Printer Friendly

Compliance standards and government entities.

Compliance Standards and Government Entities

In 1985, when a study conducted by the General Accounting Office revealed a significant number of substandard audits of federal financial assistance programs, the American Institute of Certified Public Accountants established a task force to make recommendations for improving the quality of engagements involving expenditures of taxpayers' money. Two years later this task force issued a report which recommended that the Auditing Standards Board (ASB) issue a statement on auditing standards for government audits. The result of this recommendation was SAS No. 63, "Compliance Auditing Applicable to Governmental Entities and Other Recipients of Governmental Financial Assistance," which was released in April 1989. The purpose of this article is to provide the reader an overview of the requirements of SAS 63.

SAS 63 provides standards for testing and reporting on compliance with federal, state, and local laws and regulations concerning financial assistance received by state and local governments as well as nonprofit organizations in engagements under (1) generally accepted auditing standards, (2) government auditing standards, and (3) the Single Audit Act of 1984. Because the auditor's responsibility varies depending upon the type of engagement, it is important that accountants involved in governmental audits as well as those entities receiving governmental financial assistance have a basic understanding of the following standards:

Generally Accepted

Auditing Standards

The responsibility for designing an audit to provide reasonable assurance that financial statements are not materially misstated due to violations of laws and regulations having a direct, material effect on financial statement amounts was previously addressed in SAS No. 54, "Illegal Acts by Clients," and SAS No. 53, "The Auditor's Responsibility to Detect and Report Errors and Irregularities," and is merely reaffirmed in SAS 63. What is new in SAS 63 is specific guidance on how to audit governmental entities or those entities receiving financial assistance from the government.

Some laws and regulations have a direct, material effect on an entity's financial statements even when the entity is not legally obligated to prepare the statements in accordance with generally accepted accounting principles. For example, if construction workers on a federally financed project are paid an hourly rate less than the minimum established by the Secretary of Labor, this constitutes a violation of the Davis-Bacon Act and directly affects the payroll amounts in the entity's financial statements.

SAS 63 emphasizes the importance of planning the engagement. The auditor is required to obtain a clear understanding of possible effects of laws and regulations on an entity's financial statements. To accomplish this, the auditor should begin by asking management to identify relevant laws and regulations. To assess the reliability of management's identication, SAS 63 suggests certain procedures which include (1) discussing these laws and regulations -- and obtaining written representation that these laws and regulations have been identified--with the entity's chief financial officer, grant administrators, or legal counsel; (2) reviewing relevant portions of both related agreements and minutes of the appropriate legislative body; and (3) making inquiries of the appropriate audit oversight organizations and of the program administrators of the government entities providing the grants.

As part of the planning process, the auditor should study the internal control structure. The auditor should then use this knowledge of the control environment to assess the risk that material misstatements may exist in the financial statements. In doing so, the auditor should keep in mind that controls over government assistance are frequently decentralized; thus, frequent monitoring is necessary if the controls are to be relied upon. Some factors which the auditor should consider when evaluating audit risk include management's familiarity with regulatory requirements, methods of assigning authority and responsibility, and non-compliance found in previous audits.

SAS 63 makes it clear that both governmental entities and those entities receiving governmental financial assistance from a governmental entity should follow these guidelines. Grants (both cash and non-cash), loans, loan guarantees and interest rate subsidies are all examples of governmental financial assistance. The auditor should be familiar with laws and regulations affecting financial assistance; these normally involve (1) eligibility, (2) matching or earmarking, and (3) services allowed or disallowed.

Responsibilities Under

Government Auditing


Auditors may accept an engagement with either a governmental or a business entity for an audit in accordance with standards issued by the Government Accounting Office, "the yellow book." However, auditors accepting these engagements should realize they are assuming additional responsibilities beyond those assumed in an audit in accordance with generally accepted auditing standards. Although government auditing standards do not require additional auditing procedures, two additional reports--one on compliance with laws and regulations and one on the internal control structure--are required.

