Generally Accepted Government Auditing Standards, commonly referred to as the “Yellow Book,” were revised and issued in July 2018 by the U.S. Government Accountability Office. The 2018 Yellow Book is effective for financial audits, attestation engagements, and reviews of financial statements for periods ending on or after June 30, 2020, and for performance audits beginning on or after July 1, 2019. (Early implementation is not permitted.)
Last revised in 2011, the Yellow Book is designed to help government auditors at the federal, state and local levels, as well as auditors of not-for-profit organizations who are subject to the Yellow Book, produce high-quality audits that reflect competence, integrity, objectivity and independence.
While there are many new requirements important to your auditors, such as changes to format, peer review, CPE requirements, etc., the following summarizes a few of the significant changes that will impact your not-for-profit more directly.
The most significant changes are the expanded independence requirements related to the performance of non-audit services, such as the preparation of accounting records and year-end audited financial statements. The 2018 Yellow Book makes it clear that preparing the year-end audited financial statements in its entirety is always considered a significant threat to the auditors’ independence. As such, the auditor is responsible for documenting the evaluation of the threat and implementing the appropriate safeguards to reduce it to an acceptable level. The 2018 Yellow Book takes it a step further and requires that any threats created by non-audit services related to preparing accounting records and financial statements be evaluated for significance. Examples of threats would include preparing certain sections of the financial statements and posting entries that the audited entity’s management has approved to the entity’s trial balance.
In addition, there is added application guidance to define management’s “Skills, Knowledge and Experience” (SKE). Your organization’s management is not required to possess expertise needed to perform or re-perform the services. However, the auditor will assess management’s ability to recognize a material error.
Finally, not-for-profit organizations need to be alert to the independence period. Per the 2018 Yellow Book, auditors must be independent from an audited entity during:
Keep in mind that your auditor performing non-audit services on your behalf is not prohibited, as long as your auditors adhere to certain rules and ensure appropriate safeguards are obtained. Rules include educating organization management, assigning separate personnel for audit and non-audit services, and asking management complete a financial statement disclosure checklist as part of the financial statement review.
The 2018 Yellow Book introduces a new concept referred to as “waste,” defined as “the act of using or expending resources carelessly, extravagantly, or to no purpose. Importantly, waste can include activities that do not include abuse and does not necessarily involve a violation of law. Rather, waste relates primarily to mismanagement, inappropriate actions, and inadequate oversight.”
Waste is an expansion of the concept referred to as “abuse” in the 2011 Yellow Book. While auditors are not responsible for designing testing procedures to detect waste or abuse, they should understand that the discovery of either of these items may indicate that fraud or noncompliance could exist.
If your auditors find any indication of waste in your organization, be aware they may perform expanded audit procedures.
Auditors must now consider whether internal control is significant to performance audit objectives. If it is determined that internal control is not significant to the audit objectives, auditors should document accordingly, and reassess as applicable, any new or refined objectives. If internal control is determined to be significant to the audit objective, then the auditor should obtain an understanding of such internal control.
For example, if the audit objective is around expenditures and it is determined to be significant, your organization should be prepared to provide information relating to the authorization of those expenditures and the recording of those expenditures in the financial system. It is also important to note that a performance audit can rely on the test of controls that were performed as part of the financial statement audit to the extent they are relevant to the audit objectives.
Under the 2018 Yellow Book, the auditor should consider internal control deficiencies in their evaluation of identified findings when developing the “cause” element. This change relates to financial statement audits, reviews of financial statements and performance audits. The auditor should seek to determine a cause or explanation of why the condition deviates from the criteria. Your organization should be prepared to discuss the various control activities that have been designed and implemented by management to address specific risks of the organization.
The 2018 Yellow Book can be accessed on the Government Accountability Office Yellow Book webpage along with the 2011 version. Also included on the Web page is a podcast on the new Yellow Book, how to purchase printed copies and GAO contact information.
Contact Sarah Lee, Marie Brilmyer or a member of your service team to discuss this topic further.
Cohen & Company is not rendering legal, accounting or other professional advice. Information contained in this post is considered accurate as of the date of publishing. Any action taken based on information in this blog should be taken only after a detailed review of the specific facts, circumstances and current law with your professional advisers.