Financial Audit Manual Vol.02

H H H H H H H H H
Financial
Audit Manual
VOLUME 2
July 2008
D STAT TATES of AM
ITE ES TE
DS ER
UN NI PCIE
IC
U
United States Government President’s Council on

G OV E RN M E
O F F IC E
PRESIDENT
Accountability Office Integrity & Efficiency

CY
IEN
Y
IC
'S
IT
T L
FF
BI
CO
N
UN E
AC
C OU N TA CI &
L on TY
INTEGRI
Source: GAO
GAO-08-586G
July 2008
TO AUDIT OFFICIALS, AGENCY CFOS, AND OTHERS INTERESTED IN

FEDERAL FINANCIAL AUDITING AND REPORTING
This letter transmits the revised Financial Audit Manual (FAM) Volume 2 of the
Government Accountability Office (GAO) and the President’s Council on Integrity
and Efficiency (PCIE). GAO and the PCIE issued the joint FAM in July 2001. The
FAM presents a methodology to perform financial statement audits of federal
entities in accordance with professional standards. We have updated the FAM for
significant changes that have occurred in auditing financial statements in the U.S.
government since the last major revisions to the FAM were issued in July 2004.
To help the FAM continue to meet the needs of the federal audit community and the
public it serves, GAO and the PCIE created a joint FAM Working Group. The Group
is comprised of auditors from GAO and several Offices of the Inspectors General
experienced in conducting audits of federal entity financial statements. Through a
collaborative effort, the FAM Working Group prepared a revised FAM Volume 2 that
contains audit tools. A revised FAM Volume 1 that contains the audit methodology
is being issued separately. FAM Volume 3, which contains checklists for Federal
Accounting (FAM 2010) and Federal Reporting and Disclosures (FAM 2020), was
issued on August 28, 2007 (GAO-07-1173G).
On October 5, 2007, we issued exposure drafts of FAM Volumes 1 and 2 for an

extended public comment period that ended on January 31, 2008. We received 15
letters of comment which have been considered in this issued version of FAM
Volume 2, as well as FAM Volume 1.
The revisions to the FAM are primarily due to changes in (1) professional auditing
and attestation standards of the Auditing Standards Board of the American Institute
of Certified Public Accountants (AICPA); (2) Government Auditing Standards
issued by GAO; (3) audit and reporting guidance issued by the Office of
Management and Budget (OMB); (4) accounting standards issued by the Federal
Accounting Standards Advisory Board (FASAB); and (5) laws.
Summary of Major Revisions and Improvements for FAM Volume 2
FAM Volume 2 incorporates changes based on (1) AICPA Statement of Auditing

Standards (SAS) No. 100 through 114, which include the audit risk standards (SAS
Nos. 104 through 111); (2) Government Auditing Standards (July 2007 Revision);
(3) audit guidance in OMB Bulletin No. 07-04, Audit Requirements for Federal
Financial Statements (September 4, 2007); and (4) financial reporting guidance in
revised OMB Circular No. A-136, Financial Reporting Requirements (June 29,
2007).
Page 1 GAO-08-586G FAM Volume 2

FAM Volume 2 also includes the effects on financial audits of FASAB accounting
concepts and standards issued through May 31, 2007. This includes accounting,
reporting, and disclosure requirements for social insurance, heritage assets and
stewardship land, and earmarked funds. Finally, throughout the updated FAM
Volume 2, revisions were made for new terminology, changes in the federal audit
environment, and effects of applicable laws. A table of major changes to FAM
Volume 2 is presented in attachment 1 to this letter.
This FAM Volume 2 supersedes previously issued versions of FAM Volume 2

through July 2004 and can be used to audit federal entity financial statements for
the fiscal year ended September 30, 2008.
*****
Should you need additional information, please contact us at fam@gao.gov or call

GAO’s Financial Management and Assurance Assistant Directors Roger Stoltz, at
(202) 512-9408; or Janet Krell, at (202) 512-4716; Director Steve Sebastian at (202)
512-9521; or PCIE FAM Working Group Leaders Alex Biggs, at (202) 693-5258; or
Joel Grover, at (202) 927-5768. Other GAO FAM Project Team and PCIE FAM
Working Group members are presented in attachment 2 of this letter.
Sincerely yours,
/Signed/ /Signed/
McCoy Williams The Honorable Jon T. Rymer

Managing Director Chairman, Audit Committee
Financial Management and Assurance President’s Council on Integrity
U.S. Government Accountability Office and Efficiency
Attachments and enclosures

Attachment 1
Table of Major Changes to FAM Volume 2
FAM section Major change
Various SAS references, particularly the audit risk standards (SAS No.
104 through No. 111) have been codified in the appropriate AU
section.
650 Some clarifications and new terminology throughout were

added for using the work of others.
701 A Consistent with OMB audit guidance, performance measures

are excluded from internal control definitions effective starting
in fiscal year 2008 at FAM 701 A-8, II H.
802 The general compliance checklist in FAM 802.06 lists five

general laws for compliance consistent with OMB audit
guidance while four other laws commonly assessed by auditors
are now presented in FAM 802.07.
803 New audit procedures for checking on Antideficiency Act

violations were added at FAM 803-6, steps 7 and 8.
902 Auditing related parties and intragovernmental activity and

balances have been revised to be consistent with OMB auditing
guidance.
903 The discussion of full costing per SFFAS No. 30 was expanded
at FAM 903.02.
921 Treasury’s development and implementation of a new

Government Wide Accounting (GWA) system that will have a
significant impact on auditing Fund Balance with Treasury
(FBWT) is discussed at FAM 921.11-.12. Treasury’s plan to
discontinue use of certain suspense accounts is discussed at
FAM 921.13. Because these changes are to occur over several
years, auditors should reevaluate their FBWT audit
procedures, some examples of which are now presented in
FAM 921.17-.22.
921 A Treasury processes and reports are being substantially revised

as a result of the implementation of the GWA system and other
changes.
921 D The audit program was eliminated.
931 This new section provides guidance on auditing heritage assets

and stewardship land as a result of SFFAS No. 29.

Attachment 1
FAM section Major change
941 This new section provides guidance on auditing the Statement

of Social Insurance as a result of SFFAS Nos. 17, 25, 26, and 28.
1001 This section on management representation letters has been

revised to be consistent with changes in professional
standards. The effect of a change in management on
representation letters was added at FAM 1001.19.
1001 A The example management representation letter was changed

to group representations by category (financial statements,
internal control, fraud, etc.). Representations were added for
Antideficency Act violations at FAM 1001 A.27, Statement of
Social Insurance at FAM 1001 A.28-.36, consistency of budget
information required by OMB audit guidance at FAM 1001 A.37,
and earmarked funds at FAM 1001 A.38. “Government-wide
polices” was deleted at FAM 1001 A.13 b.
1002 A table for analyzing contingent losses was added to FAM

1002.06 and a new FAM 1002.12 was added for certain legal
claims where no monetary damages are being sought. FAM
1002.16 expanded the discussion and timing of interim and
final legal letters.
1003 The audit completion checklist was revised to be consistent

with new professional standards and the revised FAM.

Attachment 2
GAO FAM Project Team

McCoy Williams, Managing Director
Steven J. Sebastian, Director
Robert F. Dacey, Chief Accountant
Abraham D. Akresh, Senior Level Expert for Auditing Standards
Roger R. Stoltz, Assistant Director
Janet M. Krell, Assistant Director
Corinne P. Robertson, Senior Auditor and Project Manager
William E. Boutboul, Project Manager
Charles R. Fox, Project Manager
Suzanne Murphy, Project Manager
Vera M. Seekins, Senior Auditor
Sharon O. Bryd, Audit Sampling Specialist
Francis L. Dymond, Assistant General Counsel
Jacquelyn N. Hamilton, Deputy Assistant General Counsel
PCIE FAM Working Group Members

The Honorable John P. Higgins, Jr., Chairman, Audit Committee, PCIE
Alex Biggs, PCIE Working Group Leader, Office of Inspector General,
U.S. Department of Labor
Joel Grover, PCIE Working Group Leader, Office of Inspector General,
U.S. Department of Treasury
Debra Alford, Office of Inspector General, U.S. Department of Defense
Morgan Aronson, Office of Inspector General, U.S. Department of Interior
Ade Bankole, Office of Inspector General, U.S. Department of Treasury
Susan Barron, Office of Inspector General, U.S. Department of Treasury
Paul Curtis, Office of Inspector General, Environmental Protection Agency
Mary Harmison, Office of Inspector General, Federal Trade Commission
Mark L. Hayes, Office of Inspector General, U.S. Department of Justice
David S. Laun, Office of Inspector General, U.S. Department of Justice
Marie Maguire, Office of Inspector General, National Science Foundation
Kelly A. McFadden, Office of Inspector General, U.S. Department of Justice
Joon Park, Office of Inspector General, U.S. Department of Labor
Kieu Rubb, Office of Inspector General, U.S. Department of Treasury
Gregory Spencer, Office of Inspector General, U.S. Department of Education

Attachment 2
[This page intentionally left blank.]

CONTENTS
CONTENTS – FAM VOLUME 2 – TOOLS
600 PLANNING AND GENERAL
601 Introduction to FAM Volume 2 – Tools

650 Using the Work of Others
650 A Summary of Audit Procedures and Documentation for Review of Other
Auditors’ Work
650 B Example Audit Procedures for Using the Work of Others
650 C Example Reports When Using the Work of Others
660 Agreed-Upon Procedures
660 A Example Agreed-Upon Procedures Engagement Letter
660 B Example Representation Letter from Responsible Entity on Agreed-Upon
Procedures Engagement
660 C Agreed-Upon Procedures Engagement Completion Checklist
660 D Example Agreed-Upon Procedures Report
700 INTERNAL CONTROL (See also FAM 900)
701 Assessing Agency Systems with the Federal Financial Management

Improvement Act (FFMIA)
701 A Example Audit Procedures for Testing Systems Compliance with FFMIA
701 B Summary Schedule of Instances of Systems Noncompliance with FFMIA
800 COMPLIANCE
802 General Compliance Checklist

803 Antideficiency Act
808 Federal Credit Reform Act of 1990
809 Provisions Governing Claims of the U.S. Government (31 U.S.C. 3711-
3720E) (Including the Debt Collection Improvement Act of 1996) (DCIA)
810 Prompt Payment Act
812 Pay and Allowance System for Civilian Employees, as Provided Primarily
in Chapters 51-59 of Title 5, U.S. Code
813 Civil Service Retirement Act, 5 U.S.C. Chapter 83
814 Federal Employees Health Benefits Act, 5 U.S.C. Chapter 89
816 Federal Employees’ Compensation Act (FECA), 5 U.S.C. Chapter 81
817 Federal Employees’ Retirement System Act of 1986 (FERS), 5 U.S.C.
Chapter 84
July 2008 GAO/PCIE Financial Audit Manual Contents-1

CONTENTS - FAM VOLUME 2 – TOOLS
900 SUBSTANTIVE TESTING
902 Related Parties, Including Intragovernmental Activity and Balances

902 A Example Account Risk Analysis for Intragovernmental Activity and
Balances
902 B Example Specific Control Evaluation for Intragovernmental Accounts
902 C Example Audit Procedures for Intragovernmental and Other Related
Parties’ Activity and Balances
903 Auditing Cost Information
921 Auditing Fund Balance with Treasury (FBWT)
921 A Treasury Processes and Reports Related to FBWT Reconciliation
921 B Example Account Risk Analysis for Fund Balance with Treasury
921 C Example Specific Control Evaluation for Fund Balance with Treasury
931 Auditing Heritage Assets and Stewardship Land
941 Auditing the Statement of Social Insurance
1000 REPORTING
1001 Management Representations

1001 A Example Management Representation Letter
1002 Inquiries of Legal Counsel
1002 A Example Audit Procedures for Inquiries of Legal Counsel
1002 B Example Legal Letter Request
1002 C Example Legal Representation Letter
1002 D Example Management Summary Schedule
1003 Financial Statement Audit Completion Checklist
1005 Subsequent Events Review
July 2008 GAO/PCIE Financial Audit Manual Contents-2

SECTION 600
Planning and General

FAM Volume 2 – Tools
600 – Planning and General
July 2008 GAO/PCIE Financial Audit Manual Page 600

601 – Introduction to FAM Volume 2 -- Tools
601 – Introduction to FAM Volume 2 – Tools

.01 Volume 2 of the GAO/PCIE Financial Audit Manual (FAM) consists of
1
tools to assist the auditor in performing a financial statement audit of a
federal entity. These tools are generally organized according to the phases
of the audit and are presented in
• FAM 600, the planning phase and general issues;
• FAM 700, the internal control phase;
• FAM 800, compliance;
• FAM 900, substantive testing; and
• FAM 1000, the reporting phase.
.02 Many of the tools in the various FAM sections include activities that would
be performed during other phases of the audit. Thus, the auditor may refer
to the FAM sections in volume 2 early in the audit. For example, FAM 701,
Assessing Compliance of Agency Systems with the Federal Financial
Management Improvement Act, includes procedures that would be
performed throughout the audit, not just during the internal control phase,
although many of them would be performed then. Also, FAM 902, Related
Parties, Including Intragovernmental Activity and Balances, has procedures
that the auditor may decide to perform in the planning and internal control
phases of the audit as well as during the testing phase.
.03 The audit procedures presented in the examples in this and other FAM
sections of volume 2 are examples of some of the audit steps typically
performed in each area. They are used in conjunction with the appropriate
FAM sections. In using these procedures, the auditor uses professional
judgment to add additional procedures, delete irrelevant procedures,
modify procedures, indicate the extent and timing of procedures, and
change the terminology to that used by the federal entity to be audited. The
auditor may integrate these steps with the audit programs for related line
items. For example, tests of intragovernmental activity and balances in
FAM 902 may be integrated with tests of accounts receivable and payable,
and, to improve effectiveness, the auditor may coordinate those tests with
related nonintragovernmental activity and balances.
1
The term “auditor,” throughout the FAM includes individuals who may be titled auditor, analyst,
evaluator, or have a similar position description.
July 2008 GAO/PCIE Financial Audit Manual Page 601-1

601 – Introduction to FAM Volume 2 -- Tools

650 - Using the Work of Others

.01 In many financial statement audits, the auditor uses the work and reports
of other auditors and specialists that may include CPA firms, inspectors
general1 (IG), state auditors, and internal auditors. Specialists include
actuaries and information systems (IS) personnel. The auditor may
contract with a CPA firm to perform parts of an audit, or to perform the
entire audit. The auditor expressing the opinion on the financial statements
is usually “the principal auditor” as defined by AU 543.02, but this is a
matter of professional judgment.
.02 FAM 650 provides guidance to auditors on designing and performing
oversight and other procedures when using the work of other auditors and
specialists. Various professional standards also provide guidance in this
area. These standards include AU 543, “Part of Audit Performed by Other
Independent Auditors;” AU 322, “The Auditor’s Consideration of the
Internal Audit Function in an Audit of Financial Statements;” AU 336,
2
“Using the Work of a Specialist;” and AU 315 “Communications Between
Predecessor and Successor Auditors.” These standards have different
requirements depending on whether the auditor is using the work of an
independent auditor, an internal auditor, or a specialist.
.03 In the federal environment, the auditor may use the work of other auditors
and specialists in various situations. For example:
• Audits of federal entity financial statements, either consolidated or
individual bureaus, agencies, funds, or other components, by IGs or
CPA firms in accordance with GAGAS (which includes U.S. GAAS) and
OMB audit guidance.
• CPA firms, IGs, or specialists engaged to do parts of an audit (for

example, review information system (IS) controls, review actuarial
calculations, or test specific accounts).
• Reports on the processing of transactions by service organizations (i.e.

SAS No. 70 reviews under AU 324).
• Single audits or audits of federal funds provided to units of state and

local governments performed by state auditors and CPA firms.
• Work performed by internal audit functions (or equivalent, such as a

program review office or those performing A-123 internal control
reviews).
1
IG audits are used by GAO as principal auditor of the U.S. government consolidated financial statements.
For the GAO audit of the Bureau of Public Debt (BPD), GAO is the other auditor and the CPA firm under
contract to the Treasury IG is the principal auditor when it reports on the Treasury Department
consolidated financial statements.
2
The AICPA also issued Practice Alert 2002-02, Use of Specialists.
• Work performed by internal audit staff who provide direct assistance to
the auditor.
.04 AU 543.13 states that in some circumstances the auditor may find it
appropriate to participate in discussions regarding the accounts with
management personnel of the component whose financial statements are
being audited by other auditors and/or to make supplemental tests of such
accounts. The determination of the extent of additional procedures, if any,
to be applied rests with the principal auditor alone in the exercise of
professional judgment and in no way constitutes a reflection on the
adequacy of the other auditor’s work.
An auditor transmitting the other auditor’s opinion is not a principal
auditor; neither is the auditor expressing negative assurance on the other
auditor’s work. However, if the auditor assumes responsibility for the
opinion on the financial statements on which the auditor reports without
making reference to the audit performed by the other auditor, the auditor
taking responsibility should determine the extent of procedures to be
undertaken.
.05 FAM 650 provides guidance in making the judgments necessary for the
auditor to use the work of others, including the
• type of reporting (FAM 650.09-.10);
• evaluation of the other auditors’ or specialists’ independence and

objectivity (FAM 650.11-.24);
• evaluation of the other auditors’ or specialists’ qualifications (FAM

650.25-.35); and
• determination by the auditor on the level of review (FAM 650.36-.42 and

FAM 650 A).
.06 The auditor should coordinate with the other auditor whose work is to be
used. In turn, the other auditor should determine the needs of the auditor
who plans to use the work being performed so that the professional
judgments exercised by both auditors can satisfy the needs of both. This is
best done before major work is started. For example, auditors of a
consolidated entity (such as the U.S. government or an entire department
or federal entity) are likely to plan to use the work of other auditors of
subsidiary entities (such as individual departments, agencies, bureaus,
funds, or other components). This coordination can result in more efficient
and effective government audits and avoid duplication of effort.
In addition, both auditors should coordinate throughout the audit so that
the timing needs of the auditor and the other auditor are met. The auditor
should provide instructions on audit procedures to be performed,
materiality considerations, reporting format, and any other information
deemed appropriate. The other auditor should perform the requested

procedures in accordance with these instructions and report the findings
solely for use by the auditor (AU 9543.03). The other auditor should also
provide full and timely access to appropriate individuals and audit
documentation for review by the auditor (GAGAS par. 4.23). This may
occur on an ongoing basis during the audit, although this work may not be
completely reviewed.
.07 In this coordination, the auditor should inform other auditors on how their
work and report will be used. AU 543.07 indicates that if the auditor’s
report will name the other auditor, the principal auditor should obtain
permission to do so and should present the other auditor’s report together
with its report. For CPA firms, this permission may be obtained as part of
the contracting process. As a professional courtesy, the auditor generally
should also provide other auditors with a draft of its report to avoid
surprises before final issuance.
.08 When there is a difference of opinion, the auditor should confer with the
other auditor in an attempt to reach an agreement as to the procedures that
would be necessary to satisfy both auditors’ professional judgments. If
both auditors are unable to reach agreement, see FAM 650.54-.56. FAM 650
B contains example audit procedures for using the work of others, which
depend on the professional judgments made.
Types of Reporting
.09 There are various types of reporting when using the work of other auditors
and specialists. The type of reporting depends on the degree of
responsibility the auditor accepts and the work the other auditors and
specialists will perform. Factors for the auditor to evaluate in deciding
which type of reporting to use include the degree of assurance to provide,
legal requirements, and cost-benefit considerations. The amount of
resources required varies by type of report and generally increases in the
order presented below.
The auditor generally should decide the type of reporting in planning the
engagement. The auditor generally should discuss the type of reporting
with the other auditors or specialists early in the audit. The auditor
exercises professional judgment in making these decisions and should
document the basis for the decisions. AU 504.03 indicates that an auditor is
associated with financial statements when the auditor has consented to the
use of its name in a report, document, or written communication
containing the financial statements. The type of reporting will depend on
the auditor’s association with the report:
a. No association with report. In this situation, the other auditors or
specialists provide the report directly to the audited entity and/or to
significant users. The auditor may use this method when procuring the
audit but not acting as “the auditor.” Examples are when there is no
legal requirement for a separate audit report, or the user does not need
a separate audit report, or a separate audit report would provide no

additional information. When the auditor is required by law to perform
the audit, the auditor should not use this option as the auditor is
associated with the report.
b. Association with report. In this situation, there are two possible
types of transmittal letters: one expressing no assurance and one
expressing negative assurance on the other auditors’ work. For either
type, the auditor is associated with the financial statements as
described in AU 504. The fourth standard of reporting was amended by
SAS No. 113 in AU 150.02 to state “In all cases where an auditor’s name
is associated with financial statements, the auditor should clearly
indicate the character of the auditor’s work, if any, and the degree of
responsibility the auditor is taking, in the auditor’s report.”
Because the auditor did not perform the audit, the auditor should
disclaim an opinion and should not express its concurrence with the
other auditors’ opinion. The auditor may use this approach when the
auditor did not perform the audit but wants to issue a report or letter.
The auditor may also expand the letter to highlight certain findings or
information or to indicate that certain procedures were performed. See
example 1 of FAM 650 C for wording for both types of transmittal
letters which
• Express no assurance. For this letter, the auditor issues a
transmittal letter without reviewing the other auditors’ audit
documentation. In these situations, the transmittal should be clear
as to the limitations of the work of the auditor who generally has the
responsibility to monitor audit contracts, as applicable, to meet the
requirements of statutory audit provisions, such as in the IG Act,
CFO Act, or Accountability of Tax Dollars Act of 2002.
• Express negative assurance. This letter indicates that the auditor

reviewed the other auditors’ or specialists’ report and related audit
documentation, inquired of their representatives, and found no
instances where the other auditors did not comply, in all material
respects, with U.S. GAAS or GAGAS.
c. The auditor issues a report that refers to other auditors’ reports

and indicates a division of responsibilities. To use this approach,
the auditor has two decisions to make: (1) whether the auditor may
serve as the principal auditor (AU 543.01-.03) and (2) whether the
auditor will refer to the work of the other auditors (AU 543.01-.10). For
3
audits of federal entities, auditors may be designated by law. The
auditor exercises professional judgment in making these decisions and
should document the basis for the decisions. One consideration in
deciding whether the auditor is the principal auditor is sufficient
3
IGs are designated by the CFO Act to audit their agencies, but have the authority to contract with another
auditor to perform the audits. GAO is mandated by 31 U.S.C. 331(e) to audit the U.S. government’s
consolidated financial statements.
knowledge of the entire entity, including portions audited by other
auditors. Another consideration is the materiality and importance of the
consolidated assets, liabilities, expenses, revenues, or net position the
auditor has not audited.
The auditor may issue a report that refers to other auditors when
(1) the other auditors have reported on financial statements for a
component entity that is part of the entity whose financial statements
the principal auditor is reporting on and (2) the principal auditor does
not wish to take responsibility for the other auditors’ work. (See
AU 543.09 for example wording.) This approach may be used only for
CPA firms or for other auditors that are organizationally independent
(see FAM 650.14) and should not be used for internal auditors or
specialists.
However, a reader of the report could question the basis for the
principal auditor issuing the opinion because of the significant
materiality and importance of the portion of the financial statements
audited by the other auditors. In this case, the principal auditor should
determine whether there is a need to issue a report that does not
mention the other auditors’ work, which may require additional work
(see FAM 650.09 e).
d. The auditor issues a report that expresses concurrence with the
other auditors’ report and conclusions. The auditor may use this
approach when other auditors have reported on financial statements
and the principal auditor needs or wants to provide more assurance
than what is provided in the transmittal letter. For example, a certain
audit may be required by law, in which the auditor, although allowed to
hire other auditors to do the work, is required to give its opinion. In the
absence of such a requirement, a report expressing concurrence is
generally not cost-effective because of the resources required.
Expressing concurrence means that the auditor would have
reached the same opinion or conclusion had it done the audit.
Therefore, the auditor should do the same level of work it would
have done to take responsibility for the other auditor’s work. In
this instance both the other auditor and the auditor that expresses
concurrence are principal auditors because both have sufficient
knowledge of the overall financial statements and the important issues,
and the concurring auditor, by reason of the level of work done, has
also audited the financial statements.
The auditor usually accomplishes this by reviewing the audit
documentation of the other auditor, having discussions with entity
management, and/or performing supplemental tests, (see example 2 in
FAM 650 C for report wording).
This approach may be used only for CPA firms or for other auditors
who are organizationally independent (see FAM 650.14). The auditor
should not use this report for specialists, since AU 336.15 prohibits
reference to a specialist’s report unless the auditor issues a qualified or
adverse opinion or a disclaimer of opinion based on the specialist’s
work. The auditor also should not use this approach for internal
auditors. AU 322.19 states that the responsibility to report on the
financial statements rests with the auditor and cannot be shared with
internal auditors.4
e. The auditor issues a report that does not mention the other
auditors’ or specialists’ work. In this situation, the auditor issues the
example report in FAM 595 A and/or FAM 595 B (as if no other auditors
or specialists were involved). This means the auditor takes
responsibility for the other auditors’ or specialists’ work. (See
FAM 650.09 c for a discussion of principal auditor issues.) The
auditor may use this approach when the other auditors have done part
of the audit. (This approach also may be used when the other auditors
have done substantially the entire audit.) For example, a number of
other auditors may have audited individual components of an entity and
the auditor may audit the consolidation process. The auditor may use
this approach if the auditor has sufficient knowledge of the entire entity
and does additional work (see FAM 650.10).
The auditor generally should accomplish this by reviewing the audit
documentation, having discussions with entity management, and/or
performing supplemental tests. The auditor also should use this
approach when using the work of specialists and internal auditors
because professional standards do not permit referring to specialists’ or
internal auditors’ work (unless, for specialists, the auditor issues a
qualified or adverse opinion or a disclaimer of opinion based on the
specialists’ work). GAO uses this approach in the audit of the
consolidated financial statements of the U.S. government.
.10 Table 650.1 presents an overview of the work the auditor generally should
perform for each type of report or letter. “Yes” means that the auditor
should perform some of that category of work. “No” means that the auditor
need not perform that category of work. The extent of work in each
category depends on the auditor’s professional judgment. See FAM 650.36
for discussion on the level of review.
4
There may be situations where the auditor is asked to provide a separate opinion in addition to presenting
the other auditors’ report, or serves as the contracting officer’s technical representative (COTR). In these
situations, the auditor should follow the wording in FAM 595 A and/or FAM 595 B, and should add the
following in lieu of the introduction to the first paragraph on FAM 595 A-5: “To help fulfill these
responsibilities, we contracted with the independent certified public accounting firm of [insert firm name]
to perform a financial statement audit in accordance with U.S. generally accepted government auditing
standards, OMB's bulletin, Audit Requirements for Federal Financial Statements, and the GAO/PCIE
Financial Audit Manual. The report of [name of CPA firm] dated [date] is attached. We evaluated the
nature, extent, and timing of the work, monitored progress throughout the audit, reviewed the audit
documentation of [name of CPA firm], met with partners and staff members of [name of firm], evaluated
the key judgments, met with officials of [entity being audited], performed independent tests of the
accounting records [if applicable], and performed other procedures we deemed appropriate in the
circumstances. Our opinions expressed above are consistent with the opinions of [name of CPA firm].
Thus, in this audit, we (continue with numbered items).”
Table 650.1: Overview of Work Performed for Each Type of Reporting
Type of Evaluate the Evaluate the Level of Hold discussions

reporting other auditors’ other review and/or perform
independence auditors’ (FAM 650.36- supplemental tests
and objectivity qualifications .42) (FAM 650.43-.47)
(FAM 650.11- (FAM 650.25-
.24) .35)
a
No association No No None No
with report
(FAM 650.09 a)
Auditor Yes Yes Low or none No

transmittal
letter expresses
no assurance
(FAM 650.09 b,
first bullet)
Auditor Yes Yes Moderate or No
transmittal low
letter expresses
negative
assurance (FAM
650.09 b, second
bullet)
Yes Yes Low or none No
Report refers to
the other
auditors’ report
and indicates a
division of
responsibilities
(FAM 650.09 c)
Report concurs Yes Yes High, Yes for internal

with the other moderate, or auditors’ work
auditors’ report low (should include
or does not supplemental tests);
mention the yes for auditors’
other auditors’ work for high level
work (FAM of review; no for
650.09 d and e) auditor’s work for
moderate or low
level of review
a
If the auditor contracts with the other auditors or serves as the COTR, the contracting process generally
will require the auditor to evaluate the other auditors’ independence, objectivity, and qualifications and to
monitor performance under the contract.

Evaluating the Other Auditors’ or Specialists’ Independence

and Objectivity
.11 Unless the auditor has no association with the report, the auditor should
evaluate the other auditors’ or specialists’ independence and objectivity.
Where the auditor has previously used the work of the same other auditor,
the auditor generally should update the previous evaluation. Under
GAGAS, chapter 3, audit organizations and individual auditors should be
free both in fact and appearance from personal, external, and
organizational impairments to independence. The auditor should first
evaluate organizational independence. Different standards apply to CPA
firms, other organizationally independent auditors, internal auditors, and
specialists.
.12 For CPA firms and specialists, the auditor may use a contracting
process that is part of its organization or a procurement function within the
entity to be audited. The auditor should determine whether the firm
selected represented [in the statement of work (SOW) or request for
proposal (RFP)] that it (and the assigned engagement team)
• is independent and objective with respect to the audited entity;
• will remain independent throughout the audit;
• will disclose any independence issues discovered; and
• will immediately notify the COTR if it considers submitting a proposal
on any contracts involving the audited entity to permit evaluation of
whether its auditors’ independence could be impaired.
Firms should be asked to describe in their proposals all work, including
nonaudit services, they have done for the audited entity in the last several
years. See GAGAS, chapter 3, and Government Auditing Standards:
Answers to Independence Questions (GAO-02-870G, July 2002).
The auditor generally should determine whether the SOW or RFP indicate
that “The government will determine whether a firm is independent
for the purpose of performing an audit of financial statements of
the federal entity.” This avoids a potential dispute where, for example,
the firm does substantial nonaudit work for the entity to be audited that the
auditor views as a conflict. The technical evaluation panel should evaluate
whether the nature and extent of nonaudit services or other factors causes
an independence or objectivity issue, either in fact or in appearance. In this
evaluation, the panel generally should determine whether (1) the other
auditors will need to audit their own work or (2) whether the other
auditors made management decisions or performed management
functions.

.13 The auditor generally should have a role in contracting for the CPA firm or
specialist.5 When the auditor does not participate in contracting for the
CPA firm or specialist, the auditor generally should obtain an overview of
the contracting process, including
• reading the SOW or RFP;
• reviewing the proposal of the firm selected; and
• understanding the evaluations of the panel selecting the firm.
The auditor should determine whether the firm provided a representation
as to independence and objectivity (usually in its proposal). If the firm has
not provided a representation as to independence and objectivity, the
auditor should obtain a representation from the firm. If the auditor is not
familiar with the firm, the auditor should inquire of professional
organizations, such as the AICPA or the Public Company Accounting
Oversight Board (PCAOB), as to the firm’s professional reputation and
standing.
.14 For government auditors, the auditor should decide whether the other
auditor is organizationally independent to report externally or whether to
consider it as an internal audit organization. The auditor may refer to the
work of organizationally independent government auditors but should not
refer to the work of internal audit organizations in the audit report. The
auditor generally should perform more extensive review and supervision
when dealing with internal auditors. The auditor should obtain written
6
representations from appropriate officials of the government audit
organization that to the best of their knowledge, the organization and the
individual auditors doing the work are independent of the entity being
audited. This means that the individual auditors are free of personal
impairments to independence and maintain an independent attitude and
appearance. It also means that the auditor is free from external
impairments and is organizationally independent (see GAGAS, chapter 3).
The representation letter may indicate the general criteria for determining
independence, such as “under the criteria in GAGAS.” The auditor should
obtain representations for the period of the financial statements to the date
of the other auditors’ report. Since the auditor decides on the
independence and objectivity of the other auditors to plan its work, the
auditor generally should obtain oral representations early in the audit and
written representations at the end of the audit.
.15 Government auditors may be presumed to be free from organizational
impairments to independence when reporting externally to third parties if
they are organizationally independent of the audited entity. Government
5
Under the CFO Act, if an executive agency IG is not performing the audit of the agency’s financial
statements, required under 31 U.S.C. 3515, the IG is required to determine the independent external auditor
(CPA firm) that will perform the work.
6
Obtaining a representation from an appropriate official of the audit organization is similar to the
procedure for CPA firms under AU 543.10b.
auditors may meet the requirement for organizational independence in a
number of ways. There is a presumption that a government auditor is
organizationally independent (GAGAS, chapter 3) if the auditor is assigned
to
a. a level of government other than the one to which the audited entity is
assigned (federal, state, or local), for example, a federal auditor
auditing a state government program; or
b. a different branch of government within the same level of government
as the audited entity, for example, a legislative auditor auditing an
executive branch program.
.16 There is also a presumption of organizational independence if the head of
the government audit organization (GAGAS, chapter 3) meets one of the
following criteria:
a. directly elected by voters of the jurisdiction being audited;
b. elected or appointed by a legislative body, subject to removal by a
legislative body, and reports the results of audits to and is accountable
to a legislative body;
c. appointed by someone other than a legislative body, so long as the
appointment is confirmed by a legislative body and removal from the
position is subject to oversight or approval by a legislative body, and
reports the results of audits to and is accountable to a legislative body;
or
d. appointed by, accountable to, reports to, and can only be removed by a
statutorily created governing body, the majority of whose members are
independently elected or appointed and come from outside the
organization being audited.
.17 If the other auditor or its head meets one of the above criteria, the auditor
need not perform any procedures concerning organizational independence
other than to obtain a representation letter from an appropriate official of
the government audit organization as noted in FAM 650.14 (see FAM 650.23
for tests of personal independence). However, if the auditor encounters
evidence that the other auditor might not be organizationally independent,
the auditor should determine the need for inquiries and other procedures,
and then evaluate the results of these procedures.
.18 In addition to the presumptive criteria, GAGAS recognizes that there may
be other organizational structures under which a government audit
organization could be free from organizational impairments. The auditor
should determine whether these other structures provide sufficient
safeguards to prevent the audited entity from interfering with the
government auditor’s ability to perform the work and report the results
impartially. For the auditor to determine that the government audit
organization is free from organizational impairments to report externally
under a structure different from the ones listed above, the government
auditor (GAGAS, chapter 3) should have all of the following safeguards:
a. statutory protections that prevent the audited entity from abolishing the
government audit organization;
b. statutory protections that require that if the head of the government
audit organization is removed from office, the head of the federal entity
report this fact and the reasons for the removal to the legislative body;
c. statutory protections that prevent the audited entity from interfering
with the initiation, scope, timing, and completion of any audit;
d. statutory protections that prevent the audited entity from interfering
with the reporting on any audit, including the findings and conclusions,
or the manner, means, or timing of the government audit organization’s
reports;
e. statutory protections that require the government audit organization to
report to a legislative body or other independent governing body on a
recurring basis;
f. statutory protections that give the government audit organization sole
authority over the selection, retention, and dismissal of its staff; and
g. statutory access to records and documents related to the federal entity,
program, or function being audited, and access to government officials
or other individuals as needed to conduct the audit.
.19 If the auditor concludes that the government audit organization has all the
safeguards listed in FAM 650.18, the auditor may determine that the
governmental auditor is free from organizational impairments to
independence when reporting externally. The auditor should document the
statutory provisions in place that provide these safeguards.
.20 When using the work of other government auditors that meet these
requirements, the auditor should request a representation letter (see FAM
650.14) from an appropriate official of the government audit organization.
The auditor should review this document and as necessary discuss it with
appropriate officials of the government audit organization, the external
quality assurance reviewer, legal counsel for the government audit
organization, and the auditor’s legal counsel.
.21 If the auditor decides that the government audit organization is not
organizationally independent to report externally (either because it does
not meet the criteria in GAGAS or for another reason), the auditor should
determine whether the other auditor is organizationally independent to
report internally. Such auditors are internal auditors. The Institute of
Internal Auditors’ (IIA), International Standards for the Professional
Practice of Internal Auditing defines internal auditing as “an independent,
objective assurance and consulting activity designed to add value and
improve an organization’s operations. It helps an organization accomplish
its objectives by bringing a systematic, disciplined approach to evaluate
and improve the effectiveness of risk management, control, and
governance processes.”

GAGAS contain guidance on organizational independence for government
internal auditors. For example, internal auditors should be outside the staff
or line management function of the unit under audit. They should report
their results and be accountable to the head or deputy of their federal
entity. IIA standards require internal auditors to be objective for the
activities they audit. These GAGAS and IIA standards of independence for
internal auditors differ from independence under the AICPA Code of
Professional Conduct or independence for external auditors under GAGAS.
The auditor generally should determine whether the internal auditors
whose work is to be used are independent of the activities they audit. The
auditor also should determine the organizational status of the head of the
audit organization. For the audit organization to be considered free from
organizational impairments to report internally to management, the head of
the audit organization (GAGAS, chapter 3) should meet all criteria:
a. is accountable to the head or deputy head of the government entity, or
those charged with governance;
b. is required to report the results of the audit organization’s work to the
head or deputy head of the government entity and those charged with
governance;
c. is located organizationally outside the staff or line management
function of the unit under audit;
d. has access to those charged with governance; and
e. is sufficiently removed from political pressures to conduct audits and
report findings, opinions, and conclusions objectively without fear of
political reprisal.
.22 If the auditor concludes that the internal auditors are not independent
under GAGAS and IIA standards, the auditor should treat the work as if the
audited entity prepared it. If the auditor concludes that the internal
auditors are independent under GAGAS and IIA standards, the auditor may
use their work to the extent permitted by AU 322. In either case, the
auditor should not issue a report referring to or concurring with the work
of internal auditors.
.23 In addition to evaluating the other auditors’ organizational independence,
the auditor should evaluate whether the audit team has any personal
impairments. For both internal auditors and organizationally independent
government audit organizations, the auditor generally should ask how the
other auditors monitor the personal independence of individual staff
members, especially those doing the work the auditor would like to use.
.24 The auditor should document the work performed and the conclusions
reached as to independence and objectivity. The documentation should
indicate the auditor’s conclusion as to whether the other auditors are
independent and objective and the basis for that conclusion. The auditor
should consult with the reviewer if there are questions about the other
auditors’ independence or objectivity.
Evaluating Other Auditors’ or Specialists’ Qualifications

.25 After evaluating the other auditors’ or specialists’ independence and
objectivity, the auditor should evaluate their qualifications to perform the
specific tasks required. This involves evaluating the qualifications of the
firm or audit organization and evaluating the qualifications of the specific
audit team. Where the auditor has previously used the work of the same
other auditors, the auditor generally should update the previous evaluation.
.26 For CPA firms and specialists, the auditor generally should evaluate
qualifications through the contracting process, usually by using a technical
evaluation panel to select a qualified firm. A firm submits résumés for its
audit team members, demonstrates why its team is qualified to do the
work, and submits its plan for doing the audit. Each CPA firm should
submit its latest peer review report, letter of comments, and response to
the peer review report. The firm should also agree to submit updated peer
review reports during the period of the contract. If the peer review report
was issued more than three years earlier, the evaluation panel may obtain
documentation relating to the internal quality control policies and
procedures of the selected firm, or read the firm’s inspection report and
7
response.
A CPA firm may also be asked to submit its latest public inspection report
prepared by the PCAOB, but these reports pertain to audits of publicly
traded companies and related quality controls. However, to the extent they
raise issues about quality controls or methodology, they may be applicable
8
to audits of federal entities.
.27 Where the auditor did not participate in the contracting process, the
auditor should determine how the qualifications of a firm were evaluated.
For example, did the technical evaluation panel review:
• Résumés of the team members?
• The audit approach?
• The peer review report and related letter of comments (if any)?
• The firm’s response to the peer review report?
The auditor should read these documents and reach a conclusion as to
qualifications.
.28 For auditors other than CPA firms, the auditor should ask whether the
audit organization had a peer review and the date of that review. IGs have
peer reviews performed every 3 years by other IGs. Most state auditors also
have peer reviews every 3 years. To comply with GAGAS, the audit
organization should have a peer review every 3 years. The IIA standards
7
Some CPA firms consider internal inspection reports as proprietary documents not subject to auditor
review. This issue can be resolved by either allowing the auditor access to inspection reports or providing
the auditor with a summary or representation about inspection results as a condition of the contract.
8
Further information on the PCAOB inspection report process is available at www.pcaobus.org.
indicate that “[e]xternal assessments, such as quality assurance reviews,
should be conducted at least once every five years by a qualified,
independent reviewer or review team from outside the organization.”
While reviews under the IIA standard are not designed to report whether
the audit organization’s quality control adheres to GAGAS, they do provide
evidence about whether the work adheres to a recognized set of
professional standards. The auditor should read the peer review report, the
letter of comments, and the audit organization’s response. Where the audit
organization has received an unqualified peer review report recently
(usually less than 3 years ago), the auditor generally need not perform
further review of the audit organization’s qualifications.
.29 Where the peer review report is not recent, the auditor generally should
review the results of the audit organization’s internal inspection program
for any new quality control issues. The inspection generally should include
reviews of audit documentation, interviews of staff members, and tests of
functional areas. Where the inspection is recent (usually within the past
year) and the inspection report is unqualified, the auditor generally need
not perform further review of the audit organization’s qualifications.
.30 Where the peer review or inspection report is qualified or adverse, the
auditor should evaluate whether the quality control system has since been
strengthened to allow the auditor to use the other auditors’ work. The
auditor may review the organization’s action plan for improving quality
controls and inspection results in determining whether quality controls
have improved since the peer review. The auditor should evaluate the
effect of remaining weaknesses in determining the nature and extent of
procedures to be performed.
.31 Where the latest peer review was completed more than 3 years earlier and
there is no inspection program, the auditor should obtain an overview of
9
the important quality control policies and procedures of the other auditor.
The overview generally should cover the functional areas of
• independence, integrity, and objectivity (FAM 650.11-.24);
• leadership responsibilities;
• ethical requirements;
• acceptance and continuance of clients and engagements;
• human resources (includes recruiting and hiring, advancement,
professional development and training, and assigning personnel to
assignments);
• engagement performance (includes supervision and consultation); and
• monitoring programs.
9
The auditor may refer to the AICPA Practice Aid, Establishing and Maintaining a System of Quality
Control for a CPA Firm’s Accounting and Auditing Practice (2007) and GAGAS 3.55-3.63.
.32 The auditor may obtain this information through interviews of the other
auditor’s management and staff and through reading its quality control
summary document. The auditor also may read the other auditor’s manuals
and other guidance for conducting audits.
.33 In addition to evaluating the other auditor’s qualifications, the auditor also
should evaluate the overall qualifications of the team assigned to do the
work. The auditor may review résumés of key team members to
accomplish this. The auditor should review the specific education, training,
certifications, and experience of key team members. In evaluating
qualifications, the auditor should review the specific role of staff members
on the job. When the auditor has knowledge of qualifications from prior
experience for key team members, the auditor should inquire about their
experience in the time since the last audit.
.34 Where the auditor is not satisfied as to the qualifications of the other
auditor, the auditor generally should perform a more detailed review of the
documentation and/or perform supplemental tests of key line items (see
FAM 650.36).
The auditor should document the work performed and the conclusions
reached as to the other auditors’ qualifications. The documentation should
indicate the auditor’s conclusion as to whether the other auditors are
qualified to perform the tasks required and the basis for that conclusion.
The auditor should consult with the reviewer if there are questions about
the other auditors’ qualifications.
.35 If the auditor has significant concerns about the other auditors’
independence, objectivity, or qualifications, the auditor should revise its
audit strategy. For example, the auditor may
• contract with another firm;
• ask the other auditors to substitute more highly qualified or objective
staff members;
• do the audit without using the other auditors’ work, treating any work
done by the other auditors as prepared by the audited entity;
• divide the work so that the other auditors test the areas where they are
qualified, and the auditor does the rest of the audit; or
• issue a disclaimer of opinion.
Planning the Review and Testing of Other Auditors’ or
Specialists’ Work
.36 After evaluating the other auditors’ or specialists’ independence,
objectivity, and qualifications, the auditor should develop an audit strategy
and audit plan for reviewing and, if necessary, testing the work done. In
this strategy, the auditor generally should document the level of review as
high, moderate, or low. In some situations, the auditor should perform
significantly more work than the work shown for the high level to include
performing significant supplemental tests. In other situations, the auditor
may decide less review or no review is necessary. These situations
typically involve entities or line items that are very small in relation to the
financial statements taken as a whole. In these situations, the auditor may
decide to read the other auditors’ report and the financial statements and
ask questions if anything seems unusual.
The auditor should reevaluate the audit strategy and plan as the work
progresses. If serving as the COTR, the auditor will assist the contracting
officer to ensure contractor compliance with the terms and conditions of
the contract. In addition, the IG Act requires that the IG take appropriate
steps to assure that any work performed by nonfederal auditors complies
with GAGAS. The level of review is a professional judgment the auditor
generally should make for significant assertions in each material line item
considering the following factors:
a. The type of report or letter the auditor will issue, as less review is
needed for a transmittal letter than for reports in which the auditor
takes responsibility for the other auditors’ work (see FAM 650.10).
b. Whether the other auditors issue a disclaimer of opinion because of a
scope limitation, as less work is needed to concur with a scope
limitation than to concur with an unqualified opinion (see FAM 650.37).
c. Whether the auditor’s report might contain a disclaimer because of a
scope limitation, as less work is needed if the auditor’s report will
contain a scope limitation (see FAM 650.39).
d. The other auditors’ independence, objectivity, and integrity (both for
the audit organization and its audit team) are impaired, as the level of
review increases as independence, objectivity, and integrity decreases.
e. The other auditors’ qualifications (both for the audit organization and
its audit team) to perform the work the auditor wishes to use, as the
level of review increases as the other auditors’ qualifications decrease.
f. The auditors’ prior experience with the other auditors (both for its audit
organization and its audit team), as the level of review tends to
decrease as the auditor’s confidence increases from working with the
other auditors.
g. The materiality of the line item in relation to the financial statements
the auditor is reporting on, taken as a whole, as the level of review
increases as the line item becomes more material.
h. The risk of material misstatement, including the risk of material fraud
for the line item and assertion in the financial statements the other
auditors are auditing, as the level of review increases as the risk of
material misstatement increases.
.37 If the other auditors’ work has a scope limitation, this generally affects
the level of review, except for transmittal letters with no assurance. If the
other auditors disclaim an opinion on the financial statements because of a
scope limitation, the auditor should also issue a disclaimer of opinion,
unless the financial statements the other auditors audited are not material

to the financial statements the auditor is auditing. The auditor generally
need not perform extensive procedures to be satisfied that this disclaimer
is appropriate. Additionally, the auditor generally need not hold
discussions with entity management and/or perform supplemental tests in
this situation, and may limit the review of documentation to summary
documentation. Thus, the level of review is usually low or no review (see
FAM 650.10). However, the auditor may do additional work to learn about
the entity, to help the other auditor plan future audits, or to help entity
management correct the causes of the scope limitation.
.38 If the other auditors’ work had a scope limitation that results in a qualified
opinion, the auditor generally should perform a moderate or high level of
review to determine whether the other auditors should have disclaimed an
opinion and that the only issues are those relating to the qualification.
.39 A scope limitation on the auditor’s work that results in a disclaimer
also may affect the level of review. Since the auditor has already decided
that not enough work can be done on the overall financial statements, no
amount of review of the other auditors’ work is likely to change that
conclusion. Thus, as in FAM 650.37, discussions with entity management
and/or supplemental tests are not required, the review of the other
auditors’ documentation may be limited to summary documentation; and
the level of review is usually low or no review (see FAM 650.10). However,
the auditor may do additional work to learn about the entity, to help the
other auditor plan future audits, or to help entity management correct the
causes of the scope limitation.
.40 If there is a scope limitation on the auditor’s work that results in a qualified
opinion, the auditor should perform a similar amount of work as for an
unqualified opinion (i.e., enough to support the qualification).
.41 FAM 650 A illustrates the audit work that the auditor generally should
perform for each level of review on each significant line item, as well as
what to retain in audit documentation.
Review of Audit Documentation
.42 The extent of the auditor’s review of the other auditors’ or specialists’
documentation depends on the level of review and is a professional
judgment based on the factors in FAM 650.36.
• For a low level of review, the auditor may limit the review of
documentation to key summary planning and completion
documentation.
• For a moderate level of review, the auditor generally should review
more of the other auditors’ or specialists’ documentation, especially
those evidencing important decisions. For financial statement audits,
this includes the audit strategy and audit procedures (or equivalent
documents); the ARA (or equivalent documentation) for significant
accounts; the SCE (or equivalent documentation) for significant
applications; the documentation for accounts, estimates, and judgments
with high risk of material misstatement; the analytical procedures; the
audit completion checklist at FAM 1003 (or equivalent documentation);
the audit summary memorandum; and the summary of uncorrected
misstatements (see FAM 595 C).
• For a high level of review, the auditor generally should review all of
the items for the moderate level of review plus the important detailed
documentation.
Discussions and/or Supplemental Tests for a High Level of
Review
.43 AU 543.13 states that “In some circumstances the principal auditor may
consider it appropriate to participate in discussions regarding the accounts
with management personnel of the component whose financial statements
are being audited by other auditors and/or to make supplemental tests of
such accounts.” The auditor may interpret “in some circumstances” to
mean when the level of review is high. Thus, where the level of review is
high, the auditor generally should (1) review audit documentation, and
(2) hold discussions with audited entity management and/or perform tests
of original documents.
The objective of these additional procedures is for the auditor to obtain
additional evidence about whether key items are properly handled and
supported by sufficient appropriate evidence. For example, the auditor
generally should discuss key items with entity management, especially
estimates and judgments. This discussion generally should be with the
other auditors present. The auditor generally should attend the entrance
and exit conferences and other key meetings held by other auditors or
specialists. For key items that have high risk of material misstatement,
discussions with entity management may not provide sufficient evidence,
and the auditor should perform supplemental tests.
.44 The auditor may perform supplemental tests on a selection of the other
auditors’ work, additional tests of the accounting records, or both. To
perform supplemental tests, the auditor should obtain access to the entity’s
personnel and its books and records. The auditor may coordinate access to
the entity’s personnel and records through the other auditor. The auditor
and the other auditor also may jointly perform parts of a test, where the
sample is planned jointly and the results are evaluated jointly. Although
supplemental tests are usually performed only when the level of review is
high, the auditor may perform supplemental tests in other situations to
learn about the entity, to help the other auditor plan future audits, or to
help entity management correct problems.
.45 Where the other auditor is an internal auditor, the auditor should perform
supplemental tests. The extent of this testing depends on circumstances
and should be sufficient for the auditor to make an evaluation of the overall
quality and effectiveness of the internal control work done by the internal
auditor (see AU 322.26).

.46 The auditor generally should limit discussions with entity management
and/or supplemental tests to significant assertions in line items that have a
high risk of material misstatement. This is especially true in areas involving
estimates and judgments or in areas on which users place extensive
reliance. The auditor’s supplemental tests generally should include some
items tested by the other auditor, particularly any that appear to be
exceptions, in order to determine whether they were appropriately
evaluated in formulating an opinion. The auditor generally should plan to
perform supplemental tests while the other auditors are at the entity and
have access to records, as this can minimize the inconvenience for
everyone.
.47 It is not necessary to perform supplemental tests of the work of specialists.
As indicated in AU 336.12, the auditor should understand the methods and
assumptions used by the specialists, test the data provided to the
specialists (extent of testing is based on risk and materiality), and evaluate
whether the specialists’ findings support the financial statement assertions.
If the auditor believes the findings are unreasonable, the auditor should
apply additional procedures and/or determine the need to obtain another
specialist.
Subsequent Events Review and Dating of the Auditor’s Report
.48 The auditor should date the report when the auditor has obtained sufficient
appropriate audit evidence to support the opinion on the financial
statements (AU 339.23 and AU 530). If the other auditors’ or specialists’
report is dated earlier and the auditor’s report does not mention the other
auditors’ report or concurs with the other auditors’ report as in example 2
of FAM 650 C, the auditor should update the subsequent events review to
the date of the auditor’s report.
The auditor may ask the other auditors to update the subsequent events
review to the required date, or the auditor may update the subsequent
events review. However, since this requires additional work, the auditor
should attempt to complete audit work when the other auditors complete
their work. The auditor should evaluate this issue and coordinate with the
other auditor when planning the audit. The auditor need not update the
subsequent events review when the auditor issues a transmittal letter, as in
example 1 of FAM 650 C.
Staffing the Review of the Other Auditors’ or Specialists’ Work
.49 When staffing the review, the auditor should determine the extent to which
the other auditors or specialists have reviewed their work. The other
auditor should have performed at least one level of review for all audit
work, with more material or sensitive areas having multiple reviews. In
some cases, before the audit is complete, the other auditor may not have
completed all levels of review, particularly at its top level, and may be
reluctant for the auditor to access the audit documentation before these
reviews are done.

The auditor’s staff reviewing the work generally should have enough
experience in financial statement auditing to understand the professional
judgments that need to be made and to interact with the higher levels of
the other auditor. An assistant director or a senior manager who has
significant experience in performing and reviewing financial statement
audit work should perform most of the review. Less qualified staff
members may perform supplemental tests when supervised by more
qualified auditors.
The assistant director, audit manager, or auditor-in-charge should review
the documentation of any supplemental tests performed by less
experienced staff members. Except for key areas or issues, the audit
director may designate another qualified auditor to perform the primary
review of audit documentation prepared by the assistant director.
.50 When the other auditors’ work involves the review of IS controls, an IS
controls specialist should participate in the auditor’s review. Together they
should determine if IS controls were adequate, audit work was properly
documented, and related audit objectives were achieved.
Evaluating the Work of Other Auditors or Specialists
.51 After the auditor has completed the review of the other auditors’ or
specialists’ work, and, if necessary, any supplemental testing, the auditor
should determine whether the work is sufficient and acceptable for the
auditors’ use. The auditor should document this evaluation.
.52 Sometimes, other auditors use methodologies or audit approaches that are
different from those the auditor would have used. Auditing requires a great
deal of professional judgment and there often are alternative ways to
achieve audit objectives. Many CPA firms have developed, at considerable
expense, proprietary audit methodologies to use on a wide range of public
and private sector clients. Many of these audit methodologies utilize
electronic technology where the entire audit documentation exists only in
electronic form. Thus, the auditor should understand the other auditors’
audit methodology and basis for the nature, extent, and timing of audit
procedures. This may require obtaining permission to use proprietary
software to review the audit documentation. Additionally, where the CPA
software is retained, the auditor should develop a process to maintain the
operability of the software to access the audit documentation in the future.
The auditor should evaluate whether sufficient appropriate evidence10 has
been obtained to meet the audit objectives, particularly for significant
assertions in line items with a high risk of material misstatement. If the
auditor has concerns about whether the other auditors’ work provides
sufficient appropriate evidence, the auditor generally should discuss the
10
Sufficiency is the measure of the quantity of evidence. Appropriateness is the measure of the quality of
audit evidence, that is, its relevance and reliability in providing support for, or detecting misstatements in,
the classes of transactions, account balances, and disclosures and related assertions. These measures
originated in SAS No. 106, Audit Evidence, and are codified at AU 326.08. They are effective for audits of
financial statements for periods beginning on or after December 25, 2006.
matter with the audit director and the reviewer before formally discussing
the issue with the other auditors.
.53 The auditor should determine the significance of the test results to the
audit of the financial statements the auditor is reporting on. As an example,
the other auditors may have selected a nonstatistical sample and/or the
sample size may be smaller than the sample size the auditor would have
selected. The auditor may decide that this provides sufficient evidence in
an area that is less material or has low or moderate risk of material
misstatement. However, if the risk of material misstatement is high, the
auditor may conclude that sufficient appropriate evidence has not been
obtained and that additional work is needed.
In this case, after consulting with the audit director and the reviewer, the
auditor generally should either ask the other auditors to perform additional
tests or perform the additional tests. If this additional testing is not done,
the auditor should determine the effect on the auditor’s report of the scope
limitation. Because reaching this conclusion after the work is performed is
inefficient, especially when the level of review is high, the auditor generally
should coordinate or concur with major planning decisions of the other
auditor before audit work is started.
.54 Sometimes, the auditor may disagree with the conclusions or judgments of
the other auditors. In this case, the auditor should evaluate the other
auditors’ work as well as any other evidence or testing necessary to
determine the appropriate conclusion.
.55 The auditor should discuss any issues of disagreement with the other
auditors to attempt to resolve the disagreement. The auditor should
attempt to resolve professional disagreements early to reduce confusion
that may arise from differing auditor views. Once identified, the auditor
should discuss the issues with the other auditors to resolve them in a
timely manner and before the completion of the audit.
.56 If the auditor does not reach agreement with the other auditors, the auditor
should determine how to report. For disagreements involving matters that
are material to the financial statements, the auditor may decide not to
transmit the other auditors’ report, instead issuing a disclaimer of opinion
due to a scope limitation or doing additional work, if necessary, to issue an
appropriate opinion. For disagreements involving matters that are not
material to the financial statements,, the auditor may transmit the other
auditors’ report, issue the transmittal letter or report, and describe the
disagreement and the basis for the auditor’s conclusions.
Documenting the Review of Other Auditors’ or Specialists’
Work
.57 Regardless of the type of reporting or the level of review, the auditor’s
documentation generally should contain the items listed in FAM 650 A
under “documentation,” either electronically or in hard copy.

