Government auditing standards and single audits 2019
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (4.18 MB, 512 trang )
Audit Guide
Government Auditing Standards and
Single Audits
March 1, 2019
1811-5988
© 2019 by
American Institute of Certified Public Accountants. All rights reserved.
For information about the procedure for requesting permission to make copies of
any part of this work, please email with your
request. Otherwise, requests should be written and mailed to Permissions Department,
220 Leigh Farm Road, Durham, NC 27707-8110 USA.
1 2 3 4 5 6 7 8 9 0 AAP 1 9
ISBN 978-1-94830-676-8
iii
Preface
(Updated as of March 1, 2019)
About AICPA Guides
This AICPA Guide presents guidance for the audits of financial statements conducted in accordance with Government Auditing Standards, 2011 Revision (also
referred to as the Yellow Book), issued by the Comptroller General of the United
States of the U.S. Government Accountability Office. It also presents the recommendations of the AICPA Single Audit Working Group for the conduct of audits
in accordance with the Single Audit Act and Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles,
and Audit Requirements for Federal Awards (Uniform Guidance).
An AICPA Guide containing auditing guidance related to generally accepted
auditing standards (GAAS) is recognized as an interpretive publication as
defined in AU-C section 200, Overall Objectives of the Independent Auditor
and the Conduct of an Audit in Accordance With Generally Accepted Auditing
Standards.1 Interpretive publications are recommendations on the application
of GAAS in specific circumstances, including engagements for entities in specialized industries.
Interpretive publications are issued under the authority of the AICPA Auditing
Standards Board (ASB) after all ASB members have been provided an opportunity to consider and comment on whether the proposed interpretive publication is consistent with GAAS. The members of the ASB have found the auditing
guidance in this guide to be consistent with existing GAAS.
Although interpretive publications are not auditing standards, AU-C section
200 requires the auditor to consider applicable interpretive publications in
planning and performing the audit because interpretive publications are relevant to the proper application of GAAS in specific circumstances. If the auditor
does not apply the auditing guidance in an applicable interpretive publication,
the auditor should document how the requirements of GAAS were complied
with in the circumstances addressed by such auditing guidance.
Throughout this guide, when appropriate, reference is made to Technical Questions and Answers (Q&A). Q&A sections are other auditing publications. AU-C
section 200 indicates that in applying the auditing guidance included in an
other auditing publication, the auditor should, exercising professional judgment, assess the relevance and appropriateness of such guidance to the circumstances of the audit. Other auditing publications have no authoritative
status; however, they may help the auditor understand and apply GAAS. The
auditor is not expected to be aware of the full body of other auditing publications. Although the auditor determines the relevance of these publications in
accordance with AU-C section 200, paragraph .28, the auditor may presume
that other auditing publications published by the AICPA that have been reviewed by the AICPA Audit and Attest Standards staff are appropriate. These
other auditing publications are listed in AU-C appendix F, Other Auditing
Publications.
1
All AU-C sections can be found in AICPA Professional Standards.
©2019, AICPA
AAG-GAS
iv
The ASB is the designated senior committee of the AICPA authorized to speak
for the AICPA on all matters related to auditing. Conforming changes made to
the auditing guidance contained in this guide are approved by the ASB chair (or
his or her designee) and the Director of the AICPA Audit and Attest Standards
staff. Updates made to the auditing guidance in this guide exceeding that of
conforming changes are issued after all ASB members have been provided an
opportunity to consider and comment on whether the guide is consistent with
existing GAAS.
Any auditing guidance in a guide appendix or chapter appendix in a guide, or
in an exhibit, while not authoritative, is considered an "other auditing publication." In applying such guidance, the auditor should, exercising professional
judgment, assess the relevance and appropriateness of such guidance to the
circumstances of the audit. Although the auditor determines the relevance of
other auditing guidance, auditing guidance in a guide appendix or exhibit has
been reviewed by the AICPA Audit and Attest Standards staff and the auditor
may presume that it is appropriate.
An AICPA Guide containing attestation guidance is recognized as an interpretive publication as defined in AT-C section 105, Concepts Common to All
Attestation Engagements.2 Interpretive publications are recommendations on
the application of the Statements on Standards for Attestation Engagements
(SSAEs) in specific circumstances, including engagements for entities in specialized industries. Interpretive publications are issued under the authority of
the ASB. The members of the ASB have found the attestation guidance in this
guide to be consistent with existing SSAEs.
A practitioner should be aware of and consider the guidance in this AICPA
Guide applicable to his or her attestation engagement. If the practitioner
does not apply the attestation guidance included in an applicable interpretive publication, the practitioner should document how the requirements of the
SSAE were complied with in the circumstances addressed by such attestation
guidance.
Any attestation guidance in a guide appendix or chapter appendix in a guide, or
in an exhibit, while not authoritative, is considered an "other attestation publication." In applying such guidance, the practitioner should, exercising professional judgment, assess the relevance and appropriateness of such guidance
to the circumstances of the engagement. Although the practitioner determines
the relevance of other attestation guidance, such guidance in a guide appendix
or exhibit has been reviewed by the AICPA Audit and Attest Standards staff
and the practitioner may presume that it is appropriate.
The ASB and the AICPA Accounting and Review Services Committee (ARSC)
are the designated senior committees of the AICPA authorized to speak for the
AICPA on all matters related to attestation. Conforming changes made to the
attestation guidance contained in this guide are approved by the ASB chair (or
his or her designee) and the Director of the AICPA Audit and Attest Standards
staff. Updates made to the attestation guidance in this guide exceeding that of
conforming changes are issued after all ASB members have been provided an
opportunity to consider and comment on whether the guide is consistent with
the SSAEs.
AICPA Guides may include certain content presented as "Supplement," "Appendix," or "Exhibit." A supplement is a reproduction, in whole or in part, of
2
All AT-C sections can be found in AICPA Professional Standards.
AAG-GAS
©2019, AICPA
v
authoritative guidance originally issued by a standard setting body (including regulatory bodies) and applicable to entities or engagements within the
purview of that standard setter, independent of the authoritative status of the
applicable AICPA Guide. Both appendixes and exhibits are included for informational purposes and have no authoritative status.
Purpose and Applicability
This guide provides guidance (chapters 1–4) on the auditor's responsibilities
when conducting an audit of financial statements in accordance with Government Auditing Standards. This guide has been prepared using the Government
Auditing Standards, 2011 Revision.
Financial statement audits of state and local governments are often required
to be performed in accordance with Government Auditing Standards because
they are subject to the Uniform Guidance, or because state and local laws and
regulations require it. Because an audit of a government's financial statements
under the provisions of the AICPA Audit and Accounting Guide State and Local Governments is based on opinion units, the auditor's consideration of items,
such as materiality and internal control over financial reporting, in planning,
performing, evaluating the results of, and reporting on the audit of a government's basic financial statements, should address each opinion unit. This guide
does not provide specific guidance related to auditing state and local governmental entities in accordance with GAAS; however, the concept of opinion units
should be considered when applying the guidance in chapters 1–4 of this guide
to the financial statement audit of an entity subject to the provisions of Audit
and Accounting Guide State and Local Governments. See that guide for information on performing a GAAS audit of a governmental entity.
