CPE for Government Auditors

Introduction to the Yellow Book Interpreted


  • Differentiate between the Yellow Book and other auditing standards
  • Assess whether an engagement requires the use of the Yellow Book
  • Identify the way the Yellow Book is organized

Why do they call it the “Yellow Book”?

The Yellow Book goes by many names:

  • Government Auditing Standards,
  • Generally Accepted Government Audit Standards (GAGAS – I love that one… pronounced “gag us”), and, of course,
  • The Yellow Book.

Legend has it that the original title of the Yellow Book was the “Golden Rule of Government Auditing,” and the cover was supposed to be gold. But when it came back from the printer, the cover was yellow. Whoops! Bye-bye catchy title, hello kitschy title – the Yellow Book. If you ever run across a hard copy, the cover is indeed a sunny yellow. Whether the inside is full of sun will be yours to judge as you read this text!

Why Does the Yellow Book Exist?

The Government Accountability Office (GAO) is the legislative auditor for the federal government. They first published the Yellow Book back in the 1970s as a guide for their own auditors. This is why the Yellow Book exists because the GAO wanted to set an audit standard for itself.

But in 1984, Congress passed a law called the Single Audit Act that made the Yellow Book relevant to a different set of auditors, CPAs in public practice. The Single Audit Act addresses audits of federal grants and requires that the audit be conducted in accordance with Government Auditing Standards. I don’t think the GAO intended to be involved in setting standards for CPAs in public practice. But through the passage of the Act, they were burdened with that responsibility. Subsequent to the Act, several state legislatures passed laws requiring the use of the Yellow Book for audits of governmental entities.

Who might use the Yellow Book on an Audit?

For the first time in 2018, the GAO lists users of the Yellow Book. This list is not comprehensive as it leaves out some of my clients including internal auditors working inside of state agencies and universities, but it is still interesting to see who the GAO thinks it is writing for:

1.12      GAGAS provides standards that are used by a wide range of auditors and audit organizations that audit government entities, entities that receive government awards, and other entities. These auditors and audit organizations may also be subject to additional requirements unique to their environments. Examples of the various types of users who may be required or may elect to use GAGAS include the following: 

Contract auditors: audit organizations that specialize in conducting engagements pertaining to government acquisitions and contract administration 

Certified public accounting firms: public accounting organizations in the private sector that provide audit, attestation, or review services under contract to government entities or recipients of government funds 

Federal inspectors general: government audit organizations within federal agencies that conduct engagements and investigations relating to the programs and operations of their agencies and issue reports both to agency management and to third parties external to the audited entity 

Federal agency internal auditors: internal government audit organizations associated with federal agencies that conduct engagements and investigations relating to the programs and operations of their agencies 

Municipal auditors: elected or appointed officials in government audit organizations in the United States at the city, county, and other local government levels 

State auditors: elected or appointed officials in audit organizations in the governments of the 50 states, the District of Columbia, and the U.S. territories 

Supreme audit institutions: national government audit organizations, in the United States or elsewhere, typically headed by a comptroller general or auditor general 

The Yellow Book has to be called into play by someone else.

Just because the Yellow Book exists does not mean you have to follow it in conducting a governmental audit. The Yellow Book has to be called forth by something or someone external to it:

1.08     Laws, regulations, contracts, grant agreements, and policies frequently require that engagements be conducted in accordance with GAGAS. In addition, many auditors and audit organizations voluntarily choose to conduct their work in accordance with GAGAS. The requirements and guidance in GAGAS in totality apply to engagements pertaining to government entities, programs, activities, and functions, and to government assistance administered by contractors, nonprofit entities, and other nongovernmental entities when the use of GAGAS is required or voluntarily adopted. 

The Yellow Book may be called forth by law or policy. The Single Audit Act is just one of many laws that call the Yellow Book into play. For instance, the State of Texas passed a law that all audits conducted by internal audit shops in the state will be conducted using government auditing standards.

If you conduct an audit of a city, the city may have a policy requiring that all audits be conducted in accordance with government auditing standards. Or, the request for proposal for the audit may request that the audit be conducted in accordance with government auditing standards. But it wouldn’t be surprising if the city does not have a policy or a law that mentions the Yellow Book. In this case, the internal auditor for the city would likely follow Institute of Internal Auditors (IIA) Standards and the external auditor would follow American Institute of Certified Public Accountants (AICPA) auditing standards.

The bottom line is that just because you audit a government does not mean you have to use the Yellow Book. If you cannot find any law or policy requiring it, you do not have to follow it. The Yellow Book is not like the AICPA’s audit standards, which, just because they exist, must be followed when expressing an opinion on the financial statements.

For instance, let’s say you are engaged to express an opinion on the financial statements of a small town in Georgia that does not receive any federal funds. Are you required to follow the Yellow Book on this engagement? To figure this out, you need to do more research. You need to determine whether the state of Georgia has a law or regulation requiring the use of GAGAS on audits of towns and cities in the state. You must also find out whether the town has a rule or regulation in its city charter that requires the use of GAGAS. The request for proposal may include a request that the audit be conducted in accordance with Yellow Book. You need to look at all these rules, regulations, and policies to find the answer.

You don’t necessarily have to use the Yellow Book when working as an internal auditor of a government or as a monitor of governmental funds.Obviously, if you work for the federal government and conduct an audit of federal funds, you probably use the Yellow Book in your work because the Inspector General Act or the CFO Act requires it. But if you are a county auditor, you probably are not required to use it to guide your work.

Here is an example. Many state agencies have set up monitoring teams to ensure that federal and state pass-through funds are being spent properly, and they usually look at a finite set of compliance requirements. Nowhere do state regulations or laws require that the state agencies follow the Yellow Book. And, the agencies do not conduct or contribute to the Single Audit of the sub-recipients. Therefore, these monitoring teams do not conduct their work to comply with the Yellow Book, even though they audit governmental funds of governmental entities.

The GAO lists several laws or regulations that may require the use of the Yellow Book:

1.09     The following are some of the laws, regulations, and or other authoritative sources that require the use of GAGAS:

  1. The Inspector General Act of 1978, as amended, 5 U.S.C. App. requires that the statutorily appointed federal inspectors general comply with GAGAS for audits of federal establishments, organizations, programs, activities, and functions. The act further states that the inspectors general shall take appropriate steps to assure that any work performed by nonfederal auditors complies with GAGAS.
  2. The Chief Financial Officers Act of 1990 (Public Law 101-576), as expanded by the Government Management Reform Act of 1994 (Public Law 103-356), requires that GAGAS be followed in audits of executive branch departments’ and agencies’ financial statements. The Accountability of Tax Dollars Act of 2002 (Public Law 107-289) generally extends this requirement to most executive agencies not subject to the Chief Financial Officers Act unless they are exempted for a given year by the Office of Management and Budget (OMB).
  3. The Single Audit Act Amendments of 1996 (Public Law 104-156) require that GAGAS be followed in audits of state and local governments and nonprofit entities that receive federal awards. OMB Circular No. A-133, Audits of States, Local Governments, and Non- Profit Organizations, which provides the government wide guidelines and policies on performing audits to comply with the Single Audit Act, also requires the use of GAGAS.

1.10      Other laws, regulations, or authoritative sources may require the use of GAGAS. For example, auditors at the state and local levels of government may be required by state and local laws and regulations to follow GAGAS. Also, auditors may be required by the terms of an agreement or contract to follow GAGAS. Auditors may also be required to follow GAGAS by federal audit guidelines pertaining to program requirements, such as those issued for Housing and Urban Development programs and Student Financial Aid programs. Being alert to such other laws, regulations, or authoritative sources may assist auditors in performing their work in accordance with the required standards.

1.11      Even if not required to do so, auditors may find it useful to follow GAGAS in performing audits of federal, state, and local government programs as well as audits of government awards administered by contractors, nonprofit entities, and other nongovernment entities. Many audit organizations not formally required to do so, both in the United States of America and in other countries, voluntarily follow GAGAS.

When the AICPA gets involved

The Yellow Book covers several different categories of engagements: financial audits, attestation engagements, reviews of financial statements, and performance audits. If you conduct a financial audit, you must also follow the AICPA audit standards. If you conduct an attestation engagement, you must also follow the AICPA attestation standards. If you conduct a review of the financial statements, you must follow the AICPA’s review standards. However, if you conduct a performance audit, you don’t have to follow the AICPA standards or any other standards for that matter!

The Yellow Book states, in the sections dealing with financial audits and attestation engagements, that the AICPA standards are to be applied. Then the Yellow Book adds a few additional requirements of its own. For example, the AICPA does not require that the findings contain the five distinct elements of a persuasive argument, but the Yellow Book does.

Periodically, the GAO revises the Yellow Book. When the GAO revises, they seek to match the language in the Yellow Book to the language in the AICPA standards. This is true even in the performance standards because the GAO wants the Yellow Book to use consistent terms and concepts throughout. Why do I mention this? If you are a performance auditor, you can’t entirely ignore the AICPA because when the AICPA moves and updates, the GAO matches their move and updates the financial AND performance audit chapters accordingly.

The Single Audit Layers

If you are one of the lucky souls who conduct Single Audits, you must pay attention to several layers of standards.

In addition to requiring that its instruction be followed, Single Audit requirements demand that the audit be conducted in accordance with government auditing standards. Upon opening the Yellow Book, you discover that a Single Audit qualifies as a financial audit. The financial audit chapters inside the Yellow Book then say that you must also follow the AICPA audit standards.

So, the layering looks like this:

Single Audit requirements
Yellow Book
AICPA audit standards (AU-C)

More often than not, if you audit a federal program, you must look at other requirements generated by the federal grantors that exceed the Single Audit requirements in the Uniform Guidance. For instance, in auditing HUD programs, you must follow the HUD audit guide as well as the Single Audit requirements (and hence the Yellow Book and the AICPA standards). Instead of three layers, you must be apply four layers of audit requirements. Does anybody want out of governmental auditing yet?

The Focus of This Manual

The focus of this manual is to cover onlythe government auditing standards, the Yellow Book. The manual will not delve into the AICPA standards, the IIA standards, or the Single Audit requirements in detail, although I may refer to them from time to time. The Yellow Book provides plenty of fodder for discussion on its own.

How the Yellow Book Is Organized

One key to understanding the Yellow Book standards is to get comfortable with the way they are organized. The standards are conveniently organized by introductory material and general standards as well as financial, attestation, and performance standards.

CHAPTER 1: Foundation and Principles for the Use and Application of Government Auditing Standards: This chapter introduces the types of audits and meaning of must, should, and may
CHAPTER 2: General Requirements for Complying with Government Auditing Standards
CHAPTER 3: Ethics, Independence, and Professional Judgment
CHAPTER 4: Competence and Continuing Professional Education
CHAPTER 5: Quality Control and Peer Review
CHAPTER 6: Standards for Financial Audits: This chapter is applicable to financial audits only and discusses fieldwork standards, including documentation and client communications during planning. This chapter also discusses reporting standards, including the need to garner client responses to findings. This chapter builds on top of AICPA audit standards.
CHAPTER 7: Standards for Attestation Engagements and Reviews of Financial Statements. This chapter is applicable to attestation engagements and reviews of financial statements only and is very redundant of financial auditing standards. This chapter builds on the AICPA’s Statements on Standards for Attestation Engagements (SSAEs) and the Statement on Standards for Accounting and Review Services (SSARS).
CHAPTER 8: Fieldwork Standards for Performance Audits. This chapter is applicable to performance audits only and does not layer on top of any other standards.
CHAPTER 9: Reporting Standards for Performance Audits. This chapter is applicable to performance audits only and does not layer on top of any other standards.

Visit the Yellowbook-CPE.com Student Center
Click to learn more about Yellowbook requirements.


Lost your password?