• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
SAS 117 Presentation
 

SAS 117 Presentation

on

  • 1,487 views

 

Statistics

Views

Total Views
1,487
Views on SlideShare
1,468
Embed Views
19

Actions

Likes
0
Downloads
9
Comments
0

1 Embed 19

https://www.aandaupdate.com 19

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    SAS 117 Presentation SAS 117 Presentation Presentation Transcript

    • SAS 117 Compliance AuditsA&A UPDATESH. Kyle Anderson, CGMA, CMA, CPABill Ellis, CPAJohn Kunst, CPA
    • A & A Update and Review, Inc 6514 Dobbins Bridge Road Anderson, SC 29626 (864) 933-3815 Fax: (888) 411-7668 Website: www.aandaupdate.com E-mail: kyle@aandaupdate.com Skype: hkacpa
    • SAS 117 Compliance Audits Compliance Audits Supersedes SAS No. 74 Effective for periods ending on or after June 15, 2010A&A UPDATES H. Kyle Anderson, CMA, CPA
    • Objectives What are the audit requirements when Governmental agencies establish compliance requirements.  Authoritative guidance:  Governmental Auditing Standards (GAGAS)  Circular A-133, Audits of States, Local Governments & Non- Profit Entities  Generally Accepted Auditing Standards (GAAS)  Auditor’s professional responsibilities  Required procedures  Reporting requirementsA&A UPDATES H. Kyle Anderson, CMA, CPA
    • Objectives What are Management’s Responsibilities for:  Compliance requirements  Internal controls  Identifying & disclosing noncompliance  Providing written representations to auditorsA&A UPDATES H. Kyle Anderson, CMA, CPA
    • Objectives Review of Resources and updates available for:  Governmental Auditing Standards (GAGAS)  Circular A-133, Audits of States, Local Governments & Non-Profit Entities  Generally Accepted Auditing Standards (GAAS)A&A UPDATES H. Kyle Anderson, CMA, CPA
    • Update from Clarity Project released October 2011  SAS 117 was issued using Clarity project standards and is currently effective.  SAS 122, Statements on Auditing Standard:  Clarification and Recodification,  SAS 123, Omnibus Statement on Auditing Standards – 2011, Released October 2011 amends SAS 118.  The effective date for SAS 123 is for audits of financial statements for periods ending after 12/15/2012.A&A UPDATES H. Kyle Anderson, CMA, CPA
    • Update from Clarity Project released October 2011  SAS No. 117, Compliance Audits  Issued December 2009  Effective June 15, 2010.  Early Application permitted.  Currently AU 801 / New AU-C 935.A&A UPDATES H. Kyle Anderson, CMA, CPA
    • Reference Material to download for webinar  Today, we will cover material available on the AICPA website at: http://www.aicpa.org/Research/Standards/AuditAttest/Pages/SAS.aspx  Please download AU 801 prior to the start of the webinar.  The material covered will be referenced to the current AU section and the new Clarity Project section AU-C.  Office of Management and Budget at: http://www.whitehouse.gov/omb/circulars_default/  Please download OMB Circular A-133, Compliance Supplement 2011 (see bottom of page for complete download)  Government accountability Office at: http://www.gao.gov/yellowbook  Please download Government Auditing Standards, December 2011 Revision (GAO-12-331G)  Summary of Major changes  Listing of Technical ChangesA&A UPDATES H. Kyle Anderson, CMA, CPA
    • SAS 117 Compliance Audits Introduction and Applicability Auditor’s engaged or required by law to perform compliance audits in accordance with:  GAAS Generally Accepted Auditing Standards  GAGAS Governmental Auditing Standards  Governmental requires an auditor to express an opinion While all AU sections are applicable to financial statement audits, not all AU sections are applicable to Compliance Audits Effective Date Effective for fiscal periods ending on or before June 15, 2010 with early application permitted.A&A UPDATES H. Kyle Anderson, CMA, CPA AU 801.01 - .09 / AU-C 935.01 - .09
