Hello Fellow Audit Nerds –
I just finished comparing the 2011 Yellow Book to the 2018 Yellow Book. Here is a list of the changes that caught my eye in the order they appear in the revised edition. This list does not explain the changes – it only points them out. I’ll be writing articles about the more significant changes soon.
But if you want to nerd out for about half-an-hour, you can take the 2018 version of the Yellow Book https://www.gao.gov/assets/
• If you are a financial auditor/single auditor, read any cites that start with 1-6. Pay particular attention to 3.88.
• If you are a performance auditor, read cites that start with 1-5, 8 and 9. Don’t miss sections 8.41-8.58.
• If you care about attestation engagements, read cites starting with 1-5 and 7. Notice the new type of engagement explained at 7.86.
Changes in order of their appearance:
• Listing types of GAGAS users: 1.12
• Changing the language regarding levels of assurance from ‘high level of assurance’ to ‘reasonable assurance’: 1.18a
• Defining terminology: 1.27
• Advising when to modify the GAGAS compliance statement in the audit report: 2.20-2.22
• Adding factors to consider in determining the significance of an independence threat: 3.63 and 3.94
• Listing services provided by government audit organizations that do not create a threat to independence: 3.72
• Adding management’s ability to catch an error to the determination of management’s skill, knowledge, and experience: last sentence of 3.79
• Commanding financial auditors to identify preparing financial statements as a threat to independence: 3.88 & 3.89c and Figure 2
• Pointing out that typing the financial statements is not a threat to independence: 3.95
• Defining the roles of audit team members: 4.09, 4.10
• Reminding auditors to stay up-to-date with GAGAS: last sentence of 4.19
• Exempting non-supervisory auditors who spend less than 40 hours a year on GAGAS engagements from the CPE requirements: 4.26
• Requiring an annual certification of auditor independence: 5.09 and 5.11
• Warning auditors not to accept audits that they don’t have the time or resources to finish: 5.12c, 5.14
• Managing human resources, including guidance on conducting performance evaluations: 5.17-5.21
• Documenting changes to engagement objectives: 5.23
• Handling arguments between team members: 5.24, 5.26h, 5.29-5.32
• Distinguishing between supervision and review of the work performed: 5.36-5.41
• Introducing ‘inspection’ of finished projects as part of monitoring audit quality: 5.47, 5.54, 5.55, 5.56
• Evaluating the effectiveness of staff training by monitors of audit quality: 5.52d
• Acknowledging established peer review programs and layering on additional GAGAS rules: 5.61, 5.65
• Granting latitude in choosing a peer review team: 5.63
• Using peer review risk factors to shape the scope of the peer review: 5.68, 5.70
• Judging whether an organization passes or fails their peer review: 5.37, 5.74, 5.75, 5.76
• Applying additional peer review rules if you aren’t part of an established peer review program: 5.82, 5.83, 5.86-5.88, 5.91e, 5.93-5.95
• Inquiring of management about ongoing investigations or legal proceedings: 6.12, 7.14, 8.27
• Suggesting that the cause of findings is an internal control weakness: 6.18, 6.29, 8.128-8.130
• Justifying the internal control letter on a financial audit: 6.18, 6.29, 6.45-6.46
• Using the Standards for Internal Control in the Federal Government (the Green Book) and COSO model to help find the root cause of findings: 6.30, 8.130
• Downgrading abuse, defining waste
• Abuse is removed from the list of reportable conditions: 6.19, 8.118
• Abuse joins waste as a concern for auditors for which they are not required to apply procedures: 6.20, 8.119
• Waste is defined: 6.21, 8.120
• Making the report on internal controls and compliance on a financial audit available in the same manner as the financial audit opinion: last sentence of 6.43
• Adding a new engagement type (a review of financial statements) to the attestation standards: 7.86-7.93
• Acknowledging that some auditors can’t adjust their audit objectives: 8.09
• Reframing and expanding on a performance auditor’s responsibilities regarding internal controls: 8.41-8.58 and Figure 4
• Integrating the COSO model (Green Book) components and objectives in the text: 8.41, 8.42, 9.30, 9.33
• Reminding performance auditors that assessing the risk of fraud is an ongoing process: 8.72
• Listing fraud indicators: 8.75
• Fraud investigations can become separate projects: 8.76
• Showing internal auditors some love in 8.84, but asking them to address independence in their audit reports in 9.04
• Assessing the validity of evidence provided by management of the auditee: end of paragraph 8.96, 8.97
• Making the performance audit report publically available: 9.60
• Adding to the advice for handling confidential or sensitive information: 9.64
The 2018 revision of Government Auditing Standards is effective for financial audits, attestation engagements, and reviews of financial statements for periods ending on or after June 30, 2020, and for performance audits beginning on or after July 1, 2019. Early implementation is not permitted.
I hope that helps you with your analysis. If you see anything that I missed, please let me know! Write to me at Leita@yellowbook-cpe.com
And if the changes are making you cranky, remember the bigger picture; we are all on a journey to elevate ourselves and our government. I was inspired by this sentence from the Comptroller’s introductory letter on page 1: These standards…provide the foundation for government auditors to lead by example in the areas of independence, transparency, accountability, and quality through the audit process.
Thankfully, the revised format of the Yellow Book puts all ‘must’ and ‘should’ statements in boxes – which makes them very easy to identify! If you want a copy of all of the must and should statements in an Excel spreadsheet, click HERE.
I’ll be covering the more significant changes in my upcoming webinar on August 17.
Have fun leading by example!