Reporting on Compliance

The required report on tests of compliance with applicable laws and regulations may be included with the report on the financial statements or it may be separate. SAS 63 specifies that a statement of positive assurance, that is, a statement that tested items were in compliance with applicable laws and regulations, be included in the report. Negative assurance--a statement that nothing came to the auditors' attention as a result of procedures performed causing them to believe untested items failed to comply with applicable laws and regulations--is also required by SAS 63. The last paragraph of the report must include a statement concerning its intended use. However, because the report is a matter of public record, a statement that the restriction is not meant to limit the distribution of the report is necessary.

Compliance testing of certain laws and regulations may be omitted if, based on the auditors' assessments of risk and materiality, they believe account balances or transactions affected by certain laws and regulations are immaterial. In these situations, positive assurance is not appropriate. However, the report should include a statement that the auditors believe there is a low likelihood of material instances of non-compliance. This statement provides a basis for the negative assurance required in the report.

What if the auditor's procedures reveal material instances of noncompliance? The auditor should issue a qualified report which includes:

1) The definition of material instances of noncompliance,

2) The identification of all material instances of noncompliance which were detected,

3) A statement that the noncompliance was considered in forming an opinion on the financial statements, and

4) A modification of the statements of positive and negative assurance.

Even those material instances of noncompliance that have been corrected are required to be reported; however, the auditor may state in the report that the effects of the noncompliance have been corrected in the financial statements. Although immaterial instances of noncompliance need not be included in the report, the auditor is required to communicate these findings to top management, preferably in a management letter.

The auditor is required to report illegal acts--or possible illegal acts--to top officials in the entity. Illegal acts, however, do not have to be reported in the audit report. They may be reported in a separate written report to the appropriate officials.

Reporting on the Internal

Control Structure

SAS 63 requires the auditor to communicate all reportable conditions noted during the audit. The following vague definition of reportable conditions is provided in SAS No. 60, "Communication of Internal Control Structure Related Matters Noted in an Audit." Reportable conditions are matters which:

represent significant deficiencies in the design or operation of the internal control structure which could adversely affect the organization's ability to record, process summarize, and report

The difference between the requirements of SAS 60 and SAS 63 is that SAS 60 requires oral or written communication only when reportable conditions are observed; government auditing standards require a written report on the internal control structure for all audits. Thus, SAS 63 extends the auditor's responsibility for engagements under government auditing standards beyond the requirements of SAS 60 by requiring:

1) A description of reportable conditions observed,

2) The identification of those reportable conditions which are believed to be material weaknesses,

3) The identification of the categories of the internal control structure,

4) A description of the scope of the auditor's work in studying the control structure and in assessing risk, and

5) A description of deficiencies considered to be too insignificant to be designated reportable conditions.

SAS 60 precludes the issuance of a report stating reportable conditions wer not noted. However, the auditor may satisfy the above yellow book requirements by adding a paragraph defining material weaknesses and stating that although none were disclosed during the audit, the auditor's study of the internal control structure would not necessarily detect all material weaknesses.

Responsibilities Under the

Single Audit Act

The Single Audit Act of 1984, which establishes uniform requirements for audits of federal financial assistance, mandates that any state or local government receiving federal financial assistance in excess of $100,000 must be audited in accordance with the act. The act requires an audit report on compliance with laws and regulations that may have a material effect on the financial statements. Those state or local agencies receiving less than $100,000 but at least $25,000 may elect to be audited in accordance with either the act or the appropriate federal laws and regulations governing the programs. Not-for-profit entities which are sub-recipients of federal financial assistance from state and local governments may also be required to have audits performed in accordance with the act.

OMB Circular A-128, which was issued by the Office of Management and Budget to prescribe policies and guidelines for implementing the act, requires that management prepare a schedule identifying major and non-major federal financial assistance programs. It is then the auditor's responsibility to assess the appropriateness of this identification, to perform tests to determine compliance with specific and general requirements applicable to the major assistance programs, and to issue separate reports on compliance for both specific and general requirements.