Concerning an audit of financial statements in accordance with Government
Auditing Standards, this guide
•
•
•
•
•
describes the applicability of Government Auditing Standards.
discusses the relationship between GAAS and Government Auditing Standards.
discusses the standards and guidance found in chapters 1–4 of
Government Auditing Standards, with an emphasis on the standards for financial audits.
describes the auditor's responsibility for considering internal control over financial reporting, compliance with applicable federal statutes, regulations, and provisions of contracts and grants
agreements, fraud, and abuse.
describes the auditor's responsibility for reporting and other communications and provides examples of the required auditor's
reports.
It also provides guidance (chapters 1 and chapters 5–14) on the auditor's responsibilities when conducting a single audit or program-specific audit in accordance with the Single Audit Act and the Uniform Guidance. This guide was
originally issued as Statement of Position (SOP) 98-3, Audits of States, Local
Governments, and Not-for-Profit Organizations Receiving Federal Awards, in
March 1998 and updated annually for conforming changes for relevant guidance contained in authoritative auditing standards and other requirements.
The AICPA converted SOP 98-3 into an audit guide in 2003. That conversion
©2019, AICPA
AAG-GAS
vi
did not supersede the guidance that appeared in SOP 98-3 but only changed its
format.
Concerning an audit of federal awards in accordance with the Uniform
Guidance,3 this guide
•
•
•
describes the applicability of and provides an overview of the requirements of the Single Audit Act and the Uniform Guidance.
•
discusses considerations in designing an audit approach that includes audit sampling to achieve both compliance and internal
control over compliance related audit objectives in a compliance
audit performed under the Uniform Guidance.
•
•
•
describes the auditor's responsibilities in a program-specific audit.
discusses the relationship between Government Auditing Standards and the Uniform Guidance.
describes the auditor's additional responsibilities for considering
internal control over compliance with direct and material compliance requirements; performing tests of compliance with those
requirements; and performing procedures on the schedule of expenditures of federal awards.
describes the auditor's responsibility for reporting and provides
examples of the required auditor's reports.
provides guidance on applying GAAS in a Uniform Guidance compliance audit and adapts that guidance, as appropriate, to the objectives of that compliance audit.4
Recognition
2019 Guide Edition
AICPA Senior Committee
Auditing Standards Board
Marcia Marien, ASB Member
Michael J. Santay, Chair
The AICPA gratefully acknowledges those members of the AICPA Governmental Audit Quality Center (GAQC) Executive Committee, who reviewed or otherwise contributed to the development of this edition of the guide: Ronald Conrad,
Christina Dutch, Michael Fritz, John Good, Amanda Nelson, Lindsey Oakley,
3 In this guide, the use of the phrases single audit or audit in accordance with the Uniform
Guidance includes both the financial statement audit and the compliance audit that is performed
under Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements,
Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). The use of the term
Uniform Guidance compliance audit includes only the compliance audit that is performed under the
Uniform Guidance audit requirements.
4 AU-C section 935, Compliance Audits, states that when performing a compliance audit, the
auditor, using professional judgment, should adapt and apply the AU-C sections to the objectives of a
compliance audit, except for the AU-C sections listed in the appendix, "AU-C Sections That Are Not
Applicable to Compliance Audits," of AU-C section 935. This appendix notes that the AU-C sections
identified as not applicable to a compliance audit are identified as such either because (a) they are not
relevant to a compliance audit environment, (b) the procedures and guidance would not contribute
to meeting the objectives of a compliance audit, or (c) the subject matter is specifically covered in
paragraph .12 of AU-C section 935. Part II of this audit guide includes the appropriate AU-C sections
as adapted for a Uniform Guidance compliance audit.
AAG-GAS
©2019, AICPA
vii
Brittney Williams, Jeff Winter, and the chair of the Executive Committee, Erica
Forhan. In addition, the AICPA gratefully acknowledges others who have contributed to the development of this edition: Paul Chobanian, Kelly Chamberlin,
and Ralph DeAcetis.
AICPA Staff
Susan Reed
Manager
Product Management & Development — Public Accounting
Teresa Bordeaux
Lead Manager
Governmental Auditing and Accounting
Guidance Considered in This Edition
This edition of the guide has been modified by AICPA staff to include certain changes necessary due to the issuance of authoritative guidance since the
guide was originally issued and other revisions as deemed appropriate. Relevant guidance issued through March 1, 2019, has been considered in the development of this edition of the guide. However, this guide does not include all
audit, reporting, and other requirements applicable to an entity or a particular
engagement. This guide is intended to be used in conjunction with all applicable
sources of relevant guidance.
Relevant guidance that is issued and effective on or before March 1, 2019, is
incorporated directly in the text of this guide. Relevant guidance issued but
becoming effective on or before June 30, 2019, is also presented directly in the
text of the guide, but shaded gray and accompanied by a footnote indicating the
effective date of the new guidance. The distinct presentation of this content is
intended to aid the reader in differentiating content that may not be effective
for the reader's purposes (as part of the guide's "dual guidance" treatment of
applicable new guidance).
Relevant guidance issued but not yet effective as of the date of the guide and
not becoming effective until after June 30, 2019, is referenced in a "guidance
update" box; that is, a box that contains summary information on the guidance
issued but not yet effective.
In updating this guide, all guidance issued up to and including the following
was considered, but not necessarily incorporated, as determined based on applicability:
•
•
•
•
•
•
•
Statement on Auditing Standards No. 133, Auditor Involvement
With Exempt Offering Documents (AU-C sec. 945)
Interpretations issued (or reissued) through March 1, 2019
The Single Audit Act Amendments of 19965
Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards
Government Auditing Standards, 2011 Revision
Government Auditing Standards, 2018 Revision6
Frequently Asked Questions for the Office of Management and
Budget's Uniform Administrative Requirements, Cost Principles,
and Audit Requirements for Federal Awards At 2 CFR 200, issued
up through March 1, 2019
©2019, AICPA
AAG-GAS
viii
Users of this guide should consider guidance issued subsequent to those items
listed previously to determine their effect, if any, on entities covered by this
guide. In determining the applicability of recently issued guidance, its effective
date should also be considered.
The changes made to this edition of the guide are identified in the Schedule
of Changes (appendix B). The changes do not include all those that might be
considered necessary if the guide was subjected to a comprehensive review and
revision.
Terms Used to Define Professional Requirements in
This AICPA Guide
Any requirements described in this guide are normally referenced to the applicable standards or regulations from which they are derived. Generally the
terms used in this guide describing the professional requirements of the referenced standard setter (for example, the ASB) are the same as those used in the
applicable standards or regulations (for example, must or should).
