0October 22, 2018October 22, 2018
In News

Yellow Book meets yellow cake and all sorts of delicious changes

Shutterstock_145838096While I’m not a good baker, when I talk to CPAs who are new to the governmental auditing area and need to understand what the “Yellow Book” is, I often explain using the analogy of a multi-layered cake. The bottom layer of the cake is the AICPA auditing standards, which are the basis for most Yellow Book audits. The second layer of the cake (let’s make it a yellow layer!) adds standards issued by the Government Accountability Office (GAO), known as the “Yellow Book” or Generally Accepted Government Auditing Standards (GAGAS) that build upon the AICPA rules. Finally, if your client gets federal funds, there may be a third layer of the cake that consists of compliance auditing requirements.

The big news for auditors right now is that the GAO has issued a 2018 revision to the Yellow Book which will change the ingredients for the middle layer of the cake. If you audit federal, state or local governments, or not-for-profits, whose audits are subject to the Yellow Book, you should begin updating your recipe card so your cake turns out right. 

To help you learn more about the new recipe, I talked with Brian Schebler, CPA, CGFM, National Director, Public Sector for RSM US LLP. Brian is also a member of the GAO’s Advisory Council on Government Auditing Standards and the immediate past Chair of the AICPA Governmental Audit Quality Center (GAQC) Executive Committee. He has already begun discussing some of the key Yellow Book changes with colleagues at his firm and has some good tips as you begin delving into the new standards.

  1. Effective date. You need to understand when the new standards are effective, so you can be ready. If you’re doing financial audits, attestation engagements or reviews of financial statements, the changes are effective for periods ending on or after June 30, 2020. If you’re doing performance audits, they’re effective for audits beginning on or after July 1, 2019.

  1. CPE and competency. While some clarifications were made, luckily one concern from the exposure draft wasn’t adopted— a four-hour training requirement specifically on GAGAS prior to performing engagements under the new standards. Instead, GAO is emphasizing that being competent includes possessing specific knowledge about GAGAS. GAO also incorporated relevant CPE and competency guidance from a 2005 GAO Q&A, which is something we’re focusing more attention on, and I’d advise you to do the same. Look at your CPE practices well before the effective date to make sure they’re consistent with the new standards since updating firm policies and procedures may be time and effort-intensive.

  1. Format. You’ll notice this significant change right away as the standards look very different. GAO has gone from embedding requirements and application guidance together within the chapters to blocking out the requirements, followed by related application guidance. In the past, people may have been confused by what has appeared to be conflicting language in the standards. Under the new standards, you’ll easily be able to identify what the requirements are, which should result in more consistency in how auditors are employing the Yellow Book. While there’s some flexibility in how we apply a requirement, we need application guidance to do it properly. This change will also improve communications with clients on why a certain stance is being taken.

  1. Independence. The Yellow Book now makes clear that an auditor preparing financial statements in their entirety creates a significant threat to independence. I’m aware there have been varying interpretations on this topic among practitioners in the past. While it won’t affect my firm because that’s been our policy for a long time, some auditors may see it as a new or an additional burden since the standards will require the identification of safeguards to mitigate the significant threat, as well as additional documentation and communication. Auditors that view this position as a change should keep in mind that they need to be independent for the entire period covered by the professional engagement, so this should be considered well before the actual effective date of the standards.

  1. Peer review. Generally, AICPA members aren’t going to see the changes to peer review as being significant. That’s because audit organizations affiliated with a recognized peer review organization such as the AICPA or the State Auditor Association will generally satisfy the GAO peer review requirement except for a few additional GAO-specific requirements.

  1. Waste and abuse. The new Yellow Book transitions the requirements for abuse from the current standards, along with a new concept of waste, to application guidance related to findings. While we are not required to perform specific procedures to detect waste or abuse, we need to consider it if we see it and determine whether it would be an indicator of noncompliance or deficient internal controls.

  1. New review service. The concept of a financial statement review appears for the first time in this Yellow Book. I don’t expect to see many of these in our practice, but now that it appears in the standards, some organizations might be interested in having review services performed under the Yellow Book. This is something to keep in mind.

  1. Performance audits. The last two chapters of the standards focus on performance audits, which you should review carefully if you perform these types of audits.

The AICPA GAQC has been and will continue to be proactive about providing members with tools, resources and communications about these changes. For more information, you can read GAQC Alert #364, visit the GAQC website for updates, or register for the upcoming webcast “The 2018 Yellow Book: What You Need to Know” taking place on November 13. 

Happy baking!

Mary Foelster, CPA, Senior Director- Government Auditing and Accounting, Association of International Certified Professional Accountants



Source: AICPA