Filetype Excel XLSX | Posted on 09 Aug 2022 | 3 years ago
Authentication
digital resources
159x Filetype XLSX File size 0.07 MB Source: audit.transportation.org
Sheet 1: Instructions
| INSTRUCTIONS | ||||||||||||
| Audit Organizations should have clearly stated in policies and/or procedures manuals which audit standards they follow. There are 3 types of Attestation (AT) Standards and it should be clear whether engagements are performed using the Examination, Agreed-Upon Procedures or Review AT standards. | ||||||||||||
| 1. When Governmental Audit Standards (GAS) are applied, all audit engagements, regardless of type, must follow the General Standards. As a result, the "General_Standards_GAS_All_ATs" tab must be completed. | ||||||||||||
| 2. When Attestation Standards are followed, there are common standards that are required, regardless of type. Therefore, the "Common_To_All_AT_Engagements" tab must also be completed. | ||||||||||||
| 3. Depending on how the Peer Review team selects their sample of audit engagements for testing, and whether the audit organization performs a variety of different types of engagements, you may need to complete the Examination tab (engagement was performed using the AT Examination standards), AUP Engagements tab (engagement is an agreed-upon procedures), or the Review Engagements tab (if the engagement is a review). | ||||||||||||
| APPLICABLE TO ALL ATTESTATION ENGAGEMENTS | ||||||||||
| GENERAL STANDARDS - YELLOW BOOK | ||||||||||
| With Regard to Independence: | N/A | Yes | No | Reference: | ||||||
| Has the audit organization determined and documented that auditors participating on the engagement are free from independence impairments in both mind and appearance? Was the audit organization independent from the audited entity during any period of time that falls with the period covered by the financials or subject matter and the period of professional engagement? [GAS 3.02-.06] | ||||||||||
| Has the audit organization applied the conceptual framework to identify threats to independence; evaluated the significance of the threats identified, both individually and in the aggregate; and applied safeguards as necessary to eliminate the threats or reduce them to an acceptable level? (This evaluation would include threats not related to nonaudit services.) [GAS 3.07-.19] | ||||||||||
| Has the audit organization determined, evaluated, and documented whether identified threats to independence are at an acceptable level or have been eliminated or reduced to an acceptable level. [GAS 3.20-.24] | ||||||||||
| Has the audit organization determined and documented cases where threats to independence were not at an acceptable level and threats are so significant they cannot be eliminated or reduced through safeguards, resulting in impairments to independence? If so, did the auditors decline the engagement or terminate an audit in process? [GAS 3.25] | ||||||||||
| Has the audit organization (in the government entity) performed work and reported the results objectively based on the placement within government and the structure of the government entity being audited? The independence standard applies to auditors in government entities whether they report to third parties externally (external auditors), to senior management within the audited entity (internal auditors), or to both. [GAS 3.27-.32] | ||||||||||
| For all nonaudit services that are not specifically prohibited by GAS, did the audit organization document the assessment of the audited entity management’s ability to effectively oversee the nonaudit services provided? (This evaluation and documentation is required for all nonaudit services regardless of the significance of the threats. The designated individual must be willing and able to oversee the nonaudit services.) [GAS 3.34 and 3.59] | ||||||||||
| Were the working papers free of evidence that contradicts the independence conclusions and considerations in this section? [GAS 3.34-.58] | ||||||||||
| For audit organizations that provided nonaudit services to an entity for which it has performed an attestation engagement under GAGAS, has the audit organization communicated with the engagement requestors and those charged with governance to clarify that the scope of the nonaudit services does not constitute an audit under GAGAS? Did the audit organization ensure that such services were not conducted in accordance with GAGAS and ensure that any report issued on the nonaudit services does not refer to GAGAS? [GAS 2.12] | ||||||||||
| With Regard to Professional Judgment: | ||||||||||
| Has the audit organization exercised appropriate professional judgment in planning and performing the attestation engagement and reporting the results? Has the audit organization complied with applicable professional standards, exercising professional skepticism, objectivity, integrity, assigning competent staff, defining scope of work, evaluating evidence, and maintaining quality control. [GAS 3.60–.68] |
||||||||||
| With Regard to Competence: | ||||||||||
| Did the audit team assigned to perform the engagement collectively possess adequate professional competence, technical knowledge, skills and experience necessary to address the objectives and perform the work in accordance with GAGAS? [GAS 3.69, 3.72] | ||||||||||
| Does the audit organization have a quality control policies and procedures designed to provide the audit organization with reasonable assurance that it has personnel with the capabilities and competence to perform its audits in accordance with professional standards and legal and regulatory requirements? [GAS 3.70-.71] | ||||||||||
| Do the attestation engagement team members appear knowledgeable or to have accessed appropriate knowledge in subject matter and criteria of the attestation engagement and have sufficient skills appropriate for the work being performed? Were they knowledgeable with respect to the AICPA standards, SSAE standards, and supplemental standards of GAS? [GAS 3.73-.74] | ||||||||||
| Were auditors licensed CPA's or persons working for licensed CPA's? [GAS 3.75] | ||||||||||
| Did audit team members meet the 24 and 80 hour CPE requirements? [GAS 3.76-78] | ||||||||||
| If the audit team used an external or internal specialists, did they assess and document the professional qualifications and competency of them? [GAS 3.79-.81] | ||||||||||
| With Regard to Quality Control and Assurance: | ||||||||||
| Did the audit organization establish a system of quality control designed to provide reasonable assurance of compliance with professional standards and applicable legal and regulatory requirements? [GAS 3.82] | ||||||||||
| Did the audit organization document its quality control policies and procedures and communicate those to its personnel? Did they document compliance with quality control policies and procedures and maintain such documentation sufficient for peer reviews? [GAS 3.84] | ||||||||||
| Has the audit organization at least annually performed monitoring of quality and analyzed and summarized the results of that monitoring to identify systemic issues needing improvement, along with recommendations for corrective action? [GAS 3.95] | ||||||||||
| Has the audit organization met the external peer review requirements to meet the GAGAS requirements and is the peer review report available publicly? [GAS 3.96, 3.105] | ||||||||||
| SUPPLEMENTAL FIELDWORK STANDARDS | ||||||||||
| With Regard to Auditor Communication During Planning: | ||||||||||
| Did the auditors communicate pertinent information that needs to be communicated to individuals contracting for or requesting the audit, or others that have oversight? [GAS 4.03-.04] | ||||||||||
| With Regard to Previous Audits & Attest Engagements: | ||||||||||
| Did the audit team assigned to perform the engagement evaluate and document whether the audited entity took appropriate corrective action to address findings and recommendations from previous engagements that could have a material effect on the subject matter or assertion of the AT engagement? [GAS 4.05] | ||||||||||
| Did the audit team use the information from findings and recommendations in previous engagements in assessing risk and determining the nature, timing and extent of work? [GAS 4.05] | ||||||||||
| With Regard to Developing Elements of Findings: | ||||||||||
| If deficiencies in internal control, noncompliance, fraud, or abuse were identified, did the audit organization plan and perform procedures to develop the attest engagement findings to contain the elements or criteria, condition, cause, and effect or potential effect? [GAS 4.10-4.14] | ||||||||||
| With Regard to Attest Documentation: | ||||||||||
| Does the AT documentation contain sufficient information to enable an experienced auditor having no previous connection, to understand from the documentation the nature, extent, and results of procedures performed, the evidence obtained and its source, and the significant judgments and conclusions? [GAS 4.15] | ||||||||||
| Is there evidence of supervisory reviews, before the report was released, of the evidence that supports the findings, conclusions, and recommendations contained in the auditors' report? [GAS 4.15a] | ||||||||||
| Did the audit team document any departures from GAGAS requirements and the impact on the engagement and on the auditor's conclusions when the audit is not in compliance with GAGAS due to law, regulation, scope limitations, etc.? [GAS 4.15b] | ||||||||||
| Does the audit organization have established policies and procedures for the safe custody, retention of, third-party requests of, and access to engagements documentation to meet any legal, regulatory, or administrative requirements? [GAS 4.16] | ||||||||||
| SUPPLEMENTAL REPORTING STANDARDS | ||||||||||
| With Regard to Reporting Auditors' Compliance with GAGAS: | ||||||||||
| If the audit organization complied with all applicable GAGAS requirements, does the AT report include a statement that the engagement was performed in accordance with Government Auditing Standards issued by the comptroller general of the United States? [GAS 4.17a, 4.18] | ||||||||||
| Did the audit organization report on internal control and compliance with provisions of law, regulations, contracts, and grant agreements? [GAS 4.17b, 4.19-.21] | ||||||||||
| Did the audit organization report on communicating deficiencies in internal control, fraud, noncompliance, and abuse? [GAS 4.17c, 4.23-.27] | ||||||||||
| Did the audit organization report views of responsible officials and if necessary did the auditors evaluation of the comments and validity of them, and disclose reasons for disagreements, where necessary? If the audited entity refused to comment, did the auditors issue the report and indicate the entity did not provide comments? [GAS 4.17d, 4.33-.39] | ||||||||||
| Did the audit organization appropriately report on confidential or sensitive information by omitting confidential and/or sensitive information and stating the reason? Did they issue a separate report containing such information, limiting the use, and distributing it to only those authorized? [GAS 4.17e, 4.40-.44] | ||||||||||
| Did the auditors clearly develop findings and place their findings in perspective by describing the nature and extent of the issues to give the reader a basis for judging the prevalence and consequences of these findings? [GAS 4.28-.29] | ||||||||||
| With Regard to Reporting Findings Directly to Outside Parties: | ||||||||||
| Did the audit organization report known or likely fraud, noncompliance or abuse directly to outside parties, when: a. the audited entity fails to satisfy legal or regulatory requirements to report such information themselves, or b. when the findings, material to the subject matter, involve funding from an other government agency and the entity has failed to timely report such information to the funding agency? [GAS 4.30a-b] |
||||||||||
| With Regard to Distributing Reports: | ||||||||||
| If report distribution was limited for any reason, did the audit team document such limitation? [GAS 4.45] | ||||||||||
| Was the AT report submitted to those charged with governance, appropriate officials of the responsible party, and appropriate oversight bodies or organizations arranging for the AT engagement? [GAS 4.45a] | ||||||||||
| APPLICABLE TO ALL ATTESTATION ENGAGEMENTS | ||||||||||
| CONCEPTS COMMON TO ALL AT ENGAGEMENTS | ||||||||||
| Note: If the requirements (e.g. independence) are already covered under the Yellow Book and is on the General_Standards tab, it will not be duplicated here. | ||||||||||
| With Regard to Acceptance and Continuance | N/A | Yes | No | Reference: | ||||||
| Is there documentation the engagement partner is satisfied that the appropriate procedures regarding the acceptance and continuance of client relationships and AT engagements have been followed? [AT-C 105.23] | ||||||||||
| With Regard to Preconditions for an AT Engagement | ||||||||||
| Did the audit team determine and document the responsible party is a party other than the auditor and takes responsibility for the subject matter? [AT-C 105.25a] | ||||||||||
| Did the audit team determine and document the following: a. the subject matter is appropriate, b. the criteria to be applied in the preparation and evaluation of the subject matter are suitable and will be available to the intended users, c. the auditor expects to be able to obtain the evidence needed to arrive at the opinion, conclusion, or findings, including access to all information and persons, d. the auditors' opinion, conclusion, or findings, in the form appropriate to the engagement? [AT-C 105.25b] |
||||||||||
| If the preconditions above were not present, did the auditor discuss the matter with the engaging party to resolve the issue? [GAS 105.26] | ||||||||||
| Were the working papers free of evidence that contradicts the reasons for accepting an AT engagement (ethical requirements, competence and capabilities, preconditions met, and common understanding)? [AT-C 105.27] | ||||||||||
| If it was discovered after the engagement was accepted, that one or more of the preconditions is not present, did the auditor discuss the matter with the appropriate part and determine the matter could be resolved, whether it is appropriate to continue with the engagement, and if not resolved and it's appropriate to continue how to communicate the matter in the audit report? [AT-C 105.28] | ||||||||||
| With Regard to Acceptance of a Change in the Terms of the Engagement | ||||||||||
| If the terms of the engagement changed, was there documentation of reasonable justification for agreeing to a change? [AT-C 105.29] | ||||||||||
| Was the report appropriate given the change and doesn't include reference to the original engagement or procedures performed prior or scope limitations that resulted in the change? [AT-C 105.30] | ||||||||||
| With Regard to Using the Work of an Other Practitioner | ||||||||||
| If the audit team used the work of an other auditor, did they: a. Obtain an understanding of whether the other auditor understood and complied with ethical requirements and is independent. B. Obtain an understanding of the other auditor's professional competence. c. Communicate with the other auditor about the scope and timing of the work and findings. d. (If assuming responsibility) get involved in the work. e. Evaluate whether the auditor's work is adequate. f. Determine and document whether to make reference in the audit report. |
||||||||||
no reviews yet
Please Login to review.