    • SAS 117 Compliance Audits Management’s Responsibilities Management should:  Identify and comply with compliance requirements  Establish and maintain internal controls  Evaluate and monitor compliance requirements  Take corrective actions for non-compliance Auditor’s Objectives  Obtain sufficient evidence to form an opinion on compliance with applicable compliance requirements  Identify required supplementary audit, reporting and performance proceduresA&A UPDATES H. Kyle Anderson, CMA, CPA AU 801.01 - .09 / AU-C 935.01 - .09
    • SAS 117 Definitions  Applicable compliance requirements. Requirements subject to a compliance audit.  Compliance audit. Program-specific or organization-wide audit of compliance with compliance requirements.  Compliance Requirements. Applicable laws, regulation, rules, contracts or grant agreements required for government programs.  Deficiency in internal control over compliance. Internal control design, operation or control deficiency that does not prevent, detect or correct noncompliance on a timely basis.A&A UPDATES H. Kyle Anderson, CMA, CPA AU 801.11 / AU-C 935.11
    • SAS 117 Definitions  Government Auditing Standards. Issued by Comptroller General of United States, U.S. Government Accountability Office. Known as Generally Accepted Government Auditing Standards (GAGAS) or the Yellow Book.  Material noncompliance. A failure to follow compliance requirements that results in material impact, individual or in the aggregate to the government program.  Material weakness in internal control over compliance. A deficiency where there is a reasonable possibility that material will not be prevented, detected and corrected on a timely basis. Reasonably possible: The chance is more than remote but less than likely. Remote: The chance is slight. Probable: The event or events are likely to occur.A&A UPDATES H. Kyle Anderson, CMA, CPA AU 801.11 / AU-C 935.11
    • SAS 117 Definitions  Program-specific audit. A compliance audit performed in conjunction with an audit of the entity’s or program’s financial statements.  Risk of material noncompliance. Two components of noncompliance existing prior to the audit:  Inherent risk of noncompliance. Susceptibility of noncompliance before considering related controls  Control risk of noncompliance. Risk noncompliance will not be prevented, detected, or corrected on a timely basis by internal controls  A significant deficiency in internal control over compliance is less severe but still warrants attention.A&A UPDATES H. Kyle Anderson, CMA, CPA AU 801.11 / AU-C 935.11
    • SAS 117 Auditor’s use of Professional Judgment Auditors should exercise professional judgment adapting AU sections for compliance audits:  Specific excluded sections are listed in AU 801.A41 / AU-C 935.A41  OMB and GAGAS contain additional guidanceA&A UPDATES H. Kyle Anderson, CMA, CPA AU 801.12 / AU-C 935.12
    • SAS 117 Establishing Materiality Levels Materiality levels are based on Governmental Audit requirements. Auditor should establish materiality levels to :  Determine risk assessment procedures  Assess risk of noncompliance  Determine further audit procedures  Evaluate compliance with requirements  Report noncompliance and other matters Management is responsible for identifying and complying with compliance requirements. AU 801.13 / AU-C 935.13A&A UPDATES H. Kyle Anderson, CMA, CPA AU 801.A6-A8 / AU-C 935.A6-A8
    • SAS 117 Identifying Government Programs and Applicable Compliance Requirements Management is responsible for identifying and complying with compliance requirements. Auditor is responsible for determining programs and compliance requirements to test Part 3, Circular A-133 Compliance Dated 12/2011 identifies 14 compliance requirements that should be considered in every Cir. A-133 Compliance audit: A—Activities allowed or not allowed B—Allowable costs/cost principles C—Cash management D—Davis-Bacon Act E—Eligibility AU 801.14 / AU-C 935.14 AU 801.A10-A10 / AU-C 935.A10- A10A&A UPDATES H. Kyle Anderson, CMA, CPA Circular A-133 Compliance Supplement, Part 3