The Uniform Guidance use of terms to define professional requirements is
somewhat different than the use of these terms in GAAS and Government
Auditing Standards. The use of the term must in the Uniform Guidance indicates a requirement. This is consistent with the use of the term must in GAAS
and Government Auditing Standards. The use of the term should in the Uniform Guidance indicates a best practice or recommended approach. However,
GAAS and Government Auditing Standards use the term should to indicate a
presumptively mandatory requirement. An auditor must comply with a presumptively mandatory requirement in all cases in which such a requirement is
relevant, except in rare circumstances. In this guide, the term should, when
italicized and bolded, indicates a best practice or recommended approach in the
Uniform Guidance. This is intended to differentiate it from the term "should"
used throughout the guide to refer to presumptively mandatory requirements
in GAAS and Government Auditing Standards.
Readers should refer to the applicable standards and regulations for more information on the requirements imposed by the use of the various terms used
to define professional requirements in the context of the standards and regulations in which they appear.
Certain exceptions apply to these general rules, particularly in those circumstances when the guide describes prevailing or preferred industry practices for
the application of a standard or regulation. In these circumstances, the applicable senior committee responsible for reviewing the guide's content believes
the guidance contained herein is appropriate for the circumstances.
Applicability of Quality Control Standards
QC section 10, A Firm's System of Quality Control,7 addresses a CPA firm's
responsibilities for its system of quality control for its accounting and auditing
5
This guide uses the term Single Audit Act when referencing this legislation.
These standards have not been incorporated into this edition of the guide due to the effective date provisions. They will be incorporated into the 2020 edition of this guide. See a summary of
revisions found in Government Auditing Standards, 2018 Revision located later in this preface.
7 The QC sections can be found in AICPA Professional Standards.
6
AAG-GAS
©2019, AICPA
ix
practice. A system of quality control consists of policies that a firm establishes
and maintains to provide it with reasonable assurance that the firm and its
personnel comply with professional standards, as well as applicable legal and
regulatory requirements. The policies also provide the firm with reasonable
assurance that reports issued by the firm are appropriate in the circumstances.
QC section 10 applies to all CPA firms with respect to engagements in their
accounting and auditing practice. In paragraph .13 of QC section 10, an accounting and auditing practice is defined as "a practice that performs engagements covered by this section, which are audit, attestation, compilation, review, and any other services for which standards have been promulgated by
the ASB or the ARSC under the "General Standards Rule" (ET sec. 1.300.001)8
or the "Compliance With Standards Rule" (ET sec. 1.310.001) of the AICPA
Code of Professional Conduct. Although standards for other engagements may
be promulgated by other AICPA technical committees, engagements performed
in accordance with those standards are not encompassed in the definition of an
accounting and auditing practice."
In addition to the provisions of QC section 10, readers should be aware of other
sections within AICPA Professional Standards that address quality control considerations, including the following provisions that address engagement level
quality control matters for various types of engagements that an accounting
and auditing practice might perform:
•
•
•
AU-C section 220, Quality Control for an Engagement Conducted
in Accordance With Generally Accepted Auditing Standards
AT-C section 105
AR-C section 60, General Principles for Engagements Performed
in Accordance With Statements on Standards for Accounting and
Review Services9
Because of the importance of engagement quality, this guide includes appendix
A, "Overview of Statements on Quality Control Standards," which summarizes
key aspects of the quality control standard. This summarization should be
read in conjunction with QC section 10, AU-C section 220, AT-C section 105,
AR-C section 60, and the quality control standards issued by the PCAOB, as
applicable.
AICPA.org Website
The AICPA encourages you to visit its website at aicpa.org and the Financial
Reporting Center at www.aicpa.org/frc. The Financial Reporting Center supports members in the execution of high-quality financial reporting. Whether
you are a financial statement preparer or a member in public practice, this
center provides exclusive member-only resources for the entire financial reporting process, and provides timely and relevant news, guidance, and examples supporting the financial reporting process. Another important focus of the
Financial Reporting Center is keeping those in public practice up to date on
issues pertaining to preparation, compilation, review, audit, attestation, assurance and advisory engagements. Certain content on the AICPA's website referenced in this guide may be restricted to AICPA members only.
8
9
All ET sections can be found in AICPA Professional Standards.
All AR-C sections can be found in AICPA Professional Standards.
©2019, AICPA
AAG-GAS
x
Risk Assessment — AICPA Enhancing Audit Quality (EAQ)
Areas of Focus
Identifying, assessing, and responding to risks of material misstatement are
the core of every audit. However, there is evidence that a high percentage of
audit engagements do not reflect proper assessment of risk or linkage of the assessment to planned further audit procedures in accordance with AU-C section
315, Understanding the Entity and Its Environment and Assessing the Risks of
Material Misstatement, and AU-C section 330, Performing Audit Procedures in
Response to Assessed Risks and Evaluating the Audit Evidence Obtained.
In connection with its EAQ initiative, the AICPA has developed a webpage dedicated to risk assessment resources intended to help auditors perform more effective risk assessment and appropriately link the risk assessment to further
audit procedures in compliance with professional standards. Certain resources
are available at no cost, including a risk assessment template, an internal inspection aid, and staff training workshop. These and other current risk assessment resources can be accessed at www.aicpa.org/content/aicpa/eaq/aicpa-riskassessment-resources.html.
Governmental Audit Quality Center
The GAQC is a voluntary membership center for CPA firms and state audit
organizations designed to improve the quality and value of governmental audits. For the purposes of the GAQC, governmental audits are performed under
Government Auditing Standards and are audits and attestation engagements
of federal, state, or local governments; not-for-profit entities; and certain forprofit organizations, such as housing projects and colleges and universities that
participate in governmental programs or receive governmental financial assistance. The GAQC keeps members informed about the latest developments and
provides them with tools and information to help them better manage their
audit practice. Certain content on the GAQC's website referenced in this guide
may be restricted to GAQC members only.
An Auditee Resource Center, open to the public, is also available on the GAQC
website and provides information, practice aids, tools, and other resources that
is of interest and benefit to auditees undergoing an audit performed under
Government Auditing Standards.
For more information about the GAQC, visit the GAQC website at www.aicpa
.org/interestareas/governmentalauditquality.html.
Select Recent Developments Significant to This Guide
Government Auditing Standards, 2018 Revision
The effective date of Government Auditing Standards, 2018 Revision (2018 revision) is for financial audits, attestation engagements, and reviews of financial
statements for periods ending on or after June 30, 2020, and for performance
audits beginning on or after July 1, 2019. Therefore, the first full fiscal year
that financial audits will be performed under the 2018 revision will be for June
30, 2020, year ends. Due to this effective date, the 2018 revision has not been
incorporated into this guide. However, update boxes and note boxes have been
AAG-GAS
©2019, AICPA
xi
included in various places of the guide reminding auditors of important considerations relating to upcoming changes, particularly as it relates to the auditor
independence requirements that may need to be considered earlier.
