The Yellow Book standards relating to financial audits apply to independent CPA firms as well as government audit departments.

The following descriptions relate to an independent CPA firm that includes among its audit clients municipalities, school districts, and not-for-profit organizations, all of which receive federal financial assistance. Each description presents a possible violation of Government Auditing Standards (summarized in Table 16-1). For each description indicate the specific standard at issue and tell why there might be a violation.

TABLE 16-1: Government Auditing Standards for Financial Audits

General Standards
1. Independence. In all matters relating to the audit work, the audit organization and the individual auditor, whether government or public, should be independent. Independence comprises independence of mind and appearance. Assessing independence is achieved by applying a "conceptual model" advocated by the GAO which requires that auditors:
• Identify threats to independence.
• Evaluate the significance of the threats identified.
• Apply safeguards, when necessary, to eliminate the threats or reduce them to an acceptable level.
2. Professional judgment. Professional judgment should be used in planning and performing audits and attestation engagement and in reporting the results.
3. Competence. The staff assigned to perform the audit or attestation engagement must collectively possess adequate professional competence to address the audit objectives and perform the work in accordance with generally accepted government audited standards (GAGAS).
4. Technical Knowledge. The staff assigned to the audit should collectively possess the technical knowledge, skills, and experience necessary to be competent for the type of work being performed before beginning work on that audit.
5. Continuing Professional Education (CPE). Auditors engaged in planning, directing, or performing government audits should complete, every two years, at least 24 hours of CPE plus at least 56 hours of more general CPE.
6. Quality control and assurance. Each audit organization performing audits in accordance with generally accepted government auditing standards (GAGAS) should establish and maintain an internal quality control system in place and should undergo an external peer review at least once every three years.
Other Standards for Financial Audits
1. Auditor communication. Auditors should communicate pertinent information to the individuals contracting for, or requesting, the audit services, and to cognizant legislative committees when auditors perform the work pursuant to law or regulation, or they conduct the work for the legislative committee that has oversight of the audited entity.
2. Previous audits and attestation engagements. Auditors should evaluate whether the audited entity has taken appropriate corrective action to address findings and recommendations from previous audits.
3. Fraud, noncompliance with provisions of laws, regulations, contracts and grant agreements, and abuse. In addition to adhering to AICPA audit requirements pertaining to fraud, and noncompliance with provisions of laws and regulations, auditors should also be concerned with whether the auditee had adhered to provisions of contracts and grant agreements. Abuse involves behavior that a reasonable person would consider aberrant and includes misuse of authority or position for personal financial gain.
4. Developing elements of a finding. When auditors identify deficiencies in internal control, fraud, illegal acts, violations of provisions of contracts or grant agreements, and abuse, they should plan and perform procedures to develop the elements of the findings that are relevant and necessary to achieve the audit objectives. A finding involves four key elements:
a. Criteria. The laws, regulations, contracts, etc. against which performance can be compared or evaluated
b. Condition. A situation that exists
c. Cause. The reason or explanation for the condition
d. Effect or potential effect. The outcomes or consequences of the condition
5. Audit documentation. Before releasing their report, auditors should document their findings, conclusions, and recommendations, indicate any departures from the GAGAS requirements, and discuss the impact on the audit and on the auditor's conclusions.
6. Reporting auditors' compliance with GAGAS. When auditors comply with all applicable GAGAS requirements for financial audits, they should include a statement in the auditors' report that they performed the audit in accordance with GAGAS.
7. Reporting on internal control and compliance with provisions of laws, regulations, and grant agreements. When providing an opinion or a disclaimer on financial statements, auditors should also report on internal control over financial reporting and on compliance with provisions of laws, regulations, contracts, or grant agreements that have a material effect on the financial statements. They should report on internal control and compliance regardless of whether or not they identify internal control deficiencies or instances of noncompliance. They should include in their report on the financial statements a description of the scope of the auditors' testing of internal control over financial reporting and compliance.
8. Communicating deficiencies in internal control, fraud, noncompliance with provisions of laws, regulations, contracts, grant agreements, and abuse. When performing GAGAS financial audits, auditors should communicate in the report on internal control and compliance, (1) significant deficiencies and material weaknesses in internal control, (2) instances of fraud and noncompliance with provisions of laws or regulations that have a material effect on the audit and any other instances that warrant the attention of those charged with governance, (3) noncompliance with provisions of contracts or grant agreements that has a material effect on the audit, and (4) abuse that has a material effect on the audit. In some circumstances, auditors should report fraud, illegal acts, violations of provisions of contracts or grant agreements, and abuse directly to parties external to the audited entity (e.g., the government agency providing financial assistance).
9. Reporting views of responsible officials. If the auditors' report discloses deficiencies in internal control, fraud, illegal acts, violations of provisions of laws, regulations, contracts, or grant agreements, or abuse, auditors should obtain and report the views of responsible officials concerning the findings, conclusions, and recommendations, as well as any planned corrective actions.
10. Reporting confidential and sensitive information. If certain pertinent information is prohibited from general disclosure, the audit report should indicate that certain information has been omitted and the reason or other circumstances that make the omission necessary.
11. Distributing Reports. Government auditors should submit audit reports to those charged with governance, to the appropriate officials of the audited entity and to appropriate oversight bodies or organizations requiring or arranging for the audits, including external funding organizations such as legislative bodies, unless legal restrictions prevent it. Auditors should also send copies of the reports to other officials who have legal oversight authority or who may be responsible for acting on audit findings and recommendations and to others authorized to receive such reports. Public accounting firms contracted to perform an audit should clarify report distribution responsibilities with the party contracting for the audit and follow the agreements reached.
12. Materiality. Materiality levels may differ between government and nongovernment audits. Lower materiality levels may be appropriate because of the public accountability of government entities and entities receiving government funding as well as various legal and regulatory requirements and the visibility and sensitivity of government programs.
13. Early Communication of Deficiencies. For some matters, early communication to those charged with governance may be important to allow management to take prompt corrective action to prevent further noncompliance.
1.
Each year the managing partner appoints a committee of three of its partners to evaluate the quality of the work performed by the firm. The firm is not otherwise reviewed by independent parties.
2.
When the firm conducts a financial examination, its primary objective is to determine whether the auditee's financial system is properly designed, the system is operating as intended, and the resultant financial records can be relied upon. Accordingly, the department does not test explicitly for fraud or other illegal activities.
3.
The firm has a formal program of continuing professional education. To eliminate the need to pay for the staff to attend outside courses, it brings in outside experts to conduct forty hours per year of training. Each year the training is directed to a specific area. This year's area was changes in the federal tax code; last year's was "how to market the firm."
4.
The firm periodically assigns members of its staff on a temporary basis to government and not-for-profit audit clients. The staff members typically serve as financial consultants or as acting financial administrators.
5.
The firm may not test compliance with certain federal grant provisions if the grant was examined by the client's internal auditors and no violations were detected.
6.
In its single audit of a client's federally assisted program, the firm detected numerous instances of noncompliance with applicable federal regulations. Inasmuch as none of the violations were either serious or material, the firm reported them to the client in its "management letter" but did not mention them in its compliance report to federal officials.
7.
As part of all financial audits of federal funds recipients, the auditors carefully assess the adequacy of internal controls. They do not, however, prepare a specific report on internal controls or address them in the standard audit report.