ work. The auditor may review the organization’s action plan for improving quality controls and inspection results in determining whether quality controls have improved since the peer review. The auditor should evaluate the effect of remaining weaknesses in determining the nature and extent of procedures to be performed. .31: Where the latest peer review was completed more than 3 years earlier and there is no inspection program, the auditor should obtain an overview of the important quality control policies and procedures of the other auditor.[Footnote 10] The overview generally should cover the functional areas of: * independence, integrity, and objectivity (FAM 650.11-.24); * leadership responsibilities; * ethical requirements; * acceptance and continuance of clients and engagements; * human resources (includes recruiting and hiring, advancement, professional development and training, and assigning personnel to assignments); * engagement performance (includes supervision and consultation); and: * monitoring programs. .32: The auditor may obtain this information through interviews of the other auditor’s management and staff and through reading its quality control summary document. The auditor also may read the other auditor’s manuals and other guidance for conducting audits. .33: In addition to evaluating the other auditor’s qualifications, the auditor also should evaluate the overall qualifications of the team assigned to do the work. The auditor may review résumés of key team members to accomplish this. The auditor should review the specific education, training, certifications, and experience of key team members. In evaluating qualifications, the auditor should review the specific role of staff members on the job. When the auditor has knowledge of qualifications from prior experience for key team members, the auditor should inquire about their experience in the time since the last audit. .34: Where the auditor is not satisfied as to the qualifications of the other auditor, the auditor generally should perform a more detailed review of the documentation and/or perform supplemental tests of key line items (see FAM 650.36). The auditor should document the work performed and the conclusions reached as to the other auditors’ qualifications. The documentation should indicate the auditor’s conclusion as to whether the other auditors are qualified to perform the tasks required and the basis for that conclusion. The auditor should consult with the reviewer if there are questions about the other auditors’ qualifications. .35: If the auditor has significant concerns about the other auditors’ independence, objectivity, or qualifications, the auditor should revise its audit strategy. For example, the auditor may: * contract with another firm; * ask the other auditors to substitute more highly qualified or objective staff members; * do the audit without using the other auditors’ work, treating any work done by the other auditors as prepared by the audited entity; * divide the work so that the other auditors test the areas where they are qualified, and the auditor does the rest of the audit; or: * issue a disclaimer of opinion. Planning the Review and Testing of Other Auditors’ or Specialists’ Work: .36: After evaluating the other auditors’ or specialists’ independence, objectivity, and qualifications, the auditor should develop an audit strategy and audit plan for reviewing and, if necessary, testing the work done. In this strategy, the auditor generally should document the level of review as high, moderate, or low. In some situations, the auditor should perform significantly more work than the work shown for the high level to include performing significant supplemental tests. In other situations, the auditor may decide less review or no review is necessary. These situations typically involve entities or line items that are very small in relation to the financial statements taken as a whole. In these situations, the auditor may decide to read the other auditors’ report and the financial statements and ask questions if anything seems unusual. The auditor should reevaluate the audit strategy and plan as the work progresses. If serving as the COTR, the auditor will assist the contracting officer to ensure contractor compliance with the terms and conditions of the contract. In addition, the IG Act requires that the IG take appropriate steps to assure that any work performed by nonfederal auditors complies with GAGAS. The level of review is a professional judgment the auditor generally should make for significant assertions in each material line item considering the following factors: a. The type of report or letter the auditor will issue, as less review is needed for a transmittal letter than for reports in which the auditor takes responsibility for the other auditors’ work (see FAM 650.10). b. Whether the other auditors issue a disclaimer of opinion because of a scope limitation, as less work is needed to concur with a scope limitation than to concur with an unqualified opinion (see FAM 650.37). c. Whether the auditor’s report might contain a disclaimer because of a scope limitation, as less work is needed if the auditor’s report will contain a scope limitation (see FAM 650.39). d. The other auditors’ independence, objectivity, and integrity (both for the audit organization and its audit team) are impaired, as the level of review increases as independence, objectivity, and integrity decreases. e. The other auditors’ qualifications (both for the audit organization and its audit team) to perform the work the auditor wishes to use, as the level of review increases as the other auditors’ qualifications decrease. f. The auditors’ prior experience with the other auditors (both for its audit organization and its audit team), as the level of review tends to decrease as the auditor’s confidence increases from working with the other auditors. g. The materiality of the line item in relation to the financial statements the auditor is reporting on, taken as a whole, as the level of review increases as the line item becomes more material. h. The risk of material misstatement, including the risk of material fraud for the line item and assertion in the financial statements the other auditors are auditing, as the level of review increases as the risk of material misstatement increases. .37: If the other auditors’ work has a scope limitation, this generally affects the level of review, except for transmittal letters with no assurance. If the other auditors disclaim an opinion on the financial statements because of a scope limitation, the auditor should also issue a disclaimer of opinion, unless the financial statements the other auditors audited are not material to the financial statements the auditor is auditing. The auditor generally need not perform extensive procedures to be satisfied that this disclaimer is appropriate. Additionally, the auditor generally need not hold discussions with entity management and/or perform supplemental tests in this situation, and may limit the review of documentation to summary documentation. Thus, the level of review is usually low or no review (see FAM 650.10). However, the auditor may do additional work to learn about the entity, to help the other auditor plan future audits, or to help entity management correct the causes of the scope limitation. .38: If the other auditors’ work had a scope limitation that results in a qualified opinion, the auditor generally should perform a moderate or high level of review to determine whether the other auditors should have disclaimed an opinion and that the only issues are those relating to the qualification. .39: A scope limitation on the auditor’s work that results in a disclaimer also may affect the level of review. Since the auditor has already decided that not enough work can be done on the overall financial statements, no amount of review of the other auditors’ work is likely to change that conclusion. Thus, as in FAM 650.37, discussions with entity management and/or supplemental tests are not required, the review of the other auditors’ documentation may be limited to summary documentation; and the level of review is usually low or no review (see FAM 650.10). However, the auditor may do additional work to learn about the entity, to help the other auditor plan future audits, or to help entity management correct the causes of the scope limitation. .40: If there is a scope limitation on the auditor’s work that results in a qualified opinion, the auditor should perform a similar amount of work as for an unqualified opinion (i.e., enough to support the qualification). .41: FAM 650 A illustrates the audit work that the auditor generally should perform for each level of review on each significant line item, as well as what to retain in audit documentation. Review of Audit Documentation: .42: The extent of the auditor’s review of the other auditors’ or specialists’ documentation depends on the level of review and is a professional judgment based on the factors in FAM 650.36. * For a low level of review, the auditor may limit the review of documentation to key summary planning and completion documentation. * For a moderate level of review, the auditor generally should review more of the other auditors’ or specialists’ documentation, especially those evidencing important decisions. For financial statement audits, this includes the audit strategy and audit procedures (or equivalent documents); the ARA (or equivalent documentation) for significant accounts; the SCE (or equivalent documentation) for significant applications; the documentation for accounts, estimates, and judgments with high risk of material misstatement; the analytical procedures; the audit completion checklist at FAM 1003 (or equivalent documentation); the audit summary memorandum; and the summary of uncorrected misstatements (see FAM 595 C). * For a high level of review, the auditor generally should review all of the items for the moderate level of review plus the important detailed documentation. Discussions and/or Supplemental Tests for a High Level of Review: .43: AU 543.13 states that “In some circumstances the principal auditor may consider it appropriate to participate in discussions regarding the accounts with management personnel of the component whose financial statements are being audited by other auditors and/or to make supplemental tests of such accounts.” The auditor may interpret “in some circumstances” to mean when the level of review is high. Thus, where the level of review is high, the auditor generally should (1) review audit documentation, and (2) hold discussions with audited entity management and/or perform tests of original documents. The objective of these additional procedures is for the auditor to obtain additional evidence about whether key items are properly handled and supported by sufficient appropriate evidence. For example, the auditor generally should discuss key items with entity management, especially estimates and judgments. This discussion generally should be with the other auditors present. The auditor generally should attend the entrance and exit conferences and other key meetings held by other auditors or specialists. For key items that have high risk of material misstatement, discussions with entity management may not provide sufficient evidence, and the auditor should perform supplemental tests. .44: The auditor may perform supplemental tests on a selection of the other auditors’ work, additional tests of the accounting records, or both. To perform supplemental tests, the auditor should obtain access to the entity’s personnel and its books and records. The auditor may coordinate access to the entity’s personnel and records through the other auditor. The auditor and the other auditor also may jointly perform parts of a test, where the sample is planned jointly and the results are evaluated jointly. Although supplemental tests are usually performed only when the level of review is high, the auditor may perform supplemental tests in other situations to learn about the entity, to help the other auditor plan future audits, or to help entity management correct problems. .45: Where the other auditor is an internal auditor, the auditor should perform supplemental tests. The extent of this testing depends on circumstances and should be sufficient for the auditor to make an evaluation of the overall quality and effectiveness of the internal control work done by the internal auditor (see AU 322.26). .46 The auditor generally should limit discussions with entity management and/or supplemental tests to significant assertions in line items that have a high risk of material misstatement. This is especially true in areas involving estimates and judgments or in areas on which users place extensive reliance. The auditor’s supplemental tests generally should include some items tested by the other auditor, particularly any that appear to be exceptions, in order to determine whether they were appropriately evaluated in formulating an opinion. The auditor generally should plan to perform supplemental tests while the other auditors are at the entity and have access to records, as this can minimize the inconvenience for everyone. .47: It is not necessary to perform supplemental tests of the work of specialists. As indicated in AU 336.12, the auditor should understand the methods and assumptions used by the specialists, test the data provided to the specialists (extent of testing is based on risk and materiality), and evaluate whether the specialists’ findings support the financial statement assertions. If the auditor believes the findings are unreasonable, the auditor should apply additional procedures and/or determine the need to obtain another specialist. Subsequent Events Review and Dating of the Auditor’s Report: .48: The auditor should date the report when the auditor has obtained sufficient appropriate audit evidence to support the opinion on the financial statements (AU 339.23 and AU 530). If the other auditors’ or specialists’ report is dated earlier and the auditor’s report does not mention the other auditors’ report or concurs with the other auditors’ report as in example 2 of FAM 650 C, the auditor should update the subsequent events review to the date of the auditor’s report. The auditor may ask the other auditors to update the subsequent events review to the required date, or the auditor may update the subsequent events review. However, since this requires additional work, the auditor should attempt to complete audit work when the other auditors complete their work. The auditor should evaluate this issue and coordinate with the other auditor when planning the audit. The auditor need not update the subsequent events review when the auditor issues a transmittal letter, as in example 1 of FAM 650 C. Staffing the Review of the Other Auditors’ or Specialists’ Work: .49: When staffing the review, the auditor should determine the extent to which the other auditors or specialists have reviewed their work. The other auditor should have performed at least one level of review for all audit work, with more material or sensitive areas having multiple reviews. In some cases, before the audit is complete, the other auditor may not have completed all levels of review, particularly at its top level, and may be reluctant for the auditor to access the audit documentation before these reviews are done. The auditor’s staff reviewing the work generally should have enough experience in financial statement auditing to understand the professional judgments that need to be made and to interact with the higher levels of the other auditor. An assistant director or a senior manager who has significant experience in performing and reviewing financial statement audit work should perform most of the review. Less qualified staff members may perform supplemental tests when supervised by more qualified auditors. The assistant director, audit manager, or auditor-in-charge should review the documentation of any supplemental tests performed by less experienced staff members. Except for key areas or issues, the auditdirector may designate another qualified auditor to perform the primary review of audit documentation prepared by the assistant director. .50: When the other auditors’ work involves the review of IS controls, an IS controls specialist should participate in the auditor’s review. Together they should determine if IS controls were adequate, audit work was properly documented, and related audit objectives were achieved. Evaluating the Work of Other Auditors or Specialists: .51: After the auditor has completed the review of the other auditors’ or specialists’ work, and, if necessary, any supplemental testing, the auditor should determine whether the work is sufficient and acceptable for the auditors’ use. The auditor should document this evaluation. .52: Sometimes, other auditors use methodologies or audit approaches that are different from those the auditor would have used. Auditing requires a great deal of professional judgment and there often are alternative ways to achieve audit objectives. Many CPA firms have developed, at considerable expense, proprieary audit methodologies to use on a wide range of public and private sector clients. Many of these audit methodologies utilize electronic technology where the entire audit documentation exists only in electronic form. Thus, the auditor should understand the other auditors’ audit methodology and basis for the nature, extent, and timing of audit procedures. This may require obtaining permission to use proprietary software to review the audit documentation. Additionally, where the CPA software is retained, the auditor should develop a process to maintain the operability of the software to access the audit documentation in the future. The auditor should evaluate whether sufficient appropriate evidence[Footnote 11] has been obtained to meet the audit objectives, particularly for significant assertions in line items with a high risk of material misstatement. If the auditor has concerns about whether the other auditors’ work provides sufficient appropriate evidence, the auditor generally should discuss the matter with the audit director and the reviewer before formally discussing the issue with the other auditors. .53: The auditor should determine the significance of the test results to the audit of the financial statements the auditor is reporting on. As an example, the other auditors may have selected a nonstatistical sample and/or the sample size may be smaller than the sample size the auditor would have selected. The auditor may decide that this provides sufficient evidence in an area that is less material or has low or moderate risk of material misstatement. However, if the risk of material misstatement is high, the auditor may conclude that sufficient appropriate evidence has not been obtained and that additional work is needed. In this case, after consulting with the audit director and the reviewer, the auditor generally should either ask the other auditors to perform additional tests or perform the additional tests. If this additional testing is not done, the auditor should determine the effect on the auditor’s report of the scope limitation. Because reaching this conclusion after the work is performed is inefficient, especially when the level of review is high, the auditor generally should coordinate or concur with major planning decisions of the other auditor before audit work is started. .54: Sometimes, the auditor may disagree with the conclusions or judgments of the other auditors. In this case, the auditor should evaluate the other auditors’ work as well as any other evidence or testing necessary to determine the appropriate conclusion. .55: The auditor should discuss any issues of disagreement with the other auditors to attempt to resolve the disagreement. The auditor should attempt to resolve professional disagreements early to reduce confusion that may arise from differing auditor views. Once identified, the auditor should discuss the issues with the other auditors to resolve them in a timely manner and before the completion of the audit. .56: If the auditor does not reach agreement with the other auditors, the auditor should determine how to report. For disagreements involving matters that are material to the financial statements, the auditor may decide not to transmit the other auditors’ report, instead issuing a disclaimer of opinion due to a scope limitation or doing additional work, if necessary, to issue an appropriate opinion. For disagreements involving matters that are not material to the financial statements,, the auditor may transmit the other auditors’ report, issue the transmittal letter or report, and describe the disagreement and the basis for the auditor’s conclusions. Documenting the Review of Other Auditors’ or Specialists’ Work: .57: Regardless of the type of reporting or the level of review, the auditor’s documentation generally should contain the items listed in FAM 650 A under “documentation,” either electronically or in hard copy. .58: In addition, where the auditor performs supplemental tests of the accounting records, the auditor’s documentation should contain a description of the work (this may be a list of the documents the auditor examined or tick marks on a copy of the other auditors’ documentation if that is the basis for the selection) and the auditor’s conclusion. It is not necessary to retain copies of the documents examined. .59: There is a difference between the auditor’s responsibilities to review the documentation of other auditors and what the auditor may copy and retain from that documentation. The auditor uses professional judgment in deciding which of the other auditors’ or specialists’ documents to copy and retain. However, many auditors use electronic technology to retain documentation for the entire audit. The auditor may cite this documentation as part of the review to include any supplemental testing performed on the other auditors’ work. The auditor may print any documents as necessary. .60: The auditor may retain other documentation if it might be useful in understanding the entity, training staff members, planning future audits, reviewing the documentation, or writing the report. Documentation in this category includes the entity profile (or equivalent), audit strategy, audit procedures, ARA and SCE forms (or equivalent), trial balance or lead schedules, management representation letter, and legal representation letter. Auditors often find it helpful to keep copies of documents (either electronically or in hard copy) in case questions are raised in review but not to include those copies in the audit documentation unless they are needed to document the work performed. The auditor should retain documents in accordance with the contract or other legal requirements, but not less than 5 years from the report release date (AU 339.32). Audit procedures may indicate which documents to retain. The auditor may not discard documents after 60 days from the report release date (AU 339.27-.30). In documenting the review, auditors may indicate the document number or index number used by the other auditor in order to locate the document at a later date. Ownership and confidentiality of audit documentation is determined by contract and legal requirements (see AU 339.31). Using Internal Audit Staff to Provide Direct Assistance to the Auditor: .61: Sometimes, the auditor or the audited entity requests that internal auditors provide direct assistance to the auditor. Before this is done, the auditor should be satisfied with the independence, objectivity, and qualifications of the staff assigned to do the work requested. AU 322.27 indicates that in these situations, “The auditor should inform the internal auditors of their responsibilities, the objectives of the procedures they are to perform, and matters that may affect the nature, timing, and extent of procedures, such as possible accounting and auditing issues.” The auditor should direct, review, test, and evaluate the work done by internal auditors to the extent appropriate based on the auditor’s evaluation of risk, materiality, objectivity, and qualifications. Using Federal Entity Specialists: .62: Many federal entities have actuaries, security specialists, statistical specialists, and other specialists whose work the auditor would like to use. However, unless these specialists are part of an entity that is organizationally independent or are under contract to such an entity, the auditor should evaluate their work as the work of an employee of the entity under audit. The auditor should use the specialists of other auditors or contract for outside specialists to develop and implement appropriate tests. Multiple Levels of Other Auditors: .63: Sometimes there are several levels of other auditors. For example, an IG may hire a CPA firm to perform an audit of a federal entity’s financial statements. The IG may issue a report concurring with the firm’s report or a letter transmitting the firm’s report. GAO auditors may then use the work of the IG as part of the audit of the financial statements of the U.S. government. .64: When there are multiple levels of other auditors, each audit organization should follow the guidance in FAM 650. IG auditors should evaluate the independence (see FAM 650.11-.24) and qualifications of the CPA firm (see FAM 650.25-.35); should review the audit documentation (see FAM 650.42); and may need to have discussions with entity management and/or perform supplemental tests of key accounts depending on the level of review deemed appropriate (see FAM 650.43- .47). GAO auditors should evaluate the qualifications of the IG organization (by reading the peer review report, the letter of comments, and the audit organization’s response as described in FAM 650.25) and the qualifications of the IG team doing the monitoring of the CPA firm. GAO auditors should also review the IG auditor’s documentation of its review of the CPA firm work and may perform supplemental tests as deemed necessary. If GAO auditors find that the IG auditor has completed and documented adequate work, including discussions with entity management and/or supplemental tests, further discussions and/or supplemental tests would be quite limited, perhaps a walk-through of work done in areas with high-risk of material misstatement. Often, GAO auditors will attend fewer meetings than the IG auditor attends and would concentrate the review on the IG auditor’s documentation. GAO auditors may then issue a report on the financial statements. .65: Because of the potential for inefficiency, there generally should be close coordination between the various auditors. The IG and GAO may perform the review jointly. Sometimes, a memorandum of understanding may be useful in documenting responsibilities. A chart that describes the review to be done by each organization may be useful. The following is a useful format for this chart (with more detail added as necessary under each phase of the audit). Phase of the audit: Planning; Procedures: Other auditor: [Empty]; Procedures: IG review: [Empty]; Procedures: GAO review: [Empty]. Phase of the audit: Internal Control; Procedures: Other auditor: [Empty]; Procedures: IG review: [Empty]; Procedures: GAO review: [Empty]. Phase of the audit: Testing; Procedures: Other auditor: [Empty]; Procedures: IG review: [Empty]; Procedures: GAO review: [Empty]. Phase of the audit: Reporting; Procedures: Other auditor: [Empty]; Procedures: IG review: [Empty]; Procedures: GAO review: [Empty]. Reports on Other Auditors’ Work: .66: The auditor may be asked to issue a report evaluating work done by other auditors in a situation where the auditor is not using the work of the other auditors. For example, the auditor may be asked to evaluate an audit done by a CPA firm. While AU 543, 322, and 336 are not directed toward these situations, the guidance in FAM 650 is helpful in planning and reporting on those assignments. 650 A - Summary of Audit Procedures and Documentation for Review of Other Auditors’ Work: .01: Table 1 on the following page presents a summary of audit procedures that the auditor generally should perform at the entity level and for significant assertions, line items, accounts, or applications when reviewing the work of other auditors. As discussed in FAM 650.36, the three levels of review are high, moderate, or low, as determined by the auditor’s professional judgment. Table 2 on the next following page presents a summary of documentation that the auditor generally should retain from the auditor’s review of the work of other auditors. However, the summary does not include work to be done by the auditor on other auditor independence, objectivity, and qualifications. (See FAM 650.11-.35 for a discussion of that work.) Where the other auditor uses equivalent documents, the auditor should review those documents. .02: In both tables, procedures to be performed and documents to be retained at the low level of review are indicated by regular font. The moderate level of review includes the low level plus those in bold letters. The high level of review includes the moderate level plus those in BOLD CAPITALS. Table 1: Summary of Audit Procedures from Reviewing Other Auditors’ Work: Audit Procedures: At entity level: 1. Communicate with the other auditors: * as to the objectives of the work; * discuss their procedures and results; * Attend key entrance and exit meetings; * Coordinate Or Concur In Significant Planning Decisions Before Major Work Is Started 2. Review: * audit strategy; * scope of work; * audit summary memorandum; * summary of uncorrected misstatements; * analytical procedures; * completion checklist; * determination of planning and design materiality; * representation letters; * information systems background; * general and application controls; documentation (with assistance from IS controls specialist); * other key documentation; 3. Read: * other auditor’s report; * financial statements and notes; * supplementary information; * MDA and other accompanying information; * Management’s response; For significant assertions, line items, accounts, or applications: 1. Review: * audit procedures (plan); * conclusions about significant issues and their resolution (often in audit summary); * account risk analysis (ARA); * specific control evaluations (SCE); * cycle memo; * flowcharts; * determination of tolerable misstatement; * sampling plan; * other auditors’ key documentation; * high risk accounts, estimates, and judgments; * analytical procedures; * Evaluation Of Sample Results; * Summary Of Uncorrected Misstatements; 2. Participate In Discussions With Management Personnel And/or Perform Supplemental Tests Of The Line Items (Especially Key Items, Estimates And Judgments); Compare Conclusions; [End of table] Table 2: Summary of Documentation from Reviewing Other Auditors’ Work: Documentation: Retain: 1. Auditor prepared: * audit strategy; * memo documenting entrance and exit conference; * Memos Documenting Key Meetings Attended And Discussions With Audited Entity Management; * results of review of documentation; * Supplemental Test Documentation; * summary memo; 2. Other auditor prepared: At entity level: * other auditor’s report; * entity’s final financial statements, notes, and supplementary info; * management letter; * other auditor’s unadjusted known and likely misstatements, consideration of risk of further misstatements, and comparison with materiality; * audit completion checklist; * other auditor’s audit summary memo; At line item or assertion level: * documentation that evaluates exceptions; * other auditor’s documentation evidencing significant judgments and conclusions; Optional: 1. Auditor and other preparers: * entity profile; * audit procedures (plan); * account risk analyses; * specific control evaluations; * sampling plan; * trial balance; * lead schedules; * evaluation of sample results; * management representation letter; * legal representation letter; [End of table] 650 B - Example Audit Procedures for Using the Work of Others: These example procedures are appropriate when using the work of other auditors or the work of specialists to perform a full or partial audit of financial statements and are applicable to GAO financial statement audits. Auditors may use these procedures or a monitoring tool for financial audits developed by the Federal Audit Executive Council, a subcommittee of the President’s Council on Integrity and Efficiency that can be found at [hyperlink,http://www.ignet.gov/pande/faec/fsan0906.xls]. As stated in FAM 650.08, these procedures depend upon the professional judgments that the auditor makes. The auditor should tailor the procedures to the circumstances and the planned level of review (high, moderate, or low) as discussed in FAM 650.36. The auditor should modify or add procedures as necessary, and delete them if not applicable. When other auditors or specialists have done only part of an audit, the auditor may delete many of the procedures below. The auditor may also delete procedures for the low level of review or when the auditor plans to issue only a transmittal letter as discussed in FAM 650.09 b. The audit procedures are presented in three sections: (1) evaluating independence, objectivity, and qualifications for CPA firms and specialists; (2) evaluating independence, objectivity, and qualifications for government audit organizations; and (3) monitoring the work (for all types of other auditors and for specialists). The auditor should use the applicable one of the first two sections and the third section. The auditor generally should use a separate form for each other auditor or specialist. Entity: Job code: Period of audit: Step: 1. Evaluating Independence, Objectivity, And Qualifications For Cpa Firms And Specialists: General: 1. Read the statement of work or request for proposal to determine whether this contracting document provides sufficient background on the audited entity and indicates the objectives of the work, what the contractor should include in its proposal, how proposals will be evaluated, and how the report will be used; Done by/date: [Empty]; Doc Ref: [Empty]. Step: Independence and objectivity: 2. Determine whether proposal of selected firm includes a representation as to the firm’s independence and objectivity; Done by/date: [Empty]; Doc Ref: [Empty]. Step: Independence and objectivity: 3. If proposal does not include a representation as to independence and objectivity, obtain written representation from firm; Done by/date: [Empty]; Doc Ref: [Empty]. Step: Qualifications: 4. Read proposal of selected firm. In reviewing proposal, evaluate the overall qualifications of the team performing the work. Review resumes and determine for key team members their educational level, professional certifications, and professional experience, including whether key team members have current knowledge and experience in the type of work done; Done by/date: [Empty]; Doc Ref: [Empty]. Step: 5. Review the selected firm’s peer review report, letter of comments, and response letter. If the peer review report was issued more than three years earlier, obtain documentation relating to the firm’s internal quality control policies and procedures or review the firm’s inspection program; Done by/date: [Empty]; Doc Ref: [Empty]. Step: 6. Communicate orally or in writing with the other auditors to be satisfied that they understand the requirements, the timetable, and the report or letter the auditor expects to issue; Done by/date: [Empty]; Doc Ref: [Empty]. Step: 2. Evaluating Independence, Objectivity, And Qualifications For Government Auditors: Independence And Objectivity: 1. For all government audit organizations, obtain written representation from an appropriate official that the organization and its individual auditors are independent of the entity being audited; Done by/date: [Empty]; Doc Ref: [Empty]. Step: 2. Determine whether the government audit organization meets ONE of the criteria in FAM 650.15, or the head meets ONE of the criteria in FAM 650.16. If the organization (or its head) meets one of these criteria, no further work is needed unless the auditor finds contrary evidence as to independence and objectivity in other parts of the audit. Indicate the criteria met and document the evaluation of any other evidence obtained. (Go to step 6.); Done by/date: [Empty]; Doc Ref: [Empty]. Step: 3. If the government audit organization (or its head) does not meet any of the criteria in step 2, determine whether it meets ALL of the criteria in FAM 650.18; Done by/date: [Empty]; Doc Ref: [Empty]. Step: 4. Review the government audit organization’s documentation of how it meets the requirements of step 3. Discuss with an appropriate official of the organization and consider discussions with quality assurance advisors, legal counsel for the organization, and auditor’s legal counsel. (Go to step 6.); Done by/date: [Empty]; Doc Ref: [Empty]. Step: 5. If the government audit organization does not meet the criteria for organizational independence to report externally, determine whether the organization is an independent internal audit organization under GAGAS and IIA standards. Determine whether the internal auditors are objective for the activities they audit. For the audit organization to be considered free from organizational impairments, determine if the head of the audit organization meets all of the criteria indicated in FAM 650.21; Done by/date: [Empty]; Doc Ref: [Empty]. Step: 6. For government auditors, obtain an understanding of the organization’s policies to enhance the objectivity of individual auditors as discussed in FAM 650.23, including * policies to prohibit auditors from auditing areas where relatives are employed, * policies to prohibit auditors from auditing areas where they were recently assigned or are scheduled to be assigned after they complete their tour of duty in auditing, and * policies to require representations as to objectivity and lack of conflicts of interest from each auditor; Done by/date: [Empty]; Doc Ref: [Empty]. Step: 7. Prepare a memorandum documenting work performed and conclusions reached as to government audit organization’s independence and objectivity; Done by/date: [Empty]; Doc Ref: [Empty]. Step: Qualifications: 8. Read the latest peer review report or equivalent, letter of comments, and the audit organization’s response as discussed in FAM 650.28. Note the date of the report and whether it is unqualified. If the report is recent (usually within the past year) and unqualified, go to step 12; Done by/date: [Empty]; Doc Ref: [Empty]. Step: Qualifications: 9. If the peer review is not recent, review the latest inspection report[Footnote 12], if any, and the organization’s response as discussed in FAM 650.29. Note the date of the report and whether it is unqualified. If the inspection is recent (usually in the past year) and unqualified, go to step 12; Done by/date: [Empty]; Doc Ref: [Empty]. Step: Qualifications: 10. If the organization has not had a recent peer review or inspection as discussed in FAM 650.31, obtain an overview of the important policies and procedures in the functional areas through interviews of management and staff and through reading the summary quality control document, if any. Consult with the reviewer on the potential effect of using work with no recent peer review or inspection before performing this step; Done by/date: [Empty]; Doc Ref: [Empty]. Step: Qualifications: 11. If the peer review or inspection report was qualified or adverse, determine whether the quality control system has since been strengthened as discussed in FAM 650.30. Review the organization’s action plan for strengthening its quality control system. Evaluate the effect of remaining weaknesses in determining the level of review; Done by/date: [Empty]; Doc Ref: [Empty]. Step: Qualifications: 12. Inquire how the government audit organization determined staffing of the audit. Evaluate the overall qualifications of the team performing the work as discussed in FAM 650.33. Review resumes for key team members and consider: * educational level, professional certifications, and professional experience; * continuing professional education, especially training and current knowledge in the type of work done; * supervision and review of work; * whether the audit team has adequate sources for consultation and use of specialists, especially for audit sampling, audit methodology, and review of computer controls; and: * quality of documentation, reports, and recommendations; Done by/date: [Empty]; Doc Ref: [Empty]. Step: Qualifications: 13. As discussed in FAM 650.35, if the auditor has significant concerns about the government audit organization or its team’s objectivity or qualifications, the auditor, in developing the audit plan, may either: * ask the other auditors to substitute more objective or highly qualified staff members; * do the work, treating any work done by the other auditors as prepared by the audited entity; * divide the work so that the other auditors test the areas where they are qualified and the auditor does the rest of the audit; or * issue a disclaimer of opinion; Done by/date: [Empty]; Doc Ref: [Empty]. Step: 3. Monitoring The Work (For All Types Of Other Auditors And Specialists): 1. As discussed in FAM 650.36, develop a strategy and a plan for reviewing the other auditors’ or specialists’ work and, if necessary, performing supplemental tests of the accounting records. Determine the level of review for each line item; Done by/date: [Empty]; Doc Ref: [Empty]. Step: 2. Monitor audit planning (For All Levels Of Review): * Review the entity profile. * Review the audit strategy or equivalent document and audit plan. (For Moderate And High Level Of Review) * Attend entrance meeting and key planning meetings. * Review the determination of planning materiality and design materiality. * Have an IS controls specialist participate with the auditor in reviewing the information resource management background information and the documentation for review of general and application controls. * Document line items and applications to be reviewed. * For each such line item, review the Account Risk Analyses, the Specific Control Analyses, the cycle flowcharts, the cycle memoranda, the determination of tolerable misstatement, and the audit plan or equivalent documents; Done by/date: [Empty]; Doc Ref: [Empty]. Step: 3. Monitor the execution of the audit for reports following example 2 of FAM 650 C or FAM 595 A and/or FAM 595 B Where Level Of Review Is High. * Attend key meetings, especially those discussing highrisk areas, significant estimates and judgments, fraud brainstorming, and the other auditors’ conclusions. * Discuss key items with audited entity management, especially significant estimates and judgments. * Perform supplemental tests of the accounting records: -- Generally for high risk and material line items, especially in areas involving estimates and judgments or ones which users rely on extensively. -- Generally while the other auditors are at the audited entity location and have access to the records. -- Examine some of the same documents the other auditors examined or make own selection or both. -- Compare results of other auditors’ work to results of supplemental tests. -- Document scope of supplemental testing and conclusions reached; Done by/date: [Empty]; Doc Ref: [Empty]. Step: 4. Monitor the completion of the audit (items with * are usually not necessary for LOW level of review): * Review the overall analytical procedures. * *Review the key documentation for the line item and for completing the audit; consider evaluations of sample results. (For example, were projections appropriate? Was appropriate action taken based on sample results?) * *Determine whether the subsequent events review was updated to the date of the auditor’s report. * Review the audit summary memorandum, conclusions about line items, and the summary of uncorrected misstatements. * Review the audit completion checklist at FAM 1003 (or equivalent document). * Review the management representation letter and the legal representation letter. * *Attend key exit conference(s). * Read the other auditors’ report, the financial statements, the notes, the other accompanying information, and management’s response; Done by/date: [Empty]; Doc Ref: [Empty]. Step: 5. Prepare a summary memorandum; Done by/date: [Empty]; Doc Ref: [Empty]. Step: 6. Write the auditor’s report or transmittal letter; Done by/date: [Empty]; Doc Ref: [Empty]. 650 C - Example Reports when Using the Work of Others: Example 1 – Transmittal Letters: As discussed in FAM 650.09 b, there are two types of transmittal letters, one expressing no assurance and one expressing negative assurance on the other auditor’s work. Examples of both types are presented as follows: [Addressee] We contracted with the independent certified public accounting firm of [name of firm] to audit the financial statements of [name of entity] as of [date] and for the year then ended, to provide an opinion [or a report] on internal control over financial reporting (including safeguarding assets) and compliance with laws and regulations, to provide an opinion on whether [entity’s] financial management systems substantially complied[Footnote 13] with the requirements of the Federal Financial Management Improvement Act of 1996 (FFMIA) (for CFO Act agencies), and to report any reportable noncompliance with laws and regulations they tested. The contract required that the audit be done in accordance with U.S. generally accepted government auditing standards, OMB audit guidance, and the GAO/PCIE Financial Audit Manual [if required by the contract]. In its audit of [name of federal entity], [name of CPA firm] found * the financial statements were fairly presented, in all material respects, in conformity with U.S. generally accepted accounting principles, * [federal entity] had effective[Footnote 14] internal control over financial reporting (including safeguarding assets) and compliance with laws and regulations, * [entity’s] financial management systems substantially complied[Footnote 15] with the requirements of the Federal Financial Management Improvement Act of 1996 (FFMIA) (for CFO Act agencies), and:[Footnote 16] * no reportable noncompliance with laws and regulations tested. [Name of CPA firm] also described the following significant matters (if any): * [Discuss any significant matters]. For transmittal letters expressing no assurance, use the following paragraph: [Name of CPA firm] is responsible for the attached auditor’s report dated [date] and the conclusions expressed in the report. We do not express opinions on [name of entity]’s financial statements or internal control or on whether [entity]’s financial management systems substantially complied with FFMIA (for CFO Act agencies); or conclusions on compliance with laws and regulations. For transmittal letters expressing negative assurance, use the following paragraph: In connection with the contract, we reviewed [name of CPA firm]’s report and related documentation and inquired of its representatives. Our review, as differentiated from an audit in accordance with U.S. generally accepted government auditing standards, was not intended to enable us to express, and we do not express, opinions on [name of entity]’s financial statements or internal control[Footnote 17] or on whether [entity]’s financial management systems substantially complied with FFMIA (for CFO Act agencies);[Footnote 18] or conclusions on compliance with laws and regulations. [Name of CPA firm] is responsible for the attached auditor’s report dated [date] and the conclusions expressed in the report. However, our review disclosed no instances where [name of CPA firm] did not comply, in all material respects, with U.S. generally accepted government auditing standards.[Footnote 19] Example 2 – Report Concurring with Other Auditors’ Opinion (Presenting Report of Other Auditors after the Auditor’s Report)[Footnote 20]: As discussed in FAM 650.09 d, the auditor may use this approach when other auditors have reported on financial statements and the auditor wants to provide more assurance than what is provided in the transmittal letter example 1 above. [Addressee] Under [citation of statute], we are responsible for auditing [name of entity]. To help fulfill these responsibilities, we contracted with [name of firm], an independent certified public accounting firm. [Name of firm]’s report dated [date] is attached. We concur[Footnote 21] with [name of firm]’s report that indicated: * the financial statements were fairly presented, in all material respects, in conformity with U.S. generally accepted accounting principles, * [entity] had effective internal control over financial reporting (including safeguarding assets) and compliance with laws and regulations, * [entity’s] financial management systems substantially complied with the requirements of the Federal Financial Management Improvement Act of 1996 (FFMIA) (for CFO Act agencies), and: * no reportable noncompliance with laws and regulations it tested. Details of their conclusions are in their report. Objectives, Scope, and Methodology: Management is responsible for (1) preparing the financial statements in conformity with U.S. generally accepted accounting principles, (2) establishing, maintaining, and assessing internal control to provide reasonable assurance that the broad control objectives of 31 U.S.C. 3512 (c), (d) (commonly known as the Federal Managers’ Financial Integrity Act) are met, (3) ensuring that [entity]’s financial management systems substantially comply with FFMIA requirements (for CFO Act agencies), and (4) complying with applicable laws and regulations. We are responsible for obtaining reasonable assurance about whether (1) the financial statements are presented fairly, in all material respects, in conformity with U.S. generally accepted accounting principles, and (2) management maintained effective internal control, the objectives of which are the following: * Financial reporting: Transactions are properly recorded, processed, and summarized to permit the preparation of financial statements in conformity with U.S. generally accepted accounting principles, and assets are safeguarded against loss from unauthorized acquisition, use, or disposition. * Compliance with laws and regulations: Transactions are executed in accordance with laws governing the use of budget authority and with other laws and regulations that could have a direct and material effect on the financial statements and any other laws, regulations, and governmentwide policies identified by OMB audit guidance. We are also responsible for (1) testing whether [entity’s] financial management systems substantially comply with the three FFMIA requirements (for CFO Act agencies), (2) testing compliance with selected provisions of laws and regulations that have a direct and material effect on the financial statements and laws for which OMB audit guidance requires testing, and (3) performing limited procedures with respect to certain other information appearing in the Performance and Accountability Report. To help fulfill these responsibilities, we contracted with the independent certified public accounting (CPA) firm of [name of firm] to perform a financial statement audit in accordance with U.S. generally accepted government auditing standards and OMB audit guidance. We evaluated the nature, extent, and timing of the work, monitored progress throughout the audit, reviewed the documentation of the CPA firm, met with partners and staff members, evaluated the key judgments, met with officials of [federal entity being audited], performed independent tests of the accounting records, and performed other procedures we deemed appropriate in the circumstances. We conducted our work in accordance with U.S. generally accepted government auditing standards. 660 – Agreed-Upon Procedures: .01: In an engagement to apply agreed-upon procedures, a client engages an auditor to perform specific procedures on a subject matter and report on the results to assist users in evaluating a subject matter or an assertion. Agreed-upon procedures should be performed in accordance with GAGAS which incorporates the financial audit and attestation standards established by the AICPA. The Statements on Standards for Attestation Engagements (SSAE), specifically AT 101, Attest Engagements, and AT 201, Agreed-Upon Procedures Engagements, contains standards and guidance for these engagements. .02: The auditor may perform an agreed-upon procedures engagement on a variety of subject matters. The engagement will vary depending on the needs of the user. The engagement may assist entity management by providing information for making decisions and give report users information on important areas. Examples of agreed-upon procedures are: * compare payroll information reported to the Office of Personnel Management with the entity’s payroll records and general ledger; (Refer to OMB audit guidance for additional information); * compare entity reconciliations of intragovernmental activity and balances with supporting documentation and compare amounts with the financial statements and with reports to the Department of the Treasury (Treasury); (Refer to OMB audit guidance for additional information); * trace tax collections from the master file to deposit confirmations, determine whether they were recorded in the appropriate period, and in the correct tax class; * trace amounts on the entity’s financial statements to an “account grouping worksheet,” foot the worksheet, read the CFO’s explanation for any differences, and compare the explanation with supporting documentation; and: * examine official receipt documents to determine whether they were included in the weekly deposit; compare deposit amounts to amounts reported on the statement of funding. .03: In agreed-upon procedures engagements, all parties involved, which include the report users, the entity responsible for the subject matter (which may or may not be the same as the user), and the auditor, should clearly understand the procedures to be applied. Since users may have different needs, the nature, extent, and timing of agreed-upon procedures also may differ. Therefore, the users, and not the auditor, assume the responsibility for the sufficiency of the design and extent of the procedures since they best understand their own needs, although the auditor may assist the user in designing the procedures. .04: The auditor should establish and document an understanding with the users regarding the nature, extent, and timing of agreed-upon procedures to be performed. The auditor may document this understanding using an engagement letter to the users, an example of which is provided in FAM 660 A. .05: The auditor should perform agreed-upon procedures only if the subject matter is capable of evaluation against criteria that are suitable and available to users. Suitable criteria should have objectivity, measurability, completeness, and relevance. The auditor should perform procedures that are subject to reasonably consistent measurement and the users have agreed on. The auditor should not perform overly subjective procedures or use terms with uncertain meaning unless they are defined in the agreedupon procedures report. .06: The auditor need not perform additional procedures beyond the agreedupon procedures. If matters come to the auditor’s attention by other means that significantly contradict the subject matter (or assertion), the auditor should include these matters in the report. For example, if during the course of applying agreed-upon procedures regarding an entity’s operation, the auditor becomes aware of a material weakness related to the assertion by means other than the agreed-upon procedures, the auditor should include this matter in the report. The auditor may do this by mentioning the material weakness with a footnote reference to another report where it is described in detail. .07: Where circumstances impose restrictions on the performance of the agreed-upon procedures, the auditor should attempt to obtain agreement from the users of the report to modify the agreed-upon procedures. When agreement cannot be obtained (for example, when the agreed-upon procedures are published by a regulatory entity that will not modify the procedures), the auditor should describe restrictions in the report or withdraw from the engagement. Written Representations: .08: The auditor generally should determine if a representation letter is necessary. The auditor may determine that a representation letter is necessary, for example, if (1) the responsible entity is so large there is a risk as to whether one person knows whether pertinent information has been made available to the auditor, (2) the subject matter depends on estimates, judgments, or future events (such as whether the subject matter is less objective and fact-based and more subjective), or (3) the user of the report believes written representations should be obtained. Although generally not required by AT 201 (unless specifically required by another attestation standard, such as in a compliance engagement) a representation letter may nonetheless be a useful means of documenting the responsible entity’s representations. FAM 660 B provides an example representation letter for an agreed-upon procedures engagement. .09: The responsible entity’s refusal to furnish written representations the auditor determines to be necessary constitutes a scope limitation. In such circumstances, the auditor should do one of the following: * disclose in the report the inability to obtain representations from the responsible entity, * withdraw from the engagement, or * change the engagement to another form of engagement (such as to a performance audit) with the client’s consent. Documentation: .10: In accordance with GAGAS, the auditor should prepare and maintain documentation in connection with an agreed-upon procedures engagement that is appropriate for the engagement. The auditor should document sufficient information to enable an experienced auditor having no previous connection with the engagement to ascertain from the documentation the nature, extent, timing, and results of procedures performed and the evidence that supports the auditors’ agreed-upon procedures report, including its sources and the auditors’ conclusions. .11: Although the quantity, type, and content of documentation varies with the circumstances, the auditor should document sufficient information to demonstrate that the work was adequately planned and supervised and that evidential matter provides a reasonable basis for the report as discussed in GAGAS chapter 6. .12: The auditor generally should prepare a summary memorandum that recaps the work performed, refers to the detailed documentation, includes the auditor’s conclusion on whether the work was performed in accordance with GAGAS, the attestation standards, and the GAO/PCIE FAM, and whether the report is appropriate. FAM 660 C provides an agreed- upon procedures engagement completion checklist. Reporting: .13: The auditor should report on the agreed-upon procedures in the form of results. The auditor should not provide any opinion or negative assurance about whether the subject matter or the assertion is fairly stated based on the criteria. The auditor should report the identification of the entities that agreed to the procedures and took responsibility for the sufficiency of the design and extent of the procedures for their purposes, as shown in the example report in FAM 660 D. .14: The auditor should report all results arising from application of the agreed upon procedures. The concept of materiality does not apply to results reported in an agreed-upon procedures engagement unless the users of the report agree to the definition of materiality. This could be included in the engagement letter at FAM 660 A. The auditor should describe any agreed upon materiality limits in the report. .15: The auditor should include a statement indicating that the report is intended for the specified users who have agreed upon the procedures performed and taken responsibility for the sufficiency of the design and extent of the procedures for their needs. However, since governmental reports are generally a matter of public record, the distribution of the report is not limited and the audit organization may provide copies upon request. .16: The auditor may have performed agreed-upon procedures on an element, account, or item of financial statements and also audited the same financial statements. If the audit report on the financial statements includes a departure from a standard report, the auditor generally should include a reference to the audit report and the departure from the standard report in the agreed-upon procedures report. .17: The auditor also may include explanatory language about such matters as the following: * stipulated facts, assumptions, or interpretations (including the source); * description of the condition of records, controls, or data to which the procedures were applied; * explanation that the auditor has no responsibility to update the report; and: * explanation of sampling risk. .18: The auditor should state the results in definitive, rather than qualified, language and avoid vague or ambiguous language. The following table provides examples of appropriate and inappropriate descriptions of findings. Table: Examples of appropriate/inappropriate description of findings: Procedures agreed-upon: Based on the total tax liability, select and recompute the 50 largest excise tax returns from the quarter ended September 30, 20XX, and compare these amounts with the certified audit file; Description of findings: Appropriate: Recomputed amounts for the selected excise tax returns agreed with the amounts in the certified audit file; Description of findings: Inappropriate: Nothing came to our attention as a result of applying this procedure. Procedures agreed-upon: Select a random sample of 45 Treasury SF-224 reconciliations; determine if XYZ reported revenue receipts were properly classified and reconciled to Treasury FMS records; Description of findings: Appropriate: Revenue receipts selected randomly from the monthly Treasury SF-224 reconciliation process were properly classified and agreed with Treasury FMS records; Description of findings: Inappropriate: The revenue receipts approximated the amount shown in the Treasury FMS records. Procedures agreed-upon: Examine personnel files of 40 individuals randomly selected from the timekeeping records for the year; determine if all the selected files contain a current and approved Notification of Personnel Action (SF-50); Description of findings: Appropriate: Thirty of the selected files contained a current and approved Notification of Personnel Action. Ten files did not contain a current and approved Notification of Personnel Action (list and identify exceptions). Based on our sample, we are 95% confident that the population deviation is between X and Y; Description of findings: Inappropriate: Some of the personnel files did not contain a current and approved Notification of Personnel Action. Other Report Issues: .19: The auditor should address the report to the users who have agreed upon the procedures to be performed (see FAM 660.03). The auditor should use the date of completion of the agreed-upon procedures as the date of the agreed-upon procedures report. If the audit organization’s procedure is to date reports with the issue date, the auditor may state the date of completion of the engagement in the report, such as “We completed the agreed-upon procedures on [date].” .20: The auditor should obtain entity comments from the entity responsible for the subject matter. These comments can be either written or oral. If oral comments are obtained the auditor should document them in a memo. 660 A - Example Agreed-Upon Procedures Engagement Letter: [Date]: Management of ABC Federal Entity: Subject: Fiscal Year 20X8 Agreed-Upon Procedures for the Tax Trust Fund Dear Management Official: This letter responds to your letter of [date] requesting that we assist ABC Federal Entity in determining the completeness and accuracy of receipts transferred to the tax trust fund. On [date] we met with you to discuss the scope and timing of our work. The detailed procedures we agree to perform are enclosed. We plan to perform these procedures on [provide date(s)]. This letter documents our agreement to perform these agreed-upon procedures related to fiscal year 20X8. We will perform these procedures in accordance with U.S. generally accepted government auditing standards, which incorporate the financial audit and attestation standards established by the American Institute of Certified Public Accountants (AICPA). We will provide you with a draft copy of our report for your review and comment and plan to issue the report by [date]. We will meet with you as needed to discuss the agreed- upon procedures, results, and other issues that may arise. The sufficiency of the agreed-upon procedures is solely the responsibility of XYZ Federal Entity. Accordingly, we make no representation regarding their sufficiency to meet your needs or for any other purpose. In addition, because of the nature of agreed-upon procedures, the results we obtain will only be applicable to for the period they are performed. We are not engaged to perform, and will not perform, an examination or audit, the objective of which would be to express an opinion on the amount of receipts transferred to the tax trust fund for fiscal year 20X8. Accordingly, we will not express such an opinion. If we were to perform an examination or audit, other matters beyond the scope of our agreed-upon procedures might come to our attention. The report we will prepare is intended solely for your information and use and is not intended to be, and should not be, used by any other party. However, our report will be a matter of public record and will be provided to others upon request. Unless we hear from you, we will assume your concurrence with these procedures and their sufficiency for your purposes.