Studies On Single Audit And Yellow Book Deficiencies

The best way to avoid Single Audit and Yellow Book engagement deficiencies is to recognize them! Learn how to avoid some of the common pitfalls miring these engagements. This course takes on serious issues in an exciting case study format, and provides an informative look at avoiding some of the more common problems found in Yellow Book and A-133 engagements. The 2008 version of the course also reviews the federal study on A-133 audit quality.

Objectives:

• Apply key concepts in Yellow Book and A-133 audits
• Learn from the mistakes of others
• Utilize common sense solutions to common problems noted in Yellow Book and A-133 engagements

Prerequisite: Experience in the Yellow Book and A-133 environment

Case 1 – Engagement Letters

Learning Objective

• Examine issues regarding the use of engagement letters in A-133 audits and common deficiencies noted by peer reviewers

What are Engagement Letters and Why Do We Have Them?

When addressing what engagement letters are and why we have them a good place to start is SAS No. 1081. SAS No. 108, Planning and Supervision, states that

The auditor should establish an understanding with the client regarding the services to be performed for each engagement and should document the understanding through a written communication with the client. Such an understanding reduces the risk that either the auditor or the client may misinterpret the needs or expectations of the other party. For example, it reduces the risk that the client may inappropriately rely on the auditor to protect the entity against certain risks or to perform certain functions that are the client’s responsibility. The understanding should include the objectives of the engagement, management’s responsibilities, the auditor’s responsibilities, and limitations of the engagement.

The 2007 Yellow Book also recognizes the importance of the auditor/client engagement understanding when it states that

Under AICPA standards and GAGAS, auditors should communicate with the audited entity their understanding of the services to be performed for each engagement and document that understanding through a written communication. GAGAS broaden the parties included in the communication and the items for the auditors to communicate.

Under GAGAS, when planning the audit, auditors should communicate certain information in writing to management of the audited entity, those charged with governance, and to the individuals contracting for or requesting the audit. When auditors perform the audit pursuant to a law or regulation and they conduct the work directly for the legislative committee that has oversight of the audited entity, auditors should communicate with the legislative committee. In those situations where there is not a single individual or group that both oversees the strategic direction of the entity and the fulfillment of its accountability obligations or in other situations where the identity of those charged with governance is not clearly evident, the auditor should document the process followed and conclusions reached for identifying the appropriate individuals to receive the required auditor communications. Auditors should communicate the following additional information under GAGAS: (A) The nature of planned work and level of assurance to be provided related to internal control over financial reporting and compliance with laws, regulations, and provisions of contracts or grant agreements (B) Any potential restriction on the auditors’ reports, in order to reduce the risk that the needs or expectations of the parties involved may be misinterpreted.

The goal of SAS No. 108 (and the engagement letter) is to help bridge the understanding of the audit engagement between the auditor and client and avoid an expectation gap between the two. Such an understanding reduces the risk that either the auditor or the client may misinterpret the needs or expectations of the other party. For example, it reduces the risk that the client may inappropriately rely on the auditor to protect the entity against certain risks or to perform certain functions that are the client’s responsibility. This is illustrated in Exhibit 1-1.

Exhibit 1-1 Building a Bridge over the Auditor/Client Expectation Gap by Clarifying...

What Should Engagement Letters Cover?

Having established that engagement letters provide documentation of the understanding of the audit between the auditor and the client let us now look at what they should cover. Following the guidance in SAS No. 108, an engagement letter includes

• The objectives of the engagement:
  • The objective of the audit is the expression of an opinion on the financial statements.
• The responsibilities of management:
  • Management is responsible for the entity's financial statements and the selection and application of the accounting policies.
  • Management is responsible for establishing and maintaining effective internal control over financial reporting.
  • Management is responsible for designing and implementing programs and controls to prevent and detect fraud.
  • Management is responsible for identifying and ensuring that the entity complies with the laws and regulations applicable to its activities.
  • Management is responsible for making all financial records and related information available to the auditor.
  • At the conclusion of the engagement, management will provide the auditor with a letter that confirms certain representations made during the audit.
  • Management is responsible for adjusting the financial statements to correct material misstatements and for affirming to the auditor in the management representation letter that the effects of any uncorrected misstatements aggregated by the auditor during the current engagement and pertaining to the latest period presented are immaterial, both individually and in the aggregate, to the financial statements taken as a whole.
• The responsibilities of the auditor:
  
  • The auditor is responsible for conducting the audit in accordance with GAAS.
  • The auditor is responsible for ensuring that those charged with governance are aware of any significant deficiencies that come to his or her attention.
• The limitations of the engagement:
  • GAAS requires that the auditor obtain reasonable rather than absolute assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud. Accordingly, a material misstatement may remain undetected. Also, an audit is not designed to detect error or fraud that is immaterial to the financial statements.
  • If, for any reason, the auditor is unable to complete the audit or is unable to form or has not formed an opinion, he or she may decline to express an opinion or decline to issue a report as a result of the engagement.
  • An audit includes obtaining an understanding of the entity and its environment, including its internal control, sufficient to assess the risks of material misstatement of the financial statements and to design the nature, timing, and extent of further audit procedures. An audit is not designed to provide assurance on internal control or to identify significant deficiencies.

SAS No. 108 further discusses that an understanding with the client also may include other matters, such as the following:

• The overall audit strategy.
• Involvement of specialists or internal auditors, if applicable.
• Involvement of a predecessor auditor.
• Fees and billing.
• Any limitation of or other arrangements regarding the liability of the auditor or the client, such as indemnification to the auditor for liability arising from knowing misrepresentations to the auditor by management (regulators may restrict or prohibit such liability limitation arrangements.)
• Conditions under which access to audit documentation may be granted to others.
• Additional services to be provided relating to regulatory requirements.
• Other services to be provided in connection with the engagement, for example, nonattest services, such as accounting assistance and preparation of tax returns subject to the limitations of Ethics Interpretation No. 101-3, “Performance of Nonattest Services,” under Rule 101, Independence.

In addition to the items already listed the AICPA Audit and Accounting Guide, Government Auditing Standards and Circular A-133 Audits3, discusses that the auditor should consider including the following when performing Yellow Book audits:

• A description of the financial statements to be audited.
• The reporting period.
• The auditing standards and requirements that will be followed (i.e., GAAS and the Yellow Book).