Some of the more significant areas of change found in the 2018 revision include
the following:
•
•
•
•
•
Format and organization
Independence
Continuing professional education (CPE)
Peer review
Waste and abuse
Format and organization. The 2018 revision presents all requirements
within a box, with related application guidance following. Furthermore, content has been reorganized resulting in the addition of two new chapters.
Independence. This area has the most significant changes, particularly as it
relates to the performance of nonaudit services. For example, the 2018 revision now states directly that auditors should conclude that preparing financial
statements in their entirety from a client provided trial balance or underlying
accounting records creates significant threats to an auditor's independence. For
this type of nonaudit service, auditors should document the threats and safeguards applied to eliminate and reduce threats to an acceptable level or decline
to perform the service.
The 2018 revision also states that auditors should identify as threats to independence certain other services related to preparing accounting records and
financial statements. Included in this list are
•
•
•
•
recording transactions for which management has determined or
approved the appropriate account classification, or posting coded
transaction to an audited entity's ledger;
preparing certain line items or sections of the financial statements
based on information in the trial balance;
posting entries that an audited entity's management has approved to the entity's trial balance; and
preparing account reconciliations that identify reconciling items
for the audited entity management's evaluation.
When performing these types of services, auditors should evaluate the significance of threats to independence and the 2018 revision adds a new requirement
for auditors to document the evaluation of the significance of such threats. If
significant, the documentation should include a description of the safeguards
applied to reduce any significant threat(s) to an acceptable level. Previously,
the auditor would only have been required to document the threats and related
safeguards for these nonaudit services when deemed significant.
It is important for auditors to understand the independence changes prior to
the June 30, 2020, effective date because the auditor is required to be independent from an audited entity during any period of time that falls within the
period covered by the financial statements or subject matter of the engagement
and the period of professional engagement. As a result, for an audit performed
of a fiscal year ending June 30, 2020, the auditor is required to comply with the
independence standards found in the 2018 revision. In some instances, nonaudit services provided by the auditor to the audited entity prior to June 30, 2020,
©2019, AICPA
AAG-GAS
xii
may affect the auditor's independence with respect to the subsequent financial
audit conducted under the 2018 revision. In such cases, auditors use professional judgment to comply with the applicable version of the standards.
CPE. The application guidance for CPE emphasizes the need to obtain CPE
related to Government Auditing Standards, particularly in a year where the
standards have been revised. In addition, certain guidance found in GAO's 2005
document "Guidance on GAGAS Requirements for Continuing Professional Education," has been incorporated as application guidance in the 2018 revision.
Upon the effective date of the 2018 revision, the 2005 CPE document will be
superseded.
Peer review. The content related to peer review has been expanded and includes a listing of recognized peer review organizations. The 2018 revision notes
that audit organizations affiliated with a recognized peer review organization
should comply with their requirements and certain other requirements found
in the 2018 revision.
Waste and abuse. The 2011 revision of Government Auditing Standards included auditor requirements related to abuse. The 2018 revision transitions the
previous discussion of abuse, along with a new concept of waste, to application
guidance related to findings. That guidance discusses how evaluating internal
control in a government environment may also include considering internal
control deficiencies that result in waste or abuse.
Uniform Guidance
In December 2013, the Office of Management and Budget (OMB) issued
the Uniform Guidance,10 which establishes uniform cost principles and audit requirements for federal awards to nonfederal entities and administrative requirements for all federal grants and cooperative agreements. Once the
administrative requirements and cost principles of the Uniform Guidance are
effective for all federal awards to nonfederal entities, the previous OMB guidance and requirements related to administrative requirements and cost principles will be superseded. Note that the cost principles for hospitals have not
yet been incorporated into the Uniform Guidance.
The Chief Financial Officers Council website, contains a number of documents to help nonfederal entities implement the Uniform Guidance. One such document, "Frequently Asked
Questions," provides information regarding a number of areas in the Uniform Guidance. The OMB Compliance Supplement states that these frequently
asked questions (FAQs) are meant to provide additional context, background,
and clarification of the policies described in 2 CFR Part 200 and should be considered in the single audit work plan and reviews. The FAQs are available at
/>It is important that auditors access the most current version of the Uniform
Guidance to ensure that any technical corrections and other revisions are included. The most up-to-date version of the Uniform Guidance is available in
the Electronic Code of Federal Regulations (e-CFR) located at Title 2—Grants
and Agreements, Chapter II (Parts 200–299).
This guide contains guidance and requirements regarding the compliance audit
part of a single audit as found in the Uniform Guidance. The guide includes
10 Some content in this guide refers to a specific section (or paragraph number) in the Uniform
Guidance. An example of such section reference is 2 CFR 200.518.
AAG-GAS
©2019, AICPA
xiii
technical corrections issued up through the date of this guide, that is, March 1,
2019. The chapters related to a Uniform Guidance compliance audit are located
in part II of this guide.
OMB Compliance Supplement
The 2019 Compliance Supplement (2019 Supplement) was not finalized at the
time this guide was submitted for publication. Upon its issuance, it will be effective for single audits of fiscal years beginning after June 30, 2018. Because
of the Supplement's timing, this guide was not able to be updated to reflect
any needed revisions resulting from the 2019 Supplement. However, auditors
should watch closely for the 2019 Supplement's issuance since it is expected to
include many more significant changes than is usual. For example, as of the
date of this guide, OMB was considering the following:
•
A new requirement that federal agencies limit the compliance requirements subject to audit for all federal programs included in
the 2019 Supplement to 6 of the 12 types of compliance requirements (although it is likely that agencies will be able to consider
A, Activities Allowed or Unallowed, and B, Allowable Costs/Cost
Principles, as one requirement for this purpose). This will result in
significant changes to the Supplement's Part 2, Matrix of Compliance Requirements, and potentially the definition of "Y" and "N"
in the matrix.
•
•
•
More significant program revisions that normal, including revisions to the Student Financial Assistance program.
Clarifications around procurement related to the micro-purchase
and simplified acqistion thresholds.
An expansion of Part 6, Internal Control, to more closely align it
with how auditors consider internal control and to provide more
illustrative controls. Appendices that include illustrations of
entity-wide internal controls over federal awards and internal
controls specific to each type of compliance requirement will likely
be included.
Users of the guide should refer to the final 2019 Supplement for the relevant
information needed in performing compliance audits. Additionally, the GAQC
is closely monitoring activity surrounding the Supplement and the GAQC website, referred to previously, will also be a source of updates for auditors to refer
to. A final caution is that the AICPA is currently considering whether the illustrative auditor's reports, contained in chapter 13, "Auditor Reporting Requirements and Other Communication Considerations in a Single Audit," of this
guide, need revision if OMB changes the way auditors determine the compliance requirements to be tested due to the six-requirement mandate described
previously. Again, the GAQC and its website will communicate any developments in this regard once a firmer direction is known.
Finally, auditors performing single audits subject to the 2018 Compliance
Supplement are reminded that it was issued in a different format than previous annual updates to the Supplement and required auditors to use the 2017
Compliance Supplement in conjunction with the 2018 revisions. GAQC has
provided content on its website, available to all, that provides individual sections of the 2018 Compliance Supplement along with other content that allows
the auditor to more easily use the 2017 and 2018 Compliance Supplements
©2019, AICPA
AAG-GAS
xiv
in conjunction with each other. This tool is available at />interestareas/governmentalauditquality/resources/singleaudit/2018-ombcompliance-supplement.html.
Other Considerations Related to a Uniform Guidance
Compliance Audit
The data collection form (Form SF-SAC) and related Federal Audit Clearinghouse requirements are updated every three years. At the time this guide was
submitted to publication, the final revised data collection form to be used for
audits covering fiscal periods ending in 2019, 2020, and 2021 audits had not
yet been released. Therefore, any changes related to that revision are not reflected in guide content. Auditors should watch for the issuance of the form and
take note of changes to the information required to be submitted and related
revisions to the submission process. Auditors are also cautioned to use the form
that is applicable for the year being audited.
In addition, auditors need to ensure that practice aids and other documents
used as part of the Uniform Guidance compliance audit have been appropriately updated and note that any outdated practice aids or other documents
used as part of the audit may not provide appropriate audit evidence for the
audit.
AAG-GAS
©2019, AICPA
Table of Contents
xv
TABLE OF CONTENTS
Chapter
1
2
3
Paragraph
Introduction and Overview of Government Auditing Standards
Purpose and Applicability of This Guide . . . . . . . . . . . . . . . . . . . . .
Overview of Government Auditing Standards . . . . . . . . . . . . . . . .
Applicability of Government Auditing Standards . . . . . . . . . . .
Additional Requirements of Government Auditing
Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Use of Terminology to Define Government Auditing
Standards Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Government Auditing Standards — Ethical Principles and General
Standards
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Government Auditing Standards — Ethical Principles . . . . . . . .
Government Auditing Standards — General Standards . . . . . .
Independence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Professional Judgment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Competence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Quality Control and Assurance . . . . . . . . . . . . . . . . . . . . . . . . . . .
External Peer Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Appendix — Government Auditing Standards Conceptual
Framework for Independence . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Planning and Performing a Financial Statement Audit in
Accordance With Government Auditing Standards
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Agreeing Upon the Terms of the Engagement With
Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Planning the Audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Communications With Other Entities . . . . . . . . . . . . . . . . . . . . . .
Group Audits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Materiality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Audit Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Understanding the Entity and Its Environment and Assessing
the Risks of Material Misstatement . . . . . . . . . . . . . . . . . . . . . . . .
The Entity’s Internal Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Identifying and Assessing the Risks of Material
Misstatement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Performing Audit Procedures and Evaluating Audit Evidence
Obtained . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Tests of Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Consideration of Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Assessing the Risk of Material Misstatements Resulting
From Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
©2019, AICPA
.01-.19
.01-.11
.12-.19
.12-.13
.14-.15
.16-.19
.01-.51
.01
.02-.05
.06-.50
.07-.30
.31-.33
.34-.42
.43-.45
.46-.50
.51
.01-.71
.01-.03
.04-.07
.08-.15
.15
.16
.17-.18
.19-.22
.23-.31
.25-.28
.29-.31
.32-.35
.34-.35
.36-.42
.40-.42
Contents
xvi
Table of Contents
Chapter
3
4
Contents
Paragraph
Planning and Performing a Financial Statement Audit in
Accordance With Government Auditing Standards — continued
Consideration of Laws and Regulations in an Audit of
Financial Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Consideration of Abuse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Evaluating Identified Misstatements . . . . . . . . . . . . . . . . . . . . . . . . . .
Developing Elements of a Finding . . . . . . . . . . . . . . . . . . . . . . . . . . .
The Auditor’s Communication With Those Charged With
Governance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Communicating Internal Control Matters Identified
in an Audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Written Representations From Management . . . . . . . . . . . . . . . . .
Other Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Exit Conference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Appendix — Examples of Deficiencies in Internal Control . . . .
Auditor Reporting Requirements and Other Communication
Considerations of Government Auditing Standards
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Report on the Financial Statements — GAAS Requirements . . .
Additional Reporting Requirements of Government Auditing
Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Reporting on Internal Control Over Financial Reporting
and on Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Internal Control Over Financial Reporting . . . . . . . . . . . . . . . . . . . .
Fraud, Noncompliance With Provisions of Laws, Regulations,
Contracts, and Grant Agreements, and Abuse . . . . . . . . . . . .
Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Noncompliance With Laws and Regulations . . . . . . . . . . . . . . .
Noncompliance With Provisions of Contracts and Grant
Agreements and Abuse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Other Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Additional Considerations Related to Fraud, Noncompliance
With Provisions of Laws, Regulations, Contracts, and
Grant Agreements, and Abuse . . . . . . . . . . . . . . . . . . . . . . . . .
Government Auditing Standards — Reporting Findings
Directly to Parties Outside the Entity . . . . . . . . . . . . . . . . . . .
Report on Audited Financial Statements . . . . . . . . . . . . . . . . . . . . .
Other Considerations — Citing Compliance With
Government Auditing Standards in the Auditor’s
Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Other Reporting Responsibilities in an Audit of Financial
Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Report on Internal Control Over Financial Reporting and on
Compliance and Other Matters Based on an Audit of
Financial Statements Performed in Accordance With
Government Auditing Standards . . . . . . . . . . . . . . . . . . . . . . . . .
.43-.52
.53-.58
.59
.60
.61-.65
.66
.67-.68
.69-.70
.69-.70
.71
.01-.89
.01
.02-.04
.05-.06
.07-.12
.13-.23
.24-.45
.25-.30
.31-.34
.35-.38
.39
.40-.42
.43-.45
.46-.52
.49-.51
.52
.53-.55
©2019, AICPA
Table of Contents
Chapter
4
5
xvii
Paragraph
Auditor Reporting Requirements and Other Communication
Considerations of Government Auditing Standards — continued
Other Reporting and Communication Considerations . . . . . . . .
Findings — Deficiencies in Internal Control, Noncompliance
With Provisions of Laws, Regulations, Contracts and
Grant Agreements, Fraud, and Abuse . . . . . . . . . . . . . . . . . .
Reporting Views of Responsible Officials and Planned
Corrective Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Distributing Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Reporting Confidential and Sensitive Information . . . . . . . . . .
Other Written Communications . . . . . . . . . . . . . . . . . . . . . . . . . . .
Portions of the Entity Not Audited in Accordance With
Government Auditing Standards . . . . . . . . . . . . . . . . . . . . . . .
