Like many members of the CPA profession, single audit practitioners will be managing a change process while maintaining an intense focus on quality.
The change coming soon is the imminent release of updated Generally Accepted Government Auditing Standards, also known as the Yellow Book. The updated Yellow Book may be issued as early as next month and will need to be studied carefully by single audit practitioners and their clients.
With CPAs awaiting that guidance, a summary of takeaways from single audit sessions at the AICPA Not-for-Profit Industry Conference last week provided important reminders for practitioners. When providing the summary, Laurie De Armond, CPA, national nonprofit and education practice leader for BDO USA LLP, emphasized the responsibility that CPA practitioners have as they perform single audits.
“Focus on quality,” De Armond said. “… Maintaining the quality of the single audit really gets back to the reputation of the CPA profession, and it’s just really important for us to focus on quality.”
De Armond’s tips are listed below:
- “Well-trained individuals who understand government compliance requirements are critical on both sides of the audit relationship. Don’t leave your firm or your organization vulnerable because individuals are performing functions [without] the appropriate skills and knowledge.”
- “When you do a single audit, you are testing internal controls and you are testing compliance. Make sure you document your ‘what-could-go-wrongs.’ You can’t identify appropriate controls if you don’t understand really what could go wrong with those internal controls.”
- “Understand the government auditing standards independence rules. …This has been a requirement for years, but we still see some exceptions in this area. Document skills, knowledge, and experience of management. But also remember to evaluate whether performance of nonaudit services, particularly preparation of financial statements, is a significant threat.”
- “There have been a lot of cases where [performance of nonaudit services] is documented as not being a significant threat, but if you identify that these nonaudit services are being performed, generally you should be documenting whether a threat exists and what the safeguards are relative to those threats. And there’s nothing wrong with you performing those procedures as long as you have put in place safeguards to mitigate those risks and maintain your independence.”
- “Make sure you’re testing the Schedule of Expenditures of Federal Awards [SEFA] for completeness and accuracy. You as an auditor and your clients as the auditee really need to have procedures in place and internal controls related to the preparation of the SEFA. Auditors have to be testing both the controls and the compliance around the Schedule of Expenditures of Federal Awards.”
- “It was supposed to be something of a blessing when the Uniform Guidance compressed … and reduced the number of compliance requirements, but the reality is that many of those compliance requirements moved into special tests and provisions. So you really have to read the grant agreements, and you must test controls over compliance for special tests and provisions as well.”
- “Document, document, document. How are you reaching conclusions about internal control and compliance findings that you have identified in your testing and the impact that those findings are going to have on your opinion and on whether or not those findings get reported?”
During this period of change, De Armond said, it remains important for CPAs to maintain their reputation as trusted professionals. If that trust is broken, it’s costly and time-consuming to repair. But rising to the challenge of improving single audit quality in this challenging environment can cement the trust the public places in CPAs.
“We need to have trust to be seen as trusted business advisers,” she said. “I think this advice really is very appropriate for the auditors in the room as well as financial executives.”
— Ken Tysiac (Kenneth.Tysiac@aicpa-cima.com) is a JofA editorial director.