For full functionality of this site it is necessary to enable JavaScript. Here are the instructions how to enable JavaScript in your web browser.

CPE for Government Auditors

Does your team meet the 2018 Yellow Book Independence Standards?

Chapter 3: Independence

As I revise my self-study book, “The Yellow Book Interpreted,” I will be sharing chapters with you.

Objectives: 

  • Classify your ethical responsibilities in the government environment 
  • Apply the conceptual framework in evaluating threats to your independence as an auditor 
  • Identify the attributes of professional judgment per GAO standards

All Three Together

In prior versions of the Yellow Book, the ethics, independence, and professional judgment standards were presented in different chapters. Now they are joined in one long chapter.

These are some of the least specific standards in the Yellow Book as all require the application of professionalism, maturity, and judgment. And how do you regulate professionalism, maturity, and judgment? You can’t. You can only talk about them in generalities.

We will cover the three standards in the order presented in Chapter 3 of the Yellow Book. First ethics, then independence, and lastly professional judgment.

Ethics

In order to understand the GAO’s perspective on ethics and independence, we need to talk about three themes of the Yellow Book that kick off the standards in the first few pages of the Yellow Book. These three themes – accountability, transparency, and service –  put us in the right frame of mind when auditing in the government environment.

Accountability

What is accountability? I had heard the term tossed around the government so frequently that I never even thought about its meaning. Now I know that accountability does notmean that you got it right. It just means that you take ownership of it.

I met a cowboy auditor in West Texas who said, “You might be right, or you might be wrong, but you’d better the hell document it.” That sums up accountability quite nicely. When things go bad, you are there to say, “Yes, that was me. I’m sorry.” When things go well, you can keep your job.

Recently on TV news, I saw a high school coach who was responsible for the death of one of his teenage football players. And instead of being contrite, he said something like, “Everyone is forgetting that I suffered a loss, too, and that I will hold on to this for the rest of my life.” That is not exactly what the parents of that boy wanted to hear. He deflected accountability and tried to engender empathy for himself. I doubt that will serve him well in his community.

The GAO repeatedly reminds us that we are accountable to the taxpaying public for our actions and that we, as auditors, have a role in holding government leaders accountable.

1.02     The concept of accountability for use of public resources and government authority is key to our nation’s governing processes.

1.05     Government auditing is essential in providing accountability to legislators, oversight bodies, those charged with governance, and the public. Auditsprovide an independent, objective, nonpartisan assessment of the stewardship, performance, or cost of government policies, programs, or operations, depending upon the type and scope of the engagement.

One of the tough things about the GAO standards is they are not written for government officials (although government officials are mentioned a few times); they are written as standards for auditors. So, while we hold public officials and employees accountable for their actions, we are accountable for our actions, too.

Transparency

Actions and information that are transparent and open for everyone’s inspection and review.

1.07     Audits performed in accordance with GAGAS provide information used for oversight, accountability, transparency, and improvements of government programs and operations. GAGAS contains requirements and guidance to assist auditors in objectively acquiring and evaluating sufficient, appropriate evidence and reporting the results. When auditors perform their work in this manner and comply with GAGAS in reporting the results, their work can lead to improved government management, better decision making and oversight, effective and efficient operations, and accountability and transparency for resources and results.

The State of Texas government has put every single transaction online in real time. I can, with a few clicks of the mouse, see that the Texas Department of Transportation bought a van, how much the van was, who they bought it from, why they need it, and what color of funds (general revenue, special revenue, enterprise revenues) paid for it. They occasionally consider putting all state employee payroll data online – yes, names, pay grade, title, the whole bit. Why? Because citizens own the government, and we citizens have a right to know how our money is being used!

Theoretically, if you do as President Obama frequently advised in his speeches and shine light in the dark places, those in hiding will be exposed and held accountable.

Service

If you audit Hurst Construction, your ultimate audience for the audit report is Mr. Hurst, his board of directors, and the bank. But, if you audit a public housing project, your ultimate clients are not the managers of the project, the boards of directors, or the banks. Your ultimate beneficiaries of the report are not even the grantors. The ultimate beneficiaries of your work are the low-income children who live in the housing project.

We have to remember, as governmental auditors, that we are checking to see whether tax dollars are being used for their intended purpose and whether the public is being served by our auditee’s efforts.

3.08     A distinguishing mark of an auditor is acceptance of responsibility to serve the public interest. This responsibility is critical when auditing in the government environment. GAGAS embodies the concept of accountability for public resources, which is fundamental to serving the public interest.

We hold our clients to a higher standard of behavior than we do in the commercial sector. While it was OK for AIG to go on a lavish $500,000 spa junket before the US taxpayers bailed them out in 2008, it certainly was not OK after the bailout.

Later, we will see that the GAO asks you to report even more bad behaviors than the AICPA does. If Mr. Hurst wants to put his jet-setting, never-worked-a-day-in–their-life kids on the payroll, more power to him. Auditors in the commercial sector do not have a responsibility to say anything about that. But in the government realm, we call that abuse, and we do have a professional, and I have to add, moral, responsibility to do something with that knowledge. We’ll discuss more about abuse later.

Five Main Sections of the Ethics Section

The ethics discussion is divided into five main principles:

a.   The public interest 
            b.   Integrity 
            c.   Objectivity 
            d.   Proper use of government information, resources, and position 
            e.   Professional behavior 

Let’s discuss each one in turn.

The Public Interest

When Johnson and Johnson found out that someone had tampered with one of their products, Tylenol, and that people were dying as a result, they immediately recalled the product. This cost Johnson and Johnson an estimated $100 million. They could have made a lot of other, less responsible and possibly less expensive choices. But because they had a mission statement that put the customer first and the shareholders second, it was obvious what they should do.

In government, our first responsibility is to the public. Not to the person who hired us and is writing our checks. Not to the federal grantor. We are responsible for bringing anything to light that harms the kid in the housing development.  Sometimes this will cost us.

A city auditor told me that he sees a higher purpose in his work. It is his job to make sure that the monies collected by the city are turned back to support those who need services and who may not have a voice in the government. He works on the citizens’ behalf, and because of this higher purpose, doesn’t care whether he makes his auditees upset when he publishes his reports.

3.07     The public interest is defined as the collective well-being of the community of people and entities the auditors serve. Observing integrity, objectivity, and independence in discharging their professional responsibilities assists auditors in meeting the principle of serving the public interest and honoring the public trust. The principle of the public interest is fundamental to the responsibilities of auditors and critical in the government environment.

In my business, I transfer in and out of two worlds – the government world and the commercial world – and indeed they are different. In the commercial world fortunes are made by doing what is not expressly prohibited. In the government world, action won’t be taken unless it is expressly permitted.

Commercial entities are not interested in transparency. A friend of mine, an engineer, says that Apple is one of the most secretive organizations for which he has ever worked. At the corporate headquarters store, they sell a T-Shirt that says, “I visited the Apple Corporate Offices in Cupertino…and that is all I can say about it.” Apple doesn’t want their auditor shining light in their dark places.

But government auditors must shine light in dark places to serve the children, the elderly, and the disabled.

And taxpayers get very, very upset if even a tiny bit of their hard-earned tax dollars are squandered. Not long ago, I helped develop a training event for a government employee retirement system. Afterwards, to celebrate our success, the retirement system managers insisted that we dine at a first-rate steakhouse in Dallas – you know the type, where you pay $45 for an à la carte steak. We had wine and appetizers, and one guy ordered a $35 brandy. I was very uncomfortable. I thought that if any of their members walked in and recognized them as the folks in charge of their retirement funds, they would have a lot of explaining to do. The retirees don’t want their money going for high living! If you work for a corporation, go ahead and enjoy. Live it up! But in a conscientious government environment, I can’t even get a cup of coffee for free.

Integrity

Both the integrity and objectivity sections of the Yellow Book mention independence and freedom from political or ideological bias.

When I started in public accounting, the managing partner made it very clear to me that I should not put any bumper stickers on my car indicating affiliation with any political party, university, or even a radio station! When talking to the client, I was not to express opinions on the events of the day or engage the clients in religious, social, or political discussions. I was to be personality-less! In this way, the client could never question whether I had a bias as I made my audit conclusions.

He was, not so subtly, pointing out that what the firm sold was auditor integrity and objectivity. And if the client doubted either or those, our product – our conclusions and opinions – was useless.

Integrity
3.09     Public confidence in government is maintained and strengthened by auditors performing their professional responsibilities with integrity. Integrity includes auditors conducting their work with an attitude that is objective, fact-based, nonpartisan, and nonideological with regard to audited entities and users of the auditors’ reports. Within the constraints of applicable confidentiality laws, rules, or policies, communications with the audited entity, those charged with governance, and the individuals contracting for or requesting the audit are expected to be honest, candid, and constructive.

3.10     Making decisions consistent with the public interest of the program or activity under audit is an important part of the principle of integrity. In discharging their professional responsibilities, auditors may encounter conflicting pressures from management of the audited entity, various levels of government, and other likely users. Auditors may also encounter pressures to inappropriately achieve personal or organizational gain. In resolving those conflicts and pressures, acting with integrity means that auditors place priority on their responsibilities to the public interest.

Objectivity

Objectivity

3.11      The credibility of auditing in the government sector is based on auditors’ objectivity in discharging their professional responsibilities. Objectivity includes independence of mind and appearance when providing audits, maintaining an attitude of impartiality, having intellectual honesty, and being free of conflicts of interest. Maintaining objectivity includes a continuing assessment of relationships with audited entities and other stakeholders in the context of the auditors’ responsibility to the public. The concepts of objectivity and independence are closely related. Independence impairments impact objectivity.

Proper Use of Government Information, Resources, and Position

A professor at University of Texas at Arlington teaches ethics and leadership to government leaders in communist bloc countries. He developed several case studies for the leaders-in-training to discuss. One case study described how a mayor used city employees to landscape his backyard– clearly an improper usage of government resources. But unlike previous case studies, the professor didn’t hear anything back from them the next week. Instead the leaders stalled for a month before they admitted that they just didn’t understand the ethical dilemma in the scenario. Using the labor of government employees for personal benefit is one of the perks of being a government leader in a communist bloc country! Not so under Yellow Book standards:

3.12     Government information, resources, and positions are to be used for official purposes and not inappropriately for the auditor’s personal gain or in a manner contrary to law or detrimental to the legitimate interests of the audited entity or the audit organization. This concept includes the proper handling of sensitive or classified information or resources.

3.13     In the government environment, the public’s right to the transparency of government information has to be balanced with the proper use of that information. In addition, many government programs are subject to laws and regulations dealing with the disclosure of information. To accomplish this balance, exercising discretion in the use of information acquired in the course of auditors’ duties is an important part in achieving this goal. Improperly disclosing any such information to third parties is not an acceptable practice.

3.14     Accountability to the public for the proper use and prudent management of government resources is an essential part of auditors’ responsibilities. Protecting and conserving government resources and using them appropriately for authorized activities is an important element in the public’s expectations for auditors.

3.15     Misusing the position of an auditor for financial gain or other benefits violates an auditor’s fundamental responsibilities. An auditor’s credibility can be damaged by actions that could be perceived by an objective third party with knowledge of the relevant information as improperly benefiting an auditor’s personal financial interests or those of an immediate or close family member; a general partner; an organization for which the auditor serves as an officer, director, trustee, or employee; or an organization with which the auditor is negotiating concerning future employment.

Professional Behavior

Any behavior that could cause someone to question your professionalism can detract from your credibility. And, credibility helps sell audit recommendations.

3.16     High expectations for the auditing profession include compliance with all relevant legal, regulatory, and professional obligations and avoidance of any conduct that might bring discredit to auditors’ work, including actions that would cause an objective third party with knowledge of the relevant information to conclude that the auditors’ work was professionally deficient. Professional behavior includes auditors putting forth an honest effort in performanceof their duties and professional services in accordance with the relevant technical and professional standards.

Consider the following true scenario (with a few small changes to protect identities): You are the internal audit director of a large city. You recently hired a new auditor fresh out of college and have been grooming him for a career conducting governmental audits. Recently, you assigned him to conduct a performance audit of your city’s police department.

Everything has been going well until last week when you saw a picture of him in the local newspaper at the city’s Mardi Gras celebration. He was pictured on the very top of a street light without his shirt wearing dozens of bead necklaces. The police stood below and appeared to be yelling at him to come down. You show him the picture and ask him what he thought he was doing. He becomes immediately defensive and tells you that what he does on his own time is none of your business. He had some college buddies in town and they were celebrating an upcoming wedding.

The professional behavior standard says nothing about distinguishing your behavior between your work life and your personal life. But does this new auditor’s personal behavior compromise his credibility with the police force? Yes, indeed! If he doesn’t respect the law on his personal time, he can’t expect the police department to respect his audit during his professional time.

To maintain your shop’s professional image, you will probably have to remove this auditor from the engagement and replace him with another auditor.

As auditors, we sell our credible, objective, high integrity opinions  andconclusions about an audit subject.

Borrowing from the later discussion on independence in chapter 3:

3.22     Auditors and audit organizations maintain independence so that their opinions, findings, conclusions, judgments, and recommendations will be impartial and viewed as impartial by reasonable and informed third parties. 

3.19     Auditors and audit organizations should avoid situations that could lead reasonable and informed third parties to conclude that the auditors and audit organizations are not independent and thus are not capable of exercising objective and impartial judgment on all issues associated with conducting the engagement and reporting on the work. 

Independence

Did you notice how many times the words independence and objectivity showed up in the ethics requirements? Independenceis one of the most complicated and granular standards in the Yellow Book clocking, in at almost 30 pages of text!