[Footnote 22] If you have any questions, please contact me at [telephone number and e-mail address] or [alternative contact] at [telephone number and e-mail address]. Sincerely yours, [Signed]: [Name of Director]: Enclosure: cc: XYZ Federal Entity: Enclosure: Agreed-Upon Procedures: Tax Receipts and Refunds: General: a. Compare fiscal year 20X8 tax collections for the ABC tax trust fund per XYZ’s Statement of Custodial Activity with: * the trust fund’s accounting records, and: * ABC’s consolidated financial statements. b. Obtain explanations and examine supporting documentation for differences. Sampling: a. Use monetary unit sampling (MUS) with an 80-percent confidence level to select a sample of ABC tax trust fund tax revenue receipts and refunds for fiscal year 20X8. Use $300 million as the tolerable misstatement, which is 1 percent of the total revenue collected. Use an expected aggregate misstatement of $100 million, or one-third of tolerable misstatement. The projected sample size for this population is expected to be 40 transactions. For the sample items selected: * Receipts testing — Compare tax receipts transactions (for example cash receipts, federal tax deposit (FTD) receipts, reversals, and adjustments) with source documents to determine whether the amounts agree, the transactions are recorded in the appropriate period based on the transaction date, and they are properly categorized as ABC tax trust fund receipts. * Refunds testing — Compare refund transactions with the source documents (for example, payment vouchers, FTD coupons, tax returns) to determine whether the amounts agree, the transactions are recorded in the appropriate period based on the transaction date, and they are properly categorized as ABC tax trust fund refunds. b. Use MUS and the same sampling parameters as above to extract statistical samples of total XYZ revenue receipts and refunds for fiscal year 20X8. For the sample items selected: * Test whether the tax receipt or refund amounts and tax category from source documentation agrees with amounts recorded for each of the revenue receipts or refunds sample items. 660 B - Example Representation Letter from Responsible Entity on Agreed- Upon Procedures Engagement [XYZ Entity letterhead]: [Date]: Dear Auditor: In connection with the agreed-upon procedures engagement for XYZ’s budget execution process for the period from October 1, 20X7 through September 30, 20X8, we confirm to the best of our knowledge and belief, the following representations made to you in performing these agreed- upon procedures. * We acknowledge responsibility for XYZ’s budget execution process. * We acknowledge responsibility for selecting the criteria [state criteria] and for determining the appropriateness of the criteria for our purposes. * Our budget execution process is [state assertion about budget execution process based on the criteria selected]. * We know of no matters that would contradict our assertion about our budget execution process. * There have been no communications from regulatory or oversight agencies concerning our budget execution process or noncompliance with budgetary laws or the Antideficiency Act. * We have made available to you all records and related data pertaining to our budget execution process during the period from October 1, 20X7 through September 30, 20X8. * XYZ’s budget execution process is designed to meet the requirements of the Antideficiency Act. * XYZ’s employees check the accounting records and fund status reports quarterly to determine whether all source documents that affect the appropriation and fund balance have been recorded properly, accurately, and timely. * XYZ’s accounting system provides timely disclosure of total valid obligations incurred to date and total budgetary resources available for obligations within each apportionment. * The system also provides timely disclosure of the authorization or creation of commitments, obligations, or expenditures that exceed apportionments and allotments. * We are not aware of instances of noncompliance with the above-stated procedures. * We are not aware of instances of fraud involving management, employees, or contractor staff that have significant roles in the operation of our budget execution process. * We have no plans or intentions that would materially affect our budgetary process or operations. Sincerely yours, [signed]: Management: XYZ Entity: 660 C – Agreed-Upon Procedures Engagement Completion Checklist: Entity: Job code: Principal report: .01: This checklist is a tool to help auditors comply with the standards for agreed-upon procedures engagements. No signatures are required on the checklist in the planning phase. .02: Several of the last questions include steps in GAO’s quality control process, GAO Audit Documentation Set, second partner review, and reading of the report by the Technical Accounting and Auditing Expert (Chief Accountant at GAO) when that person is not the second partner. GAO auditors should complete these questions and forms. IG auditors and other auditors may use these questions and forms or may substitute questions and forms that consider their reporting style and quality control. Step: 1. Has the audit team documented an understanding with the individuals requesting the agreed-upon procedures engagement?; N/A: [Empty]; Yes/No: [Empty]; Ref: [Empty]. Step: 2. Were appropriate engagement acceptance and risk designation procedures followed?; N/A: [Empty]; Yes/No: [Empty]; Ref: [Empty]. Step: 3. Does the documentation cover the following? * Independence of professionals working on the engagement. * The nature of the engagement. * Identification of the subject matter, the responsible entity, and the criteria. * Identification of the users of the report. * Auditor’s responsibilities. * Reference to GAGAS and the attestation standards. * Agreement on the nature, extent, and timing, of procedures. * Anticipated reporting. * Any involvement of a specialist. * Materiality limits; N/A: [Empty]; Yes/No: [Empty]; Ref: [Empty]. Step: 4. Was an entrance conference held with the responsible entity?; N/A: [Empty]; Yes/No: [Empty]; Ref: [Empty]. Step: 5. Has the auditor determined whether a letter of representation from the responsible entity is necessary? (Note: This is not a requirement.); N/A: [Empty]; Yes/No: [Empty]; Ref: [Empty]. Step: 6. If part of the procedures, were applicable laws and procedures documented?; N/A: [Empty]; Yes/No: [Empty]; Ref: [Empty]. Step: 7. Were review responsibilities communicated to individuals on the assignment?; N/A: [Empty]; Yes/No: [Empty]; Ref: [Empty]. Step: 8. Does the documentation contain the following? a. The scope and methodology, including any sampling criteria used and consideration of the results of any previous agreed-upon procedures and follow up on any known significant findings that directly relate to the agreed-upon procedures engagement. b. Any indication of fraud, illegal acts, violations of provisions of contracts or grant agreements, or abuse, and—if there was such indication— the directed procedures performed, results obtained, and related communications. c. Descriptions of transactions and records examined. d. Documentation of the work performed to support reported results. e. Evidence of supervisory review; N/A: ; Yes/No: [Empty]; Ref: [Empty]. Step: 9. Does the documentation record that the applicable standards were followed (AT 101, AT 201, and GAGAS, chapter 6)?; N/A: [Empty]; Yes/No: [Empty]; Ref: [Empty]. Step: 10. Does the documentation record a reasonable basis for the results of the agreed-upon procedures?; N/A: [Empty]; Yes/No: [Empty]; Ref: [Empty]. Step: 11. Does the summary memorandum summarize the results of the procedures and refer to the documentation?; N/A: [Empty]; Yes/No: [Empty]; Ref: [Empty]. Step: 12. Did the auditor document any deviations from the standards? Did the director approve the documentation with copies to the reviewer?; N/A: [Empty]; Yes/No: [Empty]; Ref: [Empty]. Step: 13. Was an exit conference held with the responsible entity?; N/A: [Empty]; Yes/No: [Empty]; Ref: [Empty]. Step: 14. Was the report referenced?; N/A: [Empty]; Yes/No: [Empty]; Ref: [Empty]. Step: 15. Did the assistant director review the following? a. Documentation of the understanding with the individuals requesting the procedures and officials of the entity. b. Memorandum of entrance conference with the responsible entity. c. Completed work plans and procedures. d. Memorandums on key engagement issues. e. Summary of the results of the procedures. f. Memorandum of exit conference with the responsible entity. g. Deviations from standard reporting language. h. Financial schedules/statements. i. Agreed-upon procedures report. j. GAO Audit Documentation Set (or equivalent); N/A: [Empty]; Yes/No: [Empty]; Ref: [Empty]. Step: 16. Did the audit director review the following? a. Documentation of the understanding with the individuals requesting the procedures and officials of the entity. b. Summary of results of the procedures. c. Memorandum of exit conference with responsible entity. d. Deviations from standard reporting language. e. Agreed-upon procedures report. f. GAO Audit Documentation Set (or equivalent); N/A: [Empty]; Yes/No: [Empty]; Ref: [Empty]. Step: 17. Did the assistant director or the auditor in charge determine that all significant review notes were resolved appropriately?; N/A: [Empty]; Yes/No: [Empty]; Ref: [Empty]. Step: 18. Did the assistant director initial all documentation bundle covers to indicate that all documentation was sufficiently reviewed?; N/A: [Empty]; Yes/No: [Empty]; Ref: [Empty]. Step: 19. Is the report appropriate as to the following? a. Wording. b. Scope of work. c. GAGAS. d. Explanatory paragraphs; N/A: [Empty]; Yes/No: [Empty]; Ref: [Empty]. Step: 20. Was the report reviewed by the following? a. Office of the General Counsel. b. Technical Accounting and Auditing Expert. c. Second partner (or equivalent), if not Technical Accounting and Auditing Expert; N/A: [Empty]; Yes/No: [Empty]; Ref: [Empty]. Step: 21. Is the agreed-upon procedures report dated appropriately or does the report indicate when the auditor completed the engagement?; N/A: [Empty]; Yes/No: [Empty]; Ref: [Empty]. Note: The auditor should discuss all “No” answers in attached documentation. If the reason that a question is “Not Applicable” is not obvious, the auditor should document the reason on the checklist or in an attachment. [End of table] Date of completion of the engagement: Auditor-in-charge (senior): Date: Audit Manager: Date: Assistant Director: Date: Audit Director: Date: Second Partner’s (Or Equivalent) Review Of Agreed-Upon Procedures Work: Objective of second partner (or equivalent) review: To objectively review significant engagement matters to conclude, based on all facts the second partner (or equivalent) has knowledge of, that no matters were found that caused the second partner (or equivalent) to believe that (1) the procedures were not performed in accordance with GAGAS, which incorporate financial audit and attestation standards established by the AICPA and (2) the report does not meet professional standards and audit organization policies. Procedures: Before the report was issued, I performed the following procedures: * as necessary, discussed significant engagement issues with the audit director; * read documentation of key decisions and consultations; * read the agreed-upon procedures report; and * confirmed with the audit director that there are no unresolved issues. Conclusions: Based on all the relevant facts of which I have knowledge, I found no matters that caused me to believe that (1) the agreed-upon procedures were not performed in accordance with GAGAS and the AICPA’s attestation standards related to agreed-upon procedures engagements and (2) the report is not in accordance with professional standards and audit organization policies. In signing this form, I acknowledge that there have been no personal or external impairments to independence regarding my work on this engagement. Title: Signature: Date: Technical Accounting And Auditing Expert’s Reading Of Agreed-Upon Procedures Report: Objective of review: When the Technical Accounting and Auditing Expert is not the second partner (or equivalent), the Technical Accounting and Auditing Expert should read the report. The Technical Accounting and Auditing Expert should then sign the conclusions below. Conclusions: Based on my reading of the report, I found no matters that caused me to believe that (1) the agreed-upon procedures were not performed in accordance with GAGAS and the AICPA’s attestation standards related to agreed-upon procedures engagements and (2) the report is not in accordance with professional standards and audit organization policies. In signing this form, I acknowledge that there have been no personal or external impairments to independence regarding my work on this engagement. Title: Signature: Date: 660 D – Example Agreed-Upon Procedures Report: [Date]: Management of [Federal Entity]: Subject: Applying Agreed-Upon Procedures: Count of Cash and Related Items: Dear Management Official: We have performed the procedures contained in the enclosure to this letter, which we agreed to perform and with which you concurred, solely to meet your needs for an independent count of cash and cash-related items as of September 30, 20XX. We conducted the engagement in accordance with U.S generally accepted government auditing standards, which incorporate financial audit and attestation standards established by the American Institute of Certified Public Accountants. You are responsible for the adequacy of the procedures to meet your objectives and we make no representation in that respect. The procedures we agreed to perform consist of counting amounts for cash and related receipts and comparing combined totals to the authorized amounts. The enclosure contains the agreed-upon procedures and our results. We were not engaged to perform, and did not perform, an examination, the objective of which would have been to express an opinion on the amount of cash on hand. Accordingly, we do not express such an opinion. Had we performed additional procedures, other matters might have come to our attention that we would have reported to you. We completed our agreedupon procedures on [date of completion]. We provided a draft of this letter, along with the enclosure, to your representatives for review and comment. They agreed with the results presented in this letter and its enclosure. This letter is intended solely for the use of the management of [Federal Entity] and should not be used by those who have not agreed to the procedures or have not taken responsibility for the sufficiency of the procedures for their purposes. However, the report is a matter of public record and its distribution is not limited; thus, we will post the report on our Web site and provide copies upon request. If you have any questions, please call [name, title, and telephone number]. Sincerely yours, [Signed]: [Name of Director], Director: Enclosure: Results of Cash Counts: Procedures: We counted and totaled cash on hand for the petty cash fund as of September 30, 20XX. We also listed and totaled the receipts on hand evidencing disbursements from the fund. Finally, we compared the combined total of cash and receipts available to the amount authorized for the fund of $500. Results: We counted cash totaling $258.96 and scheduled 14 receipts totaling $174.85 which accounted for $433.81 of the $500 in authorized petty cash funds. In addition, the custodian provided us two separate Expense Summary Report and Petty Cash Itemization Sheets and related receipts for an additional $65.09, which had been submitted for reimbursement to the fund. There remains an unexplained difference (shortage) of $1.10 between the authorized amount and the total cash and receipts evidencing petty cash fund disbursements. Section 700: Internal Control: 701 – Assessing Agency Systems with the Federal Financial Management Improvement Act (FFMIA)[Footnote 23]: .01: Under FFMIA, agencies need to have systems that can generate timely, reliable, and useful information with which to make informed decisions and to provide accountability. FFMIA requires the 24 CFO Act departments and agencies to implement and maintain financial management systems that comply substantially with: (1) federal financial management systems requirements; (2) applicable federal accounting standards; and: (3) the U.S. Government Standard General Ledger (SGL) at the transaction level. .02: The law also requires auditors to state in their CFO Act financial statement audit reports whether entities’ financial management systems substantially comply with these three FFMIA requirements. OMB provided FFMIA implementation guidance to help agencies and their auditors determine compliance. This section also provides guidance for assessing agency systems with FFMIA. It explains the FFMIA requirements and discusses audit issues related to testing for compliance with the act. An example audit program is included in FAM 701 A. FFMIA Requirements: .03: OMB Circular No. A-127, Financial Management Systems, addresses the three FFMIA requirements and can be found at www.omb.gov. First, regarding federal financial management systems requirements, the circular prescribes policies and standards for executive branch departments and agencies to follow in developing, operating, evaluating, and reporting on financial management systems. In its FFMIA implementation guidance, OMB identifies the applicable requirements from OMB Circular No. A-127 that the entity and its auditors should assess when determining FFMIA compliance. The circular also refers to the federal financial management systems requirements, a series of publications issued by the Joint Financial Management Improvement Program (JFMIP), now issued by the Office of Federal Financial Management (OFFM)[Footnote 24] as the source of governmentwide requirements for financial management systems software functionality. JFMIP’s Framework for Federal Financial Management Systems issued in April 2004[Footnote 25] describes the basic elements of an integrated financial system, including the core financial system. Agency financial management systems fall into four categories: core financial systems; other financial and mixed systems (such as procurement, property, budget, payroll, and travel systems); shared systems[Footnote 26]; and departmental executive information systems (systems to provide information to all levels of management.) .04: JFMIP/OFFM published systems requirements for the core financial system and for some of the mixed or feeder systems which can be found at [hyperlink, http://www.fsio.gov/fsio/fsiodata/]. The systems requirements are either mandatory (required) or value-added (optional). Agencies will use the mandatory functional and technical requirements in planning system improvement projects, whereas the agencies may use value-added requirements as needed. The core financial management system affects all financial event transaction processing because it maintains reference tables for editing and classifying data, controls transactions, and maintains security. The core financial management system consists of six functional areas: general ledger management, funds management, payment management, receivable management, cost management, and reporting. .05: OMB Circular No. A-127 requires agencies to use for agency core financial management systems commercial-off-the-shelf (COTS) software that has been tested and certified through the JFMIP/Financial Systems Integration Office (FSIO)[Footnote 27] software certification process. Core financial management system certification does not mean that agencies that install qualified software packages will have financial systems that are in compliance with FFMIA. Many other factors can affect the capability of the systems to comply with FFMIA, including modifications made to the JFMIP/FSIOcertified core financial management system software, the validity and completeness of data from feeder systems, and whether internal controls are effective. The JFMIP/FSIO’s certification process does not eliminate or significantly reduce the need for agencies to develop and conduct a comprehensive testing effort to determine whether the software product meets their requirements and is working properly. .06: The second requirement of FFMIA is the system’s use of federal accounting standards, promulgated by FASAB. FASAB promulgates federal accounting standards after considering the financial and budgetary information needs of Congress, executive agencies, and other users of federal financial information as well as comments from the public. FASAB standards are at www.fasab.gov. FAM 560 describes the relationship of the FASAB standards to the hierarchy of U.S. generally accepted accounting principles. .07: The third requirement of FFMIA is implementing the SGL at the transaction level. The SGL provides a uniform chart of accounts and guidance for use in standardizing federal agency accounting and supports the preparation of standard external reports required by OMB and Treasury. Information on the SGL can be found at [hyperlink, http://www.fms.treas.gov/ussgl]. The SGL is defined in the latest supplement, which is released annually to the Department of the Treasury’s Treasury Financial Manual (TFM). The supplement is composed of six major sections: (1) chart of accounts, (2) accounts and definitions, (3) accounting transactions, (4) account attributes for GFRS, FACTS I, and FACTS II reporting,[Footnote 28] (5) crosswalks to standard external reports, and: (6) crosswalks to the closing package. .08: Each agency should implement a chart of accounts that is consistent with the SGL and meets the agency’s information needs. OMB Circular No. A-127 states that application of the SGL at the transaction level means that financial management systems will process transactions following the definitions and defined uses of the general ledger accounts as described in the SGL. Transaction detail supporting SGL accounts are required to be available in the financial management systems and directly traceable to specific SGL account codes. In addition, the agency should develop criteria for recording financial events in all financial management systems that are consistent with accounting transaction definitions and processing rules defined in the SGL. .09: FFMIA requires the CFO Act agency financial statement auditors to report (1) whether the entity’s financial management systems substantially complied with FFMIA requirements, or (2) instances in which the entity’s systems did not substantially comply with the requirements (or state that the audit disclosed no instances in which the reporting entity’s systems did not substantially comply). Auditors who report that agency financial management systems do not substantially comply with FFMIA requirements should include in their reports: (1) The entity or organization responsible for the financial management systems that have been found not to be substantially compliant and all pertinent facts relating to the noncompliance. (2) The nature and extent of the noncompliance including areas in which there is substantial but not full compliance. (3) The primary reason or cause of the noncompliance. (4) The entity or organization responsible for the noncompliance. (5) Any relevant comments from any responsible officer or employee. (6) A statement with respect to the recommended remedial actions for each instance of noncompliance and the entity’s estimated time frames for implementing these actions. FFMIA as well as OMB’s FFMIA implementation guidance require agencies to report whether the agencies’ financial management systems substantially comply with FFMIA requirements. Agencies should prepare remediation plans that include resources, remedies, and intermediate target dates necessary to bring the agency’s financial management systems into substantial compliance. .10: According to OMB’s FFMIA implementation guidance, auditors should plan and perform their audit work in sufficient detail to enable them to determine the degree of compliance and report on instances of noncompliance for all of the applicable FFMIA requirements. The guidance describes requirements from OMB Circular No. A-127 that agencies should meet to achieve compliance and provides indicators of compliance.[Footnote 29] The indicators included in OMB’s implementation guidance are examples. The four primary factors OMB identifies as critical to assessing compliance with FFMIA are determining whether agencies can: (1) Prepare financial statements and other required financial and budgetary reports using information generated by the financial management system(s). (2) Provide reliable and timely financial information for managing current operations. (3) Account for their assets reliably, so that they can be properly protected from loss, misappropriation, or destruction. (4) Do all of the above in a way that is consistent with federal accounting standards and the Standard General Ledger. Audit Issues: .11: Auditors should design and implement appropriate testing to apply the criteria in FFMIA. For example, in performing financial statement audits, auditors generally should evaluate the capability of the financial management systems to process and summarize financial information that flows into agency financial statements. In contrast, under FFMIA auditors must assess and report on whether an agency’s financial management systems substantially comply with systems requirements. To do this, auditors should determine whether agency systems provide complete, accurate, and timely information for managing day-to-day operations as discussed in FAM 701.10 and OMB guidance. This is based on a Congressional expectation, in enacting FFMIA, that agency managers have necessary information to measure performance on an ongoing basis rather than just at year-end. .12: As a result of the overlapping scope and nature of FFMIA assessments and financial statements audits, the auditor may use the audit work performed as part of the financial statement audit. In the example audit program at FAM 701 A for testing controls for compliance with FFMIA, several procedures indicate that the auditor may have performed the procedure as part of the financial statement audit; whereas, other procedures needed to assess FFMIA compliance require additional work not normally performed in financial statement audits. .13: While the example audit procedures provides steps the auditor may perform, the auditor may tailor the steps to satisfy the objectives or intent of the step. Because of the broad scope of federal operations and the many variations that can and do flow from such a broad scope, the degree of specificity in the example audit program varies. For example, each agency will likely use a variety of reports for managing operations. These reports may be on line electronically or in hard copy. Auditors may use other work that addresses the objectives of the example audit procedures. .14: As discussed in FAM 350, the auditor need not perform specific tests of the systems compliance with FFMIA requirements for agencies with longstanding, well-documented financial management systems weaknesses that severely affect the systems’ ability to comply with FFMIA. The auditor should evaluate management’s process for determining whether its systems substantially comply with FFMIA and report any deficiencies in management’s process along with previously identified problems. .15: FAM 580.65-.67 and FAM 595 A provide FFMIA reporting guidance to the auditor. FAM 595 B provides guidance to the auditor for reporting a systems’ lack of substantial compliance. FAM 580.35-.37 provides guidance to the auditor on reporting for FMFIA. For FISMA considerations, the auditor should refer to FAM 260.67-.70 and FAM 580.38-.39. FAM 1603 provides guidance that GAO auditors should use to provide an opinion on compliance with FFMIA. 701 A – Example Audit Procedures for Testing Systems for Compliance with FFMIA: Entity: Date of review: Job code: Objective: FFMIA requires the 24 departments and agencies covered by the CFO Act to implement and maintain financial management systems that comply substantially with (1) federal financial management systems requirements, (2) applicable federal accounting standards, and (3) the U.S. Government Standard General Ledger (SGL) at the transaction level. OMB also requires certain designated entities to determine FFMIA compliance. The objective of these audit procedures are to assess whether agencies’ systems’ comply with FFMIA requirements. Procedure: I. Planning (May be combined with the work to plan the financial statement audit): A. To understand the FFMIA requirements, read: * Federal Financial Management Improvement Act (FFMIA), P.L. 104-208. * Audit Requirements for Federal Financial Statements (OMB Audit Guidance). * Revised Implementation Guidance for the Federal Financial Management Improvement Act (OMB Memorandum, January 4, 2001). * JFMIP/OFFM Publications of Federal Financial Management System Requirements including the Framework and Core Financial System Requirements. * Financial Reporting Requirements (OMB Circular No. A-136). * FASAB Standards. * Treasury Financial Manual (TFM) sections related to the SGL (see transmittal letter S2--02 and TFM Volume I, Part 2, Chapter 4700). * Management’s Responsibility for Internal Control (OMB revised Circular No. A-123). * Financial Management Systems (OMB Circular No. A-127). * Management of Federal Information Resources (OMB Circular No. A-130). * Federal Information Security Management Act of 2002 (FISMA), Title III, E-Government Act of 2002 Pub. L. No 107-347; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: B. Read the prior year’s audit documentation and audit report to identify (1) the auditors’ FFMIA determinations, (2) reported instances of noncompliance with FFMIA, and (3) material weaknesses and significant deficiencies related to the entity’s financial management systems. * Prepare a schedule of the previously identified deficiencies for follow up. See FAM 701 B for an example of the schedule; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: C. Read the most recent FMFIA, FISMA[Footnote 29], IG, and GAO reports and internal control documentation from the financial statement audit or other reports related to financial systems. Evaluate the impact of any reported weaknesses on the FFMIA assessment. * Obtain an update on the status of the issues and document problems identified in the schedule in FAM 701 B; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: D. Read the cycle memoranda for each of the audit cycles completed for the current year audit. Document issues related to FFMIA compliance in the schedule in FAM 701 B; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: E. From the work performed in part I (planning), decide whether it is necessary to perform the remaining steps. If the information gathered indicates “longstanding, welldocumented financial management systems weaknesses” that preclude compliance with FFMIA requirements, then: 1. Document recognition of longstanding, welldocumented financial management systems weaknesses and identify the source for this conclusion. 2. Obtain and document an understanding of management’s process for determining whether its systems comply with FFMIA requirements. Report any deficiencies identified in management’s process. 3. Complete step V (summary), except for completion of the schedule in FAM 701 B; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: II. Testing for Compliance with Federal Financial Management Systems Requirements: A. Ask whether the entity has an entity wide inventory of its systems. If so, obtain the inventory and any supporting documentation; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: B. From the entity’s inventory of systems, identify the core financial management systems and the feeder systems. 1. Document the key internal controls and theinformation flows between the core financial systems and the feeder systems in a flowchart or narrative. (The auditor may perform this step as part of the internal control phase). a. Determine whether the feeder systems are integrated or interfaced with the core financial system. Note: Feeder systems that are integrated with the core financial system share data tables. Therefore, the entity need not prepare reconciliations. b. If the feeder systems interface with the core systems, determine whether reconciliations are performed between the systems. If reconciliations are performed, determine how often and by whom; assess the adequacy of the reconciliation, including follow-up activities and supervisory review. c. Through interviews with entity management and reading of systems documentation, determine if the entity’s systems have detective controls (i.e., batch control or hash totals or supervisory reviews) and preventive controls (i.e. segregated duties, appropriate authorizations, or access controls) to process transactions properly and timely. (The auditor may perform this step as part of the internal control phase); Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: 2. Using the documentation prepared in step II.B.1 above, identify those JFMIP/OFFM financial management systems requirements that are applicable to the entity’s operations. For example, for those agencies that do not have grant or loan programs, the auditor would not need to assess whether JFMIP/OFFM requirements related to grants or loans are applicable. Document the results; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: C. Determine whether the entity’s core financial management system and the financial portions of its applicable feeder systems, as identified in step II.B.2 above, conform to JFMIP/OFFM federal financial management systems requirements. * Ask whether the entity’s core financial management system is a JFMIP/FSIO-certified COTS system.[Footnote 30] If so, ask which version of the software is being used and obtain the entity’s FSIO certification for that software version. [Agencies replacing software to meet core financial system requirements must use JFMIP/FSIO certified core financial management systems as required by OMB Circular No. A-127 Financial Management Systems, but it is not an automatic noncompliance issue.] * During implementation of a JFMIP/FSIO-certified core financial system, agencies can make changes and select options that could adversely affect the original certification. Auditors cannot rely solely on the original JFMIP/FSIO certification as sufficient evidence of compliance with FFMIA. Perform testing to determine whether agency specific enhancements to an otherwise JFMIP/FSIO-certified system render the system non-compliant; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: 1. Ask whether there have been significant changes in the entity’s automated business processes since compliance testing with JFMIP/OFFM requirementswere last performed. If so, ask whether the entity has performed an assessment of any new functionality using the JFMIP/OFFM system requirements documents, GAO checklists, or similar tools. Document the results; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: 2. For those agencies with a core financial management system that is not a JFMIP/FSIO-certified COTS and for any feeder systems, obtain any analyses performed by entity management to support its FFMIA and FMFIA assessments that document how the entity’s systems conform to the applicable JFMIP/OFFM systems requirements. If management has not performed an analysis of systems functionality, go to step C.5; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: 3. Select several important functions that management has reported as complying with the systems requirements and determine if management’s assessment can be relied upon using JFMIP/OFFM system requirement documents, GAO checklists, or other similar tools; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: 4. If management’s results cannot be relied upon for each system, assess the functionality of the applicable systems using JFMIP/OFFM system requirement documents, GAO checklists or other similar tools; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: 5. Document in FAM 701 B, the instances and related impact in which the entity’s systems did not comply with JFMIP/OFFM requirements; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: D. Ask line manager if they receive appropriate reports that are significant to performing day-to-day management operations. 1. Determine the adequacy of reports used to manage day-to-day operations. a. For reports that are produced by the entity’s financial management systems, ask knowledgeable users, read the entity’s financial management systems documentation, and from other audit work, use professional judgment to determine if the reports produced by the systems are timely, useful, reliable, complete, and appropriately summarized for the management level receiving the report. Use professional judgment, entity policy, and/or criteria evident from each report to determine its timeliness and accuracy. For example, if a report is due by the 10th of each month, determine whether it was provided by the 10th of each month. If only on-line access is provided for important internal reports, through observation, documentation, and inquiry—such as obtaining systems logs and asking key managers about their work habits—assess whether the reports were available and accessed. Through inquiry and observation, assess if management uses the reports to manage operations. Ask management what improvements are needed in the current reporting methods. Document the results; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: D. Ask line manager if they receive appropriate reports that are significant to performing day-to-day management operations. 1. Determine the adequacy of reports used to manage day-to-day operations. a. For reports that are produced by the entity’s financial management systems, ask knowledgeable users, read the entity’s financial management systems documentation, and from other audit work, use professional judgment to determine if the reports produced by the systems are timely, useful, reliable, complete, and appropriately summarized for the management level receiving the report. Use professional judgment, entity policy, and/or criteria evident from each report to determine its timeliness and accuracy. For example, if a report is due by the 10th of each month, determine whether it was provided by the 10th of each month. If only on-line access is provided for important internal reports, through observation, documentation, and inquiry—such as obtaining systems logs and asking key managers about their work habits—assess whether the reports were available and accessed. Through inquiry and observation, assess if management uses the reports to manage operations. Ask management what improvements are needed in the current reporting methods. Document the results; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: b. If the reports were not produced by the entity’s financial management systems, ask how the reports were prepared and perform a similar assessment as described in step D.1.a; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: 2. Determine whether appropriate levels of management receive adequate and timely management information. See FAM 903.12 for questions related to determining FFMIA systems’ compliance with SFFAS No. 4. a. Using professional judgment and industry best practices, identify internal management performance-related information needed for managing day-to-day operations. b. Determine whether appropriate levels of management receive the information identified in step D.2.a. c. If full costing is not used in these management reports, assess whether the lack of full cost information affects the usefulness of the information. Evaluate management’s justification that full costing would not be beneficial for the internal reports. This may need to be assessed on a case-by-case basis; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: 3. Include any deficiencies identified and related impact in the schedule shown in FAM 701 B; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: E. Identify the entity’s external reports that are related to financial management such as those used for budget formulation and execution, fiscal management of entity programs, funds management, payments and receipts management, and to support the legal, regulatory, and other special requirements of the entity. 1. Through interviews with knowledgeable users and reading of the entity’s financial management system documentation, determine if the reports are produced by the systems. a. For external reports that are tested as part of the financial statement audit, include any deficiencies identified and the related impact in FAM 701 B. b. For external reports that are not tested as part of the financial statement audit, using professional judgment select several reports and assess whether the reports are reliable, timely, and complete. Include any deficiencies identified and the related impact in FAM 701 B; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: 2. As an indicator of systems deficiencies, determine the magnitude and type of adjustments made to prepare financial statements each quarter and annually; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: F. Determine if the entity’s financial management systems track financial events and summarize information to facilitate the preparation of auditable financial statements. This determination can result from work performed as part of the financial statement audit. Document the deficiencies and the related impact in the schedule shown in FAM 701 B; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: G. Determine if the financial management systems enable the entity to prepare, execute, and report on the entity’s budget in accordance with the requirements of OMB Circular No. A-11, Preparation, Submission and Execution of the Budget. This determination can result from work performed as part of the financial statement audit. Document the deficiencies and the related impact in the schedule shown in FAM 701 B; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: H. Coordinate with an IS controls specialist to determine if the entity has implemented and maintains a program to provide adequate security for all entity information that is collected, processed, transmitted, stored, or disseminated in financial management systems. 1. Have the IS controls specialist review the annual management testing and evaluation of the effectiveness of information security, policies, procedures, and practices in accordance with the Federal Information Security Management Act of 2002 (FISMA); Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: 2. Document the deficiencies and related impact identified by the IS controls specialist in the schedule shown in FAM 701 B; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: I. Determine if financial management systems include internal control to safeguard resources against waste, loss, and misuse, and whether reliable data are obtained, maintained, and disclosed in system generated reports. The auditor may obtain some of the information needed to make this determination from the work performed in the internal control phase. The auditor may identify other systems internal control weaknesses from other audit reports reviewed and steps performed. Document the results in FAM 701 B; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: III. Testing for Compliance with the Federal Accounting Standards: A. Determine if the entity’s financial statements are compiled in accordance with applicable accounting standards: * Determine if any issues reported as part of the financial statement audit were related to the lack of the entity’s implementation of the accounting standards in their systems or the standards were not properly applied because of inadequate or improperly implemented manual procedures. Document the results in the schedule shown in FAM 701 B; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: B. Perform tests to determine if the entity’s cost accounting systems: * use the entity’s accounting classification elements to identify and establish unique cost objects to capture, accumulate, and report costs and revenues; * allocate and distribute the full cost and revenue of cost objects as defined by OMB including services provided by one federal entity to another for external reporting; and: * transfer cost data directly to and from other cost ystems/applications that produce or allocate cost information. Also, see step II.D.2 of these audit procedures; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: C. From the deficiencies identified in performing steps in FAM 701 A (testing for compliance with federal financial management systems requirements) and from tests conducted as part of the financial statement audit, determine if the financial systems record and summarize transactions in accordance with applicable accounting standards. Document the results and the related impact in the schedule shown in FAM 701 B; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: IV. Testing for Compliance with the SGL: A. Determine whether the entity financial management systems use financial data that can be traced directly to SGL accounts to produce reports providing financial information for both internal and external reporting. 1. Ask entity management and from the documentation prepared in step II.B.1 above, determine how financial transaction data are summarized from the financial systems to the core financial system; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: 4. Document any deficiencies and the related impact in the schedule shown in FAM 701 B; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: B. Ask whether the entity uses a crosswalk from its chart of accounts for its core financial management system to the SGL. If so, perform tests to determine the accuracy of the crosswalk. 1. Trace all SGL accounts to the crosswalk; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: 2. Identify any SGL accounts that are not included in the crosswalk. Identify any entity accounts not associated with an SGL account in the crosswalk; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: 3. Compare the posting rules used by the system to those included in the SGL to determine whether the posting rules used by the system conform to the SGL; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: 4. Document deficiencies and the related impact in the schedule shown in FAM 701 B; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: V. Summary: A. Summarize the results of the work performed above and assess the entity’s compliance with the federal financial management systems requirement of FFMIA. 1. Finalize the schedule of the FFMIA noncompliances identified in the schedule prepared in FAM 701 B; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: 2. Read the entity’s management representation letter covering the year under audit to obtain the entity management’s FFMIA determination. a. Document the entity or organization responsible for the financial management systems that have been found not to comply. b. Document facts pertaining to the: i. nature and extent of the noncompliance and areas where there is substantial but not full compliance; ii. primary reason or cause of the noncompliance; iii. impact of the noncompliance; and: iv. relevant comments from any responsible officer or employee. c. Assess the recommended remedial actions for each instance of noncompliance and management’s time frames for implementing these actions. Include this assessment in the schedule in FAM 701 B; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: 3. After reviewing the nature and extent of deficiencies identified, conclude whether the systems deficiencies identified constitute lack of substantial compliance with FFMIA requirements. Consider the four factors from OMB’s FFMIA implementation guidance when drawing this conclusion; Done by/date: [Empty]; Doc Ref.: [Empty]. Procedure: 4. Prepare the FFMIA section of the report. See FAM 580.65- .67 and FAM 595 A, FAM 595 B, and FAM 1603, as appropriate; Done by/date: [Empty]; Doc Ref.: [Empty]. Table: 701 B – Summary Schedule of Instances of Systems Noncompliance with FFMIA: [See PDF for image] [End of table] Section 800: Compliance: 802 - General Compliance Checklist: .01: The compliance testing section consists of a General Compliance Checklist (questionnaire) for identifying laws and regulations for compliance testing. It also supplements the laws OMB requires auditors of executive departments, agencies and government corporations to test for compliance (see FAM 295.01 H) and other laws of general applicability auditors may decide to test during federal financial audits (see FAM 295.02 H). The compliance supplements provide detailed guidance for assessing the effectiveness of compliance controls and testing compliance with the significant provisions of each law. .02 The auditor generally should complete the General Compliance Checklist (Form 802), or equivalent, for federal financial statement audits. With the exception of the Antideficiency Act which has no materiality limit, the auditor should decide if an individual law is significant for purposes of compliance testing. The auditor generally should complete compliance supplements only for laws required to be tested (FAM 802.06) and for other laws (FAM 802.07) identified for compliance testing on the General Compliance Checklist. Use of these documents is described below. .03: To understand and evaluate compliance controls, the auditor also should follow the guidance in FAM 260 on identifying risk factors and in FAM 320 on understanding information systems. The FAM also provides additional guidance on compliance considerations for all audit phases. Instructions For General Compliance Checklist .04: The checklist contains a summary of each law. The auditor generally should use this checklist or equivalent to determine which of these laws are significant for testing compliance, as discussed in FAM 245. The auditor may indicate whether each law meets the criteria for significance by placing a check mark in the appropriate column (yes or no). As noted in FAM 295 H, auditors should test certain laws and may also test for other laws if they could have a direct and material effect on the financial statements. .05: The auditor may use estimates or interim information in the preliminary column. The final amounts (based on the audited amounts or the final amounts of available budget authority) are used to determine whether all laws that would be significant in quantitative terms have been identified for control and compliance testing. The auditor should document the sources of all amounts included in this checklist. If the auditor determines the law is significant from a qualitative standpoint, the auditor should document the reasons for this conclusion. .06 Laws required for testing (if applicable)[Footnote 31] contained in supplements to the General Compliance Checklist (Form 802) are: Law: Antideficiency Act; Supplement number: FAM 803. Law: Federal Credit Reform Act of 1990 (FCRA); Supplement number: FAM 808. Law: Provisions Governing Claims of the U.S. Government as provided primarily in 31 U.S.C. 3711-3720E (Including the Debt Collection Improvement Act of 1996 (DCIA); Supplement number: FAM 809. Law: Prompt Payment Act; Supplement number: FAM 810. Law: Pay and Allowance System for Civilian Employees as Provided Primarily in Chapters 51-59 of Title 5, U.S. Code; Supplement number: FAM 812. .07: Other frequently encountered laws contained in supplements to the General Compliance Checklist (Form 802) that the auditor may test are: Law: Civil Service Retirement Act; Supplement number: FAM 803. Law: Federal Employees Health Benefits Act; Supplement number: FAM 803. Law: Federal Employees’ Compensation Act; Supplement number: FAM 803. Law: Federal Employees’ Retirement System Act of 1986; Supplement number: FAM 803. Entity: Period of financial statements: Job code: Table: Description of Law: Antideficiency Act, 31 U.S.C. 1341 and 1517: This law imposes restrictions on the amounts of obligations or expenditures that agencies may make. As discussed in FAM 250, the auditor should obtain information on the entity’s budget authority, from sources such as appropriation legislation, and identify all legally binding restrictions on budget execution. Does the entity have appropriations or funds that are limited to an amount or a specified period of availability? OMB audit guidance requires auditors to test for compliance with this law. Individual: Preliminary/Final; Budget authority: Preliminary/Final; Since the Act has no materiality limit, the auditor should complete the compliance supplement at FAM 803; Yes: [Empty]; No: [Empty]. Description of Law: Federal Credit Reform Act of 1990 (FCRA), 2 U.S.C. 661-661f This law contains numerous provisions relating to the recording of activity related to direct loans, loan guarantees, and related modifications for budget accounting purposes. The law provides that after October 1, 1991, an agency may incur new direct loan obligations or make new loan guarantee commitments only to the extent that Congress has provided budget authority to cover the costs of the loan or loan guarantee. Does the entity’s budget authority available during the audit period for direct loan obligations, loan guarantee commitments, or any related modifications exceed planning materiality or did the auditor determine that the FCRA could have a direct and material effect on the entity’s financial statements? OMB audit guidance requires auditors to test for compliance with this law. Total appropriations or other budget authority available during the fiscal year for costs of FCRA activities (direct loans, loan guarantees, and related modifications): Preliminary/Final; Planning materiality: Preliminary/Final; If yes, complete compliance supplement FAM 808; Yes: [Empty]; No: [Empty]. Description of Law: Provisions Governing Claims of the U.S. Government, Including the Debt Collection Improvement Act of 1996 (DCIA), 31 U.S.C. 3711-3720E These provisions address the collection of amounts owed to the federal government. Interest generally accrues from the date that a notice stating the amount due and the interest policies is first mailed to the debtor. Interest generally accrues at a rate established by the Secretary of the Treasury. Administrative costs and penalties shall also be charged. The provisions also require the entity to take all appropriate steps to collect the debt before discharging it and to notify Treasury about delinquent debt for administrative offset, collection by a debt collection center, or tax refund offset. Entities shall also participate in a computer match of delinquent debt with federal employees, and when collection actions are terminated, the entity holding delinquent debt shall sell it. Provisions also require the entity (or entities making loans the government guarantees) to notify credit-reporting agencies about delinquent debt and not make or guarantee loans to persons who owe delinquent debt. Does the cumulative amount of receivables created during the audit period that are subject to provisions governing claims of the U.S. government, including DCIA, exceed planning materiality? Does the amount of receivables at the end of the audit period that are subject to provisions governing claims of the U.S. government, including DCIA, exceed planning materiality? Did the auditor determine that laws governing claims of the U.S. government, including the DCIA, could have a direct and material effect on the entity’s financial statements? OMB audit guidance requires auditors to test for compliance with this law. Provisions Governing Claims of the U.S. Government, Including the Debt Collection Improvement Act of 1996 (DCIA), 31 U.S.C. 3711-3720E: Cumulative amount of receivables created during the audit period that are subject to provisions governing claims of the U.S. government, including DCIAL: Preliminary/Final; or: Amount of receivables at the end of the audit period that are subject to provisions governing claims of the U.S. government, including DCIA: Preliminary/Final; Planning materiality: Preliminary/Final; If yes, complete compliance supplement FAM 809. Note: These provisions of the law generally do not apply to amounts payable to the entity under the Internal Revenue Code, the Social Security Act, or tariff laws. Those laws contain specific provisions for these amounts; Yes: [Empty]; No: [Empty]. Description of Law: Prompt Payment Act, 31 U.S.C. 3901- 3907: The Prompt Payment Act requires federal entities to make payments for property or services by the due date specified in the related contract or, if a payment date is not specified in the contract, generally 30 days after the invoice for the amount due is received. If payments are not made within the appropriate period, the entity shall pay an interest penalty. Also, discounts offered by vendors may be taken only during the specified period. If they are taken after the time period has expired, an interest penalty shall be paid. Do the entity’s payments for property or services subject to the Prompt Payment Act for the audit period exceed planning materiality or did the auditor determine that the Prompt Payment Act could have a direct and material effect on the entity’s financial statements? OMB audit guidance requires auditors to test for compliance with this law. Amount of payments made for property and services subject to the Prompt Payment Act: Preliminary/Final; Planning materiality: Preliminary/Final; If yes, complete compliance supplement FAM 810; Yes: [Empty]; No: [Empty]. Description of Law: Pay and Allowance System for Civilian Employees, provided primarily in Chapters 51-59 of Title 5, U.S. Code: These laws require that employees be paid at the appropriate rates established by law. Does the entity’s payroll expense for the audit period exceed planning materiality or did the auditor determine that the Pay and Allowance System for Civilian Employees (as provided primarily in Chapters 51-59 of Title 5, U.S. Code) could have a direct and material effect on the entity’s financial statements? OMB audit guidance requires auditors to test for compliance with this law. Payroll expense: Preliminary/Final; Planning materiality: Preliminary/Final; If yes, complete compliance supplement FAM 812. The entity’s expense for performance awards, cash awards, overtime, travel, transportation, subsistence, or allowances for the audit period usually do not exceed planning materiality. However, if the auditor determines that these items or related provisions of the Pay and Allowance System for Civilian Employees are otherwise significant, the auditor should consult with the Office of General Counsel (OGC) for specific provisions to be compliance tested; If yes, complete compliance supplement FAM 810; Yes: [Empty]; No: [Empty]. Description of Law: Civil Service Retirement Act, 5 U.S.C. Chapter 83: This law provides retirement benefits to employees who were hired prior to January 1, 1984. For each employee, the entity withholds a percentage of basic pay from the employee’s compensation and contributes an equal amount for retirement. The employee and entity amounts are remitted to Treasury. Does the entity’s expense for retirement costs under the Civil Service Retirement Act for the audit period exceed planning materiality or did the auditor determine that provisions of the Civil Service Retirement Act could have a direct and material effect on the entity’s financial statements? Expense for retirement contributions: Preliminary/Final; Planning materiality: Preliminary/Final; If yes, complete compliance supplement FAM 813; Yes: [Empty]; No: [Empty]. Description of Law: Federal Employees Health Benefits Act, 5 U.S.C. Chapter 89: This law provides health insurance coverage to employees who elect health insurance benefits. For each employee who elects coverage, the entity pays an amount set by OPM for insurance costs. The entity portion cannot exceed 75 percent of the insurance cost. The employee pays the remainder of the total cost. Information on the employee and entity cost of the insurance is published by OPM. The entity withholds the amount of the employee’s portion of the cost from the employee’s pay and remits this amount, along with its own contribution, to Treasury. Does the entity’s expense for health insurance costs for the audit period exceed planning materiality or did the auditor determine that the Federal Employees Health Benefits Act could have a direct and material effect on the entity’s financial statements? Preliminary Final Expense for health insurance: Preliminary/Final; Planning materiality: Preliminary/Final; If yes, complete compliance supplement FAM 814; Yes: [Empty]; No: [Empty]. Description of Law: Federal Employees’ Compensation Act (FECA), 5 U.S.C. Chapter 81: This law provides for the compensation of employees injured while performing their duties. Claims are paid out of the Federal Employees’ Compensation Fund. Federal entities are billed annually by the fund for claims paid on their behalf. Does the entity’s expense for the audit period for benefits paid by the Federal Employees’ Compensation Fund on the entity’s behalf exceed planning materiality or did the auditor determine the FECA could have a direct and material effect on the entity’s financial statements?; Expense for Compensation Fund claims: Preliminary/Final; Planning materiality: Preliminary/Final; If yes, complete compliance supplement FAM 816; Yes: [Empty]; No: [Empty]. Description of Law: Federal Employees’ Retirement System (FERS) Act of 1986, 5 U.S.C. Chapter 84: This law provides retirement benefits for employees who were hired after December 31, 1983. For each employee, the entity withholds a percentage of basic pay from the employee’s compensation and contributes an amount equal to the employing agency’s applicable normal cost percentage less the employee deduction rate for retirement. The employee and entity amounts are remitted to Treasury. Does the entity’s expense for retirement costs under the FERS Act for the audit period exceed planning materiality or did the auditor determine that the FERS Act could have a direct and material effect on the entity’s financial statements?; Expense for retirement contributions: Preliminary/Final; Planning materiality: Preliminary/Final; If yes, complete compliance supplement FAM 817; Yes: [Empty]; No: [Empty]. Description of Law: Other Laws: The auditor should perform the following procedures and include references to supporting documentation: 1. As described in FAM 245.02, read the list of laws and regulations identified by the entity as significant to others. (See .) 