Audit Risk Alert E-Book

Notice to Readers

This Audit Risk Alert (alert) replaces Government Auditing Standards and Single Audit Developments—2016/2017.

This alert provides auditors who perform audits under Government Auditing Standards and Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, with an overview of recent industry, technical, regulatory, and professional developments that may affect the audits and other engagements they perform. As well, an entity's internal management can use this alert to address areas of audit concern.

This publication is an other auditing publication, as defined in AU-C section 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance With Generally Accepted Auditing Standards (AICPA, Professional Standards). Other auditing publications have no authoritative status; however, they may help the auditor understand and apply generally accepted auditing standards.

In applying the auditing guidance included in an other auditing publication, the auditor should, using professional judgment, assess the relevance and appropriateness of such guidance to the circumstances of the audit. The auditing guidance in this document has been reviewed by the AICPA Audit and Attest Standards staff and published by the AICPA and is presumed to be appropriate. This document has not been approved, disapproved, or otherwise acted on by a senior technical committee of the AICPA.

Recognition

Reviewers

Government Audit Quality Center Executive Committee Members

Erica Forhan, ChairpersonRon ConradMichael FritzBrittney WilliamsJeff Winter

Other ReviewersRalph DeAcetisJohn GoodTerry RamseyGeorge Rippey

AICPA StaffSusan M. ReedTechnical ManagerMember Learning and Competency

The AICPA gratefully acknowledges those members of the Auditing Standards Board and Governmental Audit Quality Center Executive Committee who helped identify the interest areas for inclusion in this alert.

Feedback

AICPA Audit Risk Alert Government Auditing Standards and Single Audit Developments is published annually. As you encounter audit or industry issues that you believe warrant discussion in next year's alert, please feel free to share them with us. Any other comments you have about the alert also would be appreciated. You may email these comments to [email protected].

Contents

Government Auditing Standards and Single Audit Developments—2017/18

How This Alert Helps You

Revision to Government Auditing Standards

Competence

Continuing Professional Education

Internal Control

Quality Control

Peer Review

Standards for Financial Audits

Attestation Engagements and Reviews of Financial Statements

Performance Audits

2017 OMB Compliance Supplement

Federal Agency and Other Activities

COFAR Disbanded

Federal Audit Clearinghouse

Student Financial Aid

U.S. Department of Health and Human Services (HHS)— Head Start

CIGIE Guides

GAO Study on Federal Agency Oversight of Federal Awards

Implementing Regulations of Federal Agencies

Uniform Guidance Effective Dates

Uniform Guidance Procurement Standards Grace Period Extended

Uniform Guidance Considerations for Auditees

Introduction

Auditee Requirements Related to Internal Control

Procurement Standards

Subrecipient Monitoring and Management

Subpart E—Indirect (F&A) Costs

Auditee Requirements in Subpart F

Performing the Uniform Guidance Compliance Audit

Internal Control in the Compliance Audit

Dual Purpose Testing

Schedule of Expenditures of Federal Awards

Major Program Determination Under the Uniform Guidance Determination of Type A Major Programs

Schedule of Findings and Questioned Costs

Audit Quality Study

What Can Auditors Do to Enhance Audit Quality?

Enhancing Audit Quality Initiative

Audit Deficiencies Found in Single Audits

Summary of Matters Found in Recent Peer Reviews

Audit and Attest Developments

Clarified Attestation Standards Effective

AICPA Competency and Learning Website

AICPA GAQC

AICPA Single Audit Certificate Programs

AICPA Not-for-Profit Initiatives

NFP Member Section

NFP Certificate Programs

On the Horizon

Federal Audit Clearinghouse Single Audit Pilot Project

Resource Central

Publications

Continuing Professional Education

Webcasts

Industry Conferences

Member Service Center

The Center for Plain English Accounting

AICPA Online Professional Library: Accounting and Auditing Literature

Financial Reporting Center of AICPA.org

AICPA Industry Expert Panels

Industry Websites

EULA

Guide

Cover

Table of Contents

Pages

C1

i

ii

iii

iv

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

How This Alert Helps You

.01 This Audit Risk Alert (alert) helps you plan and perform audits conducted in accordance with Government Auditing Standards(also known as the Yellow Book) and Title 2 U.S. Code of Federal Regulations(CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards(Uniform Guidance). Additionally, an entity's internal management can use this alert to address areas of audit concern. This alert provides information to assist you in achieving a more robust understanding of the requirements for performing a single audit, including issues that may be encountered as part of performing the compliance audit under the Uniform Guidance. This alert is an important tool to help you identify the significant risks that may affect the audit, and it delivers information about emerging practice issues and current auditing and regulatory developments as they relate to audits performed under Government Auditing Standards and Uniform Guidance requirements. For developing issues that may have a significant impact on single audits in the future, the “On the Horizon” section provides information on these topics.