Referring to the Work of a Component Auditor . . . . . . . . . . . .
Freedom of Information Act and Similar Laws and
Regulations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Assurance to Regulators and Oversight Agencies . . . . . . . . . . . .
Appendix — Illustrative Auditor’s Reports Under Government
Auditing Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Overview of the Single Audit Act, the Uniform Guidance Audit
Requirements, and the Compliance Supplement
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Uniform Guidance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Single Audit Act and Uniform Guidance Audit
Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Objectives of a Single Audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
General Audit Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Reporting Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Auditor Selection and Audit Costs . . . . . . . . . . . . . . . . . . . . . . . . .
Basis for Determining When Federal Awards
Are Expended . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Subrecipient and Contractor Determinations . . . . . . . . . . . . . . .
Major Program Determination . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Auditee Responsibilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Federal Awarding Agency Responsibilities . . . . . . . . . . . . . . . .
Pass-Through Entity Responsibilities . . . . . . . . . . . . . . . . . . . . . . . .
Cognizant Agency for Audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Oversight Agency for Audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Program-Specific Audits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Required Government-wide Evaluation of Single
Audit Quality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
OMB Compliance Supplement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Reference Materials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
©2019, AICPA
.56-.84
.56-.63
.64-.67
.68
.69-.72
.73-.74
.75-.77
.78-.84
.85-.86
.87-.88
.89
.01-.51
.01-.02
.03
.04-.47
.04-.08
.09-.20
.21-.23
.24-.25
.26-.27
.28
.29-.32
.33-.39
.40
.41
.42-.43
.44-.45
.46
.47
.48-.49
.50
.51
Contents
xviii
Table of Contents
Chapter
6
Contents
Paragraph
Auditor Planning Considerations Under the Uniform Guidance
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Adapting and Applying Applicable Auditing Standards to a
Uniform Guidance Compliance Audit . . . . . . . . . . . . . . . . . . . .
Identifying Supplementary Audit Requirements . . . . . . . . . . . . . . .
Agreeing Upon the Terms of the Engagement With
Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Financial Statement Audit Considerations . . . . . . . . . . . . . . . . . . . .
Developing an Efficient Audit Approach . . . . . . . . . . . . . . . . . . . . .
Defining the Entity to Be Audited . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Determining the Audit Period . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Fiscal Year and Program Period May Differ . . . . . . . . . . . . . . . .
Stub Periods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Initial-Year Audit Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Preceding Period Audited by Another Auditor . . . . . . . . . . . . .
Factors to Consider Under the Risk-Based Approach . . . . . . .
Timing of the Completion of the Audit and Report
Submission Deadlines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Determining the Major Programs to Be Audited . . . . . . . . . . . . . .
Identifying Direct and Material Compliance Requirements . . . .
Audit Risk of Noncompliance Considerations . . . . . . . . . . . . . . . .
Components of Audit Risk of Noncompliance . . . . . . . . . . . . . .
Performing Risk Assessment Procedures . . . . . . . . . . . . . . . . . . .
Assessing the Risks of Material Noncompliance . . . . . . . . . . . . . .
Assessing the Risks of Material Noncompliance Due
to Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Audit Materiality Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Materiality Differences Between the Financial Statement
Audit and the Uniform Guidance Compliance Audit . . . .
Materiality for Purposes of Reporting Audit Findings . . . . . . .
Audit Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Audit Documentation Access and Audit Follow-Up . . . . . . . . . . .
Audit Documentation Access and Retention . . . . . . . . . . . . . . . .
Audit Follow-Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Group Audit Considerations in a Uniform Guidance
Compliance Audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Existence of an Internal Audit Function . . . . . . . . . . . . . . . . . . . . . . .
Considerations Related to the Internal Audit Function . . . . . .
Communications With the Cognizant or Oversight Agency
for Audit and Others . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
State and Local Compliance Requirements . . . . . . . . . . . . . . . . . . .
Desk Reviews and On-Site Reviews . . . . . . . . . . . . . . . . . . . . . . . . . .
Restriction on the Auditor’s Preparation of Indirect
Cost Proposals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
.01-.74
.01-.02
.03-.06
.07
.08-.09
.10-.13
.14
.15
.16-.17
.16
.17
.18-.19
.18
.19
.20
.21
.22-.24
.25-.35
.27-.29
.30-.35
.36-.46
.41-.46
.47-.52
.48-.49
.50-.52
.53
.54-.56
.54-.55
.56
.57-.59
.60-.69
.62-.69
.70
.71
.72-.73
©2019, AICPA
.74
Table of Contents
Chapter
7
xix
Paragraph
Schedule of Expenditures of Federal Awards
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Identification of Federal Awards . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Federal Agency and Pass-Through Entity Requirements . . . . .
Auditee Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
General Presentation Requirements . . . . . . . . . . . . . . . . . . . . . . . . . .
Basis of Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Required Content for the Schedule of Expenditures
of Federal Awards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Providing Additional Information . . . . . . . . . . . . . . . . . . . . . . . . . .
Organizing the Content of the Schedule of Expenditures
of Federal Awards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Inclusion of Nonfederal Awards . . . . . . . . . . . . . . . . . . . . . . . . . . .
Considerations Relating to State Awards . . . . . . . . . . . . . . . . . .
CFDA Number Not Available . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Subwards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Treatment of Subawards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Commingled Assistance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Determining the Value of Federal Financial Assistance . . . . . . .
Treatment of Noncash Assistance and Other Federal
Financial Assistance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Determining the Value of Federal Financial Assistance
Expended . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Loan and Loan Guarantee Continuing Compliance
Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Audit Considerations Related to the Schedule of Expenditures
of Federal Awards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Conditions for and Procedures Related to Issuing the
In-Relation-To Opinion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Schedule May Not Agree With Other Federal Award
Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Additional Auditor Requirements Relating to Compliance
Audit Objectives and Internal Control Over
Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Documentation Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Management Representations Relating to the Schedule of
Expenditures of Federal Awards . . . . . . . . . . . . . . . . . . . . . . .
Subsequent Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Reporting on the Schedule of Expenditures of
Federal Awards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Issuing an Opinion on the Schedule of Expenditures of
Federal Awards Under AU-C Section 805 When the
Auditor Is Engaged to Perform Only the Compliance
Audit Under the Uniform Guidance . . . . . . . . . . . . . . . . . . . . . . .
Appendix — Illustrative Schedules of Expenditures of
Federal Awards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
©2019, AICPA
.01-.41
.01-.02
.03-.05
.03-.04
.05
.06-.14
.07
.08-.09
.10
.11
.12
.13
.14
.15-.16
.15
.16
.17-.21
.17-.18
.19
.20-.21
.22-.37
.22-.23
.24-.29
.30-.33
.34
.35
.36
.37
.38-.40
.41
Contents
xx
Table of Contents
Chapter
8
9
Contents
Paragraph
Determination of Major Programs
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Determining Major Programs Under the Uniform
Guidance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Step 1 — Determination of Type A and Type B
Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Step 2 — Identification of Low-Risk Type A Programs . . . . . .
Step 3 — Identification of High-Risk Type B Programs . . . . . .
Step 4 — Determination of Programs to Be Audited
as Major . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Percentage-of-Coverage Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Documentation of Risk Assessment . . . . . . . . . . . . . . . . . . . . . . . .
Auditor Judgment in the Risk Assessment Process . . . . . . . . . .
Other Considerations Regarding the Determination of
Major Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Federal Agency and Pass-Through Entity Requests for
Additional Major Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Low-Risk Auditee Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Assessing Risk When Determining Major Programs . . . . . . . . . .
Criteria for Federal Program Risk . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Current and Prior Audit Experience . . . . . . . . . . . . . . . . . . . . . . .
Oversight Exercised by Federal Agencies and
Pass-Through Entities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Inherent Risk of Noncompliance of the Federal
Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Consideration of Internal Control Over Compliance for
Major Programs
Uniform Guidance — Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Internal Control Over Compliance for Federal Awards . . . . . . .
Auditee Responsibilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Requirements Related to Internal Control in the Uniform
Guidance Compliance Audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Auditor Responsibilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Control Objectives and the Components of Internal
Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Auditor’s Consideration of Internal Control Over Compliance
for Each Major Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Obtaining an Understanding of Internal Control Over Direct
and Material Compliance Requirements for Major
Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Understanding Direct and Material Compliance
Requirements and Identifying Relevant Controls . . . . . . . . .
Compliance Supplement Internal Control Guidance . . . . . . . .
Multiple Organizational Unit Considerations . . . . . . . . . . . . . .
Subrecipient Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Planning and Performing the Testing of Operating
Effectiveness of Internal Control Over Direct and Material
Compliance Requirements for Each Major Program . . . . . . .
.01-.32
.01
.02-.19
.03-.08
.09-.13
.14-.15
.16
.17
.18
.19
.20-.21
.20
.21
.22
.23-.32
.24-.29
.30-.31
.32
.01-.64
.02-.03
.04-.08
.04-.08
.09-.10
.09-.10
.11-.12
.13-.17
.18-.26
.18-.22
.23-.24
.25
.26
.27-.60
©2019, AICPA
Table of Contents
Chapter
9
10
xxi
Paragraph
Consideration of Internal Control Over Compliance for
Major Programs — continued
Assessing Control Risk of Noncompliance . . . . . . . . . . . . . . . . .
Planning the Testing of Operating Effectiveness of Internal
Control Over Compliance for Each Major Program to
Support a Low Assessed Level of Control Risk of
Noncompliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Existence of Ineffective Internal Control in Preventing or
Detecting Noncompliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Performing Tests to Evaluate the Effectiveness of Controls . . .
Evaluating the Results of Testing . . . . . . . . . . . . . . . . . . . . . . . . . . .
Significant Deficiencies and Material Weaknesses in
Internal Control Over Compliance Related to
Federal Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Documentation Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Compliance Auditing Applicable to Major Programs
Compliance Objectives in a Uniform Guidance Compliance
Audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Responsibilities of Auditee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Use of Professional Judgment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Audit Risk of Noncompliance Considerations . . . . . . . . . . . . . . . .
Performing Further Audit Procedures in Response to
Assessed Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Materiality Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Materiality Judgments About Compliance Applied to Each
Major Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Effect of Material Noncompliance on the Financial
Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Performing a Uniform Guidance Compliance Audit . . . . . . . . . .
Identifying Major Programs to Be Tested . . . . . . . . . . . . . . . . . . .
Identifying Direct and Material Compliance
Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Planning the Engagement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Consideration of Internal Control Over Compliance for
Major Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Performing Compliance Testing . . . . . . . . . . . . . . . . . . . . . . . . . . .
Consideration of Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Consideration of Abuse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Consideration of Subsequent Events . . . . . . . . . . . . . . . . . . . . . . .
Evaluation and Reporting of Noncompliance . . . . . . . . . . . . . .
Performing Follow-Up Procedures . . . . . . . . . . . . . . . . . . . . . . . . .
Documentation Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Management Representations Related to Federal Awards . . . .
Suggested Representations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Refusal to Furnish Written Representations . . . . . . . . . . . . . . . . .
©2019, AICPA
.27-.28
.29-.32
.33-.35
.36-.39
.40-.46
.47-.60
.61-.64
.01-.80
.02-.03
.04-.05
.06
.07-.09
.08-.09
.10-.13
.11-.12
.13
.14-.74
.16
.17-.32
.33-.36
.37
.38-.48
.49
.50
.51-.53
.54-.67
.68-.74
.75-.76
.77-.79
.78
.79
Contents
xxii
Table of Contents
Chapter
10
11
Contents
Paragraph
Compliance Auditing Applicable to Major Programs — continued
State and Local Government Compliance Auditing
Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Audit Sampling Considerations of Uniform Guidance Compliance
Audits
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Audit Sampling in a Uniform Guidance Compliance Audit . . .
Purpose and Nature of Audit Sampling in a Uniform
Guidance Compliance Audit . . . . . . . . . . . . . . . . . . . . . . . . . . .
Audit Sampling in the Context of Other Audit
Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Procedures That May Not Involve Audit Sampling . . . . . . . . . . . .
Inquiry and Observation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Analytical Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Procedures Applied to Every Item in a Population or
Subpopulation in Compliance Testing . . . . . . . . . . . . . . . . . .
Individually Important Items in Compliance Testing . . . . . . . . .
Understanding and Testing the Operating Effectiveness
of Controls Over Compliance . . . . . . . . . . . . . . . . . . . . . . . . .
Planning Considerations for Sampling Related to Tests of
Controls Over Compliance and Compliance Testing . . . . . .
Determining Audit Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Defining the Population and Considering Completeness . . . .
Considering the Effect of Population Size . . . . . . . . . . . . . . . . . .
Defining Control Deviation and Compliance Exception
Conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Dual Purpose Sample Considerations . . . . . . . . . . . . . . . . . . . . .
Determining the Sample Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Selecting Sample Items for Testing . . . . . . . . . . . . . . . . . . . . . . . . . . .
Random Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Haphazard Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Systematic Selection With a Random Start . . . . . . . . . . . . . . . . .
Performing the Test Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Investigate and Understand the Nature and Cause of
Control Deviations and Compliance Exceptions . . . . . . . .
Determine If Additional Testing Is Warranted in Response
to an Observed Deviation or Exception . . . . . . . . . . . . . . . .
Evaluating Sample Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Evaluating Control Deviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Reaching an Overall Conclusion on Tests of Controls . . . . . .
Evaluating Compliance Exceptions . . . . . . . . . . . . . . . . . . . . . . . .
Reaching an Overall Conclusion on Tests of Compliance . . .
Documenting the Sampling Procedure . . . . . . . . . . . . . . . . . . . . . . .