2. With OGC assistance, identify any other laws or regulations that have a direct effect on determining financial statement amounts. Determine whether the direct effect could be material to the financial statements. (See .) 3. Determine whether to test compliance with any indirect laws or regulations and make inquiries of management as discussed in FAM 245.04-.06. See .) 4. For all laws or regulations identified for testing above, identify significant provisions using the criteria in FAM 245.02. Test compliance controls and compliance as described in FAM 300 and FAM 460. Are any other laws or regulations identified for compliance testing? If yes, attach a list of the laws or regulations identified to this form and reference it to control and compliance work performed; Yes: [Empty]; No: [Empty]. Instructions For Compliance Supplements .08: Each compliance supplement in FAM 803-817 consists of (1) a compliance summary, (2) compliance audit procedures, and (3) notes. Compliance Summary: .09: For each law identified for compliance testing on the General Compliance Checklist, the auditor generally should complete the related compliance summary or prepare equivalent documentation. The compliance summary is designed to assist the auditor in planning compliance control tests and summarizing the results of compliance control tests and compliance tests for reporting the results of the work performed. .10: The first column of the compliance summary contains a description of the specific provisions of the law that have been identified for compliance testing, the type of provision, and the reference to the law. .11: The second column of the compliance summary contains the objective related to the specific provision to be used for both compliance control and compliance testing. .12: In the third column of the compliance summary, the auditor should identify the control activities that the entity has in place to achieve each objective and document the control activity. If the entity does not have a control activity that achieves the objective, the auditor should document this condition in the third column. .13: The fourth column of the compliance summary is used to indicate (Yes or No) whether the control activity is information systems (IS) related as described in FAM 270.04. IS controls are those the effectiveness of which depends on computer processing. They can generally be classified into general, application, and user controls. The auditor generally should perform tests of IS controls with assistance from an IS specialist. .14: The fifth column of the compliance summary indicates whether the auditor believes that compliance controls are effective (Yes or No). The auditor should design control tests to determine whether the control activities that have been identified in the third column are in place and operating effectively. A control activity is considered to be effective if it achieves the control objective. The auditor should provide a reference in the fifth column to the supporting documents of the control testing procedures, the control tests, the results of these tests, and the auditor’s conclusions on the effectiveness of the compliance controls. .15: The sixth column of the compliance summary indicates whether the auditor has noted any instances of noncompliance (Yes or No). The auditor generally should perform compliance tests using the related Compliance Audit Procedures in the next paragraph. The auditor should provide a reference in the sixth and last column to the supporting documents of the results of the compliance tests. Compliance Audit Procedures: .16: Compliance audit procedures are provided for each law. For each law identified for compliance testing on the General Compliance Checklist, the auditor generally should perform each step of the related compliance audit procedures in the first column. Because the subject matter of some laws is closely related to matters the auditor will test in other parts of the audit, the auditor may coordinate with that other testing and design multipurpose tests. For example, payroll compliance testing could be performed using multipurpose tests of payroll controls and/or substantive payroll testing. The auditor performing the procedure in the first column should initial and date in the second column when the procedure is performed. The auditor should include a reference to the documentation recording the work performed for each step in the third and last column of the compliance audit procedures. Notes: .17: Notes are provided for each compliance supplement to assist the auditor in understanding criteria, definitions, exemptions, and restrictions of law. The notes also provide guidance to the auditor in testing and evaluating controls to achieve the compliance objective. 803 – Antideficiency Act: Note: The auditor may complete this compliance summary or prepare equivalent documentation as provisions of the Antideficiency Act are applicable to entities receiving federal funds, with no limit on materiality. OMB guidance on budget execution, including the Antideficiency Act, is included in OMB Circular A-11, Part 4. Table: [See PDF for image] [End of table] Note: The auditor may perform these procedures or prepare equivalent documentation for the Antideficiency Act as indicated on Form 802 - General Compliance Checklist at FAM 802-3. These procedures test compliance with the provisions listed on the Compliance Summary for this law. Name of entity: Audit period: Reviewed by: Table: Audit Procedures: 1. List the appropriations or other budget authority and the related budget accounts that were identified for compliance testing on Form 802 - General Compliance Checklist. Per FAM 802-3, the auditor should identify all legally binding restrictions on budget execution, from sources such as appropriation legislation. (The auditor may coordinate the following tests for compliance with the Antideficiency Act with tests of the Statement of Budgetary Resources and with tests of expenses.); Done by/date: [Empty]; Doc ref: [Empty]. Audit Procedures: 2. As discussed in FAM 460.03, the auditor should determine whether the summarized budget information (obligations and expenditures) used for compliance tests are reasonably accurate and complete. The auditor may obtain assurance through effective controls the auditor tests (usually the budget controls) or, if the controls are not effective, through substantive testing of budget amounts for validity, completeness, cutoff, recording, classification, and summarization as described in FAM 495 B. For the accounts listed in step 1, document if the auditor will obtain this assurance by testing controls (as indicated on Form 803 - Compliance Summary) or if substantive tests of the budget information are necessary. If the auditor determines that controls are not effective in meeting some or all of the budget control objectives listed in FAM 395 F, the auditor should perform substantive tests of the budget amounts (obligations and expenditures) as discussed in FAM 495 B. The auditor should perform substantive tests only for those potential misstatements for which the entity does not have effective budget controls; Done by/date: [Empty]; Doc ref: [Empty]. Audit Procedures: After the auditor is satisfied as to the reasonableness of the budget amounts to be used for the compliance tests, perform the compliance tests in steps 3 and 4; Done by/date: [Empty]; Doc ref: [Empty]. Audit Procedures: 3. Compare the actual amounts of recorded obligations and expenditures with the related appropriation or other budget authority listed in step 1. If the entity does not appear to have complied with the provision, perform step 6. (31 U.S.C. 1341(a)(1)(A) ; Done by/date: [Empty]; Doc ref: [Empty]. Audit Procedures: 4. Compare timing of legal obligations (contractual or otherwise) with available appropriation or other budget authority listed in step 1. If the entity does not appear to have complied with the provision, perform step 6 (31 U.S.C. 1341(a)(1)(B); Done by/date: [Empty]; Doc ref: [Empty]. Audit Procedures: 5. Determine the entity’s legally binding level of budget authority (below the appropriation level) that was identified during the planning phase. This level is usually the apportionment level unless the entity has elected a lower level, such as allotments. Compare the amount of actual obligations and expenditures to the legally binding level of restrictions on budget authority identified for compliance testing (the apportionment or allotment level). If the entity does not appear to have complied with the provision, perform step 6. (31 U.S.C. 1517(a)); Done by/date: [Empty]; Doc ref: [Empty]. Audit Procedures: 6. If the entity does not appear to be in compliance based on the results of tests performed, discuss these matters with OGC and, when appropriate, the Special Investigator Unit to conclude if noncompliance actually has occurred and the implications of such noncompliance. For any noncompliance noted: * identify the weakness in controls that allowed the noncompliance to occur, if not previously identified during control testing; * report the nature of any weakness in controls and consider modification of the opinion on internal control as appropriate (see FAM 580.32-.61); * consider the implications of any instances of noncompliance on the financial statements; and * report instances of noncompliance, as appropriate (see FAM 580.67- .75.); Done by/date: [Empty]; Doc ref: [Empty]. Audit Procedures: 7. Contact the entity office responsible for submitting Antideficiency Act (ADA) violations to the President, Congress, and GAO and: * Obtain a listing of violations for the year under audit. * Inquire if all known violations have been included on the list and reported. * For each ADA violation determine if it was reported to the President, the Congress, and GAO; Done by/date: [Empty]; Doc ref: [Empty]. Audit Procedures: 8. Check GAO’S ADA reporting website: http:/www.gap.gov/ada/antideficiencyrpts.htm to identify and obtain background about ADA violations reported by the entity and compare audit evidence with what the entity reported in ADA violation reports. There may be time lags as to when violations are reported, particularly at year end; Done by/date: [Empty]; Doc ref: [Empty]. Audit Procedures: 9. Document conclusions on compliance with each provision on Form 803 - Compliance Summary; Done by/date: [Empty]; Doc ref: [Empty]. Note 1: Entities are required to establish regulations that provide for a system of administrative controls over their execution of budget authority (31 U.S.C. 1514(a)). As discussed in FAM 250.03, the entity may elect to lower the level at which budget limitations are legally binding in these regulations. For example, the entity may elect to reduce the legally binding limit on the obligation and expenditure of budget funds from the apportionment to the allotment level. The auditor should determine the level at which the entity’s legally binding limit has been established. Note 2: The auditor should consider the results of the evaluation and testing of budget controls (FAM 370.11). These controls relate to the execution of budget authority and usually are the same controls that are used to comply with the Antideficiency Act. Accordingly, additional determinations of controls that achieve the compliance objective generally is not necessary if the auditor has assessed whether the entity achieves all of the budget control objectives listed in FAM 395 F. The auditor should reference this compliance summary to the budget control evaluation and testing and perform any additional procedures determined to be necessary to conclude if compliance controls are effective. 808 - Federal Credit Reform Act of 1990: Table: [See PDF for image] [End of figure] Note: The auditor may complete these procedures or prepare equivalent documentation only if provisions of the Federal Credit Reform Act (FCRA) are significant as indicated on Form 802 - General Compliance Checklist. These procedures test compliance with the provisions listed on the Compliance Summary. OMB guidance on FCRA programs is included in OMB Circular No. A-11, part 5, Federal Credit. Name of entity: Audit period: Reviewed by: Audit Procedures: 1. List the appropriations or other budget authority and the related budget accounts that were identified for compliance testing on Form 802 - General Compliance Checklist at FAM 802-4; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 2. As discussed in FAM 460.03, the auditor should determine whether summarized budget information (obligations and expenditures) used for compliance tests is reasonably accurate and complete. The auditor may obtain assurance through effective controls the auditor tests (usually the budget controls) or, if the controls are not effective, through substantive testing of budget amounts for validity, completeness, cutoff, recording, classification, and summarization as described in FAM 495 B. For the accounts listed in step 1, document if the auditor will obtain assurance by testing controls (as indicated on Form 808 - Compliance Summary) or whether substantive tests of the budget information are necessary. If the auditor determines that controls are not effective in meeting some or all of the budget control objectives listed in FAM 395 F, plus the supplemental objectives for FCRA listed in FAM 395 F Sup, the auditor should perform substantive tests of the budget amounts (obligations and expenditures) as discussed in FAM 495 B. The auditor should perform substantive tests only for those potential misstatements for which the entity does not have effective budget controls. After the auditor is satisfied as to the reasonableness of the budget amounts to be used for the compliance tests, perform the compliance tests in steps 3 and 4; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 3. For each appropriation account or other budget authority listed in step 1, perform the following procedures that are applicable for direct and guaranteed loan programs that have a positive subsidy (i.e., cash outflows exceed cash inflows); (for direct and guaranteed loan programs that have a negative subsidy (i.e., cash inflows exceed cash outflows), perform step 4): (a) Compare the amount of obligations for direct loans to the amount of the available appropriation or other budget authority. (Note: This budget restriction is applicable only to obligations for direct loans made on or after October 1, 1991.); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 3. (b) Compare the amount of obligations for modifications of direct loan obligations or outstanding direct loans to the amount of available budget authority. (Note: The sale of a direct loan is considered a modification. Discuss applicability of this budget restriction to direct loans and direct loan obligations that were outstanding prior to October 1, 1991, with OGC prior to performing compliance test.); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 3. (c) Compare the amount of obligations for loan guarantee commitments to the amount of the available appropriation or other budget authority. (Note: This budget restriction is only applicable to obligations for loan guarantee commitments made on or after October 1, 1991.); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 3. (d) Compare the amount of obligations for modifications of loan guarantee commitments or outstanding loan guarantees to the amount of available budget authority. (Note: Discuss applicability of this budget restriction to loan guarantees and loan guarantee commitments that were outstanding prior to October 1, 1991, with OGC prior to performing compliance test.) (2 U.S.C. 661c(b) and (e)) If the amounts of obligations in any of these comparisons exceed the available budget authority, the entity may not be in compliance. Perform step 5; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 4. Direct and guaranteed loan programs that have a negative subsidy (cash inflows exceed cash outflows) do not receive an appropriation. However, such programs often have a loan limit that cannot be exceeded, i.e., a maximum number of loans that can be made or guaranteed. For these programs, compare the total number and dollar volume of loans made to the loan limit in the applicable appropriations act or other law. Perform step 5; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 5. If the entity does not appear to be in compliance based on the results of tests performed, the auditor should discuss these matters with OGC and, when appropriate, the Special Investigator Unit to conclude if noncompliance actually has occurred and the implications of such noncompliance. For any noncompliance noted, the auditor should * identify the weakness in controls that allowed the noncompliance to occur, if not previously identified during control testing; * report the nature of any weakness in controls and consider modification of the report on internal control as appropriate (see FAM 580.32-.61); * consider the implications of any instances of noncompliance on the financial statements; and * report instances of noncompliance, as appropriate (see FAM 580.67- .75); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 6. Document conclusions on compliance with each provision on Form 808 - Compliance Summary; Done by/date: [Empty]; Doc Ref: [Empty]. Note 1: A direct loan is a disbursement of funds by the government to a non-federal borrower under a contract that requires the repayment of such funds with or without interest. The term also includes the purchase of, or participation in, a loan made by another lender. The term does not include the acquisition of a federally guaranteed loan in satisfaction of default claims or the price support loans of the Commodity Credit Corporation. (2 U.S.C. 661a(1)); Note 2: A direct loan obligation is a binding agreement by a federal agency to make a direct loan when specified conditions are fulfilled by the borrower. (2 U.S.C. 661a(2)); Note 3: A loan guarantee is any guarantee, insurance, or other pledge with respect to the payment of all or a part of the principal or interest on any debt obligation of a nonfederal borrower to a nonfederal lender, but does not include the insurance of deposits, shares, or other withdrawable accounts in financial institutions. (2 U.S.C. 661a(3)); Note 4: A loan guarantee commitment is a binding agreement by a federal agency to make a loan guarantee when specified conditions are fulfilled by the borrower, the lender, or any other party to the guarantee agreement. (2 U.S.C. 661a(4)); Note 5: Appropriations or other budget authority to cover the cost of budget obligations for direct loan obligations and loan guarantee commitments must be made in advance by Congress. For revolving or other funds that otherwise would be available for these budget obligations, Congress must enact a limit on the use of such funds for these purposes to make them available for use. (2 U.S.C. 661c(b)); Note 6: Costs are defined as the estimated long-term cost to the government of a direct loan, loan guarantee or modification, calculated on a net present value basis, excluding administrative costs and any incidental effects on governmental receipts or outlays. These calculations are described in further detail under the valuation control objective for obligations in FAM 395 F. (2 U.S.C. 661a(5)); Note 7: There is an exemption from this requirement for entitlements (mandatory programs such as the guaranteed student loan program and the VA home loan guaranty program) and credit programs of the Commodity Credit Corporation existing on the date of enactment of FCRA (November 5, 1990). (2 U.S.C. 661c(c)); Note 8: Modifications are government actions that alter the estimated net present value of a direct loan or loan guarantee for which an obligation has been recorded, for example, the sale of a direct loan, per SFFAS No. 2, paragraph 53, or a policy change affecting the repayment period or interest rate for a group of existing loans. (Changes within the terms of existing contracts or through other existing authorities are not considered to be modifications. Also, “work outs” of individual loans, such as a change in the amount or timing of payments to be made, are not considered modifications.) The effects of these changes should be included in the annual reestimates of the estimated net present value of the obligations. Permanent indefinite authority is provided by FCRA for these reestimates. Note 9: Discuss applicability of this budget restriction to direct loans, direct loan obligations, loan guarantees, or loan guarantee commitments that were outstanding prior to October 1, 1991, with OGC prior to performing control or compliance tests. Note 10: The auditor should determine the results of the evaluation and testing of budget controls and testing of the Statement of Budgetary Resources. These controls relate to the execution of budget authority and usually are the same controls that are used to comply with the Antideficiency Act and FCRA. Accordingly, additional consideration of controls that achieve the compliance objective generally is not necessary if the auditor has assessed whether the entity achieves all of the budget control objectives listed in FAM 395 F, including the supplemental control objectives for FCRA. The auditor should reference to the budget control evaluation and testing and perform any additional procedures considered necessary to conclude if compliance controls are effective. 809 - Provisions Governing Claims of the U.S. Government (31 U.S.C. 3711-3720E), Including the Debt Collection Improvement Act of 1996 (DCIA): Note: The auditor may complete this compliance summary or prepare equivalent documentation only if provisions governing claims of the U.S. government, as provided primarily in sections 3711-3720E of Title 31, U.S. Code (including provisions of the Debt Collection Improvement Act of 1996) are significant, as indicated on Form 802 - General Compliance Checklist at FAM 802-5. Table: [See PDF for image] [End of table] Note: The auditor may perform these procedures or prepare equivalent documentation only if provisions governing claims of the United States government as provided primarily in sections 3711-3720E of Title 31, U.S. Code (including provisions of the Debt Collection Act of 1996) are significant, as indicated on Form 802 - General Compliance Checklist at FAM 802-5. These procedures test compliance with the provisions listed on the Compliance Summary. Name of entity: Audit period: Reviewed by: Audit Procedures: 1. Based on the preliminary assessment of compliance control effectiveness (as documented on Form 809 -Compliance Summary), select a sample of amounts owedto the entity during or at the end of the audit period. (Thesample size will vary based on the expected effectiveness of compliance controls, as discussed in FAM 460.02). Document the sampling approach using the documentation in FAM 495 E. See note 8 regarding sampling efficiencies and completeness of the sample population. Sample size: Sample selection method; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 2. For each item selected in step 1 obtain the loan file or other supporting documentation and note the following information as of the date selected for testing * due date of debt; * amount owed; * date the notice of the amount due and the interest policies is first mailed to the debtor; * amount of interest accrued and other administrative charges and penalties charged, if any; and * number of days the debt is past due, if any. Perform step 3 if the debt is past due. Perform step 4 if the debt is not past due; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 3. If the amount selected is past due: (a) Calculate the number of days that interest should be accrued on the debt as of the date selected for testing. Interest generally accrues from the date that the notice of the amount due is first mailed to the debtor. (See note 1.) Compare the auditor’s calculation with the calculation performed by the entity and obtain explanation and examine support for any differences. (31 U.S.C. 3717(b)); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 3. (b) Determine the interest rate that should be used to accrue interest on the debt. The rate is published in the Federal Register and should be the rate that was in effect on the date that the notice of the amount due is first mailed to the debtor. Compare the auditor’s determination of the rate to the rate used by the entity and obtain explanation and examine support for any differences. (31 U.S.C. 3717(a) and (c)); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 3. (c) Calculate the amount of interest that should be owed as of the date selected for testing using the number of days tested in (a) and the interest rate tested in (b). Compare the auditor’s calculation to the amount calculated by the entity and obtain explanation and examine support for any differences. See notes 2 and 3 regarding the waiver of interest; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 3. (d) Obtain the entity’s schedule of administrative charges and late payment penalties and determine if the appropriate amounts were charged to the debtor. See note 3 regarding the waiver of these charges. (31 U.S.C. 3717(e) and (f)); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 4. If the debt is not past due, determine through examination of the entity’s records whether (a) interest, administrative charges, or penalties are not being charged; and: (b) the debtor had no outstanding nontax delinquent federal debt at the time the loan was obtained. (31 U.S.C. 3720B); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 5. The objectives listed below relate to procedural- based provisions. As discussed in FAM 460.06, the auditor usually performs sufficient procedures in conjunction with tests of compliance controls for these proceduralbased provisions to conclude on the entity’s compliance without performing additional procedures. The auditor should not perform additional procedures to obtain evidence regarding compliance with the provisions related to the following objectives unless sufficient evidence regarding compliance was not obtained during compliance control tests documented on Form 809 - Compliance Summary. (a) Claims of more than $100,000 (excluding interest, penalties, and administrative costs) are referred to the Justice Department for compromise, termination, or suspension. See note 4. (31 U.S.C. 3711) (b) Claims delinquent for a period of 180 days have been referred to Treasury for collection. See notes 5, 6, and 7. (31 U.S.C. 3711(g)); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 6. If the entity does not appear to be in compliance based on: the results of tests performed, the auditor should discuss these matters with OGC and, when appropriate, the Special Investigator Unit to conclude if noncompliance actually has occurred and the implications of such noncompliance. For any noncompliance noted, the auditor should: * identify the weakness in compliance controls that allowed the noncompliance to occur, if not previously identified during compliance control testing; * report the nature of any weakness in compliance controls and consider modification of the conclusion on internal control as appropriate (see FAM 580.32- .61); * consider the implications of any instances of noncompliance on the financial statements; and: * report instances of noncompliance, as appropriate (see FAM 580.67- .75); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 7. Document conclusions on compliance with each provision on Form 809 - Compliance Summary; Done by/date: [Empty]; Doc Ref: [Empty]. Note 1: Claims are amounts owed to the government, including amounts owed for loans insured or guaranteed by the government. The term “claim” is used interchangeably with the term “debt” in this law. (31 U.S.C. 3701(b)) Interest normally accrues from the date that notice of the debt and the agency’s interest policies is first mailed to the debtor. If the agency sends a bill to the debtor in advance of the due date and that bill states the interest policies, interest would accrue from the due date specified in the bill. The provisions regarding accrual of interest and other charges do not apply to the extent that a statute, related regulation, loan agreement, or contract provides otherwise, or if a claim is under a contract executed befre October 25, 1982, that is in effect on October 25, 1982. (31 U.S.C. 3717(g)) Accrual of interest and penalties under this law does not apply to amounts owed by other agencies of the federal government, or to amounts payable to the entity under the Internal Revenue Code, the Social Security Act, or tariff laws. (31 U.S.C. 3701 (c) and (d)); Note 2: The entity shall waive the collection of interest on a claim (or any portion of the claim) that is paid within 30 days after the date on which interest began to accrue. The agency may extend this 30- day period. (31 U.S.C. 3717(d)) Interest that is either accrued or collected on claims that are paid within the 30-day period would usually not be material or otherwise significant for purposes of compliance testing. If the auditor considers this provision to be significant for compliance testing, this form should be tailored to include the appropriate testing procedures. Note 3: The entity has the authority to waive the collection of interest, penalties, and administrative charges. The entity should follow its own regulations when determining whether a waiver is appropriate. Such regulations should be in conformity with the standards set jointly by the Comptroller General, the Attorney General, and the Secretary of the Treasury described in 31 C.F.R. 901.9. (31 U.S.C. 3717(h)) The entity may increase an administrative claim (debt not based on an extension of government credit through direct loans, guarantees, or insurance, including fines, penalties, and overpayments) annually by the cost of living adjustment in lieu of charging interest and penalties. (31 U.S.C. 3717(i)); Note 4: Compromise is the term used when an amount less than the total amount of the claim is accepted by the entity as payment in full. Suspension refers to the temporary deferral of collection activities until collection activity is expected to be more successful. Termination refers to stopping of collection activities. Only the Justice Department has the authority to compromise, terminate, or suspend collection on claims that are greater than $100,000 (excluding interest, penalties, and administrative charges). Pursuant to 31 C.F.R. Parts 902.1 and 903.1, entities generally should use a Claims Collection Litigation Report (CCLR) to refer such matters to the Justice Department. Note 5: Exceptions to the requirement to transfer nontax debt delinquent for a period of 180 days to Treasury for collection are (a) a debt or claim that: (1) is in litigation or foreclosure; (2) will be disposed of under an asset sales program within 1 year after becoming eligible for sale, or later than 1 year if consistent with an asset sales program and a schedule established by the entity and approved by OMB; (3) has been referred to a private collection contractor for collection for a period determined by Treasury; (4) has been referred by, or with the consent of, Treasury to a debt collection center for a period determined by Treasury; or: (5) will be collected under internal offset, if such offset is sufficient to collect the claim within 3 years after the date the debt or claim is first delinquent; and: (b) to any other specific class of debt or claim, as determined by Treasury at the request of an entity. (31 U.S.C. 3711(g)(2)) Examples include (1) debts in bankruptcy meeting the criteria for an automatic stay (11 U.S.C. 362), (2) foreign debt considered uncollectable by Treasury due to foreign diplomacy considerations and affairs of state, (3) debts in forbearance or appeals. Note 6: Exceptions to the requirement to notify Treasury of nontax debt delinquent over 180 days for administrative offset are a claim that has been outstanding for more than 10 years or when a statute explicitly prohibits using administrative offset or setoff to collect the type of claim involved. (31 U.S.C. 3716(e)) Also, this section does not prohibit the use of any other administrative offset authority existing. (31 U.S.C. 3716(d)) Prior to referring debts to Treasury, an agency shall inform the debtor of the amount and nature of the debt (such as overpayment, etc.), and actions which may be taken to enforce recovery of a delinquent debt. These include (a) offset of any payments which the debtor is due, including tax refunds, and salary; (b) referral of the debt to a private collection agency; (c) referral of the debt to the Department of Justice or agency counsel for litigation; (d) reporting of the debt to a credit bureau; (e) reporting of the debt, if discharged, to IRS as a potential taxable income. In the future, the agency also will need to inform the debtor that the debt may be subject to administrative wage garnishment, his/her identity may be published or publicly disseminated, and/or the debt may be sold. The notice must tell the debtor that he/she has the opportunity (a) to inspect and copy records relating to the debt, (b) for a review by the agency; and: (c) to enter into a written repayment agreement. Note 7: Before an entity refers past-due debt to Treasury for reduction of tax refund, it must: (a) notify the person incurring such debt that the entity proposes to refer to Treasury for tax refund offset, (b) give such person at least 60 days to present evidence that all or part of the debt is not past due or not legally enforceable, (c) consider any evidence presented by such person and determine that an amount of such debt is past due and legally enforceable, (d) satisfy such other conditions Treasury may prescribe to ensure the above determination is valid and that the entity has made reasonable efforts to obtain payment, and: (e) certify that reasonable efforts have been made by the entity to obtain payment. (31 U.S.C. 3720A(b)) Treasury issues regulations prescribing the times at which entities shall submit notices of past-due legally enforceable debts, the manner of submitting them, and the information to be contained in them. The regulations also specify the minimum amount of debt that may be referred for tax refund offset and the fee the entity shall pay to reimburse Treasury for its costs. Note 8: If the auditor uses multipurpose testing for the compliance test and/or compliance control test and/or a substantive test of accounts or loans receivable details, the sample items for the compliance test and/or compliance control test should be selected using the sampling method used for the substantive test as described in FAM 430. Otherwise, the auditor should select items using attribute sampling as discussed in FAM 460.02. As with all sampling applications, the auditor should determine the completeness of the test population. For efficiency, the auditor should use records that were tested for validity, accuracy, and completeness (as well as the other financial statement assertions) in conjunction with substantive tests of the population. 810 - Prompt Payment Act: Note: The auditor may complete this compliance summary or prepare equivalent documentation only if provisions of the Prompt Payment Act are significant as indicated on Form 802 - General Compliance Checklist at FAM 802-7. OMB guidance on the Prompt Payment Act is included in 5 C.F.R. Part 1315. Table: [See PDF for image] [End of figure] Note: The auditor may complete this program or prepare equivalent documentation only if provisions of the Prompt Payment Act are significant as indicated on Form 802 - General Compliance Checklist at FAM 802-7. These procedures test compliance with the provisions listed on the Compliance Summary. OMB Guidance on the Prompt Payment Act is included in 5 C.F.R. Part 1315. Name of entity: Audit period: Reviewed by: Audit Procedures: 1) Based on the preliminary assessment of compliance control effectiveness (as documented on Form 810 - Compliance Summary), select a sample of payments from throughout the audit period. (The sample size will vary based on the expected effectiveness of compliance controls as discussed in FAM 460.02.) Document the sampling approach using the documentation in FAM 495 E. See note 6 regarding sampling efficiencies and completeness of the population. Sample size: Sample selection method; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 2) For each item selected in step 1, obtain the supporting documentation for the payment such as the invoice voucher package. a) Document the following items in the documentation: * invoice number; * payee; * invoice amount; * invoice date; * invoice receipt date (or other date used for determining compliance with this law - see step 2(b)); * payment date; * amount of interest penalty paid, if any; * amount of discount taken, if any; and * appropriation account(s) charged for the expenditure and interest penalty, if any. b) For each item selected, note whether the payment was made by the required due date. The required due date may be the date specified in the contract or, if a date is not specified, 30 days after receipt of the invoice (31 U.S.C. 3903(a)(1)(A) and (B)). If payment is for meat or meat food products, perishable agricultural products, dairy products or construction contracts, consult with OGC to determine payment due date. Specific payment due dates to avoid interest penalties are established by law for these items. (31 U.S.C. 3903(a)(2), (3), (4), and (6)) The invoice receipt date is the later of (1) the date the entity’s designated representative or office actually receives a proper invoice or (2) the 7th day after the date on which, in accordance with the terms and conditions of the contract, the property is actually delivered or performance of the services is actually completed (unless the entity accepted the property or services before the 7th day or a longer acceptance period is specified in the contract). If the date of actual invoice receipt is not indicated, the entity must use the invoice date. (31 U.S.C. 3901(a)(4)(A) and (B)) If the payment was made on or prior to the payment due date, perform step 3. If the payment was made after the payment due date, perform step 4. If a discount was taken, perform step 5; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 3) If the payment was made on or prior to the payment due date, and no discount was taken, determine that no interest penalty was paid. (Note: If the entity did not take advantage of a discount for which it was eligible or if an interest penalty was paid when it was not owed, the auditor generally should determine the cause of these items for purposes of reporting findings.); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 4) If the payment was made after the payment due date, determine whether a) an interest penalty was paid; b) the amount of the interest penalty was properly calculated; and c) the interest penalty was paid out of the appropriation used to pay the related expenditures. Review the accounting codes indicated on the expense voucher. Determine whether the accounting codes used to record the interest penalty are the same as those used for the related expenditure and whether the codes and amounts agree with those recorded in the budgetary accounting records. (See step 6 regarding proper summarization of amounts.) (31 U.S.C. 3902 (a), (b), and (f).) Investigate any differences between the amount of interest penalty calculated by the auditor and the amount paid by the entity, including any instances when an interest penalty was owed but not paid. See note 5. Investigate any instances when the proper appropriation account was not charged. See note 2 regarding the interest rate to be used. See notes 3 and 4 regarding the period the penalty should cover; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 4) If the payment was made after the payment due date, determine whether a) an interest penalty was paid; b) the amount of the interest penalty was properly calculated; and c) the interest penalty was paid out of the appropriation used to pay the related expenditures. Review the accounting codes indicated on the expense voucher. Determine whether the accounting codes used to record the interest penalty are the same as those used for the related expenditure and whether the codes and amounts agree with those recorded in the budgetary accounting records. (See step 6 regarding proper summarization of amounts.) (31 U.S.C. 3902 (a), (b), and (f).) Investigate any differences between the amount of interest penalty calculated by the auditor and the amount paid by the entity, including any instances when an interest penalty was owed but not paid. See note 5. Investigate any instances when the proper appropriation account was not charged. See note 2 regarding the interest rate to be used. See notes 3 and 4 regarding the period the penalty should cover; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 6) Consider the procedures performed on the entity’s budget controls over summarization of expenditure balances as discussed in FAM 395 F. If the auditor has assessed the entity’s controls as effective in achieving the control objective of summarization of expenditure balances, further procedures are not necessary to obtain assurance as to whether interest penalties are paid out of the proper appropriation account. If the auditor has assessed the controls as ineffective, the auditor should perform procedures to determine if the entity has properly summarized the expenditure balances as described in FAM 495 B; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 7) If the entity does not appear to be in compliance based on the results of tests performed, the auditor should discuss these matters with OGC and, when appropriate, the Special Investigator Unit to conclude if noncompliance actually has occurred and the implications of such noncompliance. For any noncompliance noted, the auditor should: * identify the weakness in compliance controls that allowed the noncompliance to occur, if not previously identified during compliance control testing; * report the nature of any weakness in compliance controls and consider modification of the opinion on internal control as appropriate (see FAM 580.32-.61); * consider the implications of any instances of noncompliance on the financial statements; and * report instances of noncompliance, as appropriate (see FAM 580.67- .75); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 8) Document conclusions on compliance with each provision on Form 810 - Compliance Summary; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 8) Document conclusions on compliance with each provision on Form 810 - Compliance Summary; Done by/date: [Empty]; Doc Ref: [Empty]. Note 1: The required due date is generally the date specified in the contract or, if a date is not specified, 30 days after receipt of the invoice (31 U.S.C. 3903(a) (1) (A) and (B)) If payment is for meat or meat food products, perishable agricultural products, dairy products or construction contracts, consult with OGC to determine payment due date. Specific payment due dates to avoid interest penalties are established by law for these items. (31 U.S.C. 3903(a) (2), (3), (4), and (6)) The invoice receipt date is established as the later of (1) the date the entity’s designated representative or office actually receives a proper invoice or (2) the 7th day after the date on which, in accordance with the terms and conditions of the contract, the property is actually delivered or performance of the services is actually completed, unless the entity accepted the property or services before the 7th day or a longer acceptance date is specified in the contract. If the date of actual invoice receipt is not indicated, the entity must use the invoice date. (31 U.S.C. 3901(a) (4) (A) and (B)) Note 2: Interest shall be calculated at the rate set by the Secretary of the Treasury under section 12 of the Contract Disputes Act of 1978 (41 U.S.C. 611) that is in effect at the time the entity accrues the obligation to pay a late payment interest penalty. The rates are published in the Federal Register. (31 U.S.C. 3902(a)) Note 3: The interest penalty shall be paid for the period beginning on the day after the required payment date and ending on the date on which payment is made. (31 U.S.C. 3902(b)) An interest penalty not paid after any 30-day period shall be added to the principal amount of the debt, and a penalty accrues thereafter on the combined amount of principal and interest. (31 U.S.C. 3902(e)) Note 4: A payment is deemed to be made on the date a check for payment is dated or an electronic transfer is made.(31 U.S.C. 3901(a) (5)) Note 5: The temporary unavailability of funds to make a timely payment due for property or services does not relieve the entity head of the obligation to pay interest penalties under this law. (31 U.S.C. 3902(d)) Note 6: If the auditor uses multipurpose testing for the complianceest and/or compliance control test and/or a substantive test of payments details, the sample items for the compliance test and/or compliance control test should be selected using the sampling method used for the substantive test as described in FAM 430. Otherwise, the auditor should select items using attribute sampling as discussed in FAM 460.02. As with all sampling applications, the auditor should consider the completeness of the test population. For efficiency, the auditor should consider using records that were tested for validity, accuracy, and completeness (as well as the other financial statement assertions) in conjunction with substantive tests of the population. Note: The auditor may complete these procedures or prepare equivalent documentation only if provisions of the Pay and Allowance System for Civilian Employees, as provided primarily in Chapters 51-59 of Title 5, U.S. Code, are significant as indicated on Form 802 - General Compliance Checklist at FAM 802-8. These procedures test compliance with the provisions listed on the Compliance Summary. Name of entity: Audit period: Reviewed by: Note: These tests are closely related to procedures performed for substantive tests of payroll expense details and multipurpose testing in this situation is strongly encouraged. Audit Procedures: 1) Based on the preliminary assessment of compliance control effectiveness (as documented on Form 812 -Compliance Summary), select an appropriate sample of disbursements from the payroll records throughout the audit period. (The sample size will vary based on the expected effectiveness of compliance controls as discussed in FAM 460.02). Document the sampling approach using the documentation in FAM 495 E. See note 2 regarding sampling efficiencies and completeness of the population. Sample size: Sample selection method; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 2) For each item selected in 1, note the following information: * employee name; * pay period (number and dates); * amount of gross pay for the period; * pay rate; * total hours worked; and * number of hours worked at regular pay and other pay (i.e., overtime, premium pay, etc.); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 3) For each item selected in 1, obtain the employee’s personnel file and note the following in effect for the pay period selected: * the employee’s grade and step and * the employee’s pay rate; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 4) For each item selected in 1 a) Calculate the amount of gross pay using the hours worked and the employee’s pay rate indicated on the payroll records. Compare the amount of gross pay calculated by the auditor to the amount shown on the payroll records for the selected pay period and obtain explanation and examine support for any differences. Note: To convert basic annual amount to a daily, weekly or biweekly amount, divide the annual rate by 2,087 for an hourly rate. Multiply the hourly rate by number of either daily hours, 40 for weekly, or 80 for biweekly amounts. (5 U.S.C. 5504) b) Compare the employee’s pay rate in the payroll records to the appropriate pay rate for the employee’s approved grade and step on the pay schedules established by executive order. (Use the approved grade and step indicated in the employee’s personnel records for this test.) Obtain explanation and examine support for any differences between the actual pay rate for the period selected and the authorized amounts. (5 U.S.C. 5332, 5343, and 5383) If the employee’s pay is not set by these pay schedules, determine whether the amount paid is properly authorized; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 5) If the entity does not appear to be in compliance based on the results of tests performed, the auditor should discuss these matters with OGC and, when appropriate, the Special Investigator Unit to conclude if noncompliance actually has occurred and the implications of such noncompliance. For any noncompliance noted, the auditor should: * identify the weakness in compliance controls that allowed the noncompliance to occur, if not previously identified during compliance control testing; * report the nature of any weakness in compliance controls and consider modification of the opinion on internal control as appropriate (see FAM 580.32-.61); * consider the implications of any instances of noncompliance on the financial statements; and: * report instances of noncompliance, as appropriate (see FAM 580.67- .75); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 6) Document conclusions on compliance with each provision on Form 812 - Compliance Summary; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 6) Document conclusions on compliance with each provision on Form 812 - Compliance Summary; Done by/date: [Empty]; Doc Ref: [Empty]. Note 1: To convert basic annual amount to a daily, weekly, or biweekly amount, divide the annual rate by 2,087 for an hourly rate. Multiply the hourly rate by number of either daily hours, or 40 hours for weekly, or 80 hours for biweekly amounts. (5 U.S.C. 5504); Note 2: If the auditor uses multipurpose testing for the compliance test and/or compliance control test and a substantive test of payroll expense details, the sample items for the compliance test and/or compliance control test should be selected using the sampling method used for the substantive test. Otherwise, the auditor should select items using attribute sampling, as discussed in FAM 460.02. As with all sampling applications, the auditor should consider the completeness of the population. For efficiency, the auditor should consider using records that were tested for validity and completeness (as well as the other financial statement assertions) in conjunction with substantive tests of payroll or other payroll related compliance tests. Note 3: If the entity outsources payroll processing, the entity remains responsible for compliance. Dividing responsibility for payroll processing activities between the entity and the service organization could make payroll testing more complicated, although the auditor should perform the same testing. The auditor may accomplish this testing with the assistance of the service organization’s auditor, who may issue an internal control report on the service organization under AU 324 (SAS 70). Another approach may be for the service organization’s auditor to assist the entity’s auditor by performing agreed-upon procedures at the service organization (e.g., substantive testing) under AT 201 (see FAM 660). 813 - Civil Service Retirement Act, 5 U.S.C. Chapter 83 Note: The auditor may complete this compliance summary or prepare equivalent documentation only if provisions of the Civil Service Retirement Act are significant as indicated on Form 802 - General Compliance Checklist at FAM 802-9. Table: [See PDF for image] [End of table] Name of entity: Audit period: Reviewed by: Audit Procedures: 1. Based on the preliminary assessment of compliance control effectiveness (as documented on Form 813 - Compliance Summary), select a sample of expense amounts for individuals’ gross pay from the payroll disbursement records for the audit period for employees covered by the Civil Service Retirement Act system (CSRS). (See note 1.) (The sample size will vary based on the expected effectiveness of compliance controls, as discussed in FAM 460.02). Document the sampling approach using the documentation in FAM 495 E. See note 3 regarding sampling efficiencies and completeness of the population. These tests should be coordinated with other tests of payroll-related expenses and with the agreed-upon procedures agency auditors perform for the Office of Personnel Management (OPM), per OMB audit guidance, if performed. Sample size Sample selection method; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 2. For each selection made in 1, document the following for the pay period selected: * the amount withheld for the cost of retirement benefits; * the amount of basic pay; and * if indicated in the payroll disbursement records, document the retirement plan under which the withholdings were made (CSRS or FERS). (Only employees covered by CSRS should be included in this compliance test. See FAM 817 for the FERS compliance test.); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 3. For each item selected in 1, obtain the employee’s personnel file and note the following: * employee hire date, * amount of basic pay, and * the retirement plan under which the employee is covered; Done by/date: [Empty]; Doc Ref: [Empty]. 4. For each selection made in 1 (a) Compare the amount of basic pay indicated in the employee’s personnel file with the amount indicated in the payroll records and obtain an explanation and examine support for any differences. (This procedure would be performed only if not already performed with other testing.) (b) Calculate the amount of the withholdings for retirement costs based on 7 percent of basic pay for most executive branch employees (see note 2 for percentages for other employees) for the selected pay period and document the amount in the documentation. Compare to the actual amount withheld for the selected pay period and obtain an explanation and examine support for any differences. (5 U.S.C. 8334(a)(1)) (c) Determine whether the entity contributed an equal amount for the employee’s retirement for the selected pay period. Obtain explanation and examine support for any differences between the employee and entity contributions. (5 U.S.C. 8334(a)(1)); Done by/date: [Empty]; Doc Ref: [Empty]. 5. Determine whether amounts contributed by the entity are charged to the appropriation or fund used to pay the employee for the selected pay period by performing the following procedures: (a) Review the accounting codes indicated on the supporting documentation. (b) Determine whether the accounting codes used to record the entity contribution are the same as those used for the related payroll expenditure and whether the codes and amounts agree with those recorded in the budgetary accounting records. (This step assumes other payroll testing would have included checking that the codes represent the proper appropriation.) (c) Consider the procedures performed on the entity’s budget controls over summarization of expenditure balances as discussed in FAM 395 F. If the auditor has assessed the entity’s controls as effective in achieving the control objective of summarization of expenditure balances, further procedures are not necessary to obtain assurance as to whether the entity’s contributions are paid out of the proper appropriation account. If the auditor has assessed the controls as ineffective, the auditor should perform procedures to determine whether the entity has properly summarized the expenditure balances as described in FAM 495 B. (5 U.S.C. 8334 (a)(1)); Done by/date: [Empty]; Doc Ref: [Empty]. 6. Determine whether the entity has effective internal controls over the proper summarization of (a) the amounts withheld from employees for retirement costs under the law, and (b) the entity contributions for remittance to Treasury. If the entity does not have effective controls for summarization, test the summarization of the totals that include the items selected for testing in step 1; Done by/date: [Empty]; Doc Ref: [Empty]. 7. Compare the combined totals of employee withholdings and entity contributions that include each selection made in step 1 to the deposit made to Treasury and the remittance sent to OPM and obtain an explanation and examine support for any differences. The funds should be deposited in the Treasury to the credit of the Civil Service Retirement and Disability Fund. (5 U.S.C. 8334(a)(2)); Done by/date: [Empty]; Doc Ref: [Empty]. 8. If the entity does not appear to be in compliance based on the results of tests performed, the auditor should discuss these matters with OGC and, when appropriate, the Special Investigator Unit to conclude if noncompliance actually has occurred and the implications of such noncompliance. For any noncompliance noted, the auditor should * identify the weakness in compliance controls that allowed the noncompliance to occur, if not previously identified during compliance control testing; * report the nature of any weakness in compliance controls and consider modification of the opinion on internal control as appropriate (see FAM 580.32- .61); * consider the implications of any instances of noncompliance on the financial statements; and * report instances of noncompliance, as appropriate (see FAM 580.67- .75); Done by/date: [Empty]; Doc Ref: [Empty]. 9. Document conclusions on compliance with each provision on Form 813 - Compliance Summary; Done by/date: [Empty]; Doc Ref: [Empty]. Note 1: Employees employed before January 1, 1984, are generally covered by the Civil Service Retirement Act (CSRS) and on and after that date by the Federal Employees’ Retirement System Act (FERS) , although some CSRS employees may have opted for coverage under FERS. Note 2: The percentage to be withheld for the service period after December 31, 2000, for (1) most executive branch employees is 7 percent; (2) Congressional employees, firefighters, and law enforcement personnel is 7.5 percent; and (3) Members of Congress is 8 percent. (5 U.S.C. 8334(a)(1)) Note 3: If the auditor uses multipurpose testing for the compliance test and/or compliance control test and a substantive test of payroll expense details, the sample items for the compliance test and/or compliance control test should be selected by the auditor using the sampling method used for the substantive test. Otherwise, the auditor should select items using attribute sampling, as discussed in FAM 460.02. As with all sampling applications, the auditor should consider the completeness of the population. For efficiency, the auditor should consider using records that were tested for validity and completeness (as well as the other financial statement assertions) in conjunction with substantive tests of payroll or other payroll related compliance tests. Note 4: If the entity outsources payroll processing, the entity remains responsible for compliance. Dividing responsibility for payroll processing activities between the entity and the service organization could make payroll testing more complicated, although the auditor should perform the same testing. The auditor may accomplish this testing with the assistance of the service organization’s auditor, who may issue an internal control report on the service organization under AU 324 (SAS 70). Another approach may be for the service organization’s auditor to assist the entity’s auditor by performing agreed-upon procedures at the service organization (e.g., substantive testing) under AT 201 (see FAM 660). Table: [See PDF for image] [End of figure] Name of entity: Audit period: Reviewed by: Audit Procedures: 1. Based on the preliminary assessment of compliance control effectiveness (as documented on Form 814 - Compliance Summary), select a sample of expense amounts for individuals’ gross pay from the payroll disbursement records for the audit period. (The sample size will vary based on the expected effectiveness of compliance controls, as discussed in FAM 460.02). Document the sampling approach using the documentation in FAM 495 E. See note 2 regarding sampling efficiencies and completeness of the population. The auditor should coordinate these tests with other tests of payroll- related expenses and with the agreedupon procedures agency auditors perform for OPM, per OMB audit guidance, if performed. Sample size Sample selection method; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 2. For each selection made in step 1, document the employee, the pay period selected, and the amount withheld for the pay period selected, if any, for the cost of health insurance. If available, document the health plan enrollment code; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 3. For each selection made in step 1, obtain the employee’s personnel file and note whether the employee elected health insurance coverage for the period to which payroll disbursement relates. Such coverage should be indicated on OPM form SF 2809. If the employee did not elect health insurance coverage, ask why amounts are being withheld for the cost of insurance and determine whether any entity contributions are being made inappropriately as well; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 4. If the employee identified in step 3 elected coverage,perform the following steps: (a) Obtain the schedule of health insurance costs for all plans published by OPM. Using the enrollment code for the plan selected by the employee on OPM form SF 2809, calculate the employee’s portion of the health insurance cost and record it in the documentation. Compare it to the amount actually withheld for the selected pay period and obtain an explanation and examine support for any differences. (5 U.S.C. 8906(d)); (b) For each employee in (a), determine the appropriate amount of the entity’s contribution for its share of health insurance costs by using the OPM schedule of costs. Compare it to the amount actually contributed by the entity for the employee’s health insurance for the selected pay period and obtain an explanation and examine support for any differences. (See note 1 for part-time career employees.) (5 U.S.C. 8906(b)(1)); (c) For each employee in (b), determine if amounts contributed by the entity are charged to the appropriation or fund that is used to pay the employee for the selected pay period by performing the following procedures: (1) Review the accounting codes indicated on the supporting documentation. (2) Determine whether the accounting codes used to record the entity contribution are the same as those used for the related payroll expenditure and whether the codes and amounts agree with those recorded in the budgetary accounting records. (This step assumes other payroll testing would have included checking that the codes represent the proper appropriation.); 3. For each selection made in step 1, obtain the employee’s personnel file and note whether the employee elected health insurance coverage for the period to which payroll disbursement relates. Such coverage should be indicated on OPM form SF 2809. If the employee did not elect health insurance coverage, ask why amounts are being withheld for the cost of insurance and determine whether any entity contributions are being made inappropriately as well; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 5. Determine whether the entity has effective controls over the proper summarization of the amounts withheld from employees for health insurance costs under this law and the entity contributions for remittance to Treasury. If the entity does not have effective controls for summarization, test the summarization of the totals that include the items selected for testing in step 1; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 6. Compare the total cost of health insurance on the entity’s records (employee and employer portions) for the selected pay period to the deposit made to Treasury and the documentation sent to OPM and obtain an explanation and examine support for any differences. The funds should be deposited in the Treasury to the credit of the Employees Health Benefits Fund. (5 U.S.C. 8909); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 7. If the entity does not appear to be in compliance based on the results of tests performed, the auditor should discuss these matters with OGC and, when appropriate, the Special Investigator Unit to conclude if noncompliance actually has occurred and the implications of such noncompliance. For any noncompliance noted, the auditor should: * identify the weakness in compliance controls that allowed the noncompliance to occur, if not previously identified during compliance control testing; * report the nature of any weakness in compliance controls and consider modification of the opinion on internal control as appropriate (see FAM 580.32-.61); * consider the implications of any instances of noncompliance on the financial statements; and * report instances of noncompliance, as appropriate (see FAM 580.67- .75); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 8. Document conclusions on compliance with each provision on Form 814 - Compliance Summary; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 8. Document conclusions on compliance with each provision on Form 814 - Compliance Summary; Done by/date: [Empty]; Doc Ref: [Empty]. Note 1: For part-time career employees, the biweekly entity contribution shall be calculated on a prorata basis based on the ratio of number of scheduled parttime hours to the number of scheduled regular hours for an employee serving in a comparable position on a full-time basis. (5 U.S.C. 8906(b) (3)) Note 2: If the auditor uses multipurpose testing for the compliance test and/or compliance control test and a substantive test of payroll expense details, the sample items for the compliance test and/or compliance control test should be selected using the sampling method used for the substantive test. Otherwise, the auditor should select items using attribute sampling, as discussed in FAM 460.02. As with all sampling applications, the auditor should consider the completeness of the test population. For efficiency, the auditor should consider using records that were tested for validity and completeness (as well as the other financial statement assertions) in conjunction with substantive tests of payroll or other payroll related compliance tests. Note 3: If the entity outsources payroll processing, the entity remains responsible for compliance. Dividing responsibility for payroll processing activities between the entity and the service organization could make payroll testing more complicated, although the auditor should perform the same testing. The auditor may accomplish this testing with the assistance of the service organization’s auditor, who may issue an internal control report on the service organization under AU 324 (SAS 70). Another approach may be for the service organization’s auditor to assist the entity’s auditor by performing agreed-upon procedures at the service organization (e.g., substantive testing) under AT 201 (see FAM 660). 816 - Federal Employees' Compensation Act (FECA), 5 U.S.C. Chapter 81: Note: The auditor may complete this compliance summary or prepare equivalent documentation only if provisions of the Federal Employees’ Compensation Act are significant as indicated on Form 802 - General Compliance Checklist at FAM 802-10. Table: [See PDF for image] [End of figure] Note: The auditor may complete these procedures or prepare equivalent documentation only if provisions of the Federal Employees’ Compensation Act are significant as indicated on Form 802 - General Compliance Checklist at FAM 802-10. These procedures test compliance with the provisions listed on the Compliance Summary for this law. Audit Procedures: Note: The provisions identified for testing are proceduralbased provisions. As discussed in FAM 460.06, sufficient procedures usually are performed by the auditor in conjunction with tests of compliance controls for these procedural-based provisions to conclude on the entity's compliance without performing additional procedures. The auditor should not perform additional procedures to obtain evidence regarding compliance with the provisions related to the following objectives unless sufficient evidence regarding compliance was not obtained during compliance control tests documented on Form 816 - Compliance Summary; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 1. Reference to conclusions on compliance controls on Form 816 - Compliance Summary and indicate whether any additional procedures are necessary; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 2. If the entity does not appear to be in compliance based on the results of tests performed, the auditor should discuss these matters with OGC and, when appropriate, the Special Investigator Unit to conclude if noncompliance actually has occurred and the implications of such noncompliance. For any noncompliance noted, the auditor should * identify the weakness in compliance controls that allowed the noncompliance to occur, if not previously identified during compliance control testing; * report the nature of any weakness in compliance controls and consider modification of the opinion on internal control as appropriate (see FAM 580.32- .61); * consider the implications of any instances of noncompliance on the financial statements; and * report instances of noncompliance, as appropriate (see FAM 580.67- .75); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 3. Document conclusions on compliance with each provision on Form 816 - Compliance Summary; Done by/date: [Empty]; Doc Ref: [Empty]. Note 1: A statement showing the total cost of benefits and other payments made from the Employees’ Compensation Fund during the preceding July 1 through June 30 expense period on account of the injury or death of employees or individuals under the jurisdiction of the entity is required to be provided by the Secretary of Labor to the entity by August 15 of each year. (5 U.S.C. 8147); Note 2: Entities not dependent on an annual appropriation shall make the required deposit to Treasury from funds under its control during the first 15 days of October after receipt of the statement showing the costs paid on the entity's behalf. (5 U.S.C. 8147) 817 – Federal Employees’ Retirement System Act of 1986 (FERS), 5 U.S.C. Chapter 84: Note: The auditor may complete this compliance summary or prepare equivalent documentation only if provisions of the Federal Employees’ Retirement System Act of 1986 are significant as indicated on Form 802 - General Compliance Checklist at FAM 802- 10. Table: [See PDF for image] [End of table] Note: The auditor may complete these procedures or prepare equivalent documentation only if provisions of the Federal Employees’ Retirement System Act of 1986 are significant as indicated on Form 802 - General Compliance Checklist at FAM 802-10. These procedures are designed to test compliance with the provisions listed on the Compliance Summary. Name of entity: Audit period: Reviewed by: Audit Procedures: 1. Based on the preliminary assessment of compliance control effectiveness (as documented on Form 817 - Compliance Summary), select a sample of expense amounts for individuals’ gross pay from the payroll disbursement records for the audit period for employees covered by the Federal Employees’ Retirement System (FERS). (See note 1.) (The sample size will vary based on the expected effectiveness of compliance controls as discussed in FAM 460.02). Document the sampling approach using the documentation in FAM 495 E. See note 4 regarding sampling efficiencies and completeness of the sample population. The auditor should coordinate these tests with other tests of payroll- related expenses and with the agreedupon procedures agency auditors perform for OPM, per OMB audit guidance, if performed. Sample size Sample selection method; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 2. For each selection made in 1, document the following for the pay period selected: * the amount withheld for the cost of retirement benefits, * the amount of basic pay, and * if indicated in the payroll disbursement records, document the retirement plan under which the withholdings were made (CSRS or FERS). (Only employees covered by FERS should be included in this compliance test. See FAM 813 for the CSRS compliance test.); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 3. For each item selected in 1, obtain the employee's personnel file and note the * employee hire date, * amount of basic pay, and * the retirement plan under which the employee is covered; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 4. For each selection made in 1 (a) Compare the amount of basic pay indicated in the employee’s personnel file with the amount indicated in the payroll records and obtain an explanation and examine support for any differences. (This procedure would be performed only if not already performed as part of other testing.) (b) Calculate the amount of the withholdings for retirement costs based on 0.8% of basic pay for most employees (see note 2 for percentages for certain employees) for the selected pay period and record the amount in the documentation. Compare to the actual amount withheld for the selected pay period and obtain an explanation and examine support for any differences. (5 U.S.C. 8422(a)(1)) (c) Determine whether the entity contributed the correct amount for the employee’s retirement for the selected pay period. Obtain an explanation and examine support for any differences between the entity contributions and the amount calculated using OPM’s normal cost percentage. (5 U.S.C. 8423(a)(1) and 5 U.S.C. 8401(23)); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 5. To determine if amounts contributed by the entity are charged to the appropriation or fund used to pay the employee for the selected pay period: (a) Review the accounting codes indicated on the supporting documentation. (b) Determine whether the accounting codes used to record the entity contribution are the same as those used for the related payroll expenditure and whether the codes and amounts agree to those recorded in the budgetary accounting records. (This step assumes other payroll testing would have included checking that the codes represent the proper appropriation.) (c) Consider the procedures performed on the entity’s budget controls over summarization of expenditure balances as discussed in FAM 395 F. If the auditor has assessed the entity’s controls as effective in achieving the control objective of summarization of expenditure balances, further procedures are not necessary to obtain assurance as to whether the entity’s contributions are paid out of the proper appropriation account. If the auditor has assessed the controls as ineffective, the auditor should perform procedures to determine whether the entity has properly summarized the expenditure balances as described in FAM 495 B. (5 U.S.C. 8423(a)(1)); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 6 . Determine whether the entity has effective controls over the proper summarization of the amounts withheld from employees for retirement costs under this law and the entity contributions for remittance to Treasury. If the entity does not have effective controls for summarization, test the summarization of the totals that include the items selected for testing in step 1; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 7. Compare the combined totals of employee withholdings and entity contributions that include each selection made in step 1 to the deposit made to Treasury and the remittance sent to OPM and obtain explanation and examine support for any differences. The funds should be deposited in the Treasury to the credit of the Civil Service Retirement and Disability Fund. (5 U.S.C. 8422(c) and 5 U.S.C. 8401(6)); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 8. If the entity does not appear to be in compliance based on the results of tests performed, the auditor should discuss these matters with OGC and, when appropriate, the Special Investigator Unit to conclude if noncompliance actually has occurred and the implications of such noncompliance. For any noncompliance noted, the auditor should * identify the weakness in compliance controls that allowed the noncompliance to occur, if not previously identified during compliance control testing; * report the nature of any weakness in compliance controls and consider modification of the conclusion on internal control as appropriate (see FAM 580.32- .61); * consider the implications of any instances of noncompliance on the financial statements; and * report instances of noncompliance, as appropriate (see FAM 580.67- .75); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 9. Document conclusions on compliance with each provision on Form 813 - Compliance Summary; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures: 9. Document conclusions on compliance with each provision on Form 813 - Compliance Summary; Done by/date: [Empty]; Doc Ref: [Empty]. Note 1: Employees may be covered by the Civil Service Retirement Act (CSRS) or the Federal Employees’ Retirement System Act (FERS), generally depending on their employment dates. Generally, employees hired after January 1, 1984 are in FERS. Note 2: For most employees, the percentage to be withheld is 0.8 percent (7 percent less the Social Security tax rate). For congressional employees, Members of Congress, and law enforcement officers, firefighters, air traffic controllers, and nuclear materials couriers, the withholding rates are higher. (See 5 U.S.C. 8422(a)(1).) Note 3: The Office of Personnel Management (OPM) computes the normal cost percentage. For example: for FY 2008 it is 11.2 percent for regular employees. OPM lists the percentages in its Benefits Administration Letters, accessible on its Internet site, http://www.opm.gov/asd/htm/bal06.htm (where the 2 digits after "bal" represent the calendar year of the letters). (5 U.S.C. 8401(23)) Note 4: If the auditor uses multipurpose testing for the compliance test and/or compliance control test and a substantive test of payroll expense details, the sample items for the compliance test and/or compliance control test should be selected using the sampling method used for the substantive test. Otherwise, the auditor should select items using attribute sampling, as discussed in FAM 460.02. As with all sampling applications, the auditor should consider the completeness of the test population. For efficiency, the auditor should consider using records that were tested for validity and completeness (as well as the other financial statement assertions) in conjunction with substantive tests of payroll or other payroll related compliance tests. Note 5: If the entity outsources payroll processing, the entity remains responsible for compliance. Dividing responsibility for payroll processing activities between the entity and the service organization could make payroll testing more complicated, although the same testing should be performed. The auditor may accomplish that testing with the assistance of the service organization's auditor, who may issue an internal control report on the service organization under AU 324 (SAS 70). Another approach may be for the service organization's auditor to assist the entity’s auditor by performing agreed-upon procedures at the service organization (e.g., substantive testing) under AT 201 (see FAM 660). [End of section] Section 900: Substantive Testing: 902 - Related Parties, Including Intragovernmental Activity and Balances: .01: This section provides guidance on the procedures that the auditor should perform with respect to related parties, as described in FAM 280 and FAM 550. Additionally, in determining whether related party activities are properly accounted for and disclosed in the financial statements, the auditor should consult AU 334, which provides general guidance on related parties relationships and transactions. Further, the American Institute of Certified Public Accountants (AICPA) has issued a toolkit for accountants and auditors titled Accounting and Auditing for Related Parties and Related Party Transactions.[Footnote 31] This toolkit includes selected authoritative accounting and auditing literature, an illustrative audit program, disclosure checklist, confirmation letter, and letter to other auditors and is available at the AICPA’s website at [hyperlink, http://www.aicpa.org]. .02: The U.S. government in its entirety is an economic entity and federal entities are components of the U.S. government. Therefore, transactions between federal entities are considered intragovernmental (Note: Federal Accounting Standards Board’s (FASAB) Statements of Financial Accounting Standards (SFFAS) refers broadly to the cost of goods and services between federal entities as “inter-entity” costs). Within the U.S. government, many reporting entities rely on other federal entities to help them achieve their missions and fulfill their operating objectives. These arrangements may be voluntary, stipulated by law, or established by mutual agreement of the entities involved and may not be carried out on an arm’s-length basis. In many cases, the entity receiving goods or services reimburses the providing entity in accordance with an agreed-upon price, which may or may not represent fair value. However, frequently one entity provides goods or services to another entity free of charge (without reimbursement) and the cost of such activity is paid by appropriated funds of the providing entity. For example, the General Services Administration (GSA) routinely provides property management services and contract award and administration to other entities without charge. .03: In addition, certain federal entities can significantly influence the operating policies of the transacting entities. For example, the Office of Management and Budget (OMB) provides budget, policy and/or general management guidance to other federal entities. The Office of Personnel Management (OPM) helps federal civilian entities recruit nationwide; sets human resources management rules with the federal entities’ involvement; administers systems for setting federal compensation and benefits; manages federal employee health and life insurance programs; and operates retirement programs for federal employees. .04: In the U.S. government, the most significant related parties are other governmental entities. Other possible related parties outside of the federal government include states, members of entity’s management, and individuals and companies with which members of management may be related. State and local governments are technically not related parties, since under the constitution they have powers independent of the federal government. However, the procedures for related parties may also be useful for state and local governments. .05: The auditor should make inquiries about the possible existence of related parties with material activity and balances that could affect the financial statements, including intragovernmental activity and balances. The auditor should also inquire about the possible existence of related parties involving members of management that may be a sensitive conflict-of-interest issue involving potential misuse of government assets. The identification of related parties and activity and balances is important because (1) U.S. GAAP requires disclosure of material related-party transactions and certain control relationships, (2) fraudulent financial reporting and misappropriation of assets have been facilitated by the use of undisclosed related parties, and (3) distorted or misleading financial statements may result in the absence of adequate disclosure. .06: Financial statement users need related party information to make informed judgments. If parties are related, the transactions between them may not be based on an arm’s-length relationship. For example, certain goods or services may be donated or be at an amount that does not represent fair value, thus affecting the cost of the receiving entity’s operations. In addition, an entity may have transactions with another entity based on a common control situation, such as when the entity controls or can significantly influence the management or operating policies of the transacting entity. In these cases, the financial statements need to disclose the nature of the relationship since this control relationship could result in operating results or financial positions significantly different from those that would have been achieved in the absence of such relationship. .07: Disclosures include the nature of the relationship between the entity and its related parties, a description of the transactions, including donations, dollar amounts of transactions that occurred during the period, and amounts due to or from related parties as of the end of the period. Disclosures may aggregate similar transactions by type. In cases of common control relationships, the nature of the control relationship is disclosed even if there are no transactions between the entities. Related party transactions between components of the audited entity that are eliminated in consolidation are not disclosed in the consolidated financial statements. However, if separate statements of the components are issued, the disclosures are presented in the separate component statements. .08: The following sections discuss intragovernmental activity and balances, and other related parties. Intragovernmental Activity and Balances: .09: Intragovernmental amounts represent activity and balances within or between federal entities. Intradepartmental amounts are activity and balances within the same department (a department here means any department, agency, administration or other entity designated by OMB as a financial reporting entity that is not part of a larger financial reporting entity other than the government as a whole). Interdepartmental amounts are activity and balances between two different departments. The intradepartmental and interdepartmental amounts are subsets of intragovernmental activity and balances. FASAB uses various terms to define intragovernmental activities. As discussed in FAM 902.02, SFFAS No. 4 refers to these activities broadly as inter- entity costs. SFFAS No. 30 refers to intra-departmental inter-entity costs to describe activities within the same department, while activities between two different departments are inter-departmental inter-entity costs. FASAB Interpretation No. 6 uses “department” to refer to any department, agency or other financial reporting entity that is not part of a larger reporting entity other than the government as a whole. The terminology used in FAM 902 is consistent with FASAB usage of the terms intra-departmental and inter-departmental activities. .10: Common examples of intragovernmental activities include: * Goods and services provided from one federal entity to another (trade transactions), costs incurred, and reimbursable costs (including both interdepartmental and intradepartmental activity). * Transfers between entities based on agreements or legislative authority, expended appropriations, taxes and fees collected, collections for others, accounts receivable from appropriations, transfers payable, and custodial revenue (including both interdepartmental and intradepartmental activity). * Investments in federal securities issued by Treasury’s Bureau of the Public Debt, including interest accruals, interest income and expense, and amortization of premiums and discounts. * Borrowings from the Treasury and the Federal Financing Bank, including interest accruals, interest income, and expenses. * Costs of litigation paid by the Treasury Judgment Fund[Footnote 32] (including both interdepartmental and intradepartmental activity). * Transactions with OPM relating to employee benefit programs such as Federal Employees’ Retirement System, Civil Service Retirement System, and federal employees’ life insurance and health benefits programs, that include routine payments, imputed financing, and accruals. * Transactions with the Department of Labor (Labor) relating to the Federal Employee’s Compensation Act (FECA) that include routine payments to Labor. .11: Intradepartmental activities and balances (within the same department) are eliminated at the department’s consolidated financial statements level. Interdepartmental activities and balances (between federal entities) are eliminated at the U.S. government’s consolidated financial statements level. Accounting and Reporting Guidance .12: In accounting for and reporting of related parties, including intragovernmental activity and balances, see FASAB accounting standards, the Financial Standards Accounting Board (FASB) financial accounting standards (FAS), OMB reporting guidance contained in OMB Circular No. A-136, and Treasury accounting and reporting guidance contained in the Treasury Financial Manual (TFM). FAM 902.14-.20 illustrate these relevant documents in more detail. .13: SFFAS No. 4, Managerial Cost Accounting Concepts and Standards, and related interpretations, address the accounting standards for inter- entity cost activities. SFFAS No. 5, Accounting for Liabilities of the Federal Government, addresses inter-entity liabilities, including federal debt, pensions and retirement benefits. Also, SFFAS No. 7, Accounting for Revenue and Other Financing Sources and Concepts for Reconciling Budgetary and Financial Accounting, as amended, addresses inter-entity revenue and requires disclosure of the nature of intragovernmental exchange transactions in which an entity provides goods or services at a price less than full cost or does not charge a price at all. In accordance with SFFAS No. 4, as amended by SFFAS No. 30, effective for periods beginning after September 30, 2008, the costs of program outputs include the costs of services provided by other entities whether or not the providing entity is fully reimbursed. Additionally, each entity’s full cost is to incorporate the full cost of goods and services that it receives from other entities. The entity providing the goods or services has the responsibility to provide the receiving entity with information on the full cost of services either through billing or other advice. The reporting entities are also to consult with the funding and administering agencies, such as OPM, for information needed to properly record inter-entity costs. SFFAS No. 4 directs OMB to designate the costs of goods and services received from other entities that are to be recognized and to issue guidance identifying these costs.[Footnote 33] .14: FASB FAS No. 57, Related Party Disclosures, defines related parties and provides examples of related party transactions and general guidance on disclosures of transactions between related parties in the private sector. Footnote disclosures include disclosure of the nature of the relationship between the entity and its related parties, a description of the transactions, including donations, dollar amounts of transactions that occurred during the period, and amounts due to or from related parties as of the end of the period. .15: OMB Circular No. A-136, Financial Reporting Requirements, states that federal entities are to * report intragovernmental assets separately from transactions with non- Federal entities (entities outside the federal government) on the balance sheet; disclose intragovernmental assets separately from other non-entity assets; identify intragovernmental liabilities covered by budgetary resources and those not covered by budgetary resources (such as accrued annual leave); and separately report intragovernmental liabilities, * disclose intragovernmental costs and revenue transactions separately from those made with the public and describe the criteria used for the cost/revenue classification. Disclosure is to include an explanation that makes it clear to the reader that the intragovernmental expenses relate to the source of goods and services purchased by the reporting entity and not to the classification of related revenue, and * reconcile intragovernmental balances and transactions at least quarterly and submit intragovernmental balance information as a note disclosure in the special purpose financial statements. OMB also has issued a memorandum titled Business Rules for Intragovernmental Transactions that requires agencies to use this A-136 methodology in accounting for certain intragovernmental transactions, which should help in reconciliation. .16: To emphasize entity management’s responsibility for identifying intragovernmental transactions and balances and reconciling data with other entities, specific representations are included in the management representation letter for intragovernmental activity. These representationsof transactions, and reconciliation (or inability to reconcile) with entities providing the goods or services (see FAM 1001). If such disclosure is included in the financial statements and the auditor believes that the disclosure is either not supported by management, or if management refuses to disclose related party transactions, the auditor generally should express a qualified or adverse opinion because of the inadequate disclosure, depending on materiality, and include the necessary disclosures in a separate paragraph of the audit report. .17: TFM section “Federal Intragovernmental Transactions Process” and Treasury’s Federal Intragovernmental Transactions Accounting Policies Guide (Treasury Guide) provides governmentwide procedures for federal entities to account for and reconcile transactions occurring within and between each other. The procedures in this guidance does not apply to transactions between federal entities and nonfederal entities. Further information is available at the Treasury/Financial Management Service’s (FMS) web site at [hyperlink, http://www.fms.treas.gov]. .18: The TFM also includes procedures for CFO Act departments to reconcile and confirm intragovernmental activity and balances as of and for the fiscal year ended September 30. Each department’s CFO is to provide the department’s Inspector General (IG) with representations indicating whether the department completed the reconciliation. In addition, the department is to describe noncompliance with the reconciliation requirements. The auditor should include this representation in the management representation letter (see FAM 1001). .19: The Treasury Guide provides detailed information on accounting and reconciling intragovernmental balances. According to the guide, entities are to identify trading partners[Footnote 35] for all intragovernmental transactions and accumulate detail and summary information for each activity by trading partner from their accounting records. The trading partner code may be incorporated (1) as part of account coding classification, or (2) in the customer/vendor identification code in accounts receivable and payable systems. These codes are the same as the Treasury index agency code used by the Treasury to prepare the governmentwide consolidated financial statements. If the two-digit Treasury index agency code is not adequate to identify the trading partner, entities may expand the partner code to components below the department level and communicate these codes to their trading partners. .20: The Treasury Guide also indicates that federal entities are to use the Standard General Ledger (SGL) account attributes to indicate the nature of account balances and to identify intragovernmental transactions. For example, the federal “F” and nonfederal “N” attributes used in conjunction with an SGL account in the Federal Agencies’ Centralized Trial Balance System (FACTS) I submissions enable Treasury/FMS to prepare elimination entries for the governmentwide financial statements. When the federal attribute “F” is used with an SGL account, a trading partner is to be designated for each transaction posted to the account. Continuing Issues from Prior Year Audits: .21: Prior year audits of federal entity financial statements have identified numerous instances where entities did not identify, summarize, or reconcile intragovernmental activity and balances by trading partner. Controls over the intragovernmental transactions were not adequate. For example, one department instructed its components to make buyer’s intragovernmental transaction amounts agree with seller’s information without requiring an adequate reconciliation or verification if goods or services were provided. Similar issues were also identified concerning activity and balances within the same entity (intradepartmental). Accordingly, there was no assurance that the entity records contained balances that are fairly presented. This has been a material weakness at the U.S. government consolidated financial statement level in that entity intragovernmental accounts do not completely eliminate in consolidation. Intragovernmental Payment and Collection (IPAC) System: .22 IPAC is the primary method used by most federal entities to electronically bill and/or pay for services and supplies within the U.S. government. IPAC is used to communicate to Treasury and the trading partner agency that the online billing and/or payment for services and supplies has occurred. IPAC, however, is not intended to be a control over the intragovernmental transactions (reciprocal accounts). IPAC was not designed as an accounting system and does not require trading partners to record transactions at the same time or in the same amounts. In addition, unreconciled IPAC differences could affect the existence and completeness of intragovernmental activity and balances. .23: The IPAC billing entity initiates an IPAC transaction either as a collection or a payment. The IPAC customer entity receives an IPAC transaction either as a payment or a collection. Monthly, the Treasury compares the customer and billing amounts from Statement of Transactions (FMS 224) reported by the entity with the IPAC data. If there is a difference, a Statement of Differences (SOD),[Footnote 36] including a detailed list of all transactions charged or credited to a particular agency location code, is generated monthly. The SOD is an Internet application of the Government On-Line Accounting Link Information Access System II (GOALS II/IAS). Entities are to investigate the differences and make any necessary corrections on their next Statement of Transactions. .24: The auditor generally should test the entity’s IPAC reconciliation procedures to determine if the entity performs the reconciliation and researches and resolves differences reflected on the Statement of Differences properly and timely. The auditor may coordinate the procedures with Fund Balance with Treasury (FBWT) audit procedures to assess the effectiveness of the entity’s IPAC reconciliation (see FAM 921). .25 The auditor generally should also design audit procedures to understand whether the entity uses other systems (EFT, check, standard forms used to transfer funds between appropriations, credit cards, etc.) in addition to the IPAC system to process intragovernmental activity and balances. The auditor generally should determine whether these systems affect the accuracy of intragovernmental activity and balances. (See audit procedures below and FAM 902 C.) Audit Procedures .26 The auditor should identify the risk of material misstatement in determining the nature, extent, and timing of procedures for auditing intragovernmental activity and balances and in evaluating the results of these procedures. Throughout the audit, the auditor evaluates the possible existence of material intragovernmental activity and balances that could affect the financial statements. The auditor also evaluates information concerning material intragovernmental activity and balances to determine the adequacy and appropriateness of financial statement disclosures. .27 During the planning phase, the auditor should assess inherent, fraud, and control risk. The auditor evaluates several conditions to assess inherent risk related to intragovernmental activity and balances. For example, inherent risk may exist because of the nature of the intragovernmental activity, such as a significant volume or dollar amount of transactions, number of trading partners, or complexity of transactions. The auditor should also assess the impact of the risk of material misstatement on control testing and substantive procedures. The auditor should determine whether similar conditions continue to exist and should understand management’s response to such conditions. .28 In understanding the entity, including its internal control, the auditor should obtain an understanding of management responsibilities and the relationship of each component to the total department and of each department to other departments. The auditor should also obtain an understanding of the entity’s operations to identify, respond to, and resolve accounting and auditing problems early in the audit. This includes: * knowledge of the entity’s trading partners, * the nature of intragovernmental transactions that occur, * the volume and dollar amount of transactions, and * management’s attitude and awareness with respect to reconciliations of intragovernmental activity and balances. .29: The auditor should evaluate the design of the entity’s internal control over intragovernmental activity and balances and whether the design was implemented. This begins with the auditor identification of policies and procedures that pertain to the entity’s ability to record, process, summarize, and report intragovernmental activity and balances by trading partner. A good design emphasizes the importance of identifying and classifying intragovernmental transactions by trading partner when they are initiated and on all documentation thereafter. Without this initial identification, the entity’s accounting system may not be able to adequately track intragovernmental activity and balances. .30: Without proper and timely reconciliation of intragovernmental activity and balances, misstatements in these account balances at the component and/or department level could materially affect the balances at the governmentwide level (as well as at the department or component level). In addition, when preparing consolidated financial statements, the preparer eliminates intragovernmental activity and balances within and between departments or components. Because the amounts reported for entity trading partners for certain intragovernmental accounts could be significantly out of balance, the preparer would not be able to eliminate these accounts in the consolidated financial statements. The auditor may advise the entity about the need for monthly confirmation and reconciliation of these transactions with trading partners, as annual or quarterly reconciliations may not be sufficient to detect and resolve misstatements promptly. .31: If the auditor determines that the entity’s reconciliation control for intragovernmental transactions is not effectively designed and implemented, the auditor should consider the effect on the risk of material misstatement. Where intragovernmental transactions are or could be material, significant additional work is usually necessary to express an unqualified opinion. In those cases where the auditor finds significant deficiencies or material weaknesses in the intragovernmental reconciliation control and no other mitigating controls exist, the auditor must disclose this in the report or opinion on internal controls (FAM 580). .32: OMB audit guidance requires that agreed-upon procedures be performed by entities where there is evidence and a history of systemic or recurring problems in accounting, reporting, or reconciling intragovernmental balances, beginning with the third quarter of fiscal year 2007. These procedures are intended to assist with accounting for and eliminating intragovernmental activity and balances in the preparation of department and governmentwide financial statements and reports. .33: To avoid duplicate procedures, the auditor should consider the agreedupon procedures performed by the entity in the above paragraph when designing the tests for intragovernmental activity and balances. Examples of the account risk analysis (ARA), specific control evaluation (SCE), and audit procedures for the audit of intragovernmental activity and balances are in FAM 902 A, FAM 902 B, and FAM 902 C, respectively. The ARA, SCE(s), and audit procedures generally are customized by the auditor for the particular entity. For example, if the auditor determines that the intragovernmental accounts receivable line item is significant, the auditor generally should prepare a separate ARA, SCE(s), and audit procedures forthe intragovernmental accounts receivable account and its related accounting applications. (Note that a single SCE for a line- item/accountrelated accounting application is presented. There are likely transactionrelated accounting applications listed on the ARA that also would have SCEs.) In addition, for efficiency, the auditor may coordinate tests of intragovernmental activity and balances with tests of nonfederal activity and balances. Other Related Parties .34: To effectively plan and perform an audit, the auditor generally should understand the entity’s organization and its characteristics. The auditor generally should identify the possible existence of other related parties and other related party transactions throughout the audit and determine whether they are properly accounted for and disclosed (see FAM 902.07). As indicted at FAM 902.04-.05, other related party transactions may involve members of entity’s management, and individuals and companies with which members of management may be related. While these transactions are usually not material to the entity’s financial statements, there may be a sensitive conflict-of- interest issue involving the potential misuse of government assets. .35: The auditor may inquire of management, review major contracts or agreements, and read financial disclosure statements. The auditor should document the names of related parties so audit staff members are aware of them as they conduct the audit. Tests of transactions with such parties may be coordinated with sensitive payments work, as discussed in FAM 280.05. .36: In addition to the procedures on related parties, the auditor also may inquire about other parties that may not be related parties, but that the entity may wish to disclose because of a public perception that they might be related, although professional standards do not require disclosure if the parties are not related (as defined in AU 334). FAM 902 C provides examples of audit procedures for other related parties as well as for intragovernmental activity and balances. The auditor may customize the steps for the particular audited entity. Practice Aids: .37: The following practice aids are presented as appendixes: * FAM 902 A – Example Account Risk Analysis (ARA), * FAM 902 B – Example Specific Control Evaluation (SCE), and * FAM 902 C – Example Audit Procedures; 902 A - Example Account Risk Analysis for Intragovernmental Activity and Balances: Table: [See PDF for image] [End of table] 902 C – Example Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: Entity: Period of financial statements: Job code: Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: I. Planning Phase Obtain an understanding of the entity and its operations, including its internal controls that are significant to the audit of intragovernmental and other related party activity and balances (see FAM 220) by 1) Obtaining an understanding of significant accounting and auditing issues by reading the entity’s prior year’s accountability and auditors’ reports; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 2) Identifying the entity’s accounting and reporting requirements and applicable auditing standards for intragovernmental and other related party activity and balances by reading a) SFFAS No. 4, Managerial Cost Accounting Concepts and Standards; SFFAS No. 5, Accounting for Liabilities of the Federal Government; SFFAS No. 7, Accounting for Revenue and Other Financing Sources and Concepts for Reconciling Budgetary and Financial Accounting; Statement of Financial Accounting Standards No. 57, Related Party Disclosures; AU Section 334, Related Parties; AU Section 558, Required Supplementary Information; OMB bulletin on Form and Content of Agency Financial Statements; Treasury/ Financial Management Service’s (FMS) Federal Intragovernmental Transactions Accounting Policies Guide; and Treasury Financial Manual section “Federal Intragovernmental Transactions Process.”; b) The entity’s internal procedures for identifying, accounting, reconciling and reporting intragovernmental and other related party activity and balances; c) The entity’s process for identifying, classifying, and reporting intragovernmental activity and balances requiring elimination at the consolidated departmentwide or governmentwide level; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 3) To identify the impact of systems/methods for processing, accounting, and financial reporting of intragovernmental and other related party activity and balances, perform the following procedures a) Interview the entity’s key management about processes, for example, the systems/methods that are used to process intragovernmental and other related party activity and balances (e.g., IPAC, credit cards, standard forms used to transfer funds between appropriations, and others). b) Obtain estimates of the approximate number and dollar amount of intragovernmental and other related party activity and balances (this could be based on the prior year) that are processed by each significant system/method (see FAM 270). c) Consider coordinating this work with the audit of like nonfederal activity and balances (i.e., similar transactions by the entity with parties other than other federal entities); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 4) To identify the intragovernmental and other related party activity and balances, perform the following procedures a) Ask entity management to identify i) The names of all related parties (intragovernmental and others) and whether there were transactions with them during the period. Other possible related parties outside of government might be individuals and companies with which members of management may be related or otherwise be able to significantly influence the management or operating policies; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 4) To identify the intragovernmental and other related party activity and balances, perform the following procedures a) Ask entity management to identify i) The names of all related parties (intragovernmental and others) and whether there were transactions with them during the period. Other possible related parties outside of government might be individuals and companies with which members of management may be related or otherwise be able to significantly influence the management or operating policies. ii) The nature and terms of all significant activities and balances. For example, (1) for a seller entity, (a) Obtain information on the types of significant revenues, any markup percentage(s) over full cost, and the settlement/payment due date. (b) Inquire as to how the full cost of products and services sold is determined. (2) for a buyer entity, (a) Inquire about the minimum requirements (business rules) that must be met before an intragovernmental trading partner may provide goods or services. (3) Inquire as to any amounts that are in dispute at year-end; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 4) To identify the intragovernmental and other related party activity and balances, perform the following procedures a) Ask entity management to identify i) The names of all related parties (intragovernmental and others) and whether there were transactions with them during the period. Other possible related parties outside of government might be individuals and companies with which members of management may be related or otherwise be able to significantly influence the management or operating policies; iii) Determine whether the audited entity receives services without reimbursement or for less than full reimbursement. For example, donated services, such as space or detailed employees. If so, ask if the entity is complying with U.S. GAAP and/or OMB requirements with respect to accounting and reporting treatment of these transactions. Also, if applicable, ask about the approximate fair value and/or financial statement disclosure for such goods and/or services. iv) Determine whether the entity centrally maintains contracts, agreements, and other documentation for the terms of all significant transactions with related parties. Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 4) To identify the intragovernmental and other related party activity and balances, perform the following procedures a) Ask entity management to identify i) The names of all related parties (intragovernmental and others) and whether there were transactions with them during the period. Other possible related parties outside of government might be individuals and companies with which members of management may be related or otherwise be able to significantly influence the management or operating policies; iii) Determine whether the audited entity receives services without reimbursement or for less than full reimbursement. For example, donated services, such as space or detailed employees. If so, ask if the entity is complying with U.S. GAAP and/or OMB requirements with respect to accounting and reporting treatment of these transactions. Also, if applicable, ask about the approximate fair value and/or financial statement disclosure for such goods and/or services. iv) Determine whether the entity centrally maintains contracts, agreements, and other documentation for the terms of all significant transactions with related parties; b) Review, if any i) Entity policy for advance approval of related party transactions by senior management. ii) Entity policy for requiring disclosure by employees to appropriate officials of potential conflicts of interest, such as related party transactions by employees of the entity. Also determine if summaries of such transactions are communicated to financial management for its consideration. iii) Vendor and customer master file listings, major contracts, and IPAC activity for intragovernmental or other related parties. Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 5) Provide audit staff with the names of known intragovernmental and other related party trading partners, a description of the nature of significant transactions with each, and such other information as considered necessary to assist them in planning and performing other sections of the audit; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 6) Summarize results of the Planning Phase; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 7) Document the auditor’s preliminary assessment of risk of material misstatement related to intragovernmental and other related party activities and balances in the ARA form (FAM 902 A) or equivalent; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 7II. Internal Control Phase Understand and document the design of the internal control for identifying, accounting for, eliminating, and reporting intragovernmental and other related party activity and balances (existence, completeness, valuation, rights and obligations, presentation and disclosure) (see FAM 320). Also determine if the design has been implemented. 1) Determine through inquiry of management, walkthroughs, review of prior years’ documentation and other means, how and when the entity identifies intragovernmental and other related party transactions. a) Determine whether the entity identifies transactions by trading partner when they are initiated and on all documentation thereafter. b) If the entity uses trading partner codes, determine the relationship of such codes to other document identifiers such as vendor codes. For example, trading partner codes may be integral to each vendor code, or it may be necessary to crosswalk vendor codes to a file of trading partner codes. c) If the entity does not use trading partner codes, determine how the entity identifies, analyzes, and accumulates intragovernmental activity and balances. For example, the entity may derive such amounts through off-line manual processes after the fact. d) Determine when the entity recognizes each significant category of intragovernmental and other related party transactions. For example, when an invoice is received, when processed through IPAC, when goods or services are received, when notified by the seller that an agreed-upon stage of completion has been achieved. Determine whether the entity’s policy in recording intragovernmental and other related party transactions is appropriate. e) Determine whether the entity and its trading partners use consistent reciprocal ledger accounts[Footnote 37] and categories of activity and balances for recording and reconciling such amounts. If so, ask what processes are in place to provide management with reasonable assurance that trading partners are recognizing reciprocal transactions in the same period, for the same amount, and by consistent or compatible accounting methods. f) Determine if the entity complies substantially with the SGL at the transaction level as it applies to intragovernmental activity and balances. (Note: The SGL accounts used should include attributes for intragovernmental activity and balances that identify (a) that these accounts contain intragovernmental transactions (e.g., attribute “F”), and (b) the trading partner (e.g., Treasury trading partner code “20”).) g) Identify policies and procedures for confirming intragovernmental and other related party activity and balances with trading partners. h) Determine how often the entity reconciles its related party activity and balances with its trading partners. Also inquire as to whether adjustments identified as necessary through the reconciliation process have been properly recognized in the financial records. If not, ask why. If the entity did not perform reconciliations, ask why not; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 7II. Internal Control Phase Understand and document the design of the internal control for identifying, accounting for, eliminating, and reporting intragovernmental and other related party activity and balances (existence, completeness, valuation, rights and obligations, presentation and disclosure) (see FAM 320). Also determine if the design has been implemented. 1) Determine through inquiry of management, walkthroughs, review of prior years’ documentation and other means, how and when the entity identifies intragovernmental and other related party transactions. a) Determine whether the entity identifies transactions by trading partner when they are initiated and on all documentation thereafter. b) If the entity uses trading partner codes, determine the relationship of such codes to other document identifiers such as vendor codes. For example, trading partner codes may be integral to each vendor code, or it may be necessary to crosswalk vendor codes to a file of trading partner codes. c) If the entity does not use trading partner codes, determine how the entity identifies, analyzes, and accumulates intragovernmental activity and balances. For example, the entity may derive such amounts through off-line manual processes after the fact. d) Determine when the entity recognizes each significant category of intragovernmental and other related party transactions. For example, when an invoice is received, when processed through IPAC, when goods or services are received, when notified by the seller that an agreed-upon stage of completion has been achieved. Determine whether the entity’s policy in recording intragovernmental and other related; e) Determine whether the entity and its trading partners use consistent reciprocal ledger accounts1 and categories of activity and balances for recording and reconciling such amounts. If so, ask what processes are in place to provide management with reasonable assurance that trading partners are recognizing reciprocal transactions in the same period, for the same amount, and by consistent or compatible accounting methods. f) Determine if the entity complies substantially with the SGL at the transaction level as it applies to intragovernmental activity and balances. (Note: The SGL accounts used should include attributes for intragovernmental activity and balances that identify (a) that these accounts contain intragovernmental transactions (e.g., attribute “F”), and (b) the trading partner (e.g., Treasury trading partner code “20”).) g) Identify policies and procedures for confirming intragovernmental and other related party activity and balances with trading partners. h) Determine how often the entity reconciles its related party activity and balances with its trading partners. Also inquire as to whether adjustments identified as necessary through the reconciliation process have been properly recognized in the financial records. If not, ask why. If the entity did not perform reconciliations, ask why not; i) Determine whether selling and buying entities have established processes to facilitate the timely reconciliation of activity and balances. (Note: The selling entity is typically responsible for furnishing detailed transaction information to facilitate reconciliation.) j) Inquire as to the entity’s year-end cut-off procedures related to intragovernmental and other related party activity. Determine if procedures are designed to provide assurance that intragovernmental activities occurring in the current period are recorded in the current period. (Use the above trading partner procedures to detect cutoff errors in the reconciliation process.) k) Identify the entity’s policies and procedures for intra-entity elimination. l) Determine whether the entity maintains transaction logs or detailed records of transactions to identify the postings to SGL accounts and to facilitate the reconciliation process. Determine if the logs include sufficient information to enable identification and location of supporting documents. m) Determine whether the entity reviews and approves monthly account analyses of intragovernmental accounts, examines budget-toactual, and performs trend analyses. 2) Coordinate with the results of audit procedures for other cycles to determine if the entity has internal control deficiencies related to intragovernmental and other related party activity and balances. For example, to determine if the entity has control issues related to intragovernmental activity and balances, coordinate with the results of FBWT audit procedures to determine if the entity has issues on its FBWT/IPAC reconciliation such as material unreconciled amounts and aged unreconciled IPAC differences. Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 3) Perform walkthroughs of processes for identifying, accounting, reconciling, confirming, eliminating, and reporting intragovernmental and other related party activity and balances to obtain or update the auditor’s understanding of these procedures and preliminarily assess the effectiveness of the design of these controls. a) Walkthrough the process from initiation to recording in the general ledger and inclusion in the financial statements or elimination for each significant type of intragovernmental and other related party activity and balances. b) Walk through the management/entity approval process of payments to trading partners. (Note: Prior audits have identified instances where payment controls for intragovernmental transactions were not sufficient. For example, the seller entity made payments to trading partners without verifying whether goods or services were provided.) c) Identify and document any differences in processing nonfederal and intragovernmental and other related party activities and balances. d) If the entity performs reconciliations of intragovernmental activity and balances with trading partners during the year, walk through both interim and year-end reconciliation processes. 4) Prepare or update the cycle memorandum (FAM 390), flowcharts (FAM 395 H and I), ARA form (FAM 902 A) and SCE form (FAM 902 B), or equivalents.) Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: III. Testing Phase: A. Intragovernmental accounts: For intragovernmental accounts, if the auditor preliminarily determines that the entity’s reconciliation and confirmation controls with trading partners are effectively designed and placed in operation, the auditor generally should test the entity’s policies and procedures to determine if the reconciliation and confirmation controls are effective and if intragovernmental balances appear reasonable. 1) If material differences exist in intragovernmental activity and balances, prepare an agreed-upon procedures report beginning with third quarter 2007. (See Treasury TFM; OMB audit guidance on Intragovernmental Balances: Supplementary and Agreed-Upon Procedures (AUP), sections 13.32 and 13.33; and FAM 660.) Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 2) Compare the amounts in the reconciliations to supporting documentation. Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 3) Trace the adjustments, if any, identified in the reconciliation process to the entity’s financial records. Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 4) Compare the amounts, excluding intra- departmental activity and balances, in the audited department consolidated financial statements to such amounts in the department’s final FACTS I or FACTS Notes reports to FMS. Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 5) If necessary, the auditor may design additional procedures to achieve financial audit objectives. For example: Reconciliation/confirmation (existence, completeness, valuations, rights and obligations, and classification); * According to OMB’s Circular A-136, Financial Reporting Requirements, entities are required to reconcile intragovernmental balances and transactions at least quarterly. Test reconciliations to determine if the entity’s reconciliation control is effective throughout the year and each trading partner has a separate reconciliation. * This reconciliation/confirmation also may be used for within entity reconciliation/confirmation (intraentity). a) Determine the completeness of the population by comparing the trading partners on the reconciliations and confirmation forms to subsidiary records or the entity’s trading partner list obtained during the planning phase. b) For each reconciliation/confirmation: i) Determine if the reconciliation/confirmation was reviewed and approved by appropriate personnel. ii) Compare total amounts and SGL accounts of the activity and balances reported on the reconciliation/confirmation form with the general and subsidiary ledger accounts, and the total amounts to audited financial statements and footnote disclosures. If differences are found, document each such difference. Determine the potential impact on the financial statements and post the differences identified to the Schedule of Uncorrected Misstatements (FAM 595 C-4); iii) Test whether the entity used appropriate SGL accounts and whether these SGL accounts include the proper attribute(s) to indicate that they result from intragovernmental transactions. For example, when the federal attribute “F” is used with an SGL account, a trading partner should be designated for each transaction posted to the account. Entities can modify SGL accounts listed on the form to be more specific. iv) Determine whether the entity is using the reciprocal accounts delineated in the FMS Guide. Entities should use these accounts to account for intragovernmental activity and balances in the specified categories. Use of these reciprocal accounts will facilitate the reconciliation and confirmation process. v) For fiduciary activity and balances, compare amounts on the reconciliation forms to amounts on the Intragovernmental Fiduciary Confirmation System. (Note: Fiduciary activity and balances include loans from the Federal Financing Bank and Bureau of Public Debt, investments with Bureau of Public Debt, Federal Employees’ Compensation Act transactions with DOL, and employee benefit transactions with OPM. The seller entity— Bureau of Public Debt, Treasury, Federal Financing Bank, DOL, and OPM—should make balances information and other details available through the Intragovernmental Fiduciary Confirmation System for the buyer entities’ use in reconciling amounts to their records. The Intragovernmental Fiduciary Confirmation System is the official confirmation system for federal entities that engage in fiduciary intragovernmental transactions with Bureau of Public Debt, Federal Financing Bank, OPM, and DOL.); vi) For transfers, test whether (1) the classification of transfers as expenditure or nonexpenditure is proper, and (2) the accounting and reporting are appropriate. vii) For trust fund transfers such as highway and airport trust funds, also test whether the trust fund amounts are properly accounted for and maintained in accordance with laws that established these funds. (Note: Test either by the trust fund auditor or as agreed-upon procedures by the auditor who audits the entity that collects the revenue for it.) Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: Reconciliation adjustments and differences (all intragovernmental categories) Exhibit I to FAM 902 C provides an illustration of a reconciliation tool that may be used to summarize reconciling items and prove amounts between a buyer and a seller entity. b) Determine whether adjustments, if any, are supported and timely by i) Tracing adjustments and reconciling items identified in the reconciliation process to the entity general and subsidiary ledgers. ii) Examining adjustments and supporting documents to determine if (1) The entity timely and properly performed the research and identified causes for differences. (2) The adjustments are agreed upon by both entities and made to proper SGL accounts. Examples of adjustments and reconciling items are: (a) Adjustments in estimated accruals: For example, the seller entity has recorded unbilled revenue and the buyer entity was not timely advised of the estimated accrual. (b) Adjustments due to timing differences: For example, timing differences caused by a buyer entity’s delay in recording IPAC transactions into proper SGL accounts. (c) Reconciling item for capitalization of assets: For example, the buyer entity purchased property and equipment or inventory and recorded them as assets. Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 5) If necessary, the auditor may design additional procedures to achieve financial audit objectives. For example: Reconciliation/confirmation (existence, completeness, valuations, rights and obligations, and classification); iii) Obtain or prepare aging of outstanding unadjusted reconciling amounts for all significant intragovernmental balance sheet accounts. Identify old and/or unusual reconciling items and obtain explanations from the entity; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: iv) Review final yearend reconciliation for any accounting policy differences and determine if the entity explains the causes of these differences on the final reconciliation. The causes of these differences might be differences in accounting standard requirements such as different amortization methods for discounts and premiums. For example, one trading partner may use the interest method and the other trading partner may use the straight-line method to amortize discounts/premiums. However, there should be no material unresolved differences on the final year-end reconciliation forms and entities should resolve all differences with their trading partners; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: v) Determine the extent of unadjusted differences at year-end and assess their materiality on the financial statement line item and the overall financial statements; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: vi) If adjustments are made subsequent to the completion of the confirmations (during the audit period), determine if the entity revised the reconciliation and confirmation and submitted the updated data to FMS; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 6) Summarize the results of testing by concluding on the effectiveness of the entity’s reconciliation and confirmation controls. Propose any adjustments on the Schedule of Uncorrected Misstatements (FAM 595 C); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 7) Determine whether to change the risk of material misstatement and revise audit procedures based on the results of testing; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: B. Intragovernmental activity and balances: For intragovernmental activity and balances, if the auditor preliminarily determines that the entity’s reconciliation/ confirmation control with trading partners is not appropriately designed, or if the reconciliations and/or confirmations are not performed by the entity, determine the effect on substantive procedures and on the audit report. Determine whether to modify the audit opinion when no reconciliation and other mitigating controls exist, and to disclose a significant deficiency or material weakness in internal controls. When intragovernmental activity and balances are material, significant additional work may also be necessary to express an unqualified opinion on the financial statements, such as: 1) Coordinating work with auditor testing other related line items and test existence, completeness, valuation, rights and obligations, and classification of intragovernmental activity and balances by a) Determining in conjunction with cash receipts, revenues, and accounts receivable testing, if intragovernmental accounts receivable were collected subsequent to test date. Examine supporting documentation for the posting of collections to the cash records and determine if intragovernmental revenues and receivables were included in nonfederal balances. b) Testing completeness of intragovernmental activity and balances by reviewing vendor and customer master files to determine if intragovernmental vendors and customers are properly included in intragovernmental accounts. c) Sending confirmation requests to trading partners for both balance sheet and net cost activity and balances. If the risk of material misstatement is assessed as high, apply similar confirmation procedures to nonfederal accounts. Cut off test (existence and completeness) d) Determine if there are unrecorded transactions and if the transactions are recorded in the correct period by i) Coordinating with the FBWT audit team to review results of the FBWT reconciliation tests. For example, review IPAC transactions reconciliations and the recording of IPAC transactions in accounting systems; consider how timely and whether appropriate; review IPAC transactions after 9/30–subsequent billing and collecting transactions–to determine unrecorded transactions at 9/30. ii) Searching for unrecorded revenue, accounts receivable, purchases, and accounts payable (completeness). For example (1) To search for unrecorded revenue and accounts receivable, select invoices for trading partners recorded in the xx-day period subsequent to year-end. Trace the selected invoices to shipping records or evidence of service performance. Determine whether the revenue and accounts receivable were recorded in the correct period. Alternatively, select from shipping records to trading partners prior to year-end and trace to invoices. (2) To test the completeness of amounts recorded as accounts payable at the balance-sheet date, select disbursements after the end of the audit period and test if the amounts were recorded in payables; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 2) Review the test results of other related line items to determine if there are issues related to existence, completeness, valuation, rights and obligations, and classification in the tested accounts and transactions and the impact on the intragovernmental activity and balances. In testing these other accounts, consider whether items tested were from trading partners; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 3) Summarize results of testing and propose any adjustments on the Schedule of Uncorrected Adjustments (FAM 595 C-4); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 4) Determine whether to change the risk of material misstatement and revise audit procedures based on the results of testing; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: C. Control and substantive tests of details— other related parties Determine the purpose, nature, and extent of material other related party transactions and their effect on the financial statements. Coordinate with sensitive payments work, including executive compensation, travel, official entertainment funds, unvouchered expenses, and consulting services (see FAM 280.05). 1) Based on the work performed during the planning and internal control phases, determine and document the methodology used to select the transactions for testing by either a) examining all transactions, or b) performing a Monetary Unit Sampling (MUS), or c) performing a Classical Variables Estimation Sampling, or d) another method (describe); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 2) For the selected transactions, a) examine documentation such as invoices, contracts, agreements, and receiving and shipping reports; b) determine whether the transactions have been properly approved; c) confirm transaction terms and amounts with the other party to the transaction; and d) test the compilation of amounts that may be disclosed in the financial statements for reasonableness; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 3) Summarize results of testing and propose any adjustments on the Schedule of Uncorrected Adjustments (FAM 595 C-4); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 4) Determine whether to change the risk of material misstatement and revise audit procedures based on the results of testing; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: C. Control and substantive tests of details— other related parties Determine the purpose, nature, and extent of material other related party transactions and their effect on the financial statements. Coordinate with sensitive payments work, including executive compensation, travel, official entertainment funds, unvouchered expenses, and consulting services (see FAM 280.05). 1) Based on the work performed during the planning and internal control phases, determine and document the methodology used to select the transactions for testing by either a) examining all transactions, or b) performing a Monetary Unit Sampling (MUS), or c) performing a Classical Variables Estimation Sampling, or d) another method (describe); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 2) For the selected transactions, a) examine documentation such as invoices, contracts, agreements, and receiving and shipping reports; b) determine whether the transactions have been properly approved; c) confirm transaction terms and amounts with the other party to the transaction; and d) test the compilation of amounts that may be disclosed in the financial statements for reasonableness; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 3) Summarize results of testing and propose any adjustments on the Schedule of Uncorrected Adjustments (FAM 595 C-4); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 4) Determine whether to change the risk of material misstatement and revise audit procedures based on the results of testing; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: D. Substantive analytical procedures (FAM 475) Perform analytical procedures to assess whether balances are reasonable and reflect appropriate activities (existence and completeness). If the entity performs reconciliation and confirmation of intragovernmental activity and balances and the auditor places reliance on those tests of details, less rigorous, supplemental analytical procedures may be used to increase the auditor’s understanding of intragovernmental activity and balances after performing tests of details in Testing, step III.A, above. However, in the absence of adequate reconciliation and confirmation controls, some or all of these procedures may be necessary to obtain sufficient evidence, if possible. For example, 1) Develop expectations of the accounts payable and receivable balances overall or for all significant trading partners in light of the payment cycle during the year. Then, compare the recorded balance overall or by trading partner to the expected amount and investigate differences in the recorded balance if differences exceed an amount such that the total uninvestigated difference for all trading partners, including those not selected, does not exceed the limit; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 2) Develop expectations of recorded intragovernmental revenue overall or for all significant trading partners based on independent data; for example, consider using trading partners’ orders. Then compare the expectations to the recorded revenue amounts and investigate differences in the recorded balance if differences exceed an amount such that the total uninvestigated difference for all trading partners, including those not selected, does not exceed the limit; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 3) Examine accounting records, for example, accounts receivable and payable, for large, unusual, or nonrecurring activity or balances. For example, consider expectations as to the types of intragovernmental activity and balances and trading partners based on the planning work. Then, examine significant unexpected/unusual intragovernmental activity and balances and intragovernmental activity or balances with unexpected trading partners. Document the definition of significant; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 4) Summarize the results of testing and determine if adjustments are necessary; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: E. Elimination (existence, completeness, and valuation) Test consolidation/elimination for transactions occurring within the entity (intra-entity) to determine whether the elimination is appropriate and supportable. 1) Obtain a list of each component entity’s intra-entity transactions identified for elimination and each component entity’s reconciliation of its intra-entity activity and balances with its respective trading partners. This step may be done in conjunction with the test of reconciliation (see step III.A above); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 2) Review the entity’s eliminating journal entries and supporting documentation for elimination entries of the entitywide consolidated financial statements. Determine whether elimination journal entries are a) approved by management, and b) supported by schedules summarizing the SGL accounts that are combined to total the amounts eliminated; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 3) Summarize results of testing; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 4) Determine whether to change the risk of material misstatement and revise audit procedures based on the results of testing; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: IV. Reporting Phase To determine if the presentation and disclosures of intragovernmental and other related party balances comply with U.S. GAAP and OMB requirements: 1) Determine whether financial reports are prepared in accordance with the OMB Circular No. A-136, Financial Reporting Requirements. For example, a) Review the balance sheet and determine whether it is properly classified and line items are correctly reported as intragovernmental or nonfederal. b) Read the notes to the financial statements to determine if intragovernmental amounts and the related federal trading partners for assets, liabilities, earned revenue from trade (buy/sell) transactions and nonexchange revenue are disclosed. c) Read disclosures for the Statement of Net Cost in the notes to the departmentwide financial statements and determine if the department includes a separate disclosure of intragovernmental gross cost and earned revenue by budget functional classification. Determine whether gross cost and earned revenue are net of intradepartment transactions (consolidated); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 2) Read the entitywide financial statements and notes and compare the reported intragovernmental and other related party (if any) activity and balances with the test results; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 3) Request that the entity’s management include, in the representation letter, representations related to intragovernmental and other related party activity and balances. (See FAM 1001 for guidance.); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 4) Communicate with trading partner entities’ auditors (with entity permission) to determine whether issues identified by the other auditors affect the auditor’ s conclusions on intragovernmental transactions; Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 5) Read the various current period Agreed-Upon Procedures (AUP) reports to consider whether the findings will affect the auditor’s conclusion and/or if additional procedures need to be performed. For example, * The AUP report on employee withholdings and employer contributions that are reported on the Report of Withholdings and Contributions for Heath Benefits, Life Insurance and Retirements. This AUP report is to assist OPM in assessing the reasonableness of the Retirement, Health Benefits, and Life Insurance Withholdings/Contributions and Supplemental Semiannual Headcount report submitted to OPM (see OMB audit guidance); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 6) Summarize the results and propose any adjustments on the Schedule of Uncorrected Adjustments (FAM 595 C- 4); Done by/date: [Empty]; Doc Ref: [Empty]. Audit Procedures for Intragovernmental and Other Related Parties’ Activity and Balances: 7) Conclude whether intragovernmental and other related party activity and balances have been adequately accounted for and properly disclosed in the financial statements; Done by/date: [Empty]; Doc Ref: [Empty]. Figure: [See PDF for image] [End of figure] 903 - Auditing Cost Information: .01: FAM 903 provides general guidance for auditors in identifying cost information and planning audit procedures. The auditor should coordinate these procedures with procedures on auditing various line items and accounts. The auditor is generally concerned about cost information because: * The auditor should obtain sufficient evidence to determine whether costs are presented fairly in entity financial statements and are appropriately classified. Proper classifications of costs at the entity level also contribute to proper classification of costs in the consolidated financial statements of the U.S. government. * For CFO Act agencies and components designated by OMB, the auditor must evaluate whether agency financial management systems substantially comply with the three requirements of FFMIA. * Although the auditor does not opine on the MD&A, cost information is important to the MD&A, particularly as it relates to developing performance measures.[Footnote 38] The relevant accounting standard for cost information is SFFAS No. 4, Managerial Cost Accounting, as amended by SFFAS No. #30, Inter-Entity Cost Implementation. These standards have relevance both to external financial reporting and to cost information for internal management reporting. The Impact of SFFAS No. 4 and SFFAS No. 30: .02: SFFAS No. 4 establishes the concepts and standards for providing reliable and timely information on the full cost of federal programs, their activities, and outputs. The objectives of managerial cost information specified in SFFAS No. 4 are: * To provide program managers with relevant and reliable information relating costs to outputs and activities. With this information, program managers should understand the costs of the activities they manage. The cost information should assist them in improving operational efficiency. * To provide relevant and reliable cost information to assist Congress and executives in making decisions about allocating federal resources, authorizing and modifying programs, and evaluating program performance. * To provide consistency between costs reported in general purpose financial reports and costs reported to program managers. This includes standardizing terminology to improve communication among federal organizations and users of cost information. .03: The first two objectives primarily address the managerial use of cost information in improving operating efficiency and cost effectiveness, making planning and budgeting decisions, and measuring performance. The third objective primarily addresses external financial reporting, which can be achieved by reporting cost information in financial statements that is consistent with costs generated by the cost accounting process. Because of the differences in the three objectives, some requirements in SFFAS No. 4 are relevant to managerial decision making and operations improvement, while some requirements are relevant to external financial reporting. .04: The cost accounting concepts section of SFFAS No. 4 (paragraphs 41- 66) establishes the overall goals of cost accounting for federal agencies. Managerial cost accounting should be a fundamental part of the financial management system and, to the extent practicable, be integrated with the other parts of the system. Managerial costing should use a basis of accounting, recognition, and measurement that is appropriate for the intended purpose. Cost information developed for various purposes should be drawn from a common data source, and output reports should be reconcilable to each other. .05: The five fundamental standards for managerial cost accounting set forth in SFFAS No. 4 (paragraphs 67-162) are important for the auditor. These standards will lead to the development of accurate and consistent cost information for internal and external reporting by federal agencies. The five standards are: * Requirement for cost accounting: Each reporting entity is to accumulate and regularly report the cost of its activities for management information. * Responsibility segments: Management of each reporting entity is to define and establish responsibility segments and report the costs of each segment’s outputs. * Full costs: Reporting entities are to report the full costs of outputs, which is the total amount of resources used to produce the output, including direct and indirect costs. * Inter-entity costs: Each entity’s costs are to incorporate the full cost of goods and services received from other entities. As directed by SFFAS No. 4, paragraph 110, OMB has designated, in its Circular No. A- 136, Financial Reporting Requirements, the costs of goods and services received from other entities to be recognized. SFFAS No. 30, effective for reporting periods beginning after September 30, 2008, requires full implementation of this inter-entity cost provision. * Costing methodology: The costs of resources that directly or indirectly contribute to the production of outputs are to be accumulated and assigned to outputs using appropriate methodologies. (FAM 903.07.) Audit Procedures for Financial Statement Opinion: .06 As part of understanding the entity’s operations, the auditor generally should obtain an overview of how the entity applies FASAB cost standards. This may be done by inquiry, observation, and walkthrough procedures. The auditor generally should determine what substantive testing procedures of the cost accounting system are appropriate and may coordinate testing with other control and substantive procedures. Based on the understanding of entity operations, the auditor should determine whether the statement of net costs is designed to include all costs of entity programs. Also, in testing the statement of net costs, the auditor generally should test the financial statement assertions related to costs, including whether expenses are properly classified in the statement of net costs. Consistent with FAM 395 B, examples of subassertions related to costing are: Existence Or Occurrence: * Occurrence/Validity—(1) Recorded costs, underlying goods and services received, and related processing procedures are authorized by federal laws, regulations, and management policy. (2) Recorded costs are approved by appropriate individuals in accordance with management’s general or specific criteria. (3) Recorded costs exist for goods and services received and are properly classified. * Cutoff—Costs recorded in the current period represent goods and services received during the current period. * Summarization—(1) The summarization of recorded costs is not overstated. (2) Costs are assigned to appropriate classifications in the financial statements. Completeness: * Transaction completeness—All valid costs are recorded and properly classified. * Cutoff—All goods and services received in the current period are recorded in the current period. * Summarization—The summarization of recorded costs is not understated. Accuracy/valuation: * Accuracy—Costs are recorded at correct amounts. * Valuation—Costs are valued in the financial statements using an appropriate valuation basis. * Measurement—Costs included in the financial statements are properly measured. * Presentation And Disclosure: - Account classification—Cost accounts are properly classified and described in the financial statements. - Consistency—Costs in financial statements are based on accounting principles that are applied consistently from period to period. - Disclosure—Financial statements and footnotes contain all information required to be disclosed. .07: SFFAS No. 4 discusses three methods of assigning costs: directly tracing costs, assigning costs on a cause-and-effect basis, and allocating costs on a reasonable and consistent basis. Although the standard discusses these three methods in relation to assigning costs to responsibility segments and outputs, the methods are also applicable to assigning costs to financial statement line items in the statement of net costs, generally by program, and in the notes by budget functional classification. The different methods of assigning costs may require different auditing procedures for determining whether costs are properly classified in the statement of net costs by program. .08: For directly traced costs (such as materials used in production or employees who worked on an output), the auditor generally should test whether costs were assigned to the appropriate program and/or budget functional classification. .09: In some cases, costs may be assigned on a cause-and-effect basis, by grouping costs into cost pools where an intermediate activity may be a link between the cause and the effect. For example, an information technology department may provide support to other departments. The information technology department may assign costs to other departments on a causeand- effect basis by first assigning costs to an intermediate activity, such as hardware installation or software design. The costs in these pools may then be further assigned to other departments based on their use of these technical services. In auditing these types of costs, the auditor generally should test whether costs are assigned to the appropriate cost pool (hardware installation, software design), and also whether costs are appropriately summarized in the pool. When costs are assigned to other departments, the auditor generally should test whether costs assigned are based on appropriate usage information, whether cost assignments are reasonable and consistent, and whether they are mathematically accurate. .10: If it is not economically feasible to either directly trace or assign costs on a cause-and-effect basis, the entity may allocate costs. This is commonly done with costs such as general management, depreciation, rent, maintenance, security, and utilities used in common by various segments. These costs are generally accumulated in cost pools and allocated to segments or outputs (or programs or budget functional classifications) using a cost driver such as number of employees, square footage of office space, or amount of direct costs incurred in segments. In auditing these allocated costs, the auditor generally should test whether the costs are assigned to the appropriate cost pool and summarized appropriately. The auditor also generally should determine whether the allocation basis is reasonable and consistent, whether the mathematical allocation is correct, and whether an allocation is appropriate in the circumstances. .11: The entity exercises professional judgment in determining the line item and programs to include in its statement of net costs. The auditor generally should consider whether such classifications are reasonable in the circumstances. Federal Financial Management Improvement Act of 1996 (FFMIA) .12: For audits of the CFO Act agencies and components identified by OMB audit guidance, the auditor must evaluate whether agency financial management systems substantial comply with the three requirements of FFMIA (see FAM 100.02 and FAM 701). To determine compliance with SFFAS No. 4 and SFFAS No. 30 for the purposes of FFMIA, the auditor generally should ask the following questions (which relate to the standards discussed in FAM 903.05) * Does the agency regularly accumulate and report the full cost of its activities to management? * Has the agency defined its major programs and responsibility segments for the purpose of delineating costs? * Does the agency properly accumulate full costs by those programs and segments? * Has the agency accounted for the full costs (including inter-entity costs) of products, services, or outputs to be externally reported at the entitywide level? * Has the agency accounted for the full cost of resources that contribute to the production of outputs by individual responsibility segment using appropriate costing methodologies? (See FAM 903.07) * Has the agency reported full costs in the year-end financial statements on the accrual basis of accounting? * Are costs reported for external financial reporting and those reported for internal management reporting consistent and reconcilable? * Is the reported management cost information consistent, timely, and comprehensive? * Is the cost information reported in such a manner that management can determine answers to appropriate questions about costs of outputs or outcomes? * How does management determine whether costs are appropriate? * How does management determine compliance with FFMIA? The auditor generally should combine this inquiry with the procedures in FAM 903.06, and consider the outcome in concluding about compliance with the cost accounting requirements under FFMIA. Also, the auditor generally should review evidence supporting management’s assertions in response to these questions, as further discussed in FAM 701, Assessing Compliance of Agency Systems with FFMIA. Management’s Discussion and Analysis (MD&A) .13: The auditor does not provide an opinion on the MD&A and this information is unaudited. Thus, the auditor’s main concern is consistency of this information, rather than testing the reliability of the cost data in the MD&A. The auditor generally should read the MD&A for consistency with the financial statements and with the auditor’s knowledge of the entity. The auditor generally limits testing to data in the financial statements, as discussed in FAM 903.06, not the MD&A. The auditor may use analytical procedures to determine the reasonableness of cost data in the MD&A. Based on this comparison, the auditor should determine whether additional testing is needed. Cost Reports: .14: Costs reported in internal and external entity reports are expected to be consistent, but may differ in the degree of detail and reporting frequency. Cost information for management generally requires more frequent and timely reporting. It also may require more specific and detailed information regarding the costs of individual activities or outputs. By comparison, external reports are generally less frequent, and the cost information more aggregated, such as on a suborganization or program basis. .15: Entity level information, including cost data, generally becomes more summarized at the U.S. government consolidated financial statement level, or does not apply to the consolidation. In some cases, the consolidation refers readers to individual agency financial statement reports for further details in specific areas. 921- Auditing Fund Balance with Treasury (FBWT): .01: FAM 921 provides guidance to the auditor when auditing FBWT accounts. However, significant changes are anticipated in this area over the next several years as Treasury is developing and implementing the Government Wide Accounting (GWA) system, which is discussed further in FAM 921.11. Implementation of the GWA system by federal entities is expected to vary considerably and auditors should determine the effects of this early in the audit as discussed in FAM 921.12. .02: The FBWT account (SGL account 1010) is an asset account, unique to the U.S. government, representing unexpended spending authority. Entities record their budget spending authority in FBWT accounts with an offsetting amount to unexpended appropriations – SGL account series 3100. Similar to cash in commercial bank accounts, FBWT amounts increase as funds are collected and decrease as amounts are paid, although noncash transactions adjust the balances, primarily as a result of budgetary activity. Most entities have several FBWT accounts funded by different types of appropriations[Footnote 39] that are included in the financial statement FBWT line item. .03: Federal agencies may also maintain other types of FBWT accounts, such as for collections pending litigation, amounts awaiting determination of the proper accounting disposition, or monies being held by the entity in the capacity of a banker or agent for others, such as non-entity, trust, or escrow accounts. Certain funds may also be earmarked for specific purposes or restricted as to use. Entities may also have FBWT balances in clearing or suspense accounts as a result of unidentified and unclassified transactions. .04: In the federal government, Treasury serves as the central banker. Most entities use the banking services provided by Treasury’s Financial Management Service (FMS), and therefore do not keep cash in commercial bank accounts. Some entities have authority to disburse funds on their own behalf and maintain separate commercial bank accounts in U.S. or foreign currency. However, these agencies still maintain FBWT accounts to track the status of their spending authority. .05: Regular reconciliation of entity FBWT records with Treasury records is a key control in maintaining the accuracy and reliability of entity fund balance records. Effective reconciliations serve as a detection control for identifying unauthorized and unrecorded transactions at the entities and at Treasury. Effective reconciliations are also important in preventing entity disbursements from exceeding appropriated amounts and providing an accurate measurement of the status of available resources. .06: Treasury maintains and provides appropriation, fund, and receipt account ledgers to entities. This includes a roll forward of the previous month’s balance, the current month’s cash activity reported by the entity, and other account activity such as supplemental appropriations, rescissions, nonexpenditure transfers, and activity reported by other entities. These Treasury account ledgers can be used by entities for comparison to their records to account for all transactions. .07: Treasury also provides entities with detailed reports of cash receipt and disbursement transactions reported by the Federal Reserve, commercial banks, other federal entities, and the FMS regional financial centers. These reports can be used by entities to reconcile FBWT and most likely will be affected by implementation of the GWA system discussed in FAM 921.11- .12. FBWT Accounting and Reporting Information: .08: To obtain a further understanding of entity’s accounting and reporting for FBWT, the auditor may refer to: * Treasury Financial Manual, Volume 1, part 2, chapter 5100 – Reconciling Fund Balance with Treasury accounts, (see link at [hyperlink, http://fms.treas.gov/fundbalance)]. * OMB Circular No. A-136, Financial Reporting Requirements. * SFFAS No. 1, Accounting for Selected Assets and Liabilities. * Entity accounting policies and procedures for FBWT accounts. FBWT Audit Issues: .09: Since most assets, liabilities, revenues, and expenses stem from or result in cash transactions, misstatements in the receipt or disbursement activity recorded in the FBWT account affects the accuracy of year-end FBWT balances. It also affects the accuracy of several entity financial statements, including the Balance Sheet, the Statement of Net Cost, and the Statement of Budgetary Resources. Further, it affects the integrity of entity budget execution reports and various U.S. government accounts and reports. .10: It is important for entities to establish processes to properly record and reconcile transaction activity in their FBWT accounts because without effective reconciliations of FBWT receipt and disbursement activity, the amount of funds available for expenditure by each appropriation may contain material misstatements. Entities should avoid arbitrarily adjusting accounts to the amounts reported by Treasury and/or recorded differences in suspense accounts without adequately researching the causes of the differences. Unreconciled differences recorded in suspense accounts could represent transactions that have not been properly recorded by the entity to the appropriate accounts. Additionally, it is important for entities to reconcile their FBWT account balances timely because this task becomes more difficult as time passes and erroneous or fraudulent transactions may not be identified to take appropriate actions. TFM Volume 1, part 2, chapter 5100 states that entities should perform monthly reconciliations of their FBWT accounts. .11 Treasury is developing the Government Wide Accounting (GWA) system, to be implemented over the next several years. The GWA system will eliminate the two-step reporting processes used by federal entities and Treasury by transitioning from a monthly to a daily process of reporting receipt and disbursement transactions to Treasury. This daily classification of activity will eliminate the need for federal entities to submit a monthly Statement of Transactions. The monthly Statement of Differences reports that formerly resulted from this two-step classification process will also be eliminated. Additionally, similar to commercial on-line banking, the GWA system can provide federal entities with a daily account statement of their FBWT accounts via the Internet. Treasury continues to use “independent” sources of entity FBWT activity, such as commercial banks, other federal entities, and Treasury’s FMS regional financial centers, to calculate federal entity FBWT balances. .12 Implementation of the GWA system by federal entities is expected to vary and auditors should determine the effects of this early in the audit. The changing environment during this transition period increases the audit risk associated with FBWT. To design effective and efficient audit procedures during this transition period, auditors should fully understand the status of GWA system implementation at their respective federal entity and the processes and procedures used by their particular entity during the year of audit. .13 Treasury also plans to discontinue the use of certain suspense (“F”) accounts used by entities to record unreconciled receipt and disbursement transactions. Auditors will need to design procedures to test whether entities have properly reconciled and classified the suspense items that were recorded in these discontinued accounts. Some entities will be granted waivers to continue using the suspense accounts and auditors will need to ensure that all of the reconciliations, aging, and CFO confirmation of balance requirements for these suspense accounts are accurately performed by the entity. Auditors will also need to fully understand their entity’s procedures for tracking and recording suspense type items going forward and design audit procedures to adequately test and assess the impact of the suspense items on the FBWT at year-end. FBWT Audit Approach: .14: Auditors should obtain and fully document their understanding of entity FBWT accounts, accounting systems, procedures, and the FBWT control environment, including the information technology processing and security controls over systems that report or transact FBWT activities or balances, to determine the level of audit procedures required. .15: Auditors should design FBWT audit procedures that include tests of the receipt and disbursement activity that flows through the accounts and the FBWT balances. These procedures should include steps to determine whether the entity: * properly and timely records receipt and disbursement activity in their FBWT accounts; * researches and resolves the underlying causes of differences between amounts reported by Treasury and entity records, including the receipt and disbursement activity flowing through the FBWT accounts, as well as the monthly account balances, and makes the proper adjustments; and: * timely and properly clears suspense account balances. .16: Auditors should determine the magnitude of the entity’s gross unreconciled differences at year-end by analyzing their aggregate absolute values and resulting impact on the financial statements. Since each difference represents a potential misstatement, the roll-up and netting of charges and credits can significantly understate the total outstanding differences. Audit Procedures: .17: Audit procedures for the FBWT will vary by entity and auditors should use their professional judgment to design audit programs for their particular entity after considering the type of FBWT accounts, materiality, audit risks, and the internal control environment. Over the next several years as entities implement the GWA system, auditors may consider the example audit procedures provided below to audit FBWT, as well as developing new procedures to audit the GWA system. Planning and Internal Control Phase: .18: To obtain an understanding of the entity’s environment, internal control over FBWT accounts and reconciliation process in the planning and internal control phase of the audit, the auditor may perform steps to: * Review accounting and reporting information on FBWT at FAM 921.08. * Read prior year audit documentation, financial statements, and related audit reports to determine if there were any audit issues, significant deficiencies, or material weaknesses related to FBWT. * Interview entity key staff about its FBWT procedures and controls in place. * Determine how the entity disburses funds for both payroll and nonpayroll transactions, either through FMS regional finance centers, other entity disbursing centers, on its own behalf, or a combination of ways. * Obtain an understanding of the significant accounting systems and controls used in reporting and accounting for FBWT transactions. * Identify FBWT line item general ledger accounts. * Obtain an understanding and walkthrough entity internal controls over its FBWT reconciliation process and determine whether reconciliation controls have been placed in operation. * Inquire how the entity tracks and reports differences between its FBWT records and Treasury’s FBWT records. * Identify suspense and clearing accounts used by the entity containing unreconciled differences and determine if transactions are identified and removed from these accounts to the proper accounts in a timely manner. * Determine if the entity has a process or system for aging unreconciled differences. * Determine whether the entity is properly accounting for the FBWT line item in accordance with U.S. GAAP by having the entity complete FAM 2010, Checklist for Federal Accounting. Testing Phase: .19: In the testing phase of the audit, the auditor may design an audit program that includes steps to determine whether the entity: * Properly and timely records receipt and disbursement activity in its FBWT accounts. * Researches and resolves the underlying causes of differences between amounts reported by Treasury and entity records, (including the receipt and disbursement activity flowing through the FBWT accounts and the account balances each month) and makes the proper adjustments. * Timely and properly investigates clearing and suspense account balances. * Reconciles its FBWT accounts and performs procedures to determine the materiality of gross unreconciled differences at year-end by analyzing the aggregate absolute values and resulting impact on the financial statements. (Since each difference represents a potential misstatement, the roll-up and netting of charges and credits can significantly understate the total outstanding differences). * Includes and presents nonexpenditure transactions such as appropriation warrants, transfers, and rescissions. * Discloses the status of accounts, such as open, expired, or canceled and whether the account is appropriately included in the FBWT line item. Reporting Phase: .20: To assess whether the presentation of the financial statements and footnote disclosures for the FBWT line item are in accordance with U.S. GAAP, the auditor may determine whether the entity has: * Disclosed and explained material unreconciled differences in the notes to the financial statements. * Disclosed material unreconciled differences that were written off by the entity during the fiscal year in the notes to the financial statements. * Disclosed material restrictions. * Concluded that proposed audit adjustments are either booked or were determined to be immaterial and were attached to the management representation letter (see FAM 1001). * Determined that the entity is properly reporting and disclosing the FBWT line item in accordance with U.S. GAAP by having the entity complete FAM 2020, Checklist for Federal Reporting and Disclosure. .21 Other audit procedures for FBWT may include tests of entity: * fund controls, * reconciliations of proprietary and budgetary amounts, * compliance with applicable laws and regulations, and * year-end reporting to Treasury and OMB. .22: These audit procedures are not intended to be all inclusive. They do not include all audit work over FBWT accounts, such as: * cash on deposit bank accounts and petty cash (imprest) funds, * tests of controls over check stock for entities that still write checks instead of EFT, and: * steps to test the specific requirements and/or compliance with regulations and laws related to certain types of FBWT accounts, such as those mentioned above in FAM 921.03. Practice Aids: .23: The following practice aids are presented as appendixes to FAM 921 to assist the auditor in auditing FBWT as follows: * FAM 921 A – Treasury Processes and Reports Related to FBWT Reconciliation. * FAM 921 B – Example Account Risk Analysis (ARA) for FBWT. * FAM 921 C - Example Specific Control Evaluation (SCE) for FBWT. A single SCE of the line item/account-related accounting application for FBWT is presented. There are transaction-related accounting applications listed on the ARA that affect FBWT, such as cash receipts and cash disbursements, which would require transaction related SCEs. 921 A - Treasury Processes and Reports Related to FBWT Reconciliation: A. Verification of Collections and EFT Disbursements These FBWT processes and reports are subject to change by the implementation of the GWA system discussed in FAM 921.11-.12. Table: [See PDF for image] *CASHLINK II processes will be migrating to successor systems such as Transaction Reporting System (TRS) and Treasury General Account Deposit Reporting Network (TGAnet) system. **STAR performs core central accounting functions as the system of record and the GWA system serves as a conduit to feed information in and out. The two systems work in tandem to perform all of the central accounting functions, although the GWA system is expected to replace the STAR functionality. [End of figure] Table: B. Verification of Disbursement Data: [See PDF for image] [End of table] Table: 921 B - Example Account Risk Analysis for Fund Balance with Treasury [See PDF for image] [End of table] Entity: Date of Financial Statements: Accounting application: Fund Balance with Treasury: Specific Control Evaluation: Preparer: Date: (Line Item/Account-Related): Reviewer: Date: Table 921 C - Example Specific Control Evaluation for Fund Balance with Treasury: [See PDF for image] [End of figure] 931 – Auditing Heritage Assets and Stewardship Land: .01: Heritage assets are real and personal tangible federal property, plant, and equipment (PP&E) that is unique for one or more of the following reasons: * Historical or natural significance. * Cultural, educational, artistic (or aesthetic) importance. * Significant architectural characteristics. Heritage assets consist of two types. Collection type heritage assets involve objects gathered and maintained for exhibition and would include such examples as museum collections, art collections, and library collections. Non-collection type heritage assets would include such examples as parks, memorials, monuments, and buildings. .02: Stewardship land is public land and land rights owned by the federal government, much of it acquired when the nation was formed. It does not include land acquired for or used in connection with general PP&E. Examples of stewardship land include land used as national forests and parks, and land used for wildlife and grazing. It excludes natural resources (for example, minerals, timber, and petroleum) related to the land. .03: Heritage assets may in some cases be used to serve two purposes—a heritage function and general government operations. In cases where a heritage asset serves two purposes, the heritage asset should be considered a multi-use heritage asset if the predominant use of the asset is in general government operations. For example, the main Treasury building in Washington, DC is used primarily as an office building. This multi-use asset would be considered general property, capitalized on the balance sheet, and depreciated. Heritage assets having an incidental use in government operations are not multi-use heritage assets; they are simply heritage assets. .04: SFFAS No. 29, Heritage Assets and Stewardship Land, issued on July 7, 2005, changed the classification of information reported for heritage assets and stewardship land provided by SFFAS No. 6 and SFFAS No. 8. Previously, reporting components of this federal property (e.g., unit balances, additions, withdrawals, methods of acquisition and withdrawal) was presented as unaudited RSSI. However, under SFFAS No. 29, most information about heritage assets and stewardship land is reclassified to the audited basic financial statements, except for condition information that is presented as unaudited RSI. SFFAS No. 29 also requires additional audited disclosures about the federal entity’s stewardship policies and an explanation of how heritage assets and stewardship land relate to the entity’s mission. .05: Per SFFAS No. 29, entities must reference a note on the balance sheet that discloses information about heritage assets and stewardship land but no dollar amount is shown. At a minimum, entities are to present in note disclosure a description of major categories of assets, physical unit information for the end of the reporting period, physical units added and withdrawn during the reporting period, and a description of the methods of acquisition and withdrawal. Entities are also required to disclose information about stewardship policies and an explanation of how heritage assets and stewardship land relate to the mission of the entity. The standard also includes disclosure requirements applicable to the U.S. government-wide financial statements which must provide a general discussion of heritage assets and stewardship land and direct users to the applicable entities’ financial statements for more detailed information on these assets. .06: SFFAS No. 29 will be phased-in for reporting periods after September 30, 2005, (FY 2006 through 2008). Full implementation of SFFAS No. 29 is effective for periods after September 30, 2008, (FY 2009) although early adoption is encouraged. Accounting and Reporting Information .07: To obtain a further understanding of entity accounting and reporting for Heritage Assets and Stewardship Land, the auditor may refer to: * SFFAS No. 6, Accounting for Property, Plant and Equipment, * SFFAS No. 8, Supplementary Stewardship Reporting (SFFAS 29 rescinds Chapter 2 and Chapter 4), * SFFAS No. 14, Amendments to Deferred Maintenance Reporting, * SFFAS No. 29, Heritage Assets and Stewardship Land, * FASAB Technical Release 9, Implementation Guide for SFFAS No. 29: Heritage Assets and Stewardship Land (Feb 20, 2008), * OMB Circular No. A-136, Financial Reporting Requirements, and * entity accounting policies and procedures. Audit Issues. .08: Entity financial statements, particularly DOD, have disclosed material weaknesses in accounting for federal PP&E. This includes identification of physical quantities by type of asset, cost/valuation, depreciation (if general property, except land), condition, and recording transactions in the proper period. Audit Approach/Strategy .09: The auditor should develop their audit approach/strategy by identifying the extent of heritage assets and stewardship land at the entity they are auditing. The auditor should then obtain and fully document their understanding of this property in the entity’s accounts, accounting systems, and related policies and procedures. The auditor should also understand the control environment for this property, including the information technology processing and security controls over systems that report or transact activities or balances, to determine the level of audit procedures required. Audit Plan/Procedures: .10: Heritage assets and stewardship land will vary by entity and auditors should use their professional judgment to design the audit plan/procedures for their particular entity after considering the type of accounts, materiality, audit risks, and the internal control environment. From fiscal years 2006 through 2008, as entities implement SFFAS No. 29, auditors may consider the example audit procedures provided below to audit this property, as well as a basis to develop new procedures. Planning Phase: .11: To obtain an understanding of entity heritage assets and stewardship land in the planning phase of the audit, the auditor may: * Obtain an understanding of significant accounting and auditing issues, read the entity’s prior year’s accountability and auditors’ reports. * Read applicable SFFAS and OMB Circular No. A-136 guidance for accounting, reporting, and disclosing heritage assets and stewardship land. * Understand and document the entity’s stewardship policies for identifying heritage assets and stewardship land separate from multiuse heritage assets and other general PP&E, and indicate how the designation of heritage assets and stewardship land relate to the entity’s mission. * Understand and document the entity’s procedures for identifying, categorizing, accounting, reconciling and reporting heritage assets and stewardship land. Note that SFFAS No. 29 allows the entity flexibility in designating categories by determining a meaningful level of aggregation for reporting and selecting physical units aligned with those categories based on the entity’s mission, types of heritage assets, and how it manages those assets. * Understand and document the entity’s methodology for acquisition and withdrawal of heritage assets and stewardship land during the reporting period. * Understand and document the methodology used to account for deferred maintenance (although unaudited RSI) on heritage assets and stewardship land during the reporting period. * Identify and understand the impact of systems/methods for classifying, accounting, and processing of transactions related to heritage assets and stewardship land by interviewing the entity’s key personnel and its systems and methods for processing transactions. * Provide sufficient time for the entity to respond to documentation requests, as some records may be housed in field offices or other locations. * Coordinate, through the audit liaison, with non-financial staff, such as cultural resource personnel, as heritage assets are non-financial assets. * Acquire expertise related to the assets they are auditing. Internal Control Phase: .12: To understand the internal controls the entity has in place for identifying, accounting, and reporting heritage assets and stewardship land, the auditor may: * Determine through inquiry of management, walk-throughs, inspection of documents, review of prior year’s documentation and other means applicable to the entity, the entity’s process for identifying, classifying and reporting heritage assets and stewardship land. Specifically: a) Whether the entity has an authorization process and the related control procedures for acquisition, withdrawal, and deferred maintenance transactions related to heritage assets and stewardship land. b) How the entity has instituted a consistent methodology for categorization of heritage assets and stewardship land based on the entity’s mission and in accordance with SFFAS No. 29. c) How the entity records acquisitions, withdrawals, and deferred maintenance entries in the accounting system and performs reconciliations between the accounting system and the asset accountability system. In accordance with SFFAS No. 29, costs related to the acquisition, improvement, reconstruction and renovation of heritage assets/stewardship land are recognized in the Statement of net cost for the period in which the costs are incurred. These include all costs incurred to prepare the item for its intended use. d) Whether the entity maintains transaction logs or detailed records of transactions to identify the postings to SGL accounts and to facilitate the reconciliation process and whether the logs include sufficient information to enable identification and location of supporting documentation. e) How the entity classifies and records transfers to/from other federal entities of heritage assets and stewardship land. f) How the entity classifies and records donation or devise of heritage assets and stewardship land. g) Whether the entity separates and capitalized multi-use heritage assets. The cost of acquisition, improvement, reconstruction, or renovation of multi-use heritage assets should be capitalized as general PP&E and depreciated over its useful life. h) Whether and how the entity conducts periodic physical inventories designed to verify the existence, location, and condition of all property listed in the accounts, and to verify the completeness of recorded units. * Prepare or update the cycle memorandum, flowchart, ARA, and SCE forms (see FAM 390, FAM 395 H, and FAM 395 I). Testing Phase: .13: For heritage assets and stewardship land, if the auditor preliminarily determines that the entity’s internal control procedures are effectively designed and placed in operation, the auditor may test the entity’s policies and procedures to determine if the controls are effective and the balances appear reasonable. The audit objectives for substantive procedures are to: * Determine the existence of recorded heritage assets and stewardship land. * Determine the completeness of recorded heritage assets and stewardship land. * Determine the entity’s ownership rights to record these assets as heritage assets and stewardship land in accordance with SFFAS No. 29. * Determine the clerical accuracy of unit schedules for additions and deletions. * Determine the aggregation and categorizations of physical units are in accordance with guidelines established in SFFAS No. 29. For example, DOI has reported the number of federal parks, instead of the number of acres comprising those parks, as physical units. * Determine the presentation and disclosure of heritage assets and stewardship land and note disclosures are in accordance SFFAS No. 29. .14: Existence: To determine the existence of heritage assets and stewardship land, the auditor may: * Determine the propriety of beginning balance of physical units. As heritage assets and stewardship land are being reclassified as basic information, auditors may require supporting documentation to fulfill audit assertions. However, due to the age of when these assets were acquired, documentation may no longer exist. The entity and the auditor are encouraged to develop other reasonable approaches and methods to satisfy audit assertions that would rely on historical documents as evidence and support. Further guidance is provided in the AAPC implementation guide, paragraphs .80-.85. * Obtain a summary analysis of changes in property in the current fiscal year and reconcile to the general ledger. * Agree changes in units from the subsidiary ledger to the general ledger. * Vouch additions during the year by analyzing on a sample basis (depending on the auditor’s assessment of control risk) entries from the general ledger to the original documentation such as contracts, deeds, work orders, and invoices. * On a sample basis, make physical inspections of acquisitions and examine supporting documents on disposals. The auditor should coordinate inspections with the appropriate entity staff, particularly when visiting non-federal repositories which hold federal museum collections. This will ensure that visits are efficient and productive, and relationships between repositories and the entity are maintained. .15: Completeness: The auditor may determine the completeness of recorded heritage assets and stewardship land by tracing transactions recorded in the asset accountability system to general ledger accounts. Usually, few changes occur in heritage assets and stewardship land during the year and the auditor should investigate significant changes in balances. Since cutoff errors are not a major risk in establishing the completeness of recorded assets, if the auditor is satisfied with the beginning balances and verifies the acquisition and withdrawals of the current period, the auditor has also substantiated the ending balance. .16: Rights and Obligations: To determine the entity’s ownership rights to record the property as heritage assets and stewardship land, the auditor may: * Examine FASAB definitions of heritage assets and stewardship land, historical documents, and compliance procedures to determine the entity’s ownership rights to record the property as heritage assets and stewardship land (as opposed to another federal entity). * Examine documents to determine legal ownership such as public records, property deeds, property tax bills (or exceptions), and other documents specific to the entity’s documentation of legal ownership. Documentation of ownership may be in a variety of formats including permits, reports, and associated records which indicated where natural resources were recovered from public lands. * Examine the entity’s statements showing the assets’ direct link to the entity’s mission. Auditors may perform this procedure to gain more information about the entity’s assets, rather than to determine which assets are properly included in the heritage assets and stewardship land category. .17: Accuracy: To determine the accuracy of unit schedules for heritage assets and stewardship land additions and deletions, the auditor may: * Agree subsidiary ledger for additions and deletions to controlling accounts and examine detailed supporting documentation. * Determine the propriety and accuracy of recorded transfers and donations, examine subsidiary ledgers, and agree to detailed supporting documentation. * Recompute footings and extensions in detailed documentation and summary analysis. .18 Classification: To determine the aggregation, unitization and categorization of physical units for heritage assets and stewardship land, the auditor may: * Examine entity documentation and methodology for categorization of units to determine whether the entity’s aggregation/categorization and physical unit of measure are appropriate, based on the entity’s mission, how the entity views the asset for management purposes, types of heritage assets, and materiality considerations. The entity should designate asset categories that are meaningful and reflect how it views the asset for management purposes. It would also be helpful if entities documented the reasoning for categorization. * Determine whether the results of testing and the nature of misstatements indicate that the auditor should re-assess the risk of material misstatement and revise procedures. Reporting Phase: .19: To determine the proper reporting, presentation, and disclosure of heritage assets and stewardship land, the auditor may review the balance sheet and determine whether these items are properly reported and correctly classified as heritage assets and stewardship land. The auditor should also read the note disclosures and determine whether the entity reported: For periods beginning after September 30, 2005 (FY 2006 and FY 2007): * Disclosure of how the heritage assets and stewardship land relate to the entity’s mission. * Description of stewardship policies. * Discussion of multi-use heritage assets. * Disclosure of asset condition and deferred maintenance as RSI. For periods beginning after September 30, 2007 (FY 2008): * Inclusion of all the requirements noted above plus a description of the major categories of heritage assets and the number of physical units as collection or non-collection type for which the entity is the steward at the end of the reporting period. For periods beginning after September 30, 2008 (FY 2009): * Inclusion of all requirements noted above with the number of physical units by major category added and withdrawn and a description of the major methods of acquisition and withdrawal. * Full compliance with all SFFAS No. 29 requirements for reporting periods beginning with FY 2009 is expected for all entities. To be in accordance with SFFAS No. 29, information that is not required to be reported as basic information during the phase-in period is still required, but should be reported as RSI until the exceptions expire. It may be appropriate for entities to include a reference to the information reported as RSI during the phase-in period. The auditor should also summarize the results and determine if adjustments are necessary, and conclude whether heritage assets and stewardship land have been adequately accounted for and properly disclosed in the financial statements. If the entity has early implemented SFFAS No. 29, the auditor should confirm that the required information is presented. 941 – Auditing the Statement of Social Insurance: .01: The Statement of Social Insurance (SOSI) has grown in prominence as it presents trillions of dollars of future federal expenditures over future federal revenues. Beginning with fiscal year 2006, the SOSI is required to be audited, along with certain social insurance disclosure information, while other social insurance information is to be presented as unaudited required supplemental information (RSI). Because most of the information is based on actuarial projections up to 75 years into the future, it presents a challenge to the federal entity responsible for its preparation, as well as to the auditor. FAM 941 provides auditors with some guidance in auditing the SOSI in accordance with U.S. GAGAS. .02: FASAB has established accounting requirements for the SOSI through various SFFAS. The financial statements affected are those of federal entities responsible for Social Security, Medicare, Railroad Retirement, and Black Lung programs, as well as the consolidated financial statements of the federal government. For periods beginning after September 30, 2005, the SOSI is to be presented as a basic financial statement with the underlying significant assumptions included in notes that are presented as an integral part of the financial statements. .03: FASAB standards for social insurance programs require entities and the consolidated federal financial statements to report: a. The estimated present value of the income to be received from or on behalf of the following groups during a projection period sufficient to illustrate the long-term sustainability of the social insurance programs for: * current participants who have not yet attained retirement age, * current participants who have attained retirement age, and * individuals expected to become participants. b. The estimated present value of the benefit payments to be made during that same period to or on behalf of the groups listed in item (a) above. c. The estimated net present value of the cash flows during the projection period [the income described in item (a) above over the expenditures described in item (b) above, or the expenditures described in item (b) above over the income described in item (a) above]. d. In notes to the SOSI: 1. The accumulated excess of all past cash receipts, including interest on investments, over all past cash disbursements within the social insurance program, represented by the fund balance at the valuation date. 2. An explanation of how the net present value referred to in item (c) above is calculated for the closed group.[Footnote 40] 3. Comparative financial information for items (a), (b), (c), and d (1) above for the current year and for each of the four preceding years. 4. The significant assumptions used in preparing the estimates. Accounting and Reporting Information .04: FASAB has issued standards for reporting on social insurance programs of federal entities as follows: * SFFAS No. 17 – Accounting for Social Insurance, effective for periods beginning after September 30, 1999, presents accounting standards for federal social insurance programs covering Social Security (Old-Age, Survivors, and Disability Insurance), Medicare (Hospital Insurance [Part A] and Supplementary Medical Insurance [Part B]),[Footnote 42] Railroad Retirement, and Black Lung benefits, and Unemployment Insurance. Social insurance programs covered by SFFAS No. 17 have five common characteristics: 1. financing from participants or their employers; 2. eligibility from taxes or fees paid and time worked in covered employment; 3. benefits not directly related to taxes or fees paid; 4. benefits prescribed in law; and 5. programs intended for the general public. * SFFAS No. 25 – Reclassification of Stewardship Responsibilities and Eliminating the Current Services Assessment requires the Statement of Social Insurance to become a basic audited financial statement. It also provides that certain information about social insurance programs required by SFFAS No. 17 be reported in audited notes or as unaudited RSI, rather than as unaudited RSSI. In accordance with SFFAS No. 28, the effective period was deferred one year from fiscal year 2005 to fiscal year 2006. * SFFAS No. 26 – Presentation of Significant Assumptions for the Statement of Social Insurance: Amending SFFAS No. 25 requires that the underlying significant assumptions relating to the Statement of Social Insurance shall be included in audited notes with other information required by SFFAS No. 17 – including the sensitivity analysis – to be presented as RSI, except to the extent that the preparer elects to include some or all of that information in audited notes. In accordance with SFFAS No. 28, the effective period was deferred one year from fiscal year 2005 to fiscal year 2006. * SFFAS No. 28 – Deferral of the Effective Date of Reclassification of the Statement of Social Insurance: Amending SFFAS Nos. 25 and 26 deferred the effective dates of SFFAS No. 25 and SFFAS No. 26 for one year to the fiscal year ended September 30, 2006. .05: Auditors generally should follow the FAM methodology contained in the planning, internal control, testing, and reporting phases in FAM 200-500 and the audit guidance included in the AICPA’s Statement of Position (SOP) 04-1, Auditing the Statement of Social Insurance. SOP 04- 1 provides guidance to auditors in auditing the Statement of Social Insurance. .06: As permitted by AU 543, a principal auditor may fulfill the requirements of SOP 04-1 by using work that other independent auditors have performed in conformity with the provisions of SOP 04-1. For example, for the OASDI program, the auditor of the consolidated financial statements of the U. S. government may use the work and report of the auditor of the Social Security Administration’s Statement of Social Insurance. .07: According to AU 342.10, the auditor should obtain an understanding of how management develops estimates. Based on that understanding, the auditor should evaluate the reasonableness of management’s estimates by using one or a combination of approaches as follows: * reviewing and testing the process used by management to develop the estimate; * developing an independent expectation of the estimate to corroborate the reasonableness of management’s estimate; and * reviewing subsequent events or transactions occurring prior to audit completion. .08: In auditing the Statement of Social Insurance, if the auditor has assessed management’s controls over the estimation process to be effective, the auditor may determine that the most practicable and efficient approach is to test management’s process. However, if the auditor finds that controls over the estimation process are ineffective, the auditor should consider whether it is practicable to: * develop an independent expectation of the estimate, or portions of the estimate, to corroborate management’s estimate, or * obtain competent evidence from outside the audited entity’s process that would be sufficient to support the assertions in the Statement of Social Insurance. If it is not practicable to mitigate the effects of the ineffective controls through substantive procedures such as these, the auditor’s report on the Statement of Social Insurance should be modified (SOP 04-1, paragraph 9). .09: The auditor’s objective when auditing the Statement of Social Insurance is to obtain sufficient, competent, evidential matter to provide reasonable assurance that: * the estimates presented in the Statement of Social Insurance are reasonable in the circumstances, and: * the Statement of Social Insurance is presented fairly, in all material respects, in conformity with U.S. GAAP, including adequate disclosure. .10: If the auditor does not possess the level of competence in actuarial science to qualify as an actuary, the auditor generally should obtain the services of an independent actuary[Footnote 43] to assist the auditor in planning and performing auditing procedures. Generally, the auditor will need the assistance of an independent actuary in performing various procedures during all phases of the audit and related to all elements of the estimates (SOP 04-1, paragraph 10). Key Implementation Issues: Determining Materiality: .11: In FAM 230, materiality is one of several tools the auditor uses to determine that the planned nature, extent, and timing of procedures are appropriate. Materiality represents the magnitude of an omission or misstatement of an item in a financial report that, in light of surrounding circumstances, makes it probable that the judgment of a reasonable person relying on the information would have been changed or influenced by the inclusion or correction of the item. Materiality has both quantitative and qualitative aspects. Even though quantitatively immaterial, certain types of misstatements could have a material impact on or warrant disclosure in the financial statements for qualitative reasons. .12: Auditors should use professional judgment in determining the appropriate element of the financial statements to use as a materiality base. Auditors generally consider materiality in the context of the financial statements taken as a whole, taking into account both quantitative as well as qualitative attributes of the financial statements. Auditors should exercise due professional care when setting the materiality base, carefully assessing the information gained during the planning phase of the audit and the needs of a reasonable person relying on the financial statements (SOP 04-1, paragraph 21). .13: For certain federal entities, amounts reported in the Statement of Social Insurance may vary significantly from the amounts reported in the other basic financial statements, or may differ significantly on a qualitative basis. In such cases, it may not be appropriate to establish a single materiality threshold for the entire set of financial statements. Instead, the auditor should use a separate materiality level(s) when planning and performing the audit of the Statement of Social Insurance and related disclosures (SOP 04-1, paragraph 22). .14: The auditor generally should establish planning materiality in relation to the element of the financial statements that is most significant to the primary users of the statements (the materiality base - see FAM 230.08). The auditor uses professional judgment in determining the appropriate element of the financial statements to use as the materiality base. Also, since the materiality base may be based on unaudited preliminary information determined in the planning phase, the auditor may estimate the year-end balance(s) of the materiality base(s). To provide reasonable assurance that sufficient audit procedures are performed, any estimate of the materiality base(s) should use the low end of the range of estimated materiality so that sufficient testing is performed. .15: SFFAS No. 17 includes a discussion of SFFAC No. 1, Objectives of Federal Financial Reporting, which established four major reporting objectives in applying accounting standards: 1. budgetary integrity, 2. operating performance, 3. stewardship, and 4. systems and controls. SFFAC No. 1 provides useful information to assist the auditor in determining an appropriate materiality base. For example, while all four of the objectives are important, SFFAS No. 17 states that objectives No. 2 and No. 3 directly impact the social insurance standards. .16: Objective No. 2 of SFFAC No. 1 states that federal financial reporting should assist report users to evaluate: * service efforts, costs, and accomplishments of the reporting entity, * the manner in which these efforts and accomplishments have been financed, and * the management of the entity’s assets and liabilities. SFFAS No. 17 indicates that information about social insurance that is relevant to this objective includes the cost of the program as well as longrange estimates (and ranges of estimates) of future costs and other obligations. Estimates of future costs highlight the cost impact of changes in benefit levels as well as changes in economic and demographic conditions, such as the cost of health care and life expectancies. .17: Objective No. 3 of SFFAC No. 1 states that federal financial reporting should assist report users in assessing the impact on the country of the government’s operations and investments for the period and how, as a result, the government’s and the nation’s financial condition has changed and may change in the future. Thus, federal financial reporting should provide information that helps the reader to determine whether: * the government’s financial position has improved or deteriorated over the period, * future budgetary resources will likely to be sufficient to sustain public services and to meet obligations as they come due, and * government operations have contributed to the nation’s current and future well being. .18: Fundamental questions about social insurance programs that can be addressed by accounting standards include whether: * programs are sustainable as currently constructed, * the government’s financial condition has improved or deteriorated as a result of its efforts to provide for these and other programs, and * the likelihood that these programs will be able to provide benefits at current levels to those who are planning on receiving them. The information required by this standard, taken as a whole, will help users make this assessment while acknowledging the complexity of the programs and the uncertainty of long-term projections. .19: In determining the materiality base for planning and performing audits of an entity’s Statement of Social Insurance, the auditor should evaluate the actuarial present value of the estimated future: a. revenue (excluding interest[Footnote 44]) received from or on behalf of all current and future participants (estimated future revenue), b. expenditures for or on behalf of all current and future participants (estimated future expenditures), and c. balance of estimated future revenue (excluding interest) over/(under) estimated future expenditures (actuarial balance). .20: The auditor may determine that the actuarial balances are the most significant element of the Statement of Social Insurance to users of the financial statements. If so, the materiality base would be the actuarial balance. However, the auditor has the option of selecting a materiality base of either the estimated future revenues, or the estimated future expenditures. Regardless of which materiality base is selected, the auditor generally should select the materiality base that provides reasonable assurance that sufficient audit procedures are performed. The auditor’s basis for the selection of the materiality base(s) generally should be documented, including consideration given to other possible measures or separate bases for estimated future revenue and estimated future expenditures. Auditors generally should follow the guidance in FAM 230.11-.13 in determining materiality for planning and performing audits of entity Statements of Social Insurance. Obtaining Management’s Representations .21: Entity management is responsible for preparing the Statement of Social Insurance and underlying estimates in conformity with U.S. GAAP. Management is also responsible for the accuracy and completeness of the Statement of Social Insurance (SOP 04-1, paragraph 5). Therefore, management should determine its best estimate[Footnote 45] of the economic and demographic conditions that will exist in the future. Because estimates in the Statement of Social Insurance are based on subjective as well as objective factors, management should use judgment to estimate amounts included in the Statement of Social Insurance. Management’s judgment may be based on its knowledge and experience about past and current events and its assumptions about conditions it expects to exist. .22: Consistent with FAM 1001, the auditor should obtain specific representations relating to the Statement of Social Insurance. For an audit of an entity’s Statement of Social Insurance, the representation letter should include, as applicable, representations included in FAM 1001 A, example management representation letter. Planning Considerations for the Consolidated Government-wide Report .23: Pursuant to statutory requirements of the Government Management Reform Act (GMRA) of 1994, GAO serves as the principal auditor of the consolidated financial statements (CFS) of the U. S. government. GMRA also requires the Secretary of the Treasury to annually prepare and submit to the President and the Congress an audited financial statement, or Financial Report (FR) of the United States Government, for the preceding fiscal year. The Chief Financial Officer (CFO) of each of the verifying agencies[Footnote 46] submits their financial data using the closing package[Footnote 47] process via the Governmentwide Financial Report System (GFRS) and the Federal Agencies’ Centralized Trial-Balance System (FACTS I). All nonverifying agencies must submit FACTS I adjusted trial-balance (ATB) data and must complete GFRS Notes and Other FR Data. The Inspector General (IG) of each verifying agency, except those agencies with a fiscal year-end other than September 30, opines on the closing package data, (also referred to as the “special purpose financial statements, or “special purpose closing package”) entered by the CFO into GFRS, as to its consistency with the comparative, audited consolidated, department-level financial statements. .24: According to OMB audit guidance, the auditor should determine whether the special purpose financial statements and accompanying notes are fairly presented, in all material respects, in conformity with U.S. GAAP and the presentation requirements set forth in the Treasury Financial Manual (TFM), Volume I, Part 2-Chapter 4700 (TFM 2-4700), Agency Reporting Requirements for the Financial Report of the United States Government. Beginning with fiscal year 2006, the Statement of Social Insurance is to be presented as a basic financial statement in accordance with SFFAS Nos. 25, 26, and 28. .25: TFM 2-4700 requires entities to provide the Statement of Social Insurance data and the underlying key assumptions in the FR Notes module in GFRS. All remaining social insurance information is to be submitted through the Other FR Data (Stewardship and Supplemental Information) module in GFRS[Footnote 48]. The auditor generally should: * perform the procedures described in AU 551 as indicated in OMB audit guidance for the Other FR Data information as required and defined in TFM 2-4700, and: * assess whether the Other FR Data is materially consistent with the information in the special purpose financial statements. In accordance with AU551.06 (d) the auditor report should include either an opinion on whether the accompanying information is fairly stated in all material respects in relation to the basic financial statements taken as a whole, or a disclaimer of opinion, depending on whether the information has been subjected to the auditing procedures applied in the audit of the basic financial statements. The auditor may express an opinion on a portion of the accompanying information and disclaim an opinion on the remainder. .26: Actuarial projections of the annual cash inflow from all sources exclude net interest on intragovernmental borrowing/lending for both the component entity’s Statement of Social Insurance[Footnote 49] and the U.S. government’s consolidated Statement of Social Insurance.10 In addition, because paragraph 32 (1)(a) of SFFAS No. 17 only permits cash inflow from the public to be included in the long-range actuarial projection of cash inflow presented in the U.S. government’s consolidated Statements of Social Insurance, TFM 2-4700 requires the (1) General Fund transfers for the Federal Supplementary Medical Insurance (SMI – Medicare Part B) program, (2) General Fund transfers for the Federal Supplementary Medical Insurance (SMI – Medicare Part D) program, and (3) financial interchange[Footnote 51] income for the Railroad Retirement benefits program to be excluded from the present value of the long-range actuarial projections. SFFAS No. 17 states that expense and liability recognition for the consolidated governmentwide entity are the same as for the component entities.[Footnote 52] Consequently, auditors responsible for these programs generally should determine the impact of the TFM requirement, which excludes the General Fund transfers and the financial interchange income from the present value of the long range actuarial projections on their auditing procedures. Auditors should plan and perform their department-level social insurance related audit procedures to obtain a reasonable basis for expressing an opinion on the special purpose financial statements included in the Closing Package, which include the Statement of Social Insurance. [End of section] Section 1000: Reporting: 1001 – Management Representations: .01: This section deals with the management representations that the auditor must obtain from current management as part of the audit, as described in AU 333, AT 501, AU 801, OMB audit guidance, FAM 280 and FAM 550. It covers representations about: * financial statements, * internal control, * fraud, * financial management systems’ substantial compliance with the Federal Financial Management Improvement Act of 1996 (FFMIA) by CFO Act agencies, * compliance with laws and regulations, * social insurance, * budgetary, and fund restrictions. .02: Written representations from management ordinarily confirm oral representations given to the auditor, indicate and document the continuing appropriateness of those representations, and reduce the possibility of misunderstanding. Management representations are not a substitute for obtaining other audit evidence. If other audit evidence contradicts a representation, the auditor should investigate the circumstances and evaluate the reliability of the representation. The auditor should also determine whether it is appropriate to rely on other management representations. Management’s refusal to furnish written representations is a scope limitation sufficient to preclude an unqualified opinion. .03: The specific representations obtained will depend on the circumstances of the engagement and the nature and basis of presentation of the financial statements. These representations apply to all the financial statements and all periods covered by the audit report. In addition to the representations in the AICPA standards, the auditor generally should determine the need to obtain representations on other matters based on the circumstances of the audited entity. Also, the auditor should delete inapplicable representations in the example representation letter in FAM 1001 A and should customize the letter to the situation of the entity being audited. .04: The auditor should obtain the management representation letter from the highest level of the audited entity. The auditor should decide who to ask to sign the management representation letter. Signers should be officials who, in the auditor’s view, are responsible for and knowledgeable, directly or through others, about the matters in the representation letter. These officials generally should be the head of the federal entity and the CFO, or equivalent. The auditor should obtain separate management representation letters from any component units for which the auditor will issue separate reports. .05: The auditor should ask management to prepare the representation letter on the audited federal entity’s letterhead. The auditor should ask management to sign and date the representations as of the date of the auditor’s report—the completion of the audit and not later. The audit is complete when the auditor has enough evidence and has applied enough quality controls (including supervisory, first partner, and second partner review) to be ready to sign the audit report. To be sure that the letter is ready in time, the auditor generally should provide a draft letter to management early in the audit and update it for circumstances found throughout the audit. If management signs the letter before the completion of the audit, the auditor should obtain an update of the representations to the completion of the audit date. While a written update is preferred, where the time difference is short, the auditor may update the representations orally and document the update. The auditor should obtain the management representation letter after receiving the final legal representation letter discussed at FAM 1002.15. In some cases a legal letter(s) may be obtained before the completion date of the audit so auditors will have time to review/test the information. In these cases, the auditor should perform and document inquiries to be satisfied that nothing has significantly changed between the date of the legal letter(s) and the audit completion date. .06: The audited entity generally should address the management representation letter to the Comptroller General of the United States for GAO audits. For other audits, the audited entity generally should address the management representation letter to the auditor opining on the financial statements which may be a CPA firm or the entity’s Inspector General (or it may be dual addressed). However, to avoid any delays in timely receipt of the letter, the audit team may have the audited entity deliver it directly to a member of the team such as the audit director. .07: Especially for large audited entities, management, in agreement with its auditor, generally should specify a materiality threshold for the management representation letter, below which items would not be reported. OMB audit guidance states that the management representation letter shall specify management’s materiality threshold used for reporting items in the management representation letter. It also footnotes that management and the auditor should reach an understanding on a materiality level. If no threshold is stated, management should note all exceptions in the representation letter. The auditor should be satisfied that such a materiality threshold is so far below design materiality that even many items below this level would not, in the aggregate, approach design materiality. For example, a threshold that is 5 percent (or less) of design materiality may be sufficiently low. The materiality level may be different for different representations and would not apply to those representations not directly related to amounts in the financial statements (such as responsibility for the statements). Representations Relating to the Financial Statements .08: AU 333.06 lists management representations that the auditor generally should obtain in a U.S. GAAS audit if applicable. These generally relate to management acknowledging its responsibility for the financial statements and its belief that the financial statements are fairly presented in conformity with U.S. GAAP and financial information is complete with appropriate recognition, measurement, and disclosure. Included in this representation is the effect of any uncorrected financial statement misstatements, a schedule of which is attached to the representation letter. (For this the auditor may tailor the example schedule in FAM 595 C by removing the auditor’s conclusions.) Examples of additional representations that may be appropriate depending on an entity’s business or industry are given in appendix B to AU 333. The auditor may review AU 333 to identify items to add to the representations, many of which would be modified in the federal government environment. In the example representation letter at FAM 1001 A, common presentation and disclosure representations are items #1 through #10. Representation #5 addresses uncorrected misstatements for which the auditor should attach a summary to the management representation letter. An example Summary of Uncorrected Misstatements is provided at FAM 595 C. Additionally, OMB audit guidance has emphasized the importance of identifying intragovernmental transactions and their reconciliations for federal entities and their components. In the example representation letter at FAM 1001 A, this item is #11. .09: Appendix B of AU 333 provides further example language that the auditor generally should modify as appropriate for the circumstances applicable to the federal entity being audited in the following situations: General * Unaudited interim information accompanies the financial statements. * The impact of a new accounting principle is not known. * There is justification for a change in accounting principles. * Financial circumstances are strained, with disclosure of management’s intentions and the entity’s ability to continue as a going concern. * The possibility exists that the value of specific significant long- lived assets or certain identifiable intangibles may be impaired. * The entity engages in transactions with special purpose entities. * The entity used the work of a specialist Cash: * Cash is restricted by nonentity ownership; escrow, trust, or other fiduciary activity; and seizures awaiting legal resolution. Financial instruments * The value of debt or equity securities has declined. * Management has determined the fair value of significant financial instruments that do not have readily determinable market values. * There are financial instruments with off-balance-sheet risk and financial instruments with concentrations of credit risk. Receivables: * Receivables have been properly stated in the financial statements (for example, at estimated net realizable value). Collectability of federal receivables requires considerable management judgment. Inventories: * Excess, obsolete, or unserviceable inventories exist. Items held for repair are properly valued. Valuation allowances for federal inventories require considerable management judgment. Deferred charges and unearned revenues: * Material expenditures have been deferred and unearned revenue has been properly accrued. Debt: * Short-term debt could be refinanced on a long-term basis, and management intends to do so. Contingencies[Footnote 53]: * Estimates and disclosures have been made of environmental remediation liabilities and related loss contingencies. * Agreements may exist to repurchase assets previously sold. Pension and postretirement benefits: * An actuary has been used to measure pension liabilities and costs. * There is involvement with a multiemployer plan. * Postretirement benefits have been eliminated. * Employee layoffs that would otherwise lead to a curtailment of a benefit plan are intended to be temporary. * Management intends to either continue to make or not make frequent amendments to its pension or other postretirement benefit plans, which may affect the amortization period of prior service cost, or management has expressed a substantive commitment to increase benefit obligations. Sales: * There may be losses from sales commitments. * There may be losses from purchase commitments. * There are no undisclosed sales terms. .10: The auditor should determine the need for additional customizing of the example representation letter in FAM 1001 A and for the additional representations in FAM 1001.09. Many of the representations may have to be qualified, especially in an initial audit or in later audits where significant problems remain. For instance, where the example representation letter states that there are no violations of laws or regulations, the entity may need to add at the end of the statement,“except as follows:” and describe the violations. .11: In addition, the auditor should determine whether circumstances may require that additional descriptive items be included in the representation letter, especially as support for conclusions the auditor makes in the report. This is important where the corroborating information that can be obtained by procedures other than inquiry is limited. For example, the auditor should ask that the letter include descriptions of (1) the reasons for scope limitations imposed by the audited entity, such as the lack of availability of certain records, (2) the basis for material liability estimates, key asset valuations, or the probability of contingencies, and (3) significant plans or intentions for the entity. For example, if the entity has a pension plan outside of the Civil Service Retirement System or the Federal Employees’ Retirement System, an item may state that the entity does not plan to terminate the plan and that management believes the actuarial assumptions and methods used to measure pension liabilities and costs for financial reporting purposes are appropriate in the circumstances. Representations Relating to Internal Control: .12: Internal control representations, when the auditor expresses an opinion on internal control, are found in AT 501.44. These representations, examples for which are provide in FAM 1001 A, relate to management’s * acknowledging its responsibility for internal control (item #12); * stating that management has assessed the effectiveness of its internal control and specifying the control criteria used (item #13); * stating management’s assertion about the effectiveness of its internal control based on the control criteria (item #14); * stating that management has disclosed to the auditor all significant deficiencies in the design or operation of internal control that could adversely affect the entity’s ability to meet the internal control objectives and pointing out those that are material weaknesses using the definition in the representation letter, which is the definition in AU 325 (item #15); and * stating whether there were any changes to internal control subsequent to the end of the reporting period (item #16). .13: For bullets 2 and 3 in FAM 1001.12, entities may use criteria established under FMFIA and OMB Circular No. A-123 in their FMFIA internal control assessment. Standards in GAO’s green book Standards for Internal Control in the Federal Government, (GAO/AIMD-00-21.3.1) were established as standards for federal entities to follow. These standards incorporate concepts from the private sector guidance Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission. Federal entities should summarize in the representation letter any material weaknesses relating to financial reporting (including safeguarding), and compliance (including budget). Example wording for the representations, where management asserts that its internal control in place as of the date of the financial statements and during the years ended provided reasonable assurance that misstatements, losses, or noncompliance material in relation to the financial statements would be prevented or detected on a timely basis is provided in FAM 1001 A (item #14). If there are material weaknesses, management should include a brief description of them in its representation letter and modify its assertion accordingly. Representations Relating to Fraud .14: Internal control representations related to fraud can be found in AU 316. These representations, examples for which are provide in FAM 1001 A, relate to management’s: * acknowledging its responsibility for the design and implementation of programs and controls to prevent and detect fraud (item #17); * disclosing knowledge of any fraud or suspected fraud affecting the agency involving management, employees who have significant roles in internal control, or others where the fraud could have a material effect on the financial statements (item #18); and * disclosing knowledge of any allegations of fraud or suspected fraud affecting the entity received in communications from employees, former employees, analysts, regulators, or others (item #19). Representations Relating to Financial Management Systems’ Substantial Compliance with FFMIA Requirements .15: FFMIA requires the auditor who audits the financial statements of a CFO Act agency to report whether the agency’s financial management systems substantially comply with (1) federal financial management systems requirements, (2) applicable federal accounting standards (U.S. generally accepted accounting principles), and (3) the SGL at the transaction level. To report in accordance with FFMIA, the auditor should obtain representations from management as to the agency’s systems’ substantial compliance with these requirements. .16: The auditor should obtain representations that management is responsible for having its systems substantially comply with the FFMIA requirements, stating that it has assessed the systems’ compliance, stating the criteria used, and asserting the systems’ substantial compliance (or lack thereof). The criteria are the requirements in OMB Circular No. A- 127, Financial Management Systems, which incorporates the SGL, the JFMIP/OFFM Federal Financial Management Systems Requirements documents, and other OMB circulars. These requirements are further described, including indicators of substantial compliance, in OMB’s FFMIA implementation guidance for CFOs and IGs, referenced in OMB’s audit guidance. Example FFMIA representations are in FAM 1001 A, items #20 through #22. Representations Relating to Compliance with Laws and Regulations .17: AU 801.07 provides that representations relating to compliance with laws and regulations state that management has identified and disclosed to the auditor all laws and regulations that have a direct and material effect on the financial statements. Example compliance representations are in FAM 1001 A, items #23 through #27. .18: In addition, AT 601 deals with compliance attestation. The auditor need not follow AT 601 because the auditor is not giving an opinion on compliance. However, when the auditor determines additional representations regarding compliance are needed, examples are given in AT 601.68. Other Representations: .19: FASAB standards require a Statement of Social Insurance for certain entities. See AICPA publication SOP 04-1, Auditing the Statement of Social Insurance, (AU 333; SOP 04-1 §36). Example social insurance representations are in FAM 1001 A, items #28 through #36. OMB audit guidance includes a representation by management on the consistency of budgetary data. Example budget data representation is in FAM 1001 A, item #37. Further, FASAB SFFAS No. 27, Identifying and Reporting Earmarked Funds, requires financial statement disclosure for earmarked funds.[Footnote 54] An example for earmarked and restricted funds representation is in FAM 1001 A, item #38. Effect of Change in Management on Representation Letter: .20: Sometimes management is reluctant to sign representations for periods when it did not manage the entity. The auditor may explain to management that by issuing the financial statements, it is making the assertions implicit in the financial statements. Management may wish to understand the transactions and controls supporting the financial statements, and the auditor may help it do so. Where a change in management is expected, the auditor may advise the new management to obtain representations from the old management about the period prior to the change. Additionally, the auditor may discuss with management the following to obtain representations when a change in management occurs: * Auditing standards require management representations covering all financial statements presented. * In the engagement letter (FAM 215) entity management indicated that it would provide certain representations covering all financial statements presented. * New executives may consult with appropriate staff that was present for the year to determine whether the representations officials will sign are complete and accurate. * Representations are made to the best of the signer’s knowledge and belief. * Not signing will result in a scope limitation and disclaimer of the auditor’s opinion. 1001 A – Example Management Representation Letter: [Entity Letterhead]: [Date of auditor’s report and completion of the audit]: The Honorable [name of Inspector General or Comptroller General]: [Title as Inspector General or Comptroller General of the United States]: [Name of IG entity or U.S. Government Accountability Office]: [Also, include the independent external auditor as an addressee, if appropriate.]: Address: Dear [name(s)]: We are providing this letter in connection with your audit of the [entity’s] balance sheet as of September 30, 20X8 and 20X7, [or dates of audited financial statements] and the related statements of net costs, changes in net position, budgetary resources, social insurance [if applicable] and custodial activity [if applicable], for the years then ended (hereinafter referred to as the “financial statements”). You conducted your audit to (1) express an opinion as to whether the financial statements are presented fairly, in all material respects, in conformity with U.S. generally accepted accounting principles, (2) report [or express an opinion] on the entity’s internal control over financial reporting and compliance with laws and regulations as of September 30, 20X8 [or date of latest audited financial statements], (3) (For CFO Act agencies) report whether the [entity’s] financial management systems substantially comply with federal financial management systems requirements, applicable federal accounting standards (U.S. generally accepted accounting principles), and the U.S. Government Standard General Ledger at the transaction level as of September 30, 20X8, and (4) test for compliance with applicable laws and regulations. In addition, you have performed certain audit procedures with respect to the [entity’s] 20X8 Management’s Discussion and Analysis (MD&A) and other supplementary information, which is included as part of the 20X8 financial statements of the [entity]. (Recommended paragraph) Certain representations in this letter are described as being limited to matters that are material. For purposes of this letter, matters are considered material if they involve $XX or more. Items also are considered material, regardless of size, if they involve an omission or misstatement of accounting information that, in the light of surrounding circumstances, makes it probable that the judgment of a reasonable person relying on the information would be changed or influenced by the omission or misstatement. (OMB audit guidance states that the management representation letter shall specify management’s materiality threshold used for reporting items in the management representation letter.) We confirm, to the best of our knowledge and belief, the following representations made to you during the audits. These representations pertain to both years’ financial statements, and update the representations we provided in the prior year: Presentation and Disclosure: 1. We are responsible for the fair presentation of the financial statements in conformity with U.S. generally accepted accounting principles. We are also responsible for the preparation of the MD&A, and (if any): required supplementary information (RSI), required supplementary stewardship information (RSSI), and other supplementary information. 2. The financial statements are fairly presented in conformity with U.S. generally accepted accounting principles. The MD&A, and (if any) RSI, RSSI, and other supplementary information are fairly presented and are consistent with the financial statements. 3. We have made available to you all a. financial records and related data; b. where applicable, minutes of meetings of the Board of Directors [or other similar bodies of those charged with governance] or summaries of actions of recent meetings for which minutes have not been prepared; and c. any communications from the Office of Management and Budget (OMB) concerning noncompliance with or deficiencies in financial reporting practices. 4. There are no material transactions that have not been properly recorded in the accounting records underlying the financial statements or disclosed in the notes to the financial statements. 5. There are no uncorrected financial statement misstatements as we have adjusted the financial statements for all known and likely misstatements you have informed us of. (or) We believe that the effects of uncorrected financial statement misstatements summarized in the attached summary are immaterial, both individually and in the aggregate, to the financial statements taken as a whole. (An example summary is provided in FAM 595 C.) [If management believes that certain of the identified items are not misstatements, management’s belief may be acknowledged by adding to the representation, for example, “We believe that items XX and XX do not constitute misstatements because (description of reason).”] 6. The [entity] has satisfactory title to all owned assets, including stewardship property, plant, and equipment. There are no liens or encumbrances on these assets and no assets have been pledged. 7. We have no plans or intentions that may materially affect the carrying value or classification of assets and liabilities or that we are required to disclose in the financial statements. 8. There are no guarantees under which the [entity] is contingently liable that require reporting or disclosure in the financial statements. 9. Related party transactions including related accounts receivable or payable, revenues, expenditures, loans, transfers, leasing arrangements, assessments, and guarantees have been properly recorded and disclosed in the financial statements. 10. No material events or transactions have occurred subsequent to September 30, 20X8 [or date of latest audited financial statements], that have not been properly recorded in the financial statements or disclosed in the notes. Intra-governmental Activities: 11. All intra-entity transactions and balances have been appropriately identified and eliminated for financial reporting purposes. All intra- governmental transactions and activities have been appropriately identified, recorded, and disclosed in the financial statements. We have reconciled [or have been unable to reconcile] material intragovernmental transactions and balances with the federal entity providing the goods or services. Internal Control: 12. We are responsible for establishing and maintaining a system of internal control. 13. Pursuant to 31 U.S.C. 3512(c), (d) (commonly known as the Federal Managers’ Financial Integrity Act), we have assessed the effectiveness of the [entity’s] internal control in achieving the following objectives: a. Reliability of financial reporting: Transactions are properly recorded, processed, and summarized to permit the preparation of the financial statements in accordance with U.S. generally accepted accounting principles, and assets are safeguarded against loss from unauthorized acquisition, use, or disposition. b. Compliance with applicable laws and regulations: Transactions are executed in accordance with laws governing the use of budget authority; other laws and regulations that could have a direct and material effect on the financial statements, and any other laws and regulations identified in OMB audit guidance. [This item is optional if the auditor is not opining on internal control. Also, if the agency bases its internal control assessment on suitable criteria other than 31 U.S.C. 3512(c), (d), cite the criteria used (for example, Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission).] 14. Those controls in place on September 30, 20X8 [or date of latest audited financial statements], and during the years ended 20X8 and 20X7, provided reasonable assurance that the foregoing objectives are met. [Delete this item if the auditor is not opining on internal control.] [If there are material weaknesses: Those controls in place on September 30, 20X8, and during the years ended 20X8 and 20X7, were not effective to provide reasonable assurance that the foregoing objectives were met because of the effects of the material weaknesses discussed below or in an attachment.] 15. We have disclosed to you all significant deficiencies in the design or operation of internal control that could adversely affect the [entity’s] ability to meet the internal control objectives and identified those we believe to be material weaknesses (or determined that none is a material weakness). [This item is optional if the auditor is not opining on internal control.] 16. There have been no changes to internal control subsequent to September 30, 20X8 [or date of latest audited financial statements], or other factors that might significantly affect the effectiveness of internal control. [If there were changes, describe them, including any corrective actions taken with regard to any significant deficiencies or material weaknesses.] Fraud: 17. We acknowledge our responsibility for the design and implementation of programs and controls to prevent and detect fraud (intentional misstatements or omissions of amounts or disclosures in financial statements and misappropriation of assets that could have a material effect on the financial statements). 18. We have no knowledge of any fraud or suspected fraud affecting the [entity] involving: a. management, b. employees who have significant roles in internal control, or c. others where the fraud could have a material effect on the financial statements. [If there is knowledge of any instances, describe them.] 19. We have no knowledge of any allegations of fraud or suspected fraud affecting the [entity] received in communications from employees, former employees, or others. [If there is knowledge of any such allegations, they should be described.] Compliance of Systems with FFMIA: [For CFO Act agencies subject to the Federal Financial Management Improvement Act of 1996 (FFMIA)] 20. We are responsible for implementing and maintaining financial management systems that substantially comply with federal financial management systems requirements, federal accounting standards (U.S. generally accepted accounting principles), and the U.S. Government Standard General Ledger at the transaction level. 