When testing for compliance with financial assistance programs under the act, the auditor should consider materiality relative to each program. This, of course, is different from an audit in accordance with generally accepted auditing standards where materiality is considered relative to the financial statements.

Compliance Reporting on

Major Programs

Whether a financial assistance program is major or non-major depends on the amount of a governmental entity's expenditures relative to its total expenditures. In auditing major programs, the auditor should test compliance with the following specific requirements: the types of services allowed or disallowed, the eligibility of the recipients, the recipient's payment of required matching payments, reporting requirements, and compliance with any other designated provisions for the program.

Management should provide the auditor with written representation of compliance. If management fails to do so, the auditor should issue a qualified opinion or a disclaimer of opinion on compliance.

A few of the basic elements of the auditor's report on compliance with specific requirements include: a statement that compliance is management's responsibility; a statement that the audit was conducted in accordance with generally accepted auditing standards, government auditing standards, and Circular A-128; a summary of all instances of noncompliance which were detected and the identification of all questioned amounts; and an opinion regarding the entity's compliance with these requirements.

For major programs, the auditor must also report on compliance with six general requirements identified in the OMB's Compliance Supplement and briefly described below:

1. Political Activity--Federal funds cannot be used for partisan politics.

2. Davis-Bacon Act--Workers on federally financed projects must be paid at least the minimum wage established by the Secretary of Labor.

3. Civil Rights--Discrimination is prohibited on projects funded with federal funds.

4. Cash Management--Recipients of federal funds are required to minimize elapsed time between the receipt of federal funds and the disbursement to the grantee.

5. Relocation Assistance and Real Property Acquisition--Certain actions regarding the acquisition of property (eg: property should be appraised in the owner's presence) are required by grant recipients.

6. Federal Financial Reports--Most federal financial programs require periodic financial reports.

Compliance Reporting on

Nonmajor Programs

The Single Audit Act also requires the auditor to report on compliance with certain laws and regulations applicable to nonmajor federal financial assistance programs. This requirement stems from the knowledge that the auditor's sample for testing the internal control environment may have included some transactions from nonmajor programs. If this is the situation, then the auditor is required to test these sampled transactions for compliance with specific requirements applicable to these transactions. In most cases, these specific requirements relate to the eligibility of the recipient and the allowability of the expenditure. The auditor is not required to test either specific requirements applicable to the program as a whole or general requirements.

The auditor's report on compliance with specific requirements that apply to nonmajor program transactions may be combined with the report on compliance for major federal assistance programs or it may be separate. Some of the items which should be included in the report are: a statement identifying the requirements tested, statements of positive and negative assurance, a summary of all instances of noncompliance detected with the questioned amounts identified, and a statement indicating the intended use of the report.


Federal financial assistance amounts to $100 billion per year. to provide assurance that these taxpayer's monies are used effectively, SAS 63 was issued in an attempt to improve the quality of engagements involving government assistance programs. As a result, governmental entities, as well as some business entities, are subject to a multitude of audit requirements. Because SAS 63 is a big umbrella and covers some business entities receiving amounts as little as $25,000 per year, it is important that auditors, as well as accountants and management, have a basic knowledge of the requirements on compliance auditing.

Rita P. Hull, PhD, CPA, is a professor of accounting at Virginia Commonwealth University in Richmond, Virginia. She has published articles in numerous academic and professional accounting journals.
COPYRIGHT 1990 National Society of Public Accountants
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1990 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Hull, Rita P.
Publication:The National Public Accountant
Date:Mar 1, 1990
Previous Article:Legislative modifications to the issue of privity.
Next Article:Investment interest carryovers; the Beyer decision.

Related Articles
GASB after the five-year structure review.
Applying the 50% rule in a single audit.
AICPA issues ED on compliance attestation.
What auditors will find in SAS 74.
Understanding program-specific audits.
What should governments include in their financial reports?
Auditing federal awards: a new approach.
Buddy up with a lawyer, it's compliance time.
The new Yellow Book: what you need to know about 2007 revision of Government Auditing Standards.

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters