oversight

Financial Audit Manual: Update to Part II--Tools

Published by the Government Accountability Office on 2003-04-01.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

              United States General Accounting Office
              President’s Council on Integrity and Efficiency


GAO/PCIE


              Financial
              Audit
              Manual



              Update to Part II - Tools




                                                Update to Part II
GAO-03-466G
[This page intentionally left blank]
April 2003


Dear Colleague:

In July 2001, the U.S. General Accounting Office (GAO) and the President’s Council on
Integrity and Efficiency (PCIE) issued the GAO/PCIE Financial Audit Manual (FAM).
The FAM provides guidance for financial audits conducted by the Inspector General
community, GAO, and their contractors. The FAM is a key part in enhancing
accountability over taxpayer-provided resources.

GAO and the PCIE are committed to keeping the FAM current and intend to prepare
updates as needed. With this goal in mind, a GAO/PCIE task force prepared this update
to volume II of the FAM, which provides tools to assist the auditor in complying with
audit standards. The new or updated sections are highlighted in the table of contents for
volume II. It was issued as an exposure draft on the internet in September 2002, and we
incorporated changes based on comments received. The original GAO/PCIE FAM, which
will be updated by having these additional sections incorporated, and this April 2003
update are available on the internet at

                   www.GAO.gov or www.ignet.gov/pande/audit.html

If you have comments or suggestions for additional projects for further FAM updates,
please e-mail them to

                             FAM_Comments@oig.doi.gov


We extend our thanks to the many individuals and organizations that provided comments
and insights to make the manual stronger. The task force assembled by GAO and the
PCIE also deserves much credit for its dedication to completing this project.




Jeffrey C. Steinhoff                            The Honorable Gregory H. Friedman
Managing Director                               Chair, President’s Council on Integrity
U.S. General Accounting Office                   and Efficiency Audit Committee
         Filing instructions for April 2003 FAM Volume II – Tools update:

  Retain from original          Insert from April 2003         Delete from original
   July 2001 version                    update                  July 2001 version

Cover to volume II
                              Contents – Part II             Contents – Part II
                               (including title page)         (including title page)
                              Section 600 (including title   Section 600 title page
                               page and sections 601,
                               650, 650 A, B, and C, 660,
                               660 A, B, C, and D)
                              Section 700 (including title   Section 700 title page
                               page and sections 701 and
                               701 A and B)
                              Section 800 (including title   Section 800 title page
                               page and sections 802,
                               803, 808, 809, 810, 812,
                               813, 814, 816, and 817)
                              Section 900 (including title   Section 900 title page
                               page and sections 902, 902
                               A, B, and C, 903, 921, 921
                               A, B, C, and D)
Section 1000 title page
Sections 1001 and 1001 A
                              Sections 1002 and 1002 A,      Section 1002 title page
                               B, C, and D
Sections 1003, 1004, and
 1005
                              Section 1006 title page        Section 1006


                           Changes affecting volume I

Glossary title page           Glossary (22 pages)            Glossary (17 pages)
Abbreviations title page      Abbreviations (3 pages)        Abbreviations (2 pages)
CONTENTS - PART II - TOOLS
[This page intentionally left blank.]
CONTENTS – PART II – TOOLS


 600         PLANNING AND GENERAL

 601         Introduction to Part II – Tools
 650         Using the Work of Others
 650 A       Summary of Audit Procedures and Documentation for Review of Other
              Auditors' Work
 650 B       Example Audit Procedures for Using the Work of Others
 650 C       Example Reports When Using the Work of Others
 660         Agreed-Upon Procedures
 660 A       Example Agreed-Upon Procedures Engagement Letter
 660 B       Example Representation Letter from Responsible Entity on Agreed-Upon
              Procedures Engagement
 660 C       Agreed-Upon Procedures Completion Checklist
 660 D       Example Agreed-Upon Procedures Report



 700         INTERNAL CONTROL (See also section 900)

 701         Assessing Compliance of Agency Systems with the Federal Financial
              Management Improvement Act (FFMIA)
 701 A       Example Audit Procedures for Testing Compliance with FFMIA
 701 B       Summary Schedule of Instances of Noncompliance with FFMIA



 800         COMPLIANCE

 801         Reserved
 802         General Compliance Checklist
 803         Antideficiency Act
 804         Reserved
 805         Reserved
 806         Reserved
 807         Reserved
 808         Federal Credit Reform Act of 1990
 809         Provisions Governing Claims of the U.S. Government (31 U.S.C. 3711-
              3720E) (Including the Debt Collection Improvement Act of 1996) (DCIA)
 810         Prompt Payment Act
 811         Reserved
 812         Pay and Allowance System for Civilian Employees, as Provided Primarily
              in Chapters 51-59 of Title 31, U.S. Code

April 2003             GAO/PCIE Financial Audit Manual - Part II          Contents-1
Contents - Part II - Tools


 813         Civil Service Retirement Act
 814         Federal Employees Health Benefits Act
 815         Reserved
 816         Federal Employees' Compensation Act
 817         Federal Employees' Retirement System Act of 1986


 900         SUBSTANTIVE TESTING

 901         Reserved
 902         Related Parties, Including Intragovernmental Activity and Balances
 902 A       Example Account Risk Analysis for Intragovernmental Activity and
              Balances
 902 B       Example Specific Control Evaluation for Intragovernmental Accounts
 902 C       Example Audit Procedures for Intragovernmental and Other Related
              Parties' Activity and Balances
 903         Auditing Cost Information
 921         Auditing Fund Balance with Treasury (FBWT)
 921 A       Treasury Processes and Reports Related to FBWT Reconciliation
 921 B       Example Account Risk Analysis for Fund Balance with Treasury
 921 C       Example Specific Control Evaluation for Fund Balance with Treasury
 921 D       Example Audit Procedures for Fund Balance with Treasury


 1000        REPORTING

 1001        Management Representations
 1001 A      Example Management Representation Letter
 1002        Inquiries of Legal Counsel
 1002 A      Example Audit Procedures for Inquiries of Legal Counsel
 1002 B      Example Legal Letter Request
 1002 C      Example Legal Representation Letter
 1002 D      Example Management Summary Schedule
 1003        Financial Statement Audit Completion Checklist
 1004        Checklist for Reports Prepared Under the CFO Act
 1005        Subsequent Events Review
 1006        Reserved. (For Related Parties, see section 902)




April 2003             GAO/PCIE Financial Audit Manual - Part II         Contents-2
    SECTION 600


Planning and General
[This page intentionally left blank.]
      Planning and General


      601 - INTRODUCTION TO PART II – TOOLS

.01   Part II of the GAO/PCIE Financial Audit Manual (FAM) consists of tools to assist
                   1
      the auditor in performing a financial statement audit. These tools are generally
      organized according to the phases of the audit: tools in section 600 deal with the
      planning phase and general issues; section 700, the internal control phase; section
      800, compliance; section 900, substantive testing; and section 1000, the reporting
      phase.

.02   Many of the tools in the various sections include activities that would be
      performed during other phases of the audit. Thus, the auditor should refer to the
      sections in part II early in the audit. For example, section 701, Assessing
      Compliance of Agency Systems with the Federal Financial Management
      Improvement Act, includes procedures that would be performed throughout the
      audit, not just during the internal control phase, although many of them would be
      performed then. Also, section 902, Related Parties, Including Intragovernmental
      Activity and Balances, has procedures that the auditor may decide to perform in
      the planning and internal control phases of the audit as well as during the testing
      phase.

.03   The audit procedures presented in the examples in this and other sections of
      part II (tools) of the GAO/PCIE FAM are examples of some of the audit steps
      typically performed in each area. They should be used in conjunction with the
      appropriate FAM sections. In using these procedures, the auditor should use
      judgment to add additional procedures, delete irrelevant procedures, modify
      procedures, indicate the extent and timing of procedures, and change the
      terminology to that used by the audited entity. The auditor may integrate these
      steps with the audit programs for related line items. For example, tests of
      intragovernmental activity and balances (section 902) may be integrated with
      tests of accounts receivable and payable, and, to improve efficiency, the auditor
      may coordinate those tests with related nonintragovernmental activity and
      balances.




  1
      The term "auditor," throughout the FAM includes individuals who may be titled
      auditor, analyst, evaluator, or have a similar position description.


      April 2003          GAO/PCIE Financial Audit Manual - Part II            Page 601-1
[This page intentionally left blank.]
      Planning and General


      650 - USING THE WORK OF OTHERS

.01   In many audits, the auditor uses the work and reports of other auditors and
      specialists. Other auditors include CPA firms, Inspectors General, state auditors,
      and internal auditors. Specialists include actuaries and information systems
      auditors. The audit organization may contract with a CPA firm to perform parts
      of or the entire audit. The audit organization should use FAM 650 to design and
      perform appropriate oversight and other procedures to use the work of other
      auditors and specialists. (The audit organization using the work of other auditors
      and specialists is referred to below as "the auditor.") This section provides
      guidance on using the work of other auditors and specialists and the nature and
      extent of procedures the auditor should perform.

.02   Various professional standards provide guidance in this area. These standards
      include AU 543, "Part of Audit Performed by Other Independent Auditors"; AU
      322, "The Auditor's Consideration of the Internal Audit Function in an Audit of
      Financial Statements"; AU 336, "Using the Work of a Specialist";1 and AU 315 (SAS
      No. 84), "Communication Between Predecessor and Successor Auditors." These
      standards have different requirements depending on whether the other
      organization is an independent auditor, an internal auditor, or a specialist.

.03   The auditor may use the work of other auditors and specialists in various
      situations, for example:

      •   audits by Inspectors General or CPA firms in accordance with the GAO/PCIE
          FAM;

      •   CPA firms or specialists hired to do parts of an audit (for example, review
          information systems controls, review actuarial calculations, test specific
          accounts);

      •   single audits or audits of federal funds performed by state auditors and CPA
          firms;

      •   work performed by internal auditors; and

      •   internal audit staff who provide direct assistance to the auditor.

.04   AU 543.13 states: "In some circumstances the principal auditor may consider it
      appropriate to participate in discussions regarding the accounts with
  1
      The AICPA also issued Practice Alert 2002-02, Use of Specialists.

      April 2003           GAO/PCIE Financial Audit Manual - Part II           Page 650-1
      Planning and General
      650 - Using the Work of Others

      management personnel of the component whose financial statements are being
      audited by other auditors and/or to make supplemental tests of such accounts.
      The determination of the extent of additional procedures, if any, to be applied
      rests with the principal auditor alone in the exercise of his professional judgment
      and in no way constitutes a reflection on the adequacy of the other auditor's
      work. Because the principal auditor in this case assumes responsibility for his
      opinion on the financial statements on which he is reporting without making
      reference to the audit performed by the other auditor, his judgment must govern
      as to the extent of procedures to be undertaken."

.05   The above paragraph makes clear that the principal auditor exercises
      considerable judgment in deciding what procedures are necessary to use the
      work of the other auditor. FAM 650 provides guidance in making the judgments
      necessary to use the work of others. These judgments include

      •   the type of reporting (see paragraphs 650.09-.10),
      •   the auditor's evaluation of the other auditors' or specialists' independence and
          objectivity (see paragraphs 650.11-.24),
      •   the auditor's evaluation of the other auditors' or specialists' qualifications (see
          paragraphs 650.25-.35), and
      •   the auditor's determination of the level of review (see paragraphs 650.36-.41).

.06   The auditor should coordinate with other auditors whose work he or she wishes
      to use. In turn, the other auditor should consider the needs of auditors who plan
      to use the work being performed so that the judgments exercised by both
      auditors could satisfy the needs of both. This is best done before major work is
      started. For example, auditors of a consolidated entity (such as the U.S.
      government or an entire department or agency) are likely to plan to use the work
      of auditors of subsidiary entities (such as individual departments and agencies or
      bureaus and components of a department). This coordination can result in more
      economy, efficiency, and effectiveness of government audits in general and avoid
      duplication of effort. In addition, the coordination needs to be ongoing
      throughout the audit so that the timing needs of both the auditor and the other
      auditors are met. The other auditors should make their audit documentation
      available for review by the auditor on an ongoing basis during the audit.

.07   In this coordination, the auditor should inform the other auditor how his or her
      work and report will be used. AU 543.07 indicates that if the auditor's report will
      name the other auditor, the auditor should obtain permission to do so and should
      present the other auditor's report together with the principal auditor's report.
      For CPA firms, this permission may be obtained through the contracting process.
      The auditor also should provide the other auditors a draft of the report as a
      courtesy.

      April 2003           GAO/PCIE Financial Audit Manual - Part II              Page 650-2
      Planning and General
      650 - Using the Work of Others


.08   When there is a difference of opinion between the two auditors, the principal
      auditor generally should confer with the other auditor to reach agreement with
      him or her as to the procedures necessary to satisfy both auditors' professional
      judgments. If both auditors are unable to reach agreement, see paragraphs
      650.54 to .56. Section 650 B contains example audit procedures for using the
      work of others, which depend on the judgments made.

      TYPES OF REPORTING

.09   There are various types of reporting when using the work of other auditors and
      specialists. The type of reporting depends on the degree of responsibility the
      auditor accepts and the work performed by the auditor. Factors for the auditor
      to consider in deciding which type of reporting to use include the amount of
      assurance the auditor wishes to provide, legal requirements, and cost-benefit
      considerations. The degree of resources required varies by type of report and
      generally increases in the order presented below. The type of reporting should
      be decided in planning the job and generally should be discussed with the other
      auditors or specialists. In deciding the type of reporting, the auditor should
      consider AU 504.03, which states that an auditor is "associated with financial
      statements when he has consented to the use of his name in a report, document,
      or written communication containing the statements." (Section 650 C contains
      examples of wording for two types of reporting.) The types of reporting are as
      follows.

      a. No association with report—In this situation, the other auditors' or
         specialists' report is provided directly to the auditee and/or to significant
         users. The auditor may use this method when the auditor merely procures the
         audit but is not acting as "the auditor." For example, if there is no legal
         requirement for a separate report by the auditor, the user does not need a
         separate report from the auditor, and a separate report would provide no
         additional information. When the auditor is required by law to perform the
         audit, he or she should not use this option since he or she is associated with
         the report.

      b. Auditor transmittal letter—There are two types of transmittal letters, one
         expressing no assurance and one expressing negative assurance on the other
         auditors' work. For either type, the auditor is associated with the financial
         statements as described in AU 504. The fourth standard of reporting states, (in
         the last sentence) "where an auditor's name is associated with financial
         statements, the report should contain a clear-cut indication of the character of
         the auditor's work, if any, and the degree of responsibility the auditor is
         taking." Because the auditor did not perform an audit, the auditor should

      April 2003          GAO/PCIE Financial Audit Manual - Part II           Page 650-3
Planning and General
650 - Using the Work of Others

   disclaim an opinion and should not express concurrence with the other
   auditors' opinion. The auditor may use this approach when there is no legal
   requirement for the auditor to express an opinion or concurrence but the
   auditor is required to or wants to issue a report or letter. The auditor may
   expand the letter to highlight certain findings or information or to indicate that
   certain procedures were performed. See example 1 of section 650 C for
   wording for both types of transmittal letters.

   •   Auditor transmittal letter expressing no assurance—For this letter,
       the auditor issues a transmittal letter without reviewing the other auditors'
       documentation. In these situations, the transmittal should be clear as to
       the limitations of the auditor's work. The auditor still has the
       responsibility to monitor any contract and meet the requirements of the IG
       Act, as amended, CFO Act, and Accountability of Tax Dollars Act of 2002, if
       applicable.

   • Auditor transmittal letter expressing negative assurance—This
     letter indicates that the auditor reviewed the other auditors' or specialists'
     report and related documentation and inquired of their representatives and
     states that the auditor found no instances where the other auditors did not
     comply, in all material respects, with Government Auditing Standards
     (GAGAS).

c. The auditor issues a report that refers to other auditors' reports and
   indicates a division of responsibilities—To use this approach, the auditor
   has two decisions to make: (1) whether the auditor may serve as the principal
   auditor (AU 543.01-.03) and (2) whether the auditor should refer to the work of
   the other auditors (AU 543.01-.10). The auditor should exercise considerable
   judgment in making these decisions and should document the basis for the
   decisions. One consideration the auditor may use in deciding whether the
   auditor is the principal auditor is whether the auditor has sufficient knowledge
   of the entire entity, including portions audited by other auditors. Another
   consideration is the materiality and importance of the consolidated assets,
   liabilities, expenses, revenues, or net position he or she has not audited. The
   auditor may issue a report that refers to other auditors when (1) the other
   auditors have reported on financial statements for a component entity that is
   part of the entity whose financial statements the auditor is reporting on and
   (2) the auditor does not wish to take responsibility for the other auditors'
   work. (See AU 543.09 for example wording. This approach may be used only
   for CPA firms or for other auditors who are organizationally independent [see
   paragraph 650.14]; it may not be used for internal auditors or specialists.)
   However, if the reader of the report could question the basis for the principal
   auditor issuing the opinion because of the significant materiality and

April 2003          GAO/PCIE Financial Audit Manual - Part II             Page 650-4
    Planning and General
    650 - Using the Work of Others

       importance of the portion of the financial statements audited by the other
       auditors, the auditor should consider whether there is a need to issue a report
       that does not mention the other auditors' work, which may require additional
       work (see 650.09 e below).

    d. The auditor issues a report that expresses concurrence with the other
       auditors' report and conclusions—The auditor may use this approach when
       other auditors have reported on financial statements and the auditor needs or
       wants to provide more assurance than what is provided by the transmittal
       letter.2 Expressing concurrence means that the auditor would have reached
       the same opinion or conclusion had he or she done the audit. Therefore, the
       auditor needs to do the same level of work as he or she would have done to
       take responsibility for the other auditor's work.3 The auditor usually
       accomplishes this by (1) reviewing the audit documentation and (2) having
       discussions with entity management and/or performing supplemental tests.
       See example 2 in section 650 C for report wording. This approach may be
       used only for CPA firms or for other auditors who are organizationally
       independent (see paragraph 650.14). This report should not be used for
       specialists, since AU 336.15 prohibits reference to a specialist's report unless
       the auditor issues a qualified or adverse opinion or a disclaimer of opinion
       based on the specialist's work. This approach also should not be used for
       internal auditors. AU 322.19 notes that the responsibility to report on the




2
    For example, a certain audit may be required by law, in which the auditor,
    although allowed to hire other auditors to do the work, is required to give his or
    her own opinion. In the absence of such a requirement, a report expressing
    concurrence is generally not cost-effective because of the resources required.
3
    In this instance both the other auditor and the auditor that expresses concurrence
    are principal auditors because both have sufficient knowledge of the overall
    financial statements and the important issues, and the concurring auditor, by
    reason of the level of work done, has also audited the financial statements.

    April 2003          GAO/PCIE Financial Audit Manual - Part II            Page 650-5
    Planning and General
    650 - Using the Work of Others

       financial statements rests with the auditor and cannot be shared with internal
       auditors.4

    e. The auditor issues a report that does not mention the other auditors'
       or specialists' work—In this situation, the auditor issues the report in
       section 595 A and/or B (as if no other auditors or specialists were involved).
       This means the auditor takes responsibility for the other auditors' or
       specialists' work. (See 650.09 c above for a discussion of principal auditor
       issues.) The auditor may use this approach when the other auditors have done
       part of the audit; the approach also may be used when the other auditors have
                                           5
       done substantially the entire audit. The auditor usually accomplishes this by
       (1) reviewing the audit documentation and (2) having discussions with entity
       management and/or performing supplemental tests. The auditor also should
       use this approach when using the work of specialists and internal auditors,
       because professional standards do not permit referring to specialists' or
       internal auditors' work (unless, for specialists, the auditor issues a qualified or
       adverse opinion or a disclaimer of opinion based on the specialist's work).
       GAO uses this approach in the audit of the consolidated financial statements
       of the United States Government.

4
    There may be situations where the auditor is asked to provide a separate opinion
    in addition to presenting the other auditors' report. In these situations, the
    auditor should follow the wording in section 595 A and/or B and should add the
    following in lieu of the introduction to the first paragraph on page 595 A-5:

    "To help fulfill these responsibilities, we contracted with the independent certified
    public accounting firm of [insert firm name] to perform a financial statement audit
    in accordance with U.S. generally accepted government auditing standards,
    OMB's bulletin, Audit Requirements for Federal Financial Statements, and the
    GAO/PCIE Financial Audit Manual. The report of [name of CPA firm] dated [date]
    is attached. We evaluated the nature, timing, and extent of the work, monitored
    progress throughout the audit, reviewed the documentation of [name of CPA
    firm], met with partners and staff members of [name of firm], evaluated the key
    judgments, met with officials of [entity being audited], performed independent
    tests of the accounting records [if applicable], and performed other procedures
    we deemed appropriate in the circumstances. Our opinions expressed above are
    consistent with the opinions of [name of CPA firm]. Thus, in this audit, we:"
    (continue with numbered items).
5
    For example, a number of other auditors may have audited individual components
    of an entity and the auditor may audit the consolidation process. The auditor may
    choose to use this approach if the auditor has sufficient knowledge of the entire
    entity and does additional work (see paragraph 650.10).

    April 2003          GAO/PCIE Financial Audit Manual - Part II             Page 650-6
      Planning and General
      650 - Using the Work of Others


.10   The following chart presents an overview of the work the auditor generally
      should perform for each type of report or letter. "Yes" means some of that
      category of work generally should be performed. "No" means that the category is
      generally not required for the report or letter. The extent of work in each
      category depends on the auditor's judgment. See paragraph 650.36 for discussion
      on level of review.


       Type of reporting       Evaluate      Evaluate      Level of    Hold discussions
                               the other     the other     Review      and/or perform
                               auditors'     auditors'     (para-      supplemental
                               indepen-      qualifica-    graphs      tests (para-
                               dence and     tions         650.36-     graphs 650.43-
                               objectivity   (para-        .42)        .47)
                               (para-        graphs
                               graphs        650.25-
                               650.11-.24)   .35)
                                    6
       No association with     No            No            None        No
       report (paragraph
       650.09 a)
       Auditor transmittal     Yes           Yes           Low or      No
       letter expressing no                                none
       assurance (para-
       graph 650.09 b, first
       bullet)
       Auditor transmittal     Yes           Yes           Moderate    No
       letter expressing                                   or low
       negative assurance
       (paragraph 650.09
       b, second bullet)
       Report refers to the    Yes           Yes           Low or      No
       other auditors' re-                                 none
       port and indicates a
       division of respon-
       sibilities (para-
       graph 650.09 c)



  6
      If the auditor contracts with the other auditors, the contracting process generally
      will require the auditor to evaluate the other auditors' independence, objectivity,
      and qualifications and to monitor performance under the contract.

      April 2003           GAO/PCIE Financial Audit Manual - Part II           Page 650-7
      Planning and General
      650 - Using the Work of Others


       Type of reporting       Evaluate      Evaluate     Level of     Hold discussions
                               the other     the other    Review       and/or perform
                               auditors'     auditors'    (para-       supplemental
                               indepen-      qualifica-   graphs       tests (para-
                               dence and     tions        650.36-      graphs 650.43-
                               objectivity   (para-       .42)         .47)
                               (para-        graphs
                               graphs        650.25-
                               650.11-.24)   .35)

       Report concurs with     Yes           Yes          High,        Yes for internal
       the other auditors'                                moderate,    auditors' work
       report or does not                                 or low       (should include
       mention the other                                               supplemental
       auditors' work                                                  tests).
       (paragraph 650.09 d                                             Yes for auditors'
       and e)                                                          work for high
                                                                       level of review.
                                                                       No for auditor's
                                                                       work for moderate
                                                                       or low level of
                                                                       review

      EVALUATING THE OTHER AUDITORS' OR SPECIALISTS'
      INDEPENDENCE AND OBJECTIVITY

.11   Unless the auditor has no association with the report, the auditor should evaluate
      the other auditors' or specialists' independence and objectivity. Where the
      auditor has previously used the work of the same other auditors, the auditor
      generally should update the previous evaluation. GAGAS 3.11 indicates that
      audit organizations and individual auditors should be free from personal and
      external impairments to independence, should be organizationally independent,
      and should maintain an independent attitude and appearance. The auditor
      should first evaluate organizational independence. Different standards apply to
      CPA firms, other organizationally independent auditors, internal auditors, and
      specialists.

.12   For CPA firms and specialists, the contracting process is designed to select a firm
      that is independent and objective. The statement of work or request for proposal
      should ask the firms to represent that they are independent and objective with
      respect to the auditee and should request the firms to describe in their proposals
      all work, including nonaudit services, they have done for the auditee in the last
      several years (see GAGAS Amendment No. 3, Independence, and Answers to
      Independence Questions). The technical evaluation panel should evaluate

      April 2003           GAO/PCIE Financial Audit Manual - Part II          Page 650-8
      Planning and General
      650 - Using the Work of Others

      whether the nature and extent of this work or other factors cause an
      independence or objectivity issue. In this evaluation, the panel may consider, for
      example, whether (1) the other auditors will need to audit their own work or (2)
      whether the other auditors made management decisions or performed
      management functions.
                   7
.13   If possible, the auditor should have a role in contracting for the CPA firm or
      specialist. When the auditor does not participate in contracting for the CPA firm
      or specialist, the auditor generally should obtain an overview of the contracting
      process; this generally should include reading the statement of work or request
      for proposal and the proposal of the firm selected, and understanding the
      evaluations of the panel selecting the firm. The auditor should determine
      whether the firm provided a representation as to independence and objectivity
      (usually in its proposal). If the firm has not provided a representation as to
      independence and objectivity, the auditor should obtain a representation from
      the firm. If the auditor is not familiar with the firm, the auditor should inquire of
      professional organizations (such as the American Institute of Certified Public
      Accountants or the Public Company Accounting Oversight Board established by
      the Sarbanes-Oxley Act of 2002) as to the firm's professional reputation and
      standing.

.14   For government auditors, the auditor should decide whether the other audit
      organization is organizationally independent to report externally or whether it
      should be considered an internal audit organization. The auditor may refer to the
      work of organizationally independent government auditors but should not refer
      to the work of internal audit organizations in the audit report; generally more
      extensive review and supervision are necessary when dealing with internal
      auditors. The auditor should obtain written representations from the head of the
      government audit organization that to the best of his or her knowledge, the
      organization and the individual auditors doing the work are independent of the
      entity being audited. This means that the individual auditors are free of personal
      impairments to independence and maintain an independent attitude and
      appearance; it also means that the organization is free from external impairments
      and is organizationally independent (see GAGAS 3.11). The representation letter
      may indicate the general criteria for determining independence, such as "under
      the criteria in GAGAS." The representations should be for the period of the
      financial statements to the date of the other auditors' report. Since the decision
      on the independence and objectivity of the other auditors is needed to plan the


  7
      Under the CFO Act and the Government Management Reform Act, if the IG is not
      doing the audit, he or she is required to determine the CPA firm that will do the
      work.

      April 2003          GAO/PCIE Financial Audit Manual - Part II             Page 650-9
      Planning and General
      650 - Using the Work of Others

      auditor's work, the auditor generally should obtain oral representations early in
      the audit, with written representations at the end of the audit.8

.15   Government auditors may be presumed to be free from organizational
      impairments to independence when reporting externally to third parties if their
      audit organization is organizationally independent of the audited entity.
      Government audit organizations may meet the requirement for organizational
      independence in a number of ways. There is a presumption that a government
      audit organization is organizationally independent (GAGAS 3.30.1) if the audit
      organization is

      a. "assigned to a level of government other than the one to which the audited
         entity is assigned (federal, state, or local), for example, a federal auditor
         auditing a state government program, or

      b. "assigned to a different branch of government within the same level of
         government as the audited entity, for example, a legislative auditor auditing
         an executive branch program."

.16   There is also a presumption of organizational independence if the head of the
      audit organization (GAGAS 3.30.2) meets one of the following:

      a. "is directly elected by voters of the jurisdiction being audited,

      b. "is elected or appointed by a legislative body, subject to removal by a
         legislative body, and reports the results of audits to and is accountable to a
         legislative body,

      c. "is appointed by someone other than a legislative body, so long as the
         appointment is confirmed by a legislative body and removal from the position
         is subject to oversight or approval by a legislative body, and reports the
         results of audits to and is accountable to a legislative body, or

      d. "is appointed by, accountable to, reports to, and can only be removed by a
         statutorily created governing body, the majority of whose members are
         independently elected or appointed and come from outside the organization
         being audited."

.17   If the other audit organization or its head meets one of the above criteria, the
      auditor need not perform any procedures concerning organizational

  8
      Obtaining a representation from the head of the audit organization is similar to
      the procedure for CPA firms under AU 543.10b.

      April 2003          GAO/PCIE Financial Audit Manual - Part II           Page 650-10
      Planning and General
      650 - Using the Work of Others

      independence other than to obtain a representation letter from the head of the
      audit organization as noted in paragraph 650.14 (see paragraph 650.23 for tests of
      personal independence). However, if the auditor encounters evidence that the
      audit organization might not be organizationally independent, the auditor should
      consider the need for inquiries and other procedures; the auditor should then
      evaluate the results of these procedures.

.18   In addition to the presumptive criteria, GAGAS recognize that there may be other
      organizational structures under which a government audit organization could be
      free from organizational impairments. These other structures should provide
      sufficient safeguards to prevent the audited entity from interfering with the audit
      organization's ability to perform the work and report the results impartially. For
      the audit organization to be considered free from organizational impairments to
      report externally under a structure different from the ones listed above, the audit
      organization (GAGAS 3.30.3) should have all of the following safeguards:

      a. "statutory protections that prevent the abolishment of the audit organization
         by the audited entity,

      b. "statutory protections that require that if the head of the audit organization is
         removed from office, the head of the agency should report this fact and the
         reasons for the removal to the legislative body,

      c. "statutory protections that prevent the audited entity from interfering with the
         initiation, scope, timing, and completion of any audit,

      d. "statutory protections that prevent the audited entity from interfering with the
         reporting on any audit, including the findings, conclusions, and
         recommendations, or the manner, means, or timing of the audit organization's
         reports,

      e. "statutory protections that require the audit organization to report to a
         legislative body or other independent governing body on a recurring basis,

      f.   "statutory protections that give the audit organization sole authority over the
           selection, retention, and dismissal of its staff, and

      g. "statutory access to records and documents that relate to the agency,
         program, or function being audited."

.19   If the head of the audit organization concludes that the organization has all the
      safeguards listed above, the audit organization may be considered free from
      organizational impairments to independence when reporting externally. The

      April 2003           GAO/PCIE Financial Audit Manual - Part II           Page 650-11
      Planning and General
      650 - Using the Work of Others

      audit organization should document the statutory provisions in place that provide
      these safeguards. The external quality assurance reviewer will review these
      provisions to determine whether the necessary safeguards are present.

.20   The auditor using the work of other auditors who meets these requirements
      should request a representation letter (see paragraph 650.14) from the head of
      the audit organization; the auditor should review the above documentation and
      discuss it with the head of the audit organization. He or she also may discuss the
      matter with the external quality assurance reviewer, legal counsel for the audit
      organization, and his or her own legal counsel.

.21   If the auditor decides that the government audit organization is not
      organizationally independent to report externally (either because it does not
      meet the criteria in GAGAS or for another reason), the auditor should determine
      whether the other auditors are organizationally independent to report internally.
      These auditors are internal auditors. The Institute of Internal Auditors' (IIA)
      Standards for the Professional Practice of Internal Auditing defines internal
      auditing as "an independent, objective assurance and consulting activity designed
      to add value and improve an organization's operations. It helps an organization
      accomplish its objectives by bringing a systematic, disciplined approach to
      evaluate and improve the effectiveness of risk management, control, and
      governance processes." GAGAS contain guidance on organizational
      independence for government internal auditors. For example, internal auditors
      should be outside the staff or line management function of the unit under audit.
      They should report their results and be accountable to the head or deputy of their
      agency. IIA standards require internal auditors to be objective for the activities
      they audit. These GAGAS and IIA standards of independence for internal
      auditors differ from independence under the AICPA Code of Professional
      Conduct or independence for external auditors under GAGAS. The auditor
      generally should determine whether the internal auditors whose work is to be
      used are independent of the activities they audit. The auditor also should
      consider the organizational status of the head of the audit organization, including
      (GAGAS 3.30.5) whether the head:

      •   "is accountable to the head or deputy head of the government entity;

      •   "is required to report the results of the audit organization's work to the head or
          deputy head of the government entity, and

      •   "is located organizationally outside the staff or line management function of
          the unit under audit."




      April 2003           GAO/PCIE Financial Audit Manual - Part II           Page 650-12
      Planning and General
      650 - Using the Work of Others

.22   If the auditor concludes that the internal auditors are not independent under
      GAGAS and IIA standards, the auditor should treat the work as if the auditee
      prepared it. If the auditor concludes that the internal auditors are independent
      under GAGAS and IIA standards, the auditor may use their work to the extent
      permitted by AU 322. In either case, the auditor may not issue a report referring
      to or concurring with the work of internal auditors.

.23   In addition to evaluating the other auditors' organizational independence, the
      auditor should evaluate whether the audit team has any personal impairments.
      For both internal auditors and organizationally independent government audit
      organizations, the auditor generally should ask how the other auditors monitor
      the personal independence of individual staff members, especially those doing
      the work the auditor would like to use.

.24   The auditor should document the work performed and the conclusions reached
      as to independence and objectivity. The documentation should indicate the
      auditor's conclusion as to whether the other auditors are independent and
      objective and the basis for that conclusion. The auditor should consult with the
      Reviewer if there are questions about the other auditors' independence or
      objectivity.

      EVALUATING THE OTHER AUDITORS' OR SPECIALISTS'
      QUALIFICATIONS

.25   After evaluating the other auditors' or specialists' independence and objectivity,
      the auditor should evaluate the other auditors' or specialists' qualifications to
      perform the specific tasks required. This involves evaluating the qualifications of
      the firm or audit organization and evaluating the qualifications of the specific
      audit team. Where the auditor has previously used the work of the same other
      auditors, the auditor generally should update the previous evaluation.

.26   For CPA firms and specialists, qualifications are generally evaluated through the
      contracting process. The firm submits resumes for the audit team and
      demonstrates why its team is qualified to do the work. CPA firms should be
      asked to submit their latest peer review report (or inspection report specified by
      the Public Company Accounting Oversight Board), letter of comments, and
      response to the peer review report. The firm generally submits its plan for doing
      the work. The purpose of the technical evaluation panel under the contracting
      process is to select a qualified firm.

.27   Where the auditor did not participate in the contracting process, the auditor
      should consider how the qualifications of the firm were evaluated. For example,
      did the evaluation panel review resumes of the team; review the audit approach;

      April 2003         GAO/PCIE Financial Audit Manual - Part II           Page 650-13
      Planning and General
      650 - Using the Work of Others

      and read the peer review report, the related letter of comments, and the firm's
      response to the peer review report? The auditor should read these documents
      and reach a conclusion as to qualifications.

.28   For auditors other than CPA firms, the auditor should ask whether the audit
      organization had a peer review and the date of that review. IGs have peer
      reviews performed every 3 years by other IGs. Most state auditors also have peer
      reviews every 3 years. To comply with GAGAS, the audit organization should
      have a peer review every 3 years. The IIA standards indicate that, "[e]xternal
      assessments, such as quality assurance reviews, should be conducted at least
      once every five years by a qualified, independent reviewer or review team from
      outside the organization.". While reviews under the IIA standard are not designed
      to report whether the audit organization's quality control adheres to GAGAS, they
      do provide evidence about whether the work adheres to a recognized set of
      professional standards. The auditor should read the peer review report, the letter
      of comments, and the audit organization's response. Where the audit
      organization has received an unqualified peer review report recently (usually less
      than 1 year ago), further review of the audit organization's qualifications is
      generally not required.

.29   Where the peer review report is not recent, the auditor also should review the
      results of the audit organization's internal inspection program. If the peer review
      is not recent, the inspection is important in highlighting new quality control
      issues. The inspection generally should include reviews of documentation,
      interviews of staff members, and tests of functional areas. Where the inspection
      is recent (usually within the past year) and the inspection report is unqualified,
      further review of the audit organization's qualifications is generally not required.

.30   Where the peer review or inspection report is qualified or adverse, the auditor
      should evaluate whether the quality control system has since been strengthened
      to allow the auditor to use the other auditors' work. The auditor may review the
      organization's action plan for improving quality controls. Inspection results are
      helpful in determining whether quality controls have improved since the peer
      review. The auditor should consider the effect of the remaining weaknesses in
      determining the nature and extent of procedures the auditor will perform.

.31   Where the peer review is not recent and there is no inspection program, the
      auditor generally should obtain an overview of the important policies and
      procedures in the functional areas:

      •   independence, integrity, and objectivity (see above);




      April 2003          GAO/PCIE Financial Audit Manual - Part II           Page 650-14
      Planning and General
      650 - Using the Work of Others

      •   personnel management (includes recruiting and hiring, advancement,
          professional development and training, and assigning personnel to
          assignments);
      •   audit performance (includes supervision and consultation);
      •   acceptance and continuance of assignments; and
      •   monitoring programs.

.32   This information usually is obtained through interviews of the audit
      organization's management and staff and through reading the audit organization's
      quality control summary document, if one has been written. The auditor also
      may read the organization's manuals and other guidance for conducting audits.

.33   In addition to evaluating the audit organization's qualifications, the auditor also
      should evaluate the overall qualifications of the other auditors' team assigned to
      do the work. Reviewing resumes of key team members may accomplish this.
      The auditor should consider the specific education, training, certifications, and
      experience of key team members. In evaluating qualifications, the auditor should
      consider the specific role of staff members on the job. When the auditor has
      knowledge of qualifications from prior experience with key team members, the
      auditor should inquire about experience in the time since the last audit.

.34   Where the auditor is not fully satisfied as to the other auditors' qualifications, the
      auditor generally should perform a more detailed review of the documentation
      and/or perform supplemental tests of key line items (see paragraph 650.36). The
      auditor also may help the other auditors improve future audits.

.35   If the auditor has significant concerns about the other auditors' independence,
      objectivity, or qualifications, the auditor should revise the audit approach. For
      example, the auditor may:

      •   contract with another firm,
      •   ask the other auditors to substitute more highly qualified or objective staff
          members,
      •   do the audit without using the other auditors' work, treating any work done by
          the other auditors as prepared by the auditee,
      •   divide the work so that the other auditors test the areas where they are
          qualified, and the auditor does the rest of the audit, or
      •   issue a disclaimer of opinion.




      April 2003          GAO/PCIE Financial Audit Manual - Part II             Page 650-15
       Planning and General
       650 - Using the Work of Others

       PLANNING THE REVIEW AND TESTING OF THE OTHER AUDITORS'
       OR SPECIALISTS' WORK

.36    After evaluating the other auditors' or specialists' independence, objectivity, and
       qualifications, the auditor should develop a written plan for reviewing and, if
       necessary, testing the work done. This plan documents the level of review the
                                                                 9                  10
       auditor believes necessary. The level of review is high, moderate, or low. The
       plan should be reconsidered as the work progresses. The level of review is a
       judgment the auditor makes; this judgment generally should be made for each
       material line item and should consider the following factors:

       a. The type of report or letter the auditor will issue (less review is needed for a
          transmittal letter than for reports in which the auditor takes responsibility for
          the other auditors' work). (See paragraph 650.10.)

       b. Whether the other auditors issue a disclaimer of opinion because of a scope
          limitation (less work is needed to concur with a scope limitation than to
          concur with an unqualified opinion). (See paragraph 650.37.)

       c. Whether the auditor's report might contain a disclaimer because of a scope
          limitation (less work is needed if the auditor's report will contain a scope
          limitation). (See paragraph 650.39.)

       d. The other auditors' independence, objectivity, and integrity (both for the
          audit team and for the other audit organization) including whether the other
          audit organization is an independent auditor or an internal auditor (the level
          of review increases as independence, objectivity, and integrity decreases).

       e. The other auditors' qualifications to perform the work the auditor wishes to
          use (both for the audit team and for the other audit organization) (the level of
          review increases as the other auditors' qualifications decrease).



  9
       Some situations may require significantly more work than the work shown for the
       high level. In those situations, the auditor generally should perform significant
       supplemental tests; in some cases, the audit may be a joint audit.
  10
       In some situations, the auditor may decide less review or no review is necessary.
       These situations typically involve entities or line items that are very small in
       relation to the financial statements taken as a whole. In these situations the
       auditor may decide to read the other auditors' report and the financial statements
       and ask questions if anything seems unusual.

       April 2003          GAO/PCIE Financial Audit Manual - Part II           Page 650-16
      Planning and General
      650 - Using the Work of Others

      f.   The auditors' prior experience with the other auditors (both for the audit
           team and for the other audit organization) (the level of review decreases as
           the auditor has favorable experience in working with the other auditors).

      g. The materiality of the line item in relation to the financial statements the
         auditor is reporting on, taken as a whole (the level of review increases as the
         line item becomes more material).

      h. The combined risk (combination of inherent risk and control risk) and the
         risk of material fraud for the line item and assertion in the financial
         statements the other auditors are auditing (the level of review increases as
         the combined risk and the risk of material fraud increase).

.37   If the other auditors' work had a scope limitation, this generally affects the level
      of review (except for transmittal letters with no assurance). If the other auditors
      disclaim an opinion on the financial statements because of a scope limitation, the
      auditor should issue a disclaimer of opinion (unless the financial statements the
      other auditors audited are not material to the financial statements the auditor is
      auditing). It will not take much review to be satisfied that the disclaimer is
      appropriate. Discussions with entity management and/or supplemental tests are
      not required in this situation, and the review of documentation may be limited to
      summary documentation. Thus, the level of review is usually low or no review
      (see footnote 6). However, the auditor may decide to do additional work to learn
      about the entity, to help the other auditor plan future audits, or to help
      management correct the causes of the scope limitation.

.38   If the other auditors' work had a scope limitation that results in a qualified
      opinion, this generally needs a moderate or high level of review to determine
      whether the other auditors should have disclaimed an opinion and that the only
      issues are those relating to the qualification.

.39   A scope limitation on the auditor's work that results in a disclaimer also may
      affect the level of review. Since the auditor has already decided that not enough
      work can be done on the overall financial statements, no amount of review of the
      other auditors' work is likely to change that conclusion. Thus, as in the situation
      above, discussions with entity management and/or supplemental tests are not
      required, the review of the other auditors' documentation may be limited to
      summary documentation, and the level of review is usually low or no review (see
      footnote 6). However, the auditor may decide to do additional work to learn
      about the entity, to help the other auditor plan future audits, or to help
      management correct the causes of the scope limitation.




      April 2003          GAO/PCIE Financial Audit Manual - Part II           Page 650-17
      Planning and General
      650 - Using the Work of Others

.40   A scope limitation on the auditor's work that results in a qualified opinion needs a
      similar amount of work as an unqualified opinion.

.41   Section 650 A illustrates the work that generally should be performed for each
      level of review for each significant line item as well as what to retain in the
      documentation.

      REVIEW OF DOCUMENTATION

.42   The extent of the auditor's review of the other auditors' or specialists'
      documentation depends on the level of review and is a judgment based on the
      factors in paragraph 650.36. For the low level of review, the review of
      documentation may be limited to key summary planning and completion
      documentation. For the moderate level, the auditor generally should review
      more of the other auditors' or specialists' documentation, especially those
      evidencing important decisions. For financial statement audits, these include the
      General Risk Analysis (GRA) or audit plan or equivalent documents; the Account
      Risk Analysis (ARA) (or equivalent documentation) for significant accounts; the
      Specific Control Evaluations (SCE) (or equivalent documentation) for significant
      applications; the documentation for high-risk accounts, estimates, and
      judgments; the analytical procedures; the audit completion checklist (or
      equivalent documentation); the audit summary memorandum; and the summary
      of possible adjustments. For the high level of review, the auditor generally
      should review all of the items for the moderate level of review plus the important
      detailed documentation.

      DISCUSSIONS AND/OR SUPPLEMENTAL TESTS WHERE LEVEL OF
      REVIEW IS HIGH

.43   AU 543.13 states: "In some circumstances the principal auditor may consider it
      appropriate to participate in discussions regarding the accounts with
      management personnel of the component whose financial statements are being
      audited by other auditors and/or to make supplemental tests of such accounts."
      "In some circumstances" is interpreted to mean when the level of review is high.
      Thus, where the level of review is high, the auditor should (1) review audit
      documentation and (2)hold discussions with auditee management and/or
      perform tests of original documents. The objective of these additional
      procedures is for the auditor to obtain additional evidence about whether key
      items are properly handled and well supported. For example, the auditor
      generally should discuss key items with auditee management, especially
      estimates and judgments; this discussion generally should be with the other
      auditors present. The auditor generally should attend the entrance and exit
      conferences and other key meetings held by other auditors or specialists. The

      April 2003         GAO/PCIE Financial Audit Manual - Part II           Page 650-18
      Planning and General
      650 - Using the Work of Others

      auditor should consider that for key items that are high risk, discussions with
      management may not provide sufficient evidence and supplemental tests may
      need to be performed.

.44   Supplemental tests may be a selection of the other auditors' work, additional
      tests of the accounting records, or both. To perform supplemental tests, the
      auditor should have access to the entity's personnel and their books and records.
       The auditor may coordinate access to the entity's personnel and records through
      the other auditor. The auditor and the other auditor also may jointly perform
      parts of a test, where the sample is planned jointly and the results are evaluated
      jointly. Although supplemental tests are usually performed only when the level
      of review is high, the auditor may decide to perform supplemental tests in other
      situations to learn about the entity, to help the other auditor plan future audits, or
      to help management correct problems.

.45   Where the other auditor is an internal auditor, the auditor should perform
      supplemental tests. Accordingly, for internal auditors, supplemental tests
      generally should be of greater scope (see AU 322.26).

.46   The auditor generally should limit discussions with entity management and/or
      supplemental tests to line items that are both high combined risk and material to
      the financial statements the auditor is reporting on, especially in areas involving
      estimates and judgments or in areas on which users place extensive reliance.
      The auditor's supplemental tests generally should include some items that the
      other auditor tested that appear to be exceptions to determine whether they were
      appropriately considered in formulating an opinion. The auditor should consider
      performing supplemental tests while the other auditors are at the auditee
      location and have access to records; this can minimize the inconvenience to the
      auditee.

.47   It is not necessary to perform supplemental tests of the work of specialists. As
      indicated in AU 336.12, the auditor should understand the methods and
      assumptions used by the specialists, test the data provided to the specialists
      (extent of testing is based on risk and materiality), and evaluate whether the
      specialists' findings support the financial statement assertions. If the auditor
      believes the findings are unreasonable, the auditor should apply additional
      procedures and/or consider the need to obtain another specialist.

      SUBSEQUENT EVENTS REVIEW AND DATING OF THE AUDITOR'S
      REPORT

.48   The auditor's report should be dated when the auditor completes fieldwork. If
      the other auditors' or specialists' report is dated earlier and the auditor's report

      April 2003          GAO/PCIE Financial Audit Manual - Part II             Page 650-19
      Planning and General
      650 - Using the Work of Others

      does not mention the other auditors' report or concurs with the other auditors'
      report (example 2 of section 650 C), the subsequent events review should be
      updated to the date of the auditor's report. The auditor may ask the other
      auditors to update the subsequent events work to the required date, or the
      auditor may update the subsequent events review. Since this requires additional
      work, the auditor should attempt to complete fieldwork when the other auditors
      complete fieldwork. This issue should be considered in planning. It is not
      necessary to update the subsequent events review when the auditor issues a
      transmittal letter (example 1 of section 650 C).

      STAFFING THE REVIEW OF THE OTHER AUDITORS' OR SPECIALISTS'
      WORK

.49   When staffing the review, the auditor should consider that the other auditors or
      specialists may already have reviewed the work at several levels. The auditor's
      staff reviewing the work generally should have enough experience in financial
      statement auditing to understand the judgments that need to be made and to
      interact with the higher levels of the other audit organization. Most of the review
      generally should be done by or under the direction of an assistant director or a
      manager who has significant experience in performing and reviewing financial
      statement audit work. Supplemental tests may be done by less experienced staff
      members and supervised by an assistant director or an experienced audit
      manager. Primary review of the experienced audit manager's or assistant
      director's documentation should be performed by the audit director or an
      assistant director designated by the audit director. However, the assistant
      director or audit manager should review the documentation of supplemental
      tests performed by the less experienced staff members. Because of the high level
      of financial statement auditing experience of staff members doing and reviewing
      this work, secondary review should be performed only in very high-risk
      situations.

.50   When the other auditors' work involves the review of computer controls, an
      information systems auditor in a management role generally should do the
      auditor's review. An audit assistant director should review the information
      systems auditor's documentation to determine that related audit objectives were
      achieved.

      EVALUATING THE WORK

.51   After the auditor has completed the review of the other auditors' work, and, if
      necessary, the supplemental testing, the auditor should determine whether the
      work is sufficient and acceptable for the auditors' use. The auditor should
      summarize the evaluation in the audit summary memorandum.

      April 2003         GAO/PCIE Financial Audit Manual - Part II           Page 650-20
      Planning and General
      650 - Using the Work of Others


.52   Sometimes, the other auditors use methodologies or audit approaches that are
      different from those the auditor would have used. The auditor should recognize
      that auditing requires a great deal of professional judgment and that there often
      are alternative ways to achieve audit objectives. Thus, the auditor should first
      understand the basis for the nature, timing, and extent of the other auditors'
      procedures. The auditor should evaluate whether sufficient evidence has been
      obtained to meet the auditor's objectives; usually the auditor should consider
      materiality and combined risk for the particular line item in this evaluation. If the
      auditor has concerns about whether the other auditors' work provides sufficient
      evidence, the auditor should discuss the matter with the audit director and the
      Reviewer before formally discussing the issue with the other auditors.

.53   The auditor should consider the significance of the test results to the audit of the
      financial statements the auditor is reporting on. As an example, the other
      auditors might have selected a nonstatistical sample and/or the sample size might
      be smaller than the sample size the auditor would have selected. The auditor
      might decide that this provides sufficient evidence in an area that is less material
      or is not risky. However, if the area is material or risk is high, the auditor might
      conclude that sufficient evidence has not been obtained and that additional work
      is needed. In this case, after consulting with the audit director and the Reviewer,
      the auditor generally should either ask the other auditors to perform additional
      tests or perform the additional tests; if the additional testing is not done, the
      auditor should consider the effect of this scope limitation on the auditor's report.
       Since reaching this conclusion after the work is performed is inefficient, when
      the level of review is high, the auditor generally should coordinate or concur with
      major planning decisions before audit work is started.

.54   Sometimes, the auditor may disagree with the conclusions or judgments of the
      other auditors. In this case, the auditor should consider the other auditors' work
      as well as any other evidence necessary to determine the appropriate conclusion.

.55   The auditor should then discuss the issue with the other auditors to attempt to
      resolve the disagreement. It is important to attempt to resolve disagreements to
      reduce confusion that may arise from differing auditor views. In planning the
      audit, the auditor should try to identify potential disagreements early. Once
      identified, the auditor should discuss the issues with the other auditors as early
      as possible so that they can be resolved timely.

.56   If the auditor does not reach agreement with the other auditors, the auditor
      should consider how to report. For very material disagreements, the auditor may
      decide not to transmit the other auditors' report, instead issuing a disclaimer of
      opinion due to a scope limitation or doing additional work, if necessary, to issue

      April 2003          GAO/PCIE Financial Audit Manual - Part II           Page 650-21
      Planning and General
      650 - Using the Work of Others

      an appropriate opinion. In less material disagreements, the auditor may transmit
      the other auditors' report, issue the transmittal letter or report, and describe the
      disagreement and the basis for the auditor's conclusions.

      DOCUMENTING THE REVIEW OF OTHER AUDITORS' OR SPECIALISTS'
      WORK

.57   Regardless of the type of reporting or the level of review, the auditor's
      documentation should contain the items listed in section 650 A under
      "documentation."

.58   In addition, where the auditor performs supplemental tests of the accounting
      records, the auditor's documentation should contain a description of the work
      (this may be a list of the documents the auditor examined or tick marks on a
      copy of the other auditors' documentation if that is the basis for the selection)
      and the auditor's conclusion. It is not necessary to retain copies of the
      documents examined.

.59   It is important to distinguish between the auditor's responsibilities to review the
      documentation of other auditors versus what the auditor might copy and retain
      from that documentation. The auditor should use judgment in deciding which of
      the other auditors' or specialists' documents to copy and retain. Copies of
      documents readily available from the other auditors or the auditee (such as
      invoices and contracts) need not be retained. Section 650 A indicates what
      documentation the auditor generally should retain.

.60   The auditor may decide to retain other documentation if it might be useful in
      understanding the entity, training staff members, planning future audits,
      reviewing the documentation, or writing the report. Documentation in this
      category includes the entity profile (or equivalent), the general risk analysis or
      audit plan, the audit programs, the ARA and SCE forms (or equivalent), the trial
      balance or lead schedules, the management representation letter, and the
      attorney representation letter. Auditors often find it helpful to keep copies of
      documents in case questions are raised in review but not to include those copies
      in the documentation unless they are needed to document the work performed.
      Documents should not be retained if they are no longer needed. The audit plan
      or audit program may indicate which documents to retain.

      USING INTERNAL AUDIT STAFF TO PROVIDE DIRECT ASSISTANCE
      TO THE AUDITOR

.61   Sometimes the auditor or the auditee requests that internal auditors provide
      direct assistance to the auditor. Before this is done, the auditor should be

      April 2003          GAO/PCIE Financial Audit Manual - Part II               Page 650-22
      Planning and General
      650 - Using the Work of Others

      satisfied with the independence, objectivity, and qualifications of the staff
      assigned to do the work requested. AU 322.27 indicates that in these situations
      "the auditor should inform the internal auditors of their responsibilities, the
      objectives of the procedures they are to perform, and matters that may affect the
      nature, timing, and extent of procedures.... The auditor should also inform the
      internal auditors that all significant accounting and auditing issues identified
      during the audit should be brought to the auditor's attention." The auditor should
      direct, review, test, and evaluate the work done by internal auditors to the extent
      appropriate based on the auditor's evaluation of risk, materiality, objectivity, and
      qualifications.

      USING AGENCY SPECIALISTS

.62   Many agencies have actuaries, security specialists, statistical specialists, and
      other specialists whose work the auditor would like to use. Unless these
      specialists are part of an organization that is organizationally independent or
      under contract to such an organization, the auditor should evaluate their work as
      the work of any auditee employee. The auditor generally should use specialists
      in the audit organization or contract for outside specialists to develop and
      implement appropriate tests.

      MULTIPLE LEVELS OF OTHER AUDITORS

.63   Sometimes there are several levels of other auditors. For example, the IG might
      hire a CPA firm to do an audit. The IG may issue a report concurring with the
      CPA's report or a letter transmitting the CPA's report; GAO may then use the
      work of the IG.

.64   In these situations, each audit organization should follow the guidance in section
      650. The IG should evaluate the independence (see paragraphs 650.11-. 24) and
      qualifications of the other auditors (see paragraphs 650.25-. 35), should review
      the audit documentation (see paragraph 650.42), and may need to have
      discussions with entity management and/or perform supplemental tests of key
      accounts (see paragraphs 650.43-. 47) (depending on the level of review deemed
      appropriate). GAO should evaluate the qualifications of the IG organization (by
      reading the peer review report, the letter of comments, and the audit
      organization's response as described in paragraph 650.25) and the team doing the
      monitoring, should review the IG's documentation, and may perform
      supplemental tests. When GAO finds that the IG has done and documented
      adequate work including discussions with management and/or supplemental
      tests, GAO's discussions and/or supplemental tests would be quite limited—
      perhaps a walk-through of work done in high-risk and material areas. Often,
      GAO may attend fewer meetings than the IG staff attends and would concentrate

      April 2003         GAO/PCIE Financial Audit Manual - Part II            Page 650-23
      Planning and General
      650 - Using the Work of Others

      the review on the IG's documentation. GAO may then issue a report on the
      financial statements.

.65   Because of the potential for inefficiency, there should be close coordination
      between the various auditors. The IG and GAO may perform the review jointly.
      Sometimes, a memorandum of understanding might be useful in documenting
      responsibilities. A chart that describes the review to be done by each
      organization may be useful. The following is a useful format for this chart (with
      more detail added as necessary under each phase):

                                                    Procedures

       Phase                Other auditor        IG review            GAO review

       Planning
       Internal control
       Testing
       Reporting

      REPORTS ON OTHER AUDITORS' WORK

.66   The auditor may be asked to issue a report evaluating work done by other
      auditors in a situation where the auditor is not using the work of the other
      auditors. For example, the auditor might be asked to evaluate an audit done by a
      CPA firm. While AU 543, 322, and 336 are not directed towards these situations,
      the guidance in FAM 650 is helpful in planning and reporting on these
      assignments.




      April 2003          GAO/PCIE Financial Audit Manual - Part II         Page 650-24
      Planning and General


      650 A - SUMMARY OF AUDIT PROCEDURES AND
              DOCUMENTATION FOR REVIEW OF OTHER
              AUDITORS' WORK

.01   The table in this section indicates the work that generally should be performed
      for each level of review, as well as what generally should be retained in the
      documentation. The table does not include work on other auditor's
      independence, objectivity, and qualifications. (See paragraphs 650.11-.35 for a
      discussion of that work.) Where the other auditor uses equivalent documents,
      review those documents.

.02   In the table, steps to be performed and documents to be retained at the low level
      of review are indicated by regular font. The moderate level of review includes
      the low level plus those in bold letters. The high level of review includes the
      moderate level plus those in BOLD CAPITALS.




      April 2003         GAO/PCIE Financial Audit Manual - Part II         Page 650 A-1
Planning and General
650 A - Summary of Audit Procedures and Documentation for Review of
        Other Auditors' Work


                                 AUDIT PROCEDURES
                At entity level            For significant line items, accounts, or
                                                         applications
 -   Communicate with the other auditors: - Review:
     - as to the objectives of the work     - audit program
     - discuss their procedures and         - conclusions about significant
       results                                 issues and their resolution (often
                                               in audit summary)
 -   Attend key entrance and exit
                                            - account risk analysis (ARA)
     meetings
                                            - specific control evaluations
 -   COORDINATE OR CONCUR IN                   (SCE)
     SIGNIFICANT PLANNING                   - cycle memo
     DECISIONS BEFORE MAJOR                 - flowcharts
     WORK IS STARTED                        - determination of test
 -   Review:                                   materiality
     - general risk analysis                - sampling plan
     - audit plan                           -  other auditors' key
     - scope of work                           documentation
     - audit summary memorandum             -  documentation for high-risk
     - summary of unadjusted                   accounts, estimates, and
       misstatements                           judgments
     - analytical procedures                - analytical procedures
     - completion checklist                 - evaluation of sample results
     - determination of planning and        - summary of possible
       design materiality                      adjustments
     - information systems
       background                         - PARTICIPATE IN DISCUSSIONS
     - general and application              WITH MANAGEMENT
       controls documentation (done         PERSONNEL AND/OR PERFORM
       by information systems               SUPPLEMENTAL TESTS OF THE
       auditor)                             LINE ITEMS (ESPECIALLY KEY
     - representation letters               ITEMS, ESTIMATES AND
     - key documentation                    JUDGMENTS); COMPARE
                                            CONCLUSIONS
 -   Read:
     - other auditor's report
     - financial statements and notes
     - stewardship report and required
       supplementary information
     - other accompanying information
     - management's response

April 2003           GAO/PCIE Financial Audit Manual - Part II        Page 650 A-2
Planning and General
650 A - Summary of Audit Procedures and Documentation for Review of
        Other Auditors' Work


                             DOCUMENTATION
                Retain                                  Optional
 Auditor prepared:                        - entity profile
                                          - general risk analysis
 - audit plan                             - other auditor's audit plan
 - audit program                          - other auditor's audit program
 - memo documenting entrance and          - account risk analyses
   exit conference                        - specific control evaluations
 - MEMOS DOCUMENTING KEY                  - sampling plan
   MEETINGS ATTENDED AND                  - trial balance
   DISCUSSIONS WITH AUDITEE               - lead schedules
   MANAGEMENT                             - evaluation of sample results
 - results of review of                   - management representation
   documentation                            letter
 - SUPPLEMENTAL TEST                      - legal representation letter
   DOCUMENTATION
 - summary memo

 Other auditor prepared:

 At entity level:
 - other auditor's report
 - final financial statements and notes
 - stewardship report
 - management letter
 - other auditor's unadjusted
   misstatements, estimate of the
   imprecision of audit procedures, and
   comparison with materiality
 - audit completion checklist
 - other auditor's audit summary memo

 At line item level:
 - documentation that supports
   exceptions
 - other auditor's documentation
   evidencing significant judgments
   and conclusions




April 2003        GAO/PCIE Financial Audit Manual - Part II        Page 650 A-3
[This page intentionally left blank.]
Planning and General


650 B - EXAMPLE AUDIT PROCEDURES FOR USING
        THE WORK OF OTHERS

This program is appropriate when using the work of other auditors or the work of
specialists to perform a full or partial audit of financial statements. The steps
should be tailored to the circumstances and the planned level of review by
deleting inapplicable steps, modifying the steps, and adding additional steps.
When the other auditors or specialists have done only part of an audit, many of
the steps below may be deleted. Many of the steps also may be deleted for the
low level of review or when the auditor plans to issue a transmittal letter. The
program consists of three sections: evaluating independence, objectivity, and
qualifications for CPA firms and specialists; evaluating independence, objectivity,
and qualifications for government auditors; and monitoring the work (for all
types of other auditors and for specialists). The auditor generally should use one
of the first two sections and the third section. A separate form generally should
be used for each other auditor or specialist.