.58 In addition, where the auditor performs supplemental tests of the
accounting records, the auditor’s documentation should contain a
description of the work (this may be a list of the documents the auditor
examined or tick marks on a copy of the other auditors’ documentation if
that is the basis for the selection) and the auditor’s conclusion. It is not
necessary to retain copies of the documents examined.
.59 There is a difference between the auditor’s responsibilities to review the
documentation of other auditors and what the auditor may copy and retain
from that documentation. The auditor uses professional judgment in
deciding which of the other auditors’ or specialists’ documents to copy and
retain. However, many auditors use electronic technology to retain
documentation for the entire audit. The auditor may cite this
documentation as part of the review to include any supplemental testing
performed on the other auditors’ work. The auditor may print any
documents as necessary.
.60 The auditor may retain other documentation if it might be useful in
understanding the entity, training staff members, planning future audits,
reviewing the documentation, or writing the report. Documentation in this
category includes the entity profile (or equivalent), audit strategy, audit
procedures, ARA and SCE forms (or equivalent), trial balance or lead
schedules, management representation letter, and legal representation
letter. Auditors often find it helpful to keep copies of documents (either
electronically or in hard copy) in case questions are raised in review but
not to include those copies in the audit documentation unless they are
needed to document the work performed.
The auditor should retain documents in accordance with the contract or
other legal requirements, but not less than 5 years from the report release
date (AU 339.32). Audit procedures may indicate which documents to
retain. The auditor may not discard documents after 60 days from the
report release date (AU 339.27-.30). In documenting the review, auditors
may indicate the document number or index number used by the other
auditor in order to locate the document at a later date.
Ownership and confidentiality of audit documentation is determined by
contract and legal requirements (see AU 339.31).
Using Internal Audit Staff to Provide Direct Assistance to the
Auditor
.61 Sometimes, the auditor or the audited entity requests that internal auditors
provide direct assistance to the auditor. Before this is done, the auditor
should be satisfied with the independence, objectivity, and qualifications of
the staff assigned to do the work requested. AU 322.27 indicates that in
these situations, “The auditor should inform the internal auditors of their
responsibilities, the objectives of the procedures they are to perform, and
matters that may affect the nature, timing, and extent of procedures, such
as possible accounting and auditing issues.”

The auditor should direct, review, test, and evaluate the work done by
internal auditors to the extent appropriate based on the auditor’s
evaluation of risk, materiality, objectivity, and qualifications.
Using Federal Entity Specialists
.62 Many federal entities have actuaries, security specialists, statistical
specialists, and other specialists whose work the auditor would like to use.
However, unless these specialists are part of an entity that is
organizationally independent or are under contract to such an entity, the
auditor should evaluate their work as the work of an employee of the entity
under audit. The auditor should use the specialists of other auditors or
contract for outside specialists to develop and implement appropriate tests.
Multiple Levels of Other Auditors
.63 Sometimes there are several levels of other auditors. For example, an IG
may hire a CPA firm to perform an audit of a federal entity’s financial
statements. The IG may issue a report concurring with the firm’s report or
a letter transmitting the firm’s report. GAO auditors may then use the work
of the IG as part of the audit of the financial statements of the U.S.
government.
.64 When there are multiple levels of other auditors, each audit organization
should follow the guidance in FAM 650. IG auditors should evaluate the
independence (see FAM 650.11-.24) and qualifications of the CPA firm (see
FAM 650.25-.35); should review the audit documentation (see FAM 650.42);
and may need to have discussions with entity management and/or perform
supplemental tests of key accounts depending on the level of review
deemed appropriate (see FAM 650.43-.47).
GAO auditors should evaluate the qualifications of the IG organization (by
reading the peer review report, the letter of comments, and the audit
organization’s response as described in FAM 650.25) and the qualifications
of the IG team doing the monitoring of the CPA firm. GAO auditors should
also review the IG auditor’s documentation of its review of the CPA firm
work and may perform supplemental tests as deemed necessary. If GAO
auditors find that the IG auditor has completed and documented adequate
work, including discussions with entity management and/or supplemental
tests, further discussions and/or supplemental tests would be quite limited,
perhaps a walk-through of work done in areas with high-risk of material
misstatement. Often, GAO auditors will attend fewer meetings than the IG
auditor attends and would concentrate the review on the IG auditor’s
documentation. GAO auditors may then issue a report on the financial
statements.
.65 Because of the potential for inefficiency, there generally should be close
coordination between the various auditors. The IG and GAO may perform
the review jointly. Sometimes, a memorandum of understanding may be
useful in documenting responsibilities. A chart that describes the review to
be done by each organization may be useful. The following is a useful

format for this chart (with more detail added as necessary under each
phase of the audit).
Procedures
Other
Phase of the audit auditor IG review GAO review
Planning
Internal control
Testing
Reporting
Reports on Other Auditors’ Work

.66 The auditor may be asked to issue a report evaluating work done by other
auditors in a situation where the auditor is not using the work of the other
auditors. For example, the auditor may be asked to evaluate an audit done
by a CPA firm. While AU 543, 322, and 336 are not directed toward these
situations, the guidance in FAM 650 is helpful in planning and reporting on
those assignments.

650 A - Summary of Audit Procedures and Documentation for Review of Other Auditors’
Work
650 A - Summary of Audit Procedures and Documentation

for Review of Other Auditors’ Work
.01 Table 1 on the following page presents a summary of audit procedures that
the auditor generally should perform at the entity level and for significant
assertions, line items, accounts, or applications when reviewing the work
of other auditors. As discussed in FAM 650.36, the three levels of review
are high, moderate, or low, as determined by the auditor’s professional
judgment.
Table 2 on the next following page presents a summary of documentation
that the auditor generally should retain from the auditor’s review of the
work of other auditors. However, the summary does not include work to be
done by the auditor on other auditor independence, objectivity, and
qualifications. (See FAM 650.11-.35 for a discussion of that work.) Where
the other auditor uses equivalent documents, the auditor should review
those documents.
.02 In both tables, procedures to be performed and documents to be retained
at the low level of review are indicated by regular font. The moderate level
of review includes the low level plus those in bold letters. The high level
of review includes the moderate level plus those in BOLD CAPITALS.
July 2008 GAO/PCIE Financial Audit Manual Page 650 A-1

Work
Table 1: Summary of Audit Procedures from Reviewing Other Auditors’ Work
AUDIT PROCEDURES
At entity level For significant assertions, line items,
accounts, or applications
1. Communicate with the other auditors: 1. Review:

• as to the objectives of the work • audit procedures (plan)
• discuss their procedures and results • conclusions about significant
• Attend key entrance and exit issues and their resolution (often
meetings in audit summary)
• COORDINATE OR CONCUR IN • account risk analysis (ARA)
SIGNIFICANT PLANNING • specific control evaluations
DECISIONS BEFORE MAJOR (SCE)
WORK IS STARTED • cycle memo
2. Review: • flowcharts
• audit strategy • determination of tolerable
• scope of work misstatement
• audit summary memorandum • sampling plan
• summary of uncorrected • other auditors’ key
misstatements documentation
• analytical procedures • high risk accounts, estimates,
• completion checklist and judgments
• determination of planning and design • analytical procedures
materiality • EVALUATION OF SAMPLE
• representation letters RESULTS
• information systems background • SUMMARY OF
• general and application controls UNCORRECTED
documentation (with assistance MISSTATEMENTS
from IS controls specialist)
2. PARTICIPATE IN DISCUSSIONS
• other key documentation WITH MANAGEMENT
3. Read: PERSONNEL AND/OR PERFORM
• other auditor’s report SUPPLEMENTAL TESTS OF THE
• financial statements and notes LINE ITEMS (ESPECIALLY KEY
• supplementary information ITEMS, ESTIMATES AND
• MDA and other accompanying JUDGMENTS); COMPARE
information CONCLUSIONS
• Management’s response

Work
Table 2: Summary of Documentation from Reviewing Other Auditors’ Work
DOCUMENTATION
Retain Optional
1. Auditor prepared: 1. Auditor and other preparers:
• audit strategy • entity profile
• memo documenting entrance and • audit procedures (plan)
exit conference • account risk analyses
• MEMOS DOCUMENTING KEY • specific control evaluations
MEETINGS ATTENDED AND • sampling plan
DISCUSSIONS WITH AUDITED • trial balance
ENTITY MANAGEMENT • lead schedules
• results of review of • evaluation of sample results
documentation • management representation
• SUPPLEMENTAL TEST letter
DOCUMENTATION • legal representation letter
• summary memo
2. Other auditor prepared:

At entity level:
• other auditor’s report
• entity’s final financial statements,
notes, and supplementary info
• management letter
• other auditor’s unadjusted known
and likely misstatements,
consideration of risk of further
misstatements, and comparison with
materiality
• audit completion checklist
• other auditor’s audit summary memo
At line item or assertion level:

• documentation that evaluates
exceptions
• other auditor’s documentation
evidencing significant judgments
and conclusions

Work

650 B - Example Audit Procedures for Using the Work of Others
650 B - Example Audit Procedures for Using the Work of

Others
These example procedures are appropriate when using the work of other auditors or the
work of specialists to perform a full or partial audit of financial statements and are
applicable to GAO financial statement audits. Auditors may use these procedures or a
monitoring tool for financial audits developed by the Federal Audit Executive Council, a
subcommittee of the President’s Council on Integrity and Efficiency that can be found at
www.ignet.gov/pande/faec/fsan0906.xls.
As stated in FAM 650.08, these procedures depend upon the professional judgments that
the auditor makes. The auditor should tailor the procedures to the circumstances and the
planned level of review (high, moderate, or low) as discussed in FAM 650.36. The auditor
should modify or add procedures as necessary, and delete them if not applicable. When
other auditors or specialists have done only part of an audit, the auditor may delete many
of the procedures below. The auditor may also delete procedures for the low level of
review or when the auditor plans to issue only a transmittal letter as discussed in FAM
650.09 b.
The audit procedures are presented in three sections: (1) evaluating independence,
objectivity, and qualifications for CPA firms and specialists; (2) evaluating independence,
objectivity, and qualifications for government audit organizations; and (3) monitoring the
work (for all types of other auditors and for specialists). The auditor should use the
applicable one of the first two sections and the third section. The auditor generally
should use a separate form for each other auditor or specialist.
Entity:________________________________________________________________
Job code:_____________________________________________________________
Period of audit:________________________________________________________
July 2008 GAO/PCIE Financial Audit Manual Page 650 B-1

Step Done
by/date Doc Ref
1. EVALUATING INDEPENDENCE,
OBJECTIVITY, AND QUALIFICATIONS FOR
CPA FIRMS AND SPECIALISTS
General
1. Read the statement of work or request for proposal to
determine whether this contracting document provides
sufficient background on the audited entity and indicates
the objectives of the work, what the contractor should
include in its proposal, how proposals will be evaluated,
and how the report will be used.
Independence and objectivity:

2. Determine whether proposal of selected firm includes a
representation as to the firm’s independence and
objectivity.
3. If proposal does not include a representation as to

independence and objectivity, obtain written
representation from firm.
Qualifications:
4. Read proposal of selected firm. In reviewing proposal,
evaluate the overall qualifications of the team performing
the work. Review resumes and determine for key team
members their educational level, professional
certifications, and professional experience, including
whether key team members have current knowledge and
experience in the type of work done.
5. Review the selected firm’s peer review report, letter of

comments, and response letter. If the peer review report
was issued more than three years earlier, obtain
documentation relating to the firm’s internal quality
control policies and procedures or review the firm’s
inspection program.
6. Communicate orally or in writing with the other auditors

to be satisfied that they understand the requirements, the
timetable, and the report or letter the auditor expects to
issue.

Step Done
by/date Doc Ref
2. EVALUATING INDEPENDENCE,
OBJECTIVITY, AND QUALIFICATIONS FOR
GOVERNMENT AUDITORS
Independence And Objectivity:
1. For all government audit organizations, obtain written
representation from an appropriate official that the
organization and its individual auditors are independent
of the entity being audited.
2. Determine whether the government audit organization

meets ONE of the criteria in FAM 650.15, or the head
meets ONE of the criteria in FAM 650.16. If the
organization (or its head) meets one of these criteria, no
further work is needed unless the auditor finds contrary
evidence as to independence and objectivity in other parts
of the audit. Indicate the criteria met and document the
evaluation of any other evidence obtained. (Go to step 6.)
3. If the government audit organization (or its head) does

not meet any of the criteria in step 2, determine whether it
meets ALL of the criteria in FAM 650.18.
4. Review the government audit organization’s

documentation of how it meets the requirements of step 3.
Discuss with an appropriate official of the organization
and consider discussions with quality assurance advisors,
legal counsel for the organization, and auditor’s legal
counsel. (Go to step 6.)
5. If the government audit organization does not meet the

criteria for organizational independence to report
externally, determine whether the organization is an
independent internal audit organization under GAGAS and
IIA standards.
Determine whether the internal auditors are objective for
the activities they audit. For the audit organization to be
considered free from organizational impairments,
determine if the head of the audit organization meets all of
the criteria indicated in FAM 650.21.

Step Done
by/date Doc Ref
6. For government auditors, obtain an understanding of the
organization’s policies to enhance the objectivity of
individual auditors as discussed in FAM 650.23, including
• policies to prohibit auditors from auditing areas where
relatives are employed,
• policies to prohibit auditors from auditing areas where
they were recently assigned or are scheduled to be
assigned after they complete their tour of duty in
auditing, and
• policies to require representations as to objectivity
and lack of conflicts of interest from each auditor.
7. Prepare a memorandum documenting work performed

and conclusions reached as to government audit
organization’s independence and objectivity.
Qualifications:
8. Read the latest peer review report or equivalent, letter of
comments, and the audit organization’s response as
discussed in FAM 650.28. Note the date of the report and
whether it is unqualified. If the report is recent (usually
within the past year) and unqualified, go to step 12.
9. If the peer review is not recent, review the latest

inspection report1, if any, and the organization’s response
as discussed in FAM 650.29. Note the date of the report
and whether it is unqualified. If the inspection is recent
(usually in the past year) and unqualified, go to step 12.
10. If the organization has not had a recent peer review or

inspection as discussed in FAM 650.31, obtain an
overview of the important policies and procedures in the
functional areas through interviews of management and
staff and through reading the summary quality control
document, if any. Consult with the reviewer on the
potential effect of using work with no recent peer review
or inspection before performing this step.
1
This could be the PCAOB inspection report for a CPA firm.

Step Done
by/date Doc Ref
11. If the peer review or inspection report was qualified or
adverse, determine whether the quality control system has
since been strengthened as discussed in FAM 650.30.
Review the organization’s action plan for strengthening its
quality control system. Evaluate the effect of remaining
weaknesses in determining the level of review.
12. Inquire how the government audit organization

determined staffing of the audit. Evaluate the overall
qualifications of the team performing the work as
discussed in FAM 650.33. Review resumes for key team
members and consider:
• educational level, professional certifications, and
professional experience;
• continuing professional education, especially training
and current knowledge in the type of work done;
• supervision and review of work;
• whether the audit team has adequate sources for
consultation and use of specialists, especially for audit
sampling, audit methodology, and review of computer
controls; and
• quality of documentation, reports, and
recommendations.
13. As discussed in FAM 650.35, if the auditor has significant

concerns about the government audit organization or its
team’s objectivity or qualifications, the auditor, in
developing the audit plan, may either
• ask the other auditors to substitute more objective or
highly qualified staff members;
• do the work, treating any work done by the other
auditors as prepared by the audited entity;
• divide the work so that the other auditors test the
areas where they are qualified and the auditor does the
rest of the audit; or
• issue a disclaimer of opinion.

Step Done
by/date Doc Ref
3. MONITORING THE WORK (FOR ALL TYPES

OF OTHER AUDITORS AND SPECIALISTS)
1. As discussed in FAM 650.36, develop a strategy and a plan
for reviewing the other auditors’ or specialists’ work and,
if necessary, performing supplemental tests of the
accounting records. Determine the level of review for
each line item.
2. Monitor audit planning (FOR ALL LEVELS OF REVIEW)
• Review the entity profile.
• Review the audit strategy or equivalent document and
audit plan.
(FOR MODERATE AND HIGH LEVEL OF REVIEW)
• Attend entrance meeting and key planning meetings.
• Review the determination of planning materiality and
design materiality.
• Have an IS controls specialist participate with the
auditor in reviewing the information resource
management background information and the
documentation for review of general and application
controls.
• Document line items and applications to be reviewed.
• For each such line item, review the Account Risk
Analyses, the Specific Control Analyses, the cycle
flowcharts, the cycle memoranda, the determination of
tolerable misstatement, and the audit plan or
equivalent documents.
3. Monitor the execution of the audit for reports following
example 2 of FAM 650 C or FAM 595 A and/or FAM 595 B
WHERE LEVEL OF REVIEW IS HIGH.
• Attend key meetings, especially those discussing high-
risk areas, significant estimates and judgments, fraud
brainstorming, and the other auditors’ conclusions.
• Discuss key items with audited entity management,
especially significant estimates and judgments.
• Perform supplemental tests of the accounting records:
-- Generally for high risk and material line items,
especially in areas involving estimates and judgments
or ones which users rely on extensively.
-- Generally while the other auditors are at the audited
entity location and have access to the records.

Step Done
by/date Doc Ref
-- Examine some of the same documents the other
auditors examined or make own selection or both.
-- Compare results of other auditors’ work to results of
supplemental tests.
-- Document scope of supplemental testing and
conclusions reached.
4. Monitor the completion of the audit (items with * are

usually not necessary for LOW level of review) :
• Review the overall analytical procedures.
• *Review the key documentation for the line item and
for completing the audit; consider evaluations of
sample results. (For example, were projections
appropriate? Was appropriate action taken based on
sample results?)
• *Determine whether the subsequent events review was
updated to the date of the auditor’s report.
• Review the audit summary memorandum, conclusions
about line items, and the summary of uncorrected
misstatements.
• Review the audit completion checklist at FAM 1003 (or
equivalent document).
• Review the management representation letter and the
legal representation letter.
• *Attend key exit conference(s).
• Read the other auditors’ report, the financial
statements, the notes, the other accompanying
information, and management’s response.
5. Prepare a summary memorandum.
6. Write the auditor’s report or transmittal letter.


650 C - Example Reports when Using the Work of Others

Example 1 – Transmittal Letters
As discussed in FAM 650.09 b, there are two types of transmittal letters,
one expressing no assurance and one expressing negative assurance on the
other auditor’s work. Examples of both types are presented as follows:
[Addressee]
We contracted with the independent certified public accounting firm of
[name of firm] to audit the financial statements of [name of entity] as of
[date] and for the year then ended, to provide an opinion [or a report] on
internal control over financial reporting (including safeguarding assets)
and compliance with laws and regulations, to provide an opinion on
1
whether [entity’s] financial management systems substantially complied
with the requirements of the Federal Financial Management Improvement
Act of 1996 (FFMIA) (for CFO Act agencies), and to report any reportable
noncompliance with laws and regulations they tested. The contract
required that the audit be done in accordance with U.S. generally accepted
government auditing standards, OMB audit guidance, and the GAO/PCIE
Financial Audit Manual [if required by the contract].
In its audit of [name of federal entity], [name of CPA firm] found
• the financial statements were fairly presented, in all material respects,
in conformity with U.S. generally accepted accounting principles,
• [federal entity] had effective2 internal control over financial reporting
(including safeguarding assets) and compliance with laws and
regulations,
• [entity’s] financial management systems substantially complied3 with
the requirements of the Federal Financial Management Improvement
4
Act of 1996 (FFMIA) (for CFO Act agencies), and
• no reportable noncompliance with laws and regulations tested.
[Name of CPA firm] also described the following significant matters (if
any):
• [Discuss any significant matters].
1
If the other auditors did not provide an opinion (i.e., did not give positive assurance) on whether the
entity’s systems complied with FFMIA, change this to “no instances in which entity’s financial management
systems did not substantially comply” (negative assurance).
2
If the other auditors did not provide an opinion on internal control, change this to “there were no material
weaknesses in internal control” (and include a definition of material weakness in a footnote).
3
If the other auditors did not provide an opinion (i.e., did not give positive assurance) on whether the
entity’s systems complied with FFMIA, change this to “no instances in which entity’s financial management
systems did not substantially comply” (negative assurance).
4
Non-GAO auditors may combine bullets 3 and 4.
July 2008 GAO/PCIE Financial Audit Manual Page 650 C-1
For transmittal letters expressing no assurance, use the following
paragraph:
[Name of CPA firm] is responsible for the attached auditor’s report dated
[date] and the conclusions expressed in the report. We do not express
opinions on [name of entity]’s financial statements or internal control or on
whether [entity]’s financial management systems substantially complied
with FFMIA (for CFO Act agencies); or conclusions on compliance with
laws and regulations.
For transmittal letters expressing negative assurance, use the
following paragraph:
In connection with the contract, we reviewed [name of CPA firm]’s report
and related documentation and inquired of its representatives. Our review,
as differentiated from an audit in accordance with U.S. generally accepted
government auditing standards, was not intended to enable us to express,
and we do not express, opinions on [name of entity]’s financial statements
or internal control5 or on whether [entity]’s financial management systems
substantially complied with FFMIA (for CFO Act agencies);6 or conclusions
on compliance with laws and regulations. [Name of CPA firm] is
responsible for the attached auditor’s report dated [date] and the
conclusions expressed in the report. However, our review disclosed no
instances where [name of CPA firm] did not comply, in all material
7
respects, with U.S. generally accepted government auditing standards.
Example 2 – Report Concurring with Other Auditors’
Opinion (Presenting Report of Other Auditors after the
Auditor’s Report)8
As discussed in FAM 650.09 d, the auditor may use this approach when
other auditors have reported on financial statements and the auditor wants
to provide more assurance than what is provided in the transmittal letter
example 1 above.
[Addressee]
Under [citation of statute], we are responsible for auditing [name of entity].
To help fulfill these responsibilities, we contracted with [name of firm], an
independent certified public accounting firm. [Name of firm]’s report dated
[date] is attached.
5
If the other auditors did not provide an opinion on internal control, change this to read “conclusions
about the effectiveness of internal control.”
6
If the other auditors did not provide an opinion on FFMIA change “opinion” to “conclusions.”
7
If the auditor found that the other auditors did not comply with GAGAS, or if the auditor disagrees with
the other auditors’ conclusions, see FAM 650.54-.56.
8
This example assumes the other auditors opined on internal control and on whether the financial
management systems substantially complied with FFMIA. If the other auditors provided negative
assurance, appropriate changes are needed.
We concur9 with [name of firm]’s report that indicated:
• the financial statements were fairly presented, in all material respects,
in conformity with U.S. generally accepted accounting principles,
• [entity] had effective internal control over financial reporting (including
safeguarding assets) and compliance with laws and regulations,
• [entity’s] financial management systems substantially complied with the
requirements of the Federal Financial Management Improvement Act of
1996 (FFMIA) (for CFO Act agencies), and
• no reportable noncompliance with laws and regulations it tested.
Details of their conclusions are in their report.
Objectives, Scope, and Methodology
Management is responsible for (1) preparing the financial statements in
conformity with U.S. generally accepted accounting principles,
(2) establishing, maintaining, and assessing internal control to provide
reasonable assurance that the broad control objectives of 31 U.S.C. 3512
(c), (d) (commonly known as the Federal Managers’ Financial Integrity
Act) are met, (3) ensuring that [entity]’s financial management systems
substantially comply with FFMIA requirements (for CFO Act agencies),
and (4) complying with applicable laws and regulations.
We are responsible for obtaining reasonable assurance about whether
(1) the financial statements are presented fairly, in all material respects,
in conformity with U.S. generally accepted accounting principles, and
(2) management maintained effective internal control, the objectives of
which are the following:
• Financial reporting: Transactions are properly recorded, processed, and
summarized to permit the preparation of financial statements in
conformity with U.S. generally accepted accounting principles, and
assets are safeguarded against loss from unauthorized acquisition, use,
or disposition.
• Compliance with laws and regulations: Transactions are executed in
accordance with laws governing the use of budget authority and with
other laws and regulations that could have a direct and material effect
on the financial statements and any other laws, regulations, and
governmentwide policies identified by OMB audit guidance.
We are also responsible for (1) testing whether [entity’s] financial
management systems substantially comply with the three FFMIA
requirements (for CFO Act agencies), (2) testing compliance with selected
provisions of laws and regulations that have a direct and material effect on
the financial statements and laws for which OMB audit guidance requires
9
If the auditor does not concur with the other auditors’ report, see FAM 650.54-.56.
testing, and (3) performing limited procedures with respect to certain other
information appearing in the Performance and Accountability Report.
To help fulfill these responsibilities, we contracted with the independent
certified public accounting (CPA) firm of [name of firm] to perform a
financial statement audit in accordance with U.S. generally accepted
government auditing standards and OMB audit guidance. We evaluated the
nature, extent, and timing of the work, monitored progress throughout the
audit, reviewed the documentation of the CPA firm, met with partners and
staff members, evaluated the key judgments, met with officials of [federal
entity being audited], performed independent tests of the accounting
records, and performed other procedures we deemed appropriate in the
circumstances. We conducted our work in accordance with U.S. generally
accepted government auditing standards.

660 – Agreed-Upon Procedures

.01 In an engagement to apply agreed-upon procedures, a client engages an
auditor to perform specific procedures on a subject matter and report on
the results to assist users in evaluating a subject matter or an assertion.
Agreed-upon procedures should be performed in accordance with GAGAS
which incorporates the financial audit and attestation standards
established by the AICPA. The Statements on Standards for Attestation
Engagements (SSAE), specifically AT 101, Attest Engagements, and AT
201, Agreed-Upon Procedures Engagements, contains standards and
guidance for these engagements.
.02 The auditor may perform an agreed-upon procedures engagement on a
variety of subject matters. The engagement will vary depending on the
needs of the user. The engagement may assist entity management by
providing information for making decisions and give report users
information on important areas. Examples of agreed-upon procedures are:
• compare payroll information reported to the Office of Personnel
Management with the entity’s payroll records and general ledger; (Refer
to OMB audit guidance for additional information);
• compare entity reconciliations of intragovernmental activity and
balances with supporting documentation and compare amounts with
the financial statements and with reports to the Department of the
Treasury (Treasury); (Refer to OMB audit guidance for additional
information);
• trace tax collections from the master file to deposit confirmations,
determine whether they were recorded in the appropriate period, and in
the correct tax class;
• trace amounts on the entity’s financial statements to an “account
grouping worksheet,” foot the worksheet, read the CFO’s explanation
for any differences, and compare the explanation with supporting
documentation; and
• examine official receipt documents to determine whether they were
included in the weekly deposit; compare deposit amounts to amounts
reported on the statement of funding.
.03 In agreed-upon procedures engagements, all parties involved, which
include the report users, the entity responsible for the subject matter
(which may or may not be the same as the user), and the auditor, should
clearly understand the procedures to be applied. Since users may have
different needs, the nature, extent, and timing of agreed-upon procedures
also may differ. Therefore, the users, and not the auditor, assume the
responsibility for the sufficiency of the design and extent of the procedures
since they best understand their own needs, although the auditor may
assist the user in designing the procedures.

.04 The auditor should establish and document an understanding with the
users regarding the nature, extent, and timing of agreed-upon procedures
to be performed. The auditor may document this understanding using an
engagement letter to the users, an example of which is provided in FAM
660 A.
.05 The auditor should perform agreed-upon procedures only if the subject
matter is capable of evaluation against criteria that are suitable and
available to users. Suitable criteria should have objectivity, measurability,
completeness, and relevance. The auditor should perform procedures that
are subject to reasonably consistent measurement and the users have
agreed on. The auditor should not perform overly subjective procedures or
use terms with uncertain meaning unless they are defined in the agreed-
upon procedures report.
.06 The auditor need not perform additional procedures beyond the agreed-
upon procedures. If matters come to the auditor’s attention by other means
that significantly contradict the subject matter (or assertion), the auditor
should include these matters in the report. For example, if during the
course of applying agreed-upon procedures regarding an entity’s operation,
the auditor becomes aware of a material weakness related to the assertion
by means other than the agreed-upon procedures, the auditor should
include this matter in the report. The auditor may do this by mentioning the
material weakness with a footnote reference to another report where it is
described in detail.
.07 Where circumstances impose restrictions on the performance of the
agreed-upon procedures, the auditor should attempt to obtain agreement
from the users of the report to modify the agreed-upon procedures. When
agreement cannot be obtained (for example, when the agreed-upon
procedures are published by a regulatory entity that will not modify the
procedures), the auditor should describe restrictions in the report or
withdraw from the engagement.
Written Representations
.08 The auditor generally should determine if a representation letter is
necessary. The auditor may determine that a representation letter is
necessary, for example, if (1) the responsible entity is so large there is a
risk as to whether one person knows whether pertinent information has
been made available to the auditor, (2) the subject matter depends on
estimates, judgments, or future events (such as whether the subject matter
is less objective and fact-based and more subjective), or (3) the user of the
report believes written representations should be obtained. Although
generally not required by AT 201 (unless specifically required by another
attestation standard, such as in a compliance engagement) a representation
letter may nonetheless be a useful means of documenting the responsible
entity’s representations. FAM 660 B provides an example representation
letter for an agreed-upon procedures engagement.

.09 The responsible entity’s refusal to furnish written representations the
auditor determines to be necessary constitutes a scope limitation. In such
circumstances, the auditor should do one of the following:
• disclose in the report the inability to obtain representations from the
responsible entity,
• withdraw from the engagement, or
• change the engagement to another form of engagement (such as to a
performance audit) with the client’s consent.
Documentation
.10 In accordance with GAGAS, the auditor should prepare and maintain
documentation in connection with an agreed-upon procedures engagement
that is appropriate for the engagement. The auditor should document
sufficient information to enable an experienced auditor having no previous
connection with the engagement to ascertain from the documentation the
nature, extent, timing, and results of procedures performed and the
evidence that supports the auditors’ agreed-upon procedures report,
including its sources and the auditors’ conclusions.
.11 Although the quantity, type, and content of documentation varies with the
circumstances, the auditor should document sufficient information to
demonstrate that the work was adequately planned and supervised and
that evidential matter provides a reasonable basis for the report as
discussed in GAGAS chapter 6.
.12 The auditor generally should prepare a summary memorandum that recaps
the work performed, refers to the detailed documentation, includes the
auditor’s conclusion on whether the work was performed in accordance
with GAGAS, the attestation standards, and the GAO/PCIE FAM, and
whether the report is appropriate. FAM 660 C provides an agreed-upon
procedures engagement completion checklist.
Reporting
.13 The auditor should report on the agreed-upon procedures in the form of
results. The auditor should not provide any opinion or negative assurance
about whether the subject matter or the assertion is fairly stated based on
the criteria. The auditor should report the identification of the entities that
agreed to the procedures and took responsibility for the sufficiency of the
design and extent of the procedures for their purposes, as shown in the
example report in FAM 660 D.
.14 The auditor should report all results arising from application of the agreed-
upon procedures. The concept of materiality does not apply to results
reported in an agreed-upon procedures engagement unless the users of the
report agree to the definition of materiality. This could be included in the
engagement letter at FAM 660 A. The auditor should describe any agreed-
upon materiality limits in the report.

.15 The auditor should include a statement indicating that the report is
intended for the specified users who have agreed upon the procedures
performed and taken responsibility for the sufficiency of the design and
extent of the procedures for their needs. However, since governmental
reports are generally a matter of public record, the distribution of the
report is not limited and the audit organization may provide copies upon
request.
.16 The auditor may have performed agreed-upon procedures on an element,
account, or item of financial statements and also audited the same financial
statements. If the audit report on the financial statements includes a
departure from a standard report, the auditor generally should include a
reference to the audit report and the departure from the standard report in
the agreed-upon procedures report.
.17 The auditor also may include explanatory language about such matters as
the following:
• stipulated facts, assumptions, or interpretations (including the source);
• description of the condition of records, controls, or data to which the
procedures were applied;
• explanation that the auditor has no responsibility to update the report;
and
• explanation of sampling risk.
.18 The auditor should state the results in definitive, rather than qualified,
language and avoid vague or ambiguous language. The following table
provides examples of appropriate and inappropriate descriptions of
findings.
Examples of appropriate/inappropriate description of findings
Description of findings
Procedures agreed- Appropriate Inappropriate
upon
Based on the total tax Recomputed amounts for Nothing came to our
liability, select and the selected excise tax attention as a result of
recompute the 50 returns agreed with the applying this procedure.
largest excise tax amounts in the certified
returns from the audit file.
quarter ended
September 30, 20XX,
and compare these
amounts with the
certified audit file.

Examples of appropriate/inappropriate description of findings
Description of findings
Procedures agreed- Appropriate Inappropriate
upon
Select a random Revenue receipts selected The revenue receipts
sample of 45 Treasury randomly from the approximated the amount
SF-224 reconciliations; monthly Treasury SF-224 shown in the Treasury FMS
determine if XYZ reconciliation process records.
reported revenue were properly classified
receipts were properly and agreed with Treasury
classified and FMS records.
reconciled to Treasury
FMS records.
Examine personnel Thirty of the selected files Some of the personnel files
files of 40 individuals contained a current and did not contain a current
randomly selected approved Notification of and approved Notification
from the timekeeping Personnel Action. Ten of Personnel Action.
records for the year; files did not contain a
determine if all the current and approved
selected files contain a Notification of Personnel
current and approved Action (list and identify
Notification of exceptions). Based on our
Personnel Action sample, we are 95%
(SF-50). confident that the
population deviation is
between X and Y.
Other Report Issues

.19 The auditor should address the report to the users who have agreed upon
the procedures to be performed (see FAM 660.03). The auditor should use
the date of completion of the agreed-upon procedures as the date of the
agreed-upon procedures report. If the audit organization’s procedure is to
date reports with the issue date, the auditor may state the date of
completion of the engagement in the report, such as “We completed the
agreed-upon procedures on [date].”
.20 The auditor should obtain entity comments from the entity responsible for
the subject matter. These comments can be either written or oral. If oral
comments are obtained the auditor should document them in a memo.


660 A - Example Agreed-Upon Procedures Engagement Letter
660 A - Example Agreed-Upon Procedures Engagement

Letter
[Date]
Management of ABC Federal Entity
Subject: Fiscal Year 20X8 Agreed-Upon Procedures for the Tax Trust Fund
Dear Management Official:
This letter responds to your letter of [date] requesting that we assist ABC Federal Entity
in determining the completeness and accuracy of receipts transferred to the tax trust
fund. On [date] we met with you to discuss the scope and timing of our work. The
detailed procedures we agree to perform are enclosed. We plan to perform these
procedures on [provide date(s)]. This letter documents our agreement to perform these
agreed-upon procedures related to fiscal year 20X8. We will perform these procedures in
accordance with U.S. generally accepted government auditing standards, which
incorporate the financial audit and attestation standards established by the American
Institute of Certified Public Accountants (AICPA). We will provide you with a draft copy
of our report for your review and comment and plan to issue the report by [date]. We will
meet with you as needed to discuss the agreed-upon procedures, results, and other
issues that may arise.
The sufficiency of the agreed-upon procedures is solely the responsibility of XYZ Federal
Entity. Accordingly, we make no representation regarding their sufficiency to meet your
needs or for any other purpose. In addition, because of the nature of agreed-upon
procedures, the results we obtain will only be applicable to for the period they are
performed. We are not engaged to perform, and will not perform, an examination or
audit, the objective of which would be to express an opinion on the amount of receipts
transferred to the tax trust fund for fiscal year 20X8. Accordingly, we will not express
such an opinion. If we were to perform an examination or audit, other matters beyond
the scope of our agreed-upon procedures might come to our attention.
The report we will prepare is intended solely for your information and use and is not
intended to be, and should not be, used by any other party. However, our report will be a
matter of public record and will be provided to others upon request. Unless we hear from
you, we will assume your concurrence with these procedures and their sufficiency for
1
your purposes. If you have any questions, please contact me at [telephone number and
e-mail address] or [alternative contact] at [telephone number and e-mail address].
Sincerely yours,
[Signed]
[Name of Director]
Enclosure
cc: XYZ Federal Entity
1
The auditor may request the users to document their agreement with the procedures and their sufficiency
for their purposes by signing the engagement letter and returning it to the auditor.

660 A - Example Agreed-Upon Procedures Engagement Letter
Enclosure
Agreed-Upon Procedures
Tax Receipts and Refunds
General
a. Compare fiscal year 20X8 tax collections for the ABC tax trust fund per
XYZ’s Statement of Custodial Activity with
• the trust fund’s accounting records, and
• ABC’s consolidated financial statements.
b. Obtain explanations and examine supporting documentation for
differences.
Sampling
a. Use monetary unit sampling (MUS) with an 80-percent confidence level
to select a sample of ABC tax trust fund tax revenue receipts and
refunds for fiscal year 20X8. Use $300 million as the tolerable
misstatement, which is 1 percent of the total revenue collected. Use an
expected aggregate misstatement of $100 million, or one-third of
tolerable misstatement. The projected sample size for this population is
expected to be 40 transactions.
For the sample items selected:
• Receipts testing — Compare tax receipts transactions (for example
cash receipts, federal tax deposit (FTD) receipts, reversals, and
adjustments) with source documents to determine whether the
amounts agree, the transactions are recorded in the appropriate
period based on the transaction date, and they are properly
categorized as ABC tax trust fund receipts.
• Refunds testing — Compare refund transactions with the source
documents (for example, payment vouchers, FTD coupons, tax
returns) to determine whether the amounts agree, the transactions
are recorded in the appropriate period based on the transaction
date, and they are properly categorized as ABC tax trust fund
refunds.
b. Use MUS and the same sampling parameters as above to extract
statistical samples of total XYZ revenue receipts and refunds for fiscal
year 20X8.
For the sample items selected:
• Test whether the tax receipt or refund amounts and tax category
from source documentation agrees with amounts recorded for each
of the revenue receipts or refunds sample items.

660 B - Example Representation Letter from Responsible Entity on Agreed-Upon
660 B - Example Representation Letter from Responsible

Entity on Agreed-Upon Procedures Engagement
[XYZ Entity letterhead]
[Date]
Dear Auditor:
In connection with the agreed-upon procedures engagement for XYZ’s
budget execution process for the period from October 1, 20X7 through
September 30, 20X8, we confirm to the best of our knowledge and belief,
the following representations made to you in performing these agreed-upon
procedures.
• We acknowledge responsibility for XYZ’s budget execution process.
• We acknowledge responsibility for selecting the criteria [state criteria]
and for determining the appropriateness of the criteria for our
purposes.
• Our budget execution process is [state assertion about budget
execution process based on the criteria selected].
• We know of no matters that would contradict our assertion about our
budget execution process.
• There have been no communications from regulatory or oversight
agencies concerning our budget execution process or noncompliance
with budgetary laws or the Antideficiency Act.
• We have made available to you all records and related data pertaining
to our budget execution process during the period from October 1,
20X7 through September 30, 20X8.
• XYZ’s budget execution process is designed to meet the requirements of
the Antideficiency Act.
• XYZ’s employees check the accounting records and fund status reports
quarterly to determine whether all source documents that affect the
appropriation and fund balance have been recorded properly,
accurately, and timely.
• XYZ’s accounting system provides timely disclosure of total valid
obligations incurred to date and total budgetary resources available for
obligations within each apportionment.
• The system also provides timely disclosure of the authorization or
creation of commitments, obligations, or expenditures that exceed
apportionments and allotments.

660 B - Example Representation Letter from Responsible Entity on Agreed-Upon
• We are not aware of instances of noncompliance with the above-stated
procedures.
• We are not aware of instances of fraud involving management,
employees, or contractor staff that have significant roles in the
operation of our budget execution process.
• We have no plans or intentions that would materially affect our
budgetary process or operations.
Sincerely yours,
[signed]
Management
XYZ Entity

660 C – Agreed-Upon Procedures Engagement Completion Checklist
660 C – Agreed-Upon Procedures Engagement Completion

Checklist
Entity:_________________________________________________________________
Job code:______________________________________________________________
Principal report:________________________________________________________
.01 This checklist is a tool to help auditors comply with the standards for
agreed-upon procedures engagements. No signatures are required on the
checklist in the planning phase.
.02 Several of the last questions include steps in GAO’s quality control process,
GAO Audit Documentation Set, second partner review, and reading of the
report by the Technical Accounting and Auditing Expert (Chief Accountant
at GAO) when that person is not the second partner. GAO auditors should
complete these questions and forms. IG auditors and other auditors may
use these questions and forms or may substitute questions and forms that
consider their reporting style and quality control.
Step N/A Yes No Ref.
1. Has the audit team documented an understanding

with the individuals requesting the agreed-upon
procedures engagement?
2. Were appropriate engagement acceptance and risk

designation procedures followed?
3. Does the documentation cover the following?

• Independence of professionals working on the
engagement.
• The nature of the engagement.
• Identification of the subject matter, the
responsible entity, and the criteria.
• Identification of the users of the report.
• Auditor’s responsibilities.
• Reference to GAGAS and the attestation
standards.
• Agreement on the nature, extent, and timing, of
procedures.
• Anticipated reporting.
• Any involvement of a specialist.
• Materiality limits.

4. Was an entrance conference held with the

responsible entity?
5. Has the auditor determined whether a letter of

representation from the responsible entity is
necessary? (Note: This is not a requirement.)
6. If part of the procedures, were applicable laws and

procedures documented?
7. Were review responsibilities communicated to

individuals on the assignment?
8. Does the documentation contain the following?

a. The scope and methodology, including any
sampling criteria used and consideration of the
results of any previous agreed-upon procedures
and follow up on any known significant findings
that directly relate to the agreed-upon
procedures engagement.
b. Any indication of fraud, illegal acts, violations
of provisions of contracts or grant agreements,
or abuse, and—if there was such indication—
the directed procedures performed, results
obtained, and related communications.
c. Descriptions of transactions and records
examined.
d. Documentation of the work performed to
support reported results.
e. Evidence of supervisory review.
9. Does the documentation record that the applicable

standards were followed (AT 101, AT 201, and
GAGAS, chapter 6)?
10. Does the documentation record a reasonable basis

for the results of the agreed-upon procedures?

11. Does the summary memorandum summarize the

results of the procedures and refer to the
documentation?
12. Did the auditor document any deviations from the

standards? Did the director approve the
documentation with copies to the reviewer?
13. Was an exit conference held with the responsible

entity?
14. Was the report referenced?
15. Did the assistant director review the following?

a. Documentation of the understanding with the
individuals requesting the procedures and
officials of the entity.
b. Memorandum of entrance conference with the
responsible entity.
c. Completed work plans and procedures.
d. Memorandums on key engagement issues.
e. Summary of the results of the procedures.
f. Memorandum of exit conference with the
responsible entity.
g. Deviations from standard reporting language.
h. Financial schedules/statements.
i. Agreed-upon procedures report.
j. GAO Audit Documentation Set (or
equivalent).
16. Did the audit director review the following?

a. Documentation of the understanding with the
individuals requesting the procedures and
officials of the entity.
b. Summary of results of the procedures.
c. Memorandum of exit conference with
responsible entity.
d. Deviations from standard reporting language.
e. Agreed-upon procedures report.
f. GAO Audit Documentation Set (or equivalent).

17. Did the assistant director or the auditor in charge

determine that all significant review notes were
resolved appropriately?
18. Did the assistant director initial all documentation

bundle covers to indicate that all documentation
was sufficiently reviewed?
19. Is the report appropriate as to the following?

a. Wording.
b. Scope of work.
c. GAGAS.
d. Explanatory paragraphs.
20. Was the report reviewed by the following?

a. Office of the General Counsel.
b. Technical Accounting and Auditing Expert.
c. Second partner (or equivalent), if not Technical
Accounting and Auditing Expert.
21. Is the agreed-upon procedures report dated

appropriately or does the report indicate when the
auditor completed the engagement?
Note: The auditor should discuss all “No” answers in attached documentation. If the
reason that a question is “Not Applicable” is not obvious, the auditor should document
the reason on the checklist or in an attachment.
Date of completion of the engagement _________________
Auditor-in-charge (senior) ___________________________ Date _______________
Audit Manager _____________________________________ Date _______________
Assistant Director __________________________________ Date _______________
Audit Director _____________________________________ Date _______________

SECOND PARTNER’S (OR EQUIVALENT) REVIEW OF

AGREED-UPON PROCEDURES WORK
Objective of second partner (or equivalent) review: To objectively review

significant engagement matters to conclude, based on all facts the second partner (or
equivalent) has knowledge of, that no matters were found that caused the second
partner (or equivalent) to believe that (1) the procedures were not performed in
accordance with GAGAS, which incorporate financial audit and attestation standards
established by the AICPA and (2) the report does not meet professional standards and
audit organization policies.
Procedures: Before the report was issued, I performed the following procedures:
• as necessary, discussed significant engagement issues with the audit director;
• read documentation of key decisions and consultations;
• read the agreed-upon procedures report; and
• confirmed with the audit director that there are no unresolved issues.
Conclusions: Based on all the relevant facts of which I have knowledge, I found no
matters that caused me to believe that (1) the agreed-upon procedures were not
performed in accordance with GAGAS and the AICPA’s attestation standards related
to agreed-upon procedures engagements and (2) the report is not in accordance with
professional standards and audit organization policies.
In signing this form, I acknowledge that there have been no personal or external
impairments to independence regarding my work on this engagement.
____________________________________________________________________
Title Signature Date

TECHNICAL ACCOUNTING AND AUDITING EXPERT’S

READING OF AGREED-UPON PROCEDURES REPORT
Objective of review: When the Technical Accounting and Auditing Expert is not the
second partner (or equivalent), the Technical Accounting and Auditing Expert should
read the report. The Technical Accounting and Auditing Expert should then sign the
conclusions below.
Conclusions: Based on my reading of the report, I found no matters that caused me

to believe that (1) the agreed-upon procedures were not performed in accordance
with GAGAS and the AICPA’s attestation standards related to agreed-upon procedures
engagements and (2) the report is not in accordance with professional standards and
audit organization policies.
____________________________________________________________________
Title Signature Date

660 D – Example Agreed-Upon Procedures Report

[Date]
Management of [Federal Entity]
Subject: Applying Agreed-Upon Procedures: Count of Cash and Related
Items
Dear Management Official:
We have performed the procedures contained in the enclosure to this
letter, which we agreed to perform and with which you concurred, solely to
meet your needs for an independent count of cash and cash-related items
as of September 30, 20XX.
We conducted the engagement in accordance with U.S generally accepted
government auditing standards, which incorporate financial audit and
attestation standards established by the American Institute of Certified
Public Accountants. You are responsible for the adequacy of the
procedures to meet your objectives and we make no representation in that
respect. The procedures we agreed to perform consist of counting amounts
for cash and related receipts and comparing combined totals to the
authorized amounts. The enclosure contains the agreed-upon procedures
and our results.
We were not engaged to perform, and did not perform, an examination, the
objective of which would have been to express an opinion on the amount
of cash on hand. Accordingly, we do not express such an opinion. Had we
performed additional procedures, other matters might have come to our
attention that we would have reported to you. We completed our agreed-
upon procedures on [date of completion].
We provided a draft of this letter, along with the enclosure, to your
representatives for review and comment. They agreed with the results
presented in this letter and its enclosure.
This letter is intended solely for the use of the management of [Federal
Entity] and should not be used by those who have not agreed to the
procedures or have not taken responsibility for the sufficiency of the
procedures for their purposes. However, the report is a matter of public
record and its distribution is not limited; thus, we will post the report on
our Web site and provide copies upon request.
If you have any questions, please call [name, title, and telephone number].
Sincerely yours,
[Signed]
[Name of Director], Director
Enclosure
July 2008 GAO/PCIE Financial Audit Manual Page 660 D-1

Enclosure
Results of Cash Counts
Procedures
We counted and totaled cash on hand for the petty cash fund as of
September 30, 20XX. We also listed and totaled the receipts on hand
evidencing disbursements from the fund. Finally, we compared the
combined total of cash and receipts available to the amount authorized for
the fund of $500.
Results
We counted cash totaling $258.96 and scheduled 14 receipts totaling
$174.85 which accounted for $433.81 of the $500 in authorized petty cash
funds. In addition, the custodian provided us two separate Expense
Summary Report and Petty Cash Itemization Sheets and related receipts
for an additional $65.09, which had been submitted for reimbursement to
the fund. There remains an unexplained difference (shortage) of $1.10
between the authorized amount and the total cash and receipts evidencing
petty cash fund disbursements.

SECTION 700
Internal Control
700 – Internal Control

Internal Control
701 – Assessing Agency Systems with the Federal Financial Management Improvement
Act (FFMIA)
701 – Assessing Agency Systems with the Federal Financial

Management Improvement Act (FFMIA)1
.01 Under FFMIA, agencies need to have systems that can generate timely,
reliable, and useful information with which to make informed decisions
and to provide accountability. FFMIA requires the 24 CFO Act departments
and agencies to implement and maintain financial management systems
that comply substantially with
(1) federal financial management systems requirements;
(2) applicable federal accounting standards; and
(3) the U.S. Government Standard General Ledger (SGL) at the
transaction level.
.02 The law also requires auditors to state in their CFO Act financial statement
audit reports whether entities’ financial management systems substantially
comply with these three FFMIA requirements. OMB provided FFMIA
implementation guidance to help agencies and their auditors determine
compliance. This section also provides guidance for assessing agency
systems with FFMIA. It explains the FFMIA requirements and discusses
audit issues related to testing for compliance with the act. An example
audit program is included in FAM 701 A.
FFMIA Requirements
.03 OMB Circular No. A-127, Financial Management Systems, addresses the
three FFMIA requirements and can be found at www.omb.gov. First,
regarding federal financial management systems requirements, the circular
prescribes policies and standards for executive branch departments and
agencies to follow in developing, operating, evaluating, and reporting on
financial management systems. In its FFMIA implementation guidance,
OMB identifies the applicable requirements from OMB Circular No. A-127
that the entity and its auditors should assess when determining FFMIA
compliance.
The circular also refers to the federal financial management systems
requirements, a series of publications issued by the Joint Financial
Management Improvement Program (JFMIP), now issued by the Office of
Federal Financial Management (OFFM)2 as the source of governmentwide
requirements for financial management systems software functionality.
JFMIP’s Framework for Federal Financial Management Systems issued in
1
The FAM addresses FFMIA as part of internal control. OMB audit guidance dated September 4, 2007, no
longer lists FFMIA in Appendix E as a general law for compliance with laws and regulations (FAM 800).
2
The Financial Systems Integration Office (FSIO) coordinates work related to federal financial
management systems requirements and OMB’s Office of Federal Financial Management (OFFM) issues
new or revised systems requirements. All documents and other guidance related to financial management
system requirements initially issued by JFMIP were transferred to OFFM and remain in effect until
modified.
Internal Control
Act (FFMIA)
April 20043 describes the basic elements of an integrated financial system,
including the core financial system. Agency financial management systems
fall into four categories: core financial systems; other financial and mixed
systems (such as procurement, property, budget, payroll, and travel
systems); shared systems;4 and departmental executive information
systems (systems to provide information to all levels of management.)
.04 JFMIP/OFFM published systems requirements for the core financial system
and for some of the mixed or feeder systems which can be found at
www.fsio.gov/fsio/fsiodata/ . The systems requirements are either
mandatory (required) or value-added (optional). Agencies will use the
mandatory functional and technical requirements in planning system
improvement projects, whereas the agencies may use value-added
requirements as needed. The core financial management system affects all
financial event transaction processing because it maintains reference
tables for editing and classifying data, controls transactions, and maintains
security. The core financial management system consists of six functional
areas: general ledger management, funds management, payment
management, receivable management, cost management, and reporting.
.05 OMB Circular No. A-127 requires agencies to use for agency core financial
management systems commercial-off-the-shelf (COTS) software that has
been tested and certified through the JFMIP/Financial Systems Integration
5
Office (FSIO) software certification process. Core financial management
system certification does not mean that agencies that install qualified
software packages will have financial systems that are in compliance with
FFMIA. Many other factors can affect the capability of the systems to
comply with FFMIA, including modifications made to the JFMIP/FSIO-
certified core financial management system software, the validity and
completeness of data from feeder systems, and whether internal controls
are effective. The JFMIP/FSIO’s certification process does not eliminate or
significantly reduce the need for agencies to develop and conduct a
comprehensive testing effort to determine whether the software product
meets their requirements and is working properly.
.06 The second requirement of FFMIA is the system’s use of federal accounting
standards, promulgated by FASAB. FASAB promulgates federal accounting
standards after considering the financial and budgetary information needs
of Congress, executive agencies, and other users of federal financial
information as well as comments from the public. FASAB standards
3
JFMIP SR -01-04
4
Shared systems are governmentwide systems used by agencies with information and data definitions
common to all users.
5
As part of the realignment of JFMIP, in December 2004, the responsibility for certifying core financial
management systems was transferred to FSIO.
Internal Control
Act (FFMIA)
are at www.fasab.gov. FAM 560 describes the relationship of the FASAB
standards to the hierarchy of U.S. generally accepted accounting
principles.
.07 The third requirement of FFMIA is implementing the SGL at the transaction
level. The SGL provides a uniform chart of accounts and guidance for use
in standardizing federal agency accounting and supports the preparation of
standard external reports required by OMB and Treasury. Information on
the SGL can be found at www.fms.treas.gov/ussgl. The SGL is defined in
the latest supplement, which is released annually to the Department of the
Treasury’s Treasury Financial Manual (TFM). The supplement is
composed of six major sections
(1) chart of accounts,
(2) accounts and definitions,
(3) accounting transactions,
(4) account attributes for GFRS, FACTS I, and FACTS II reporting,6
(5) crosswalks to standard external reports, and
(6) crosswalks to the closing package.
.08 Each agency should implement a chart of accounts that is consistent with
the SGL and meets the agency’s information needs. OMB Circular No.
A-127 states that application of the SGL at the transaction level means that
financial management systems will process transactions following the
definitions and defined uses of the general ledger accounts as described in
the SGL. Transaction detail supporting SGL accounts are required to be
available in the financial management systems and directly traceable to
specific SGL account codes. In addition, the agency should develop criteria
for recording financial events in all financial management systems that are
consistent with accounting transaction definitions and processing rules
defined in the SGL.
.09 FFMIA requires the CFO Act agency financial statement auditors to report
(1) whether the entity’s financial management systems substantially
complied with FFMIA requirements, or (2) instances in which the entity’s
systems did not substantially comply with the requirements (or state that
the audit disclosed no instances in which the reporting entity’s systems did
not substantially comply). Auditors who report that agency financial
management systems do not substantially comply with FFMIA
requirements should include in their reports:
6
GFRS is the Governmentwide Financial Reporting System used since FY 2004 to collect audited financial
statements (closing package) from verifying (larger) federal agencies. FACTS is Treasury’s Federal
Agencies’ Centralized Trial-Balance System for non-verifying (smaller) federal entities. FACTS I collects
trial balance information at the fund group level using the SGL for inclusion in the Annual Financial Report
of the U.S. Government. FACTS II collects mostly budgetary information for reporting in the Budget of the
United States Government.
Internal Control
Act (FFMIA)
(1) The entity or organization responsible for the financial management
systems that have been found not to be substantially compliant and all
pertinent facts relating to the noncompliance.
(2) The nature and extent of the noncompliance including areas in which
there is substantial but not full compliance.
(3) The primary reason or cause of the noncompliance.
(4) The entity or organization responsible for the noncompliance.
(5) Any relevant comments from any responsible officer or employee.
(6) A statement with respect to the recommended remedial actions for
each instance of noncompliance and the entity’s estimated time frames
for implementing these actions.
FFMIA as well as OMB’s FFMIA implementation guidance require agencies
to report whether the agencies’ financial management systems
substantially comply with FFMIA requirements. Agencies should prepare
remediation plans that include resources, remedies, and intermediate
target dates necessary to bring the agency’s financial management systems
into substantial compliance.
.10 According to OMB’s FFMIA implementation guidance, auditors should plan
and perform their audit work in sufficient detail to enable them to
determine the degree of compliance and report on instances of
noncompliance for all of the applicable FFMIA requirements. The guidance
describes requirements from OMB Circular No. A-127 that agencies should
meet to achieve compliance and provides indicators of compliance.7 The
indicators included in OMB’s implementation guidance are examples. The
four primary factors OMB identifies as critical to assessing compliance
with FFMIA are determining whether agencies can
(1) Prepare financial statements and other required financial and
budgetary reports using information generated by the financial
management system(s).
(2) Provide reliable and timely financial information for managing current
operations.
(3) Account for their assets reliably, so that they can be properly
protected from loss, misappropriation, or destruction.
(4) Do all of the above in a way that is consistent with federal accounting
standards and the Standard General Ledger.
7
OMB audit guidance also states that all of the system requirements referenced in OMB Circular No. A-127
are important, but not essential for systems to substantially comply with FFMIA requirements.
Internal Control
Act (FFMIA)
Audit Issues
.11 Auditors should design and implement appropriate testing to apply the
criteria in FFMIA. For example, in performing financial statement audits,
auditors generally should evaluate the capability of the financial
management systems to process and summarize financial information that
flows into agency financial statements. In contrast, under FFMIA auditors
must assess and report on whether an agency’s financial management
systems substantially comply with systems requirements. To do this,
auditors should determine whether agency systems provide complete,
accurate, and timely information for managing day-to-day operations as
discussed in FAM 701.10 and OMB guidance. This is based on a
Congressional expectation, in enacting FFMIA, that agency managers have
necessary information to measure performance on an ongoing basis rather
than just at year-end.
.12 As a result of the overlapping scope and nature of FFMIA assessments and
financial statements audits, the auditor may use the audit work performed
as part of the financial statement audit. In the example audit program at
FAM 701 A for testing controls for compliance with FFMIA, several
procedures indicate that the auditor may have performed the procedure as
part of the financial statement audit; whereas, other procedures needed to
assess FFMIA compliance require additional work not normally performed
in financial statement audits.
.13 While the example audit procedures provides steps the auditor may
perform, the auditor may tailor the steps to satisfy the objectives or intent
of the step. Because of the broad scope of federal operations and the many
variations that can and do flow from such a broad scope, the degree of
specificity in the example audit program varies. For example, each agency
will likely use a variety of reports for managing operations. These reports
may be on line electronically or in hard copy. Auditors may use other work
that addresses the objectives of the example audit procedures.
.14 As discussed in FAM 350, the auditor need not perform specific tests of the
systems compliance with FFMIA requirements for agencies with
longstanding, well-documented financial management systems weaknesses
that severely affect the systems’ ability to comply with FFMIA. The auditor
should evaluate management’s process for determining whether its
systems substantially comply with FFMIA and report any deficiencies in
management’s process along with previously identified problems.
.15 FAM 580.65-.67 and FAM 595 A provide FFMIA reporting guidance to the
auditor. FAM 595 B provides guidance to the auditor for reporting a
systems’ lack of substantial compliance. FAM 580.35-.37 provides guidance
to the auditor on reporting for FMFIA. For FISMA considerations, the
auditor should refer to FAM 260.67-.70 and FAM 580.38-.39. FAM 1603
provides guidance that GAO auditors should use to provide an opinion on
compliance with FFMIA.
Internal Control
Act (FFMIA)

Internal Control
701 A – Example Audit Procedures for Testing Systems for Compliance with FFMIA
701 A – Example Audit Procedures for Testing Systems for

Compliance with FFMIA
Entity __________________________________________________________________
Date of review __________________________________________________________
Job code _______________________________________________________________
Objective: FFMIA requires the 24 departments and agencies covered by the CFO Act to
implement and maintain financial management systems that comply substantially with
(1) federal financial management systems requirements, (2) applicable federal
accounting standards, and (3) the U.S. Government Standard General Ledger (SGL) at
the transaction level. OMB also requires certain designated entities to determine FFMIA
compliance. The objective of these audit procedures are to assess whether agencies’
systems’ comply with FFMIA requirements.
Done
Procedure by/date Doc Ref.
I. Planning (May be combined with the work to plan

the financial statement audit)
A. To understand the FFMIA requirements, read:
• Federal Financial Management Improvement Act
(FFMIA), P.L. 104-208.
• Audit Requirements for Federal Financial
Statements (OMB Audit Guidance).
• Revised Implementation Guidance for the Federal
Financial Management Improvement Act (OMB
Memorandum, January 4, 2001).
• JFMIP/OFFM Publications of Federal Financial
Management System Requirements including the
Framework and Core Financial System
Requirements.
• Financial Reporting Requirements (OMB Circular
No. A-136).
• FASAB Standards.
• Treasury Financial Manual (TFM) sections related
to the SGL (see transmittal letter S2--02 and TFM
Volume I, Part 2, Chapter 4700).
• Management’s Responsibility for Internal Control
(OMB revised Circular No. A-123).
• Financial Management Systems (OMB Circular No.
A-127).
• Management of Federal Information Resources
(OMB Circular No. A-130).
• Federal Information Security Management Act of
2002 (FISMA), Title III, E-Government Act of 2002
Pub. L. No 107-347.

