Audit Guide Government Auditing Standards and Single Audits March 1, 2019 1811-5988 © 2019 by American Institute of Certified Public Accountants All rights reserved For information about the procedure for requesting permission to make copies of any part of this work, please email copyright-permission@aicpa-cima.com with your request Otherwise, requests should be written and mailed to Permissions Department, 220 Leigh Farm Road, Durham, NC 27707-8110 USA AAP ISBN 978-1-94830-676-8 iii Preface (Updated as of March 1, 2019) About AICPA Guides This AICPA Guide presents guidance for the audits of financial statements conducted in accordance with Government Auditing Standards, 2011 Revision (also referred to as the Yellow Book), issued by the Comptroller General of the United States of the U.S Government Accountability Office It also presents the recommendations of the AICPA Single Audit Working Group for the conduct of audits in accordance with the Single Audit Act and Title U.S Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) An AICPA Guide containing auditing guidance related to generally accepted auditing standards (GAAS) is recognized as an interpretive publication as defined in AU-C section 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance With Generally Accepted Auditing Standards.1 Interpretive publications are recommendations on the application of GAAS in specific circumstances, including engagements for entities in specialized industries Interpretive publications are issued under the authority of the AICPA Auditing Standards Board (ASB) after all ASB members have been provided an opportunity to consider and comment on whether the proposed interpretive publication is consistent with GAAS The members of the ASB have found the auditing guidance in this guide to be consistent with existing GAAS Although interpretive publications are not auditing standards, AU-C section 200 requires the auditor to consider applicable interpretive publications in planning and performing the audit because interpretive publications are relevant to the proper application of GAAS in specific circumstances If the auditor does not apply the auditing guidance in an applicable interpretive publication, the auditor should document how the requirements of GAAS were complied with in the circumstances addressed by such auditing guidance Throughout this guide, when appropriate, reference is made to Technical Questions and Answers (Q&A) Q&A sections are other auditing publications AU-C section 200 indicates that in applying the auditing guidance included in an other auditing publication, the auditor should, exercising professional judgment, assess the relevance and appropriateness of such guidance to the circumstances of the audit Other auditing publications have no authoritative status; however, they may help the auditor understand and apply GAAS The auditor is not expected to be aware of the full body of other auditing publications Although the auditor determines the relevance of these publications in accordance with AU-C section 200, paragraph 28, the auditor may presume that other auditing publications published by the AICPA that have been reviewed by the AICPA Audit and Attest Standards staff are appropriate These other auditing publications are listed in AU-C appendix F, Other Auditing Publications All AU-C sections can be found in AICPA Professional Standards ©2019, AICPA AAG-GAS iv The ASB is the designated senior committee of the AICPA authorized to speak for the AICPA on all matters related to auditing Conforming changes made to the auditing guidance contained in this guide are approved by the ASB chair (or his or her designee) and the Director of the AICPA Audit and Attest Standards staff Updates made to the auditing guidance in this guide exceeding that of conforming changes are issued after all ASB members have been provided an opportunity to consider and comment on whether the guide is consistent with existing GAAS Any auditing guidance in a guide appendix or chapter appendix in a guide, or in an exhibit, while not authoritative, is considered an "other auditing publication." In applying such guidance, the auditor should, exercising professional judgment, assess the relevance and appropriateness of such guidance to the circumstances of the audit Although the auditor determines the relevance of other auditing guidance, auditing guidance in a guide appendix or exhibit has been reviewed by the AICPA Audit and Attest Standards staff and the auditor may presume that it is appropriate An AICPA Guide containing attestation guidance is recognized as an interpretive publication as defined in AT-C section 105, Concepts Common to All Attestation Engagements.2 Interpretive publications are recommendations on the application of the Statements on Standards for Attestation Engagements (SSAEs) in specific circumstances, including engagements for entities in specialized industries Interpretive publications are issued under the authority of the ASB The members of the ASB have found the attestation guidance in this guide to be consistent with existing SSAEs A practitioner should be aware of and consider the guidance in this AICPA Guide applicable to his or her attestation engagement If the practitioner does not apply the attestation guidance included in an applicable interpretive publication, the practitioner should document how the requirements of the SSAE were complied with in the circumstances addressed by such attestation guidance Any attestation guidance in a guide appendix or chapter appendix in a guide, or in an exhibit, while not authoritative, is considered an "other attestation publication." In applying such guidance, the practitioner should, exercising professional judgment, assess the relevance and appropriateness of such guidance to the circumstances of the engagement Although the practitioner determines the relevance of other attestation guidance, such guidance in a guide appendix or exhibit has been reviewed by the AICPA Audit and Attest Standards staff and the practitioner may presume that it is appropriate The ASB and the AICPA Accounting and Review Services Committee (ARSC) are the designated senior committees of the AICPA authorized to speak for the AICPA on all matters related to attestation Conforming changes made to the attestation guidance contained in this guide are approved by the ASB chair (or his or her designee) and the Director of the AICPA Audit and Attest Standards staff Updates made to the attestation guidance in this guide exceeding that of conforming changes are issued after all ASB members have been provided an opportunity to consider and comment on whether the guide is consistent with the SSAEs AICPA Guides may include certain content presented as "Supplement," "Appendix," or "Exhibit." A supplement is a reproduction, in whole or in part, of All AT-C sections can be found in AICPA Professional Standards AAG-GAS ©2019, AICPA v authoritative guidance originally issued by a standard setting body (including regulatory bodies) and applicable to entities or engagements within the purview of that standard setter, independent of the authoritative status of the applicable AICPA Guide Both appendixes and exhibits are included for informational purposes and have no authoritative status Purpose and Applicability This guide provides guidance (chapters 1–4) on the auditor's responsibilities when conducting an audit of financial statements in accordance with Government Auditing Standards This guide has been prepared using the Government Auditing Standards, 2011 Revision Financial statement audits of state and local governments are often required to be performed in accordance with Government Auditing Standards because they are subject to the Uniform Guidance, or because state and local laws and regulations require it Because an audit of a government's financial statements under the provisions of the AICPA Audit and Accounting Guide State and Local Governments is based on opinion units, the auditor's consideration of items, such as materiality and internal control over financial reporting, in planning, performing, evaluating the results of, and reporting on the audit of a government's basic financial statements, should address each opinion unit This guide does not provide specific