Entity:________________________________________________________________

Job code:_____________________________________________________________

Period of audit:________________________________________________________


                          Step                                Done         W/P
                                                             by/date       ref

 EVALUATING INDEPENDENCE, OBJECTIVITY,
 AND QUALIFICATIONS FOR CPA FIRMS AND
 SPECIALISTS

 1. Read the statement of work or request for proposal
    to determine whether this contracting document
    provides sufficient background on the auditee and
    indicates the objectives of the work, what the
    contractor should include in its proposal, how
    proposals will be evaluated, and how the report will
    be used.




April 2003         GAO/PCIE Financial Audit Manual - Part II           Page 650 B-1
Planning and General
650 B - Example Audit Procedures for Using the Work of Others


                          Step                               Done         W/P
                                                            by/date       ref

 Independence and objectivity:

 2. Determine whether proposal of selected firm
    includes a representation as to the firm's
    independence and objectivity.
 3. If proposal does not include a representation as to
    independence and objectivity, obtain written
    representation from firm.
 Qualifications:

 4. Read proposal of selected firm. In reviewing
    proposal, evaluate the overall qualifications of the
    team performing the work. Review resumes and
    consider for key team members their educational
    level, professional certifications, and professional
    experience (including whether key team members
    have current knowledge and experience in the type
    of work done).
 5. If the auditor does not know the qualifications of
    the selected firm, review peer review report, letter
    of comments, and response letter.
 6. Communicate orally or in writing with the other
    auditors to be satisfied that they understand the
    requirements, the timetable, and the report or letter
    the auditor expects to issue.




April 2003         GAO/PCIE Financial Audit Manual - Part II          Page 650 B-2
Planning and General
650 B - Example Audit Procedures for Using the Work of Others



                           Step                              Done         W/P
                                                            by/date       ref

 EVALUATING INDEPENDENCE, OBJECTIVITY,
 AND QUALIFICATIONS FOR GOVERNMENT
 AUDITORS

 Independence and objectivity:

 1. For all government audit organizations, obtain
    written representation from the head of the audit
    organization that the audit organization and the
    individual auditors are independent of the entity
    being audited.
 2. Determine whether the audit organization meets
    ONE of the criteria in paragraph 650.15, or the head
    meets ONE of the criteria in paragraph 650.16.

    If the organization (or its head) meets one of these
    criteria, no further work is needed unless the
    auditor finds contrary evidence as to independence
    and objectivity in other parts of the audit. Indicate
    which criterion is met; document the evaluation of
    any other evidence obtained. (Go to step 6.)
 3. If the audit organization (or its head) does not meet
     any of the criteria in step 2, determine whether it
     meets ALL of the criteria in paragraph 650.18.
 4. Review the audit organization's documentation of
    how it meets the requirements of step 3. Discuss
    with head of audit organization (consider
    discussing with external quality control reviewer,
    legal counsel for audit organization, and auditor's
    legal counsel). (Go to step 6.)




April 2003          GAO/PCIE Financial Audit Manual - Part II         Page 650 B-3
Planning and General
650 B - Example Audit Procedures for Using the Work of Others


                            Step                                Done         W/P
                                                               by/date       ref

 5. If the audit organization does not meet the criteria
     for organizational independence to report
     externally, determine whether the organization is
     an independent internal audit organization under
     GAGAS and IIA standards. Determine whether the
     internal auditors are objective for the activities they
     audit. Consider the organizational status of the
     head of the audit organization, including whether
     the head
     • is accountable to the head or deputy head of the
         government entity,
     • is required to report the results of the audit
         organization's work to the head or deputy head
         of the government entity, and
     • is located organizationally outside the staff or
         line management function of the unit under
         audit.
 6. For all government audit organizations, obtain an
     understanding of organization's policies to enhance
     the objectivity of individual auditors, including
     • policies to prohibit auditors from auditing areas
         where relatives are employed,
     • policies to prohibit auditors from auditing areas
         where they were recently assigned or are
         scheduled to be assigned after they complete
         their tour of duty in auditing, and
     • policies to require representations as to
         objectivity and lack of conflicts of interest from
         each auditor.
 7. Prepare memorandum documenting work
    performed and conclusions as to independence and
    objectivity.




April 2003          GAO/PCIE Financial Audit Manual - Part II            Page 650 B-4
Planning and General
650 B - Example Audit Procedures for Using the Work of Others


                           Step                               Done         W/P
                                                             by/date       ref

 Qualifications:

 8. Read the latest peer review report, letter of
    comments, and the audit organization's response.
    Note date of report and whether it is unqualified. If
    report is recent (usually within the past year) and
    unqualified, go to step 12.
 9. If the peer review is not recent, review the latest
     inspection report, if any, and the organization's
     response. Note date of report and whether it is
     unqualified. If the inspection is recent (usually
     within the past year) and unqualified, go to step 12.
 10. If the organization has not had a recent peer review
     or inspection, obtain an overview of the important
     policies and procedures in the functional areas
     (through interviews of management and staff and
     through reading the summary quality control
     document, if any). Consult with Reviewer before
     performing this step.
 11. If the peer review or inspection report was qualified
     or adverse, determine whether the quality control
     system has since been strengthened. Review the
     organization's action plan for strengthening its
     quality control system. Consider the effect of
     remaining weaknesses in determining the level of
     review.




April 2003          GAO/PCIE Financial Audit Manual - Part II          Page 650 B-5
Planning and General
650 B - Example Audit Procedures for Using the Work of Others


                           Step                              Done         W/P
                                                            by/date       ref

 12. Inquire how the audit organization determined the
     staffing for the audit. Evaluate the overall
     qualifications of the team performing the work.
     Review resumes and consider for key team
     members:
     • educational level, professional certifications,
         and professional experience;
     • continuing professional education, especially
         whether key team members have received
         training and have current knowledge in the type
         of work done;
     • supervision and review of work;
     • whether the audit team has adequate sources for
         consultation and use of specialists, especially
         for audit sampling, audit methodology, and
         review of computer controls; and
     • quality of documentation, reports, and
         recommendations.
 13. If the auditor has significant concerns about the
     audit organization's or team's objectivity or
     qualifications, the auditor, in developing the audit
     plan, may either
     • ask the audit organization to substitute more
         objective or highly qualified staff members;
     • do the work, treating any work done by the
         other auditors as prepared by the auditee;
     • divide the work so that the other auditors test
         the areas where they are qualified and the
         auditor does the rest of the audit; or
     • issue a disclaimer of opinion.




April 2003          GAO/PCIE Financial Audit Manual - Part II         Page 650 B-6
Planning and General
650 B - Example Audit Procedures for Using the Work of Others



                          Step                             Done         W/P
                                                          by/date       ref

 MONITORING THE WORK (FOR ALL TYPES OF
 OTHER AUDITORS AND FOR SPECIALISTS)

 1. Develop a plan for reviewing the other auditors' or
    specialists' work and, if necessary, performing
    supplemental tests of the accounting records.
    Determine the level of review for each line item.
 2. Monitor the planning of the audit (FOR MODERATE
    AND HIGH LEVEL OF REVIEW).
    • Attend entrance meeting and key planning
       meetings.
    • Review the entity profile.
    • Review the General Risk Analysis or equivalent
       document (and audit plan if prepared as a
       separate document) (FOR ALL LEVELS OF
       REVIEW).
    • Review the determination of planning
       materiality and design materiality.
    • Have an information systems auditor review the
       information resource management background
       information and the documentation for review
       of general and application controls.
    • Document line items and applications to be
       reviewed.
    • For each such line item, review the Account
       Risk Analyses, the Specific Control Analyses,
       the cycle flowcharts, the cycle memoranda, the
       determination of test materiality, and the audit
       program or equivalent documents.




April 2003         GAO/PCIE Financial Audit Manual - Part II        Page 650 B-7
Planning and General
650 B - Example Audit Procedures for Using the Work of Others


                          Step                              Done         W/P
                                                           by/date       ref

 3. Monitor the execution of the audit (for reports
    following example 2 of section 650 C or section 595
    A and/or B WHERE LEVEL OF REVIEW IS HIGH).
    • Attend key meetings, especially those discussing
        high-risk areas, significant estimates and
        judgments, and the other auditors' conclusions.
    • Discuss key items with auditee management,
        especially significant estimates and judgments.
    • Perform supplemental tests of the accounting
        records.
       •• Generally do for high risk and material line
             items, especially in areas involving
             estimates and judgments or ones that users
             rely on extensively.
       •• Generally do while the other auditors are at
             the auditee location and have access to the
             records.
       •• Examine some of the same documents the
             other auditors examined or make own
             selection or both.
       •• Compare results of other auditors' work to
             results of supplemental tests.
       •• Document scope of supplemental testing
             and conclusions reached.




April 2003         GAO/PCIE Financial Audit Manual - Part II         Page 650 B-8
Planning and General
650 B - Example Audit Procedures for Using the Work of Others


                           Step                             Done         W/P
                                                           by/date       ref

 4. Monitor the completion of the audit (items with *
    are usually not necessary for LOW level of review)
    • Review the overall analytical procedures.
    • *Review the key documentation for the line item
       and for completing the audit; consider
       evaluations of sample results. (For example,
       were projections appropriate? Was appropriate
       action taken based on sample results?)
    • *Determine whether the subsequent events
       review was updated to the date of the auditor's
       report.
    • Review the audit summary memorandum,
       conclusions about line items, and summary of
       possible adjustments.
    • Review the audit completion checklist (or
       equivalent document).
    • Review the management representation letter
       and the legal representation letter.
    • *Attend key exit conference(s).
    • Read the other auditors' report, the financial
       statements, the notes, the other accompanying
       information, and management's response.
 5. Prepare summary memorandum.
 6. Write the auditor's report or transmittal letter.




April 2003          GAO/PCIE Financial Audit Manual - Part II        Page 650 B-9
[This page intentionally left blank.]
    Planning and General


    650 C - EXAMPLE REPORTS WHEN USING THE
            WORK OF OTHERS

    EXAMPLE 1 – TRANSMITTAL LETTER

    We contracted with the independent certified public accounting firm of [name of
    firm] to audit the financial statements of [name of entity] as of [date] and for the
    year then ended. The contract required that the audit be done in accordance with
    U.S. generally accepted government auditing standards; OMB's bulletin, Audit
    Requirements for Federal Financial Statements; and the GAO/PCIE Financial
    Audit Manual.

    In its audit of [name of entity], [name of CPA firm] found

    •   the financial statements were fairly presented, in all material respects, in
        conformity with U.S. generally accepted accounting principles,

    •   [entity] had effective1 internal control over financial reporting (including
        safeguarding assets) and compliance with laws and regulations,

    •
                                                                      2
        [entity's] financial management systems substantially complied with the
        requirements of the Federal Financial Management Improvement Act of 1996
        (FFMIA), and

    •   no reportable noncompliance with laws and regulations it tested.

    [Name of CPA firm] also described the following significant matters:

    [Discuss significant matters].




1
    If the other auditors did not provide an opinion on internal control, change this to
    "there were no material weaknesses in internal control" (and include a definition
    of material weakness in a footnote).
2
    If the other auditors did not provide an opinion (i.e., did not give positive
    assurance) on whether the entity's systems complied with FFMIA, change this to
    "no instances in which entity's financial management systems did not
    substantially comply" (i.e., negative assurance).

    April 2003           GAO/PCIE Financial Audit Manual - Part II           Page 650 C-1
    Planning and General
    650 C - Example Reports When Using the Work of Others

    [For transmittal letters expressing no assurance, use the following paragraph:]

    [Name of CPA firm] is responsible for the attached auditor's report dated [date]
    and the conclusions expressed in the report. We do not express opinions on
    [name of entity]'s financial statements or internal control or on whether [entity]'s
    financial management systems substantially complied with FFMIA; or
    conclusions on compliance with laws and regulations.

    [For transmittal letters expressing negative assurance, use the following
    paragraph:]

    In connection with the contract, we reviewed [name of CPA firm]'s report and
    related documentation and inquired of its representatives. Our review, as
    differentiated from an audit in accordance with U.S. generally accepted
    government auditing standards, was not intended to enable us to express, and we
    do not express, opinions on [name of entity]'s financial statements or internal
            3
    control or on whether [entity]'s financial management systems substantially
    complied with FFMIA;4 or conclusions on compliance with laws and regulations.
    [Name of CPA firm] is responsible for the attached auditor's report dated [date]
    and the conclusions expressed in the report. However, our review disclosed no
    instances where [name of CPA firm] did not comply, in all material respects, with
                                                             5
    U.S. generally accepted government auditing standards.




3
    If the other auditors did not provide an opinion on internal control, change this to
    read "conclusions about the effectiveness of internal control."
4
    If the other auditors did not provide an opinion on FFMIA, change "opinion" to
    "conclusions."
5
    If the auditor found that the other auditors did not comply with GAGAS, or if the
    auditor disagrees with the other auditors' conclusions, see paragraphs 650.54-.56.

    April 2003          GAO/PCIE Financial Audit Manual - Part II          Page 650 C-2
    Planning and General
    650 C - Example Reports When Using the Work of Others

    EXAMPLE 2 – REPORT CONCURRING WITH OTHER AUDITORS'
    OPINION (PRESENTING REPORT OF OTHER AUDITORS AFTER THE
                     6
    AUDITOR'S REPORT)

    Under [citation of statute], we are responsible for auditing [name of entity]. To
    help fulfill these responsibilities, we contracted with [name of firm], an
    independent certified public accounting firm. [Name of firm]'s report dated
    [date] is attached.

    We concur7 with [name of firm]'s report that indicated:

    •   the financial statements were fairly presented, in all material respects, in
        conformity with U.S. generally accepted accounting principles,

    •   [entity] had effective internal control over financial reporting (including
        safeguarding assets) and compliance with laws and regulations,

    •   [entity's] financial management systems substantially complied with the
        requirements of the Federal Financial Management Improvement Act of 1996
        (FFMIA), and

    •   no reportable noncompliance with laws and regulations it tested.

    Details of their conclusions are in their report.

    OBJECTIVES, SCOPE, AND METHODOLOGY

    Management is responsible for (1) preparing the financial statements in
    conformity with U.S. generally accepted accounting principles, (2) establishing,
    maintaining, and assessing internal control to provide reasonable assurance that
    the broad control objectives of 31 U.S.C. 3512 (c), (d) (Federal Managers'
    Financial Integrity Act) are met, (3) ensuring that [entity]'s financial management
    systems substantially comply with FFMIA requirements, and (4) complying with
    applicable laws and regulations.


6
    This example assumes the other auditors opined on internal control and on
    whether the financial management systems substantially complied with FFMIA. If
    the other auditors provided negative assurance, appropriate changes should be
    made.
7
    If the auditor does not concur with the other auditors' report, see paragraphs
    650.54-.56.

    April 2003           GAO/PCIE Financial Audit Manual - Part II           Page 650 C-3
Planning and General
650 C - Example Reports When Using the Work of Others

We are responsible for obtaining reasonable assurance about whether (1) the
financial statements are presented fairly, in all material respects, in conformity
with U.S. generally accepted accounting principles, and (2) management
maintained effective internal control, the objectives of which are the following:

•   Financial reporting: Transactions are properly recorded, processed, and
    summarized to permit the preparation of financial statements and stewardship
    information in conformity with U.S. generally accepted accounting principles,
    and assets are safeguarded against loss from unauthorized acquisition, use, or
    disposition.

•   Compliance with laws and regulations: Transactions are executed in
    accordance with laws governing the use of budget authority and with other
    laws and regulations that could have a direct and material effect on the
    financial statements and any other laws, regulations, and governmentwide
    policies identified by OMB audit guidance.

We are also responsible for (1) testing whether [entity's] financial management
systems substantially comply with the three FFMIA requirements, (2) testing
compliance with selected provisions of laws and regulations that have a direct
and material effect on the financial statements and laws for which OMB audit
guidance requires testing, and (3) performing limited procedures with respect to
certain other information appearing in the Accountability Report.

To help fulfill these responsibilities, we contracted with the independent certified
public accounting (CPA) firm of [name of firm] to perform a financial statement
audit in accordance with U.S. generally accepted government auditing standards;
OMB's bulletin, Audit Requirements for Federal Financial Statements; and the
GAO/PCIE Financial Audit Manual. We evaluated the nature, timing, and extent
of the work, monitored progress throughout the audit, reviewed the
documentation of the CPA firm, met with partners and staff members, evaluated
the key judgments, met with officials of [entity being audited], performed
independent tests of the accounting records, and performed other procedures we
deemed appropriate in the circumstances. We conducted our work in
accordance with U.S. generally accepted government auditing standards.




April 2003          GAO/PCIE Financial Audit Manual - Part II          Page 650 C-4
      Planning and General


      660 – AGREED-UPON PROCEDURES

.01   In an engagement to apply agreed-upon procedures, a client engages an auditor to
      perform specific procedures on subject matter and report on the results to assist
      users in evaluating subject matter or an assertion. Agreed-upon procedures
      should be performed in accordance with the Statements on Standards for
      Attestation Engagements (SSAE). The auditor should read appropriate sections
      (e.g., AT 101, Attest Engagements, and AT 201, Agreed-Upon Procedures
      Engagements) and thoroughly understand them before performing agreed-upon
      procedures.

.02   An agreed-upon procedures engagement may be applied to a variety of subject
      matter. The engagement will vary depending on the needs of the user. The
      engagement may assist entity management by providing information for making
      decisions and give report users information on important areas. Examples of
      agreed-upon procedures are:

      •   compare payroll information reported to the Office of Personnel Management
          with the entity's payroll records and general ledger;

      •   compare entity reconciliations of intragovernmental activity and balances with
          supporting documentation and compare amounts with the financial statements
          and with reports to the Department of the Treasury (Treasury);

      •   trace tax collections from the master file to deposit confirmations, determine
          whether they were recorded in the appropriate period and in the correct tax
          class;

      •   trace amounts on the entity's financial statements to an "account grouping
          worksheet," foot the worksheet, read the CFO's explanation for any
          differences, and compare the explanation with supporting documentation; and

      •   examine official receipt documents to determine whether they were included
          in the weekly deposit; compare deposit amounts to amounts reported on the
          statement of funding.

.03   In agreed-upon procedures engagements, all parties involved, which include the
      report users, the entity responsible for the subject matter (which may or may not
      be the same as the user), and the auditor, should clearly understand the
      procedures to be applied. Since users may have different needs, the nature,
      timing, and extent of the agreed-upon procedures also may differ. Therefore, the
      users, and not the auditor, assume the responsibility for the sufficiency of the

      April 2003          GAO/PCIE Financial Audit Manual - Part II            Page 660-1
      Planning and General
      660 – Agreed-Upon Procedures

      design and extent of the procedures since they best understand their own needs,
      although the auditor may assist the user in designing the procedures.

.04   The auditor should establish and document an understanding with the users
      regarding the nature, timing, and extent of the agreed-upon procedures to be
      performed. The auditor may document this understanding using an engagement
      letter to the users. (See example in section 660 A.)

.05   The subject matter should be capable of evaluation against criteria that are
      suitable and available to users. Suitable criteria should have objectivity,
      measurability, completeness, and relevance. The procedures should be subject
      to reasonably consistent measurement and the criteria should be agreed upon.
      The auditor should not perform overly subjective procedures or use terms with
      uncertain meaning unless they are defined within the agreed-upon procedures.

.06   The auditor need not perform additional procedures beyond the agreed-upon
      procedures. If matters come to the auditor's attention by other means that
      significantly contradict the subject matter (or assertion), the auditor should
      include these matters in the report. For example, if during the course of applying
      agreed-upon procedures regarding an entity's operation, the auditor becomes
      aware of a material weakness related to the assertion by means other than the
      agreed-upon procedures, the auditor should include this matter in the report.
      This may be done by mentioning the material weakness with a footnote reference
      to another report where it is described in detail.

.07   Where circumstances impose restrictions on the performance of the agreed-upon
      procedures, the auditor should attempt to obtain agreement from the users of the
      report to modify the agreed-upon procedures. When agreement cannot be
      obtained (for example, when the agreed-upon procedures are published by a
      regulatory agency that will not modify the procedures), the auditor should
      describe restrictions in the report or withdraw from the engagement.

      WRITTEN REPRESENTATIONS

.08   The auditor should determine if a representation letter is necessary. The auditor
      may determine that a representation letter is necessary, for example, if (1) the
      responsible entity is so large there is a risk as to whether one person knows
      whether pertinent information has been made available to the auditor, (2) the
      subject matter depends on estimates, judgments, or future events (i.e., whether
      the subject matter is less objective and fact-based and more subjective), or
      (3) the user of the report believes written representations should be obtained.
      Although generally not required (unless specifically required by another
      attestation standard, such as in a compliance engagement) a representation letter

      April 2003         GAO/PCIE Financial Audit Manual - Part II           Page 660-2
      Planning and General
      660 – Agreed-Upon Procedures

      may nonetheless be a useful means of documenting the responsible entity's
      representations. (See FAM section 660 B for an example representation letter for
      an agreed-upon procedures engagement.)

.09   The responsible entity's refusal to furnish written representations determined by
      the auditor to be necessary constitutes a scope limitation. In such
      circumstances, the auditor should do one of the following:

      • disclose in the report the inability to obtain representations from the
        responsible entity,

      • withdraw from the engagement, or

      • change the engagement to another form of engagement (e.g., a performance
        audit).

      DOCUMENTATION

.10   In accordance with GAGAS, the auditor should prepare and maintain
      documentation in connection with an agreed-upon procedures engagement that
      is appropriate for the engagement. They should contain sufficient information to
      enable an experienced auditor having no previous connection with the
      engagement to ascertain from them the evidence that supports the auditors'
      agreed-upon procedures report.

.11   Although the quantity, type, and content of documentation varies with the
      circumstances, ordinarily it should be sufficient to demonstrate that the work
      was adequately planned and supervised and sufficient evidential matter was
      obtained to provide a reasonable basis for the report.

.12   The auditor generally should prepare a summary memorandum that recaps the
      work performed and refers to the detailed documentation. This memorandum
      generally should include the auditor's conclusion on whether the work was
      performed in accordance with GAGAS, including the attestation standards, and
      the GAO/PCIE FAM and whether the report is appropriate. (See FAM section
      660 C for an agreed-upon procedures completion checklist.)

      REPORTING

.13   An auditor should report on the agreed-upon procedures in the form of results.
      The auditor should not provide any opinion or negative assurance about whether
      the subject matter or the assertion is fairly stated based on the criteria. The
      report should include information such as the identification of the entities that

      April 2003          GAO/PCIE Financial Audit Manual - Part II               Page 660-3
      Planning and General
      660 – Agreed-Upon Procedures

      agreed to the procedures and took responsibility for the sufficiency of the design
      and extent of the procedures for their purposes, as shown in the example report
      in FAM section 660 D.

.14   The auditor should report all results arising from application of the agreed-upon
      procedures. The concept of materiality does not apply to results to be reported
      in an agreed-upon procedures engagement unless the users of the report agree to
      the definition of materiality. This could be included in the engagement letter.
      Any agreed-upon materiality limits should be described in the report.

.15   The auditor should include a statement indicating that the report is intended for
      the specified users who have agreed upon the procedures performed and taken
      responsibility for the sufficiency of the design and extent of the procedures for
      their needs. However, since governmental reports are generally a matter of
      public record, the distribution of the report is not limited.

.16   The auditor may have performed agreed-upon procedures on an element,
      account, or item of financial statements and also audited the same financial
      statements. If the audit report on the financial statements includes a departure
      from a standard report, the auditor generally should include a reference to the
      audit report and the departure from the standard report in the agreed-upon
      procedures report.

.17   The auditor also may include explanatory language about such matters as the
      following:

      •   stipulated facts, assumptions, or interpretations (including the source);

      •   description of the condition of records, controls, or data to which the
          procedures were applied;

      •   explanation that the auditor has no responsibility to update the report; or

      •   explanation of sampling risk.

.18   The auditor should state the results in definitive, rather than qualified, language
      and avoid vague or ambiguous language. The following table provides examples
      of appropriate and inappropriate descriptions of findings.




      April 2003          GAO/PCIE Financial Audit Manual - Part II             Page 660-4
      Planning and General
      660 – Agreed-Upon Procedures


            Examples of appropriate/inappropriate description of findings
                                                  Description of findings
        Procedures agreed-upon                 Appropriate          Inappropriate
       Based on the total tax           Recomputed amounts for         Nothing came to
       liability, select and            the selected excise tax        our attention as a
       recompute the 50 largest         returns agreed with the        result of applying
       excise tax returns from the      amounts in the certified       this procedure.
       quarter ended September 30       audit file.
       and compare these amounts
       with the certified audit file.
       Select a random sample of        Revenue receipts selected      The revenue
       45 Treasury SF-224               randomly from the              receipts
       reconciliations; determine if    monthly Treasury SF-224        approximated the
       XYZ reported revenue             reconciliation process         amount shown in
       receipts were properly           were properly classified       the Treasury FMS
       classified and reconciled to     and agreed with Treasury       records.
       Treasury FMS records.            FMS records.
       Examine personnel files of       Thirty of the selected files   Some of the
       40 individuals randomly          contained a current and        personnel files did
       selected from the                approved Notification of       not contain a
       timekeeping records for the      Personnel Action. Ten          current and
       year; determine if all the       files did not contain a        approved
       selected files contain a         current and approved           Notification of
       current and approved             Notification of Personnel      Personnel Action.
       Notification of Personnel        Action (list and identify
       Action.                          exceptions).

      Other Report Issues

.19   The report should be addressed to the users who have agreed upon the
      procedures to be performed (see paragraph 660.03). The date of completion of
      the agreed-upon procedures should be used as the date of the agreed-upon
      procedures report. If the audit organization's procedure is to date reports with
      the issue date, the date of completion of fieldwork may be stated in the report
      (e.g., "We completed the agreed-upon procedures on [date].").

.20   Agency comments should be obtained from the entity responsible for the subject
      matter. If time constraints present problems, oral comments may be obtained.




      April 2003          GAO/PCIE Financial Audit Manual - Part II             Page 660-5
[This page intentionally left blank.]
Planning and General


660 A - EXAMPLE AGREED-UPON PROCEDURES
        ENGAGEMENT LETTER

[Date]

Management of ABC Agency

Subject: Fiscal Year 20X1 Agreed-Upon Procedures for the Tax Trust Fund

Dear Management Official:

Based on our discussions, we agree to perform agreed-upon procedures to assist
ABC Agency in determining the completeness and accuracy of receipts
transferred to the tax trust fund. XYZ Agency is responsible for the information
to which these procedures will be applied.

This letter documents our agreement to perform these agreed-upon procedures
related to fiscal year 20X1. We will perform these procedures in accordance with
U.S. generally accepted government auditing standards, which incorporate the
financial audit and attestation standards established by the American Institute of
Certified Public Accountants (AICPA). The procedures are included in the
enclosure to this letter. We will meet with you as needed to discuss the agreed-
upon procedures, results, and other issues that may arise.

We are not engaged to perform, and will not perform, an examination, the
objective of which would be to express an opinion on the amount of receipts
transferred to the tax trust fund. Accordingly, we will not express such an
opinion. Were we to perform additional procedures, other matters might come
to our attention that we would report to you.

Our report will be intended solely for your information and use and should not
be used by those who have not agreed to the procedures or taken responsibility
for the sufficiency of the procedures for their purposes. However, the report will
be a matter of public record and its distribution will not be limited.




April 2003         GAO/PCIE Financial Audit Manual - Part II         Page 660 A-1
    Planning and General
    660 A - Example Agreed-Upon Procedures Engagement Letter

    Unless we hear from you, we will assume your concurrence with these
    procedures and their sufficiency for your purposes.1 Please contact me at
    [telephone number] if you or your staff have any questions.

    Sincerely yours,




    [Name of Director]
    Director

    Enclosure

    cc: XYZ Agency




1
    The auditor may request the users to document their agreement with the
    procedures and their sufficiency for their purposes by signing the engagement
    letter and returning it to the auditor.

    April 2003           GAO/PCIE Financial Audit Manual - Part II      Page 660 A-2
Planning and General
660 A - Example Agreed-Upon Procedures Engagement Letter

             Agreed-Upon Procedures for Tax Receipts and Refunds

General

• Compare fiscal year 20X1 tax collections for the ABC tax trust fund per XYZ's
  Statement of Custodial Activity with

   •• the trust fund's accounting records and
   •• ABC's consolidated financial statements.

• Obtain explanations and examine supporting documentation for differences.

Sampling

A. Use dollar unit sampling (DUS) and an 80-percent confidence level to select a
   sample of ABC tax trust fund tax revenue receipts and refunds for fiscal year
   20X1. Use $300 million as the test materiality, which is 1 percent of the total
   revenue collected. Use an expected aggregate misstatement of $100 million,
   or one-third of test materiality. The projected sample size for this population
   is expected to be 40 transactions.

For the sample items selected:

• Receipts testing — Compare tax receipts transactions (for example cash
  receipts, federal tax deposit (FTD) receipts, reversals, and adjustments) with
  source documents to determine whether the amounts agree, the transactions
  are recorded in the appropriate period based on the transaction date, and they
  are properly categorized as ABC tax trust fund receipts.

• Refunds testing — Compare refund transactions with the source documents
  (for example, payment vouchers, FTD coupons, tax returns) to determine
  whether the amounts agree, the transactions are recorded in the appropriate
  period based on the transaction date, and they are properly categorized as
  ABC tax trust fund refunds.

B. Use DUS and the same sampling parameters as above to extract statistical
   samples of total XYZ revenue receipts and refunds for fiscal year 20X1.

For the sample items selected:

• Test whether the tax receipt or refund amounts and tax category from source
  documentation agrees with amounts recorded for each of the revenue receipts
  or refunds sample items.

April 2003          GAO/PCIE Financial Audit Manual - Part II         Page 660 A-3
[This page intentionally left blank.]
Planning and General


660 B - EXAMPLE REPRESENTATION LETTER FROM
        RESPONSIBLE ENTITY ON AGREED-UPON
        PROCEDURES ENGAGEMENT

[XYZ Agency letterhead]

[Date]

Dear Auditor:

In connection with the agreed-upon procedures engagement for XYZ's budget
execution process for the period from October 1, 20X0 through September 30,
20X1, we confirm to the best of our knowledge and belief, the following
representations made to you in performing these agreed-upon procedures.

•   We acknowledge responsibility for XYZ's budget execution process.

•   We acknowledge responsibility for selecting the criteria [state criteria] and
    for determining the appropriateness of the criteria for our purposes.

•   Our budget execution process is [state assertion about budget execution
    process based on the criteria selected].

•   We know of no matters that would contradict our assertion about our budget
    execution process.

•   There have been no communications from regulatory or oversight agencies
    concerning our budget execution process or noncompliance with budgetary
    laws or the Antideficiency Act.

•   We have made available to you all records and related data pertaining to our
    budget execution process during the period from October 1, 20X0 through
    September 30, 20X1.

•   XYZ's budget execution process is designed to meet the requirements of the
    Antideficiency Act.

•   The accounting records and fund status reports are checked quarterly to
    determine whether all source documents that affect the appropriation and
    fund balance have been recorded properly, accurately, and on a timely basis.


April 2003          GAO/PCIE Financial Audit Manual - Part II          Page 660 B-1
Planning and General
660 B – Example Representation Letter from Responsible Entity on
        Agreed-Upon Procedures Engagement

•   The agency's accounting system provides timely disclosure of total valid
    obligations incurred to date and total budgetary resources available for
    obligations within each apportionment.

•   The system also provides timely disclosure of the authorization or creation of
    commitments, obligations, or expenditures that exceed apportionments and
    allotments.

•   We are not aware of instances of noncompliance with the above-stated
    procedures.

•   There has been no fraud involving management, employees, or contractor
    staff who have significant roles in the operation of our budget execution
    process.

•   We have no plans or intentions that would materially affect our budgetary
    process or operations.

Sincerely yours,




Management, XYZ Agency




April 2003         GAO/PCIE Financial Audit Manual - Part II         Page 660 B-2
      Planning and General


      660 C - AGREED-UPON PROCEDURES COMPLETION
              CHECKLIST

      Entity:_________________________________________________________________

      Job code:______________________________________________________________

      Principal report:________________________________________________________

.01   This checklist is a tool to help auditors comply with the requirements for agreed-
      upon procedures engagements. No specific signatures are required on the
      checklist in the planning phase.

.02   Several of the last questions include steps in GAO's quality control process,
      including the GAO workpaper set, second partner review, and review by the
      Technical Accounting and Auditing Expert (Chief Accountant at GAO) when that
      person is not the second partner. GAO auditors should complete these questions
      and forms. IG auditors and other auditors may use these questions and forms or
      may substitute questions and forms that consider their reporting style and quality
      control.


                             Step                           N/A    Yes    No      W/P
                                                                                  ref

       1. Has the audit team documented an
          understanding with the users?

       2. Does the documentation cover the following?
          • The nature of the engagement.
          • Identification of the subject matter, the
             responsible entity, and the criteria.
          • Identification of the users of the report.
          • Auditor's responsibilities.
          • Reference to GAGAS and the attestation
             standards.
          • Agreement on procedures.
          • Disclaimers expected.
          • Any involvement of a specialist.
          • Materiality limits.


      April 2003         GAO/PCIE Financial Audit Manual - Part II          Page 660 C-1
Planning and General
660 C – Agreed-Upon Procedures Completion Checklist


                        Step                          N/A   Yes   No   W/P
                                                                       ref

 3. Was an entrance conference held with the
    responsible entity?

 4. Has the auditor determined whether a letter of
    representation from the responsible entity is
    necessary? (Note: This is not a requirement.)

 5. Were applicable laws and regulations
    documented if part of the procedures?

 6. Were review responsibilities communicated to
    individuals on the assignment?

 7. Does the documentation contain the following?

    a. The scope and methodology, including any
       sampling criteria used.
    b. Documentation of the work performed to
       support reported results.
    c. Descriptions of transactions and records
       examined.
    d. Evidence of supervisory review.

 8. Does the documentation record that the
    applicable standards were followed (AT 201
    and AT 101)?

 9. Does the documentation record a reasonable
    basis for the results of the agreed-upon
    procedures?

 10. Does the summary memorandum summarize
     the results of the procedures and refer to the
     documentation?




April 2003          GAO/PCIE Financial Audit Manual - Part II     Page 660 C-2
Planning and General
660 C – Agreed-Upon Procedures Completion Checklist


                        Step                           N/A   Yes   No   W/P
                                                                        ref

 11. Were any deviations from the standard
     reporting elements documented and the basis
     approved by the assistant director with copies
     of the documentation sent to the audit director
     and Reviewer (AT 201.31)?

 12. Was the report referenced?

 13. Did the assistant director review the
     following?

    a. Understanding with the client.
    b. Memorandum of entrance conference with
       the responsible entity.
    c. Completed work programs.
    d. Memorandums on key engagement issues.
    e. Summary of the results of the procedures.
    f. Memorandum of exit conference with the
       responsible entity.
    g. Deviations from standard reporting
       language.
    h. Financial schedules/statements.
    i. Agreed-upon procedures report.
    j. GAO workpaper set (or equivalent).

 14. Did the audit director review the following?

    a. Understanding with the client.
    b. Summary of results of the procedures.
    c. Memorandum of exit conference with
       responsible entity.
    d. Deviations from standard reporting
       language.
    e. Agreed-upon procedures report.
    f. GAO workpaper set (or equivalent).

 15. Did the assistant director or the auditor in
     charge determine that all significant review
     notes were resolved appropriately?


April 2003          GAO/PCIE Financial Audit Manual - Part II      Page 660 C-3
Planning and General
660 C – Agreed-Upon Procedures Completion Checklist


                        Step                          N/A   Yes   No   W/P
                                                                       ref

 16. Did the assistant director initial all
     documentation bundle covers to indicate that
     all documentation was sufficiently reviewed?

 17. Is the report appropriate as to the following?

    a.   Wording.
    b.   Scope of work.
    c.   GAGAS.
    d.   Explanatory paragraphs.

 18. Was the report reviewed by the following?

    a. Office of the General Counsel.
    b. Technical Accounting and Auditing Expert.
    c. Second partner (or equivalent), if not
       Technical Accounting and Auditing Expert.

 19. Is the agreed-upon procedures report dated
     appropriately or does the report indicate when
     the auditor completed fieldwork? (AT 201)




April 2003          GAO/PCIE Financial Audit Manual - Part II     Page 660 C-4
Planning and General
660 C – Agreed-Upon Procedures Completion Checklist

      SECOND PARTNER'S (OR EQUIVALENT) CONCURRENCE ON
               AGREED-UPON PROCEDURES WORK


 Objective of second partner (or equivalent) review: To objectively
 review significant engagement matters to conclude, based on all facts the
 second partner (or equivalent) has knowledge of, that no matters were found
 that caused the second partner (or equivalent) to believe that (1) the
 procedures were not performed in accordance with GAGAS, which
 incorporate financial audit and attestation standards established by the
 American Institute of Certified Public Accountants and (2) the report does not
 meet professional standards and audit organization policies.

 Procedures: Before the report was issued, I performed the following
 procedures:

 •   as necessary, discussed significant engagement issues with the audit
     director;
 •   read documentation of key decisions and consultations;
 •   read the agreed-upon procedures report; and
 •   confirmed with the audit director that there are no unresolved issues.

 Conclusions: Based on all the relevant facts of which I have knowledge, I
 found no matters that caused me to believe that (1) the agreed-upon
 procedures were not performed in accordance with GAGAS and the AICPA's
 attestation standards related to agreed-upon procedures engagements and
 (2) the report is not in accordance with professional standards and audit
 organization policies.




 ____________________________________________________________________
 Title                           Signature                    Date




April 2003          GAO/PCIE Financial Audit Manual - Part II         Page 660 C-5
Planning and General
660 C – Agreed-Upon Procedures Completion Checklist


        TECHNICAL ACCOUNTING AND AUDITING EXPERT'S
       CONCURRENCE ON AGREED-UPON PROCEDURES WORK


 Objective of review: When the Technical Accounting and Auditing Expert is
 not the second partner (or equivalent), the Technical Accounting and Auditing
 Expert should read the report. The Technical Accounting and Auditing Expert
 should then sign the conclusions below.

 Conclusions: Based on my reading of the report, I found no matters that
 caused me to believe that (1) the agreed-upon procedures were not performed
 in accordance with GAGAS and the AICPA's attestation standards related to
 agreed-upon procedures engagements and (2) the report is not in accordance
 with professional standards and audit organization policies.




 ____________________________________________________________________
 Title                      Signature                            Date




April 2003         GAO/PCIE Financial Audit Manual - Part II       Page 660 C-6
Planning and General


660 D - EXAMPLE AGREED-UPON PROCEDURES
        REPORT

[Date]

Management of ABC Agency

Subject: Applying Agreed-Upon Procedures: Count of Cash and Related Items

Dear Management Official:

We have performed the procedures contained in the enclosure to this letter,
which we agreed to perform and with which you concurred, solely to meet your
needs for an independent count of cash and cash-related items as of
September 30, 20X1.

We conducted our work in accordance with U.S generally accepted government
auditing standards, which incorporate financial audit and attestation standards
established by the American Institute of Certified Public Accountants. These
standards also provide guidance when performing and reporting the results of
agreed-upon procedures.

You are responsible for the adequacy of the procedures to meet your objectives
and we make no representation in that respect. The procedures we agreed to
perform consist of counting amounts for cash and related receipts and comparing
combined totals to the authorized amounts. The enclosure contains the agreed-
upon procedures and our results.

We were not engaged to perform, and did not perform, an examination, the
objective of which would have been to express an opinion on the amount of cash
on hand. Accordingly, we do not express such an opinion. Had we performed
additional procedures, other matters might have come to our attention that we
would have reported to you. We completed our agreed-upon procedures on [date
of completion].

We provided a draft of this letter, along with the enclosure, to your
representatives for review and comment. They agreed with the results presented
in this letter and its enclosure.




April 2003         GAO/PCIE Financial Audit Manual - Part II        Page 660 D-1
Planning and General
660 D - Example Agreed-Upon Procedures Report

This letter is intended solely for the use of the management of ABC Agency and
should not be used by those who have not agreed to the procedures or have not
taken responsibility for the sufficiency of the procedures for their purposes.
However, the report is a matter of public record and its distribution is not limited.

If you have any questions, please call [name, title, and telephone number].

Sincerely yours,




[Name of Director]
Director

Enclosure




April 2003           GAO/PCIE Financial Audit Manual - Part II          Page 660 D-2
Planning and General
660 D – Example Agreed-Upon Procedures Report

                       RESULTS OF CASH COUNTS

Procedures

We counted and totaled cash on hand for the petty cash fund as of [date]. We
also listed and totaled the receipts on hand evidencing disbursements from the
fund. Finally, we compared the combined total of cash and receipts available to
the amount authorized for the fund ($500).

Results

We counted cash totaling $258.96 and scheduled 14 receipts totaling $174.85.
The combined total of cash and receipts on hand accounted for $433.81 of the
$500 in authorized petty cash funds. In addition, the custodian provided us two
separate Expense Summary Report and Petty Cash Itemization Sheets and
related receipts for an additional $65.09, which had been submitted for
reimbursement to the fund. Thus, the unexplained difference between the
authorized amount and the total cash and receipts evidencing petty cash fund
disbursements was $1.10.




April 2003        GAO/PCIE Financial Audit Manual - Part II         Page 660 D-3
[This page intentionally left blank.]
SECTION 700


Internal Control
[This page intentionally left blank.]
      Internal Control


      701 – ASSESSING COMPLIANCE OF AGENCY
            SYSTEMS WITH THE FEDERAL FINANCIAL
            MANAGEMENT IMPROVEMENT ACT (FFMIA)

.01   FFMIA emphasizes the need for agencies to have systems that can generate
      timely, reliable, and useful information with which to make informed decisions
      and to ensure ongoing accountability. FFMIA requires the 24 CFO Act
                                 1
      departments and agencies to implement and maintain financial management
      systems that comply substantially with (1) federal financial management systems
      requirements, (2) applicable federal accounting standards, and (3) the U.S.
      Government Standard General Ledger (SGL) at the transaction level. The law
      also requires auditors to report whether agency financial management systems
      comply with the FFMIA requirements. OMB has provided FFMIA implementation
      guidance to help agencies and their auditors determine compliance. This section
      also provides guidance for assessing agency systems' compliance with FFMIA. It
      explains FFMIA's requirements and discusses audit issues related to testing for
      compliance with the act. An example audit program is included as section 701 A.

      FFMIA REQUIREMENTS
                                                       2
.02   OMB Circular A-127, Federal Financial Systems, also addresses the three FFMIA
      requirements. OMB Circular A-127 prescribes policies and standards for
      executive branch departments and agencies to follow in developing, operating,
      evaluating, and reporting on financial management systems (see
      www.whitehouse.gov/omb/financial). In its FFMIA implementation guidance,
      OMB identifies the applicable requirements from Circular A-127 that should be
                                                                   3
      assessed when making an FFMIA compliance determination. OMB, in Circular
      A-127, refers to the federal financial management systems requirements, a series
      of publications issued by the Joint Financial Management Improvement Program
      (JFMIP), as the source of governmentwide requirements for financial
      management systems software functionality. JFMIP has developed a framework
      to describe the basic elements of an integrated financial management system,

1
      OMB also requires certain designated entities to determine FFMIA compliance.
2
      OMB is considering revising this guidance.
3
      OMB did not include certain elements of Circular A-127, section 7, in its FFMIA
      implementation guidance because some of the elements are not essential to
      satisfying the requirements of FFMIA and to the ability of an agency's systems to
      provide reliable, timely, and useful information necessary for federal managers'
      responsibilities. Accordingly, those elements are not included in this section.

      April 2003         GAO/PCIE Financial Audit Manual - Part II           Page 701-1
      Internal Control
      701 – Assessing Compliance of Agency Systems with the Federal Financial
            Management Improvement Act (FFMIA)

      including the core financial system. Agency financial management systems fall
      into four categories: core financial systems, other financial and mixed systems4
      (such as procurement, property, budget, payroll, and travel systems), shared
               5
      systems, and departmental executive information systems (systems to provide
      information to all levels of management.)

.03   JFMIP has developed publications of systems requirements for the core financial
      system and for some of the mixed or feeder systems (see www.jfmip.gov). The
      systems requirements in the publications are stated as either mandatory
      (required) or value-added (optional). Agencies should use the mandatory
      functional and technical requirements in planning system improvement projects,
      whereas value-added requirements should be used as needed. The core financial
      management system affects all financial event transaction processing because it
      maintains reference tables used for editing and classifying data, controls
      transactions, and maintains security. The core financial management system
      consists of six functional areas: general ledger management, funds management,
      payment management, receivable management, cost management, and reporting.
      OMB Circular A-127 requires agencies to use for agency core financial
      management systems commercial-off-the-shelf (COTS) software that has been
      tested and certified through the JFMIP software certification process. According
      to JFMIP, core financial management system certification does not mean that
      agencies that install qualified software packages will have financial systems that
      are in compliance with FFMIA. Many other factors can affect the capability of
      the systems to comply with FFMIA, including modifications made to the JFMIP-
      certified core financial management system software, and the validity and
      completeness of data from feeder systems. JFMIP's certification process does
      not eliminate or significantly reduce the need for agencies to develop and
      conduct a comprehensive testing effort to ensure that the software product meets
      their requirements

.04   The federal accounting standards, the second requirement of FFMIA, are
      promulgated by the Federal Accounting Standards Advisory Board (FASAB).
      FASAB develops accounting standards after considering the financial and
      budgetary information needs of Congress, executive agencies, and other users of
      federal financial information as well as comments from the public (see
      www.fasab.gov). FAM section 560 describes the relationship of the FASAB
      standards to the hierarchy of accounting principles.
4
      Mixed systems are any information systems that support both financial and non-
      financial functions of the federal government. Mixed systems can also be feeder
      systems.
5
      Shared systems are governmentwide systems used by agencies with
      information and data definitions common to all users.

      April 2003         GAO/PCIE Financial Audit Manual - Part II            Page 701-2
      Internal Control
      701 – Assessing Compliance of Agency Systems with the Federal Financial
            Management Improvement Act (FFMIA)


.05   Implementing the SGL at the transaction level is also a requirement of FFMIA.
      The SGL provides a uniform chart of accounts and guidance for use in
      standardizing federal agency accounting and supports the preparation of
      standard external reports required by OMB and Treasury (see
      www.fms.treas.gov/ussgl). The SGL is defined in the latest supplement, which is
      released annually, to the Department of the Treasury's Treasury Financial Manual
      (TFM). The supplement is composed of five major sections (1) chart of accounts,
      (2) account descriptions, (3) accounting transactions, (4) SGL attributes, and (5)
      report crosswalks. Each agency should implement a chart of accounts that is
      consistent with the SGL and meets the agency's information needs. OMB
      Circular A-127 states that application of the SGL at the transaction level means
      that financial management systems will process transactions following the
      definitions and defined uses of the general ledger accounts as described in the
      SGL. Transaction detail supporting SGL accounts are required to be available in
      the financial management systems and directly traceable to specific SGL account
      codes. In addition, the criteria for recording financial events in all financial
      management systems should be consistent with accounting transaction
      definitions and processing rules defined in the SGL.

.06   OMB's FFMIA implementation guidance requires the CFO act agency auditors to
      perform tests of the compliance of the entity's systems with FFMIA. Auditors
      who are reporting that agency financial management systems do not substantially
      comply with FFMIA requirements are to include in their reports (1) the entity or
      organization responsible for the financial management systems that have been
      found not to be substantially compliant and all pertinent facts relating to the
      noncompliance, (2) the nature and extent of the noncompliance including areas
      in which there is substantial but not full compliance, (3) the primary reason or
      cause of the noncompliance, (4) the entity or organization responsible for the
      noncompliance, (5) any relevant comments from any responsible officer or
      employee, and (6) a statement with respect to the recommended remedial actions
      for each instance of noncompliance and the time frames for implementing these
      actions. FFMIA as well as OMB's FFMIA implementation guidance require
      agencies to report whether the agencies' financial management systems comply
      with FFMIA's requirements and prepare remediation plans that include
      resources, remedies, and intermediate target dates necessary to bring the
      agency's financial management systems into substantial compliance.

.07   According to OMB's FFMIA implementation guidance, auditors are to plan and
      perform their audit work in sufficient detail to enable them to determine the
      degree of compliance and report on instances of noncompliance for all of the
      applicable FFMIA requirements. The guidance describes specific minimum
      requirements from Circular A-127 that agency systems should meet to achieve
      compliance and provides indicators of compliance. The indicators included in

      April 2003         GAO/PCIE Financial Audit Manual - Part II           Page 701-3
      Internal Control
      701 – Assessing Compliance of Agency Systems with the Federal Financial
            Management Improvement Act (FFMIA)

      OMB's implementation guidance are characterized as examples and are not all-
      inclusive. The four primary factors OMB identifies as critical to assessing
                                                                       6
      compliance with FFMIA are determining whether agencies can:

      •   Prepare financial statements and other required financial and budget reports
          using information generated by the financial management system(s);
      •   Provide reliable and timely financial information for managing current
          operations;
      •   Account for their assets reliably, so that they can be properly protected from
          loss, misappropriation, or destruction; and,
      •   Do all of the above in a way that is consistent with federal accounting
          standards and the Standard General Ledger.

      AUDIT ISSUES

.08   While financial statement audits will offer some assurances regarding FFMIA
      compliance, auditors should design and implement additional testing to satisfy
      the criteria in FFMIA. For example, in performing financial statement audits,
      auditors generally focus on the capability of the financial management systems to
      process and summarize financial information that flows into agency financial
      statements. In contrast, FFMIA requires auditors to assess whether an agency's
      financial management systems comply with systems requirements. To do this,
      auditors need to consider whether agency systems provide complete, accurate,
      and timely information for managing day-to-day operations. This is based on
      Congress' expectation, in enacting FFMIA, that agency managers would have any
      necessary information to measure performance on an ongoing basis rather than
      just at year-end. Financial statement auditors generally review performance
      measure information for consistency with the financial statements, but do not
      assess whether managers have the performance-related information to manage
      during the fiscal year.

.09   As a result of the overlapping scope and nature of FFMIA assessments and
      financial statements audits, the auditor should use, where appropriate, the audit
      work performed as part of the financial statement audit. In the example audit
      program (FAM 701 A) for testing compliance with FFMIA, several procedures
      indicate that the auditor may have performed the procedure as part of the
      financial statement audit; whereas, other procedures needed to assess FFMIA
      compliance require additional work not normally contemplated by financial
      statement auditors. The determination of FFMIA compliance need not be
      performed simultaneously with the financial statement audit. The determination
      of FFMIA compliance may be performed by different staff or staggered

6
      OMB is considering revising this guidance.

      April 2003          GAO/PCIE Financial Audit Manual - Part II            Page 701-4
      Internal Control
      701 – Assessing Compliance of Agency Systems with the Federal Financial
            Management Improvement Act (FFMIA)

      throughout the assessment time frame. While the example audit program
      provides steps the auditor should perform, the auditor may tailor the steps to
      satisfy the objectives or intent of the step if the step cannot be completed as
      described. Because of the broad scope of federal operations and the many
      variations that can and do flow from such a broad scope, the degree of specificity
      in the example audit program varies. For example, each agency will likely need
      and use a variety of internal reports for managing current operations. These
      reports may be on line or in hard copy. Auditors will need to use their skills and
      professional judgment to assess the adequacy of these reports that are essential
      to having FFMIA compliance. Auditors may also rely on other work products
      that address the objectives of the example audit procedures.

.10   As discussed in FAM section 350, the auditor need not perform specific tests of
      the systems compliance with FFMIA requirements for agencies with
      longstanding, well-documented financial management systems weaknesses that
      severely affect the systems' ability to comply with FFMIA requirements. The
      auditor should understand management's process for determining whether its
      systems comply with FFMIA requirements and report any deficiencies in
      management's process along with previously identified problems.

.11   FAM paragraphs 580.62 through .66 and FAM section 595 A provide FFMIA
      reporting guidance. When reporting a lack of substantial compliance, the auditor
      should refer to FAM 595 B for suggested modifications to the report. FAM Part
      III, section 1603, provides guidance that GAO will use to provide an affirmative
      statement when reporting on compliance with FFMIA.




      April 2003         GAO/PCIE Financial Audit Manual - Part II           Page 701-5
[This page intentionally left blank.]
Internal Control


701 A – EXAMPLE AUDIT PROCEDURES FOR TESTING
        COMPLIANCE WITH FFMIA

Entity __________________________________________________________________

Date of review __________________________________________________________

Job code _______________________________________________________________

Objective: FFMIA requires the 24 major departments and agencies covered by the
CFO Act to implement and maintain financial management systems that comply
substantially with (1) federal financial management systems requirements,
(2) applicable federal accounting standards, and (3) the U.S. Government
Standard General Ledger (SGL) at the transaction level. OMB also requires
certain designated entities to determine FFMIA compliance. The objective of this
audit program is to assess whether agencies' systems' comply with FFMIA.

             FFMIA example audit procedures:                    Done         W/P
                Description of Procedure                       by/date       ref.

 I. Planning (May be combined with the work to plan the
    financial statement audit)

 A. To understand the FFMIA requirements, read:
    • Federal Financial Management Improvement Act,
       P.L. 104-208.
    • Audit Requirements for Federal Financial
       Statements (OMB Bulletin).
    • OMB Memorandum, January 4, 2001, Revised
        Implementation Guidance for the Federal Financial
        Management Improvement Act.
    •   JFMIP Publications of Federal Financial
        Management System Requirements including the
        Framework and Core Financial System
        Requirements.
    •   Form and Content of Agency Financial Statements
        (OMB Bulletin)
    •   FASAB Standards.
    •   Treasury Financial Manual (TFM) sections related
        to the SGL (see transmittal letter S2-01-02 and TFM
        Part 2, Chapter 4000).

April 2003         GAO/PCIE Financial Audit Manual - Part II             Page 701 A-1
Internal Control
701 A – Example Audit Procedures for Testing Compliance with FFMIA

            FFMIA example audit procedures:                      Done      W/P
                Description of Procedure                        by/date    ref.
    •   OMB Circular No. A-123, Management
      Accountability and Control.
    • OMB Circular No. A-127, Financial Management
      Systems.
    • OMB Circular No. A-130, Management of Federal
      Information Resources.
    •   Government Information Security Reform (GISR)
        legislation, Floyd D. Spence National Defense
        Authorization Act for Fiscal Year 2001, Pub. L. 106-
        398.

B. Read the prior year's workpapers and audit report to
   identify (1) the auditors' FFMIA determinations,
   (2) reported instances of noncompliance with FFMIA,
   and (3) material weaknesses and reportable conditions
   related to the agency's financial management systems.

    •   Prepare a schedule of the previously identified
        problems to follow up on the status of these
        specific problems. See section 701 B for an
        example of the schedule.

C. Read the most recent FMFIA report, IG reports, GAO
   reports, internal control workpapers from the financial
   statement audit or other reports related to financial
   systems and consider the impact of any reported
   weaknesses on the FFMIA assessment.

    •   Obtain an update on the status of the issues and
        document problems identified in the schedule in
        section 701 B.

D. Read the cycle memoranda for each of the audit cycles
   completed for the current year audit. Document issues
   related to FFMIA compliance in the schedule in section
   701 B.




April 2003          GAO/PCIE Financial Audit Manual - Part II         Page 701 A-2
Internal Control
701 A – Example Audit Procedures for Testing Compliance with FFMIA

             FFMIA example audit procedures:                    Done      W/P
                  Description of Procedure                     by/date    ref.
E. From the work performed in part I (planning), decide
   whether it is necessary to perform the remaining test
   steps. If the information gathered indicates
   "longstanding, well-documented financial management
   systems weaknesses" that preclude compliance with
   FFMIA requirements, then:

    1. Document recognition of longstanding, well-
       documented financial management systems
       weaknesses and identify the source for this
       conclusion.
    2. Obtain and document an understanding of
       management's process for determining whether its
       systems comply with FFMIA requirements. Report
       any deficiencies identified in management's
       process.
    3. Complete step V (summary), except for completion
       of the schedule in FAM section 701 B.

II. Testing for Compliance with Federal Financial
    Management Systems Requirements

A. Ask whether the agency has an agencywide inventory
   of its systems. If so, obtain the inventory and any
   supporting documentation.

B. From the agency's inventory of systems, identify the
   core financial management systems and the feeder
   systems.

    1. Document the key internal controls and the
       information flows between the core financial
       systems and the feeder systems in a flowchart or
       narrative. (This step may be performed as part of
       the internal control phase).
       a. Determine whether the feeder systems are
           integrated or interfaced with the core financial
           system. Note: Feeder systems that are
           integrated with the core financial system share
           data tables. Therefore, reconciliations should
           not be necessary.



April 2003         GAO/PCIE Financial Audit Manual - Part II         Page 701 A-3
Internal Control
701 A – Example Audit Procedures for Testing Compliance with FFMIA

             FFMIA example audit procedures:                     Done      W/P
                  Description of Procedure                      by/date    ref.
       b. If the feeder systems interface with the core
          systems, determine whether reconciliations are
          performed between the systems. If
          reconciliations are performed, determine how
          often and by whom; assess the adequacy of the
          reconciliation, including follow-up activities and
          supervisory review.
       c. Through interviews with agency management
          and reading of systems documentation,
          determine if the agency's systems have detective
          controls (i.e., batch control or hash totals or
          supervisory reviews) and preventive controls
          (i.e. segregated duties, appropriate
          authorizations, or access controls) to process
          transactions properly and timely. (May be
          performed as part of the internal control phase).
    2. Using the documentation prepared in step II.B.1
       above, identify those JFMIP financial management
       systems requirements that are applicable to the
       agency's operations. For example, for those
       agencies that do not have grant or loan programs,
       the auditor would not need to assess whether
       JFMIP requirements related to grants or loans are
       applicable. Document the results.

C. Determine whether the agency's core financial
   management system and the financial portions of its
   applicable feeder systems, as identified in step II.B.2
   above, conform to JFMIP's federal financial
   management systems requirements.

    •   Ask whether the agency's core financial
        management system is a JFMIP-certified COTS
        system. If so, ask which version of the software is
        being used and obtain the agency's JFMIP
        certification for that software version. [Agencies
        replacing software to meet core financial system
        requirements must use JFMIP-certified core
        financial management systems as required by OMB
        Circular A-127, but it is not a noncompliance issue
        for FFMIA purposes.]



April 2003          GAO/PCIE Financial Audit Manual - Part II         Page 701 A-4
Internal Control
701 A – Example Audit Procedures for Testing Compliance with FFMIA

               FFMIA example audit procedures:                   Done      W/P
                   Description of Procedure                     by/date    ref.
    1.   Ask whether there have been significant changes in
         the agency's automated business processes since
         compliance testing with JFMIP requirements was
         last performed. If so, ask whether the agency has
         performed an assessment of any new functionality
         using the JFMIP system requirements documents,
         GAO checklists, or similar tools. Document the
         results.
    2.   For those agencies with a core financial
         management system that is not a JFMIP- certified
         COTS and for any feeder systems, obtain any
         analyses performed by agency management to
         support its FFMIA and FMFIA assessments that
         document how the agency's systems conform to the
         applicable JFMIP systems requirements. If
         management has not performed an analysis of
         systems functionality, go to step C.5.
    3.   Select several important functions that
         management has reported as complying with the
         systems requirements and determine if
         management's assessment can be relied upon.
    4.   If management's results cannot be relied upon for
         each system, perform an assessment of the
         functionality of the applicable systems using JFMIP
         system requirement documents, GAO checklists or
         other similar tools.
    5.   Document in section 701 B, the instances and
         related impact in which the agency's systems did
         not comply with JFMIP requirements.




April 2003          GAO/PCIE Financial Audit Manual - Part II         Page 701 A-5
Internal Control
701 A – Example Audit Procedures for Testing Compliance with FFMIA

             FFMIA example audit procedures:                    Done      W/P
                 Description of Procedure                      by/date    ref.
D. Ask if management receives appropriate reports that
   are significant to performing day-to-day management
   operations.

    1. Determine the adequacy of reports used to manage
       day-to-day operations.
       a. For reports that are produced by the agency's
          financial management systems, ask
          knowledgeable users, read the agency's
          financial management systems documentation,
          and from other audit work, use professional
          judgment to determine if the reports produced
          by the systems are timely, useful, reliable,
          complete, and appropriately summarized for the
          management level receiving the report. Use
          professional judgment, agency policy, and/or
          criteria evident from each report to determine
          its timeliness and accuracy; i.e., if a report is
                         th
          due by the 10 of each month, verify it was
          provided by the 10th of each month. If only on-
          line access is provided for important internal
          reports, through observation, documentation,
          and inquiry—such as obtaining systems logs and
          asking key managers about their work habits—
          assess whether the reports were available and
          accessed. Through inquiry and observation,
          assess if management uses the reports to
          manage operations. Ask management what
          improvements are needed in the current
          reporting methods. Document the results.
       b. If the reports were not produced by the agency's
          financial management systems, ask how the
          reports were prepared and perform a similar
          assessment as described in step D.1.a.