    • SAS 117 Identifying Government Programs and Applicable Compliance Requirements Cir. A-133 14 compliance requirements continued: F—Equipment and real property management G—Matching, level of effort, earmarking H—Period of availability of federal funds I—Procurement and suspension and debarment J—Program income K—Real property acquisition and relocation assistance L—Reporting M—Sub recipient monitoring N—Special tests and provisions AU 801.14 / AU-C 935.14 AU 801.A10 - A11 / AU-C 935.A10 -A11A&A UPDATES H. Kyle Anderson, CMA, CPA Circular A-133 Compliance Supplement, Part 3
    • SAS 117 Identifying Government Programs and Applicable Compliance Requirements Additional procedures to assess requirements where guidance is not available:  Read laws, regulations, rules, contracts or grant agreements  Inquiry within entity  Inquiry outside the entity  Minutes of governing boards  Prior auditors AU 801.15-.17 / AU-C 935.15-.17A&A UPDATES H. Kyle Anderson, CMA, CPA AU 801.A12 - A18 / AU-C 935.A.12 –A18
    • SAS 117 Performing Risk Assessment Procedures The Auditor should:  Gain understanding of internal controls  Assess risk  Determine  Nature,  Timing, and  Extent of audit procedures  Inquire of prior findings, recommendations or reports and management’s response The auditor should assess risk of pervasive fraud or error in assessing risk of material noncompliance AU 801.15-.17 / AU-C 935.15-.17 AU 801.A12 - A18 / AU-C 935.A.12 –A18A&A UPDATES H. Kyle Anderson, CMA, CPA
    • SAS 117 Risk Assessment factors  Compliance Requirements  Newness, length of applicability and/or complexity  Judgment required for compliance  Nature  Entity’s services provided  Internal controls  Auditor’s knowledge  Control environment and activities  Design and implementation  Monitoring AU 801.15-.17 / AU-C 935.15-.17 AU 801.A12 - A18 / AU-C 935.A.12 –A18A&A UPDATES H. Kyle Anderson, CMA, CPA
    • SAS 117 Risk Assessment factors Prior years findings  Oversight by grantor or pass-through entities  Management’s response Risk related to noncompliance  Potential impact of noncompliance  Impact in financial statement audits  Entity’s financial condition  Entity’s recordkeeping Risk evaluation can be individual areas or in combination with other areas. AU 801.15-.17 / AU-C 935.15-.17 AU 801.A12 - A18 / AU-C 935.A.12 –A18A&A UPDATES H. Kyle Anderson, CMA, CPA
    • SAS 117 Further Audit Procedures in Response to Assessed Risk  Pervasive Risk of Noncompliance  Tests of details  Tests of transactions  Tests of controls if:  Risk assessment includes expectation of effectiveness of controls  Substantive procedures insufficient  Governmental requirement AU 801.18-.22 / AU-C 935.18-.22 AU 801.A19 – A27 / AU-C 935.A.19 –A27A&A UPDATES H. Kyle Anderson, CMA, CPA
    • SAS 117 Further Audit Procedures in Response to Assessed Risk  Relevant Guidance:  AU 318, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained in:  Response to risk of noncompliance  AU 350 Audit Sampling, AICPA Audit Guide Government Auditing Standards, and OMB Circular A-133 for:  Planning, designing and evaluating audit samples  Identifying major programs  Additional audit requirements supplementary to:  GAAS  GAGAS AU 801.18-.22 / AU-C 935.18-.22 AU 801.A19 – A27 / AU-C 935.A.19 –A27A&A UPDATES H. Kyle Anderson, CMA, CPA
    • SAS 117 Further Audit Procedures in Response to Assessed Risk  Compliance testing can utilize tests of details and transactions for:  Grants disbursements & expenditures  Eligibility files  Cost allocation plans  Reports filed with grantor agencies  Substantive Analytical procedures can be used in combination with tests of transactions and other audit procedures. AU 801.18-.22 / AU-C 935.18-.22 AU 801.A19 – A27 / AU-C 935.A.19 –A27A&A UPDATES H. Kyle Anderson, CMA, CPA
    • SAS 117 Written Management Representations: Written management representations should acknowledge responsibility for:  Compliance requirements  Compliance related internal controls  Identifying programs and activities subject to requirements  Providing all contracts and grant agreements and compliance documents for auditor  Disclosing all noncompliance issues, including grantors and pass-through entitiesA&A UPDATES H. Kyle Anderson, CMA, CPA AU 801.23 - .24 / AU-C 935.23 - .24