guidance related to auditing state and local governmental entities in accordance with GAAS; however, the concept of opinion units should be considered when applying the guidance in chapters 1–4 of this guide to the financial statement audit of an entity subject to the provisions of Audit and Accounting Guide State and Local Governments See that guide for information on performing a GAAS audit of a governmental entity Concerning an audit of financial statements in accordance with Government Auditing Standards, this guide • • • • • describes the applicability of Government Auditing Standards discusses the relationship between GAAS and Government Auditing Standards discusses the standards and guidance found in chapters 1–4 of Government Auditing Standards, with an emphasis on the standards for financial audits describes the auditor's responsibility for considering internal control over financial reporting, compliance with applicable federal statutes, regulations, and provisions of contracts and grants agreements, fraud, and abuse describes the auditor's responsibility for reporting and other communications and provides examples of the required auditor's reports It also provides guidance (chapters and chapters 5–14) on the auditor's responsibilities when conducting a single audit or program-specific audit in accordance with the Single Audit Act and the Uniform Guidance This guide was originally issued as Statement of Position (SOP) 98-3, Audits of States, Local Governments, and Not-for-Profit Organizations Receiving Federal Awards, in March 1998 and updated annually for conforming changes for relevant guidance contained in authoritative auditing standards and other requirements The AICPA converted SOP 98-3 into an audit guide in 2003 That conversion ©2019, AICPA AAG-GAS vi did not supersede the guidance that appeared in SOP 98-3 but only changed its format Concerning an audit of federal awards in accordance with the Uniform Guidance,3 this guide • • • describes the applicability of and provides an overview of the requirements of the Single Audit Act and the Uniform Guidance • discusses considerations in designing an audit approach that includes audit sampling to achieve both compliance and internal control over compliance related audit objectives in a compliance audit performed under the Uniform Guidance • • • describes the auditor's responsibilities in a program-specific audit discusses the relationship between Government Auditing Standards and the Uniform Guidance describes the auditor's additional responsibilities for considering internal control over compliance with direct and material compliance requirements; performing tests of compliance with those requirements; and performing procedures on the schedule of expenditures of federal awards describes the auditor's responsibility for reporting and provides examples of the required auditor's reports provides guidance on applying GAAS in a Uniform Guidance compliance audit and adapts that guidance, as appropriate, to the objectives of that compliance audit.4 Recognition 2019 Guide Edition AICPA Senior Committee Auditing Standards Board Marcia Marien, ASB Member Michael J Santay, Chair The AICPA gratefully acknowledges those members of the AICPA Governmental Audit Quality Center (GAQC) Executive Committee, who reviewed or otherwise contributed to the development of this edition of the guide: Ronald Conrad, Christina Dutch, Michael Fritz, John Good, Amanda Nelson, Lindsey Oakley, In this guide, the use of the phrases single audit or audit in accordance with the Uniform Guidance includes both the financial statement audit and the compliance audit that is performed under Title U.S Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) The use of the term Uniform Guidance compliance audit includes only the compliance audit that is performed under the Uniform Guidance audit requirements AU-C section 935, Compliance Audits, states that when performing a compliance audit, the auditor, using professional judgment, should adapt and apply the AU-C sections to the objectives of a compliance audit, except for the AU-C sections listed in the appendix, "AU-C Sections That Are Not Applicable to Compliance Audits," of AU-C section 935 This appendix notes that the AU-C sections identified as not applicable to a compliance audit are identified as such either because (a) they are not relevant to a compliance audit environment, (b) the procedures and guidance would not contribute to meeting the objectives of a compliance audit, or (c) the subject matter is specifically covered in paragraph 12 of AU-C section 935 Part II of this audit guide includes the appropriate AU-C sections as adapted for a Uniform Guidance compliance audit AAG-GAS ©2019, AICPA vii Brittney Williams, Jeff Winter, and the chair of the Executive Committee, Erica Forhan In addition, the AICPA gratefully acknowledges others who have contributed to the development of this edition: Paul Chobanian, Kelly Chamberlin, and Ralph DeAcetis AICPA Staff Susan Reed Manager Product Management & Development — Public Accounting Teresa Bordeaux Lead Manager Governmental Auditing and Accounting Guidance Considered in This Edition This edition of the guide has been modified by AICPA staff to include certain changes necessary due to the issuance of authoritative guidance since the guide was originally issued and other revisions as deemed appropriate Relevant guidance issued through March 1, 2019, has been considered in the development of this edition of the guide However, this guide does not include all audit, reporting, and other requirements applicable to an entity or a particular engagement This guide is intended to be used in conjunction with all applicable sources of relevant guidance Relevant guidance that is issued and effective on or before March 1, 2019, is incorporated directly in the text of this guide Relevant guidance issued but becoming effective on or before June 30, 2019, is also presented directly in the text of the guide, but shaded gray and accompanied by a footnote indicating the effective date of the new guidance The distinct presentation of this content is intended to aid the reader in differentiating content that may not be effective for the reader's purposes (as part of the guide's "dual guidance" treatment of applicable new guidance) Relevant guidance issued but not yet effective as of the date of the guide and not becoming effective until after June 30, 2019, is referenced in a "guidance update" box; that is, a box that contains summary information on the guidance issued but not yet effective In updating this guide, all guidance issued up to and including the following was considered, but not necessarily incorporated, as determined based on applicability: • • • • • • • Statement on Auditing Standards No 133, Auditor Involvement With Exempt Offering Documents (AU-C sec 945) Interpretations issued (or reissued) through March 1, 2019 The Single Audit Act Amendments of 19965 Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards Government Auditing Standards, 2011 Revision Government Auditing Standards, 2018 Revision6 Frequently Asked Questions for the Office of Management and Budget's Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards At CFR 200, issued up through March 1, 2019 ©2019, AICPA AAG-GAS viii Users of this guide should consider guidance issued subsequent to those items listed previously to determine their effect, if any, on entities covered by this guide In determining the applicability of recently issued guidance, its effective date should also be considered The changes made to this edition of the guide are identified in the Schedule of Changes (appendix B) The changes not include all those that might be considered necessary if the guide was subjected to a comprehensive review and revision Terms Used to Define Professional Requirements in This AICPA Guide Any requirements described in this guide are normally referenced to the applicable standards or regulations from which they are derived Generally the terms used in this guide describing the professional requirements of the referenced standard setter (for example, the ASB) are the same as those used in the applicable standards or regulations (for example, must or should) The Uniform Guidance use of terms to define professional requirements is somewhat different than the use of these terms in GAAS and Government Auditing Standards The use of the term must in the Uniform Guidance indicates a requirement This is consistent with the use of the term must in GAAS and Government Auditing Standards The use of the term should in the Uniform Guidance indicates a best practice or recommended approach However, GAAS and Government Auditing Standards use the term should to indicate a presumptively mandatory requirement An auditor must comply with a presumptively mandatory requirement in all cases in which such a requirement is relevant, except in rare circumstances In this guide, the term should, when italicized and bolded, indicates a best practice or recommended approach in the Uniform Guidance This is intended to differentiate it from the term "should" used throughout the guide to refer to presumptively mandatory requirements in GAAS and Government Auditing Standards Readers should refer to the applicable standards and regulations for more information on the requirements imposed by the use of the various terms used to define professional requirements in the context of the standards and regulations in which they appear Certain exceptions apply to these general rules, particularly in those circumstances when the guide describes prevailing or preferred industry practices for the application of a standard or regulation In these circumstances, the applicable senior committee responsible for reviewing the guide's content believes the guidance contained herein is appropriate for the circumstances Applicability of Quality Control Standards QC section 10, A Firm's System of Quality Control,7 addresses a CPA firm's responsibilities for its system of quality control for its accounting and auditing This guide uses the term Single Audit Act when referencing this legislation These standards have not been incorporated into this edition of the guide due to the effective date provisions They will be incorporated into the 2020 edition of this guide See a summary of revisions found in Government Auditing Standards, 2018 Revision located later in this preface The QC sections can be found in AICPA Professional Standards AAG-GAS ©2019, AICPA ix practice A system of quality control consists of policies that a firm establishes and maintains to provide it with reasonable assurance that the firm and its personnel comply with professional standards, as well as applicable legal and regulatory requirements The policies also provide the firm with reasonable assurance that reports issued by the firm are appropriate in the circumstances QC section 10 applies to all CPA firms with respect to engagements in their accounting and auditing practice In paragraph 13 of QC section 10, an accounting and auditing practice is defined as "a practice that performs engagements covered by this section, which are audit, attestation, compilation, review, and any other services for which standards have been promulgated by the ASB or the ARSC under the "General Standards Rule" (ET sec 1.300.001)8 or the "Compliance With Standards Rule" (ET sec 1.310.001) of the AICPA Code of Professional Conduct Although standards for other engagements may be promulgated by other AICPA technical committees, engagements performed in accordance with those standards are not encompassed in the definition of an accounting and auditing practice." In addition to the provisions of QC section 10, readers should be aware of other sections within AICPA Professional Standards that address quality control considerations, including the following provisions that address engagement level quality control matters for various types of engagements that an accounting and auditing practice might perform: • • • AU-C section 220, Quality Control for an Engagement Conducted in Accordance With Generally Accepted Auditing Standards AT-C section 105 AR-C section 60, General Principles for Engagements Performed in Accordance With Statements on Standards for Accounting and Review Services9 Because of the importance of engagement quality, this guide includes appendix A, "Overview of Statements on Quality Control Standards," which summarizes key aspects of the quality control standard This summarization should be read in conjunction with QC section 10, AU-C section 220, AT-C section 105, AR-C section 60, and the quality control standards issued by the PCAOB, as applicable AICPA.org Website The AICPA encourages you to visit its website at aicpa.org and the Financial Reporting Center at www.aicpa.org/frc The Financial Reporting Center supports members in the execution of high-quality financial reporting Whether you are a financial statement preparer or a member in public practice, this center provides exclusive member-only resources for the entire financial reporting process, and provides timely and relevant news, guidance, and examples supporting the financial reporting process Another important focus of the Financial Reporting Center is keeping those in public practice up to date on issues pertaining to preparation, compilation, review, audit, attestation, assurance and advisory engagements Certain content on the AICPA's website referenced in this guide may be restricted to AICPA members only All ET sections can be found in AICPA Professional Standards All AR-C sections can be found in AICPA Professional Standards ©2019, AICPA AAG-GAS x Risk Assessment — AICPA Enhancing Audit Quality (EAQ) Areas of Focus Identifying, assessing, and responding to risks of material misstatement are the core of every audit However, there is evidence that a high percentage of audit engagements not reflect proper assessment of risk or linkage of the assessment to planned further audit procedures in accordance with AU-C section 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, and AU-C section 330, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained In connection with its EAQ initiative, the AICPA has developed a webpage dedicated to risk assessment resources intended to help auditors perform more effective risk assessment and appropriately link the risk assessment to further audit procedures in compliance with professional standards Certain resources are available at no cost, including a risk assessment template, an internal inspection aid, and staff training workshop These and other current risk assessment resources can be accessed at www.aicpa.org/content/aicpa/eaq/aicpa-riskassessment-resources.html Governmental Audit Quality Center The GAQC is a voluntary membership center for CPA firms and state audit organizations designed to improve the quality and value of governmental audits For the purposes of the GAQC, governmental audits are performed under Government Auditing Standards and are audits and attestation engagements of federal, state, or local governments; not-for-profit entities; and certain forprofit organizations, such as housing projects and colleges and universities that participate in governmental programs or receive governmental financial assistance The GAQC keeps members informed about the latest developments and provides them with tools and information to help them better manage their audit practice Certain content on the GAQC's website referenced in this guide may be restricted to GAQC members only An Auditee Resource Center, open to the public, is also available on the GAQC website and provides information, practice aids, tools, and other resources that is of interest and benefit to auditees undergoing an audit performed under Government Auditing Standards For more information about the GAQC, visit the GAQC website at www.aicpa org/interestareas/governmentalauditquality.html Select Recent Developments Significant to This Guide Government Auditing Standards, 2018 Revision The effective date of Government Auditing Standards, 2018 Revision (2018 revision) is for financial audits, attestation engagements, and reviews of financial statements for periods ending on or after June 30, 2020, and for performance audits beginning on or after July 1, 2019 Therefore, the first full fiscal year that financial audits will be performed under the 2018 revision will be for June 30, 2020, year ends Due to this effective date, the 2018 revision has not been incorporated into this guide However, update boxes and note boxes have been AAG-GAS ©2019, AICPA 472 Government Auditing Standards and Single Audits DISCLAIMER OF OPINION—continued Reporting requirement 13.03, 14.09 Scope of audit limitations 13.15, 13.23–.25 DISPUTES, AUDIT FINDINGS 10.74 DISTRIBUTION OF REPORTS, UNDER GAS 4.68 DOCUMENTATION Access and retention 6.54–.55 Audit sampling 11.28, 11.133–.137 Compliance audits 6.43–.44, 10.21, 10.25, 10.75–.76 Federal awarding documents as resources 10.25 Financial statement audit 3.19–.22 Internal control over compliance 9.18–.19, 9.61–.64 Major program determination risk assessment 8.18 Management nonaudit service skills 2.30 Of independence 2.27 Planning 6.53–.55 Quality control and assurance 2.44 Schedule of expenditures of federal awards 7.34 Terms of engagement 6.09 Tests of controls 9.36, 9.62, 10.41 DUAL PURPOSE SAMPLES 11.54–.59 DUAL PURPOSE TESTS 9.39 E ELIGIBILITY PROGRAM 11.27 EMPHASIS-OF-MATTER PARAGRAPHS 4.03, 6.13 ENDOWMENTS Table 7-2 at 7.19 ENGAGEMENT, TERMS OF See terms of engagement ENGAGEMENT LETTERS 3.07 ENTITY TO BE AUDITED 5.16, 6.15 ETHICAL PRINCIPLES, GAS 2.02–.05 EXCEPTION RATES 11.84–.87 EXCEPTIONS, COMPLIANCE See compliance exceptions EXIT CONFERENCES 3.69–.70 EXPECTED DEVIATION RATE 11.70–.71 EXPECTED POPULATION EXCEPTION RATE 11.86–.87 EXPENDITURES Determination of federal awards 5.26–.27 Schedule of, for federal awards See schedule of expenditures of federal awards Subawards 7.15–.16 EXTERNAL PEER REVIEW 2.46–.50 AAG-GAS DIS F FAIL, EXTERNAL PEER REVIEW REPORT 2.47 FEDERAL ACQUISITION REGULATIONS (FAR) 5.10, 10.06 FEDERAL AGENCIES Additional major program audit requests 8.20 Audit guides 1.09 Compliance exceptions 10.26–.28 Federal award identification 7.03–.05 List by program in schedule of expenditures of federal awards 7.08 Major program determination 5.32 Management decision 10.64 Noncompliance evaluation and reporting 10.63–.64 Type A program considered other than low risk at request of 8.13 Uniform Guidance requirements 5.40 Updates to Compliance Supplement 10.23 FEDERAL AUDIT CLEARINGHOUSE (FAC) Data collection form 13.04–.05, 13.57, 13.59–.64 Management decision timing based on report submission to 10.64 Program-specific audit report submission 14.13, 14.15 Reporting package distribution 13.62–.64 Responsibilities 13.57, 13.59–.64 Reviewing for recent audits 5.17 Submission of reporting package and data collection form to 13.04–.05, 13.57, 13.59–.64 Unavailability of CFDA number 7.14 FEDERAL AWARDS Auditee responsibility to report 6.11 Compliance audits of major programs See compliance auditing Defined 5.10, 12.02 Expenditure determination 5.26–.27 Internal control in meeting objectives of 9.03 Major programs See major programs Pass-through See subawards Payment methods 5.15 Schedule of expenditures See Schedule of Expenditures of Federal Awards Types and classifications of assistance 5.10–.14, 5.27 FEDERAL FINANCIAL ASSISTANCE 5.10–.14 Determining value of expenditure Table 7-2 at 7.19 Schedule of expenditures of federal awards 7.08 ©2019, AICPA 473 Subject Index FEDERAL FINANCIAL ASSISTANCE—continued Treatment of noncash awards 7.17–.18 Types of 5.27 FEDERAL SUBAWARDS See subawards FINANCIAL STATEMENT AUDIT 3.01–.71 Abuse consideration 3.53–.58, Exhibit 3-1 at 3.58 Audit documentation 3.19–.22 Audit evidence evaluation 3.32–.35 Audit planning 3.08–.15, 6.10–.13 Auditee responsibilities 5.33, 5.36, 6.10 Auditor competence 2.37 Communication of internal control matters 3.66 Communication with other entities 3.15 Communication with those charged with governance 3.61–.65 Exit conferences 3.69–.70 Findings 3.60, 13.37–.38, 13.40–.41 Fraud consideration 3.36–.42, 3.56 GAAS requirements 3.01, 4.02–.04 Generally 3.01–.03 Group audits 3.16, 6.57–.59 Internal control See internal control over financial reporting Laws and regulations consideration 3.43–.52 Material misstatement risk assessment 3.23–.31, 3.40–.42, 6.37 Materiality consideration 3.17–.18, 6.48–.49 Misstatement evaluation 3.59 Objectives 4.02, 5.04 Opinion 4.02–.03, 4.46–.47, 6.12–.13, Examples 4-1 to 4-2 at 4.89 Program-specific audits 14.10–.11, Example 14-1 at 14.16 Purpose of guide 1.02, 1.04 Reporting 4.02–.06, 4.46–.55, 5.05–.06, 13.09–.10, Examples 14-1 to 14-2 at 14.16 Schedule of expenditures of federal awards 5.06, 13.11, 13.15, 13.17–.18 Schedule of findings and questioned costs 13.37–.38, 13.40–.41 Terms of engagement 3.04–.07 Understanding the entity and its environment 3.23–.31, 6.30–.32 Written representations 3.50, 3.67–.68 FINANCIAL STATEMENTS Audits of See financial statement audit Consolidated 4.75, 13.10, Example 4-2 at 4.89 Material noncompliance risk effect 10.13 Noncompliance evaluation and reporting 10.60 FINDINGS, AUDIT See audit findings FISCAL YEAR AUDIT PERIODS 6.16 ©2019, AICPA FOLLOW-UP PROCEDURES Auditee responsibilities 10.68–.69 Auditor responsibilities 10.70 Compliance audits 10.68–.74 Corrective action plan 10.73 Disputes or unresolved findings 10.74 Prior audit findings 5.23, 10.70–.72, 13.50–.55 Reporting audit findings 5.23, 10.72, 13.39, 13.53–.55 Uniform Guidance requirements 5.23, 6.56 FOOD COMMODITIES AND DONATED PROPERTY Table 7-2 at 7.19 FOR-PROFIT ENTITIES 5.20, 12.30, 12.42 FOREIGN ENTITIES 5.20, 12.43 FORMULA GRANTS 5.14 FRAUD CONSIDERATION Abuse having potential for 3.53–.55 Audit planning for compliance audit 6.36, 6.41–.46, Table 6-1 at 6.46 Auditor responsibilities 10.49 Communication 3.42, 4.26–.30, 4.73–.74 Financial statement audit considerations 3.36–.42, 3.56 Government Auditing Standards reporting Exhibit 4-1 at 4.39 Management inquiry about fraud risk 6.43 Material misstatement due to 3.23–.24, 3.36–.42 Material noncompliance due to 6.41–.46, 10.55, Table 6-1 at 6.46 Reporting 4.07, 4.24–.30, 4.39–.45, 4.60, 13.39, Exhibit 4-1 at 4.39 FRAUD RISK 6.41, Table 6-1 at 6.46 FREE RENT Table 7-2 at 7.19 FREEDOM OF INFORMATION ACT 4.85–.86, 6.54, 13.65 FREQUENTLY ASKED QUESTIONS (FAQS), UNIFORM GUIDANCE 5.50, 7.11, 9.06, 10.73, 12.47, 13.50 FURTHER AUDIT PROCEDURES 3.32, 10.08–.09 G GAAP See generally accepted accounting principles GAAS See generally accepted auditing standards GAO See Government Accountability Office (GAO) GAQC See Government Audit Quality Center GAS See Government Auditing Standards GENERALLY ACCEPTED ACCOUNTING PRINCIPLES (GAAP) 4.75, 6.13, 6.15, 13.09–.10, 13.35 AAG-GAS GEN 474 Government Auditing Standards and Single Audits GENERALLY ACCEPTED AUDITING STANDARDS (GAAS) Compliance audit 10.02–.03 Documentation 6.53, 8.18 Federal award audit 5.05, 5.07, 6.01, 6.03, 6.07 Financial statement audit 3.01, 4.02–.04, 4.06 Fraud considerations 3.36 Government Auditing Standards and 1.04 Group audit considerations 6.59 Independence 2.07 Internal control components 9.12 Materiality consideration in audit 6.48 Nonaudit services 2.18 Program-specific audits 14.09 Reporting requirements 4.06, 13.02, 13.07–.08, 13.37, 14.09, Table 13-1 at 13.08 State and local compliance requirements 6.71 Terms of engagement 6.09 Use of must compared to should 5.32, 8.23, 12.49, 13.35 Written representations 3.67 GOCO See government owned, contractor operated facility GOVERNMENT ACCOUNTABILITY OFFICE (GAO) 1.01, 5.09 GOVERNMENT ACCOUNTING STANDARDS BOARD (GASB) 10.60 GOVERNMENT AUDIT QUALITY CENTER (GAQC) 2.27 GOVERNMENT AUDITING STANDARDS (GAS) Additional requirements 1.14–1.15 Applicability 1.12–.13 Audit findings reporting requirements 4.56–.63, 13.43, 13.54–.55, Table 4-1 at 4.12 Competence 2.34–.42 Compliance audits 10.02–.03, 10.72 Corrective action plan 10.73 Documentation 6.53, 8.18 Ethical principles 2.02–.05 External peer review 2.46–.50 Financial statement audit See financial statement audit Follow-up findings 10.72 General standards 2.01, 2.06–.50 Generally 1.01–.19 Independence 2.07–.30, Appendix at 2.51 Insufficient subrecipient monitoring 12.37 Pass-through entity monitoring of subrecipients 12.32 Peer review report for auditor services 5.24 Professional judgment 2.31–.33 Program-specific audits 5.46, 14.04, 14.09 Quality control and assurance 2.43–.45 Reporting See auditor’s reports AAG-GAS GEN GOVERNMENT AUDITING STANDARDS (GAS)—continued Single Audit Act overview See also single audit 5.02 State and local compliance requirements 6.71 Summary schedule of prior audit findings 10.69 Terminology 1.11, 1.16–.19 Terms of engagement 1.15 Uniform Guidance audit compliance with 5.18, 6.01, 6.03, 6.07 Use of must compared to should 5.32, 8.23, 12.49, 13.35 GOVERNMENT AUDITORS 2.16 GOVERNMENT MANAGEMENT REFORM ACT OF 1994 8.13 GOVERNMENT OWNED, CONTRACTOR OPERATED FACILITY (GOCO) 5.10 GOVERNMENT-WIDE EVALUATION OF SINGLE AUDIT QUALITY 5.47 GOVERNMENTAL AUDIT REQUIREMENT, DEFINED 6.04 GRANT AGREEMENTS, REPORTING ON See also noncompliance with contract and grant agreement provisions 13.20 GROUP AUDITS 3.16, 4.78–.84, 6.57–.59, Table 4-3 at 4.83 GUARANTEED/INSURED LOANS 5.14 H HAPHAZARD SELECTION 11.95, 11.97–.98 HIGH-RISK TYPE B MAJOR PROGRAMS 8.14–.16, 8.23–.32 I IHE See institutions of higher learning IN-RELATION-TO OPINION 7.22–.23, 7.37–.39, 13.19 IN-RELATION-TO REPORTING 13.11–.13 INCENTIVES OR PRESSURES, FRAUD RISK FACTORS Table 6-1 at 6.46 INCLUSION OPTION, COMPONENT AUDITOR REFERENCES 4.79–.83, Table 4-3 at 4.83 INDEPENDENCE 2.07–.30 AICPA compared to GAS 2.28–.30 Conceptual framework 2.09, 2.12–.16, 2.29, Appendix at 2.51 Documentation of 2.27 Generally 2.06–.11 Nonaudit services 2.17–.26, 2.30 Single Audit Act and 5.02 Threats to 2.09–.20, 2.22–.26 ©2019, AICPA 475 Subject Index INDEPENDENT ACCOUNTING FIRMS, ENGAGEMENT OF 6.59 INDIAN TRIBE, FREQUENCY OF FEDERAL AWARD AUDIT 5.19 INDIRECT COSTS De minimis rate 7.09, 12.47 Proposals 5.24, 6.74 Rates for subrecipients of pass-through entity 12.47 INDIVIDUALLY IMPORTANT ITEMS IN COMPLIANCE TESTING 11.18–.28 INFORMATION AND COMMUNICATION SYSTEMS 3.27, 9.12, 9.21 INFORMATION TECHNOLOGY (IT) 9.21 INHERENT RISK OF NONCOMPLIANCE Audit sampling 11.73, 11.81–.83 Defined 6.28 Factors suggesting 11.67 Major program determination 8.32 Risk assessment procedures 6.34, 6.38 Tests 6.33 INITIAL-YEAR AUDIT CONSIDERATIONS 6.18–.19 INQUIRY, IN COMPLIANCE AUDITS 11.13 INSTANCES OF NONCOMPLIANCE As audit findings 10.54–.55 Material 10.12, 13.22 INSTITUTIONS OF HIGHER LEARNING, LOANS AT (IHE) Table 7-2 at 7.19 INSTRUMENT SETTING FORTH TERMS AND CONDITIONS FOR FEDERAL AWARD 5.10 INSURANCE 5.14, Table 7-2 at 7.19 INTENTIONAL DEVIATIONS OR EXCEPTIONS 11.103 INTERNAL AUDIT FUNCTION 3.13, 6.60–.69 INTERNAL CONTROL Communication about 3.66 Defined 9.02 Over compliance See internal control over compliance Over financial reporting See internal control over financial reporting Understanding 3.25–.28 INTERNAL CONTROL OVER COMPLIANCE 9.01–.64 Audit sampling See audit sampling Auditee responsibilities 5.36, 9.04–.08 Auditor responsibilities 9.09–.10, 9.60 Compliance audit planning 10.37 Components of control 9.12, 9.19 Control risk of noncompliance See control risk of noncompliance ©2019, AICPA INTERNAL CONTROL OVER COMPLIANCE—continued Deficiency in See also significant deficiency in internal control over compliance Appendix at 3.71 Definitions 9.02–.03, 9.11 Direct and material compliance requirements 9.18–.60 Documentation 9.18–.19, 9.61–.64 Efficient approach to testing 6.14 Generally 9.01 Individual major program consideration 9.13–.60 Material weaknesses See material weakness in internal control over compliance Multiple organizational units 9.25 Noncompliance detection or prevention and ineffective control 9.33–.35 Objectives 9.11 Planning tests of controls 6.14, 9.29–.32 Report on See report on internal control over financial reporting and on compliance and other matters Risk assessment procedures 6.30–.33 Risk criteria for major program determination 8.25–.27 Schedule of expenditures of federal awards 7.31–.33 Significant deficiency in See significant deficiency in internal control over compliance Subawards 9.26, 12.25 Testing of operating effectiveness See also tests of controls 9.09, 9.17, 9.27–.60 Uniform Guidance on responsibility for Table 5-1 at 5.08 INTERNAL CONTROL OVER FINANCIAL REPORTING Auditee responsibilities 5.36 Auditor responsibilities 9.01, 9.10 Auditor’s reports 13.03, Table 13-1 at 13.08 Deficiencies or material weaknesses 9.49 Defined 9.11 Examples of deficiencies in Appendix at 3.71 GAS distinguished from other standards 4.13–.23, Table 4-1 at 4.12, Table 4-2 at 4.22 Objectives 9.11 Reporting on See report on internal control over financial reporting and on compliance and other matters INTERNAL SPECIALISTS 2.41–.42 INTERNATIONAL AUDITING AND ASSURANCE STANDARDS BOARD 1.03 IT See information technology J JUDGMENT See professional judgment AAG-GAS JUD 476 Government Auditing Standards and Single Audits L LAWS AND REGULATIONS, COMPLIANCE WITH See also noncompliance with laws and regulations 3.07, 3.43–.52 LEGISLATIVE COMMITTEES 3.65 LETTERS Engagement letters 3.07 Management letters 4.73–.74, 13.49 LOANS AND LOAN GUARANTEES Continuing compliance requirements 7.20–.21 Schedule of expenditures of federal awards 7.09 Type A major programs 8.06–.08, Table 8-2 at 8.07 LOCAL GOVERNMENTS See state and local governments LOW ASSESSED LEVEL OF CONTROL RISK OF NONCOMPLIANCE 9.27–.29, 9.31, 9.41 LOW-RISK AUDITEES 5.30, 8.21 LOW-RISK TYPE A FEDERAL AWARD PROGRAMS 8.09–.12 M MAGNITUDE OF POTENTIAL NONCOMPLIANCE 9.53, 11.115 MAJOR PROGRAMS 8.01–.32 Abuse consideration 10.50 Audit documentation 8.18, 10.75–.76 Audit planning 6.21 Audit procedures 10.14–.74 Audit risk of noncompliance 10.07–.09 Audit sampling 11.42–.43, 11.49, 11.94 Auditee responsibilities 5.04, 10.04–.05 Auditor responsibilities 10.14–.15 Compliance auditing considerations 10.01–.80, Examples 13-1 to 13-6 at 13.66 Defined 5.07 Determination of 8.01–.32, Exhibit 8-1 at 8.02 Direct and material compliance requirements 9.18–.23, 10.17–.32 Engagement planning 10.33–.36 Federal agency selection of additional 5.32, 8.20 Follow-up procedures 10.68–.74 Fraud consideration 10.49 Internal audit function 6.60 Internal control over compliance 9.01–.64, 10.37 Low-risk auditee criteria 8.21 Management representations 10.77–.79 Materiality considerations 6.52, 9.49, 10.10–.13 AAG-GAS LAW MAJOR PROGRAMS—continued Noncompliance evaluation 10.54–.67 Objectives 10.02–.03, 10.46 Pass-through entity requests for additional 8.20 Professional judgment 8.19, 10.06 Reporting on internal control over compliance 13.21–.29, Examples 13-1 to 13-6 at 13.66 Risk assessment procedures 6.30, 6.33–.34, 8.18–.19, 8.22–.32 State and local governments 10.80 Subsequent events 10.51–.53 Testing procedures 10.38–.48 MANAGEMENT Auditor’s assumption of responsibilities 2.20 Auditor’s clarification on not providing opinion 4.55 Communication with See management, communication with Compliance audit responsibilities 10.04–.05 Inquiries of 3.24 Nonaudit service skills documentation 2.30 Override of controls risk 6.44 Response to audit findings 13.27 Schedule of expenditures of federal awards responsibilities 7.25 Terms of engagement 3.07, 12.36 MANAGEMENT, COMMUNICATION WITH Audit findings 13.27, 13.44, 13.49 Audit planning 6.35 Follow-up procedures 10.71 Fraud 3.42, 4.26–.30, 4.73–.74 Inquiry about fraud risk 6.43 Internal control matters 4.15–.23, 13.36 Legal and regulatory compliance 3.03, 3.46–.49 Noncompliance 4.73–.74 Schedule of expenditures of federal rewards 7.25–.26 Schedule of findings and questioned costs 13.49 Terms of engagement 1.15, 3.04–.07, 6.08–.09 MANAGEMENT DECISION 10.64 MANAGEMENT LETTERS 4.73–.74, 13.49 MANAGEMENT REPRESENTATIONS See written representations MATERIAL COMPLIANCE REQUIREMENTS See direct and material compliance requirements MATERIAL INSTANCE OF NONCOMPLIANCE, DEFINED 10.12, 13.22 MATERIAL MISSTATEMENT Due to fraud 3.23–.24, 3.36–.42 Due to noncompliance with laws and regulations 3.43–.52 Further audit procedures 3.32 ©2019, AICPA 477 Subject Index MATERIAL MISSTATEMENT—continued Risk assessment 3.23–.31, 3.40–.42, 6.37 Schedule of expenditures of federal awards 7.29 MATERIAL NONCOMPLIANCE See also material weakness in internal control over compliance Audit risk of See audit risk of noncompliance Audit sampling considerations 11.73–.83, Table 11-2 at 11.74 Desired level of assurance 11.81–.82 Detection of risk of material noncompliance 6.29 Due to fraud 6.41–.46, 10.49, 10.55, Table 6-1 at 6.46 Evaluating internal control tests 9.40–.41, 9.44–.46 Financial statement effects 10.13 Major program auditing 10.12–.13 Reporting 6.51, 13.22, 13.39 Risk assessment 6.36–.46, 9.14, 9.16, Table 6-1 at 6.46 Schedule of findings and questioned costs 13.39 MATERIAL WEAKNESS IN INTERNAL CONTROL OVER COMPLIANCE 9.47–.60 Assessing severity of deficiencies leading to 9.50–.52 Clusters of programs 9.60 Combination effect in assessing 9.54 Component auditor references 4.83–.84 Conditions for 9.57–.59 Defined 9.48 Detecting ineffective control 9.33–.35, 9.55–.57 Magnitude of potential noncompliance 9.53, 11.115 Reporting 4.07, 4.13–.16, 4.19–.23, 4.54, 13.26, 13.39, Table 4-2 at 4.22 Risk factors 9.52 Subrecipient monitoring 12.35 Testing operating effectiveness of controls 9.47–.60 Types of major programs 9.49 MATERIALITY Audit findings reporting 6.50–.52 Audit planning considerations 6.47–.52 Audit risk of noncompliance 6.25–.46 Compliance audits 6.48–.52, 10.10–.13 Financial statement audit 3.17–.18, 6.48–.49 Schedule of expenditures of federal awards 7.26–.27 Subawards 12.24 Tolerable exception rate for compliance tests 11.85 MISSTATEMENTS See also material misstatement 3.17, 3.35, 3.59 MODIFIED OPINION 4.03 MONITORING COMPONENT OF INTERNAL CONTROL 3.27, 9.12 MULTIPLE MAJOR PROGRAMS, AUDIT SAMPLING 11.42–.43, 11.94 MULTIPLE ORGANIZATIONAL UNITS 9.25, 10.36, 11.44–.45 N NATIONAL CREDIT UNION ADMINISTRATION 7.18 NATIONAL CREDIT UNION SHARE INSURANCE FUND 5.27 NFPs See not-for-profit entities NONAUDIT SERVICES 2.17–.26, 2.30, 3.07, 5.24, 13.57 NONCASH AWARDS 7.17–.18 NONCOMPLIANCE Audit risk of See audit risk of noncompliance Contracts and grants See noncompliance with contract and grant agreement provisions Control risk of See control risk of noncompliance Detection risk of 6.29, 6.34 Evaluation and reporting 10.54–.67 Federal agency consideration of findings 10.63–.64 Financial statement effect 10.60 GAS reporting Exhibit 4-1 at 4.39 Inherent risk of See inherent risk of noncompliance Material See material noncompliance Questioned costs 10.61–.64, 10.67 Reporting 4.84, 10.65–.67, Exhibit 4-1 at 4.39, Table 4-3 at 4.83 Subrecipients 12.40 With laws and regulations See noncompliance with laws and regulations NONCOMPLIANCE WITH CONTRACT AND GRANT AGREEMENT PROVISIONS Communication about 4.73–.74 Reporting on 4.07, 4.35–.38, 4.40–.45, 10.65, 13.20 Subrecipient monitoring 12.35 NONCOMPLIANCE WITH LAWS AND REGULATIONS Material misstatement due to 3.43–.52 Reporting on 4.07, 4.31–.34, 4.40–.45, 10.65 Subrecipient monitoring 12.36 MEDICAID 5.27, 7.18, 12.05 NONFEDERAL ENTITY, DEFINED See also subawards 6.15, 12.02 MEDICARE 5.27, 7.18 NONSTATISTICAL SAMPLING 11.95 ©2019, AICPA AAG-GAS NON 478 Government Auditing Standards and Single Audits NOT-FOR-PROFIT ENTITIES (NFPs) 1.01, 1.11, 5.19, 13.10, Example 4-2 at 4.89 NOTES TO SCHEDULE OF EXPENDITURES OF FEDERAL AWARDS, REQUIRED INFORMATION 7.09 O OBJECTIVES, AUDIT See audit objectives OVERRIDE OF CONTROLS BY MANAGEMENT 6.44 OVERSIGHT AGENCIES 4.87–.88, 5.44–.45, 6.70 OVERSIGHT EXERCISED BY FEDERAL AGENCIES AND PASS-THROUGH ENTITIES 8.30–.31 P OBSERVATION, IN COMPLIANCE AUDITS 11.13 PASS, EXTERNAL PEER REVIEW REPORT 2.47 OFFICE OF MANAGEMENT AND BUDGET (OMB) See Compliance Supplement; Uniform Guidance PASS-THROUGH ENTITIES See also contractors; subrecipients 12.01–.49 Additional major program audit requests 8.20 Applicability of Uniform Guidance 12.03–.07 Defined 12.02 Federal awards identification 7.04 Generally 12.01 Management decision responsibility 10.64 Relationship to contractor 12.13 Relationship to subrecipients 12.12, 12.14 Reporting considerations 12.38–.41 Schedule of expenditures of federal awards 7.04, 7.15–.16 Single audit considerations 5.25, 12.19–.44 Subaward identification 7.04 ON-SITE REVIEWS 6.72–.73 OPERATING EFFECTIVENESS OF INTERNAL CONTROL, TESTS OF See tests of controls OPINION Adverse 4.03, 13.15, 13.22 As sole responsibility of external auditor 6.61 Compliance audits 10.03, 10.56–.59, 10.62 Disclaimer of See disclaimer of opinion Federal award audit report 5.21 Financial statement audit 4.02–.03, 4.46–.47, 6.12–.13, Examples 4-1 to 4-2 at 4.89 In-relation-to 7.22–.23, 7.37–.39, 13.19 Insufficient subrecipient monitoring system 12.35, 12.37 Issuing an opinion under AU-C Section 805 7.38–.40 Modified 4.03 On management’s response to audit findings 13.27 Program-specific audit Example 14-1 at 14.16 Qualified 4.03, 13.11, 13.22–.25 Reporting audit findings 13.39 Reporting on not providing opinion on management’s response 4.55 Requirement for 13.03, Table 13-1 at 13.08 Schedule of expenditures of federal awards 13.11, 13.20 Scope of audit limitations 13.23–.25 OPPORTUNITIES, FRAUD RISK FACTORS Table 6-1 at 6.46 OTHER CLUSTERS, FEDERAL PROGRAMS 5.31 OTHER INFORMATION (OI), UNMODIFIED OPINIONS ON FINANCIAL STATEMENTS Examples 4-1 to 4-2 at 4.89 OTHER-MATTER PARAGRAPHS 4.03, 7.37, 13.30 AAG-GAS NOT PASS WITH DEFICIENCIES, EXTERNAL PEER REVIEW REPORT 2.47 PAYMENT METHODS FOR FEDERAL AWARDS 5.15 PCAOB See Public Company Accounting Oversight Board PEER REVIEW, EXTERNAL 2.46–.50 PERCENTAGE-OF-COVERAGE RULE 8.17 PERSONALLY IDENTIFIABLE INFORMATION (PII) PROTECTION 9.07–.08, 13.47–.48, 13.59 POPULATION FOR COMPLIANCE TESTING Defining 11.33–.41 Expected population exception rate 11.86–.87 Procedures applied to every item 11.18–.20 Size compared to sample size 11.51 Testing of small populations 11.88–.91, Table 11-3 at 11.88 PORTIONS OF ENTITY NOT AUDITED 4.75–.77 PRECEDING PERIOD AUDITED BY ANOTHER AUDITOR 6.18 PRIOR AUDITS Federal program risk criteria 8.28 Major program determination 8.12 ©2019, AICPA 479 Subject Index PRIOR AUDITS—continued Reporting See summary schedule of prior audit findings Tests to evaluate effectiveness of controls 9.38 PROCUREMENT OF AUDIT SERVICES 5.24 PROFESSIONAL JUDGMENT Analyzing threats to independence 2.14 Assessing material noncompliance due to fraud 6.43 Audit sampling 11.03, 11.38 Clusters of programs 11.46–.48 Communications with other entities 3.15 Compliance audits 5.18, 6.05, 10.06, 10.11, 10.14 Component auditor references 4.84 GAS distinguished from AU-C 265 Table 4-1 at 4.12 Government Auditing Standards 1.08, 2.06, 2.31–.33 Group audit considerations 6.57 Low assessed level of control risk of noncompliance 9.28 Major program determination 8.14, 8.19 Materiality consideration 11.85, 12.24 Subawards 12.11 Test of operating effectiveness of internal control over compliance 9.29, 9.42 Working with other auditors 13.32 PROFESSIONAL SKEPTICISM 2.32, 3.38 PROGRAM CLUSTERS See clusters of programs PROGRAM-SPECIFIC AUDITS 14.01–.16 Audit guide availability 14.04–.05 Audit requirements of Uniform Guidance 14.03 Auditee responsibilities 14.06 Auditor responsibilities 14.07 Compliance audit requirement 5.01 Compliance Supplement as resource for 6.24 Data collection form 14.13–.15 Defined 14.01 Financial statements 14.10–.11, Example 14-1 at 14.16 Generally 5.46, 14.01 Reporting 14.09–.15, Appendix at 14.16 Requirements when audit guide not available 14.05–.11, 14.14 Scope of audit 14.07 Subrecipient monitoring 12.28–.33 Using to satisfy Uniform Guidance requirements 14.02 PROJECT GRANTS 5.14 PROTECTED PERSONALLY IDENTIFIABLE INFORMATION (PROTECTED PII) 9.07–.08, 13.47–.48, 13.59 ©2019, AICPA PUBLIC COMPANY ACCOUNTING OVERSIGHT BOARD (PCAOB) 1.03 Q QUALIFIED OPINION 4.03, 13.11, 13.22–.25 QUALITY CONTROL AND ASSURANCE, GAS 2.06, 2.43–.45 QUALITY CONTROL STANDARDS, OVERVIEW OF STATEMENTS Appendix A QUESTIONED COSTS See also schedule of findings and questioned costs Analyzing observed deviations or exceptions 11.104 Audit findings decision 11.128 Calculating likely 11.119–.124 In conclusion on tests of compliance 11.131–.132 Noncompliance evaluation and reporting 10.61–.64, 10.67 Reporting audit findings 11.08–.09, 13.39, Example 13-7 at 13.66 Subrecipient level 12.41 R RANDOM SELECTION 11.96 RATIONALIZATIONS, FRAUD RISK FACTORS Table 6-1 at 6.46 R&D CLUSTER, FEDERAL PROGRAMS 5.31 REASONABLE CARE 2.32 RECIPIENTS See also subrecipients Defined 12.02 Eligibility for compliance audit 12.03 Multiple status 12.08 REFERENCE MATERIALS, UNIFORM GUIDANCE 5.51 REFERENCE NUMBERS, AUDIT FINDINGS 4.63, 13.45 REFERENCE OPTION, COMPONENT AUDITOR REFERENCES 4.79–.83 REGULATIONS AND LAWS, COMPLIANCE WITH See also noncompliance with laws and regulations 3.07, 3.43–.52 REISSUED REPORTS 13.30–.31 REPORT ON INTERNAL CONTROL OVER FINANCIAL REPORTING AND ON COMPLIANCE AND OTHER MATTERS Abuse consideration 4.38, 4.40–.42, 4.60 Dating reports 13.29 Elements of 4.53–.55 Fraud consideration 4.25–.30, 4.60 GAAS requirements 4.13–.23 GAS distinguished from AU-C 265 Table 4-2 at 4.22 AAG-GAS REP 480 Government Auditing Standards and Single Audits REPORT ON INTERNAL CONTROL OVER FINANCIAL REPORTING AND ON COMPLIANCE AND OTHER MATTERS—continued GAS findings requirements for report 4.56–.63, Table 4-1 at 4.12 Generally 4.07–.11, 4.52 Group audits 4.79–.83, Table 4-3 at 4.83 Illustrative reports Examples 4-3 to 4-9 at 4.89, Examples 13-1 to 13-6 at 13.66 Material weakness in 4.13–.16, 4.19–.23, 13.26, Table 4-2 at 4.22 Noncompliance with contract and grant agreement provisions 4.38, 4.40–.42 Noncompliance with laws and regulations 4.31–.34, 4.40–.42 Opinion 13.03, Table 13-1 at 13.08 Portions of entity not audited in accordance with GAS 4.75, 4.77 Program-specific audit Example 14-2 at 14.16 Separate reports 4.10–.11 Significant deficiencies 4.13–.16, 4.19–.23 Work of component auditor 4.79–.83, Table 4-3 at 4.83 REPORTING IN A SINGLE AUDIT See also auditor’s reports 13.01–.66 Basis of accounting 13.09 Corrective action plan summary 13.50–.52, 13.54–.55 Data collection form 13.56–.64 Deviation from GAAP by federal awarding agency regulation 13.10 Financial statements 5.05–.06, 13.09–.10 Follow-up procedures 5.23, 10.72, 13.39, 13.53–.55 Fraud 4.07, 4.24–.30, 4.39–.45, 13.39, Exhibit 4-1 at 4.39 Generally 13.01–.08, Table 13-1 at 13.08 Illustrative reports 13.06–.07, Table 13-1 at 13.08, Appendix at 13.66 Internal control over compliance See also report on internal control over financial reporting and on compliance and other matters 13.21–.29 Materiality level for audit findings 6.50–.52 Noncompliance Exhibit 4-1 at 4.39 On compliance 5.21–.23, 13.03, 13.21–.29, Table 5-1 at 5.08, Examples 13-1 to 13-2 at 13.66 Other auditors 13.32 Partial nature of audit 13.33 Prior audit findings summary 13.50–.55 Protected personally identifiable information 13.47–.48 Reissuance of Uniform Guidance compliance report 13.30–.31 Schedule of expenditures of federal awards 7.36–.37, 13.09, 13.11–.20, 13.28, Examples 13-1 to 13-6 at 13.66, Example 13-8 at 13.66 AAG-GAS REP REPORTING IN A SINGLE AUDIT—continued Schedule of findings and questioned costs 13.34–.46, Table 13-2 at 13.36, Example 13-7 at 13.66 Subawards 12.38–.41 Tests of controls 4.08 REPORTING PACKAGE Auditee responsibilities 5.38–.39, 13.05 Distribution to federal agencies 13.62–.64 Program-specific audit 14.13–.15 Submission of 13.05, 13.61–.64 Timing of completion 6.20 REPRESENTATIONS See written representations REQUIRED SUPPLEMENTARY INFORMATION (RSI), UNMODIFIED OPINION ON BASIC FINANCIAL STATEMENTS—STATE OR LOCAL ENTITY Example 4-1 at 4.89 RESEARCH AND DEVELOPMENT (R&D) 5.31 RESPONSIBLE OFFICIALS, VIEWS OF 4.64–.67 RETENTION OF DOCUMENTS 6.54–.55 REVIEWS, DESK OR ON-SITE 6.72–.73 RISK See also audit risk of noncompliance Aggregation 6.58 Assessing See risk assessment Criteria for federal program 8.23–.32 Major program determination See risk-based approach, major program determination Sampling 11.112–.114, 11.125–.128 Significant 3.31 RISK ASSESSMENT As internal control component 3.27 Component of internal control 9.12, 9.14–.17 Direct and material compliance requirements 6.30, 10.37 Documentation 8.18 Financial statement audit 3.23–.31 Internal control over compliance 6.30–.33 Major programs 6.30, 6.33–.34, 8.18–.19, 8.22–.32 Material noncompliance 6.36–.46, 9.14, 9.16, Table 6-1 at 6.46 Testing sample size table and inputs 11.72–.74 RISK-BASED APPROACH, MAJOR PROGRAM DETERMINATION 8.02–.32 Application flowchart Exhibit 8-1 at 8.02 Audit scope 6.21 Current audit experience 8.24–.27 Documentation of risk assessment 8.18 Federal programs not recently audited as major 8.29 High-risk type B programs 8.14–.16, 8.23–.32 Inherent risk of noncompliance 8.32 ©2019, AICPA 481 Subject Index RISK-BASED APPROACH, MAJOR PROGRAM DETERMINATION—continued Initial-year audits 6.19 Low-risk auditees 8.21 Low-risk type A programs 8.09–.12 Oversight by federal agencies and pass-through entities 8.30–.31 Percentage-of-coverage rule 8.17 Prior audit experience 8.28 Risk criteria 8.22–.32 Type A and type B program identification 8.02–.16, 8.22–.32, Table 8-1 at 8.04, Table 8-2 at 8.07 Type A program considered other than low risk at request of federal awarding agency 8.13 Uniform Guidance requirement for 5.29, 6.19, 6.21 ROUTINE ACTIVITIES, NONAUDIT SERVICES 2.18 RSI See required supplementary information S SAFEGUARDS AGAINST THREATS TO INDEPENDENCE, DEFINED 2.11, 2.15 SALE, EXCHANGE, OR DONATION OF PROPERTY AND GOODS 5.14 SAMPLE SIZE FOR AUDIT 11.60–.91 Compared to population size 11.51 Determining 11.60–.91, Table 11-1 at 11.61 Generally 11.60 Testing small populations 11.88–.91, Table 11-3 at 11.88 Testing table and inputs 11.72–.87, Table 11-2 at 11.74 SAMPLING, GENERALLY See audit sampling SAMPLING RISK 11.112–.114, 11.125–.128 SAMPLING UNIT 11.39–.41 SCANNING ANALYTICAL PROCEDURE, COMPLIANCE AUDIT 11.17 SCHEDULE OF CHANGES MADE TO TEXT FROM PREVIOUS EDITION Appendix B SCHEDULE OF EXPENDITURES OF FEDERAL AWARDS 7.01–.41 Audit considerations 5.06, 7.22–.37 Auditee responsibilities 5.06, 5.33, 6.10, 7.05, 7.30 Basis of accounting 7.07, 7.28, Table 7-1 at 7.07 CFDA number as not available 7.14 Documentation requirements 7.34 Federal agency requirements 7.03–.04, 7.08 Federal financial assistance value determination 7.17–.21 ©2019, AICPA SCHEDULE OF EXPENDITURES OF FEDERAL AWARDS—continued General presentation requirements 7.06–.14 Generally 5.05–.06, 7.01–.02 Identification of federal awards 7.03–.05 Illustrative examples Appendix at 7.41, Examples 13-1 to 13-6 at 13.66, Example 13-8 at 13.66 In-relation-to opinion 7.22–.23, 7.37, 13.19 Inclusion of nonfederal awards 7.12 Internal control over compliance 7.31–.33 Issuing an opinion under AU-C Section 805 7.38–.40 Lack of agreement with other federal award reporting 7.24–.29 Management representations 7.35 Objectives of single audit 5.04 Organizing content of 7.11 Pass-through entities 7.04, 7.15–.16 Providing additional information 7.10 Reporting 7.36–.37, 13.09, 13.11–.20, 13.28, Examples 13-1 to 13-6 at 13.66, Example 13-8 at 13.66 Required content 7.08–.09 State award considerations 7.12–.13 Subawards 7.04, 7.15–.16, 12.38, 12.48 Subsequent events 7.36 Timing of expenditure 12.04 Type A and B major program determination 8.03 SCHEDULE OF FINDINGS AND QUESTIONED COSTS Abuse considerations 13.41 Auditee responsibilities 10.68 Communicating to management 13.44, 13.49 Corrective action plan 10.73 Detail of findings 13.42–.44 Financial statement audit 13.37–.38, 13.40–.41 Follow-up on prior audit findings 5.23, 10.72, 13.50–.55 Generally 13.03, 13.34 Illustrative example Example 13-7 at 13.66 Reference numbers 13.45 Required inclusions 13.35–.36, 13.39, Table 13-2 at 13.36 Requirement to include in single audit report 13.46 SCHEDULE OF PRIOR AUDIT FINDINGS See summary schedule of prior audit findings SCOPE OF AUDIT 4.76–.77, 5.29, 13.15, 13.23–.25, 14.07 SENSITIVE AND CONFIDENTIAL INFORMATION 4.29, 4.69–.72 SF-SAC See data collection form SFA See Student Financial Assistance SI See supplementary information AAG-GAS SI 482 Government Auditing Standards and Single Audits SIGNIFICANT CONTROLS, DETERMINING FOR TESTING 11.63–.65 SIGNIFICANT DEFICIENCY IN INTERNAL CONTROL OVER COMPLIANCE Assessing severity 9.50–.52 Audit sampling to test for 11.63–.66 Clusters of programs 9.60 Combination effect in assessing significance 9.54 Compensating controls 9.55 Component auditor references 4.83–.84 Defined 9.48 Design of controls 9.59 Examples Appendix at 3.71 GAS distinguished from AU-C 265 Table 4-2 at 4.22 Magnitude of potential noncompliance factor 9.53, 11.115 Operation of controls 9.59 Reporting 4.07, 4.13–.23, 13.39, Table 4-2 at 4.22 Schedule of findings and questioned costs 13.39 Subrecipient monitoring 12.35 Tests of controls 9.47–.60 Type of major program 9.49 SIGNIFICANT RISK 3.31 SINGLE AUDIT See also Uniform Guidance Adapting and applying standards to compliance audit 6.03 Audit costs 5.25 Audit planning 6.01–.74 Audit risk of noncompliance 6.26 Audit sampling See audit sampling Audit threshold 5.09 Auditee responsibilities 5.33–.39 Basis for determining when federal awards are expended 5.26–.27 Compliance audit See compliance auditing Defining entity to be audited 5.16 Documentation areas in 6.53 Financial statements See financial statement audit Generally 5.01–.02 Government-wide evaluation of single audit quality 5.47 Major program determination 5.29–.32, 8.01–.32 Objectives 5.04 Pass-through entities 12.01–.49 Reporting matters See also reporting in a single audit 5.21–.23 Schedule of expenditures See schedule of expenditures of federal awards Subrecipients See subrecipients SINGLE AUDIT ACT (1984) See also Uniform Guidance Audit costs 5.25 Compliance Supplement See Compliance Supplement AAG-GAS SIG SINGLE AUDIT ACT (1984)—continued Generally 5.01–.02 Objectives of single audit 5.04–.08 Subrecipient monitoring 12.26 Terminology in guide as comparable to 1.11, 1.13 SINGLE AUDIT ACT AMENDMENTS (1996) 1.01, 5.01, 6.54, Supplement A SMALL POPULATIONS 11.88–.91, Table 11-3 at 11.88 SPECIAL PURPOSE FRAMEWORK 6.13, 13.09 SPECIALISTS 2.41–.42 STATE AND LOCAL GOVERNMENTS Cluster of programs designation 12.44 Combining of federal awards 5.12 Compliance audits 10.80 Compliance requirements 6.71 Frequency of federal award audit 5.19 Government Auditing Standards 1.01 Inclusion in schedule of expenditures of federal awards 7.12–.13 Medicare or Medicaid arrangements as federal expenditure 5.27 Portions of entity not audited in accordance with GAS 4.77 Presence of additional audit requirements 1.10 Unmodified opinion on basic financial statements with RSI and OI Example 4-1 at 4.89 STATISTICAL SAMPLING 11.95 STRATEGY, AUDIT 3.08–.09 STUB PERIODS 6.17 STUDENT FINANCIAL ASSISTANCE (SFA) 5.31, 10.30 SUBAWARDS 12.01–.49 Applicability of federal awards to subrecipients 12.03–.07 Compliance audits 12.19–.44 Contractor compliance 12.15–.18 Contractor status characteristics 12.10–.11 Defined 7.15, 12.02 Generally 12.01 Monitoring subrecipients 12.30–.32 Pass-through entity and subrecipient relationship 12.12 Pass-through entity and subrecipient status together 12.14 Recipient and contractor relationship 12.13 Reporting considerations 12.38–.41 Schedule of expenditures of federal awards 7.04, 7.15–.16, 12.38, 12.48 Single audit considerations of pass-through entities 12.19–.44 ©2019, AICPA Subject Index SUBAWARDS—continued Subrecipient audit considerations 12.45–.49 Subrecipient status characteristics 12.09, 12.11 SUBRECIPIENTS 12.01–.49 Additional audit considerations 12.45 Additional compliance requirements 12.46 Applicability of Uniform Guidance 12.03–.07 Audit considerations 12.45–.49 Audit costs 5.25 Audit findings 12.39 Defined 7.15, 12.02 Determination of 7.04, 7.08 Determining status versus contractor 12.22 Eligibility for compliance audit 12.03 Federal program risk 8.27 Generally 12.01 Internal control over compliance 9.26 Major program designation 12.23 Monitoring of subaward 12.39 Relationship to pass-through entities 5.25, 12.04, 12.06, 12.12, 12.14 Reporting considerations 12.38–.41 Schedule of expenditures of federal awards 7.10 Status characteristics for subawards 12.09, 12.11 Status determinations 5.28, 12.08–.11 SUBSEQUENT EVENTS 7.36, 10.51–.53, 13.29 SUMMARY SCHEDULE OF PRIOR AUDIT FINDINGS See also prior audits Auditee responsibilities 5.34, 10.68–.69, 13.50–.51, 13.54 Auditor follow-up 5.23, 10.70–.72, 13.39, 13.50–.54 Program-specific audits 14.07 483 TESTS OF COMPLIANCE—continued Audit sampling related to 10.48, 11.88–.91, Table 11-1 at 11.61, Table 11-2 at 11.74, Table 11-3 at 11.88 Cost principles 10.41, 11.50 GAS requirements 4.39 Generally 10.38–.40 Individually important items in 11.18–.28 Pre-Uniform Guidance compared to Uniform Guidance 13.26 Procedures 10.47 Questioned costs 11.131–.132 Sufficient appropriate audit evidence 10.42–.45 TESTS OF CONTROLS 9.27–.60 Audit planning for efficient 6.14, 9.29–.32 Audit risk of noncompliance 10.39, 10.42–.44 Audit sampling related to 11.29–.30, 11.112–.114 Cluster program considerations 9.60 Compared to understanding controls 9.17, 9.22 Consequences of not performing 9.46 Control risk of noncompliance 6.33, 9.09, 9.27–.35, 9.42–.43 Deviations in 11.52–.53, 11.69–.71 Documentation 9.36, 9.62, 10.41 Dual purpose sampling 11.54–.59 Evaluating results 9.40–.46 Financial statement audits 3.34–.35 GAS requirements 9.09 Material weakness findings 9.47–.60 Overall conclusion on 11.116–.117 Performing tests 9.36–.39 Purpose 11.07 Reporting 4.08 Significant deficiencies findings 9.47–.60 SYSTEMATIC SELECTION WITH RANDOM START 11.99–.100 THOSE CHARGED WITH GOVERNANCE, COMMUNICATION WITH Auditor responsibilities 3.61–.65 Fraud 3.42, 4.27–.30 Internal control deficiencies 4.14–.23 Legal and regulatory compliance 3.49 Legal and regulatory noncompliance 4.32 Planning the audit 3.14 SYSTEMIC DEVIATIONS OR EXCEPTIONS 11.103 THOSE CHARGED WITH GOVERNANCE, DEFINED 3.63 T THREATS TO INDEPENDENCE 2.09–.20, 2.22–.26 TERMINOLOGY USE, GAS 1.11, 1.16–.19 THRESHOLD, AUDIT 5.09 TERMS OF ENGAGEMENT 1.15, 3.04–.07, 6.08–.09, 6.18, 10.33–.36, 12.36 TIMING OF AUDIT COMPLETION AND REPORT SUBMISSION DEADLINES 5.22, 6.20, 14.12 SUPPLEMENTARY AUDIT REQUIREMENTS, IDENTIFYING 6.07 SUPPLEMENTARY INFORMATION (SI) See also schedule of expenditures of federal awards 13.13 TESTS OF COMPLIANCE Abuse consideration 10.50 Administrative requirement 10.41, 11.50 Audit objectives 10.46 ©2019, AICPA TOLERABLE DEVIATION RATE 11.69, 11.109 TOLERABLE EXCEPTION RATE 11.84–.85 AAG-GAS TOL 484 Government Auditing Standards and Single Audits TYPE A MAJOR PROGRAMS Considered other than low risk at request of federal agency 8.13 Criteria Table 8-1 at 8.04 Determination of 8.03–.04, 8.06–.13, 8.22, Table 8-2 at 8.07 Loan and loan guarantee effects 8.06–.08, Table 8-2 at 8.07 Low-risk 8.09–.12 Percentage of coverage rule 8.17 TYPE B MAJOR PROGRAMS Determination of 8.03, 8.05 High-risk 8.14–.16, 8.23–.32 Percentage of coverage rule 8.16 U UNALLOWABLE AUDIT COSTS FOR SUBRECIPIENTS 12.34 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT, FINANCIAL STATEMENT AUDIT 3.23–.31 UNIFORM GUIDANCE (TITLE CFR PART 200) Audit costs 5.24–.25 Audit planning 6.01–.74 Audit sampling See audit sampling Audit threshold 5.09 Auditee responsibilities 5.33–.39 Auditor selection 5.24 Basis for determining when federal awards are expended 5.26–.27 Cognizant agency for audit 5.42–.43 Compliance audit guidance See also compliance auditing 5.07–.08, Table 5-1 at 5.08 Compliance Supplement See Compliance Supplement Federal award types and payment methods 5.10–.15 Federal awarding agency responsibilities 5.40 Financial statement audit reporting guidance 5.05–.06 For-profit entities 5.20 Foreign entities 5.20 Frequency of audits 5.19 Generally 1.01, 1.07, 5.01–.03 AAG-GAS TYP UNIFORM GUIDANCE (TITLE CFR PART 200)—continued Government-wide evaluation of single audit quality 5.47 Internal control over compliance See internal control over compliance Major program determination See also major programs 5.29–.32 Oversight agency for audit 5.44–.45 Pass-through entities See pass-through entities Program-specific audits See program-specific audits Relationship to other audit requirements 5.17–.18 Reporting matters 5.21–.23 Resources 5.50–.51 Single audit considerations See single audit Subrecipient and contractor determinations 5.28 UNMODIFIED OPINION See opinion UNRESOLVED AUDIT FINDINGS 10.74 W WRITTEN COMMUNICATION Alerts restricting use 3.62, 13.12 Component auditor’s reported matters Table 4-3 at 4.83 Engagement letters 3.07 GAS report findings requirements Table 4-1 at 4.12 Management letters 4.73–.74 Reporting under GAS 4.73–.74, 13.27 WRITTEN REPRESENTATIONS Compliance audits 10.77–.79 Financial statement audits 3.50, 3.67–.68 Legal and regulatory compliance 3.50 Refusal to provide 10.79 Related to federal awards 10.77–.79 Schedule of expenditures of federal awards 7.35 Schedule of findings and questioned costs 13.44 Y YELLOW BOOK See Government Auditing Standards ©2019, AICPA ... performed under PCAOB audit standards, GAAS, and Government Auditing Standards 1.04 Government Auditing Standards incorporates by reference AICPA Statements on Auditing Standards. 5 Therefore, auditors... accordance with Government Auditing Standards, this guide • • • • • describes the applicability of Government Auditing Standards discusses the relationship between GAAS and Government Auditing Standards. .. to audits performed in accordance with Government Auditing Standards and to single and program-specific audits under the Uniform Guidance GAO, OMB, and AICPA promulgate applicable standards and