April 2003         GAO/PCIE Financial Audit Manual - Part II         Page 701 A-6
Internal Control
701 A – Example Audit Procedures for Testing Compliance with FFMIA

             FFMIA example audit procedures:                    Done      W/P
                  Description of Procedure                     by/date    ref.
    2. Determine whether appropriate levels of
       management are receiving adequate and timely
       management information. See FAM paragraph
       903.12 for questions related to determining FFMIA
       compliance with SFFAS No. 4.
       a. Using professional judgment and industry best
          practices, identify internal management
          performance-related information that should be
          available for managing day-to-day operations.
       b. Determine whether appropriate levels of
          management are receiving the information
          identified in step D.2.a.
       c. If full costing is not used in these management
          reports, assess whether the lack of full cost
          information affects the usefulness of the
          information. Review management's justification
          that full costing would not be beneficial for the
          internal reports. This may need to be assessed
          on a case-by-case basis.
    3. Include any deficiencies identified and related
       impact in the schedule shown in section 701 B.

E. Identify the agency's external reports that are related
   to financial management such as those used for budget
   formulation and execution, fiscal management of
   agency programs, funds management, payments and
   receipts management, and to support the legal,
   regulatory, and other special requirements of the
   agency.

    1. Through interviews with knowledgeable users and
       reading of the agency's financial management
       system documentation, determine if the reports are
       produced by the systems.
       a. For external reports that are tested as part of
          the financial statement audit, include any
          deficiencies identified and the related impact in
          section 701 B.
       b. For external reports that are not tested as part
          of the financial statement audit, using
          professional judgment select several reports and
          assess whether the reports are reliable, timely,


April 2003         GAO/PCIE Financial Audit Manual - Part II         Page 701 A-7
Internal Control
701 A – Example Audit Procedures for Testing Compliance with FFMIA

             FFMIA example audit procedures:                    Done      W/P
                  Description of Procedure                     by/date    ref.
           and complete. Include any deficiencies
           identified and the related impact in section
           701 B.
    2. As an indicator of systems deficiencies, determine
       the magnitude and type of adjustments made by
       both management and the auditors to derive
       financial statements after the end of the accounting
       period.

F. Determine if the agency's financial management
   systems track financial events and summarize
   information to facilitate the preparation of auditable
   financial statements. This determination can result
   from work performed as part of the financial statement
   audit. Document the deficiencies and the related
   impact in the schedule shown in section 701 B.

G. Determine if the financial management systems enable
   the agency to prepare, execute, and report on the
   agency's budget in accordance with the requirements
   of OMB Circular No. A-11. This determination can
   result from work performed as part of the financial
   statement audit. Document the deficiencies and the
   related impact in the schedule shown in section 701 B.

H. Determine if the agency's financial management
   systems capture and produce the financial information
   required to measure program performance.

    1. Identify the agency's performance measures from
       its most recent accountability report that include
       data from the agency's financial management
       systems.
    2. Ask agency management whether an assessment
       was performed of the validity of the financial data
       used to derive the performance measures. If so,
       obtain and review the assessment and any
       supporting documentation.
    3. If agency management has not assessed the validity
       of the financial data used to derive the agency's
       performance measures, include this deficiency in
       section 701 B.


April 2003         GAO/PCIE Financial Audit Manual - Part II         Page 701 A-8
Internal Control
701 A – Example Audit Procedures for Testing Compliance with FFMIA

             FFMIA example audit procedures:                    Done      W/P
                  Description of Procedure                     by/date    ref.
    4. Determine if recent GAO or IG reports have
       addressed the validity of financial data used to
       derive performance measures.
    5. If any deficiencies were identified, include them
       along with the related impact in the schedule
       shown in FAM section 701 B.

I. Coordinate with the Information Security (IS) auditors
   to determine if the agency has implemented and
   maintains a program to provide adequate security for
   all agency information that is collected, processed,
   transmitted, stored, or disseminated in financial
   management systems.

    1. Have the IS auditors review the annual
       management evaluation and the annual
       independent evaluation conducted in accordance
       with the Government Information Security Reform
       (GISR) legislation.
    2. Document the deficiencies and related impact
       identified by the IS auditors in the schedule shown
       in section 701 B.

J. Determine if the financial management systems include
   internal control to safeguard resources against waste,
   loss, and misuse, and whether reliable data are
   obtained, maintained, and disclosed in system
   generated reports. Some of the information needed to
   make this determination may be obtained from the
   work performed in the internal control phase of the
   financial statement audit, and other systems internal
   control weaknesses may be identified from other audit
   reports reviewed and steps performed in this program.
   Document the results in section 701 B.




April 2003         GAO/PCIE Financial Audit Manual - Part II         Page 701 A-9
Internal Control
701 A – Example Audit Procedures for Testing Compliance with FFMIA

              FFMIA example audit procedures:                     Done      W/P
                  Description of Procedure                       by/date    ref.
III.     Testing for Compliance with the Federal
         Accounting Standards

A. Determine if the agency's financial statements are
   compiled in accordance with applicable accounting
   standards.

       1. Ask agency management and review financial
          statement audit results to determine whether any
          FASAB standards are not applicable. Document the
          results. Analyze the resultant list of applicable/
          inapplicable FASAB standards for reasonableness
          and use the list as a reference in performing these
          steps.
       2. Determine if any issues reported as part of the
          financial statement audit were related to the lack
          of the agency's implementation of the accounting
          standards in their systems or the standards were
          not properly applied because of inadequate or
          improperly implemented manual procedures.
          Document the results in the schedule shown in
          section 701 B.

B. Perform tests to determine if the agency's cost
   accounting systems
   • use the agency's accounting classification elements
      to identify and establish unique cost objects to
      capture, accumulate, and report costs and
      revenues;
   • allocate and distribute the full cost and revenue of
      cost objects as defined by OMB including services
      provided by one federal entity to another for
      external reporting; and
   • transfer cost data directly to and from other cost
      systems/applications that produce or allocate cost
      information.
   Also, see step II.D.2 of this audit program.




April 2003           GAO/PCIE Financial Audit Manual - Part II        Page 701 A-10
Internal Control
701 A – Example Audit Procedures for Testing Compliance with FFMIA

             FFMIA example audit procedures:                      Done      W/P
                  Description of Procedure                       by/date    ref.
C. From the deficiencies identified in performing steps in
   part II (testing for compliance with federal financial
   management systems requirements) and from tests
   conducted as part of the financial statement audit,
   determine if the financial systems record and
   summarize transactions in accordance with applicable
   accounting standards. Note that the systems
   functionality assessments performed in step II. B.
   should have determined any compliance issues related
   to accounting standards since the accounting
   standards are used as a source for systems
   functionality requirements. Document the results and
   the related impact in the schedule shown in section
   701 B.

IV.      Testing for Compliance with the SGL

A. Determine whether the agency financial management
   systems use financial data that can be traced directly
   to SGL accounts to produce reports providing financial
   information for both internal and external reporting.

      1. Ask agency management and from the
         documentation prepared in step II.B.1 above,
         determine how financial transaction data are
         summarized from the financial systems to the core
         financial system.
      2. Compare the agency's chart of accounts to the SGL
         accounts and identify any deviations.
      3. Review all of the standard entries allowed by the
         core financial system to determine if these entries
         conform to the SGL posting rules.
      4. Document any deficiencies and the related impact
         in the schedule shown in section 701 B.

B. Ask whether the agency uses a crosswalk from its
   chart of accounts for its core financial management
   system to the SGL. If so, perform tests to determine
   the accuracy of the crosswalk.

      1. Trace all SGL accounts to the crosswalk.



April 2003           GAO/PCIE Financial Audit Manual - Part II        Page 701 A-11
Internal Control
701 A – Example Audit Procedures for Testing Compliance with FFMIA

              FFMIA example audit procedures:                     Done      W/P
                  Description of Procedure                       by/date    ref.
     2. Identify any SGL accounts that are not included in
        the crosswalk. Identify any agency accounts not
        associated with an SGL account in the crosswalk.
     3. Compare the posting rules used by the system to
        those included in the SGL to determine whether the
        posting rules used by the system conform to the
        SGL.
     4. Document deficiencies and the related impact in
        the schedule shown in section 701 B.

V.      Summary

A. Summarize the results of the work performed above
   and assess the agency's compliance with the federal
   financial management systems requirement of FFMIA.

     1. Finalize the schedule of the FFMIA
        noncompliances identified in the schedule prepared
        in FAM section 701 B.
     2. Read the agency's management representation
        letter covering the fiscal year under audit to obtain
        the agency management's FFMIA determination.
        a. Document the entity or organization responsible
            for the financial management systems that have
            been found not to comply.
        b. Document all facts pertaining to the:
            i. nature and extent of the noncompliance and
                 areas where there is substantial but not full
                 compliance;
            ii. primary reason or cause of the
                 noncompliance;
            iii. impact of the noncompliance;
            iv. entity or organization responsible for the
                 noncompliance; and
            v. relevant comments from any responsible
                 officer or employee.
        c. Assess the recommended remedial actions for
            each instance of noncompliance and the time
            frames for implementing these actions. Include
            this assessment in the schedule in section 701 B.




April 2003          GAO/PCIE Financial Audit Manual - Part II         Page 701 A-12
Internal Control
701 A – Example Audit Procedures for Testing Compliance with FFMIA

             FFMIA example audit procedures:                   Done      W/P
                 Description of Procedure                     by/date    ref.
    3. After reviewing the nature and extent of
       deficiencies identified, conclude whether the
       systems deficiencies identified constitute lack of
       substantial compliance with FFMIA. Consider the
       four factors in paragraph 701.07 from OMB's FFMIA
       implementation guidance when drawing this
       conclusion.
    4. Prepare the FFMIA section of the report. See FAM
       paragraphs 580.62 through .66 and sections 595 A,
       595 B, and 1603, as appropriate.




April 2003        GAO/PCIE Financial Audit Manual - Part II        Page 701 A-13
[This page intentionally left blank.]
Internal Control


701 B – SUMMARY SCHEDULE OF INSTANCES OF NONCOMPLIANCE WITH FFMIA

      Source of       Nature      Substan-      Applicable    Respon-    Primary    Impact      Agency     Corrective   Assessment       W/P     Com-
 information used       and      tial but not     criteria     sible    reason or      of     comments      action in   of corrective   refer-   ments
    in identifying   extent of     full com-     (JFMIP,       entity    cause of   noncom         on     remediation   actions and     ence
   deficiencies in   noncom-       pliance?      FASAB                  noncom-     pliance    noncom-       plan?      time frames
 agency systems       pliance      (Y or N)      citation)                pliance               pliance     (Y or N)
Prior year's
reported
instances of
noncompliance
(Step I.B.)




Prior year's
material weak-
nesses and
reportable
conditions that
affect FFMIA
determination
(Step I.B.)




April 2003                                                   GAO/PCIE Financial Audit Manual - Part II                                     Page 701 B-1
Internal Control
701 B – Summary Schedule of Instances of Noncompliance with FFMIA

      Source of       Nature      Substan-      Applicable   Respon-    Primary    Impact      Agency     Corrective   Assessment       W/P     Com-
 information used       and      tial but not     criteria    sible    reason or      of     comments      action in   of corrective   refer-   ments
    in identifying   extent of     full com-     (JFMIP,      entity    cause of   noncom         on     remediation   actions and     ence
   deficiencies in   noncom-       pliance?      FASAB                 noncom-     pliance    noncom-       plan?      time frames
 agency systems       pliance      (Y or N)      citation)               pliance               pliance     (Y or N)
Weaknesses in
the agency's
most recent
FMFIA report that
affect FFMIA
determination
(Step I.C.)




Weaknesses in
Recent IG and
GAO reports that
affect FFMIA
determination
(Step I.C.)




Cycle memo-
randa for the
current year's
audit (Step I.D.)




April 2003                                               GAO/PCIE Financial Audit Manual - Part II                                        Page 701 B-2
Internal Control
701 B – Summary Schedule of Instances of Noncompliance with FFMIA

      Source of       Nature      Substan-      Applicable   Respon-    Primary    Impact      Agency     Corrective   Assessment       W/P     Com-
 information used       and      tial but not     criteria    sible    reason or      of     comments      action in   of corrective   refer-   ments
    in identifying   extent of     full com-     (JFMIP,      entity    cause of   noncom         on     remediation   actions and     ence
   deficiencies in   noncom-       pliance?      FASAB                 noncom-     pliance    noncom-       plan?      time frames
 agency systems       pliance      (Y or N)      citation)               pliance               pliance     (Y or N)
Instances in
which the agen-
cy's systems did
not comply with
JFMIP's
functional
requirements
(Step II.C.)




Preparation of
internal manage-
ment reports
(Step II.D.)




Preparation of
external agency
reports
(Step II.E.)




April 2003                                               GAO/PCIE Financial Audit Manual - Part II                                        Page 701 B-3
Internal Control
701 B – Summary Schedule of Instances of Noncompliance with FFMIA

      Source of       Nature      Substan-      Applicable   Respon-    Primary    Impact      Agency     Corrective   Assessment       W/P     Com-
 information used       and      tial but not     criteria    sible    reason or      of     comments      action in   of corrective   refer-   ments
    in identifying   extent of     full com-     (JFMIP,      entity    cause of   noncom         on     remediation   actions and     ence
   deficiencies in   noncom-       pliance?      FASAB                 noncom-     pliance    noncom-       plan?      time frames
 agency systems       pliance      (Y or N)      citation)               pliance               pliance     (Y or N)
Preparation of
auditable
financial
statements
(Step II.F.)




Preparation,
execution, and
reporting on
agency budget in
accordance with
OMB require-
ments (Step II.G.)




Management's
assessment of
the validity of
information used
to derive perfor-
mance measures
(Step II.H.)




April 2003                                               GAO/PCIE Financial Audit Manual - Part II                                        Page 701 B-4
Internal Control
701 B – Summary Schedule of Instances of Noncompliance with FFMIA

      Source of        Nature      Substan-      Applicable   Respon-    Primary    Impact      Agency     Corrective   Assessment       W/P     Com-
 information used        and      tial but not     criteria    sible    reason or      of     comments      action in   of corrective   refer-   ments
    in identifying    extent of     full com-     (JFMIP,      entity    cause of   noncom         on     remediation   actions and     ence
   deficiencies in    noncom-       pliance?      FASAB                 noncom-     pliance    noncom-       plan?      time frames
 agency systems        pliance      (Y or N)      citation)               pliance               pliance     (Y or N)
Implementation
and maintenance
of an information
security program
(Step II.I.)




Internal controls
as part of finan-
cial management
(Step II.J.)




Preparation of
agency financial
statements in
accordance with
applicable ac-
counting stan-
dards (Step III.A.)




April 2003                                                GAO/PCIE Financial Audit Manual - Part II                                        Page 701 B-5
Internal Control
701 B – Summary Schedule of Instances of Noncompliance with FFMIA

      Source of       Nature      Substan-      Applicable   Respon-    Primary    Impact      Agency     Corrective   Assessment       W/P     Com-
 information used       and      tial but not     criteria    sible    reason or      of     comments      action in   of corrective   refer-   ments
    in identifying   extent of     full com-     (JFMIP,      entity    cause of   noncom         on     remediation   actions and     ence
   deficiencies in   noncom-       pliance?      FASAB                 noncom-     pliance    noncom-       plan?      time frames
 agency systems       pliance      (Y or N)      citation)               pliance               pliance     (Y or N)
Compliance
issues related to
the implemen-
tation of applic-
able accounting
standards
(Step III.C.)




Agency financial
systems' imple-
mentation of the
SGL accounts
(Step IV. A.)




Agency use of a
crosswalk from
its core financial
management
system to the
SGL (Step IV. B.)




April 2003                                               GAO/PCIE Financial Audit Manual - Part II                                        Page 701 B-6
SECTION 800


   Compliance
[This page intentionally left blank.]
      Compliance


      802 - General Compliance Checklist

.01   The compliance testing section consists of a General Compliance Checklist
      (questionnaire) for identifying laws and regulations for compliance testing and
      supplements for the laws OMB requires auditors of CFO Act agencies to test for
      (see section 295 H) and other laws of general applicability auditors may consider
      during federal financial audits. The compliance supplements provide detailed
      guidance for assessing the effectiveness of compliance controls and testing
      compliance with the significant provisions of each law.

.02   The General Compliance Checklist (Form 802), or equivalent, generally should be
      completed for federal financial audits. If an individual law is considered to be
      significant for purposes of compliance testing, the related supplement should be
      completed. Supplements should be completed only for laws required to be tested
      for CFO Act agencies and for other laws identified for compliance testing on the
      General Compliance Checklist. Use of these documents is described below.

.03   To understand and evaluate compliance controls, the auditor also should follow
      the guidance in FAM 260 on identifying risk factors and in FAM 320 on
      understanding information systems. The FAM also provides additional guidance
      on compliance considerations for all audit phases.

      INSTRUCTIONS FOR GENERAL COMPLIANCE CHECKLIST

.04   The checklist contains a summary of each law. The auditor generally should use
      this checklist or equivalent to determine which of these laws are considered to be
      significant for purposes of testing compliance, as discussed in FAM 245. The
      auditor should indicate whether each law meets the criteria for significance by
      placing a check mark in the appropriate column (yes or no). OMB audit guidance
      requires auditors of CFO Act agencies to test for five of the laws, as noted in
      section 295 H. Auditors also may test for the other four laws if they have
      determined they are material to the financial statements being audited.

.05   The auditor may need to use estimates or interim information in the preliminary
      column. The final amounts (based on the audited amounts or the final amounts
      of available budget authority) are used to determine whether all laws that would
      be significant in quantitative terms have been identified for control and
      compliance testing. The sources of all amounts included in this checklist should
      be documented. If the law is considered to be significant from a qualitative
      standpoint, the reasons for this conclusion should be documented.



      April 2003         GAO/PCIE Financial Audit Manual - Part II           Page 802-1
      Compliance
      802 - General Compliance Checklist

.06   Supplements to the General Compliance Checklist (Form 802)

                                                                Supplement
                            Law                             _     number

       Antideficiency Act (required for CFO Act agencies)           803

       Federal Credit Reform Act of 1990 (required for CFO          808
          Act agencies)

       Provisions Governing Claims of the U.S. Government           809
          as provided primarily in 31 U.S.C. 3711-3720E
          (Including the Debt Collection Improvement Act
          of 1996 (DCIA)) (required for CFO Act agencies)

       Prompt Payment Act (required for CFO Act agencies)           810

       Pay and Allowance System for Civilian Employees as           812
          Provided Primarily in Chapters 51-59 of Title 5,
          U.S. Code (required for CFO Act agencies)

       Civil Service Retirement Act                                 813

       Federal Employees Health Benefits Act                        814

       Federal Employees' Compensation Act                          816

       Federal Employees' Retirement System Act of 1986             817




      April 2003        GAO/PCIE Financial Audit Manual - Part II         Page 802-2
Compliance
802 - General Compliance Checklist

Entity _________________________________________________________________

Period of financial statements ____________________________________________

Job code _______________________________________________________________


                      Description of Law                              Yes    No
 Antideficiency Act - 31 U.S.C. 1341, 1342, 1514, 1517

 This law imposes restrictions on the amounts of budgetary
 authority that may be obligated or expended. As discussed in
 FAM 250, the auditor should obtain information on the entity's
 budget authority, from sources such as appropriation
 legislation, and identify all legally binding restrictions on
 budget execution.

 Do the amounts of any legally binding budget execution
 restrictions on budget authority in effect during the audit period
 exceed planning materiality or are provisions of the
 Antideficiency Act otherwise considered to be significant?           ____   ____

 (OMB audit guidance requires auditors of CFO Act agencies to
 test for compliance with this law.)

                             Preliminary      Final

 Individual appropriations
 budget authority


 Planning materiality

 If yes, complete compliance supplement 803.




April 2003          GAO/PCIE Financial Audit Manual - Part II           Page 802-3
Compliance
802 - General Compliance Checklist


                    Description of Law                               Yes    No
 Federal Credit Reform Act of 1990 (FCRA), 2 U.S.C. 661-
 661f

 This law contains numerous provisions relating to the recording
 of activity related to direct loans, loan guarantees, and related
 modifications for budget accounting purposes. The law
 provides that after October 1, 1991, an agency may incur new
 direct loan obligations or make new loan guarantee
 commitments only to the extent that Congress has provided
 budget authority to cover the costs of the loan or loan
 guarantee.

 Does the entity's budget authority available during the audit
 period for direct loan obligations, loan guarantee commitments,
 or any related modifications exceed planning materiality or are
 provisions of the FCRA of 1990 otherwise considered to be
 significant?                                                        ____   ____

 (OMB audit guidance requires auditors of CFO Act agencies to
 test for compliance with this law.)

                                     Preliminary    Final

 Total appropriations or other
 budget authority available during
 the fiscal year for costs of FCRA
 activities (direct loans, loan
 guarantees, and related
 modifications)

 Planning materiality

 If yes, complete compliance supplement 808.




April 2003         GAO/PCIE Financial Audit Manual - Part II           Page 802-4
Compliance
802 - General Compliance Checklist


                     Description of Law                              Yes    No
 Provisions Governing Claims of the U.S. Government,
 Including the Debt Collection Improvement Act of 1996
 (DCIA)

 These provisions address the collection of amounts owed to the
 federal government. Interest generally accrues from the date
 that a notice stating the amount due and the interest policies is
 first mailed to the debtor. Interest generally accrues at a rate
 established by the Secretary of the Treasury. Administrative
 costs and penalties shall also be charged.

 The provisions also require the entity to take all appropriate
 steps to collect the debt before discharging it and to notify
 Treasury about delinquent debt for administrative offset,
 collection by a debt collection center, or tax refund offset.
 Entities shall also participate in a computer match of delinquent
 debt with federal employees, and when collection actions are
 terminated, the entity holding delinquent debt shall sell it.
 Provisions also require the entity (or entities making loans the
 government guarantees) to notify credit-reporting agencies
 about delinquent debt and not make or guarantee loans to
 persons who owe delinquent debt.

 Does the cumulative amount of receivables created during the
 audit period that are subject to provisions governing claims of
 the U.S. government, including DCIA, exceed planning
 materiality; does the amount of receivables at the end of the
 audit period that are subject to provisions governing claims of
 the U.S. government, including DCIA, exceed planning
 materiality; or are provisions governing claims of the U.S.
 government, including the DCIA, otherwise considered to be
 significant?                                                        ____   ____

 (OMB audit guidance requires auditors of CFO Act agencies to
 test for compliance with this law.)

                    (continued on next page)




April 2003         GAO/PCIE Financial Audit Manual - Part II           Page 802-5
Compliance
802 - General Compliance Checklist


                     Description of Law                           Yes   No
 Provisions Governing Claims of the U.S. Government,
 Including the Debt Collection Improvement Act of 1996
 (DCIA)
                            (continued)

                                    Preliminary   Final

 Cumulative amount of
 receivables created during the
 audit period that are subject to
 provisions governing claims of
 the U.S. government, including
 DCIA

 or:

 Amount of receivables at the
 end of the audit period that are
 subject to provisions governing
 claims of the U.S. government,
 including DCIA

 Planning materiality

 If yes, complete compliance supplement 809.

 Note: These provisions of the law generally do not apply to
 amounts payable to the entity under the Internal Revenue Code,
 the Social Security Act, or tariff laws. Those laws contain
 specific provisions for these amounts.




April 2003          GAO/PCIE Financial Audit Manual - Part II       Page 802-6
Compliance
802 - General Compliance Checklist


                   Description of Law                                 Yes    No
 Prompt Payment Act, 31 U.S.C. 3901 et seq.

 The Prompt Payment Act requires federal entities to make
 payments for property or services by the due date specified in
 the related contract or, if a payment date is not specified in the
 contract, generally 30 days after the invoice for the amount due
 is received. If payments are not made within the appropriate
 period, the entity shall pay an interest penalty. Also, discounts
 offered by vendors may be taken only during the specified
 period. If they are taken after the time period has expired, an
 interest penalty shall be paid.

 Do the entity's payments for property or services subject to the
 Prompt Payment Act for the audit period exceed planning
 materiality or are provisions of the Prompt Payment Act
 otherwise considered to be significant?                              ____   ____

 (OMB audit guidance requires auditors of CFO Act agencies to
 test for compliance with this law.)

                                    Preliminary     Final

 Amount of payments made for
 property and services subject
 to the Prompt Payment Act

 Planning materiality

 If yes, complete compliance supplement 810.




April 2003          GAO/PCIE Financial Audit Manual - Part II           Page 802-7
Compliance
802 - General Compliance Checklist


                     Description of Law                           Yes    No
 Pay and Allowance System for Civilian Employees as
 Provided Primarily in Chapters 51-59 of Title 5, U.S. Code

 These laws require that employees be paid at the appropriate
 rates established by law, including general pay increases, and
 that employees be paid at least minimum wage.

 Does the entity's payroll expense for the audit period exceed
 planning materiality or are related provisions of the Pay and
 Allowance System for Civilian Employees (as provided
 primarily in Chapters 51-59 of Title 5, U.S. Code) otherwise
 considered to be significant?                                    ____   ____

 (OMB audit guidance requires auditors of CFO Act agencies to
 test for compliance with this law.)

                                    Preliminary   Final

 Payroll expense

 Planning materiality

 If yes, complete compliance supplement 812.

 It is not expected that the entity's expense for performance
 awards, cash awards, overtime, travel, transportation,
 subsistence, or allowances for the audit period would exceed
 planning materiality. However, if these items or related
 provisions of the Pay and Allowance System for Civilian
 Employees are otherwise considered to be significant, the
 auditor should consult with the Office of General Counsel
 (OGC) for specific provisions to be considered for compliance
 testing.




April 2003         GAO/PCIE Financial Audit Manual - Part II        Page 802-8
Compliance
802 - General Compliance Checklist


                     Description of Law                              Yes    No
 Civil Service Retirement Act, 5 U.S.C. 8331 et seq.

 This law provides retirement benefits to employees who were
 hired prior to January 1, 1984. For each employee, the entity
 withholds a percentage of basic pay from the employee's
 compensation and contributes an equal amount for retirement.
 The employee and entity amounts are remitted to Treasury.

 Does the entity's expense for retirement costs under the Civil
 Service Retirement Act for the audit period exceed planning
 materiality or are provisions of the Civil Service Retirement Act
 otherwise considered to be significant?                             ____   ____

                                    Preliminary    Final

 Expense for retirement
 contributions

 Planning materiality

 If yes, complete compliance supplement 813.




April 2003         GAO/PCIE Financial Audit Manual - Part II           Page 802-9
Compliance
802 - General Compliance Checklist


                   Description of Law                            Yes    No
 Federal Employees Health Benefits Act, 5 U.S.C. 8901 et
 seq.

 This law provides health insurance coverage to employees who
 elect health insurance benefits. For each employee who elects
 coverage, the entity pays an amount set by OPM for insurance
 costs. The entity portion cannot exceed 75 percent of the
 insurance cost. The employee pays the remainder of the total
 cost. Information on the employee and entity cost of the
 insurance is published by OPM. The entity withholds the
 amount of the employee's portion of the cost from the
 employee's pay and remits this amount, along with its own
 contribution, to Treasury.

 Does the entity's expense for health insurance costs for the
 audit period exceed planning materiality or are provisions of
 the Federal Employees Health Benefits Act otherwise
 considered to be significant?                                   ____   ____

                                    Preliminary   Final

 Expense for health insurance

 Planning materiality

 If yes, complete compliance supplement 814.




April 2003         GAO/PCIE Financial Audit Manual - Part II      Page 802-10
Compliance
802 - General Compliance Checklist


                    Description of Law                              Yes    No
 Federal Employees' Compensation Act, 5 U.S.C. 8101 et
 seq.

 This law provides for the compensation of employees injured or
 disabled while performing their duties. Claims are paid out of
 the Federal Employees' Compensation Fund. Federal entities
 are billed annually by the fund for claims paid on their behalf.

 Does the entity's expense for the audit period for benefits paid
 by the Federal Employees' Compensation Fund on the entity's
 behalf exceed planning materiality or are provisions of the
 Federal Employees' Compensation Act otherwise considered to
 be significant?                                                    ____   ____


                                    Preliminary   Final

 Expense for Compensation
  Fund claims

 Planning materiality

 If yes, complete compliance supplement 816.




April 2003         GAO/PCIE Financial Audit Manual - Part II         Page 802-11
Compliance
802 - General Compliance Checklist


                      Description of Law                         Yes    No
 Federal Employees' Retirement System Act of 1986,
 5 U.S.C. 8401 et seq.

 This law provides retirement benefits for employees who were
 hired after December 31, 1983. For each employee, the entity
 withholds a percentage of basic pay from the employee's
 compensation and contributes an amount equal to the
 employing agency's applicable normal cost percentage less the
 employee deduction rate for retirement. The employee and
 entity amounts are remitted to Treasury.

 Does the entity's expense for retirement costs under the
 Federal Employees' Retirement System Act for the audit period
 exceed planning materiality or are provisions of the Federal
 Employees' Retirement System Act of 1986 otherwise
 considered to be significant?                                   ____   ____

                                  Preliminary   Final

 Expense for retirement
  contributions

 Planning materiality

 If yes, complete compliance supplement 817.




April 2003         GAO/PCIE Financial Audit Manual - Part II      Page 802-12
Compliance
802 - General Compliance Checklist


                        Description of Law                           Yes    No
 Other laws

 Perform the following procedures and include references to
 supporting documentation:

 1. As described in FAM 245.02, read the list of laws and
    regulations identified by the entity as significant to others.
    (See                    .)

 2. With OGC assistance, identify any other laws or regulations
    that have a direct effect on determining financial statement
    amounts. Determine whether any such laws or regulations
    are material to the financial statements. (See              .)

 3. Consider whether to test compliance with any indirect laws
    or regulations and make inquiries of management as
    discussed in FAM 245.04-.06. (See                 .)

 4. For all laws or regulations identified for testing above,
    identify significant provisions using the criteria in FAM
    245.02. Test compliance controls and compliance as
    described in FAM 300 and 460.

    Are any other laws or regulations identified for compliance
    testing?                                                         ____   ____

    If yes, attach a list of the laws or regulations identified to
    this form and reference it to control and compliance work
    performed.




April 2003          GAO/PCIE Financial Audit Manual - Part II         Page 802-13
      Compliance
      802 - General Compliance Checklist


      INSTRUCTIONS FOR COMPLIANCE SUPPLEMENTS

.07   Each compliance supplement consists of (1) a compliance summary, (2) a
      compliance audit program, and (3) notes.

      Compliance Summary

.08   For each law identified for compliance testing on the General Compliance
      Checklist, the auditor generally should complete the related compliance
      summary or equivalent. The compliance summary is designed to assist the
      auditor in planning compliance control tests and summarizing the results of
      compliance control tests and compliance tests for reporting the results of the
      work performed.

.09   The first column contains a description of the specific provisions of the law that
      have been identified for compliance testing, the type of provision, and the
      reference to the law.

.10   The second column contains the objective related to the specific provision to be
      used for both compliance control and compliance testing.

.11   The auditor should identify the control activities that the entity has in place to
      achieve each objective and document the control activity in the third column. If
      the entity does not have a control activity that achieves the objective, the auditor
      should document this condition in the third column.

.12   The fourth column is used to indicate whether the control activity is information
      system (IS)-related as described in FAM 270.04. IS controls are those the
      effectiveness of which depends on computer processing. They can generally be
      classified into general, application, and user controls. Testing of IS controls
      generally should be performed by an IS auditor, although the audit team may
      assist the IS auditor.

.13   The auditor should design control tests to determine whether the control
      activities that have been identified in the third column are in place and operating
      effectively. A control activity is considered to be effective if it achieves the
      control objective. The control testing program and the control tests should be
      recorded in the documentation. The results of these tests and the auditor's
      conclusions on the effectiveness of the compliance controls should be
      documented in the fifth column of the Compliance Summary. A reference to
      supporting documentation should be included in this column.



      April 2003         GAO/PCIE Financial Audit Manual - Part II            Page 802-14
      Compliance
      802 - General Compliance Checklist

.14   Compliance tests should be performed using the related Compliance Audit
      Program as described below. The results of the compliance tests should be
      indicated in the last column of the Compliance Summary along with a reference
      to the supporting documentation.

      Compliance Audit Program

.15   A compliance audit program has been developed for the provisions identified on
      the related compliance summary for each law. For each law identified for
      compliance testing on the General Compliance Checklist, the auditor generally
      should perform each step of the related compliance audit program. Because the
      subject matter of some laws is closely related to matters the auditor will be
      planning to test for other parts of the audit, the auditor should consider
      coordinating with that other testing and designing multipurpose tests. For
      example, payroll compliance testing could be performed using multipurpose tests
      of payroll controls and/or substantive payroll testing. The auditor generally
      should initial in the "performed by" column of the compliance audit program
      when he or she performs the procedure. A reference to the documentation
      recording the work performed for each step generally should be included in the
      last column of the compliance audit program.




      April 2003        GAO/PCIE Financial Audit Manual - Part II        Page 802-15
[This page intentionally left blank.]
Compliance


803 -        ANTIDEFICIENCY ACT

Note: Complete this compliance summary or prepare equivalent documentation only if provisions of the Antideficiency Act are considered to be significant
as indicated on Form 802 - General Compliance Checklist.

OMB guidance on budget execution, including the Antideficiency Act, is included in OMB Circular A-11, Part 4.


 Name of entity:                                                   Compliance Summary                                       Prepared by:
 Audit period:                                                                                                              Reviewed by:


                                                                                                                  IS      Effective         Instances of
              Provision description                           Objective                 Control activities      (Y/N)    compliance        noncompliance
                                                                                                                          controls?            noted?

 1.   The entity shall not make expenditures or    1.   Expenditures or             [Document the control       [Is      [Indicate      [Indicate yes or
      obligations that exceed the amount                obligations do not exceed   activities used by the      con-     yes or no;     no; include
      available for expenditure or obligation in        the amount available for    entity to achieve the       trol     include        reference to
      an appropriation or fund.                         expenditure or obligation   objective.]                 depen-   reference to   supporting
                                                        in an appropriation or                                  dent     supporting     documentation.]
      Type: Quantitative-based                          fund.                            (See note 2.)          on       documenta-
      Ref: 31 U.S.C. 1341(a)(1)(A) and (C)                                                                      com-     tion.]         See Compliance
                                                                                                                puter                   Audit Program
                                                                                                                pro-                    803 Step 3.
                                                                                                                ces-
                                                                                                                sing?]




April 2003                                         GAO/PCIE Financial Audit Manual - Part II                                                   Page 803-1
Compliance
803 - Antideficiency Act


 Name of entity:                                                     Compliance Summary                                  Prepared by:
 Audit period:                                                                                                           Reviewed by:


                                                                                                                 IS     Effective        Instances of
               Provision description                            Objective                 Control activities   (Y/N)   compliance       noncompliance
                                                                                                                        controls?           noted?

 2.   The entity shall not make expenditures or     2.   Expenditures or                   (See note 2.)                            See Compliance
      obligations that exceed                            obligations do not exceed                                                  Audit Program
                                                         the legally binding limit on                                               803 Step 4.
      (1) the amount of an apportionment; or             the entity's budget
                                                         authority. (The amount of
      (2) a lesser amount, if any, established by        the apportionment or a
          agency regulations (such as the                lesser amount, if any,
          allotment level). See note 1.                  established by the entity's
                                                         regulations.) See note 1.
      Type: Quantitative-based
      Ref: 31 U.S.C. 1517(a)




April 2003                                          GAO/PCIE Financial Audit Manual - Part II                                               Page 803-2
Compliance
803 - Antideficiency Act

Note: Complete this program or prepare equivalent documentation only if provisions
of the Antideficiency Act are considered to be significant as indicated on Form 802 -
General Compliance Checklist. The procedures in this program are designed to test
compliance with the provisions listed on the Compliance Summary for this law.


 Name of entity:
 Audit period:                                          Reviewed by:

                                                                 Done      W/P ref
                       Audit Procedures                         by/date
 1.   List the appropriations or other budget authority and
      the related budget accounts that were identified for
      compliance testing on Form 802 - General Compliance
      Checklist. Per page 802-3, the auditor should identify
      all legally binding restrictions on budget execution,
      from sources such as appropriation legislation.

      (The following tests for compliance with the
      Antideficiency Act should be coordinated with tests of
      the Statement of Budgetary Resources and with tests of
      expenses.)




April 2003             GAO/PCIE Financial Audit Manual - Part II          Page 803-3
Compliance
803 - Antideficiency Act


 Name of entity:
 Audit period:                                             Reviewed by:

                                                                    Done      W/P ref
                        Audit Procedures                           by/date
 2.   As discussed in FAM 460.03, the auditor needs
      assurance that the summarized budget information
      (obligations and expenditures) used for compliance
      tests is reasonably accurate and complete. This
      assurance may be provided through effective controls
      (usually the budget controls) or, if the controls are not
      effective, through substantive testing of budget
      amounts for validity, completeness, cutoff, recording,
      classification, and summarization as described in FAM
      495 B.

      For the accounts listed in step 1, document if this
      assurance is provided through effective controls (as
      indicated on Form 803 - Compliance Summary) or if
      substantive tests of the budget information are
      necessary.
      If the controls are not considered to be effective in
      meeting some or all of the budget control objectives
      listed in FAM 395 F, perform substantive tests of the
      budget amounts (obligations and expenditures) as
      discussed in FAM 495 B. These substantive tests
      should be performed only for those potential
      misstatements for which the entity does not have
      effective budget controls.

      After the auditor is satisfied as to the reasonableness of
      the budget amounts to be used for the compliance
      tests, perform the compliance tests in steps 3 and 4.

 3.   Compare the actual amounts of budget obligations and
      expenditures with the related appropriation or other
      budget authority listed in step 1. If the entity does not
      appear to have complied with the provision, perform
      step 5. (31 U.S.C. 1341(a)(1)(A) and (C))




April 2003              GAO/PCIE Financial Audit Manual - Part II            Page 803-4
Compliance
803 - Antideficiency Act


 Name of entity:
 Audit period:                                             Reviewed by:

                                                                   Done      W/P ref
                         Audit Procedures                         by/date
 4.   Determine the entity's legally binding level of budget
      authority (below the appropriation level) that was
      identified during the planning phase. This level is
      usually the apportionment level unless the entity has
      elected a lower level, such as allotments.

      Compare the amount of actual obligations and
      expenditures to the legally binding level of restrictions
      on budget authority identified for compliance testing
      (the apportionment or allotment level). If the entity
      does not appear to have complied with the provision,
      perform step 5. (31 U.S.C. 1517(a))
 5.   If the entity does not appear to be in compliance based
      on the results of tests performed, discuss these matters
      with OGC and, when appropriate, the Special
      Investigator Unit to conclude if noncompliance actually
      has occurred and the implications of such
      noncompliance.

      For any noncompliance noted, the auditor should

      •      identify the weakness in controls that allowed the
             noncompliance to occur, if not previously
             identified during control testing;

      •      report the nature of any weakness in controls and
             consider modification of the opinion on internal
             control as appropriate (see FAM 580.32-.61);

      •      consider the implications of any instances of
             noncompliance on the financial statements; and

      •      report instances of noncompliance, as appropriate
             (see FAM 580.67-.75.).




April 2003                GAO/PCIE Financial Audit Manual - Part II         Page 803-5
Compliance
803 - Antideficiency Act


 Name of entity:
 Audit period:                                       Reviewed by:

                                                              Done      W/P ref
                     Audit Procedures                        by/date
 6.   Document conclusions on compliance with each
      provision on Form 803 - Compliance Summary.




April 2003            GAO/PCIE Financial Audit Manual - Part II        Page 803-6
Compliance
803 - Antideficiency Act

Note 1:   Entities are required to establish regulations that provide for a system of
          administrative controls over their execution of budget authority (31 U.S.C.
          1514(a)). As discussed in FAM 250.03, the entity may elect to lower the level
          at which budget limitations are legally binding in these regulations. For
          example, the entity may elect to reduce the legally binding limit on the
          obligation and expenditure of budget funds from the apportionment to the
          allotment level. The auditor should determine the level at which the entity's
          legally binding limit has been established.

Note 2:   The auditor should consider the results of the evaluation and testing of
          budget controls. These controls relate to the execution of budget authority
          and usually are the same controls that are used to comply with the
          Antideficiency Act. Accordingly, additional consideration of controls that
          achieve the compliance objective generally is not necessary if the auditor
          has assessed whether the entity achieves all of the budget control objectives
          listed in FAM 395 F. The auditor should reference this compliance summary
          to the budget control evaluation and testing and perform any additional
          procedures considered necessary to conclude if compliance controls are
          effective.




April 2003              GAO/PCIE Financial Audit Manual - Part II         Page 803-7
[This page intentionally left blank.]
Compliance


808 - FEDERAL CREDIT REFORM ACT OF 1990
Note: Complete this compliance summary or prepare equivalent documentation only if provisions of the Federal Credit Reform Act of 1990 (FCRA) are
considered to be significant as indicated on Form 802 - General Compliance Checklist.

OMB guidance on FCRA is included in OMB Circular A-11, part 5, Federal Credit Programs.


 Name of entity:                                                     Compliance Summary                                       Prepared by:
 Audit period:                                                                                                                Reviewed by:


                                                                                                                     IS      Effective        Instances of
               Provision description                             Objective                  Control activities     (Y/N)    compliance       noncompliance
                                                                                                                             controls?           noted?

 1.   Direct loan obligations may be incurred on     1.   Direct loan obligations        [Document the             [Is      [Indicate yes    [Indicate yes
      or after October 1, 1991, only to the extent        made on or after October 1,    control activities used   con-     or no;           or no; include
      that an appropriation or other budget               1991, do not exceed the        by the entity to          trol     include          reference to
      authority is available to cover these costs.        available appropriation or     achieve the               depen-   reference to     supporting
      (See notes 1, 2, and 5-7.)                          other budget authority. (See   objective.]               dent     supporting       documenta-
                                                          notes 1, 2, and 5-7.)                                    on       documenta-       tion.]
      Type: Quantitative-based                                                               (See note 10.)        com-     tion.]
      Ref: 2 U.S.C. 661c(b)                                                                                        puter                     See
                                                                                                                   pro-                      Compliance
                                                                                                                   ces-                      Audit Program
                                                                                                                   sing?]                    808 Steps 3
                                                                                                                                             and 4.




April 2003                                            GAO/PCIE Financial Audit Manual - Part II                                                  Page 808-1
Compliance
808 - Federal Credit Reform Act of 1990


 Name of entity:                                                    Compliance Summary                                Prepared by:
 Audit period:                                                                                                        Reviewed by:


                                                                                                                IS     Effective      Instances of
              Provision description                             Objective                Control activities   (Y/N)   compliance     noncompliance
                                                                                                                       controls?         noted?

 2.   A direct loan obligation or outstanding       2.   Modifications made to           (See note 10.)                              See
      direct loan shall not be modified in a             direct loan obligations or                                                  Compliance
      manner that increases its cost unless              outstanding direct loans do                                                 Audit Program
      budget authority for the additional cost is        not exceed the available                                                    808 Step 3.
      available. (See notes 5 and 8.) (See note          budget authority. (See
      9 for matters to discuss with OGC prior to         notes 5, 8, and 9.)
      testing.)

      Type: Quantitative-based
      Ref: 2 U.S.C. 661c(e)

 3.   Loan guarantee commitments may be             3.   Obligations for new loan        (See note 10.)                              See
      made on or after October 1, 1991, only to          guarantee commitments                                                       Compliance
      the extent that an appropriation or other          made on or after October 1,                                                 Audit Program
      budget authority is available to cover             1991, do not exceed the                                                     808 Steps 3
      these costs. (See notes 3 to 7.)                   available appropriation or                                                  and 4.
                                                         other budget authority.
      Type: Quantitative-based                           (See notes 3 to 7.)
      Ref: 2 U.S.C. 661c(b)




April 2003                                           GAO/PCIE Financial Audit Manual - Part II                                          Page 808-2
Compliance
808 - Federal Credit Reform Act of 1990


 Name of entity:                                                   Compliance Summary                                Prepared by:
 Audit period:                                                                                                       Reviewed by:


                                                                                                               IS     Effective      Instances of
              Provision description                            Objective                Control activities   (Y/N)   compliance     noncompliance
                                                                                                                      controls?         noted?

 4.   A loan guarantee commitment or               4.   Modifications made to loan       (See note 10.)                             See
      outstanding loan guarantee shall not be           guarantee commitments or                                                    Compliance
      modified in a manner that increases its           outstanding loan guarantees                                                 Audit Program
      cost unless budget authority for the              do not exceed the available                                                 808 Step 3.
      additional cost is available. (See notes 5        budget authority. (See
      and 8.) (See note 9 for matters to discuss        notes 5, 8, and 9.)
      with OGC prior to testing.)

      Type: Quantitative-based
      Ref: 2 U.S.C. 661c(e)




April 2003                                         GAO/PCIE Financial Audit Manual - Part II                                           Page 808-3
Compliance
808 - Federal Credit Reform Act of 1990

Note: Complete this program or prepare equivalent documentation only if
provisions of the Federal Credit Reform Act (FCRA) are considered to be
significant as indicated on Form 802 - General Compliance Checklist. The
procedures in this program are designed to test compliance with the provisions
listed on the Compliance Summary.

OMB guidance on FCRA is included in OMB Circular A-11, part 5, Federal Credit
Programs.


 Name of entity:
 Audit period:                                Reviewed by:

                                                               Done      W/P ref
                      Audit Procedures                        by/date
 1.   List the appropriations or other budget authority and
      the related budget accounts that were identified for
      compliance testing on Form 802 - General
      Compliance Checklist.




April 2003             GAO/PCIE Financial Audit Manual - Part II        Page 808-4
Compliance
808 - Federal Credit Reform Act of 1990


 Name of entity:
 Audit period:                                  Reviewed by:

                                                                 Done      W/P ref
                      Audit Procedures                          by/date
 2.   As discussed in FAM 460.03, the auditor needs
      assurance that the summarized budget information
      (obligations and expenditures) used for compliance
      tests is reasonably accurate and complete. This
      assurance may be provided through effective
      controls (usually the budget controls) or, if the
      controls are not effective, through substantive testing
      of budget amounts for validity, completeness, cutoff,
      recording, classification, and summarization as
      described in FAM 495 B.

      For the accounts listed in step 1, document whether
      this assurance is provided through effective controls
      (as indicated on Form 808 - Compliance Summary) or
      whether substantive tests of the budget information
      are necessary.

      If the controls are not considered to be effective in
      meeting some or all of the budget control objectives
      listed in FAM 395 F, plus the supplemental objectives
      for FCRA listed in FAM 395 F Sup, perform
      substantive tests of the budget amounts (obligations
      and expenditures) as discussed in FAM 495 B. These
      substantive tests should be performed only for those
      potential misstatements for which the entity does not
      have effective budget controls.

      After the auditor is satisfied as to the reasonableness
      of the budget amounts to be used for the compliance
      tests, perform the compliance tests in steps 3 and 4.




April 2003              GAO/PCIE Financial Audit Manual - Part II         Page 808-5
Compliance
808 - Federal Credit Reform Act of 1990


 Name of entity:
 Audit period:                                 Reviewed by:

                                                                 Done      W/P ref
                      Audit Procedures                          by/date
 3.   For each appropriation account or other budget
      authority listed in step 1, perform the following
      procedures that are applicable for direct and
      guaranteed loan programs that have a positive
      subsidy (i.e., cash outflows exceed cash inflows); (for
      direct and guaranteed loan programs that have a
      negative subsidy (i.e., cash inflows exceed cash
      outflows), perform step 4):

      (a) Compare the amount of obligations for direct
          loans to the amount of the available
          appropriation or other budget authority. (Note:
          This budget restriction is applicable only to
          obligations for direct loans made on or after
          October 1, 1991.)
 3.   (b) Compare the amount of obligations for
          modifications of direct loan obligations or
          outstanding direct loans to the amount of
          available budget authority. (Note: The sale of a
          direct loan is considered a modification. Discuss
          applicability of this budget restriction to direct
          loans and direct loan obligations that were
          outstanding prior to October 1, 1991, with OGC
          prior to performing compliance test.)
 3.   (c) Compare the amount of obligations for loan
          guarantee commitments to the amount of the
          available appropriation or other budget
          authority. (Note: This budget restriction is only
          applicable to obligations for loan guarantee
          commitments made on or after October 1, 1991.)




April 2003              GAO/PCIE Financial Audit Manual - Part II         Page 808-6
Compliance
808 - Federal Credit Reform Act of 1990


 Name of entity:
 Audit period:                                Reviewed by:

                                                              Done      W/P ref
                      Audit Procedures                       by/date
 3.   (d) Compare the amount of obligations for
          modifications of loan guarantee commitments or
          outstanding loan guarantees to the amount of
          available budget authority. (Note: Discuss
          applicability of this budget restriction to loan
          guarantees and loan guarantee commitments
          that were outstanding prior to October 1, 1991,
          with OGC prior to performing compliance test.)
          (2 U.S.C. 661c(b) and (e))

      If the amounts of obligations in any of these
      comparisons exceed the available budget authority,
      the entity may not be in compliance. Perform step 5.
 4.   Direct and guaranteed loan programs that have a
      negative subsidy (cash inflows exceed cash outflows)
      do not receive an appropriation. However, such
      programs have a loan limit that cannot be exceeded,
      i.e., a maximum number of loans that can be made or
      guaranteed. For these programs, compare the total
      number and dollar volume of loans made to the loan
      limit in the applicable Presidents' Budget. Perform
      step 5.




April 2003             GAO/PCIE Financial Audit Manual - Part II       Page 808-7
Compliance
808 - Federal Credit Reform Act of 1990


 Name of entity:
 Audit period:                                 Reviewed by:

                                                                Done      W/P ref
                      Audit Procedures                         by/date
 5.   If the entity does not appear to be in compliance
      based on the results of tests performed, discuss these
      matters with OGC and, when appropriate, the Special
      Investigator Unit to conclude if noncompliance
      actually has occurred and the implications of such
      noncompliance.

      For any noncompliance noted, the auditor should

      •   identify the weakness in controls that allowed the
          noncompliance to occur, if not previously
          identified during control testing;

      •   report the nature of any weakness in controls and
          consider modification of the report on internal
          control as appropriate (see FAM 580.32-.61);

      •   consider the implications of any instances of
          noncompliance on the financial statements; and

      •   report instances of noncompliance, as appropriate
          (see FAM 580.67-.75).
 6.   Document conclusions on compliance with each
      provision on Form 808 - Compliance Summary.




April 2003              GAO/PCIE Financial Audit Manual - Part II        Page 808-8
Compliance
808 - Federal Credit Reform Act of 1990

Note 1: A direct loan is a disbursement of funds by the government to a non-
        federal borrower under a contract that requires the repayment of such
        funds with or without interest. The term also includes the purchase of,
        or participation in, a loan made by another lender. The term does not
        include the acquisition of a federally guaranteed loan in satisfaction of
        default claims or the price support loans of the Commodity Credit
        Corporation. (2 U.S.C. 661a(1))

Note 2: A direct loan obligation is a binding agreement by a federal agency to
        make a direct loan when specified conditions are fulfilled by the
        borrower. (2 U.S.C. 661a(2))

Note 3: A loan guarantee is any guarantee, insurance, or other pledge with
        respect to the payment of all or a part of the principal or interest on any
        debt obligation of a nonfederal borrower to a nonfederal lender, but
        does not include the insurance of deposits, shares, or other
        withdrawable accounts in financial institutions. (2 U.S.C. 661a(3))

Note 4: A loan guarantee commitment is a binding agreement by a federal
        agency to make a loan guarantee when specified conditions are fulfilled
        by the borrower, the lender, or any other party to the guarantee
        agreement. (2 U.S.C. 661a(4))

Note 5: Appropriations or other budget authority to cover the cost of budget
        obligations for direct loan obligations and loan guarantee commitments
        must be made in advance by Congress. For revolving or other funds that
        otherwise would be available for these budget obligations, Congress
        must enact a limit on the use of such funds for these purposes to make
        them available for use. (2 U.S.C. 661c(b))

Note 6: Costs are defined as the estimated long-term cost to the government of a
        direct loan or loan guarantee, calculated on a net present value basis,
        excluding administrative costs and any incidental effects on
        governmental receipts or outlays. These calculations are described in
        further detail under the valuation control objective for obligations in
        FAM 395 F. (2 U.S.C. 661a(5))

Note 7: There is an exemption from this requirement for entitlements
        (mandatory programs such as the guaranteed student loan program and
        the VA home loan guaranty program) and credit programs of the
        Commodity Credit Corporation existing on the date of enactment of the
        act (November 5, 1990). (2 U.S.C. 661c(c))



April 2003             GAO/PCIE Financial Audit Manual - Part II         Page 808-9
Compliance
808 - Federal Credit Reform Act of 1990

Note 8: Modifications are government actions that alter the estimated net
        present value of a direct loan or loan guarantee for which an obligation
        has been recorded, for example, the sale of a direct loan, per SFFAS No.
        2, paragraph 53, or a policy change affecting the repayment period or
        interest rate for a group of existing loans. (Changes within the terms of
        existing contracts or through other existing authorities are not
        considered to be modifications. Also, "work outs" of individual loans,
        such as a change in the amount or timing of payments to be made, are
        not considered modifications.) The effects of these changes should be
        included in the annual reestimates of the estimated net present value of
        the obligations. Permanent indefinite authority is provided by FCRA for
        these reestimates.

Note 9: Discuss applicability of this budget restriction to direct loans, direct loan
        obligations, loan guarantees, or loan guarantee commitments that were
        outstanding prior to October 1, 1991, with OGC prior to performing
        control or compliance tests.

Note 10: The auditor should consider the results of the evaluation and testing of
         budget controls and testing of the Statement of Budgetary Resources.
         These controls relate to the execution of budget authority and usually
         are the same controls that are used to comply with the Antideficiency
         Act and the Federal Credit Reform Act. Accordingly, additional
         consideration of controls that achieve the compliance objective
         generally is not necessary if the auditor has assessed whether the entity
         achieves all of the budget control objectives listed in FAM 395 F,
         including the supplemental control objectives for the Federal Credit
         Reform Act. The auditor should reference to the budget control
         evaluation and testing and perform any additional procedures
         considered necessary to conclude if compliance controls are effective.




April 2003              GAO/PCIE Financial Audit Manual - Part II        Page 808-10
Compliance


809 - PROVISIONS GOVERNING CLAIMS OF THE U.S. GOVERNMENT (31 U.S.C. 3711-
      3720E) (INCLUDING THE DEBT COLLECTION IMPROVEMENT ACT OF 1996
      (DCIA))
Note: Complete this compliance summary or prepare equivalent documentation only if provisions governing claims of the U.S. government, as provided
primarily in sections 3711-3720E of Title 31, U.S. Code (including provisions of the Debt Collection Improvement Act of 1996), are considered significant, as
indicated on Form 802 - General Compliance Checklist.


 Name of entity:                                                     Compliance Summary                               Prepared by:
 Audit period:                                                                                                        Reviewed by:


                                                                                                                   IS       Effective        Instances of
               Provision description                             Objective                Control activities     (Y/N)     compliance       noncompliance
                                                                                                                            controls?           noted?

 1.   Interest shall be charged on an                1.   Interest is properly          [Document the           [Is        [Indicate      [Indicate yes or
       outstanding debt (or claim) owed to the            calculated and charged on     control activities      con-       yes or no;     no; include
       entity. Interest accrues from the date the         past due amounts owed to      used by the entity to   trol       include        reference to
       notice of the amount due and interest              the entity at the correct     achieve the             depen-     reference to   supporting
       policies is first mailed to the debtor.            rates. (See notes 1, 2, and   objective.]             dent       supporting     documentation.]
       Interest is charged at the rate established        3.)                                                   on         documenta-
       by the Secretary of the Treasury that is in                                                              com-       tion.]         See Compliance
       effect on that date. The rate remains fixed                                                              puter                     Audit Program
       at that rate for the duration of the                                                                     pro-                      809 Steps 3 (a),
       indebtedness.                                                                                            ces-                      (b), and (c).
      (See notes 1, 2, and 3.)                                                                                  sing?]

      Type: Transaction-based
      Ref: 31 U.S.C. 3717(a), (b), and (c)




April 2003                                            GAO/PCIE Financial Audit Manual - Part II                                                 Page 809-1
Compliance
809 - Provisions Governing Claims of the U.S. Government (31 U.S.C. 3711-3720E) (Including the Debt Collection
      Improvement Act of 1996 (DCIA))


 Name of entity:                                                     Compliance Summary                        Prepared by:
 Audit period:                                                                                                 Reviewed by:


                                                                                                              IS     Effective    Instances of
               Provision description                             Objective             Control activities   (Y/N)   compliance   noncompliance
                                                                                                                     controls?       noted?

 2.   The entity shall assess, on a claim owed to    2.   Administrative charges and                                             See Compliance
      it, a charge to cover the cost of processing        late payment penalties are                                             Audit Program
      and handling a delinquent claim plus a              properly calculated and                                                809 Step 3(d).
      penalty charge (of not more than 6                  charged on past due
      percent a year) for failure to pay a part of        amounts. (See note 3.)
      a claim more than 90 days past due.
      These additional charges do not accrue
      interest. (See note 3.)

      Type: Transaction-based
      Ref: 31 U.S.C. 3717(e) and (f)
 3.   The entity may compromise, terminate, or       3.   Claims of more than                                                    See Compliance
      suspend claims that are not more than               $100,000 (excluding                                                    Audit Program
      $100,000. Claims of more than $100,000              interest, penalties, and                                               809 Step 5(a).
      (excluding interest, penalties, and                 administrative costs) are
      administrative costs) shall be referred to          referred to the Justice
      the Justice Department for compromise,              Department for
      termination, or suspension. (See note 4.)           compromise, termination,
                                                          or suspension.
      Type: Procedural-based                              (See note 4.)
      Ref: 31 U.S.C. 3711(a)




April 2003                                            GAO/PCIE Financial Audit Manual - Part II                                      Page 809-2
Compliance
809 - Provisions Governing Claims of the U.S. Government (31 U.S.C. 3711-3720E) (Including the Debt Collection
      Improvement Act of 1996 (DCIA))


 Name of entity:                                                     Compliance Summary                          Prepared by:
 Audit period:                                                                                                   Reviewed by:


                                                                                                                IS     Effective    Instances of
               Provision description                             Objective               Control activities   (Y/N)   compliance   noncompliance
                                                                                                                       controls?       noted?

 4.   If the entity is owed a valid and legally      4.   When nontax debt becomes                                                 See Compliance
      enforceable, nontax debt delinquent over            delinquent over 180 days, it                                             Audit Program
      180 days, and there are no bars to                  is referred to Treasury for                                              809 Step 5(b).
      collection, it shall notify Treasury about          administrative offset and
      the debt for administrative offset and refer        collection. (See notes 5, 6,
      the debt to Treasury or a Treasury-                 and 7.)
      designated debt collection center for
      collection action. (See notes 5, 6, and 7.)

      Type: Procedural-based
      Ref: 31 U.S.C. 3711(g)(1) and (9), 31
      U.S.C. 3716(c)(6), 31 U.S.C. 3719 (a), 31
      U.S.C. 3720A(a), and 5 U.S.C. 5514(a)(1).

 5.   Unless waived by the entity, a person may      5.   Loans and loan insurance or                                              See Compliance
      not obtain any loan (other than a disaster          guarantees are not granted                                               Audit Program
      loan) or loan insurance or guarantee                to persons with delinquent                                               809 Step 4(b).
      administered by the entity if the person            nontax debt.
      has outstanding nontax delinquent federal
      debt. (Delinquency is determined by
      Treasury regulations.)

      Type: Transaction-based
      Ref: 31 U.S.C. 3720B




April 2003                                            GAO/PCIE Financial Audit Manual - Part II                                        Page 809-3
Compliance
809 - Provisions Governing Claims of the U.S. Government (31 U.S.C.
      3711-3720E) (Including the Debt Collection Improvement Act of
      1996 (DCIA))

Note: Complete this program or prepare equivalent documentation only if
provisions governing claims of the United States government as provided
primarily in sections 3711-3720E of Title 31, U.S. Code (including provisions of the
Debt Collection Act of 1996) are considered significant, as indicated on Form 802 -
General Compliance Checklist. The procedures in this program are designed to
test compliance with the provisions listed on the Compliance Summary.


 Name of entity:
 Audit period:                                Reviewed by:

                                                                 Done      W/P ref
                      Audit Procedures                          by/date
 1.   Based on the preliminary assessment of compliance
      control effectiveness (as documented on Form 809 -
      Compliance Summary), select a sample of amounts
      owed to the entity during or at the end of the audit
      period. (The sample size will vary based on the
      expected effectiveness of compliance controls, as
      discussed in FAM 460.02). Document the sampling
      approach using the documentation in FAM section
      495 E. See note 8 regarding sampling efficiencies and
      completeness of the sample population.