.80
.01-.137
.01-.04
.05-.11
.06-.09
.10-.11
.12-.30
.13
.14-.17
.18-.20
.21-.28
.29-.30
.31-.91
.31-.32
.33-.50
.51
.52-.53
.54-.59
.60-.91
.92-.100
.96
.97-.98
.99-.100
.101-.107
.102-.103
.104-.107
.108-.132
.108-.115
.116-.117
.118-.129
.130-.132
.133-.137
©2019, AICPA
Table of Contents
Chapter
12
13
xxiii
Paragraph
Audit Considerations of Pass-Through Entities and Subrecipients
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Applicability of the Uniform Guidance . . . . . . . . . . . . . . . . . . . . . . .
Pass-Through Entities, Subrecipients, and Contractors . . . . . . . .
Subrecipient Status Versus Contractor Status . . . . . . . . . . . . . . .
Description of Relationships . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contractor Compliance Considerations . . . . . . . . . . . . . . . . . . . .
Single Audit Considerations of Pass-Through Entities . . . . . . . . .
Pass-Through Entity Responsibilities . . . . . . . . . . . . . . . . . . . . . . . .
Audit Planning Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Auditor Consideration of Internal Control Over
Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Subrecipient Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Reporting Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
For-Profit Subrecipients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Foreign Public Entities and Foreign Organizations . . . . . . . . .
State Designation of a Cluster of Programs . . . . . . . . . . . . . . . .
Single Audit Considerations of Subrecipients . . . . . . . . . . . . . . . .
Additional Compliance Requirements Established by
Pass-Through Entities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Indirect Cost Rates of Subrecipients . . . . . . . . . . . . . . . . . . . . . . .
Information Related to the Schedule of Expenditures of
Federal Awards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Audit Findings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Auditor Reporting Requirements and Other Communication
Considerations in a Single Audit
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Requirements Under the Uniform Guidance . . . . . . . . . . . . . . . .
Reporting Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Illustrative Auditor’s Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Reporting on the Financial Statements and Supplementary
Schedule of Expenditures of Federal Awards in Accordance
With GAAS and Government Auditing Standards in a
Single Audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Basis of Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Implementing Regulations of Federal Awarding Agencies
May Define the Entity to Be Audited Differently Than
Does GAAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Elements of the In-Relation-To Report on the Supplementary
Schedule of Expenditures of Federal Awards . . . . . . . . . . .
Potential Report Modifications When Reporting on the
Schedule of Expenditures of Federal Awards . . . . . . . . . . .
Considerations When Dating the Report on the Schedule
of Expenditures of Federal Awards . . . . . . . . . . . . . . . . . . . . .
©2019, AICPA
.01-.49
.01
.02
.03-.07
.08-.18
.08-.11
.12-.14
.15-.18
.19-.44
.20
.21-.24
.25
.26-.37
.38-.41
.42
.43
.44
.45-.49
.46
.47
.48
.49
.01-.66
.01-.08
.03-.04
.05
.06-.08
.09-.20
.09
.10
.11-.13
.14-.15
.16-.19
Contents
xxiv
Table of Contents
Chapter
13
14
Contents
Paragraph
Auditor Reporting Requirements and Other Communication
Considerations in a Single Audit — continued
Issuing an Opinion on the Schedule of Expenditures of
Federal Awards Under AU-C Section 805 When the
Auditor Is Engaged to Perform Only the Compliance
Audit Under the Uniform Guidance . . . . . . . . . . . . . . . . . . . .
Reporting on Compliance and Internal Control Over
Compliance Applicable to Each Major Program . . . . . . . . . .
Material Instances of Noncompliance . . . . . . . . . . . . . . . . . . . . .
Scope Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Report on Compliance for Each Major Program, Report on
Internal Control Over Compliance and Report on the
Schedule of Expenditures of Federal Awards Required
by the Uniform Guidance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Dating the Report on Compliance With Requirements
That Could Have a Direct and Material Effect on
Each Major Program and on Internal Control Over
Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Other Reporting Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Reissuance of the Uniform Guidance Compliance
Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Other Auditors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
When the Audit of Federal Awards Does Not Encompass
the Entirety of the Auditee’s Operations . . . . . . . . . . . . . . . .
Schedule of Findings and Questioned Costs . . . . . . . . . . . . . . . . .
What Is Required to Be Reported . . . . . . . . . . . . . . . . . . . . . . . . . .
Findings Related to the Financial Statements . . . . . . . . . . . . . . .
Audit Findings Related to Federal Awards . . . . . . . . . . . . . . . . .
Findings of Abuse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Detail of Audit Findings — Federal Awards . . . . . . . . . . . . . . . .
Other Preparation Guidance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Protected Personally Identifiable Information . . . . . . . . . . . . . . . . .
Communicating Other Findings to Management . . . . . . . . . . . . .
Summary Schedule of Prior Audit Findings and Corrective
Action Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Collection Form . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Submission of Reporting Package and Data Collection
Form . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Federal Audit Clearinghouse Responsibilities . . . . . . . . . . . . . .
Freedom of Information Act and Similar Laws and
Regulations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Appendix — Illustrative Auditor’s Reports Under the Uniform
Guidance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Program-Specific Audits
Use of a Program-Specific Audit to Satisfy Uniform
Guidance Audit Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Program-Specific Audit Requirements . . . . . . . . . . . . . . . . . . . . . . . .
.20
.21-.29
.22
.23-.25
.26-.28
.29
.30-.33
.30-.31
.32
.33
.34-.46
.35-.36
.37-.38
.39-.40
.41
.42-.44
.45-.46
.47-.48
.49
.50-.55
.56-.64
.61
.62-.64
.65
.66
.01-.16
©2019, AICPA
.02
.03
Table of Contents
Chapter
14
xxv
Paragraph
Program-Specific Audits — continued
Program-Specific Audit Guide Is Available . . . . . . . . . . . . . . . . . . .
Program Specific Audit Guide Is Not Available . . . . . . . . . . . . . .
Auditee’s Responsibilities When a Program-Specific Audit
Guide Is Not Available . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Auditor’s Responsibilities When a Program-Specific Audit
Guide Is Not Available . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Audit Scope and Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Auditor Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Auditor’s Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Submission of Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Timing of Submission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Submission When a Program-Specific Audit Guide
Is Available . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Submission When a Program-Specific Audit Guide
Is Not Available . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Appendix — Illustrative Auditor’s Reports for Program-Specific
Audits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
.04
.05
.06
.07-.11
.07
.08
.09-.11
.12-.15
.12
.13
.14-.15
.16
Supplement
A
Single Audit Act Amendments of 1996
B
Uniform Guidance Audit Requirements
Appendix
A
Overview of Statements on Quality Control Standards
B
Schedule of Changes Made to the Text From the Previous Edition
Index of Pronouncements and Other Technical Guidance
Subject Index
©2019, AICPA
Contents