Internal Control
Done
B. Read the prior year’s audit documentation and audit

report to identify (1) the auditors’ FFMIA
determinations, (2) reported instances of noncompliance
with FFMIA, and (3) material weaknesses and significant
deficiencies related to the entity’s financial management
systems.
• Prepare a schedule of the previously identified
deficiencies for follow up. See FAM 701 B for an
example of the schedule.
C. Read the most recent FMFIA, FISMA1, IG, and GAO

reports and internal control documentation from the
financial statement audit or other reports related to
financial systems. Evaluate the impact of any reported
weaknesses on the FFMIA assessment.
• Obtain an update on the status of the issues and
document problems identified in the schedule in
FAM 701 B.
D. Read the cycle memoranda for each of the audit cycles

completed for the current year audit. Document issues
related to FFMIA compliance in the schedule in FAM 701
B.
E. From the work performed in part I (planning), decide

whether it is necessary to perform the remaining steps.
If the information gathered indicates “longstanding, well-
documented financial management systems weaknesses”
that preclude compliance with FFMIA requirements,
then:
1. Document recognition of longstanding, well-
documented financial management systems
weaknesses and identify the source for this
conclusion.
2. Obtain and document an understanding of
management’s process for determining whether its
systems comply with FFMIA requirements. Report
any deficiencies identified in management’s process.
3. Complete step V (summary), except for completion
of the schedule in FAM 701 B.
1
Plan of Action and Milestone (POAM) reports required by OMB under FISMA.
Internal Control
Done
II. Testing for Compliance with Federal Financial

Management Systems Requirements
A. Ask whether the entity has an entity wide inventory of
its systems. If so, obtain the inventory and any
supporting documentation.
B. From the entity’s inventory of systems, identify the core

financial management systems and the feeder systems.
1. Document the key internal controls and the
information flows between the core financial
systems and the feeder systems in a flowchart or
narrative. (The auditor may perform this step as part
of the internal control phase).
a. Determine whether the feeder systems are
integrated or interfaced with the core financial
system. Note: Feeder systems that are integrated
with the core financial system share data tables.
Therefore, the entity need not prepare
reconciliations.
b. If the feeder systems interface with the core
systems, determine whether reconciliations are
performed between the systems. If
reconciliations are performed, determine how
often and by whom; assess the adequacy of the
reconciliation, including follow-up activities and
supervisory review.
c. Through interviews with entity management and
reading of systems documentation, determine if
the entity’s systems have detective controls (i.e.,
batch control or hash totals or supervisory
reviews) and preventive controls (i.e. segregated
duties, appropriate authorizations, or access
controls) to process transactions properly and
timely. (The auditor may perform this step as part
of the internal control phase).

Internal Control
Done
2. Using the documentation prepared in step II.B.1

above, identify those JFMIP/OFFM financial
management systems requirements that are
applicable to the entity’s operations. For example,
for those agencies that do not have grant or loan
programs, the auditor would not need to assess
whether JFMIP/OFFM requirements related to grants
or loans are applicable. Document the results.
C. Determine whether the entity’s core financial

management system and the financial portions of its
applicable feeder systems, as identified in step II.B.2
above, conform to JFMIP/OFFM federal financial
management systems requirements.
• Ask whether the entity’s core financial management
system is a JFMIP/FSIO-certified COTS system.2 If
so, ask which version of the software is being used
and obtain the entity’s FSIO certification for that
software version. [Agencies replacing software to
meet core financial system requirements must use
JFMIP/FSIO certified core financial management
systems as required by OMB Circular No. A-127
Financial Management Systems, but it is not an
automatic noncompliance issue.]
• During implementation of a JFMIP/FSIO-certified
core financial system, agencies can make changes
and select options that could adversely affect the
original certification. Auditors cannot rely solely on
the original JFMIP/FSIO certification as sufficient
evidence of compliance with FFMIA. Perform
testing to determine whether agency specific
enhancements to an otherwise JFMIP/FSIO-certified
system render the system non-compliant.
2
The Joint Financial Management Improvement Program (JFMIP), Financial Systems Integration Office
(FSIO) provides core financial management systems requirements to be included in Commercial-Off-The-
Shelf (COTS) applications.
Internal Control
Done
1. Ask whether there have been significant changes in

the entity’s automated business processes since
compliance testing with JFMIP/OFFM requirements
were last performed. If so, ask whether the entity has
performed an assessment of any new functionality
using the JFMIP/OFFM system requirements
documents, GAO checklists, or similar tools.
Document the results.
2. For those agencies with a core financial management

system that is not a JFMIP/FSIO-certified COTS and
for any feeder systems, obtain any analyses
performed by entity management to support its
FFMIA and FMFIA assessments that document how
the entity’s systems conform to the applicable
JFMIP/OFFM systems requirements. If management
has not performed an analysis of systems
functionality, go to step C.5.
3. Select several important functions that management

has reported as complying with the systems
requirements and determine if management’s
assessment can be relied upon using JFMIP/OFFM
system requirement documents, GAO checklists, or
other similar tools.
4. If management’s results cannot be relied upon for

each system, assess the functionality of the
applicable systems using JFMIP/OFFM system
requirement documents, GAO checklists or other
similar tools.
5. Document in FAM 701 B, the instances and related

impact in which the entity’s systems did not comply
with JFMIP/OFFM requirements.

Internal Control
Done
D. Ask line manager if they receive appropriate reports

that are significant to performing day-to-day
management operations.
1. Determine the adequacy of reports used to manage
day-to-day operations.
a. For reports that are produced by the entity’s
financial management systems, ask
knowledgeable users, read the entity’s financial
management systems documentation, and from
other audit work, use professional judgment to
determine if the reports produced by the systems
are timely, useful, reliable, complete, and
appropriately summarized for the management
level receiving the report.
Use professional judgment, entity policy, and/or
criteria evident from each report to determine its
timeliness and accuracy. For example, if a report
is due by the 10th of each month, determine
whether it was provided by the 10th of each
month.
If only on-line access is provided for important
internal reports, through observation,
documentation, and inquiry—such as obtaining
systems logs and asking key managers about their
work habits—assess whether the reports were
available and accessed. Through inquiry and
observation, assess if management uses the
reports to manage operations. Ask management
what improvements are needed in the current
reporting methods. Document the results.
b. If the reports were not produced by the entity’s

financial management systems, ask how the
reports were prepared and perform a similar
assessment as described in step D.1.a.

Internal Control
Done
2. Determine whether appropriate levels of

management receive adequate and timely
management information. See FAM 903.12 for
questions related to determining FFMIA systems’
compliance with SFFAS No. 4.
a. Using professional judgment and industry best
practices, identify internal management
performance-related information needed for
managing day-to-day operations.
b. Determine whether appropriate levels of
management receive the information identified in
step D.2.a.
c. If full costing is not used in these management
reports, assess whether the lack of full cost
information affects the usefulness of the
information. Evaluate management’s justification
that full costing would not be beneficial for the
internal reports. This may need to be assessed on
a case-by-case basis.
3. Include any deficiencies identified and related

impact in the schedule shown in FAM 701 B.
E. Identify the entity’s external reports that are related to

financial management such as those used for budget
formulation and execution, fiscal management of entity
programs, funds management, payments and receipts
management, and to support the legal, regulatory, and
other special requirements of the entity.
1. Through interviews with knowledgeable users and
reading of the entity’s financial management system
documentation, determine if the reports are
produced by the systems.
a. For external reports that are tested as part of the
financial statement audit, include any deficiencies
identified and the related impact in FAM 701 B.
b. For external reports that are not tested as part of
the financial statement audit, using professional
judgment select several reports and assess
whether the reports are reliable, timely, and
complete. Include any deficiencies identified and
the related impact in FAM 701 B.

Internal Control
Done
2. As an indicator of systems deficiencies, determine

the magnitude and type of adjustments made to
prepare financial statements each quarter and
annually.
F. Determine if the entity’s financial management systems

track financial events and summarize information to
facilitate the preparation of auditable financial
statements. This determination can result from work
performed as part of the financial statement audit.
Document the deficiencies and the related impact in the
schedule shown in FAM 701 B.
G. Determine if the financial management systems enable

the entity to prepare, execute, and report on the entity’s
budget in accordance with the requirements of OMB
Circular No. A-11, Preparation, Submission and
Execution of the Budget. This determination can result
from work performed as part of the financial statement
audit. Document the deficiencies and the related impact
in the schedule shown in FAM 701 B.
H. Coordinate with an IS controls specialist to determine if
the entity has implemented and maintains a program to
provide adequate security for all entity information that
is collected, processed, transmitted, stored, or
disseminated in financial management systems.
1. Have the IS controls specialist review the annual
management testing and evaluation of the
effectiveness of information security, policies,
procedures, and practices in accordance with the
Federal Information Security Management Act of
2002 (FISMA).
2. Document the deficiencies and related impact

identified by the IS controls specialist in the schedule
shown in FAM 701 B.

Internal Control
Done
I. Determine if financial management systems include

internal control to safeguard resources against waste,
loss, and misuse, and whether reliable data are
obtained, maintained, and disclosed in system
generated reports. The auditor may obtain some of the
information needed to make this determination from
the work performed in the internal control phase. The
auditor may identify other systems internal control
weaknesses from other audit reports reviewed and
steps performed. Document the results in FAM 701 B.
III. Testing for Compliance with the Federal

Accounting Standards
A. Determine if the entity’s financial statements are
compiled in accordance with applicable accounting
standards
• Determine if any issues reported as part of the
financial statement audit were related to the lack of
the entity’s implementation of the accounting
standards in their systems or the standards were
not properly applied because of inadequate or
improperly implemented manual procedures.
Document the results in the schedule shown in FAM
701 B.
B. Perform tests to determine if the entity’s cost

accounting systems
• use the entity’s accounting classification elements
to identify and establish unique cost objects to
capture, accumulate, and report costs and revenues;
• allocate and distribute the full cost and revenue of
cost objects as defined by OMB including services
provided by one federal entity to another for
external reporting; and
• transfer cost data directly to and from other cost
systems/applications that produce or allocate cost
information.
Also, see step II.D.2 of these audit procedures.

Internal Control
Done
C. From the deficiencies identified in performing steps in

FAM 701 A (testing for compliance with federal
financial management systems requirements) and from
tests conducted as part of the financial statement audit,
determine if the financial systems record and
summarize transactions in accordance with applicable
accounting standards. Document the results and the
related impact in the schedule shown in FAM 701 B.
IV. Testing for Compliance with the SGL

A. Determine whether the entity financial management
systems use financial data that can be traced directly to
SGL accounts to produce reports providing financial
information for both internal and external reporting.
1. Ask entity management and from the documentation
prepared in step II.B.1 above, determine how
financial transaction data are summarized from the
financial systems to the core financial system.
2. Compare the entity’s chart of accounts to the SGL

accounts and identify any deviations.
3. Review all of the standard entries allowed by the

core financial system to determine if these entries
conform to the SGL posting rules.
4. Document any deficiencies and the related impact in

the schedule shown in FAM 701 B.
B. Ask whether the entity uses a crosswalk from its chart

of accounts for its core financial management system to
the SGL. If so, perform tests to determine the accuracy
of the crosswalk.
1. Trace all SGL accounts to the crosswalk.
2. Identify any SGL accounts that are not included in

the crosswalk. Identify any entity accounts not
associated with an SGL account in the crosswalk.
3. Compare the posting rules used by the system to

those included in the SGL to determine whether the
posting rules used by the system conform to the SGL.

Internal Control
Done
4. Document deficiencies and the related impact in the

schedule shown in FAM 701 B.
V. Summary
A. Summarize the results of the work performed above and
assess the entity’s compliance with the federal financial
management systems requirement of FFMIA.
1. Finalize the schedule of the FFMIA noncompliances
identified in the schedule prepared in FAM 701 B.
2. Read the entity’s management representation letter

covering the year under audit to obtain the entity
management’s FFMIA determination.
a. Document the entity or organization responsible
for the financial management systems that have
been found not to comply.
b. Document facts pertaining to the:
i. nature and extent of the noncompliance and
areas where there is substantial but not full
compliance;
ii. primary reason or cause of the
noncompliance;
iii. impact of the noncompliance; and
iv. relevant comments from any responsible
officer or employee.
c. Assess the recommended remedial actions for
each instance of noncompliance and
management’s time frames for implementing
these actions. Include this assessment in the
schedule in FAM 701 B.
3. After reviewing the nature and extent of deficiencies

identified, conclude whether the systems
deficiencies identified constitute lack of substantial
compliance with FFMIA requirements. Consider the
four factors from OMB’s FFMIA implementation
guidance when drawing this conclusion.
4. Prepare the FFMIA section of the report. See FAM

580.65-.67 and FAM 595 A, FAM 595 B, and FAM
1603, as appropriate.

Internal Control

Internal Control
701 B – Summary Schedule of Instances of Systems Noncompliance with FFMIA

Source of Nature and Substantial Applicable Responsible Primary reason Impact of Agency Corrective Assessment Doc Comments
information used extent of but not full criteria entity or cause of systems comments on action in of reference
in identifying systems compliance? (JFMIP/ systems noncompliance systems remediation corrective
deficiencies in noncompliance (Y or N) OFFM, noncompliance noncompliance plan? actions and
entity systems FASAB (Y or N) time frames
citation)
Prior year's
reported
instances of
noncompliance
(Step I.B.)
Prior year's
material
weaknesses and
significant
deficiencies that
affect FFMIA
determination
(Step I.B.)
Weaknesses in
the agency's most
recent FMFIA
report that affect
FFMIA
determination
(Step I.C.)

Internal Control
agency systems FASAB (Y or N) time frames
citation)
Deficiencies
identified in
recent IG and
GAO reports that
affect FFMIA
determination
(Step I.C.)
Cycle memoranda
for the current
year's audit
(Step I.D.)
Instances in
which the
agency's systems
did not comply
with
JFMIP/OFFM
functional
requirements
(Step II.C.)

Internal Control
citation)
Preparation of
internal
management
reports
(Step II.D.)
Preparation of
external agency
reports
(Step II.E.)
Preparation of
auditable
financial
statements
(Step II.F.)

Internal Control
citation)
Preparation,
execution, and
reporting on
agency budget in
accordance with
OMB A-11
(Step II.G.)
Implementation
and maintenance
of an information
security program
(Step II.H.)
Internal controls
as part of
financial
management
(Step II.I.)

Internal Control
citation)
Preparation of
agency financial
statements in
accordance with
applicable
accounting
standards
(Step III.A.)
Compliance
issues related to
the
implementation
of applicable
accounting
standards
(Step III.C.)

Internal Control
citation)
Agency financial
systems'
implementation
of the SGL
accounts
(Step IV. A.)
Agency use of a
crosswalk from
its core financial
management
system to the SGL
(Step IV. B.)

SECTION 800
Compliance
800 – Compliance

Compliance
802 - General Compliance Checklist

.01 The compliance testing section consists of a General Compliance Checklist
(questionnaire) for identifying laws and regulations for compliance testing.
It also supplements the laws OMB requires auditors of executive
departments, agencies and government corporations to test for compliance
(see FAM 295.01 H) and other laws of general applicability auditors may
decide to test during federal financial audits (see FAM 295.02 H). The
compliance supplements provide detailed guidance for assessing the
effectiveness of compliance controls and testing compliance with the
significant provisions of each law.
.02 The auditor generally should complete the General Compliance Checklist
(Form 802), or equivalent, for federal financial statement audits. With the
exception of the Antideficiency Act which has no materiality limit, the
auditor should decide if an individual law is significant for purposes of
compliance testing. The auditor generally should complete compliance
supplements only for laws required to be tested (FAM 802.06) and for other
laws (FAM 802.07) identified for compliance testing on the General
Compliance Checklist. Use of these documents is described below.
.03 To understand and evaluate compliance controls, the auditor also should
follow the guidance in FAM 260 on identifying risk factors and in FAM 320
on understanding information systems. The FAM also provides additional
guidance on compliance considerations for all audit phases.
Instructions For General Compliance Checklist
.04 The checklist contains a summary of each law. The auditor generally
should use this checklist or equivalent to determine which of these laws
are significant for testing compliance, as discussed in FAM 245. The auditor
may indicate whether each law meets the criteria for significance by
placing a check mark in the appropriate column (yes or no). As noted in
FAM 295 H, auditors should test certain laws and may also test for other
laws if they could have a direct and material effect on the financial
statements.
.05 The auditor may use estimates or interim information in the preliminary
column. The final amounts (based on the audited amounts or the final
amounts of available budget authority) are used to determine whether all
laws that would be significant in quantitative terms have been identified for
control and compliance testing. The auditor should document the sources
of all amounts included in this checklist. If the auditor determines the law
is significant from a qualitative standpoint, the auditor should document
the reasons for this conclusion.

Compliance
.06 Laws required for testing (if applicable)1 contained in supplements to the
General Compliance Checklist (Form 802) are:
Law Supplement
number
Antideficiency Act FAM 803
Federal Credit Reform Act of 1990 (FCRA) FAM 808
Provisions Governing Claims of the U.S. FAM 809
Government as provided primarily in 31 U.S.C.
3711-3720E (Including the Debt Collection
Improvement Act of 1996 (DCIA)
Prompt Payment Act FAM 810
Pay and Allowance System for Civilian Employees FAM 812
as Provided Primarily in Chapters 51-59 of Title 5,
U.S. Code
.07 Other frequently encountered laws contained in supplements to the

General Compliance Checklist (Form 802) that the auditor may test are:
Law Supplement
number
Civil Service Retirement Act FAM 813
Federal Employees Health Benefits Act FAM 814
Federal Employees’ Compensation Act FAM 816
Federal Employees’ Retirement System Act of FAM 817
1986
1
FFMIA is discussed in FAM 701.

Compliance
Entity _________________________________________________________________
Period of financial statements ____________________________________________
Job code _______________________________________________________________
Description of Law Yes No
Antideficiency Act,
31 U.S.C. 1341 and 1517
This law imposes restrictions on the amounts of obligations or
expenditures that agencies may make. As discussed in FAM 250,
the auditor should obtain information on the entity’s budget
authority, from sources such as appropriation legislation, and
identify all legally binding restrictions on budget execution.
Does the entity have appropriations or funds that are limited to an ____ ____
amount or a specified period of availability?
OMB audit guidance requires auditors to test for compliance with
this law.
Preliminary Final
Individual appropriations
Budget authority
Since the Act has no materiality limit, the auditor should complete
the compliance supplement at FAM 803.

Compliance
Federal Credit Reform Act of 1990 (FCRA),

2 U.S.C. 661-661f
This law contains numerous provisions relating to the recording of
activity related to direct loans, loan guarantees, and related
modifications for budget accounting purposes. The law provides
that after October 1, 1991, an agency may incur new direct loan
obligations or make new loan guarantee commitments only to the
extent that Congress has provided budget authority to cover the
costs of the loan or loan guarantee.
Does the entity’s budget authority available during the audit period
for direct loan obligations, loan guarantee commitments, or any
related modifications exceed planning materiality or did the
auditor determine that the FCRA could have a direct and material
effect on the entity’s financial statements? ____ ____
this law.
Preliminary Final
Total appropriations or other
budget authority available during
the fiscal year for costs of FCRA
activities (direct loans, loan
guarantees, and related
modifications)
Planning materiality
If yes, complete compliance supplement FAM 808.

Compliance
Provisions Governing Claims of the U.S. Government,

Including the Debt Collection Improvement Act of 1996
(DCIA), 31 U.S.C. 3711-3720E
These provisions address the collection of amounts owed to the
federal government. Interest generally accrues from the date that a
notice stating the amount due and the interest policies is first
mailed to the debtor. Interest generally accrues at a rate
established by the Secretary of the Treasury. Administrative costs
and penalties shall also be charged.
The provisions also require the entity to take all appropriate steps
to collect the debt before discharging it and to notify Treasury
about delinquent debt for administrative offset, collection by a
debt collection center, or tax refund offset. Entities shall also
participate in a computer match of delinquent debt with federal
employees, and when collection actions are terminated, the entity
holding delinquent debt shall sell it. Provisions also require the
entity (or entities making loans the government guarantees) to
notify credit-reporting agencies about delinquent debt and not
make or guarantee loans to persons who owe delinquent debt.
Does the cumulative amount of receivables created during the
audit period that are subject to provisions governing claims of the
U.S. government, including DCIA, exceed planning materiality? ____ ____
Does the amount of receivables at the end of the audit period that
are subject to provisions governing claims of the U.S. government,
including DCIA, exceed planning materiality? ____ ____
Did the auditor determine that laws governing claims of the U.S.
government, including the DCIA, could have a direct and material
this law.
(continued on next page)

Compliance
Provisions Governing Claims of the U.S. Government,

Including the Debt Collection Improvement Act of 1996
(DCIA), 31 U.S.C. 3711-3720E
(continued from prior page)
Preliminary Final
Cumulative amount of
receivables created during the
audit period that are subject to
provisions governing claims of
the U.S. government, including
DCIA ______
or:
Amount of receivables at the

end of the audit period that are
subject to provisions governing
claims of the U.S. government,
including DCIA ___ ______
Planning materiality ___ ______
Note: These provisions of the law generally do not apply to

amounts payable to the entity under the Internal Revenue Code,
the Social Security Act, or tariff laws. Those laws contain specific
provisions for these amounts.

Compliance
Prompt Payment Act,

31 U.S.C. 3901- 3907
The Prompt Payment Act requires federal entities to make

payments for property or services by the due date specified in the
related contract or, if a payment date is not specified in the
contract, generally 30 days after the invoice for the amount due is
received. If payments are not made within the appropriate period,
the entity shall pay an interest penalty. Also, discounts offered by
vendors may be taken only during the specified period. If they are
taken after the time period has expired, an interest penalty shall be
paid.
Do the entity’s payments for property or services subject to the

Prompt Payment Act for the audit period exceed planning
materiality or did the auditor determine that the Prompt Payment
Act could have a direct and material effect on the entity’s financial
statements? ____ ____

this law.
Preliminary Final
Amount of payments made for
property and services subject
to the Prompt Payment Act ___ _____
Planning materiality ___ _____

Compliance
Pay and Allowance System for Civilian Employees, provided

primarily in Chapters 51-59 of Title 5, U.S. Code
These laws require that employees be paid at the appropriate rates

established by law.
Does the entity’s payroll expense for the audit period exceed
planning materiality or did the auditor determine that the Pay and
Allowance System for Civilian Employees (as provided primarily in
Chapters 51-59 of Title 5, U.S. Code) could have a direct and
material effect on the entity’s financial statements? ____ ____

this law.
Preliminary Final
Payroll expense ____
Planning materiality ____
The entity’s expense for performance awards, cash awards,

overtime, travel, transportation, subsistence, or allowances for the
audit period usually do not exceed planning materiality. However,
if the auditor determines that these items or related provisions of
the Pay and Allowance System for Civilian Employees are
otherwise significant, the auditor should consult with the Office of
General Counsel (OGC) for specific provisions to be compliance
tested.

Compliance
Civil Service Retirement Act, 5 U.S.C. Chapter 83

This law provides retirement benefits to employees who were
hired prior to January 1, 1984. For each employee, the entity
withholds a percentage of basic pay from the employee’s
compensation and contributes an equal amount for retirement.
The employee and entity amounts are remitted to Treasury.
Does the entity’s expense for retirement costs under the Civil
Service Retirement Act for the audit period exceed planning
materiality or did the auditor determine that provisions of the Civil
Service Retirement Act could have a direct and material effect on
the entity’s financial statements? ____ ____
Preliminary Final
Expense for retirement
contributions _____
Planning materiality _____
Federal Employees Health Benefits Act, 5 U.S.C. Chapter 89

This law provides health insurance coverage to employees who
elect health insurance benefits. For each employee who elects
coverage, the entity pays an amount set by OPM for insurance
costs. The entity portion cannot exceed 75 percent of the
insurance cost. The employee pays the remainder of the total cost.
Information on the employee and entity cost of the insurance is
published by OPM. The entity withholds the amount of the
employee’s portion of the cost from the employee’s pay and remits
this amount, along with its own contribution, to Treasury.
Does the entity’s expense for health insurance costs for the audit
period exceed planning materiality or did the auditor determine
that the Federal Employees Health Benefits Act could have a
direct and material effect on the entity’s financial statements? ____ ____
Preliminary Final
Expense for health insurance _____

Compliance
Federal Employees’ Compensation Act (FECA),

5 U.S.C. Chapter 81
This law provides for the compensation of employees injured
while performing their duties. Claims are paid out of the Federal
Employees’ Compensation Fund. Federal entities are billed
annually by the fund for claims paid on their behalf.
Does the entity’s expense for the audit period for benefits paid by
the Federal Employees’ Compensation Fund on the entity’s behalf
exceed planning materiality or did the auditor determine the FECA
could have a direct and material effect on the entity’s financial
statements? ____ ____
Preliminary Final
Expense for Compensation
Fund claims _____
Federal Employees’ Retirement System (FERS) Act of 1986,

5 U.S.C. Chapter 84
This law provides retirement benefits for employees who were

hired after December 31, 1983. For each employee, the entity
withholds a percentage of basic pay from the employee’s
compensation and contributes an amount equal to the employing
agency’s applicable normal cost percentage less the employee
deduction rate for retirement. The employee and entity amounts
are remitted to Treasury.
Does the entity’s expense for retirement costs under the FERS Act
for the audit period exceed planning materiality or did the auditor
determine that the FERS Act could have a direct and material
Preliminary Final
Expense for retirement
contributions _ _____
Planning materiality _ _______

Compliance
Other Laws
The auditor should perform the following procedures and include
references to supporting documentation:
1. As described in FAM 245.02, read the list of laws and

regulations identified by the entity as significant to others.
(See .)
2. With OGC assistance, identify any other laws or regulations

that have a direct effect on determining financial statement
amounts. Determine whether the direct effect could be
material to the financial statements. (See .)
3. Determine whether to test compliance with any indirect laws

or regulations and make inquiries of management as discussed
in FAM 245.04-.06. See .)
4. For all laws or regulations identified for testing above, identify

significant provisions using the criteria in FAM 245.02. Test
compliance controls and compliance as described in FAM 300
and FAM 460.
Are any other laws or regulations identified for compliance

____ ____
testing?
If yes, attach a list of the laws or regulations identified to this form
and reference it to control and compliance work performed.

Compliance
Instructions For Compliance Supplements

.08 Each compliance supplement in FAM 803-817 consists of (1) a compliance
summary, (2) compliance audit procedures, and (3) notes.
Compliance Summary
.09 For each law identified for compliance testing on the General Compliance
Checklist, the auditor generally should complete the related compliance
summary or prepare equivalent documentation. The compliance summary
is designed to assist the auditor in planning compliance control tests and
summarizing the results of compliance control tests and compliance tests
for reporting the results of the work performed.
.10 The first column of the compliance summary contains a description of the
specific provisions of the law that have been identified for compliance
testing, the type of provision, and the reference to the law.
.11 The second column of the compliance summary contains the objective
related to the specific provision to be used for both compliance control and
compliance testing.
.12 In the third column of the compliance summary, the auditor should identify
the control activities that the entity has in place to achieve each objective
and document the control activity. If the entity does not have a control
activity that achieves the objective, the auditor should document this
condition in the third column.
.13 The fourth column of the compliance summary is used to indicate (Yes or
No) whether the control activity is information systems (IS) related as
described in FAM 270.04. IS controls are those the effectiveness of which
depends on computer processing. They can generally be classified into
general, application, and user controls. The auditor generally should
perform tests of IS controls with assistance from an IS specialist.
.14 The fifth column of the compliance summary indicates whether the auditor
believes that compliance controls are effective (Yes or No). The auditor
should design control tests to determine whether the control activities that
have been identified in the third column are in place and operating
effectively. A control activity is considered to be effective if it achieves the
control objective. The auditor should provide a reference in the fifth
column to the supporting documents of the control testing procedures, the
control tests, the results of these tests, and the auditor’s conclusions on the
effectiveness of the compliance controls.
.15 The sixth column of the compliance summary indicates whether the
auditor has noted any instances of noncompliance (Yes or No). The auditor
generally should perform compliance tests using the related Compliance
Audit Procedures in the next paragraph. The auditor should provide a
reference in the sixth and last column to the supporting documents of the
results of the compliance tests.

Compliance
Compliance Audit Procedures
.16 Compliance audit procedures are provided for each law. For each law
identified for compliance testing on the General Compliance Checklist, the
auditor generally should perform each step of the related compliance audit
procedures in the first column. Because the subject matter of some laws is
closely related to matters the auditor will test in other parts of the audit,
the auditor may coordinate with that other testing and design multipurpose
tests. For example, payroll compliance testing could be performed using
multipurpose tests of payroll controls and/or substantive payroll testing.
The auditor performing the procedure in the first column should initial and
date in the second column when the procedure is performed. The auditor
should include a reference to the documentation recording the work
performed for each step in the third and last column of the compliance
audit procedures.
Notes
.17 Notes are provided for each compliance supplement to assist the auditor in
understanding criteria, definitions, exemptions, and restrictions of law.
The notes also provide guidance to the auditor in testing and evaluating
controls to achieve the compliance objective.

Compliance

Compliance
803 – Antideficiency Act

Note: The auditor may complete this compliance summary or prepare equivalent documentation as provisions of the
Antideficiency Act are applicable to entities receiving federal funds, with no limit on materiality. OMB guidance on budget
execution, including the Antideficiency Act, is included in OMB Circular A-11, Part 4.
Name of entity: ____ Compliance Summary Prepared by:

Audit period: _____ Reviewed by:
Provision description Objective Control activities IS Effective Instances of

(Y/N) compliance noncompliance
controls? noted?
1. The entity shall not make expenditures 1. Expenditures or [Document the [Is control [Indicate [Indicate yes or
or obligations that exceed the amount obligations do not control activities dependent yes or no; no; include
available for expenditure or obligation exceed the amount used by the entity to on computer include reference to
in an appropriation or fund. available for expenditure achieve the processing?] reference to supporting
or obligation in an objective.] supporting documentation.]
Type: Quantitative-based appropriation or fund. (See note 2.) documenta- See Compliance
Ref: 31 U.S.C. 1341(a)(1)(A) and (C) tion.] Audit
Procedures
FAM 803 Step 3
2. The entity shall not involve the 2. Legal obligations do not [Document the [Is control [Indicate [Indicate yes or
government in a contract or obligation occur before an control activities dependent yes or no; no; include
for the payment of money before an appropriation is made or used by the entity to on computer include reference to
appropriation is made unless otherwise authorized by achieve the processing?] reference to supporting
authorized by law. law. objective.] supporting documentation.]
(See note 2.)
documenta- See Compliance
Type: Quantitative-based tion.] Audit
Ref:31 U.S.C 1341(a)(1)(B) Procedures
FAM 803 Step 3.

Compliance

Audit period: _____ Reviewed by:

controls? noted?
3. The entity shall not make expenditures 3. Expenditures or (See note 2.)
See Compliance
or obligations that exceed obligations do not
Audit
exceed the legally
(1) the amount of an apportionment; Procedures
binding limit on the
or FAM 803 Step 4.
entity's budget authority.
(The amount of the
(2) a lesser amount, if any, established apportionment or a
by agency regulations (such as the lesser amount, if any,
allotment level). See note 1. established by the
Type: Quantitative-based entity's regulations.)
Ref: 31 U.S.C. 1517(a) See note 1.

Compliance
Note: The auditor may perform these procedures or prepare equivalent documentation for the
Antideficiency Act as indicated on Form 802 - General Compliance Checklist at FAM 802-3.
These procedures test compliance with the provisions listed on the Compliance Summary for
this law.
Name of entity:
Audit period:
Reviewed by:
Audit Procedures Done Doc

by/date Ref
1. List the appropriations or other budget authority and the

related budget accounts that were identified for
compliance testing on Form 802 - General Compliance
Checklist. Per FAM 802-3, the auditor should identify all
legally binding restrictions on budget execution, from
sources such as appropriation legislation.
(The auditor may coordinate the following tests for
compliance with the Antideficiency Act with tests of the
Statement of Budgetary Resources and with tests of
expenses.)
2. As discussed in FAM 460.03, the auditor should determine

whether the summarized budget information (obligations
and expenditures) used for compliance tests are
reasonably accurate and complete. The auditor may obtain
assurance through effective controls the auditor tests
(usually the budget controls) or, if the controls are not
effective, through substantive testing of budget amounts
for validity, completeness, cutoff, recording, classification,
and summarization as described in FAM 495 B.
For the accounts listed in step 1, document if the auditor
will obtain this assurance by testing controls (as indicated
on Form 803 - Compliance Summary) or if substantive
tests of the budget information are necessary.
If the auditor determines that controls are not effective in
meeting some or all of the budget control objectives listed
in FAM 395 F, the auditor should perform substantive tests
of the budget amounts (obligations and expenditures) as
discussed in FAM 495 B. The auditor should perform
substantive tests only for those potential misstatements
for which the entity does not have effective budget
controls.

Compliance
Name of entity:
Audit period:
Reviewed by:

by/date Ref
After the auditor is satisfied as to the reasonableness of
the budget amounts to be used for the compliance tests,
perform the compliance tests in steps 3 and 4.
3. Compare the actual amounts of recorded obligations and

expenditures with the related appropriation or other
budget authority listed in step 1. If the entity does not
appear to have complied with the provision, perform step
6. (31 U.S.C. 1341(a)(1)(A) .
4. Compare timing of legal obligations (contractual or

otherwise) with available appropriation or other budget
authority listed in step 1. If the entity does not appear to
have complied with the provision, perform step 6 (31
U.S.C. 1341(a)(1)(B).
5. Determine the entity’s legally binding level of budget

authority (below the appropriation level) that was
identified during the planning phase. This level is usually
the apportionment level unless the entity has elected a
lower level, such as allotments. Compare the amount of
actual obligations and expenditures to the legally binding
level of restrictions on budget authority identified for
compliance testing (the apportionment or allotment level).
If the entity does not appear to have complied with the
provision, perform step 6. (31 U.S.C. 1517(a))

Compliance
Name of entity:
Audit period:
Reviewed by:

by/date Ref
6. If the entity does not appear to be in compliance based on

the results of tests performed, discuss these matters with
OGC and, when appropriate, the Special Investigator Unit
to conclude if noncompliance actually has occurred and
the implications of such noncompliance. For any
noncompliance noted
• identify the weakness in controls that allowed the
noncompliance to occur, if not previously identified
during control testing;
• report the nature of any weakness in controls and
consider modification of the opinion on internal
control as appropriate (see FAM 580.32-.61);
• consider the implications of any instances of
noncompliance on the financial statements; and
• report instances of noncompliance, as appropriate (see
FAM 580.67-.75.).
7. Contact the entity office responsible for submitting

Antideficiency Act (ADA) violations to the President,
Congress, and GAO and:
• Obtain a listing of violations for the year under audit.
• Inquire if all known violations have been included on
the list and reported.
• For each ADA violation determine if it was reported to
the President, the Congress, and GAO.
8. Check GAO’S ADA reporting website:

http:/www.gap.gov/ada/antideficiencyrpts.htm to identify
and obtain background about ADA violations reported by
the entity and compare audit evidence with what the entity
reported in ADA violation reports. There may be time lags
as to when violations are reported, particularly at year end.
9. Document conclusions on compliance with each provision

on Form 803 - Compliance Summary.

Compliance
Note 1: Entities are required to establish regulations that provide for a system of
administrative controls over their execution of budget authority (31 U.S.C.
1514(a)). As discussed in FAM 250.03, the entity may elect to lower the level at
which budget limitations are legally binding in these regulations. For example, the
entity may elect to reduce the legally binding limit on the obligation and
expenditure of budget funds from the apportionment to the allotment level. The
auditor should determine the level at which the entity’s legally binding limit has
been established.
Note 2: The auditor should consider the results of the evaluation and testing of budget
controls (FAM 370.11). These controls relate to the execution of budget authority
and usually are the same controls that are used to comply with the Antideficiency
Act. Accordingly, additional determinations of controls that achieve the
compliance objective generally is not necessary if the auditor has assessed
whether the entity achieves all of the budget control objectives listed in FAM 395
F. The auditor should reference this compliance summary to the budget control
evaluation and testing and perform any additional procedures determined to be
necessary to conclude if compliance controls are effective.

Compliance
808 – Federal Credit Reform Act of 1990
808 - Federal Credit Reform Act of 1990

Note: The auditor may complete this compliance summary or prepare equivalent documentation only if provisions of the Federal Credit Reform Act of 1990
(FCRA) are considered to be significant as indicated on Form 802 - General Compliance Checklist at FAM 802-4. OMB guidance on FCRA is included in OMB
Circular No. A-11, part 5, Federal Credit

Audit period: ____ Reviewed by:

controls? noted?
1. Direct loan obligations may be 1. Direct loan [Document the [Is control [Indicate yes or [Indicate yes or no;
incurred on or after October 1, obligations made on control activities used dependent no; include include reference to
1991, only to the extent that an or after October 1, by the entity to on com- reference to supporting
appropriation or other budget 1991, do not exceed achieve the puter pro- supporting documentation.]
authority is available to cover the available objective.] cessing?] documentation.] See Compliance
these costs. (See notes 1, 2, and 5- appropriation or (See note 10.) Audit Procedures
7.) other budget FAM 808 steps 3 and
authority. (See notes 4.
Type: Quantitative-based 1, 2, and 5-7.)
Ref: 2 U.S.C. 661c(b)
2. A direct loan obligation or 2. Modifications made (See note 10.) See Compliance
outstanding direct loan shall not to direct loan Audit Procedures
be modified in a manner that obligations or FAM 808 step 3.
increases its cost unless budget outstanding direct
authority for the additional cost is loans do not exceed
available. (See notes 5 and 8.) the available budget
(See note 9 for matters to discuss authority. (See notes
with OGC prior to testing.) 5, 8, and 9.)
Type: Quantitative-based
Ref: 2 U.S.C. 661c(e)

Compliance

Audit period: ____ Reviewed by:

controls? noted?
3. Loan guarantee commitments may 3. Obligations for new (See note 10.) See Compliance
be made on or after October 1, loan guarantee Audit Procedures
1991, only to the extent that an commitments made FAM 808 steps 3
appropriation or other budget on or after October 1, and 4.
authority is available to cover 1991, do not exceed
these costs. (See notes 3 to 7.) the available
appropriation or
other budget
Type: Quantitative-based authority. (See notes
Ref: 2 U.S.C. 661c(b) 3 to 7.)
4. A loan guarantee commitment or 4. Modifications made (See note 10.) See Compliance
outstanding loan guarantee shall to loan guarantee Audit Procedures
not be modified in a manner that commitments or FAM 808 step 3.
increases its cost unless budget outstanding loan
authority for the additional cost is guarantees do not
available. (See notes 5 and 8.) exceed the available
(See note 9 for matters to discuss budget authority.
with OGC prior to testing.) (See notes 5, 8, and
9.)
Type: Quantitative-based
Ref: 2 U.S.C. 661c(e)

Compliance
Note: The auditor may complete these procedures or prepare equivalent documentation only if
provisions of the Federal Credit Reform Act (FCRA) are significant as indicated on Form 802 - General
Compliance Checklist. These procedures test compliance with the provisions listed on the Compliance
Summary. OMB guidance on FCRA programs is included in OMB Circular No. A-11, part 5, Federal
Credit.
Name of entity: __________

Audit period: __________
Reviewed by: ___________
Done Doc
Audit Procedures
by/date Ref
1. List the appropriations or other budget authority and the

related budget accounts that were identified for
compliance testing on Form 802 - General Compliance
Checklist at FAM 802-4.
2. As discussed in FAM 460.03, the auditor should determine

whether summarized budget information (obligations and
expenditures) used for compliance tests is reasonably
accurate and complete. The auditor may obtain assurance
through effective controls the auditor tests (usually the
budget controls) or, if the controls are not effective,
through substantive testing of budget amounts for
validity, completeness, cutoff, recording, classification,
and summarization as described in FAM 495 B.
For the accounts listed in step 1, document if the auditor

will obtain assurance by testing controls (as indicated on
Form 808 - Compliance Summary) or whether substantive
tests of the budget information are necessary.
If the auditor determines that controls are not effective in

meeting some or all of the budget control objectives listed
in FAM 395 F, plus the supplemental objectives for FCRA
listed in FAM 395 F Sup, the auditor should perform
substantive tests of the budget amounts (obligations and
expenditures) as discussed in FAM 495 B. The auditor
should perform substantive tests only for those potential
misstatements for which the entity does not have
effective budget controls.
After the auditor is satisfied as to the reasonableness of

the budget amounts to be used for the compliance tests,
perform the compliance tests in steps 3 and 4.

Compliance

Done Doc
Audit Procedures
by/date Ref
3. For each appropriation account or other budget authority

listed in step 1, perform the following procedures that are
applicable for direct and guaranteed loan programs that
have a positive subsidy (i.e., cash outflows exceed cash
inflows); (for direct and guaranteed loan programs that
have a negative subsidy (i.e., cash inflows exceed cash
outflows), perform step 4):
(a) Compare the amount of obligations for direct loans

to the amount of the available appropriation or other
budget authority. (Note: This budget restriction is
applicable only to obligations for direct loans made
on or after October 1, 1991.)
3. (b) Compare the amount of obligations for modifications

of direct loan obligations or outstanding direct loans
to the amount of available budget authority. (Note:
The sale of a direct loan is considered a modification.
Discuss applicability of this budget restriction to
direct loans and direct loan obligations that were
outstanding prior to October 1, 1991, with OGC prior
to performing compliance test.)
3. (c) Compare the amount of obligations for loan

guarantee commitments to the amount of the
available appropriation or other budget authority.
(Note: This budget restriction is only applicable to
obligations for loan guarantee commitments made on
or after October 1, 1991.)

Compliance

Done Doc
Audit Procedures
by/date Ref
3. (d) Compare the amount of obligations for modifications

of loan guarantee commitments or outstanding loan
guarantees to the amount of available budget
authority. (Note: Discuss applicability of this budget
restriction to loan guarantees and loan guarantee
commitments that were outstanding prior to October
1, 1991, with OGC prior to performing compliance
test.) (2 U.S.C. 661c(b) and (e))
If the amounts of obligations in any of these comparisons

exceed the available budget authority, the entity may not
be in compliance. Perform step 5.
4. Direct and guaranteed loan programs that have a negative

subsidy (cash inflows exceed cash outflows) do not
receive an appropriation. However, such programs often
have a loan limit that cannot be exceeded, i.e., a
maximum number of loans that can be made or
guaranteed. For these programs, compare the total
number and dollar volume of loans made to the loan limit
in the applicable appropriations act or other law. Perform
step 5.

Compliance

Done Doc
Audit Procedures
by/date Ref

the results of tests performed, the auditor should discuss
these matters with OGC and, when appropriate, the
Special Investigator Unit to conclude if noncompliance
actually has occurred and the implications of such
noncompliance.
For any noncompliance noted, the auditor should
• identify the weakness in controls that allowed the

noncompliance to occur, if not previously identified
during control testing;
• report the nature of any weakness in controls and

consider modification of the report on internal control
as appropriate (see FAM 580.32-.61);

• report instances of noncompliance, as appropriate

(see FAM 580.67-.75).
6. Document conclusions on compliance with each

provision on Form 808 - Compliance Summary.
Note 1: A direct loan is a disbursement of funds by the government to a non-federal

borrower under a contract that requires the repayment of such funds with
or without interest. The term also includes the purchase of, or participation
in, a loan made by another lender. The term does not include the
acquisition of a federally guaranteed loan in satisfaction of default claims or
the price support loans of the Commodity Credit Corporation. (2 U.S.C.
661a(1))
Note 2: A direct loan obligation is a binding agreement by a federal agency to make
a direct loan when specified conditions are fulfilled by the borrower.
(2 U.S.C. 661a(2))

Compliance
Note 3: A loan guarantee is any guarantee, insurance, or other pledge with respect
to the payment of all or a part of the principal or interest on any debt
obligation of a nonfederal borrower to a nonfederal lender, but does not
include the insurance of deposits, shares, or other withdrawable accounts
in financial institutions. (2 U.S.C. 661a(3))
Note 4: A loan guarantee commitment is a binding agreement by a federal agency

to make a loan guarantee when specified conditions are fulfilled by the
borrower, the lender, or any other party to the guarantee agreement.
(2 U.S.C. 661a(4))
Note 5: Appropriations or other budget authority to cover the cost of budget

obligations for direct loan obligations and loan guarantee commitments
must be made in advance by Congress. For revolving or other funds that
otherwise would be available for these budget obligations, Congress must
enact a limit on the use of such funds for these purposes to make them
available for use. (2 U.S.C. 661c(b))
Note 6: Costs are defined as the estimated long-term cost to the government of a
direct loan, loan guarantee or modification, calculated on a net present
value basis, excluding administrative costs and any incidental effects on
governmental receipts or outlays. These calculations are described in
further detail under the valuation control objective for obligations in FAM
395 F. (2 U.S.C. 661a(5))
Note 7: There is an exemption from this requirement for entitlements (mandatory

programs such as the guaranteed student loan program and the VA home
loan guaranty program) and credit programs of the Commodity Credit
Corporation existing on the date of enactment of FCRA (November 5,
1990). (2 U.S.C. 661c(c))
Note 8: Modifications are government actions that alter the estimated net present
value of a direct loan or loan guarantee for which an obligation has been
recorded, for example, the sale of a direct loan, per SFFAS No. 2, paragraph
53, or a policy change affecting the repayment period or interest rate for a
group of existing loans. (Changes within the terms of existing contracts or
through other existing authorities are not considered to be modifications.
Also, “work outs” of individual loans, such as a change in the amount or
timing of payments to be made, are not considered modifications.) The
effects of these changes should be included in the annual reestimates of the
estimated net present value of the obligations. Permanent indefinite
authority is provided by FCRA for these reestimates.
Note 9: Discuss applicability of this budget restriction to direct loans, direct loan
obligations, loan guarantees, or loan guarantee commitments that were
outstanding prior to October 1, 1991, with OGC prior to performing control
or compliance tests.

Compliance
Note 10: The auditor should determine the results of the evaluation and testing of
budget controls and testing of the Statement of Budgetary Resources.
These controls relate to the execution of budget authority and usually are
the same controls that are used to comply with the Antideficiency Act and
FCRA. Accordingly, additional consideration of controls that achieve the
compliance objective generally is not necessary if the auditor has assessed
whether the entity achieves all of the budget control objectives listed in
FAM 395 F, including the supplemental control objectives for FCRA. The
auditor should reference to the budget control evaluation and testing and
perform any additional procedures considered necessary to conclude if
compliance controls are effective.

Compliance
809 - Provisions Governing Claims of the U.S. Government (31 U.S.C. 3711-3720E), Including the Debt Collection Improvement Act
of 1996 (DCIA)
809 - Provisions Governing Claims of the U.S. Government (31 U.S.C. 3711-3720E),
Including the Debt Collection Improvement Act of 1996 (DCIA)
Note: The auditor may complete this compliance summary or prepare equivalent documentation only if provisions governing
claims of the U.S. government, as provided primarily in sections 3711-3720E of Title 31, U.S. Code (including provisions of the
Debt Collection Improvement Act of 1996) are significant, as indicated on Form 802 - General Compliance Checklist at FAM 802-5.
Name of entity: Compliance Summary Prepared by:

Audit period: Reviewed by:

controls? noted?
1. Interest shall be charged on an 1. Interest is properly [Document the [Is control [Indicate [Indicate yes or
outstanding debt (or claim) owed to the calculated and charged control activities dependent yes or no; no; include
entity. Interest accrues from the date on past due amounts used by the entity on computer include reference to
the notice of the amount due and owed to the entity at the to achieve the processing?] reference to supporting
interest policies is first mailed to the correct rates. objective.] supporting documentation.]
debtor. Interest is charged at the rate (See notes 1, 2, and 3.) documenta-
established by the Secretary of the tion.] See Compliance
Treasury that is in effect on that date. Audit
The rate remains fixed at that rate for Procedures FAM
the duration of the indebtedness. 809 steps 3 (a),
(See notes 1, 2, and 3.) (b), and (c).
Type: Transaction-based
Ref: 31 U.S.C. 3717(a), (b), and (c)

Compliance
of 1996 (DCIA)


controls? noted?
2. The entity shall assess, on a claim owed 2. Administrative charges See Compliance
to it, a charge to cover the cost of and late payment Audit
processing and handling a delinquent penalties are properly Procedures FAM
claim plus a penalty charge (of not calculated and charged 809 step 3(d).
more than 6 percent a year) for failure on past due amounts.
to pay a part of a claim more than 90 (See note 3.)
days past due. These additional charges
do not accrue interest. (See note 3.)
Ref: 31 U.S.C. 3717(e) and (f)
3. The entity may compromise, terminate, 3. Claims of more than See Compliance
or suspend claims that are not more $100,000 (excluding Audit
than $100,000 (excluding interest) or interest, penalties, and Procedures FAM
such higher amounts as the Attorney administrative costs) are 809 step 5(a).
General may prescribe. Claims of more referred to the Justice
than $100,000 (excluding interest, Department for
penalties, and administrative costs) compromise,
shall be referred to the Justice termination, or
Department for compromise, suspension.
termination, or suspension. (See note 4.)
(See note 4.)
Type: Procedural-based
Ref: 31 U.S.C. 3711(a), 31 C.F.R 902.1

Compliance
of 1996 (DCIA)


controls? noted?
4 If the entity is owed a valid and legally 4. When nontax debt See Compliance
enforceable, nontax debt delinquent becomes delinquent over Audit
over 180 days, and there are no bars to 180 days, it is referred to Procedures FAM
collection, it shall notify Treasury Treasury for 809 step 5(b).
about the debt for administrative offset administrative offset and
and refer the debt to Treasury or a collection.
Treasury-designated debt collection (See notes 5, 6, and 7.)
center for collection action.
(See notes 5, 6, and 7.)
Ref: 31 U.S.C. 3711(g)(1) and (9), 31
U.S.C. 3716(c)(6)
5. Unless waived by the entity, a person 5. Loans and loan insurance See Compliance
may not obtain any loan (other than a or guarantees are not Audit
disaster loan) or loan insurance or granted to persons with Procedures FAM
guarantee administered by the entity if delinquent nontax debt. 809 step 4(b).
the person has outstanding nontax
delinquent federal debt. (Delinquency is
determined by Treasury regulations.)
Ref: 31 U.S.C. 3720B

Compliance
Note: The auditor may perform these procedures or prepare equivalent documentation
only if provisions governing claims of the United States government as provided
primarily in sections 3711-3720E of Title 31, U.S. Code (including provisions of the Debt
Collection Act of 1996) are significant, as indicated on Form 802 - General Compliance
Checklist at FAM 802-5. These procedures test compliance with the provisions listed on
the Compliance Summary.
Name of entity:
Audit period:
Reviewed by:

by/date Ref
1. Based on the preliminary assessment of compliance
control effectiveness (as documented on Form 809 -
Compliance Summary), select a sample of amounts owed
to the entity during or at the end of the audit period. (The
sample size will vary based on the expected effectiveness
of compliance controls, as discussed in FAM 460.02).
Document the sampling approach using the
documentation in FAM 495 E. See note 8 regarding
sampling efficiencies and completeness of the sample
population.
Sample size
Sample selection method
2. For each item selected in step 1 obtain the loan file or

other supporting documentation and note the following
information as of the date selected for testing
• due date of debt;
• amount owed;
• date the notice of the amount due and the interest
policies is first mailed to the debtor;
• amount of interest accrued and other administrative
charges and penalties charged, if any; and
• number of days the debt is past due, if any.
Perform step 3 if the debt is past due.

Perform step 4 if the debt is not past due.

Compliance
Name of entity:
Audit period:
Reviewed by:

by/date Ref
3. If the amount selected is past due:
(a) Calculate the number of days that interest should be
accrued on the debt as of the date selected for
testing. Interest generally accrues from the date that
the notice of the amount due is first mailed to the
debtor. (See note 1.) Compare the auditor’s
calculation with the calculation performed by the
entity and obtain explanation and examine support
for any differences. (31 U.S.C. 3717(b))
3. (b) Determine the interest rate that should be used to

accrue interest on the debt. The rate is published in
the Federal Register and should be the rate that was
in effect on the date that the notice of the amount due
is first mailed to the debtor. Compare the auditor’s
determination of the rate to the rate used by the
entity and obtain explanation and examine support
for any differences. (31 U.S.C. 3717(a) and (c))
3. (c) Calculate the amount of interest that should be owed

as of the date selected for testing using the number of
days tested in (a) and the interest rate tested in (b).
Compare the auditor’s calculation to the amount
calculated by the entity and obtain explanation and
examine support for any differences. See notes 2 and
3 regarding the waiver of interest.
3. (d) Obtain the entity’s schedule of administrative charges

and late payment penalties and determine if the
appropriate amounts were charged to the debtor. See
note 3 regarding the waiver of these charges.
(31 U.S.C. 3717(e) and (f))

Compliance
Name of entity:
Audit period:
Reviewed by:

by/date Ref
4. If the debt is not past due, determine through
examination of the entity’s records whether
(a) interest, administrative charges, or penalties are not

being charged; and
(b) the debtor had no outstanding nontax delinquent

federal debt at the time the loan was obtained.
(31 U.S.C. 3720B)
5. The objectives listed below relate to procedural-based

provisions. As discussed in FAM 460.06, the auditor
usually performs sufficient procedures in conjunction
with tests of compliance controls for these procedural-
based provisions to conclude on the entity’s compliance
without performing additional procedures. The auditor
should not perform additional procedures to obtain
evidence regarding compliance with the provisions
related to the following objectives unless sufficient
evidence regarding compliance was not obtained during
compliance control tests documented on Form 809 -
Compliance Summary.
(a) Claims of more than $100,000 (excluding interest,

penalties, and administrative costs) are referred to the
Justice Department for compromise, termination, or
suspension. See note 4. (31 U.S.C. 3711)
(b) Claims delinquent for a period of 180 days have been

referred to Treasury for collection. See notes 5, 6, and
7. (31 U.S.C. 3711(g))

Compliance
Name of entity:
Audit period:
Reviewed by:

by/date Ref
noncompliance.
• identify the weakness in compliance controls that

allowed the noncompliance to occur, if not previously
identified during compliance control testing;
• report the nature of any weakness in compliance

controls and consider modification of the conclusion
on internal control as appropriate (see FAM 580.32-
.61);

• report instances of noncompliance, as appropriate (see

FAM 580.67-.75).
7. Document conclusions on compliance with each provision


Compliance
Note 1: Claims are amounts owed to the government, including amounts owed for loans
insured or guaranteed by the government. The term “claim” is used
interchangeably with the term “debt” in this law. (31 U.S.C. 3701(b))
Interest normally accrues from the date that notice of the debt and the agency’s
interest policies is first mailed to the debtor. If the agency sends a bill to the
debtor in advance of the due date and that bill states the interest policies,
interest would accrue from the due date specified in the bill.
The provisions regarding accrual of interest and other charges do not apply to
the extent that a statute, related regulation, loan agreement, or contract
provides otherwise, or if a claim is under a contract executed before October
25, 1982, that is in effect on October 25, 1982. (31 U.S.C. 3717(g)) Accrual of
interest and penalties under this law does not apply to amounts owed by other
agencies of the federal government, or to amounts payable to the entity under
the Internal Revenue Code, the Social Security Act, or tariff laws. (31 U.S.C.
3701 (c) and (d))
Note 2: The entity shall waive the collection of interest on a claim (or any portion of the
claim) that is paid within 30 days after the date on which interest began to
accrue. The agency may extend this 30-day period. (31 U.S.C. 3717(d)) Interest
that is either accrued or collected on claims that are paid within the 30-day
period would usually not be material or otherwise significant for purposes of
compliance testing. If the auditor considers this provision to be significant for
compliance testing, this form should be tailored to include the appropriate
testing procedures.
Note 3: The entity has the authority to waive the collection of interest,
penalties, and administrative charges. The entity should follow its own
regulations when determining whether a waiver is appropriate. Such
regulations should be in conformity with the standards set jointly by the
Comptroller General, the Attorney General, and the Secretary of the Treasury
described in 31 C.F.R. 901.9. (31 U.S.C. 3717(h))
The entity may increase an administrative claim (debt not based on an
extension of government credit through direct loans, guarantees, or insurance,
including fines, penalties, and overpayments) annually by the cost of living
adjustment in lieu of charging interest and penalties. (31 U.S.C. 3717(i))
Note 4: Compromise is the term used when an amount less than the total amount of the
claim is accepted by the entity as payment in full. Suspension refers to the
temporary deferral of collection activities until collection activity is expected to
be more successful. Termination refers to stopping of collection activities.
Only the Justice Department has the authority to compromise, terminate, or
suspend collection on claims that are greater than $100,000 (excluding interest,
penalties, and administrative charges). Pursuant to 31 C.F.R. Parts 902.1 and
903.1, entities generally should use a Claims Collection Litigation Report
(CCLR) to refer such matters to the Justice Department.