    • SAS 117 Written Management Representations: Written management representations should acknowledge responsibility for:  Belief of compliance with requirements  Interpretations of compliance requirements  Disclosure of corrective actions from prior engagements of compliance activities.  Disclosure of all known noncompliance issues subsequent to the audit report  Responsibility for corrective actions for noncompliance Additional guidance can be found at AU 333, Management Representations.A&A UPDATES H. Kyle Anderson, CMA, CPA AU 801.23 - .24 / AU-C 935.23 - .24
    • SAS 117 Subsequent Events: Subsequent events procedures should be performed up to the date of the report Subsequent event inquiry of managements should include:  Internal Auditor’s reports  Other auditors’, grantors and pass-through entities noncompliance issues  Other professional engagements noncompliance issues Auditors have No responsibility to perform audit procedure during subsequent events other than discussion with management or those in charge of governance.A&A UPDATES H. Kyle Anderson, CMA, CPA AU 801.25 - .27 / AU-C 935.25 - .27
    • SAS 117 Sufficiency and Appropriateness of Audit Evidence and Forming an Opinion Sufficiency and appropriateness is determined at the governmental level and should include:  Likely questioned costs  Material noncompliance issues  Frequency of noncompliance  Nature  Adequacy of monitoring system  Likelihood of noncompliance of a material likely questioned cost AU 801.28 - .29 / AU-C 935.28 - .29A&A UPDATES H. Kyle Anderson, CMA, CPA AU 801.A31 – A32 / AU-C 935.A31 – A32
    • SAS 117 Reporting: Additional GAGAS Standards GAGAS contains eight additional reporting standards different from GAAS as follows: 1. Reports should state the audit was performed in accordance with Generally Accepted Governmental Audit Standards 2. Auditors must report on internal control over financial reporting and compliance with laws, regulations, and provisions of contracts or grants when providing an opinion on financial statements. 3. In financial audits, auditors must report significant deficiencies and material weaknesses in internal controls, fraud and illegal acts, violations of provisions of contracts or grant agreements having a material impact on financial statementsA&A UPDATES H. Kyle Anderson, CMA, CPA AU 801.30 - .38 / AU-C 935.30 - .38
    • SAS 117 Reporting: Additional GAGAS Standards Additional GAGAS reporting standards different from GAAS: 4. An auditor may emphasize the following matters under GAGAS: 1) Significant concerns or uncertainties about fiscal sustainability that may have a material financial impact 2) Unusual or catastrophic events that will likely have a significant future financial impact 3) Significant uncertainties regarding projections or estimates in the financial statements 4) Other matters deemed significant to users and oversight bodies 5. Auditors are required to advise management to make appropriate disclosures and perform additional procedures for new information that materially impacts previously issued financial statementsA&A UPDATES H. Kyle Anderson, CMA, CPA AU 801.30 - .38 / AU-C 935.30 - .38
    • SAS 117 Reporting: Additional GAGAS Standards Additional GAGAS reporting standards different from GAAS: 6. Auditor must obtain a response from responsible officials regarding disclosures of deficiencies in internal control, fraud, illegal acts or contract and grant agreement violations 7. Information omitted from public disclosure must be noted with the reasons for omission in the auditor’s report 8. Report distribution is required to those charged with governance, officials, oversight bodies and organizations requiring or ordering the audit. Public accounting firms must clarify specific arrangements for distribution.A&A UPDATES H. Kyle Anderson, CMA, CPA AU 801.30 - .38 / AU-C 935.30 - .38
    • SAS 117 Reporting Examples: coverage in webinar Please go to Exhibits in AU 801.A42 / AU-C 935.A42 We will cover the Combined Report on Compliance and Internal Control Over Compliance because it contains all the provisions of section .30 for Compliance Only requirements as well as additional Internal Control Over Compliance requirements. I have separated those reporting requirements in the next slides for your reference. AU 801.30 / AU-C 935.30A&A UPDATES H. Kyle Anderson, CMA, CPA AU 801.A42 / AU-C 935.A42
    • SAS 117 Reporting Requirements: Compliance only report Auditors report should include:  Title with the word independent  Government programs covered by the compliance audit  Applicable compliance requirements  Period covered by the report  Management’s responsibility for compliance requirements  Auditors responsibility for opinion on the entitys compliance with the compliance requirements  Audit conducted in accordance with GAAS and GAGAS  Audit examined evidence on a test basis and other procedures the auditor considered necessaryA&A UPDATES H. Kyle Anderson, CMA, CPA AU 801.30 / AU-C 935.30
    • SAS 117 Reporting Requirements: Compliance only report Auditors report should include:  Auditor believes the audit provided a reasonable basis for opinion  Compliance audits do not provide a legal determination of the entitys compliance  Auditors opinion whether the entity materially complied with the compliance requirements  Description of noncompliance or a reference to a description of such noncompliance if:  Results in opinion modification  Required to be reported by the governmental audit requirements and does not result in opinion modificationA&A UPDATES H. Kyle Anderson, CMA, CPA AU 801.30 / AU-C 935.30
    • SAS 117 Reporting Requirements: Compliance only report Auditors report should include:  If Compliance evaluation criteria are established by contractual agreement or regulatory provisions solely for the parties to the agreement or regulatory agency or available only to specified parties.  Statement report intended solely for the information and use of specified parties, identification of specified parties, and report not intended to be used by anyone else  Auditor’s firm signature  Auditors report dateA&A UPDATES H. Kyle Anderson, CMA, CPA AU 801.30 / AU-C 935.30
    • SAS 117 Reporting Requirements: Combined Report on Compliance and Internal Control Over Compliance Additional requirements for combined reports:  Management’s responsibility for internal control over compliance with applicable laws, regulations, rules, contracts or grant agreements.  Auditor’s consideration of entity’s internal control in planning and performance of the audit to express an opinion on compliance but not to express an opinion on the effectiveness of internal control over compliance.  Auditor is not expressing an opinion on internal control over compliance.  Auditors consideration of the entitys internal control not designed to identify all deficiencies that might constitute significant or material weaknesses. AU 801.31 / AU-C 935.31A&A UPDATES H. Kyle Anderson, CMA, CPA AU 801.A42 / AU-C 935.A42
    • SAS 117 Reporting Requirements: Combined Report on Compliance and Internal Control Over Compliance Additional requirements for combined reports:  Definition of deficiency and material weakness in internal control over compliance.  A description or reference to schedule of any identified material weaknesses in internal control over compliance.  A description or reference to schedule of any significant deficiencies in internal control over compliance.  Statement that no material weaknesses in internal control were identified if none found.  Statement report intended solely for the information and use of specified parties, identification of specified parties, and report not intended to be used by anyone else . AU 801.31 / AU-C 935.31A&A UPDATES H. Kyle Anderson, CMA, CPA AU 801.A42 / AU-C 935.A42
    • SAS 117 Reporting Requirements: Separate Report on Internal Control Over Compliance Requirements in addition to AU 801.31 / AU-C 935.31 for Separate Report:  Title with the word independent  Governmental program and period audited  Signature  Date  Material noncompliance issues or scope limitations require report modifications  AU 508 Reports on Audited Financial Statements / AU-C 705, Modifications to the Opinion in the Independent Auditor’s Report  Scope limitations require  Qualification or disclaimer of opinion .A&A UPDATES H. Kyle Anderson, CMA, CPA AU 801.32 - .38 / AU-C 935.32 - .38
    • SAS 117 Reporting Requirements: Separate Report on Internal Control Over Compliance Requirements in addition to AU 801.31 / AU-C 935.31 for Separate Report: Significant or material weaknesses in internal controls over compliance require written notification by auditor regardless of governmental requirements  GAGAS requires response from responsible officials AU 801.32 - .38 / AU-C 935.32 - .38A&A UPDATES H. Kyle Anderson, CMA, CPA AU 801.A35 / AU-C 935.A35
    • SAS 117 Documentation Requirements Internal Control Over Compliance documents include:  Risk assessment procedures  Response to assessed risks  Testing procedures  Results  Materiality levels  How the auditor complied with governmental requirements supplemental to  GAAS  GAGASA&A UPDATES H. Kyle Anderson, CMA, CPA AU 801.39 - .42 / AU-C 935.39 - .42
    • SAS 117 Reissuance of Compliance Reports An explanatory paragraph should include:  Reasons for reissuance  Changes  Additional procedures, if any  Updated report date  Examples where report might be reissued  Quality review found applicable compliance requirement not tested  Subsequent discovery that a another program was required to be tested AU 801.432 / AU-C 935.43A&A UPDATES H. Kyle Anderson, CMA, CPA AU 801.A39 / AU-C 935.A39
    • SAS 117 Adapting and Applying the AU Sections to a Compliance Audit Auditors should use professional judgment in determining necessary and relevant audit procedures: Appendix A41 lists the AU sections and paragraphs that are not applicable to compliance auditsA&A UPDATES H. Kyle Anderson, CMA, CPA AU 801.A41 / AU-C 935.A41
    • SAS 117 2011 Government Auditing Standards Summary of Major Changes  Conceptual framework for independence added for auditors to assess independence  Specific references to personal, external, and organizational impairments and overarching independence principles removed and replaced with conceptual framework  New documentation requirements for auditor independence added  Nonaudit services that always impair independence but may be permitted under appropriate conditions revised  Auditors performing nonaudit services for entities they audit must assess & document management’s possession of suitable skill, knowledge, and experience to oversee services 2011 Government Auditing StandardsA&A UPDATES H. Kyle Anderson, CMA, CPA Summary of Major Changes
    • SAS 117 2011 Government Auditing Standards Summary of Major Changes  Examinations, reviews and agreed-upon procedure engagements now separately discussed.  SAS and SSAE requirements repeated in GAGAS removed  Fraud reporting only required if significant within the context of the audit objectives for performance audits. 2011 Government Auditing StandardsA&A UPDATES H. Kyle Anderson, CMA, CPA Summary of Major Changes
    • Reference Materials for webinar  Today, we will cover material available on the AICPA website at: http://www.aicpa.org/Research/Standards/AuditAttest/Pages/SAS.aspx  AU Section 801 / AU-C 935  The material covered was referenced to the current AU section and the new Clarity Project section AU-C.  Office of Management and Budget at: http://www.whitehouse.gov/omb/circulars_default/  OMB Circular A-133, Compliance Supplement 2011 (see bottom of page for complete download)  Government accountability Office at: http://www.gao.gov/yellowbook  Government Auditing Standards, December 2011 Revision (GAO- 12-331G)  Summary of Major changes  Listing of Technical ChangesA&A UPDATES H. Kyle Anderson, CMA, CPA
    • Thank you.A&A UPDATESH. Kyle Anderson, CMA, CPABill Ellis, CPAJohn Kunst, CPA