I am going to summarize the major requirements of the Yellow Book regarding independence. But as you know, summaries leave out details that might be important to you. So please at least scan Chapter 3 to make sure you have applied the independence standards to your specific situation.

The GAO Isn’t Empathetic When It Comes to Independence

The GAO, a legislative auditor, is in a rare situation; they are truly independent. They can say whatever needs to be said and not suffer any consequences because they are funded by and report directly to Congress, not the federal agencies that they audit.

The GAO did not set out to have anythingto do with internal or external auditors. They wrote the Yellow Book for themselves. But over the decades, through a series of laws and regulations, they became responsible for groups of folks for whom they seem to have little empathy because both internal auditors and external auditors have inherent independence challenges. Internal auditors are employees of the entity they audit and attend the same holiday parties as their auditees. External auditors are contractors who are paid by the auditee, and if they don’t make the auditee happy, they don’t get to keep the gig during the next audit cycle.

For the last few decades, the GAO has been working with mixed success to clarify and strengthen the auditor independence standards so that all government auditors are working with the highest level of objectivity and integrity. Along the way, they decided that going their own way with the standards confused CPAs in public practice. So, they adopted the AICPA rules for independence and added a few significant modifications. The AICPA invented something called the “conceptual framework” for evaluating auditor independence, which I will explain shortly.

The Bottom Line of Auditor Independence

The essential steps the GAO wants you to go through if you encounter an independence threat are:

  1. apply the conceptual framework when you encounter a threat
  2. document your application of the conceptual framework
  3. if the threat involves you performing a non-auditservice, make sure the client has SKE
  4. document the client’s SKE
  5. have the client agree they are responsible for the results of the non-audit service
  6. document this understanding with the client in writing

Let’s go through each step.

Apply the Conceptual Framework

The AICPA uses a decision process for evaluating independence that they call the “conceptual framework.” Typical of the AICPA, they make something very straightforward sound complex and involved. You know, something only a well-paid, CPA-typeprofessional can implement!

I am not intimidated or wowed by their conceptual framework, and you shouldn’t be either. It is simply putting fancy terminology around the way all humans make decisions. First, we understand our options, then we decide what is important to us, and then we choose. But since you have to use the conceptual framework, it would be good for you to use the exact language the AICPA and GAO use:

3.27     Auditors should apply the conceptual framework at the audit organization, engagement team, and individual auditor levels to 

1.identify threats to independence; 

2.evaluate the significance of the threats identified, both individually and in the aggregate; and 

3.apply safeguards as necessary to eliminate the threats or reduce them to an acceptable level. 

Let’s think through the conceptual framework in more personal terms before we take on an audit example. Let’s talk about the decision process you go through when dating!

Step 1 of the Conceptual Framework: Identify Threats

In dating terms, identifying threats means spending time with your intended to find out more about them and identify potential relationship killers or aspects of their personality, habits, or baggage that could cause you future misery. Maybe he is way too close to his mother, or his ex-wife is extremely hard to handle, or his football/golf/hunting/fishing hobby is likely to leave you on your own most weekends.

Step 2 of the Conceptual Framework: Evaluate the Significance of the Threats Identified, Both Individually and in the Aggregate

In dating terms, this means you now need to figure out whether you can actually tolerate being left alone most weekends. Maybe you like to be alone, so you can shop, spend time with friends, or volunteer. But if his mother’s constant visits and calls are unwanted, his ex-wife’s picture is still on his mantle, and he spent the last three weekends getting sunburned and drunk at the golf course, this is what the AICPA calls “threats in the aggregate.”

Step 3 of the Conceptual Framework: Apply Safeguards as Necessary to Eliminate the Threats or Reduce Them to an Acceptable Level

In dating terms, this might mean breaking up, finding a new supportive social structure, agreeing to limits on his hobby, or moving to another country without phone or internet service to escape his mother.

Not exactly rocket science, huh? Conceptual framework… PLEASE!

The GAO just adds to the aura of complexity by coming up with a diagram in the appendix. I can tell when people have gotten a bit too granular when I see two things: a key that explains acronyms and terminology and/or a flowchart. When auditors feel the need to add a key that explains acronyms and technical terms to the back cover of their report, they mistakenly assume their readers care enough to actually use it to read their complex report! The same is true when they have to draw a flowchart similar to the following:

GAGAS chart

Trifecta Step #1 – Identify Threats

Let’s start by looking at the list of threats: conceptual framework step #1.

3.30     Auditors should evaluate the following broad categories of threats to independence when applying the GAGAS conceptual framework: 

1.Self-interest threat: The threat that a financial or other interest will inappropriately influence an auditor’s judgment or behavior. 
2.Self-review threat: The threat that an auditor or audit organization that has provided nonauditservices will not appropriately evaluate the results of previous judgments made or services provided as part of the nonauditservices when forming a judgment significant to a GAGAS engagement. 
3.Bias threat: The threat that an auditor will, as a result of political, ideological, social, or other convictions, take a position that is not objective. 
4.Familiarity threat: The threat that aspects of a relationship with management or personnel of an audited entity, such as a close or long relationship, or that of an immediate or close family member, will lead an auditor to take a position that is not objective. 
5.Undue influence threat: The threat that influences or pressures from sources external to the audit organization will affect an auditor’s ability to make objective judgments. 
6.Management participation threat: The threat that results from an auditor’s taking on the role of management or otherwise performing management functions on behalf of the audited entity, which will lead an auditor to take a position that is not objective. 
7.Structural threat: The threat that an audit organization’s placement within a government entity, in combination with the structure of the government entity being audited, will affect the audit organization’s ability to perform work and report results with integrity.

3.38     Examples of circumstances that create self-interest threats for an auditor follow: 

a.   An audit organization having undue dependence on income from a particular audited entity. 
b.   A member of the audit team entering into employment negotiations with an audited entity.
c.   An audit organization discovering a significant error when evaluating the results of a previous professional service provided by the audit organization. 
d.   A member of the audit team having a direct financial interest in the audited entity. However, this would not preclude auditors from auditing pension plans that they participate in if (1) the auditors have no control over the investment strategy, benefits, or other management issues associated with the pension plan and (2) the auditors belong to such pension plan as part of their employment with the audit organization or prior employment with the audited entity, provided that the plan is normally offered to all employees in equivalent employment positions. 

3.39     Examples of circumstances that create self-review threats for an auditor follow: 

1.An audit organization issuing a report on the effectiveness of the operation of financial or performance management systems after designing or implementing the systems. 
2.An audit organization having prepared the original data used to generate records that are the subject matter of the engagement. 
3.An audit organization providing a service for an audited entity that directly affects the subject matter information of the engagement. 
4.A member of the engagement team being, or havingrecently been, employed by the audited entity in a position to exert significant influence over the subject matter of the engagement. 

3.40     Examples of circumstances that create bias threats for an auditor follow: 

1.A member of the engagement team having preconceptions about the objectives of a program under audit that arestrong enough to affect the auditor’s objectivity. 
2.A member of the engagement team having biases associated with political, ideological, or social convictions that result from membership or employment in, or loyalty to, a particular type of policy, group, entity, or level of government that could affect the auditor’s objectivity. 

3.41     Examples of circumstances that create familiarity threats for an auditor follow: 

a.   A member of the engagement team having a close or immediate family member who is a principal or senior manager of the audited entity. 
b.   A member of the engagement team having a close or immediate family member who is an employee of the audited entity and is in a position to exert significant influence over the subject matter of the engagement. 
c.   A principal or employee of the audited entity having recently served on the engagement team in a position to exert significant influence over the subject matter of the engagement. 
d. An auditor accepting gifts or preferential treatment from an audited entity, unless the value is trivial or inconsequential. 
e. Senior engagement personnel having a long association with the audited entity. 

3.42     Examples of circumstances that create undue influence threats for an auditor or audit organization include existence of the following: 

a.   External interference or influence that could improperly limit or modify the scope of an engagement or threaten to do so, including exerting pressure to inappropriately reduce the extent of work performed in order to reduce costs or fees. 
b.   External interference with the selection or application of engagement procedures or in the selection of transactions to be examined. 
c.   Unreasonable restrictions on the time allowed to complete an engagement or issue the report.
d.   External interference over assignment, appointment, compensation, and promotion. 
e.    Restrictions on funds or other resources provided to the audit organization that adversely affect the audit organization’s ability to carry out its responsibilities. 
f.    Authority to overrule or to inappropriately influence the auditors’ judgment as to the appropriate content of the report. 
g.   Threat of replacing the auditor or the audit organization based on a disagreement with the contents of an audit report, the auditors’ conclusions, or the application of an accounting principle or other criteria. 
h.   Influences that jeopardize the auditors’ continued employment for reasons other than incompetence, misconduct, or the audited entity’s need for GAGAS engagements. 

3.43     Examples of circumstances that create management participation threats for an auditor follow: 

1.A member of the engagement team being, or having recently been, a principal or senior manager of the audited entity. 
2.An auditor serving as a voting member of an entity’s management committee or board of directors, making policy decisions that affect future direction and operation of an entity’s programs, supervising entity employees, developing or approving programmaticpolicy, authorizing an entity’s transactions, or maintaining custody of an entity’s assets. 
3.An auditor or audit organization recommending a single individual for a specific position that is key to the audited entity or program under audit, or otherwise ranking or influencing management’s selection of the candidate. 
4.An auditor preparing management’s corrective action plan to deal with deficiencies detected in the engagement. 

3.44     Examples of circumstances that create structural threats for an auditor follow: 

1.For both external and internal audit organizations, structural placement of the audit function within the reporting line of the areas under audit. 
2.For internal audit organizations, administrativedirection from the audited entity’s management. 

By the way, performing a non-audit service in addition to your audit is automatically a threat.

Conceptual Framework Step #2 – Evaluate the Significance of the Threat

Did you see yourself inStep 1? If so, proceed to the conceptual framework/trifecta step #2 evaluating the significance of the threat. Whether a threat is a big deal or not is entirely up to your judgment, even though the standard does ask you to imagine a hypothetical judge – the classic “objective third party with knowledge of relevant facts.”

3.46     When evaluating threats to independence, an acceptable level is a level at which a reasonable and informed third party would likely conclude that the audit organization or auditor is independent. The concept of a reasonable and informed third party is a test that involves an evaluation by a hypothetical person. Such a person possesses skills, knowledge, and experience to objectively evaluate the appropriateness of the auditor’s judgments and conclusions. This evaluation entails weighing all the relevant facts and circumstances, including any safeguards applied, that the auditor knows, or could reasonably be expected to know, at the time that the evaluation is made. 

Conceptual Framework Step #3 – Apply Safeguards

If you decide that you or the imaginary third party believes these threats to be significant, you move on to conceptual framework/trifecta step #3: apply safeguards:

3.49     Safeguards are actions or other measures, individually or in combination, that auditors and audit organizations take that effectively eliminate threats to independence or reduce them to an acceptable level. Safeguards vary depending on the facts and circumstances. 

3.50     Examples of safeguards include 

a.   consulting an independent third party, such as a professional organization, a professional regulatory body, or another auditor to discuss engagement issues or assess issues that are highly technical or that require significant judgment; 
b.   involving another audit organization to perform or re-perform part of the engagement; 
c.   having an auditor who was not a member of the engagement team review the work performed; and 
d.   removing an auditor from an engagement team when that auditor’s financial or other interests or relationships pose a threat to independence. 

3.69     The following are examples of actions that in certain circumstances could be safeguards in addressing threats to independence related to nonauditservices: 

a.   not including individuals who provided the nonauditservice as engagement team members; 
b.   having another auditor, not associated with the engagement, review the engagement and nonauditwork as appropriate; 
c.   engaging another audit organization to evaluate the results of the nonauditservice; or 
d.   having another audit organization re-perform the nonauditservice to the extent necessary to enable that other audit organization to take responsibility for the service. 

And, typical of a Yellow Book audit standard, you don’t get to just go through the process in your head. You get to document your reasoning process, too. Yes, you will need another memo!

After applying the conceptual framework, you might be just fine. If you have a threat, you put a safeguard in place and go on your merry way. But if the nature of your threat is caused because you are taking on a non-audit service, a handful of additional requirements apply.

What Is a Nonaudit Service?

A non-audit service is almost anything that you do for the auditee that isn’t an audit. Examples include helping them document internal controls, monitoring transactions on their behalf, or creating financial statements.

Non-audit services are called “consulting services” by other standards. For instance, the IIA divides their standards up into two main pieces, assurance standards andconsulting standards. And the IIA encourages internal auditors to perform consulting engagements in order to add value to their organization.

The GAO wishes you would just stick with auditing and let someone else provide consulting services because they believe that consulting services have an impact on your auditor independence. To make auditors think twice about taking on consulting services (non-audit services), the GAO requires that the client has skills, knowledge, and experience (SKE) and that the client takes responsibility for the product of the non-audit service in writing.

SKE

The GAO wants to make sure that the client is sophisticated enough to tell if the auditor made a mistake with the product of their consulting service. Pay close attention to a new sentence at the bottom of 3.79 (bolding added).

3.73     Before auditors agree to provide nonauditservices to an audited entity that the audited entity’s management requested and that could create a threat to independence, either by themselves or in aggregate with other nonauditservices provided, with respect to any GAGAS engagement they conduct, auditors should determine that the audited entity has designated an individual who possesses suitable skill, knowledge, or experience and that the individual understands the services to be provided sufficiently to oversee them. 

3.74     Auditors should document consideration of management’s ability to effectively oversee nonauditservices to be provided. 

3.75     In cases where the audited entity is unable or unwilling to assume these responsibilities (for example, the audited entity does not have an individual with suitable skill, knowledge, or experience to oversee the nonauditservices provided, or is unwilling to perform such functions because of lack of time or desire), auditors should conclude that the provision of these services is an impairment to independence. 

3.79     A critical component of determining whether a threat to independence exists is consideration of management’s ability to effectively oversee the nonauditservice to be provided. Although the responsible individual in management is required to have sufficient expertise to oversee the nonauditservices, management is not required to possess the expertise to perform or re-perform the services. However, indicators of management’s ability to effectively oversee the nonauditservice include management’s ability to determine the reasonableness of the results of the nonauditservices provided and to recognize a material error, omission, or misstatement in the results of the nonauditservices provided. 

ClientMust Take Responsibility in Writing

Once you have documented your application of the conceptual framework, applied safeguards, and decided and documented that the client has SKE, you now create a letter of agreement with the client stating that the client is responsible for the results of the non-audit service.

3.76     Auditors providing nonauditservices to audited entities should obtain agreement from audited entity management that audited entity management performs the following functions in connection with the nonauditservices: 

1.assumes all management responsibilities; 
2.oversees the services, by designating an individual, preferably within senior management, who possesses suitable skill, knowledge, or experience; 
3.evaluates the adequacy and results of the services provided; and
4.accepts responsibility for the results of the services. 

The Bottom Line of Auditor Independence: A Review

Again, I recommend that you read the independence section of the Yellow Book yourselfbecause as I summarize and simplify the standard, I naturally have to leave some detail out that might be pertinent to you!  Here again is the bottom line:

  1. apply the conceptual framework when you encounter a threat
  2. document your application of the conceptual framework
  3. if the threat involves a non-audit service, make sure the client has SKE
  4. document the client’s SKE
  5. have the client agree they are responsible for the results of the non-audit service
  6. document this understanding with the client in writing

Notice three levels of documentation: the application of the conceptual framework, the proof of SKE, and the letter assigning responsibility for the subject matter to the client.

Specifically Addressed Non-Audit Services

The GAO knows that auditors are still performing non-audit services, regardless of the GAO’s disdain for them and their repeated warnings. And they also know of a handful of non-audit services that are performed pretty regularly. I want to mention two of thembecause I see these non-audit services being performed quite often myself. One is continuous monitoring and the other is financial statement preparation.

Continuous Monitoring as a Non-Audit Service

Continuous monitoring is always a hot topic at IIA conferences. Continuous monitoring technology allows managers to watch transactions and controls in real time to identify outliers and correct errors or even fraud promptly. But, in a list of non-auditservices that impair auditor independence, the GAO specifically prohibits the auditor from performing internal control monitoring on behalf of the client.

3.97     Auditors should conclude that providing or supervising ongoing monitoring procedures over an entity’s system of internal control impairs independence because the management participation threat created is so significant that no safeguards could reduce the threat to an acceptable level. 

Creating the Financial Statements

The GAO also specifically addresses this non-audit service, and although it does not firmly prohibit auditors from both creating the subject matter of the audit (the financial statements) and opiningon the same subject matter, they do make the auditor think and rethink his or her decision to proceed.

Relevant clauses regarding preparing the financial statements include the following:

3.87     Auditors should conclude that the following services involving preparation of accounting records impair independence with respect to an audited entity: 

1.determining or changing journal entries, account codes or classifications for transactions, or other accounting records for the entity without obtaining management’s approval; 
2.authorizing or approving the entity’s transactions; and 
3.preparing or making changes to source documents without management approval. 

3.88     Auditors should conclude that preparing financial statements in their entirety from a client-provided trial balance or underlying accounting records creates significant threats to auditors’ independence, and should document the threats and safeguards applied to eliminate and reduce threats to an acceptable level in accordance with paragraph 3.33 or decline to provide the services. 

3.89     Auditors should identify as threats to independence any services related to preparing accounting records and financial statements, other than those defined as impairments to independence in paragraph 3.87 and significant threats in paragraph 3.88. These services include 

1.recording transactions for which management has determined or approved the appropriate account classification, or posting coded transactions to an audited entity’s general ledger; 
2.preparing certain line items or sections of the financial statements based on information in the trial balance; 
3. posting entries that an audited entity’s management has approved to the entity’s trial balance; and
4. preparing account reconciliations that identify reconciling items for the audited entity management’s evaluation. 

3.90     Auditors should evaluate the significance of threats to independence created by providing any services discussed in paragraph 3.89 and should document the evaluation of the significance of such threats

So, although the GAO does not expressly prevent auditors from both preparing and auditing the financial statements, the GAO puts up as many barriers as they can:

Barrier # 1: The auditor must identify the preparation of the financials as a threat and apply appropriate safeguards.

Barrier # 2. The auditor must document their rationale that the threat has been mitigated through safeguards or decline the engagement.

Barrier # 3. The auditor must determine that the client has the skills, knowledge, andexperience to be able to tell if the auditor made a mistake in the financials and document that rationale

Barrier #4. The client must take responsibilities for the financials in writing.

That’s enough to keep me away from preparing and auditing the financial statements. How about you?

Professional Judgment

Professional judgment is one of the least specific Yellow Book standards. It is similar to the warning that your mother would give you when you were going out to play, “Be careful!”

Now if mom had given me specific instructions, like “Don’t play in the street,” I would know what she expected of me. But, “Be careful!”? How does a five-year-old know what “careful” looks like? That is similar to what we read in the professional judgment standard. The GAO cautions us to apply professional judgment but then never defines the term. Instead,they offer this explanation:

3.110    Professional judgment includes exercising reasonable care and professional skepticism. 

Yep, sounds like your mama, “Be reasonable, girl! Take care, girl! And don’t let anyone pull the wool over your eyes! It is a wicked world out there.”

Maybe I will show my kids this explanation of professional skepticism some day:

3.110    Attributes of professional skepticism include a questioning mind, awareness of conditions that may indicate possible misstatement owing to error or fraud, and a critical assessment of evidence. Professional skepticism includes being alert to, for example, evidence that contradicts other evidence obtained or information that brings into question the reliability of documents or responses to inquiries to be used as evidence. Further, it includes a mindset in which auditors assume that management is neither dishonest nor of unquestioned honesty. Auditors may accept records and documents as genuine unless they have reason to believe the contrary. Auditors may consider documenting procedures undertaken to support their application of professional skepticism in highly judgmental or subjective areas under audit. 

Maybe that explanation will keep both my kids and us auditors out of trouble.

In the next chapter, we introduce the competency standard. And thoughtfully, the GAO has provided a nice segue for to the topic of competence at the end of Chapter 3:

3.111    Using the auditor’s professional knowledge, skills, and abilities, in good faith and with integrity, to diligently gather information andobjectivelyevaluate the sufficiency and appropriateness of evidence is a critical component of GAGAS engagements. Professional judgment and competence are interrelated because judgments made depend upon the auditor’s competence, as discussed in chapter 4. 

The 2018 Yellow Book is OUT!

The GAO issued the 2018 version of Generally Accepted Government Auditing Standards Tuesday.

Find the online version here: https://www.gao.gov/assets/700/693136.pdf.

Find an audio summary of the changes to the standards here: https://www.gao.gov/multimedia/podcast/692926

I suggest you scan chapter 4 and specifically section 4.16 to make sure you are compliant with the CPE requirements.

Also notice that the GAO has defined the roles of a supervisor and a reviewer inside the quality control chapter in sections 5.36-5.40.

And that the Green Book (Standards for Internal Control in the Federal Government) are mentioned several times in the document: 4.23, 6.30, 7.32, 8.41 & 8.130.

I’ll get back to you soon with a more thorough analysis of the changes and what they mean for you.

Stay cool!

What is an auditor?

Please enjoy this first chapter of self-study book Essential Skills for Government Auditor  available on YellowBook-CPE.com.

So here you are, an auditor. No other job title is more likely to be a conversation stopper at a dinner party.  No one likes to be audited.

But auditors do have an important role to play because, unfortunately, government leaders can’t trust program managers when they say, “Everything here is fine.  Don’t worry about us!” Government leaders and citizens do worry and want assurance from someone they can trust that everything is going well.  The auditor is that professional whom the leaders and the citizens can trust.

One definition of auditor is:  An independent professional who evaluates a subject matter against agreed-upon criteria.

This definition has several important components: independence, subject matter, and criteria.  Let’s look at each of those components in turn.

Independence

Auditors must be independent of their clients and the subject matter they are auditing.  But who are these clients?

The Government Accountability Office (GAO), the federal audit organization that writes the governmental auditing standards (a.k.a. the Yellow Book) has a very broad definition of client.  The GAO says, “A distinguishing mark of an auditor is acceptance of responsibility to serve the public interest.” And they define public interest as “the collective well-being of the community and entities the auditors serve.”  Did you know you had such a noble job?

CPAs are held to the same standard. They are certified “public” accountants after all. They have a primary responsibility to the public and a secondary responsibility to their audit client.

Clients in the government realm include management of the auditee, governing bodies, oversight bodies, special interest groups, other citizens, and the people who actually benefit from the government’s services.

If you think about it, auditors are often the only professionals involved in an organization or in a program who can comfortably speak the truth because they are, hopefully, shielded from backlash because they are independent.

GAGAS (Yellow Book) 20113.04     Auditors and audit organizations maintain independenceso that their opinions, findings, conclusions, judgments, and recommendations will be impartial and viewed as impartial by reasonable and informed third parties. Auditors should avoid situations that could lead reasonable and informed third parties to conclude that the auditors are not independent and thus are not capable of exercising objectiveand impartial judgment on all issues associated with conducting the audit and reporting on the work.

The recipients of governmental funds aren’t likely to uncover their own risks or highlight their own weaknesses because they could lose their funding. And the oversight bodies might be so far removed from the program that they don’t have a sense of what is really happening.

You can make quite a difference in an organization. The GAO’s Yellow Book says that you are “essential to the nation’s governing process!” Wow, that is quite a responsibility!

Consulting vs. Auditing

Some professionals who call themselves auditors are actually consultants. They help the client implement systems or spend months working to help the client with a technical issue. Consultants are allowed to get involved in the day-to-day operations of a department.

The Institute of Internal Auditors (one of the standard setting bodies that I will explain further in the next chapter) encourages consulting and has created consulting standards for their members.

The Government Accountability Office (GAO) calls consulting by another name, “non-audit services,” and puts up numerous barriers to prevent auditors from also serving as consultants. The GAO believes that you cannot both consult regarding an audit subject matter and later serve as objective, independent evaluator of the same subject matter.

In this text, our focus will be on auditing and auditing standards.

Subject matter and criteria

Auditors opine or conclude on whether a subject matter meets a certain criteria.

All auditors struggle to keep their audits limited in size and scope. It is extremely easy to create monstrous projects that are hard to reign in and report on.

In response to this struggle, most audit standards require that you develop a finite objective and scope for each engagement.   Imbedded in the audit objective are the audit subject and the criteria the auditor will use to evaluate the audit subject.

The GAO has this to say about the audit objective and scope in the Yellow Book:

GAGAS6.08The objectives are what the audit is intended to accomplish. They identify the audit subject matter and performance aspects to be included, and may also include the potential findings and reporting elements that the auditors expect to develop. Audit objectives can be thought of as questions about the program that the auditors seek to answer based on evidence obtained and assessed against criteria. The term “program” is used in GAGAS to include government entities, organizations, programs, activities, and functions.GAGAS 6.09

Scope is the boundary of the audit and is directly tied to the audit objectives. The scope defines the subject matter that the auditors will assess and report on, such as a particular program or aspect of a program, the necessary documents or records, the period of time reviewed, and the locations that will be included.

The objective and scope define what the project is, as well as what it is not. Objectives are assessed against agreed upon criteria, which are benchmarks established by law, governing organizations, or company policies and procedures. (For more on criteria, read Chapter 6.)

To satisfy the audit objective, you will gather and document audit evidence.  The techniques that you use to gather evidence are called audit methodologies.

6.10     The methodology describes the nature and extent of audit procedures for gathering and analyzing evidence to address the audit objectives. Audit procedures are the specific steps and tests auditors perform to address the audit objectives. Auditors should design the methodology to obtain reasonable assurance that the evidence is sufficient and appropriate to support the auditors’ findings and conclusions in relation to the audit objectives and to reduce audit risk to an acceptable level.

All three of these elements – the objective, scope, and methodology – are essential to describe what you seek to accomplish on the audit. (For more on methodology, see Chapter 15.)   The GAO requires that auditors both document these three defining elements in the working papers and disclose them in the audit report.

Audit deliverables

As Stephen Covey says, you should begin with the end in mind.  So before we dig in to the steps of conducting an audit, let’s look at what you will have when you are all done.  Auditors create three deliverables from an audit project:

  • The answer to the audit objective – called either an audit conclusion or an audit opinion
  • Findings – issues that the auditor would like to see addressed or corrected by the client
  • Working papers –documentation of the evidence the auditor gathered to support the conclusions and the findings.

If you are following GAO’s audit standards (The Yellow Book) for performance audits, you must put this promise – word for word – in your audit report:

7.30     We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.

As you seek to satisfy your audit objectives, you will gather evidence using audit methodologies.  Some auditors call audit methodologies audit tests or audit program steps.  The results of applying these methodologies must be documented.

6.79     Auditors must prepare audit documentation related to planning, conducting, and reporting for each audit. Auditors should prepare audit documentation in sufficient detail to enable an experienced auditor, having no previous connection to the audit, to understand from the audit documentation the nature, timing, extent, and results of audit procedures performed, the audit evidence obtained and its source and the conclusions reached, including evidence that supports the auditors’ significant judgments and conclusions. An experienced auditor means an individual (whether internal or external to the audit organization) who possesses the competencies and skills that would have enabled him or her to conduct the performance audit. These competencies and skills include an understanding of (1) the performance audit processes, (2) GAGAS and applicable legal and regulatory requirements, (3) the subject matter associated with achieving the audit objectives, and (4) issues related to the audited entity’s environment.6.80     Auditors should prepare audit documentation that contains evidence that supports the findings, conclusions, and recommendations before they issue their report.

Questions auditors answer

In order to give the client assurance regarding an audit subject, you must answer questions that naturally arise as you seek the answer to your audit objective.

Notice that these questions assume that something is wrong.  Auditors tend to think that way!  Because of time constraints, auditors focus on risks, negative events, and the issues that need fixing instead of proving the good that occurs in an organization.  In that way, auditors are like journalists.

  1. What is the current state of affairs? (condition)
  2. What should be the current state of affairs? (criteria)
  3. What has caused the current state of affairs? (cause)
  4. Why is the current state of affairs undesirable? (effect)
  5. What should be done to correct the current state of affairs? (recommendation)

You will see these questions used in later chapters and referred to as the “elements of a finding.” Auditors following IIA & GAO standards use them to write audit findings when they find something that needs to be corrected, such as an internal control weakness, non-compliance, fraud, and/or abuse.

What I hope to do in this text is show you the steps auditors follow to create their three main deliverables (the conclusion/opinion, the findings, and the audit documentation) as well as give you the tools to answer these questions for your clients.

Let’s tweak that definition of an auditor

Now that we have discussed independence, audit subject matter, audit criteria, and audit deliverables, we should tweak our definition of an auditor. We began the chapter with this definition: An independent professional who evaluates a subject matter against agreed-upon criteria.

Please allow me to enhance it a bit based on what we just read: An auditor is an independent professional who concludes whether a subject matter meets an agreed upon criteria by gathering evidence through performing custom-designed audit methodologies.  Aren’t you glad I didn’t start with that?

Yellow Book Ethics

Enjoy this excerpt from the self-study text: The Yellow Book Interpreted which qualifies for 15 hours of CPE.

 

The GAO has a few things to say about a government auditor’s ethical responsibilities and, thus, added a large section on ethics to the 2007 revision of the Yellow Book.  The same ethical principles appear in the 2017 exposure draft.

Themes of GAGAS
GAGAS is a very high-minded document.  And, in order to understand the GAO’s perspective on ethics, we need to talk about three themes of the Yellow Book that kick off the first chapter of the standards.

These three themes — accountability, transparency, and service -­- put us in the right frame of mind when auditing in the government environment.

Accountability
What is accountability? I had heard the term tossed around the government so frequently that I never even thought about its meaning.  Now I know that accountability does not mean that you got it right. It just means that you take ownership of it.

I met a cowboy auditor in West Texas who said, “You might be right or you might be wrong, but you’d better the hell document it.”  That sums up accountability quite nicely.  When things go bad, you are there to say, “Yes, that was me.  I’m sorry.”  When things go well, you can keep your job.

Recently on CNN, I saw a high school coach who was responsible for the death of one of his teenage football players.  And instead of being contrite, he said something like, “Everyone is forgetting that I suffered a loss, too, and that I will hold on to this for the rest of my life.”  That is not exactly what the parents of that boy wanted to hear. He deflected accountability and tried to engender empathy for himself.  I doubt that will serve him well in his community.

The GAO repeatedly reminds us that we are accountable to the taxpaying public for our actions and that we, as auditors, have a role in holding government leaders accountable.

1.01      The concept of accountability for use of public resources and government authority is key to our nation’s governing processes.

1.03     Government auditing is essential in providing accountability to legislators, oversight bodies, those charged with governance, and the public. Audits provide an independent, objective, nonpartisan assessment of the stewardship, performance, or cost of government policies, programs, or operations, depending upon the type and scope of the audit.

One of the tough things about the GAO standards is they are not written for government officials (although government officials are mentioned a few times); they are written as standards for auditors.  So, while we hold public officials and employees accountable for their actions, we are accountable for our actions, too.

Transparency
Actions and information that is transparent is open for everyone’s inspection and review.

1.05     Audits performed in accordance with GAGAS provide information used for oversight, accountability, transparency, and improvements of government programs and operations. GAGAS contains requirements and guidance to assist auditors in objectively acquiring and evaluating sufficient, appropriate evidence and reporting the results. When auditors perform their work in this manner and comply with GAGAS in reporting the results, their work can lead to improved government management, better decision making and oversight, effective and efficient operations, and accountability and transparency for resources and results.

The state of Texas has put every single transaction online – LIVE— and rates the transparency of local government as well.  I can, with a few clicks of the mouse, see that the Texas Department of Transportation bought a van, how much the van was, who they bought it from, why they need it, and what color of funds (general revenue, special revenue, enterprise revenues) paid for it.

Why?  Because citizens own the government, and we have a right to know.  Google “windows on Texas state government” to start your own exploration.

Service
If you audit Hurst Construction, your ultimate audience for the audit report is Mr. Hurst, his board of directors, and the bank.  But, if you audit a public housing project, your ultimate clients are not the managers of the project, the boards of directors, or the banks.  Your ultimate beneficiaries of the report are not even the grantors.  The ultimate beneficiaries of your work are the low-income children who live in the housing project.

We have to remember, as governmental auditors, that we are checking to see whether tax dollars are being used for their intended purpose and whether the public is being served by our auditee’s efforts.

1.16      A distinguishing mark of an auditor is acceptance of responsibility to serve the public interest. This responsibility is critical when auditing in the government environment. GAGAS embodies the concept of accountability for public resources, which is fundamental to serving the public interest.

We hold our clients to a higher standard of behavior than we do in the commercial sector. While it was OK for AIG to go on a lavish $500,000 spa junket before the US taxpayers bailed them out, it certainly was not OK after the bailout.

Later, we will see that the GAO asks you to report even more bad behaviors than the AICPA does.  If Mr. Hurst wants to put his jet-setting, never-worked-a-day-in–their-life kids on the payroll, more power to him. Auditors in the commercial realm do not have a responsibility to say anything about that. But in the government realm, we call that abuse, and we do have a responsibility to report it.  We’ll discuss more about abuse later.

Five main sections of the ethics section
The ethics discussion is divided into five main principles:

a.   The public interest
b.   Integrity
c.   Objectivity
d.   Proper use of government information, resources, and position
e.    Professional behavior

Let’s discuss each one in turn.

The public interest 
A city auditor once told me that he sees a higher purpose in his work.  It is his job to make sure that the monies collected by the city are turned back to support those who need services and who may not have a voice in the government.  He works on the citizens’ behalf, and because of this higher purpose, he doesn’t care whether he makes his auditees upset with his reports.  Now that is integrity!

1.15      The public interest is defined as the collective well-being of the community of people and entities the auditors serve. Observing integrity, objectivity, and independence in discharging their professional responsibilities assists auditors in meeting the principle of serving the public interest and honoring the public trust. The principle of the public interest is fundamental to the responsibilities of auditors and critical in the government environment.

In my business I transfer in and out of two worlds – the government world and the commercial world – and indeed they are different.

An auditor from the GAO made the distinction between the two by saying that in the commercial world fortunes are made by doing what is not expressly prohibited; in the government world action won’t be taken unless it is expressly permitted.

Commercial entities do not seek transparency.  At the Apple corporate headquarters store, they sell a T-Shirt that says, “I visited the Apple Corporate Offices in Cupertino… and that is all I can say about it.”

But government auditors must shine light in dark places in order to serve their customer, the public.  And taxpayers get very, very upset if even a tiny bit of their hard-earned tax dollars are squandered.

Not long ago, I was helping a government employee retirement system develop a training event. Afterwards, to celebrate our success, we all went out to a first-rate steakhouse in Dallas – you know the type, where you pay $45 for an à la carte steak. We had wine and appetizers, and one guy ordered a $35 brandy. I was very uncomfortable. I thought that if any of their members walked in and recognized them as the folks in charge of their retirement funds, the retirement system would have a lot of explaining to do. The retirees don’t want their money squandered on high living for government employees!

If you work for a corporation, go ahead and enjoy the perks and the luxuries. But when you work for government, don’t be surprised if you can’t even get a cup of coffee!

Integrity & Objectivity
Many seasoned professionals have told me that they believe that auditor independence is an unattainable ideal; an external auditor’s independence is compromised when the auditee writes a check to pay the auditor’s fee and an internal auditor takes a salary from the entity they audit. They argue, that at best, an auditor can provide an objective viewpoint and maintain integrity by making sure that external pressures do not force them to cover up the truth.

Later in this text, when we examine the GAO’s guidance for independence, the concepts of integrity and objectivity introduced here in the ethics chapter are raised again.

Both the integrity and objectivity sections of the ethics chapter of the Yellow Book mention auditor independence and freedom from political or ideological bias.

Integrity
1.17      Public confidence in government is maintained and strengthened by auditors performing their professional responsibilities with integrity. Integrity includes auditors conducting their work with an attitude that is objective, fact-based, nonpartisan, and nonideological with regard to audited entities and users of the auditors’ reports… 

1.18      … In discharging their professional responsibilities, auditors may encounter conflicting pressures from management of the audited entity, various levels of government, and other likely users. Auditors may also encounter pressures to inappropriately achieve personal or organizational gain. In resolving those conflicts and pressures, acting with integrity means that auditors place priority on their responsibilities to the public interest.

Objectivity
1.19      The credibility of auditing in the government sector is based on auditors’ objectivity in discharging their professional responsibilities. Objectivity includes independence of mind and appearance when providing audits, maintaining an attitude of impartiality, having intellectual honesty, and being free of conflicts of interest…The concepts of objectivity and independence are closely related…

Proper use of government information, resources, and position
A professor at UT Arlington teaches ethics and leadership to government leaders in Romania. He develops case studies for them to ponder each week.

One case study asked the students to discuss the ethical dilemma posed when a mayor used city employees to build a brick barbecue pit in his backyard – clearly an improper use of government resources. The professor didn’t hear back from his students in Romania for a month.

After several Skype conversations, the Romanians finally admitted that they just didn’t understand the ethical issue in the scenario. Using the labor of government employees for personal benefit is one of the perks of being a government leader in Romania! That professor has a lot of work to do!

1.20     Government information, resources, and positions are to be used for official purposes and not inappropriately for the auditor’s personal gain or in a manner contrary to law or detrimental to the legitimate interests of the audited entity or the audit organization. This concept includes the proper handling of sensitive or classified information or resources.

1.23     Misusing the position of an auditor for financial gain or other benefits violates an auditor’s fundamental responsibilities. An auditor’s credibility can be damaged by actions that could be perceived by an objective third party with knowledge of the relevant information as improperly benefiting an auditor’s personal financial interests or those of an immediate or close family member; a general partner; an organization for which the auditor serves as an officer, director, trustee, or employee; or an organization with which the auditor is negotiating concerning future employment.

Professional behavior
Any behavior that could cause someone to question your professionalism can detract from your credibility. And credibility helps sell audit recommendations.

1.24     High expectations for the auditing profession include compliance with all relevant legal, regulatory, and professional obligations and avoidance of any conduct that might bring discredit to auditors’ work, including actions that would cause an objective third party with knowledge of the relevant information to conclude that the auditors’ work was professionally deficient…

Consider the following true scenario (with a few small changes to protect identities): You are the internal audit director of a large city. You recently hired a new auditor fresh out of college and assigned him to conduct a performance audit of your city’s police department.

Everything has been going well until last week when you saw a photo of him in the local newspaper at the city’s Mardi Gras celebration. He was pictured near the top of a street light without his shirt wearing dozens of bead necklaces. The police stood below and appeared to be yelling at him to come down.

You show him the picture and he becomes immediately defensive and tells you that what he does on his own time is none of your business. He reasoned that he had some college buddies in town and it was natural for him to show them a good time.

This standard on professional behavior does not mention that it applies only to an auditor’s work life. But does this auditor’s behavior during his personal time compromise his credibility with the police force? Yes, indeed!  How is he going to face the officers during an exit conference?

To maintain your shop’s professional image, you will probably have to remove this young auditor from the engagement and replace him with another auditor from your shop.

Auditors are paid for our credible, objective, high integrity opinions and conclusions about an audit subject.  And this young man blew all that away with his antics.

Borrowing from the later discussion on independence in chapter 3:

3.04     Auditors and audit organizations maintain independence so that their opinions, findings, conclusions, judgments, and recommendations will be impartial and viewed as impartial by reasonable and informed third parties. Auditors should avoid situations that could lead reasonable and informed third parties to conclude that the auditors are not independent and thus are not capable of exercising objective and impartial judgment on all issues associated with conducting the audit and reporting on the work.

In our next chapter, we will address the types of audits covered by Yellow Book standards.

Registering for this Webinar - How it works
  1. When you’re ready to register, select the “Register Now” button (at the top-right or bottom-left of this page).
  2. You’ll be taken directly to the secure website of our webinar-distribution partner:  CPA Crossings
  3. Fill out the “Register Online” section of the CPA Crossings page (near the bottom) and then select “Add to Cart”
  4. (Note:  If you want to register multiple attendees on the same purchase, just re-select the webinar and do a separate “Add to Cart” for each, as required.)
  5. After checking out, look for your notification and registration info via email – and mark your calendar to attend the webinar!
×
Stay Up-To-Date

Sign up here to have the lastest from Yellowbook-CPE.com delivered right to your inbox.

Just provide your name and email information below, and as an introductory “Thank You”, you’ll be able to view and download a free copy of our Audit Objectives whitepaper.

* indicates required




×
Stay Up-To-Date

Sign up here to have the latest from Yellowbook-CPE.com delivered right to your inbox.

Just provide your name and email information below, and as an introductory “Thank You”, you’ll be able to view and download a free copy of our Audit Objectives whitepaper.

[newsletters_subscribe list="20"]

×

Login

Lost your password?