Compliance
Note 5: Exceptions to the requirement to transfer nontax debt delinquent for a period
of 180 days to Treasury for collection are
(a) a debt or claim that
(1) is in litigation or foreclosure;
(2) will be disposed of under an asset sales program within 1 year after
becoming eligible for sale, or later than 1 year if consistent with an
asset sales program and a schedule established by the entity and
approved by OMB;
(3) has been referred to a private collection contractor for collection for
a period determined by Treasury;
(4) has been referred by, or with the consent of, Treasury to a debt
collection center for a period determined by Treasury; or
(5) will be collected under internal offset, if such offset is sufficient to
collect the claim within 3 years after the date the debt or claim is first
delinquent; and
(b) to any other specific class of debt or claim, as determined by Treasury at
the request of an entity. (31 U.S.C. 3711(g)(2)) Examples include
(1) debts in bankruptcy meeting the criteria for an automatic stay (11
U.S.C. 362),
(2) foreign debt considered uncollectable by Treasury due to foreign
diplomacy considerations and affairs of state,
(3) debts in forbearance or appeals.
Note 6: Exceptions to the requirement to notify Treasury of nontax debt delinquent
over 180 days for administrative offset are a claim that has been outstanding for
more than 10 years or when a statute explicitly prohibits using administrative
offset or setoff to collect the type of claim involved. (31 U.S.C. 3716(e)) Also,
this section does not prohibit the use of any other administrative offset
authority existing. (31 U.S.C. 3716(d))
Prior to referring debts to Treasury, an agency shall inform the debtor of the
amount and nature of the debt (such as overpayment, etc.), and actions which
may be taken to enforce recovery of a delinquent debt. These include
(a) offset of any payments which the debtor is due, including tax refunds,
and salary;
(b) referral of the debt to a private collection agency;
(c) referral of the debt to the Department of Justice or agency counsel for
litigation;
(d) reporting of the debt to a credit bureau;
(e) reporting of the debt, if discharged, to IRS as a potential taxable income.

Compliance
In the future, the agency also will need to inform the debtor that the debt may
be subject to administrative wage garnishment, his/her identity may be
published or publicly disseminated, and/or the debt may be sold.
The notice must tell the debtor that he/she has the opportunity
(a) to inspect and copy records relating to the debt,
(b) for a review by the agency; and
(c) to enter into a written repayment agreement.
Note 7: Before an entity refers past-due debt to Treasury for reduction of tax refund, it
must
(a) notify the person incurring such debt that the entity proposes to refer to
Treasury for tax refund offset,
(b) give such person at least 60 days to present evidence that all or part of
the debt is not past due or not legally enforceable,
(c) consider any evidence presented by such person and determine that an
amount of such debt is past due and legally enforceable,
(d) satisfy such other conditions Treasury may prescribe to ensure the above
determination is valid and that the entity has made reasonable efforts to
obtain payment, and
(e) certify that reasonable efforts have been made by the entity to obtain
payment. (31 U.S.C. 3720A(b))
Treasury issues regulations prescribing the times at which entities shall submit
notices of past-due legally enforceable debts, the manner of submitting them,
and the information to be contained in them. The regulations also specify the
minimum amount of debt that may be referred for tax refund offset and the fee
the entity shall pay to reimburse Treasury for its costs.
Note 8: If the auditor uses multipurpose testing for the compliance test and/or
compliance control test and/or a substantive test of accounts or loans
receivable details, the sample items for the compliance test and/or compliance
control test should be selected using the sampling method used for the
substantive test as described in FAM 430. Otherwise, the auditor should select
items using attribute sampling as discussed in FAM 460.02.
As with all sampling applications, the auditor should determine the
completeness of the test population. For efficiency, the auditor should use
records that were tested for validity, accuracy, and completeness (as well as
the other financial statement assertions) in conjunction with substantive tests
of the population.

Compliance
810 - Prompt Payment Act

Note: The auditor may complete this compliance summary or prepare equivalent documentation only if provisions of the
Prompt Payment Act are significant as indicated on Form 802 - General Compliance Checklist at FAM 802-7. OMB guidance
on the Prompt Payment Act is included in 5 C.F.R. Part 1315.
Name of entity: __ _ Compliance Summary Prepared by: _______ _

Audit period: _______ Reviewed by: _ _______

controls? noted?
1. If payment for property or services 1a. All payments for [Document the [Is control [Indicate [Indicate yes or
from a business concern is not made property or services control activities dependent yes or no; no; include
by the required due date, an interest that are not made by the used by the on computer include reference to
penalty shall be paid to the concern payment due date are entity to achieve processing?] reference to supporting
on the amount of the payment due. identified. (See note 1.) the objective.] supporting documentation.]
The interest penalty shall be paid for documenta- See Compliance
the period beginning on the day after 1b. Interest penalties are tion.] Audit
the required payment date and calculated and paid on Procedures
ending on the date on which payment the past due amount FAM 810 step
is made. (See notes 1, 2, 3, 4, and 5.) using the appropriate 4(a) and (b).
interest rate and period.
Type: Transaction-based (See notes 2, 3, 4, and
Ref: 31 U.S.C. 3902(a) and (b) 5.)

Compliance
Name of entity: __ _ Compliance Summary Prepared by: _______ _

Audit period: _______ Reviewed by: _ _______

controls? noted?
2. Penalties shall be paid out of amounts 2. Interest penalties are See Compliance
made available to carry out the paid out of the Audit
program for which the penalty is appropriation used to Procedures
incurred. pay related program FAM 810 steps
expenditures. 4(c), 5(c), and 6.
Ref: 31 U.S.C. 3902(f)
3. Discounts offered by a business 3a. Discounts taken after See Compliance

concern may be taken only if the specified time Audit
payment is made within the specified period are identified. Procedures
time as determined from the date of FAM 810 step
the invoice. An interest penalty shall 3b. Interest penalties are 5(a) and (b).
be paid on improperly taken properly calculated and
discounts. paid on the amount of
any improperly taken
discounts using the
Type: Transaction-based appropriate interest
Ref: 31 U.S.C. 3904 rate and period.

Compliance
Note: The auditor may complete this program or prepare equivalent documentation only
if provisions of the Prompt Payment Act are significant as indicated on Form 802 -
General Compliance Checklist at FAM 802-7. These procedures test compliance with the
provisions listed on the Compliance Summary. OMB Guidance on the Prompt Payment
Act is included in 5 C.F.R. Part 1315.
Name of entity: _________

Audit period: _________
Reviewed by: _________

by/date Ref
1) Based on the preliminary assessment of compliance

Compliance Summary), select a sample of payments from
throughout the audit period. (The sample size will vary
based on the expected effectiveness of compliance
controls as discussed in FAM 460.02.) Document the
sampling approach using the documentation in FAM 495 E.
See note 6 regarding sampling efficiencies and
completeness of the population.
Sample size
2) For each item selected in step 1, obtain the supporting

documentation for the payment such as the invoice
voucher package.
a) Document the following items in the documentation

• invoice number;
• payee;
• invoice amount;
• invoice date;
• invoice receipt date (or other date used for
determining compliance with this law - see step
2(b));
• payment date;
• amount of interest penalty paid, if any;
• amount of discount taken, if any; and
• appropriation account(s) charged for the
expenditure and interest penalty, if any.

Compliance


by/date Ref
b) For each item selected, note whether the payment

was made by the required due date. The required due
date may be the date specified in the contract or, if a
date is not specified, 30 days after receipt of the
invoice (31 U.S.C. 3903(a)(1)(A) and (B)). If payment
is for meat or meat food products, perishable
agricultural products, dairy products or construction
contracts, consult with OGC to determine payment
due date. Specific payment due dates to avoid
interest penalties are established by law for these
items. (31 U.S.C. 3903(a)(2), (3), (4), and (6))
The invoice receipt date is the later of (1) the date the
entity’s designated representative or office actually
receives a proper invoice or (2) the 7th day after the
date on which, in accordance with the terms and
conditions of the contract, the property is actually
delivered or performance of the services is actually
completed (unless the entity accepted the property or
services before the 7th day or a longer acceptance
period is specified in the contract). If the date of
actual invoice receipt is not indicated, the entity must
use the invoice date. (31 U.S.C. 3901(a)(4)(A) and
(B))
If the payment was made on or prior to the payment

due date, perform step 3.
If the payment was made after the payment due date,

perform step 4.
If a discount was taken, perform step 5.

Compliance


by/date Ref
3) If the payment was made on or prior to the payment due

date, and no discount was taken, determine that no
interest penalty was paid.
(Note: If the entity did not take advantage of a discount for

which it was eligible or if an interest penalty was paid
when it was not owed, the auditor generally should
determine the cause of these items for purposes of
reporting findings.)
4) If the payment was made after the payment due date,

determine whether
a) an interest penalty was paid;
b) the amount of the interest penalty was properly
calculated; and
c) the interest penalty was paid out of the appropriation
used to pay the related expenditures.
Review the accounting codes indicated on the expense

voucher. Determine whether the accounting codes used to
record the interest penalty are the same as those used for
the related expenditure and whether the codes and
amounts agree with those recorded in the budgetary
accounting records. (See step 6 regarding proper
summarization of amounts.) (31 U.S.C. 3902 (a), (b), and
(f).)
Investigate any differences between the amount of interest

penalty calculated by the auditor and the amount paid by
the entity, including any instances when an interest penalty
was owed but not paid. See note 5. Investigate any
instances when the proper appropriation account was not
charged.
See note 2 regarding the interest rate to be used. See notes

3 and 4 regarding the period the penalty should cover.

Compliance


by/date Ref
5) If a discount was taken, determine whether it was taken

during the specified period the discount was available. If
the discount was taken during the specified period, further
consideration is not necessary.
If any discounts are taken after the appropriate time

period, determine whether
a) an interest penalty was paid,
b) the amount of the interest penalty was properly
calculated, and
c) the interest penalty was charged against the
appropriation used for the related expenditures.
Review the budget accounting codes indicated on the

expense voucher. Determine whether the budget
accounting codes indicated on the voucher for the interest
penalty are the same as those used for the related
expenditure. Determine whether the codes and amounts
on the voucher agree with those recorded in the budgetary
accounting records. (See step 6 regarding proper
summarization of the budgetary amounts.) (31 U.S.C. 3902
(a), (b), and (f), and 31 U.S.C. 3904)
Interest penalties should be calculated on the amount of

the discount. The penalty accrues on the amount of the
discount from the last date specified that the discounted
amount may be paid (31 U.S.C. 3904). See note 2 regarding
the interest rate to be used to calculate the interest
penalty.
Investigate any differences between the amount of interest

penalty calculated by the auditor and the amount paid by
the entity, including any instances when an interest penalty
was owed but not paid. Investigate any instances when the
proper appropriation account was not charged.

Compliance

Audit period:
Reviewed by:

by/date Ref
6) Consider the procedures performed on the entity’s budget
controls over summarization of expenditure balances as
discussed in FAM 395 F.
If the auditor has assessed the entity’s controls as effective
in achieving the control objective of summarization of
expenditure balances, further procedures are not
necessary to obtain assurance as to whether interest
penalties are paid out of the proper appropriation account.
If the auditor has assessed the controls as ineffective, the
auditor should perform procedures to determine if the
entity has properly summarized the expenditure balances
as described in FAM 495 B.
7) If the entity does not appear to be in compliance based on

noncompliance. For any noncompliance noted, the auditor
should
allowed the noncompliance to occur, if not previously
identified during compliance control testing;
controls and consider modification of the opinion on
internal control as appropriate (see FAM 580.32-.61);
(see FAM 580.67-.75).
8) Document conclusions on compliance with each provision


Compliance
Note 1: The required due date is generally the date specified in the contract or, if a date
is not specified, 30 days after receipt of the invoice (31 U.S.C. 3903(a) (1) (A)
and (B)) If payment is for meat or meat food products, perishable agricultural
products, dairy products or construction contracts, consult with OGC to
determine payment due date. Specific payment due dates to avoid interest
penalties are established by law for these items. (31 U.S.C. 3903(a) (2), (3), (4),
and (6))
The invoice receipt date is established as the later of (1) the date the entity’s
designated representative or office actually receives a proper invoice or (2) the
7th day after the date on which, in accordance with the terms and conditions of
the contract, the property is actually delivered or performance of the services is
actually completed, unless the entity accepted the property or services before
the 7th day or a longer acceptance date is specified in the contract. If the date
of actual invoice receipt is not indicated, the entity must use the invoice date.
(31 U.S.C. 3901(a) (4) (A) and (B))
Note 2: Interest shall be calculated at the rate set by the Secretary of the Treasury
under section 12 of the Contract Disputes Act of 1978 (41 U.S.C. 611) that is in
effect at the time the entity accrues the obligation to pay a late payment
interest penalty. The rates are published in the Federal Register. (31 U.S.C.
3902(a))
Note 3: The interest penalty shall be paid for the period beginning on the day after the
required payment date and ending on the date on which payment is made. (31
U.S.C. 3902(b)) An interest penalty not paid after any 30-day period shall be
added to the principal amount of the debt, and a penalty accrues thereafter on
the combined amount of principal and interest. (31 U.S.C. 3902(e))
Note 4: A payment is deemed to be made on the date a check for payment is dated or an
electronic transfer is made.(31 U.S.C. 3901(a) (5))
Note 5: The temporary unavailability of funds to make a timely payment due for
property or services does not relieve the entity head of the obligation to pay
interest penalties under this law. (31 U.S.C. 3902(d))
compliance control test and/or a substantive test of payments details, the
sample items for the compliance test and/or compliance control test should be
selected using the sampling method used for the substantive test as described
in FAM 430. Otherwise, the auditor should select items using attribute
sampling as discussed in FAM 460.02.
As with all sampling applications, the auditor should consider the completeness
of the test population. For efficiency, the auditor should consider using records
that were tested for validity, accuracy, and completeness (as well as the other
financial statement assertions) in conjunction with substantive tests of the
population.

Compliance
812 - Pay and Allowance System for Civilian Employees, as Provided Primarily in Chapters 51-59 of Title 5, U.S. Code
812 - Pay and Allowance System for Civilian Employees, as Provided Primarily in
Chapters 51-59 of Title 5, U.S. Code
Note: The auditor may complete this compliance summary or prepare equivalent documentation only if provisions of the
Pay and Allowance System for Civilian Employees, as provided primarily in Chapters 51-59 of Title 5, U.S. Code, are
significant as indicated on Form 802 - General Compliance Checklist at FAM 802-8.
Name of entity: ________ Compliance Summary Prepared by: ____

Audit period: ________ Reviewed by: _______

controls? noted?
1. Pay for a specific 1. Employees are [Document the control [Is control [Indicate yes or [Indicate yes or
position should be based paid at activities used by the dependent on no; include no; include
on the appropriate pay appropriate entity to achieve the computer pro- reference to reference to
schedule or pay rate. rates. objective.] cessing?] supporting supporting
documentation.] documentation.]
Ref: 5 U.S.C. 5332, 5343, See Compliance
5376 and 5383 Audit Procedures
FAM 812 step
4(b).

Compliance
Note: The auditor may complete these procedures or prepare equivalent
documentation only if provisions of the Pay and Allowance System for Civilian
Employees, as provided primarily in Chapters 51-59 of Title 5, U.S. Code, are
significant as indicated on Form 802 - General Compliance Checklist at FAM 802-
8. These procedures test compliance with the provisions listed on the Compliance
Summary.
Name of entity:
Audit period:
Reviewed by:
Done Doc
Audit Procedures
by/date Ref
Note: These tests are closely related to procedures

performed for substantive tests of payroll expense
details and multipurpose testing in this situation is
strongly encouraged.
1) Based on the preliminary assessment of compliance

Compliance Summary), select an appropriate
sample of disbursements from the payroll records
throughout the audit period. (The sample size will
vary based on the expected effectiveness of
compliance controls as discussed in FAM 460.02).
Document the sampling approach using the
documentation in FAM 495 E. See note 2 regarding
sampling efficiencies and completeness of the
population.
Sample size
2) For each item selected in 1, note the following

information
• employee name;
• pay period (number and dates);
• amount of gross pay for the period;
• pay rate;
• total hours worked; and
• number of hours worked at regular pay and other
pay (i.e., overtime, premium pay, etc.).

Compliance
Name of entity:
Audit period:
Reviewed by:
Done Doc
Audit Procedures
by/date Ref
3) For each item selected in 1, obtain the employee’s

personnel file and note the following in effect for the
pay period selected
• the employee’s grade and step and
• the employee’s pay rate.
4) For each item selected in 1

a) Calculate the amount of gross pay using the
hours worked and the employee’s pay rate
indicated on the payroll records. Compare the
amount of gross pay calculated by the auditor
to the amount shown on the payroll records for
the selected pay period and obtain explanation
and examine support for any differences.
Note: To convert basic annual amount to a
daily, weekly or biweekly amount, divide the
annual rate by 2,087 for an hourly rate.
Multiply the hourly rate by number of either
daily hours, 40 for weekly, or 80 for biweekly
amounts. (5 U.S.C. 5504)
b) Compare the employee’s pay rate in the payroll

records to the appropriate pay rate for the
employee’s approved grade and step on the
pay schedules established by executive order.
(Use the approved grade and step indicated in
the employee’s personnel records for this test.)
Obtain explanation and examine support for
any differences between the actual pay rate for
the period selected and the authorized
amounts. (5 U.S.C. 5332, 5343, and 5383)
If the employee’s pay is not set by these pay
schedules, determine whether the amount paid
is properly authorized.

Compliance
Name of entity:
Audit period:
Reviewed by:
Done Doc
Audit Procedures
by/date Ref
5) If the entity does not appear to be in compliance

based on the results of tests performed, the auditor
should discuss these matters with OGC and, when
appropriate, the Special Investigator Unit to
conclude if noncompliance actually has occurred
and the implications of such noncompliance.
• identify the weakness in compliance controls

that allowed the noncompliance to occur, if not
previously identified during compliance control
testing;

controls and consider modification of the
opinion on internal control as appropriate (see
FAM 580.32-.61);

• report instances of noncompliance, as

appropriate (see FAM 580.67-.75).
6) Document conclusions on compliance with each


Compliance
Note 1: To convert basic annual amount to a daily, weekly, or biweekly amount,

divide the annual rate by 2,087 for an hourly rate. Multiply the hourly
rate by number of either daily hours, or 40 hours for weekly, or 80 hours
for biweekly amounts. (5 U.S.C. 5504)
compliance control test and a substantive test of payroll expense details,
the sample items for the compliance test and/or compliance control test
should be selected using the sampling method used for the substantive
test. Otherwise, the auditor should select items using attribute sampling,
as discussed in FAM 460.02.
As with all sampling applications, the auditor should consider the

completeness of the population. For efficiency, the auditor should
consider using records that were tested for validity and completeness (as
well as the other financial statement assertions) in conjunction with
substantive tests of payroll or other payroll related compliance tests.
Note 3: If the entity outsources payroll processing, the entity remains

responsible for compliance. Dividing responsibility for payroll
processing activities between the entity and the service organization
could make payroll testing more complicated, although the auditor
should perform the same testing. The auditor may accomplish this
testing with the assistance of the service organization’s auditor, who may
issue an internal control report on the service organization under AU 324
(SAS 70). Another approach may be for the service organization’s auditor
to assist the entity’s auditor by performing agreed-upon procedures at
the service organization (e.g., substantive testing) under AT 201 (see
FAM 660).

Compliance

Compliance
813 - Civil Service Retirement Act, 5 U.S.C. Chapter 83

Note: The auditor may complete this compliance summary or prepare equivalent documentation only if provisions of the Civil Service
Retirement Act are significant as indicated on Form 802 - General Compliance Checklist at FAM 802-9.
Name of entity: ________ Compliance Summary Prepared by: ________

Audit period: ________ Reviewed by: ________

controls? noted?
1. For each employee employed prior 1. The appropriate amount is [Document the control [Is control [Indicate [Indicate yes or no;
to January 1, 1984, the entity shall withheld from employee’s activities used by the dependent yes or no; include reference to
withhold a percent of the basic pay. (See notes 1 and 2.) entity to achieve the on computer include supporting
pay of the employee. (See notes 1 objective.] processing?] reference to documentation.]
and 2.) supporting
documenta- See Compliance
Type: Transaction-based tion.] Audit Procedures
Ref: 5 U.S.C. 8334(a)(1) FAM 813 step 4(b).
2. An amount equal to the amount 2. The entity contribution for See Compliance
withheld from the employee’s pay employee retirement is Audit Procedures
shall be contributed by the entity calculated properly, FAM 813 steps 4(c)
from the appropriation or fund summarized properly, and and 5.
used to pay the employee. charged to the proper
appropriation account or
Type: Transaction-based and fund.
Quantitative-based
Ref: U.S.C. 5 U.S.C. 8334(a)(1)

Compliance
Name of entity: ________ Compliance Summary Prepared by: ________

Audit period: ________ Reviewed by: ________

controls? noted?
3. Amounts withheld from employees and the 3. Withholdings from See Compliance
sum contributed by the entity for employees and entity Audit
retirement benefits shall be deposited in contributions for Procedures
the Treasury to the credit of the Civil retirement benefits are FAM 813 steps 6
Service Retirement and Disability Fund. properly summarized and and 7.
deposited in the Treasury
Type: Procedural-based and Quantitative to the credit of the Civil
based Service Retirement and
Ref: 5 U.S.C. 8334(a)(2) Disability Fund.

Compliance
Note: The auditor may complete these procedures or prepare equivalent documentation
only if provisions of the Civil Service Retirement Act are significant as indicated on Form
802 - General Compliance Checklist an FAM 802-9. These procedures test compliance
with the provisions listed on the Compliance Summary.
Name of entity: _________________________

Audit period: _________________________
Reviewed by: _________________________
Audit Procedures Done Doc Ref

by/date

Compliance Summary), select a sample of expense
amounts for individuals’ gross pay from the payroll
disbursement records for the audit period for
employees covered by the Civil Service Retirement Act
system (CSRS). (See note 1.)
(The sample size will vary based on the expected
effectiveness of compliance controls, as discussed in
FAM 460.02). Document the sampling approach using
the documentation in FAM 495 E. See note 3 regarding
sampling efficiencies and completeness of the
population.
These tests should be coordinated with other tests of

payroll-related expenses and with the agreed-upon
procedures agency auditors perform for the Office of
Personnel Management (OPM), per OMB audit
guidance, if performed.
Sample size

Compliance
Name of entity: _________________________

Audit period: _________________________
Reviewed by: _________________________

by/date
2. For each selection made in 1, document the following

for the pay period selected
• the amount withheld for the cost of retirement
benefits;
• the amount of basic pay; and
• if indicated in the payroll disbursement records,
document the retirement plan under which the
withholdings were made (CSRS or FERS). (Only
employees covered by CSRS should be included in
this compliance test. See FAM 817 for the FERS
compliance test.)
3. For each item selected in 1, obtain the employee’s

personnel file and note the following:
• employee hire date,
• amount of basic pay, and
• the retirement plan under which the employee is
covered.
4. For each selection made in 1

(a) Compare the amount of basic pay indicated in the
employee’s personnel file with the amount
indicated in the payroll records and obtain an
explanation and examine support for any
differences. (This procedure would be performed
only if not already performed with other testing.)
(b) Calculate the amount of the withholdings for
retirement costs based on 7 percent of basic pay
for most executive branch employees (see note 2
for percentages for other employees) for the
selected pay period and document the amount in
the documentation. Compare to the actual amount
withheld for the selected pay period and obtain an
differences. (5 U.S.C. 8334(a)(1))

Compliance
Name of entity: _________________________

Audit period: _________________________
Reviewed by: _________________________

by/date
(c) Determine whether the entity contributed an equal

amount for the employee’s retirement for the
selected pay period. Obtain explanation and
examine support for any differences between the
employee and entity contributions. (5 U.S.C.
8334(a)(1))
5. Determine whether amounts contributed by the entity

are charged to the appropriation or fund used to pay
the employee for the selected pay period by performing
the following procedures:
(a) Review the accounting codes indicated on the
(b) Determine whether the accounting codes used to
record the entity contribution are the same as
those used for the related payroll expenditure and
whether the codes and amounts agree with those
recorded in the budgetary accounting records.
(This step assumes other payroll testing would
have included checking that the codes represent
the proper appropriation.)
(c) Consider the procedures performed on the entity’s
budget controls over summarization of
expenditure balances as discussed in FAM 395 F.
If the auditor has assessed the entity’s controls as
effective in achieving the control objective of
summarization of expenditure balances, further
procedures are not necessary to obtain assurance
as to whether the entity’s contributions are paid
out of the proper appropriation account.
If the auditor has assessed the controls as
ineffective, the auditor should perform procedures
to determine whether the entity has properly
summarized the expenditure balances as described
in FAM 495 B. (5 U.S.C. 8334 (a)(1))

Compliance
Name of entity: _________________________

Audit period: _________________________
Reviewed by: _________________________

by/date
6. Determine whether the entity has effective internal

controls over the proper summarization of (a) the
amounts withheld from employees for retirement costs
under the law, and (b) the entity contributions for
remittance to Treasury. If the entity does not have
effective controls for summarization, test the
summarization of the totals that include the items
selected for testing in step 1.
7. Compare the combined totals of employee

withholdings and entity contributions that include each
selection made in step 1 to the deposit made to
Treasury and the remittance sent to OPM and obtain an
explanation and examine support for any differences.
The funds should be deposited in the Treasury to the
credit of the Civil Service Retirement and Disability
Fund. (5 U.S.C. 8334(a)(2))
8. If the entity does not appear to be in compliance based

on the results of tests performed, the auditor should
discuss these matters with OGC and, when appropriate,
the Special Investigator Unit to conclude if
noncompliance actually has occurred and the
implications of such noncompliance. For any
noncompliance noted, the auditor should
allowed the noncompliance to occur, if not
testing;
controls and consider modification of the opinion
.61);
(see FAM 580.67-.75).

Compliance
Name of entity: _________________________

Audit period: _________________________
Reviewed by: _________________________

by/date

Note 1: Employees employed before January 1, 1984, are generally covered by the Civil
Service Retirement Act (CSRS) and on and after that date by the Federal
Employees’ Retirement System Act (FERS) , although some CSRS employees
may have opted for coverage under FERS.
Note 2: The percentage to be withheld for the service period after December 31, 2000,
for (1) most executive branch employees is 7 percent; (2) Congressional
employees, firefighters, and law enforcement personnel is 7.5 percent; and
(3) Members of Congress is 8 percent. (5 U.S.C. 8334(a)(1))
compliance control test and a substantive test of payroll expense details, the
selected by the auditor using the sampling method used for the substantive test.
Otherwise, the auditor should select items using attribute sampling, as
discussed in FAM 460.02.
of the population. For efficiency, the auditor should consider using records that
were tested for validity and completeness (as well as the other financial
statement assertions) in conjunction with substantive tests of payroll or other
payroll related compliance tests.
Note 4: If the entity outsources payroll processing, the entity remains responsible for
compliance. Dividing responsibility for payroll processing activities between
the entity and the service organization could make payroll testing more
complicated, although the auditor should perform the same testing. The auditor
may accomplish this testing with the assistance of the service organization’s
auditor, who may issue an internal control report on the service organization
under AU 324 (SAS 70). Another approach may be for the service organization’s
auditor to assist the entity’s auditor by performing agreed-upon procedures at
the service organization (e.g., substantive testing) under AT 201 (see FAM 660).

Compliance

Compliance
814 - Federal Employees Health Benefits Act, 5 U.S.C. Chapter 89

Note: The auditor may complete this compliance summary or prepare equivalent documentation only if provisions of the Federal
Employees Health Benefits Act are significant as indicated on Form 802 - General Compliance Checklist at FAM 802-9.
Name of entity: _____ Compliance Summary Prepared by: ________

Audit period: _____ Reviewed by: ________

controls? noted?
1. For each full-time 1. The amount of [Document the [Is control [Indicate yes or [Indicate yes or
employee enrolled in a the entity control activities dependent no; include no; include
health benefits plan, a contribution used by the entity on computer reference to reference to
biweekly contribution for health to achieve the processing?] supporting supporting
shall be made by the insurance objective.] documentation.] documentation.]
entity in an amount benefits is
determined by OPM for calculated See Compliance
each type of insurance properly for Audit Procedures
plan. (See note 1 for part- employees who FAM 814 step
time career employees.) elect to enroll 4(b).
in a health
benefits plan.
Ref: 5 U.S.C. 8906(b)(1)

Compliance


controls? noted?
2. For employees generally, 2. Entity See Compliance
the entity contribution contributions Audit Procedures
for the cost of health for the cost of FAM 814 step
insurance shall be paid employee 4(c).
from the appropriation or health
fund that is used to pay insurance are
the employee. summarized
properly and
Type: Transaction-based charged to the
and Quantitative- proper
based appropriation
Ref: 5 U.S.C. 8906(f) account or
fund.

Compliance


controls? noted?
3. An amount shall be 3. Withholdings See Compliance
withheld from the are made for Audit Procedures
employee’s pay to cover the employee’s FAM 814 step
the total cost of share of the 4(a).
enrollment in the health cost of health
benefit plan selected by insurance and
the employee after the are calculated
amount of the entity properly.
contribution is
subtracted.
Ref: 5 U.S.C. 8906(d)

Compliance


controls? noted?
4. Amounts withheld from 4. Withholdings See Compliance
employees and the sum from Audit Procedures
contributed by the entity employees and FAM 814 steps 5
for health insurance entity and 6.
costs shall be deposited contributions
in the Treasury to the for health
credit of the Employees insurance costs
Health Benefits Fund. are properly
summarized
Type: Procedural-based and deposited
and Quantitative- in the Treasury
based to the credit of
Ref: 5 U.S.C. 8909 the Employees
Health Benefits
Fund.

Compliance
only if provisions of the Federal Employees Health Benefits Act are significant as
indicated on Form 802 - General Compliance Checklist on FAM 802-9. These procedures
test compliance with the provisions listed on the Compliance Summary.
Name of entity: _________________________

Audit period: _________________________
Reviewed by: _________________________

by/date

disbursement records for the audit period.
effectiveness of compliance controls, as discussed in
the documentation in FAM 495 E. See note 2
regarding sampling efficiencies and completeness of
the population.
The auditor should coordinate these tests with other

tests of payroll-related expenses and with the agreed-
upon procedures agency auditors perform for OPM,
per OMB audit guidance, if performed.
Sample size
2. For each selection made in step 1, document the

employee, the pay period selected, and the amount
withheld for the pay period selected, if any, for the
cost of health insurance. If available, document the
health plan enrollment code.

Compliance
Name of entity: _________________________

Audit period: _________________________
Reviewed by: _________________________

by/date
3. For each selection made in step 1, obtain the

employee’s personnel file and note whether the
employee elected health insurance coverage for the
period to which payroll disbursement relates. Such
coverage should be indicated on OPM form SF 2809.
If the employee did not elect health insurance
coverage, ask why amounts are being withheld for the
cost of insurance and determine whether any entity
contributions are being made inappropriately as well.
4. If the employee identified in step 3 elected coverage,

perform the following steps:
(a) Obtain the schedule of health insurance costs
for all plans published by OPM. Using the
enrollment code for the plan selected by the
employee on OPM form SF 2809, calculate the
employee’s portion of the health insurance cost
and record it in the documentation. Compare it
to the amount actually withheld for the selected
pay period and obtain an explanation and
examine support for any differences. (5 U.S.C.
8906(d))
(b) For each employee in (a), determine the

appropriate amount of the entity’s contribution
for its share of health insurance costs by using
the OPM schedule of costs. Compare it to the
amount actually contributed by the entity for
the employee’s health insurance for the
selected pay period and obtain an explanation
and examine support for any differences. (See
note 1 for part-time career employees.) (5
U.S.C. 8906(b)(1))

Compliance
Name of entity: _________________________

Audit period: _________________________
Reviewed by: _________________________

by/date
(c) For each employee in (b), determine if amounts

contributed by the entity are charged to the
appropriation or fund that is used to pay the
employee for the selected pay period by
performing the following procedures:
(1) Review the accounting codes indicated
on the supporting documentation.
(2) Determine whether the accounting codes
used to record the entity contribution are
the same as those used for the related
payroll expenditure and whether the
codes and amounts agree with those
recorded in the budgetary accounting
records. (This step assumes other payroll
testing would have included checking
that the codes represent the proper
appropriation.)
(3) Consider the procedures performed on

the entity’s budget controls over
summarization of expenditure balances
as discussed in FAM 395 F.
If the auditor has assessed the entity’s
controls as effective in achieving the
control objective of summarization of
expenditure balances, further procedures
are not necessary to obtain assurance as
to whether the entity’s contributions are
paid out of the proper appropriation
account.
ineffective, the auditor should perform
procedures to determine whether the
entity has properly summarized the
expenditure balances as described in
FAM 495 B. (5 U.S.C. 8906(f))

Compliance
Name of entity: _________________________

Audit period: _________________________
Reviewed by: _________________________

by/date
5. Determine whether the entity has effective controls

over the proper summarization of the amounts
withheld from employees for health insurance costs
under this law and the entity contributions for
remittance to Treasury. If the entity does not have
effective controls for summarization, test the
summarization of the totals that include the items
selected for testing in step 1.
6. Compare the total cost of health insurance on the

entity’s records (employee and employer portions)
for the selected pay period to the deposit made to
Treasury and the documentation sent to OPM and
obtain an explanation and examine support for any
differences. The funds should be deposited in the
Treasury to the credit of the Employees Health
Benefits Fund. (5 U.S.C. 8909)
7. If the entity does not appear to be in compliance

based on the results of tests performed, the auditor
should discuss these matters with OGC and, when
appropriate, the Special Investigator Unit to conclude
if noncompliance actually has occurred and the
testing;
on internal control as appropriate (see FAM
580.32-.61);
• report instances of noncompliance, as
appropriate (see FAM 580.67-.75).

Compliance
Name of entity: _________________________

Audit period: _________________________
Reviewed by: _________________________

by/date

Note 1: For part-time career employees, the biweekly entity contribution shall be
calculated on a prorata basis based on the ratio of number of scheduled part-
time hours to the number of scheduled regular hours for an employee serving in
a comparable position on a full-time basis. (5 U.S.C. 8906(b) (3))
selected using the sampling method used for the substantive test. Otherwise,
the auditor should select items using attribute sampling, as discussed in FAM
460.02.
that were tested for validity and completeness (as well as the other financial
complicated, although the auditor should perform the same testing. The auditor
may accomplish this testing with the assistance of the service organization’s
auditor, who may issue an internal control report on the service organization
under AU 324 (SAS 70). Another approach may be for the service organization’s
auditor to assist the entity’s auditor by performing agreed-upon procedures at
the service organization (e.g., substantive testing) under AT 201 (see FAM 660).

Compliance

Compliance
816 - Federal Employees' Compensation Act (FECA), 5 U.S.C. Chapter 81

Employees’ Compensation Act are significant as indicated on Form 802 - General Compliance Checklist at FAM 802-10.
Name of entity: ______ Compliance Summary Prepared by: ______

Audit period: ______ Reviewed by: ______

controls? noted?
1. If the agency receives a 1. The entity’s budget [Document the [Is control [Indicate [Indicate yes or
statement showing the costs request includes a control activities dependent yes or no; no; include
of amounts paid from the request for an used by the entity on computer include reference to
Employees’ Compensation appropriation for to achieve the processing?] reference to supporting
Fund (the Fund), the agency any amounts paid objective.] supporting documentation.]
shall include a request for an by the Fund on the documenta-
appropriation to cover such entity's behalf for tion.] See Compliance
amounts during the next the prior fiscal year. Audit
fiscal year when submitting Procedures
its budget request. FAM 816 step 1.
(See note 1.)
Ref: 5 U.S.C. 8147

Compliance
Name of entity: ______ Compliance Summary Prepared by: ______

Audit period: ______ Reviewed by: ______

controls? noted?
2. Amounts appropriated 2. Appropriations See Compliance
pursuant to the request received for the Audit
(described in 1 above) shall costs of amounts Procedures
be credited to the Fund paid out of the FAM 816 step 1.
within 30 days after they are Fund on behalf of
available. (See note 2 for the entity are
entities that are not credited to the
dependent on annual Fund within 30 days
appropriations.) after they are
available.
Ref: 5 U.S.C. 8147

Compliance
only if provisions of the Federal Employees’ Compensation Act are significant as
indicated on Form 802 - General Compliance Checklist at FAM 802-10. These procedures
test compliance with the provisions listed on the Compliance Summary for this law.
Name of entity: _________________________

Audit period: _________________________
Reviewed by: _________________________

by/date
Note: The provisions identified for testing are procedural-

based provisions. As discussed in FAM 460.06,
sufficient procedures usually are performed by the
auditor in conjunction with tests of compliance
controls for these procedural-based provisions to
conclude on the entity's compliance without
performing additional procedures.
The auditor should not perform additional

procedures to obtain evidence regarding compliance
with the provisions related to the following
objectives unless sufficient evidence regarding
compliance was not obtained during compliance
control tests documented on Form 816 - Compliance
Summary.
1. Reference to conclusions on compliance controls on

Form 816 - Compliance Summary and indicate whether
any additional procedures are necessary.

Compliance
Name of entity: _________________________

Audit period: _________________________
Reviewed by: _________________________

by/date
2. If the entity does not appear to be in compliance based

discuss these matters with OGC and, when
appropriate, the Special Investigator Unit to conclude
if noncompliance actually has occurred and the
testing;
.61);
(see FAM 580.67-.75).

Note 1: A statement showing the total cost of benefits and other payments made from
the Employees’ Compensation Fund during the preceding July 1 through June
30 expense period on account of the injury or death of employees or
individuals under the jurisdiction of the entity is required to be provided by the
Secretary of Labor to the entity by August 15 of each year. (5 U.S.C. 8147)
Note 2: Entities not dependent on an annual appropriation shall make the required
deposit to Treasury from funds under its control during the first 15 days of
October after receipt of the statement showing the costs paid on the entity's
behalf. (5 U.S.C. 8147)

Compliance
817 – Federal Employees’ Retirement System Act of 1986 (FERS), 5 U.S.C. Chapter 84
Employees’ Retirement System Act of 1986 are significant as indicated on Form 802 - General Compliance Checklist at FAM 802-
10.


controls? noted?
1. For each employee employed after 1. The appropriate [Document the control [Is control [Indicate yes [Indicate yes or
December 31, 1983, the entity shall amount is withheld techniques used by the dependent on or no; include no; include
withhold 0.8% of the basic pay of the from employee's pay. entity to achieve the computer reference to reference to
employee. (See notes 1 and 2.) (See notes 1 and 2.) objective.] processing?] supporting supporting
documents.] documents.]
Ref: 5 U.S.C. 8401(11), 5 U.S.C. See Compliance
8422(a)(1) Audit Procedures
FAM 817 step
4(b).
2. An amount equal to the employing 2. The entity contribution See Compliance

agency's applicable normal cost for employee Audit Procedures
percentage less the employee retirement is FAM 817 steps
deduction rate shall be contributed calculated properly, 4(c) and 5.
by the entity from the appropriation summarized properly,
or fund used to pay the employee. and charged to proper
(See note 3.) appropriation account
or fund. (See note 3.)
Type: Transaction-based and
Quantitative-based
Ref: 5 U.S.C. 8423(a)(1) and 5
U.S.C. 8401(23)

Compliance


controls? noted?
3. Amounts withheld from employees 3. Withholdings from See Compliance

and the sum contributed by the employees and entity Audit Procedures
entity for retirement benefits shall contributions for FAM 817 steps 6
be deposited in the Treasury to the retirement benefits are and 7.
credit of the Civil Service Retirement properly summarized
and Disability Fund. and deposited in the
Treasury to the credit
Type: Procedural-based and of the Civil Service
Quantitative based Retirement and
Ref: 5 U.S.C. 8422(c) Disability Fund.

Compliance
only if provisions of the Federal Employees’ Retirement System Act of 1986 are
significant as indicated on Form 802 - General Compliance Checklist at FAM 802-10.
These procedures are designed to test compliance with the provisions listed on the
Compliance Summary.
Name of entity: ________________

Audit period: ________________
Reviewed by: ________________
Audit Procedures Done DOC Ref

by/date

disbursement records for the audit period for
employees covered by the Federal Employees’
Retirement System (FERS). (See note 1.)
effectiveness of compliance controls as discussed in
the documentation in FAM 495 E. See note 4 regarding
sampling efficiencies and completeness of the sample
population.
The auditor should coordinate these tests with other

tests of payroll-related expenses and with the agreed-
upon procedures agency auditors perform for OPM, per
OMB audit guidance, if performed.
Sample size

Compliance
Name of entity: ________________

Audit period: ________________
Reviewed by: ________________

by/date
2. For each selection made in 1, document the following

for the pay period selected
• the amount withheld for the cost of retirement
benefits,
• the amount of basic pay, and
• if indicated in the payroll disbursement records,
document the retirement plan under which the
withholdings were made (CSRS or FERS). (Only
employees covered by FERS should be included in
this compliance test. See FAM 813 for the CSRS
compliance test.)
3. For each item selected in 1, obtain the employee's
personnel file and note the
• employee hire date,
• amount of basic pay, and
• the retirement plan under which the employee is
covered.
4. For each selection made in 1
(a) Compare the amount of basic pay indicated in the
employee’s personnel file with the amount
indicated in the payroll records and obtain an
differences. (This procedure would be performed
only if not already performed as part of other
testing.)
(b) Calculate the amount of the withholdings for

retirement costs based on 0.8% of basic pay for
most employees (see note 2 for percentages for
certain employees) for the selected pay period and
record the amount in the documentation.
Compare to the actual amount withheld for the
selected pay period and obtain an explanation and
examine support for any differences. (5 U.S.C.
8422(a)(1))

Compliance
Name of entity: ________________

Audit period: ________________
Reviewed by: ________________

by/date
(c) Determine whether the entity contributed the

correct amount for the employee’s retirement for
the selected pay period. Obtain an explanation
and examine support for any differences between
the entity contributions and the amount
calculated using OPM’s normal cost percentage.
(5 U.S.C. 8423(a)(1) and 5 U.S.C. 8401(23))
5. To determine if amounts contributed by the entity are

charged to the appropriation or fund used to pay the
employee for the selected pay period:
(a) Review the accounting codes indicated on the
(b) Determine whether the accounting codes used to
record the entity contribution are the same as
those used for the related payroll expenditure and
whether the codes and amounts agree to those
recorded in the budgetary accounting records.
(This step assumes other payroll testing would
have included checking that the codes represent
the proper appropriation.)
(c) Consider the procedures performed on the entity’s
budget controls over summarization of
expenditure balances as discussed in FAM 395 F.
If the auditor has assessed the entity’s controls as
effective in achieving the control objective of
summarization of expenditure balances, further
procedures are not necessary to obtain assurance
as to whether the entity’s contributions are paid
out of the proper appropriation account.
ineffective, the auditor should perform procedures
to determine whether the entity has properly
summarized the expenditure balances as described
in FAM 495 B. (5 U.S.C. 8423(a)(1))

Compliance
Name of entity: ________________

Audit period: ________________
Reviewed by: ________________

by/date
6 . Determine whether the entity has effective controls

over the proper summarization of the amounts withheld
from employees for retirement costs under this law and
the entity contributions for remittance to Treasury. If
the entity does not have effective controls for
summarization, test the summarization of the totals that
include the items selected for testing in step 1.
7. Compare the combined totals of employee withholdings

and entity contributions that include each selection
made in step 1 to the deposit made to Treasury and the
remittance sent to OPM and obtain explanation and
examine support for any differences. The funds should
be deposited in the Treasury to the credit of the Civil
Service Retirement and Disability Fund. (5 U.S.C.
8422(c) and 5 U.S.C. 8401(6))
8 . If the entity does not appear to be in compliance based

discuss these matters with OGC and, when appropriate,
the Special Investigator Unit to conclude if
noncompliance actually has occurred and the
testing;
controls and consider modification of the conclusion
.61);
(see FAM 580.67-.75).

Compliance
Name of entity: ________________

Audit period: ________________
Reviewed by: ________________

by/date

Note 1: Employees may be covered by the Civil Service Retirement Act (CSRS) or the
Federal Employees’ Retirement System Act (FERS), generally depending on
their employment dates. Generally, employees hired after January 1, 1984 are in
FERS.
Note 2: For most employees, the percentage to be withheld is 0.8 percent (7 percent
less the Social Security tax rate). For congressional employees, Members of
Congress, and law enforcement officers, firefighters, air traffic controllers, and
nuclear materials couriers, the withholding rates are higher. (See 5 U.S.C.
8422(a)(1).).
Note 3: The Office of Personnel Management (OPM) computes the normal cost
percentage. For example: for FY 2008 it is 11.2 percent for regular employees.
OPM lists the percentages in its Benefits Administration Letters, accessible on
its Internet site, http://www.opm.gov/asd/htm/bal06.htm (where the 2 digits
after "bal" represent the calendar year of the letters). (5 U.S.C. 8401(23))
selected using the sampling method used for the substantive test. Otherwise,
the auditor should select items using attribute sampling, as discussed in FAM
460.02.
that were tested for validity and completeness (as well as the other financial
complicated, although the same testing should be performed. The auditor may

Compliance
accomplish that testing with the assistance of the service organization's auditor,
who may issue an internal control report on the service organization under AU
324 (SAS 70). Another approach may be for the service organization's auditor to
assist the entity’s auditor by performing agreed-upon procedures at the service
organization (e.g., substantive testing) under AT 201 (see FAM 660).

SECTION 900
Substantive Testing
900 – Substantive Testing

Substantive Procedures
902- Related Parties, Including Intragovernmental Activity and Balances
902 - Related Parties, Including Intragovernmental Activity

and Balances
.01 This section provides guidance on the procedures that the auditor should
perform with respect to related parties, as described in FAM 280 and FAM
550. Additionally, in determining whether related party activities are
properly accounted for and disclosed in the financial statements, the
auditor should consult AU 334, which provides general guidance on related
parties relationships and transactions. Further, the American Institute of
Certified Public Accountants (AICPA) has issued a toolkit for accountants
and auditors titled Accounting and Auditing for Related Parties and
Related Party Transactions.1 This toolkit includes selected authoritative
accounting and auditing literature, an illustrative audit program, disclosure
checklist, confirmation letter, and letter to other auditors and is available
at the AICPA’s website at http://www.aicpa.org.
.02 The U.S. government in its entirety is an economic entity and federal
entities are components of the U.S. government. Therefore, transactions
between federal entities are considered intragovernmental (Note: Federal
Accounting Standards Board’s (FASAB) Statements of Financial
Accounting Standards (SFFAS) refers broadly to the cost of goods and
services between federal entities as “inter-entity” costs). Within the U.S.
government, many reporting entities rely on other federal entities to help
them achieve their missions and fulfill their operating objectives. These
arrangements may be voluntary, stipulated by law, or established by
mutual agreement of the entities involved and may not be carried out on an
arm’s-length basis.
In many cases, the entity receiving goods or services reimburses the
providing entity in accordance with an agreed-upon price, which may or
may not represent fair value. However, frequently one entity provides
goods or services to another entity free of charge (without reimbursement)
and the cost of such activity is paid by appropriated funds of the providing
entity. For example, the General Services Administration (GSA) routinely
provides property management services and contract award and
administration to other entities without charge.
.03 In addition, certain federal entities can significantly influence the operating
policies of the transacting entities. For example, the Office of Management
and Budget (OMB) provides budget, policy and/or general management
guidance to other federal entities. The Office of Personnel Management
(OPM) helps federal civilian entities recruit nationwide; sets human
resources management rules with the federal entities’ involvement;
administers systems for setting federal compensation and benefits;
manages federal employee health and life insurance programs; and
operates retirement programs for federal employees.
1
These tools are based on the best practices guidance received from the participating accounting and
auditing firms and the AICPA publication, Practice Alert No. 95-3, Auditing Related Parties and Related
Party Transactions.

.04 In the U.S. government, the most significant related parties are other
governmental entities. Other possible related parties outside of the federal
government include states, members of entity’s management, and
individuals and companies with which members of management may be
related. State and local governments are technically not related parties,
since under the constitution they have powers independent of the federal
government. However, the procedures for related parties may also be
useful for state and local governments.
.05 The auditor should make inquiries about the possible existence of related
parties with material activity and balances that could affect the financial
statements, including intragovernmental activity and balances. The auditor
should also inquire about the possible existence of related parties involving
members of management that may be a sensitive conflict-of-interest issue
involving potential misuse of government assets.
The identification of related parties and activity and balances is important
because (1) U.S. GAAP requires disclosure of material related-party
transactions and certain control relationships, (2) fraudulent financial
reporting and misappropriation of assets have been facilitated by the use of
undisclosed related parties, and (3) distorted or misleading financial
statements may result in the absence of adequate disclosure.
.06 Financial statement users need related party information to make informed
judgments. If parties are related, the transactions between them may not be
based on an arm’s-length relationship. For example, certain goods or
services may be donated or be at an amount that does not represent fair
value, thus affecting the cost of the receiving entity’s operations. In
addition, an entity may have transactions with another entity based on a
common control situation, such as when the entity controls or can
significantly influence the management or operating policies of the
transacting entity. In these cases, the financial statements need to disclose
the nature of the relationship since this control relationship could result in
operating results or financial positions significantly different from those
that would have been achieved in the absence of such relationship.
.07 Disclosures include the nature of the relationship between the entity and
its related parties, a description of the transactions, including donations,
dollar amounts of transactions that occurred during the period, and
amounts due to or from related parties as of the end of the period.
Disclosures may aggregate similar transactions by type. In cases of
common control relationships, the nature of the control relationship is
disclosed even if there are no transactions between the entities. Related
party transactions between components of the audited entity that are
eliminated in consolidation are not disclosed in the consolidated financial
statements. However, if separate statements of the components are issued,
the disclosures are presented in the separate component statements.
.08 The following sections discuss intragovernmental activity and balances,
and other related parties.

Intragovernmental Activity and Balances

.09 Intragovernmental amounts represent activity and balances within or
between federal entities. Intradepartmental amounts are activity and
balances within the same department (a department here means any
department, agency, administration or other entity designated by OMB as a
financial reporting entity that is not part of a larger financial reporting
entity other than the government as a whole). Interdepartmental amounts
are activity and balances between two different departments. The
intradepartmental and interdepartmental amounts are subsets of
intragovernmental activity and balances.
FASAB uses various terms to define intragovernmental activities. As
discussed in FAM 902.02, SFFAS No. 4 refers to these activities broadly as
inter-entity costs. SFFAS No. 30 refers to intra-departmental inter-entity
costs to describe activities within the same department, while activities
between two different departments are inter-departmental inter-entity
costs. FASAB Interpretation No. 6 uses “department” to refer to any
department, agency or other financial reporting entity that is not part of a
larger reporting entity other than the government as a whole. The
terminology used in FAM 902 is consistent with FASAB usage of the terms
intra-departmental and inter-departmental activities.
.10 Common examples of intragovernmental activities include:
• Goods and services provided from one federal entity to another (trade
transactions), costs incurred, and reimbursable costs (including both
interdepartmental and intradepartmental activity).
• Transfers between entities based on agreements or legislative authority,
expended appropriations, taxes and fees collected, collections for
others, accounts receivable from appropriations, transfers payable, and
custodial revenue (including both interdepartmental and
intradepartmental activity).
• Investments in federal securities issued by Treasury’s Bureau of the
Public Debt, including interest accruals, interest income and expense,
and amortization of premiums and discounts.
• Borrowings from the Treasury and the Federal Financing Bank,
including interest accruals, interest income, and expenses.
•
2
Costs of litigation paid by the Treasury Judgment Fund (including both
interdepartmental and intradepartmental activity).
2
A permanent, indefinite appropriation, commonly known as the Judgment Fund, is available to pay final
judgments, settlement agreements, and certain types of administrative awards against the United States
when payment is not otherwise provided for. The Secretary of the Treasury certifies all payments from the
fund. (See 31 U.S.C. 1304, Judgments, awards, and compromise settlements.) FASAB Interpretation No. 2
clarifies how federal entities report the costs and liabilities arising from claims to be paid by the Judgment
Fund and how the Judgment Fund accounts for the amounts that it is required to pay on behalf of federal
entities.