      Sample size
      Sample selection method




April 2003             GAO/PCIE Financial Audit Manual - Part II          Page 809-4
Compliance
809 - Provisions Governing Claims of the U.S. Government (31 U.S.C.
      3711-3720E) (Including the Debt Collection Improvement Act of
      1996 (DCIA))


 Name of entity:
 Audit period:                                 Reviewed by:

                                                                  Done      W/P ref
                      Audit Procedures                           by/date
 2.   For each item selected in step 1 obtain the loan file or
      other supporting documentation and note the
      following information as of the date selected for
      testing:

      •   due date of debt;
      •   amount owed;
      •   date the notice of the amount due and the interest
          policies is first mailed to the debtor;
      •   amount of interest accrued and other
          administrative charges and penalties charged, if
          any; and
      •   number of days the debt is past due, if any.

      Perform step 3 if the debt is past due.
      Perform step 4 if the debt is not past due.
 3.   If the amount selected is past due:

      (a) Calculate the number of days that interest
          should be accrued on the debt as of the date
          selected for testing. Interest generally accrues
          from the date that the notice of the amount due
          is first mailed to the debtor. (See note 1.)
          Compare the auditor's calculation with the
          calculation performed by the entity and obtain
          explanation and examine support for any
          differences. (31 U.S.C. 3717(b))




April 2003              GAO/PCIE Financial Audit Manual - Part II          Page 809-5
Compliance
809 - Provisions Governing Claims of the U.S. Government (31 U.S.C.
      3711-3720E) (Including the Debt Collection Improvement Act of
      1996 (DCIA))


 Name of entity:
 Audit period:                               Reviewed by:

                                                                Done      W/P ref
                      Audit Procedures                         by/date
 3.   (b) Determine the interest rate that should be used
          to accrue interest on the debt. The rate is
          published in the Federal Register and should be
          the rate that was in effect on the date that the
          notice of the amount due is first mailed to the
          debtor. (The web site for the Federal Register
          is:
          http://www.access.gpo.gov/su_docs/aces/aces14
          0.html.) Compare the auditor's determination of
          the rate to the rate used by the entity and obtain
          explanation and examine support for any
          differences. (31 U.S.C. 3717(a) and (c))
 3.   (c) Calculate the amount of interest that should be
          owed as of the date selected for testing using the
          number of days tested in (a) and the interest
          rate tested in (b). Compare the auditor's
          calculation to the amount calculated by the
          entity and obtain explanation and examine
          support for any differences. See notes 2 and 3
          regarding the waiver of interest.
 3.   (d) Obtain the entity's schedule of administrative
          charges and late payment penalties and
          determine if the appropriate amounts were
          charged to the debtor. See note 3 regarding the
          waiver of these charges. (31 U.S.C. 3717(e) and
          (f))




April 2003             GAO/PCIE Financial Audit Manual - Part II         Page 809-6
Compliance
809 - Provisions Governing Claims of the U.S. Government (31 U.S.C.
      3711-3720E) (Including the Debt Collection Improvement Act of
      1996 (DCIA))


 Name of entity:
 Audit period:                                Reviewed by:

                                                                 Done      W/P ref
                      Audit Procedures                          by/date
 4.   If the debt is not past due, determine through
      examination of the entity's records whether

      (a) interest, administrative charges, or penalties are
          not being charged; and

      (b) the debtor had no outstanding nontax delinquent
          federal debt at the time the loan was obtained.
          (31 U.S.C. 3720 B)
 5.   The objectives listed below relate to procedural-based
      provisions. As discussed in FAM 460.06, sufficient
      procedures usually are performed in conjunction with
      tests of compliance controls for these procedural-
      based provisions to conclude on the entity's
      compliance without performing additional
      procedures. Additional procedures should not be
      performed to obtain evidence regarding compliance
      with the provisions related to the following objectives
      unless sufficient evidence regarding compliance was
      not obtained during compliance control tests
      documented on Form 809 - Compliance Summary.

      (a) Claims of more than $100,000 (excluding
          interest, penalties, and administrative costs) are
          referred to the Justice Department for
          compromise, termination, or suspension. See
          note 4. (31 U.S.C. 3711 )

      (b) Claims delinquent for a period of 180 days have
          been referred to Treasury for collection. See
          notes 5, 6, and 7. (31 U.S.C. 3711 (g))




April 2003              GAO/PCIE Financial Audit Manual - Part II         Page 809-7
Compliance
809 - Provisions Governing Claims of the U.S. Government (31 U.S.C.
      3711-3720E) (Including the Debt Collection Improvement Act of
      1996 (DCIA))


 Name of entity:
 Audit period:                               Reviewed by:

                                                                Done      W/P ref
                      Audit Procedures                         by/date
 6.   If the entity does not appear to be in compliance
      based on the results of tests performed, discuss these
      matters with OGC and, when appropriate, the Special
      Investigator Unit to conclude if noncompliance
      actually has occurred and the implications of such
      noncompliance.

      For any noncompliance noted, the auditor should

      •   identify the weakness in compliance controls that
          allowed the noncompliance to occur, if not
          previously identified during compliance control
          testing;

      •   report the nature of any weakness in compliance
          controls and consider modification of the
          conclusion on internal control as appropriate (see
          FAM 580.32-.61);

      •   consider the implications of any instances of
          noncompliance on the financial statements; and

      •   report instances of noncompliance, as
          appropriate (see FAM 580.67-.75).
 7.   Document conclusions on compliance with each
      provision on Form 809 - Compliance Summary.




April 2003             GAO/PCIE Financial Audit Manual - Part II         Page 809-8
Compliance
809 - Provisions Governing Claims of the U.S. Government (31 U.S.C.
      3711-3720E) (Including the Debt Collection Improvement Act of
      1996 (DCIA))

Note 1: Claims are amounts owed to the government, including amounts owed
        for loans insured or guaranteed by the government. The term "claim" is
        used interchangeably with the term "debt" in this law. (31 U.S.C.
        3701(b))

         Interest normally accrues from the date that notice of the debt and the
         agency's interest policies is first mailed to the debtor. If the agency
         sends a bill to the debtor in advance of the due date and that bill states
         the interest policies, interest would accrue from the due date specified in
         the bill.

         The provisions regarding accrual of interest and other charges do not
         apply to the extent that a statute, related regulation, loan agreement, or
         contract provides otherwise, or if a claim is under a contract executed
         before October 25, 1982, that is in effect on October 25, 1982. (31 U.S.C.
         3717(g)) Accrual of interest and penalties under this law does not apply
         to amounts owed by other agencies of the federal government, a state
         government or a unit of general local government or to amounts payable
         to the entity under the Internal Revenue Code, the Social Security Act, or
         tariff laws. (31 U.S.C. 3701 (c) and (d)) This law, however, does not
         preclude the charging of interest to state and local governments under
         authority provided under other laws.

Note 2: The entity shall waive the collection of interest on a claim (or any
        portion of the claim) that is paid within 30 days after the date on which
        interest began to accrue. The agency may extend this 30-day period. (31
        U.S.C. 3717(d)) Interest that is either accrued or collected on claims that
        are paid within the 30-day period would usually not be material or
        otherwise significant for purposes of compliance testing. If the auditor
        considers this provision to be significant for compliance testing, this
        form should be tailored to include the appropriate testing procedures.

Note 3: The entity has the authority to waive the collection of interest, penalties,
        and administrative charges. The entity should follow its own regulations
        when determining whether a waiver is appropriate. Such regulations
        should be in conformity with the standards set jointly by the Comptroller
        General, the Attorney General, and the Secretary of the Treasury
        described in 31 CFR 901.9. (31 U.S.C. 3717(h))

         The entity may increase an administrative claim (debt not based on an
         extension of government credit through direct loans, guarantees, or
         insurance, including fines, penalties, and overpayments) annually by the


April 2003             GAO/PCIE Financial Audit Manual - Part II         Page 809-9
Compliance
809 - Provisions Governing Claims of the U.S. Government (31 U.S.C.
      3711-3720E) (Including the Debt Collection Improvement Act of
      1996 (DCIA))

         cost of living adjustment in lieu of charging interest and penalties. (31
         U.S.C. 3717(i))

Note 4: Compromise is the term used when an amount less than the total amount
        of the claim is accepted by the entity as payment in full. Suspension
        refers to the temporary deferral of collection activities until collection
        activity is expected to be more successful. Termination refers to
        stopping of collection activities.

         Only the Justice Department has the authority to compromise, terminate,
         or suspend collection on claims that are greater than $100,000 (excluding
         interest, penalties, and administrative charges). Pursuant to 31 CFR
         Parts 902.1 and 903.1, entities generally should use a Claims Collection
         Litigation Report (CCLR) to refer such matters to the Justice
         Department.

Note 5: Exceptions to the requirement to transfer nontax debt delinquent for a
        period of 180 days to Treasury for collection are

         (a) a debt or claim that
             (1) is in litigation or foreclosure;
             (2) will be disposed of under an asset sales program within 1 year
                  after becoming eligible for sale, or later than 1 year if
                  consistent with an asset sales program and a schedule
                  established by the entity and approved by OMB;
             (3) has been referred to a private collection contractor for
                  collection for a period determined by Treasury;
             (4) has been referred by, or with the consent of, Treasury to a debt
                  collection center for a period determined by Treasury; or
             (5) will be collected under internal offset, if such offset is
                  sufficient to collect the claim within 3 years after the date the
                  debt or claim is first delinquent; and
         (b) to any other specific class of debt or claim, as determined by
             Treasury at the request of an entity. (31 U.S.C. 3711(g)(2))
             Examples include
             (1) debts in bankruptcy meeting the criteria for an automatic stay
                  (11 U.S.C. 362),
             (2) foreign debt considered uncollectable by Treasury due to
                  foreign diplomacy considerations and affairs of state,
             (3) debts in forbearance or appeals.

Note 6: Exceptions to the requirement to notify Treasury of nontax debt
        delinquent over 180 days for administrative offset are a claim that has

April 2003             GAO/PCIE Financial Audit Manual - Part II        Page 809-10
Compliance
809 - Provisions Governing Claims of the U.S. Government (31 U.S.C.
      3711-3720E) (Including the Debt Collection Improvement Act of
      1996 (DCIA))

         been outstanding for more than 10 years or when a statute explicitly
         prohibits using administrative offset or setoff to collect the type of claim
         involved. (31 U.S.C. 3716(e)) Also, this section does not prohibit the use
         of any other administrative offset authority existing. (31 U.S.C. 3716 (d))

         Prior to referring debts to Treasury, an agency shall inform the debtor of
         the amount and nature of the debt (such as overpayment, etc.), and
         actions which may be taken to enforce recovery of a delinquent debt.
         These include

         (a)   offset of any payments which the debtor is due, including tax
               refunds, and salary;
         (b)   referral of the debt to a private collection agency;
         (c)   referral of the debt to the Department of Justice or agency counsel
               for litigation;
         (d)   reporting of the debt to a credit bureau;
         (e)   reporting of the debt, if discharged, to IRS as a potential taxable
               income.

         In the future, the agency also will need to inform the debtor that the debt
         may be subject to administrative wage garnishment, his/her identity may
         be published or publicly disseminated, and/or the debt may be sold.

         The notice must tell the debtor that he/she has the opportunity

         (a)   to inspect and copy records relating to the debt,
         (b)   for a review by the agency; and
         (c)   to enter into a written repayment agreement.


Note 7: Before an entity refers past-due debt to Treasury for reduction of tax
        refund, it must

         (a)   notify the person incurring such debt that the entity proposes to
               refer to Treasury for tax refund offset,
         (b)   give such person at least 60 days to present evidence that all or
               part of the debt is not past due or not legally enforceable,
         (c)   consider any evidence presented by such person and determine
               that an amount of such debt is past due and legally enforceable,
         (d)   satisfy such other conditions Treasury may prescribe to ensure the
               above determination is valid and that the entity has made
               reasonable efforts to obtain payment, and


April 2003             GAO/PCIE Financial Audit Manual - Part II        Page 809-11
Compliance
809 - Provisions Governing Claims of the U.S. Government (31 U.S.C.
      3711-3720E) (Including the Debt Collection Improvement Act of
      1996 (DCIA))

          (e)     certify that reasonable efforts have been made by the entity to
                  obtain payment. (31 U.S.C. 3720A (b))

             Treasury issues regulations prescribing the times at which entities shall
             submit notices of past-due legally enforceable debts, the manner of
             submitting them, and the information to be contained in them. The
             regulations also specify the minimum amount of debt that may be
             referred for tax refund offset and the fee the entity shall pay to
             reimburse Treasury for its costs.

Note 8:   If multipurpose testing is used for the compliance test and/or
          compliance control test and/or a substantive test of accounts or loans
          receivable details, the sample items for the compliance test and/or
          compliance control test should be selected using the sampling method
          used for the substantive test as described in FAM 430. Otherwise, the
          items should be selected using attribute sampling as discussed in FAM
          460.02.

          As with all sampling applications, the auditor should consider the
          completeness of the test population. For efficiency, the auditor should
          consider using records that were tested for validity, accuracy, and
          completeness (as well as the other financial statement assertions) in
          conjunction with substantive tests of the population.




April 2003                GAO/PCIE Financial Audit Manual - Part II       Page 809-12
Compliance


810 - PROMPT PAYMENT ACT
Note: Complete this compliance summary or prepare equivalent documentation only if provisions of the Prompt Payment Act are considered to be significant
as indicated on Form 802 - General Compliance Checklist.

OMB guidance on the Prompt Payment Act is included in 5 CFR Part 1315.


 Name of entity:                                                      Compliance Summary                                     Prepared by:
 Audit period:                                                                                                               Reviewed by:


                                                                                                                   IS      Effective       Instances of
               Provision description                              Objective                 Control activities   (Y/N)    compliance      noncompliance
                                                                                                                           controls?          noted?

 1.   If payment for property or services from a      1a. All payments for property      [Document the           [Is      [Indicate      [Indicate yes or
       business concern is not made by the                or services that are not       control activities      con-     yes or no;     no; include
       required due date, an interest penalty shall       made by the payment due        used by the entity to   trol     include        reference to
       be paid to the concern on the amount of            date are identified. (See      achieve the             depen-   reference to   supporting
       the payment due. The interest penalty              note 1.)                       objective.]             dent     supporting     documentation.]
       shall be paid for the period beginning on                                                                 on       documenta-
       the day after the required payment date        1b. Interest penalties are                                 com-     tion.]         See Compliance
       and ending on the date on which payment            calculated and paid on the                             puter                   Audit Program
       is made. (See notes 1, 2, 3, 4, and 5.)            past due amount using the                              pro-                    810 Step 4(a) and
                                                          appropriate interest rate                              ces-                    (b).
      Type: Transaction-based                             and period. (See notes 2, 3,                           sing?]
      Ref: 31 U.S.C. 3902(a) and (b)                      4, and 5.)




April 2003                                            GAO/PCIE Financial Audit Manual - Part II                                                Page 810-1
Compliance
810 - Prompt Payment Act


 Name of entity:                                                  Compliance Summary                                  Prepared by:
 Audit period:                                                                                                        Reviewed by:


                                                                                                              IS     Effective     Instances of
              Provision description                           Objective                Control activities   (Y/N)   compliance    noncompliance
                                                                                                                     controls?        noted?

 2.   Penalties shall be paid out of amounts      2.   Interest penalties are paid                                               See Compliance
      made available to carry out the program          out of the appropriation                                                  Audit Program
      for which the penalty is incurred.               used to pay related program                                               810 Steps 4(c),
                                                       expenditures.                                                             5(c), and 6.
      Type: Transaction-based
      Ref: 31 U.S.C. 3902(f)

 3.   Discounts offered by a business concern     3a. Discounts taken after the                                                  See Compliance
      may be taken only if payment is made            specified time period are                                                  Audit Program
      within the specified time as determined         identified.                                                                810 Step 5(a) and
      from the date of the invoice. An interest                                                                                  (b).
      penalty shall be paid on improperly taken   3b. Interest penalties are
      discounts.                                      properly calculated and
                                                      paid on the amount of any
      Type: Transaction-based                         improperly taken discounts
      Ref: 31 U.S.C. 3904                             using the appropriate
                                                      interest rate and period.




April 2003                                         GAO/PCIE Financial Audit Manual - Part II                                           Page 810-2
Compliance
810 - Prompt Payment Act

Note: Complete this program or prepare equivalent documentation only if
provisions of the Prompt Payment Act are considered to be significant as
indicated on Form 802 - General Compliance Checklist. The procedures in this
program are designed to test compliance with the provisions listed on the
Compliance Summary.

OMB Guidance on the Prompt Payment Act is included in 5 CFR Part 1315.


 Name of entity:
 Audit period:                              Reviewed by:

                                                              Done      W/P ref
                     Audit Procedures                        by/date
 1.   Based on the preliminary assessment of compliance
      control effectiveness (as documented on Form 810 -
      Compliance Summary), select a sample of payments
      from throughout the audit period. (The sample size
      will vary based on the expected effectiveness of
      compliance controls as discussed in FAM 460.02.)
      Document the sampling approach using the
      documentation in FAM section 495 E. See note 6
      regarding sampling efficiencies and completeness of
      the population.

      Sample size
      Sample selection method




April 2003             GAO/PCIE Financial Audit Manual - Part II       Page 810-3
Compliance
810 - Prompt Payment Act


 Name of entity:
 Audit period:                                   Reviewed by:

                                                                 Done      W/P ref
                         Audit Procedures                       by/date
 2.   For each item selected in step 1, obtain the
      supporting documentation for the payment such as
      the invoice voucher package.

      (a) Document the following items in the
             documentation:

             •   invoice number;
             •   payee;
             •   invoice amount;
             •   invoice date;
             •   invoice receipt date (or other date used for
                 determining compliance with this law - see
                 step 2 (b));
             •   payment date;
             •   amount of interest penalty paid, if any;
             •   amount of discount taken, if any; and
             •   appropriation account(s) charged for the
                 expenditure and interest penalty, if any.




April 2003                GAO/PCIE Financial Audit Manual - Part II       Page 810-4
Compliance
810 - Prompt Payment Act


 Name of entity:
 Audit period:                                   Reviewed by:

                                                                    Done      W/P ref
                        Audit Procedures                           by/date
 2.   (b) For each item selected, note whether the
          payment was made by the required due date.
          The required due date may be the date specified
          in the contract or, if a date is not specified, 30
          days after receipt of the invoice (31 U.S.C.
          3903(a)(1)(A) and (B)). If payment is for meat or
          meat food products, perishable agricultural
          products, dairy products or construction
          contracts, consult with OGC to determine
          payment due date. Specific payment due dates
          to avoid interest penalties are established by law
          for these items. (31 U.S.C. 3903(a)(2), (3), (4),
          and (6))

             The invoice receipt date is the later of (1) the
             date the entity's designated representative or
             office actually receives a proper invoice or
             (2) the 7th day after the date on which, in
             accordance with the terms and conditions of the
             contract, the property is actually delivered or
             performance of the services is actually
             completed (unless the entity accepted the
             property or services before the 7th day or a
             longer acceptance period is specified in the
             contract). If the date of actual invoice receipt is
             not indicated, the entity must use the invoice
             date. (31 U.S.C. 3901(a)(4)(A) and (B))

             If the payment was made prior to the payment
             due date, perform step 3.

             If the payment was made after the payment due
             date, perform step 4.

             If a discount was taken, perform step 5.




April 2003                GAO/PCIE Financial Audit Manual - Part II          Page 810-5
Compliance
810 - Prompt Payment Act


 Name of entity:
 Audit period:                               Reviewed by:

                                                              Done      W/P ref
                      Audit Procedures                       by/date
 3.   If the payment was made prior to the payment due
      date, and no discount was taken, determine that no
      interest penalty was paid.

      (Note: If the entity did not take advantage of a
      discount for which it was eligible or if an interest
      penalty was paid when it was not owed, the auditor
      generally should determine the cause of these items
      for purposes of reporting findings.)




April 2003             GAO/PCIE Financial Audit Manual - Part II       Page 810-6
Compliance
810 - Prompt Payment Act


 Name of entity:
 Audit period:                                  Reviewed by:

                                                                 Done      W/P ref
                        Audit Procedures                        by/date
 4.   If the payment was made after the payment due date,
      determine whether

      (a)    an interest penalty was paid;

      (b)    the amount of the interest penalty was properly
             calculated; and

      (c)    the interest penalty was paid out of the
             appropriation used to pay the related
             expenditures.

             Review the accounting codes indicated on the
             expense voucher. Determine whether the
             accounting codes used to record the interest
             penalty are the same as those used for the
             related expenditure and whether the codes and
             amounts agree with those recorded in the
             budgetary accounting records. (See step 6
             regarding proper summarization of amounts.)
             (31 U.S.C. 3902 (a), (b), and (f))

      Investigate any differences between the amount of
      interest penalty calculated by the auditor and the
      amount paid by the entity, including any instances
      when an interest penalty was owed but not paid. See
      note 5. Investigate any instances when the proper
      appropriation account was not charged.

      See note 2 regarding the interest rate to be used. See
      notes 3 and 4 regarding the period the penalty should
      cover.




April 2003                GAO/PCIE Financial Audit Manual - Part II       Page 810-7
Compliance
810 - Prompt Payment Act


 Name of entity:
 Audit period:                                 Reviewed by:

                                                                 Done      W/P ref
                        Audit Procedures                        by/date
 5.   If a discount was taken, determine whether it was
      taken during the specified period the discount was
      available. If the discount was taken during the
      specified period, further consideration is not
      necessary.

      If any discounts are taken after the appropriate time
      period, determine whether

      (a)    an interest penalty was paid,

      (b)    the amount of the interest penalty was properly
             calculated, and

      (c)    the interest penalty was charged against the
             appropriation used for the related expenditures.

             Review the budget accounting codes indicated
             on the expense voucher. Determine whether the
             budget accounting codes indicated on the
             voucher for the interest penalty are the same as
             those used for the related expenditure.
             Determine whether the codes and amounts on
             the voucher agree with those recorded in the
             budgetary accounting records. (See step 6
             regarding proper summarization of the
             budgetary amounts.) (31 U.S.C. 3902 (a), (b),
             and (f), and 31 U.S.C. 3904)

      Interest penalties should be calculated on the amount
      of the discount. The penalty accrues on the amount
      of the discount from the last date specified that the
      discounted amount may be paid (31 U.S.C. 3904). See
      note 2 regarding the interest rate to be used to
      calculate the interest penalty.

                           (continued)

April 2003               GAO/PCIE Financial Audit Manual - Part II        Page 810-8
Compliance
810 - Prompt Payment Act


 Name of entity:
 Audit period:                                 Reviewed by:

                                                                  Done      W/P ref
                       Audit Procedures                          by/date
 5. (continued)

      Investigate any differences between the amount of
      interest penalty calculated by the auditor and the
      amount paid by the entity, including any instances
      when an interest penalty was owed but not paid.
      Investigate any instances when the proper
      appropriation account was not charged.
 6.   Consider the procedures performed on the entity's
      budget controls over summarization of expenditure
      balances as discussed in FAM 395 F.

      If the auditor has assessed the entity's controls as
      effective in achieving the control objective of
      summarization of expenditure balances, further
      procedures are not necessary to obtain assurance as
      to whether interest penalties are paid out of the
      proper appropriation account.

      If the auditor has assessed the controls as ineffective,
      the auditor should perform procedures to determine
      if the entity has properly summarized the expenditure
      balances as described in FAM 495 B.




April 2003              GAO/PCIE Financial Audit Manual - Part II          Page 810-9
Compliance
810 - Prompt Payment Act


 Name of entity:
 Audit period:                               Reviewed by:

                                                                Done       W/P ref
                      Audit Procedures                         by/date
 7.   If the entity does not appear to be in compliance
      based on the results of tests performed, discuss these
      matters with OGC and, when appropriate, the Special
      Investigator Unit to conclude if noncompliance
      actually has occurred and the implications of such
      noncompliance.

      For any noncompliance noted, the auditor should

      •   identify the weakness in compliance controls that
          allowed the noncompliance to occur, if not
          previously identified during compliance control
          testing;

      •   report the nature of any weakness in compliance
          controls and consider modification of the opinion
          on internal control as appropriate (see FAM
          580.32-.61);

      •   consider the implications of any instances of
          noncompliance on the financial statements; and

      •   report instances of noncompliance, as appropriate
          (see FAM 580.67-.75).
 8.   Document conclusions on compliance with each
      provision on Form 810 - Compliance Summary.




April 2003              GAO/PCIE Financial Audit Manual - Part II        Page 810-10
Compliance
810 - Prompt Payment Act

Note 1:   The required due date is generally the date specified in the contract or, if
          a date is not specified, 30 days after receipt of the invoice (31 U.S.C.
          3903(a)(1)(A) and (B)) If payment is for meat or meat food products,
          perishable agricultural products, dairy products or construction
          contracts, consult with OGC to determine payment due date. Specific
          payment due dates to avoid interest penalties are established by law for
          these items. (31 U.S.C. 3903(a)(2), (3), (4), and (6))

          The invoice receipt date is established as the later of (1) the date the
          entity's designated representative or office actually receives a proper
          invoice or (2) the 7th day after the date on which, in accordance with the
          terms and conditions of the contract, the property is actually delivered
          or performance of the services is actually completed, unless the entity
          accepted the property or services before the 7th day or a longer
          acceptance date is specified in the contract. If the date of actual invoice
          receipt is not indicated, the entity must use the invoice date. (31 U.S.C.
          3901(a)(4)(A) and (B))

Note 2: Interest shall be calculated at the rate set by the Secretary of the
        Treasury under section 12 of the Contract Disputes Act of 1978 (41
        U.S.C. 611) that is in effect at the time the entity accrues the obligation
        to pay a late payment interest penalty. The rates are published in the
        Federal Register. (31 U.S.C. 3902(a))

Note 3: The interest penalty shall be paid for the period beginning on the day
        after the required payment date and ending on the date on which
        payment is made. (31 U.S.C. 3902(b))

          An interest penalty not paid after any 30-day period shall be added to the
          principal amount of the debt, and a penalty accrues thereafter on the
          combined amount of principal and interest. (31 U.S.C. 3902(e))

Note 4: A payment is deemed to be made on the date a check for payment is
        dated or an electronic transfer is made. (31 U.S.C. 3901 (a)(5))

Note 5: The temporary unavailability of funds to make a timely payment due for
        property or services does not relieve the entity head of the obligation to
        pay interest penalties under this law. (31 U.S.C. 3902 (d))

Note 6: If multipurpose testing is used for the compliance test and/or
        compliance control test and/or a substantive test of payments details,
        the sample items for the compliance test and/or compliance control test
        should be selected using the sampling method used for the substantive


April 2003              GAO/PCIE Financial Audit Manual - Part II        Page 810-11
Compliance
810 - Prompt Payment Act

         test as described in FAM 430. Otherwise, the items should be selected
         using attribute sampling as discussed in FAM 460.02.

         As with all sampling applications, the auditor should consider the
         completeness of the test population. For efficiency, the auditor should
         consider using records that were tested for validity, accuracy, and
         completeness (as well as the other financial statement assertions) in
         conjunction with substantive tests of the population.




April 2003             GAO/PCIE Financial Audit Manual - Part II      Page 810-12
Compliance


812 -        PAY AND ALLOWANCE SYSTEM FOR CIVILIAN EMPLOYEES, AS PROVIDED
             PRIMARILY IN CHAPTERS 51-59 OF TITLE 5, U.S. CODE
Note: Complete this compliance summary or prepare equivalent documentation only if provisions of the Pay and Allowance System for Civilian Employees, as
provided primarily in Chapters 51-59 of Title 5, U.S. Code, are considered to be significant as indicated on Form 802 - General Compliance Checklist.


 Name of entity:                                                    Compliance Summary                                     Prepared by:
 Audit period:                                                                                                             Reviewed by:


                                                                                                                 IS      Effective         Instances of
              Provision description                             Objective                Control activities    (Y/N)    compliance      noncompliance
                                                                                                                         controls?          noted?

 1.   Pay for a specific position should be based   1.   Employees are paid at         [Document the           [Is      [Indicate      [Indicate yes or
      on the appropriate pay schedule or pay             appropriate rates.            control activities      con-     yes or no;     no; include
      rate.                                                                            used by the entity to   trol     include        reference to
                                                                                       achieve the             depen-   reference to   supporting
      Type: Transaction-based                                                          objective.]             dent     supporting     documentation.]
      Ref: 5 U.S.C. 5332, 5343, and 5383                                                                       on       documenta-
                                                                                                               com-     tion.]         See Compliance
                                                                                                               puter                   Audit Program
                                                                                                               pro-                    812 Step 4(b).
                                                                                                               ces-
                                                                                                               sing?]

 2.   Employer shall pay employees at least         2.   Employees are paid at least                                                   See Compliance
      minimum wage. (See note 1.)                        minimum wage. (See                                                            Audit Program
                                                         note 1.)                                                                      812 Step 4(b).
      Type: Transaction-based
      Ref: 29 U.S.C. 206




April 2003                                           GAO/PCIE Financial Audit Manual - Part II                                               Page 812-1
Compliance
812 - Pay and Allowance System for Civilian Employees, as Provided
      Primarily in Chapters 51-59 of Title 5, U.S. Code

Note: Complete this program or prepare equivalent documentation only if
provisions of the Pay and Allowance System for Civilian Employees, as provided
primarily in Chapters 51-59 of Title 5, U.S. Code, are considered to be significant
as indicated on Form 802 - General Compliance Checklist. The procedures in this
program are designed to test compliance with the provisions listed on the
Compliance Summary.


 Name of entity:
 Audit period:                                    Reviewed by:

                                                                Done      W/P ref
                      Audit Procedures                         by/date
 Note: These tests are closely related to procedures
       performed for substantive tests of payroll expense
       details. Use of multipurpose testing in this
       situation is strongly encouraged.
 1.   Based on the preliminary assessment of compliance
      control effectiveness (as documented on Form 812 -
      Compliance Summary), select an appropriate sample
      of disbursements from the payroll records
      throughout the audit period. (The sample size will
      vary based on the expected effectiveness of
      compliance controls as discussed in FAM 460.02).
      Document the sampling approach using the
      documentation in FAM section 495 E. See note 2
      regarding sampling efficiencies and completeness of
      the population.

      Sample size
      Sample selection method




April 2003             GAO/PCIE Financial Audit Manual - Part II         Page 812-2
Compliance
812 - Pay and Allowance System for Civilian Employees, as Provided
      Primarily in Chapters 51-59 of Title 5, U.S. Code


 Name of entity:
 Audit period:                                      Reviewed by:

                                                                  Done      W/P ref
                        Audit Procedures                         by/date
 2.   For each item selected in 1, note the following
      information:

      •   employee name;
      •   pay period (number and dates);
      •   amount of gross pay for the period;
      •   pay rate;
      •   total hours worked; and
      •   number of hours worked at regular pay and other
          pay (i.e., overtime, premium pay, etc.).
 3.   For each item selected in 1, obtain the employee's
      personnel file and note the following in effect for the
      pay period selected:

      •   the employee's grade and step and
      •   the employee's pay rate.
 4.   For each item selected in 1,

      (a) Calculate the amount of gross pay using the
          hours worked and the employee's pay rate
          indicated on the payroll records. Compare the
          amount of gross pay calculated by the auditor to
          the amount shown on the payroll records for the
          selected pay period and obtain explanation and
          examine support for any differences.

             Note: To convert basic annual amount to a
                   daily, weekly or biweekly amount, divide
                   the annual rate by 2,087 for an hourly
                   rate. Multiply the hourly rate by number
                   of either daily hours, 40 for weekly, or 80
                   for biweekly amounts. (5 U.S.C. 5504)




April 2003               GAO/PCIE Financial Audit Manual - Part II         Page 812-3
Compliance
812 - Pay and Allowance System for Civilian Employees, as Provided
      Primarily in Chapters 51-59 of Title 5, U.S. Code


 Name of entity:
 Audit period:                                     Reviewed by:

                                                                Done      W/P ref
                        Audit Procedures                       by/date
 4.   (b) Compare the employee's pay rate in the payroll
          records to the appropriate pay rate for the
          employee's approved grade and step on the pay
          schedules established by executive order. (Use
          the approved grade and step indicated in the
          employee's personnel records for this test.)
          Obtain explanation and examine support for any
          differences between the actual pay rate for the
          period selected and the authorized amounts. (5
          U.S.C. 5332, 5343, and 5383)

             If the employee's pay is not set by these pay
             schedules, determine whether the amount paid
             is properly authorized and whether the pay rate
             is at least minimum wage. (29 U.S.C. 206)




April 2003               GAO/PCIE Financial Audit Manual - Part II       Page 812-4
Compliance
812 - Pay and Allowance System for Civilian Employees, as Provided
      Primarily in Chapters 51-59 of Title 5, U.S. Code


 Name of entity:
 Audit period:                                    Reviewed by:

                                                                Done      W/P ref
                      Audit Procedures                         by/date
 5.   If the entity does not appear to be in compliance
      based on the results of tests performed, discuss these
      matters with OGC and, when appropriate, the Special
      Investigator Unit to conclude if noncompliance
      actually has occurred and the implications of such
      noncompliance.

      For any noncompliance noted, the auditor should

      •   identify the weakness in compliance controls that
          allowed the noncompliance to occur, if not
          previously identified during compliance control
          testing;

      •   report the nature of any weakness in compliance
          controls and consider modification of the opinion
          on internal control as appropriate (see FAM
          580.32-.61);

      •   consider the implications of any instances of
          noncompliance on the financial statements; and

      •   report instances of noncompliance, as appropriate
          (see FAM 580.67-.75).
 6.   Document conclusions on compliance with each
      provision on Form 812 - Compliance Summary.




April 2003              GAO/PCIE Financial Audit Manual - Part II        Page 812-5
Compliance
812 - Pay and Allowance System for Civilian Employees, as Provided
      Primarily in Chapters 51-59 of Title 5, U.S. Code

Note 1: To convert basic annual amount to a daily, weekly, or biweekly amount,
        divide the annual rate by 2,087 for an hourly rate. Multiply the hourly
        rate by number of either daily hours, 40 for weekly, or 80 for biweekly
        amounts. (5 U.S.C. 5504)

Note 2: If multipurpose testing is used for the compliance test and/or
        compliance control test and a substantive test of payroll expense details,
        the sample items for the compliance test and/or compliance control test
        should be selected using the sampling method used for the substantive
        test. Otherwise, the items should be selected using attribute sampling,
        as discussed in FAM 460.02.

         As with all sampling applications, the auditor should consider the
         completeness of the population. For efficiency, the auditor should
         consider using records that were tested for validity and completeness
         (as well as the other financial statement assertions) in conjunction with
         substantive tests of payroll or other payroll related compliance tests.

Note 3: If the entity outsources payroll processing, the entity remains
        responsible for compliance. Dividing responsibility for payroll
        processing activities between the entity and the service organization
        could make payroll testing more complicated, although the same testing
        should be performed. The auditor may accomplish that testing with the
        assistance of the service organization's auditor, who may issue an
        internal control report on the service organization under AU 324
        (SAS 70). Or the service organization's auditor may assist the entity
        auditor by performing agreed-upon procedures at the service
        organization (e.g., substantive testing) under AT 201 (see FAM 660).




April 2003             GAO/PCIE Financial Audit Manual - Part II        Page 812-6
Compliance


813 - CIVIL SERVICE RETIREMENT ACT
Note: Complete this compliance summary or prepare equivalent documentation only if provisions of the Civil Service Retirement Act are considered to be
significant as indicated on Form 802 - General Compliance Checklist.


 Name of entity:                                                    Compliance Summary                                    Prepared by:
 Audit period:                                                                                                            Reviewed by:


                                                                                                                IS      Effective       Instances of
               Provision description                             Objective               Control activities   (Y/N)    compliance      noncompliance
                                                                                                                        controls?          noted?

 1.   For each employee employed prior to            1.   The appropriate amount is   [Document the           [Is      [Indicate      [Indicate yes or
      January 1, 1984, the entity shall withhold a        withheld from employee's    control activities      con-     yes or no;     no; include
      percent of the basic pay of the employee.           pay. (See notes 1 and 2.)   used by the entity to   trol     include        reference to
      (See notes 1 and 2.)                                                            achieve the             depen-   reference to   supporting
                                                                                      objective.]             dent     supporting     documentation.]
      Type: Transaction-based                                                                                 on       documenta-
      Ref: 5 U.S.C. 8334(a)(1)                                                                                com-     tion.]         See Compliance
                                                                                                              puter                   Audit Program
                                                                                                              pro-                    813 Step 4(b).
                                                                                                              ces-
                                                                                                              sing?]




April 2003                                           GAO/PCIE Financial Audit Manual - Part II                                            Page 813-1
Compliance
813 - Civil Service Retirement Act


 Name of entity:                                                  Compliance Summary                                  Prepared by:
 Audit period:                                                                                                        Reviewed by:


                                                                                                              IS     Effective    Instances of
              Provision description                           Objective                Control activities   (Y/N)   compliance   noncompliance
                                                                                                                     controls?       noted?

 2.   An amount equal to the amount withheld      2.   The entity contribution for                                               See Compliance
      from the employee's pay shall be                 employee retirement is                                                    Audit Program
      contributed by the entity from the               calculated properly,                                                      813 Steps 4(c)
      appropriation or fund used to pay the            summarized properly, and                                                  and 5.
      employee.                                        charged to the proper
                                                       appropriation account or
      Type: Transaction-based and                      fund.
            Quantitative-based
      Ref: U.S.C. 5 U.S.C. 8334(a)(1)

 3.   Amounts withheld from employees and the     3.   Withholdings from                                                         See Compliance
      sum contributed by the entity for                employees and entity                                                      Audit Program
      retirement benefits shall be deposited in        contributions for retirement                                              813 Steps 6 and
      the Treasury to the credit of the Civil          benefits are properly                                                     7.
      Service Retirement and Disability Fund.          summarized and deposited
                                                       in the Treasury to the credit
      Type: Procedural-based and Quantitative          of the Civil Service
              based                                    Retirement and Disability
      Ref: 5 U.S.C. 8334(a)(2)                         Fund.




April 2003                                        GAO/PCIE Financial Audit Manual - Part II                                          Page 813-2
Compliance
813 - Civil Service Retirement Act

Note: Complete this program or prepare equivalent documentation only if
provisions of the Civil Service Retirement Act are considered to be significant as
indicated on Form 802 - General Compliance Checklist. The procedures in this
program are designed to test compliance with the provisions listed on the
Compliance Summary.


 Name of entity:
 Audit period:                                Reviewed by:

                                                                 Done      W/P ref
                      Audit Procedures                          by/date
 1. Based on the preliminary assessment of compliance
    control effectiveness (as documented on Form 813 -
    Compliance Summary), select a sample of expense
    amounts for individuals' gross pay from the payroll
    disbursement records for the audit period for
    employees covered by the Civil Service Retirement
    Act system (CSRS). (See note 1.)

     (The sample size will vary based on the expected
     effectiveness of compliance controls, as discussed in
     FAM 460.02). Document the sampling approach using
     the documentation in FAM section 495 E. See note 3
     regarding sampling efficiencies and completeness of
     the population.

     These tests should be coordinated with other tests of
     payroll-related expenses and with the agreed-upon
     procedures agency auditors perform for the Office of
     Personnel Management (OPM), per OMB audit
     guidance, if performed.

     Sample size
     Sample selection method




April 2003             GAO/PCIE Financial Audit Manual - Part II          Page 813-3
Compliance
813 - Civil Service Retirement Act


 Name of entity:
 Audit period:                               Reviewed by:

                                                               Done      W/P ref
                      Audit Procedures                        by/date
 2. For each selection made in 1, document the following
    for the pay period selected:

      •   the amount withheld for the cost of retirement
          benefits;

      •   the amount of basic pay; and

      •   if indicated in the payroll disbursement records,
          document the retirement plan under which the
          withholdings were made (CSRS or FERS). (Only
          employees covered by CSRS should be included in
          this compliance test. See FAM 817 for the FERS
          compliance test.)
 3. For each item selected in 1, obtain the employee's
    personnel file and note the following:

      •   employee hire date,
      •   amount of basic pay, and
      •   the retirement plan under which the employee is
          covered.
 4.   For each selection made in 1,

      (a) Compare the amount of basic pay indicated in
          the employee's personnel file with the amount
          indicated in the payroll records and obtain an
          explanation and examine support for any
          differences. (This procedure would be
          performed only if not already performed as part
          of other testing.)




April 2003              GAO/PCIE Financial Audit Manual - Part II       Page 813-4
Compliance
813 - Civil Service Retirement Act


 Name of entity:
 Audit period:                             Reviewed by:

                                                              Done      W/P ref
                     Audit Procedures                        by/date
 4. (b) Calculate the amount of the withholdings for
        retirement costs based on 7 percent of basic pay
        for executive branch employees (see note 2 for
        percentages for other employees) for the
        selected pay period and document the amount in
        the documentation. Compare to the actual
        amount withheld for the selected pay period and
        obtain an explanation and examine support for any
        differences. (5 U.S.C. 8334(a)(1))
 4. (c) Determine whether the entity contributed an
        equal amount for the employee's retirement for
        the selected pay period. Obtain explanation and
        examine support for any differences between the
        employee and entity contributions. (5 U.S.C.
        8334(a)(1))
 5. Determine whether amounts contributed by the entity
    are charged to the appropriation or fund used to pay
    the employee for the selected pay period by
    performing the following procedures:

     (a) Review the accounting codes indicated on the
         supporting documentation.

     (b) Determine whether the accounting codes used to
         record the entity contribution are the same as
         those used for the related payroll expenditure
         and whether the codes and amounts agree with
         those recorded in the budgetary accounting
         records. (This step assumes other payroll testing
         would have included checking that the codes
         represent the proper appropriation.)




April 2003            GAO/PCIE Financial Audit Manual - Part II        Page 813-5
Compliance
813 - Civil Service Retirement Act


 Name of entity:
 Audit period:                                   Reviewed by:

                                                                   Done      W/P ref
                        Audit Procedures                          by/date
 5. (c) Consider the procedures performed on the
        entity's budget controls over summarization of
        expenditure balances as discussed in FAM 395 F.

             If the auditor has assessed the entity's controls
             as effective in achieving the control objective of
             summarization of expenditure balances, further
             procedures are not necessary to obtain
             assurance as to whether the entity's
             contributions are paid out of the proper
             appropriation account.

             If the auditor has assessed the controls as
             ineffective, the auditor should perform
             procedures to determine whether the entity has
             properly summarized the expenditure balances
             as described in FAM 495 B. (5 U.S.C. 8334
             (a)(1))
 6. Determine whether the entity has effective controls
    over the proper summarization of (a) the amounts
    withheld from employees for retirement costs under
    this law and (b) the entity contributions for
    remittance to Treasury. If the entity does not have
    effective controls for summarization, test the
    summarization of the totals that include the items
    selected for testing in step 1.
 7. Compare the combined totals of employee
    withholdings and entity contributions that include
    each selection made in step 1 to the deposit made to
    Treasury and the remittance sent to OPM and obtain
    an explanation and examine support for any
    differences. The funds should be deposited in the
    Treasury to the credit of the Civil Service Retirement
    and Disability Fund. (5 U.S.C. 8334(a)(2))



April 2003                GAO/PCIE Financial Audit Manual - Part II         Page 813-6
Compliance
813 - Civil Service Retirement Act


 Name of entity:
 Audit period:                              Reviewed by:

                                                              Done      W/P ref
                     Audit Procedures                        by/date
 8. If the entity does not appear to be in compliance
    based on the results of tests performed, discuss these
    matters with OGC and, when appropriate, the Special
    Investigator Unit to conclude if noncompliance
    actually has occurred and the implications of such
    noncompliance.

     For any noncompliance noted, the auditor should

     • identify the weakness in compliance controls that
        allowed the noncompliance to occur, if not
        previously identified during compliance control
        testing;

     • report the nature of any weakness in compliance
       controls and consider modification of the opinion
       on internal control as appropriate (see FAM
       580.32-.61);

     • consider the implications of any instances of
       noncompliance on the financial statements; and

     • report instances of noncompliance, as appropriate
       (see FAM 580.67-.75).
 9. Document conclusions on compliance with each
    provision on Form 813 - Compliance Summary.




April 2003            GAO/PCIE Financial Audit Manual - Part II        Page 813-7
Compliance
813 - Civil Service Retirement Act

Note 1: Employees may be covered by the Civil Service Retirement Act (CSRS)
        or the Federal Employees' Retirement System Act (FERS), generally
        depending on their employment date.

Note 2: The percentage to be withheld for the service period after December 31,
        2000, for (1) executive branch employees is 7 percent and
        (2) Congressional employees is 7.5 percent. The percentage to be
        withheld for the service period between January 1, 2001 and
        December 31, 2002, for Members of Congress is 8.5 percent. The
        percentage withheld for service after December 31, 2002, for Members of
        Congress is 8 percent. (5 U.S.C. 8334(a)(1))

Note 3: If multipurpose testing is used for the compliance test and/or
        compliance control test and a substantive test of payroll expense details,
        the sample items for the compliance test and/or compliance control test
        should be selected using the sampling method used for the substantive
        test. Otherwise, the items should be selected using attribute sampling,
        as discussed in FAM 460.02.

         As with all sampling applications, the auditor should consider the
         completeness of the population. For efficiency, the auditor should
         consider using records that were tested for validity and completeness
         (as well as the other financial statement assertions) in conjunction with
         substantive tests of payroll or other payroll related compliance tests.

Note 4: If the entity outsources payroll processing, the entity remains
        responsible for compliance. Dividing responsibility for payroll
        processing activities between the entity and the service organization
        could make payroll testing more complicated, although the same testing
        should be performed. The auditor may accomplish that testing with the
        assistance of the service organization's auditor, who may issue an
        internal control report on the service organization under AU 324
        (SAS 70). Or the service organization's auditor may assist the entity
        auditor by performing agreed-upon procedures at the service
        organization (e.g., substantive testing) under AT 201 (see FAM 660).




April 2003             GAO/PCIE Financial Audit Manual - Part II        Page 813-8
Compliance


814 - FEDERAL EMPLOYEES HEALTH BENEFITS ACT
Note: Complete this compliance summary or prepare equivalent documentation only if provisions of the Federal Employees Health Benefits Act are considered
to be significant as indicated on Form 802 - General Compliance Checklist.


 Name of entity:                                                     Compliance Summary                                     Prepared by:
 Audit period:                                                                                                              Reviewed by:


                                                                                                                  IS      Effective       Instances of
              Provision description                              Objective                 Control activities   (Y/N)    compliance      noncompliance
                                                                                                                          controls?          noted?

 1.   For each full-time employee enrolled in a     1.   The amount of the entity       [Document the           [Is      [Indicate      [Indicate yes or
      health benefits plan, a biweekly                   contribution for health        control activities      con-     yes or no;     no; include
      contribution shall be made by the entity in        insurance benefits is          used by the entity to   trol     include        reference to
      an amount determined by OPM for each               calculated properly for        achieve the             depen-   reference to   supporting
      type of insurance plan. (See note 1 for            employees who elect to         objective.]             dent     supporting     documentation.]
      part-time career employees.)                       enroll in a health benefits                            on       documenta-
                                                         plan.                                                  com-     tion.]         See Compliance
      Type: Transaction-based                                                                                   puter                   Audit Program
      Ref: 5 U.S.C. 8906(b)(1)                                                                                  pro-                    814 Step 4(b).
                                                                                                                ces-
                                                                                                                sing?]

 2.   For employees generally, the entity           2.   Entity contributions for the                                                   See Compliance
      contribution for the cost of health                cost of employee health                                                        Audit Program
      insurance shall be paid from the                   insurance are summarized                                                       814 Step 4(c).
      appropriation or fund that is used to pay          properly and charged to the
      the employee.                                      proper appropriation
                                                         account or fund.
      Type: Transaction-based and
             Quantitative-based
      Ref: 5 U.S.C. 8906(f)

April 2003                                          GAO/PCIE Financial Audit Manual - Part II                                                 Page 814-1
Compliance
814 - Federal Employees Health Benefits Act


 Name of entity:                                                  Compliance Summary                                  Prepared by:
 Audit period:                                                                                                        Reviewed by:


                                                                                                              IS     Effective    Instances of
              Provision description                           Objective                Control activities   (Y/N)   compliance   noncompliance
                                                                                                                     controls?       noted?

 3.   An amount shall be withheld from the        3.   Withholdings are made for                                                 See Compliance
      employee's pay to cover the total cost of        the employee's share of the                                               Audit Program
      enrollment in the health benefit plan            cost of health insurance and                                              814 Step 4(a).
      selected by the employee after the amount        are calculated properly.
      of the entity contribution is subtracted.

      Type: Transaction-based
      Ref: 5 U.S.C. 8906(d)

 4.   Amounts withheld from employees and the     4.   Withholdings from                                                         See Compliance
      sum contributed by the entity for health         employees and entity                                                      Audit Program
      insurance costs shall be deposited in the        contributions for health                                                  814 Steps 5 and
      Treasury to the credit of the Employees          insurance costs are                                                       6.
      Health Benefits Fund.                            properly summarized and
                                                       deposited in the Treasury to
      Type: Procedural-based and                       the credit of the Employees
             Quantitative-based                        Health Benefits Fund.
      Ref: 5 U.S.C. 8909




April 2003                                        GAO/PCIE Financial Audit Manual - Part II                                           Page 814-2
Compliance
814 - Federal Employees Health Benefits Act

Note: Complete this program or prepare equivalent documentation only if
provisions of the Federal Employees Health Benefits Act are considered to be
significant as indicated on Form 802 - General Compliance Checklist. The
procedures in this program are designed to test compliance with the provisions
listed on the Compliance Summary.


 Name of entity:
 Audit period:                                      Reviewed by:

                                                                    Done      W/P ref
                        Audit Procedures                           by/date
 1.     Based on the preliminary assessment of compliance
        control effectiveness (as documented on Form 814 -
        Compliance Summary), select a sample of expense
        amounts for individuals' gross pay from the payroll
        disbursement records for the audit period.

        (The sample size will vary based on the expected
        effectiveness of compliance controls, as discussed in
        FAM 460.02). Document the sampling approach using
        the documentation in FAM section 495 E. See note 2
        regarding sampling efficiencies and completeness of
        the population.

        These tests should be coordinated with other tests of
        payroll-related expenses and with the agreed-upon
        procedures agency auditors perform for OPM, per
        OMB audit guidance, if performed.

        Sample size
        Sample selection method


 2.     For each selection made in step 1, document the
        employee, the pay period selected, and the amount
        withheld for the pay period selected, if any, for the
        cost of health insurance. If available, document the
        health plan enrollment code.




April   2003              GAO/PCIE Financial Audit Manual - Part II          Page 814-3
Compliance
814 - Federal Employees Health Benefits Act


 Name of entity:
 Audit period:                                       Reviewed by:

                                                                     Done      W/P ref
                         Audit Procedures                           by/date
 3.     For each selection made in step 1, obtain the
        employee's personnel file and note whether the
        employee elected health insurance coverage for the
        period to which payroll disbursement relates. Such
        coverage should be indicated on OPM form SF 2809.

        If the employee did not elect health insurance
        coverage, ask why amounts are being withheld for the
        cost of insurance and determine whether any entity
        contributions are being made inappropriately as well.
 4.     If the employee identified in step 3 elected coverage,
         perform the following steps:

        (a)    Obtain the schedule of health insurance costs
               for all plans published by OPM. Using the
               enrollment code for the plan selected by the
               employee on OPM form SF 2809, calculate the
               employee's portion of the health insurance cost
               and record it in the documentation. Compare it
               to the amount actually withheld for the selected
               pay period and obtain an explanation and
               examine support for any differences. (5 U.S.C.
               8906(d))
 4.     (b)    For each employee in (a), determine the
               appropriate amount of the entity's contribution
               for its share of health insurance costs by using
               the OPM schedule of costs. Compare it to the
               amount actually contributed by the entity for
               the employee's health insurance for the selected
               pay period and obtain an explanation and
               examine support for any differences. (See note
               1 for part-time career employees.) (5 U.S.C.
               8906(b)(1))




April   2003               GAO/PCIE Financial Audit Manual - Part II          Page 814-4
Compliance
814 - Federal Employees Health Benefits Act


 Name of entity:
 Audit period:                                      Reviewed by:

                                                                    Done      W/P ref
                         Audit Procedures                          by/date
 4.     (c)    For each employee in (b), determine if amounts
               contributed by the entity are charged to the
               appropriation or fund that is used to pay the
               employee for the selected pay period by
               performing the following procedures:

               (1) Review the accounting codes indicated on
                   the supporting documentation.

               (2) Determine whether the accounting codes
                   used to record the entity contribution are
                   the same as those used for the related
                   payroll expenditure and whether the codes
                   and amounts agree with those recorded in
                   the budgetary accounting records. (This
                   step assumes other payroll testing would
                   have included checking that the codes
                   represent the proper appropriation.)




April   2003              GAO/PCIE Financial Audit Manual - Part II          Page 814-5
Compliance
814 - Federal Employees Health Benefits Act


 Name of entity:
 Audit period:                                      Reviewed by:

                                                                    Done      W/P ref
                         Audit Procedures                          by/date
 4.     (c)    (3) Consider the procedures performed on the
                   entity's budget controls over summarization
                   of expenditure balances as discussed in
                   FAM 395 F.

                   If the auditor has assessed the entity's
                   controls as effective in achieving the
                   control objective of summarization of
                   expenditure balances, further procedures
                   are not necessary to obtain assurance as to
                   whether the entity's contributions are paid
                   out of the proper appropriation account.

                   If the auditor has assessed the controls as
                   ineffective, the auditor should perform
                   procedures to determine whether the entity
                   has properly summarized the expenditure
                   balances as described in FAM 495 B. (5
                   U.S.C. 8906(f))
 5.     Determine whether the entity has effective controls
        over the proper summarization of the amounts
        withheld from employees for health insurance costs
        under this law and the entity contributions for
        remittance to Treasury. If the entity does not have
        effective controls for summarization, test the
        summarization of the totals that include the items
        selected for testing in step 1.
 6.     Compare the total cost of health insurance on the
        entity's records (employee and employer portions)
        for the selected pay period to the deposit made to
        Treasury and the documentation sent to OPM and
        obtain an explanation and examine support for any
        differences. The funds should be deposited in the
        Treasury to the credit of the Employees Health
        Benefits Fund. (5 U.S.C. 8909)


April   2003              GAO/PCIE Financial Audit Manual - Part II          Page 814-6
Compliance
814 - Federal Employees Health Benefits Act


 Name of entity:
 Audit period:                                         Reviewed by:

                                                                       Done      W/P ref
                           Audit Procedures                           by/date
 7.     If the entity does not appear to be in compliance
         based on the results of tests performed, discuss these
         matters with OGC and, when appropriate, the Special
         Investigator Unit to conclude if noncompliance
         actually has occurred and the implications of such
         noncompliance.

        For any noncompliance noted, the auditor should

         •     identify the weakness in compliance controls that
               allowed the noncompliance to occur, if not
               previously identified during compliance control
               testing;

         •     report the nature of any weakness in compliance
               controls and consider modification of the opinion
               on internal control as appropriate (see FAM
               580.32-.61);

         •     consider the implications of any instances of
               noncompliance on the financial statements; and

         •     report instances of noncompliance, as
               appropriate (see FAM 580.67-.75).
 8.     Document conclusions on compliance with each
        provision on Form 814 - Compliance Summary.




April   2003                GAO/PCIE Financial Audit Manual - Part II           Page 814-7
Compliance
814 - Federal Employees Health Benefits Act

Note 1: For part-time career employees, the biweekly entity contribution shall be
        calculated on a prorata basis based on the ratio of number of scheduled
        part-time hours to the number of scheduled regular hours for an
        employee serving in a comparable position on a full-time basis. (5 U.S.C.
        8906(b)(3))

Note 2: If multipurpose testing is used for the compliance test and/or
        compliance control test and a substantive test of payroll expense details,
        the sample items for the compliance test and/or compliance control test
        should be selected using the sampling method used for the substantive
        test. Otherwise, the items should be selected using attribute sampling,
        as discussed in FAM 460.02.

               As with all sampling applications, the auditor should consider the
               completeness of the test population. For efficiency, the auditor should
               consider using records that were tested for validity and completeness
               (as well as the other financial statement assertions) in conjunction with
               substantive tests of payroll or other payroll related compliance tests.

Note 3: If the entity outsources payroll processing, the entity remains
        responsible for compliance. Dividing responsibility for payroll
        processing activities between the entity and the service organization
        could make payroll testing more complicated, although the same testing
        should be performed. The auditor may accomplish that testing with the
        assistance of the service organization's auditor, who may issue an
        internal control report on the service organization under AU 324
        (SAS 70). Or the service organization's auditor may assist the entity
        auditor by performing agreed-upon procedures at the service
        organization (e.g., substantive testing) under AT 201 (see FAM 660).




April   2003                 GAO/PCIE Financial Audit Manual - Part II        Page 814-8
Compliance


816 - FEDERAL EMPLOYEES' COMPENSATION ACT
Note: Complete this compliance summary or prepare equivalent documentation only if provisions of the Federal Employees' Compensation Act are considered
to be significant as indicated on Form 802 - General Compliance Checklist.


 Name of entity:                                                    Compliance Summary                                       Prepared by:
 Audit period:                                                                                                               Reviewed by:


                                                                                                                   IS      Effective       Instances of
              Provision description                             Objective                   Control activities   (Y/N)    compliance      noncompliance
                                                                                                                           controls?          noted?

 1.   If the agency receives a statement showing   1.   The entity's budget request      [Document the           [Is      [Indicate      [Indicate yes or
       the costs of amounts paid from the               includes a request for an        control activities      con-     yes or no;     no; include
       Employees' Compensation Fund (the                appropriation for any            used by the entity to   trol     include        reference to
       Fund), the agency shall include a request        amounts paid by the Fund         achieve the             depen-   reference to   supporting
       for an appropriation to cover such               on the entity's behalf for the   objective.]             dent     supporting     documentation.]
       amounts during the next fiscal year when         prior fiscal year.                                       on       documenta-
       submitting its budget request. (See note                                                                  com-     tion.]         See Compliance
       1.)                                                                                                       puter                   Audit Program
                                                                                                                 pro-                    816 Step 1.
      Type: Procedural-based                                                                                     ces-
      Ref: 5 U.S.C. 8147                                                                                         sing?]




April 2003                                          GAO/PCIE Financial Audit Manual - Part II                                                  Page 816-1
Compliance
816 - Federal Employees' Compensation Act


 Name of entity:                                                     Compliance Summary                                  Prepared by:
 Audit period:                                                                                                           Reviewed by:


                                                                                                                 IS     Effective    Instances of
               Provision description                             Objective                Control activities   (Y/N)   compliance   noncompliance
                                                                                                                        controls?       noted?

 2.   Amounts appropriated pursuant to the           2.   Appropriations received for                                               See Compliance
      request (described in 1 above) shall be             the costs of amounts paid                                                 Audit Program
      credited to the Fund within 30 days after           out of the Fund on behalf of                                              816 Step 1.
      they are available. (See note 2 for entities        the entity are credited to
      that are not dependent on annual                    the Fund within 30 days
      appropriations.)                                    after they are available.

      Type: Procedural-based
      Ref: 5 U.S.C. 8147




April 2003                                            GAO/PCIE Financial Audit Manual - Part II                                          Page 816-2
Compliance
816 - Federal Employees' Compensation Act

Note: Complete this program or prepare equivalent documentation only if
provisions of the Federal Employees' Compensation Act are considered to be
significant as indicated on Form 802 - General Compliance Checklist. The
procedures in this program are designed to test compliance with the provisions
listed on the Compliance Summary for this law.


 Name of entity:
 Audit period:                           Reviewed by:

                                                                Done      W/P ref
                     Audit Procedures                          by/date
 Note: The provisions identified for testing are
       procedural-based provisions. As discussed in FAM
       460.06, sufficient procedures usually are
       performed in conjunction with tests of compliance
       controls for these procedural-based provisions to
       conclude on the entity's compliance without
       performing additional procedures. Additional
       procedures should not be performed to obtain
       evidence regarding compliance with the provisions
       related to the following objectives unless sufficient
       evidence regarding compliance was not obtained
       during compliance control tests documented on
       Form 816 - Compliance Summary.
 1.   Reference to conclusions on compliance controls on
      Form 816 - Compliance Summary and indicate
      whether any additional procedures are necessary.




April 2003             GAO/PCIE Financial Audit Manual - Part II         Page 816-3
Compliance
816 - Federal Employees' Compensation Act


 Name of entity:
 Audit period:                            Reviewed by:

                                                                 Done      W/P ref
                      Audit Procedures                          by/date
 2.   If the entity does not appear to be in compliance
       based on the results of tests performed, discuss these
       matters with OGC and, when appropriate, the Special
       Investigator Unit to conclude if noncompliance
       actually has occurred and the implications of such
       noncompliance.

      For any noncompliance noted, the auditor should

      • identify the weakness in compliance controls that
         allowed the noncompliance to occur, if not
         previously identified during compliance control
         testing;

      • report the nature of any weakness in compliance
        controls and consider modification of the opinion
        on internal control as appropriate (see FAM
        580.32-.61);

      • consider the implications of any instances of
        noncompliance on the financial statements; and

      • report instances of noncompliance, as appropriate
        (see FAM 580.67-.75).
 3.   Document conclusions on compliance with each
      provision on Form 816 - Compliance Summary.




April 2003              GAO/PCIE Financial Audit Manual - Part II         Page 816-4
Compliance
816 - Federal Employees' Compensation Act

Note 1: A statement showing the total cost of benefits and other payments made
        from the Employees' Compensation Fund during the preceding July 1
        through June 30 expense period on account of the injury or death of
        employees or individuals under the jurisdiction of the entity is required
        to be provided by the Secretary of Labor to the entity by August 15 of
        each year. (5 U.S.C. 8147)

Note 2: Entities not dependent on an annual appropriation shall make the
        required deposit to Treasury from funds under its control during the first
        15 days of October after receipt of the statement showing the costs paid
        on the entity's behalf. (5 U.S.C. 8147)




April 2003             GAO/PCIE Financial Audit Manual - Part II       Page 816-5
[This page intentionally left blank.]
Compliance


817 – FEDERAL EMPLOYEES' RETIREMENT SYSTEM ACT OF 1986
Note: Complete this compliance summary or prepare equivalent documentation only if provisions of the Federal Employees' Retirement System Act of 1986 are
considered significant as indicated on Form 802 - General Compliance Checklist.


 Name of entity:                                                  Compliance Summary                            Prepared by:
 Audit period:                                                                                                  Reviewed by:


                                                                                                               IS       Effective       Instances of
               Provision description                           Objective               Control activities    (Y/N)     compliance      noncompliance
                                                                                                                        controls?          noted?

 1.   For each employee employed after             1.   The appropriate amount is   [Document the control    [Is      [Indicate yes    [Indicate yes or
      December 31, 1983, the entity shall               withheld from employee's    techniques used by the   con-     or no; include   no; include
      withhold 0.8% of the basic pay of the             pay. (See notes 1 and 2.)   entity to achieve the    trol     reference to     reference to
      employee. (See notes 1 and 2.)                                                objective.]              depen-   supporting       supporting
                                                                                                             dent     documenta-       documenta-
      Type: Transaction-based                                                                                on       tion.]           tion.]
      Ref: 5 U.S.C. 8401(11), 5U.S.C. 8422(a)(1)                                                             com-
                                                                                                             puter                     See
                                                                                                             pro-                      Compliance
                                                                                                             ces-                      Audit Program
                                                                                                             sing?]                    817 Step 4(b).




April 2003                                          GAO/PCIE Financial Audit Manual - Part II                                             Page 817-1
Compliance
817 – Federal Employees' Retirement System Act of 1986


 Name of entity:                                                   Compliance Summary                          Prepared by:
 Audit period:                                                                                                 Reviewed by:


                                                                                                               IS     Effective    Instances of
              Provision description                            Objective                Control activities   (Y/N)   compliance   noncompliance
                                                                                                                      controls?       noted?

 2.   An amount equal to the employing agency's    2.   The entity contribution for                                               See
      applicable normal cost percentage less the        employee retirement is                                                    Compliance
      employee deduction rate shall be                  calculated properly,                                                      Audit Program
      contributed by the entity from the                summarized properly, and                                                  817 Steps 4(c)
      appropriation or fund used to pay the             charged to proper                                                         and 5.
      employee. (See note 3.)                           appropriation account or
                                                        fund. (See note 3.)
      Type: Transaction-based and
            Quantitative-based
      Ref: 5 U.S.C. 8423(a)(1) and 5 U.S.C.
           8401(23)

 3.   Amounts withheld from employees and the      3.   Withholdings from                                                         See
      sum contributed by the entity for                 employees and entity                                                      Compliance
      retirement benefits shall be deposited in         contributions for retirement                                              Audit Program
      the Treasury to the credit of the Civil           benefits are properly                                                     817 Steps 6 and
      Service Retirement and Disability Fund.           summarized and deposited                                                  7.
                                                        in the Treasury to the credit
      Type: Procedural-based and                        of the Civil Service
             Quantitative based                         Retirement and Disability
      Ref: 5 U.S.C. 8422(c)                             Fund.




April 2003                                          GAO/PCIE Financial Audit Manual - Part II                                         Page 817-2
Compliance
817 - Federal Employees' Retirement System Act of 1986

Note: Complete this program or prepare equivalent documentation only if
provisions of the Federal Employees' Retirement System Act of 1986 are
considered significant as indicated on Form 802 - General Compliance
Checklist. The procedures in this program are designed to test compliance
with the provisions listed on the Compliance Summary.


 Name of entity:
 Audit period:                                   Reviewed by:

                                                                Done     W/P ref
                     Audit Procedures                          by/date
 1. Based on the preliminary assessment of compliance
    control effectiveness (as documented on form 817 -
    Compliance Summary), select a sample of expense
    amounts for individuals' gross pay from the payroll
    disbursement records for the audit period for
    employees covered by the Federal Employees'
    Retirement System (FERS). (See note 1.)

    (The sample size will vary based on the expected
    effectiveness of compliance controls as discussed in
    FAM 460.02). Document the sampling approach using
    the documentation in FAM section 495 E. See note 4
    regarding sampling efficiencies and completeness of
    the sample population.

    These tests should be coordinated with other tests of
    payroll-related expenses and with the agreed-upon
    procedures agency auditors perform for OPM, per OMB
    audit guidance, if performed.

    Sample size
    Sample selection method




April 2003         GAO/PCIE Financial Audit Manual - Part II      Page 817-3
Compliance
817 - Federal Employees' Retirement System Act of 1986


 Name of entity:
 Audit period:                                      Reviewed by:

                                                                  Done     W/P ref
                       Audit Procedures                          by/date
2. For each selection made in 1, document the following
   for the pay period selected:

    •   the amount withheld for the cost of retirement
        benefits,

    •   the amount of basic pay, and

    •   if indicated in the payroll disbursement records,
        document the retirement plan under which the
        withholdings were made (CSRS or FERS). (Only
        employees covered by FERS should be included in
        this compliance test. See FAM 813 for the CSRS
        compliance test.)

3. For each item selected in 1, obtain the employee's
   personnel file and note the following:

    •   employee hire date,
    •   amount of basic pay, and
    •   the retirement plan under which the employee is
        covered.
 4. For each selection made in 1,

    (a) Compare the amount of basic pay indicated in the
        employee's personnel file with the amount
        indicated in the payroll records and obtain an
        explanation and examine support for any
        differences. (This procedure would be performed
        only if not already performed as part of other
        testing.)




April 2003           GAO/PCIE Financial Audit Manual - Part II       Page 817-4
Compliance
817 - Federal Employees' Retirement System Act of 1986


 Name of entity:
 Audit period:                                  Reviewed by:

                                                                Done     W/P ref
                     Audit Procedures                          by/date
 4. (b) Calculate the amount of the withholdings for
        retirement costs based on 0.8% of basic pay for
        most employees (see note 2 for percentages for
        certain employees) for the selected pay period and
        record the amount in the documentation.
        Compare to the actual amount withheld for the
        selected pay period and obtain an explanation and
        examine support for any differences. (5 U.S.C.
        8422(a)(1))
 4. (c) Determine whether the entity contributed the
        correct amount for the employee's retirement for
        the selected pay period. Obtain an explanation
        and examine support for any differences between
        the entity contributions and the amount calculated
        using OPM's normal cost percentage. (5 U.S.C.
        8423(a)(1) and 5 U.S.C. 8401(23))




April 2003         GAO/PCIE Financial Audit Manual - Part II      Page 817-5
Compliance
817 - Federal Employees' Retirement System Act of 1986


 Name of entity:
 Audit period:                                      Reviewed by:

                                                                 Done     W/P ref
                      Audit Procedures                          by/date
 5. Determine if amounts contributed by the entity are
    charged to the appropriation or fund used to pay the
    employee for the selected pay period by performing the
    following procedures:

     (a) Review the accounting codes indicated on the
         supporting documentation.

     (b) Determine whether the accounting codes used to
         record the entity contribution are the same as
         those used for the related payroll expenditure and
         whether the codes and amounts agree to those
         recorded in the budgetary accounting records.
         (This step assumes other payroll testing would
         have included checking that the codes represent
         the proper appropriation.)

     (c) Consider the procedures performed on the entity's
         budget controls over summarization of
         expenditure balances as discussed in FAM 395 F.

         If the auditor has assessed the entity's controls as
         effective in achieving the control objective of
         summarization of expenditure balances, further
         procedures are not necessary to obtain assurance
         as to whether the entity's contributions are paid
         out of the proper appropriation account.

         If the auditor has assessed the controls as
         ineffective, the auditor should perform procedures
         to determine whether the entity has properly
         summarized the expenditure balances as described
         in FAM 495 B. (5 U.S.C. 8423(a)(1))




April 2003         GAO/PCIE Financial Audit Manual - Part II        Page 817-6
Compliance
817 - Federal Employees' Retirement System Act of 1986


 Name of entity:
 Audit period:                                    Reviewed by:

                                                                Done     W/P ref
                     Audit Procedures                          by/date
 6. Determine whether the entity has effective controls
    over the proper summarization of the amounts withheld
    from employees for retirement costs under this law and
    the entity contributions for remittance to Treasury. If
    the entity does not have effective controls for
    summarization, test the summarization of the totals that
    include the items selected for testing in step 1.
 7. Compare the combined totals of employee withholdings
    and entity contributions that include each selection
    made in step 1 to the deposit made to Treasury and the
    remittance sent to OPM and obtain explanation and
    examine support for any differences. The funds should
    be deposited in the Treasury to the credit of the Civil
    Service Retirement and Disability Fund. (5 U.S.C.
    8422(c) and 5 U.S.C. 8401(6))




April 2003         GAO/PCIE Financial Audit Manual - Part II      Page 817-7
Compliance
817 - Federal Employees' Retirement System Act of 1986


 Name of entity:
 Audit period:                                     Reviewed by:

                                                                 Done     W/P ref
                      Audit Procedures                          by/date
 8. If the entity does not appear to be in compliance based
    on the results of tests performed, discuss these matters
    with OGC and, when appropriate, the Special
    Investigator Unit to conclude if noncompliance actually
    has occurred and the implications of such
    noncompliance.

    For any noncompliance noted, the auditor should

    •   identify the weakness in compliance controls that
        allowed the noncompliance to occur, if not
        previously identified during compliance control
        testing;

    •   report the nature of any weakness in compliance
        controls and consider modification of the conclusion
        on internal control as appropriate (see FAM 580.32-
        .61);

    •   consider the implications of any instances of
        noncompliance on the financial statements; and

    •   report instances of noncompliance, as appropriate
        (see FAM 580.67-.75).
 9. Document conclusions on compliance with each
    provision on Form 813 - Compliance Summary.




April 2003          GAO/PCIE Financial Audit Manual - Part II       Page 817-8
Compliance
817 - Federal Employees' Retirement System Act of 1986

Note 1:   Employees may be covered by the Civil Service Retirement Act
          (CSRS) or the Federal Employees' Retirement System Act (FERS),
          generally depending on their employment dates.

Note 2:   For most employees, the percentage to be withheld is 0.8 percent (7
          percent less the Social Security tax rate). For congressional
          employees, Members of Congress, and law enforcement officers,
          firefighters, air traffic controllers, and nuclear materials couriers, the
          withholding rates are higher. (See 5 U.S.C. 8422(a)(1).).

Note 3: The Office of Personnel Management (OPM) computes the normal
        cost percentage. For FY 2002, it is 11.5 percent for regular
        employees. For congressional employees, Members of Congress, and
        law enforcement officers, firefighters, air traffic controllers, and
        nuclear materials couriers, the normal cost percentages are higher.
        OPM lists the percentages in its Benefits Administration Letters,
        accessible on its Internet site, http://www.opm.gov/asd/htm/bal01.htm
        (where the 2 digits after "bal" represent the calendar year of the
        letters). (5 U.S.C. 8401(23))

Note 4:   If multipurpose testing is used for the compliance test and/or
          compliance control test and a substantive test of payroll expense
          details, the sample items for the compliance test and/or compliance
          control test should be selected using the sampling method used for
          the substantive test. Otherwise, the items should be selected using
          attribute sampling, as discussed in FAM 460.02.

          As with all sampling applications, the auditor should consider the
          completeness of the test population. For efficiency, the auditor
          should consider using records that were tested for validity and
          completeness (as well as the other financial statement assertions) in
          conjunction with substantive tests of payroll or other payroll related
          compliance tests.

Note 5: If the entity outsources payroll processing, the entity remains
        responsible for compliance. Dividing responsibility for payroll
        processing activities between the entity and the service organization
        could make payroll testing more complicated, although the same
        testing should be performed. The auditor may accomplish that
        testing with the assistance of the service organization's auditor, who
        may issue an internal control report on the service organization
        under AU 324 (SAS 70). Or the service organization's auditor may
        assist the entity auditor by performing agreed-upon procedures at the


April 2003           GAO/PCIE Financial Audit Manual - Part II         Page 817-9
Compliance
817 - Federal Employees' Retirement System Act of 1986

         service organization (e.g., substantive testing) under AT 201 (see
         FAM 660).




April 2003         GAO/PCIE Financial Audit Manual - Part II        Page 817-10
  SECTION 900


Substantive Testing
[This page intentionally left blank.]
      Substantive Testing


      902 - RELATED PARTIES, INCLUDING
            INTRAGOVERNMENTAL ACTIVITY AND
            BALANCES

.01   This section provides detailed guidance on the procedures that the auditor should
      perform with respect to related parties, as described in FAM sections 280 and 550.
      AU 334 (SAS No. 45) provides general guidance on the procedures that should be
      performed to identify related party relationships and transactions so that the
      auditor may satisfy him or herself that they are appropriately accounted for and
      disclosed. In addition, the American Institute of Certified Public Accountants
      (AICPA) has issued a toolkit for accountants and auditors titled, Accounting and
      Auditing for Related Parties and Related Party Transactions1. This toolkit
      includes selected authoritative accounting and auditing literature, an illustrative
      audit program, disclosure checklist, confirmation letter, and letter to other
      auditors and is available at the AICPA's website:
      http://www.aicpa.org/news/relpty1.htm.

.02   The federal government in its entirety is an economic entity. Federal entities are
      components of the U.S. government; therefore, transactions between federal
      entities are considered intragovernmental. Within the federal government, many
      reporting entities rely on other federal entities to help them achieve their missions
      and fulfill their operating objectives. These arrangements may be voluntary,
      stipulated by law, or established by mutual agreement of the entities involved and
      may not be carried out on an arm's-length basis. In many cases, the entity
      receiving goods or services will reimburse the providing entity in accordance with
      some agreed-upon price, which may or may not represent market value. Often,
      however, one entity provides goods or services to another entity free of charge
      (without reimbursement). For example, the General Services Administration, in
      some cases, provides property management services and contract award and
      administration to other entities without charge.

.03   In addition, certain federal entities can significantly influence the operating
      policies of the transacting entities. For example, the Office of Management and
      Budget (OMB) provides policy and/or general management guidance to other
      federal entities, and the Office of Personnel Management (OPM) helps federal
      entities recruit nationwide and sets human resources management rules with the

  1
      These tools are based on the best practices guidance received from the
      participating accounting and auditing firms and the AICPA publication, Practice
      Alert No. 95-3, Auditing Related Parties and Related Party Transactions, which is
      available at http://www.aicpa.org/members/div/secps/lit/practice/953.htm.

      April 2003          GAO/PCIE Financial Audit Manual - Part II           Page 902-1
      Substantive Testing
      902 - Related Parties, Including Intragovernmental Activity and Balances

      federal entities' involvement; administers the systems for setting federal
      compensation and benefits; manages federal employee health and life insurance
      programs; and operates the retirement program for federal employees.

.04   Thus, in the federal government, the most significant related parties are other
      federal government entities. Other possible related parties outside of the federal
      government include states, members of the entity's management, and individuals
      and firms with which members of management may be related.

.05   The auditor should consider the possible existence of related parties with material
      activity and balances that could affect the financial statements, including
      intragovernmental activity and balances. The identification of related parties and
      activity and balances is important because of (1) the requirement under U.S.
      generally accepted accounting principles to disclose material related-party
      transactions and certain control relationships, (2) the instances of fraudulent
      financial reporting and misappropriation of assets that have been facilitated by
      the use of an undisclosed related party, and (3) the potential for distorted or
      misleading financial statements in the absence of adequate disclosure.

.06   The reason for disclosing related party information is that financial statement
      users may need that information to make informed judgments. As stated above, if
      parties are related, the transactions between them may not be based on an arm's-
      length relationship. For example, certain goods or services may be donated or be
      at an amount that does not represent market value, thus affecting the cost of the
      receiving entity's operations. In addition, if the entity has transactions with
      another entity based on a common control situation, such as when the entity
      controls or can significantly influence the management or operating policies of
      the transacting entity, the users of financial statements should know the nature of
      the relationship since this control relationship could result in operating results or
      financial positions significantly different from those that would have been
      achieved in the absence of such relationship.

.07   Disclosures generally should include the nature of the relationship between the
      entity and its related parties, a description of the transactions, including
      donations, dollar amounts of transactions that occurred during the period, and
      amounts due to or from related parties as of the end of the period. Disclosures
      could include aggregation of similar transactions by type. In cases of common
      control relationships, the nature of the control relationship generally should be
      disclosed even if there are no transactions between the entities. Disclosure of
      related party transactions is not required for transactions between components of
      the audited entity that are eliminated in consolidation. However, if separate
      statements of the components are issued, the disclosures should be presented in
      the separate component statements.


      April 2003          GAO/PCIE Financial Audit Manual - Part II           Page 902-2
      Substantive Testing
      902 - Related Parties, Including Intragovernmental Activity and Balances


.08   The following paragraphs discuss intragovernmental activity and balances, then
      other related parties.

      INTRAGOVERNMENTAL ACTIVITY AND BALANCES

.09   Intragovernmental amounts represent activity and balances within or between
      federal entities. Intradepartmental amounts are activity and balances within the
      same department (a department here means any department, agency,
      administration or other entity designated by OMB as a financial reporting entity
      that is not part of a larger financial reporting entity other than the government as
      a whole). Interdepartmental amounts are activity and balances between two
      different departments. The intradepartmental and interdepartmental amounts are
      subsets of intragovernmental activity and balances.

.10   Intragovernmental activity includes:

      •   Intragovernmental fiduciary transactions such as

          •• Transactions with the Department of Labor (Labor) relating to the Federal
              Employee's Compensation Act, including routine payments to Labor;

          •• Transactions with the OPM relating to employee benefit programs (the
              Federal Employees' Retirement System, the Civil Service Retirement
              System, and federal employees' life insurance and health benefits
              programs) including routine payments, imputed financing, and accruals;

          •• Investments in federal securities issued by Treasury's Bureau of the Public
              Debt, including interest accruals, interest income and expense, and
              amortization of premiums and discounts; and

          •• Borrowings from the Treasury and the Federal Financing Bank, including
              interest accruals, interest income, and expenses;

      •   Goods and services provided from one federal entity to another (trade
          transactions) including any related revenues earned, costs incurred, and
          reimbursable costs (including both interdepartmental and intradepartmental
          activity);

      •   Transfers between entities based on agreements or legislative authority,
          expended appropriations, taxes and fees collected, collections for others,
          accounts receivable from appropriations, transfers payable, and custodial


      April 2003         GAO/PCIE Financial Audit Manual - Part II           Page 902-3
      Substantive Testing
      902 - Related Parties, Including Intragovernmental Activity and Balances

          revenue (including both interdepartmental and intradepartmental activity);
          and

      •   Imputed costs such as fiduciary transactions with OPM and Labor mentioned
          above and costs of litigation paid by the judgment fund (including both
          interdepartmental and intradepartmental activity).

.11   Activity and balances between federal entities (interdepartmental transactions)
      should be eliminated at the U.S. Government's Consolidated Financial Statements
      level, while the activity and balances within the same department
      (intradepartmental) should be eliminated at the department's consolidated
      financial statements level.

      Accounting and Reporting Guidance

.12   In accounting for and reporting of related parties, including intragovernmental
      activity and balances, the entity should refer to Statements of Federal Financial
      Accounting Standards (SFFAS), Statements of Financial Accounting Standards,
      OMB guidance, and Treasury guidance. The following paragraphs illustrate these
      relevant documents.

.13   SFFAS No. 4, Managerial Cost Accounting Concepts and Standards, and related
      interpretations address the accounting standards for interentity cost activities.
      SFFAS No. 5, Accounting for Liabilities of the Federal Government, addresses
      interentity liabilities, including federal debt, pensions and retirement benefits.
      Also, SFFAS No. 7, Accounting for Revenue and Other Financing Sources and
      Concepts for Reconciling Budgetary and Financial Accounting, addresses
      interentity revenue and requires disclosure of the nature of intragovernmental
      exchange transactions in which an entity provides goods or services at a price
      less than full cost or does not charge a price at all. The reporting entities should
      also consult with the funding and administering agencies, such as OPM, for
      information needed to properly record interentity costs. Note that SFFAS No. 4
      directs OMB to designate the costs of goods and services received from other
      departments that should be recognized, which it has done in the guidance
      mentioned below.

.14   Statement of Financial Accounting Standards No. 57, Related Party Disclosures,
      defines related parties and provides examples of related party transactions and
      general guidance on disclosures of transactions between related parties. Footnote
      disclosures generally should include disclosure of the nature of the relationship
      between the entity and its related parties, a description of the transactions,
      including donations, dollar amounts of transactions that occurred during the
      period, and amounts due to or from related parties as of the end of the period.


      April 2003          GAO/PCIE Financial Audit Manual - Part II            Page 902-4
      Substantive Testing
      902 - Related Parties, Including Intragovernmental Activity and Balances


.15   The OMB bulletin titled Form and Content of Agency Financial Statements
      indicates that federal entities should:

      •   Present intragovernmental amounts by trading partner (reciprocal federal
          entity) as required supplementary information (RSI). Intragovernmental asset
          and liability categories reported as RSI should agree with the
          intragovernmental asset and liability line items reported on the balance sheet.
          The intragovernmental RSI may be limited to the consolidated
          departmentwide financial statements of the Chief Financial Officers (CFO) Act
          departments and agencies covered by the form and content bulletin. The
          intragovernmental RSI reporting requirement does not extend to federal
          components that are required to prepare financial statements. All amounts
          should be net of intraentity transactions.

      •   Reconcile intragovernmental asset, liability, and revenue amounts reported as
          RSI with their trading partners; and

      •   Report intragovernmental gross cost to generate earned revenue from trade
          transactions, as well as total entity gross cost and earned revenue, by budget
          functional classification.

      OMB also has issued a memorandum titled Business Rules for Intragovernmental
      Transactions that requires agencies to use the same methodology in accounting
      for certain intragovernmental transactions, which should help in reconciliation.

.16   To emphasize the agency management's responsibility for identifying
      intragovernmental activity and balances and reconciling data with relevant
      trading partners, the entity should include specific representations in the
      management representation letter that intragovernmental, including
      intradepartmental, transactions have been properly accounted for, reconciled
      with trading partners, and disclosed (see FAM section 1001). If such disclosure is
      included in the financial statements and the auditor believes that the disclosure is
      not supported by management, or if management refuses to disclose related party
      transactions, the auditor generally should give a qualified or adverse opinion
      because of the inadequate disclosure, depending on materiality, and include the
      necessary disclosures in a separate paragraph in the audit report.

.17   Treasury Financial Manual (TFM) section "Federal Intragovernmental
      Transactions Process" and the Federal Intragovernmental Transactions
      Accounting Policies Guide (Guide) provide governmentwide procedures for
      federal entities to account for and reconcile transactions occurring within and
      between each other. The procedures in these guides do not apply to transactions

      April 2003          GAO/PCIE Financial Audit Manual - Part II           Page 902-5
      Substantive Testing
      902 - Related Parties, Including Intragovernmental Activity and Balances

      between federal entities and nonfederal entities. The TFM and the Guide are
      available at the Treasury/Financial Management Service's (FMS) websites
      (http://fms.treas.gov/tfm/vol1/v1p2c400.html and
      http://www.fms.treas.gov/cfs/dev/index.html).

.18   The TFM includes procedures for CFO Act departments to reconcile and confirm
      with their trading partners intragovernmental activity and balances as of and for
      the fiscal year ended September 30. Each department's CFO is to provide the
      department Inspector General (IG) with representations indicating whether the
      department completed the reconciliation. In addition, the department is to
      describe noncompliance with the reconciliation requirements. (See TFM.) These
      CFO representations should be included in the management representation letter
      (see above).

.19   The Guide provides detailed guidance on accounting and reconciling
      intragovernmental balances. According to the Guide, federal entities should
      identify trading partners2 for all intragovernmental transactions and accumulate
      detail and summary information for each activity by trading partner from their
      accounting records. The trading partner code may be incorporated (1) as part of
      account coding classification or (2) in the customer/vendor identification code in
      accounts receivable and payable systems. These codes are the same as the
      Treasury index agency code used by the Treasury to prepare the governmentwide
      consolidated financial statements. If the two-digit Treasury index agency code is
      not adequate to identify the trading partner, entities may expand the partner code
      to components below the department level and communicate these codes to their
      trading partners.

.20   Federal entities also should use Standard General Ledger (SGL) account attributes
      to indicate the nature of account balances and to identify intragovernmental
      transactions. For example, the federal "F" and nonfederal "N" attributes used in
      conjunction with an SGL account in the Federal Agencies' Centralized Trial
      Balance System (FACTS) I submissions enable Treasury/FMS to prepare
      elimination entries for the governmentwide financial statements. When the
      federal attribute "F" is used with an SGL account, a trading partner should be
      designated for each transaction posted to the account.

      Audit History

.21   Prior years' audits of several federal entities' financial statements have identified
      instances where entities did not identify, summarize, or reconcile

  2
      Trading partners are agencies, bureaus, programs or other entities (within or
      between entities) participating in transactions with each other.

      April 2003          GAO/PCIE Financial Audit Manual - Part II             Page 902-6
      Substantive Testing
      902 - Related Parties, Including Intragovernmental Activity and Balances

      intragovernmental activity and balances by trading partner. Controls over the
      intragovernmental transactions were not adequate. For example, one department
      instructed its components to make buyer's intragovernmental transaction
      amounts agree with seller's information without requiring an adequate
      reconciliation or verification if goods or services were provided. Similar issues
      were also identified concerning activity and balances within the same entity
      (intradepartmental). Accordingly, there was no assurance that the entity records
      contained fairly stated balances.

      Intragovernmental Payment and Collection (IPAC) System3

.22   IPAC is the primary method used by most federal entities to electronically bill
      and/or pay for services and supplies within the government, and to communicate
      to the Treasury and the trading partner agency that the online billing and/or
      payment for services and supplies has occurred. IPAC, however, is not intended
      to be a control over the intragovernmental transactions (reciprocal accounts).
      The auditor should understand that IPAC was not designed as an accounting
      system and does not require trading partners to record transactions at the same
      time or in the same amounts. In addition, unreconciled IPAC differences could
      affect the existence and completeness of intragovernmental activity and balances.

.23   The IPAC billing entity initiates an IPAC transaction either as a collection or a
      payment. The IPAC customer entity receives an IPAC transaction either as a
      payment or a collection. Monthly, the Treasury compares the customer and
      billing entities' Statement of Transactions with the IPAC data. If there is a
      difference, a Statement of Differences, including a detailed list of all transactions
      charged or credited to a particular agency location code, is generated monthly.
      Entities should investigate the differences and make any necessary corrections on
      their next Statement of Transactions.

.24   The auditor should examine the entity's IPAC reconciliation procedures to
      determine if the entity performs the reconciliation and researches and resolves
      differences reflected on the statement of differences properly and timely. The
      auditor may coordinate with the Fund Balance with Treasury (FBWT) procedures
      to assess the effectiveness of the entity's IPAC reconciliation.

.25   The auditor should also design procedures to understand whether the entity uses
      other systems (standard forms used to transfer funds between appropriations,
      credit cards, and others) in addition to the IPAC system to process
      intragovernmental activity and balances. The auditor should determine whether

  3
      The Intragovernmental Payment and Collection (IPAC) system replaced the
      Online Payment and Collection (OPAC) system in December 2001.

      April 2003          GAO/PCIE Financial Audit Manual - Part II           Page 902-7
      Substantive Testing
      902 - Related Parties, Including Intragovernmental Activity and Balances

      these systems affect the fairness of intragovernmental activity and balances. (See
      audit procedures below and FAM section 902 C.)

      Audit Procedures

.26   The auditor should consider audit risk and materiality in determining the nature,
      timing, and extent of procedures for auditing intragovernmental activity and
      balances and in evaluating the results of these procedures. Throughout the audit,
      the auditor should consider the possible existence of material intragovernmental
      activity and balances that could affect the financial statements. The auditor
      should evaluate all the information available concerning material
      intragovernmental activity and balances and determine that the financial
      statement disclosures are adequate and appropriate.

.27   During the planning phase, the auditor should assess inherent, fraud, and control
      risk. In assessing the inherent risk related to intragovernmental activity and
      balances, there are several conditions that the auditor should consider. For
      example, inherent risk may exist because of the nature of the intragovernmental
      activity, such as a significant volume of transactions and number of trading
      partners or complex transactions. The auditor should assess the impact of
      inherent and control risk on control testing and substantive testing. The auditor
      should determine whether similar conditions continue to exist and understand
      management's response to such conditions.

.28   In assessing inherent and control risk, the auditor should obtain an understanding
      of management responsibilities and the relationship of each component to the
      total department and of each department to other departments. The auditor
      should obtain an understanding of the entity's operations to identify, respond to,
      and resolve accounting and auditing problems early in the audit. For example,
      the auditor should know what trading partners the entity has, the nature of
      intragovernmental transactions that occur, the volume and dollar amount of
      transactions, and management's attitude and awareness with respect to
      reconciliations of intragovernmental activity and balances.

.29   The auditor should assess the effectiveness of the entity's internal control over
      intragovernmental activity and balances. The auditor should identify the policies
      and procedures that pertain to the entity's ability to record, process, summarize,
      and report intragovernmental activity and balances by trading partner. The
      agency should emphasize the importance of identifying and classifying
      intragovernmental transactions by trading partner when they are initiated and on
      all documentation thereafter; without this initial identification, the system will not
      be able to keep track of them.



      April 2003          GAO/PCIE Financial Audit Manual - Part II            Page 902-8
      Substantive Testing
      902 - Related Parties, Including Intragovernmental Activity and Balances

.30   Without proper and timely reconciliation of intragovernmental activity and
      balances, misstatements in these account balances at the component and/or
      department level could materially affect the balances at the governmentwide level
      (as well as at the department or component level). In addition, when preparing
      consolidated financial statements, the preparer must eliminate intragovernmental
      activity and balances within and between departments or components. Because
      the amounts reported for entity trading partners for certain intragovernmental
      accounts could be significantly out of balance, the preparer would not be able to
      eliminate these accounts in the consolidated financial statements. The auditor
      may advise the entity about the need for monthly confirmation and reconciliation
      of these transactions with trading partners. Annual or quarterly reconciliations
      are generally not sufficient to detect and resolve misstatements promptly.

.31   If the auditor determines that the entity's reconciliation control for
      intragovernmental transactions is not effectively designed and placed in
      operation, the auditor should consider the effect on the financial statements.
      Where intragovernmental transactions are or could be material, significant
      additional work is usually necessary to express an unqualified opinion. In some
      cases where the auditor finds material weaknesses in the intragovernmental
      reconciliation control and no other mitigating controls exist, the auditor may
      decide to modify the audit opinion (see FAM section 580).

.32   The TFM contains agreed-upon procedures for the department inspectors general
      to perform for federal intragovernmental activity and balances. These procedures
      are intended to assist with accounting for and eliminating intragovernmental
      activity and balances in the preparation of department and governmentwide
      financial statements and reports. The IG should perform these procedures
      regardless of the opinion on the department consolidated financial statements.

.33   To avoid duplicate procedures, the auditor should consider the agreed-upon
      procedures contained in the TFM when designing the tests for intragovernmental
      activity and balances. Examples of the account risk analysis (ARA), specific
      control evaluation (SCE), and audit procedures for the audit of intragovernmental
      activity and balances are in sections 902 A, 902 B, and 902 C. The ARA, SCE(s),
      and audit procedures generally should be customized for the particular entity.
      For example, if the auditor determines that the intragovernmental accounts
      receivable line item is significant, the auditor generally should prepare a separate
      ARA, SCE(s), and audit procedures for the intragovernmental accounts receivable
      account and its related accounting applications. (Note that a single SCE for a
      line-item/account-related accounting application is presented. There are likely
      transaction-related accounting applications listed on the ARA that also would
      have SCEs.) In addition, to improve efficiency, the auditor may coordinate tests



      April 2003         GAO/PCIE Financial Audit Manual - Part II           Page 902-9
      Substantive Testing
      902 - Related Parties, Including Intragovernmental Activity and Balances

      of intragovernmental activity and balances with tests of nonfederal activity and
      balances.

      OTHER RELATED PARTIES

.34   To effectively plan and perform an audit, the auditor should understand the
      entity's organization and its characteristics. The auditor should consider the
      possible existence of other related parties and other related party transactions
      throughout the audit to satisfy him or herself that they are properly accounted for
      and disclosed (see paragraph 902.07). Other related parties may include states
      that federal entities made payments to in carrying out or executing their federal
      programs. Examples of these programs are Department of Health and Human
      Services grants to states for Medicaid,4 Department of Transportation Federal
      Highway Administration programs such as federal aid for highways and highway
      safety construction programs, and Department of Labor State Unemployment
      Insurance and Employment Service Operations.

.35   The auditor may attempt to detect these relationships by inquiry of management,
      reviewing major contracts/agreements, and reading financial disclosure
      statements. The documentation generally should include the names of related
      parties so all audit staff may become aware of transactions with them. Work done
      to test transactions with such parties may be coordinated with sensitive payments
      work, as discussed in paragraph 280.05.

.36   In addition to the procedures on related parties, the auditor also generally should
      inquire about other parties that may not be related parties, but that the agency
      may wish to disclose because of a public perception that they might be related,
      although professional standards do not require disclosure if the parties are not
      related (as defined in AU 334). Section 902 C shows examples of audit
      procedures for other related parties as well as for intragovernmental activity and
      balances. The steps should be customized for the particular audited entity.

      PRACTICE AIDS

.37   The following practice aids are appended:

      •   Section 902 A – Example Account Risk Analysis (ARA),
      •   Section 902 B – Example Specific Control Evaluation (SCE), and
      •   Section 902 C – Example Audit Procedures

  4
      Medicaid assists states in providing medical care to their low-income populations
      by granting federal matching payments under the Social Security Act to states
      with approved plans.

      April 2003         GAO/PCIE Financial Audit Manual - Part II          Page 902-10
 Substantive Testing


 902 A - EXAMPLE ACCOUNT RISK ANALYSIS FOR INTRAGOVERNMENTAL ACTIVITY AND
         BALANCES

 Entity: Agency                                                                                                                  Preparer:                       .

 Date of Financial Statements: September 30, 20xx              ACCOUNT RISK ANALYSIS FORM                                        Region:                         .

 Line Item: Intragovernmental balances                                  File:                                                    Date:              Page 1 of 7



                                         PLANNING PHASE                                             INTERNAL CONTROL PHASE                 TESTING PHASE

                                                                                                    Effective-                                                 W/P
           Account            Financial statement     Inherent, fraud, and control     Cycle/        ness of     Con-   Com-    Tim-         Nature &         ref.&
                               assertions / risks            risk factors            accounting      control     trol   bined    ing          extent          audit
                                                                                     application    activities   risk    risk    I/F                          step

    Name          Balance

 Intragov-                   Existence or             Inherent risk arises from      Cycles                                     F        Confirm balances     III.A &
 ernmental                   occurrence               (1) the nature of intra-       Revenues,                                           with trading          B.1.c
 assets,                                              governmental transactions,     Expenses,                                           partners.
 liabilities,                Recorded                 which is susceptible to        various
 revenues,                   intragovernmental        errors because of the signi-                                                       Review the            III.A
 expenses                    balances do not exist.   ficant high volume of trans-   Accounting                                          reconciliation of
                                                      actions (and dollar            applications                                        intragovernmen-
                                                      amounts) and number of         Receipts,                                           tal accounts by
                                                      multiple reporting entities/   Disburse-                                           trading partners
                                                      trading partners, and          ments,                                              and reconciling
                                                      (2) prior years' significant   Accounts                                            items. Verify that
                                                                                     Receivable,



April 2003                                                  GAO/PCIE Financial Audit Manual - Part II                                                   Page 902 A-1
 Substantive Testing
 902 A - Example Account Risk Analysis for Intragovernmental Activity and Balances

 Entity: Agency                                                                                                               Preparer:                               .

 Date of Financial Statements: September 30, 20xx            ACCOUNT RISK ANALYSIS FORM                                       Region:                             .

 Line Item: Intragovernmental balances                                File:                                                   Date:               Page 2 of 7



                                         PLANNING PHASE                                          INTERNAL CONTROL PHASE                 TESTING PHASE

                                                                                                 Effective-                                                 W/P
          Account             Financial statement   Inherent, fraud, and control     Cycle/       ness of     Con-   Com-    Tim-         Nature &         ref.&
                               assertions / risks          risk factors            accounting     control     trol   bined    ing          extent          audit
                                                                                   application   activities   risk    risk    I/F                          step

   Name           Balance

                                                    audit adjustments relating     Accounts                                           the reconciliation
                                                    to intragovernmental           Payable,                                           was reviewed.
                                                    transactions.                  various                                            Determine if
                                                                                                                                      adjustments
                                                    Control risk arises from                                                          made to accounts
                                                    (1) prior years' material                                                         are proper and
                                                    weaknesses in accounting                                                          timely.
                                                    and reporting where the
                                                    agency was not able to                                                            Review               III.E
                                                    identify, classify, and                                                           elimination
                                                    summarize intragovern-                                                            entries and verify
                                                    mental transactions by                                                            that they were
                                                    trading partners, and                                                             reviewed.
                                                    (2) management's attitude
                                                    in not enforcing the recon-                                                       Review pre-           I.4
                                                    ciliation procedures.                                                             arranged trading
                                                                                                                                      partner
                                                                                                                                      agreements.


April 2003                                                GAO/PCIE Financial Audit Manual - Part II                                                  Page 902 A-2
 Substantive Testing
 902 A - Example Account Risk Analysis for Intragovernmental Activity and Balances

 Entity: Agency                                                                                                               Preparer:                             .

 Date of Financial Statements: September 30, 20xx            ACCOUNT RISK ANALYSIS FORM                                       Region:                           .

 Line Item: Intragovernmental balances                                File:                                                   Date:               Page 3 of 7



                                         PLANNING PHASE                                          INTERNAL CONTROL PHASE                 TESTING PHASE

                                                                                                 Effective-                                                 W/P
          Account             Financial statement   Inherent, fraud, and control     Cycle/       ness of     Con-   Com-    Tim-         Nature &         ref.&
                               assertions / risks          risk factors            accounting     control     trol   bined    ing          extent          audit
                                                                                   application   activities   risk    risk    I/F                          step

   Name           Balance

                            Completeness            Same as existence above,       Same as                                    F       Same as             Same
                                                    and control risk also arises   existence                                          existence above.      as
                                                    from the lack of               above                                                                  above.
                                                    management's oversight                                                            Review customer
                                                    relating to the                                                                   and vendor files     I.4 &
                                                    intragovernmental                                                                 and receipt/        III.B to
                                                    transactions and balances                                                         disbursement            D
                                                    adjustments made to the                                                           records for
                                                    financial statements and                                                          related parties.
                                                    required supplementary
                                                    information.                                                                      Test cut-off:       III.B.1.
                                                                                                                                      search for unre-        d
                                                                                                                                      corded trans-
                                                                                                                                      actions (e.g.,
                                                                                                                                      review trans-
                                                                                                                                      actions after
                                                                                                                                      yearend to



April 2003                                                GAO/PCIE Financial Audit Manual - Part II                                                  Page 902 A-3
 Substantive Testing
 902 A - Example Account Risk Analysis for Intragovernmental Activity and Balances

 Entity: Agency                                                                                                               Preparer:                              .

 Date of Financial Statements: September 30, 20xx            ACCOUNT RISK ANALYSIS FORM                                       Region:                            .

 Line Item: Intragovernmental balances                                File:                                                   Date:                Page 4 of 7



                                         PLANNING PHASE                                          INTERNAL CONTROL PHASE                 TESTING PHASE

                                                                                                 Effective-                                                  W/P
          Account             Financial statement   Inherent, fraud, and control     Cycle/       ness of     Con-   Com-    Tim-         Nature &          ref.&
                               assertions / risks          risk factors            accounting     control     trol   bined    ing          extent           audit
                                                                                   application   activities   risk    risk    I/F                           step

   Name           Balance

                                                                                                                                      determine if they
                                                                                                                                      were recorded in
                                                                                                                                      the correct fiscal
                                                                                                                                      year).

                                                                                                                                      Review the            III.B.1.
                                                                                                                                      results of FBWT           d
                                                                                                                                      accounts recon-
                                                                                                                                      ciliation, specifi-
                                                                                                                                      cally with unre-
                                                                                                                                      conciled IPAC
                                                                                                                                      transactions and
                                                                                                                                      suspense
                                                                                                                                      accounts.

                                                                                                                                      Review results of      IV.5
                                                                                                                                      AUP related to



April 2003                                                GAO/PCIE Financial Audit Manual - Part II                                                  Page 902 A-4
 Substantive Testing
 902 A - Example Account Risk Analysis for Intragovernmental Activity and Balances

 Entity: Agency                                                                                                                Preparer:                             .

 Date of Financial Statements: September 30, 20xx             ACCOUNT RISK ANALYSIS FORM                                       Region:                           .

 Line Item: Intragovernmental balances                                 File:                                                   Date:               Page 5 of 7



                                         PLANNING PHASE                                           INTERNAL CONTROL PHASE                 TESTING PHASE

                                                                                                  Effective-                                                  W/P
          Account             Financial statement    Inherent, fraud, and control     Cycle/       ness of     Con-   Com-    Tim-         Nature &          ref.&
                               assertions / risks           risk factors            accounting     control     trol   bined    ing          extent           audit
                                                                                    application   activities   risk    risk    I/F                           step

   Name           Balance

                                                                                                                                       employee
                                                                                                                                       benefits and
                                                                                                                                       FACTS I
                                                                                                                                       verification.

                            Valuation or             Same as existence above        Same as                                    F       Same as              Same
                            allocation                                              existence                                          existence and          as
                                                                                    above                                              completeness.        above.
                            Intragovernmental
                            balances are not                                                                                           Review basis of      I.4.a.ii
                            valued accurately or                                                                                       pricing signifi-     & iii &
                            on an appropriate                                                                                          cant intragovern-    IV.1 &
                            basis in the financial                                                                                     mental transac-         2
                            statements.                                                                                                tions for approp-
                                                                                                                                       riate disclosure.




April 2003                                                GAO/PCIE Financial Audit Manual - Part II                                                    Page 902 A-5
 Substantive Testing
 902 A - Example Account Risk Analysis for Intragovernmental Activity and Balances

 Entity: Agency                                                                                                               Preparer:                             .

 Date of Financial Statements: September 30, 20xx            ACCOUNT RISK ANALYSIS FORM                                       Region:                           .

 Line Item: Intragovernmental balances                                File:                                                   Date:               Page 6 of 7



                                         PLANNING PHASE                                          INTERNAL CONTROL PHASE                 TESTING PHASE

                                                                                                 Effective-                                                 W/P
          Account             Financial statement   Inherent, fraud, and control     Cycle/       ness of     Con-   Com-    Tim-         Nature &         ref.&
                               assertions / risks          risk factors            accounting     control     trol   bined    ing          extent          audit
                                                                                   application   activities   risk    risk    I/F                          step

   Name           Balance

                            Rights and              Same as existence above        Same as                                    F       Review confirma-    I.4.a.ii
                            obligations                                            existence                                          tions for indica-   & III.A-
                                                                                   above                                              tion of any            B
                            The agency does not                                                                                       disputes.
                            have rights to
                            recorded                                                                                                  Review pre-         I.4.a.iv
                            intragovernmental                                                                                         arranged agree-
                            balances.                                                                                                 ments between
                                                                                                                                      trading partners.

                                                                                                                                      Review manage-       IV.3
                                                                                                                                      ment and legal
                                                                                                                                      representation
                                                                                                                                      letters to
                                                                                                                                      determine if any
                                                                                                                                      obligations are
                                                                                                                                      not properly
                                                                                                                                      disclosed.


April 2003                                                GAO/PCIE Financial Audit Manual - Part II                                                  Page 902 A-6
 Substantive Testing
 902 A - Example Account Risk Analysis for Intragovernmental Activity and Balances

 Entity: Agency                                                                                                                Preparer:                             .

 Date of Financial Statements: September 30, 20xx             ACCOUNT RISK ANALYSIS FORM                                       Region:                           .

 Line Item: Intragovernmental balances                                 File:                                                   Date:               Page 7 of 7



                                         PLANNING PHASE                                           INTERNAL CONTROL PHASE                 TESTING PHASE

                                                                                                  Effective-                                                  W/P
          Account             Financial statement    Inherent, fraud, and control     Cycle/       ness of     Con-   Com-    Tim-         Nature &          ref.&
                               assertions / risks           risk factors            accounting     control     trol   bined    ing          extent           audit
                                                                                    application   activities   risk    risk    I/F                           step

   Name           Balance

                            Presentation and         Same as existence and          Same as                                    F       Determine if the      I.2 &
                            disclosure               completeness above             existence                                          agency approp-          IV
                                                                                    above                                              riately classifies,
                            Intragovernmental                                                                                          summarizes, and
                            balances are not                                                                                           discloses, intra-
                            properly classified or                                                                                     governmental
                            disclosed in the                                                                                           accounts in finan-
                            financial statements,                                                                                      cial statements,
                            or based on a                                                                                              related disclo-
                            consistent application                                                                                     sures, and RSI, in
                            of accounting                                                                                              accordance with
                            guidance.                                                                                                  SFFAS (GAAP)
                                                                                                                                       and OMB and
                                                                                                                                       Treasury gui-
                                                                                                                                       dance for intra-
                                                                                                                                       governmental
                                                                                                                                       accounting.



April 2003                                                GAO/PCIE Financial Audit Manual - Part II                                                   Page 902 A-7
[This page intentionally left blank.]
 Substantive Testing


902 B - EXAMPLE SPECIFIC CONTROL EVALUATION FOR INTRAGOVERNMENTAL
        ACCOUNTS

 Entity: Agency                                             SPECIFIC CONTROL EVALUATION                                                Preparer:                      .
 Date of Financial Statements:
    September 30, 20xx                                      (Line Item/Account-Related)                                                Region:                        .
 Accounting application:
    Intragovernmental accounts                              File:                                                                      Date:              Page 1          of 11




 Accounting         Relevant         Potential misstatements in         Control objectives               Internal control activities               IS    Effective-         W/P ref,
 application    assertions in line    accounting application                                                                                     (Y/N)    ness of           control
 assertions           items                  assertions                                                                                                   control           testing
                                                                                                                                                         activities          step
                various   various
 Existence or   various   various    Substantiation
 occurrence                          1. Recorded                    1a. Recorded                  1.   Quarterly, intragovernmental                N                         II.1.g-i
                                        intragovernmental               intragovernmental              balances recorded in the agency's
                                        assets and liabilities          assets and liabilities         general ledgers are confirmed
                                        do not exist at a given         should exist at a given        and reconciled with trading
                                        date.                           date.                          partners.

                                                                                                  2.   The agency and trading partners             N                         II.1.g-i
                                                                                                       work together to exchange data/
                                                                                                       correct errors promptly
                                                                                                       concerning the intragovernmental
                                                                                                       balances.




April 2003                                                 GAO/PCIE Financial Audit Manual - Part II                                                               Page 902 B-1
 Substantive Testing
 902 B - Example Specific Control Evaluation for Intragovernmental Accounts

 Entity: Agency                                            SPECIFIC CONTROL EVALUATION                                         Preparer:                      .
 Date of Financial Statements:
    September 30, 20xx                                     (Line Item/Account-Related)                                         Region:                        .
 Accounting application:
    Intragovernmental accounts                             File:                                                               Date:              Page 2          of 11




 Accounting         Relevant         Potential misstatements in      Control objectives          Internal control activities               IS    Effective-         W/P ref,
 application    assertions in line    accounting application                                                                             (Y/N)    ness of           control
 assertions           items                  assertions                                                                                           control           testing
                                                                                                                                                 activities          step
               various    various
                                                                                          3.   Reconciliation adjustments and              N                        III.A.1-7
                                                                                               supporting documents are
                                                                                               reviewed and approved by
                                                                                               authorized personnel before
                                                                                               being entered in the general
                                                                                               ledgers.

                                                                                          4.   Reconciliation between                      Y                        III.A.1-7
                                                                                               intragovernmental general ledger
                                                                                               balances and subsidiary ledger
                                                                                               balances are performed quarterly
                                                                                               and reviewed by supervisory
                                                                                               personnel.




April 2003                                                GAO/PCIE Financial Audit Manual - Part II                                                        Page 902 B-2
 Substantive Testing
 902 B - Example Specific Control Evaluation for Intragovernmental Accounts

 Entity: Agency                                            SPECIFIC CONTROL EVALUATION                                                  Preparer:                      .
 Date of Financial Statements:
    September 30, 20xx                                     (Line Item/Account-Related)                                                  Region:                        .
 Accounting application:
    Intragovernmental accounts                             File:                                                                        Date:              Page 3          of 11




 Accounting         Relevant         Potential misstatements in        Control objectives                 Internal control activities               IS    Effective-         W/P ref,
 application    assertions in line    accounting application                                                                                      (Y/N)    ness of           control
 assertions           items                  assertions                                                                                                    control           testing
                                                                                                                                                          activities          step
               various    various
                                                                   1b. Recorded                    1. Same as 1a. above.                                                     Same as
                                                                       intragovernmental                                                                                      above.
                                                                       assets and liabilities of
                                                                       the entity, at a given      2.   The agency maintains the                    Y                          II.1.l
                                                                       date, should be                  transaction logs and detailed
                                                                       supported by                     records of transactions to
                                                                       appropriate detailed             facilitate the reconciliation
                                                                       records that are                 process and to provide sufficient
                                                                       accurately summarized            information for the location of
                                                                       and reconciled to the            the supporting documents.
                                                                       account balance.
                                                                   1c. Access to                   1.   The agency's critical forms and             Y                        Example
                                                                       intragovernmental                records are protected by safes                                        control
                                                                       assets, critical forms,          and locks, guards, cameras, alarm                                    tests are
                                                                       records, and                     systems, and backup of electronic                                     omitted
                                                                       processing and storage           data.                                                                from the
                                                                       areas should be                                                                                       example
                                                                       permitted only in           2.   Changes made to the trading                 Y                          audit
                                                                       accordance with laws,            partner codes file are restricted                                      pro-
                                                                       regulations, and                 to authorized accounting                                             cedures.
                                                                       management's policy.             personnel.


April 2003                                                GAO/PCIE Financial Audit Manual - Part II                                                                 Page 902 B-3
 Substantive Testing
 902 B - Example Specific Control Evaluation for Intragovernmental Accounts

 Entity: Agency                                               SPECIFIC CONTROL EVALUATION                                               Preparer:                      .
 Date of Financial Statements:
    September 30, 20xx                                        (Line Item/Account-Related)                                               Region:                        .
 Accounting application:
    Intragovernmental accounts                                File:                                                                     Date:              Page 4          of 11




 Accounting         Relevant         Potential misstatements in           Control objectives              Internal control activities               IS    Effective-         W/P ref,
 application    assertions in line    accounting application                                                                                      (Y/N)    ness of           control
 assertions           items                  assertions                                                                                                    control           testing
                                                                                                                                                          activities          step
               various    various
 Complete-     various    various    Account Completeness                                                                                                                    Same as
 ness                                2. Intragovernmental             2. All intragovernmental     Same as existence above.                                                   above.
                                         assets and liabilities of       accounts that belong
                                         the entity exist but are        in the financial state-   1.   The agency reviews all transac-             Y                         II.1.a-f
                                         omitted from the                ments should be so             tions to identify and properly
                                         financial statements.           included. There should         code intragovernmental
                                                                         be no undisclosed              transactions.
                                                                         assets or liabilities.
                                                                                                   2.   The agency reconciles and                   Y                          II.2 &
                                                                                                        resolves IPAC differences (and                                       III.B.1.c
                                                                                                        differences from other systems/
                                                                                                        methods, if any, used to process
                                                                                                        intragovernmental transactions)
                                                                                                        promptly and records
                                                                                                        adjustments properly.

                                                                                                   3.   Supervisory personnel review and            Y                         II.1.m
                                                                                                        approve monthly account
                                                                                                        analyses of intragovernmental
                                                                                                        accounts and examine budget-to-
                                                                                                        actual and trend analyses.



April 2003                                                   GAO/PCIE Financial Audit Manual - Part II                                                              Page 902 B-4
 Substantive Testing
 902 B - Example Specific Control Evaluation for Intragovernmental Accounts

 Entity: Agency                                            SPECIFIC CONTROL EVALUATION                                         Preparer:                      .
 Date of Financial Statements:
    September 30, 20xx                                     (Line Item/Account-Related)                                         Region:                        .
 Accounting application:
    Intragovernmental accounts                             File:                                                               Date:              Page 5          of 11




 Accounting         Relevant         Potential misstatements in      Control objectives          Internal control activities               IS    Effective-         W/P ref,
 application    assertions in line    accounting application                                                                             (Y/N)    ness of           control
 assertions           items                  assertions                                                                                           control           testing
                                                                                                                                                 activities          step
               various    various
                                                                                          4.   Elimination journal entries and             N                        II.1.k &
                                                                                               supporting documentation are                                           III.E
                                                                                               reviewed and approved by
                                                                                               authorized personnel.

                                                                                          5.   Elimination entries are supported           Y                        II.1.k &
                                                                                               by schedules summarizing the                                           III.E
                                                                                               SGL accounts that are combined
                                                                                               to total the amounts eliminated.




April 2003                                                GAO/PCIE Financial Audit Manual - Part II                                                        Page 902 B-5
 Substantive Testing
 902 B - Example Specific Control Evaluation for Intragovernmental Accounts

 Entity: Agency                                              SPECIFIC CONTROL EVALUATION                                              Preparer:                      .
 Date of Financial Statements:
    September 30, 20xx                                       (Line Item/Account-Related)                                              Region:                        .
 Accounting application:
    Intragovernmental accounts                               File:                                                                    Date:              Page 6          of 11




 Accounting         Relevant         Potential misstatements in          Control objectives             Internal control activities               IS    Effective-         W/P ref,
 application    assertions in line    accounting application                                                                                    (Y/N)    ness of           control
 assertions           items                  assertions                                                                                                  control           testing
                                                                                                                                                        activities          step
                various   various
 Valuation or   Valua-    Valua-     Valuation
 allocation     tion or   tion or    3. Intragovernmental            3. Intragovernmental         Same as existence and completeness                                       Same as
                alloca-   alloca-        assets and liabilities          assets and liabilities   above.                                                                    above.
                tion      tion           included in the                 included in the
                                         financial statements            financial statements     1. The agency periodically evaluates            N                        I.4.a.ii &
                                         are valued on an                should be valued on         the condition and marketability of                                        iii
                                         inappropriate basis.            appropriate valuation       intragovernmental assets, for
                                                                         bases.                      example receivables are
                                                                                                     evaluated for collectibility.

                                                                                                  2. The agency accounting records                N                        I.4.a.ii &
                                                                                                     are compared with the assessed                                            iii
                                                                                                     values such as independent
                                                                                                     appraisals or assets.




April 2003                                                  GAO/PCIE Financial Audit Manual - Part II                                                             Page 902 B-6
 Substantive Testing
 902 B - Example Specific Control Evaluation for Intragovernmental Accounts

 Entity: Agency                                            SPECIFIC CONTROL EVALUATION                                           Preparer:                      .
 Date of Financial Statements:
    September 30, 20xx                                     (Line Item/Account-Related)                                           Region:                        .
 Accounting application:
    Intragovernmental accounts                             File:                                                                 Date:              Page 7          of 11




 Accounting         Relevant         Potential misstatements in        Control objectives          Internal control activities               IS    Effective-         W/P ref,
 application    assertions in line    accounting application                                                                               (Y/N)    ness of           control
 assertions           items                  assertions                                                                                             control           testing
                                                                                                                                                   activities          step
               various    various
                                     Measurement
                                     4. Intragovernmental          4. Intragovernmental       Same as existence and completeness                                      Same as
                                         revenues and                  revenues and           above.                                                                   above.
                                         expenses included in          expenses included in
                                         the financial                 the financial
                                         statements are                statements should be
                                         measured improperly.          properly measured.

 Rights and    Rights     Rights     Ownership
 obligations   and        and        5. Recorded                   5. Recorded                Same as existence and completeness                                      Same as
               obliga-    obliga-       intragovernmental             intragovernmental       above.                                                                   above.
               tions      tions         assets are owned by           assets should be
                                        others because of sale,       owned by the entity.
                                        or other contractual
                                        arrangements.




April 2003                                                GAO/PCIE Financial Audit Manual - Part II                                                          Page 902 B-7
 Substantive Testing
 902 B - Example Specific Control Evaluation for Intragovernmental Accounts

 Entity: Agency                                             SPECIFIC CONTROL EVALUATION                                               Preparer:                      .
 Date of Financial Statements:
    September 30, 20xx                                      (Line Item/Account-Related)                                               Region:                        .
 Accounting application:
    Intragovernmental accounts                              File:                                                                     Date:              Page 8          of 11




 Accounting         Relevant         Potential misstatements in         Control objectives              Internal control activities               IS    Effective-         W/P ref,
 application    assertions in line    accounting application                                                                                    (Y/N)    ness of           control
 assertions           items                  assertions                                                                                                  control           testing
                                                                                                                                                        activities          step
               various    various
                                     Rights
                                     6. The entity does not         6. Intragovernmental           Same as existence and completeness                                      Same as
                                        have certain rights to          assets should be the       above.                                                                   above.
                                        recorded                        entity's rights at a
                                        intragovernmental               given date.
                                        assets because of
                                        certain restrictions.

                                     Obligations
                                     7. The entity does not         7. Intragovernmental           Same as existence and completeness                                      Same as
                                        have an obligation for          liabilities should be      above.                                                                   above.
                                        recorded                        the entity's obligations
                                        intragovernmental               at a given date.
                                        liabilities at a given
                                        date.




April 2003                                                 GAO/PCIE Financial Audit Manual - Part II                                                              Page 902 B-8
 Substantive Testing
 902 B - Example Specific Control Evaluation for Intragovernmental Accounts

 Entity: Agency                                              SPECIFIC CONTROL EVALUATION                                                Preparer:                      .
 Date of Financial Statements:
    September 30, 20xx                                       (Line Item/Account-Related)                                                Region:                        .
 Accounting application:
    Intragovernmental accounts                               File:                                                                      Date:              Page 9          of 11




 Accounting         Relevant          Potential misstatements in         Control objectives               Internal control activities               IS    Effective-         W/P ref,
 application    assertions in line     accounting application                                                                                     (Y/N)    ness of           control
 assertions           items                   assertions                                                                                                   control           testing
                                                                                                                                                          activities          step
                various    various
 Presentation   Presen-    Presen-    Account classification
 and            tation     tation     8. Intragovernmental           8. Intragovernmental          1.   The agency uses trading partner             Y                          II.1
 disclosure     and dis-   and dis-       accounts are not               accounts should be             codes to identify and track
                closure    closure        properly classified and        properly classified and        trading partners when the
                                          described in the               described in the               intragovernmental transactions
                                          financial statements.          financial statements.          are initiated and on all
                                                                                                        documentation thereafter.

                                                                                                   2.   The agency uses SGL account                 Y                          II.1
                                                                                                        attributes to identify the nature
                                                                                                        of account balances and to
                                                                                                        identify intragovernmental
                                                                                                        transactions by trading partner.

                                                                                                   3.   The agency classifies,                      Y                          IV.1
                                                                                                        summarizes, and reports
                                                                                                        intragovernmental accounts by
                                                                                                        trading partner and presents them
                                                                                                        as required supplementary
                                                                                                        information (RSI).




April 2003                                                  GAO/PCIE Financial Audit Manual - Part II                                                               Page 902 B-9
 Substantive Testing
 902 B - Example Specific Control Evaluation for Intragovernmental Accounts

 Entity: Agency                                            SPECIFIC CONTROL EVALUATION                                               Preparer:                      .
 Date of Financial Statements:
    September 30, 20xx                                     (Line Item/Account-Related)                                               Region:                        .
 Accounting application:
    Intragovernmental accounts                             File:                                                                     Date:              Page 10         of 11




 Accounting         Relevant         Potential misstatements in        Control objectives              Internal control activities               IS    Effective-        W/P ref,
 application    assertions in line    accounting application                                                                                   (Y/N)    ness of          control
 assertions           items                  assertions                                                                                                 control          testing
                                                                                                                                                       activities         step
               various    various
                                                                                                4.   The CFO staff checks that the               N                         IV.1
                                                                                                     intragovernmental asset and
                                                                                                     liability categories reported as
                                                                                                     RSI agree with the intragovern-
                                                                                                     mental asset and liability line
                                                                                                     items reported on the balance
                                                                                                     sheet.

                                                                                                5.   The agency discloses intragovern-           Y                         IV.1
                                                                                                     mental gross cost and earned
                                                                                                     revenue by budget functional
                                                                                                     classification as required by OMB

                                     Consistency
                                     9. The financial state-       9. The financial statement   See # 8 above.                                                           Same as
                                        ment components are           components should be                                                                                above.
                                        based on accounting           based on accounting
                                        principles different          principles that are
                                        from those used in            applied consistently
                                        prior periods.                from period to period.




April 2003                                                GAO/PCIE Financial Audit Manual - Part II                                                           Page 902 B-10
 Substantive Testing
 902 B - Example Specific Control Evaluation for Intragovernmental Accounts

 Entity: Agency                                              SPECIFIC CONTROL EVALUATION                                            Preparer:                      .
 Date of Financial Statements:
    September 30, 20xx                                       (Line Item/Account-Related)                                            Region:                        .
 Accounting application:
    Intragovernmental accounts                               File:                                                                  Date:              Page 11         of 11




 Accounting         Relevant         Potential misstatements in          Control objectives           Internal control activities               IS    Effective-        W/P ref,
 application    assertions in line    accounting application                                                                                  (Y/N)    ness of          control
 assertions           items                  assertions                                                                                                control          testing
                                                                                                                                                      activities         step
               various    various
                                     Disclosure
                                     10. Required information        10. The financial          See # 8 above.                                                          Same as
                                         is not disclosed in the         statements or notes                                                                             above.
                                         financial statements            should contain all
                                         or in the notes                 information required
                                         thereto.                        to be disclosed.




April 2003                                                  GAO/PCIE Financial Audit Manual - Part II                                                        Page 902 B-11
[This page intentionally left blank.]
    Substantive Testing


    902 C -EXAMPLE AUDIT PROCEDURES FOR INTRA-
           GOVERNMENTAL AND OTHER RELATED
           PARTIES' ACTIVITY AND BALANCES

    Entity __________________________________________________________________

    Period of financial statements ____________________________________________

    Job code _______________________________________________________________
                                              1
                           Audit Procedures                            Done      W/P
                                                                      by/date    ref.

     I. Planning Phase
        Obtain an understanding of the entity's operations that are
        significant to the audit of intragovernmental and other
        related party activity and balances (see FAM section 220).
        1. To obtain an understanding of significant accounting
            and auditing issues, read the entity's prior year's
            accountability and auditors' reports.
        2. To identify the entity's accounting and reporting
            requirements and applicable auditing standards for
            intragovernmental and other related party activity and
            balances, read the following:
            a. SFFAS No. 4, Managerial Cost Accounting Concepts
                and Standards; SFFAS No. 5, Accounting for
                Liabilities of the Federal Government; SFFAS No. 7,
                 Accounting for Revenue and Other Financing
                 Sources and Concepts for Reconciling Budgetary
                 and Financial Accounting; Statement of Financial
                 Accounting Standards No. 57, Related Party
                 Disclosures; AU Section 334, Related Parties; AU
                 Section 558, Required Supplementary Information;
                 OMB bulletin on Form and Content of Agency
                 Financial Statements; Treasury/ Financial
                 Management Service's (FMS) Federal Intragovern-
                 mental Transactions Accounting Policies Guide; and
                 Treasury Financial Manual section "Federal
                 Intragovernmental Transactions Process."

1
    These procedures are applicable for intragovernmental (including interdepart-
    mental and intradepartmental) and other related parties' activity and balances.

    April 2003               GAO/PCIE Financial Audit Manual - Part II    Page 902 C-1
Substantive Testing
902 C – Example Audit Procedures for Intragovernmental and Other
        Related Parties' Activity and Balances
                                          1
                      Audit Procedures                              Done     W/P
                                                                   by/date   ref.
       b. The entity's internal procedures for identifying,
            accounting, reconciling and reporting
            intragovernmental and other related party activity
            and balances.
       c. The entity's process for identifying, classifying, and
            reporting intragovernmental activity and balances
            requiring elimination at the consolidated
            departmentwide or governmentwide level.
    3. To identify the impact of systems/methods for
       processing, accounting and financial reporting of
       intragovernmental and other related party activity and
       balances,
       a. Interview the entity's key management about, for
            example, the systems/methods that are used to
            process intragovernmental and other related party
            activity and balances (e.g., IPAC, credit cards,
            standard forms used to transfer funds between
            appropriations, and others).
       b. Obtain estimates of the approximate number and
            dollar amount of intragovernmental and other
            related party activity and balances (this could be
            based on the prior year) that are processed by each
            significant system/method (see FAM section 270).
       c. Consider coordinating this work with the audit of
            like nonfederal activity and balances (i.e., similar
            transactions by the entity with parties other than
            other federal entities).
    4. To identify the intragovernmental and other related
       party activity and balances
       a. Ask the entity management:
         i.     Names of all related parties (intragovernmental
                and others) and whether there were transactions
                with them during the period. Other possible
                related parties outside of government might be
                states, management, and individuals and firms
                with which members of management may be
                related or otherwise be able to significantly
                influence the management or operating policies.




April 2003             GAO/PCIE Financial Audit Manual - Part II      Page 902 C-2
Substantive Testing
902 C – Example Audit Procedures for Intragovernmental and Other
        Related Parties' Activity and Balances
                                         1
                     Audit Procedures                              Done     W/P
                                                                  by/date   ref.
         ii. The nature and terms of all significant activities
             and balances. For example,
             • for a seller entity,
                 •• Obtain information on the types of
                     significant revenues, any markup
                     percentage(s) over full cost, and the
                     settlement/payment due date.
                 •• Inquire as to how the full cost of products
                     and services sold is determined.
             • for a buyer entity,
                 •• Inquire about the minimum requirements
                     (business rules) that must be met before
                     an intragovernmental trading partner may
                     provide goods or services.
             • Inquire as to amounts, if any, that are in
                 dispute at year-end.
        iii. Whether the audited entity receives services
             without reimbursement or for less than full
             reimbursement, for example, donated services,
             such as space or detailed employees. If so, ask if
             the entity is complying with GAAP and/or OMB
             requirements with respect to accounting and
             reporting treatment of these transactions. Also,
             if applicable, ask about the approximate fair
             value and/or financial statement disclosure for
             such goods and/or services.
        iv.  Whether the entity centrally maintains contracts,
             agreements, and support for the terms of all
             significant transactions with related parties.
       b. Review, if any:
          i. The entity policy for advance approval of related
             party transactions by senior management.
         ii. The entity policy for requiring disclosure by
             employees to appropriate officials of potential
             conflicts of interest, such as related party
             transactions by employees of the entity. Also
             determine if summaries of such transactions are
             communicated to financial management for its
             consideration.



April 2003             GAO/PCIE Financial Audit Manual - Part II     Page 902 C-3
Substantive Testing
902 C – Example Audit Procedures for Intragovernmental and Other
        Related Parties' Activity and Balances
                                          1
                      Audit Procedures                              Done     W/P
                                                                   by/date   ref.
        iii.   Vendor and customer master file listings, major
               contracts, and IPAC activity for
               intragovernmental or other related parties.
       c. Ask Treasury/FMS regarding entities historically
           reporting intragovernmental transactions with the
           audited entity.
    5. Provide audit staff with the names of known
       intragovernmental and other related party trading
       partners, a description of the nature of significant
       transactions with each, and such other information as
       considered necessary to assist them in planning and
       performing other sections of the audit.
    6. Summarize the results.
    7. Document the auditor's preliminary assessment of risks
       related to the intragovernmental and other related party
       activity and balances in the ARA form or equivalent.

 II. Internal Control Phase
     Understand the internal control the entity has in place for
     identifying, accounting for, eliminating, and reporting
     intragovernmental and other related party activity and
     balances (existence, completeness, valuation, rights and
     obligations, presentation and disclosure) (see FAM section
     320).
     1. Determine through inquiry of management,
         walkthroughs, review of prior years' documentation and
         other means, how and when the entity identifies
         intragovernmental and other related party transactions.
         a. Whether the entity identifies the transactions by
             trading partner when they are initiated and on all
             documentation thereafter.
         b. If the entity uses trading partner codes, the
             relationship of such codes to other document
             identifiers such as vendor codes. For example,
             trading partner codes may be integral to each
             vendor code, or it may be necessary to crosswalk
             vendor codes to a file of trading partner codes.




April 2003              GAO/PCIE Financial Audit Manual - Part II     Page 902 C-4
    Substantive Testing
    902 C – Example Audit Procedures for Intragovernmental and Other
            Related Parties' Activity and Balances
                                             1
                          Audit Procedures                             Done     W/P
                                                                      by/date   ref.
           c. If the entity does not use trading partner codes,
              determine how the entity identifies, analyzes, and
              accumulates intragovernmental activity and
              balances. For example, the entity may derive such
              amounts through off-line manual processes after the
              fact.
           d. When the entity recognizes each significant category
              of intragovernmental and other related party
              transactions. For example, when an invoice is
              received, when processed through IPAC,2 when
              goods or services are received, when notified by the
              seller that an agreed-upon stage of completion has
              been achieved. Consider whether the entity's policy
              in recording intragovernmental and other related
              party transactions is appropriate.
           e. Whether the entity and its trading partners use
              consistent reciprocal ledger accounts3 and
              categories of activity and balances for recording and
              reconciling such amounts. If so, ask what processes
              are in place to provide management with reasonable
              assurance that trading partners are recognizing
              reciprocal transactions in the same period, for the
              same amount, and by consistent or compatible
              accounting methods.




2
    Intragovernmental Payment and Collection (IPAC) system replaced the Online
    Payment and Collection (OPAC) system in December 2001.
3
    Reciprocal accounts are corresponding SGL accounts that should be used by seller
    and buyer entities to record like intragovernmental transactions. For example, the
    seller entity's accounts receivable would normally be reconciled to the reciprocal
    account, accounts payable, on the buyer entity's records. Examples of these
    accounts are in FMS' Federal Intragovernmental Transactions Accounting Policies
    Guide.

    April 2003             GAO/PCIE Financial Audit Manual - Part II     Page 902 C-5
Substantive Testing
902 C – Example Audit Procedures for Intragovernmental and Other
        Related Parties' Activity and Balances
                                         1
                     Audit Procedures                               Done     W/P
                                                                   by/date   ref.
       f. If the entity complies substantially with the SGL at
          the transaction level as it applies to
          intragovernmental activity and balances. (Note:
          The SGL accounts used should include attributes for
          intragovernmental activity and balances that identify
          (a) that these accounts contain intragovernmental
          transactions (e.g., attribute "F") and (b) the trading
          partner (e.g., Treasury trading partner code "20").)
       g. Policies and procedures for confirming
          intragovernmental and other related party activity
          and balances with trading partners.
       h. How often the entity reconciles its related party
          activity and balances with its trading partners. Also
          inquire as to whether adjustments identified as
          necessary through the reconciliation process have
          been properly recognized in the financial records. If
          not, ask why. If the entity did not perform
          reconciliations, ask why not.
       i. Whether the selling and buying entities have
          established processes to facilitate the timely
          reconciliation of activity and balances. (Note: The
          selling entity is typically responsible for furnishing
          detailed transaction information to facilitate
          reconciliation.)
       j. What the entity's year-end cut-off procedures related
          to the intragovernmental and other related party
          activity are. Determine if procedures provide
          assurance that intragovernmental activities
          occurring in the current period are recorded in the
          current period. (Since the reconciliation process
          should detect cutoff errors, see above for
          reconciliation procedures with trading partners.)
       k. What the entity's policies and procedures are for
          intraentity elimination.
       l. Whether the entity maintains transaction logs or
          detailed records of transactions to identify the
          postings to SGL accounts and to facilitate the
          reconciliation process. The logs should include
          sufficient information to enable identification and
          location of the supporting documents.


April 2003             GAO/PCIE Financial Audit Manual - Part II      Page 902 C-6
Substantive Testing
902 C – Example Audit Procedures for Intragovernmental and Other
        Related Parties' Activity and Balances
                                         1
                      Audit Procedures                              Done     W/P
                                                                   by/date   ref.
       m. Whether the entity reviews and approves monthly
            account analyses of intragovernmental accounts and
            examines budget-to-actual and trend analyses.
    2. Coordinate with the results of audit procedures for
       other cycles to determine if the entity has internal
       control issues related to intragovernmental and other
       related party activity and balances. For example, to
       determine if the entity has control issues related to
       intragovernmental activity and balances, coordinate
       with the results of FBWT audit procedures to determine
       if the entity has issues on its FBWT/IPAC reconciliation
       such as material unreconciled amounts and aged
       unreconciled IPAC differences.
    3. Perform walk-throughs of processes for identifying,
       accounting, reconciling, confirming, eliminating, and
       reporting intragovernmental and other related party
       activity and balances to obtain or update the auditor's
       understanding of these procedures and preliminarily
       assess the effectiveness of these controls.
       a. Walkthrough the process from initiation to
            recording in the general ledger and inclusion in the
            financial statements or elimination for each
            significant type of intragovernmental and other
            related party activity and balances.
       b. Walk through the management/entity approval
            process of payments to trading partners. (Note:
            Prior audits have identified instances where
            payment controls for intragovernmental
            transactions were not sufficient, for example, the
            seller entity made payments to trading partners
            without verifying whether goods or services were
            provided.)
       c. Identify and document differences in process for
            nonfederal and intragovernmental and other related
            party activities and balances.
       d. If the entity performs reconciliations of
            intragovernmental activity and balances with trading
            partners during the year, the auditor should walk
            through both interim and year-end reconciliation
            processes.


April 2003              GAO/PCIE Financial Audit Manual - Part II     Page 902 C-7
Substantive Testing
902 C – Example Audit Procedures for Intragovernmental and Other
        Related Parties' Activity and Balances
                                           1
                       Audit Procedures                               Done     W/P
                                                                     by/date   ref.
    4. Prepare or update the cycle memorandum, flowchart,
       and ARA and SCE forms (See FAM sections 390, 395 H
       and I, and 902 A and B) or equivalents.

 III. Testing Phase
 A. For intragovernmental accounts, if the auditor preliminarily
     determines that the entity's reconciliation and confirmation
     controls with trading partners are effectively designed and
     placed in operation, test the entity's policies and
     procedures to determine if the reconciliation and
     confirmation controls are effective and if
     intragovernmental balances appear reasonable.
     1. Obtain final yearend reconciliations/confirmations of
         intragovernmental activity and balances for each
         trading partner and supporting documentation; or
         obtain the entity CFO responses for intragovernmental
         activity and balances and the supporting documentation
         for the final reconciliation/confirmations. (See the
         Treasury Financial Manual (TFM) sections on CFO
         procedures/representations and on IG Agreed-Upon
         Procedures for Federal Intragovernmental Activity and
         Balances)
     2. Compare the amounts in the reconciliations to
         supporting documentation.
     3. Trace the adjustments, if any, identified in the
         reconciliation process to the entity's financial records.
     4. Compare the amounts, excluding intra-departmental
         activity and balances, in the audited department
         consolidated financial statements to such amounts in
         the department's final FACTS I or FACTS Notes reports
         to FMS.
     5. Prepare an agreed-upon procedures report. (Note: The
         procedures in steps 1 to 4 above are agreed-upon
         procedures for intragovernmental activity and balances.
         See the TFM, volume 1, section on IG Agreed-Upon
         Procedures for Federal Intragovernmental Activity and
         Balances. Also see FAM section 660.)




April 2003              GAO/PCIE Financial Audit Manual - Part II       Page 902 C-8
Substantive Testing
902 C – Example Audit Procedures for Intragovernmental and Other
        Related Parties' Activity and Balances
                                          1
                      Audit Procedures                               Done     W/P
                                                                    by/date   ref.
    6. Consider whether these agreed-upon procedures are
       sufficient to achieve financial statement audit
       objectives. For example, whether the agreed upon
       procedures are applied to all significant assertions for
       all significant intragovernmental activity and balances.
       Typically these procedures alone will not be sufficient
       for financial statement audit purposes.
    7. If the agreed-upon procedures are not sufficient, then
       design additional procedures that in combination with
       the agreed-upon procedures will be sufficient. For
       example:

       Reconciliation/confirmation (existence, completeness,
       valuations, rights and obligations, and classification)
           • OMB's bulletin on Form and Content of Agency
              Financial Statements requires an entity to
              reconcile and confirm intragovernmental activity
              and balances with trading partners semiannually,
              beginning with the six-month period ending
              March 31, 2002 and quarterly, beginning with the
              three-month period ending December 31, 2002. If
              the entity performed monthly, quarterly, or
              semiannual reconciliations, test reconciliations
              to determine if the entity's reconciliation control
              is effective throughout the year.
           • There should be a separate reconciliation/
              confirmation for each trading partner.
           • This reconciliation/confirmation also may be
              used for within entity
              reconciliation/confirmation (intraentity).
       a. Determine the completeness of population:
           Determine if the entity performed reconciliations
           and confirmations for all trading partners by
           comparing the trading partners on the
           reconciliations and confirmation forms to subsidiary
           records or the entity's trading partner list obtained
           during the planning phase.
       b. For each reconciliation/confirmation:
         i. Determine if the reconciliation/confirmation was
              reviewed and approved by the appropriate
              personnel.

April 2003              GAO/PCIE Financial Audit Manual - Part II      Page 902 C-9
Substantive Testing
902 C – Example Audit Procedures for Intragovernmental and Other
        Related Parties' Activity and Balances
                                          1
                      Audit Procedures                              Done     W/P
                                                                   by/date   ref.
         ii.   Compare the total amounts and SGL accounts of
               the activity and balances reported on the
               reconciliation/confirmation form with the
               general and subsidiary ledger accounts, and the
               total amounts to audited financial statements
               and footnote disclosures. If differences are
               found, document each such difference. Consider
               potential impact on financial statements and post
               the differences identified to summary of
               unadjusted misstatements.
        iii.   Test whether the entity used appropriate SGL
               accounts and whether these SGL accounts
               include the proper attribute(s) to indicate that
               they result from intragovernmental transactions.
               (Note: For example, when the federal attribute
               "F" is used with an SGL account, a trading
               partner should be designated for each
               transaction posted to the account.) Entities can
               modify SGL accounts listed on the form to be
               more specific.
        iv.    Consider whether the entity is using the
               reciprocal accounts delineated in the FMS Guide.
               Entities should use these accounts to account for
               intragovernmental activity and balances in the
               specified categories. Use of these reciprocal
               accounts will facilitate the reconciliation and
               confirmation process.




April 2003              GAO/PCIE Financial Audit Manual - Part II    Page 902 C-10
Substantive Testing
902 C – Example Audit Procedures for Intragovernmental and Other
        Related Parties' Activity and Balances
                                         1
                      Audit Procedures                             Done     W/P
                                                                  by/date   ref.
         v.    For fiduciary activity and balances, compare
               amounts on the reconciliation forms to amounts
               on the Intragovernmental Fiduciary
               Confirmation System. (Note: Fiduciary activity
               and balances include loans from the Federal
               Financing Bank and Bureau of Public Debt,
               investments with Bureau of Public Debt, Federal
               Employees Compensation Act transactions with
               Labor, and employee benefit transactions with
               OPM. The seller entity—Bureau of Public Debt,
               Treasury, Federal Financing Bank, Labor, and
               OPM—will make balances information and other
               details available through the Intragovernmental
               Fiduciary Confirmation System for the buyer
               entities' use in reconciling amounts to their
               records. The Intragovernmental Fiduciary
               Confirmation System is the official confirmation
               system for federal entities that engage in
               fiduciary intragovernmental transactions with
               Bureau of Public Debt, Federal Financing Bank,
               OPM, and Labor.)
        vi.    For transfers, test whether
               • the classification of transfers as expenditure
                   or nonexpenditure is proper, and
               • the accounting and reporting are appropriate.
        vii.   For trust fund transfers such as highway and
               airport trust funds, also test whether the trust
               fund amounts are properly accounted for and
               maintained in accordance with laws that
               established these funds. (Note: Test either by
               the trust fund auditor or as agreed-upon
               procedures by the auditor who audits the entity
               that collects the revenue for it.)




April 2003              GAO/PCIE Financial Audit Manual - Part II   Page 902 C-11
Substantive Testing
902 C – Example Audit Procedures for Intragovernmental and Other
        Related Parties' Activity and Balances
                                          1
                      Audit Procedures                                Done     W/P
                                                                     by/date   ref.

       Reconciliation adjustments and differences (all
       intragovernmental categories)
            (Note: Exhibit I to FAM 902 C provides an
            illustration of a reconciliation tool that may be used
            to summarize reconciling items and prove amounts
            between a buyer and a seller entity.)
       c. Determine whether adjustments, if any, are
            supported and timely:
          i. Trace the adjustments and reconciling items
                identified in the reconciliation process to the
                entity general and subsidiary ledgers.
         ii. Examine the adjustments and supporting
                documents to determine if
                • The entity timely and properly performed the
                    research and identified causes for
                    differences.
                • The adjustments are agreed upon by both
                    entities and made to proper SGL accounts.
                    (Note: Examples of adjustments and
                    reconciling items are:
                    •• Adjustments in estimated accruals: For
                        example, the seller entity has recorded
                        unbilled revenue and the buyer entity was
                        not timely advised of the estimated
                        accrual.
                    •• Adjustments due to timing differences:
                        For example, timing differences caused by
                        a buyer entity's delay in recording IPAC
                        transactions into proper SGL accounts.
                    •• Reconciling item for capitalization of
                        assets: For example, the buyer entity
                        purchased property and equipment or
                        inventory and recorded them as assets.)
        iii. Obtain or prepare aging of outstanding
                unadjusted reconciling amounts for all
                significant intragovernmental balance sheet
                accounts. Identify old and/or unusual
                reconciling items and obtain explanations from
                the entity.


April 2003              GAO/PCIE Financial Audit Manual - Part II      Page 902 C-12
Substantive Testing
902 C – Example Audit Procedures for Intragovernmental and Other
        Related Parties' Activity and Balances
                                         1
                      Audit Procedures                              Done     W/P
                                                                   by/date   ref.
        iv.   Review final yearend reconciliation for any
              accounting policy differences and determine if
              the entity explains the causes of these
              differences on the final reconciliation. The
              causes of these differences might be differences
              in accounting standard requirements, for
              example, amortization methods for discounts
              and premiums. For example, one trading partner
              uses the interest method and the other trading
              partner uses the straight-line method to amortize
              discounts/premiums. (Note: There should be no
              material unresolved differences on the final year-
              end reconciliation forms. The entity should
              resolve all differences with trading partners.)
         v. Determine the extent of unadjusted differences
              at year-end. Assess their materiality on the
              financial statement line item and the overall
              financial statements.
        vi. If adjustments are made subsequent to the
              completion of the confirmations (during the
              audit period), determine if the entity revised the
              reconciliation and confirmation and submitted
              the updated data to FMS.
    8. Summarize the results of testing: (1) conclude on the
       effectiveness of the entity's reconciliation and
       confirmation controls and (2) propose adjustments, if
       necessary.
    9. Determine whether the results of testing and the nature
       of misstatements indicate that combined risk should be
       assessed differently and whether the audit procedures
       should be revised.




April 2003             GAO/PCIE Financial Audit Manual - Part II     Page 902 C-13
Substantive Testing
902 C – Example Audit Procedures for Intragovernmental and Other
        Related Parties' Activity and Balances
                                          1
                      Audit Procedures                               Done     W/P
                                                                    by/date   ref.

 B. For intragovernmental activity and balances, if the auditor
    preliminarily determines that the entity's reconciliation/
    confirmation control with trading partners is not effective,
    or if the reconciliations and/or confirmations are not
    performed by the entity, the auditor should consider the
    effect on substantive tests and on the audit report. In some
    cases, the auditor may decide to modify the audit opinion
    when no reconciliation and other mitigating controls
    existed. However, when intragovernmental activity and
    balances are material, significant additional work may be
    necessary to express an unqualified opinion such as:
    1. Coordinate work with other related line items to test
        existence, completeness, valuation, rights and
        obligations, and classification of intragovernmental
        activity and balances. For example,
        a. In conjunction with cash receipts, revenues, and
            accounts receivable testing, determine if
            intragovernmental accounts receivable were
            collected subsequent to test date. Examine
            supporting documentation for the posting of
            collections to the cash records; determine if
            intragovernmental revenues and receivables are
            included in nonfederal balances.
        b. Test completeness of intragovernmental activity and
            balances by reviewing vendor and customer master
            files to determine if intragovernmental vendors and
            customers are properly included in
            intragovernmental accounts.
        c. Consider sending confirmation requests to trading
            partners for both balance sheet and net cost activity
            and balances. Especially if combined risk is
            assessed as high, consider applying similar
            confirmation procedures as to the nonfederal
            accounts.




April 2003              GAO/PCIE Financial Audit Manual - Part II     Page 902 C-14
Substantive Testing
902 C – Example Audit Procedures for Intragovernmental and Other
        Related Parties' Activity and Balances
                                           1
                       Audit Procedures                                Done     W/P
                                                                      by/date   ref.

       Cut off test (existence and completeness)
       d. Determine if there are unrecorded transactions and
             if the transactions are recorded in the correct
             period.
          i.      Coordinate with the FBWT audit team to review
                  results of the FBWT reconciliation tests. For
                  example, review IPAC transactions
                  reconciliations and the recording of IPAC
                  transactions in accounting systems; consider
                  how timely and whether appropriate; review
                  IPAC transactions after 9/30–subsequent billing
                  and collecting transactions–to determine
                  unrecorded transactions as of 9/30.
         ii.      Search for unrecorded sales revenue, accounts
                  receivable, purchases, and accounts payable
                  (completeness). For example,
                  • To search for unrecorded sales revenue and
                     accounts receivable, select sales invoices for
                     trading partners recorded in the xx-day
                     period subsequent to year-end. Trace the
                     selected invoices to shipping records or
                     evidence of service performance. Determine
                     whether the sales revenue and accounts
                     receivable were recorded in the correct
                     period. Alternatively, select from shipping
                     records to trading partners prior to year-end
                     and trace to sales invoices.
                  • To test the completeness of amounts
                     recorded as accounts payable at the balance-
                     sheet date, select disbursements after the end
                     of the audit period and test if the amounts
                     were recorded in accounts payable.
    2. Review the test results of other related line items to
       determine if there are issues related to existence,
       completeness, valuation, rights and obligations, and
       classification in the tested accounts and transactions
       and the impact on the intragovernmental activity and
       balances. In testing these other accounts, consider
       whether items tested were from trading partners.


April 2003              GAO/PCIE Financial Audit Manual - Part II       Page 902 C-15
Substantive Testing
902 C – Example Audit Procedures for Intragovernmental and Other
        Related Parties' Activity and Balances
                                          1
                      Audit Procedures                               Done     W/P
                                                                    by/date   ref.
    3. Summarize the results and propose adjustments, if
       necessary.
    4. Determine if the results of testing and the nature of
       misstatements indicate that combined risk should be
       assessed differently and whether the audit procedures
       should be revised.

 Control and substantive tests of details—other related parties
 C. Attain satisfaction about the purpose, nature, and extent of
    material other related party transactions and their effect on
    the financial statements. Coordinate with sensitive
    payments work, including the review of executive
    compensation, travel, official entertainment funds,
    unvouchered expenses, and consulting services (see FAM
    section 280.05).
    1. Based on the work performed during the planning and
        internal control phases, determine and document the
        methodology used to select the transactions for testing.
        • Examine all transactions,
        • Dollar unit sampling (DUS),
        • Classical variables estimation sampling, or
        • Other (describe).
    2. For the selected transactions,
        a. examine documentation such as invoices, contracts,
            agreements, and receiving and shipping reports;
        b. determine whether the transactions have been
            properly approved;
        c. confirm transaction terms and amounts with the
            other party to the transaction; and
        d. test the compilation of amounts that may be
            disclosed in the financial statements for
            reasonableness.
    3. Summarize the results.
    4. Determine if the results of testing and the nature of
        misstatements indicate that combined risk should be
        assessed differently and if the audit procedures should
        be revised.




April 2003              GAO/PCIE Financial Audit Manual - Part II     Page 902 C-16
Substantive Testing
902 C – Example Audit Procedures for Intragovernmental and Other
        Related Parties' Activity and Balances
                                           1
                       Audit Procedures                                Done     W/P
                                                                      by/date   ref.

 Substantive analytical procedures (FAM 475)
 D. Substantive analytical procedures: Perform analytical
    procedures to assess whether balances are reasonable and
    reflect appropriate activities (existence and completeness).
    If the entity performs reconciliation and confirmation of
    intragovernmental activity and balances and the auditor
    places reliance on those tests of details, less rigorous,
    supplemental analytical procedures may be used to
    increase the auditor's understanding of intragovernmental
    activity and balances after performing tests of details in
    Testing, step III.A, above. However, in the absence of
    adequate reconciliation and confirmation controls, some or
    all of these procedures may be necessary to obtain
    sufficient evidence, if possible. For example,
    1. Develop expectations of the accounts payable and
        receivable balances overall or for all significant trading
        partners in light of the payment cycle during the year.
        Then, compare the recorded balance overall or by
        trading partner to the expected amount and investigate
        differences in the recorded balance if differences
        exceed ______ (insert an amount such that the total
        uninvestigated difference for all trading partners,
        including those not selected, does not exceed the limit).
    2. Develop expectations of recorded intragovernmental
        sales overall or for all significant trading partners based
        on independent data; for example, consider using
        trading partners' orders. Then compare the
        expectations to the recorded sales amounts and
        investigate differences in the recorded balance if
        differences exceed ______ (insert an amount such that
        the total uninvestigated difference for all trading
        partners, including those not selected, does not exceed
        the limit).




April 2003               GAO/PCIE Financial Audit Manual - Part II      Page 902 C-17
Substantive Testing
902 C – Example Audit Procedures for Intragovernmental and Other
        Related Parties' Activity and Balances
                                         1
                      Audit Procedures                             Done     W/P
                                                                  by/date   ref.
    3. Examine accounting records, for example, accounts
       receivable and payable, for large, unusual, or
       nonrecurring activity or balances. For example,
       consider expectations as to the types of
       intragovernmental activity and balances and trading
       partners based on the planning work. Then, examine
       significant unexpected/unusual intragovernmental
       activity and balances and intragovernmental activity or
       balances with unexpected trading partners. Document
       the definition of significant.
    4. Summarize the results of testing and determine if
       adjustments are necessary.

 Elimination (existence, completeness, and valuation)
 E. Test consolidation/elimination for transactions occurring
    within the entity (intraentity) to determine whether the
    elimination is appropriate and supportable.
    1. Obtain a list of each component entity's intraentity
        transactions identified for elimination and each
        component entity's reconciliation of its intraentity
        activity and balances with its respective trading
        partners. This step may be done in conjunction with the
        test of reconciliation (see step III.A above).
    2. Review the entity's eliminating journal entries and
        supporting documentation for elimination entries of the
        entitywide consolidated financial statements.
        Determine whether elimination journal entries are
        a. approved by management and
        b. supported by schedules summarizing the SGL
            accounts that are combined to total the amounts
            eliminated.
    3. Summarize the results.
    4. Determine if the results of testing and the nature of
        misstatements indicate that combined risk should be
        assessed differently and if the audit procedures should
        be revised.




April 2003             GAO/PCIE Financial Audit Manual - Part II    Page 902 C-18
Substantive Testing
902 C – Example Audit Procedures for Intragovernmental and Other
        Related Parties' Activity and Balances
                                             1
                        Audit Procedures                                 Done     W/P
                                                                        by/date   ref.

 IV. Reporting Phase
    To determine if the presentation and disclosures of
    intragovernmental and other related party balances comply
    with GAAP and OMB requirements:
    1. Determine whether financial reports are prepared in
        accordance with the OMB bulletin on Form and Content
        of Agency Financial Statements. For example,
        a. Review the balance sheet and determine whether it
            is properly classified and line items are correctly
            reported as intragovernmental or nonfederal.
        b. Read the required supplementary information (RSI)
            to determine if intragovernmental amounts and the
            related federal trading partners for assets, liabilities,
            earned revenue from trade (buy/sell) transactions
            and nonexchange revenue are presented as RSI. The
            gross cost to generate earned revenue from trade
            transactions should be presented by budget
            functional classification in the notes to the financial
            statements.
        c. Read disclosures for the Statement of Net Cost in
            the notes to the departmentwide financial
            statements and determine if the department includes
            a separate disclosure of intragovernmental gross
            cost and earned revenue by budget functional
            classification as required by OMB's form and
            content bulletin. Gross cost and earned revenue
            should be net of intradepartment transactions
            (consolidated).
    2. Read the entitywide financial statements, notes, and
        RSI; compare the reported intragovernmental and other
        related party (if any) activity and balances with the test
        results.
    3. Request that the entity's management include, in the
        representation letter, representations related to
        intragovernmental and other related party activity and
        balances. (See FAM section 1001 for guidance.)
    4. Communicate with trading partner entities' auditors
        (with auditee's permission) to consider whether issues
        identified by the other auditors affect the auditor' s
        conclusions on intragovernmental transactions.

April 2003               GAO/PCIE Financial Audit Manual - Part II        Page 902 C-19
Substantive Testing
902 C – Example Audit Procedures for Intragovernmental and Other
        Related Parties' Activity and Balances
                                        1
                     Audit Procedures                             Done     W/P
                                                                 by/date   ref.
    5. Read the various current period Agreed-Upon
       Procedures (AUP) reports to consider whether the
       findings will affect the auditor's conclusion and/or if
       additional procedures need to be performed. For
       example,
       a. The AUP report on employee withholdings and
           employer contributions that are reported on the
           Report of Withholdings and Contributions for Heath
           Benefits, Life Insurance and Retirements. This AUP
           report is to assist OPM in assessing the
           reasonableness of the Retirement, Health Benefits,
           and Life Insurance Withholdings/Contributions and
           Supplemental Semiannual Headcount report
           submitted to OPM (see OMB audit guidance).
       b. The AUP report on FACTS I verification. This AUP
           report is to evaluate the department's management
           assertion that it compared the department's
           summarized FACTS I data to its consolidated
           financial statements and to determine whether such
           data is in agreement.
    6. Summarize the results and determine if adjustments are
       necessary.
    7. Conclude whether intragovernmental and other related
       party activity and balances have been adequately
       accounted for and properly disclosed in the financial
       statements.




April 2003             GAO/PCIE Financial Audit Manual - Part II   Page 902 C-20
Substantive Testing
902 C - Example Audit Procedures for Intragovernmnetal and Other Related Parties' Activity and Balances


                                                                                                                Exhibit I
              Reconciliation of Seller Entity Intragovernmental
                  Earned Revenue with Buyer Entity Cost

     Seller Entity - Trading Partner 1
     Intragovernmental cash received for earned revenue, FY 200X, from
     Trading Partner 2 (General ledger before adjustment)                                 200,000

     Less adjustment for timing difference -
         Cash received but revenue unearned at end of the current year                    (20,000)
                                                                                                          The contra
                                                                                                          accounts for timing
     Add adjustment for timing difference -
                                                                                                          items should also
         Earned revenue recognized on unbilled work at the end of the current year         50,000
                                                                                                          reconcile.
     Intragovernmental earned revenue - accrual basis, FY 200X, from
                                                                                                          The Seller's
     Trading Partner 2 (General ledger after adjustment)                                  230,000
                                                                                                          unearned revenue
                               When reconciled, Seller Revenue and Buyer                                  account (liability)
                               Cost must agree after adjustments are recorded                             should reconcile
                               to correct for errors.                                                     with the Buyer's
                                                                                                          prepaid (asset)
                                                                                                          account.

                                                                                                          Seller's earned but
     Buyer Entity - Trading Partner 2                                                                     unbilled receivable
     Intragovernmental purchases - cash basis, FY 200X, from Trading                                      (asset) should
     Partner 1 (General ledger before adjustment)                                         190,000         reconcile with the
                                                                                                          Buyer's accounts
     Add:                                                                                                 payable for
            Adjustment for cutoff error identified during reconciliation process                          unbilled work
            [Cash sent to Trading Partner 1, but not recorded]                             10,000         (liability) account.
            Adjustment for completed but unbilled work at the end of the current year      50,000


     Less:
         Cash paid in the current year, but amount prepaid at end of current year         (20,000)

         General ledger after adjustment for Trading Partner 1                            230,000
     Less:
         Reconciling item for purchases inventoried at end of the current year            (50,000)

     Intragovernmental purchases included in cost - accrual basis, FY 200X,
     from Trading Partner 1                                                               180,000

                                                 When reconciled and adjusted, Seller
                                                 Revenue and Buyer Cost may not
                                                 agree because of timing differences.
                                                 Here, the Buyer has inventoried a
                                                 portion of the purchases for the year.




April 2003                                  GAO/PCIE Financial Audit Manual - Part II                        Page 902 C-21
[This page intentionally left blank.]
      Substantive Testing


      903 - AUDITING COST INFORMATION

.01   This section provides general guidance for considering cost information and
      planning audit procedures. The auditor should coordinate these procedures with
      procedures on auditing various line items and accounts. The auditor is
      concerned about cost information for a number of reasons. First, the auditor
      should obtain sufficient evidence to determine whether the costs are fairly stated
      in the financial statements and appropriately classified. Proper classification at
      the agency level also contributes to proper classification of costs in the
      consolidated financial statements of the U.S. government. Second, for CFO Act
      agencies and components designated by OMB, the auditor is concerned about the
      entity's financial management systems' substantial compliance with the three
      requirements of FFMIA. Third, cost information is important to the MD&A,
      although the auditor does not opine on the MD&A. The most relevant accounting
      standard for cost information is Statement of Federal Financial Accounting
      Standards (SFFAS) No. 4, Managerial Cost Accounting. This standard has
      relevance both to external financial reporting and to cost information for internal
      management reporting.

      STATEMENT OF FEDERAL FINANCIAL ACCOUNTING STANDARDS
      NO. 4, MANAGERIAL COST ACCOUNTING

.02    SFFAS No. 4 establishes the concepts and standards for providing reliable and
       timely information on the full cost of federal programs, their activities, and
       outputs. The objectives of managerial cost information specified in SFFAS No. 4
       are:

      •   To provide program managers with relevant and reliable information relating
          costs to outputs and activities. With this information, program managers
          should understand the costs of the activities they manage. The cost
          information should assist them in improving operational efficiency.

      •   To provide relevant and reliable cost information to assist Congress and
          executives in making decisions about allocating federal resources,
          authorizing and modifying programs, and evaluating program performance.

      •   To provide consistency between costs reported in general purpose financial
          reports and costs reported to program managers. This includes standardizing
          terminology to improve communication among federal organizations and
          users of cost information.

.03   The first two objectives primarily address the managerial use of cost information
      in improving operating efficiency and cost effectiveness, making planning and

      April 2003         GAO/PCIE Financial Audit Manual - Part II            Page 903-1
      Substantive Testing
      903 - Auditing Cost Information

      budgeting decisions, and measuring performance. The third objective primarily
      addresses external financial reporting. That objective can be achieved by
      reporting cost information in financial statements that is consistent with costs
      generated by the cost accounting process. Because of the differences in the
      three objectives, some requirements in SFFAS No. 4 are relevant to managerial
      decision making and operations improvement, while some requirements are
      relevant to external financial reporting.

.04   The cost accounting concepts section of SFFAS No. 4 (paragraphs 41-66)
      establishes the overall goals of cost accounting for federal agencies. Managerial
      cost accounting should be a fundamental part of the financial management
      system and, to the extent practicable, be integrated with the other parts of the
      system. Managerial costing should use a basis of accounting, recognition, and
      measurement that is appropriate for the intended purpose. Cost information
      developed for various purposes should be drawn from a common data source,
      and output reports should be reconcilable to each other.

.05   The five fundamental standards for managerial cost accounting set forth in
      SFFAS No. 4 (paragraphs 67-162) are important for the auditor. These standards
      will lead to the development of accurate and consistent cost information for
      internal and external reporting by federal agencies. The five standards are:

      •   Requirement for cost accounting: Each reporting entity should accumulate
          and regularly report the cost of its activities for management information.

      •   Responsibility segments: Management of each reporting entity should define
          and establish responsibility segments and report the costs of each segment's
          outputs.

      •   Full costs: Reporting entities should report the full costs of outputs, which is
          the total amount of resources used to produce the output, including direct
          and indirect costs.

      •   Interentity costs: Each entity's costs should incorporate the full cost of
          goods and services received from other entities. As directed by SFFAS No. 4,
          paragraph 110, OMB has designated, in its bulletin, Form and Content of
          Agency Financial Statements, the costs of goods and services received from
          other entities that should be recognized.

      •   Costing methodology: The costs of resources that directly or indirectly
          contribute to the production of outputs should be accumulated and assigned
          to outputs using appropriate methodologies. (See paragraph 903.07.)




      April 2003         GAO/PCIE Financial Audit Manual - Part II             Page 903-2
      Substantive Testing
      903 - Auditing Cost Information

      AUDIT PROCEDURES FOR FINANCIAL STATEMENT OPINION

.06   As part of understanding the entity's operations, the auditor should obtain an
      overview of how the entity meets these standards. This may be done by inquiry,
      observation, and walkthrough procedures. Substantive tests of the cost
      accounting system are usually necessary. The auditor should consider
      coordinating tests with other control and substantive tests. Based on the
      auditor's understanding of the agency's operations, the auditor should determine
      whether the statement of net costs is designed to include all the costs of the
      agency's programs. Also, in testing the statement of net costs, the auditor should
      test the financial statement assertions related to costs including whether
      expenses are properly classified in the statement of net costs, and in the notes by
      budget functional classification, as required by OMB's form and content
      guidance. The following (see FAM section 395 B) are examples of subassertions
      related to costs:

      •   Existence or occurrence:

          •• Validity—(1) Recorded costs, underlying goods and services used, and
             related processing procedures are authorized by federal laws, regulations,
             and management policy. (2) Recorded costs are approved by appropriate
             individuals in accordance with management's general or specific criteria.
             (3) Recorded costs represent goods and services that were actually used
             and are properly classified.
          •• Cutoff—Costs recorded in the current period represent goods and
             services used during the current period.
          •• Summarization—(1) The summarization of recorded costs is not
             overstated. (2) Costs are assigned to appropriate classifications in the
             financial statements.

      •   Completeness:

          •• Transaction completeness—All valid costs are recorded and properly
             classified.
          •• Cutoff—All goods and services used in the current period should be
             recorded in the current period.
          •• Summarization—The summarization of recorded costs is not understated.

      •   Valuation or allocation:

          •• Accuracy—(1) Costs are recorded at correct amounts. (2) Costs are
             recorded using appropriate assignment methodologies.
          •• Measurement—Costs included in the financial statements are properly
             measured.


      April 2003          GAO/PCIE Financial Audit Manual - Part II           Page 903-3
      Substantive Testing
      903 - Auditing Cost Information


      •   Presentation and disclosure:

          •• Account classification—Cost accounts are properly classified and
             described in the financial statements.
          •• Consistency—The financial statement costs are based on accounting
             principles that are applied consistently from period to period.
          •• Disclosure—The financial statements and footnotes contain all
             information required to be disclosed.

.07   SFFAS No. 4 discusses three methods of assigning costs: directly tracing costs,
      assigning costs on a cause-and-effect basis, and allocating costs on a reasonable
      and consistent basis. Although the standard discusses these three methods in
      relation to assigning costs to responsibility segments and outputs, the methods
      are also applicable to assigning costs to financial statement line items in the
      statement of net costs, generally by program, and in the notes by budget
      functional classification. The different methods of assigning costs may require
      different auditing procedures for determining whether costs are properly
      classified in the statement of net costs by program and in the notes by budget
      functional classification.

.08   For example, for directly traced costs (such as materials used in production or
      employees who worked on an output), the auditor generally should test whether
      costs were assigned to the appropriate program and/or budget functional
      classification.

.09   Costs may be assigned on a cause-and-effect basis, by grouping costs into cost
      pools where an intermediate activity may be a link between the cause and the
      effect. For example, an information technology department may provide support
      to other departments. The information technology department may assign costs
      to other departments on a cause-and-effect basis by first assigning costs to an
      intermediate activity, such as hardware installation or software design. Then the
      costs in these pools may be further assigned to other departments based on their
      use of these technical services. In auditing these types of costs, the auditor
      should test whether costs are assigned to the appropriate cost pool (hardware
      installation, software design), but also whether the costs are appropriately
      summarized in the pool. Then, when costs are assigned to other departments,
      the auditor should test whether costs assigned are based on appropriate usage
      information, whether the cost assignments are reasonable and consistent, and
      whether they are mathematically accurate.

.10   Costs may be allocated if it is not economically feasible to directly trace or assign
      costs on a cause-and-effect basis. This is commonly done with costs such as
      general management, depreciation, rent, maintenance, security, and utilities used
      in common by various segments. These costs are generally accumulated in cost

      April 2003         GAO/PCIE Financial Audit Manual - Part II              Page 903-4
      Substantive Testing
      903 - Auditing Cost Information

      pools and allocated to segments or outputs (or programs or budget functional
      classifications) based on a relevant common denominator such as number of
      employees, square footage of office space, or amount of direct costs incurred in
      segments. In auditing these allocated costs, the auditor should test whether the
      costs are assigned to the appropriate cost pool and summarized appropriately.
      The auditor also should determine whether the allocation basis is reasonable and
      consistent and test the mathematical allocation. In addition, the auditor should
      determine whether an allocation rather that directly tracing costs or assigning
      them on a cause-and-effect basis is appropriate in the circumstances.

.11   The entity exercises judgment in determining the line item/programs included in
      its statement of net costs. The auditor should consider whether classifications
      are reasonable in the circumstances.

      FEDERAL FINANCIAL MANAGEMENT IMPROVEMENT ACT OF 1996
      (FFMIA)

.12   For audits of the CFO Act agencies and components identified by OMB audit
      guidance, the auditor should determine whether the agency's financial
      management systems comply substantially with the three requirements of FFMIA
      (see paragraph 100.02 and FAM section 701). To determine compliance with
      SFFAS No. 4 for the purposes of FFMIA, the auditor should ask these questions,
      which relate to the standards discussed in paragraph 903.05:

      •   Does the agency regularly accumulate and report the costs of its activities to
          management?

      •   Has the agency defined its major programs and responsibility segments for
          the purpose of delineating costs?

      •   Does the agency properly accumulate costs by those programs and
          segments?

      •   Has the agency accounted for the full costs (including interentity costs) of
          products, services, or outputs to be externally reported at the entitywide
          level?

      •   Has the agency accounted for the costs of resources that contribute to the
          production of outputs by individual responsibility segment using appropriate
          costing methodologies?

      •   Has the agency reported those costs in the year-end financial statements on
          the accrual basis of accounting?



      April 2003         GAO/PCIE Financial Audit Manual - Part II            Page 903-5
      Substantive Testing
      903 - Auditing Cost Information

      •   Are the costs reported for external financial reporting and those reported for
          internal management reporting consistent and reconcilable?

      •   Is the reported management cost information consistent, timely, and
          comprehensive?

      •   Is the cost information reported in such a manner that management can
          determine answers to appropriate questions about costs of outputs?

      •   How does management determine whether costs are appropriate?

      •   How does management determine the entity's compliance with FFMIA?

       This inquiry is frequently combined with the procedures in paragraph 903.06, the
       outcome of which should be considered in concluding about the entity's
       compliance with the cost accounting requirements under FFMIA. Also, the
       auditor should review evidence supporting management's assertions in response
       to these questions, as further discussed in section 701, Assessing Compliance of
       Agency Systems with the Federal Financial Management Improvement Act
       (FFMIA).

      MANAGEMENT'S DISCUSSION AND ANALYSIS (MD&A)

.13   The auditor does not provide an opinion on the MD&A. Thus, the main concern
      is consistency of information, rather than testing the reliability of the cost data in
      the MD&A. The auditor should read the MD&A for consistency with the financial
      statements and with the auditor's knowledge of the entity. Testing generally
      should be limited to data in the financial statements, as discussed in paragraph
      903.06, not the MD&A. Analytical procedures may be used to consider the
      reasonableness of cost data in the MD&A. Based on this comparison, the auditor
      should consider whether additional testing is needed.

.14   Although costs reported in internal and external reports should be consistent,
      they may differ in the degree of detail and reporting frequency. Cost information
      for management may require more frequent and timely reporting. It also may
      require more specific and detailed information regarding the costs of specific
      activities or outputs. By comparison, external reports could be less frequent, and
      the cost information more aggregated, such as on a suborganization or program
      basis.




      April 2003          GAO/PCIE Financial Audit Manual - Part II              Page 903-6
      Substantive Testing


      921 - AUDITING FUND BALANCE WITH TREASURY
            (FBWT)

.01   This section provides guidance in auditing the Fund Balance with Treasury
      (FBWT) account. It explains key agency and Treasury processes and procedures
      related to FBWT accounts and discusses audit issues. Practice aids, including
      example Account Risk Analysis (ARA) and Specific Control Evaluation (SCE)
      forms and suggested audit procedures for the FBWT line item, are included in
      appendices.

.02   The FBWT account (SGL account 1010) is an asset account representing the
      unexpended spending authority in agencies' appropriations. Federal agencies
      record their budget spending authority in FBWT accounts and increase or
      decrease these accounts as they collect or disburse funds. Most agencies
      maintain several fund balance accounts funded by different types of
      appropriations, such as annual 1-year appropriations and/or multiyear
      appropriations that are included in the financial statement FBWT line item. The
      FBWT account also serves as one of several mechanisms to prevent agencies'
      disbursements from exceeding appropriated amounts.

.03   In the federal government, Treasury serves as the central banker. Most agencies
      use the banking services provided by Treasury's Financial Management Service
      (FMS) and do not keep cash in separate bank accounts. Some agencies have
      authority to disburse funds on their own behalf. These agencies still maintain
      FBWT accounts and follow Treasury's reporting and reconciliation
      requirements.

.04   Unlike commercial banking institutions, Treasury does not keep independent
      accounting records of each agency's FBWT accounts. Instead, Treasury uses
      monthly data reported by the agencies to calculate agencies' FBWT balances and
      requires agencies to perform detailed reconciliations of FBWT accounts to
      maintain the accuracy and reliability of agencies' fund balance records.
      Effective reconciliations also serve as a detection control for identifying
      unauthorized and unrecorded transactions at the agencies and Treasury.

.05   Treasury requires agencies to maintain FBWT accounts and to perform a two-
      part reconciliation process each month.

      •   First, agencies should reconcile differences identified by Treasury between
          cash receipts and disbursements transactions reported by agencies to those
          reported by other sources of financial data, such as the Federal Reserve,


      April 2003         GAO/PCIE Financial Audit Manual - Part II         Page 921-1
      Substantive Testing
      921 – Auditing Fund Balance with Treasury (FBWT)

          commercial banks, other federal agencies, and the FMS regional financial
          centers. Treasury reports differences identified to agencies each month on
                                      1
          "Statements of Differences."

      •   Second, agencies should reconcile differences between their records and
          Treasury records of the monthly activity recorded in the FBWT accounts.
          Each month Treasury provides appropriation, fund, and receipt account
          ledgers, which include a rollforward of the previous month's balance, the
          current month's cash activity reported by the agency and other account
          activity (supplemental appropriations, recissions, nonexpenditure transfers,
          entries reported by other agencies) to compare to their records.

      Differences remain until reconciled by the agencies and represent potential
      misstatements in agencies' financial statements and budget execution reports.

      AUDIT ISSUES

.06   Many agencies have problems in reconciling the transaction activity in their
      FBWT accounts. Ineffective FBWT reconciliations contribute to agencies'
      inability to prepare auditable financial statements. Without effective agency
      reconciliations of receipt and disbursement activity, the agency FBWT balance –
      the amount of funds available to it for expenditure in each appropriation – may
      contain material misstatements, and auditors generally would be unable to
      determine whether FBWT is fairly stated.

.07   Prior audits of agencies' financial statements identified instances in which
      agencies were not timely reconciling their FBWT accounts. Instead, some
      agencies adjusted their accounts to show the amounts reported by Treasury
      and/or recorded differences in suspense accounts without adequately
      researching the causes of the differences. Unreconciled differences recorded in
      suspense accounts could represent transactions that have not been recorded by
      the agency to the appropriate accounts. Only after researching its accounting
      records and reports can an agency determine the cause of the problem and make
      the proper adjustments to its FBWT accounts (and related asset, liability,
      expense, or revenue accounts) or advise Treasury to correct its records.

.08   There were instances in which agencies did not receive Statements of
      Differences from Treasury, even though unreconciled differences existed. Some

  1
      The banking system data is reported via CASHLINK, other federal agencies via
      IPAC (which replaced OPAC in December 2001), and FMS regional financial
      centers via GOALS. See FAM section 921 A for more detail on the Treasury
      processes and reports related to FBWT reconciliation.

      April 2003         GAO/PCIE Financial Audit Manual - Part II          Page 921-2
      Substantive Testing
      921 – Auditing Fund Balance with Treasury (FBWT)

      agencies did not use their accounting records to prepare monthly reports to
      Treasury. Instead, they reported the same amounts recorded in OPAC and
      CASHLINK to avoid Statements of Differences; generally these agencies tracked
      differences in suspense accounts. Because Treasury uses these sources to
      compare with the amounts reported by the agency, Treasury did not identify
      differences; thus, no Statements of Differences were issued. Also, some agencies
      cleared Statements of Differences by reporting adjustments to Treasury before
      researching and resolving differences. Therefore, amounts reported on
      Statements of Differences might not always be an adequate indicator of
      reconciliation problems or an adequate measure of the extent of outstanding
      unreconciled differences. Auditors should design tests to obtain an
      understanding of the agency's reconciliation procedures in order to assess the
      effect of its reconciliation process on the financial statements and to determine
      the level of audit procedures required after considering the materiality of
      unreconciled differences.

.09   Because Treasury's record of an agency's FBWT is the result of the activity
      reported to Treasury by the agency itself, and is not obtained from another
      source, the reconciliation process is a key control over FBWT accounts.

.10   One year's successful audit of the reconciliation of FBWT activity will generally
      not result in an auditable balance because the auditor faces the issue of auditing
      the beginning balance. Except for the first year of an appropriation, the
      balances in most FBWT accounts are included in the FBWT line item rollforward
      from year to year until the account is closed, which can be 5 years or more,
      depending on the type of appropriation.

.11   In an initial audit, the auditor should design tests to obtain assurance on the
      FBWT beginning balance. This may require testing of FBWT reconciliations
      performed in prior years or other audit procedures that provide assurance on the
      FBWT line item. For example, in some instances detailed audit procedures over
      beginning balances related to other financial statement accounts that affect
      FBWT could provide assurance. In tests of other account balances, the auditor
      may be able to determine that old errors were written off or other appropriate
      adjustments were made to FBWT and that the fund balances from prior years
      and remaining unadjusted reconciling differences are immaterial.

      AUDIT APPROACH

.12   Because Treasury relies on the monthly data reported by the agencies to
      calculate agencies' FBWT balances, confirmation of FBWT account balances
      with Treasury does not provide competent evidence. Therefore, the auditor



      April 2003        GAO/PCIE Financial Audit Manual - Part II           Page 921-3
      Substantive Testing
      921 – Auditing Fund Balance with Treasury (FBWT)

      needs to obtain competent evidence through tests of the agency's FBWT
      reconciliation process.

.13   Since most assets, liabilities, revenues, and expenses stem from or result in cash
      transactions, misstatements in the receipt or disbursement activity recorded in
      the FBWT accounts affect the balances of various financial statement accounts.
      Even though net FBWT account balances may be immaterial as of the date of the
      financial statements, the gross receipt and disbursement transactions flowing
      through the FBWT account during the fiscal year are usually material.
      Therefore, the auditor should test the reconciliation of the transaction activity
      flowing through the account. In addition, the auditor should assess the impact
      of gross unreconciled differences on the FBWT and other financial statement
      line items.

.14   The auditor should design an audit program that includes steps to determine
      whether the agency

      •   prepares monthly reports to Treasury using the same detailed accounting
          records of collection and disbursement transactions that are used to prepare
          the agency's financial statements;

      •   researches and resolves the underlying causes of differences between
          amounts reported by Treasury and agency records each month and makes the
          proper adjustments; and

      •   monitors suspense account activity – including maintaining detailed records
          of unreconciled differences charged to the account and maintaining records
          that age the differences – and performs procedures to timely and properly
          clear the account.

.15   The auditor also should design procedures to determine the magnitude of the
      agency's gross unreconciled differences at year-end by analyzing the Treasury
      Statements of Differences reports and agency suspense account items in terms
      of their aggregate absolute values and resulting impact on the financial
      statements. (Since each difference represents a potential misstatement, the roll-
      up and netting of charges and credits can significantly understate the total
      outstanding differences.)




      April 2003         GAO/PCIE Financial Audit Manual - Part II          Page 921-4
      Substantive Testing
      921 – Auditing Fund Balance with Treasury (FBWT)

      PRACTICE AIDS

.16   The following practice aids are appended to this section:

      •   Section 921 A – Treasury Processes and Reports Related to FBWT
          Reconciliation.

      •   Section 921 B – Example Account Risk Analysis (ARA).

      •   Section 921 C - Example Specific Control Evaluation (SCE). (Note that a
          single SCE of the line item/account-related accounting application for FBWT
          is presented. There are transaction-related accounting applications listed on
          the ARA that affect FBWT, such as cash receipts and cash disbursements, that
          would require transaction related SCEs.)

      •   Section 921 D - Example Audit Procedures.

.17   These aids are not all inclusive. They do not include tests of other accounts,
      such as Other Cash on Deposit bank accounts and Imprest Funds. Also, for
      agencies that write their own checks, the aids do not discuss or include tests of
      controls over check stock. If material, the auditor should apply appropriate
      additional tests. The aids provide the auditor with a framework for designing
      tests of FBWT accounts. Auditors should use professional judgment in designing
      audit programs for their particular agency after considering materiality, audit
      risks, and internal control.

.18   The auditor should use judgment in determining the most effective and efficient
      method to achieve the audit objectives. When possible, the FBWT audit
      procedures should be coordinated with other tests. For example, many
      procedures may be performed in conjunction with tests of agency cash receipts
      and cash disbursements. Others may be included as part of compliance testing.




      April 2003         GAO/PCIE Financial Audit Manual - Part II         Page 921-5
[This page intentionally left blank.]
Substantive Testing


921 A - TREASURY PROCESSES AND REPORTS
        RELATED TO FBWT RECONCILIATION

             A. Verification of Collections and EFT Disbursements
Reports               Reports/data         Treasury FMS        Resulting
submitted by          submitted by         action              Treasury reports
agencies              other sources                            to agencies
Agencies report       CASHLINK             FMS compares        Month-end
collections           system data          monthly             Statements of
monthly on            (CASHLINK is         collection totals   Differences (FMS
Statements of         used by the          reported on         6652) via GOALS
Transactions (SF      banking system to    agency SF 224s,     for each month
224) or               report collections   SF 1218/1221s,      until the difference
Statements of         and EFTs             or SF 1219/1220s    is cleared.
Accountability/       received from and    to transaction
Transactions (SF      on behalf of         data available in   Monthly detailed
1218/1221 or          government           CASHLINK.           support list of
1219/1220) by         agencies).                               transactions
ALC.                                                           reported in
                      Note: In                                 CASHLINK.
Note: For             CASHLINK,
agencies which        electronic
report on SF 1218     disbursements
or 1219,              are reported as
electronic            "negative
disbursements are     collections," or
netted against        debit vouchers.
collections.

       Reporting of FBWT accounts activity and balances
                                       FMS reports             Monthly
                                       agency FBWT             appropriation and
                                       accounts activity       receipt account
                                       and balances            ledgers (FMS 6653
                                       based on data           and 6655) showing
                                       reported by             account activity
                                       agencies.               and net balances
                                                               for each
                                                               appropriation,
                                                               fund, and receipt
                                                               account.

                                                               Monthly
                                                               appropriation and
                                                               receipt account
                                                               trial balances (FMS
                                                               6654/ 6655) by
                                                               department.


April 2003          GAO/PCIE Financial Audit Manual - Part II         Page 921 A-1
Substantive Testing
921 A – Treasury Processes and Reports Related to FBWT Reconciliation

                  B. Verification of Disbursement Data
Reports            Reports/data       Treasury FMS        Resulting
submitted by       submitted by       action              Treasury reports
agencies           other sources                          to agencies
 1. Verification of Treasury Disbursement Office agency disbursements
Agencies for        FMS regional     FMS compares     Monthly Statements
which FMS           finance center   monthly          of Differences
regional financial Agency            disbursement     (FMS 6652) for
centers disburse    Confirmation     totals reported  each month until
money submit        Reports (include on agency SF     the difference is
monthly             checks issued    224s to          cleared.
Statements of       and electronic   disbursement
Transactions (SF disbursements       data on regional Monthly detailed
224) by ALC.        accomplished on finance center    support listings of
                    behalf of the    reports or IPAC. transactions
Agencies for        agency).                          reported by
which FMS                                             regional finance
regional finance    The Interagency                   centers, and IPAC.
centers disburse    Payment and
money report net Collection
interagency         system (IPAC)
transactions on     data are used by
SF 224.             agencies and
                    FMS to
                    accomplish
                    interagency
                    transactions).
       Reporting of FBWT accounts activity and balances
                                      FMS reports         Monthly
                                      agency FBWT         appropriation
                                      accounts activity   account ledgers
                                      and balances        (FMS 6653)
                                      based on            showing account
                                      monthly data        activity and net
                                      reported by         balances for each
                                      agencies.           appropriation and
                                                          fund account.

                                                          Monthly
                                                          appropriation
                                                          account trial
                                                          balances (FMS
                                                          6654) by
                                                          department.




April 2003        GAO/PCIE Financial Audit Manual - Part II      Page 921 A-2
Substantive Testing
921 A – Treasury Processes and Reports Related to FBWT Reconciliation


                    B. Verification of Disbursement Data
Reports             Reports/data        Treasury FMS         Resulting
submitted by        submitted by        action               Treasury reports
agencies            other sources                            to agencies
    2. Verification of Non-Treasury Disbursing Office (NTDO) agency
                              disbursements
     Verification of interagency transactions:
NTDO agencies       Interagency         FMS compares         Monthly
report net          payment and         monthly net          Statements of
interagency         collection system   disbursement         Differences (FMS
transactions on     data.               totals reported on   6652) for each
SF 1218/1221 or                         agency SF            month until the
SF 1219/1220 by                         1218/1221s or SF     difference is
ALC.                                    1219/1220s to        cleared.
                                        disbursement
                                        data in IPAC.        Monthly detailed
                                                             support lists of
                                                             transactions
                                                             reported by IPAC.
     Verification of checks paid
NTDOs submit         Federal Reserve    FMS performs a       Advice of Check
tapes detailing      Banks submit       check by check       Issue Discrepancies
checks issued        tapes detailing    comparison of        (FMS 5206).
and Month-end        checks paid.       checks issued to
Checks Issued                           checks paid by
Summary reports                         the banking
(SF 1179).                              system (dollar
                                        amount).
     Verification of checks issued:
NTDOs submit         SF 1179, Month-    FMS compares SF      Two-, 4-, 6-, & 8-
monthly              End Checks         1179 data            month letters
Statements of        Issued Summary     (adjusted for FMS    notifying agencies
Accountability/      report submitted   5206 dollar          of any outstanding
Transactions (SF by NTDO                differences) to      discrepancies over
1218/1221 or SF      agencies and       the agency           $50.
1219/1220).          checks paid by     disbursements
                     the banking        reported on SF
                     system.            1218/1221 or SF
                                        1219/1220 (total
                                        checks issued to
                                        total checks
                                        paid).




April 2003         GAO/PCIE Financial Audit Manual - Part II        Page 921 A-3
Substantive Testing
921 A – Treasury Processes and Reports Related to FBWT Reconciliation

                 B. Verification of Disbursement Data
Reports           Reports/data      Treasury FMS        Resulting
submitted by      submitted by      action              Treasury reports
agencies          other sources                         to agencies
    2. Verification of Non-Treasury Disbursing Office (NTDO) agency
                              disbursements
       Reporting of FBWT accounts activity and balances
                                    FMS reports         Monthly
                                    agency FBWT         appropriation
                                    accounts activity   account ledger
                                    and balances        (FMS 6653)
                                    based on monthly    showing account
                                    data reported by    activity and net
                                    agencies.           balances for each
                                                        appropriation and
                                                        fund account.
                                                        Monthly
                                                        appropriation trial
                                                        balance (FMS 6654)
                                                        by department.




April 2003       GAO/PCIE Financial Audit Manual - Part II     Page 921 A-4
    Substantive Testing


    921 B - EXAMPLE ACCOUNT RISK ANALYSIS FOR FUND BALANCE WITH TREASURY

    Entity: Agency                                                                                                                                           Preparer:                        .

    Date of Financial Statements: September 30, 20xx                                 ACCOUNT RISK ANALYSIS FORM                                              Region:                              .

    Line Item: Fund Balance with Treasury                                                         File:                                                      Date:                                 .


                                                   PLANNING PHASE                                                           INTERNAL CONTROL PHASE                        TESTING PHASE


                Account                     Financial statement       Inherent, fraud, and                  Cycle/      Effectiveness   Control   Combined   Tim-            Nature &
                                                                                                                                                                                                  W/P ref &
                                             assertions / risks        control risk factors               accounting     of control      risk       risk      ing             extent
                                                                                                                                                                                                  audit step
                                                                                                          application    activities1                          I/F
         Name          Balance

    Fund Balance     $xx,xxx m     Existence or occurrence
    with Treasury                  Recorded Fund Balance with     Control risk arises from the        Cycles:                                                I/F       Test FBWT                  FBWT
                                   Treasury (FBWT) does not       (1) highly decentralized            Revenue                                                          reconciliations.           program
                                   exist.                         structure of the agency,            Payroll
                                                                  which reduces management's          Budget                                                           Analyze impact of          FB-1
                                                                  knowledge of and control            Treasury                                                         unresolved                 through
                                                                  over operations, (2) signifi-                                                                        reconciling items at       FB-7
                                                                  cant weaknesses in general          Applications:                                                    year-end.
                                                                  controls over the automated         FBWT
                                                                  systems the agency relies           Cash receipts
                                                                  extensively upon to process         Cash
                                                                  transactions and (3) lack of        disbursements
                                                                  adequate management over-
                                                                  sight of the reconciliation
                                                                  process. Inherent risk arises
                                                                  from the high volume of
                                                                  transactions flowing through
                                                                  the account.


1
    Omitted from this example.


    April 2003                                                          GAO/PCIE Financial Audit Manual - Part II                                                                     Page 921 B-1
Substantive Testing
921 B - Example Account Risk Analysis for Fund Balance with Treasury

Entity: Agency                                                                                                                                           Preparer:                         .

Date of Financial Statements: September 30, 20xx                                 ACCOUNT RISK ANALYSIS FORM                                              Region:                               .

Line Item: Fund Balance with Treasury                                                         File:                                                      Date:                                  .


                                               PLANNING PHASE                                                           INTERNAL CONTROL PHASE                        TESTING PHASE


            Account                     Financial statement       Inherent, fraud, and                  Cycle/      Effectiveness   Control   Combined   Tim-            Nature &
                                                                                                                                                                                               W/P ref &
                                         assertions / risks        control risk factors               accounting     of control      risk       risk      ing             extent
                                                                                                                                                                                               audit step
                                                                                                      application    activities1                          I/F
     Name          Balance

                               Completeness
                               FBWT is omitted from the       Control risk arises from the        Cycles:                                                I/F       Test FBWT                   FBWT
                               financial statements or is     (1) highly decentralized            Revenue                                                          reconciliations.            program
                               incomplete.                    structure of the agency,            Payroll                                                          Analyze impact of           FB-1
                                                              which reduces management's          Budget                                                           unresolved                  through
                                                              knowledge of and control            Treasury                                                         reconciling items at        FB-7
                                                              over operations, (2) signifi-                                                                        year-end.
                                                              cant weaknesses in general          Applications:
                                                              controls over the automated         FBWT                                                             Prepare lead                FB-2 and
                                                              systems the agency relies           Cash receipts                                                    schedule of GL              FB-10
                                                              extensively upon to process         Cash                                                             accounts that
                                                              transactions and (3) lack of        disbursements                                                    constitute FBWT,
                                                              adequate management over-                                                                            analytically review
                                                              sight of the reconciliation                                                                          with prior-year data,
                                                              process.                                                                                             and resolve reasons
                                                                                                                                                                   for unexpected
                                                              Inherent risk arises from the
                                                                                                                                                                   changes.
                                                              high volume of transactions
                                                              flowing through the account.




April 2003                                                          GAO/PCIE Financial Audit Manual - Part II                                                                    Page 921 B-2
Substantive Testing
921 B - Example Account Risk Analysis for Fund Balance with Treasury

Entity: Agency                                                                                                                                           Preparer:                        .

Date of Financial Statements: September 30, 20xx                                  ACCOUNT RISK ANALYSIS FORM                                             Region:                              .

Line Item: Fund Balance with Treasury                                                         File:                                                      Date:                                 .


                                               PLANNING PHASE                                                           INTERNAL CONTROL PHASE                        TESTING PHASE


            Account                     Financial statement        Inherent, fraud, and                 Cycle/      Effectiveness   Control   Combined   Tim-            Nature &
                                                                                                                                                                                              W/P ref &
                                         assertions / risks         control risk factors              accounting     of control      risk       risk      ing             extent
                                                                                                                                                                                              audit step
                                                                                                      application    activities1                          I/F
     Name          Balance

                               Valuation/Accuracy
                               Fund Balance with Treasury     No significant inherent,            Cycles:                                                I/F       Test FBWT                  FBWT
                               is not recorded accurately.    fraud or control risk factors       Revenue                                                          reconciliations.           program
                                                              identified.                         Payroll
                                                                                                  Budget                                                           Analyze impact of          FB-1
                                                                                                  Treasury                                                         unresolved                 through
                                                                                                                                                                   reconciling items at       FB-7
                                                                                                  Applications:                                                    year-end.
                                                                                                  FBWT
                                                                                                  Cash receipts
                                                                                                  Cash
                                                                                                  disbursements




April 2003                                                          GAO/PCIE Financial Audit Manual - Part II                                                                     Page 921 B-3
Substantive Testing
921 B - Example Account Risk Analysis for Fund Balance with Treasury

Entity: Agency                                                                                                                                           Preparer:                        .

Date of Financial Statements: September 30, 20xx                                 ACCOUNT RISK ANALYSIS FORM                                              Region:                              .

Line Item: Fund Balance with Treasury                                                         File:                                                      Date:                                 .


                                               PLANNING PHASE                                                           INTERNAL CONTROL PHASE                        TESTING PHASE


            Account                     Financial statement       Inherent, fraud, and                  Cycle/      Effectiveness   Control   Combined   Tim-           Nature &
                                                                                                                                                                                              W/P ref &
                                         assertions / risks        control risk factors               accounting     of control      risk       risk      ing            extent
                                                                                                                                                                                              audit step
                                                                                                      application    activities1                          I/F
     Name          Balance

                               Rights
                               Agency does not have certain   Inherent risk arises from the       Treasury                                                F        Review support for         FBWT
                               rights to Fund Balance with    high number of                                                                                       recorded                   program
                               Treasury because of            appropriation, fund and                                                                              appropriation, fund,
                               transfers, rescissions, and    receipt accounts, including                                                                          and receipt accounts       FB-8 and
                               restrictions.                  certain special funds and                                                                            included in the            FB-10
                                                              trust funds that do not                                                                              FBWT line item.
                                                              belong to the agency.
                                                              Because these nonentity                                                                              Review footnote
                                                              accounts are maintained                                                                              disclosure.
                                                              within the same system used
                                                              to maintain entity accounts
                                                              and financial activity, there
                                                              is a risk that these accounts
                                                              will be inappropriately
                                                              charged and be included in
                                                              the FBWT line item.

                                                              Same control risks as for
                                                              existence and completeness.




April 2003                                                          GAO/PCIE Financial Audit Manual - Part II                                                                    Page 921 B-4
Substantive Testing
921 B - Example Account Risk Analysis for Fund Balance with Treasury

Entity: Agency                                                                                                                                              Preparer:                        .

Date of Financial Statements: September 30, 20xx                                    ACCOUNT RISK ANALYSIS FORM                                              Region:                              .

Line Item: Fund Balance with Treasury                                                            File:                                                      Date:                                 .


                                               PLANNING PHASE                                                              INTERNAL CONTROL PHASE                        TESTING PHASE


            Account                     Financial statement          Inherent, fraud, and                  Cycle/      Effectiveness   Control   Combined   Tim-           Nature &
                                                                                                                                                                                                 W/P ref &
                                         assertions / risks           control risk factors               accounting     of control      risk       risk      ing            extent
                                                                                                                                                                                                 audit step
                                                                                                         application    activities1                          I/F
     Name          Balance

                               Presentation and disclosure
                               Fund Balance with Treasury       No significant inherent or           Treasury                                                F        Review FBWT                FBWT
                               is not properly classified and   fraud risk factors identified.                                                                        related financial          program
                               disclosed in the financial                                                                                                             statement line item
                               statements.                      Same control risks as for                                                                             and footnote               FB-9 and
                                                                existence and completeness.                                                                           disclosures for            FB-10
                                                                                                                                                                      conformance with
                                                                                                                                                                      applicable
                                                                                                                                                                      standards, and trace
                                                                                                                                                                      amounts reported in
                                                                                                                                                                      financial statement
                                                                                                                                                                      line items and
                                                                                                                                                                      footnote disclosures
                                                                                                                                                                      to general ledger
                                                                                                                                                                      and supporting
                                                                                                                                                                      detailed records.




April 2003                                                             GAO/PCIE Financial Audit Manual - Part II                                                                    Page 921 B-5
[This page intentionally left blank.]
Substantive Testing


921 C - EXAMPLE SPECIFIC CONTROL EVALUATION FOR FUND BALANCE WITH TREASURY

Entity: Agency                                          SPECIFIC CONTROL EVALUATION                                              Preparer:                   .
Date of Financial Statements:
    September 30, 20xx                                           (Line Item/Account-Related)                                     Region:                         .
Accounting application: Fund
   Balance with Treasury                                              File:                                                      Date:              Page 1   of 7



                  Relevant assertions in line          Potential
 Accounting                 items                  misstatements in            Control objectives        Internal control activities         IS    Effectiveness       W/P ref. &
 application                                    accounting application                                                                     (Y/N)    of control          control
 assertions         FBWT           Various            assertions                                                                                     activities       testing step

Existence or    Existence       Existence       Substantiation                                      (See note 1.)
Occurrence                                      1.   Recorded FBWT            1a. Recorded FBWT     1.   Agency staff performs               Y                           FB- 5
                                                     does not exist as of         amounts should         monthly reconciliation                                            &
                                                     a given date.                exist as of a          between agency general
                                                                                  given date.            ledger (G/L) and Treasury                                       FB-6
                                                                                                         records (appropriation and
                                                                                                         receipt account ledgers,
                                                                                                         FMS 6653 and FMS 6655).

                                                                                                    2.   Agency staff resolves receipt       N                           FB-4
                                                                                                         and disbursement                                                  &
                                                                                                         differences reported by
                                                                                                         Treasury via the FMS 6652,                                      FB-6
                                                                                                         Statements of Differences
                                                                                                         for collections and
                                                                                                         disbursements.




April 2003                                                   GAO/PCIE Financial Audit Manual - Part II                                                               Page 921 C-1
Substantive Testing
921 C – Example Specific Control Evaluation for Fund Balance with Treasury

Entity: Agency                                        SPECIFIC CONTROL EVALUATION                                               Preparer:                   .
Date of Financial Statements:
    September 30, 20xx                                        (Line Item/Account-Related)                                       Region:                         .
Accounting application: Fund
   Balance with Treasury                                           File:                                                        Date:              Page 2   of 7



                  Relevant assertions in line          Potential
 Accounting                 items                  misstatements in         Control objectives          Internal control activities         IS    Effectiveness       W/P ref. &
 application                                    accounting application                                                                    (Y/N)    of control          control
 assertions         FBWT           Various            assertions                                                                                    activities       testing step

                                                                                                   3.   Agency staff resolves               N                           FB-4
                                                                                                        disbursement differences                                          &
                                                                                                        reported by Treasury via the
                                                                                                        Advice of Check Issued                                          FB-6
                                                                                                        Discrepancy Report (FMS
                                                                                                        5206) and Difference
                                                                                                        Notification to the
                                                                                                        Disbursing Office (NTDO
                                                                                                        agencies).

                                                                           1b. Recorded FBWT,      1.   Agency staff reconciles the         Y                           FB-3
                                                                               at a given date,         monthly Statement of
                                                                               should be                Transactions (SF 224)
                                                                               supported by             submitted to Treasury, to
                                                                               appropriate              the applicable G/L accounts.
                                                                               detailed records    2.   Agency staff reconciles the         N                           FB-3
                                                                               that are                 monthly Statement of Ac-
                                                                               accurately               countability/transactions
                                                                               summarized and           (SF1219/1220 or SF1218/
                                                                               reconciled to the        1221) submitted to Treasury,
                                                                               account balance.         to the applicable G/L
                                                                                                        accounts (NTDO agencies).
                                                                                                   3.   Same as 1.1a.1


April 2003                                                 GAO/PCIE Financial Audit Manual - Part II                                                                Page 921 C-2
Substantive Testing
921 C – Example Specific Control Evaluation for Fund Balance with Treasury

Entity: Agency                                          SPECIFIC CONTROL EVALUATION                                                Preparer:                   .
Date of Financial Statements:
    September 30, 20xx                                           (Line Item/Account-Related)                                       Region:                         .
Accounting application: Fund
   Balance with Treasury                                              File:                                                        Date:              Page 3   of 7



                  Relevant assertions in line          Potential
 Accounting                 items                  misstatements in            Control objectives          Internal control activities         IS    Effectiveness       W/P ref. &
 application                                    accounting application                                                                       (Y/N)    of control          control
 assertions         FBWT           Various            assertions                                                                                       activities       testing step

                                                                              1c. Access to FBWT,      1. Not covered in this example.
                                                                                  critical forms,      Note: For agencies that disburse
                                                                                  records, and         funds on their own behalf
                                                                                  processing and       (NTDOs), and maintain cash
                                                                                  storage areas        and/or check stock on hand,
                                                                                  should be            auditors will need to document
                                                                                  permitted only in    and test the effectiveness of the
                                                                                  accordance with      control activities in place.
                                                                                  laws, regulations,
                                                                                  and management
                                                                                  policy.

Completeness    Complete-       Complete-       Account                                                1. Same as 1.1a.1, 1.1a.2, 1.1a.3.                                  FB-8
                ness            ness            completeness                  2a. FBWT balance         2. Agency staff reconciles the          N                           FB-9
                                                2.   FBWT balance                 should be               FBWT line item crosswalk
                                                     exists but is omitted        included in the         that includes all G/L FBWT
                                                     from the financial           financial               accounts to the Treasury
                                                     statements.                  statements.             Appropriation and Receipt
                                                                                                          Trial Balances.




April 2003                                                   GAO/PCIE Financial Audit Manual - Part II                                                                 Page 921 C-3
Substantive Testing
921 C – Example Specific Control Evaluation for Fund Balance with Treasury

Entity: Agency                                          SPECIFIC CONTROL EVALUATION                                           Preparer:                   .
Date of Financial Statements:
    September 30, 20xx                                         (Line Item/Account-Related)                                    Region:                         .
Accounting application: Fund
   Balance with Treasury                                           File:                                                      Date:              Page 4   of 7



                  Relevant assertions in line          Potential
 Accounting                 items                  misstatements in         Control objectives        Internal control activities         IS    Effectiveness       W/P ref. &
 application                                    accounting application                                                                  (Y/N)    of control          control
 assertions         FBWT           Various            assertions                                                                                  activities       testing step

Valuation or    Valuation       Valuation       Accuracy
allocation                                      3.   FBWT receipt and      3a. FBWT              1.   Same as 1.1a.1.                     N                           FB- 4
                                                     disbursement              transactions      2.   Same as 1.1a.2.                     N                          FB-5 &
                                                     transactions are          should be
                                                     recorded                  recorded          3.   Same as 1.1a.3.                                                 FB-6
                                                     incorrectly.              accurately.

Rights and      Rights          Rights          Ownership
obligations:                                    4.   Recorded FBWT is      4a. Agency should     1.   Agency staff reconciles             N                           FB-8
                                                     owned by others.          own recorded           Treasury appropriation
                                                                               FBWT.                  warrants, appropriation
                                                                                                      recissions, and
                                                                                                      nonexpenditure transfers to
                                                                                                      FBWT accounts.
                                                                                                 2.   Agency staff reconciles                                         FB-4,
                                                                                                      expenditure (cash receipts
                                                                                                      and disbursements) activity                                     FB-5,
                                                                                                      to the FBWT accounts.                                           FB-6




April 2003                                                  GAO/PCIE Financial Audit Manual - Part II                                                             Page 921 C-4
Substantive Testing
921 C – Example Specific Control Evaluation for Fund Balance with Treasury

Entity: Agency                                           SPECIFIC CONTROL EVALUATION                                              Preparer:                   .
Date of Financial Statements:
    September 30, 20xx                                           (Line Item/Account-Related)                                      Region:                         .
Accounting application: Fund
   Balance with Treasury                                              File:                                                       Date:              Page 5   of 7



                  Relevant assertions in line          Potential
 Accounting                 items                  misstatements in            Control objectives         Internal control activities         IS    Effectiveness       W/P ref. &
 application                                    accounting application                                                                      (Y/N)    of control          control
 assertions         FBWT           Various            assertions                                                                                      activities       testing step

                                                Rights
                                                5.   Agency does not          5a. Recorded FBWT      1.   Same as 4.4a.1.                     N                           FB-8
                                                     have certain rights          should be
                                                     to recorded FBWT             agencies' rights
                                                     because of                   at a given date.
                                                     appropriation
                                                     restrictions.




April 2003                                                   GAO/PCIE Financial Audit Manual - Part II                                                                Page 921 C-5
Substantive Testing
921 C – Example Specific Control Evaluation for Fund Balance with Treasury

Entity: Agency                                          SPECIFIC CONTROL EVALUATION                                              Preparer:                   .
Date of Financial Statements:
    September 30, 20xx                                          (Line Item/Account-Related)                                      Region:                         .
Accounting application: Fund
   Balance with Treasury                                             File:                                                       Date:              Page 6   of 7



                  Relevant assertions in line          Potential
 Accounting                 items                  misstatements in           Control objectives         Internal control activities         IS    Effectiveness       W/P ref. &
 application                                    accounting application                                                                     (Y/N)    of control          control
 assertions         FBWT           Various            assertions                                                                                     activities       testing step

Presentation     Disclosure     Disclosure      Account classification
and disclosure                                  6.   FBWT is not             6a. FBWT should be     1.   Agency staff reconciles             N                           FB-6
                                                     properly classified         properly                Treasury Undisbursed
                                                     and described in the        classified and          Appropriation Account and
                                                     financial                   described in the        Receipt Account trial
                                                     statements.                 financial               balances to the G/L
                                                                                 statements.             accounts.
                                                                                                    2.   The Chief Accountant                                            FB-9
                                                                                                         reviews the FBWT account
                                                                                                         analysis and crosswalk to
                                                                                                         the FS against the Treasury
                                                                                                         Financial Management
                                                                                                         Supplement–U.S.
                                                                                                         Government Standard
                                                                                                         General Ledger (section V).




April 2003                                                   GAO/PCIE Financial Audit Manual - Part II                                                               Page 921 C-6
Substantive Testing
921 C – Example Specific Control Evaluation for Fund Balance with Treasury

Entity: Agency                                            SPECIFIC CONTROL EVALUATION                                              Preparer:                   .
Date of Financial Statements:
    September 30, 20xx                                             (Line Item/Account-Related)                                     Region:                         .
Accounting application: Fund
   Balance with Treasury                                                File:                                                      Date:              Page 7   of 7



                   Relevant assertions in line           Potential
 Accounting                  items                   misstatements in            Control objectives        Internal control activities         IS    Effectiveness       W/P ref. &
 application                                      accounting application                                                                     (Y/N)    of control          control
 assertions          FBWT           Various             assertions                                                                                     activities       testing step

                  Presentation    Presentation    Consistency
                                                  7.   The financial state-     7a. FBWT should be      1. The CFO, Reports and                N                           FB-10
                                                       ments components             based on               Analysis Branch Chief, and
                                                       of FBWT are based            accounting             the Chief Accountant review
                                                       on accounting                principles that        the financial statements for
                                                       principles different         are applied            consistently applied
                                                       from those used in           consistently from      accounting principles.
                                                       prior periods.               period to period.

                  Disclosure      Disclosure      Disclosure
                                                  8.   Required                 8a. The financial       1. The CFO, Reports and                N                           FB-10
                                                       information is not           statements or          Analysis Branch Chief, and
                                                       disclosed in the             footnotes thereto      the Chief Accountant review
                                                       financial statements         should contain         the financial statements for
                                                       or in the footnotes          all information        consistently applied
                                                       thereto.                     required to be         accounting principles and
                                                                                    disclosed.             required disclosure.


Note 1: The internal control activities 1.1a.1 and 1.1b.1 generally rely on system outputs that are dependent on IS general controls, which may be ineffective at some
agencies. (Tests of controls over agencies' general ledger systems should be included as part of computer control tests.) The control activity 1.1a.2 validates receipt and
disbursement balances with Treasury records that are obtained from third parties (banks, Treasury regional finance centers, other agencies).




April 2003                                                     GAO/PCIE Financial Audit Manual - Part II                                                               Page 921 C-7
[This page intentionally left blank.]
Substantive Testing


921 D - EXAMPLE AUDIT PROCEDURES FOR FUND
        BALANCE WITH TREASURY

Entity _______________________________________________________________

Period of financial statements ____________________________________________

Job code _____________________________________________________________

           FBWT Example Audit Procedures:                     Done      W/P
                Description of Procedure                     by/date    ref
I. Planning Phase
FB-1
   A. To obtain an understanding of the agency's accounting
      and reporting requirements for Fund Balance with
      Treasury (FBWT) accounts, read the following
      documents:
      • Treasury Financial Manual, Volume I, part 2, chapter
         5100 - Reconciling Fund Balance with Treasury
         accounts, http://fms.treas.gov/fundbalance.
      • Current OMB bulletin, Form and Content of Agency
             Financial Statements.
       • Statements of Federal Financial Accounting
         Standards (SFFAS No. 1).
       • Agency accounting policies and procedures for the
         Fund Balance with Treasury Accounts.

    B. Read prior year documentation, financial statements,
       and related auditor's reports to determine if there were
       any audit issues/reportable conditions related to FBWT.




April 2003            GAO/PCIE Financial Audit Manual - Part II   Page 921 D-1
Substantive Testing
921 D – Example Audit Procedures for Fund Balance with Treasury

            FBWT Example Audit Procedures:                        Done     W/P
                  Description of Procedure                       by/date   ref
II. Internal Control Phase
FB-2
    A. To obtain an understanding of the agency's internal
       controls over FBWT accounts, perform the following:
       1. Interview key agency staff about the FBWT
          procedures and controls in place at the agency.
          a. Determine what method the agency uses to
              disburse funds (FMS regional finance centers,
              on its own behalf, and/or both methods).
          b. Obtain an understanding of the significant
              accounting systems and controls used in
              reporting and accounting for FBWT
              transactions.
          c. Identify FBWT line item general ledger accounts.
          d. Obtain an understanding of the agency's FBWT
              reconciliation procedures. Ask
              • if and how the agency tracks differences
                 between the agency's and Treasury FBWT
                 records;
              • what suspense accounts, if any, are used by
                 the agency to track unreconciled differences;
              • if the agency has a process/system for aging
                 unreconciled differences; and
              • how the agency reports and handles
                 differences.

    B. Walk through the FBWT reconciliation process and
       determine whether reconciliation controls have been
       placed in operation.




April 2003         GAO/PCIE Financial Audit Manual - Part II         Page 921 D-2
Substantive Testing
921 D – Example Audit Procedures for Fund Balance with Treasury

            FBWT Example Audit Procedures:                           Done     W/P
                 Description of Procedure                           by/date   ref
III.    Testing Phase
FB-3
    A. To determine whether the agency's reconciliation of the
       monthly SF 224, 1219/1220 or 1218/1221 Statement of
       Transactions/Accountability report submitted to
       Treasury, to the applicable general ledger (G/L)
       accounts is effective (existence):
       1. Obtain a list of the agency's Agency Location Codes
          (ALCs). Agency ALCs can be obtained through the
          GOALS. ALCs indicate the agency’s method of
          disbursement. Four digit ALCs indicate a non-
          Treasury disbursing agency. Eight digit ALCs
          indicate a Treasury disbursing agency.
       2. Obtain the monthly Statements of Transactions (SF
          224) or Statements of Accountability/Transactions
          (SF 1219/1220 or 1218/1221) for each ALC for the
          fiscal year, or for the period being audited if testing
          at an interim date.
       3. Select the individual Statements of Transactions (SF
          224) or Statements of Accountability/Transactions
          (SF 1219/1220 or 1218/1221) to be tested (use
          separate forms to document the sampling plan).
          Indicate selection method.
          • Dollar unit sampling (DUS),
          • Classical Variables Estimation Sampling, or
          • Other (describe)
              ___________________________

             For each statement selected:
             a. Compare the ALC on the SF 224 or SF 1219/1220
                or 1218/1221 to the agency's list of ALCs.
             b. Trace monthly collection and disbursement
                amounts reported on the SF 224, SF 1219/1220 or
                SF 1218/1221 to amounts recorded in the
                agency's official accounting records (G/L).
             c. Trace any prior period adjustment amounts
                reported on the SF 224, SF 1219/1220 or SF
                1218/1221 to supporting documentation and the
                agency's G/L.
             d. Examine supporting documentation for any
                differences.


April 2003            GAO/PCIE Financial Audit Manual - Part II         Page 921 D-3
Substantive Testing
921 D – Example Audit Procedures for Fund Balance with Treasury

           FBWT Example Audit Procedures:                        Done     W/P
                Description of Procedure                        by/date   ref
    B. Summarize the results of testing.

    C. Determine whether the results of testing indicate that
       combined risk should be assessed differently and
       whether the audit procedures should be revised.

FB-4
  A. To determine whether the agency is properly
     reconciling collection and disbursement differences
     identified by Treasury (existence and completeness):
     1. Obtain the following Treasury reports for each ALC
        for each month of the fiscal year, or for the period
        being audited if testing at an interim date.
        • Final month-end Statements of Differences (FMS
             6652). Note: To obtain the population of
             Statements of Differences, obtain the initial
             month-end Statements of Differences issued by
             Treasury. Treasury issues month-end
             Statements of Differences for each accounting
             month (when differences are identified) and
             continues to send statements for that month
             until the difference is cleared. To obtain the
             initial differences reports for the period being
             audited, obtain the reports that show the same
             accounting date and audit date on the statement,
             indicating that this is the initial statement of
             differences issued for that month.
        • Advice of Check Issued Discrepancy reports
             (FMS 5206). (Note: This step applies only for
             agencies that disburse their own funds – Non-
             Treasury Disbursing Offices (NTDO) agencies.)
        • Treasury letters notifying the agency of
             outstanding differences between amounts
             reported on the SF 1219/1220 or SF 1218/1221
             and its check issued summary reports. (Note:
             This step applies only for NTDO agencies.)




April 2003          GAO/PCIE Financial Audit Manual - Part II       Page 921 D-4
Substantive Testing
921 D – Example Audit Procedures for Fund Balance with Treasury

               FBWT Example Audit Procedures:                         Done     W/P
                     Description of Procedure                        by/date   ref
             Select the individual statements/letters to be tested
             (use separate forms to document the sampling
             plan). Indicate selection method:
             • Dollar unit sampling (DUS),
             • Classical variables estimation sampling, or
             • Other (describe).
                _____________________________
             For each statement/letter selected:
             a. Compare the ALC number on the
                statement/report to the agency's list of ALCs.
             b. Examine the agency's reconciliation
                files/documentation supporting the
                reconciliation of the difference, and determine if
                differences were adequately researched and
                resolved.
             c. Trace resulting adjustments, if any, to
                subsequent month Treasury reporting (SF 224,
                1219/1220, or 1218/1221) and/or the agency
                general ledger accounts to determine if
                adjustments were properly recorded. (Note:
                reconciling items do not always result in
                adjustments to the G/L and/or Treasury records.
                The resulting adjustment, if any, depends on the
                cause of the difference. For example, an
                adjustment to the agency's G/L is not necessary
                when a bank error caused the difference. The
                bank is responsible for reporting the adjustment
                to Treasury.)

    B. Summarize the results of testing and conclude on the
       effectiveness of the agency's reconciliation controls.

    C. Determine if the results of testing indicate that
       combined risk should be assessed differently and if the
       audit procedures should be revised.




April 2003            GAO/PCIE Financial Audit Manual - Part II          Page 921 D-5
Substantive Testing
921 D – Example Audit Procedures for Fund Balance with Treasury

             FBWT Example Audit Procedures:                       Done     W/P
                Description of Procedure                         by/date   ref
FB-5
  A. To determine if the agency's monthly reconciliation of
     its G/L to Treasury records is effective (existence and
     completeness):
     1. For the months that correspond to the Statements
         of Differences selected above, obtain the
         Undisbursed Appropriation Account ledgers (FMS
         6653) and Receipt Account ledgers (FMS 6655) sent
         by Treasury and the agency's reconciliation.
         • Trace the FMS 6653/6655 balance per the agency
             reconciliation to the FMS 6653/6655 reports sent
             by Treasury.
         • Trace the G/L account balances per the
             reconciliation to the appropriate G/L accounts.
         • Trace account activity per the FMS 6653/6655 to
             the agency G/L. (Note: Typical activity, other
             than agency disbursements and receipts, may
             include supplemental appropriations, non-
             expenditure transfers, and entries reported by
             other agencies.)
         • Examine supporting documentation for
             reconciling items.
         • Determine if the appropriate adjustments were
             made to the general ledger or that Treasury had
             been notified of needed corrections.

    B. Summarize the results of testing and conclude on the
       effectiveness of the agency's reconciliation controls.

    C. Determine if the results of testing indicate that
       combined risk should be assessed differently and if the
       audit procedures should be revised.




April 2003          GAO/PCIE Financial Audit Manual - Part II        Page 921 D-6
Substantive Testing
921 D – Example Audit Procedures for Fund Balance with Treasury

             FBWT Example Audit Procedures:                      Done     W/P
                Description of Procedure                        by/date   ref
FB-6
  A. To determine whether the agency's year-end
     (September) reconciliation of FBWT accounts is
     effective (existence and completeness):
     1. Obtain the Agency's year-end (September) FBWT
         reconciliation and Treasury's September
         Undistributed Appropriation Account Ledger (FMS
         6653) and Receipt Account Ledger (FMS 6655).
         • Trace appropriation, fund, and receipt account
            balances reported on the Treasury account
            ledgers to the agency's reconciliation.
         • Trace the appropriation, fund, and receipt
            account balances reported on the Treasury
            account ledgers to the agency general ledger.
         • Examine supporting documentation for
            reconciling items.
         • Determine if appropriate adjustments were made
            to the G/L and/or reported to Treasury.

       2. Obtain the year-end (September) Statements of
          Differences reports issued by Treasury (FMS 6652,
          and/or FMS 5206 and Treasury notification letters).
          • Trace reported differences to the agency's
              reconciliation to determine if all differences
              were included in the FBWT reconciliation.
          • Examine supporting documentation and
              determine if differences were adequately
              resolved.
          • Trace resulting adjustments to supplemental
              Statements of Transactions/Accountability or
              subsequent month Treasury reporting (SF 224,
              1219/1220, or 1218/1221) and/or the agency
              general ledger.

       3. Summarize the results of testing.




April 2003          GAO/PCIE Financial Audit Manual - Part II       Page 921 D-7
Substantive Testing
921 D – Example Audit Procedures for Fund Balance with Treasury

             FBWT Example Audit Procedures:                      Done     W/P
                Description of Procedure                        by/date   ref
FB-7
  A. To determine the extent of unreconciled differences at
     year-end and the potential impact on the agency FBWT
     account balance:
     1. Determine if unresolved differences reported by
        Treasury on Statements of Differences as of
        September 30 for the fiscal year being audited were
        subsequently resolved and properly accounted for.
        • Obtain the Statements of Differences for the
            months subsequent to year-end (October
            through end of fieldwork).
        • Identify unreconciled differences outstanding at
            9/30 that were subsequently resolved.
        • Determine if the differences were adequately
            researched and resolved.
        • Determine if the appropriate adjustments were
            made to the agency FBWT accounts or that
            Treasury had been notified of needed
            corrections.

       2. Determine the extent of unreconciled differences
          included in suspense accounts that are not included
          on Statements of Differences.
          • Obtain suspense account transaction detail
              report as of 9/30 for the year being audited.
          • Obtain suspense account transaction detail
              report for months subsequent to year-end
              (October through end of fieldwork).
          • Identify unreconciled differences outstanding at
              9/30 that were subsequently resolved.
          • Determine if the differences were adequately
              researched and resolved.
          • Determine if the appropriate adjustments were
              made to the agency FBWT accounts or that
              Treasury had been notified of needed
              corrections.

       3. Assess the materiality of all unreconciled
          differences outstanding (at absolute value).




April 2003          GAO/PCIE Financial Audit Manual - Part II       Page 921 D-8
Substantive Testing
921 D – Example Audit Procedures for Fund Balance with Treasury

            FBWT Example Audit Procedures:                        Done     W/P
               Description of Procedure                          by/date   ref
       4. Summarize test results.

       5. Document the potential effect of material
          unreconciled differences on the FBWT line item and
          other financial statement accounts.

FB-8
  A. To determine if the agency recorded warrants,
     appropriation transfers, and rescissions properly,
     perform the following (rights and obligations):
     1. For first year appropriations, obtain copies of the
        appropriation legislation and U.S. Treasury
        Appropriation Warrants (FMS 6200) for the fiscal
        year.
        • Compare the warrants to the appropriation
            legislation.
        • Trace amounts reported on the appropriation
            warrants to beginning appropriation balances
            recorded in the general ledger FBWT accounts.
        • Examine supporting documentation for any
            differences/reconciling items.

       2. For other than first year appropriations, trace the
          beginning balances recorded in the general ledger to
          audited ending balances of the prior fiscal year
          financial statements. (Note: If this is a first year
          audit, additional work may be necessary to
          substantiate the beginning FBWT account balance.
          For example, the auditor may need to consider if
          the reconciliation process has been effective over
          the life of the appropriations. This may require
          review of prior year reconciliations.)




April 2003         GAO/PCIE Financial Audit Manual - Part II         Page 921 D-9
Substantive Testing
921 D – Example Audit Procedures for Fund Balance with Treasury

             FBWT Example Audit Procedures:                       Done     W/P
                  Description of Procedure                       by/date   ref
       3. For appropriation activity occurring during the
          fiscal year being audited (supplemental
          appropriations, rescissions, and nonexpenditure
          transfers), obtain copies of related legislation for
          supplemental appropriation and rescission warrants
          and U.S. Treasury Non-Expenditure Transfer
          Authorizations form (FMS 1151) for the fiscal year.
          • Compare supplemental appropriations and
              rescissions recorded in the agencies' FBWT
              account to appropriation legislation and to U.S.
              Treasury warrants.
          • Compare non-expenditure transfer amounts
              recorded in the agencies' FBWT account to
              approved Non-Expenditure Transfer
              Authorizations form (FMS 1151).

       4. Examine supporting documentation for any
          differences/reconciling items.

FB-9
  A. To determine the existence and completeness of the
     appropriation, fund, and receipt accounts included in
     the FBWT financial statement balance (existence,
     completeness, presentation and disclosure):
     1. Obtain the agency "crosswalk" of G/L accounts
        included in the FBWT line item and the September
        Treasury Undisbursed Appropriation Account Trial
        Balance and Receipt Account Trial Balance.
        • Trace account balances listed on the Treasury
            trial balances to the agency crosswalk of G/L
            accounts included in the FBWT line item.
        • Determine the status of accounts (i.e., open,
            expired, canceled) and assess whether the
            account is appropriately included in the FBWT
            line item.
        • Obtain an explanation and determine the
            appropriateness of accounts omitted from or
            included in the crosswalk that were not included
            in the Treasury trial balance.




April 2003         GAO/PCIE Financial Audit Manual - Part II        Page 921 D-10
Substantive Testing
921 D – Example Audit Procedures for Fund Balance with Treasury

            FBWT Example Audit Procedures:                   Done         W/P
                  Description of Procedure                  by/date       ref
IV. Reporting Phase
FB-10
    A. To determine if the FBWT balance appears reasonable
       (analytical procedure):
       1. Compare the G/L accounts that constitute the FBWT
          with expectations and obtain explanation for any
          unexpected changes (e.g., credit balances, new
          accounts, closed accounts) or the absence of
          expected changes.
       2. Determine if additional testing is necessary.

    B. To assess whether the presentation of the financial
       statements and footnote disclosures for the FBWT line
       item are in accordance with U.S. generally accepted
       accounting principles (SFFAS No. 1) (presentation and
       disclosure) (see GAO/PCIE FAM, Part II, section 1004-
       Financial Reporting: Checklist for Reports Prepared
       under the CFO Act):
       1. Determine if the agency has presented and disclosed
           FBWT in the notes to the financial statements in
           accordance with U.S. generally accepted accounting
           principles.
       2. Determine if material unreconciled differences are
           disclosed and explained in the notes to the financial
           statements.
       3. Determine if material unreconciled differences that
           were written off by the agency during the fiscal year
           being audited are disclosed in the notes to the
           financial statements.
       4. Determine if material restrictions, if any, have been
           properly disclosed.

FB-11
  A. Prepare proposed audit adjustments, if any.

    B. Conclude if the FBWT line item is fairly stated and if
       the controls over FBWT are effective.




April 2003          GAO/PCIE Financial Audit Manual - Part II      Page 921 D-11
[This page intentionally left blank.]
      Reporting


      1002 – INQUIRIES OF LEGAL COUNSEL

.01   This section provides guidance on procedures for the auditor to perform to
      obtain evidence that the financial accounting and reporting of contingencies1
      regarding litigation, claims, and assessments conform with U.S. generally
      accepted accounting principles (GAAP), as described in FAM sections 280 and
      550. This section discusses the accounting and reporting guidance and audit
      procedures for inquiries of legal counsel concerning litigation, claims, and
      assessments, and includes examples of a legal representation letter request, a
      legal representation letter response, including the Department of Justice's
      standard forms for legal contingencies, and management's schedule for
      summarizing the information contained in the legal response.

      ACCOUNTING AND REPORTING GUIDANCE

.02   Entity management is responsible for implementing policies and procedures to
      identify, evaluate, account for, and disclose litigation, claims, and assessments as
      a basis for the preparation of financial statements in conformity with GAAP.

.03   Statement of Federal Financial Accounting Standards (SFFAS) No. 5, Accounting
      for Liabilities of the Federal Government, as amended by SFFAS No. 12,
      Recognition of Contingent Liabilities Arising from Litigation: An Amendment of
      SFFAS No. 5, Accounting for Liabilities of the Federal Government, contains
      accounting and reporting standards for loss contingencies, including those
      arising from litigation, claims, and assessments.2 The Federal Accounting
      Standards Advisory Board (FASAB) Interpretation No. 2, Accounting for
      Treasury Judgment Fund Transactions, clarifies GAAP related to claims to be




  1
      Environmental and disposal liabilities are a type of contingency that is often a
      significant issue.
  2
      SFFAS No. 7 has guidance for reporting claims for tax refunds. Rather than
      recognizing probable claims and disclosing other claims in the notes to the
      financial statements, SFFAS No. 7 indicates that other claims for refunds that are
      probable should be included as supplementary information.

      April 2003          GAO/PCIE Financial Audit Manual - Part II          Page 1002-1
      Reporting
      1002 - Inquiries of Legal Counsel
                                                  3
      paid through the Treasury Judgment Fund. Statement of Financial Accounting
      Standards No. 5, Accounting for Contingencies, also provides guidance for
      financial accounting and reporting for loss and gain contingencies for those
      entities following GAAP for nongovernmental entities. The definition of probable
      for legal contingencies is now essentially the same in Statement of Financial
      Accounting Standard No. 5 and SFFAS No. 5, since SFFAS No. 12 has amended
      the latter.

.04   A contingency is an existing condition, situation, or set of circumstances
      involving uncertainty as to possible gain or loss to an entity. The uncertainty will
      ultimately be resolved when one or more future events occur or fail to occur.
      When a loss contingency exists, the likelihood that the future event or events will
      confirm the loss or impairment of an asset or the incurrence of a liability can
      range from probable to remote. SFFAS Nos. 5 and 12 use the terms probable,
      reasonably possible, and remote to identify three areas within the range of
      potential loss, as follows:

      •   Probable—For pending or threatened litigation and unasserted claims, the
          future confirming event or events are likely to occur. (For other
          contingencies, the future event or events are more likely than not to occur.)

      •   Reasonably possible—The chance of the future event or events occurring is
          more than remote but less than probable.

      •   Remote—The chance of the future event or events occurring is slight.




  3
      A permanent, indefinite appropriation, commonly known as the Judgment Fund,
      is available to pay final judgments, settlement agreements, and certain types of
      administrative awards against the United States when payment is not otherwise
      provided for. The Secretary of the Treasury certifies all payments from the fund.
       (See 31 U.S.C. 1304, Judgments, awards, and compromise settlements.) FASAB
      Interpretation No. 2 clarifies how federal entities should report the costs and
      liabilities arising from claims to be paid by the Judgment Fund and how the
      Judgment Fund should account for the amounts that it is required to pay on
      behalf of federal entities.

      April 2003          GAO/PCIE Financial Audit Manual - Part II         Page 1002-2
      Reporting
      1002 - Inquiries of Legal Counsel

.05   A liability and the related cost for an estimated loss from a loss contingency
                                                                      4
      should be recognized (accrued by a charge to income) when

      a. a past event or exchange transaction has occurred,

      b. a future outflow or other sacrifice of resources is probable, and

      c. the future outflow or sacrifice of resources is measurable.

.06   Disclosure of the nature of an accrued liability for loss contingencies, including
      the amount accrued, may be necessary for the financial statements not to be
      misleading. For example, if the amount recognized is large or unusual,
      disclosure should be considered. However, if no accrual is made for a loss
      contingency because one or more of the conditions in paragraph 1002.05 are not
      met, disclosure of the contingency should be made when there is at least a
      reasonable possibility that a loss has been incurred. The disclosure should
      include the nature of the contingency, and an estimate of the possible liability or
      range of possible liability, if estimable, or a statement that such an estimate
      cannot be made. In addition, if the Judgment Fund might be involved in the
      payment of the possible loss, the federal entity involved in the litigation should
      discuss the Judgment Fund's role in a note to the financial statements.

.07   Although management often relies on advice of legal counsel about the
      (a) likelihood of an unfavorable outcome and (b) estimates of the amount or
      range of potential loss for litigation, claims, and assessments, management is
      ultimately responsible for determining whether these contingencies are probable,
      reasonably possible, or remote. Management does this to decide whether they
      should be recognized as liabilities and/or disclosed in the notes to the financial
      statements. Thus, the Office of Management and Budget's (OMB) audit guidance
      requires CFO Act agency management to prepare a schedule summarizing legal
      contingencies including whether they are probable, reasonably possible, or
      remote, and whether (and in what amounts) they have been accrued or disclosed
      in the financial statements (see example summary schedule in FAM section
      1002 D).


  4
      If the Judgment Fund will pay the claim, the entity should still recognize the
      liability and cost at this time. Once the claim is settled or a court judgment is
      assessed and the Judgment Fund is determined to be the appropriate source for
      payment, the entity should reduce the liability by recognizing an (imputed)
      financing source. Note that for Judgment Fund payments made under the
      Contract Disputes Act and in employment discrimination cases, the entity should
      instead establish a payable to reimburse the Judgment Fund.

      April 2003         GAO/PCIE Financial Audit Manual - Part II           Page 1002-3
      Reporting
      1002 - Inquiries of Legal Counsel

      AUDIT PROCEDURES

.08   The auditor should design procedures to test the entity's accounting for and
      disclosure of litigation, claims, and assessments. AU 337 (SAS 12) provides
      guidance on the procedures to identify litigation, claims, and assessments so that
      the auditor may obtain evidence that they are appropriately accounted for and
      disclosed. AU 9337 provides auditing interpretations of AU 337. OMB guidance
      for audits of federal financial statements also contains procedures for inquiries of
      legal counsel. (See FAM section 1002 A for example audit procedures.)

.09   The auditor should obtain evidence relevant to the following factors with respect
      to litigation, claims, and assessments:

      a. The existence of a condition, situation, or set of circumstances indicating
         uncertainty as to the possible loss to an entity arising from litigation, claims,
         and assessments.

      b. The period in which the underlying causes for legal action occurred.

      c. The likelihood of an unfavorable outcome (probable, reasonably possible, or
         remote).

      d. The amount or range of potential loss, if estimable.

.10   The auditor should discuss with management the events or conditions that should
      be considered in the accounting for and reporting of litigation, claims, and
      assessments. The auditor should perform audit procedures to corroborate the
      information provided by management, including requesting that management
      send a legal letter request to the entity's legal counsel. An example audit
      program is in FAM section 1002 A. The audit procedures should be modified, as
      appropriate, for the particular entity.

.11   A letter from legal counsel to the auditor, in response to a legal letter request
      from management to legal counsel, is the auditor's primary means of
      corroborating the information furnished by management concerning the
      accuracy and completeness of litigation, claims, and assessments. The legal
      letter request may include a list of pending or threatened litigation, claims, and
      assessments or a request by management that legal counsel prepare the list. The
      legal letter request also may include a list of unasserted claims and assessments
      considered probable of assertion, and that, if asserted, would have at least a
      reasonable possibility of an unfavorable outcome, to which legal counsel has
      devoted substantive attention on the entity's behalf in the form of legal
      consultation or representation (or a statement that management is not aware of


      April 2003          GAO/PCIE Financial Audit Manual - Part II           Page 1002-4
      Reporting
      1002 - Inquiries of Legal Counsel

      any matters meeting the criteria). Legal counsel then would supplement
      management's information about those unasserted claims and assessments,
      including an explanation of matters where his or her views differ from those
      expressed by management in the legal letter request. In the federal government,
      where the general counsel may be part of management, the general counsel may
      instead provide the list of unasserted claims or assessments meeting the above
      criteria. The legal letter request should also include a request for legal counsel to
      make a statement that he or she will advise management about unasserted claims
      and assessments that should be considered for disclosure. (See the example
      request and response in FAM sections 1002 B and 1002 C.)

      Timing of Legal Letter Request and Responses

.12   The audit procedures for inquiries of legal counsel concerning litigation, claims,
      and assessments should be performed on a timely basis to give priority to the
      resolution of potential problem areas and to complete other procedures. To
      meet deadlines, the auditor, entity management, and legal counsel should
      coordinate the timing of legal letter requests, responses (including interim
      responses), and related management schedules. The auditor and the entity
      management should consider the due dates for providing legal letter responses
      for the entity financial statements as well as for the U. S. Government's
      Consolidated Financial Statements. (OMB sometimes provides these dates for
      the governmentwide audit.) The due dates should enable the auditors to timely
      complete their work, including the potential need for management to inquire of
      Department of Justice legal counsels on a case-specific basis.

.13   In addition, when an entitywide audit team uses the work of entity component
      audit teams, the entitywide and component audit teams should coordinate the
      timing of legal letter requests, responses, and management schedules and
      consider the due dates for the component financial statements as well as the
      entitywide financial statements. The entitywide team generally should receive
      copies of the component letters.

.14   The legal counsel's response should include matters that existed at the balance
      sheet date and through the end of fieldwork. The effective date (the latest date
      covered by the legal counsel's review) should be as close as feasible to the
      completion of fieldwork. If the effective date is substantially in advance of the
      end of fieldwork (for example, earlier than 2 weeks before end of fieldwork), the
      auditor should contact the legal counsel for an updated response. To avoid this
      situation, the legal letter request should clearly specify the period the legal
      counsel's response should cover and the date the auditor should receive the
      response.



      April 2003          GAO/PCIE Financial Audit Manual - Part II          Page 1002-5
      Reporting
      1002 - Inquiries of Legal Counsel

.15   To assist the auditor in completing the review of legal matters in a timely manner
      (and to assist management in preparing the financial statements), the auditor
      may ask management to request legal counsel to submit a preliminary or interim
      response covering matters that existed at the balance sheet date and through a
      point in time reasonably before the end of fieldwork so that a preliminary
      evaluation of the significance of material legal matters can be made. Then, the
      legal counsel should submit a final or updated response covering matters through
      the end of fieldwork. The updated response generally should contain only
      changes or a statement indicating there are no changes from the interim
      response. (See FAM section 1002 B for an example legal letter request that
      includes requests for interim and updated responses from legal counsel.)

      Determining a Materiality Level

.16   The auditor may limit the inquiry to matters that are considered individually or
      collectively material to the financial statements, provided the entity and the
      auditor have reached an understanding and agreement on the materiality level.
      The materiality level, if used, should be documented in the legal letter request
      and in the response.

.17   In determining a materiality level for the legal letter, the auditor should set the
      level sufficiently low that the cases not included in the legal letter would not be
      material to the financial statements taken as a whole when aggregated with
      (1) other cases not included in the letter, (2) all other types of contingencies,
      (3) all other items that would not be adjusted because they are judged immaterial
      (unadjusted misstatements), (4) all other amounts in the financial statements that
      would not be tested directly because they were judged to be immaterial, and
      (5) all other items resolved on the basis of materiality considerations. For
      example, 2.5 percent of design materiality is used for individual cases in the U.S
      Government's Consolidated Financial Statements and 5 percent of design
      materiality is used for the aggregate of all cases.

.18   In aggregating cases, the auditor and the entity may use two levels of aggregation.
      First, similar cases (such as employment discrimination cases, harbor
      maintenance fee cases, spent nuclear fuel cases, or military promotion board
      challenges) should be aggregated and treated as a group and compared with the
      individual materiality level. The aggregation generally should include a list of the
      individual cases that are aggregated and a discussion of the items of information
      requested to be included in the legal letter for the aggregated cases (see FAM
      sections 1002 B and 1002 C). Second, all cases not included in the legal letter
      individually or as part of a group of similar cases should be aggregated. A higher
      materiality level may be used for such an aggregation; however, this higher
      materiality level should be set sufficiently low that the cases not included in the


      April 2003         GAO/PCIE Financial Audit Manual - Part II          Page 1002-6
      Reporting
      1002 - Inquiries of Legal Counsel

      legal letter would not be material to the financial statements taken as a whole
      when aggregated with the other items listed in the previous paragraph.

.19   Where the entity engages more than one legal counsel, the auditor should
      exercise caution so that matters considered not material individually would not,
      when aggregated, exceed the materiality limit. In addition, when separate legal
      representation letters are issued on individual components/bureaus of a
      consolidated entity because of individual component audits, the auditor may
      determine materiality levels for each component/bureau.

      Legal Counsels from Whom Information Should Be Requested

.20   Most federal agencies have a general counsel who has primary responsibility for
      and knowledge about the entity's litigation, claims, and assessments. The auditor
      should request entity management to send a legal letter request to the general
      counsel. In addition, the auditor should ask the management and/or general
      counsel whether the entity used outside legal counsel whose engagement may be
      limited to particular matters (e.g., specific litigation).

.21   In the federal government, the main legal counsel outside of the entity is the
                              5
      Department of Justice. The entity's management, its legal counsel, or the auditor
      may consult with Justice as well as other outside legal counsel to assure
      completeness and accuracy of the presentation of matters related to litigation,
      claims, and assessments. Such consultation may include requesting a list of
      pending litigation, claims, and assessments from Justice or other outside legal
      counsel, or discussion of specific cases.

.22   The legal response should cover all litigation, claims, and assessments pertaining
      to the federal reporting entity, including matters handled by Justice and other
      outside legal counsel on behalf of the entity. If the general counsel has overall
      responsibility for handling and evaluating litigation, claims, and assessments, his
      or her evaluation and responses ordinarily would be considered adequate.

  5
      The Accounting and Auditing Policy Committee (AAPC) guidance (Technical
      Release No. 1) clarifies FASAB Interpretation No. 2, with respect to the
      Department of Justice's role related to legal letters in cases in which Justice's
      legal counsels are handling legal matters on behalf of other federal reporting
      entities. The letter from the entity's general counsel may provide sufficient
      evidence for the auditor. If the auditor determines that additional evidence is
      needed about a specific case, the auditor may request entity management and
      legal counsel to send a legal letter request to Justice, directed to the lead Justice
      legal counsel handling the case, asking that person to provide a description and
      evaluation directly to the auditor.

      April 2003          GAO/PCIE Financial Audit Manual - Part II           Page 1002-7
      Reporting
      1002 - Inquiries of Legal Counsel

      However, evidential matter obtained from inside legal counsel is not a substitute
      for information that outside legal counsel refuses to furnish to the auditor.

.23   Where there is no general counsel and management has not consulted legal
      counsel, the auditor should obtain a written representation from management
      that legal counsel has not been consulted. Such representation may be
      incorporated as an item in the management representation letter. (See FAM
      sections 550 and 1001.) (An example item is: "We are not aware of any pending
      or threatened litigation, claims, or assessments or unasserted claims or
      assessments that are required to be accrued or disclosed in the financial
      statements in accordance with SFFAS No. 5. We have not consulted legal
      counsel concerning litigation, claims, or assessments.")

      Evaluation of Responses

.24   Written responses from legal counsel will vary considerably in the scope of
      information provided and in the opinion expressed. In preparing the responses,
      legal counsels should consider the guidance contained in the American Bar
      Association's Statement of Policy Regarding Lawyers' Responses to Auditors'
      Requests for Information (ABA Policy Statement) (included in its entirety in AU
      337 C). If legal counsel does not follow the ABA Policy Statement in responding
      to the auditor, the legal counsel's response nevertheless should meet the
      requirements of AU 337.

.25   The response should cover all components included in the financial statements
      being audited. Legal counsel generally should indicate the disposition of cases
      included in the prior year's letter that are no longer contingencies.

.26   The auditor should evaluate each response in terms of sufficiency as evidence
      and consider (a) the possible limitations on the scope of legal counsel's
      responses and (b) the lack of sufficient opinion on the resolution of a case. AU
      9337 provides guidance in evaluating legal counsel's responses. The auditor also
      should consider the legal counsel's response in light of any other information that
      comes to the auditor's attention.

      Possible Limitations on the Scope of Legal Counsel's Responses

.27   When legal counsel limits his/her responses, the auditor should determine
      whether the limitation affects the auditor's report. A legal counsel may
      appropriately limit responses to certain matters; for example, to matters that
      (a) the legal counsel has given substantive attention to in the form of legal
      consultation or representation and (b) are considered individually or collectively
      material to the financial statements, provided the entity and the auditor have


      April 2003         GAO/PCIE Financial Audit Manual - Part II         Page 1002-8
      Reporting
      1002 - Inquiries of Legal Counsel

      reached an understanding on materiality levels. These limitations are acceptable
      and not limitations on the scope of the audit.

.28   The following are examples of limitations on legal counsel's responses that are
      not acceptable to the auditor and that would ordinarily result in a scope
      limitation:

      a. Legal counsel refuses to furnish the requested information. When legal
         counsel refuses to furnish the information requested in the legal letter request,
         the auditor should consider this matter as a scope limitation sufficient to
         preclude an unqualified opinion.

      b. Legal counsel excludes matters requested. The legal counsel's responses may
         not address all information requested. The auditor should compare legal
         counsel's response with the legal letter request and determine whether legal
         counsel has addressed all the information requested. If legal counsel excluded
         any of the requested matters, the auditor should obtain responses for those
         matters from legal counsel. If the auditor is unable to obtain all the
         information needed, the auditor should consider this a scope limitation that
         could be sufficient to preclude an unqualified opinion.

      c. Legal counsel indicates that certain information is being withheld due to
         attorney-client privilege. Under the American Bar Association (ABA) Code of
         Professional Responsibility, legal counsel is required to preserve the
         confidences and secrets of the client. Legal counsel may disclose confidences
         to the auditor only with the consent of the client. If the legal letter request is
         prepared in accordance with AU 337, the auditor should expect that legal
         counsel would be responsive; otherwise the scope of the audit would be
         restricted. (On the other hand, explanatory language in the legal letter request
         or in legal counsel's response emphasizing that management or legal counsel
         does not intend to waive attorney-client privilege or attorney work-product
         privilege does not result in a scope limitation.)

      Lack of Sufficient Opinion on the Resolution of a Case

.29   The following are examples of the legal counsel's responses that lack sufficient
      opinion on the resolution of a case.

      a. Uncertainties. A legal counsel may be unable to respond concerning the
         likelihood of an unfavorable outcome of litigation, claims, and assessments or
         the amount or range of potential loss, because of inherent uncertainties. In
         these circumstances, the auditor ordinarily will conclude that the financial
         statements are affected by an uncertainty concerning the outcome of a future


      April 2003          GAO/PCIE Financial Audit Manual - Part II          Page 1002-9
      Reporting
      1002 - Inquiries of Legal Counsel

         event, which is not susceptible to reasonable estimation. The auditor should
         follow the guidance in FAM section 580 for reporting on uncertainties.

      b. Unclear responses. Legal counsels sometimes use general terms to indicate
         their evaluation of the outcome of a case. The ABA Policy Statement states
         that legal counsel may, in the appropriate circumstances, communicate to the
         auditor his/her view that an unfavorable outcome is "probable" or "remote."
         The legal letter responses may include phrases that mean remote or probable.
         The phrases below are examples of opinions that provide sufficient clarity that
         the likelihood of an unfavorable outcome is remote:

         •   "We are of the opinion that this action will not result in any liability to the
             entity."
         •   "We believe that the plaintiff's case against the entity is without merit."

         The following are examples of opinions that indicate significant uncertainty as
         to whether the entity will prevail:

         •   "In our opinion, the entity has a substantial chance of prevailing in this
             action." (A "substantial chance," a "reasonable opportunity," and similar
             terms indicate more uncertainty than an opinion that the entity will
             prevail.)
         •   "It is our opinion that the entity will be able to assert meritorious defenses
             to this action." (The term "meritorious defenses" indicates that the court
             will not summarily dismiss the entity's defenses; it does not indicate legal
             counsel's opinion that the entity will prevail.)

.30   To avoid unclear and incomplete responses, the auditor generally should ask
      management to request legal counsel to use Justice's standard forms to describe
      legal contingencies (see pages 1002 C-4 to 6 for examples of these forms). When
      legal counsel does not indicate whether the unfavorable outcome is probable or
      remote, management and the auditor should conclude that the outcome is
      reasonably possible and the case should be considered for disclosure.
      (Management, with legal counsel's advice, determines whether cases are
      probable, reasonably possible, or remote, to decide whether they should be
      recognized as liabilities and/or disclosed in the notes to the financial statements.)

.31   If the auditor is not certain about the legal counsel's evaluation, the auditor
      should discuss the matters with the legal counsel and entity management (and
      document the oral discussion) and/or obtain written clarification in a follow-up
      letter. Sometimes legal counsel may give a clearer indication of likelihood orally.
      If legal counsel is unable to give a clear evaluation of the likelihood of an



      April 2003          GAO/PCIE Financial Audit Manual - Part II           Page 1002-10
      Reporting
      1002 - Inquiries of Legal Counsel

      unfavorable outcome, management should disclose the uncertainty and the
      auditor should consider the uncertainty's effect on the audit report.

      Example Legal Letter Request

.32   The legal letter request, which the auditor may assist management to draft,
      should be on the audited entity's letterhead, signed by the Chief Financial Officer
      (CFO), or equivalent, and request a reply directly to the auditor and a copy to
      management by specified due dates. FAM section 1002 B shows an example legal
      letter request that includes requests for interim and updated responses from legal
      counsel and matters that should be covered in the letter.

      Example Legal Counsel's Responses and Management's Schedule

.33   The General Counsel should respond on General Counsel letterhead to the
      auditor with a copy to management by the agreed-upon due dates. The response
      should indicate that it is provided for the auditor's use in connection with the
      audit.

.34   FAM section 1002 C shows an example of a legal counsel response, including the
      legal representation letter and Justice's legal contingency standard forms for
      each case or group of cases, respectively. Justice's forms (pages 1002 C-4 to 6)
      are on Justice's website: http://www.usdoj.gov/civil/forms/forms.htm.

.35   FAM section 1002 D shows an example of management's schedule that
      documents how the information contained in the legal counsel's responses was
      considered in preparing the financial statements. Management should include
      each case discussed in the legal letter and indicate (1) the amount accrued for
      probable cases and (2) note disclosure for reasonably possible cases, probable
      cases where the amount cannot be estimated, and probable cases where a range
      of amounts above the accrued amount is estimated. The electronic templates for
      FAM sections 1002 C (pages 1002 C-1 to 3) and 1002 D are on OMB's website:
      http://www.whitehouse.gov/omb/bulletins/index.html.

      PRACTICE AIDS

.36   The following practice aids are appended:
      Section 1002 A – Example Audit Procedures;
      Section 1002 B – Example Legal Letter Request;
      Section 1002 C – Example Legal Representation Letter, including Justice's
                       Example Legal Contingencies Forms; and
      Section 1002 D – Example Management Summary Schedule.



      April 2003         GAO/PCIE Financial Audit Manual - Part II        Page 1002-11
[This page intentionally left blank.]
Reporting


1002 A – EXAMPLE AUDIT PROCEDURES FOR
         INQUIRIES OF LEGAL COUNSEL

Entity ______________________________________________________________

Period of financial statements _________________________________________

Job code ___________________________________________________________

               Example Audit Procedures                          Done     W/P
                                                                by/date   ref
I. Testing Procedures

1. Ask management about the entity's policies and
   procedures for identifying, evaluating, and accounting for
   litigation, claims, and assessment.

2. Obtain from management a description and evaluation of
   litigation, claims, and assessments existing as of the
   balance sheet date and through the date of management's
   response (which should be near the end of fieldwork).
   (This may instead be obtained from the entity's legal
   counsel.)

3. To determine whether an outside legal counsel is
   performing services for the entity, inquire of
   management whether outside legal counsel has been
   used by the entity and matters handled. Ask
   management for a list of pending litigation, claims, and
   assessments from the Department of Justice and/or
   examine correspondence and invoices from other
   outside legal counsel (e.g., for legal fees), if any.




April 2003         GAO/PCIE Financial Audit Manual - Part II       Page 1002 A-1
Reporting
1002 A – Example Audit Procedures for Inquiries of Legal Counsel

               Example Audit Procedures                           Done     W/P
                                                                 by/date   ref
4. Ask whether the entity has changed its general counsel or
   outside legal counsel or the general counsel or outside
   legal counsel has resigned or has indicated an intention
   to resign. If so, determine if there are matters that may
   affect the financial statements. For example, in
   appropriate circumstances, a legal counsel may be
   required by the ABA Code of Professional Responsibility
   to resign the engagement if the legal counsel's advice
   concerning disclosures is disregarded by the entity.

5. To identify litigation, claims, and assessments read
   minutes of management meetings, contracts, loan
   agreements, leases, and correspondence from other
   government entities and discuss pertinent items with
   management.

6. If information comes to the auditor' s attention that may
    indicate a potential contingency with respect to
    litigation, claims, or assessments that may require
    adjustment to or disclosure in the financial statements,
    discuss with the entity its possible need to consult legal
    counsel. Depending on the severity of the matter, refusal
    by the entity to consult legal counsel in those
    circumstances may result in a scope limitation. Consider
    the effect of such a limitation on the auditor's report.




April 2003         GAO/PCIE Financial Audit Manual - Part II        Page 1002 A-2
Reporting
1002 A – Example Audit Procedures for Inquiries of Legal Counsel

                Example Audit Procedures                           Done     W/P
                                                                  by/date   ref
7. Request entity management to send a legal letter request
   to the general counsel asking counsel to respond directly
   to the auditor. (Obtain a copy of the legal letter request.)
   Consider whether to also request legal letters from any
   outside legal counsel. The legal letter should cover
   litigation, claims, and assessments pertaining to the
   reporting entity, including matters handled by the
   Department of Justice or other outside legal counsel.
   (See Sections 1002 B for an example legal letter request.)
   Coordinate with management and legal counsel to
   • determine the timing of legal letter requests and
        responses and related management's
        summary/schedules of information contained in legal
        responses and
   • determine a materiality level to be included in the
        legal representation letter.

8. Read the legal letter responses and management's
   schedules to identify litigation, claims, and assessments.

9. Compare the description and evaluation of the current
   year's legal letter responses to the prior year's audit
   documentation. If this comparison indicates that certain
   legal matters in the prior year are no longer included,
   discuss these matters with management or legal counsel
   to obtain an understanding of the reasons for the
   changes.

10. Determine whether the information in the legal
    representation letter is consistent with management's
    schedule summarizing the information in the letter and
    related supporting documentation.

11. Discuss with legal counsel if the information obtained is
    not complete, clear, or consistent.

12. Evaluate legal counsel's responses and determine the
    effects of the responses on liabilities and related note
    disclosures in the financial statements and on the
    auditor's report.



April 2003          GAO/PCIE Financial Audit Manual - Part II        Page 1002 A-3
Reporting
1002 A – Example Audit Procedures for Inquiries of Legal Counsel

                Example Audit Procedures                           Done     W/P
                                                                  by/date   ref
13. If a response date is substantially in advance of the audit
     report date, for example, earlier than 2 weeks prior to
     date of auditors' report, obtain a written or oral update
     response. (The longer the period between the legal letter
     and the audit report date, the more important a written
     update becomes.)

II. Reporting Procedures

Obtain a representation from management in the
management representation letter (see FAM sections 550
and 1001) that the entity has disclosed all unasserted claims
that legal counsel has advised are probable of assertion that,
if asserted, would have at least a reasonable possibility of an
unfavorable outcome and must be disclosed.
1. Discuss the description and evaluation of litigation,
    claims, and assessments obtained with management to
    determine if, subsequent to the date of legal counsel's
    response, there have been any changes in status of the
    matters, changes in management's evaluation of the
    outcome, or additional matters to be considered.

2. If there are significant changes in the status of the
    matters or new matters, obtain a written confirmation or
    updated response from legal counsel.

3. Have management include in the management
   representation letter representations related to
   contingencies and determine if they are appropriately
   accrued and disclosed as required by SFFAS No. 5, as
   amended. If management has not consulted legal
   counsel, obtain a written representation from
   management that legal counsel has not been consulted.
   This representation may be incorporated in the
   management representation letter (see FAM sections 550
   and 1001).




April 2003          GAO/PCIE Financial Audit Manual - Part II        Page 1002 A-4
Reporting
1002 A – Example Audit Procedures for Inquiries of Legal Counsel

               Example Audit Procedures                            Done     W/P
                                                                  by/date   ref
4. Read the entity's financial statements and notes and

   a. consider the adequacy of financial statement
      disclosure for contingencies with respect to litigation,
      claims, and assessments;

   b. determine if the financial statement disclosures for
      contingencies with respect to litigation, claims, and
      assessments are prepared in accordance with the
      OMB guidance on form and content of agency
      financial statements; and

   c. for federal entities involved in litigation for which the
       Judgment Fund is a likely source of judgment or
       settlement, determine if a note to the financial
       statements discusses the Judgment Fund's role in the
       payment of a possible loss, as required by FASAB
       Interpretation No. 2, Accounting for Treasury
       Judgment Fund Transactions.

5. Document conclusions reached concerning the
   accounting for and disclosure of litigation, claims, and
   assessments, determine if adjustments are necessary,
   and consider whether modification of the auditor's
   report is appropriate (see FAM section 580).




April 2003         GAO/PCIE Financial Audit Manual - Part II         Page 1002 A-5
[This page intentionally left blank.]
Reporting


1002 B – EXAMPLE LEGAL LETTER REQUEST

[Audited Entity Letterhead]

Date: [date]

To: General Counsel

From: Chief Financial Officer [signed]

Subject: [Auditor 's] Audits of the Fiscal Years 20X1 and 20X0 Financial
         Statements

Pursuant to 31 U.S.C. 3515, [Auditor name] is performing audits of the financial
statements of [entity] as of and for the fiscal years ended September 30, 20X1, and
20X0. In performing audits of government entities, auditors comply with
Government Auditing Standards, issued by the Comptroller General of the United
States (the "yellow book"). For financial statement audits, Government Auditing
Standards incorporate the fieldwork and reporting standards of the American
Institute of Certified Public Accountants (AICPA) and the Statements on Auditing
Standards that interpret them. Consistent with the procedures contained in AU
337 of the AICPA's Codification of Statements on Auditing Standards, [Auditor]
has inquired about litigation, claims, and assessments to obtain evidence as to the
financial accounting and reporting of such matters with respect to the financial
statements. The purpose of this letter is to request your assistance in responding
to that inquiry. The American Bar Association Statement of Policy Regarding
Lawyers' Responses to Auditors' Request for Information (December 1975)
provides relevant guidance for the lawyer 's response to the auditor 's request.

In accordance with Statement of Federal Financial Accounting Standards
(SFFAS) Number 5, Accounting for Liabilities of the Federal Government, as
amended by SFFAS Number 12, and Interpretation Number 2 of SFFAS Numbers
4 and 5, [entity] reports certain information in its financial statements and notes
concerning contingent liabilities for litigation, claims, and assessments. We
request that you provide [Auditor] (with a copy to me) with information on
matters with respect to which you have been engaged and to which you have
devoted substantive attention on behalf of the [entity] in the form of legal
consultation or representation. You should furnish an interim response by
[agreed-upon date], including matters that existed as of September 30, 20X1, and
from that date through at least [interim date]. You should furnish an updated
response by [agreed-upon date], that is effective no earlier than [agreed-upon
date], that includes any changes from the interim response or furnish a statement
that there are no changes.

April 2003          GAO/PCIE Financial Audit Manual - Part II         Page 1002 B-1
Reporting
1002 B – Example Legal Letter Request


Include any cases with respect to which you have been engaged and to which you
have devoted substantive attention on behalf of the [entity] in the form of legal
consultation or representation, even those cases for which you believe the
Judgment Fund or some financing source other than [entity]'s budgetary
resources will pay any potential loss. Under generally accepted accounting
principles, these amounts should be included as liabilities or disclosure items in
the [entity]'s financial statements. Cases similar in nature should be aggregated
where appropriate. It would be helpful if you could list the matters in order of the
amount of potential loss, starting with the largest.

Pending or Threatened Litigation (excluding unasserted claims)

We and [Auditor] have determined that any matters for which the amount of
potential loss exceeds $XX, individually or in the aggregate, could be material to
the financial statements. Please provide to [Auditor] the information described
below about pending or threatened litigation where the amount of potential loss
exceeds $XX:

1. The nature of the matter. Include a description of the case or cases and
   amount claimed, if specified.
2. The progress of the case to date.
3. The government's response or planned response (for example, to contest the
   case vigorously or to seek an out-of-court settlement).
4. An evaluation of the likelihood of unfavorable outcome. Please categorize
   likelihood as probable (an unfavorable outcome is likely to occur), reasonably
   possible (the chance of an unfavorable outcome is less than probable but more
   than remote), or remote (the chance of an unfavorable outcome is slight).
5. An estimate of the amount or range of potential loss, if one can be made, for
   losses considered to be probable or reasonably possible.
6. The name of the [entity]'s legal counsel handling the case and names of any
   outside legal counsel/other lawyers representing or advising the government in
   the matter (Department of Justice or outside law firms).

Unasserted Claims and Assessments

[If legal counsel is a part of management use this paragraph.] Please provide the
following information for all unasserted claims and assessments that you consider
to be probable of assertion and which, if asserted, would have at least a
reasonable possibility (more that remote) of an unfavorable outcome in an
amount over $XX, individually or in the aggregate, involving matters to which you
have devoted substantive attention.

[If the legal letter request will be sent to a legal counsel that is not part of
management, such as an outside legal counsel, use this paragraph.] We have

April 2003          GAO/PCIE Financial Audit Manual - Part II          Page 1002 B-2
Reporting
1002 B – Example Legal Letter Request

provided an attachment to this request that lists the unasserted claims and
assessments that we believe are probable of assertion and which, if asserted,
would have at least a reasonable possibility (more than remote) of an unfavorable
outcome in an amount over $XX, individually or in the aggregate, involving
matters to which you have devoted substantive attention. Please provide the
following information for each matter and for any additional matters that you
believe meet these criteria.

1. A description of the nature of the matter.
2. The government's planned response if the claim is asserted.
3. An evaluation of the likelihood of an unfavorable outcome. (Categorize
   likelihood as probable (likely to occur) or reasonably possible (less than
   probable but more than remote).)
4. An estimate of the amount or range of potential loss, if one can be made.

Please specifically confirm to [Auditor] that our understanding of the following is
correct: Whenever, in the course of performing legal services for us, with respect
to a matter recognized to involve an unasserted possible claim or assessment that
may call for financial statement disclosure, if you have formed a professional
conclusion that we should disclose or consider disclosure concerning such
possible claim or assessment, as a matter of professional responsibility to us, you
will (1) advise us of your conclusion and (2) consult with us concerning the
question of such disclosure and the applicable requirements of SFFAS No. 5, as
amended.

Please separately identify any cases with respect to which you have been engaged
and to which you have devoted substantive attention on behalf of the [entity] in
the form of legal consultation or representation for which you believe another
government entity will be responsible for any potential liability.

Please specifically identify the nature of and reasons for any limitations on your
response to this request.

Please address your reply to [Auditor], and contact him/her at (phone number),
when your reply is available for pick up, and send a copy of your reply to me. Do
not hesitate to contact me or [Auditor] if you have any questions about this
request.




April 2003          GAO/PCIE Financial Audit Manual - Part II         Page 1002 B-3
[This page intentionally left blank.]
Reporting


1002 C – EXAMPLE LEGAL REPRESENTATION
         LETTER

[General Counsel Letterhead]

[Date]

[Auditor]
[Title]
[Agency or Firm Name]
[City]

Subject: Legal Response in Connection with the Fiscal Years 20X1 and 20X0
         Financial Statement Audits of [entity name]

Dear [Auditor]:

As General Counsel of [entity], I am writing in response to the legal letter request
from the [entity]'s Chief Financial Officer (CFO) dated [date], in connection with
the audit of [entity]'s financial statements as of and for the fiscal years ended
September 30, 20X1 and 20X0. [In an interim response, add "I will, as further
requested by the CFO, provide an updated response by [date]."]

I call your attention to the fact that as General Counsel for [entity], I have general
supervision of [entity]'s legal affairs. [If the general legal supervisory
responsibilities of the person signing the letter are limited, set forth a clear
description of those legal matters over which such person exercises general
supervision, indicating exceptions to such supervision and situations where
primary reliance should be placed on other sources.] In such capacity, I have
reviewed litigation and claims threatened or asserted involving [entity] and have
consulted with outside legal counsel about them when I have deemed appropriate.

Subject to the foregoing and to the last paragraph of this letter, I advise you that
since [insert date of beginning of fiscal year period under audit] neither I, nor any
of the lawyers over whom I exercise general legal supervision, have given
substantive attention to, or represented [entity] in connection with loss
contingencies [over the amount of (state materiality level agreed to with auditor
and stated in request letter)] coming within the scope of clause (a) of Paragraph 5
of the Statement of Policy referred to in the last paragraph of this letter, except as
follows:

[Describe litigation and claims that fit the foregoing criteria as follows (it is
recommended that general counsels use the attached Department of Justice forms

April 2003          GAO/PCIE Financial Audit Manual - Part II          Page 1002 C-1
    Reporting
    1002 C – Example Legal Representation Letter

    (one for pending or threatened litigation, another for unasserted claims) to
    describe the cases):]1

    Pending or Threatened Litigation (excluding unasserted claims)

    1. Nature of the matter (include a description of the case or cases and amount
       claimed, if specified).
    2. Progress of the case to date.
    3. Current or intended response.
    4. Evaluation of the likelihood of an unfavorable outcome (categorize likelihood
       as probable, reasonably possible, or remote).
    5. Estimated amount or range of potential loss, if determinable, for losses
       considered to be probable or reasonably possible.
    6. Name of [entity]'s legal counsel handling the case and names of any outside
       legal counsel representing or advising the government in the matter.

    With respect to matters that have been specifically identified as contemplated by
    clauses (b) or (c) of paragraph 5 of the ABA Statement of Policy, I advise you,
    subject to the last paragraph of this letter, as follows:

    Unasserted Claims and Assessments (considered to be probable of assertion
    and which, if asserted, would have at least a reasonable possibility of an
    unfavorable outcome)

    1. Nature of the matter.
    2. Intended response if claim would be asserted.
    3. Evaluation of the likelihood of an unfavorable outcome. (Categorize
       likelihood as probable or reasonably possible.)
    4. Estimated amount or range of potential loss, if determinable.

    The information set forth herein is [(as of the date of this letter) or (as of (insert
    date), the date on which we commenced our internal review procedures for
    purposes of preparing this response)], except as otherwise noted. [If an interim
    response, add "Upon submission of the updated response, which is due on
    [date],"] I disclaim any undertaking to advise you of changes that, thereafter, may
    be brought to my attention or the attention of our lawyers over whom I exercise
    general legal supervision.

    This response is limited by, and in accordance with, the ABA Statement of Policy
    Regarding Lawyers' Responses to Auditors' Requests for Information (December
    1975); without limiting the generality of the foregoing, the limitations set forth in
    such statement on the scope and use of this response (Paragraphs 2 and 7) are
    specifically incorporated herein by reference, and any description herein of any
1
    It is expected that cases or matters will be aggregated where appropriate.

    April 2003           GAO/PCIE Financial Audit Manual - Part II         Page 1002 C-2
Reporting
1002 C – Example Legal Representation Letter

"loss contingencies" is qualified in its entirety by Paragraph 5 of the statement and
the accompanying commentary (which is an integral part of the statement).
Consistent with the last sentence of Paragraph 6 of the ABA Statement of Policy,
this will confirm as correct [entity]'s understanding that whenever, in the course
of performing legal services for [entity] with respect to a matter recognized to
involve an unasserted possible claim or assessment that may call for financial
statement disclosure, I have formed a professional conclusion that the entity must
disclose or consider disclosure concerning such possible claim or assessment, I,
as a matter of professional responsibility to [entity], will so advise [entity] and will
consult with [entity] concerning the question of such disclosure and the
applicable requirements of Statement of Federal Financial Accounting Standards
(SFFAS) Number 5, Accounting for Liabilities of the Federal Government, as
amended by SFFAS Number 12, and Interpretation Number 2 of SFFAS Numbers
4 and 5. [Describe any other or additional limitation as indicated by Paragraph 4
of the statement.]

Sincerely yours,




_______________________________________
[Name of General Counsel]
[Title]

cc: Chief Financial Officer




April 2003           GAO/PCIE Financial Audit Manual - Part II          Page 1002 C-3
Reporting
1002 C – Example Legal Representation Letter


                  SUGGESTED DEPARTMENT OF JUSTICE FORM

                     PENDING OR THREATENED LITIGATION
                  AGENCY/COMPONENT: _____________________________
       Amount of potential loss exceeds
      the agency/component materiality
                           threshold of: _____________________________


 1.       Case name. (Include case citation, case number, and other names by
          which the case or group of cases is commonly known.)


 2.       Nature of matter. (Include a description of the case or cases and
          amount claimed, if specified.)


 3.       Progress of the case.



 4.       The government's response or planned response. (For example, to
          contest the case vigorously or to seek an out-of-court settlement.)


 5.       An evaluation of the likelihood of unfavorable outcome. (Choose
          one.)
      _______     PROBABLE – An unfavorable outcome is likely to occur.

      _______     REASONABLY POSSIBLE – the chance of an unfavorable outcome
                  is less than probable but more than remote.
      _______     REMOTE – the chance of an unfavorable outcome is slight.


 6.       An estimate of the amount or range of potential loss (if one can be
          made, for losses considered to be probable or reasonably possible).




April 2003            GAO/PCIE Financial Audit Manual - Part II     Page 1002 C-4
Reporting
1002 C – Example Legal Representation Letter



7.     The name and phone number of the government attorney
       handling the case (and names and phone numbers of any outside legal
       counsel/other lawyers representing or advising the government in the
       matter.)



8.     The sequence number (based on the total number of pending or
       threatened cases in litigation, claims, and assessments the
       agency/component is submitting.
       e.g., Number ___ of ___)
                    (#)   (total)




April 2003         GAO/PCIE Financial Audit Manual - Part II         Page 1002 C-5
Reporting
1002 C – Example Legal Representation Letter


                   SUGGESTED DEPARTMENT OF JUSTICE FORM

                    UNASSERTED CLAIMS AND ASSESSMENTS
                        AGENCY/COMPONENT: _____________________
      Amount of Potential Loss Exceeds the
 agency/component materiality threshold of: _____________________
 1.        Name of Matter. (Include name by which the matter is commonly
           known.)

 2.        Nature of the Matter. (Include a description of the matter.)


 3.        The Government's Planned Response (if the claim is asserted).


 4.        An Evaluation of the likelihood of Unfavorable Outcome. (Choose
           one.)
      _______ PROBABLE – (An unfavorable outcome is likely to occur.)
      _______ REASONABLY POSSIBLE – (the chance of an unfavorable outcome is
              less than probable but more than remote.)
 5.        An Estimate of the Amount or Range of Potential Loss (if one can
           be made, for losses considered to be probable or reasonably possible).

 6.        The Name and phone number of the Government Attorney
           Handling the Matter (and names and phone numbers of any outside
           legal counsel/other lawyers representing or advising the government in
           the matter).

 7.        The Sequence Number (based on the total number of Unasserted
           Claims and Assessments the agency/component is submitting.
           e.g., Number ___ of ____).
                        (#)   (total)




April 2003           GAO/PCIE Financial Audit Manual - Part II     Page 1002 C-6
Reporting
1002 D - Example Management Summary Schedule

Management should prepare this schedule (or equivalent) summarizing the information contained in the legal letters. In particular,
management should conclude as to the likelihood of loss about each case to determine whether an amount should be recorded in
the financial statements and/or if note disclosure is necessary for the financial statements to conform with GAAP. Although
most information comes directly from the legal letter, the financial staff should add the information in the last two columns
to indicate the disposition of each case in the financial statements.

                                Management's Schedule of Information Contained in Legal Letter Responses
                                                   for Financial Reporting Purposes

                                                             Amounts in thousands

     1             2                    3                   4                          5                             6                    7
                                                                                Amount or range                          Disposition in
 Reference      Amount             Name of case/        Likelihood              of potential loss                     financial statements
    key         claimed            related cases          of loss
                                                                      (a)   P      (b) R/P          (c) Upper Amt. recorded    Note disclosure


****insert rows here as necessary****                  ***insert rows here as necessary***      ***insert rows here as necessary***
TOTALS        $         -                                           $       -    $     -         $        -    $           -    $              -


Guidance for Preparation:
1. Matters should be listed on this schedule in order of the amount or range of potential loss, starting with the largest.
2. The level of aggregation should generally be at the same level as in the general counsel's letter. However, there may be instances
    where the level of aggregation is too high to be able to prepare this schedule in a way that is meaningful. In such cases, the CFO
    should work with legal counsel to provide further disaggregation of dissimilar cases. There may also be other instances in which a
    higher level of aggregation is desirable. CFOs should use professional judgment, considering the purpose of this schedule when
   determining the level of aggregation.

April 2003                                          GAO/PCIE Financial Audit Manual - Part II                                         Page 1002 D-1
Reporting
1002 D - Example Management Summary Schedule

Column:
    1        Reference key: Page number of legal representation letter obtained from General Counsel discussing the case, or
             other reference information.
    2        Amount claimed: Amount claimed in the litigation, claim, or assessment (if specified)
    3        Name of case or related cases: Where appropriate, provide name of case or aggregated cases which meet
             materiality threshold.
    4        Likelihood of loss: Indicate management's evaluation of the likelihood of loss on individual or aggregated cases.
             Options:         P: probable (loss likely to occur);
                              R/P: reasonably possible (the chance of loss is less than probable, but more than remote); or
                              R: remote (the chance of loss is slight).

    5        Amount or range of potential loss:
             Options:     5a: Probable (P) -- Provide single estimate or lower end of range, if known. Enter "U" if unknown. (Also
                              provide column totals.)
                          5b: Reasonably possible (R/P) -- Provide single estimate or lower end of range, if provided. Enter "U" if
                               unknown. Also provide column totals.
                          5c: If amounts in P or R/P are ranges, provide upper end of range; otherwise, enter "n/a."

    6        Disposition in financial statements - amount recorded: If applicable, provide corresponding dollar amount
             recorded as a liability in the financial statements. (Also provide column totals.)
    7        Disposition in financial statements - note disclosure: If applicable, indicate by note reference number
             where case information is separately disclosed or included in amounts disclosed in notes to the financial statements.
             (Also provide column totals.)

April 2003                                           GAO/PCIE Financial Audit Manual - Part II                                       Page 1002 D-2
Reporting


1006 - RESERVED




             [For related parties, see FAM section 902]




April 2003       GAO/PCIE Financial Audit Manual - Part II   Page 1006-1
[This page intentionally left blank.]
GLOSSARY



Accountability report    An agency’s accountability report integrates the
                         (1) Federal Managers’ Financial Integrity Act (FMFIA)
                         Report; (2) Chief Financial Officers’ (CFO) Act Annual
                         Report, including audited financial statements;
                         (3) Management’s Report on Final Action as required
                         by the Inspector General Act; (4) the Debt Collection
                         Improvement Act, Civil Monetary Penalty Act and
                         Prompt Payment Act reports; and (5) available
                         information on agency performance compared with
                         the agency’s stated goal and objectives.

Accounting               The procedures and records used to identify, record,
applications             process, summarize, and report a class of trans-
                         actions. Common accounting applications are
                         (1) billings, (2) accounts receivable, (3) cash receipts,
                         (4) purchasing and receiving, (5) accounts payable,
                         (6) cash disbursements, (7) payroll, (8) inventory
                         control, and (9) property and equipment.

Accounting system        The methods and records established to identify,
                         assemble, analyze, classify, record, and report an
                         entity's transactions and to maintain accountability for
                         the related assets and liabilities.

Activity                 In cost accounting, an activity is the actual work task
                         or step performed in producing and delivering
                         products and services. An aggregation of actions
                         performed within an organization that is useful for
                         purposes of activity-based costing.

Analytical procedures    The comparison of recorded account balances with
                         expectations developed by the auditor, based on an
                         analysis and understanding of the relationships
                         between the recorded amounts and other data, to
                         form a conclusion on the recorded amount. A basic
                         premise underlying the application of analytical
                         procedures is that plausible relationships among data
                         may reasonably be expected to continue unless there
                         are known conditions that would change the
                         relationships.



April 2003              GAO/PCIE Financial Audit Manual                Glossary-1
Glossary



Annual financial        As defined by OMB, the annual financial statement
statement               comprises

                        •   an overview of the reporting entity (or
                            Management’s Discussion and Analysis, MD&A),
                        •   the financial statements and related notes,
                        •   required supplementary stewardship information,
                        •   required supplementary information, and
                        •   other accompanying information.

Application controls    Management’s control activities that are incorporated
                        directly into individual computer applications to
                        provide reasonable assurance of accurate and reliable
                        procession. Application controls address (1) data
                        input, (2) data processing, and (3) data output.
                        FISCAM categories of application controls that more
                        closely tie into the FAM methodology are
                        (1) authorization control, (2) completeness control,
                        (3) accuracy control, and (4) control over integrity of
                        processing and data files.

Appropriation           The most common form of budget authority; an
                        authorization by an act of the Congress that permits
                        federal agencies to incur obligations and to make
                        payments out of the Treasury for specified purposes.
                        Appropriations do not represent cash actually set
                        aside in the Treasury for purposes specified in the
                        appropriation acts. They represent limitations of
                        amounts that agencies may obligate during the period
                        specified in the appropriation acts.

Assertions              Management's representations that are embodied in
                        the account balance, transaction class, and disclosure
                        components of the financial statements. The primary
                        assertions (described in paragraph 235.02) are

                        •   Existence or occurrence
                        •   Completeness
                        •   Rights and obligations
                        •   Valuation or allocation
                        •   Presentation and disclosure


April 2003             GAO/PCIE Financial Audit Manual               Glossary-2
Glossary



Assessing control risk    The process of evaluating the effectiveness of an
                          entity's internal control in preventing or detecting
                          misstatements in financial statement assertions.

Assurance, level of       The complement of audit risk, which is an auditor
                          judgment. This is not the same as confidence level,
                          which relates to an individual sample.

Attributes sampling       Statistical sampling that reaches a conclusion about
                          the population in terms of a rate of occurrence.

Audit risk                The overall risk that the auditor may unknowingly fail
                          to appropriately modify his or her opinion on financial
                          statements that are materially misstated. This is an
                          auditor judgment.

Back door authority       Any type of budget authority that is provided by
                          legislation outside the normal appropriations process.
                           (See contract authority.)

Base data                 Data used to develop the expectation in an analytical
                          procedure.

Borrowing authority       Statutory authority that permits obligations to be
                          incurred but requires that funds be borrowed to liqui-
                          date the obligations (see title 7 of the GAO Policies
                          and Procedures Manual for Guidance of Federal
                          Agencies). Usually, the amount that may be borrowed
                          and the purposes for which the borrowed funds must
                          be used are stipulated by the authorizing statute.
                          Borrowing authority sometimes is referred to as back
                          door authority.




April 2003               GAO/PCIE Financial Audit Manual                Glossary-3
Glossary



Budget authority          Authority provided by law (1) to enter into obligations
                          that will result in immediate or future outlays
                          involving government funds or (2) to collect offsetting
                          receipts (2 U.S.C. 622(2)). The Congress provides an
                          entity with budget authority and may place
                          restrictions on the amount, purpose, and timing of the
                          obligation or expenditure of such authority. The three
                          forms of budget authority are

                          •   appropriations
                          •   borrowing authority
                          •   contract authority

Budget controls           Management's policies and procedures to manage and
                          control the use of appropriated funds and other forms
                          of budget authority. (These are considered part of
                          financial reporting and compliance controls.)

Budget functional         A way of grouping budgetary resources so that all
classification            budget authority and outlays of on-budget and off-
                          budget federal entities and tax expenditures can be
                          presented according to national needs being
                          addressed. To the extent feasible, functional
                          classifications are made without regard to entity or
                          organizational distinctions.

Case study                See nonsampling selection.

Cause and effect basis    In cost accounting, a way to group costs into cost
                          pools in which an intermediate activity may be a link
                          between the cause and the effect.

Classical probability     A sampling approach where the sample is selected
proportional to size      proportional to the size (usually dollar amount) of an
sampling                  item and the evaluation is performed using variables
                          methods (not dollar unit sampling).

Classical variables       A sampling approach that measures precision using
estimation sampling       the variation of the underlying characteristic of
                          interest. This method includes mean per unit
                          sampling, difference estimation, ratio estimation, and
                          regression estimation.


April 2003               GAO/PCIE Financial Audit Manual              Glossary-4
Glossary




Closed account         A budget account for which the expired budget
                       authority has been canceled.

Combined precision     A judgment of precision for all tests in the audit. Used
                       at the end of the audit to evaluate the results of all
                       tests.

Combined risk          The auditor’s judgment of the combined inherent and
                       control risk (high, moderate, or low); the risk that the
                       financial statements contain material misstatements
                       before audit.

Common data source     In cost accounting, this includes all financial and non-
                       financial data, such as environmental data, that are
                       necessary for budgeting and financial reporting, as
                       well as evaluation and decision information
                       developed as a result of prior reporting and feedback.

Compliance control     A process, effected by management and other
                       personnel, designed to provide reasonable assurance
                       that transactions are executed in accordance with
                       (1) laws governing the use of budget authority and
                       other laws and regulations that could have a direct
                       and material effect on the financial statements or
                       required supplementary stewardship information and
                       (2) any other laws, regulations, and governmentwide
                       policies identified in OMB audit guidance.

Compliance tests       Tests to obtain evidence on the entity's compliance
                       with significant laws and regulations.

Confidence interval    The projected misstatement or point estimate plus or
                       minus precision at the desired confidence level.

Confidence level       The probability associated with the precision; the
                       probability that the true misstatement is within the
                       confidence interval. This is not the same as level of
                       assurance.




April 2003            GAO/PCIE Financial Audit Manual                Glossary-5
Glossary



Contingency            An existing condition, situation, or set of
                       circumstances involving uncertainty as to possible
                       gain or loss.

Contract authority     Statutory authority that permits obligations to be
                       incurred before appropriations or in anticipation of
                       receipts to be credited to a revolving fund or other
                       account (offsetting collections). By definition,
                       contract authority is unfunded and must subsequently
                       be funded by an appropriation to liquidate the
                       obligations incurred under the contract authority or
                       by the collection and use of receipts.

Control environment    A component of internal control, in addition to risk
                       assessment, monitoring, information and
                       communication, and control activities. The control
                       environment sets the tone of an organization,
                       influencing the control consciousness of its people. It
                       is the foundation for all other components of internal
                       control, providing discipline and structure. The
                       control environment represents the collective effect of
                       various factors on establishing, enhancing, or
                       mitigating the effectiveness of specific control
                       activities. Such factors include (1) integrity and
                       ethical values, (2) commitment to competence,
                       (3) management's philosophy and operating style,
                       (4) organizational structure, (5) assignment of
                       authority and responsibility, (6) human resource
                       policies and practices, (7) control methods over
                       budget formulation and execution, (8) control
                       methods over compliance with laws and regulations,
                       and (9) oversight groups.

Control risk           The risk that a material misstatement that could occur
                       in an assertion will not be prevented or detected on a
                       timely basis by the entity's internal controls (classified
                       as high, moderate, or low). This is an auditor
                       judgment.




April 2003            GAO/PCIE Financial Audit Manual                 Glossary-6
Glossary



Control activities      A component of internal control, in addition to the
(techniques)            control environment, risk assessment, monitoring, and
                        information and communication. The policies and
                        procedures that help ensure that management
                        directives are carried out.

Control tests           Tests of a specific control activity to assess its
                        effectiveness in achieving control objectives.

Core financial          As developed by JFMIP, a system that consists of six
management system       functional areas: general ledger management, funds
(CFMS)                  management, payment management, receivable
                        management, cost management, and reporting, and
                        affects all financial event transaction processing
                        because it maintains reference tables used for editing
                        and classifying data, controls transactions, and
                        maintains security.

Cost                    The monetary value of resources used or sacrificed or
                        liabilities incurred to achieve an objective, such as to
                        acquire or produce a good or to perform an activity or
                        service.

Costing methodology     Methodology for accumulating the costs of resources
                        that directly or indirectly contribute to the production
                        of outputs and assigning those costs to outputs.

Department (per         Any department, agency, administration, or other
FASAB Interpretation    financial reporting entity (see SFFAC No. 2) that is not
No. 6)                  part of a larger financial reporting entity other than
                        the government as a whole. Used in distinguishing
                        inter- and intradepartmental activity and balances.

Design materiality      The portion of planning materiality that the auditor
                        allocates to line items or accounts. This amount
                        should be the same for all line items or accounts
                        (except for certain offsetting balances as discussed in
                        paragraph 230.10). The auditor should set design
                        materiality for the audit as one-third of planning
                        materiality. (See discussion in paragraph 230.12.)




April 2003             GAO/PCIE Financial Audit Manual                 Glossary-7
Glossary



Detection risk         The risk that audit procedures will not detect a
                       material misstatement that exists in the financial
                       statements. The auditor determines the desired
                       detection risk based on combined risk and audit risk.
                       (In statistical terms, beta risk or type II risk.)

Errors                 Unintentional misstatements or omissions of amounts
                       or disclosures in financial statements.

Expectation            The auditor's estimate of an account balance in an
                       analytical procedure.

Expected               The dollar amount of misstatements the auditor
misstatement           expects in a population.

Expired account        A budgetary account in which the balances are no
                       longer available for incurring new obligations because
                       the time available for incurring such obligations has
                       expired. After 5 years, these accounts are canceled
                       and are then considered to be closed accounts.

Federal financial      One of the three requirements of FFMIA. They
management systems     include the requirements of OMB Circulars A-127,
requirements           A-123, and A-130 and the JFMIP Federal Financial
                       Management Systems Requirements series.

Financial reporting    A process, effected by management and other
control                personnel, designed to provide reasonable assurance
                       that transactions are properly recorded, processed,
                       and summarized to permit the preparation of the
                       financial statements and required supplementary
                       stewardship information in accordance with GAAP,
                       and that assets are safeguarded against loss from
                       unauthorized acquisition, use, or disposition.




April 2003            GAO/PCIE Financial Audit Manual              Glossary-8
Glossary



Financial statements      The components of a federal entity's annual financial
(also called principal    statement (also referred to as the Accountability
statements)               report), which are

                          •   Balance Sheet
                          •   Statement of Net Cost
                          •   Statement of Changes in Net Position
                          •   Statement of Budgetary Resources
                          •   Statement of Financing
                          •   Statement of Custodial Activity (if applicable)
                          •   Related Notes

Fraud                     Although fraud is a broad legal concept, the auditor is
                          interested in fraudulent acts that cause a material
                          misstatement of financial statements. Fraud is
                          distinguished from error because fraud is intentional
                          whereas error is unintentional. Two relevant types of
                          misstatements are those arising from fraudulent
                          financial reporting and those arising from
                          misappropriation of assets.

Fraudulent financial      Intentional misstatements or omissions of amounts or
reporting                 disclosures in financial statements to deceive financial
                          statement users. This may involve acts such as
                          manipulation, falsification, or alteration of accounting
                          records or supporting documents; misrepresentation
                          or intentional omission of events, transactions, or
                          other significant information in the financial
                          statements; or intentional misapplication of
                          accounting principles relating to amounts,
                          classification, manner of presentation, or disclosure.

Full cost                 In cost accounting, the sum of all costs required by a
                          cost object including the costs of activities performed
                          by other entities regardless of funding sources.

Fund Balance with         An asset account representing the unexpended
Treasury account          spending authority in agencies' appropriations. Also
(FBWT)                    serves as a mechanism to prevent agencies'
                          disbursements from exceeding appropriated amounts.




April 2003               GAO/PCIE Financial Audit Manual                Glossary-9
Glossary



General controls         Management’s policies and procedures that apply to
                         an entity’s overall computer operations and that
                         create the environment in which application controls
                         and certain user controls (which are control activities)
                         operate. They are classified in the FISCAM as
                         (1) entitywide security management program,
                         (2) access control, (3) application software
                         development and change control, (4) system software,
                         (5) segregation of duties, and (6) service continuity
                         control.

Generally accepted       The accounting principles that the entity should use.
accounting principles    For federal executive agencies, these are federal
(GAAP)                   accounting standards following the hierarchy listed in
                         SAS 91. The standards issued by FASAB are the first
                         level of the hierarchy. For government corporations,
                         generally accepted accounting principles are
                         commercial generally accepted accounting principles
                         issued by FASB.

Haphazard sample         A sample consisting of sampling units selected
                         without any conscious bias, that is, without any
                         special reason for including or omitting items from the
                         sample. It does not consist of sampling units selected
                         in a careless manner, but is selected in a manner that
                         can be expected to be representative of the
                         population.

Information and          A component of internal control in addition to the
communication            control environment, risk assessment, monitoring, and
                         control activities. The identification, capture, and
                         exchange of information in a form and time frame that
                         enable people to carry out their responsibilities. The
                         accounting system and accounting manuals are
                         examples of this component.

Information systems      A person with specialized technical knowledge and
(IS) auditor             skills who can understand the IS concepts discussed
                         in the manual and apply them to the audit.




April 2003              GAO/PCIE Financial Audit Manual              Glossary-10
Glossary



IS controls          Controls whose effectiveness depends on computer
                     processing, including general, application, and user
                     controls (described in section 295 F).

Inherent risk        The susceptibility of an assertion to a material
                     misstatement, assuming there are no related specific
                     control activities. This is an auditor judgment.

Interdepartmental    Activity and balances between two different
amounts              departments. (See department.) The
                     intradepartmental and interdepartmental amounts are
                     subsets of intragovernmental activity and balances.

Interentity          Activities or balances between two or more agencies,
                     departments, or bureaus. (See inter- and
                     intradepartmental.)

Internal control     A process, effected by an entity's management and
                     other personnel, to provide reasonable assurance that
                     the entity's specific objectives are achieved.
                     Following are the types of internal controls:

                     • financial reporting (including safeguarding and
                       budget)
                     • compliance (including budget)
                     • operations

Intradepartmental    Activity and balances within the same department.
amounts              (See department.) The intradepartmental and
                     interdepartmental amounts are subsets of
                     intragovernmental activity and balances.

Intragovernmental    Activity and balances occurring within or between
amounts              federal departments.

Intragovernmental    The primary method used by most federal agencies to
Payment and          electronically bill and/or pay for services and supplies
Collection System    within the government. Used to communicate to the
(IPAC)               Treasury and the trading partner agency that the
                     online billing and/or payment for services and supplies
                     has occurred.



April 2003          GAO/PCIE Financial Audit Manual              Glossary-11
Glossary



Joint Financial        The joint undertaking of the U.S. Department of the
Management             Treasury, the U.S. General Accounting Office, the
Improvement Program    Office of Management and Budget, and the Office of
(JFMIP)                Personnel Management to improve financial
                       management in the federal government. The source of
                       governmentwide requirements for financial
                       management systems software functionality that
                       describes the basic elements of an integrated financial
                       management system (including the core financial
                       system).

Judgment fund          A permanent and indefinite appropriation that is
                       available to pay final judgments, settlement
                       agreements, and certain types of administrative
                       awards against the United States when payment is not
                       otherwise provided for. The Secretary of the Treasury
                       certifies all payments from the fund.

Known misstatement     The amount of misstatement found by the auditor.

Likely misstatement    The auditor's best estimate of the amount of the
                       misstatement in the tested population (including
                       known misstatement). For sampling applications, this
                       amount is the projected misstatement.

Limit                  Used in performing substantive analytical procedures,
                       the limit is the amount of difference between the
                       expectation and the recorded amount that the auditor
                       will accept without investigation. Therefore, the
                       auditor should investigate amounts that exceed the
                       limit during analytical procedures.

Materiality            The magnitude of an item's omission or misstatement
                       in a financial statement that, in the light of
                       surrounding circumstances, makes it probable that the
                       judgment of a reasonable person relying on the
                       information would have been changed or influenced
                       by the inclusion or correction of the item (FASB
                       Statement of Financial Concepts No. 2). See planning
                       materiality, design materiality, and test materiality.




April 2003            GAO/PCIE Financial Audit Manual             Glossary-12
Glossary



Misappropriation of       Theft of an entity's assets causing the financial
assets                    statements not to be presented in conformity with
                          GAAP.

Monitoring                A component of internal control in addition to the
                          control environment, risk assessment, information
                          and communication, and control activities. The
                          process by which management assesses internal
                          control performance over time. It may include
                          ongoing activities, separate evaluations, or a
                          combination of both.

Multipurpose testing      Performing several tests, such as control tests,
                          compliance tests, and substantive tests, on a common
                          selection, usually a sample.

Nonsampling selection     A selection of items to reach a conclusion only on the
                          items selected. Sometimes called a case study, the
                          auditor using a nonsampling selection may not project
                          the results to the population, but should be satisfied
                          that there is a low risk of material misstatement in the
                          untested items.

Obligation ceiling        A limit set by the Congress on the amount of
                          obligations and expenditures the entity may incur
                          even though the budget authority (such as an
                          appropriation) is greater than this limit.

Offsetting collections    Collections of a business- or market-oriented nature
                          and intragovernmental transactions. If, pursuant to
                          law, they are deposited to receipts accounts and are
                          available for obligation, they are considered budget
                          authority and referred to as offsetting receipts.
                          Contract authority and immediate availability of
                          offsetting receipts for use are the usual forms of
                          budget authority for revolving funds.

Operations controls       Management's policies and procedures to carry out
                          organizational objectives, such as planning,
                          productivity, programmatic, quality, economy,
                          efficiency, and effectiveness objectives.



April 2003               GAO/PCIE Financial Audit Manual              Glossary-13
Glossary



Output                    Any product or service generated from the
                          consumption of resources. This can include
                          information generated by the completion of a task or
                          activity.

Overall analytical        Analytical procedures performed as an overall
procedures                financial statement review during the audit reporting
                          phase.

Performance measures Policies and procedures management uses to assure
controls             data that support performance measures reported in
                     the MD&A of the Accountability report are properly
                     recorded, processed, and summarized to permit
                     preparation of performance information in
                     accordance with criteria stated by management.

Planning materiality      The auditor's judgment of the total amount of
                          misstatements that would be material in relation to
                          the financial statements to be audited; used for
                          planning the audit scope. The auditor determines an
                          appropriate base (usually the greater of assets,
                          liabilities, revenues, or expenses); then the auditor
                          multiplies by a percent, usually 3 percent.

Point estimate            Most likely amount of the population characteristic
                          based on the sample.

Population                The items comprising a financial statement line item,
                          account balance, or class of transactions from which
                          selections are made for audit testing.

Precision                 The difference between the point estimate and the
                          upper or lower limit. Thus, precision tells the auditor
                          how close the point estimate could be from the true
                          population amount.

Preliminary analytical    Analytical procedures performed during the audit
procedures                planning phase.

Principal statements      See financial statements.




April 2003               GAO/PCIE Financial Audit Manual              Glossary-14
Glossary



Probable               The chance of the future confirming event(s)
                       occurring is likely, for pending or threatened litigation
                       and unasserted claims. (For other contingencies, the
                       future event or events are more likely than not to
                       occur.)

Projected              An estimate of the misstatement in a population,
misstatement           based on the misstatements found in the examined
                       sample items; represents misstatements that are
                       probable. The projected misstatement includes the
                       known misstatement.

Providing agency       The agency providing services, products, goods,
                       transfer funds, investments, debt, and/or incurring the
                       reimbursable costs. This includes bureaus,
                       departments, and/or programs within agencies. The
                       providing agency is the seller. The providing agency is
                       the agency transferring out funds to another agency
                       (transfers-out) when appropriations are transferred
                       without the exchange of goods or services.

Random sample          A sample selected so that every combination of the
                       same number of items in the population has an equal
                       chance of selection. A random sample should be
                       selected by using computer software or a random
                       number table. A systematic sample with a random
                       start, although not technically meeting the definition,
                       may generally be evaluated as if it were a random
                       sample.

Reasonably possible    The chance of the future event or events occurring is
                       more than remote but less than probable.

Receiving agency       The agency receiving services, products, goods,
                       transfer funds, purchasing investments, and/or
                       borrowing from Treasury (or other agency). This
                       includes bureaus, departments, and/or programs
                       within agencies. The receiving agency is the
                       purchaser. The receiving agency is the agency
                       receiving transfers of funds (transfers in) when
                       appropriations are transferred without the exchange
                       of goods or services.


April 2003            GAO/PCIE Financial Audit Manual               Glossary-15
Glossary




Reciprocal accounts      Corresponding SGL accounts that should be used by a
                         providing and receiving agency to record like intra-
                         governmental transactions. For example, the
                         providing entity's accounts receivable would normally
                         be reconciled to the reciprocal account, accounts
                         payable, on the receiving entity's records.

Recorded amount          The financial statement amount being tested by the
                         auditor in the specific application of substantive tests.

Reimbursable activity    In intragovernmental activity, similar to goods or
                         services, except the amounts billed to the receiving
                         entity by the providing entity are based on actual costs
                         incurred instead of on fees.

Related parties          Affiliates, management of the entity, their immediate
                         families, and other parties the entity deals with if one
                         party controls or can significantly influence the
                         management or operating policies of the other to an
                         extent that one of the parties might be prevented from
                         fully pursuing its own separate interests.

Remote                   The chance of the future event or events occurring is
                         slight.

Responsibility segment In cost accounting, a significant organizational,
                       operational, functional, or process component that
                       has the following characteristics: (a) its manager
                       reports to the entity's top management, (b) it is
                       responsible for carrying out a mission, performing a
                       line of activities or services, or producing one or a
                       group of products, and (c) for financial reporting and
                       cost management purposes, its resources and results
                       of operations can be clearly distinguished, physically
                       and operationally, from those of other segments of the
                       entity.

Risk                     See audit risk, inherent risk, control risk, detection
                         risk.




April 2003              GAO/PCIE Financial Audit Manual               Glossary-16
Glossary



Risk assessment          A component of internal control in addition to the
                         control environment, monitoring, information and
                         communication, and control activities. The entity's
                         identification and analysis of relevant risks to
                         achievement of its objectives, forming a basis for
                         determining how the risks should be managed.

Safeguarding controls    Internal controls to protect assets from loss from
                         unauthorized acquisition, use, or disposition arising
                         from misstatements in processing transactions and
                         handling the related assets. Safeguarding controls are
                         considered part of financial reporting controls. Some
                         safeguarding controls are operations controls.

Sample                   Items selected from a population to reach a
                         conclusion about the population as a whole.
                         (Compare with nonsampling selection.)

Sampling                 The application of audit procedures to fewer than all
                         items composing a population to reach a conclusion
                         about the entire population. The auditor selects
                         sample items in such a way that the sample and its
                         results are expected to be representative of the
                         population. Each item must have an opportunity to be
                         selected, and the results of the procedures performed
                         must be projected to the entire population.

Sampling interval        The amount between two consecutive sample items,
                         used in selecting the items in systematic sampling. In
                         dollar-unit sampling, this amount may be determined
                         by dividing the test materiality by a statistical risk
                         factor.

Sampling risk            The risk that the auditor's conclusion based on a
                         sample might differ from the conclusion that would be
                         reached by applying the test in the same way to the
                         entire population.

Specific control         Evaluating the effectiveness of the design and
evaluation (SCE)         operation of specific control activities. This process is
                         documented on the SCE worksheet.



April 2003              GAO/PCIE Financial Audit Manual              Glossary-17
Glossary



Standard General        A uniform chart of accounts and guidance for
Ledger (SGL)            standardizing federal agency accounting. Composed
                        of five major sections: (1) chart of accounts,
                        (2) account descriptions, (3) accounting transactions,
                        (4) SGL attributes, and (5) report crosswalks.
                        Prescribed by the Department of the Treasury in its
                        Treasury Financial Manual.

Standard General        One of the three requirements of FFMIA.
Ledger (SGL) at the     Implementing the SGL at the transaction level means
transaction level       that the entity's general ledger is in full compliance
                        with the SGL chart of accounts descriptions and
                        posting rules, that transactions from feeder systems
                        are fed into the general ledger following SGL
                        requirements through an automated or, in certain
                        cases, a manual interface, that detail supporting these
                        transactions can be traced back to the source
                        transactions in the feeder systems, and that the feeder
                        systems process transactions consistent with SGL
                        account descriptions and posting rules.

Statistical sampling    Sampling that uses the laws of probability for
                        selecting and evaluating a sample from a population
                        for the purpose of reaching a conclusion about the
                        population.




April 2003             GAO/PCIE Financial Audit Manual             Glossary-18
Glossary



Stewardship               Required supplementary stewardship information
information               includes (1) stewardship property, plant, and
                          equipment (property owned by the federal
                          government including: heritage assets [PP&E of
                          historical, natural, cultural, educational, or artistic
                          significance], national defense PP&E [weapons
                          systems and vessels], and stewardship land [land
                          other than that acquired for, or in connection with,
                          general PP&E]), (2) stewardship investments (items
                          treated as expenses in calculating net cost but
                          meriting special treatment to highlight their
                          substantial investment and long-term-benefit nature,
                          including: nonfederal physical property [grants
                          provided for properties financed by the federal
                          government but owned by the state and local
                          governments], human capital [education and training
                          programs financed by the federal government for the
                          benefit of the public], and research and development
                          [basic and applied]), (3) stewardship responsibilities
                          (current services assessment showing receipt and
                          outlay data on the basis of projections of future
                          activities—required in the consolidated statements of
                          the U.S. government only—and social insurance
                          information), and (4) risk-assumed information on
                          insurance and guarantee programs (generally, the
                          present value of unpaid expected losses net of
                          associated premiums).

Stratification            Separation of a population into what the auditor
                          believes are relatively homogeneous groups, each of
                          which is referred to as a stratum, usually to improve
                          sampling efficiency in a classical variables estimation
                          sample.

Stratified sample         A classical variables estimation sample where the
                          auditor first stratifies the population then selects a
                          random sample from each stratum.

Substantive analytical    Analytical procedures used as substantive tests.
procedures




April 2003               GAO/PCIE Financial Audit Manual                Glossary-19
Glossary



Substantive assurance    The auditor’s judgment that the assurance provided by
                         all substantive tests of an assertion will detect
                         misstatements that exceed materiality. Not the same
                         as confidence level.

Substantive tests        Specific tests to detect material misstatements in an
                         assertion relating to the account balance, transaction
                         class, and disclosure components of financial
                         statements.

Suitable criteria        In agreed upon procedures engagements, suitable
                         standards that have the attributes of objectivity,
                         measurability, completeness, and relevance.

Supplemental             Analytical procedures to increase the auditor's
analytical procedures    understanding of account balances and transactions
                         when detail tests are used as the sole source of sub-
                         stantive assurance.

Systematic sampling      A method of selecting a sample in which every nth
                         item is selected. See random sample.

Test materiality         The maximum misstatement that the auditor can
(tolerable               tolerate in a population. This materiality is used in
misstatement)            determining the extent of a specific substantive test.
                         (In statistical terms, margin or bound of error.) Test
                         materiality is design materiality, reduced when

                         •   the audit is being performed at some, but not all,
                             entity locations (requiring increased audit
                             assurance for those locations visited);
                         •   the area tested is deemed to be sensitive to the
                             users of the financial statements; or
                         •   the auditor expects to find a significant amount of
                             misstatements

Tolerable                See test materiality.
misstatement




April 2003              GAO/PCIE Financial Audit Manual              Glossary-20
Glossary



Tolerable rate          In attribute sampling for control testing, the maximum
                        rate of deviation from a prescribed control that the
                        auditor would be willing to accept without altering the
                        assessment of the effectiveness of the control. For
                        tests of compliance with laws and regulations, the
                        tolerable rate is the maximum rate of noncompliance
                        that the auditor would accept in the population
                        without reporting the noncompliance. (In statistical
                        terms, margin or bound of error.)

Top stratum item        An item in a dollar-unit sample that equals or exceeds
                        the amount of the sampling interval or implicit
                        sampling interval. Top stratum items are tested
                        100 percent.

Trading partner code    As assigned by the U.S. Department of the Treasury,
                        trading partner code is the attribute defined within the
                        accounting for a transaction used to identify the
                        trading partner entity. The trading partner code is
                        illustrated next to the SGL account and is a two-digit
                        number.

Trading partners        As defined by the U.S. Department of the Treasury,
                        trading partners are agencies, bureaus, programs, or
                        other entities (within or between agencies/
                        departments) participating in transactions with each
                        other.

Transfers               Funding moved from one entity to another based on
                        an agreement between the providing entity and the
                        receiving entity

Treasury Financial      The Treasury Financial Manual (TFM) is Treasury's
Manual (TFM)            official publication for financial accounting and
                        reporting of all receipts and disbursements of the
                        federal government. Provides procedures for federal
                        agencies to account for and reconcile transactions
                        occurring within and between each other. Includes
                        procedures for CFO Act agencies to reconcile and
                        confirm with their trading partners intragovernmental
                        activity and balances.



April 2003             GAO/PCIE Financial Audit Manual              Glossary-21
Glossary



Universe                  See population.

User controls             Manual comparisons of computer output (generally
                          totals) to source documents or other input (including
                          control totals).

Walkthroughs              Audit procedures to help the auditor understand the
                          actual operation of significant aspects of accounting
                          system processing and control techniques.
                          Walkthroughs of financial reporting controls consist
                          of tracing one or more transactions from initiation,
                          through all processing, to inclusion in the general
                          ledger; observing the processing and applicable
                          controls in operation; making inquiries of personnel
                          applying the controls; and examining related
                          documents.



FISCAM has a glossary of IS terms.




April 2003              GAO/PCIE Financial Audit Manual              Glossary-22
ABBREVIATIONS


AAPC         Accounting and Auditing Policy Committee

ABA          American Bar Association

AcSEC        Accounting Standards Executive Committee of the AICPA

AICPA        American Institute of Certified Public Accountants

ALC          agency locator code

ARA          Account Risk Analysis

AT           Reference to Statements on Standards for Attestation Engagements
                in the sections of the Codification of Statements on Auditing
                Standards

AU           Reference to Statements on Auditing Standards in the sections of
                the Codification of Statements on Auditing Standards

AUP          agreed-upon procedures

CFO          Chief Financial Officer

COSO         Committee of Sponsoring Organizations of the Treadway
               Commission

CSRS         Civil Service Retirement System

DUS          dollar-unit sampling

DCIA         Debt Collection Improvement Act

FACTS        Federal Agencies' Centralized Trial Balance System

FAM          GAO/PCIE Financial Audit Manual

FASAB        Federal Accounting Standards Advisory Board

FASB         Financial Accounting Standards Board

FBWT         fund balance with Treasury



April 2003             GAO/PCIE Financial Audit Manual                 Abbrev-1
Abbreviations


FCRA         Federal Credit Reform Act

FERS         Federal Employees' Retirement System

FISCAM       Federal Information System Controls Audit Manual

FFMIA        Federal Financial Management Improvement Act of 1996

FMFIA        Federal Managers' Financial Integrity Act of 1982

FMS          Financial Management Service

GAAP         generally accepted accounting principles

GAAS         generally accepted auditing standards

GAGAS        generally accepted government auditing standards

GAO          General Accounting Office

G/L          general ledger

GRA          General Risk Analysis

IG           Inspector General

IPAC         Intragovernmental Payments and Collection System

IS           Information Systems

JFMIP        Joint Financial Management Improvement Program

MD&A         management’s discussion and analysis

NTDO         Non-Treasury Disbursing Office

OGC          Office of General Counsel

OMB          Office of Management and Budget

OPM          Office of Personnel Management

PCIE         President’s Council on Integrity and Efficiency


April 2003             GAO/PCIE Financial Audit Manual              Abbrev-2
Abbreviations



PP&E         property, plant, and equipment

RSI          required supplementary information

RSSI         required supplementary stewardship information

SAS          Statement on Auditing Standards

SCE          Specific Control Evaluation

SF           standard form

SFFAC        Statement of Federal Financial Accounting Concepts

SFFAS        Statement of Federal Financial Accounting Standards

SGL          U.S. Government Standard General Ledger

SSAE         Statement on Standards for Attestation Engagements

TFM          Treasury Financial Manual

W/P          workpaper




April 2003            GAO/PCIE Financial Audit Manual              Abbrev-3
           [This page intentionally left blank.]




(195006)