21. We have assessed the financial management systems to determine whether they substantially comply with those federal financial management systems requirements. Our assessment was based on guidance issued by OMB. 22. The financial management systems substantially complied with federal financial management systems requirements, federal accounting standards, and the U.S. Government Standard General Ledger at the transaction level as of [date of the latest financial statements]. [If the financial management systems substantially comply with only one or two of the above elements, modify as follows: As of [date of financial statements], the [agency’s] financial management systems substantially comply with [specify which of the three elements for which there is substantial compliance (e.g., federal accounting standards and the SGL at the transaction level)], but did not substantially comply with [specify which of the elements for which there was a lack of substantial compliance (e.g., federal financial management systems requirements)], as described below (or in an attachment).] [If the financial management systems do not substantially comply with any of these three elements, use the following paragraph: As of [date of financial statements], the [agency’s] financial management systems do not substantially comply with the federal financial management systems requirements.] [If there is a lack of substantial compliance with one or more of the three requirements, identify all the facts pertaining to the noncompliance, including the nature and extent of the noncompliance and the primary reason or cause of the noncompliance.] Laws and Regulations: 23. We are responsible for the [entity’s] compliance with applicable laws and regulations. 24. We have identified and disclosed to you all laws and regulations that have a direct and material effect on the determination of financial statement amounts [may list laws and regulations]. 25. There are no a. violations or possible violations of laws or regulations whose effects we should evaluate for disclosure in the financial statements or as a basis for recording a loss contingency, b. material liabilities or gain or loss contingencies that are required to be accrued or disclosed that have not been accrued or disclosed, or c. unasserted claims or assessments that are probable of assertion and must be disclosed that have not been disclosed. [When there is no general counsel and management has not consulted legal counsel regarding contingencies, the auditor should obtain a written representation from management that legal counsel has not been consulted. Example wording is: “We are not aware of any pending or threatened litigation, claims, or assessments or unasserted claims or assessments that are required to be accrued or disclosed in the financial statements in accordance with SFFAS No. 5. We have not consulted legal counsel concerning litigation, claims, or assessments.” (See FAM 1002.24) 26. We have complied with all aspects of contractual agreements that would have a material effect on the financial statements in the event of noncompliance. 27. We are not aware of any violations of the Antideficiency Act that we must report to the Congress and the President (and provide a copy of the report to the Comptroller General) for the year ended September 30, 20x8, (or, we have reported all known violations of the Antideficiency Act) and through the date of this letter. Statement of Social Insurance: [For entities presenting a Statement of Social Insurance (SOSI) see AICPA publication SOP 04-1, Auditing the Statement of Social Insurance, (SOP 04-1 §36) which suggests the following management representations.] 28. Management is responsible for the assumptions and methods used in the preparation of the SOSI. Management agrees with the actuarial methods and assumptions used by the entity’s actuary and have no knowledge or belief that would make such methods or assumptions inappropriate in the circumstances. Management did not give any instructions, nor cause any instructions to be given to the entity’s actuary with respect to values or amounts derived, and is not aware of any matters that have affected the objectivity of the entity’s actuary. Management believes that the actuarial assumptions and methods used to measure the amounts in the SOSI for financial accounting purposes are appropriate in the circumstances. 29. Actuarial assumptions and methods used to measure the amounts in the SOSI for financial accounting and disclosure purposes represent management’s best estimates regarding future events based on demographic and economic assumptions and future changes mandated by law. 30. There were no material omissions from the data provided to the entity’s actuary for the purpose of determining the actuarial present value of the estimated future income to be received and estimated future expenditures to be paid during the projection period sufficient to illustrate the long-term sustainability of (name of the social insurance program) as of (dates of SOSI presented). 31. The SOSI covers a projection period sufficient to illustrate the long-term sustainability of the social insurance program. 32. Management provided the auditor with all the reports developed by external review groups appointed by the entity or the program’s trustees related to estimates in the SOSI. 33. The following matters relating to the SOSI have been disclosed properly in the notes to the financial statements: a. The accumulated excess of all past cash receipts, including interest on investments, over all past cash disbursements within the social insurance program represented by the fund balance at the valuation date. b. An explanation of how the net present value is calculated for the closed group. c. Comparative financial information for items in paragraphs 2a, 2b 2c and 2d (1) of SOP 04-1, for the current year and for each of the preceding four years. (Note any preceding years that are unaudited). d. Significant assumptions used in preparing estimates 34. There have been no changes in (or, changes in the following have been properly reported or disclosed in) the actuarial methods or assumptions used to calculate amounts recorded or disclosed in the financial statements between a. the valuation dates (for example: of January 1, 20x8 and January 1, 20x7) or changes in the method of collecting data, and: b. the valuation date (for example: of January 1, 20x8), and the financial reporting date (of September 30, 20x8) or changes in the method of collecting data. 35. There have been no changes in (or, changes in the following have been properly reported or disclosed in) laws and regulations affecting social insurance program income and benefits between a. the valuation dates (for example: January 1, 20x8 and January 1, 20x7) b. the valuation date (for example: January 1, 20x8) and the financial reporting date (of September 30, 20x8). 36. Accounting estimates applicable to the financial information of the entity included in the SOSI are based on management’s best estimate, after considering past and current events and assumptions about future events. Budgetary and Restricted Funds [OMB audit guidance includes a representation by management on the consistency of budgetary data in the following paragraph.] 37. The information presented in the (entity’s) Statement of Budgetary Resources (materially - defined in paragraph 2 on page 1001 A-1) agrees with information submitted in its year-end Reports on Budget Execution and Budgetary Resources (SF-133s). The information will be used as input for fiscal year 20x8 actual column of the Program and Financing Schedules reported in the fiscal year 20x0 Budget of the U.S Government. This information is supported by the related financial records and data. 38. We have disclosed in the financial statements all material earmarked funds[Footnote 55] as defined by FASAB SFFAS No. #27 and all material restricted funds. [Name of Head of Entity]: [Title]: [Name of Chief Financial Officer] [Title] Attachment: 1002 - Inquiries of Legal Counsel .01: FAM 1002 provides guidance on procedures to obtain evidence that the financial accounting and reporting of contingencies[Footnote 56] regarding litigation, claims, and assessments conform with U.S. generally accepted accounting principles (U.S. GAAP). FAM 1002 discusses the accounting and reporting guidance and audit procedures for inquiries of legal counsel concerning litigation, claims, and assessments, and includes an example audit program at FAM 1002 A; an example legal representation letter request at FAM 1002 B; and a legal representation letter response at FAM 1002 C. Accounting and Reporting Guidance: .02: Entity management is responsible for implementing policies and procedures to identify, evaluate, account for, and disclose litigation, claims, and assessments as a basis for the preparation of financial statements in conformity with U.S. GAAP. .03: Statement of Federal Financial Accounting Standards (SFFAS) No. 5, Accounting for Liabilities of the Federal Government, as amended by SFFAS No. 12, Recognition of Contingent Liabilities Arising from Litigation, contains accounting and reporting standards for loss contingencies, including those arising from litigation, claims, and assessments.[Footnote 57] The Federal Accounting Standards Advisory Board (FASAB) Interpretation No. 2, Accounting for Treasury Judgment Fund Transactions, provides additional guidance related to claims to be paid through the Treasury Judgment Fund.[Footnote 58] Statement of Financial Accounting Standards (FAS) No. 5, Accounting for Contingencies, also provides guidance for financial accounting and reporting for loss and gain contingencies for government corporations and entities following U.S. GAAP for the private-sector promulgated by the Financial Accounting Standards Board (FASB). The definition of probable for legal contingencies is essentially the same in FAS No. 5 and SFFAS No. 5. .04: A contingency is an existing condition, situation, or set of circumstances involving uncertainty as to possible gain or loss to an entity. The uncertainty will ultimately be resolved when one or more future events occur or fail to occur. When a loss contingency exists, the likelihood that the future event or events will confirm the loss or impairment of an asset or the incurrence of a liability can range from remote to probable. SFFAS Nos. 5 and 12 use the terms remote, reasonably possible, and probable to identify three areas within the range of probability, as follows: * Remote—The chance of the future event or events occurring is slight. * Reasonably possible—The chance of the future event or events occurring is more than remote but less than probable. * Probable—For pending or threatened litigation and unasserted claims, the future confirming event or events are likely to occur. (For other contingencies, the future event or events are more likely than not to occur.) .05: The entity should recognize a liability and a related charge to expense for an estimated loss from a loss contingency only when[Footnote 59]: a. a past event or exchange transaction has occurred, b. a future outflow or other sacrifice of resources is probable, and c. the future outflow or sacrifice of resources is measurable. .06: Disclosure of the nature of an accrued liability for loss contingencies, including the amount accrued, may be necessary for the financial statements not to be misleading. For example, if the amount recognized is large or unusual, the entity should determine whether to disclose the contingency. However, if no accrual is made for a loss contingency because one or more of the conditions in FAM 1002.05 are not met, the federal government and its entities should report contingent losses that involve situations where there is at least a reasonable possibility that a loss has been incurred. The entity should disclose the nature of the contingency, and an estimate of the possible liability or range of possible liability, if estimable, or a statement that such an estimate cannot be made. The reporting of contingent losses depends on the likelihood that a future event or events will confirm the loss or impairment of an asset or the incurrence of a liability. Terms used to assess the likelihood of loss are remote, reasonably possible, and probable as discussed in FAM 1002.04. Contingent losses that are assessed as probable and measurable are accrued in the financial statements. Losses that are assessed to be at least reasonably possible are disclosed in the notes. For an overview of the standards that provide criteria for how federal agencies are to account for contingent losses based on the likelihood of the loss and the measurability, see table 1 below: Table 1: Accounting for Contingent Losses: [See PDF for image] [End of table] Management decides what to report. The auditor evaluates whether management’s reporting is in accordance with U.S. GAAP. In addition, if the Judgment Fund might be involved in the payment of the possible loss, the federal entity involved in the litigation should discuss the Judgment Fund’s role in a note to the financial statements. .07: Although management often relies on advice of legal counsel about the (a) likelihood of an unfavorable outcome and (b) estimates of the amount or range of potential loss for litigation, claims, and assessments, management is ultimately responsible for determining whether these contingencies are probable, reasonably possible, or remote. Management does this to decide whether they should be recognized as liabilities and/or disclosed in the notes to the financial statements. Thus, the Office of Management and Budget’s (OMB) audit guidance requires CFO Act entity management to prepare a schedule summarizing legal contingencies including whether they are probable, reasonably possible, or remote, and whether (and in what amounts) they have been accrued or disclosed in the financial statements. An Example Management Summary Schedule is provided at FAM 1002 D. Audit Procedures: .08: The auditor should design procedures to test the entity’s accounting for and disclosure of litigation, claims, and assessments. AU 337 (SAS #12) provides guidance on the procedures to identify litigation, claims, and assessments to evidence that they are appropriately accounted for and disclosed. AU 9337 provides auditing interpretations of AU 337. OMB audit guidance also contains procedures for inquiries of legal counsel. (See FAM 1002 A for example audit procedures.) .09: The auditor should obtain evidence relevant to the following factors with respect to litigation, claims, and assessments: a. The existence of a condition, situation, or set of circumstances indicating uncertainty as to the possible loss to an entity arising from litigation, claims, and assessments. b. The period in which the underlying causes for legal action occurred. c. The likelihood of an unfavorable outcome (probable, reasonably possible, or remote). d. The amount or range of potential loss, if estimable. .10: The auditor may discuss with management the events or conditions in accounting for and reporting of litigation, claims, and assessments. The auditor should perform audit procedures to corroborate the information provided by management, including requesting that management send a legal letter request to the entity’s legal counsel. .11: A letter from legal counsel to the auditor, in response to a legal letter request from management to legal counsel, is the auditor’s primary means of corroborating the information furnished by management concerning the accuracy and completeness of litigation, claims, and assessments. The auditor should ask management to have the legal letter request include either (1) a list of pending or threatened litigation, claims, and assessments, or (2) a request by management that legal counsel prepare the list. The auditor should also ask management to have the legal letter request include a list of unasserted claims and assessments the lawyer determined probable of assertion, and that, if asserted, would have at least a reasonable possibility of an unfavorable outcome, to which legal counsel has devoted substantive attention on the entity’s behalf in the form of legal consultation or representation (or a statement that management is not aware of any matters meeting the criteria). The auditor should obtain assurance from management, ordinarily in writing, that it has disclosed all unasserted claims when it is considered probable that a claim will be asserted and there is a reasonable possibility that the outcome will be unfavorable. Legal counsel then would supplement management’s information about those unasserted claims and assessments, including an explanation of any matters where their views differ from those expressed by management in the legal letter request. In the federal government, where the general counsel may be part of management, the general counsel may instead provide the list of unasserted claims or assessments meeting the above criteria. The auditor should ask management to have the legal letter request include a request for legal counsel to make a statement that they will advise management about unasserted claims and assessments that management should evaluate for disclosure. See the example request at FAM 1002 B and example response at FAM 1002 C. .12: The auditor should also perform procedures to learn about certain legal claims against the government involving interaction between the government and its environment. This could include events where federal operations caused (1) hazardous waste for cleanup, (2) accidental damage to nonfederal property, or (3) other damage to federal property. In these cases, no monetary damages are being sought, but rather plaintiffs generally seek that the government either take or cease a particular action, which if successful, could cost the government significant amounts of money to comply. An example is a claim that was brought against the Department of Energy over its classification of certain radioactive waste for disposal. Because the classification affected how the waste could be disposed of and thus the cost of disposal, a successful claim could have resulted in a material increase in the agency’s environmental liabilities. Auditors should make inquiries of management and legal counsel to determine whether the entity has such cases that could create a loss contingency, and whether the entity considered those cases in determining the amount of liability to be disclosed per FAM 1002.05-1002.06. If such cases exist, the auditor should apply the procedures in FAM 1002.08- 1002.11 to these cases as well. Timing of Legal Letter Request and Responses: .13: The auditor generally should perform procedures for inquiries of legal counsel concerning litigation, claims, and assessments on a timely basis to give priority to the resolution of potential problem areas and to complete other procedures. To meet deadlines, the auditor, entity management, and legal counsel generally should coordinate the timing of legal letter requests, responses (including interim responses), and related management schedules. The auditor and the entity management should determine the due dates for obtaining responses from component units to provide legal letter responses for the entity’s financial statements as well as for the U. S. Government’s Consolidated Financial Statements. In setting the due dates, the auditor and entity management generally should allow management to inquire of Department of Justice legal counsel on a case-specific basis. .14: In addition, when an entitywide audit team uses the work of entity component audit teams, the entitywide and component audit teams generally should coordinate the timing of legal letter requests, responses, and management schedules and determine the due dates for the component financial statements as well as the entitywide financial statements. The entitywide team generally should receive copies of the component letters from the component audit teams by the due dates. .15: The legal counsel’s response should include matters that existed at the balance sheet date and through a date near the completion of the audit. If the effective date is substantially in advance of the completion of the audit (for example, earlier than 2 weeks before the completion of the audit), the auditor should contact the legal counsel for an updated response. To avoid this situation, the legal letter request may specify the period the legal counsel’s response is to cover and the date the auditor expects to receive the response. .16: To assist the auditor in completing the review of legal matters in a timely manner (and to assist management in preparing the financial statements), the auditor may ask management to request legal counsel to submit a preliminary or interim response covering matters that existed at the current date and through a point in time reasonably before the completion of the audit so that a preliminary evaluation of the significance of material legal matters can be made. This is particularly applicable to large federal agencies with numerous and complex cases.[Footnote 60] If an interim letter is used, the auditor should ask the entity to request that legal counsel submit a final or updated response covering matters from the interim date through the date of audit completion. The entity should request that the updated response contain only changes or a statement indicating there are no changes from the interim response and any new matters from the interim date through the completion of the audit. The auditor should ask the entity to request that legal counsel date and submit the final legal representation letter to coordinate with the management representation letter in FAM 1001. However, in some cases, the legal representation letters are ready first so entity management may rely upon them before signing the management representation letters. In theses cases, the auditor should make oral inquiries of legal counsel and document whether material changes had occurred from the date of the legal representation letter to the date of audit completion. The auditor should plan to receive letters to meet the reporting deadline in accordance with OMB Circular No. A-136, Financial Reporting Requirements. See FAM 1002 B for an example legal letter request that includes requests for interim and updated responses from legal counsel. Determining a Materiality Level .17: The auditor and the entity may agree to limit the legal inquiry to matters that are considered individually or collectively material to the financial statements, provided that the entity and the auditor have agreed on the materiality level. The auditor should ask the entity to indicate the materiality level, if used, in the legal letter request and the entity should ask the lawyer to include the materiality in the response. .18: In determining a materiality level for the legal letter, the auditor and the entity should set the level sufficiently low that the cases not included in the legal letter would not be material to the financial statements taken as a whole when aggregated with (1) other cases not included in the letter, (2) all other types of contingencies, (3) all other items that would not be adjusted because they are judged immaterial (unadjusted misstatements), (4) all other amounts in the financial statements that would not be tested directly because they were judged to be immaterial, and (5) all other items resolved on the basis of materiality considerations. .19: In aggregating cases, the auditor and the entity may use two levels of aggregation. First, similar cases are aggregated (such as employment discrimination cases, harbor maintenance fee cases, spent nuclear fuel cases, or military promotion board challenges), treated as a group and the auditor should compare the total with the individual materiality level. The aggregation generally includes a list of the individual cases and a discussion of the items of information included in the legal letter for the aggregated cases (see FAM 1002 B and FAM 1002 C). Second, cases not included in the legal letter individually or as part of a group of similar cases are aggregated. The auditor may use a higher materiality level for such an aggregation. However, the auditor may set this higher materiality level sufficiently low that the cases not included in the legal letter would not be material to the financial statements taken as a whole when aggregated with the other items listed in the previous paragraph. .20: Where the entity engages more than one legal counsel, the entity and the auditor should determine whether matters considered not material individually would exceed the materiality limit when aggregated. In addition, when separate legal representation letters are requested on individual components (such as bureaus or offices) of a consolidated entity because of individual component audits, the auditor may determine materiality levels for each component. Legal Counsels from Whom Information Should be Requested: .21: Most federal entities have a general counsel who has primary responsibility for and knowledge about the entity’s litigation, claims, and assessments. The auditor should request entity management to send a legal letter request to the general counsel. In addition, the auditor should ask the management and/or general counsel whether the entity used outside legal counsel whose engagement may be limited to particular matters (e.g., specific litigation). .22: In the federal government, the main legal counsel outside of the entity is the Department of Justice.[Footnote 61] The entity’s management, its legal counsel, or the auditor may consult with Justice as well as other outside legal counsel to assure completeness and accuracy of the presentation of matters related to litigation, claims, and assessments. Such consultation may include requesting a list of pending litigation, claims, and assessments from Justice or other outside legal counsel, or discussion of specific cases. .23: The auditor should ask the entity to request that legal counsel cover all litigation, claims, and assessments pertaining to the federal reporting entity, including matters handled by Justice and other outside legal counsel on behalf of the entity. If the general counsel has overall responsibility for handling and evaluating litigation, claims, and assessments, the evaluation and responses by general counsel ordinarily are adequate evidence. However, evidential matter obtained from general counsel is not a substitute for information that outside legal counsel refuses to furnish to the auditor. .24: Where there is no general counsel and management has not consulted legal counsel, the auditor should obtain a written representation from management that legal counsel has not been consulted. Such representation may be incorporated as an item in the management representation letter. (See FAM 550 and 1001.) An example item is: “We are not aware of any pending or threatened litigation, claims, or assessments or unasserted claims or assessments that are required to be accrued or disclosed in the financial statements in accordance with SFFAS No. 5. We have not consulted legal counsel concerning litigation, claims, or assessments.” Evaluation of Responses: .25: Written responses from legal counsel will vary considerably in the scope of information provided and in the opinion expressed. In preparing the responses, legal counsel uses the guidance contained in the American Bar Association’s Statement of Policy Regarding Lawyers’ Responses to Auditors’ Requests for Information (ABA Policy Statement) (included in its entirety in AU 337 C). .26: The auditor should ask the entity to request that legal counsel cover all entity components included in the financial statements being audited. Additionally, legal counsel generally should indicate the disposition of cases included in the prior year’s letter that are no longer contingencies. .27: The auditor should evaluate each response in terms of sufficiency as evidence and consider (a) the possible limitations on the scope of legal counsel’s responses and (b) the lack of sufficient opinion on the resolution of a case. AU 9337 provides guidance in evaluating legal counsel’s responses. The auditor should evaluate any “unable to determine” and vague and unclear responses. The auditor also should evaluate the legal counsel’s response in light of any other information that comes to the auditor’s attention. Possible Limitations on the Scope of Legal Counsel’s Responses .28: When legal counsel limits the response, the auditor should determine whether the limitation affects the auditor’s report. Legal counsel may appropriately limit their response to certain matters. For example, to matters that (a) legal counsel has given substantive attention to in the form of legal consultation or representation, and (b) are determined to be individually or collectively material to the financial statements, provided the entity and the auditor have reached an understanding on materiality levels. These limitations are acceptable and do not limit the audit scope. .29: The following are examples of limitations on legal counsel’s responses that the auditor should not accept and that would ordinarily result in a scope limitation: a. Legal counsel refuses to furnish the requested information. When legal counsel refuses to furnish the information requested in the legal letter request, the auditor should evaluate this matter as a scope limitation sufficient to preclude an unqualified opinion. b. Legal counsel excludes matters requested. The legal counsel’s responses may not address all information requested. The auditor should compare legal counsel’s response with the legal letter request and determine whether legal counsel has addressed all the information requested. If legal counsel has excluded any of the requested matters, the auditor should obtain responses for those matters from legal counsel. If the auditor is unable to obtain all the information needed, the auditor should evaluate this as a scope limitation that could be sufficient to preclude an unqualified opinion. c. Legal counsel indicates that certain information is being withheld due to attorney-client privilege. Under the American Bar Association (ABA) Code of Professional Responsibility, legal counsel is required to preserve the confidences and secrets of the client. Legal counsel may disclose confidences to the auditor only with the consent of the client. If the legal letter request is prepared in accordance with AU 337, the auditor should expect that legal counsel would be responsive; otherwise the scope of the audit would be restricted. On the other hand, explanatory language in the legal letter request or in legal counsel’s response emphasizing that management or legal counsel does not intend to waive attorney-client privilege or attorney work-product privilege does not result in a scope limitation. Lack of Sufficient Opinion on the Resolution of a Case: .30: The following are examples of legal counsel responses that lack sufficient opinion on the resolution of a case: a. Uncertainties. Legal counsel may be unable to respond concerning the likelihood of an unfavorable outcome of litigation, claims, and assessments or the amount or range of potential loss, because of inherent uncertainties. In these circumstances, the auditor generally should conclude that the financial statements are affected by an uncertainty concerning the outcome of a future event, which is not susceptible to reasonable estimation. See FAM 580 for reporting on uncertainties. b. Unclear responses. Legal counsel sometimes use general terms to indicate their evaluation of the outcome of a case. The ABA Policy Statement states that legal counsel may, in the appropriate circumstances, communicate to the auditor their view that an unfavorable outcome is “probable” or “remote.” The legal letter responses may include phrases that mean remote or probable. The phrases below are examples of opinions that provide sufficient clarity that the likelihood of an unfavorable outcome is remote: * “We are of the opinion that this action will not result in any liability to the entity.” * “We believe that the plaintiff’s case against the entity is without merit.” The following are examples of opinions that indicate significant uncertainty as to whether the entity will prevail: * “In our opinion, the entity has a substantial chance of prevailing in this action.” (A “substantial chance,” a “reasonable opportunity,” and similar terms indicate more uncertainty than an opinion that the entity will prevail.) * “It is our opinion that the entity will be able to assert meritorious defenses to this action.” (The term “meritorious defenses” indicates that the court will not summarily dismiss the entity’s defenses; it does not indicate legal counsel’s opinion that the entity will prevail.) .31: To avoid unclear and incomplete responses, the auditor generally should ask management to request legal counsel to use Justice’s standard forms to describe legal contingencies (see FAM 1002 C-4 to C-6 for examples of these forms). When legal counsel does not indicate whether the unfavorable outcome is probable or remote, management and the auditor should conclude that the outcome is reasonably possible, and management should determine the disclosure. Management, with legal counsel’s advice, determines whether cases are probable, reasonably possible, or remote, to decide whether to recognize them as liabilities and/or disclosed them in the notes to the financial statements. .32: If the auditor is not certain about legal counsel’s evaluation, the auditor should discuss the matters with legal counsel and entity management (and document the oral discussion) and/or obtain written clarification in a follow-up letter. Sometimes legal counsel may give a clearer indication of likelihood orally. If legal counsel is unable to give a clear evaluation of the likelihood of an unfavorable outcome, management should disclose the uncertainty and the auditor should evaluate the uncertainty’s effect on the audit report. Example Legal Letter Request: .33: The legal letter request, which the auditor may assist management to draft, should be on the audited entity’s letterhead, signed by the Chief Financial Officer (CFO), or equivalent, and ask that the reply be sent directly to the auditor with a copy to management by specified due dates. FAM 1002 B provides an example legal letter request that includes requests for interim and updated responses from legal counsel and matters that should be covered in the letter. Example Legal Counsel’s Responses and Management’s Schedule: .34: The General Counsel’s response on General Counsel letterhead is sent to the auditor with a copy to management by the agreed-upon due dates. The counsel may indicate that the response is provided for the auditor’s use in connection with the audit. .35: FAM 1002 C shows an example of a legal counsel response, including the legal representation letter that should include Justice’s legal contingency standard forms for each case or group of cases. Forms can be obtained on Justice’s website at [hyperlink, http://www.usdoj.gov/civil/forms/forms.htm] and auditors should check that current forms were used. .36: FAM 1002 D shows an example of management’s schedule that documents how the information contained in the legal counsel’s responses was used in preparing the financial statements. Management should include each case discussed in the legal letter and indicate (1) the amount accrued for probable cases and (2) note disclosure for reasonably possible cases, probable cases where the amount cannot be estimated, and probable cases where a range of amounts above the accrued amount is estimated. Practice Aids: .37: The following practice aids are provided at: FAM 1002 A – Example Audit Procedures for Inquiries of Legal Counsel; FAM 1002 B – Example Legal Letter Request; FAM 1002 C – Example Legal Representation Letter, and: FAM 1002 D – Example Management Summary Schedule. 1002 A – Example Audit Procedures for Inquiries of Legal Counsel Entity: Period of financial statements: Job code: Example Audit Procedures: I. Testing Procedures: 1) Ask management about the entity’s policies and procedures for identifying, evaluating, and accounting for litigation, claims, and assessment; Done by/date: [Empty]; Doc Ref.: [Empty]. Example Audit Procedures: 2) Obtain from management (or the entity’s legal counsel) a description and evaluation of litigation, claims, and assessments existing as of the balance sheet date and through the date of management’s response (see timing of the audit at FAM 1002.13 to 1002.16); Done by/date: [Empty]; Doc Ref.: [Empty]. Example Audit Procedures: 3) To determine whether an outside legal counsel is performing services for the entity, inquire of management whether outside legal counsel has been used by the entity and the matters handled. Ask management for a list of pending litigation, claims, and assessments from the Department of Justice and/or examine correspondence and invoices from other outside legal counsel (e.g., for legal fees), if any; Done by/date: [Empty]; Doc Ref.: [Empty]. Example Audit Procedures: 4) Ask whether there have been changes in the status of general counsel or outside legal counsel such as any resignations, or intentions to resign. If so, determine if there are matters that may affect the financial statements. For example, in appropriate circumstances, a legal counsel may be required by the ABA Code of Professional Responsibility to resign the engagement if the legal counsel’s advice concerning disclosures is disregarded by the entity; Done by/date: [Empty]; Doc Ref.: [Empty]. Example Audit Procedures: 5) To identify litigation, claims, and assessments read minutes of management meetings, contracts, loan agreements, leases, and correspondence from other government entities and discuss pertinent items with management; Done by/date: [Empty]; Doc Ref.: [Empty]. Example Audit Procedures: 6) If information comes to the auditor’ s attention that may indicate a potential contingency with respect to litigation, claims, or assessments that may require adjustment to or disclosure in the financial statements, discuss with the entity its possible need to consult legal counsel. Depending on the severity of the matter, refusal by the entity to consult legal counsel in those circumstances may result in a scope limitation. Determine the effect of such a limitation on the auditor’s report; Done by/date: [Empty]; Doc Ref.: [Empty]. Example Audit Procedures: 7) Request entity management to send a legal letter request to the general counsel asking counsel to respond directly to the auditor. (Obtain a copy of the legal letter request.) Determine whether there is a need to request legal letters from any outside legal counsel. The legal letter should cover litigation, claims, and assessments pertaining to the reporting entity, including matters handled by the Department of Justice or other outside legal counsel. (See FAM 1002 B for an example legal letter request.) Coordinate with management and legal counsel to determine * the timing of legal letter requests and responses and related management’s summary/schedules of information contained in legal responses and * a materiality level to be included in the legal representation letter. (FAM 1002.17-.20); Done by/date: [Empty]; Doc Ref.: [Empty]. Example Audit Procedures: 8) Read the legal letter responses and management’s schedules to identify litigation, claims, and assessments; Done by/date: [Empty]; Doc Ref.: [Empty]. Example Audit Procedures: 9) Compare the description and evaluation of the current year’s legal letter responses to the prior year’s audit documentation. If this comparison indicates that certain legal matters in the prior year are no longer included, discuss these matters with management or legal counsel to obtain an understanding of the reasons for the changes; Done by/date: [Empty]; Doc Ref.: [Empty]. Example Audit Procedures: 10) Determine whether the information in the legal representation letter is consistent with management’s schedule summarizing the information in the letter and related supporting documentation; Done by/date: [Empty]; Doc Ref.: [Empty]. Example Audit Procedures: 11) Document and discuss with legal counsel if the information obtained is not complete, clear, or consistent; Done by/date: [Empty]; Doc Ref.: [Empty]. Example Audit Procedures: 12) Evaluate legal counsel’s responses and determine the effects of the responses on liabilities and related note disclosures in the financial statements and on the auditor’s report; Done by/date: [Empty]; Doc Ref.: [Empty]. Example Audit Procedures: 13) If a response date is substantially in advance of the audit report date, for example, earlier than 2 weeks prior to date of auditors’ report, obtain a written or oral update response. (The longer the period between the legal letter and the audit report date, the more important a written update becomes.); Done by/date: [Empty]; Doc Ref.: [Empty]. Example Audit Procedures: II. Reporting Procedures: Obtain a representation from management in the management representation letter (see FAM 550 and 1001) that the entity has disclosed all unasserted claims that legal counsel has advised are probable of assertion that, if asserted, would have at least a reasonable possibility of an unfavorable outcome and must be disclosed. 1) Discuss the description and evaluation of litigation, claims, and assessments obtained with management to determine if, subsequent to the date of legal counsel’s response, there have been any changes in status of the matters, changes in management’s evaluation of the outcome, or additional matters to be evaluated; Done by/date: [Empty]; Doc Ref.: [Empty]. Example Audit Procedures: If there are significant changes in the status of the matters or new matters, obtain a written confirmation or updated response from legal counsel; Done by/date: [Empty]; Doc Ref.: [Empty]. Example Audit Procedures: 3) Have management include in the management representation letter representations related to contingencies and determine if they are appropriately accrued and disclosed as required by SFFAS No. 5, as amended. If management has not consulted legal counsel, obtain a written representation from management that legal counsel has not been consulted. This representation may be incorporated in the management representation letter (see FAM 550 and 1001); Done by/date: [Empty]; Doc Ref.: [Empty]. Example Audit Procedures: 4) Read the entity’s financial statements and notes and: a) evaluate the adequacy of financial statement disclosure for contingencies with respect to litigation, claims, and assessments; b) determine if the financial statement disclosures for contingencies with respect to litigation, claims, and assessments are prepared in accordance with OMB guidance; and c) for federal entities involved in litigation for which the Judgment Fund is a likely source of judgment or settlement, determine if a note to the financial statements discusses the Judgment Fund’s role in the payment of a possible loss, as required by FASAB Interpretation No. 2, Accounting for Treasury Judgment Fund Transactions; Done by/date: [Empty]; Doc Ref.: [Empty]. Example Audit Procedures: 5) Document conclusions reached concerning the accounting for and disclosure of litigation, claims, and assessments, determine if adjustments are necessary, and whether modification of the auditor’s report is necessary (see FAM 580); Done by/date: [Empty]; Doc Ref.: [Empty]. 1002 B – Example Legal Letter Request: [Audited Entity Letterhead]: Date: [date]: To: General Counsel: From: Chief Financial Officer [signed]: Subject: [Auditor’s] Audits of 20X8 and 20X7: Financial Statements: Pursuant to [cite applicable legal authority to conduct the audit, such as 31 U.S.C. 3521], [auditor’s name] is auditing the financial statements of [entity] as of and for the years ended September 30, 20X8, and 20X7. In performing audits of government entities, auditors comply with Government Auditing Standards, issued by the Comptroller General of the United States (the “yellow book”). For financial statement audits, Government Auditing Standards incorporate the fieldwork and reporting standards of the American Institute of Certified Public Accountants (AICPA) and the Statements on Auditing Standards that interpret them. Consistent with AU 337 of the AICPA’s Codification of Statements on Auditing Standards, [auditor] has inquired about litigation, claims, and assessments to obtain evidence as to the financial accounting and reporting of such matters in the financial statements. The purpose of this letter is to request your assistance in responding to that inquiry. The American Bar Association Statement of Policy Regarding Lawyers’ Responses to Auditors’ Request for Information (December 1975) provides guidance for the lawyer’s response to the auditor’s request. In accordance with Statement of Federal Financial Accounting Standards (SFFAS) No. 5, Accounting for Liabilities of the Federal Government, as amended by SFFAS No. 12, and Interpretation No. 2 of SFFAS No. 4 and 5, [entity] may need to report certain information in its financial statements and notes concerning contingent liabilities for litigation, claims, and assessments. We request that you provide [auditor] (with a copy to me) information on matters with respect to which you have been engaged and to which you have devoted substantive attention on behalf of [entity] in the form of legal consultation or representation. Please furnish an interim response by [agreed-upon date], but no later than (insert date such as August 29, 20x8), including matters that existed as of July 31, 20X8. Please furnish an updated response by [agreed-upon date] but no later than (insert date such as October 31, 20x8) that includes any new legal matters from August 1 through October 31, 20x8, and any significant changes from your interim response or furnish a statement that there are no new changes. (For CFO Act Audits only; the auditor and entity should determine appropriate timing for other audits.) Please include any cases[Footnote 62] with respect to which you have been engaged and to which you have devoted substantive attention on behalf of the [entity] in the form of legal consultation or representation, even those cases for which you believe the Judgment Fund or some financing source other than [entity]’s budgetary resources will pay any potential loss. Under U.S. generally accepted accounting principles, these amounts will be included as liabilities or disclosure items in the [entity]’s financial statements. Please aggregate cases similar in nature where appropriate. Please list the matters in order of the amount of potential loss, starting with the largest. Pending or Threatened Litigation (excluding unasserted claims): We and [auditor] have determined that any matters (1) for which the amount of potential loss exceeds $XX, individually or in the aggregate for similar cases, or (2) for which the amount of potential loss exceeds $XXX in the aggregate for cases not listed individually or as part of similar cases, could be material to the financial statements. We request that you provide to [auditor] the information described below about pending or threatened litigation where the amount of potential loss exceeds $XX: 1. The nature of the matter. Include a description of the case or cases and amount claimed, if specified. 2. The progress of the case to date. 3. The government’s response or planned response (for example, to contest the case vigorously or to seek an out-of-court settlement). 4. An evaluation of the likelihood of unfavorable outcome. Please categorize likelihood as probable (an unfavorable outcome is likely to occur), reasonably possible (the chance of an unfavorable outcome is less than probable but more than remote), or remote (the chance of an unfavorable outcome is slight). 5. An estimate of the amount or range of potential loss, if one can be made, for losses considered to be probable or reasonably possible. 6. The name of the [entity]’s legal counsel handling the case and names of any outside legal counsel/other lawyers representing or advising the government in the matter (Department of Justice or outside law firms). We also request that you identify litigation reported in your prior year legal representation letter as pending or threatened that is no longer pending or threatened and a short description of the disposition. Unasserted Claims and Assessments: [If legal counsel is a part of management use this paragraph.] Please provide the following information for all unasserted claims and assessments that you consider to be probable of assertion and which, if asserted, would have at least a reasonable possibility (more that remote) of an unfavorable outcome (1) for which the amount of potential loss exceeds over $XX, individually or in the aggregate for similar cases, or (2) for which the amount of the potential loss exceeds $XXX in the aggregate for cases not listed individually or as part of similar cases, involving matters to which you have devoted substantive attention. [If legal counsel is not part of management, such as an outside legal counsel, use this paragraph.] We have provided an attachment to this request that lists the unasserted claims and assessments that we believe are probable of assertion and which, if asserted, would have at least a reasonable possibility (more than remote) of an unfavorable outcome (1) for which the amount of potential loss exceeds $XX, individually or in the aggregate, for similar cases, or (2) for which the amount of potential loss exceeds $XXX in the aggregate for cases not listed individually or as part of similar cases, involving matters to which you have devoted substantive attention. Please provide the following information for each matter and for any additional matters that you believe meet these criteria. 1. A description of the nature of the matter. 2. The government’s planned response if the claim is asserted. 3. An evaluation of the likelihood of an unfavorable outcome. (Categorize likelihood as probable (likely to occur) or reasonably possible (less than probable but more than remote).) 4. An estimate of the amount or range of potential loss, if one can be made. Please specifically confirm to [auditor] that our understanding of the following is correct: Whenever, in the course of performing legal services for us, with respect to a matter recognized to involve an unasserted possible claim or assessment that may call for financial statement disclosure, if you have formed a professional conclusion that we should disclose or consider disclosure concerning such possible claim or assessment, as a matter of professional responsibility to us, you will (1) advise us of your conclusion and (2) consult with us concerning the question of such disclosure and the applicable requirements of SFFAS No. 5, as amended. We request that you describe the cases using the Department of Justice forms (one for pending or threatened litigation, another for unasserted claims). To obtain the current forms, go to the Department of Justice website at [hyperlink, http://www.usdoj.gov/civil/forms/forms.htm]. Please separately identify any pending or threatened litigation and unasserted claims with respect to which you have been engaged and to which you have devoted substantive attention on behalf of the [entity] in the form of legal consultation or representation for which you believe another government entity will be responsible for any potential liability. Please specifically identify the nature of and reasons for any limitations on your response to this request. Please address your reply to [auditor], and contact them at (phone number), when your reply is available for pick up, and send a copy of your reply to me. Do not hesitate to contact me or [auditor] if you have any questions about this request. 1002 C – Example Legal Representation Letter: [General Counsel Letterhead]: [Date]: [Auditor]: [Title]: [Agency or Firm Name]: [City]: Subject: Legal Response in Connection with the 20X8 and 20X7 Financial Statement: Audits of [entity name]: Dear [Auditor]: As General Counsel of [entity], I am writing in response to the legal letter request from the [entity]’s Chief Financial Officer (CFO) dated [date], in connection with the audit of [entity]’s financial statements as of and for the years ended September 30, 20X8 and 20X7 [see FAM 1002 B]. [In an interim response, add “I will, as further requested by the CFO, provide an updated response by [date].”] I call your attention to the fact that as General Counsel for [entity], I have general supervision of [entity]’s legal affairs. [If the general legal supervisory responsibilities of the person signing the letter are limited, set forth a clear description of those legal matters over which the signer exercises general supervision, indicating exceptions to such supervision and situations where the auditor may primary rely on other sources.] In such capacity, I have reviewed litigation and claims threatened or asserted involving [entity] and have consulted with outside legal counsel about them when I have deemed appropriate. Subject to the foregoing and to the last paragraph of this letter, I advise you that since [insert date of beginning of period under audit] neither I, nor any of the lawyers over whom I exercise general legal supervision, have given substantive attention to, or represented [entity] in connection with (1) loss contingencies [over the amount of (state materiality level agreed to with auditor and stated in request letter, for example $1 million)], or (2) loss contingencies that are less than or equal to [for example, $1 million] but in the aggregate exceed, [for example, $5 million] coming within the scope of clause (a) of Paragraph 5 of the Statement of Policy referred to in the last paragraph of this letter, except as follows: [Describe litigation and claims that fit the foregoing criteria as follows. General Counsel may use current Department of Justice forms to describe the cases (one for pending or threatened litigation, another for unasserted claims); see the DOJ website at [hyperlink, http://www.usdoj.gov/civil/forms/forms.htm.][Footnote 63] Pending or Threatened Litigation: (Excluding unasserted claims and assessments, which are discussed below) 1. Nature of the matter (include a description of the case or cases and amount claimed, if specified). 2. Progress of the case to date. 3. Current or intended response. 4. Evaluation of the likelihood of an unfavorable outcome (categorize likelihood as probable, reasonably possible, or remote). 5. Estimated amount or range of potential loss, if determinable, for losses considered to be probable or reasonably possible. 6. Name of [entity]’s legal counsel handling the case and names of any outside legal counsel representing or advising the government in the matter. Pending or threatened litigation that was reported in the prior year’s legal representation letter, which is no longer pending or threatened is as follows [Identification of litigation with a short description of its disposition.] With respect to matters that have been specifically identified as contemplated by clauses (b) or (c) of paragraph 5 of the ABA Statement of Policy, I advise you, subject to the last paragraph of this letter, as follows: Unasserted Claims and Assessments (considered to be probable of assertion and which, if asserted, would have at least a reasonable possibility of an unfavorable outcome) 1. Nature of the matter. 2. Intended response if claim would be asserted. 3. Evaluation of the likelihood of an unfavorable outcome. (Categorize likelihood as probable or reasonably possible.) 4. Estimated amount or range of potential loss, if determinable. The information set forth herein is [(as of the date of this letter) or (as of (insert date), the date on which we commenced our internal review procedures for purposes of preparing this response)], except as otherwise noted. [If an interim response, add “Upon receipt of a request to update the response, I will provide an updated response, which is due on [date],”] {If a final response: I disclaim any undertaking to advise you of changes that, after the date of this letter, may be brought to my attention or the attention of our lawyers over whom I exercise general legal supervision.} [The following language is generally consistent with AU 337C) This response is limited by, and in accordance with, the ABA Statement of Policy Regarding Lawyers’ Responses to Auditors’ Requests for Information (December 1975); without limiting the generality of the foregoing, the limitations set forth in such statement on the scope and use of this response (Paragraphs 2 and 7) are specifically incorporated herein by reference, and any description herein of any “loss contingencies” is qualified in its entirety by Paragraph 5 of the statement and the accompanying commentary (which is an integral part of the statement). Consistent with the last sentence of Paragraph 6 of the ABA Statement of Policy, this will confirm as correct the [entity]’s understanding that whenever, in the course of performing legal services for the [entity] with respect to a matter recognized to involve an unasserted possible claim or assessment that may call for financial statement disclosure, I have formed a professional conclusion that the [entity] must disclose or consider disclosure concerning such possible claim or assessment, I, as a matter of professional responsibility to [entity], will so advise the [entity] and will consult with the [entity] concerning the question of such disclosure and the applicable requirements of Statement of Federal Financial Accounting Standards (SFFAS) No. 5, Accounting for Liabilities of the Federal Government, as amended by SFFAS No. 12, and Interpretation Number 2 of SFFAS No. 4 and 5. [Describe any other or additional limitation as indicated by Paragraph 4 of the statement.] Sincerely yours, [Name of General Counsel]: [Title]: cc: Chief Financial Officer: Attachments (DOJ forms or other case information): The auditor should see that management prepare this schedule (or equivalent) summarizing the information contained in the legal letters. In particular, the auditor should determine that management has concluded as to the likelihood of loss about each case to determine whether an amount should be recorded in the financial statements and/or if note disclosure is necessary for the financial statements to conform with U.S. GAAP. Although most information comes directly from the legal letter, the auditor should determine that financial staff have accurately added the information in the last two columns to indicate the disposition of each case in the financial statements. Management's Schedule of Information Contained in Legal Letter Responses for Financial Reporting Purposes: Amounts in thousands: Table: [See PDF for image] [End of figure] Guidance for Preparation: 1. Matters should be listed on this schedule in order of the amount or range of potential loss, starting with the largest. 2. The level of aggregation should generally be at the same level as in the general counsel's letter. However, there may be instances where the level of aggregation is too high to be able to prepare this schedule in a way that is meaningful. In such cases, the auditor should request that the CFO work with legal counsel to provide further disaggregation of dissimilar cases. There may also be other instances in which a higher level of aggregation is desirable. The auditor should request that CFOs use professional judgment, considering the purpose of this schedule when determining the level of aggregation. Column: 1: Reference key: Page number of legal representation letter obtained from General Counsel discussing the case, or other reference information. 2: Amount claimed: Amount claimed in the litigation, claim, or assessment (if specified) 3: Name of case or related cases: Where appropriate, provide name of case or aggregated cases which meet materiality threshold. 4: Likelihood of loss: Indicate management's evaluation of the likelihood of loss on individual or aggregated cases. Options: P: probable (loss likely to occur); R/P: reasonably possible (the chance of loss is less than probable, but more than remote); or R: remote (the chance of loss is slight). 5: Amount or range of potential loss: Options: 5a: Probable (P) -- Provide single estimate or lower end of range, if known. Enter "U" if unknown. (Also provide column totals.) 5b: Reasonably possible (R/P) -- Provide single estimate or lower end of range, if provided. Enter "U" if unknown. Also provide column totals. 5c: If amounts in P or R/P are ranges, provide upper end of range; otherwise, enter "n/a." 6: Disposition in financial statements - amount recorded: If applicable, provide corresponding dollar amount recorded as a liability in the financial statements. (Also provide column totals.) 7: Disposition in financial statements - note disclosure: If applicable, indicate by note reference number where case information is separately disclosed or included in amounts disclosed in notes to the financial statements. (Also provide column totals.) 