.02 Single audits are a complex and evolving practice area. It is an area that requires you, the auditor, to keep up to date throughout the year with developments that affect the single audits performed. This includes not only the audit requirements related to single audits, but also agency policies and requirements related to federal awards and other related developments. This alert is a good resource for the following:

To help you assess whether you are appropriately applying

Government Auditing Standards

and the Uniform Guidance requirements in your single audits

To assist you in proper implementation of the guidance

To assist you in keeping up with developments related to single audits

.03 Use this alert in conjunction with AICPA Audit Risk Alert General Accounting and Auditing Developments—2017/18, which explains important issues that affect all entities in all industries in the current economic climate. In addition, you may want to use this alert in conjunction with AICPA Audit Risk Alert Not-for-Profit Entities Industry Developments—2017. You should refer to the full text of accounting and auditing pronouncements as well as the full text of any rules or publications that this alert discusses.

.04 In an audit performed under generally accepted auditing standards (GAAS) and Government Auditing Standards, it is essential that you understand the meaning of audit risk and the interaction of audit risk with the objective of obtaining sufficient appropriate audit evidence. Auditors obtain audit evidence to draw reasonable conclusions on which to base their opinion on compliance by performing the following:

Risk assessment procedures

Further audit procedures that comprise

— tests of controls, when required by GAAS,

Government Auditing Standards

, regulation (such as the Uniform Guidance), or when the auditor has chosen to do so

— substantive audit procedures performed to gather evidence related to the opinion on compliance that include tests of details and analytical procedures

.05 You should develop an audit plan that includes, among other things, the nature and extent of planned risk assessment procedures as determined under AU-C section 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement(AICPA, Professional Standards). AU-C section 315 defines risk assessment procedures as “the audit procedures performed to obtain an understanding of the entity and its environment, including the entity's internal control, to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and relevant assertion levels.” As part of obtaining the required understanding of the entity and its environment, paragraph .12 of AU-C section 315 states that the auditor should obtain an understanding of the industry, regulatory, and other external factors, including the applicable financial reporting framework, relevant to the entity. This alert assists the auditor with this aspect of the risk assessment procedures and further expands the auditor's understanding of other important considerations relevant to the audit.

.06 In an audit performed under GAAS and Government Auditing Standards, risk assessment procedures should be performed for all aspects of the audit. They are performed as part of the audit of the financial statements and to address the additional reporting required under Government Auditing Standards. Furthermore, AU-C section 935, Compliance Audits(AICPA, Professional Standards), provides guidance and requirements regarding risk assessment in compliance audits. In applying AU-C section 935 to a Uniform Guidance compliance audit, the auditor should perform risk assessment procedures for each of the major programs to obtain a sufficient understanding of the direct and material compliance requirements and the entity's internal control over compliance with those direct and material compliance requirements. This understanding establishes a frame of reference within which the auditor plans the compliance audit and exercises professional judgment about assessing risks of material noncompliance and responding to those risks throughout the compliance audit.

.07 This alert does not include all information that may be important or relevant to a single audit and is not intended to be a complete listing of auditor considerations regarding the requirements when planning and performing a compliance audit under the Uniform Guidance. Instead, this alert highlights some key points or areas of significant change for the auditor to consider.

Emphasis Point

The links to websites in this document were valid as of the publication date. However, in recent months some of the content related to government regulations have been moved from historical locations, and some websites have been reorganized. A web search will assist in providing the new location for any links no longer valid.

Revision to Government Auditing Standards

.08 On April 5, 2017, the Government Accountability Office (GAO) issued Government Auditing Standards, 2017 Exposure Draft(2017 exposure draft) with proposed revisions to Government Auditing Standards, 2011 Revision(2011 revision). The proposed revisions are intended to reinforce the principles of transparency and accountability and provide the framework for high-quality government audits. Comments were due to the GAO by July 6, 2017.

.09