• Transactions with OPM relating to employee benefit programs such as
Federal Employees’ Retirement System, Civil Service Retirement
System, and federal employees’ life insurance and health benefits
programs, that include routine payments, imputed financing, and
accruals.
• Transactions with the Department of Labor (Labor) relating to the
Federal Employee’s Compensation Act (FECA) that include routine
payments to Labor.
.11 Intradepartmental activities and balances (within the same department)
are eliminated at the department’s consolidated financial statements level.
Interdepartmental activities and balances (between federal entities) are
eliminated at the U.S. government’s consolidated financial statements level.
Accounting and Reporting Guidance
.12 In accounting for and reporting of related parties, including
intragovernmental activity and balances, see FASAB accounting standards,
the Financial Standards Accounting Board (FASB) financial accounting
standards (FAS), OMB reporting guidance contained in OMB Circular No.
A-136, and Treasury accounting and reporting guidance contained in the
Treasury Financial Manual (TFM). FAM 902.14-.20 illustrate these relevant
documents in more detail.
.13 SFFAS No. 4, Managerial Cost Accounting Concepts and Standards, and
related interpretations, address the accounting standards for inter-entity
cost activities. SFFAS No. 5, Accounting for Liabilities of the Federal
Government, addresses inter-entity liabilities, including federal debt,
pensions and retirement benefits. Also, SFFAS No. 7, Accounting for
Revenue and Other Financing Sources and Concepts for Reconciling
Budgetary and Financial Accounting, as amended, addresses inter-entity
revenue and requires disclosure of the nature of intragovernmental
exchange transactions in which an entity provides goods or services at a
price less than full cost or does not charge a price at all.
In accordance with SFFAS No. 4, as amended by SFFAS No. 30, effective
for periods beginning after September 30, 2008, the costs of program
outputs include the costs of services provided by other entities whether or
not the providing entity is fully reimbursed. Additionally, each entity’s full
cost is to incorporate the full cost of goods and services that it receives
from other entities. The entity providing the goods or services has the
responsibility to provide the receiving entity with information on the full
cost of services either through billing or other advice. The reporting
entities are also to consult with the funding and administering agencies,
such as OPM, for information needed to properly record inter-entity costs.
SFFAS No. 4 directs OMB to designate the costs of goods and services

received from other entities that are to be recognized and to issue guidance
identifying these costs.3
.14 FASB FAS No. 57, Related Party Disclosures, defines related parties and
provides examples of related party transactions and general guidance on
disclosures of transactions between related parties in the private sector.
Footnote disclosures include disclosure of the nature of the relationship
between the entity and its related parties, a description of the transactions,
including donations, dollar amounts of transactions that occurred during
the period, and amounts due to or from related parties as of the end of the
period.
.15 OMB Circular No. A-136, Financial Reporting Requirements, states that
federal entities are to
• report intragovernmental assets separately from transactions with non-
Federal entities (entities outside the federal government) on the
balance sheet; disclose intragovernmental assets separately from other
non-entity assets; identify intragovernmental liabilities covered by
budgetary resources and those not covered by budgetary resources
(such as accrued annual leave); and separately report
intragovernmental liabilities,
• disclose intragovernmental costs and revenue transactions separately
from those made with the public and describe the criteria used for the
cost/revenue classification. Disclosure is to include an explanation that
makes it clear to the reader that the intragovernmental expenses relate
to the source of goods and services purchased by the reporting entity
and not to the classification of related revenue, and
• reconcile intragovernmental balances and transactions at least
quarterly and submit intragovernmental balance information as a note
disclosure in the special purpose financial statements.
OMB also has issued a memorandum titled Business Rules for
Intragovernmental Transactions that requires agencies to use this A-136
methodology in accounting for certain intragovernmental transactions,
which should help in reconciliation.
.16 To emphasize entity management’s responsibility for identifying
intragovernmental transactions and balances and reconciling data with
other entities, specific representations are included in the management
representation letter for intragovernmental activity. These representations
include intradepartmental eliminations, proper accounting and disclosure
3
In accordance with OMB Circular No. A-136, examples of unreimbursed costs that reporting entities are
required to recognize include (but are not limited to): (1) employees’ pension, post-retirement health and
life insurance benefits, (2) other post-employment benefits for retired, terminated, and inactive employees,
which includes unemployment and workers compensation under the Federal Employees’ Compensation
Act (5 U.S.C. Ch. 81), and (3) losses in litigation proceedings (see FASAB Interpretation No. 2, Accounting
for Treasury Judgment Fund Transactions). In the case of employee benefits, the imputed amount is the
difference between employer/employee contributions and the total cost of the benefit.

of transactions, and reconciliation (or inability to reconcile) with entities
providing the goods or services (see FAM 1001). If such disclosure is
included in the financial statements and the auditor believes that the
disclosure is either not supported by management, or if management
refuses to disclose related party transactions, the auditor generally should
express a qualified or adverse opinion because of the inadequate
disclosure, depending on materiality, and include the necessary disclosures
in a separate paragraph of the audit report.
.17 TFM section “Federal Intragovernmental Transactions Process” and
Treasury’s Federal Intragovernmental Transactions Accounting Policies
Guide (Treasury Guide) provides governmentwide procedures for federal
entities to account for and reconcile transactions occurring within and
between each other. The procedures in this guidance does not apply to
transactions between federal entities and nonfederal entities. Further
information is available at the Treasury/Financial Management Service’s
(FMS) web site at http://www.fms.treas.gov.
.18 The TFM also includes procedures for CFO Act departments to reconcile
and confirm intragovernmental activity and balances as of and for the fiscal
year ended September 30. Each department’s CFO is to provide the
department’s Inspector General (IG) with representations indicating
whether the department completed the reconciliation. In addition, the
department is to describe noncompliance with the reconciliation
requirements. The auditor should include this representation in the
management representation letter (see FAM 1001).
.19 The Treasury Guide provides detailed information on accounting and
reconciling intragovernmental balances. According to the guide, entities
are to identify trading partners4 for all intragovernmental transactions and
accumulate detail and summary information for each activity by trading
partner from their accounting records. The trading partner code may be
incorporated (1) as part of account coding classification, or (2) in the
customer/vendor identification code in accounts receivable and payable
systems. These codes are the same as the Treasury index agency code used
by the Treasury to prepare the governmentwide consolidated financial
statements. If the two-digit Treasury index agency code is not adequate to
identify the trading partner, entities may expand the partner code to
components below the department level and communicate these codes to
their trading partners.
.20 The Treasury Guide also indicates that federal entities are to use the
Standard General Ledger (SGL) account attributes to indicate the nature
of account balances and to identify intragovernmental transactions. For
example, the federal “F” and nonfederal “N” attributes used in conjunction
with an SGL account in the Federal Agencies’ Centralized Trial Balance
System (FACTS) I submissions enable Treasury/FMS to prepare
4
Trading partners are federal agencies, bureaus, programs or other entities (within or between entities)
participating in transactions with each other as related parties.

elimination entries for the governmentwide financial statements. When the
federal attribute “F” is used with an SGL account, a trading partner is to be
designated for each transaction posted to the account.
Continuing Issues from Prior Year Audits
.21 Prior year audits of federal entity financial statements have identified
numerous instances where entities did not identify, summarize, or
reconcile intragovernmental activity and balances by trading partner.
Controls over the intragovernmental transactions were not adequate. For
example, one department instructed its components to make buyer’s
intragovernmental transaction amounts agree with seller’s information
without requiring an adequate reconciliation or verification if goods or
services were provided. Similar issues were also identified concerning
activity and balances within the same entity (intradepartmental).
Accordingly, there was no assurance that the entity records contained
balances that are fairly presented. This has been a material weakness at the
U.S. government consolidated financial statement level in that entity
intragovernmental accounts do not completely eliminate in consolidation.
Intragovernmental Payment and Collection (IPAC) System
.22 IPAC is the primary method used by most federal entities to electronically
bill and/or pay for services and supplies within the U.S. government. IPAC
is used to communicate to Treasury and the trading partner agency that the
online billing and/or payment for services and supplies has occurred.
IPAC, however, is not intended to be a control over the intragovernmental
transactions (reciprocal accounts). IPAC was not designed as an
accounting system and does not require trading partners to record
transactions at the same time or in the same amounts. In addition,
unreconciled IPAC differences could affect the existence and
completeness of intragovernmental activity and balances.
.23 The IPAC billing entity initiates an IPAC transaction either as a collection
or a payment. The IPAC customer entity receives an IPAC transaction
either as a payment or a collection. Monthly, the Treasury compares the
customer and billing amounts from Statement of Transactions (FMS 224)
reported by the entity with the IPAC data. If there is a difference, a
5
Statement of Differences (SOD), including a detailed list of all
transactions charged or credited to a particular agency location code, is
generated monthly. The SOD is an Internet application of the Government
On-Line Accounting Link Information Access System II (GOALS II/IAS).
Entities are to investigate the differences and make any necessary
corrections on their next Statement of Transactions.
.24 The auditor generally should test the entity’s IPAC reconciliation
procedures to determine if the entity performs the reconciliation and
researches and resolves differences reflected on the Statement of
Differences properly and timely. The auditor may coordinate these
5
The Government Wide Accounting (GWA) system is being implemented over the next several years and
the SOD is scheduled to be eliminated (see FAM 921.11-.12).

procedures with Fund Balance with Treasury (FBWT) audit procedures to
assess the effectiveness of the entity’s IPAC reconciliation (see FAM 921).
.25 The auditor generally should also design audit procedures to understand
whether the entity uses other systems (EFT, check, standard forms used to
transfer funds between appropriations, credit cards, etc.) in addition to the
IPAC system to process intragovernmental activity and balances. The
auditor generally should determine whether these systems affect the
accuracy of intragovernmental activity and balances. (See audit procedures
below and FAM 902 C.)
Audit Procedures
.26 The auditor should identify the risk of material misstatement in
determining the nature, extent, and timing of procedures for auditing
intragovernmental activity and balances and in evaluating the results of
these procedures. Throughout the audit, the auditor evaluates the possible
existence of material intragovernmental activity and balances that could
affect the financial statements. The auditor also evaluates information
concerning material intragovernmental activity and balances to determine
the adequacy and appropriateness of financial statement disclosures.
.27 During the planning phase, the auditor should assess inherent, fraud, and
control risk. The auditor evaluates several conditions to assess inherent
risk related to intragovernmental activity and balances. For example,
inherent risk may exist because of the nature of the intragovernmental
activity, such as a significant volume or dollar amount of transactions,
number of trading partners, or complexity of transactions. The auditor
should also assess the impact of the risk of material misstatement on
control testing and substantive procedures. The auditor should determine
whether similar conditions continue to exist and should understand
management’s response to such conditions.
.28 In understanding the entity, including its internal control, the auditor
should obtain an understanding of management responsibilities and the
relationship of each component to the total department and of each
department to other departments. The auditor should also obtain an
understanding of the entity’s operations to identify, respond to, and resolve
accounting and auditing problems early in the audit. This includes:
• knowledge of the entity’s trading partners,
• the nature of intragovernmental transactions that occur,
• the volume and dollar amount of transactions, and
• management’s attitude and awareness with respect to reconciliations of
intragovernmental activity and balances.
.29 The auditor should evaluate the design of the entity’s internal control over
intragovernmental activity and balances and whether the design was
implemented. This begins with the auditor identification of policies and
procedures that pertain to the entity’s ability to record, process,

summarize, and report intragovernmental activity and balances by trading
partner. A good design emphasizes the importance of identifying and
classifying intragovernmental transactions by trading partner when they
are initiated and on all documentation thereafter. Without this initial
identification, the entity’s accounting system may not be able to adequately
track intragovernmental activity and balances.
.30 Without proper and timely reconciliation of intragovernmental activity and
balances, misstatements in these account balances at the component
and/or department level could materially affect the balances at the
governmentwide level (as well as at the department or component level).
In addition, when preparing consolidated financial statements, the preparer
eliminates intragovernmental activity and balances within and between
departments or components. Because the amounts reported for entity
trading partners for certain intragovernmental accounts could be
significantly out of balance, the preparer would not be able to eliminate
these accounts in the consolidated financial statements. The auditor may
advise the entity about the need for monthly confirmation and
reconciliation of these transactions with trading partners, as annual or
quarterly reconciliations may not be sufficient to detect and resolve
misstatements promptly.
.31 If the auditor determines that the entity’s reconciliation control for
intragovernmental transactions is not effectively designed and
implemented, the auditor should consider the effect on the risk of material
misstatement. Where intragovernmental transactions are or could be
material, significant additional work is usually necessary to express an
unqualified opinion. In those cases where the auditor finds significant
deficiencies or material weaknesses in the intragovernmental
reconciliation control and no other mitigating controls exist, the auditor
must disclose this in the report or opinion on internal controls (FAM 580).
.32 OMB audit guidance requires that agreed-upon procedures be performed
by entities where there is evidence and a history of systemic or recurring
problems in accounting, reporting, or reconciling intragovernmental
balances, beginning with the third quarter of fiscal year 2007. These
procedures are intended to assist with accounting for and eliminating
intragovernmental activity and balances in the preparation of department
and governmentwide financial statements and reports.
.33 To avoid duplicate procedures, the auditor should consider the agreed-
upon procedures performed by the entity in the above paragraph when
designing the tests for intragovernmental activity and balances. Examples
of the account risk analysis (ARA), specific control evaluation (SCE), and
audit procedures for the audit of intragovernmental activity and balances
are in FAM 902 A, FAM 902 B, and FAM 902 C, respectively. The ARA,
SCE(s), and audit procedures generally are customized by the auditor for
the particular entity. For example, if the auditor determines that the
intragovernmental accounts receivable line item is significant, the auditor
generally should prepare a separate ARA, SCE(s), and audit procedures for

the intragovernmental accounts receivable account and its related
accounting applications. (Note that a single SCE for a line-item/account-
related accounting application is presented. There are likely transaction-
related accounting applications listed on the ARA that also would have
SCEs.) In addition, for efficiency, the auditor may coordinate tests of
intragovernmental activity and balances with tests of nonfederal activity
and balances.
Other Related Parties
.34 To effectively plan and perform an audit, the auditor generally should
understand the entity’s organization and its characteristics. The auditor
generally should identify the possible existence of other related parties and
other related party transactions throughout the audit and determine
whether they are properly accounted for and disclosed (see FAM 902.07).
As indicted at FAM 902.04-.05, other related party transactions may involve
members of entity’s management, and individuals and companies with
which members of management may be related. While these transactions
are usually not material to the entity’s financial statements, there may be a
sensitive conflict-of-interest issue involving the potential misuse of
government assets.
.35 The auditor may inquire of management, review major contracts or
agreements, and read financial disclosure statements. The auditor should
document the names of related parties so audit staff members are aware of
them as they conduct the audit. Tests of transactions with such parties may
be coordinated with sensitive payments work, as discussed in FAM 280.05.
.36 In addition to the procedures on related parties, the auditor also may
inquire about other parties that may not be related parties, but that the
entity may wish to disclose because of a public perception that they might
be related, although professional standards do not require disclosure if the
parties are not related (as defined in AU 334). FAM 902 C provides
examples of audit procedures for other related parties as well as for
intragovernmental activity and balances. The auditor may customize the
steps for the particular audited entity.
Practice Aids
.37 The following practice aids are presented as appendixes:
• FAM 902 A – Example Account Risk Analysis (ARA),
• FAM 902 B – Example Specific Control Evaluation (SCE), and
• FAM 902 C – Example Audit Procedures

Substantive Testing
902 A - Example Account Risk Analysis for Intragovernmental Activity and Balances
Entity: _______________________________ Preparer: . Date __________
Date of Financial Statements: __________________ ACCOUNT RISK ANALYSIS FORM Reviewer: Date __________
Line Item: Intragovernmental balances File Ref: Page 1 of 8
PLANNING PHASE INTERNAL CONTROL PHASE TESTING PHASE
Account Financial statement Inherent, fraud, and control Cycle/ Effective- Control Risk of Timing Nature & Doc
assertions / risks risk factors accounting ness of risk material I/F extent ref &
application control misstate audit
activities -ment step
Name Balance
Intragov- Existence or Inherent risk arises from Cycles F Confirm III.A &
ernmental occurrence (1) the nature of intra- Revenues, balances with B.1.c
assets, governmental transactions, Expenses, trading
liabilities, Recorded which are susceptible to Various partners.
revenues, intragovernmental misstatement because of
expenses balances do not exist. the high volume of trans- Accounting Examine the III.A
actions (and dollar applications reconciliation
amounts) and number of Receipts, of intra-
multiple reporting entities/ Disburse- governmental
trading partners, and ments, accounts by
(2) prior years’ significant Accounts trading
adjustments relating to Receivable, partner.
intragovernmental Accounts
transactions. Payable, Determine if
III.A
Various reconciliation
was reviewed
and by whom.

Substantive Testing
assertions / risks risk factors accounting ness of risk material I/F extent ref &
Name Balance
Control risk arises from Determine if III.A

(1) prior years' material adjustments
weaknesses in accounting made to
and reporting where the accounts are
entity was not able to proper and
identify, classify, and timely.
summarize intragovern-
mental transactions by Review III.E
trading partners, and elimination
(2) management's attitude entries and
in not enforcing the recon- determine if
ciliation procedures. they were
reviewed and
by whom.
Review I.4
prearranged
trading
partner
agreements.

Substantive Testing
assertions / risks risk factors accounting ness of risk material I/F extent ref. &
Name Balance
Intragov- Completeness Same as existence above, Same as F Same as Same

ernmental and control risk also arises existence existence as
assets, Intragovernmental from the lack of above above. above.
liabilities, balances and management's oversight
revenues, transactions are not relating to the Review I.4 &
expenses recorded timely so as intragovernmental customer and III.B to
to be included in the transactions and balances vendor files D
financial statements. adjustments made to the and receipt/
financial statements and disbursement
required supplementary records for
information. related
parties.
Test cut-off: III.B.1.

search for d
unrecorded
transactions
(e.g., review
transactions

Substantive Testing
Name Balance
after yearend
to see if they
were recorded
in the correct
fiscal year).
Review the III.B.1.

results of d
FBWT
accounts
reconciliation,
specifically
with
unreconciled
IPAC transac-
tions and
suspense
accounts.

Substantive Testing
Name Balance
Review results IV.5

of agreed-
upon
procedures
related to
employee
benefits and
FACTS I
verification.

Substantive Testing
Name Balance
Intragov- Valuation or Same as existence above Same as F Same as Same

ernmental allocation existence existence and as
assets, above completeness. above.
liabilities, Intragovernmental
revenues, balances are not Review basis I.4.a.ii
expenses valued accurately or of pricing & iii &
on an appropriate significant IV.1 &
basis in the financial intragovern- 2
statements. mental
transactions
for appropriate
disclosure.

Substantive Testing
Name Balance
Intragov- Rights and Same as existence above Same as F Review I.4.a.ii

ernmental obligations existence confirmations & III.
assets, above for indication A-B
liabilities, The entity does not of disputes.
revenues, have rights to
expenses recorded Review I.4.a.iv
intragovernmental pre-arranged
balances. agreements
between
trading
partners.
Review IV.3
representation
letters to see if
obligations are
properly
disclosed.

Substantive Testing
Name Balance
Intragov- Presentation and Same as existence and Same as F Determine if I.2 &
ernmental disclosure completeness above existence the entity IV
assets, above appropriately
liabilities, Intragovernmental classifies,
revenues, balances are not summarizes,
expenses properly classified or and discloses,
disclosed in the intragovern-
financial statements, mental
or based on a accounts in
consistent application financial
of accounting statements,
guidance. related disclo-
sures, and RSI,
in accordance
with FASAB,
OMB, and
Treasury
guidance.

Substantive Testing
902 B - Example Specific Control Evaluation for Intragovernmental Accounts
Entity: ________________________ SPECIFIC CONTROL EVALUATION Preparer: _______________Date:_____

Date of Financial Statements:
_________________ (Line Item/Account-Related) Reviewer: ______________ Date:_____
Accounting application:
Intragovernmental accounts File Ref: Page 1 of 8
Accounting Relevant Potential misstatements in Control objectives Internal control activities IS Effective- Doc ref,
application assertions in line accounting application (Y/N) ness of control
assertions items assertions control testing
activities step
various various
Existence or various various Substantiation
occurrence 1. Recorded 1a. Recorded 1. Quarterly, intragovernmental N II.1.g-i
intragovernmental assets intragovernmental balances recorded in the entity’s
and liabilities do not exist assets and liabilities general ledgers are confirmed
at a given date. should exist at a given and reconciled with trading
date. partners.
2. The entity and trading partners N II.1.g-i
work together to exchange data/
correct errors promptly
concerning the intragovernmental
balances.
3. Reconciliation adjustments and N
supporting documents are III.A.1-7
reviewed and approved by
authorized personnel before
being entered in the general
ledgers.
4. Reconciliation between Y III.A.1-7
intragovernmental general ledger
balances and subsidiary ledger
balances are performed quarterly
and reviewed by supervisory
personnel.

Substantive Testing

activities step
various various
1b. Recorded 1. Same as 1a. above. Same as

intragovernmental above.
assets and liabilities of
the entity, at a given
2. Transaction logs and detailed
date, should be Y II.1.l
records of transactions are
supported by
maintained to facilitate the
appropriate detailed
reconciliation process and to
records that are
provide sufficient information for
accurately
the location of the supporting
summarized and
documents.
reconciled to the
account balance.
1c. Access to 1. Critical forms and records are Y Example

intragovernmental protected by safes and locks, control
assets, critical forms, guards, cameras, alarm systems, tests are
records, and and backup of electronic data. omitted
processing and from the
storage areas should 2. Changes made to the trading Y example
be permitted only in partner codes file are restricted audit
accordance with laws, to authorized accounting pro-
regulations, and personnel. cedures.
management’s policy.

Substantive Testing

activities step
various various
Complete- various various Account Completeness
ness 2. All intragovernmental
2. Intragovernmental 1. Same as existence above. Same as
assets and liabilities of accounts that belong above.
the entity exist but are in the financial state-
omitted from the ments should be so
financial statements. included. There should 2. Employees review all transac- N II.1.a-f
be no undisclosed tions to identify and properly
assets or liabilities. code intragovernmental
transactions.
3. Employees reconcile and resolve N II.2 &

IPAC differences (and differences III.B.1.c
from other systems/ methods, if
any, used to process
intragovernmental transactions)
promptly and records
adjustments properly.
4. Supervisory personnel review and N II.1.m

approve monthly account
analyses of intragovernmental
accounts and examine budget-to-
actual and trend analyses.

Substantive Testing

activities step
various various
5. Elimination journal entries and N II.1.k &
supporting documentation are III.E
reviewed and approved by
authorized personnel.
6. Elimination entries are supported Y II.1.k &

by schedules summarizing the III.E
SGL accounts that are combined
to total the amounts eliminated.
Valuation or Valua- Valua- Valuation

allocation tion or tion or 3. Intragovernmental
3. Intragovernmental 1. Same as existence and Same as
alloca- alloca- assets and liabilities
assets and liabilities completeness above. above.
tion tion included in the
included in the
financial statements 2. Employees periodically evaluate N I.4.a.ii &
financial statements
should be valued on the condition and marketability iii
are valued on an
appropriate valuation of intragovernmental assets, for
inappropriate basis.
bases. example, receivables are
evaluated for collectibility.
3. Donated goods and services are N I.4.a.ii &

recorded at fair value. iii

Substantive Testing

activities step
various various
Measurement
4. Intragovernmental 1. Same as existence and Same as
4. Intragovernmental
revenues and completeness above. above.
revenues and expenses
expenses included in
included in the
the financial
financial statements
statements should be
are measured
properly measured.
improperly.
Rights and Rights Rights Ownership

obligations and and 5. Recorded 5. Recorded 1. Same as existence and Same as
obliga- obliga- intragovernmental intragovernmental completeness above. above.
tions tions assets are owned by assets should be
others because of sale, owned by the entity.
or other contractual
arrangements.
Rights
6. The entity does not 6. Intragovernmental 1. Same as existence and Same as
have certain rights to assets should be the completeness above. above.
recorded entity’s rights at a
intragovernmental given date.
assets because of
certain restrictions.

Substantive Testing

activities step
various various
Obligations
7. The entity does not 7. Intragovernmental 1. Same as existence and Same as
have an obligation for liabilities should be completeness above. above.
recorded the entity’s obligations
intragovernmental at a given date.
liabilities at a given
date.
Presentation Presen- Presen- Account classification

and tation tation
8. Intragovernmental 8. Intragovernmental 1. Employees use trading partner Y II.1
disclosure and dis- and dis-
accounts are not accounts should be codes to identify and track
closure closure
properly classified and properly classified and trading partners when the
described in the described in the intragovernmental transactions
financial statements. financial statements. are initiated and on all
documentation thereafter.
2. Employees use SGL account Y II.1

attributes to identify the nature
of account balances and to
identify intragovernmental
transactions by trading partner.

Substantive Testing

activities step
various various
3. CFO staff classifies, summarizes, N IV.1

and reports intragovernmental
accounts by trading partner and
presents them in the notes to the
special-purpose financial
statements.
4. CFO staff checks that the N IV.1
intragovernmental asset and
liability categories reported as
notes in the special-purpose
financial statements agree with
the intragovernmental asset and
liability line items reported on the
balance sheet.
5. CFO staff discloses intragovern- N IV.1

mental gross cost and earned
revenue by budget functional
classification as required by
OMB.

Substantive Testing

activities step
various various
Consistency
9. The financial statement 9. The financial 1. Intragovernmental accounts are Same as
components are based statement components properly classified and described above.
on accounting should be based on in the financial statements.
principles different accounting principles
from those used in prior that are applied
periods. consistently from
period to period.
Disclosure
10. Required information is 10. The financial 1. Intragovernmental accounts are Same as
not disclosed in the statements or notes properly classified and described above.
financial statements or should contain all in the financial statements.
in the notes thereto. information required
to be disclosed.

Substantive Testing
902 C – Example Audit Procedures for Intragovernmental and Other Related Parties’
Activity and Balances
902 C – Example Audit Procedures for Intragovernmental

and Other Related Parties’ Activity and Balances
Entity __________________________________________________________________
Period of financial statements _____________________________________________
Job code _______________________________________________________________
Audit Procedures for Intragovernmental and Other Done Doc Ref.

Related Parties’ Activity and Balances by/date
I. Planning Phase
Obtain an understanding of the entity and its operations,
including its internal controls that are significant to the audit
of intragovernmental and other related party activity and
balances (see FAM 220) by
1) Obtaining an understanding of significant accounting
and auditing issues by reading the entity’s prior year’s
accountability and auditors’ reports.
2) Identifying the entity’s accounting and reporting
requirements and applicable auditing standards for
intragovernmental and other related party activity and
balances by reading
a) SFFAS No. 4, Managerial Cost Accounting
Concepts and Standards; SFFAS No. 5,
Accounting for Liabilities of the Federal
Government; SFFAS No. 7, Accounting for
Revenue and Other Financing Sources and
Concepts for Reconciling Budgetary and
Financial Accounting; Statement of Financial
Accounting Standards No. 57, Related Party
Disclosures; AU Section 334, Related Parties; AU
Section 558, Required Supplementary
Information; OMB bulletin on Form and Content
of Agency Financial Statements; Treasury/
Financial Management Service’s (FMS) Federal
Intragovernmental Transactions Accounting
Policies Guide; and Treasury Financial Manual
section “Federal Intragovernmental Transactions
Process.”

Substantive Testing

b) The entity’s internal procedures for identifying,
accounting, reconciling and reporting
intragovernmental and other related party activity
and balances.
c) The entity’s process for identifying, classifying,
and reporting intragovernmental activity and
balances requiring elimination at the consolidated
departmentwide or governmentwide level.
3) To identify the impact of systems/methods for
processing, accounting, and financial reporting of
balances, perform the following procedures
a) Interview the entity’s key management about
processes, for example, the systems/methods that
are used to process intragovernmental and other
related party activity and balances (e.g., IPAC,
credit cards, standard forms used to transfer funds
between appropriations, and others).
b) Obtain estimates of the approximate number and

dollar amount of intragovernmental and other
related party activity and balances (this could be
based on the prior year) that are processed by
each significant system/method (see FAM 270).
c) Consider coordinating this work with the audit of
like nonfederal activity and balances (i.e., similar
transactions by the entity with parties other than
other federal entities).

Substantive Testing

4) To identify the intragovernmental and other related

party activity and balances, perform the following
procedures
a) Ask entity management to identify
i) The names of all related parties
(intragovernmental and others) and whether
there were transactions with them during the
period. Other possible related parties outside
of government might be individuals and
companies with which members of
management may be related or otherwise be
able to significantly influence the
management or operating policies.
ii) The nature and terms of all significant

activities and balances. For example,
(1) for a seller entity,
(a) Obtain information on the types of
significant revenues, any markup
percentage(s) over full cost, and
the settlement/payment due date.
(b) Inquire as to how the full cost of
products and services sold is
determined.
(2) for a buyer entity,

(a) Inquire about the minimum
requirements (business rules) that
must be met before an
intragovernmental trading partner
may provide goods or services.
(3) Inquire as to any amounts that are in

dispute at year-end.

Substantive Testing

iii) Determine whether the audited entity

receives services without reimbursement or
for less than full reimbursement. For
example, donated services, such as space or
detailed employees. If so, ask if the entity is
complying with U.S. GAAP and/or OMB
requirements with respect to accounting and
reporting treatment of these transactions.
Also, if applicable, ask about the
approximate fair value and/or financial
statement disclosure for such goods and/or
services.
iv) Determine whether the entity centrally

maintains contracts, agreements, and other
documentation for the terms of all significant
transactions with related parties.
b) Review, if any
i) Entity policy for advance approval of related
party transactions by senior management.
ii) Entity policy for requiring disclosure by
employees to appropriate officials of
potential conflicts of interest, such as related
party transactions by employees of the entity.
Also determine if summaries of such
transactions are communicated to financial
management for its consideration.
iii) Vendor and customer master file listings,
major contracts, and IPAC activity for
intragovernmental or other related parties.
5) Provide audit staff with the names of known
intragovernmental and other related party trading
partners, a description of the nature of significant
transactions with each, and such other information as
considered necessary to assist them in planning and
performing other sections of the audit.
6) Summarize results of the Planning Phase.

Substantive Testing

7) Document the auditor’s preliminary assessment of risk

of material misstatement related to intragovernmental
and other related party activities and balances in the
ARA form (FAM 902 A) or equivalent.
II. Internal Control Phase
Understand and document the design of the internal control
for identifying, accounting for, eliminating, and reporting
balances (existence, completeness, valuation, rights and
obligations, presentation and disclosure) (see FAM 320). Also
determine if the design has been implemented.
1) Determine through inquiry of management,
walkthroughs, review of prior years’ documentation and
other means, how and when the entity identifies
intragovernmental and other related party transactions.
a) Determine whether the entity identifies
transactions by trading partner when they are
initiated and on all documentation thereafter.
b) If the entity uses trading partner codes, determine
the relationship of such codes to other document
identifiers such as vendor codes. For example,
trading partner codes may be integral to each
vendor code, or it may be necessary to crosswalk
vendor codes to a file of trading partner codes.
c) If the entity does not use trading partner codes,

determine how the entity identifies, analyzes, and
accumulates intragovernmental activity and
balances. For example, the entity may derive such
amounts through off-line manual processes after
the fact.
d) Determine when the entity recognizes each
significant category of intragovernmental and
other related party transactions. For example,
when an invoice is received, when processed
through IPAC, when goods or services are
received, when notified by the seller that an
agreed-upon stage of completion has been
achieved. Determine whether the entity’s policy in
recording intragovernmental and other related
Substantive Testing

party transactions is appropriate.
e) Determine whether the entity and its trading

partners use consistent reciprocal ledger accounts1
and categories of activity and balances for
recording and reconciling such amounts. If so, ask
what processes are in place to provide
management with reasonable assurance that
trading partners are recognizing reciprocal
transactions in the same period, for the same
amount, and by consistent or compatible
accounting methods.
f) Determine if the entity complies substantially with

the SGL at the transaction level as it applies to
intragovernmental activity and balances. (Note:
The SGL accounts used should include attributes
for intragovernmental activity and balances that
identify (a) that these accounts contain
intragovernmental transactions (e.g., attribute
“F”), and (b) the trading partner (e.g., Treasury
trading partner code “20”).)
g) Identify policies and procedures for confirming

intragovernmental and other related party activity
and balances with trading partners.
h) Determine how often the entity reconciles its

related party activity and balances with its trading
partners. Also inquire as to whether adjustments
identified as necessary through the reconciliation
process have been properly recognized in the
financial records. If not, ask why. If the entity did
not perform reconciliations, ask why not.
1
Reciprocal accounts are corresponding SGL accounts seller and buyer entities use to record like
intragovernmental transactions. For example, the seller entity’s accounts receivable would normally be
reconciled to the reciprocal account, accounts payable, on the buyer entity’s records. Examples of these
accounts are in FMS’ Federal Intragovernmental Transactions Accounting Policies Guide.

Substantive Testing

i) Determine whether selling and buying entities

have established processes to facilitate the timely
reconciliation of activity and balances. (Note: The
selling entity is typically responsible for furnishing
detailed transaction information to facilitate
reconciliation.)
j) Inquire as to the entity’s year-end cut-off
procedures related to intragovernmental and other
related party activity. Determine if procedures are
designed to provide assurance that
intragovernmental activities occurring in the
current period are recorded in the current period.
(Use the above trading partner procedures to
detect cutoff errors in the reconciliation process.)
k) Identify the entity’s policies and procedures for
intra-entity elimination.
l) Determine whether the entity maintains
transaction logs or detailed records of transactions
to identify the postings to SGL accounts and to
facilitate the reconciliation process. Determine if
the logs include sufficient information to enable
identification and location of supporting
documents.
m) Determine whether the entity reviews and
approves monthly account analyses of
intragovernmental accounts, examines budget-to-
actual, and performs trend analyses.
2) Coordinate with the results of audit procedures for
other cycles to determine if the entity has internal
control deficiencies related to intragovernmental and
other related party activity and balances. For example,
to determine if the entity has control issues related to
intragovernmental activity and balances, coordinate
with the results of FBWT audit procedures to determine
if the entity has issues on its FBWT/IPAC reconciliation
such as material unreconciled amounts and aged
unreconciled IPAC differences.

Substantive Testing

3) Perform walkthroughs of processes for identifying,

accounting, reconciling, confirming, eliminating, and
reporting intragovernmental and other related party
activity and balances to obtain or update the auditor’s
understanding of these procedures and preliminarily
assess the effectiveness of the design of these controls.
a) Walkthrough the process from initiation to
recording in the general ledger and inclusion in the
financial statements or elimination for each
significant type of intragovernmental and other
related party activity and balances.
b) Walk through the management/entity approval
process of payments to trading partners. (Note:
Prior audits have identified instances where
payment controls for intragovernmental
transactions were not sufficient. For example, the
seller entity made payments to trading partners
without verifying whether goods or services were
provided.)
c) Identify and document any differences in
processing nonfederal and intragovernmental and
other related party activities and balances.
d) If the entity performs reconciliations of
intragovernmental activity and balances with
trading partners during the year, walk through
both interim and year-end reconciliation
processes.
4) Prepare or update the cycle memorandum (FAM 390),
flowcharts (FAM 395 H and I), ARA form (FAM 902 A)
and SCE form (FAM 902 B), or equivalents.)

Substantive Testing

III. Testing Phase

A. Intragovernmental accounts
For intragovernmental accounts, if the auditor preliminarily
determines that the entity’s reconciliation and confirmation
controls with trading partners are effectively designed and
placed in operation, the auditor generally should test the
entity’s policies and procedures to determine if the
reconciliation and confirmation controls are effective and if
intragovernmental balances appear reasonable.
1) If material differences exist in intragovernmental
activity and balances, prepare an agreed-upon
procedures report beginning with third quarter 2007.
(See Treasury TFM; OMB audit guidance on
Intragovernmental Balances: Supplementary and
Agreed-Upon Procedures (AUP), sections 13.32 and
13.33; and FAM 660.)
2) Compare the amounts in the reconciliations to

3) Trace the adjustments, if any, identified in the

reconciliation process to the entity’s financial records.
4) Compare the amounts, excluding intra-departmental

activity and balances, in the audited department
consolidated financial statements to such amounts in
the department’s final FACTS I or FACTS Notes reports
to FMS.
5) If necessary, the auditor may design additional

procedures to achieve financial audit objectives. For
example:
Reconciliation/confirmation (existence, completeness,
valuations, rights and obligations, and classification)

Substantive Testing

• According to OMB’s Circular A-136, Financial

Reporting Requirements, entities are required to
reconcile intragovernmental balances and
transactions at least quarterly. Test reconciliations
to determine if the entity’s reconciliation control is
effective throughout the year and each trading
partner has a separate reconciliation.
• This reconciliation/confirmation also may be used
for within entity reconciliation/confirmation (intra-
entity).
a) Determine the completeness of the population by
comparing the trading partners on the
reconciliations and confirmation forms to
subsidiary records or the entity’s trading partner
list obtained during the planning phase.
b) For each reconciliation/confirmation:

i) Determine if the reconciliation/confirmation
was reviewed and approved by appropriate
personnel.
ii) Compare total amounts and SGL accounts of

the activity and balances reported on the
reconciliation/confirmation form with the
general and subsidiary ledger accounts, and
the total amounts to audited financial
statements and footnote disclosures. If
differences are found, document each such
difference. Determine the potential impact
on the financial statements and post the
differences identified to the Schedule of
Uncorrected Misstatements (FAM 595 C-4)

Substantive Testing

iii) Test whether the entity used appropriate SGL

accounts and whether these SGL accounts
include the proper attribute(s) to indicate
that they result from intragovernmental
transactions. For example, when the federal
attribute “F” is used with an SGL account, a
trading partner should be designated for each
transaction posted to the account. Entities
can modify SGL accounts listed on the form
to be more specific.
iv) Determine whether the entity is using the
reciprocal accounts delineated in the FMS
Guide. Entities should use these accounts to
account for intragovernmental activity and
balances in the specified categories. Use of
these reciprocal accounts will facilitate the
reconciliation and confirmation process.
v) For fiduciary activity and balances, compare
amounts on the reconciliation forms to
amounts on the Intragovernmental Fiduciary
Confirmation System. (Note: Fiduciary
activity and balances include loans from the
Federal Financing Bank and Bureau of Public
Debt, investments with Bureau of Public
Debt, Federal Employees’ Compensation Act
transactions with DOL, and employee benefit
transactions with OPM. The seller entity—
Bureau of Public Debt, Treasury, Federal
Financing Bank, DOL, and OPM—should
make balances information and other details
available through the Intragovernmental
Fiduciary Confirmation System for the buyer
entities’ use in reconciling amounts to their
records. The Intragovernmental Fiduciary
Confirmation System is the official
confirmation system for federal entities that
engage in fiduciary intragovernmental
transactions with Bureau of Public Debt,
Federal Financing Bank, OPM, and DOL.)

Substantive Testing

vi) For transfers, test whether

(1) the classification of transfers as
expenditure or nonexpenditure is
proper, and
(2) the accounting and reporting are
appropriate.
vii) For trust fund transfers such as highway and
airport trust funds, also test whether the trust
fund amounts are properly accounted for and
maintained in accordance with laws that
established these funds. (Note: Test either by
the trust fund auditor or as agreed-upon
procedures by the auditor who audits the
entity that collects the revenue for it.)

Substantive Testing

Reconciliation adjustments and differences (all

intragovernmental categories)
Exhibit I to FAM 902 C provides an illustration of a
reconciliation tool that may be used to summarize
reconciling items and prove amounts between a buyer
and a seller entity.
b) Determine whether adjustments, if any, are
supported and timely by
i) Tracing adjustments and reconciling items
identified in the reconciliation process to the
entity general and subsidiary ledgers.
ii) Examining adjustments and supporting

documents to determine if
(1) The entity timely and properly
performed the research and identified
causes for differences.
(2) The adjustments are agreed upon by
both entities and made to proper SGL
accounts. Examples of adjustments and
reconciling items are:
(a) Adjustments in estimated
accruals: For example, the seller
entity has recorded unbilled
revenue and the buyer entity was
not timely advised of the
estimated accrual.
(b) Adjustments due to timing
differences: For example, timing
differences caused by a buyer
entity’s delay in recording IPAC
transactions into proper SGL
accounts.
(c) Reconciling item for capitalization
of assets: For example, the buyer
entity purchased property and
equipment or inventory and
recorded them as assets.

Substantive Testing

iii) Obtain or prepare aging of outstanding

unadjusted reconciling amounts for all
significant intragovernmental balance sheet
accounts. Identify old and/or unusual reconciling
items and obtain explanations from the entity.
iv) Review final yearend reconciliation for any
accounting policy differences and determine if
the entity explains the causes of these
differences on the final reconciliation. The
causes of these differences might be differences
in accounting standard requirements such as
different amortization methods for discounts and
premiums. For example, one trading partner may
use the interest method and the other trading
partner may use the straight-line method to
amortize discounts/premiums. However, there
should be no material unresolved differences on
the final year-end reconciliation forms and
entities should resolve all differences with their
trading partners.
v) Determine the extent of unadjusted differences
at year-end and assess their materiality on the
financial statement line item and the overall
financial statements.
vi) If adjustments are made subsequent to the
completion of the confirmations (during the
audit period), determine if the entity revised the
reconciliation and confirmation and submitted
the updated data to FMS.
6) Summarize the results of testing by concluding on the
effectiveness of the entity’s reconciliation and
confirmation controls. Propose any adjustments on the
Schedule of Uncorrected Misstatements (FAM 595 C).
7) Determine whether to change the risk of material
misstatement and revise audit procedures based on the
results of testing.

Substantive Testing

B. Intragovernmental activity and balances

For intragovernmental activity and balances, if the auditor
preliminarily determines that the entity’s reconciliation/
confirmation control with trading partners is not
appropriately designed, or if the reconciliations and/or
confirmations are not performed by the entity, determine the
effect on substantive procedures and on the audit report.
Determine whether to modify the audit opinion when no
reconciliation and other mitigating controls exist, and to
disclose a significant deficiency or material weakness in
internal controls. When intragovernmental activity and
balances are material, significant additional work may also be
necessary to express an unqualified opinion on the financial
statements, such as:
1) Coordinating work with auditor testing other related
line items and test existence, completeness, valuation,
rights and obligations, and classification of
intragovernmental activity and balances by
a) Determining in conjunction with cash receipts,
revenues, and accounts receivable testing, if
intragovernmental accounts receivable were
collected subsequent to test date. Examine
supporting documentation for the posting of
collections to the cash records and determine if
intragovernmental revenues and receivables were
included in nonfederal balances.
b) Testing completeness of intragovernmental
activity and balances by reviewing vendor and
customer master files to determine if
intragovernmental vendors and customers are
properly included in intragovernmental accounts.
c) Sending confirmation requests to trading partners
for both balance sheet and net cost activity and
balances. If the risk of material misstatement is
assessed as high, apply similar confirmation
procedures to nonfederal accounts.

Substantive Testing

Cut off test (existence and completeness)

d) Determine if there are unrecorded transactions and
if the transactions are recorded in the correct period
by
i) Coordinating with the FBWT audit team to
review results of the FBWT reconciliation tests.
For example, review IPAC transactions
reconciliations and the recording of IPAC
transactions in accounting systems; consider
how timely and whether appropriate; review
IPAC transactions after 9/30–subsequent billing
and collecting transactions–to determine
unrecorded transactions at 9/30.
ii) Searching for unrecorded revenue, accounts
receivable, purchases, and accounts payable
(completeness). For example
(1) To search for unrecorded revenue and
accounts receivable, select invoices for
trading partners recorded in the xx-day
period subsequent to year-end. Trace the
selected invoices to shipping records or
evidence of service performance. Determine
whether the revenue and accounts
receivable were recorded in the correct
period. Alternatively, select from shipping
records to trading partners prior to year-end
and trace to invoices.
(2) To test the completeness of amounts
recorded as accounts payable at the
balance-sheet date, select disbursements
after the end of the audit period and test if
the amounts were recorded in payables.
2) Review the test results of other related line items to
determine if there are issues related to existence,
completeness, valuation, rights and obligations, and
classification in the tested accounts and transactions
and the impact on the intragovernmental activity and
balances. In testing these other accounts, consider
whether items tested were from trading partners.

Substantive Testing

3) Summarize results of testing and propose any

adjustments on the Schedule of Uncorrected
Adjustments (FAM 595 C-4).
results of testing.
C. Control and substantive tests of details—
other related parties
Determine the purpose, nature, and extent of material other
related party transactions and their effect on the financial
statements. Coordinate with sensitive payments work,
including executive compensation, travel, official
entertainment funds, unvouchered expenses, and consulting
services (see FAM 280.05).
1) Based on the work performed during the planning and
internal control phases, determine and document the
methodology used to select the transactions for testing
by either
a) examining all transactions, or
b) performing a Monetary Unit Sampling (MUS), or
c) performing a Classical Variables Estimation
Sampling, or
d) another method (describe).
2) For the selected transactions,

a) examine documentation such as invoices,
contracts, agreements, and receiving and shipping
reports;
b) determine whether the transactions have been
properly approved;
c) confirm transaction terms and amounts with the

other party to the transaction; and
d) test the compilation of amounts that may be

disclosed in the financial statements for
reasonableness.

Substantive Testing

3) Summarize results of testing and propose any

adjustments on the Schedule of Uncorrected
Adjustments (FAM 595 C-4).
results of testing.
D. Substantive analytical procedures (FAM 475)
Perform analytical procedures to assess whether balances are
reasonable and reflect appropriate activities (existence and
completeness). If the entity performs reconciliation and
confirmation of intragovernmental activity and balances and
the auditor places reliance on those tests of details, less
rigorous, supplemental analytical procedures may be used to
increase the auditor’s understanding of intragovernmental
activity and balances after performing tests of details in
Testing, step III.A, above. However, in the absence of
adequate reconciliation and confirmation controls, some or
all of these procedures may be necessary to obtain sufficient
evidence, if possible. For example,
1) Develop expectations of the accounts payable and
receivable balances overall or for all significant trading
partners in light of the payment cycle during the year.
Then, compare the recorded balance overall or by
trading partner to the expected amount and investigate
differences in the recorded balance if differences
exceed an amount such that the total uninvestigated
difference for all trading partners, including those not
selected, does not exceed the limit.
2) Develop expectations of recorded intragovernmental

revenue overall or for all significant trading partners
based on independent data; for example, consider using
trading partners’ orders. Then compare the expectations
to the recorded revenue amounts and investigate
differences in the recorded balance if differences
exceed an amount such that the total uninvestigated
difference for all trading partners, including those not
selected, does not exceed the limit.

Substantive Testing

3) Examine accounting records, for example, accounts

receivable and payable, for large, unusual, or
nonrecurring activity or balances. For example,
consider expectations as to the types of
intragovernmental activity and balances and trading
partners based on the planning work. Then, examine
significant unexpected/unusual intragovernmental
activity and balances and intragovernmental activity or
balances with unexpected trading partners. Document
the definition of significant.
4) Summarize the results of testing and determine if
adjustments are necessary.
E. Elimination (existence, completeness, and
valuation)
Test consolidation/elimination for transactions occurring
within the entity (intra-entity) to determine whether the
elimination is appropriate and supportable.
1) Obtain a list of each component entity’s intra-entity
transactions identified for elimination and each
component entity’s reconciliation of its intra-entity
activity and balances with its respective trading
partners. This step may be done in conjunction with the
test of reconciliation (see step III.A above).
2) Review the entity’s eliminating journal entries and
supporting documentation for elimination entries of the
entitywide consolidated financial statements.
Determine whether elimination journal entries are
a) approved by management, and
b) supported by schedules summarizing the SGL
accounts that are combined to total the amounts
eliminated.
3) Summarize results of testing.
results of testing.

Substantive Testing

IV. Reporting Phase

To determine if the presentation and disclosures of
intragovernmental and other related party balances comply
with U.S. GAAP and OMB requirements:
1) Determine whether financial reports are prepared in
accordance with the OMB Circular No. A-136,
Financial Reporting Requirements. For example,
a) Review the balance sheet and determine whether
it is properly classified and line items are correctly
reported as intragovernmental or nonfederal.
b) Read the notes to the financial statements to
determine if intragovernmental amounts and the
related federal trading partners for assets,
liabilities, earned revenue from trade (buy/sell)
transactions and nonexchange revenue are
disclosed.
c) Read disclosures for the Statement of Net Cost in
the notes to the departmentwide financial
statements and determine if the department
includes a separate disclosure of
intragovernmental gross cost and earned revenue
by budget functional classification. Determine
whether gross cost and earned revenue are net of
intradepartment transactions (consolidated).
2) Read the entitywide financial statements and notes and
compare the reported intragovernmental and other
related party (if any) activity and balances with the test
results.
3) Request that the entity’s management include, in the
representation letter, representations related to
balances. (See FAM 1001 for guidance.)
4) Communicate with trading partner entities’ auditors
(with entity permission) to determine whether issues
identified by the other auditors affect the auditor’ s
conclusions on intragovernmental transactions.

Substantive Testing

5) Read the various current period Agreed-Upon

Procedures (AUP) reports to consider whether the
findings will affect the auditor’s conclusion and/or if
additional procedures need to be performed. For
example,
• The AUP report on employee withholdings and
employer contributions that are reported on the
Report of Withholdings and Contributions for Heath
Benefits, Life Insurance and Retirements. This AUP
report is to assist OPM in assessing the
reasonableness of the Retirement, Health Benefits,
and Life Insurance Withholdings/Contributions and
Supplemental Semiannual Headcount report
submitted to OPM (see OMB audit guidance).
6) Summarize the results and propose any adjustments on
the Schedule of Uncorrected Adjustments (FAM 595 C-
4).
7) Conclude whether intragovernmental and other related
party activity and balances have been adequately
accounted for and properly disclosed in the financial
statements.

Substantive Testing
Reconciliation of Seller Entity Intragovernmental Exhibit I

Earned Revenue with Buyer Entity Cost
Seller Entity - Trading Partner 1

$200,000
Intragovernmental cash received for earned revenue, FY 200X,
from Trading Partner 2 (General ledger before adjustment)
Less adjustment for timing difference -

Cash received but revenue unearned at end of the current (20,000)
year The contra accounts
for timing items
Add adjustment for timing difference - should also reconcile.
Earned revenue recognized on unbilled work at the end 50,000
of the current year The Seller's unearned
revenue account
Intragovernmental earned revenue - accrual basis, FY 200X, (liability) should
from Trading Partner 2 (General ledger after adjustment) $230,000
reconcile with the
When reconciled, Seller Revenue and Buyer Cost must Buyer's prepaid
agree after adjustments are recorded to correct for errors. (asset) account.
Seller's earned but

Buyer Entity - Trading Partner 2
Intragovernmental purchases - cash basis, FY 200X, from unbilled receivable
Trading Partner 1 (General ledger before adjustment) $190,000 (asset) should
reconcile with the
Add: Buyer's accounts
Adjustment for cutoff error identified during payable for unbilled
reconciliation process [Cash sent to Trading Partner 1, 10,000 work (liability)
but not recorded] account.
Adjustment for completed but unbilled work at the end of 50,000

the current year
Less: When reconciled and

Cash paid in the current year, but amount prepaid at end (20,000) adjusted, Seller
of current year Revenue and Buyer
Cost may not agree
General ledger after adjustment for Trading Partner 1 230,000 because of timing
Less: differences. Here, the
Reconciling item for purchases inventoried at end of the (50,000)
Buyer has inventoried
current year
a portion of the
purchases for the
Intragovernmental purchases included in cost - accrual basis,
$180,000 year.
FY 200X, from Trading Partner 1

Substantive Testing
903- Auditing Cost Information
903 - Auditing Cost Information

.01 FAM 903 provides general guidance for auditors in identifying cost
information and planning audit procedures. The auditor should coordinate
these procedures with procedures on auditing various line items and
accounts. The auditor is generally concerned about cost information
because
• The auditor should obtain sufficient evidence to determine whether
costs are presented fairly in entity financial statements and are
appropriately classified. Proper classifications of costs at the entity level
also contribute to proper classification of costs in the consolidated
financial statements of the U.S. government.
• For CFO Act agencies and components designated by OMB, the auditor
must evaluate whether agency financial management systems
substantially comply with the three requirements of FFMIA.
• Although the auditor does not opine on the MD&A, cost information is
important to the MD&A, particularly as it relates to developing
1
performance measures. The relevant accounting standard for cost
information is SFFAS No. 4, Managerial Cost Accounting, as amended
by SFFAS No. #30, Inter-Entity Cost Implementation. These standards
have relevance both to external financial reporting and to cost
information for internal management reporting.
The Impact of SFFAS No. 4 and SFFAS No. 30
.02 SFFAS No. 4 establishes the concepts and standards for providing reliable
and timely information on the full cost of federal programs, their activities,
and outputs. The objectives of managerial cost information specified in
SFFAS No. 4 are:
• To provide program managers with relevant and reliable information
relating costs to outputs and activities. With this information, program
managers should understand the costs of the activities they manage.
The cost information should assist them in improving operational
efficiency.
• To provide relevant and reliable cost information to assist Congress and
executives in making decisions about allocating federal resources,
authorizing and modifying programs, and evaluating program
performance.
• To provide consistency between costs reported in general purpose
financial reports and costs reported to program managers. This
includes standardizing terminology to improve communication among
federal organizations and users of cost information.
1
Reliability of performance reporting will be excluded from the internal control definition effective
starting in fiscal year 2008.

Substantive Testing
.03 The first two objectives primarily address the managerial use of cost
information in improving operating efficiency and cost effectiveness,
making planning and budgeting decisions, and measuring performance.
The third objective primarily addresses external financial reporting, which
can be achieved by reporting cost information in financial statements that
is consistent with costs generated by the cost accounting process. Because
of the differences in the three objectives, some requirements in SFFAS No.
4 are relevant to managerial decision making and operations improvement,
while some requirements are relevant to external financial reporting.
.04 The cost accounting concepts section of SFFAS No. 4 (paragraphs 41-66)
establishes the overall goals of cost accounting for federal agencies.
Managerial cost accounting should be a fundamental part of the financial
management system and, to the extent practicable, be integrated with the
other parts of the system. Managerial costing should use a basis of
accounting, recognition, and measurement that is appropriate for the
intended purpose. Cost information developed for various purposes should
be drawn from a common data source, and output reports should be
reconcilable to each other.
.05 The five fundamental standards for managerial cost accounting set forth in
SFFAS No. 4 (paragraphs 67-162) are important for the auditor. These
standards will lead to the development of accurate and consistent cost
information for internal and external reporting by federal agencies. The
five standards are:
• Requirement for cost accounting: Each reporting entity is to
accumulate and regularly report the cost of its activities for
management information.
• Responsibility segments: Management of each reporting entity is to
define and establish responsibility segments and report the costs of
each segment’s outputs.
• Full costs: Reporting entities are to report the full costs of outputs,
which is the total amount of resources used to produce the output,
including direct and indirect costs.
• Inter-entity costs: Each entity’s costs are to incorporate the full cost of
goods and services received from other entities. As directed by SFFAS
No. 4, paragraph 110, OMB has designated, in its Circular No. A-136,
Financial Reporting Requirements, the costs of goods and services
received from other entities to be recognized. SFFAS No. 30, effective
for reporting periods beginning after September 30, 2008, requires full
implementation of this inter-entity cost provision.
• Costing methodology: The costs of resources that directly or indirectly
contribute to the production of outputs are to be accumulated and
assigned to outputs using appropriate methodologies. (FAM 903.07.)

Substantive Testing
Audit Procedures for Financial Statement Opinion

.06 As part of understanding the entity’s operations, the auditor generally
should obtain an overview of how the entity applies FASAB cost standards.
This may be done by inquiry, observation, and walkthrough procedures.
The auditor generally should determine what substantive testing
procedures of the cost accounting system are appropriate and may
coordinate testing with other control and substantive procedures. Based on
the understanding of entity operations, the auditor should determine
whether the statement of net costs is designed to include all costs of entity
programs. Also, in testing the statement of net costs, the auditor generally
should test the financial statement assertions related to costs, including
whether expenses are properly classified in the statement of net costs.
Consistent with FAM 395 B, examples of subassertions related to costing
are
EXISTENCE OR OCCURRENCE
• Occurrence/Validity—(1) Recorded costs, underlying goods and
services received, and related processing procedures are authorized
by federal laws, regulations, and management policy. (2) Recorded
costs are approved by appropriate individuals in accordance with
management’s general or specific criteria. (3) Recorded costs exist
for goods and services received and are properly classified.
• Cutoff—Costs recorded in the current period represent goods and
services received during the current period.
• Summarization—(1) The summarization of recorded costs is not
overstated. (2) Costs are assigned to appropriate classifications in
the financial statements.
COMPLETENESS
• Transaction completeness—All valid costs are recorded and
properly classified.
• Cutoff—All goods and services received in the current period are
recorded in the current period.
• Summarization—The summarization of recorded costs is not
understated.
ACCURACY/VALUATION
• Accuracy—Costs are recorded at correct amounts.
• Valuation—Costs are valued in the financial statements using an
appropriate valuation basis.
• Measurement—Costs included in the financial statements are
properly measured.

Substantive Testing
• PRESENTATION AND DISCLOSURE
• Account classification—Cost accounts are properly classified and
described in the financial statements.
• Consistency—Costs in financial statements are based on
accounting principles that are applied consistently from period to
period.
• Disclosure—Financial statements and footnotes contain all
information required to be disclosed.
.07 SFFAS No. 4 discusses three methods of assigning costs: directly tracing
costs, assigning costs on a cause-and-effect basis, and allocating costs on a
reasonable and consistent basis. Although the standard discusses these
three methods in relation to assigning costs to responsibility segments and
outputs, the methods are also applicable to assigning costs to financial
statement line items in the statement of net costs, generally by program,
and in the notes by budget functional classification. The different methods
of assigning costs may require different auditing procedures for
determining whether costs are properly classified in the statement of net
costs by program.
.08 For directly traced costs (such as materials used in production or
employees who worked on an output), the auditor generally should test
whether costs were assigned to the appropriate program and/or budget
functional classification.
.09 In some cases, costs may be assigned on a cause-and-effect basis, by
grouping costs into cost pools where an intermediate activity may be a link
between the cause and the effect. For example, an information technology
department may provide support to other departments. The information
technology department may assign costs to other departments on a cause-
and-effect basis by first assigning costs to an intermediate activity, such as
hardware installation or software design. The costs in these pools may then
be further assigned to other departments based on their use of these
technical services.
In auditing these types of costs, the auditor generally should test whether
costs are assigned to the appropriate cost pool (hardware installation,
software design), and also whether costs are appropriately summarized in
the pool. When costs are assigned to other departments, the auditor
generally should test whether costs assigned are based on appropriate
usage information, whether cost assignments are reasonable and
consistent, and whether they are mathematically accurate.
.10 If it is not economically feasible to either directly trace or assign costs on a
cause-and-effect basis, the entity may allocate costs. This is commonly
done with costs such as general management, depreciation, rent,
maintenance, security, and utilities used in common by various segments.

Substantive Testing
These costs are generally accumulated in cost pools and allocated to
segments or outputs (or programs or budget functional classifications)
using a cost driver such as number of employees, square footage of office
space, or amount of direct costs incurred in segments.
In auditing these allocated costs, the auditor generally should test whether
the costs are assigned to the appropriate cost pool and summarized
appropriately. The auditor also generally should determine whether the
allocation basis is reasonable and consistent, whether the mathematical
allocation is correct, and whether an allocation is appropriate in the
circumstances.
.11 The entity exercises professional judgment in determining the line item and
programs to include in its statement of net costs. The auditor generally
should consider whether such classifications are reasonable in the
circumstances.
Federal Financial Management Improvement Act of 1996
(FFMIA)
.12 For audits of the CFO Act agencies and components identified by OMB
audit guidance, the auditor must evaluate whether agency financial
management systems substantial comply with the three requirements of
FFMIA (see FAM 100.02 and FAM 701). To determine compliance with
SFFAS No. 4 and SFFAS No. 30 for the purposes of FFMIA, the auditor
generally should ask the following questions (which relate to the standards
discussed in FAM 903.05)
• Does the agency regularly accumulate and report the full cost of its
activities to management?
• Has the agency defined its major programs and responsibility segments
for the purpose of delineating costs?
• Does the agency properly accumulate full costs by those programs and
segments?
• Has the agency accounted for the full costs (including inter-entity
costs) of products, services, or outputs to be externally reported at the
entitywide level?
• Has the agency accounted for the full cost of resources that contribute
to the production of outputs by individual responsibility segment using
appropriate costing methodologies? (See FAM 903.07)
• Has the agency reported full costs in the year-end financial statements
on the accrual basis of accounting?
• Are costs reported for external financial reporting and those reported
for internal management reporting consistent and reconcilable?

Substantive Testing
• Is the reported management cost information consistent, timely, and
comprehensive?
• Is the cost information reported in such a manner that management can
determine answers to appropriate questions about costs of outputs or
outcomes?
• How does management determine whether costs are appropriate?
• How does management determine compliance with FFMIA?
The auditor generally should combine this inquiry with the procedures in
FAM 903.06, and consider the outcome in concluding about compliance
with the cost accounting requirements under FFMIA. Also, the auditor
generally should review evidence supporting management’s assertions in
response to these questions, as further discussed in FAM 701, Assessing
Compliance of Agency Systems with FFMIA.
Management’s Discussion and Analysis (MD&A)
.13 The auditor does not provide an opinion on the MD&A and this information
is unaudited. Thus, the auditor’s main concern is consistency of this
information, rather than testing the reliability of the cost data in the MD&A.
The auditor generally should read the MD&A for consistency with the
financial statements and with the auditor’s knowledge of the entity. The
auditor generally limits testing to data in the financial statements, as
discussed in FAM 903.06, not the MD&A. The auditor may use analytical
procedures to determine the reasonableness of cost data in the MD&A.
Based on this comparison, the auditor should determine whether
additional testing is needed.
Cost Reports
.14 Costs reported in internal and external entity reports are expected to be
consistent, but may differ in the degree of detail and reporting frequency.
Cost information for management generally requires more frequent and
timely reporting. It also may require more specific and detailed information
regarding the costs of individual activities or outputs. By comparison,
external reports are generally less frequent, and the cost information more
aggregated, such as on a suborganization or program basis.
.15 Entity level information, including cost data, generally becomes more
summarized at the U.S. government consolidated financial statement level,
or does not apply to the consolidation. In some cases, the consolidation
refers readers to individual agency financial statement reports for further
details in specific areas.

921- Auditing Fund Balance with Treasury (FBWT)

.01 FAM 921 provides guidance to the auditor when auditing FBWT accounts.
However, significant changes are anticipated in this area over the next
several years as Treasury is developing and implementing the Government
Wide Accounting (GWA) system, which is discussed further in FAM 921.11.
Implementation of the GWA system by federal entities is expected to vary
considerably and auditors should determine the effects of this early in the
audit as discussed in FAM 921.12.
.02 The FBWT account (SGL account 1010) is an asset account, unique to the
U.S. government, representing unexpended spending authority. Entities
record their budget spending authority in FBWT accounts with an
offsetting amount to unexpended appropriations – SGL account series
3100. Similar to cash in commercial bank accounts, FBWT amounts
increase as funds are collected and decrease as amounts are paid, although
noncash transactions adjust the balances, primarily as a result of budgetary
activity. Most entities have several FBWT accounts funded by different
types of appropriations1 that are included in the financial statement FBWT
line item.
.03 Federal agencies may also maintain other types of FBWT accounts, such as
for collections pending litigation, amounts awaiting determination of the
proper accounting disposition, or monies being held by the entity in the
capacity of a banker or agent for others, such as non-entity, trust, or
escrow accounts. Certain funds may also be earmarked for specific
purposes or restricted as to use. Entities may also have FBWT balances in
clearing or suspense accounts as a result of unidentified and unclassified
transactions.
.04 In the federal government, Treasury serves as the central banker. Most
entities use the banking services provided by Treasury’s Financial
Management Service (FMS), and therefore do not keep cash in commercial
bank accounts. Some entities have authority to disburse funds on their own
behalf and maintain separate commercial bank accounts in U.S. or foreign
currency. However, these agencies still maintain FBWT accounts to track
the status of their spending authority.
.05 Regular reconciliation of entity FBWT records with Treasury records is a
key control in maintaining the accuracy and reliability of entity fund
balance records. Effective reconciliations serve as a detection control for
identifying unauthorized and unrecorded transactions at the entities and at
Treasury. Effective reconciliations are also important in preventing entity
disbursements from exceeding appropriated amounts and providing an
accurate measurement of the status of available resources.
1
Appropriations may be annual, multiyear, or no-year.
.06 Treasury maintains and provides appropriation, fund, and receipt account
ledgers to entities. This includes a roll forward of the previous month’s
balance, the current month’s cash activity reported by the entity, and other
account activity such as supplemental appropriations, rescissions,
nonexpenditure transfers, and activity reported by other entities. These
Treasury account ledgers can be used by entities for comparison to their
records to account for all transactions.
.07 Treasury also provides entities with detailed reports of cash receipt and
disbursement transactions reported by the Federal Reserve, commercial
banks, other federal entities, and the FMS regional financial centers. These
reports can be used by entities to reconcile FBWT and most likely will be
affected by implementation of the GWA system discussed in FAM 921.11-
.12.
FBWT Accounting and Reporting Information
.08 To obtain a further understanding of entity’s accounting and reporting for
FBWT, the auditor may refer to:
• Treasury Financial Manual, Volume 1, part 2, chapter 5100 –
Reconciling Fund Balance with Treasury accounts, (see link at
http://fms.treas.gov/fundbalance).
• OMB Circular No. A-136, Financial Reporting Requirements.
• SFFAS No. 1, Accounting for Selected Assets and Liabilities.
• Entity accounting policies and procedures for FBWT accounts.
FBWT Audit Issues
.09 Since most assets, liabilities, revenues, and expenses stem from or result in
cash transactions, misstatements in the receipt or disbursement activity
recorded in the FBWT account affects the accuracy of year-end FBWT
balances. It also affects the accuracy of several entity financial statements,
including the Balance Sheet, the Statement of Net Cost, and the Statement
of Budgetary Resources. Further, it affects the integrity of entity budget
execution reports and various U.S. government accounts and reports.
.10 It is important for entities to establish processes to properly record and
reconcile transaction activity in their FBWT accounts because without
effective reconciliations of FBWT receipt and disbursement activity, the
amount of funds available for expenditure by each appropriation may
contain material misstatements. Entities should avoid arbitrarily adjusting
accounts to the amounts reported by Treasury and/or recorded differences
in suspense accounts without adequately researching the causes of the
differences. Unreconciled differences recorded in suspense accounts could
represent transactions that have not been properly recorded by the entity
to the appropriate accounts.

Additionally, it is important for entities to reconcile their FBWT account
balances timely because this task becomes more difficult as time passes
and erroneous or fraudulent transactions may not be identified to take
appropriate actions. TFM Volume 1, part 2, chapter 5100 states that entities
should perform monthly reconciliations of their FBWT accounts.
.11 Treasury is developing the Government Wide Accounting (GWA) system,
to be implemented over the next several years. The GWA system will
eliminate the two-step reporting processes used by federal entities and
Treasury by transitioning from a monthly to a daily process of reporting
receipt and disbursement transactions to Treasury. This daily classification
of activity will eliminate the need for federal entities to submit a monthly
Statement of Transactions. The monthly Statement of Differences reports
that formerly resulted from this two-step classification process will also be
eliminated. Additionally, similar to commercial on-line banking, the GWA
system can provide federal entities with a daily account statement of their
FBWT accounts via the Internet. Treasury continues to use “independent”
sources of entity FBWT activity, such as commercial banks, other federal
entities, and Treasury’s FMS regional financial centers, to calculate federal
entity FBWT balances.
.12 Implementation of the GWA system by federal entities is expected to vary
and auditors should determine the effects of this early in the audit. The
changing environment during this transition period increases the audit risk
associated with FBWT. To design effective and efficient audit procedures
during this transition period, auditors should fully understand the status of
GWA system implementation at their respective federal entity and the
processes and procedures used by their particular entity during the year of
audit.
.13 Treasury also plans to discontinue the use of certain suspense (“F”)
accounts used by entities to record unreconciled receipt and disbursement
transactions. Auditors will need to design procedures to test whether
entities have properly reconciled and classified the suspense items that
were recorded in these discontinued accounts. Some entities will be
granted waivers to continue using the suspense accounts and auditors will
need to ensure that all of the reconciliations, aging, and CFO confirmation
of balance requirements for these suspense accounts are accurately
performed by the entity. Auditors will also need to fully understand their
entity’s procedures for tracking and recording suspense type items going
forward and design audit procedures to adequately test and assess the
impact of the suspense items on the FBWT at year-end.
FBWT Audit Approach
.14 Auditors should obtain and fully document their understanding of entity
FBWT accounts, accounting systems, procedures, and the FBWT control
environment, including the information technology processing and security
controls over systems that report or transact FBWT activities or balances,
to determine the level of audit procedures required.

.15 Auditors should design FBWT audit procedures that include tests of the
receipt and disbursement activity that flows through the accounts and the
FBWT balances. These procedures should include steps to determine
whether the entity:
• properly and timely records receipt and disbursement activity in their
FBWT accounts;
• researches and resolves the underlying causes of differences between
amounts reported by Treasury and entity records, including the receipt
and disbursement activity flowing through the FBWT accounts, as well
as the monthly account balances, and makes the proper adjustments;
and
• timely and properly clears suspense account balances.
.16 Auditors should determine the magnitude of the entity’s gross
unreconciled differences at year-end by analyzing their aggregate absolute
values and resulting impact on the financial statements. Since each
difference represents a potential misstatement, the roll-up and netting of
charges and credits can significantly understate the total outstanding
differences.
Audit Procedures
.17 Audit procedures for the FBWT will vary by entity and auditors should use
their professional judgment to design audit programs for their particular
entity after considering the type of FBWT accounts, materiality, audit risks,
and the internal control environment. Over the next several years as
entities implement the GWA system, auditors may consider the example
audit procedures provided below to audit FBWT, as well as developing new
procedures to audit the GWA system.
Planning and Internal Control Phase
.18 To obtain an understanding of the entity’s environment, internal control
over FBWT accounts and reconciliation process in the planning and
internal control phase of the audit, the auditor may perform steps to:
• Review accounting and reporting information on FBWT at FAM 921.08.
• Read prior year audit documentation, financial statements, and related
audit reports to determine if there were any audit issues, significant
deficiencies, or material weaknesses related to FBWT.
• Interview entity key staff about its FBWT procedures and controls in
place.
• Determine how the entity disburses funds for both payroll and
nonpayroll transactions, either through FMS regional finance centers,
other entity disbursing centers, on its own behalf, or a combination of
ways.

• Obtain an understanding of the significant accounting systems and
controls used in reporting and accounting for FBWT transactions.
• Identify FBWT line item general ledger accounts.
• Obtain an understanding and walkthrough entity internal controls over
its FBWT reconciliation process and determine whether reconciliation
controls have been placed in operation.
• Inquire how the entity tracks and reports differences between its FBWT
records and Treasury’s FBWT records.
• Identify suspense and clearing accounts used by the entity containing
unreconciled differences and determine if transactions are identified
and removed from these accounts to the proper accounts in a timely
manner.
• Determine if the entity has a process or system for aging unreconciled
differences.
• Determine whether the entity is properly accounting for the FBWT line
item in accordance with U.S. GAAP by having the entity complete FAM
2010, Checklist for Federal Accounting.
Testing Phase
.19 In the testing phase of the audit, the auditor may design an audit program
that includes steps to determine whether the entity:
• Properly and timely records receipt and disbursement activity in its
FBWT accounts.
• Researches and resolves the underlying causes of differences between
amounts reported by Treasury and entity records, (including the receipt
and disbursement activity flowing through the FBWT accounts and the
account balances each month) and makes the proper adjustments.
• Timely and properly investigates clearing and suspense account
balances.
• Reconciles its FBWT accounts and performs procedures to determine
the materiality of gross unreconciled differences at year-end by
analyzing the aggregate absolute values and resulting impact on the
financial statements. (Since each difference represents a potential
misstatement, the roll-up and netting of charges and credits can
significantly understate the total outstanding differences).
• Includes and presents nonexpenditure transactions such as
appropriation warrants, transfers, and rescissions.
• Discloses the status of accounts, such as open, expired, or canceled and

whether the account is appropriately included in the FBWT line item.

Reporting Phase
.20 To assess whether the presentation of the financial statements and
footnote disclosures for the FBWT line item are in accordance with U.S.
GAAP, the auditor may determine whether the entity has:
• Disclosed and explained material unreconciled differences in the notes
to the financial statements.
• Disclosed material unreconciled differences that were written off by the
entity during the fiscal year in the notes to the financial statements.
• Disclosed material restrictions.
• Concluded that proposed audit adjustments are either booked or were
determined to be immaterial and were attached to the management
representation letter (see FAM 1001).
• Determined that the entity is properly reporting and disclosing the
FBWT line item in accordance with U.S. GAAP by having the entity
complete FAM 2020, Checklist for Federal Reporting and Disclosure.
.21 Other audit procedures for FBWT may include tests of entity:
• fund controls,
• reconciliations of proprietary and budgetary amounts,
• compliance with applicable laws and regulations, and
• year-end reporting to Treasury and OMB.
.22 These audit procedures are not intended to be all inclusive. They do not
include all audit work over FBWT accounts, such as:
• cash on deposit bank accounts and petty cash (imprest) funds,
• tests of controls over check stock for entities that still write checks
instead of EFT, and
• steps to test the specific requirements and/or compliance with
regulations and laws related to certain types of FBWT accounts, such as
those mentioned above in FAM 921.03.
Practice Aids
.23 The following practice aids are presented as appendixes to FAM 921 to
assist the auditor in auditing FBWT as follows:
• FAM 921 A – Treasury Processes and Reports Related to FBWT
Reconciliation.
• FAM 921 B – Example Account Risk Analysis (ARA) for FBWT.
• FAM 921 C - Example Specific Control Evaluation (SCE) for FBWT.
A single SCE of the line item/account-related accounting application for
FBWT is presented. There are transaction-related accounting
applications listed on the ARA that affect FBWT, such as cash receipts
and cash disbursements, which would require transaction related SCEs.

Substantive Testing
921 A - Treasury Processes and Reports Related to FBWT Reconciliation
921 A - Treasury Processes and Reports Related to FBWT

Reconciliation
A. Verification of Collections and EFT Disbursements
These FBWT processes and reports are subject to change by the implementation of the GWA
system discussed in FAM 921.11-.12.
Reports submitted by Reports/data Treasury FMS Resulting Treasury

entities submitted by action reports to entities
other sources
Entities report CASHLINK II* FMS compares Month-end
collections monthly on system data is monthly statements of
Statements of used by the collection totals differences are
Transactions (Form 224) banking system to reported on generated in STAR**
or Statements of report collections entity Forms and are available to
Accountability/ and EFTs 224, 1218/1221, entities via GOALS II
Transactions (Forms received from and or 1219/1220 to /IAS each month until
1218/1221 or 1219/1220) on behalf of transaction data. the difference is
by Agency Location government cleared.
Code (ALC). entities).
Note: For entities which Note: Electronic
report on Forms 224, disbursements
1218, or 1219, electronic are reported as
disbursements are “negative
netted against collections,” or
collections. debit vouchers.
Reporting of FBWT accounts activity and balances

FMS reports Monthly
entity FBWT appropriation and
accounts activity receipt account
and balances ledgers via GWA
based on data showing account
reported by activity and net
entities. balances for each
appropriation, fund,
and receipt account.
Monthly
appropriation and
receipt account trial
balances via GWA by
department.
*CASHLINK II processes will be migrating to successor systems such as Transaction Reporting System (TRS)
and Treasury General Account Deposit Reporting Network (TGAnet) system.
**STAR performs core central accounting functions as the system of record and the GWA system serves as a
conduit to feed information in and out. The two systems work in tandem to perform all of the central
accounting functions, although the GWA system is expected to replace the STAR functionality.

Substantive Testing
B. Verification of Disbursement Data

other sources
1. Verification of Treasury Disbursement Office entity disbursements
Entities for which FMS FMS regional FMS compares Monthly statements of
regional financial finance center monthly differences are
centers disburse money entity disbursement generated in STAR
submit monthly confirmation totals reported and are available to
Statements of reports (include on entity Forms entities via GOALS
Transactions (Form checks issued and 224 to II/IAS each month
224) by ALC. electronic disbursement until the difference is
disbursements data on regional cleared.
accomplished on finance center
Entities for which FMS behalf of the
regional finance centers reports or IPAC. Monthly detailed
entity).
disburse money report support listings of
net interagency transactions reported
transactions on Form The Interagency by regional finance
224. Payment and centers, and IPAC.
Collection system
(IPAC) data are
used by entities
and FMS to
accomplish inter-
entity
transactions).
FMS reports Monthly

entity FBWT appropriation account
accounts activity ledgers via GWA
and balances showing account
based on activity and net
monthly data balances for each
reported by appropriation and
entities. fund account.
Monthly
appropriation account
trial balances via
GWA by department.

Substantive Testing

other sources
2. Verification of Non-Treasury Disbursing Office (NTDO) entity disbursements
Verification of interagency transactions:
NTDO entities report Interagency FMS compares Monthly statements of

net interagency payment and monthly net differences are
transactions on Forms collection disbursement generated in STAR
1218/1221 or 1219/1220 system data. totals reported on and are available to
by ALC. entity Forms entities each month
1218/1221 or until the difference is
1219/1220 to cleared. Monthly
disbursement detailed support lists
data in IPAC. of transactions
reported by IPAC.
Verification of checks paid
Treasury requires Federal Reserve FMS performs a Advice of check and

NTDOs to transmit Banks submit a check by check EFT issue
detailed checks issued bulk file comparison of discrepancies.
weekly and at month- detailing checks checks issued to
end. paid. checks paid by
the banking
system (dollar
amount and serial
number).
Verification of checks issued:
NTDOs submit monthly Transmission of FMS compares Two-, 4-, 6-, & 8-
Statements of detailed checks check issued month letters
Accountability/ issued weekly detailed notifying entities of
Transactions (Forms and at month-end. transmissions any outstanding
1218/1221 or 1219/1220). data (adjusted discrepancies.
for FMS 5206
dollar
differences) to
total checks
issued reported
on Forms
1218/1221 or
1219/1220.

Substantive Testing

other sources
FMS reports Monthly

entity FBWT appropriation account
accounts activity ledger via GWA
and balances system showing
based on account activity and
monthly data net balances for each
reported by appropriation and
entities. fund account.
Monthly
appropriation trial
balance via GWA
system by
department.

Substantive Testing
921 B - Example Account Risk Analysis for Fund Balance with Treasury
Entity: ___________________________________ Preparer: ____________________ Date__________
Date of Financial Statements: _________________ ACCOUNT RISK ANALYSIS FORM Reviewer: ____________________ Date__________
Line Item: Fund Balance with Treasury File Ref:
Account Financial statement Inherent, fraud, and Cycle/ Effectiveness Control Com- Timing Nature & Doc ref
assertions control risk factors accounting of control risk bined I/F extent & audit
application activities1 risk step
Name Balance
Fund $xx,xxx Existence or occurrence

Balance Recorded Fund Balance Control risk arises from (insert)
Cycles: I/F Test FBWT
with with Treasury (FBWT) the (1) highly decentralized Revenue reconciliations.
Treasury does not exist. structure of the entity, Payroll Analyze impact
which reduces Budget of unresolved
management’s knowledge Treasury reconciling
of and control over items at year-
operations, (2) significant Applications: end.
weaknesses in general FBWT
controls over the Cash receipts
automated systems the Cash
entity relies extensively disbursements
upon to process
transactions, and (3) lack
of adequate management
oversight of the
reconciliation process.
Inherent risk arises from
the high volume of
transactions flowing
through the account.
1
Omitted from this example.

Substantive Testing

Name Balance
Completeness
Control risk arises from Cycles:
FBWT is omitted from the I/F Test FBWT (insert)
the (1) highly decentralized Revenue
financial statements or is reconciliations.
structure of the entity, Payroll
incomplete. Analyze impact
which reduces Budget
of unresolved
management’s knowledge Treasury reconciling
of and control over items at year-
operations, (2) significant Applications: end.
weaknesses in general FBWT
controls over the Cash receipts Prepare lead
(insert)
automated systems the Cash schedule of GL
entity relies extensively disbursements accounts that
upon to process constitute
transactions, and (3) lack FBWT,
of adequate management analytically
oversight of the review with
reconciliation process. prior-year data,
and resolve
Inherent risk arises from reasons for
the high volume of unexpected
transactions flowing changes.
through the account.

Substantive Testing

Name Balance
Valuation/Accuracy
Fund Balance with No significant inherent, Cycles: I/F Test FBWT (insert)
Treasury is not recorded fraud or control risk Revenue reconciliations.
accurately. factors identified. Payroll
Budget
Treasury
Applications: Analyze impact (insert)

FBWT of unresolved
Cash receipts reconciling
Cash items at year-
disbursements end.

Substantive Testing

Name Balance
Rights
Entity does not have Inherent risk arises from Treasury F Review support (insert)
certain rights to Fund the high number of for recorded
Balance with Treasury appropriation, fund, and appropriation,
because of transfers, receipt accounts, including fund, and
rescissions, and certain special funds and receipt
restrictions, or nonentity trust funds that do not accounts
accounts. belong to the entity. included in the
Because these nonentity FBWT line
accounts are maintained item.
within the same system
used to maintain entity
Review (insert)
accounts and financial
activity, there is a risk that footnote
these accounts will be disclosure.
inappropriately charged
and be included in the
FBWT line item.
Same control risks as for
existence and
completeness.

Substantive Testing

Name Balance
Presentation and
disclosure
Fund Balance with No significant inherent or Treasury F Review FBWT (insert)
Treasury is not properly fraud risk factors related
classified and disclosed in identified. financial
the financial statements. Same control risks as for statement line
existence and item and
completeness. footnote
disclosures for
conformance
with applicable
standards, and
trace amounts
reported in
financial
statement line
items and
footnote
disclosures to
general ledger
and supporting
detailed
records.

Substantive Testing

Substantive Testing
921 C - Example Specific Control Evaluation for Fund Balance with Treasury
Entity: ____________________ SPECIFIC CONTROL EVALUATION Preparer: ________________ Date__________

_____________ (Line Item/Account-Related) Reviewer: ________________ Date: _________
Accounting application: Fund
Balance with Treasury File Ref: Page 1 of 6
Relevant assertions in line Potential
Accounting items misstatements in Control objectives Internal control activities IS Effectiveness Doc ref. &
application accounting application (Y/N) of control control
assertions FBWT Various assertions activities testing step
Existence or Existence Existence Substantiation (See note 1.)

Occurrence 1. Recorded FBWT 1a. Recorded FBWT 1. Entity staff performs Y (insert)
does not exist as of amounts should monthly reconciliation
a given date. exist as of a between entity general
given date. ledger (G/L) and Treasury
records (appropriation and
receipt account ledgers via
GWA).
2. Entity staff resolves receipt N (insert)

and disbursement
differences reported by
Treasury statements of
differences via GWA for
collections and
disbursements.

Substantive Testing


3. Entity staff resolves N (insert)

disbursement differences
reported by Treasury for
advice of check issued
discrepancy report via GWA
and difference notification
to the disbursing office
(NTDO entities).
1b. Recorded FBWT, 1. Entity staff reconciles the Y (insert)

at a given date, monthly Statement of
should be Transactions (SF 224)
supported by submitted to Treasury, to
appropriate the applicable G/L accounts.
detailed records 2. Entity staff reconciles the
that are N (insert)
monthly Statement of Ac-
accurately countability/transactions
summarized and (SF1219/1220 or SF1218/
reconciled to the 1221) submitted to Treasury,
account balance. to the applicable G/L
accounts (NTDO entities).
3. Same as 1.1a.1 Y (insert)

Substantive Testing


1c. Access to FBWT, 1. Not covered in this example.

critical forms, Note: For entities that disburse
records, and funds on their own behalf
processing and (NTDOs), and maintain cash
storage areas and/or check stock on hand,
should be auditors will need to document
permitted only in and test the effectiveness of the
accordance with control activities in place.
laws, regulations,
and management
policy.
Completeness Complete- Complete- Account

ness ness completeness
2. FBWT balance 2a. FBWT balance 1. Same as 1.1a.1, 1.1a.2, 1.1a.3. (insert)
exists but is omitted should be 2. Entity staff reconciles the N (insert)
from the financial included in the FBWT line item crosswalk
statements. financial that includes all G/L FBWT
statements. accounts to the Treasury
Appropriation and Receipt
Trial Balances.

Substantive Testing


Valuation or Valuation Valuation Accuracy

allocation 3. FBWT receipt and 3a. FBWT 1. Same as 1.1a.1. Y (insert)
disbursement transactions 2. Same as 1.1a.2. N (insert)
transactions are should be
recorded recorded 3. Same as 1.1a.3. N (insert)
incorrectly. accurately.
Rights and Rights Rights Ownership

obligations: 4. Recorded FBWT is 4a. Entity should 1. Entity staff reconciles N (insert)
owned by others. own recorded Treasury appropriation
FBWT. warrants, appropriation
rescissions, and
nonexpenditure transfers to
FBWT accounts.
2. Entity staff reconciles
expenditure (cash receipts N (insert)
and disbursements) activity
to the FBWT accounts.

Substantive Testing


Rights
5. Entity does not 5a. Recorded FBWT 1. Same as 4.4a.1. N (insert)
have certain rights should be
to recorded FBWT entities’ rights at
because of a given date.
appropriation
restrictions.
Presentation Disclosure Disclosure Account classification

and disclosure 6. FBWT is not 6a. FBWT should be 1. Entity staff reconciles N (insert)
properly classified properly Treasury Undisbursed
and described in the classified and Appropriation Account and
financial described in the Receipt Account trial
statements. financial balances to the G/L
statements. accounts.
2. The Chief Accountant N (insert)
reviews the FBWT account
analysis and crosswalk to
the FS against the Treasury
Financial Management
Supplement–U.S.
Government Standard
General Ledger (section V).

Substantive Testing


Presentation Presentation Consistency

7. The financial state- 7a. FBWT should be 1. The CFO, Reports and N (insert)
ments components based on Analysis Branch Chief, and
of FBWT are based accounting the Chief Accountant review
on accounting principles that the financial statements for
principles different are applied consistently applied
from those used in consistently from accounting principles.
prior periods. period to period.
Disclosure Disclosure Disclosure

8. Required 8a. The financial 1. The CFO, Reports and N (insert)
information is not statements or Analysis Branch Chief, and
disclosed in the footnotes thereto the Chief Accountant review
financial statements should contain the financial statements for
or in the footnotes all information consistently applied
thereto. required to be accounting principles and
disclosed. required disclosure.
Note 1: The internal control activities 1.1a.1 and 1.1b.1 generally rely on system outputs that are dependent on IS general controls, which may be ineffective at some entities.
(Tests of controls over entities’ general ledger systems should be included as part of computer control tests.) The control activity 1.1a.2 validates receipt and disbursement
balances with Treasury records that are obtained from third parties (banks, Treasury regional finance centers, and other agencies).

931 – Auditing Heritage Assets and Stewardship Land

.01 Heritage assets are real and personal tangible federal property, plant, and
equipment (PP&E) that is unique for one or more of the following reasons:
• Historical or natural significance.
• Cultural, educational, artistic (or aesthetic) importance.
• Significant architectural characteristics.
Heritage assets consist of two types. Collection type heritage assets involve
objects gathered and maintained for exhibition and would include such
examples as museum collections, art collections, and library collections.
Non-collection type heritage assets would include such examples as parks,
memorials, monuments, and buildings.
.02 Stewardship land is public land and land rights owned by the federal
government, much of it acquired when the nation was formed. It does not
include land acquired for or used in connection with general PP&E.
Examples of stewardship land include land used as national forests and
parks, and land used for wildlife and grazing. It excludes natural resources
(for example, minerals, timber, and petroleum) related to the land.
.03 Heritage assets may in some cases be used to serve two purposes—a
heritage function and general government operations. In cases where a
heritage asset serves two purposes, the heritage asset should be considered
a multi-use heritage asset if the predominant use of the asset is in
general government operations. For example, the main Treasury building
in Washington, DC is used primarily as an office building. This multi-use
asset would be considered general property, capitalized on the balance
sheet, and depreciated. Heritage assets having an incidental use in
government operations are not multi-use heritage assets; they are simply
heritage assets.
.04 SFFAS No. 29, Heritage Assets and Stewardship Land, issued on July 7,
2005, changed the classification of information reported for heritage assets
and stewardship land provided by SFFAS No. 6 and SFFAS No. 8.
Previously, reporting components of this federal property (e.g., unit
balances, additions, withdrawals, methods of acquisition and withdrawal)
was presented as unaudited RSSI. However, under SFFAS No. 29, most
information about heritage assets and stewardship land is reclassified to
the audited basic financial statements, except for condition information
that is presented as unaudited RSI. SFFAS No. 29 also requires additional
audited disclosures about the federal entity’s stewardship policies and an
explanation of how heritage assets and stewardship land relate to the
entity’s mission.
.05 Per SFFAS No. 29, entities must reference a note on the balance sheet that
discloses information about heritage assets and stewardship land but no
dollar amount is shown. At a minimum, entities are to present in note
disclosure a description of major categories of assets, physical unit
information for the end of the reporting period, physical units added and
withdrawn during the reporting period, and a description of the methods of
acquisition and withdrawal.
Entities are also required to disclose information about stewardship
policies and an explanation of how heritage assets and stewardship land
relate to the mission of the entity. The standard also includes disclosure
requirements applicable to the U.S. government-wide financial statements
which must provide a general discussion of heritage assets and
stewardship land and direct users to the applicable entities’ financial
statements for more detailed information on these assets.
.06 SFFAS No. 29 will be phased-in for reporting periods after September 30,
2005, (FY 2006 through 2008). Full implementation of SFFAS No. 29 is
effective for periods after September 30, 2008, (FY 2009) although early
adoption is encouraged.
Accounting and Reporting Information
.07 To obtain a further understanding of entity accounting and reporting for
Heritage Assets and Stewardship Land, the auditor may refer to:
• SFFAS No. 6, Accounting for Property, Plant and Equipment,
• SFFAS No. 8, Supplementary Stewardship Reporting (SFFAS 29
rescinds Chapter 2 and Chapter 4),
• SFFAS No. 14, Amendments to Deferred Maintenance Reporting,
• SFFAS No. 29, Heritage Assets and Stewardship Land,
• FASAB Technical Release 9, Implementation Guide for SFFAS No. 29:
Heritage Assets and Stewardship Land (Feb 20, 2008),
• OMB Circular No. A-136, Financial Reporting Requirements, and
• entity accounting policies and procedures.
Audit Issues
.08 Entity financial statements, particularly DOD, have disclosed material
weaknesses in accounting for federal PP&E. This includes identification of
physical quantities by type of asset, cost/valuation, depreciation (if general
property, except land), condition, and recording transactions in the proper
period.
Audit Approach/Strategy
.09 The auditor should develop their audit approach/strategy by identifying the
extent of heritage assets and stewardship land at the entity they are
auditing. The auditor should then obtain and fully document their
understanding of this property in the entity’s accounts, accounting systems,
and related policies and procedures. The auditor should also understand
the control environment for this property, including the information
technology processing and security controls over systems that report or
transact activities or balances, to determine the level of audit procedures
required.

Audit Plan/Procedures
.10 Heritage assets and stewardship land will vary by entity and auditors
should use their professional judgment to design the audit plan/procedures
for their particular entity after considering the type of accounts,
materiality, audit risks, and the internal control environment. From fiscal
years 2006 through 2008, as entities implement SFFAS No. 29, auditors may
consider the example audit procedures provided below to audit this
property, as well as a basis to develop new procedures.
Planning Phase
.11 To obtain an understanding of entity heritage assets and stewardship land
in the planning phase of the audit, the auditor may:
• Obtain an understanding of significant accounting and auditing issues,
read the entity’s prior year’s accountability and auditors’ reports.
• Read applicable SFFAS and OMB Circular No. A-136 guidance for
accounting, reporting, and disclosing heritage assets and stewardship
land.
• Understand and document the entity’s stewardship policies for
identifying heritage assets and stewardship land separate from multi-
use heritage assets and other general PP&E, and indicate how the
designation of heritage assets and stewardship land relate to the entity’s
mission.
• Understand and document the entity’s procedures for identifying,
categorizing, accounting, reconciling and reporting heritage assets and
stewardship land. Note that SFFAS No. 29 allows the entity flexibility in
designating categories by determining a meaningful level of aggregation
for reporting and selecting physical units aligned with those categories
based on the entity’s mission, types of heritage assets, and how it
manages those assets.
• Understand and document the entity’s methodology for acquisition and
withdrawal of heritage assets and stewardship land during the reporting
period.
• Understand and document the methodology used to account for
deferred maintenance (although unaudited RSI) on heritage assets and
stewardship land during the reporting period.
• Identify and understand the impact of systems/methods for classifying,
accounting, and processing of transactions related to heritage assets
and stewardship land by interviewing the entity’s key personnel and its
systems and methods for processing transactions.
• Provide sufficient time for the entity to respond to documentation
requests, as some records may be housed in field offices or other
locations.

• Coordinate, through the audit liaison, with non-financial staff, such as
cultural resource personnel, as heritage assets are non-financial assets.
• Acquire expertise related to the assets they are auditing.
Internal Control Phase

.12 To understand the internal controls the entity has in place for identifying,
accounting, and reporting heritage assets and stewardship land, the auditor
may:
• Determine through inquiry of management, walk-throughs, inspection
of documents, review of prior year’s documentation and other means
applicable to the entity, the entity’s process for identifying, classifying
and reporting heritage assets and stewardship land. Specifically:
a) Whether the entity has an authorization process and the related
control procedures for acquisition, withdrawal, and deferred
maintenance transactions related to heritage assets and stewardship
land.
b) How the entity has instituted a consistent methodology for
categorization of heritage assets and stewardship land based on the
entity’s mission and in accordance with SFFAS No. 29.
c) How the entity records acquisitions, withdrawals, and deferred
maintenance entries in the accounting system and performs
reconciliations between the accounting system and the asset
accountability system. In accordance with SFFAS No. 29, costs
related to the acquisition, improvement, reconstruction and
renovation of heritage assets/stewardship land are recognized in the
Statement of net cost for the period in which the costs are incurred.
These include all costs incurred to prepare the item for its intended
use.
d) Whether the entity maintains transaction logs or detailed records of
transactions to identify the postings to SGL accounts and to
facilitate the reconciliation process and whether the logs include
sufficient information to enable identification and location of
e) How the entity classifies and records transfers to/from other federal
entities of heritage assets and stewardship land.
f) How the entity classifies and records donation or devise of heritage
assets and stewardship land.
g) Whether the entity separates and capitalized multi-use heritage
assets. The cost of acquisition, improvement, reconstruction, or
renovation of multi-use heritage assets should be capitalized as
general PP&E and depreciated over its useful life.

h) Whether and how the entity conducts periodic physical inventories
designed to verify the existence, location, and condition of all
property listed in the accounts, and to verify the completeness of
recorded units.
• Prepare or update the cycle memorandum, flowchart, ARA, and SCE
forms (see FAM 390, FAM 395 H, and FAM 395 I).
Testing Phase
.13 For heritage assets and stewardship land, if the auditor preliminarily
determines that the entity’s internal control procedures are effectively
designed and placed in operation, the auditor may test the entity’s policies
and procedures to determine if the controls are effective and the balances
appear reasonable. The audit objectives for substantive procedures are to:
• Determine the existence of recorded heritage assets and stewardship
land.
• Determine the completeness of recorded heritage assets and
stewardship land.
• Determine the entity’s ownership rights to record these assets as
heritage assets and stewardship land in accordance with SFFAS No. 29.
• Determine the clerical accuracy of unit schedules for additions and
deletions.
• Determine the aggregation and categorizations of physical units are in
accordance with guidelines established in SFFAS No. 29. For example,
DOI has reported the number of federal parks, instead of the number of
acres comprising those parks, as physical units.
• Determine the presentation and disclosure of heritage assets and
stewardship land and note disclosures are in accordance SFFAS No. 29.
.14 Existence: To determine the existence of heritage assets and stewardship
land, the auditor may:
• Determine the propriety of beginning balance of physical units. As
heritage assets and stewardship land are being reclassified as basic
information, auditors may require supporting documentation to fulfill
audit assertions. However, due to the age of when these assets were
acquired, documentation may no longer exist. The entity and the
auditor are encouraged to develop other reasonable approaches and
methods to satisfy audit assertions that would rely on historical
documents as evidence and support. Further guidance is provided in
the AAPC implementation guide, paragraphs .80-.85.
• Obtain a summary analysis of changes in property in the current fiscal
year and reconcile to the general ledger.
• Agree changes in units from the subsidiary ledger to the general ledger.

• Vouch additions during the year by analyzing on a sample basis
(depending on the auditor’s assessment of control risk) entries from the
general ledger to the original documentation such as contracts, deeds,
work orders, and invoices.
• On a sample basis, make physical inspections of acquisitions and
examine supporting documents on disposals. The auditor should
coordinate inspections with the appropriate entity staff, particularly
when visiting non-federal repositories which hold federal museum
collections. This will ensure that visits are efficient and productive, and
relationships between repositories and the entity are maintained.
.15 Completeness: The auditor may determine the completeness of recorded
heritage assets and stewardship land by tracing transactions recorded in
the asset accountability system to general ledger accounts. Usually, few
changes occur in heritage assets and stewardship land during the year and
the auditor should investigate significant changes in balances. Since cutoff
errors are not a major risk in establishing the completeness of recorded
assets, if the auditor is satisfied with the beginning balances and verifies
the acquisition and withdrawals of the current period, the auditor has also
substantiated the ending balance.
.16 Rights and Obligations: To determine the entity’s ownership rights to
record the property as heritage assets and stewardship land, the auditor
may:
• Examine FASAB definitions of heritage assets and stewardship land,
historical documents, and compliance procedures to determine the
entity’s ownership rights to record the property as heritage assets and
stewardship land (as opposed to another federal entity).
• Examine documents to determine legal ownership such as public
records, property deeds, property tax bills (or exceptions), and other
documents specific to the entity’s documentation of legal ownership.
Documentation of ownership may be in a variety of formats including
permits, reports, and associated records which indicated where natural
resources were recovered from public lands.
• Examine the entity’s statements showing the assets’ direct link to the
entity’s mission. Auditors may perform this procedure to gain more
information about the entity’s assets, rather than to determine which
assets are properly included in the heritage assets and stewardship land
category.
.17 Accuracy: To determine the accuracy of unit schedules for heritage assets
and stewardship land additions and deletions, the auditor may:
• Agree subsidiary ledger for additions and deletions to controlling
accounts and examine detailed supporting documentation.

• Determine the propriety and accuracy of recorded transfers and
donations, examine subsidiary ledgers, and agree to detailed supporting
documentation.
• Recompute footings and extensions in detailed documentation and
summary analysis.
.18 Classification: To determine the aggregation, unitization and
categorization of physical units for heritage assets and stewardship land,
the auditor may:
• Examine entity documentation and methodology for categorization of
units to determine whether the entity’s aggregation/categorization and
physical unit of measure are appropriate, based on the entity’s mission,
how the entity views the asset for management purposes, types of
heritage assets, and materiality considerations. The entity should
designate asset categories that are meaningful and reflect how it views
the asset for management purposes. It would also be helpful if entities
documented the reasoning for categorization.
• Determine whether the results of testing and the nature of
misstatements indicate that the auditor should re-assess the risk of
material misstatement and revise procedures.
Reporting Phase:
.19 To determine the proper reporting, presentation, and disclosure of heritage
assets and stewardship land, the auditor may review the balance sheet and
determine whether these items are properly reported and correctly
classified as heritage assets and stewardship land. The auditor should also
read the note disclosures and determine whether the entity reported:
For periods beginning after September 30, 2005 (FY 2006 and FY
2007):
• Disclosure of how the heritage assets and stewardship land relate to the
entity’s mission.
• Description of stewardship policies.
• Discussion of multi-use heritage assets.
• Disclosure of asset condition and deferred maintenance as RSI.
For periods beginning after September 30, 2007 (FY 2008):
• Inclusion of all the requirements noted above plus a description of the
major categories of heritage assets and the number of physical units as
collection or non-collection type for which the entity is the steward at
the end of the reporting period.

For periods beginning after September 30, 2008 (FY 2009):
• Inclusion of all requirements noted above with the number of physical
units by major category added and withdrawn and a description of the
major methods of acquisition and withdrawal.
• Full compliance with all SFFAS No. 29 requirements for reporting
periods beginning with FY 2009 is expected for all entities. To be in
accordance with SFFAS No. 29, information that is not required to be
reported as basic information during the phase-in period is still
required, but should be reported as RSI until the exceptions expire. It
may be appropriate for entities to include a reference to the information
reported as RSI during the phase-in period.
The auditor should also summarize the results and determine if
adjustments are necessary, and conclude whether heritage assets and
stewardship land have been adequately accounted for and properly
disclosed in the financial statements.
If the entity has early implemented SFFAS No. 29, the auditor should
confirm that the required information is presented.

941 - Auditing the Statement of Social Insurance
941 – Auditing the Statement of Social Insurance

.01 The Statement of Social Insurance (SOSI) has grown in prominence as it
presents trillions of dollars of future federal expenditures over future
federal revenues. Beginning with fiscal year 2006, the SOSI is required to be
audited, along with certain social insurance disclosure information, while
other social insurance information is to be presented as unaudited required
supplemental information (RSI). Because most of the information is based
on actuarial projections up to 75 years into the future, it presents a
challenge to the federal entity responsible for its preparation, as well as to
the auditor. FAM 941 provides auditors with some guidance in auditing the
SOSI in accordance with U.S. GAGAS.
.02 FASAB has established accounting requirements for the SOSI through
various SFFAS. The financial statements affected are those of federal
entities responsible for Social Security, Medicare, Railroad Retirement, and
Black Lung programs, as well as the consolidated financial statements of
the federal government. For periods beginning after September 30, 2005,
the SOSI is to be presented as a basic financial statement with the
underlying significant assumptions included in notes that are presented as
an integral part of the financial statements.
.03 FASAB standards for social insurance programs require entities and the
consolidated federal financial statements to report:
a. The estimated present value of the income to be received from or on
behalf of the following groups during a projection period sufficient to
illustrate the long-term sustainability of the social insurance programs
for:
• current participants who have not yet attained retirement age,
• current participants who have attained retirement age, and
• individuals expected to become participants.
b. The estimated present value of the benefit payments to be made during
that same period to or on behalf of the groups listed in item (a) above.
c. The estimated net present value of the cash flows during the projection
period [the income described in item (a) above over the expenditures
described in item (b) above, or the expenditures described in item (b)
above over the income described in item (a) above].
d. In notes to the SOSI:
1. The accumulated excess of all past cash receipts, including interest
on investments, over all past cash disbursements within the social
insurance program, represented by the fund balance at the valuation
date.

2. An explanation of how the net present value referred to in item (c)
above is calculated for the closed group.1
3. Comparative financial information for items (a), (b), (c), and d (1)
above for the current year and for each of the four preceding years.
4. The significant assumptions used in preparing the estimates.
Accounting and Reporting Information
.04 FASAB has issued standards for reporting on social insurance programs of
federal entities as follows:
• SFFAS No. 17 – Accounting for Social Insurance, effective for
periods beginning after September 30, 1999, presents accounting
standards for federal social insurance programs covering Social
Security (Old-Age, Survivors, and Disability Insurance), Medicare
(Hospital Insurance [Part A] and Supplementary Medical Insurance
[Part B]),2 Railroad Retirement, and Black Lung benefits, and
Unemployment Insurance. Social insurance programs covered by
SFFAS No. 17 have five common characteristics:
1. financing from participants or their employers;
2. eligibility from taxes or fees paid and time worked in covered
employment;
3. benefits not directly related to taxes or fees paid;
4. benefits prescribed in law; and
5. programs intended for the general public.
• SFFAS No. 25 – Reclassification of Stewardship Responsibilities and
Eliminating the Current Services Assessment requires the Statement
of Social Insurance to become a basic audited financial statement. It
also provides that certain information about social insurance programs
required by SFFAS No. 17 be reported in audited notes or as unaudited
RSI, rather than as unaudited RSSI. In accordance with SFFAS No. 28,
the effective period was deferred one year from fiscal year 2005 to
fiscal year 2006.
• SFFAS No. 26 – Presentation of Significant Assumptions for the
Statement of Social Insurance: Amending SFFAS No. 25 requires that
the underlying significant assumptions relating to the Statement of
Social Insurance shall be included in audited notes with other
information required by SFFAS No. 17 – including the sensitivity
analysis – to be presented as RSI, except to the extent that the preparer
elects to include some or all of that information in audited notes. In
1
The closed group is defined as those persons who, as of a valuation date, are participants in a social
insurance program as beneficiaries, covered workers, or payers of earmarked taxes or premiums.
2
The Medicare Prescription Drug, Improvement, and Modernization Act of 2003, Public Law 108-173,
created a new prescription drug benefit under Medicare Part D, which is also covered by SFFAS No. 17.

accordance with SFFAS No. 28, the effective period was deferred one
year from fiscal year 2005 to fiscal year 2006.
• SFFAS No. 28 – Deferral of the Effective Date of Reclassification of
the Statement of Social Insurance: Amending SFFAS Nos. 25 and 26
deferred the effective dates of SFFAS No. 25 and SFFAS No. 26 for one
year to the fiscal year ended September 30, 2006.
.05 Auditors generally should follow the FAM methodology contained in the
planning, internal control, testing, and reporting phases in FAM 200-500
and the audit guidance included in the AICPA’s Statement of Position
(SOP) 04-1, Auditing the Statement of Social Insurance. SOP 04-1
provides guidance to auditors in auditing the Statement of Social
Insurance.
.06 As permitted by AU 543, a principal auditor may fulfill the requirements of
SOP 04-1 by using work that other independent auditors have performed in
conformity with the provisions of SOP 04-1. For example, for the OASDI
program, the auditor of the consolidated financial statements of the U. S.
government may use the work and report of the auditor of the Social
Security Administration’s Statement of Social Insurance.
.07 According to AU 342.10, the auditor should obtain an understanding of how
management develops estimates. Based on that understanding, the auditor
should evaluate the reasonableness of management’s estimates by using
one or a combination of approaches as follows:
• reviewing and testing the process used by management to develop the
estimate;
• developing an independent expectation of the estimate to corroborate
the reasonableness of management’s estimate; and
• reviewing subsequent events or transactions occurring prior to audit
completion.
.08 In auditing the Statement of Social Insurance, if the auditor has assessed
management’s controls over the estimation process to be effective, the
auditor may determine that the most practicable and efficient approach is
to test management’s process. However, if the auditor finds that controls
over the estimation process are ineffective, the auditor should consider
whether it is practicable to:
• develop an independent expectation of the estimate, or portions of the
estimate, to corroborate management’s estimate, or
• obtain competent evidence from outside the audited entity’s process
that would be sufficient to support the assertions in the Statement of
Social Insurance. If it is not practicable to mitigate the effects of the
ineffective controls through substantive procedures such as these, the
auditor’s report on the Statement of Social Insurance should be
modified (SOP 04-1, paragraph 9).

.09 The auditor’s objective when auditing the Statement of Social Insurance is
to obtain sufficient, competent, evidential matter to provide reasonable
assurance that:
• the estimates presented in the Statement of Social Insurance are
reasonable in the circumstances, and
• the Statement of Social Insurance is presented fairly, in all material
respects, in conformity with U.S. GAAP, including adequate disclosure.
.10 If the auditor does not possess the level of competence in actuarial science
to qualify as an actuary, the auditor generally should obtain the services of
an independent actuary3 to assist the auditor in planning and performing
auditing procedures. Generally, the auditor will need the assistance of an
independent actuary in performing various procedures during all phases of
the audit and related to all elements of the estimates (SOP 04-1, paragraph
10).
Key Implementation Issues
Determining Materiality
.11 In FAM 230, materiality is one of several tools the auditor uses to
determine that the planned nature, extent, and timing of procedures are
appropriate. Materiality represents the magnitude of an omission or
misstatement of an item in a financial report that, in light of surrounding
circumstances, makes it probable that the judgment of a reasonable person
relying on the information would have been changed or influenced by the
inclusion or correction of the item. Materiality has both quantitative and
qualitative aspects. Even though quantitatively immaterial, certain types of
misstatements could have a material impact on or warrant disclosure in the
financial statements for qualitative reasons.
.12 Auditors should use professional judgment in determining the appropriate
element of the financial statements to use as a materiality base. Auditors
generally consider materiality in the context of the financial statements
taken as a whole, taking into account both quantitative as well as
qualitative attributes of the financial statements. Auditors should exercise
due professional care when setting the materiality base, carefully assessing
the information gained during the planning phase of the audit and the
needs of a reasonable person relying on the financial statements (SOP 04-1,
paragraph 21).
.13 For certain federal entities, amounts reported in the Statement of Social
Insurance may vary significantly from the amounts reported in the other
basic financial statements, or may differ significantly on a qualitative basis.
In such cases, it may not be appropriate to establish a single materiality
threshold for the entire set of financial statements. Instead, the auditor
3
The actuary can either be under contract with the independent auditor or employed by the independent
audit organization. In either case, the actuary performing services for the auditor would need to meet the
independence standards of GAGAS, which are applicable to audits of Statements of Social Insurance.

should use a separate materiality level(s) when planning and performing
the audit of the Statement of Social Insurance and related disclosures (SOP
04-1, paragraph 22).
.14 The auditor generally should establish planning materiality in relation to
the element of the financial statements that is most significant to the
primary users of the statements (the materiality base - see FAM 230.08).
The auditor uses professional judgment in determining the appropriate
element of the financial statements to use as the materiality base. Also,
since the materiality base may be based on unaudited preliminary
information determined in the planning phase, the auditor may estimate the
year-end balance(s) of the materiality base(s). To provide reasonable
assurance that sufficient audit procedures are performed, any estimate of
the materiality base(s) should use the low end of the range of estimated
materiality so that sufficient testing is performed.
.15 SFFAS No. 17 includes a discussion of SFFAC No. 1, Objectives of Federal
Financial Reporting, which established four major reporting objectives in
applying accounting standards:
1. budgetary integrity,
2. operating performance,
3. stewardship, and
4. systems and controls.
SFFAC No. 1 provides useful information to assist the auditor in
determining an appropriate materiality base. For example, while all four of
the objectives are important, SFFAS No. 17 states that objectives No. 2 and
No. 3 directly impact the social insurance standards.
.16 Objective No. 2 of SFFAC No. 1 states that federal financial reporting
should assist report users to evaluate:
• service efforts, costs, and accomplishments of the reporting entity,
• the manner in which these efforts and accomplishments have been
financed, and
• the management of the entity’s assets and liabilities.
SFFAS No. 17 indicates that information about social insurance that is
relevant to this objective includes the cost of the program as well as long-
range estimates (and ranges of estimates) of future costs and other
obligations. Estimates of future costs highlight the cost impact of changes
in benefit levels as well as changes in economic and demographic
conditions, such as the cost of health care and life expectancies.
.17 Objective No. 3 of SFFAC No. 1 states that federal financial reporting
should assist report users in assessing the impact on the country of the
government’s operations and investments for the period and how, as a
result, the government’s and the nation’s financial condition has changed

and may change in the future. Thus, federal financial reporting should
provide information that helps the reader to determine whether:
• the government’s financial position has improved or deteriorated over
the period,
• future budgetary resources will likely to be sufficient to sustain public
services and to meet obligations as they come due, and
• government operations have contributed to the nation’s current and
future well being.
.18 Fundamental questions about social insurance programs that can be
addressed by accounting standards include whether:
• programs are sustainable as currently constructed,
• the government’s financial condition has improved or deteriorated as a
result of its efforts to provide for these and other programs, and
• the likelihood that these programs will be able to provide benefits at
current levels to those who are planning on receiving them.
The information required by this standard, taken as a whole, will help users
make this assessment while acknowledging the complexity of the programs
and the uncertainty of long-term projections.
.19 In determining the materiality base for planning and performing audits of
an entity’s Statement of Social Insurance, the auditor should evaluate the
actuarial present value of the estimated future:
4
a. revenue (excluding interest ) received from or on behalf of all current
and future participants (estimated future revenue),
b. expenditures for or on behalf of all current and future participants
(estimated future expenditures), and
c. balance of estimated future revenue (excluding interest) over/(under)
estimated future expenditures (actuarial balance).
.20 The auditor may determine that the actuarial balances are the most
significant element of the Statement of Social Insurance to users of the
financial statements. If so, the materiality base would be the actuarial
balance. However, the auditor has the option of selecting a materiality base
of either the estimated future revenues, or the estimated future
expenditures. Regardless of which materiality base is selected, the auditor
generally should select the materiality base that provides reasonable
assurance that sufficient audit procedures are performed.
4
Income (excluding interest) consists of payroll taxes from employers, employees, and self-employed
persons, revenue from federal income taxation of scheduled OASDI benefits, and miscellaneous
reimbursements from the General Fund of the Treasury.

The auditor’s basis for the selection of the materiality base(s) generally
should be documented, including consideration given to other possible
measures or separate bases for estimated future revenue and estimated
future expenditures. Auditors generally should follow the guidance in FAM
230.11-.13 in determining materiality for planning and performing audits of
entity Statements of Social Insurance.
Obtaining Management’s Representations
.21 Entity management is responsible for preparing the Statement of Social
Insurance and underlying estimates in conformity with U.S. GAAP.
Management is also responsible for the accuracy and completeness of the
Statement of Social Insurance (SOP 04-1, paragraph 5). Therefore,
5
management should determine its best estimate of the economic and
demographic conditions that will exist in the future. Because estimates in
the Statement of Social Insurance are based on subjective as well as
objective factors, management should use judgment to estimate amounts
included in the Statement of Social Insurance. Management’s judgment
may be based on its knowledge and experience about past and current
events and its assumptions about conditions it expects to exist.
.22 Consistent with FAM 1001, the auditor should obtain specific
representations relating to the Statement of Social Insurance. For an audit
of an entity’s Statement of Social Insurance, the representation letter
should include, as applicable, representations included in FAM 1001 A,
example management representation letter.
Planning Considerations for the Consolidated Government-wide Report
.23 Pursuant to statutory requirements of the Government Management
Reform Act (GMRA) of 1994, GAO serves as the principal auditor of the
consolidated financial statements (CFS) of the U. S. government. GMRA
also requires the Secretary of the Treasury to annually prepare and submit
to the President and the Congress an audited financial statement, or
Financial Report (FR) of the United States Government, for the preceding
fiscal year. The Chief Financial Officer (CFO) of each of the verifying
6 7
agencies submits their financial data using the closing package process
via the Governmentwide Financial Report System (GFRS) and the Federal
Agencies’ Centralized Trial-Balance System (FACTS I).
5
Paragraph 25 of SFFAS No. 17, Accounting for Social Insurance, states, in part, “The projections and
estimates used should be based on the entity’s best estimates of demographic and economic assumptions,
taking each factor individually and incorporating future changes mandated by current law.” Certain entities
prepare social insurance information using assumptions prepared by a board of trustees. Auditors should
consider such assumptions to represent the entity’s “best estimates” if the trustees have characterized
them as such, and entity management has determined them to be reasonable. With respect to these
assumptions, the auditor should perform audit procedures that are consistent with the guidance in
paragraphs 9 through 36 of SOP 04-1.
6
The verifying agencies are the 24 CFO Act agencies and 11 other federal agencies.
7
The closing package process is a methodology designed to link agencies’ comparative, audited
consolidated, department-level financial statements to the FR. The closing package is the data submitted
by each verifying agency for inclusion in the FR.

All nonverifying agencies must submit FACTS I adjusted trial-balance
(ATB) data and must complete GFRS Notes and Other FR Data. The
Inspector General (IG) of each verifying agency, except those agencies
with a fiscal year-end other than September 30, opines on the closing
package data, (also referred to as the “special purpose financial
statements, or “special purpose closing package”) entered by the CFO into
GFRS, as to its consistency with the comparative, audited consolidated,
department-level financial statements.
.24 According to OMB audit guidance, the auditor should determine whether
the special purpose financial statements and accompanying notes are fairly
presented, in all material respects, in conformity with U.S. GAAP and the
presentation requirements set forth in the Treasury Financial Manual
(TFM), Volume I, Part 2-Chapter 4700 (TFM 2-4700), Agency Reporting
Requirements for the Financial Report of the United States Government.
Beginning with fiscal year 2006, the Statement of Social Insurance is to be
presented as a basic financial statement in accordance with SFFAS Nos. 25,
26, and 28.
.25 TFM 2-4700 requires entities to provide the Statement of Social Insurance
data and the underlying key assumptions in the FR Notes module in GFRS.
All remaining social insurance information is to be submitted through the
Other FR Data (Stewardship and Supplemental Information) module in
8
GFRS . The auditor generally should
• perform the procedures described in AU 551 as indicated in OMB audit
guidance for the Other FR Data information as required and defined in
TFM 2-4700, and
• assess whether the Other FR Data is materially consistent with the
information in the special purpose financial statements.
In accordance with AU551.06 (d) the auditor report should include either
an opinion on whether the accompanying information is fairly stated in all
material respects in relation to the basic financial statements taken as a
whole, or a disclaimer of opinion, depending on whether the information
has been subjected to the auditing procedures applied in the audit of the
basic financial statements. The auditor may express an opinion on a
portion of the accompanying information and disclaim an opinion on the
remainder.
.26 Actuarial projections of the annual cash inflow from all sources exclude
net interest on intragovernmental borrowing/lending for both the
9
component entity’s Statement of Social Insurance and the U.S.
10
government’s consolidated Statement of Social Insurance. In addition,
8
Beginning in fiscal year 2006, TFM 2-4700 included these requirements. The process and modules used by
FMS to prepare the consolidated Statements of Social Insurance and accompanying notes, and
supplemental information included in the FR may change in future years, based on changes that may be
made by FMS to TFM 2-4700.
9
SFFAS No. 17, paragraph 27 (a)(1).
10
SFFAS No. 17, paragraph 32 (a)(1).

because paragraph 32 (1)(a) of SFFAS No. 17 only permits cash inflow
from the public to be included in the long-range actuarial projection of
cash inflow presented in the U.S. government’s consolidated Statements of
Social Insurance, TFM 2-4700 requires the (1) General Fund transfers for
the Federal Supplementary Medical Insurance (SMI – Medicare Part B)
program, (2) General Fund transfers for the Federal Supplementary
Medical Insurance (SMI – Medicare Part D) program, and (3) financial
interchange11 income for the Railroad Retirement benefits program to be
excluded from the present value of the long-range actuarial projections.
SFFAS No. 17 states that expense and liability recognition for the
consolidated governmentwide entity are the same as for the component
entities.12
Consequently, auditors responsible for these programs generally should
determine the impact of the TFM requirement, which excludes the General
Fund transfers and the financial interchange income from the present value
of the long range actuarial projections on their auditing procedures.
Auditors should plan and perform their department-level social insurance
related audit procedures to obtain a reasonable basis for expressing an
opinion on the special purpose financial statements included in the Closing
Package, which include the Statement of Social Insurance.
11
Financial interchange (FI) income consists of transfers from the social security trust funds under a
financial interchange between the railroad retirement and the social security systems. While the railroad
retirement system has remained separate from the social security system, the two systems were closely
coordinated with regard to earnings credits, benefit payments, and taxes. The purpose of this financial
coordination is to place the Social Security Old-Age Survivors and Disability Insurance (OASDI) and
Hospital Insurance (HI) trust funds in the same position they would have been in if railroad services were
covered by the Social Security and Federal Insurance Contribution acts.
12
SFFAS No. 17, paragraph 30.

[This page intentionally left blank.}

SECTION 1000
Reporting
1000 – Reporting

Reporting
1001 – Management Representations

.01 This section deals with the management representations that the auditor
must obtain from current management as part of the audit, as described
in AU 333, AT 501, AU 801, OMB audit guidance, FAM 280 and FAM 550.
It covers representations about:
• financial statements,
• internal control,
• fraud,
• financial management systems’ substantial compliance with the
Federal Financial Management Improvement Act of 1996 (FFMIA) by
CFO Act agencies,
• compliance with laws and regulations,
• social insurance,
• budgetary, and fund restrictions.
.02 Written representations from management ordinarily confirm oral
representations given to the auditor, indicate and document the
continuing appropriateness of those representations, and reduce the
possibility of misunderstanding. Management representations are not a
substitute for obtaining other audit evidence. If other audit evidence
contradicts a representation, the auditor should investigate the
circumstances and evaluate the reliability of the representation. The
auditor should also determine whether it is appropriate to rely on other
management representations. Management’s refusal to furnish written
representations is a scope limitation sufficient to preclude an unqualified
opinion.
.03 The specific representations obtained will depend on the circumstances
of the engagement and the nature and basis of presentation of the
financial statements. These representations apply to all the financial
statements and all periods covered by the audit report. In addition to the
representations in the AICPA standards, the auditor generally should
determine the need to obtain representations on other matters based on
the circumstances of the audited entity. Also, the auditor should delete
inapplicable representations in the example representation letter in FAM
1001 A and should customize the letter to the situation of the entity being
audited.
.04 The auditor should obtain the management representation letter from the
highest level of the audited entity. The auditor should decide who to ask
to sign the management representation letter. Signers should be officials
who, in the auditor’s view, are responsible for and knowledgeable,
directly or through others, about the matters in the representation letter.
These officials generally should be the head of the federal entity and the
CFO, or equivalent. The auditor should obtain separate management
Reporting
representation letters from any component units for which the auditor
will issue separate reports.
.05 The auditor should ask management to prepare the representation letter
on the audited federal entity’s letterhead. The auditor should ask
management to sign and date the representations as of the date of the
auditor’s report—the completion of the audit and not later. The audit is
complete when the auditor has enough evidence and has applied enough
quality controls (including supervisory, first partner, and second partner
review) to be ready to sign the audit report. To be sure that the letter is
ready in time, the auditor generally should provide a draft letter to
management early in the audit and update it for circumstances found
throughout the audit. If management signs the letter before the
completion of the audit, the auditor should obtain an update of the
representations to the completion of the audit date. While a written
update is preferred, where the time difference is short, the auditor may
update the representations orally and document the update.
The auditor should obtain the management representation letter after
receiving the final legal representation letter discussed at FAM 1002.15.
In some cases a legal letter(s) may be obtained before the completion
date of the audit so auditors will have time to review/test the information.
In these cases, the auditor should perform and document inquiries to be
satisfied that nothing has significantly changed between the date of the
legal letter(s) and the audit completion date.
.06 The audited entity generally should address the management
representation letter to the Comptroller General of the United States for
GAO audits. For other audits, the audited entity generally should address
the management representation letter to the auditor opining on the
financial statements which may be a CPA firm or the entity’s Inspector
General (or it may be dual addressed). However, to avoid any delays in
timely receipt of the letter, the audit team may have the audited entity
deliver it directly to a member of the team such as the audit director.
.07 Especially for large audited entities, management, in agreement with its
auditor, generally should specify a materiality threshold for the
management representation letter, below which items would not be
reported. OMB audit guidance states that the management representation
letter shall specify management’s materiality threshold used for reporting
items in the management representation letter. It also footnotes that
management and the auditor should reach an understanding on a
materiality level. If no threshold is stated, management should note all
exceptions in the representation letter.
The auditor should be satisfied that such a materiality threshold is so far
below design materiality that even many items below this level would not,
in the aggregate, approach design materiality. For example, a threshold
that is 5 percent (or less) of design materiality may be sufficiently low.
The materiality level may be different for different representations and

Reporting
would not apply to those representations not directly related to amounts
in the financial statements (such as responsibility for the statements).
Representations Relating to the Financial Statements
.08 AU 333.06 lists management representations that the auditor generally
should obtain in a U.S. GAAS audit if applicable. These generally relate to
management acknowledging its responsibility for the financial statements
and its belief that the financial statements are fairly presented in
conformity with U.S. GAAP and financial information is complete with
appropriate recognition, measurement, and disclosure. Included in this
representation is the effect of any uncorrected financial statement
misstatements, a schedule of which is attached to the representation
letter. (For this the auditor may tailor the example schedule in FAM 595 C
by removing the auditor’s conclusions.)
Examples of additional representations that may be appropriate
depending on an entity’s business or industry are given in appendix B to
AU 333. The auditor may review AU 333 to identify items to add to the
representations, many of which would be modified in the federal
government environment. In the example representation letter at FAM
1001 A, common presentation and disclosure representations are items #1
through #10. Representation #5 addresses uncorrected misstatements for
which the auditor should attach a summary to the management
representation letter. An example Summary of Uncorrected
Misstatements is provided at FAM 595 C.
Additionally, OMB audit guidance has emphasized the importance of
identifying intragovernmental transactions and their reconciliations for
federal entities and their components. In the example representation
letter at FAM 1001 A, this item is #11.
.09 Appendix B of AU 333 provides further example language that the auditor
generally should modify as appropriate for the circumstances applicable
to the federal entity being audited in the following situations:
General
• Unaudited interim information accompanies the financial statements.
• The impact of a new accounting principle is not known.
• There is justification for a change in accounting principles.
• Financial circumstances are strained, with disclosure of
management’s intentions and the entity’s ability to continue as a going
concern.
• The possibility exists that the value of specific significant long-lived
assets or certain identifiable intangibles may be impaired.
• The entity engages in transactions with special purpose entities.
• The entity used the work of a specialist.

Reporting
Cash
• Cash is restricted by nonentity ownership; escrow, trust, or other
fiduciary activity; and seizures awaiting legal resolution.
Financial instruments
• The value of debt or equity securities has declined.
• Management has determined the fair value of significant financial
instruments that do not have readily determinable market values.
• There are financial instruments with off-balance-sheet risk and
financial instruments with concentrations of credit risk.
Receivables
• Receivables have been properly stated in the financial statements (for
example, at estimated net realizable value). Collectability of federal
receivables requires considerable management judgment.
Inventories
• Excess, obsolete, or unserviceable inventories exist. Items held for
repair are properly valued. Valuation allowances for federal
inventories require considerable management judgment.
Deferred charges and unearned revenues

• Material expenditures have been deferred and unearned revenue has
been properly accrued.
Debt
• Short-term debt could be refinanced on a long-term basis, and
management intends to do so.
1
Contingencies
• Estimates and disclosures have been made of environmental
remediation liabilities and related loss contingencies.
• Agreements may exist to repurchase assets previously sold.
1
When there is no general counsel and management has not consulted legal counsel with regard to
contingencies, the auditor should obtain a written representation from management that legal counsel has
not been consulted. Such representation may be incorporated as an item in the management
representation letter. (See FAM 550 and FAM 1002.24.) An example item is: “We are not aware of any
pending or threatened litigation, claims, or assessments or unasserted claims or assessments that are
required to be accrued or disclosed in the financial statements in accordance with SFFAS No. 5. We have
not consulted legal counsel concerning litigation, claims, or assessments.” (See FAM 1001 A.)

Reporting
Pension and postretirement benefits
• An actuary has been used to measure pension liabilities and costs.
• There is involvement with a multiemployer plan.
• Postretirement benefits have been eliminated.
• Employee layoffs that would otherwise lead to a curtailment of a
benefit plan are intended to be temporary.
• Management intends to either continue to make or not make frequent
amendments to its pension or other postretirement benefit plans,
which may affect the amortization period of prior service cost, or
management has expressed a substantive commitment to increase
benefit obligations.
Sales
• There may be losses from sales commitments.
• There may be losses from purchase commitments.
• There are no undisclosed sales terms.
.10 The auditor should determine the need for additional customizing of the
example representation letter in FAM 1001 A and for the additional
representations in FAM 1001.09. Many of the representations may have to
be qualified, especially in an initial audit or in later audits where
significant problems remain. For instance, where the example
representation letter states that there are no violations of laws or
regulations, the entity may need to add at the end of the statement,
“except as follows:” and describe the violations.
.11 In addition, the auditor should determine whether circumstances may
require that additional descriptive items be included in the representation
letter, especially as support for conclusions the auditor makes in the
report. This is important where the corroborating information that can be
obtained by procedures other than inquiry is limited. For example, the
auditor should ask that the letter include descriptions of (1) the reasons
for scope limitations imposed by the audited entity, such as the lack of
availability of certain records, (2) the basis for material liability
estimates, key asset valuations, or the probability of contingencies, and
(3) significant plans or intentions for the entity. For example, if the entity
has a pension plan outside of the Civil Service Retirement System or the
Federal Employees’ Retirement System, an item may state that the entity
does not plan to terminate the plan and that management believes the
actuarial assumptions and methods used to measure pension liabilities
and costs for financial reporting purposes are appropriate in the
circumstances.

Reporting
Representations Relating to Internal Control

.12 Internal control representations, when the auditor expresses an opinion
on internal control, are found in AT 501.44. These representations,
examples for which are provide in FAM 1001 A, relate to management’s
• acknowledging its responsibility for internal control (item #12);
• stating that management has assessed the effectiveness of its internal
control and specifying the control criteria used (item #13);
• stating management’s assertion about the effectiveness of its internal
control based on the control criteria (item #14);
• stating that management has disclosed to the auditor all significant
deficiencies in the design or operation of internal control that could
adversely affect the entity’s ability to meet the internal control
objectives and pointing out those that are material weaknesses using
the definition in the representation letter, which is the definition in
AU 325 (item #15); and
• stating whether there were any changes to internal control
subsequent to the end of the reporting period (item #16).
.13 For bullets 2 and 3 in FAM 1001.12, entities may use criteria established
under FMFIA and OMB Circular No. A-123 in their FMFIA internal
control assessment. Standards in GAO’s green book Standards for
Internal Control in the Federal Government, (GAO/AIMD-00-21.3.1)
were established as standards for federal entities to follow. These
standards incorporate concepts from the private sector guidance
Internal Control—Integrated Framework issued by the Committee of
Sponsoring Organizations (COSO) of the Treadway Commission. Federal
entities should summarize in the representation letter any material
weaknesses relating to financial reporting (including safeguarding), and
compliance (including budget).
Example wording for the representations, where management asserts
that its internal control in place as of the date of the financial statements
and during the years ended provided reasonable assurance that
misstatements, losses, or noncompliance material in relation to the
financial statements would be prevented or detected on a timely basis is
provided in FAM 1001 A (item #14). If there are material weaknesses,
management should include a brief description of them in its
representation letter and modify its assertion accordingly.
Representations Relating to Fraud
.14 Internal control representations related to fraud can be found in AU 316.
These representations, examples for which are provide in FAM 1001 A,
relate to management’s
• acknowledging its responsibility for the design and implementation of
programs and controls to prevent and detect fraud (item #17);

Reporting
• disclosing knowledge of any fraud or suspected fraud affecting the
agency involving management, employees who have significant roles
in internal control, or others where the fraud could have a material
effect on the financial statements (item #18); and
• disclosing knowledge of any allegations of fraud or suspected fraud
affecting the entity received in communications from employees,
former employees, analysts, regulators, or others (item #19).
Representations Relating to Financial Management Systems’
Substantial Compliance with FFMIA Requirements
.15 FFMIA requires the auditor who audits the financial statements of a CFO
Act agency to report whether the agency’s financial management systems
substantially comply with (1) federal financial management systems
requirements, (2) applicable federal accounting standards (U.S. generally
accepted accounting principles), and (3) the SGL at the transaction level.
To report in accordance with FFMIA, the auditor should obtain
representations from management as to the agency’s systems’ substantial
compliance with these requirements.
.16 The auditor should obtain representations that management is
responsible for having its systems substantially comply with the FFMIA
requirements, stating that it has assessed the systems’ compliance, stating
the criteria used, and asserting the systems’ substantial compliance (or
lack thereof). The criteria are the requirements in OMB Circular No. A-
127, Financial Management Systems, which incorporates the SGL, the
JFMIP/OFFM Federal Financial Management Systems Requirements
documents, and other OMB circulars. These requirements are further
described, including indicators of substantial compliance, in OMB’s
FFMIA implementation guidance for CFOs and IGs, referenced in OMB’s
audit guidance. Example FFMIA representations are in FAM 1001 A,
items #20 through #22.
Representations Relating to Compliance with Laws and

Regulations
.17 AU 801.07 provides that representations relating to compliance with laws
and regulations state that management has identified and disclosed to the
auditor all laws and regulations that have a direct and material effect on
the financial statements. Example compliance representations are in
FAM 1001 A, items #23 through #27.
.18 In addition, AT 601 deals with compliance attestation. The auditor need
not follow AT 601 because the auditor is not giving an opinion on
compliance. However, when the auditor determines additional
representations regarding compliance are needed, examples are given in
AT 601.68.

Reporting
Other Representations
.19 FASAB standards require a Statement of Social Insurance for certain
entities. See AICPA publication SOP 04-1, Auditing the Statement of
Social Insurance, (AU 333; SOP 04-1 §36). Example social insurance
representations are in FAM 1001 A, items #28 through #36.
OMB audit guidance includes a representation by management on the
consistency of budgetary data. Example budget data representation is in
FAM 1001 A, item #37.
Further, FASAB SFFAS No. 27, Identifying and Reporting Earmarked
2
Funds, requires financial statement disclosure for earmarked funds. An
example for earmarked and restricted funds representation is in FAM
1001 A, item #38.
Effect of Change in Management on Representation Letter
.20 Sometimes management is reluctant to sign representations for periods
when it did not manage the entity. The auditor may explain to
management that by issuing the financial statements, it is making the
assertions implicit in the financial statements. Management may wish to
understand the transactions and controls supporting the financial
statements, and the auditor may help it do so. Where a change in
management is expected, the auditor may advise the new management to
obtain representations from the old management about the period prior
to the change. Additionally, the auditor may discuss with management
the following to obtain representations when a change in management
occurs:
• Auditing standards require management representations covering all
financial statements presented.
• In the engagement letter (FAM 215) entity management indicated that
it would provide certain representations covering all financial
statements presented.
• New executives may consult with appropriate staff that was present
for the year to determine whether the representations officials will
sign are complete and accurate.
• Representations are made to the best of the signer’s knowledge and
belief.
• Not signing will result in a scope limitation and disclaimer of the
auditor’s opinion.
2
SFFAS No. 27 does not use the term “earmarked” as it is sometimes used to refer to set-asides of
appropriations for specific purposes.
Reporting
1001 A – Example Management Representation Letter
[Entity Letterhead]
[Date of auditor’s report and completion of the audit]

The Honorable [name of Inspector General or Comptroller General]
[Title as Inspector General or Comptroller General of the United States]
[Name of IG entity or U.S. Government Accountability Office]
[Also, include the independent external auditor as an addressee, if appropriate.]
Address
Dear [name(s)]:
We are providing this letter in connection with your audit of the [entity’s] balance sheet
as of September 30, 20X8 and 20X7, [or dates of audited financial statements] and the
related statements of net costs, changes in net position, budgetary resources, social
insurance [if applicable] and custodial activity [if applicable], for the years then ended
(hereinafter referred to as the “financial statements”).
You conducted your audit to (1) express an opinion as to whether the financial
statements are presented fairly, in all material respects, in conformity with U.S. generally
accepted accounting principles, (2) report [or express an opinion] on the entity’s internal
control over financial reporting and compliance with laws and regulations as of
September 30, 20X8 [or date of latest audited financial statements], (3) (For CFO Act
agencies) report whether the [entity’s] financial management systems substantially
comply with federal financial management systems requirements, applicable federal
accounting standards (U.S. generally accepted accounting principles), and the U.S.
Government Standard General Ledger at the transaction level as of September 30, 20X8,
and (4) test for compliance with applicable laws and regulations. In addition, you have
performed certain audit procedures with respect to the [entity’s] 20X8 Management’s
Discussion and Analysis (MD&A) and other supplementary information, which is
included as part of the 20X8 financial statements of the [entity].
(Recommended paragraph) Certain representations in this letter are described as being

limited to matters that are material. For purposes of this letter, matters are considered
material if they involve $XX or more. Items also are considered material, regardless of
size, if they involve an omission or misstatement of accounting information that, in the
light of surrounding circumstances, makes it probable that the judgment of a reasonable
person relying on the information would be changed or influenced by the omission or
misstatement. (OMB audit guidance states that the management representation letter
shall specify management’s materiality threshold used for reporting items in the
management representation letter.)
We confirm, to the best of our knowledge and belief, the following representations made
to you during the audits. These representations pertain to both years’ financial
statements, and update the representations we provided in the prior year:

Reporting
Presentation and Disclosure
1. We are responsible for the fair presentation of the financial statements in
conformity with U.S. generally accepted accounting principles. We are also
responsible for the preparation of the MD&A, and (if any): required supplementary
information (RSI), required supplementary stewardship information (RSSI), and
other supplementary information.
2. The financial statements are fairly presented in conformity with U.S. generally
accepted accounting principles. The MD&A, and (if any) RSI, RSSI, and other
supplementary information are fairly presented and are consistent with the financial
statements.
3. We have made available to you all
a. financial records and related data;
b. where applicable, minutes of meetings of the Board of Directors [or other similar
bodies of those charged with governance] or summaries of actions of recent
meetings for which minutes have not been prepared; and
c. any communications from the Office of Management and Budget (OMB)
concerning noncompliance with or deficiencies in financial reporting practices.
4. There are no material transactions that have not been properly recorded in the
accounting records underlying the financial statements or disclosed in the notes to
the financial statements.
5. There are no uncorrected financial statement misstatements as we have adjusted the
financial statements for all known and likely misstatements you have informed us
of. (or) We believe that the effects of uncorrected financial statement misstatements
summarized in the attached summary are immaterial, both individually and in the
aggregate, to the financial statements taken as a whole. (An example summary is
provided in FAM 595 C.) [If management believes that certain of the identified items
are not misstatements, management’s belief may be acknowledged by adding to the
representation, for example, “We believe that items XX and XX do not constitute
misstatements because (description of reason).”]
6. The [entity] has satisfactory title to all owned assets, including stewardship
property, plant, and equipment. There are no liens or encumbrances on these assets
and no assets have been pledged.
7. We have no plans or intentions that may materially affect the carrying value or
classification of assets and liabilities or that we are required to disclose in the
financial statements.
8. There are no guarantees under which the [entity] is contingently liable that require
reporting or disclosure in the financial statements.
9. Related party transactions including related accounts receivable or payable,
revenues, expenditures, loans, transfers, leasing arrangements, assessments, and
guarantees have been properly recorded and disclosed in the financial statements.

Reporting
10. No material events or transactions have occurred subsequent to September 30, 20X8
[or date of latest audited financial statements], that have not been properly recorded
in the financial statements or disclosed in the notes.
Intra-governmental Activities
11. All intra-entity transactions and balances have been appropriately identified and
eliminated for financial reporting purposes. All intra-governmental transactions and
activities have been appropriately identified, recorded, and disclosed in the financial
statements. We have reconciled [or have been unable to reconcile] material intra-
governmental transactions and balances with the federal entity providing the goods
or services.
Internal Control
12. We are responsible for establishing and maintaining a system of internal control.
13. Pursuant to 31 U.S.C. 3512(c), (d) (commonly known as the Federal Managers’
Financial Integrity Act), we have assessed the effectiveness of the [entity’s] internal
control in achieving the following objectives:
a. Reliability of financial reporting: Transactions are properly recorded, processed,
and summarized to permit the preparation of the financial statements in
accordance with U.S. generally accepted accounting principles, and assets are
safeguarded against loss from unauthorized acquisition, use, or disposition.
b. Compliance with applicable laws and regulations: Transactions are executed in
accordance with laws governing the use of budget authority; other laws and
regulations that could have a direct and material effect on the financial
statements, and any other laws and regulations identified in OMB audit guidance.
[This item is optional if the auditor is not opining on internal control. Also, if the
agency bases its internal control assessment on suitable criteria other than 31 U.S.C.
3512(c), (d), cite the criteria used (for example, Internal Control—Integrated
Framework issued by the Committee of Sponsoring Organizations (COSO) of the
Treadway Commission).]
14. Those controls in place on September 30, 20X8 [or date of latest audited financial
statements], and during the years ended 20X8 and 20X7, provided reasonable
assurance that the foregoing objectives are met. [Delete this item if the auditor is not
opining on internal control.]
[If there are material weaknesses:
Those controls in place on September 30, 20X8, and during the years ended 20X8
and 20X7, were not effective to provide reasonable assurance that the foregoing
objectives were met because of the effects of the material weaknesses discussed
below or in an attachment.]
15. We have disclosed to you all significant deficiencies in the design or operation of
internal control that could adversely affect the [entity’s] ability to meet the internal
control objectives and identified those we believe to be material weaknesses (or
determined that none is a material weakness). [This item is optional if the auditor is
not opining on internal control.]

Reporting
16. There have been no changes to internal control subsequent to September 30, 20X8
[or date of latest audited financial statements], or other factors that might
significantly affect the effectiveness of internal control. [If there were changes,
describe them, including any corrective actions taken with regard to any significant
deficiencies or material weaknesses.]
Fraud
17. We acknowledge our responsibility for the design and implementation of programs
and controls to prevent and detect fraud (intentional misstatements or omissions of
amounts or disclosures in financial statements and misappropriation of assets that
could have a material effect on the financial statements).
18. We have no knowledge of any fraud or suspected fraud affecting the [entity]
involving:
a. management,
b. employees who have significant roles in internal control, or
c. others where the fraud could have a material effect on the financial statements.
[If there is knowledge of any instances, describe them.]
19. We have no knowledge of any allegations of fraud or suspected fraud affecting the
[entity] received in communications from employees, former employees, or others.
[If there is knowledge of any such allegations, they should be described.]
Compliance of Systems with FFMIA
[For CFO Act agencies subject to the Federal Financial Management Improvement Act of
1996 (FFMIA)]
20. We are responsible for implementing and maintaining financial management
systems that substantially comply with federal financial management systems
requirements, federal accounting standards (U.S. generally accepted accounting
principles), and the U.S. Government Standard General Ledger at the transaction
level.
21. We have assessed the financial management systems to determine whether they
substantially comply with those federal financial management systems
requirements. Our assessment was based on guidance issued by OMB.
22. The financial management systems substantially complied with federal financial
management systems requirements, federal accounting standards, and the U.S.
Government Standard General Ledger at the transaction level as of [date of the
latest financial statements].
[If the financial management systems substantially comply with only one or two of
the above elements, modify as follows:
As of [date of financial statements], the [agency’s] financial management
systems substantially comply with [specify which of the three elements for
which there is substantial compliance (e.g., federal accounting standards and
the SGL at the transaction level)], but did not substantially comply with [specify
which of the elements for which there was a lack of substantial compliance

Reporting
(e.g., federal financial management systems requirements)], as described below
(or in an attachment).]
[If the financial management systems do not substantially comply with any of these
three elements, use the following paragraph:
As of [date of financial statements], the [agency’s] financial management
systems do not substantially comply with the federal financial management
systems requirements.]
[If there is a lack of substantial compliance with one or more of the three
requirements, identify all the facts pertaining to the noncompliance, including the
nature and extent of the noncompliance and the primary reason or cause of the
noncompliance.]
Laws and Regulations
23. We are responsible for the [entity’s] compliance with applicable laws and
regulations.
24. We have identified and disclosed to you all laws and regulations that have a direct
and material effect on the determination of financial statement amounts [may list
laws and regulations].
25. There are no
a. violations or possible violations of laws or regulations whose effects we should
evaluate for disclosure in the financial statements or as a basis for recording a
loss contingency,
b. material liabilities or gain or loss contingencies that are required to be accrued
or disclosed that have not been accrued or disclosed, or
c. unasserted claims or assessments that are probable of assertion and must be
disclosed that have not been disclosed.
[When there is no general counsel and management has not consulted legal counsel
regarding contingencies, the auditor should obtain a written representation from
management that legal counsel has not been consulted. Example wording is: “We
are not aware of any pending or threatened litigation, claims, or assessments or
unasserted claims or assessments that are required to be accrued or disclosed in the
financial statements in accordance with SFFAS No. 5. We have not consulted legal
counsel concerning litigation, claims, or assessments.” (See FAM 1002.24)
26. We have complied with all aspects of contractual agreements that would have a
material effect on the financial statements in the event of noncompliance.
27. We are not aware of any violations of the Antideficiency Act that we must report to
the Congress and the President (and provide a copy of the report to the Comptroller
General) for the year ended September 30, 20x8, (or, we have reported all known
violations of the Antideficiency Act) and through the date of this letter.

Reporting
Statement of Social Insurance
[For entities presenting a Statement of Social Insurance (SOSI) see AICPA publication
SOP 04-1, Auditing the Statement of Social Insurance, (SOP 04-1 §36) which suggests
the following management representations.]
28. Management is responsible for the assumptions and methods used in the
preparation of the SOSI. Management agrees with the actuarial methods and
assumptions used by the entity’s actuary and have no knowledge or belief that
would make such methods or assumptions inappropriate in the circumstances.
Management did not give any instructions, nor cause any instructions to be given to
the entity’s actuary with respect to values or amounts derived, and is not aware of
any matters that have affected the objectivity of the entity’s actuary. Management
believes that the actuarial assumptions and methods used to measure the amounts
in the SOSI for financial accounting purposes are appropriate in the circumstances.
29. Actuarial assumptions and methods used to measure the amounts in the SOSI for
financial accounting and disclosure purposes represent management’s best
estimates regarding future events based on demographic and economic assumptions
and future changes mandated by law.
30. There were no material omissions from the data provided to the entity’s actuary for
the purpose of determining the actuarial present value of the estimated future
income to be received and estimated future expenditures to be paid during the
projection period sufficient to illustrate the long-term sustainability of (name of the
social insurance program) as of (dates of SOSI presented).
31. The SOSI covers a projection period sufficient to illustrate the long-term
sustainability of the social insurance program.
32. Management provided the auditor with all the reports developed by external review
groups appointed by the entity or the program’s trustees related to estimates in the
SOSI.
33. The following matters relating to the SOSI have been disclosed properly in the notes
to the financial statements:
a. The accumulated excess of all past cash receipts, including interest on
investments, over all past cash disbursements within the social insurance
program represented by the fund balance at the valuation date.
b. An explanation of how the net present value is calculated for the closed group.
c. Comparative financial information for items in paragraphs 2a, 2b 2c and 2d (1)
of SOP 04-1, for the current year and for each of the preceding four years.
(Note any preceding years that are unaudited).
d. Significant assumptions used in preparing estimates
34. There have been no changes in (or, changes in the following have been properly
reported or disclosed in) the actuarial methods or assumptions used to calculate
amounts recorded or disclosed in the financial statements between
a. the valuation dates (for example: of January 1, 20x8 and January 1, 20x7) or
changes in the method of collecting data, and
Reporting
b. the valuation date (for example: of January 1, 20x8), and the financial reporting
date (of September 30, 20x8) or changes in the method of collecting data.
35. There have been no changes in (or, changes in the following have been properly
reported or disclosed in) laws and regulations affecting social insurance program
income and benefits between
a. the valuation dates (for example: January 1, 20x8 and January 1, 20x7)
b. the valuation date (for example: January 1, 20x8) and the financial reporting
date (of September 30, 20x8).
36. Accounting estimates applicable to the financial information of the entity included
in the SOSI are based on management’s best estimate, after considering past and
current events and assumptions about future events.
Budgetary and Restricted Funds
[OMB audit guidance includes a representation by management on the consistency of
budgetary data in the following paragraph.]
37. The information presented in the (entity’s) Statement of Budgetary Resources
(materially - defined in paragraph 2 on page 1001 A-1) agrees with information
submitted in its year-end Reports on Budget Execution and Budgetary Resources
(SF-133s). The information will be used as input for fiscal year 20x8 actual column
of the Program and Financing Schedules reported in the fiscal year 20x0 Budget of
the U.S Government. This information is supported by the related financial records
and data.
38. We have disclosed in the financial statements all material earmarked funds1 as
defined by FASAB SFFAS No. #27 and all material restricted funds.
________________________________
[Name of Head of Entity]
[Title]
________________________________
[Name of Chief Financial Officer]
[Title]
Attachment
1
SFFAS No. 27 does not use the term “earmarked” as it is sometimes used to refer to set-asides of
appropriations for specific purposes.

Reporting

Reporting
1002 - Inquiries of Legal Counsel

.01 FAM 1002 provides guidance on procedures to obtain evidence that the
1
financial accounting and reporting of contingencies regarding litigation,
claims, and assessments conform with U.S. generally accepted accounting
principles (U.S. GAAP). FAM 1002 discusses the accounting and reporting
guidance and audit procedures for inquiries of legal counsel concerning
litigation, claims, and assessments, and includes an example audit program
at FAM 1002 A; an example legal representation letter request at FAM 1002
B; and a legal representation letter response at FAM 1002 C.
Accounting and Reporting Guidance
.02 Entity management is responsible for implementing policies and
procedures to identify, evaluate, account for, and disclose litigation,
claims, and assessments as a basis for the preparation of financial
statements in conformity with U.S. GAAP.
.03 Statement of Federal Financial Accounting Standards (SFFAS) No. 5,
Accounting for Liabilities of the Federal Government, as amended by
SFFAS No. 12, Recognition of Contingent Liabilities Arising from
Litigation, contains accounting and reporting standards for loss
contingencies, including those arising from litigation, claims, and
assessments.2 The Federal Accounting Standards Advisory Board (FASAB)
Interpretation No. 2, Accounting for Treasury Judgment Fund
Transactions, provides additional guidance related to claims to be paid
3
through the Treasury Judgment Fund. Statement of Financial Accounting
Standards (FAS) No. 5, Accounting for Contingencies, also provides
guidance for financial accounting and reporting for loss and gain
contingencies for government corporations and entities following U.S.
GAAP for the private-sector promulgated by the Financial Accounting
Standards Board (FASB). The definition of probable for legal contingencies
is essentially the same in FAS No. 5 and SFFAS No. 5.
.04 A contingency is an existing condition, situation, or set of circumstances
involving uncertainty as to possible gain or loss to an entity. The
uncertainty will ultimately be resolved when one or more future events
occur or fail to occur. When a loss contingency exists, the likelihood that
the future event or events will confirm the loss or impairment of an asset
1
Including environmental and disposal liabilities -- a contingency that is often a significant issue for the
federal government.
2
SFFAS No. 7 has guidance for reporting claims for tax refunds. Rather than recognizing probable claims
and disclosing other claims in the notes to the financial statements, SFFAS No. 7 indicates that other
claims for refunds that are probable should be included as supplementary information.
3
A permanent, indefinite appropriation, commonly known as the Judgment Fund, is available to pay final
judgments, settlement agreements, and certain types of administrative awards against the United States
when payment is not otherwise provided for. The Secretary of the Treasury certifies all payments from the
fund. (See 31 U.S.C. 1304, Judgments, awards, and compromise settlements.) FASAB Interpretation No. 2
clarifies how federal entities report the costs and liabilities arising from claims to be paid by the Judgment
Fund and how the Judgment Fund accounts for the amounts that it is required to pay on behalf of federal
entities.

Reporting
or the incurrence of a liability can range from remote to probable. SFFAS
Nos. 5 and 12 use the terms remote, reasonably possible, and probable to
identify three areas within the range of probability, as follows:
• Remote—The chance of the future event or events occurring is slight.
• Reasonably possible—The chance of the future event or events
occurring is more than remote but less than probable.
• Probable—For pending or threatened litigation and unasserted claims,
the future confirming event or events are likely to occur. (For other
contingencies, the future event or events are more likely than not to
occur.)
.05 The entity should recognize a liability and a related charge to expense for
4
an estimated loss from a loss contingency only when
a. a past event or exchange transaction has occurred,
b. a future outflow or other sacrifice of resources is probable, and
c. the future outflow or sacrifice of resources is measurable.
.06 Disclosure of the nature of an accrued liability for loss contingencies,
including the amount accrued, may be necessary for the financial
statements not to be misleading. For example, if the amount recognized is
large or unusual, the entity should determine whether to disclose the
contingency. However, if no accrual is made for a loss contingency because
one or more of the conditions in FAM 1002.05 are not met, the federal
government and its entities should report contingent losses that involve
situations where there is at least a reasonable possibility that a loss has
been incurred.
The entity should disclose the nature of the contingency, and an estimate
of the possible liability or range of possible liability, if estimable, or a
statement that such an estimate cannot be made. The reporting of
contingent losses depends on the likelihood that a future event or events
will confirm the loss or impairment of an asset or the incurrence of a
liability. Terms used to assess the likelihood of loss are remote, reasonably
possible, and probable as discussed in FAM 1002.04.
Contingent losses that are assessed as probable and measurable are
accrued in the financial statements. Losses that are assessed to be at least
reasonably possible are disclosed in the notes. For an overview of the
standards that provide criteria for how federal agencies are to account for
contingent losses based on the likelihood of the loss and the measurability,
see table 1 below:
4
If the Judgment Fund will pay the claim, the entity still recognizes the liability and cost at this time.
Once the claim is settled or a court judgment is assessed and the Judgment Fund is determined to be the
appropriate source for payment, the entity reduces the liability by recognizing an (imputed) financing
source. Note that for Judgment Fund payments made under the Contract Disputes Act and the Notification
and Federal Employee Antidiscrimination and Retaliation Act, the entity establishes a payable to
reimburse the Judgment Fund.

Reporting
Table 1: Accounting for Contingent Losses
Likelihood of future Loss amount can be Loss range can be Loss amount or range
outflow or other reasonably measured reasonably measured cannot be reasonably
sacrifice of measured
resources
Probable: Future Accrue the liability Accrue liability of best Disclose nature of
confirming event(s) are estimate or minimum contingency and include
likely to occur amount in loss range if a statement that an
there is no best estimate cannot be
estimate, and disclose made
nature of contingency
and range of estimated
liability
Reasonably possible: Disclose nature of Disclose nature of Disclose nature of

Possibility of future contingency and contingency and contingency and include
confirming event(s) estimated amount. estimated loss range. a statement that an
occurring is more than estimate cannot be
remote and less than made
likely
Remote: Possibility of No action is required No action is required No action is required

future event(s)
occurring is slight
Management decides what to report. The auditor evaluates whether

management’s reporting is in accordance with U.S. GAAP.
In addition, if the Judgment Fund might be involved in the payment of the
possible loss, the federal entity involved in the litigation should discuss the
Judgment Fund’s role in a note to the financial statements.
.07 Although management often relies on advice of legal counsel about the
(a) likelihood of an unfavorable outcome and (b) estimates of the amount
or range of potential loss for litigation, claims, and assessments,
management is ultimately responsible for determining whether these
contingencies are probable, reasonably possible, or remote. Management
does this to decide whether they should be recognized as liabilities and/or
disclosed in the notes to the financial statements. Thus, the Office of
Management and Budget’s (OMB) audit guidance requires CFO Act entity
management to prepare a schedule summarizing legal contingencies
including whether they are probable, reasonably possible, or remote, and
whether (and in what amounts) they have been accrued or disclosed in the
financial statements. An Example Management Summary Schedule is
provided at FAM 1002 D.
Audit Procedures
.08 The auditor should design procedures to test the entity’s accounting for
and disclosure of litigation, claims, and assessments. AU 337 (SAS #12)
provides guidance on the procedures to identify litigation, claims, and

Reporting
assessments to evidence that they are appropriately accounted for and
disclosed. AU 9337 provides auditing interpretations of AU 337. OMB audit
guidance also contains procedures for inquiries of legal counsel. (See FAM
1002 A for example audit procedures.)
.09 The auditor should obtain evidence relevant to the following factors with
respect to litigation, claims, and assessments:
a. The existence of a condition, situation, or set of circumstances
indicating uncertainty as to the possible loss to an entity arising from
litigation, claims, and assessments.
b. The period in which the underlying causes for legal action occurred.
c. The likelihood of an unfavorable outcome (probable, reasonably
possible, or remote).
d. The amount or range of potential loss, if estimable.
.10 The auditor may discuss with management the events or conditions in
accounting for and reporting of litigation, claims, and assessments. The
auditor should perform audit procedures to corroborate the information
provided by management, including requesting that management send a
legal letter request to the entity’s legal counsel.
.11 A letter from legal counsel to the auditor, in response to a legal letter
request from management to legal counsel, is the auditor’s primary means
of corroborating the information furnished by management concerning the
accuracy and completeness of litigation, claims, and assessments. The
auditor should ask management to have the legal letter request include
either (1) a list of pending or threatened litigation, claims, and
assessments, or (2) a request by management that legal counsel prepare
the list. The auditor should also ask management to have the legal letter
request include a list of unasserted claims and assessments the lawyer
determined probable of assertion, and that, if asserted, would have at least
a reasonable possibility of an unfavorable outcome, to which legal counsel
has devoted substantive attention on the entity’s behalf in the form of legal
consultation or representation (or a statement that management is not
aware of any matters meeting the criteria). The auditor should obtain
assurance from management, ordinarily in writing, that it has disclosed all
unasserted claims when it is considered probable that a claim will be
asserted and there is a reasonable possibility that the outcome will be
unfavorable.
Legal counsel then would supplement management’s information about
those unasserted claims and assessments, including an explanation of any
matters where their views differ from those expressed by management in
the legal letter request. In the federal government, where the general
counsel may be part of management, the general counsel may instead
provide the list of unasserted claims or assessments meeting the above
criteria.

Reporting
The auditor should ask management to have the legal letter request include
a request for legal counsel to make a statement that they will advise
management about unasserted claims and assessments that management
should evaluate for disclosure. See the example request at FAM 1002 B and
example response at FAM 1002 C.
.12 The auditor should also perform procedures to learn about certain legal
claims against the government involving interaction between the
government and its environment. This could include events where federal
operations caused (1) hazardous waste for cleanup, (2) accidental damage
to nonfederal property, or (3) other damage to federal property. In these
cases, no monetary damages are being sought, but rather plaintiffs
generally seek that the government either take or cease a particular action,
which if successful, could cost the government significant amounts of
money to comply. An example is a claim that was brought against the
Department of Energy over its classification of certain radioactive waste
for disposal. Because the classification affected how the waste could be
disposed of and thus the cost of disposal, a successful claim could have
resulted in a material increase in the agency’s environmental liabilities.
Auditors should make inquiries of management and legal counsel to
determine whether the entity has such cases that could create a loss
contingency, and whether the entity considered those cases in determining
the amount of liability to be disclosed per FAM 1002.05-1002.06. If such
cases exist, the auditor should apply the procedures in FAM 1002.08-
1002.11 to these cases as well.
Timing of Legal Letter Request and Responses
.13 The auditor generally should perform procedures for inquiries of legal
counsel concerning litigation, claims, and assessments on a timely basis to
give priority to the resolution of potential problem areas and to complete
other procedures. To meet deadlines, the auditor, entity management, and
legal counsel generally should coordinate the timing of legal letter requests,
responses (including interim responses), and related management
schedules. The auditor and the entity management should determine the
due dates for obtaining responses from component units to provide legal
letter responses for the entity’s financial statements as well as for the U. S.
Government’s Consolidated Financial Statements. In setting the due dates,
the auditor and entity management generally should allow management to
inquire of Department of Justice legal counsel on a case-specific basis.
.14 In addition, when an entitywide audit team uses the work of entity
component audit teams, the entitywide and component audit teams
generally should coordinate the timing of legal letter requests, responses,
and management schedules and determine the due dates for the
component financial statements as well as the entitywide financial
statements. The entitywide team generally should receive copies of the
component letters from the component audit teams by the due dates.

Reporting
.15 The legal counsel’s response should include matters that existed at the
balance sheet date and through a date near the completion of the audit. If
the effective date is substantially in advance of the completion of the audit
(for example, earlier than 2 weeks before the completion of the audit), the
auditor should contact the legal counsel for an updated response. To avoid
this situation, the legal letter request may specify the period the legal
counsel’s response is to cover and the date the auditor expects to receive
the response.
.16 To assist the auditor in completing the review of legal matters in a timely
manner (and to assist management in preparing the financial statements),
the auditor may ask management to request legal counsel to submit a
preliminary or interim response covering matters that existed at the
current date and through a point in time reasonably before the completion
of the audit so that a preliminary evaluation of the significance of material
legal matters can be made. This is particularly applicable to large federal
agencies with numerous and complex cases.5
If an interim letter is used, the auditor should ask the entity to request that
legal counsel submit a final or updated response covering matters from the
interim date through the date of audit completion. The entity should
request that the updated response contain only changes or a statement
indicating there are no changes from the interim response and any new
matters from the interim date through the completion of the audit. The
auditor should ask the entity to request that legal counsel date and submit
the final legal representation letter to coordinate with the management
representation letter in FAM 1001.
However, in some cases, the legal representation letters are ready first so
entity management may rely upon them before signing the management
representation letters. In theses cases, the auditor should make oral
inquiries of legal counsel and document whether material changes had
occurred from the date of the legal representation letter to the date of audit
completion. The auditor should plan to receive letters to meet the reporting
deadline in accordance with OMB Circular No. A-136, Financial Reporting
Requirements. See FAM 1002 B for an example legal letter request that
includes requests for interim and updated responses from legal counsel.
Determining a Materiality Level
.17 The auditor and the entity may agree to limit the legal inquiry to matters
that are considered individually or collectively material to the financial
statements, provided that the entity and the auditor have agreed on the
materiality level. The auditor should ask the entity to indicate the
materiality level, if used, in the legal letter request and the entity should ask
the lawyer to include the materiality in the response.
5
For example, for the fiscal year 2007 audit, OMB reporting guidance stated that agencies should submit
interim legal representation letters to Department of Justice, Treasury’s Financial Management Service,
and GAO no later than August 29, 2007. This would allow review of cases before external issuance. Final
legal representation letters were due no later than November 15, 2007.

Reporting
.18 In determining a materiality level for the legal letter, the auditor and the
entity should set the level sufficiently low that the cases not included in the
legal letter would not be material to the financial statements taken as a
whole when aggregated with
(1) other cases not included in the letter,
(2) all other types of contingencies,
(3) all other items that would not be adjusted because they are judged
immaterial (unadjusted misstatements),
(4) all other amounts in the financial statements that would not be tested
directly because they were judged to be immaterial, and
(5) all other items resolved on the basis of materiality considerations.
.19 In aggregating cases, the auditor and the entity may use two levels of
aggregation. First, similar cases are aggregated (such as employment
discrimination cases, harbor maintenance fee cases, spent nuclear fuel
cases, or military promotion board challenges), treated as a group and the
auditor should compare the total with the individual materiality level. The
aggregation generally includes a list of the individual cases and a
discussion of the items of information included in the legal letter for the
aggregated cases (see FAM 1002 B and FAM 1002 C).
Second, cases not included in the legal letter individually or as part of a
group of similar cases are aggregated. The auditor may use a higher
materiality level for such an aggregation. However, the auditor may set this
higher materiality level sufficiently low that the cases not included in the
legal letter would not be material to the financial statements taken as a
whole when aggregated with the other items listed in the previous
paragraph.
.20 Where the entity engages more than one legal counsel, the entity and the
auditor should determine whether matters considered not material
individually would exceed the materiality limit when aggregated. In
addition, when separate legal representation letters are requested on
individual components (such as bureaus or offices) of a consolidated entity
because of individual component audits, the auditor may determine
materiality levels for each component.
Legal Counsels from Whom Information Should be Requested
.21 Most federal entities have a general counsel who has primary responsibility
for and knowledge about the entity’s litigation, claims, and assessments.
The auditor should request entity management to send a legal letter request
to the general counsel. In addition, the auditor should ask the management
and/or general counsel whether the entity used outside legal counsel
whose engagement may be limited to particular matters (e.g., specific
litigation).

Reporting
.22 In the federal government, the main legal counsel outside of the entity is
the Department of Justice.6 The entity’s management, its legal counsel, or
the auditor may consult with Justice as well as other outside legal counsel
to assure completeness and accuracy of the presentation of matters related
to litigation, claims, and assessments. Such consultation may include
requesting a list of pending litigation, claims, and assessments from Justice
or other outside legal counsel, or discussion of specific cases.
.23 The auditor should ask the entity to request that legal counsel cover all
litigation, claims, and assessments pertaining to the federal reporting
entity, including matters handled by Justice and other outside legal counsel
on behalf of the entity. If the general counsel has overall responsibility for
handling and evaluating litigation, claims, and assessments, the evaluation
and responses by general counsel ordinarily are adequate evidence.
However, evidential matter obtained from general counsel is not a
substitute for information that outside legal counsel refuses to furnish to
the auditor.
.24 Where there is no general counsel and management has not consulted legal
counsel, the auditor should obtain a written representation from
management that legal counsel has not been consulted. Such
representation may be incorporated as an item in the management
representation letter. (See FAM 550 and 1001.) An example item is: “We are
not aware of any pending or threatened litigation, claims, or assessments
or unasserted claims or assessments that are required to be accrued or
disclosed in the financial statements in accordance with SFFAS No. 5. We
have not consulted legal counsel concerning litigation, claims, or
assessments.”
Evaluation of Responses
.25 Written responses from legal counsel will vary considerably in the scope of
information provided and in the opinion expressed. In preparing the
responses, legal counsel uses the guidance contained in the American Bar
Association’s Statement of Policy Regarding Lawyers’ Responses to
Auditors’ Requests for Information (ABA Policy Statement) (included in
its entirety in AU 337 C).
.26 The auditor should ask the entity to request that legal counsel cover all
entity components included in the financial statements being audited.
Additionally, legal counsel generally should indicate the disposition of
cases included in the prior year’s letter that are no longer contingencies.
6
The Accounting and Auditing Policy Committee (AAPC) guidance (Technical Release No. 1) clarifies
FASAB Interpretation No. 2, with respect to the Department of Justice’s role related to legal letters in
cases in which Justice’s legal counsels are handling legal matters on behalf of other federal reporting
entities. The letter from the entity’s general counsel may provide sufficient evidence for the auditor. If the
auditor determines that additional evidence is needed about a specific case, the auditor may request entity
management and legal counsel to send a legal letter request to Justice, directed to the lead Justice legal
counsel handling the case, asking that person to provide a description and evaluation directly to the
auditor.

Reporting
.27 The auditor should evaluate each response in terms of sufficiency as
evidence and consider (a) the possible limitations on the scope of legal
counsel’s responses and (b) the lack of sufficient opinion on the resolution
of a case. AU 9337 provides guidance in evaluating legal counsel’s
responses. The auditor should evaluate any “unable to determine” and
vague and unclear responses. The auditor also should evaluate the legal
counsel’s response in light of any other information that comes to the
auditor’s attention.
Possible Limitations on the Scope of Legal Counsel’s Responses
.28 When legal counsel limits the response, the auditor should determine
whether the limitation affects the auditor’s report. Legal counsel may
appropriately limit their response to certain matters. For example, to
matters that (a) legal counsel has given substantive attention to in the form
of legal consultation or representation, and (b) are determined to be
individually or collectively material to the financial statements, provided
the entity and the auditor have reached an understanding on materiality
levels. These limitations are acceptable and do not limit the audit scope.
.29 The following are examples of limitations on legal counsel’s responses that
the auditor should not accept and that would ordinarily result in a scope
limitation:
a. Legal counsel refuses to furnish the requested information. When legal
counsel refuses to furnish the information requested in the legal letter
request, the auditor should evaluate this matter as a scope limitation
sufficient to preclude an unqualified opinion.
b. Legal counsel excludes matters requested. The legal counsel’s
responses may not address all information requested. The auditor
should compare legal counsel’s response with the legal letter request
and determine whether legal counsel has addressed all the information
requested. If legal counsel has excluded any of the requested matters,
the auditor should obtain responses for those matters from legal
counsel. If the auditor is unable to obtain all the information needed,
the auditor should evaluate this as a scope limitation that could be
sufficient to preclude an unqualified opinion.
c. Legal counsel indicates that certain information is being withheld due
to attorney-client privilege. Under the American Bar Association (ABA)
Code of Professional Responsibility, legal counsel is required to
preserve the confidences and secrets of the client. Legal counsel may
disclose confidences to the auditor only with the consent of the client.
If the legal letter request is prepared in accordance with AU 337, the
auditor should expect that legal counsel would be responsive;
otherwise the scope of the audit would be restricted. On the other hand,
explanatory language in the legal letter request or in legal counsel’s
response emphasizing that management or legal counsel does not
intend to waive attorney-client privilege or attorney work-product
privilege does not result in a scope limitation.

Reporting
Lack of Sufficient Opinion on the Resolution of a Case
.30 The following are examples of legal counsel responses that lack sufficient
opinion on the resolution of a case:
a. Uncertainties. Legal counsel may be unable to respond concerning the
likelihood of an unfavorable outcome of litigation, claims, and
assessments or the amount or range of potential loss, because of
inherent uncertainties. In these circumstances, the auditor generally
should conclude that the financial statements are affected by an
uncertainty concerning the outcome of a future event, which is not
susceptible to reasonable estimation. See FAM 580 for reporting on
uncertainties.
b. Unclear responses. Legal counsel sometimes use general terms to
indicate their evaluation of the outcome of a case. The ABA Policy
Statement states that legal counsel may, in the appropriate
circumstances, communicate to the auditor their view that an
unfavorable outcome is “probable” or “remote.” The legal letter
responses may include phrases that mean remote or probable. The
phrases below are examples of opinions that provide sufficient clarity
that the likelihood of an unfavorable outcome is remote:
• “We are of the opinion that this action will not result in any liability
to the entity.”
• “We believe that the plaintiff’s case against the entity is without
merit.”
The following are examples of opinions that indicate significant
uncertainty as to whether the entity will prevail:
• “In our opinion, the entity has a substantial chance of prevailing in
this action.” (A “substantial chance,” a “reasonable opportunity,”
and similar terms indicate more uncertainty than an opinion that the
entity will prevail.)
• “It is our opinion that the entity will be able to assert meritorious
defenses to this action.” (The term “meritorious defenses” indicates
that the court will not summarily dismiss the entity’s defenses; it
does not indicate legal counsel’s opinion that the entity will prevail.)
.31 To avoid unclear and incomplete responses, the auditor generally should
ask management to request legal counsel to use Justice’s standard forms to
describe legal contingencies (see FAM 1002 C-4 to C-6 for examples of
these forms). When legal counsel does not indicate whether the
unfavorable outcome is probable or remote, management and the auditor
should conclude that the outcome is reasonably possible, and management
should determine the disclosure. Management, with legal counsel’s advice,
determines whether cases are probable, reasonably possible, or remote, to
decide whether to recognize them as liabilities and/or disclosed them in the
notes to the financial statements.

Reporting
.32 If the auditor is not certain about legal counsel’s evaluation, the auditor
should discuss the matters with legal counsel and entity management (and
document the oral discussion) and/or obtain written clarification in a
follow-up letter. Sometimes legal counsel may give a clearer indication of
likelihood orally. If legal counsel is unable to give a clear evaluation of the
likelihood of an unfavorable outcome, management should disclose the
uncertainty and the auditor should evaluate the uncertainty’s effect on the
audit report.
Example Legal Letter Request
.33 The legal letter request, which the auditor may assist management to draft,
should be on the audited entity’s letterhead, signed by the Chief Financial
Officer (CFO), or equivalent, and ask that the reply be sent directly to the
auditor with a copy to management by specified due dates. FAM 1002 B
provides an example legal letter request that includes requests for interim
and updated responses from legal counsel and matters that should be
covered in the letter.
Example Legal Counsel’s Responses and Management’s
Schedule
.34 The General Counsel’s response on General Counsel letterhead is sent to
the auditor with a copy to management by the agreed-upon due dates. The
counsel may indicate that the response is provided for the auditor’s use in
connection with the audit.
.35 FAM 1002 C shows an example of a legal counsel response, including the
legal representation letter that should include Justice’s legal contingency
standard forms for each case or group of cases. Forms can be obtained on
Justice’s website at http://www.usdoj.gov/civil/forms/forms.htm and
auditors should check that current forms were used.
.36 FAM 1002 D shows an example of management’s schedule that documents
how the information contained in the legal counsel’s responses was used in
preparing the financial statements. Management should include each case
discussed in the legal letter and indicate (1) the amount accrued for
probable cases and (2) note disclosure for reasonably possible cases,
probable cases where the amount cannot be estimated, and probable cases
where a range of amounts above the accrued amount is estimated.
Practice Aids
.37 The following practice aids are provided at:
FAM 1002 A – Example Audit Procedures for Inquiries of Legal Counsel;
FAM 1002 B – Example Legal Letter Request;
FAM 1002 C – Example Legal Representation Letter, and
FAM 1002 D – Example Management Summary Schedule.

Reporting

Reporting
1002 A – Example Audit Procedures for Inquiries of Legal Counsel

Entity ______________________________________________________________
Period of financial statements _________________________________________
Job code ___________________________________________________________
Example Audit Procedures Done Doc

by/date Ref.
I. Testing Procedures
1) Ask management about the entity’s policies and
procedures for identifying, evaluating, and accounting for
litigation, claims, and assessment.
2) Obtain from management (or the entity’s legal counsel) a

description and evaluation of litigation, claims, and
assessments existing as of the balance sheet date and
through the date of management’s response (see timing of
the audit at FAM 1002.13 to 1002.16).
3) To determine whether an outside legal counsel is

performing services for the entity, inquire of management
whether outside legal counsel has been used by the entity
and the matters handled. Ask management for a list of
pending litigation, claims, and assessments from the
Department of Justice and/or examine correspondence
and invoices from other outside legal counsel (e.g., for
legal fees), if any.
4) Ask whether there have been changes in the status of

general counsel or outside legal counsel such as any
resignations, or intentions to resign. If so, determine if
there are matters that may affect the financial statements.
For example, in appropriate circumstances, a legal
counsel may be required by the ABA Code of Professional
Responsibility to resign the engagement if the legal
counsel’s advice concerning disclosures is disregarded by
the entity.
5) To identify litigation, claims, and assessments read

minutes of management meetings, contracts, loan
agreements, leases, and correspondence from other
government entities and discuss pertinent items with
management.

Reporting

by/date Ref.
6) If information comes to the auditor’ s attention that may

indicate a potential contingency with respect to litigation,
claims, or assessments that may require adjustment to or
disclosure in the financial statements, discuss with the
entity its possible need to consult legal counsel.
Depending on the severity of the matter, refusal by the
entity to consult legal counsel in those circumstances may
result in a scope limitation. Determine the effect of such a
limitation on the auditor’s report.
7) Request entity management to send a legal letter request

to the general counsel asking counsel to respond directly
to the auditor. (Obtain a copy of the legal letter request.)
Determine whether there is a need to request legal letters
from any outside legal counsel. The legal letter should
cover litigation, claims, and assessments pertaining to the
reporting entity, including matters handled by the
Department of Justice or other outside legal counsel. (See
FAM 1002 B for an example legal letter request.)
Coordinate with management and legal counsel to
determine
• the timing of legal letter requests and responses and
related management’s summary/schedules of
information contained in legal responses and
• a materiality level to be included in the legal
representation letter. (FAM 1002.17-.20)
8) Read the legal letter responses and management’s

schedules to identify litigation, claims, and assessments.
9) Compare the description and evaluation of the current

year’s legal letter responses to the prior year’s audit
documentation. If this comparison indicates that certain
legal matters in the prior year are no longer included,
discuss these matters with management or legal counsel
to obtain an understanding of the reasons for the changes.

Reporting

by/date Ref.
10) Determine whether the information in the legal

representation letter is consistent with management’s
schedule summarizing the information in the letter and
related supporting documentation.
11) Document and discuss with legal counsel if the
information obtained is not complete, clear, or
consistent.
12) Evaluate legal counsel’s responses and determine the

effects of the responses on liabilities and related note
disclosures in the financial statements and on the
auditor’s report.
13) If a response date is substantially in advance of the audit

report date, for example, earlier than 2 weeks prior to
date of auditors’ report, obtain a written or oral update
response. (The longer the period between the legal
letter and the audit report date, the more important a
written update becomes.)
II. Reporting Procedures

Obtain a representation from management in the
management representation letter (see FAM 550 and
1001) that the entity has disclosed all unasserted claims
that legal counsel has advised are probable of assertion
that, if asserted, would have at least a reasonable
possibility of an unfavorable outcome and must be
disclosed.
1) Discuss the description and evaluation of litigation,
claims, and assessments obtained with management to
determine if, subsequent to the date of legal counsel’s
response, there have been any changes in status of the
matters, changes in management’s evaluation of the
outcome, or additional matters to be evaluated.
2) If there are significant changes in the status of the

matters or new matters, obtain a written confirmation or
updated response from legal counsel.

Reporting

by/date Ref.
3) Have management include in the management

representation letter representations related to
contingencies and determine if they are appropriately
accrued and disclosed as required by SFFAS No. 5, as
amended. If management has not consulted legal
counsel, obtain a written representation from
management that legal counsel has not been consulted.
This representation may be incorporated in the
management representation letter (see FAM 550 and
1001).
4) Read the entity’s financial statements and notes and

a) evaluate the adequacy of financial statement
disclosure for contingencies with respect to
litigation, claims, and assessments;
b) determine if the financial statement disclosures for

contingencies with respect to litigation, claims, and
assessments are prepared in accordance with OMB
guidance; and
c) for federal entities involved in litigation for which

the Judgment Fund is a likely source of judgment
or settlement, determine if a note to the financial
statements discusses the Judgment Fund’s role in
the payment of a possible loss, as required by
FASAB Interpretation No. 2, Accounting for
Treasury Judgment Fund Transactions.
5) Document conclusions reached concerning the

accounting for and disclosure of litigation, claims, and
assessments, determine if adjustments are necessary,
and whether modification of the auditor’s report is
necessary (see FAM 580).

Reporting
1002 B – Example Legal Letter Request

[Audited Entity Letterhead]
Date: [date]
To: General Counsel
From: Chief Financial Officer [signed]
Subject: [Auditor’s] Audits of 20X8 and 20X7 Financial Statements
Pursuant to [cite applicable legal authority to conduct the audit, such as
31 U.S.C. 3521], [auditor’s name] is auditing the financial statements of
[entity] as of and for the years ended September 30, 20X8, and 20X7.
In performing audits of government entities, auditors comply with
Government Auditing Standards, issued by the Comptroller General of
the United States (the “yellow book”). For financial statement audits,
Government Auditing Standards incorporate the fieldwork and reporting
standards of the American Institute of Certified Public Accountants
(AICPA) and the Statements on Auditing Standards that interpret them.
Consistent with AU 337 of the AICPA’s Codification of Statements on
Auditing Standards, [auditor] has inquired about litigation, claims, and
assessments to obtain evidence as to the financial accounting and
reporting of such matters in the financial statements. The purpose of this
letter is to request your assistance in responding to that inquiry. The
American Bar Association Statement of Policy Regarding Lawyers’
Responses to Auditors’ Request for Information (December 1975)
provides guidance for the lawyer’s response to the auditor’s request.
In accordance with Statement of Federal Financial Accounting Standards
(SFFAS) No. 5, Accounting for Liabilities of the Federal Government, as
amended by SFFAS No. 12, and Interpretation No. 2 of SFFAS No. 4 and 5,
[entity] may need to report certain information in its financial statements
and notes concerning contingent liabilities for litigation, claims, and
assessments. We request that you provide [auditor] (with a copy to me)
information on matters with respect to which you have been engaged and
to which you have devoted substantive attention on behalf of [entity] in the
form of legal consultation or representation.
Please furnish an interim response by [agreed-upon date], but no later than
(insert date such as August 29, 20x8), including matters that existed as of
July 31, 20X8. Please furnish an updated response by [agreed-upon date]
but no later than (insert date such as October 31, 20x8) that includes any
new legal matters from August 1 through October 31, 20x8, and any
significant changes from your interim response or furnish a statement that
there are no new changes. (For CFO Act Audits only; the auditor and entity
should determine appropriate timing for other audits.)

Reporting
Please include any cases1 with respect to which you have been engaged and
to which you have devoted substantive attention on behalf of the [entity] in
the form of legal consultation or representation, even those cases for
which you believe the Judgment Fund or some financing source other than
[entity]’s budgetary resources will pay any potential loss. Under U.S.
generally accepted accounting principles, these amounts will be included
as liabilities or disclosure items in the [entity]’s financial statements. Please
aggregate cases similar in nature where appropriate. Please list the matters
in order of the amount of potential loss, starting with the largest.
Pending or Threatened Litigation (excluding unasserted claims)
We and [auditor] have determined that any matters (1) for which the
amount of potential loss exceeds $XX, individually or in the aggregate for
similar cases, or (2) for which the amount of potential loss exceeds $XXX
in the aggregate for cases not listed individually or as part of similar cases,
could be material to the financial statements. We request that you provide
to [auditor] the information described below about pending or threatened
litigation where the amount of potential loss exceeds $XX:
1. The nature of the matter. Include a description of the case or cases and
amount claimed, if specified.
2. The progress of the case to date.
3. The government’s response or planned response (for example, to
contest the case vigorously or to seek an out-of-court settlement).
4. An evaluation of the likelihood of unfavorable outcome. Please
categorize likelihood as probable (an unfavorable outcome is likely to
occur), reasonably possible (the chance of an unfavorable outcome is
less than probable but more than remote), or remote (the chance of an
unfavorable outcome is slight).
5. An estimate of the amount or range of potential loss, if one can be
made, for losses considered to be probable or reasonably possible.
6. The name of the [entity]’s legal counsel handling the case and names of
any outside legal counsel/other lawyers representing or advising the
government in the matter (Department of Justice or outside law firms).
We also request that you identify litigation reported in your prior year legal
representation letter as pending or threatened that is no longer pending or
threatened and a short description of the disposition.
1
This includes any cases that do not seek monetary damage awards, but would require the government to
use financial resources to implement remedies or actions sought by litigation or unasserted claims (for
example, to increase the scope of, or change to a more costly methodology of, environmental restoration
and cleanup)

Reporting
Unasserted Claims and Assessments
[If legal counsel is a part of management use this paragraph.] Please
provide the following information for all unasserted claims and
assessments that you consider to be probable of assertion and which, if
asserted, would have at least a reasonable possibility (more that remote) of
an unfavorable outcome (1) for which the amount of potential loss
exceeds over $XX, individually or in the aggregate for similar cases, or (2)
for which the amount of the potential loss exceeds $XXX in the aggregate
for cases not listed individually or as part of similar cases, involving
matters to which you have devoted substantive attention.
[If legal counsel is not part of management, such as an outside legal
counsel, use this paragraph.] We have provided an attachment to this
request that lists the unasserted claims and assessments that we believe
are probable of assertion and which, if asserted, would have at least a
reasonable possibility (more than remote) of an unfavorable outcome (1)
for which the amount of potential loss exceeds $XX, individually or in the
aggregate, for similar cases, or (2) for which the amount of potential loss
exceeds $XXX in the aggregate for cases not listed individually or as part of
similar cases, involving matters to which you have devoted substantive
attention. Please provide the following information for each matter and for
any additional matters that you believe meet these criteria.
1. A description of the nature of the matter.
2. The government’s planned response if the claim is asserted.
3. An evaluation of the likelihood of an unfavorable outcome. (Categorize
likelihood as probable (likely to occur) or reasonably possible (less
than probable but more than remote).)
4. An estimate of the amount or range of potential loss, if one can be
made.
Please specifically confirm to [auditor] that our understanding of the
following is correct: Whenever, in the course of performing legal services
for us, with respect to a matter recognized to involve an unasserted
possible claim or assessment that may call for financial statement
disclosure, if you have formed a professional conclusion that we should
disclose or consider disclosure concerning such possible claim or
assessment, as a matter of professional responsibility to us, you will (1)
advise us of your conclusion and (2) consult with us concerning the
question of such disclosure and the applicable requirements of SFFAS No.
5, as amended.
We request that you describe the cases using the Department of Justice
forms (one for pending or threatened litigation, another for unasserted
claims). To obtain the current forms, go to the Department of Justice
website at http://www.usdoj.gov/civil/forms/forms.htm.

Reporting
Please separately identify any pending or threatened litigation and
unasserted claims with respect to which you have been engaged and to
which you have devoted substantive attention on behalf of the [entity] in
the form of legal consultation or representation for which you believe
another government entity will be responsible for any potential liability.
Please specifically identify the nature of and reasons for any limitations on
your response to this request.
Please address your reply to [auditor], and contact them at (phone
number), when your reply is available for pick up, and send a copy of your
reply to me. Do not hesitate to contact me or [auditor] if you have any
questions about this request.

Reporting
1002 C – Example Legal Representation Letter

[General Counsel Letterhead]
[Date]
[Auditor]
[Title]
[Agency or Firm Name]
[City]
Subject: Legal Response in Connection with the 20X8 and 20X7 Financial Statement
Audits of [entity name]
Dear [Auditor]:
As General Counsel of [entity], I am writing in response to the legal letter request from
the [entity]’s Chief Financial Officer (CFO) dated [date], in connection with the audit of
[entity]’s financial statements as of and for the years ended September 30, 20X8 and 20X7
[see FAM 1002 B]. [In an interim response, add “I will, as further requested by the CFO,
provide an updated response by [date].”]
I call your attention to the fact that as General Counsel for [entity], I have general
supervision of [entity]’s legal affairs. [If the general legal supervisory responsibilities of
the person signing the letter are limited, set forth a clear description of those legal
matters over which the signer exercises general supervision, indicating exceptions to
such supervision and situations where the auditor may primary rely on other sources.]
In such capacity, I have reviewed litigation and claims threatened or asserted involving
[entity] and have consulted with outside legal counsel about them when I have deemed
appropriate.
Subject to the foregoing and to the last paragraph of this letter, I advise you that since
[insert date of beginning of period under audit] neither I, nor any of the lawyers over
whom I exercise general legal supervision, have given substantive attention to, or
represented [entity] in connection with (1) loss contingencies [over the amount of (state
materiality level agreed to with auditor and stated in request letter, for example $1
million)], or (2) loss contingencies that are less than or equal to [for example, $1 million]
but in the aggregate exceed, [for example, $5 million] coming within the scope of clause
(a) of Paragraph 5 of the Statement of Policy referred to in the last paragraph of this
letter, except as follows:
[Describe litigation and claims that fit the foregoing criteria as follows. General Counsel
may use current Department of Justice forms to describe the cases (one for pending or
threatened litigation, another for unasserted claims); see the DOJ website at
1
http://www.usdoj.gov/civil/forms/forms.htm.]
1
It is expected that cases or matters will be aggregated where appropriate.

Reporting
Pending or Threatened Litigation
(Excluding unasserted claims and assessments, which are discussed below)
1. Nature of the matter (include a description of the case or cases and amount claimed,
if specified).
2. Progress of the case to date.
3. Current or intended response.
4. Evaluation of the likelihood of an unfavorable outcome (categorize likelihood as
probable, reasonably possible, or remote).
5. Estimated amount or range of potential loss, if determinable, for losses considered to
be probable or reasonably possible.
6. Name of [entity]’s legal counsel handling the case and names of any outside legal
counsel representing or advising the government in the matter.
Pending or threatened litigation that was reported in the prior year’s legal representation
letter, which is no longer pending or threatened is as follows
[Identification of litigation with a short description of its disposition.]
With respect to matters that have been specifically identified as contemplated by clauses
(b) or (c) of paragraph 5 of the ABA Statement of Policy, I advise you, subject to the last
paragraph of this letter, as follows:
Unasserted Claims and Assessments
(considered to be probable of assertion and which, if asserted, would have at least a
reasonable possibility of an unfavorable outcome)
1. Nature of the matter.
2. Intended response if claim would be asserted.
3. Evaluation of the likelihood of an unfavorable outcome. (Categorize likelihood as
probable or reasonably possible.)
4. Estimated amount or range of potential loss, if determinable.
*****
The information set forth herein is [(as of the date of this letter) or (as of (insert date),
the date on which we commenced our internal review procedures for purposes of
preparing this response)], except as otherwise noted. [If an interim response, add “Upon
receipt of a request to update the response, I will provide an updated response, which is
due on [date],”] {If a final response: I disclaim any undertaking to advise you of changes
that, after the date of this letter, may be brought to my attention or the attention of our
lawyers over whom I exercise general legal supervision.}
[The following language is generally consistent with AU 337C).

Reporting
This response is limited by, and in accordance with, the ABA Statement of Policy
Regarding Lawyers’ Responses to Auditors’ Requests for Information (December 1975);
without limiting the generality of the foregoing, the limitations set forth in such
statement on the scope and use of this response (Paragraphs 2 and 7) are specifically
incorporated herein by reference, and any description herein of any “loss contingencies”
is qualified in its entirety by Paragraph 5 of the statement and the accompanying
commentary (which is an integral part of the statement).
Consistent with the last sentence of Paragraph 6 of the ABA Statement of Policy, this will
confirm as correct the [entity]’s understanding that whenever, in the course of
performing legal services for the [entity] with respect to a matter recognized to involve
an unasserted possible claim or assessment that may call for financial statement
disclosure, I have formed a professional conclusion that the [entity] must disclose or
consider disclosure concerning such possible claim or assessment, I, as a matter of
professional responsibility to [entity], will so advise the [entity] and will consult with the
[entity] concerning the question of such disclosure and the applicable requirements of
Statement of Federal Financial Accounting Standards (SFFAS) No. 5, Accounting for
Liabilities of the Federal Government, as amended by SFFAS No. 12, and Interpretation
Number 2 of SFFAS No. 4 and 5.
[Describe any other or additional limitation as indicated by Paragraph 4 of the
statement.]
Sincerely yours,
_______________________________________
[Name of General Counsel]
[Title]
cc: Chief Financial Officer
Attachments (DOJ forms or other case information)

Reporting

Reporting
1002 D - Example Management Summary Schedule
The auditor should see that management prepare this schedule (or equivalent) summarizing the information contained in the legal letters.
In particular, the auditor should determine that management has concluded as to the likelihood of loss about each case to determine
whether an amount should be recorded in the financial statements and/or if note disclosure is necessary for the financial statements to
conform with U.S. GAAP. Although most information comes directly from the legal letter, the auditor should determine that financial staff
have accurately added the information in the last two columns to indicate the disposition of each case in the financial statements.
Management's Schedule of Information Contained in Legal Letter Responses

for Financial Reporting Purposes
Amounts in thousands
1 2 3 4 5 6 7
Amount or range Disposition in
Amount Name of case/ Likelihood of potential loss financial statements
Reference key claimed related cases of loss
(a) P (b) R/P (c) Upper Amt. recorded Note disclosure
****insert rows here as necessary**** ***insert rows here as necessary*** ***insert rows here as necessary***
TOTALS $ - $ - $ - $ - $ - $ -
Guidance for Preparation:

1. Matters should be listed on this schedule in order of the amount or range of potential loss, starting with the largest.
2. The level of aggregation should generally be at the same level as in the general counsel's letter. However, there may be instances
where the level of aggregation is too high to be able to prepare this schedule in a way that is meaningful. In such cases, the auditor
should request that the CFO work with legal counsel to provide further disaggregation of dissimilar cases. There may also be other
instances in which a higher level of aggregation is desirable. The auditor should request that CFOs use professional judgment,
considering the purpose of this schedule when determining the level of aggregation.

Reporting
1002 D - Example Management Summary Schedule
Column:
1 Reference key: Page number of legal representation letter obtained from General Counsel discussing the case, or
other reference information.
2 Amount claimed: Amount claimed in the litigation, claim, or assessment (if specified)
3 Name of case or related cases: Where appropriate, provide name of case or aggregated cases which meet
materiality threshold.
4 Likelihood of loss: Indicate management's evaluation of the likelihood of loss on individual or aggregated cases.
Options: P: probable (loss likely to occur);
R/P: reasonably possible (the chance of loss is less than probable, but more than remote); or
R: remote (the chance of loss is slight).
5 Amount or range of potential loss:

Options: 5a: Probable (P) -- Provide single estimate or lower end of range, if known. Enter "U" if unknown. (Also
provide column totals.)
5b: Reasonably possible (R/P) -- Provide single estimate or lower end of range, if provided. Enter "U" if
unknown. Also provide column totals.
5c: If amounts in P or R/P are ranges, provide upper end of range; otherwise, enter "n/a."
6 Disposition in financial statements - amount recorded: If applicable, provide corresponding dollar amount
recorded as a liability in the financial statements. (Also provide column totals.)
7 Disposition in financial statements - note disclosure: If applicable, indicate by note reference number
where case information is separately disclosed or included in amounts disclosed in notes to the financial statements.
(Also provide column totals.)

Reporting
1003 - Financial Statement Audit Completion Checklist

Entity:
__________________________________________________________________
Job Code:
__________________________________________________________________
Principal Report:
__________________________________________________________________
__________________________________________________________________
Other Reports (including management reports and testimonies):
__________________________________________________________________
__________________________________________________________________
Instructions
.01 This checklist is a tool to help auditors of financial statements determine
whether they have complied with GAGAS, OMB audit guidance, and the FAM.
The auditor-in-charge (AIC), audit senior, or audit manager should prepare this
checklist before the audit completion date and sign in section VIII. The
assistant director and first partner (audit director) should review this checklist
before the audit completion date and also sign in section VIII. For GAO audits,
the chief accountant or second partner should review the checklist and sign in
section IX when engagement quality control review (previously called a second
partner review) is completed before the audit completion date. If the audit is
conducted at multiple sites, the site supervisor may complete parts of the
checklist for each site (with the AIC, audit senior, or audit manager completing
the overall checklist). While parts of the checklist are useful in audit planning,
no signatures are required on the checklist in the planning phase.
.02 The detailed questions in this checklist are to be answered “Yes”, “No”, or “N/A
(not applicable)”. For most questions, “No” answers indicate departures from
professional standards or from auditor policies. The auditor should explain all
“No” answers in section VII of this checklist and determine the effects and
significance of “No” answers, including any effects on the auditor’s report.
Auditors should check “N/A” when the item does not exist or when the item
exists but is judged to be not material. Because the checklist is designed for a
wide range of financial statement audits, there may be many “N/A” answers. If
the reason why a question is not applicable is not obvious, the auditor should
document the reason on the checklist or in an attachment. It is not necessary to
create additional documentation to support the “Yes” answers, but a column is
provided to insert a reference to related audit documentation (“Ref.”). The
questions are summarized. For most questions, there is a reference to
professional literature that provides more detail.

Reporting
.03 Section V has questions on GAO’s report considerations and section VI has
questions on GAO’s quality control. GAO auditors should complete these
sections. IG auditors and other auditors may use these sections or may
substitute forms that conform to their reporting style and quality controls.
.04 See FAM 650 related to reviewing this checklist (or equivalent) when using the
work of others.
.05 FAM Volume 3 has two checklists, Checklist for Federal Accounting (FAM
2010), and Checklist for Federal Reporting and Disclosures, (FAM 2020),
which superseded the July 2004 FAM 1050 checklist. The two checklists cover
accounting, financial reporting, and disclosure requirements related to federal
financial statements prepared using U.S. GAAP promulgated by FASAB and
includes form and content presentation contained in OMB Circular No. A-136
(June 29, 2007). The AICPA publishes a disclosure checklist for financial
statements prepared using U.S. GAAP promulgated by FASB. Preparers of
entity financial statements may document their conformity with U.S. GAAP by
either
• completing the FAM 2010 and FAM 2020 checklists, or
• completing the AICPA disclosure checklist, as applicable, and a
supplemental checklist for FASAB requirements, or
• completing an equivalent checklist that addresses applicable accounting,
financial reporting, and disclosure requirements.
Preparers should tailor checklists to the needs of their individual entity
financial statements and auditors should review finished checklists for
completeness and accuracy. If the preparer does not complete the checklists,
the auditor should complete FAM 2010 and FAM 2020 or equivalent to
document the conformity of the entity’s financial statements with U. S. GAAP
as discussed in FAM 560.
.06 For GAO’s financial audits, this checklist incorporates, by reference, additional
job-related documentation requirements.
.07 For GAO’s financial audits, the chief accountant or second partner should
perform an engagement quality control review. This review should be
documented on FAM 1003-29. IG auditors and other auditors should determine
the need for a similar review as part of their system of quality control under
GAGAS.

Reporting
CONTENTS
Section Topic Page
I. Planning and Concluding the Audit............................................................................. 4
II. Key Audit Areas ........................................................................................................... 10
III. Consultation ................................................................................................................. 17
IV. Report…........................................................................................................................ 18
V. GAO’s Report Considerations .................................................................................... 23
VI. GAO’s Quality Control................................................................................................. 24
VII. Explanation of “No” Answers and Other Comments.............................................. 27
VIII. Conclusions ................................................................................................................. 28
IX. Engagement Quality Control Review (Second Partner Review)........................... 29
References:
AICPA Professional Standards (vol. 1, Auditing) ............................................................. AU
GAO/PCIE Financial Audit Manual..................................................................................FAM
Government Auditing Standards (2007 edition) ........................................................GAGAS

Reporting
Section I: Planning and Concluding the Audit N/A Yes No* Ref.
1. Has the audit team documented that it has

a. established an understanding with those
contracting for the audit, officials of the entity, or
others defined as the client and those charged
with governance as to the objectives of the work;
management’s responsibilities; auditors’
responsibilities; an overview of the nature, extent,
and timing of planned audit procedures, the form,
general content, and timing of communications;
planned reporting on the financial statements,
internal control, and compliance; the planned
level of assurance; any limitations of the work
and any potential restrictions on the auditor’s
reports; and ____ ____ ____ ____
b. issued an engagement letter, contract, or other

written communication to describe the terms of
the engagement? ___ ___ ___ ___
(FAM 215 and GAGAS, par. 4.06)
2. Was an entrance conference held? (FAM 215 A) ___ ___ ___ ___
3. Does audit documentation contain an understanding

of the entity, its operations, and its internal controls
sufficient to assess risk and plan the audit? (FAM
290.03-.04) ___ ___ ___ ___
4. Does the audit documentation contain an adequate

audit strategy and audit plan? (FAM 290.05 and FAM
290.09) ___ ___ ___ ___

Reporting
5. Did the audit team adequately perform and document

planning steps (FAM 290.05) to include
a. Perform preliminary analytical procedures? (FAM
225) ___ ___ ___ ___
b. Determine planning and design materiality and
tolerable misstatement? (FAM 230) ___ ___ ___ ___
c. Identify the methodology used to assess
computer-related controls and document the
basis for believing that the methodology used is
appropriate? (GAO auditors should use FISCAM.)
___ ___ ___ ___
(FAM 240)
d. Identify significant laws & regulations? (FAM 245) ___ ___ ___ ___
e. Identify relevant budget restrictions? (FAM 250) ___ ___ ___ ___
f. Design the audit to achieve an acceptable level of
audit assurance that the financial statements are
not materially misstated? (GAO uses 95 percent.)
(FAM 260) ___ ___ ___ ___
g. Discuss the susceptibility of the entity’s financial
statements to material misstatement? (FAM 260) ___ ___ ___ ___
h. Assess inherent risk and the overall effectiveness
of the control environment, risk assessment,
communication, and monitoring, including
whether weaknesses in the control environment,
risk assessment, communication, and monitoring
preclude the effectiveness of specific control
activities? (FAM 260) ___ ___ ___ _____
i. Assess fraud risks, including any related to

revenue and to management override of controls,
and exercise professional skepticism throughout _____
_____ _____ _____
the audit? (FAM 260 and FAM 290.08)
j. Brainstorm risk of material misstatement _____
_____ _____ _____
including fraud risk and error risk? (FAM 260)
k. Consider the effects of information technology, _____
_____ _____ _____
including service centers? (FAM 270)
l. Consider operations controls to test? (FAM 275) _____
_____ _____ _____
m. Plan other procedures (representation letters,
related party transactions, sensitive payments)? _____
_____ _____ _____
(FAM 280)

Reporting
5. (continued)
n. Determine locations to be visited? (FAM 285) ___ ___ ___ ____
o. Determine staffing requirements? (FAM 290.05) ___ ___ ___ ____
p. Determine timing of procedures and milestones?
(FAM 290.05) ___ ___ ___ ____
q. Determine extent of assistance from entity

personnel? (FAM 290.05) ___ ___ ___ ____
6. Does the audit strategy consider findings and

recommendations from previous audits that could
affect the current audit objectives? (GAGAS, par. 4.09) ___ ___ ___ ___
7. Did the audit team identify budget controls for each

relevant budget restriction and perform sufficient
work to support the conclusions on internal control?
(FAM 250, 310.06, 330.09) ___ ___ ___ ___
8. Did the audit team identify compliance controls and

perform sufficient work to support the conclusions on
internal control? (FAM 245, 310.05, 330.10) ___ ___ ___ ___
9. Did the audit team use the work of others (CPA firms,
IGs, internal auditors, or specialists)? (FAM 650) ___ ___ ___ ___
10. Did the audit team perform overall analytical

procedures, including documentation of
a. expectations, ___ ___ ___ ___
b. data/sources, ___ ___ ___ ___
c. parameters, ___ ___ ___ ___
d. explanations/corroboration, and ___ ___ ___ ___
e. conclusions? ___ ___ ___ ___
(FAM 590.04)

Reporting
11. Does the documentation indicate that the audit team

properly performed procedures in the reporting phase
of the audit (FAM 590) as follows:
a. Evaluate misstatements, including considering
whether any misstatements are indicative of
fraud? (FAM 540) ___ ___ ___ ___
b. Bring all uncorrected known and likely
misstatements to the attention of entity
management and those charged with
governance? (FAM 540.07) ___ ___ ___ ___
c Obtain attorneys’ representations? (FAM 550.02
and FAM 1002) ___ ___ ___ ___
d. Review subsequent events? (FAM 550.04 and FAM
1005) ___ ___ ___ ___
e. Obtain management representations? (FAM
550.07 and FAM 1001)
___ ___ ___ ___
f. Identify and evaluate related party transactions?
(FAM 550.12 and FAM 1006)
___ ___ ___ ___
g. Communicate with those charged with
governance? (FAM 550.13) ___ ___ ___ ___
h. Review the consistency of other information in

the Annual Financial Report? (FAM 580.77) ___ ___ ___ ___

Reporting
12. Does the audit summary memorandum or equivalent

properly summarize or refer to documentation (FAM
590.02-.03) addressing the following?
a. Any changes from original assessments of the risk
of material misstatement, materiality, or tolerable
misstatement? ___ ___ ___ ___
b. Additional fraud risks or other conditions
identified during the audit calling for an
additional response and the related response? ___ ___ ___ ___
c. The basis for conclusions on significant auditing,
accounting, and reporting issues? ___ ___ ___ ___
d. Conclusions on adequacy of procedures and

___ ___ ___ ___
sufficiency of evidence?
e. The effects of uncorrected misstatements (known
and likely) on the financial statements? ___ ___ ___ ___
f. Conclusions on financial statements? ___ ___ ___ ___
g. Conclusions on internal control? ___ ___ ___ ___
h. Conclusions on whether the entity’s financial
management systems meet the requirements of
FFMIA? ___ ___ ___ ___
i. Conclusions on compliance with laws and

regulations? ___ ___ ___ ___
j. Conclusions on the consistency of accompanying
information with the financial statements?
___ ___ ___ ___
13. Has the audit director determined that communications

have occurred among the audit team members
regarding fraud risks and error risks? (FAM 540.19) ___ ___ ___ ___

Reporting
14. Is there documentation that

a. The director approved deviations from the
“should” procedures in the FAM and the basis for
___ ___ ___ ___
the deviations? (FAM 110.28)
b. The auditor complied with “must” procedures of
professional auditing standards as noted in the
___ ___ ___ ___
FAM? (FAM 110.28 and Appendix B)

Reporting
Section II: Key Audit Areas N/A Yes No* Ref.
Answer the questions below for each key audit area or

cycle. The key audit areas and cycles to which these
questions apply are
____________________________ ____
____________________________________________________
____________________________________________________
____________________________________________________
____________________________________________________
____________________________________________________
1. Did the audit team prepare the documentation

summarizing considerations in planning and
performing the work in the key audit areas and cycles
for
a. Cycle Matrix or an equivalent (or documentation
in Account Risk Analysis or an equivalent)
showing links between accounts, cycles,
applications and line items? (FAM 290.06) ___ ___ ___ ___
b. Account Risk Analysis or an equivalent? (FAM
___ ___ ___ ___
290.07)
c. Cycle Memorandum and/or flowchart or ___
___ ___ ___
equivalents? (FAM 390.05)
d. Specific Control Evaluation or an equivalent? ___ ___ ___ ___
(FAM 390.07)
e. Written audit plan and procedures? (FAM 390.01) ___ ___ ___ ___
2. If conditions changed during the course of the audit,

were the audit strategy, audit plans, and procedures
modified as appropriate in the circumstances,
including evidence of first partner/director approval?
(AU 311.05) ___ ___ ___ ___

Reporting
3. When the audit team performed sampling, did it

properly determine and document the
a. method used in relation to test objectives, ___ ___ ___ ___
b. sample size and the method of determining the
sample size, ___ ___ ___ ___
c. tests performed, ___ ___ ___ ___
d. results (misstatements and deviations found), ___ ___ ___ ___
e. evaluation (including projection to the
population), and ___ ___ ___ ___
f. conclusions? (FAM 490.05a) ___ ___ ___ ___
4. When the audit team performed substantive analytical

procedures, did it properly document
a. expectations and the method used to develop ___
___ ___ ___
them,
b. data sources/reliability, ___ ___ ___ ___
c. limit/criteria, ___ ___ ___ ___
d. client explanations and corroborating evidence, ___ ___ ___ ___
e. additional procedures, if any and ___ ___ ___ ___
f. conclusions? (FAM 490.05b) ___ ___ ___ ___
5. When the audit team performed interim testing, did it

a. test the rollforward period,
___ ___ ___ ___
b. properly document the
i. basis for using interim testing and the line
items/ accounts and assertions tested, ___ ___ ___ ___
ii. procedures performed, and ___ ___ ___ ___
iii. effects of any misstatements found? (FAM
495 C.06) ___ ___ ___ ___
6. Did the audit team evaluate the reasonableness of

significant accounting estimates made by
management? (AU 342) ___ ___ ___ ___

Reporting
7. Were known and likely misstatements identified in the

testing of the key area carried forward to the Schedule
of Uncorrected Misstatements? (FAM 540.04 and FAM
595 C) ___ ___ ___ ___
8. Did an IS specialist review the specific control

evaluation to evaluate the audit team’s decision on
which controls are computer-related (including
controls relating to service-center-produced records)?
(FAM 350.10) ___ ___ ___ ___

Reporting

Based on the risk of material misstatement, did the audit
team perform adequate substantive audit procedures for
line items/accounts on the following pages? (If not a key ___ ___ ___ ___
area, check the N/A box.)
Fund Balance with Treasury (FBWT)
Consider these issues:
• Did the audit team test the entity’s year-end
reconciliation of Fund Balances with Treasury to
Treasury accounts?
___ ___ ___ ___
• Did the audit team determine if the entity
a. researched and resolved differences before
making adjustments, ___ ___ ___ ___
b. recorded any necessary adjustments in the
entity’s FBWT accounts, ___ ___ ___ ___
c. reported the adjustments to Treasury, if
___ ___ ___ ___
applicable, and
d. disclosed in the notes to the financial
statements material unreconciled differences
and budget clearing account differences at
year-end, and material unreconciled
differences written off by the entity during
the year? ___ ___ ___ ___
• Did the audit team assess (at absolute value) the
materiality of unreconciled differences, including
those in budget clearing accounts? ___ ___ ___ ___
Receivables
• If substantive audit procedures were performed
prior to year-end, was there an adequate review of
transactions from the interim date to the balance
sheet date? (AU 313.08-.09) ___ ___ ___ ___
• Were receivables confirmed and appropriate
follow-up steps taken, including second requests
and subsequent collections? (AU 330.30-.32) ___ ___ ___ ___
• Are receivables stated at net realizable value after
allowance for uncollectible accounts? (AU 342.02) ___ ___ ___ ___

Reporting

Inventories
• Were physical inventories observed at locations
where material amounts were located? (AU 331) ___ ___ ___ ___
• If perpetual inventory records are maintained,
does the documentation indicate that differences
disclosed by the physical inventory (or cycle
counts) are properly reflected in the financial
statements? (AU 331) ___ ___ ___ ___
• When the physical inventory is taken at a date
other than the balance sheet date (or where
rotating procedures are used), did the auditor
consider inventory transactions between the
inventory date(s) and the balance sheet date?
(AU 313.08-.09) ___ ___ ___ ___
• Does the documentation contain evidence that
counts were correctly made and recorded (was
control over inventory tags or count sheets
maintained) and test count quantities were
reconciled with the counts reflected in the final
inventory? (AU 331) ___ ___ ___ ___
• Were there adequate tests of
a. clerical accuracy of the inventory, ___ ___ ___ ___
b. costing methods and substantiation of costs
used in pricing all elements of the inventory, ___ ___ ___ ___
and
c. cutoff? ___ ___ ___ ___
• Were analytical procedures used to test the
overall valuation of inventories? ___ ___ ___ ___
Investments
• Was a summary schedule prepared (or obtained)
and details tested with respect to the description,
purchase price and date, changes during the
period, income, market value, etc. of investments? ___ ___ ___ ___
• Were securities either examined or confirmed?
___ ___ ___ ___
(AU 332)

Reporting
Property, Plant, and Equipment

• Was a summary schedule prepared (or obtained)
to show beginning balances, changes during the
period, and ending balances for
a. property, plant, and equipment, and
b. accumulated depreciation
and were significant activity and balances tested,
particularly for existence and other significant
assertions? ___ ___ ___ ___
• Were property items capitalized or expensed in
accordance with consistent capitalization limits?
___ ___ ___ ___
• Did the audit team perform tests of completeness,
such as testing from disbursements to property
records? ___ ___ ___ ___
• Do the tests appear adequate and were proper
conclusions drawn?
___ ___ ___ ___
Liabilities
• Did the audit team perform an adequate search
for unrecorded liabilities? ___ ___ ___ ___
• Did the audit team consider expenses that might
require accrual (e.g., pensions, compensated
absences, other postretirement benefits, or
postemployment benefits provided to former or
inactive employees prior to retirement), and
whether accrued expenses were reasonably
stated? ___ ___ ___ ___

Reporting
Revenue and Expenses

• Did the audit team compare revenue and
expenses for the period to expectations, based on
the budget and the results of the preceding
___ ___ ___ ___
period? (AU 329)
• For significant variances and fluctuations from
expectations, were management’s explanations
corroborated with other audit evidence or if
explanations could not be obtained, were other
audit procedures performed to determine
whether the variance is a misstatement? (AU 329) ___ ___ ___ ___
• Did the audit team consider
a. the entity’s revenue recognition policy, ___ ___ ___ ___
b. unusual transactions, and ___ ___ ___ ___
c. fraud risks? ___ ___ ___ ___
• Do tests appear adequate, and were proper
___ ___ ___ ___
conclusions drawn?
Statement of Budgetary Resources

• Were appropriate procedures applied, such as
a. understanding and testing the budget
execution controls, ___ ___ ___ ___
b. tests of the process of preparing the ___ ___ ___
___
statement,
c. tests of undelivered orders, and ___ ___ ___ ___
d. review of reconciliation to the President’s
Budget? ___ ___ ___ ___

Reporting
Section III: Consultation N/A Yes No* Ref.
1. Where warranted by the complexity or unusual nature

of an issue (for example, issues where the FAM
requires consultation, issues not discussed in the FAM
or professional standards, going concern issues,
economic dependency issues, issues arising after
report issuance), was there appropriate consultation
with specialists, including the
___ ___ ___ ___
• Reviewer,
• Statistician, ___ ___ ___ ___
• Office of General Counsel, and ___ ___ ___ ___
• Technical Accounting and Auditing Expert?
___ ___ ___ ___
(FAM 100.26 and FAM Appendix A)
2. Were significant consultations appropriately

documented? (FAM 100.26) ___ ___ ___ ___
3. Were the persons consulted made aware of all relevant

facts and circumstances? ___ ___ ___ ___

Reporting
Section IV: Report N/A Yes No* Ref.
1. Does the auditor’s report or document containing the

auditor’s report (FAM 580.04, 580.77) include
a. highlights page or executive summary (for GAO
reports); ___ ___ ___ ___
b. transmittal letter (if appropriate); ___ ___ ___ ___
c. conclusions on:
i. financial statements, ___ ___ ___ ___
ii. internal control, ___ ___ ___ ___
iii. whether the entity’s financial management
systems substantially complied with the
requirements of the Federal Financial
Management Improvement Act of 1996
___ ___ ___ ___
(FFMIA) for CFO act agencies,
iv. compliance with laws and regulations, and ___ ___ ___ ___
v. consistency of other information with
financial statements? ___ ___ ___ ___
d. objectives, scope, and methodology, including
description of instances where GAGAS and OMB
audit guidance were not followed; and ___ ___ ___ ___
e. entity comments and auditor evaluation? ___ ___ ___ ___
2. Is the auditor’s report (FAM 580) appropriate as to

a. wording, ___ ___ ___ ___
b. scope of work, ___ ___ ___ ___
c. U.S. GAAP, ___ ___ ___ ___
d. explanatory paragraphs, ___ ___ ___ ___
e. opinion/disclaimer on financial statements, ___ ___ ___ ___
___ ___ ___ ___
f. opinion/conclusions on internal control,
g. conclusions on whether the entity’s financial
management systems substantially comply with
the requirements of FFMIA (for CFO Act
agencies), and ___ ___ ___ ___
h. reporting on compliance with laws and
regulations? ___ ___ ___ ___

Reporting
3. Is background material (purpose, authority, and

functions of programs/activities) limited to what is
necessary? ___ ___ ___ ___
4. Is the auditor’s report dated when all appropriate,

sufficient audit evidence is obtained to support the
opinion and all significant issues are resolved? (AU
530, FAM 580) ___ ___ ___ ___
5. Does the auditor’s report cover all periods for which

financial statements are presented? (AU 508.65) ___ ___ ___ ___
6. If the financial statements of a prior period are

presented and have been audited by a predecessor
auditor whose report is not presented, does the
auditor’s report refer to the predecessor auditor’s
report? (AU 508.74) ___ ___ ___ ___
7. Does the auditor’s report describe the responsibility

the auditor is taking for supplementary information,
including stewardship information? (AU 551; FAM
580.78-.81) ___ ___ ___ ___
8. When illegal acts involve funds received from other
governmental entities, did the audit team
a. satisfy itself that the audited entity notified the
proper officials of those entities within a
reasonable time? ___ ___ ___ ___
b. report these acts to the officials of those other
governmental entities if the entity did not, or was
unable to do so because the top official was
involved? (GAGAS, par. 5.15-.18)
___ ___ ___ ___

Reporting
9. Does the auditor’s report include

a. identification of which matters are significant
deficiencies and which are material weaknesses
(GAGAS, par. 5.11), and ___ ___ ___ ___
b. presentation of all identified (1) instances of
fraud and illegal acts that are more than
inconsequential, (2) material violations of
provisions of contracts or grant agreements, and
(3) material abuse? (GAGAS, par. 5.15) ___ ___ ___ ___
10. When appropriate, did the audit team report directly

to outside parties on fraud; illegal acts; violations of
provisions of contracts or grant agreements; or
abuse? (GAGAS, par. 5.18) ___ ___ ___ ___
11. Did the auditor consider the status of all known

significant findings and recommendations from prior
audits that affect the current year report, including
whether any failure to correct previously identified
deficiencies in internal control is a significant
deficiency or material weakness? (GAGAS pars. 5.11-
.14.) ___ ___ ___ ___
12. Did the auditor document the basis to support

(FAM 580.01) the
a. opinion about whether the financial statements
and disclosures comply in all material respects
with U.S. GAAP (FAM 560), ___ ___ ___ ___
b. opinion/conclusion on internal control, ___ ___ ___ ___
c. conclusion on whether the entity’s financial
management systems substantially comply with
the requirements of FFMIA, (for CFO act
agencies), and ___ ___ ___ ___
d. conclusion on compliance with laws and
regulations? ___ ___ ___ ___

Reporting
13. Did the auditor document the basis for reported

findings on
a. internal control deficiencies, including
classification of control deficiencies as material
weaknesses, other significant deficiencies, or
other control deficiencies (FAM 590.05), ___ ___ ___ ___
b. entity’s financial management systems lack of
substantial compliance with the requirements of
FFMIA for CFO act agencies (FAM 590.06), and ___ ___ ___ ___
c. noncompliance with laws and regulations
(FAM 590.07), if any? ___ ___ ___ ___
14. Did the auditor develop the elements of audit findings

to include (where appropriate and known) the
a. condition (describe the existing situation),
___ ___ ___ ___
b. criteria (state what we are comparing to),
c. cause (reflect reason or reasons why the ___ ___ ___ ___
condition and criteria differ), and
___ ___ ___ ___
d. effect (describe the result of the difference
between the condition and criteria)? ___ ___ ___ ___
(GAGAS paragraphs 4.14-.18)
15. Are recommendations and suggestions reasonable,

doable, and cost-effective? ___ ___ ___ ___

Reporting
16. Does the report obtain the views of responsible

officials in agency comments to include
___ ___ ___ ___
a. either oral or written comments,
b. titles of senior official(s) involved, ___ ___ ___ ___
c. accurate characterization of general agreement
or disagreement with the report, ___ ___ ___ ___
d. description of the substance of the comments, ___ ___ ___ ___
and
e. auditor evaluation of the comments, particularly
if they disagree, are inconsistent, or conflict with
the report findings, conclusions, or
recommendations. ___ ___ ___ ___
(GAGAS paragraphs 5.32-.37)
17. Are there control deficiencies that do not meet the

criteria for significant deficiencies and do not affect the
auditor’s conclusions as to the effectiveness of internal
controls that the auditor may communicate orally or in
a separate management report? If so, did the auditor
document any oral communications? (FAM 580.49, ___ ___ ___ ___
FAM 590.05, and GAGAS par. 5.14)

Reporting
Section V: GAO’s Report Considerations Yes
1. Overall, does the GAO report have the following characteristics

a. Professional: The work reflects an understanding of the
issues, an awareness of the external environment, including
sensitivity to relevant trends, and a practical approach to what
can be done to deal with the problems noted. _______
b. Accurate: Information and findings are presented accurately
with no notable errors in logic or reasoning. _______
c. Objective: The presentation is fair and impartial and the tone _______
is constructive and objective.
d. Fact-based: Information and findings are stated completely,
which includes all necessary facts and/or explanations without
unproven or uncorroborated material, and any conflicting
evidence is resolved. _______
e. Balanced: Sound and logical evidence is presented to support
conclusions, adjectives or adverbs are not used to characterize
evidence in a way that implies criticism or conclusions by
innuendo, and positive aspects of programs or issues reviewed
are appropriately recognized. _______
f. Timely and Useful: Relevant and timely information is
presented. _______
g. Clear and Concise: The presentation is clear, concise, and
well organized with the message presented logically in a writing
_______
style adapted to the audience.

Reporting
Section VI: GAO’s Quality Control N/A Yes No* Ref.
1. Was the GAO report reviewed by the

a. audit director (first partner), ___ ___ ___ ___
b. engagement quality control reviewer (second
___ ___ ___ ___
partner),
c. Office of the General Counsel (form 124A), ___ ___ ___ ___
d. Applied Research & Methods (form 124C), and ___ ___ ___
____
e. other stakeholders (form124C). ____ ____ ____ ____
2. Did the audit director (first partner) review the

a. audit strategy (AU 311.13-.14) or equivalent,
including sampling approach (FAM 290.05), ___ ___ ___ ___
b. account risk analyses or equivalent for material

areas with high or moderate risk of material ___ ___ ___ ___
misstatement (FAM 290.07),
c. audit summary memorandum (FAM 590.02-.03), ___ ___ ___ ___
d. management representation letter (FAM 1001), ___ ___ ___ ___

e. legal representation letter (FAM 1002), ___ ___ ___ ___
f. schedule of uncorrected misstatements (FAM 595 ___ ___ ___ ___
C),
g. exit conference memorandum (FAM 590.10), ___ ___ ___ ___
h. GAO report with entity financial statements and ___ ___ ___ ___
related disclosures,
i. referencing review sheet (GAO form 92), ___ ___ ___ ___
j. GAO abbreviated audit documentation set, and ___ ___ ___ ___
k. this audit completion checklist (FAM 1003)?
(FAM 1301.17) ___ ___ ___ ___

Reporting
3. Did the assistant director review the

a. entity profile or equivalent (FAM 290.04),
___ ___ ___ ___
b. audit strategy (AU 311.13-.14) or equivalent,
including sampling approach (FAM 290.05), ___ ___ ___ ___
c. account risk analyses or equivalent (FAM 290.07), ___ ___ ___ ___
d. initial audit plan with procedures (FAM 290.09), ___ ___ ___ ___
e. line item/account lead schedules, ___ ___ ___ ___
f. completed audit plan with procedures (FAM
290.09), ___ ___ ___ ___
g. specific control evaluations (FAM 330.07), ___ ___ ___ ___
h. audit summary memorandum (FAM 590.02-.03),
___ ___ ___ ___
i. Checklist for Federal Accounting (FAM 2010) and
Checklist for Federal Reporting and Disclosures
(FAM 2020) for statements using U.S. GAAP
promulgated by FASAB, ___ ___ ___ ___
j. financial reporting and disclosure checklist for
statements using GAAP promulgated by FASB, ___ ___ ___ ___
k. management representation letter (FAM 1001), ___ ___ ___ ___
l. legal representation letter (FAM 1002), ___ ___ ___ ___
m. schedule of uncorrected misstatements (FAM 595
C), ___ ___ ___ ___
n. exit conference memorandum (FAM 590.10), ___ ___ ___ ___

o. GAO report with entity financial statements and
related disclosures, ___ ___ ___ ___
p. referencing review sheet (GAO form 92), ___ ___ ___ ___
q. GAO abbreviated audit documentation set, and
r. this audit completion checklist (FAM 1003)? ___ ___ ___ ___
(FAM 1301.17) ___ ___ ___ ___
4. Did the assistant director determine that all significant

review notes were resolved appropriately? (FAM
1301.27-.28) ___ ___ ___ ___

Reporting

5. Did the assistant director indicate that all documentation
was sufficiently reviewed? (FAM 1301.05) ___ ___ ___ ___
6. Were review notes, superseded versions of

documentation, and draft reports (except the referenced
draft and the draft sent to the entity for comment),
including review notes and superseded versions in
electronic form, placed in a separate folder to be
retained until the report is released, after which they
may be destroyed or deleted electronically up to 60 days
after the report release date? (FAM 1301.28) ___ ___ ___ ___
7. Were review responsibilities documented and

communicated to all individuals on the assignment?
(FAM 1301.23) ___ ___ ___ ___
8. Was documentation prepared by an IS specialist

reviewed by an IS manager or IS assistant director for
technical content and by a member of the audit team to
determine that related audit objectives were achieved?
(FAM 1301.24) ___ ___ ___ ___
9. For areas that are both material and have high risk of
material misstatement, did the audit director or assistant
director perform secondary reviews of the
documentation? (FAM 1301.12) ___ ___ ___ ___
10. Was all documentation prepared by the audit director or

assistant directors read by the auditor-in-charge to
determine its consistency with any related
documentation? (FAM 1301.15) ___ ___ ___ ___
11. If the documentation indicated a difference of opinion

between engagement personnel or between engagement
personnel and a specialist or other person consulted,
was the difference resolved appropriately and was the
basis of the resolution documented? (FAM 1302) ___ ___ ___ ___

Reporting
Section VII: Explanation of “No*” Answers and Other Comments

The page below is provided for comments on all “No*” answers or to expand upon any
of the “Yes” and “N/A” answers as needed, and may be modified as necessary.
* For some questions, “No” answers may indicate departures from professional
standards or from auditor policies. The auditor should explain all “No” answers
below and determine the effects and significance of “No” answers, including any
effect on the auditor’s report.
Page no. Question no. Explanatory comments Conclusion

Reporting
Section VIII: Conclusions Yes No**
Based on your review and knowledge, do you believe

1. The audit team performed the engagement, in all material respects,
in accordance with GAGAS (which include U.S. GAAS) and
applicable OMB guidance, or the auditor’s report was
___ ___
appropriately modified?
2. The financial statements conformed, in all material respects, with

U.S. GAAP, or the auditor’s report was appropriately modified? ___ ___
3. The auditor’s report was appropriate in the circumstances? ___ ___
4. The documentation on this engagement supports the auditor’s

• opinion on the financial statements, ___ ___
• opinion/conclusions on internal control, ___ ___
• conclusions on whether the entity’s financial management
systems substantially comply with the requirements of FFMIA
(for CFO act agencies), and ___ ___
• conclusions on compliance with laws and regulations. ___ ___
5. The audit team complied, in all material respects, with the audit
organization’s policies and procedures. ___ ___
** If any of the above 5 statements have “No” responses, please describe the response in a
memorandum to the reviewer.
Date of audit completion ___________________________________
Auditor-In-Charge_________________________________________ Date _______________
Audit Manager ___________________________________________ Date _______________
Assistant Director ________________________________________ Date _______________
Audit Director ___________________________________________ Date _______________

Reporting
Section IX: Engagement Quality Control Review (Second Partner1 Review)
Objective of second partner review: To objectively review significant auditing,

accounting, and reporting matters and to conclude, based on all facts the reviewer has
knowledge of, that, except as discussed in the report, no matters were found that caused
the second partner to believe that (1) the audit was not performed in accordance with
GAGAS and OMB audit guidance (if applicable), (2) the financial statements are not, in all
material respects, in conformity with U.S. GAAP, and (3) the report does not meet
professional standards and the auditor’s policies and core values.
Procedures: Before the report was issued, I performed the following procedures:
• Discussed significant auditing, accounting, and reporting issues with the audit director
(first partner);
• Discussed the audit team’s identification of high-risk balances and transactions and
the audit of those balances and transactions;
• Reviewed documentation on the resolution of significant auditing, accounting, and
reporting issues, including documentation of consultation with statisticians, IS
specialists, and others;
• Reviewed the summary of uncorrected misstatements;
• Read the audit summary memorandum;
• Read the entity financial statements, audit report, and related disclosures; and
• Confirmed with the audit director (first partner) that there are no unresolved issues.
Conclusion:
Based on all the relevant facts of which I have knowledge, I found no matters, except as
discussed in the report, that cause me to believe that (1) the audit was not performed in
accordance with GAGAS and OMB audit guidance (if applicable), (2) the financial
statements are not, in all material respects, in conformity with U.S. GAAP, and (3) the
report is not in accordance with professional standards and the auditor’s policies and
core values.
_________________________________________________________________________
Engagement quality control reviewer name & title Signature Date
1
For GAO financial audits this is the chief accountant or another director who is a CPA and an experienced
financial statement auditor.
Reporting

Reporting
1005 - Subsequent Events Review

.01 This section deals with the subsequent events review that the auditor must
perform as part of the audit, as described in FAM 550. AU 560 describes
and provides guidance on the types of subsequent events the auditor
should evaluate as well as the procedures that the auditor generally should
perform to discover whether such events have occurred.
.02 Subsequent events are those events or transactions that may occur or
become known subsequent to the date of the financial statements but
before the audit report is issued and that have a material effect on the
financial statements which the auditor should ask management to adjust
the financial statements for the effect of the event or disclose the event.
.03 Two types of subsequent events may occur:
• Events occurring after the date of the financial statements that provide
additional information about conditions existing at the date of the
financial statements and that affect amounts recorded (or which
management should record) in the financial statements. For example, a
subsequent event may reveal that an accounting estimate is materially
incorrect and that the auditor should ask management to adjust the
financial statements for the effect of the event.
• Events occurring after the date of the financial statements that provide
information about conditions that did not exist at the date of the
financial statements. The auditor should not ask management to adjust
the financial statements for these events, but disclosure of them may be
necessary to prevent the statements from being misleading. For
example, a fire or flood after year-end may cause a significant loss.
.04 The purpose of a subsequent events review is to determine whether all
subsequent events that have a material effect on the financial statements
have been considered and treated appropriately in the financial statements.
The subsequent period covered is from the date of the financial statements
to the date of the audit report, which is the date of the completion of the
1
audit.
1
The auditor has two methods available for dating the report when a subsequent event disclosed in the
financial statement occurs after the original date of the auditor’s report but before the issuance of the
related financial statements. In these instances, the auditor may use either dual dating or may date the
report as of a later date. When the auditor dual dates the report, the responsibility for events occurring
subsequent to the original report date is limited to the specific event referred to in the note (or otherwise
disclosed). For example, January 31, 20x8 except for note X, as to which the date is February 16, 20x8.
When the auditor dates the report as of a later date, the auditor’s responsibility for subsequent events
extends to the date of the report and accordingly, the auditor should extend the subsequent events
procedures to that date.

Reporting
Audit Procedures
.05 At or near the completion of the audit, the auditor should perform
procedures to be aware of any subsequent events that the auditor may ask
management to adjust or disclose in the financial statements. These
procedures are in addition to substantive tests that the auditor may apply
to transactions occurring after the date of the financial statements, such as
examining subsequent disbursements to test completeness of accounts
payable.
.06 The following program describes audit procedures that the auditor may
perform as part of a subsequent events review. The auditor generally
should customize the procedures for the particular entity.

Reporting
Entity ______________________________________________________________
Period of financial statements __________________________________________
Job code ____________________________________________________________
Subsequent Events Review Program -- Done Doc.

Audit Procedures by/date Ref.
I. Read Interim Financial Statements

1) Compare the latest available interim financial
statements, if any, with the financial statements under
audit to identify any unusual adjustments and
investigate any significant variations from
expectations.
2) Inquire as to whether the interim statements have
been prepared on the same basis as the annual
statements.
3) For items in the statement of net costs, compare to
similar interim financial statements of the prior year;
determine expectations and investigate any significant
variations from expectations.
4) If interim financial statements are not available:
a) Compare interim internal financial reports or
analyses, budgets, or cash-flow forecasts,
considering any adjustments to the internal
reports that may be necessary to make
meaningful comparisons.
b) Review the accounting records prepared since
the date of the financial statements for material
transactions that may require adjustment to or
disclosure in the financial statements. For
example, scan the general ledger and/or journals
for material, unusual entries.

Reporting

II. Make Inquiries of Management as to:

1) Whether any significant contingent liabilities or
commitments existed at the date of the financial
statements or at the date of the inquiry.
2) Whether any significant changes occurred in the
financial condition of the entity or in net position or
long-term debt.
3) The current status of items in the financial statements
that were accounted for on the basis of tentative,
preliminary, or inconclusive data.
4) Whether any significant changes in estimates were
made with respect to amounts included or disclosed
in the financial statements, or any significant changes
in assumptions or factors were considered in
determining estimates.
5) Whether any unusual adjustments were made during
the period from the date of the financial statements to
the date of inquiry.
6) Whether any significant events occurred subsequent
to the date of the financial statements, such as
commitments or plans for major capital expenditures;
lawsuits or claims filed or settled other than those
disclosed in the lawyers’ letters; changes in
accounting and financial policies; or losses as a result
of fire, flood, or other disaster.
III. Read Minutes

1) Read the available minutes of meetings of those
charged with governance such as entity management
committees, audit committees, or other appropriate
groups, including the period after the date of the
financial statements, for information about events or
transactions authorized or discussed which may
require adjustment to or disclosure in the financial
statements.
2) With regard to meetings for which no minutes are
available, inquire about matters dealt with at such
meetings and conclusions reached.

Reporting

IV. Cover in Lawyers’ Letters

1) Confirm litigation, claims, and assessments and
unasserted claims and assessments with the entity’s
legal counsel per AU 337. See FAM 550 and FAM 1002.
V. Cover in Management Representation Letter

1) Have management include representations in its
management representation letter as to whether any
events occurred subsequent to the date of the
financial statements that management should adjust
or disclose in the financial statements. See FAM 1001.
VI. Other
1) Use other sources of information to learn of
subsequent events, such as:
a) Talk to inspector general or internal audit
department.
b) Talk to program divisions.
c) Read newspapers.
2) Make additional inquiries or perform additional
procedures deemed necessary to resolve any
questions raised in the foregoing audit steps.
3) Prepare a summary memo documenting the results of
the above and conclusions reached.

Reporting

Financial Audit Manual Vol.02

Uploaded by

Copyright:

Available Formats

Financial Audit Manual Vol.02

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Financial Audit Manual Vol.02

Uploaded by

Copyright:

Available Formats

What is the purpose of the document?

What is the purpose of the document?

What changes were made to the FAM?

What changes were made to the FAM?

H H H H H H H H H

United States Government President’s Council on

Accountability Office Integrity & Efficiency

TO AUDIT OFFICIALS, AGENCY CFOS, AND OTHERS INTERESTED IN

On October 5, 2007, we issued exposure drafts of FAM Volumes 1 and 2 for an

Summary of Major Revisions and Improvements for FAM Volume 2

FAM Volume 2 incorporates changes based on (1) AICPA Statement of Auditing

Page 1 GAO-08-586G FAM Volume 2

This FAM Volume 2 supersedes previously issued versions of FAM Volume 2

Should you need additional information, please contact us at fam@gao.gov or call

McCoy Williams The Honorable Jon T. Rymer

Attachments and enclosures

Page 2 GAO-08-586G FAM Volume 2

Table of Major Changes to FAM Volume 2

FAM section Major change

650 Some clarifications and new terminology throughout were

701 A Consistent with OMB audit guidance, performance measures

802 The general compliance checklist in FAM 802.06 lists five

803 New audit procedures for checking on Antideficiency Act

902 Auditing related parties and intragovernmental activity and

921 Treasury’s development and implementation of a new

921 A Treasury processes and reports are being substantially revised

921 D The audit program was eliminated.

931 This new section provides guidance on auditing heritage assets

Page 3 GAO-08-586G FAM Volume 2

FAM section Major change

941 This new section provides guidance on auditing the Statement

1001 This section on management representation letters has been

1001 A The example management representation letter was changed

1002 A table for analyzing contingent losses was added to FAM

1003 The audit completion checklist was revised to be consistent

Page 4 GAO-08-586G FAM Volume 2

GAO FAM Project Team

PCIE FAM Working Group Members

Page 5 GAO-08-586G FAM Volume 2

[This page intentionally left blank.]

Page 6 GAO-08-586G FAM Volume 2

600 PLANNING AND GENERAL

601 Introduction to FAM Volume 2 – Tools

700 INTERNAL CONTROL (See also FAM 900)

701 Assessing Agency Systems with the Federal Financial Management

802 General Compliance Checklist

July 2008 GAO/PCIE Financial Audit Manual Contents-1

902 Related Parties, Including Intragovernmental Activity and Balances

1001 Management Representations

July 2008 GAO/PCIE Financial Audit Manual Contents-2

Planning and General

[This page intentionally left blank.]

July 2008 GAO/PCIE Financial Audit Manual Page 600

601 – Introduction to FAM Volume 2 – Tools

July 2008 GAO/PCIE Financial Audit Manual Page 601-1

[This page intentionally left blank.]

July 2008 GAO/PCIE Financial Audit Manual Page 601-2

650 - Using the Work of Others

• CPA firms, IGs, or specialists engaged to do parts of an audit (for

• Reports on the processing of transactions by service organizations (i.e.