1003 - Financial Statement Audit Completion Checklist Entity: Job Code: Principal Report: Other Reports (including management reports and testimonies): Instructions: .01: This checklist is a tool to help auditors of financial statements determine whether they have complied with GAGAS, OMB audit guidance, and the FAM. The auditor-in-charge (AIC), audit senior, or audit manager should prepare this checklist before the audit completion date and sign in section VIII. The assistant director and first partner (audit director) should review this checklist before the audit completion date and also sign in section VIII. For GAO audits, the chief accountant or second partner should review the checklist and sign in section IX when engagement quality control review (previously called a second partner review) is completed before the audit completion date. If the audit is conducted at multiple sites, the site supervisor may complete parts of the checklist for each site (with the AIC, audit senior, or audit manager completing the overall checklist). While parts of the checklist are useful in audit planning, no signatures are required on the checklist in the planning phase. .02: The detailed questions in this checklist are to be answered “Yes”, “No”, or “N/A (not applicable)”. For most questions, “No” answers indicate departures from professional standards or from auditor policies. The auditor should explain all “No” answers in section VII of this checklist and determine the effects and significance of “No” answers, including any effects on the auditor’s report. Auditors should check “N/A” when the item does not exist or when the item exists but is judged to be not material. Because the checklist is designed for a wide range of financial statement audits, there may be many “N/A” answers. If the reason why a question is not applicable is not obvious, the auditor should document the reason on the checklist or in an attachment. It is not necessary to create additional documentation to support the “Yes” answers, but a column is provided to insert a reference to related audit documentation (“Ref.”). The questions are summarized. For most questions, there is a reference to professional literature that provides more detail. .03: Section V has questions on GAO’s report considerations and section VI has questions on GAO’s quality control. GAO auditors should complete these sections. IG auditors and other auditors may use these sections or may substitute forms that conform to their reporting style and quality controls. .04: See FAM 650 related to reviewing this checklist (or equivalent) when using the work of others. .05: FAM Volume 3 has two checklists, Checklist for Federal Accounting (FAM 2010), and Checklist for Federal Reporting and Disclosures, (FAM 2020), which superseded the July 2004 FAM 1050 checklist. The two checklists cover accounting, financial reporting, and disclosure requirements related to federal financial statements prepared using U.S. GAAP promulgated by FASAB and includes form and content presentation contained in OMB Circular No. A-136 (June 29, 2007). The AICPA publishes a disclosure checklist for financial statements prepared using U.S. GAAP promulgated by FASB. Preparers of entity financial statements may document their conformity with U.S. GAAP by either: * completing the FAM 2010 and FAM 2020 checklists, or * completing the AICPA disclosure checklist, as applicable, and a supplemental checklist for FASAB requirements, or * completing an equivalent checklist that addresses applicable accounting, financial reporting, and disclosure requirements. Preparers should tailor checklists to the needs of their individual entity financial statements and auditors should review finished checklists for completeness and accuracy. If the preparer does not complete the checklists, the auditor should complete FAM 2010 and FAM 2020 or equivalent to document the conformity of the entity’s financial statements with U. S. GAAP as discussed in FAM 560. .06: For GAO’s financial audits, this checklist incorporates, by reference, additional job-related documentation requirements. .07: For GAO’s financial audits, the chief accountant or second partner should perform an engagement quality control review. This review should be documented on FAM 1003-29. IG auditors and other auditors should determine the need for a similar review as part of their system of quality control under GAGAS. Contents: Section Topic Page: I. Planning and Concluding the Audit: II. Key Audit Areas: III. Consultation: IV. Report: V. GAO’s Report Considerations: VI. GAO’s Quality Control: VII. Explanation of “No” Answers and Other Comments: VIII. Conclusions: IX. Engagement Quality Control Review (Second Partner Review): References: AICPA Professional Standards (vol. 1, Auditing): GAO/PCIE Financial Audit Manual: Government Auditing Standards (2007 edition): Section I: Planning and Concluding the Audit: 1. Has the audit team documented that it has a. established an understanding with those contracting for the audit, officials of the entity, or others defined as the client and those charged with governance as to the objectives of the work; management’s responsibilities; auditors’ responsibilities; an overview of the nature, extent, and timing of planned audit procedures, the form, general content, and timing of communications; planned reporting on the financial statements, internal control, and compliance; the planned level of assurance; any limitations of the work and any potential restrictions on the auditor’s reports; and b. issued an engagement letter, contract, or other written communication to describe the terms of the engagement? (FAM 215 and GAGAS, par. 4.06); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section I: Planning and Concluding the Audit: 2. Was an entrance conference held? (FAM 215 A); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section I: Planning and Concluding the Audit: 3. Does audit documentation contain an understanding of the entity, its operations, and its internal controls sufficient to assess risk and plan the audit? (FAM 290.03-.04); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section I: Planning and Concluding the Audit: 4. Does the audit documentation contain an adequate audit strategy and audit plan? (FAM 290.05 and FAM 290.09); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section I: Planning and Concluding the Audit: 5. Did the audit team adequately perform and document planning steps (FAM 290.05) to include a. Perform preliminary analytical procedures? (FAM 225) b. Determine planning and design materiality and tolerable misstatement? (FAM 230) c. Identify the methodology used to assess computer-related controls and document the basis for believing that the methodology used is appropriate? (GAO auditors should use FISCAM.) (FAM 240) d. Identify significant laws & regulations? (FAM 245) e. Identify relevant budget restrictions? (FAM 250) f. Design the audit to achieve an acceptable level of audit assurance that the financial statements are not materially misstated? (GAO uses 95 percent.) (FAM 260) g. Discuss the susceptibility of the entity’s financial statements to material misstatement? (FAM 260) h. Assess inherent risk and the overall effectiveness of the control environment, risk assessment, communication, and monitoring, including whether weaknesses in the control environment, risk assessment, communication, and monitoring preclude the effectiveness of specific control activities? (FAM 260) i. Assess fraud risks, including any related to revenue and to management override of controls, and exercise professional skepticism throughout the audit? (FAM 260 and FAM 290.08) j. Brainstorm risk of material misstatement including fraud risk and error risk? (FAM 260) k. Consider the effects of information technology, including service centers? (FAM 270) l. Consider operations controls to test? (FAM 275) m. Plan other procedures (representation letters, related party transactions, sensitive payments)? (FAM 280) n. Determine locations to be visited? (FAM 285) o. Determine staffing requirements? (FAM 290.05) p. Determine timing of procedures and milestones? (FAM 290.05) q. Determine extent of assistance from entity personnel? (FAM 290.05); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section I: Planning and Concluding the Audit: 6. Does the audit strategy consider findings and recommendations from previous audits that could affect the current audit objectives? (GAGAS, par. 4.09); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section I: Planning and Concluding the Audit: 7. Did the audit team identify budget controls for each relevant budget restriction and perform sufficient work to support the conclusions on internal control? (FAM 250, 310.06, 330.09); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section I: Planning and Concluding the Audit: 8. Did the audit team identify compliance controls and perform sufficient work to support the conclusions on internal control? (FAM 245, 310.05, 330.10); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section I: Planning and Concluding the Audit: 9. Did the audit team use the work of others (CPA firms, IGs, internal auditors, or specialists)? (FAM 650); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section I: Planning and Concluding the Audit: 10. Did the audit team perform overall analytical procedures, including documentation of a. expectations, b. data/sources, c. parameters, d. explanations/corroboration, and e. conclusions? (FAM 590.04); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section I: Planning and Concluding the Audit: 11. Does the documentation indicate that the audit team properly performed procedures in the reporting phase of the audit (FAM 590) as follows: a. Evaluate misstatements, including considering whether any misstatements are indicative of fraud? (FAM 540) b. Bring all uncorrected known and likely misstatements to the attention of entity management and those charged with governance? (FAM 540.07) c Obtain attorneys’ representations? (FAM 550.02 and FAM 1002) d. Review subsequent events? (FAM 550.04 and FAM 1005) e. Obtain management representations? (FAM 550.07 and FAM 1001) f. Identify and evaluate related party transactions? (FAM 550.12 and FAM 1006) g. Communicate with those charged with governance? (FAM 550.13) h. Review the consistency of other information in the Annual Financial Report? (FAM 580.77); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section I: Planning and Concluding the Audit: 12. Does the audit summary memorandum or equivalent properly summarize or refer to documentation (FAM 590.02-.03) addressing the following? a. Any changes from original assessments of the risk of material misstatement, materiality, or tolerable misstatement? b. Additional fraud risks or other conditions identified during the audit calling for an additional response and the related response? c. The basis for conclusions on significant auditing, accounting, and reporting issues? d. Conclusions on adequacy of procedures and sufficiency of evidence? e. The effects of uncorrected misstatements (known and likely) on the financial statements? f. Conclusions on financial statements? g. Conclusions on internal control? h. Conclusions on whether the entity’s financial management systems meet the requirements of FFMIA? i. Conclusions on compliance with laws and regulations? j. Conclusions on the consistency of accompanying information with the financial statements?; N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section I: Planning and Concluding the Audit: 13. Has the audit director determined that communications have occurred among the audit team members regarding fraud risks and error risks? (FAM 540.19); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section I: Planning and Concluding the Audit: 14. Is there documentation that a. The director approved deviations from the “should” procedures in the FAM and the basis for the deviations? (FAM 110.28) b. The auditor complied with “must” procedures of professional auditing standards as noted in the FAM? (FAM 110.28 and Appendix B); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section II: Key Audit Areas: Planning and Concluding the Audit: Answer the questions below for each key audit area or cycle. The key audit areas and cycles to which these questions apply are: 1. Did the audit team prepare the documentation summarizing considerations in planning and performing the work in the key audit areas and cycles for a. Cycle Matrix or an equivalent (or documentation in Account Risk Analysis or an equivalent) showing links between accounts, cycles, applications and line items? (FAM 290.06) b. Account Risk Analysis or an equivalent? (FAM 290.07) c. Cycle Memorandum and/or flowchart or equivalents? (FAM 390.05) d. Specific Control Evaluation or an equivalent? (FAM 390.07) e. Written audit plan and procedures? (FAM 390.01) 1. Did the audit team prepare the documentation summarizing considerations in planning and performing the work in the key audit areas and cycles for a. Cycle Matrix or an equivalent (or documentation in Account Risk Analysis or an equivalent) showing links between accounts, cycles, applications and line items? (FAM 290.06) b. Account Risk Analysis or an equivalent? (FAM 290.07) c. Cycle Memorandum and/or flowchart or equivalents? (FAM 390.05) d. Specific Control Evaluation or an equivalent? (FAM 390.07) e. Written audit plan and procedures? (FAM 390.01); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section II: Key Audit Areas: 2. If conditions changed during the course of the audit, were the audit strategy, audit plans, and procedures modified as appropriate in the circumstances, including evidence of first partner/director approval? (AU 311.05); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section II: Key Audit Areas: 3. When the audit team performed sampling, did it properly determine and document the a. method used in relation to test objectives, b. sample size and the method of determining the sample size, c. tests performed, d. results (misstatements and deviations found), e. evaluation (including projection to the population), and f. conclusions? (FAM 490.05a); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section II: Key Audit Areas: 4. When the audit team performed substantive analytical procedures, did it properly document a. expectations and the method used to develop them, b. data sources/reliability, c. limit/criteria, d. client explanations and corroborating evidence, e. additional procedures, if any and f. conclusions? (FAM 490.05b); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section II: Key Audit Areas: 5. When the audit team performed interim testing, did it a. test the rollforward period, b. properly document the i. basis for using interim testing and the line items/ accounts and assertions tested, ii. procedures performed, and iii. effects of any misstatements found? (FAM 495 C.06); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section II: Key Audit Areas: 6. Did the audit team evaluate the reasonableness of significant accounting estimates made by management? (AU 342); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section II: Key Audit Areas: 7. Were known and likely misstatements identified in the testing of the key area carried forward to the Schedule of Uncorrected Misstatements? (FAM 540.04 and FAM 595 C); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section II: Key Audit Areas: 8. Did an IS specialist review the specific control evaluation to evaluate the audit team’s decision on which controls are computer-related (including controls relating to service-center-produced records)? (FAM 350.10); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Based on the risk of material misstatement, did the audit team perform adequate substantive audit procedures for line items/accounts on the following pages? (If not a key area, check the N/A box.) Section II: Key Audit Areas: Fund Balance with Treasury (FBWT) Consider these issues: * Did the audit team test the entity’s year-end reconciliation of Fund Balances with Treasury to Treasury accounts? * Did the audit team determine if the entity a. researched and resolved differences before making adjustments, b. recorded any necessary adjustments in the entity’s FBWT accounts, c. reported the adjustments to Treasury, if applicable, and: d. disclosed in the notes to the financial statements material unreconciled differences and budget clearing account differences at year-end, and material unreconciled differences written off by the entity during the year? * Did the audit team assess (at absolute value) the materiality of unreconciled differences, including those in budget clearing accounts?; N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section II: Key Audit Areas: Receivables: Consider these issues: * If substantive audit procedures were performed prior to year-end, was there an adequate review of transactions from the interim date to the balance sheet date? (AU 313.08-.09) * Were receivables confirmed and appropriate follow-up steps taken, including second requests and subsequent collections? (AU 330.30-.32) * Are receivables stated at net realizable value after allowance for uncollectible accounts? (AU 342.02); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section II: Key Audit Areas: Inventories: Consider these issues: * Were physical inventories observed at locations where material amounts were located? (AU 331) * If perpetual inventory records are maintained, does the documentation indicate that differences disclosed by the physical inventory (or cycle counts) are properly reflected in the financial statements? (AU 331) * When the physical inventory is taken at a date other than the balance sheet date (or where rotating procedures are used), did the auditor consider inventory transactions between the inventory date(s) and the balance sheet date? (AU 313.08-.09) * Does the documentation contain evidence that counts were correctly made and recorded (was control over inventory tags or count sheets maintained) and test count quantities were reconciled with the counts reflected in the final inventory? (AU 331) * Were there adequate tests of a. clerical accuracy of the inventory, b. costing methods and substantiation of costs used in pricing all elements of the inventory, and: c. cutoff? * Were analytical procedures used to test the overall valuation of inventories?; N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section II: Key Audit Areas: Investments Consider these issues: * Was a summary schedule prepared (or obtained) and details tested with respect to the description, purchase price and date, changes during the period, income, market value, etc. of investments? * Were securities either examined or confirmed? (AU 332); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section II: Key Audit Areas: Property, Plant, and Equipment Consider these issues: * Was a summary schedule prepared (or obtained) to show beginning balances, changes during the period, and ending balances for a. property, plant, and equipment, and b. accumulated depreciation and were significant activity and balances tested, particularly for existence and other significant assertions? * Were property items capitalized or expensed in accordance with consistent capitalization limits? * Did the audit team perform tests of completeness, such as testing from disbursements to property records? * Do the tests appear adequate and were proper conclusions drawn?; N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section II: Key Audit Areas: Liabilities Consider these issues: * Did the audit team perform an adequate search for unrecorded liabilities? * Did the audit team consider expenses that might require accrual (e.g., pensions, compensated absences, other postretirement benefits, or postemployment benefits provided to former or inactive employees prior to retirement), and whether accrued expenses were reasonably stated?; N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section II: Key Audit Areas: Liabilities: Consider these issues: * Did the audit team perform an adequate search for unrecorded liabilities? * Did the audit team consider expenses that might require accrual (e.g., pensions, compensated absences, other postretirement benefits, or postemployment benefits provided to former or inactive employees prior to retirement), and whether accrued expenses were reasonably stated?; N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section II: Revenue and Expenses: Consider these issues: * Did the audit team compare revenue and expenses for the period to expectations, based on the budget and the results of the preceding period? (AU 329) * For significant variances and fluctuations from expectations, were management’s explanations corroborated with other audit evidence or if explanations could not be obtained, were other audit procedures performed to determine whether the variance is a misstatement? (AU 329) * Did the audit team consider a. the entity’s revenue recognition policy, b. unusual transactions, and c. fraud risks? * Do tests appear adequate, and were proper conclusions drawn?; N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section II: Statement of Budgetary Resources: Consider these issues: * Were appropriate procedures applied, such as a. understanding and testing the budget execution controls, b. tests of the process of preparing the statement, c. tests of undelivered orders, and d. review of reconciliation to the President’s Budget?; N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section III: Consultation: 1. Where warranted by the complexity or unusual nature of an issue (for example, issues where the FAM requires consultation, issues not discussed in the FAM or professional standards, going concern issues, economic dependency issues, issues arising after report issuance), was there appropriate consultation with specialists, including the: * Reviewer, * Statistician, * Office of General Counsel, and * Technical Accounting and Auditing Expert? (FAM 100.26 and FAM Appendix A); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section III: Consultation: 2. Were significant consultations appropriately documented? (FAM 100.26); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section III: Consultation: 3. Were the persons consulted made aware of all relevant facts and circumstances?; N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section IV: Report: 1. Does the auditor’s report or document containing the auditor’s report (FAM 580.04, 580.77) include a. highlights page or executive summary (for GAO reports); b. transmittal letter (if appropriate); c. conclusions on: i. financial statements, ii. internal control, iii. whether the entity’s financial management systems substantially complied with the requirements of the Federal Financial Management Improvement Act of 1996 (FFMIA) for CFO act agencies, iv. compliance with laws and regulations, and v. consistency of other information with financial statements? d. objectives, scope, and methodology, including description of instances where GAGAS and OMB audit guidance were not followed; and e. entity comments and auditor evaluation?; N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section IV: Report: 2. Is the auditor’s report (FAM 580) appropriate as to a. wording, b. scope of work, c. U.S. GAAP, d. explanatory paragraphs, e. opinion/disclaimer on financial statements, f. opinion/conclusions on internal control, g. conclusions on whether the entity’s financial management systems substantially comply with the requirements of FFMIA (for CFO Act agencies), and h. reporting on compliance with laws and regulations?; N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section IV: Report: 3. Is background material (purpose, authority, and functions of programs/activities) limited to what is necessary?; N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section IV: Report: 4. Is the auditor’s report dated when all appropriate, sufficient audit evidence is obtained to support the opinion and all significant issues are resolved? (AU 530, FAM 580); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section IV: Report: 5. Does the auditor’s report cover all periods for which financial statements are presented? (AU 508.65); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section IV: Report: 6. If the financial statements of a prior period are presented and have been audited by a predecessor auditor whose report is not presented, does the auditor’s report refer to the predecessor auditor’s report? (AU 508.74); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section IV: Report: 7. Does the auditor’s report describe the responsibility the auditor is taking for supplementary information, including stewardship information? (AU 551; FAM 580.78-.81); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section IV: Report: 8. When illegal acts involve funds received from other governmental entities, did the audit team a. satisfy itself that the audited entity notified the proper officials of those entities within a reasonable time? b. report these acts to the officials of those other governmental entities if the entity did not, or was unable to do so because the top official was involved? (GAGAS, par. 5.15-.18); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section IV: Report: 9. Does the auditor’s report include a. identification of which matters are significant deficiencies and which are material weaknesses (GAGAS, par. 5.11), and b. presentation of all identified (1) instances of fraud and illegal acts that are more than inconsequential, (2) material violations of provisions of contracts or grant agreements, and (3) material abuse? (GAGAS, par. 5.15); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section IV: Report: 10. When appropriate, did the audit team report directly to outside parties on fraud; illegal acts; violations of provisions of contracts or grant agreements; or abuse? (GAGAS, par. 5.18); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section IV: Report: 11. Did the auditor consider the status of all known significant findings and recommendations from prior audits that affect the current year report, including whether any failure to correct previously identified deficiencies in internal control is a significant deficiency or material weakness? (GAGAS pars. 5.11- .14.); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section IV: Report: 12. Did the auditor document the basis to support (FAM 580.01) the a. opinion about whether the financial statements and disclosures comply in all material respects with U.S. GAAP (FAM 560), b. opinion/conclusion on internal control, c. conclusion on whether the entity’s financial management systems substantially comply with the requirements of FFMIA, (for CFO act agencies), and d. conclusion on compliance with laws and regulations?; N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section IV: Report: 13. Did the auditor document the basis for reported findings on a. internal control deficiencies, including classification of control deficiencies as material weaknesses, other significant deficiencies, or other control deficiencies (FAM 590.05), b. entity’s financial management systems lack of substantial compliance with the requirements of FFMIA for CFO act agencies (FAM 590.06), and c. noncompliance with laws and regulations (FAM 590.07), if any?; N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section IV: Report: 14. Did the auditor develop the elements of audit findings to include (where appropriate and known) the a. condition (describe the existing situation), b. criteria (state what we are comparing to), c. cause (reflect reason or reasons why the condition and criteria differ), and d. effect (describe the result of the difference between the condition and criteria)? (GAGAS paragraphs 4.14-.18); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section IV: Report: 15. Are recommendations and suggestions reasonable, doable, and cost- effective?; N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section IV: Report: 16. Does the report obtain the views of responsible officials in agency comments to include: a. either oral or written comments, b. titles of senior official(s) involved, c. accurate characterization of general agreement or disagreement with the report, d. description of the substance of the comments, and e. auditor evaluation of the comments, particularly if they disagree, are inconsistent, or conflict with the report findings, conclusions, or recommendations. (GAGAS paragraphs 5.32-.37); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section IV: Report: 17. Are there control deficiencies that do not meet the criteria for significant deficiencies and do not affect the auditor’s conclusions as to the effectiveness of internal controls that the auditor may communicate orally or in a separate management report? If so, did the auditor document any oral communications? (FAM 580.49, FAM 590.05, and GAGAS par. 5.14); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section V: GAO’s Report Considerations: 1. Overall, does the GAO report have the following characteristics a. Professional: The work reflects an understanding of the issues, an awareness of the external environment, including sensitivity to relevant trends, and a practical approach to what can be done to deal with the problems noted. b. Accurate: Information and findings are presented accurately with no notable errors in logic or reasoning. c. Objective: The presentation is fair and impartial and the tone is constructive and objective. d. Fact-based: Information and findings are stated completely, which includes all necessary facts and/or explanations without unproven or uncorroborated material, and any conflicting evidence is resolved. e. Balanced: Sound and logical evidence is presented to support conclusions, adjectives or adverbs are not used to characterize evidence in a way that implies criticism or conclusions by innuendo, and positive aspects of programs or issues reviewed are appropriately recognized. f. Timely and Useful: Relevant and timely information is presented. g. Clear and Concise: The presentation is clear, concise, and well organized with the message presented logically in a writing style adapted to the audience; Yes: [Empty]. Section VI: GAO’s Quality Control: 1. Was the GAO report reviewed by the a. audit director (first partner), b. engagement quality control reviewer (second partner), c. Office of the General Counsel (form 124A), d. Applied Research & Methods (form 124C), and e. other stakeholders (form124C); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section VI: GAO’s Quality Control: 3. Did the assistant director review the a. entity profile or equivalent (FAM 290.04), b. audit strategy (AU 311.13-.14) or equivalent, including sampling approach (FAM 290.05), c. account risk analyses or equivalent (FAM 290.07), d. initial audit plan with procedures (FAM 290.09), e. line item/account lead schedules, f. completed audit plan with procedures (FAM 290.09), g. specific control evaluations (FAM 330.07), h. audit summary memorandum (FAM 590.02-.03), i. Checklist for Federal Accounting (FAM 2010) and Checklist for Federal Reporting and Disclosures (FAM 2020) for statements using U.S. GAAP promulgated by FASAB, j. financial reporting and disclosure checklist for statements using GAAP promulgated by FASB, k. management representation letter (FAM 1001), l. legal representation letter (FAM 1002), m. schedule of uncorrected misstatements (FAM 595 C), n. exit conference memorandum (FAM 590.10), o. GAO report with entity financial statements and related disclosures, p. referencing review sheet (GAO form 92), q. GAO abbreviated audit documentation set, and r. this audit completion checklist (FAM 1003)? (FAM 1301.17); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section VI: GAO’s Quality Control: 4. Did the assistant director determine that all significant review notes were resolved appropriately? (FAM 1301.27-.28); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section VI: GAO’s Quality Control: 5. Did the assistant director indicate that all documentation was sufficiently reviewed? (FAM 1301.05); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section VI: GAO’s Quality Control: 6. Were review notes, superseded versions of documentation, and draft reports (except the referenced draft and the draft sent to the entity for comment), including review notes and superseded versions in electronic form, placed in a separate folder to be retained until the report is released, after which they may be destroyed or deleted electronically up to 60 days after the report release date? (FAM 1301.28); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section VI: GAO’s Quality Control: 7. Were review responsibilities documented and communicated to all individuals on the assignment? (FAM 1301.23); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section VI: GAO’s Quality Control: 8. Was documentation prepared by an IS specialist reviewed by an IS manager or IS assistant director for technical content and by a member of the audit team to determine that related audit objectives were achieved? (FAM 1301.24); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section VI: GAO’s Quality Control: 9. For areas that are both material and have high risk of material misstatement, did the audit director or assistant director perform secondary reviews of the documentation? (FAM 1301.12); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section VI: GAO’s Quality Control: 10. Was all documentation prepared by the audit director or assistant directors read by the auditor-in- charge to determine its consistency with any related documentation? (FAM 1301.15); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section VI: GAO’s Quality Control: 11. If the documentation indicated a difference of opinion between engagement personnel or between engagement personnel and a specialist or other person consulted, was the difference resolved appropriately and was the basis of the resolution documented? (FAM 1302); N/A: [Empty]; Yes: [Empty]; No*: [Empty]; Ref.: [Empty]. Section VII: Explanation of “No*” Answers and Other Comments: The page below is provided for comments on all “No*” answers or to expand upon any of the “Yes” and “N/A” answers as needed, and may be modified as necessary. * For some questions, “No” answers may indicate departures from professional standards or from auditor policies. The auditor should explain all “No” answers below and determine the effects and significance of “No” answers, including any effect on the auditor’s report. Section VIII: Conclusions: Based on your review and knowledge, do you believe: 1. The audit team performed the engagement, in all material respects, in accordance with GAGAS (which include U.S. GAAS) and applicable OMB guidance, or the auditor’s report was appropriately modified?; Yes: [Empty]; No**: [Empty]. Section VIII: Conclusions: 2. The financial statements conformed, in all material respects, with U.S. GAAP, or the auditor’s report was appropriately modified?; Yes: [Empty]; No**: [Empty]. Section VIII: Conclusions: 3. The auditor’s report was appropriate in the circumstances?; Yes: [Empty]; No**: [Empty]. Section VIII: Conclusions: 4. The documentation on this engagement supports the auditor’s • opinion on the financial statements, • opinion/conclusions on internal control, • conclusions on whether the entity’s financial management systems substantially comply with the requirements of FFMIA (for CFO act agencies), and • conclusions on compliance with laws and regulations; Yes: [Empty]; No**: [Empty]. Section VIII: Conclusions: 5. The audit team complied, in all material respects, with the audit organization’s policies and procedures; Yes: [Empty]; No**: [Empty]. ** If any of the above 5 statements have “No” responses, please describe the response in a memorandum to the reviewer. Date of audit completion: Auditor-In-Charge: Date: Audit Manager: Date: Assistant Director: Date: Audit Director: Date: Section IX: Engagement Quality Control Review (Second Partner[Footnote 64] Review): Objective of second partner review: To objectively review significant auditing, accounting, and reporting matters and to conclude, based on all facts the reviewer has knowledge of, that, except as discussed in the report, no matters were found that caused the second partner to believe that (1) the audit was not performed in accordance with GAGAS and OMB audit guidance (if applicable), (2) the financial statements are not, in all material respects, in conformity with U.S. GAAP, and (3) the report does not meet professional standards and the auditor’s policies and core values. Procedures: Before the report was issued, I performed the following procedures: * Discussed significant auditing, accounting, and reporting issues with the audit director (first partner); * Discussed the audit team’s identification of high-risk balances and transactions and the audit of those balances and transactions; * Reviewed documentation on the resolution of significant auditing, accounting, and reporting issues, including documentation of consultation with statisticians, IS specialists, and others; * Reviewed the summary of uncorrected misstatements; * Read the audit summary memorandum; * Read the entity financial statements, audit report, and related disclosures; and * Confirmed with the audit director (first partner) that there are no unresolved issues. Conclusion: Based on all the relevant facts of which I have knowledge, I found no matters, except as discussed in the report, that cause me to believe that (1) the audit was not performed in accordance with GAGAS and OMB audit guidance (if applicable), (2) the financial statements are not, in all material respects, in conformity with U.S. GAAP, and (3) the report is not in accordance with professional standards and the auditor’s policies and core values. In signing this form, I acknowledge that there have been no personal or external impairments to independence regarding my work on this engagement. Engagement quality control reviewer name & title: Signature: Date: 1005 - Subsequent Events Review: .01: This section deals with the subsequent events review that the auditor must perform as part of the audit, as described in FAM 550. AU 560 describes and provides guidance on the types of subsequent events the auditor should evaluate as well as the procedures that the auditor generally should perform to discover whether such events have occurred. .02: Subsequent events are those events or transactions that may occur or become known subsequent to the date of the financial statements but before the audit report is issued and that have a material effect on the financial statements which the auditor should ask management to adjust the financial statements for the effect of the event or disclose the event. .03: Two types of subsequent events may occur: * Events occurring after the date of the financial statements that provide additional information about conditions existing at the date of the financial statements and that affect amounts recorded (or which management should record) in the financial statements. For example, a subsequent event may reveal that an accounting estimate is materially incorrect and that the auditor should ask management to adjust the financial statements for the effect of the event. * Events occurring after the date of the financial statements that provide information about conditions that did not exist at the date of the financial statements. The auditor should not ask management to adjust the financial statements for these events, but disclosure of them may be necessary to prevent the statements from being misleading. For example, a fire or flood after year-end may cause a significant loss. .04: The purpose of a subsequent events review is to determine whether all subsequent events that have a material effect on the financial statements have been considered and treated appropriately in the financial statements. The subsequent period covered is from the date of the financial statements to the date of the audit report, which is the date of the completion of thea audit.[Footnote 65] Audit Procedures: .05: At or near the completion of the audit, the auditor should perform procedures to be aware of any subsequent events that the auditor may ask management to adjust or disclose in the financial statements. These procedures are in addition to substantive tests that the auditor may apply to transactions occurring after the date of the financial statements, such as examining subsequent disbursements to test completeness of accounts payable. .06: The following program describes audit procedures that the auditor may perform as part of a subsequent events review. The auditor generally should customize the procedures for the particular entity. Entity: Period of financial statements: Job code: Subsequent Events Review Program -- Audit Procedures: I. Read Interim Financial Statements: 1) Compare the latest available interim financial statements, if any, with the financial statements under audit to identify any unusual adjustments and investigate any significant variations from expectations. 2) Inquire as to whether the interim statements have been prepared on the same basis as the annual statements. 3) For items in the statement of net costs, compare to similar interim financial statements of the prior year; determine expectations and investigate any significant variations from expectations. 4) If interim financial statements are not available: a) Compare interim internal financial reports or analyses, budgets, or cash-flow forecasts, considering any adjustments to the internal reports that may be necessary to make meaningful comparisons. b) Review the accounting records prepared since the date of the financial statements for material transactions that may require adjustment to or disclosure in the financial statements. For example, scan the general ledger and/or journals for material, unusual entries; Done by/date: [Empty]; Doc. Ref.: [Empty]. Subsequent Events Review Program -- Audit Procedures: II. Make Inquiries of Management as to: 1) Whether any significant contingent liabilities or commitments existed at the date of the financial statements or at the date of the inquiry. 2) Whether any significant changes occurred in the financial condition of the entity or in net position or long-term debt. 3) The current status of items in the financial statements that were accounted for on the basis of tentative, preliminary, or inconclusive data. 4) Whether any significant changes in estimates were made with respect to amounts included or disclosed in the financial statements, or any significant changes in assumptions or factors were considered in determining estimates. 5) Whether any unusual adjustments were made during the period from the date of the financial statements to the date of inquiry. 6) Whether any significant events occurred subsequent to the date of the financial statements, such as commitments or plans for major capital expenditures; lawsuits or claims filed or settled other than those disclosed in the lawyers’ letters; changes in accounting and financial policies; or losses as a result of fire, flood, or other disaster; Done by/date: [Empty]; Doc. Ref.: [Empty]. Subsequent Events Review Program -- Audit Procedures: III. Read Minutes: 1) Read the available minutes of meetings of those charged with governance such as entity management committees, audit committees, or other appropriate groups, including the period after the date of the financial statements, for information about events or transactions authorized or discussed which may require adjustment to or disclosure in the financial statements. 2) With regard to meetings for which no minutes are available, inquire about matters dealt with at such meetings and conclusions reached; Done by/date: [Empty]; Doc. Ref.: [Empty]. Subsequent Events Review Program -- Audit Procedures: IV. Cover in Lawyers’ Letters: 1) Confirm litigation, claims, and assessments and unasserted claims and assessments with the entity’s legal counsel per AU 337. See FAM 550 and FAM 1002; Done by/date: [Empty]; Doc. Ref.: [Empty]. Subsequent Events Review Program -- Audit Procedures: IV. Cover in Lawyers’ Letters: 1) Confirm litigation, claims, and assessments and unasserted claims and assessments with the entity’s legal counsel per AU 337. See FAM 550 and FAM 1002; Done by/date: [Empty]; Doc. Ref.: [Empty]. Subsequent Events Review Program -- Audit Procedures: V. Cover in Management Representation Letter: 1) Have management include representations in its management representation letter as to whether any events occurred subsequent to the date of the financial statements that management should adjust or disclose in the financial statements. See FAM 1001; Done by/date: [Empty]; Doc. Ref.: [Empty]. Subsequent Events Review Program -- Audit Procedures: VI. Other: 1) Use other sources of information to learn of subsequent events, such as: a) Talk to inspector general or internal audit department. b) Talk to program divisions. c) Read newspapers. 2) Make additional inquiries or perform additional procedures deemed necessary to resolve any questions raised in the foregoing audit steps. 3) Prepare a summary memo documenting the results of the above and conclusions reached; Done by/date: [Empty]; Doc. Ref.: [Empty]. [End of section] Footnotes: [1] The term “auditor,” throughout the FAM includes individuals who may be titled auditor, analyst, evaluator, or have a similar position description. [2] IG audits are used by GAO as principal auditor of the U.S. government consolidated financial statements. For the GAO audit of the Bureau of Public Debt (BPD), GAO is the other auditor and the CPA firm under contract to the Treasury IG is the principal auditor when it reports on the Treasury Department consolidated financial statements. [3] The AICPA also issued Practice Alert 2002-02, Use of Specialists. [4] IGs are designated by the CFO Act to audit their agencies, but have the authority to contract with another auditor to perform the audits. GAO is mandated by 31 U.S.C. 331(e) to audit the U.S. government’s consolidated financial statements. [5] There may be situations where the auditor is asked to provide a separate opinion in addition to presenting the other auditors’ report, or serves as the contracting officer’s technical representative (COTR). In these situations, the auditor should follow the wording in FAM 595 A and/or FAM 595 B, and should add the following in lieu of the introduction to the first paragraph on FAM 595 A-5: “To help fulfill these responsibilities, we contracted with the independent certified public accounting firm of [insert firm name] to perform a financial statement audit in accordance with U.S. generally accepted government auditing standards, OMB's bulletin, Audit Requirements for Federal Financial Statements, and the GAO/PCIE Financial Audit Manual. The report of [name of CPA firm] dated [date] is attached. We evaluated the nature, extent, and timing of the work, monitored progress throughout the audit, reviewed the audit documentation of [name of CPA firm], met with partners and staff members of [name of firm], evaluated the key judgments, met with officials of [entity being audited], performed independent tests of the accounting records [if applicable], and performed other procedures we deemed appropriate in the circumstances. Our opinions expressed above are consistent with the opinions of [name of CPA firm]. [6] Under the CFO Act, if an executive agency IG is not performing the audit of the agency’s financial statements, required under 31 U.S.C. 3515, the IG is required to determine the independent external auditor (CPA firm) that will perform the work. [7] Obtaining a representation from an appropriate official of the audit organization is similar to the procedure for CPA firms under AU 543.10b. [8] Some CPA firms consider internal inspection reports as proprietary documents not subject to auditor review. This issue can be resolved by either allowing the auditor access to inspection reports or providing the auditor with a summary or representation about inspection results as a condition of the contract. [9] Further information on the PCAOB inspection report process is available at [hyperlink, http://www.pcaobus.org]. [10] The auditor may refer to the AICPA Practice Aid, Establishing and Maintaining a System of Quality Control for a CPA Firm’s Accounting and Auditing Practice (2007) and GAGAS 3.55-3.63. [11] Sufficiency is the measure of the quantity of evidence. Appropriateness is the measure of the quality of audit evidence, that is, its relevance and reliability in providing support for, or detecting misstatements in, the classes of transactions, account balances, and disclosures and related assertions. These measures originated in SAS No. 106, Audit Evidence, and are codified at AU 326.08. They are effective for audits of financial statements for periods beginning on or after December 25, 2006. [12] This could be the PCAOB inspection report for a CPA firm. [13] If the other auditors did not provide an opinion (i.e., did not give positive assurance) on whether the entity’s systems complied with FFMIA, change this to “no instances in which entity’s financial management systems did not substantially comply” (negative assurance). [14] If the other auditors did not provide an opinion on internal control, change this to “there were no material weaknesses in internal control” (and include a definition of material weakness in a footnote). [15] If the other auditors did not provide an opinion (i.e., did not give positive assurance) on whether the entity’s systems complied with FFMIA, change this to “no instances in which entity’s financial management systems did not substantially comply” (negative assurance). [16] Non-GAO auditors may combine bullets 3 and 4. [17] If the other auditors did not provide an opinion on internal control, change this to read “conclusions about the effectiveness of internal control.” [18] If the other auditors did not provide an opinion on FFMIA change “opinion” to “conclusions.” [19] If the auditor found that the other auditors did not comply with GAGAS, or if the auditor disagrees with the other auditors’ conclusions, see FAM 650.54-.56. [20] This example assumes the other auditors opined on internal control and on whether the financial management systems substantially complied with FFMIA. If the other auditors provided negative assurance, appropriate changes are needed. [21] If the auditor does not concur with the other auditors’ report, see FAM 650.54-.56. [22] The auditor may request the users to document their agreement with the procedures and their sufficiency for their purposes by signing the engagement letter and returning it to the auditor. [23] The FAM addresses FFMIA as part of internal control. OMB audit guidance dated September 4, 2007, no longer lists FFMIA in Appendix E as a general law for compliance with laws and regulations (FAM 800). [24] The Financial Systems Integration Office (FSIO) coordinates work related to federal financial management systems requirements and OMB’s Office of Federal Financial Management (OFFM) issues new or revised systems requirements. All documents and other guidance related to financial management system requirements initially issued by JFMIP were transferred to OFFM and remain in effect until modified. [25] JFMIP SR -01-04. [26] Shared systems are governmentwide systems used by agencies with information and data definitions common to all users. [27] As part of the realignment of JFMIP, in December 2004, the responsibility for certifying core financial management systems was transferred to FSIO. [28] GFRS is the Governmentwide Financial Reporting System used since FY 2004 to collect audited financial statements (closing package) from verifying (larger) federal agencies. FACTS is Treasury’s Federal Agencies’ Centralized Trial-Balance System for non-verifying (smaller) federal entities. FACTS I collects trial balance information at the fund group level using the SGL for inclusion in the Annual Financial Report of the U.S. Government. FACTS II collects mostly budgetary information for reporting in the Budget of the United States Government. [29] Plan of Action and Milestone (POAM) reports required by OMB under FISMA. [30] The Joint Financial Management Improvement Program (JFMIP), Financial Systems Integration Office (FSIO) provides core financial management systems requirements to be included in Commercial-Off-The- Shelf (COTS) applications. [31] These tools are based on the best practices guidance received from the participating accounting and auditing firms and the AICPA publication, Practice Alert No. 95-3, Auditing Related Parties and Related Party Transactions. [32] A permanent, indefinite appropriation, commonly known as the Judgment Fund, is available to pay final judgments, settlement agreements, and certain types of administrative awards against the United States when payment is not otherwise provided for. The Secretary of the Treasury certifies all payments from the fund. (See 31 U.S.C. 1304, Judgments, awards, and compromise settlements.) FASAB Interpretation No. 2 clarifies how federal entities report the costs and liabilities arising from claims to be paid by the Judgment Fund and how the Judgment Fund accounts for the amounts that it is required to pay on behalf of federal entities. [33] In accordance with OMB Circular No. A-136, examples of unreimbursed costs that reporting entities are required to recognize include (but are not limited to): (1) employees’ pension, post- retirement health and life insurance benefits, (2) other post- employment benefits for retired, terminated, and inactive employees, which includes unemployment and workers compensation under the Federal Employees’ Compensation. [34] Act (5 U.S.C. Ch. 81), and (3) losses in litigation proceedings (see FASAB Interpretation No. 2, Accounting for Treasury Judgment Fund Transactions). In the case of employee benefits, the imputed amount is the difference between employer/employee contributions and the total cost of the benefit. [35] Trading partners are federal agencies, bureaus, programs or other entities (within or between entities) participating in transactions with each other as related parties. [36] The Government Wide Accounting (GWA) system is being implemented over the next several years and the SOD is scheduled to be eliminated (see FAM 921.11-.12). [37] Reciprocal accounts are corresponding SGL accounts seller and buyer entities use to record like intragovernmental transactions. For example, the seller entity’s accounts receivable would normally be reconciled to the reciprocal account, accounts payable, on the buyer entity’s records. Examples of these accounts are in FMS’ Federal Intragovernmental Transactions Accounting Policies Guide. [38] Reliability of performance reporting will be excluded from the internal control definition effective starting in fiscal year 2008. [39] Appropriations may be annual, multiyear, or no-year. [40] The closed group is defined as those persons who, as of a valuation date, are participants in a social insurance program as beneficiaries, covered workers, or payers of earmarked taxes or premiums. [41] The closed group is defined as those persons who, as of a valuation date, are participants in a social insurance program as beneficiaries, covered workers, or payers of earmarked taxes or premiums. [42] The Medicare Prescription Drug, Improvement, and Modernization Act of 2003, Public Law 108-173, created a new prescription drug benefit under Medicare Part D, which is also covered by SFFAS No. 17. [43] The actuary can either be under contract with the independent auditor or employed by the independent audit organization. In either case, the actuary performing services for the auditor would need to meet the independence standards of GAGAS, which are applicable to audits of Statements of Social Insurance. [44] Income (excluding interest) consists of payroll taxes from employers, employees, and self-employed persons, revenue from federal income taxation of scheduled OASDI benefits, and miscellaneous reimbursements from the General Fund of the Treasury. [45] Paragraph 25 of SFFAS No. 17, Accounting for Social Insurance, states, in part, “The projections and estimates used should be based on the entity’s best estimates of demographic and economic assumptions, taking each factor individually and incorporating future changes mandated by current law.” Certain entities prepare social insurance information using assumptions prepared by a board of trustees. Auditors should consider such assumptions to represent the entity’s “best estimates” if the trustees have characterized them as such, and entity management has determined them to be reasonable. With respect to these assumptions, the auditor should perform audit procedures that are consistent with the guidance in paragraphs 9 through 36 of SOP 04-1. [46] The verifying agencies are the 24 CFO Act agencies and 11 other federal agencies. [47] The closing package process is a methodology designed to link agencies’ comparative, audited consolidated, department-level financial statements to the FR. The closing package is the data submitted by each verifying agency for inclusion in the FR. [48] Beginning in fiscal year 2006, TFM 2-4700 included these requirements. The process and modules used by FMS to prepare the consolidated Statements of Social Insurance and accompanying notes, and supplemental information included in the FR may change in future years, based on changes that may be made by FMS to TFM 2-4700. [49] SFFAS No. 17, paragraph 27 (a)(1). [50] SFFAS No. 17, paragraph 32 (a)(1). [51] Financial interchange (FI) income consists of transfers from the social security trust funds under a financial interchange between the railroad retirement and the social security systems. While the railroad retirement system has remained separate from the social security system, the two systems were closely coordinated with regard to earnings credits, benefit payments, and taxes. The purpose of this financial coordination is to place the Social Security Old-Age Survivors and Disability Insurance (OASDI) and Hospital Insurance (HI) trust funds in the same position they would have been in if railroad services were covered by the Social Security and Federal Insurance Contribution acts. [52] SFFAS No. 17, paragraph 30. [53] When there is no general counsel and management has not consulted legal counsel with regard to contingencies, the auditor should obtain a written representation from management that legal counsel has not been consulted. Such representation may be incorporated as an item in the management representation letter. (See FAM 550 and FAM 1002.24.) An example item is: “We are not aware of any pending or threatened litigation, claims, or assessments or unasserted claims or assessments that are required to be accrued or disclosed in the financial statements in accordance with SFFAS No. 5. We have not consulted legal counsel concerning litigation, claims, or assessments.” (See FAM 1001 A.) [54] SFFAS No. 27 does not use the term “earmarked” as it is sometimes used to refer to set-asides of appropriations for specific purposes. [55] SFFAS No. 27 does not use the term “earmarked” as it is sometimes used to refer to set-asides of appropriations for specific purposes. [56] Including environmental and disposal liabilities -- a contingency that is often a significant issue for the federal government. [57] SFFAS No. 7 has guidance for reporting claims for tax refunds. Rather than recognizing probable claims and disclosing other claims in the notes to the financial statements, SFFAS No. 7 indicates that other claims for refunds that are probable should be included as supplementary information. [58] A permanent, indefinite appropriation, commonly known as the Judgment Fund, is available to pay final judgments, settlement agreements, and certain types of administrative awards against the United States when payment is not otherwise provided for. The Secretary of the Treasury certifies all payments from the fund. (See 31 U.S.C. 1304, Judgments, awards, and compromise settlements.) FASAB Interpretation No. 2 clarifies how federal entities report the costs and liabilities arising from claims to be paid by the Judgment Fund and how the Judgment Fund accounts for the amounts that it is required to pay on behalf of federal entities. [59] If the Judgment Fund will pay the claim, the entity still recognizes the liability and cost at this time. Once the claim is settled or a court judgment is assessed and the Judgment Fund is determined to be the appropriate source for payment, the entity reduces the liability by recognizing an (imputed) financing source. Note that for Judgment Fund payments made under the Contract Disputes Act and the Notification and Federal Employee Antidiscrimination and Retaliation Act, the entity establishes a payable to reimburse the Judgment Fund. [60] For example, for the fiscal year 2007 audit, OMB reporting guidance stated that agencies should submit interim legal representation letters to Department of Justice, Treasury’s Financial Management Service, and GAO no later than August 29, 2007. This would allow review of cases before external issuance. Final legal representation letters were due no later than November 15, 2007. [61] The Accounting and Auditing Policy Committee (AAPC) guidance (Technical Release No. 1) clarifies FASAB Interpretation No. 2, with respect to the Department of Justice’s role related to legal letters in cases in which Justice’s legal counsels are handling legal matters on behalf of other federal reporting entities. The letter from the entity’s general counsel may provide sufficient evidence for the auditor. If the auditor determines that additional evidence is needed about a specific case, the auditor may request entity management and legal counsel to send a legal letter request to Justice, directed to the lead Justice legal counsel handling the case, asking that person to provide a description and evaluation directly to the auditor. [62] This includes any cases that do not seek monetary damage awards, but would require the government to use financial resources to implement remedies or actions sought by litigation or unasserted claims (for example, to increase the scope of, or change to a more costly methodology of, environmental restoration and cleanup). [63] It is expected that cases or matters will be aggregated where appropriate. [64] For GAO financial audits this is the chief accountant or another director who is a CPA and an experienced financial statement auditor. [65] The auditor has two methods available for dating the report when a subsequent event disclosed in the financial statement occurs after the original date of the auditor’s report but before the issuance of the related financial statements. In these instances, the auditor may use either dual dating or may date the report as of a later date. When the auditor dual dates the report, the responsibility for events occurring subsequent to the original report date is limited to the specific event referred to in the note (or otherwise disclosed). For example, January 31, 20x8 except for note X, as to which the date is February 16, 20x8. When the auditor dates the report as of a later date, the auditor’s responsibility for subsequent events extends to the date of the report and accordingly, the auditor should extend the subsequent events procedures to that date. GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to [hyperlink, http://www.gao.gov] and select "E-mail Updates." Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office: 441 G Street NW, Room LM: Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000: TDD: (202) 512-2537: Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Ralph Dawn, Managing Director, dawnr@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, D.C. 20548: Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: