MAF GAO - Volume 2 - 2023.05

Financial Audit Manual
Volume 2
Updated May 2023
COUNCIL OF THE INSPECTORS GENERAL

ON INTEGRITY AND EFFICIENCY
GAO-22-105895
June 2022
To Audit Officials, Federal Entity Chief Financial Officers, and Others Interested in Federal
Financial Auditing and Reporting
This letter transmits the U.S. Government Accountability Office (GAO) and the Council of the
Inspectors General on Integrity and Efficiency’s (CIGIE) revised Financial Audit Manual (FAM),
volumes 1 and 2. The FAM presents a methodology for performing financial statement audits of
federal entities in accordance with professional standards and consists of three volumes. FAM
volume 1 contains the audit methodology. FAM volume 2 provides detailed implementation
guidance. FAM volume 3 contains the Federal Financial Reporting Checklist, which has been
updated as of June 2022.
The current revision reflects changes in auditing financial statements in the U.S. government
since the last revisions of FAM volume 1 (issued in April 2020) and FAM volume 2 (issued in
March 2021). The revisions are primarily based on changes in (1) professional auditing
standards of the Auditing Standards Board of the American Institute of Certified Public
Accountants (Statements of Auditing Standards Nos. 134, 135, 137, 138, 140, and 141) and (2)
audit guidance in the Office of Management and Budget’s Bulletin No. 21-04, Audit
Requirements for Federal Financial Statements, issued on June 11, 2021. Users should also
consider any subsequently issued standards or guidance.
To help the FAM continue to meet the needs of the federal audit community and the public it
serves, GAO and CIGIE worked jointly to update the FAM. In May 2022, CIGIE distributed an
exposure draft of FAM volumes 1 and 2 for a comment period that ended May 31, 2022. All
comments we received were considered in the final FAM.
This revision supersedes previously issued versions of FAM volumes 1 and 2 and should be
used beginning with audits of fiscal year 2022 federal entity financial statements.
Should you need additional information, please contact us at fam@gao.gov.
Beryl H. Davis Hannibal “Mike” Ware

Managing Director Chair, Audit Committee
Financial Management and Assurance Council of the Inspectors General on
U.S. Government Accountability Office Integrity and Efficiency
Enclosures
Page 1 GAO-22-105895 GAO/CIGIE Financial Audit Manual

GAO Team
Project Team
Beryl H. Davis, Managing Director
Robert F. Dacey, Chief Accountant
Dawn B. Simpson, Director
Joshua Y. Marcus, Assistant Director
Carrie J. Morrison, Assistant Director
Lien T. To, Senior Auditor
Significant Contributors
Sharon O. Byrd, Audit Sampling Specialist
Lauren S. Fassler, Senior Attorney
CIGIE FAM Working Group Members
Kelly McFadden, Office of the Inspector General, U.S. Department of Justice
Anna Elias, Office of Inspector General, U.S. Agency for International Development
Sandra John, Office of Inspector General, U.S. Department of Homeland Security
Todd Jones, Office of Inspector General, U.S. Department of State
Page 2 GAO-22-105895 GAO/CIGIE Financial Audit Manual

Financial Audit Manual Volume 2 – Summary of Significant Changes
Summary of Significant Changes

This summary lists significant changes from the June 2022 revision of FAM volume 2.
Change Description Section or paragraph

reference
Deleted “taken” from “financial statements taken as a whole.” Throughout
Replaced “service organization auditors” with “service auditors.” 615, 670, 807-809, 811
Replaced “adequacy” with “appropriateness” when referring to the 625.03, .11–.13
work of management’s specialists.
Added requirements and guidance related to service organizations, 640, 640 A
reorganized section paragraphs, and revised service organization
type 2 report assessment tool.
Revised and added guidance related to the Federal Financial 701.08, 11-.16
Management Improvement Act of 1996 (FFMIA).
Revised guidance related to management representations, 1001.09, .21
including minor revisions to example representation letter. 1001 A
Revisions related to litigation, claims, and assessments include 1002, 1002 A–D
the following: (terminology changes
• Reorganized section paragraphs. were also made in
• Revised section titles, guidance, and practice aids. other sections as
• Added requirements and guidance. appropriate)
• Replaced
o “legal representation letter” with “legal counsel response,”
o “legal letter request” with “legal counsel request,” and
o “materiality level for the legal letter” with “legal counsel
materiality.”
• Clarified the definition of probable.
Revisions to the financial statement audit completion checklist 1003
include the following:
• Clarified that the second partner review should be completed
before the report release date.
• Deleted instructions for completing the checklist for multiple
sites.
• Replaced “date of audit completion” with “auditor’s report date.”
• Deleted steps II.16.f, II.18.d, and V.6.
• Revised steps II.21.g, II.24.h, IV.6.b, IV.14.i, V.2.f, V.3.l, V.5,
V.7, and V.8.
Revised subsequent events review audit procedures 1005
(see steps III, IV.3, V, VI, and VII).
Updated May 2023 GAO/CIGIE Financial Audit Manual Changes-1

CONTENTS
Contents of FAM Volume 2 – Detailed Implementation Guidance
.01 Volume 2 provides detailed implementation guidance, which includes activities
that would be performed during other phases of the audit. Thus, the auditor may
refer to the FAM sections in volume 2 early in the audit. For example, FAM 600
includes guidance to auditors on designing and performing oversight and other
procedures when using the work of others. FAM 701, Determining Financial
Management Systems’ Compliance with the Federal Financial Management
Improvement Act (FFMIA) Section 803(a) Requirements, includes procedures that
would be performed throughout the audit, not just during the internal control
phase, although many of them would be performed then. Also, FAM 902,
Intragovernmental Activity and Balances, has procedures that the auditor may
decide to perform in the planning and internal control phases of the audit as well
as during the testing phase.
.02 The audit procedures presented in the examples in the FAM sections of volume 2
are examples of some of the audit steps typically performed in each area. They
are used in conjunction with the appropriate FAM sections. In using these
procedures, the auditor uses professional judgment to add additional procedures,
delete irrelevant procedures, modify procedures, indicate the extent and timing of
procedures, and change the terminology to that used by the entity to be audited.
The auditor may integrate these steps with the audit plans for related line items.
For example, tests of intragovernmental activity and balances in FAM 902 may be
integrated with tests of accounts receivable and payable, and to improve
effectiveness, the auditor may coordinate those tests with related
nonintragovernmental activity and balances.
Updated May 2023 GAO/CIGIE Financial Audit Manual Contents-1

Contents of FAM Volume 2 – Detailed Implementation

Guidance
600 Using the Work of Others

610 Overview of Using the Work of Others
615 Evaluating the Objectivity and Competence of Other Auditors or
Specialists
620 Using the Work of an Auditor’s Specialist
625 Using the Work of Management’s Specialists
630 Audits of Group Financial Statements (and Using the Work of Component
Auditors)
640 Entities Using a Service Organization
640 A Service Organization Type 2 Report Assessment Tool
645 Using the Work of an Internal Auditor
670 IG Oversight of Audits Performed by Contracted Independent Public
Accounting (IPA) Firms
670 A Summary of Procedures and Documentation for Oversight of Audits
Performed by Contracted IPA Firms
670 B Example Transmittal Letter When Providing Oversight of Audits
700 FFMIA Guidance and Agreed-Upon Procedures Guidance
701 Determining Financial Management Systems’ Compliance with the
Federal Financial Management Improvement Act of 1996 (FFMIA)
701 A Example Audit Procedures for Testing Systems for Compliance with
FFMIA
701 B Summary Schedule of Instances of Financial Management Systems
Noncompliance with FFMIA
710 Agreed-Upon Procedures
710 A Example Agreed-Upon Procedures Engagement Letter
710 B Example Representation Letter from Engaging Party on Agreed-Upon
Procedures Engagement
710 C Example Representation Letter from Responsible Party on
Agreed-Upon Procedures Engagement
710 D Example Agreed-Upon Procedures Report Where the Engaging Party Is
Not the Responsible Party
710 E Agreed-Upon Procedures Engagement Completion Checklist
800 Compliance
802 General Compliance Checklist
803 Antideficiency Act (ADA), as Provided Primarily in 31 U.S.C. Chapters 13,
15
804 Federal Credit Reform Act of 1990 (FCRA), as Provided in 2 U.S.C. §§
661-661f
805 Federal Debt Collection Authorities, as Provided in 31 U.S.C. Chapter 37
806 Prompt Payment Act (PPA), as Provided in 31 U.S.C. Chapter 39
807 Pay and Allowance System for Civilian Employees, as Provided Primarily
in 5 U.S.C. Chapters 51-59

808 Civil Service Retirement Act (CSRA), as Provided in 5 U.S.C. Chapter 83

809 Federal Employees Health Benefits Act (FEHBA), as Provided in 5 U.S.C.
Chapter 89
810 Federal Employees' Compensation Act (FECA), as Provided in 5 U.S.C.
Chapter 81
811 Federal Employees’ Retirement System Act (FERSA), as Provided in 5
U.S.C. Chapter 84
900 Substantive Testing Implementation Guidance
902 Intragovernmental Activity and Balances
902 A Example Line Item Risk Analysis for Intragovernmental Accounts
902 B Example Specific Control Evaluation for Intragovernmental Accounts
902 C Example Audit Procedures for Intragovernmental Activity and
Balances
903 Auditing Cost Information
904 Disclosure Entities, Related Parties, and Public-Private Partnerships
905 Accounting Estimates
921 Auditing Fund Balance with Treasury
921 A Example Line Item Risk Analysis for Fund Balance with Treasury
921 B Example Specific Control Evaluation for Fund Balance with Treasury
921 C Example Audit Procedures for Fund Balance with Treasury
931 Auditing Heritage Assets and Stewardship Land
941 Auditing the Statement of Social Insurance and the Statement of
Changes in Social Insurance Amounts
1000 Reporting Implementation Guidance
1001 Management Representations
1001 A Management Representation Letter Example
1002 Litigation, Claims, and Assessments
1002 A Example Audit Procedures for Litigation, Claims, and Assessments
1002 B Example Legal Counsel Request
1002 C Example Legal Counsel Response
1002 D Example Management Schedule
1003 Financial Statement Audit Completion Checklist
1005 Subsequent Events Review

SECTION 600
Using the Work of Others

600 – Contents of Using the Work of Others
Contents - Using the Work of Others

FAM
Overview of Using the Work of Others 610
Evaluating the Objectivity and Competence of Other Auditors or Specialists 615
Using the Work of an Auditor’s Specialist 620
Using the Work of Management’s Specialists 625
Audits of Group Financial Statements (and Using the Work of Component 630
Auditors)
Entities Using a Service Organization 640
Service Organization Type 2 Report Assessment Tool 640 A
Using the Work of an Internal Auditor 645
IG Oversight of Audits Performed by Contracted Independent Public 670

Accounting (IPA) Firms
Summary of Procedures and Documentation for Oversight of Audits 670 A

Example Transmittal Letter When Providing Oversight of Audits Performed 670 B

by Contracted IPA Firms
Updated May 2023 GAO/CIGIE Financial Audit Manual Page 600-1

610 – Overview of Using the Work of Others
610 – Overview of Using the Work of Others

.01 In many financial statement audits, the auditor uses the work and reports of other
auditors and specialists. Other auditors may include independent public
accounting (IPA) firms, inspectors general (IG), state auditors, and internal
auditors. Specialists may include statisticians, actuaries, economists, and
information technology professionals.
.02 U.S. Government Accountability Office (GAO) and Council of the Inspectors
General on Integrity and Efficiency’s (CIGIE) Financial Audit Manual (FAM) 600
provides guidance to auditors of federal entities on designing and performing
oversight and other procedures when using the work of others as follows:
• evaluating the objectivity and competence of other auditors or specialists

(FAM 615),
• using the work of an auditor’s specialist (FAM 620),
• using the work of management’s specialists (FAM 625),
• audits of group financial statements and using the work of component

auditors (FAM 630),
• entities using the work of a service organization (FAM 640),
• using the work of an internal auditor (FAM 645), and
• IG oversight of contracted IPAs (FAM 670).
.03 The auditor may contract with an IPA firm to perform the entire audit. FAM 670
provides guidance to IGs in designing procedures for the oversight on those
engagements, and FAM 615 provides guidance on evaluating their objectivity
and competence.
.04 The auditor may contract with an IPA firm to perform parts of an audit. An auditor
may find FAM 630, adapted as necessary in the circumstances, useful when that
auditor involves other auditors (those with expertise in accounting or auditing) in
the audit of financial statements that are not group financial statements. For
example, an auditor may involve another auditor to observe the inventory count
or inspect physical fixed assets at a remote location (AU-C 600.02). The auditor’s
responsibilities for supervising other auditors who are essentially functioning as
part of the engagement team are the same as those for supervising other
engagement team members, as discussed in FAM 200. However, as outside
auditors are not subject to a firm’s quality control procedures, the auditor should
evaluate their objectivity and competence (see FAM 615).

615 – Evaluating the Objectivity and Competence of Other Auditors or Specialists
615 – Evaluating the Objectivity and Competence of Other

Auditors or Specialists
Overview
.01 FAM 600 discusses circumstances where an auditor may use or review the work
of others. Regardless of the purpose for using the work of others, the auditor
should evaluate whether the other auditors or specialists have the necessary
objectivity and competence for the auditor’s purposes. This section provides
guidance to assist the auditor in determining the procedures in evaluating the (1)
objectivity and (2) competence of other auditors and specialists. Component
auditors and service auditors should be independent in order for the auditor to
use their work. The auditor should consider if the degree of objectivity is sufficient
for the type of work that the specialists and internal auditors perform that the
auditor will use. There are also specific procedures (as noted in the sections
below) that may need to be performed by IPA firms, government auditors,
internal or external auditors, or specialists. The chart below links the different
FAM 600 sections to the applicable paragraphs of this section.
Relevant FAM 600 section Objectivity Competence
FAM 620 – Using the Work of FAM 615.03–.06 FAM 615.12–.15, .17,
an Auditor’s Specialist .19–.21, .24, .26–.29
FAM 625 – Using the Work of FAM 615.03, .07 FAM 615.12, .19–.21,
Management’s Specialists .24–.25
FAM 630 – Group Audits & FAM 615.03–.05, .08, FAM 615.12–.15, .18–
Using the Work of a .11 .23
Component Auditor
FAM 640 – Using the Work of FAM 615.03, .09, .10 FAM 615.12, .16, .19–
Service Auditors .20, .30
FAM 645 – Using the Work of FAM 615.03, .11 FAM 615.12, .15, .21–
Internal Auditors .23
FAM 670 – Oversight of Audits FAM 615.03–.05 FAM 615.12–.14, .19–

Performed by Contracted IPA .23, .31
Firms
.02 When using the work of other auditors in situations not specifically addressed
above, auditors may find guidance from the applicable AU-C sections and in this
FAM section (FAM 615), adapted as necessary, useful when evaluating the
objectivity and competence of the other auditors.
Evaluating the Other Auditors’ or Specialists’ Objectivity

.03 The credibility of auditing in the government sector is based on the auditor’s
objectivity in discharging its professional responsibilities. Objectivity includes
independence of mind and appearance when conducting engagements,

maintaining an attitude of impartiality, having intellectual honesty, and being free
of conflicts of interest. Maintaining objectivity includes continually assessing
relationships with audited entities and other stakeholders in the context of the
auditors’ responsibility to the public. The concepts of objectivity and
independence are closely related. Independence impairments affect objectivity
(see GAGAS (2018) 3.11).
When using or reviewing the work of others, the auditor should evaluate whether
the other auditors’ or specialists’ organizations, as well as the individual auditors
or specialists, are objective (or independent, as applicable). Component auditors
and service auditors should be independent in order for the auditor to use their
work. There are also varying degrees of objectivity for evaluating specialists and
internal auditors. If the auditor has previously evaluated the objectivity of the
other auditors or specialists for another engagement, the auditor should update
the previous evaluation. The nature and extent of evidence needed will depend
on the significance of the other auditors’ or specialists’ work to the current audit
objectives and the extent to which the auditor will use the work. The following
procedures may be used in evaluating the objectivity of other auditors or
specialists. In addition, auditors may refer to GAGAS as needed when making
independence determinations (see GAGAS (2018) 3.17). 1
.04 If the auditor engages the other auditors or specialists as a contractor, the auditor
may use a contracting process that is part of its organization or a procurement
function within the entity to be audited to evaluate independence and objectivity
of other auditors or specialists. For example, the auditor could determine whether
the firm selected made the following representations in the proposal: that it and
the assigned engagement team
• are independent and objective with respect to the audited entity,
• will remain independent throughout the audit,
• will disclose any independence issues discovered, and
• will immediately notify the appropriate official(s) (such as the contracting

officer’s representative (COR)) when considering submitting a proposal on
any contracts involving the audited entity to permit evaluation of whether its
auditors’ independence could be impaired.
Firms may be asked to describe in their proposals all work, including nonaudit
services, they have done for the audited entity in the last several years. See
GAGAS (2018) 3.64 through 3.106.
The auditor may wish to include in the statement of work (SOW) or request for
proposal (RFP) that the government will determine whether a firm is independent
for the purpose of performing an audit of financial statements of the entity. This
avoids a potential dispute where, for example, the firm does substantial nonaudit
work for the entity to be audited that the auditor views as a conflict. The technical
1See GAGAS (2018) 3.17 through 3.63 for additional discussion related to independence and applying the
conceptual framework approach to independence.

evaluation panel may evaluate whether the nature and extent of nonaudit
services or other factors cause an independence or objectivity issue, either in
independence of mind or independence in appearance.
.05 When the auditor does not participate in contracting for the other auditors or
specialists, the auditor may obtain an overview of the contracting process to
provide background in evaluating the objectivity of the other auditors or
specialists, including
• reading the SOW or RFP,
• reviewing the proposal of the firm selected, and
• understanding the evaluations of the panel that selects the firm.
The auditor may determine whether the other auditors’ or specialists’ firm
provided a representation as to objectivity (usually in its proposal). If the firm has
not provided such a representation, the auditor may wish to obtain one from the
firm. If the auditor is not familiar with the firm, the auditor can inquire of
professional organizations, such as the American Institute of Certified Public
Accountants (AICPA) or the Public Company Accounting Oversight Board
(PCAOB), about the firm’s professional reputation and standing. The auditor may
also consider whether the other auditors’ or specialists’ work is subject to
technical performance standards or other professional or industry requirements
(for example, specialists may be subject to ethical standards and other
membership requirements of a professional body or industry association,
accreditation standards of a licensing body, or requirements imposed by law or
regulation (AU-C 620.A17)).
Additional Procedures to Perform in Evaluating Objectivity for Specific

Types of Specialists and Auditors
Internal Specialists
.06 An auditor’s internal specialist may be a partner or staff member, including

temporary staff member, of the auditor’s organization and therefore subject to the
independence and/or objectivity quality control policies and procedures of that
organization (AU-C 620.A12). In accordance with AU-C 220, auditors are entitled
to rely on the organization’s system of quality control unless the auditor’s
engagement partner determines that it is inappropriate to do so based on
information provided by the other auditors’ or specialists’ firms or other parties.
However, such reliance does not reduce the auditor’s responsibility to meet the
requirements of AU-C 620 (AU-C 620.A13).
Management’s Specialists
.07 Based on AU-C 501.A73, when evaluating the objectivity of management’s

specialists, the auditor may consider any controls within the entity over their work

as important factors with regard to the reliability of any information they produce. 2
A broad range of circumstances may threaten objectivity, for example, self-
interest threats, advocacy threats, familiarity threats, self-review threats, and
intimidation threats (AU-C 501.A77).
Although safeguards cannot eliminate all threats to the objectivity of

management’s specialists, threats such as intimidation threats may be of less
significance to a specialist engaged by the entity than to a specialist employed by
the entity, and the effectiveness of safeguards such as quality control policies
and procedures may be greater. Because the threat to objectivity created by
being an employee of the entity will always be present, a specialist employed by
the entity cannot ordinarily be regarded as being more likely to be objective than
other employees of the entity (AU-C 501.A78).
When evaluating the objectivity of a specialist engaged by the entity, it may be

relevant to discuss with management and that specialist any interests and
relationships that may create threats to the specialist’s objectivity and any
applicable safeguards, including any professional requirements that apply to the
specialist, and to evaluate whether the safeguards are adequate. Interests and
relationships creating threats may include financial interests, business and
personal relationships, and provision of other services (AU-C 501.A79).
Component Auditors of a Group Audit
.08 In addition to evaluating whether a component auditor is independent and

objective, the auditor (group engagement team) should obtain an understanding
of whether a component auditor understands and will comply with the ethical
requirements that are relevant to the group audit (AU-C 600.22 and see FAM
630). Such requirements may be different from or in addition to those applying to
a component auditor when performing an audit in the component auditor’s
jurisdiction. The auditor, therefore, obtains an understanding about the
component auditor’s understanding of, and compliance with, the ethical
requirements that are relevant to the group audit and whether these are sufficient
to fulfill the component auditor’s responsibilities in the group audit. When the
component auditor is not subject to the AICPA Code of Professional Conduct, the
component auditor’s compliance with the ethics and independence requirements
set forth in the International Federation of Accountants Code of Ethics for
Professional Accountants is sufficient to fulfill the component auditor's ethical
responsibilities in the group audit (AU-C 600.A46).
The auditor should obtain written representations from the component auditor
that to the best of their knowledge, the firm and the individual auditors doing the
work have complied with ethical requirements relevant to the group audit,
including independence (AU-C 600.42).
2AU-C 501 paragraph references cited in the FAM are from the AU-C 501 effective as of the publication date of this
FAM update. The FAM includes amendments in AU-C 501 through Statement of Auditing Standards (SAS) No. 142,
effective for periods ending on or after December 15, 2022. Amendments to AU-C 501 after SAS No. 142 are not
included in the FAM.

Service Auditors
.09 When the auditor is using a type 1 or type 2 report prepared by a service auditor,
the auditor should be satisfied regarding the service auditor’s independence from
the service organization (see FAM 640.07). However, a service auditor need not
be independent of the entity (AU-C 402.A22).
.10 Independence can be determined by reviewing the service auditor’s report and
determining if there is a statement in the report describing the service auditor’s
independence. Unless evidence to the contrary comes to the auditor's attention,
a service auditor's report implies that the service auditor is independent of the
service organization (AU-C 402.A22) and the auditor need not perform any
additional procedures concerning independence. If there is no statement in the
report describing the service auditor’s independence, the auditor should work
with the entity under audit to assess the service auditor’s independence from the
service organization using chapter 3 of GAGAS (2018) and FAM 615.03.
Government Auditors
.11 When using the work of government auditors, the auditor should also consider
the guidance in GAGAS (2018) 3.52 through 3.58 in determining independence
and objectivity.
Evaluating Other Auditors’ or Specialists’ Competence

Overview
.12 After evaluating the other auditors’ or specialists’ objectivity (and independence,
as appropriate), the auditor should evaluate their competence to perform the
specific tasks required (AU-C 402.13, AU-C 501.27, AU-C 600.22, AU-C 610.13,
and AU-C 620.09). This involves evaluating the competence of the other
auditors’ or specialists’ firms as well as that of specific team members. Where the
auditor has previously used the work of the same other auditors or specialists,
the auditor generally should update the previous evaluation.
Evaluating Other Auditors’ or Specialists’ Competence at the

Organization/Firm Level
.13 If the auditor engages the other auditors or specialists as a contractor, the auditor
generally should evaluate the other auditors’ or specialists’ firms’ qualifications
through the contracting process, usually by using a technical evaluation panel for
selecting a qualified firm. A firm may submit résumés for its key team members,
demonstrate why its team is qualified to do the work, and submit its plan for
performing the work.
Audit firms should submit their latest peer review report (GAGAS (2018) 5.80),
letter of comments, and response to the peer review report (see FAM 615.27–.29
for internal specialists who do not have peer review report). 3 The firm should also
3IPA firms have peer reviews performed every 3 years.

agree to submit updated peer review reports during the period of the contract. To
comply with GAGAS, a firm must have had an external peer review within the last
3 years (see GAGAS (2018) 5.84). 4
An IPA firm may also be asked to submit its latest public inspection report that
the PCAOB prepared, but these reports pertain to audits of publicly traded
companies and related quality controls. However, to the extent that they raise
issues about quality controls or methodology, they may be applicable to audits of
entities. 5
.14 Where the auditor did not participate in the contracting process for the other
auditors or specialists, the auditor should determine how the qualifications of a
firm were evaluated. For example, consider whether the technical evaluation
panel or entity under audit review provided the following:
• résumés of the key team members,
• the audit approach,
• the peer review report and related letter of comments (if any), and
• the firm’s response to the peer review report.
The auditor should read the reviewed documents and conclude on competence
(see FAM 615.19–.21).
.15 For government internal or external auditors, the auditor should ask whether
the audit organization had a peer review and the date of that review (see FAM
615.19–.20). IGs have peer reviews performed every 3 years by other IGs. Most
state auditors also have peer reviews every 3 years. To comply with GAGAS, the
audit organization should have a peer review performed by reviewers
independent of the audit organization every 3 years (GAGAS (2018) 5.84).
The auditor should read the peer review report, the letter of comments, and the
audit organization’s response.
.16 If using the work of a service auditor, the auditor should request from the entity
under audit the service auditor’s most recent peer review report and any other
written communication issued. The auditor should evaluate the reports (see FAM
615.19–.20) and work with the entity under audit if any additional information is
needed to evaluate the competency of the service auditor’s firm.
.17 If the auditor is using an internal specialist (which may be a partner or staff
member, including a temporary staff member, of the auditor’s organization), the
internal specialist would be subject to the competence quality control policies and
procedures of that organization (AU-C 620.A12). In accordance with AU-C 220,
4Incases of unusual difficulty or hardship, extensions of the deadlines for submitting the peer review report exceeding
3 months beyond the due date may be granted by the entities that administer the peer review program and GAO (see
GAGAS (2018) 5.64).
5Further information on the PCAOB inspection report process is available at www.pcaobus.org.

auditors are entitled to rely on the organization’s system of quality control unless
the auditor’s engagement partner determines that it is inappropriate to do so
based on information provided by firms or other parties.
.18 For group audits, the auditor should obtain written representations from the
component auditor that to the best of their knowledge the component auditor
has complied with ethical requirements relevant to the group audit, including
professional competence (AU-C 600.42).
Evaluation of Peer Review Reports
.19 Where the auditors’ or specialists’ firm has received a peer review rating of pass
within the last 3 years, the auditor generally need not perform further review of
the firm’s quality controls. However, the auditor may request and review letter of
comments, if any, relating to the peer review.
.20 Where the other auditors’ or specialists’ firm receives a peer review or inspection
report rating of pass with deficiencies or fail, the auditor should evaluate whether
the quality control system has since been strengthened to allow the auditor to
use the other auditors’ or specialists’ work. The auditor may review the firm’s
action plan for improving quality controls and inspection results in determining
whether quality controls have improved since the peer review. The auditor should
evaluate the effect of remaining weaknesses in determining the nature and
extent of procedures to be performed.
Evaluating Other Auditors’ or Specialists’ Competence at the Individual

Team Member Level
.21 In addition to evaluating the other auditors’ or firms’ competence, the auditor also
should evaluate the overall competence of the key individual team members
assigned to do the work. The auditor may review résumés and training records of
key team members to accomplish this. The auditor should review the specific
education, training, certifications, and experience of key team members. In
evaluating qualifications, the auditor should review the specific role of team
members on the job. When the auditor has knowledge of competence from prior
experience for key team members, the auditor should inquire about their
experience since the last audit.
Other Auditors (Except Service Auditors)
.22 The auditor should determine that other auditors engaged to assist in performing
financial audits, who do not work for a government audit organization, are
licensed certified public accountants, persons working for licensed certified public
accounting firms, or licensed accountants in states that have multiclass licensing
systems that recognize licensed accountants other than certified public
accountants (GAGAS (2018) 6.04). 6 The auditor should also determine whether
the other auditors are competent as required by GAGAS, including having
completed continuing professional education (CPE) requirements. See chapter 4
6See GAGAS (2018) 6.05 for licensing requirements for auditors who are engaged to conduct financial audits of
entities operating outside the United States.

of GAGAS (2018) (Competence and Continuing Professional Education). This
may include obtaining an assertion, reviewing years of experience, reviewing
types of past audits performed, and reviewing CPE history.
.23 The auditor’s understanding of the other auditors’ professional competence may
include whether the other auditors (AU-C 600.A48)
• possess an understanding of the auditing and other standards applicable to

the audit, such as U.S. generally accepted auditing standards (U.S. GAAS),
that is sufficient to fulfill the other auditors’ responsibilities;
• possess the special skills (for example, industry-specific knowledge or

knowledge of relevant financial reporting requirements for statements and
schedules to be filed with regulatory agencies) necessary to perform the
work; and
• when relevant, possess an understanding of the applicable financial reporting

framework (U.S. GAAP) that is sufficient to fulfill the other auditors’
responsibilities in the audit (instructions that the auditor issues to the other
auditors often describe the characteristics of the applicable financial reporting
framework).
Specialists
.24 Sources that may inform the auditor’s assessment of the competence and
professional qualifications of a specialist include the following (GAGAS (2018)
4.15):
• the professional certification, license, or other recognition of the competence

of the specialist in the specialist’s field, as appropriate;
• the reputation and standing of the specialist in the views of peers and others
familiar with the specialist’s capability or performance;
• the specialist’s experience and previous work in the subject matter;
• the auditor’s assessment of the specialist’s knowledge and qualification

based on prior experience in using the specialist’s work;
• the specialist’s knowledge of any technical performance standards or other

professional or industry requirements in the specialist’s field (for example,
ethical standards and other membership requirements of a professional body
or industry association, accreditation standards of a licensing body, or
requirements imposed by law or regulation);
• the knowledge of the specialist with respect to relevant auditing standards;

and
• the assessment of unexpected events, changes in conditions, or the evidence

obtained from the results of engagement procedures that indicate it may be
necessary to reconsider the initial evaluation of the competence and
qualifications of a specialist as the engagement progresses.

.25 When using the work of management’s specialists, the auditor may consider
their competence with respect to relevant accounting requirements, for example,
knowledge of assumptions and methods, including models, when applicable, that
are consistent with the applicable financial reporting framework (U.S. GAAP)
(AU-C 501.A76). Refer to AU-C 501.A73 through .A76 for additional guidance
specific to management’s specialists.
.26 The auditor should determine that external specialists (specialists who are
hired/engaged from outside the auditor’s organization) assisting in performing a
GAGAS engagement are qualified and competent in their areas of specialization
(GAGAS (2018) 4.12). However, external specialists are not auditors subject to
the GAGAS CPE requirements (GAGAS (2018) 4.30). Auditors who use the work
of external specialists should assess the professional qualifications of such
specialists and document their findings and conclusions.
.27 The auditor should determine that internal specialists (specialists who are from
within the auditor’s organization) assisting on a GAGAS engagement who are not
involved in planning, directing, performing engagement procedures, or reporting
on a GAGAS engagement, are qualified and competent in their areas of
specialization (GAGAS (2018) 4.12). However, these internal specialists are not
auditors subject to the GAGAS CPE requirements (GAGAS (2018) 4.30).
.28 The auditor should determine that internal specialists, who are performing work
in accordance with GAGAS as part of the engagement team—including planning,
directing, performing engagement procedures, or reporting on a GAGAS
engagement—are considered auditors and are subject to the GAGAS CPE
requirements (see GAGAS (2018) 4.16–4.53). The GAGAS CPE requirements
become effective for internal specialists when an audit organization first assigns
an internal specialist to an engagement. Because internal specialists apply
specialized knowledge in government engagements, CPE in their areas of
specialization qualifies under the requirement for 24 hours of CPE that directly
relates to government auditing, the government environment, or the specific or
unique environment in which the audited entity operates (GAGAS (2018) 4.31).
.29 An auditor's internal specialist may be a partner or staff member, including a

temporary staff member, of the auditor's organization and therefore subject to the
competence quality control policies and procedures of that firm. (AU-C 620.A12)
In accordance with AU-C 220, auditors are entitled to rely on the organization’s
system of quality control unless the auditor’s engagement partner determines
that it is inappropriate to do so based on information provided by the organization
or other parties. However, such reliance does not reduce the auditor’s
responsibility to meet the requirements of this FAM section and AU-C 620
(AU-C 620.A13).
Service Auditors
.30 The auditor is not required to assess the competence of the individual team
members working on a service organization audit. If the auditor is satisfied with
the service auditor firm’s competence (see FAM 615.16), then no further
procedures are necessary. However, if the auditor is not satisfied with the service
auditor firm’s competence, the auditor may make inquiries to the entity under

audit regarding the service organization’s individual team members’ competence
(see FAM 615.21).
Documentation
.31 The auditor should document the work performed and the conclusions reached
as to the other auditors’ or specialists’ firm’s independence, objectivity, and
qualifications, as well as that of the individual team members of the other
auditors’ or specialists’ firms. The auditor should also document whether the
other auditors’ or specialists’ individual team members have any significant
threats to independence and whether necessary safeguards were applied to
eliminate those threats or reduce to an acceptable level. See GAGAS (2018)
3.32 for additional information. The documentation should indicate the auditor’s
conclusion as to whether the other auditors or specialists are independent,
objective, and qualified to perform the tasks required and the basis for that
conclusion. The auditor should consult with the reviewer if there are questions
about the other auditors’ or specialists’ independence, objectivity, or
qualifications.
.32 If the auditor has significant concerns about the other auditors’ or specialists’
independence, objectivity, or qualifications, the auditor should revise its audit
strategy. For example, the auditor may
• perform a more detailed review of the documentation, perform supplemental

tests of key line items, or both;
• contract with another firm;
• ask the other auditors to substitute more highly qualified or objective staff
members;
• perform the audit without using the other auditors’ work, treating any work
done by the other auditors as prepared by the audited entity;
• divide the work so that the other auditors test the areas where they are
qualified and the auditor does the rest of the audit; or
• if the auditor is unable to resolve the concerns, determine the effect on the
audit opinion (e.g., if there is a scope limitation requiring a modification to the
audit opinion).

620 – Using the Work of an Auditor’s Specialist

Overview
.01 FAM 620 provides guidance on the auditor’s responsibilities relating to the work
of an individual or organization possessing expertise in a field other than
accounting or auditing when that work is used to assist the auditor in obtaining
sufficient appropriate audit evidence (AU-C 620.01).
.02 FAM 620 does not address situations in which the engagement team includes a
member or consults an individual or organization with expertise in a specialized
area of accounting or auditing, which are addressed in FAM 210.04 and
AU-C 220 (AU-C 620.02.a). See also FAM 610.04.
.03 FAM 620 does not address the auditor’s use of the work of an individual or
organization possessing expertise in a field other than accounting or auditing,
whose work in that field the entity to be audited uses to assist it in preparing the
financial statements (management’s specialists), which is addressed in FAM 625
(AU-C 620.02b).
.04 Expertise in a field other than accounting or auditing may include expertise
regarding such matters as the following (AU-C 620.A1):
• the valuation of complex financial instruments and nonfinancial assets and

liabilities measured at fair value, such as land and buildings, plant and
machinery, jewelry, works of art, antiques, intangible assets, assets acquired
and liabilities assumed in business combinations, and assets that may have
been impaired;
• the actuarial calculation of liabilities associated with insurance contracts or

employee benefit plans;
• the estimation of oil and other mineral reserves;
• the valuation of environmental liabilities and site cleanup costs;
• the interpretation of laws, regulations, contracts, and grant agreements;
• the analysis of complex or unusual tax compliance issues;
• the determination of physical characteristics relating to quantity on hand or

condition (for example, quantity or condition of minerals or materials stored in
stockpiles);
• the analysis of the effect of information system (IS) controls on the audit and
the understanding and evaluation of IS controls (AU-C 300.A18); and
• statistical analysis.
.05 The following are examples of positions that generally should be considered
auditor’s specialists:

• statistician (with audit sampling experience),
• audit sampling specialist,
• legal counsel,
• information technology specialist, 7
• actuary (for insurance and pension audits),
• economist,
• financial analyst, and
• environmental specialist.
.06 In many cases, distinguishing between expertise in accounting or auditing and

expertise in another field will be straightforward, even when this involves a
specialized area of accounting or auditing. The table below highlights some
examples (AU-C 620.A2).
Expertise in accounting and Expertise in a field other than

auditing accounting and auditing
Area (Auditor) (Auditor’s specialist)
Employee Applying methods of accounting for Actuarial computation of employee

benefits employee benefit accrual benefits
Financial Applying methods of accounting for Complex modeling for the purpose
instruments financial instruments of valuing financial instruments
.07 However, in some cases, particularly those involving an emerging area of

accounting or auditing expertise, distinguishing between specialized areas of
accounting or auditing and expertise in another field will be a matter of
professional judgment. Applicable professional rules and standards regarding
education and competency requirements for accountants and auditors may assist
the auditor in exercising that judgment (AU-C 620.A2).
.08 An individual may possess expertise in accounting or auditing, as well as

expertise in a field other than accounting or auditing (for example, an actuary
also may be an accountant). In that circumstance, determining whether that
individual is an auditor or an auditor’s specialist depends on the nature of the
work that individual performs that the auditor is using for purposes of the audit
(AU-C 620.A3).
7An information technology specialist differs from an IS controls auditor. An information technology specialist
possesses special skills or knowledge in the information technology field that extend beyond the skills and knowledge
normally possessed by those working in specialized fields of auditing, such as IS controls auditing. Auditors and IS
controls auditors may decide to seek the assistance of an information technology specialist to complete various
aspects of the engagement.

.09 An auditor’s specialist may be either an auditor’s internal specialist (who is a
partner or staff member, including a temporary staff member, of the auditor’s
organization) or an auditor’s external specialist (AU-C 620.06).
Determining the Need for an Auditor’s Specialist

.10 If expertise in a field other than accounting or auditing is necessary to obtain
sufficient appropriate audit evidence, the auditor should determine whether to
use the work of an auditor’s specialist (AU-C 620.07). As the audit progresses or
as circumstances change, the auditor may need to revise earlier decisions about
using the work of an auditor’s specialist (AU-C 620.A7).
.11 An auditor’s specialist may be needed to assist the auditor in one or more of the
following (AU-C 620.A5):
• obtaining an understanding of the entity and its environment, including its

internal control;
• identifying and assessing the risks of material misstatement;
• determining and implementing overall responses to assessed risks at the

financial statement level;
• designing and performing additional audit procedures to respond to assessed

risks at the relevant assertion level, which may include tests of controls or
substantive procedures; and
• evaluating the sufficiency and appropriateness of audit evidence obtained in

forming an opinion on the financial statements.
.12 In some situations, the auditor may determine that it is necessary to use, or may
choose to use, an auditor’s specialist to assist in obtaining sufficient appropriate
audit evidence. Considerations when deciding whether to use an auditor’s
specialist may include the following (AU-C 620.A9):
• whether management has used a specialist in preparing the financial

statements (see AU-C 620.A10);
• the nature and significance of the matter, including its complexity;
• the risks of material misstatement of the matter; and
• the expected nature of procedures to respond to identified risks, including the

auditor’s knowledge of, and experience with, the work of specialists on such
matters and the availability of alternative sources of audit evidence.
.13 An auditor’s specialist may also be needed to assist the auditor and the IS
controls auditor in understanding technical aspects of information systems and IS
controls. Specialized information technology skills may be needed in situations
where (AU-C 300.A18)

• the entity’s systems, IS controls, or the manner in which they are used in
conducting the entity’s business are complex;
• significant changes have been made to existing systems or new systems

have been implemented;
• data are extensively shared among systems;
• the entity participates in electronic commerce;
• the entity uses emerging technologies; or
• significant audit evidence is available only in electronic form.
.14 In other cases, however, an auditor who is not a specialist in a relevant field
other than accounting or auditing may be able to obtain a sufficient
understanding of that field to perform the audit without an auditor’s specialist.
This understanding may be obtained through the following, for example
(AU-C 620.A8):
• Experience in auditing entities that require such expertise in preparing their

financial statements.
• Education or professional development in the particular field. This may

include formal courses or discussion with individuals possessing expertise in
the relevant field to enhance the auditor’s own capacity to deal with matters in
that field. Such discussion differs from consultation with an auditor’s specialist
regarding a specific set of circumstances encountered on the engagement in
which that specialist is given all the relevant facts that will enable the
specialist to provide informed advice about the particular matter.
Planning the Review of the Work of an Auditor’s Specialist

.15 The nature, timing, and extent of the auditor’s procedures with respect to the
requirements in FAM 620.18 through .34 will vary depending on the
circumstances. In determining the nature, timing, and extent of those procedures,
the auditor should consider matters, including (AU-C 620.08)
• the nature of the matter to which the work of the auditor’s specialist relates;
• the risks of material misstatement in the matter to which the work of the
auditor’s specialist relates;
• the significance of the work of the auditor’s specialist in the context of the
audit;
• the auditor’s knowledge of, and experience with, previous work that the
auditor’s specialist performed; and
• whether the auditor’s internal specialist is subject to the auditor’s

organization’s quality control policies and procedures.

.16 For internal specialists (i.e., partners or staff members, including temporary staff
members, within the auditor’s organization), in accordance with AU-C 220.05,
auditors are entitled to rely on the auditor’s organization’s system of quality
control unless the auditor’s engagement partner determines that it is
inappropriate to do so based on information provided by the auditor’s
organization or other parties. The extent of that reliance will vary based on the
circumstances and may affect the nature, timing, and extent of the auditor’s
procedures with respect to such matters as the following (AU-C 620.A13):
• Competence and capabilities through recruitment and training programs.
• Independence and objectivity. The auditor’s internal specialists are subject to

relevant ethical requirements, including those pertaining to independence.
• Agreement with the auditor’s internal specialist.
• The auditor’s evaluation of the adequacy of the auditor’s internal specialist’s

work. For example, the auditor’s organization’s training programs may
provide the auditor’s internal specialists with an appropriate understanding of
the interrelationship of their expertise with the audit process. Reliance on
such training and other organization processes, such as protocols for scoping
the work of the auditor’s internal specialists, may affect the nature, timing,
and extent of the auditor’s procedures for evaluating the adequacy the
auditor's internal specialist’s work.
• Adherence to legal and regulatory requirements through monitoring

processes.
Such reliance does not reduce the auditor’s responsibility to meet the
requirements of this section (AU-C 620.A13).
.17 It is necessary to apply professional judgment when considering how the

requirements of this section are affected by the fact that an auditor’s specialist
may be either an individual or an organization. For example, when evaluating the
independence, objectivity, competence, and capabilities of an auditor’s specialist,
it may be that the specialist is an organization that the auditor has previously
used, but the auditor has no prior experience with the individual specialist
assigned by the organization for the particular engagement, or it may be the
reverse (that is, the auditor may be familiar with the work of an individual
specialist but not with the organization that now employs the specialist). In either
case, both the personal attributes of the individual and the managerial attributes
of the organization (such as systems of quality control that the organization
implements) may be relevant to the auditor’s evaluation (AU-C 620.A4).
Determining Objectivity and Competence of the Auditor’s Specialist

.18 The auditor should evaluate whether the auditor’s specialist has the necessary
objectivity, competence, and capabilities for the auditor’s purposes. See FAM
615 for additional guidance (AU-C 620.09).

Obtaining an Understanding of the Field of Expertise of the Auditor’s

Specialist
.19 The auditor should obtain a sufficient understanding of the field of expertise of
the auditor's specialist to enable the auditor to determine the nature, scope, and
objectives of the specialist’s work for the auditor’s purposes and evaluate the
adequacy of that work for the auditor’s purposes (AU-C 620.10).
.20 Aspects of the field of the auditor’s specialist relevant to the auditor’s
understanding may include the following (AU-C 620.A24):
• whether the field of the auditor’s specialist has areas of specialty within it that
are relevant to the audit;
• whether any professional or other standards and legal or regulatory

requirements apply;
• what assumptions and methods, including models, when applicable, the

auditor’s specialist uses, and whether they are generally accepted within that
field and appropriate for financial reporting purposes; and
• the nature of internal and external data or information that the auditor’s
specialist uses.
Agreement with the Auditor’s Specialist

.21 The auditor should agree, in writing when appropriate, with the auditor’s
specialists regarding (AU-C 620.11 and AU-C 620.A25)
• the nature, scope, and objectives of the work of the auditor’s specialist;
• the respective roles and responsibilities of the auditor and the auditor’s
specialist;
• the nature, timing, and extent of communication between the auditor and the
auditor’s specialist, including the form of any report that the specialist is to
provide; and
• the need for the auditor’s specialist to observe confidentiality requirements.
.22 The matters noted in FAM 620.15 may affect the level of detail and formality of
the agreement between the auditor and the auditor’s specialist, including whether
it is appropriate that the agreement be in writing. For example, the following
factors may suggest the need for a more detailed agreement than would
otherwise be the case or for the agreement to be in writing (AU-C 620.A26):
• the auditor’s specialist will have access to sensitive or confidential entity

information;
• the respective roles or responsibilities of the auditor and the auditor’s

specialist are different from those normally expected;

• multijurisdictional legal or regulatory requirements apply;
• the matter to which the work of the auditor’s specialist relates is highly
complex;
• the auditor has not previously used work performed by the auditor’s
specialist; and
• the auditor’s use of the work of the auditor’s specialist is extensive and is
significant in the context of the audit.
.23 In establishing the agreement with the auditor’s specialist, an important

consideration is whether the work of the auditor’s specialist is subject to any
reservation, limitation, or restriction and whether this has implications for the
auditor (AU-C 620.A27).
.24 When no written agreement exists between the auditor and the auditor’s
specialist, evidence of the agreement may be included in the following, for
example (AU-C 620.A29):
• Planning memorandums or related working papers, such as the audit

program.
• The policies and procedures of the auditor’s firm. In the case of an auditor’s
internal specialist, the established policies and procedures to which the
auditor’s specialist is subject may include particular policies and procedures
regarding the work of the auditor’s specialist. The extent of documentation in
the auditor’s working papers depends on the nature of such policies and
procedures. For example, no documentation may be required in the auditor’s
working papers if the auditor’s organization has detailed protocols covering
the circumstances in which the work of such an internal specialist is used.
Evaluating the Adequacy of the Work of the Auditor’s Specialist

.25 The auditor’s evaluation of the objectivity, competence, and capabilities of the
auditor’s specialist; the auditor’s familiarity with the specialist’s field of expertise;
and the nature of the work performed by the auditor's specialist affect the nature,
timing, and extent of audit procedures for evaluating the adequacy of the
auditor’s specialist’s work for the auditor’s purposes (AU-C 620.A35). The level of
review is based on the auditor’s professional judgment considering the following
factors along with matters identified in FAM 620.15:
a. The specialist’s objectivity. The level of auditor review increases as

specialist’s objectivity decreases.
b. The specialist’s qualifications (both for the specialist’s firm and its
engagement team) to perform the work the auditor wishes to use. The level of
auditor review increases as the specialist’s qualifications decrease.
c. The auditor’s prior experience with the specialist. The level of auditor
review tends to decrease as the auditor’s confidence increases from working
with the specialist.

d. The materiality of the line item in relation to the financial statements as a
whole. The level of auditor review increases as the line item value increases.
e. The risk of material misstatement, including the risk of material fraud for
the line item and assertion in the financial statements on which the specialist
is performing procedures. The level of auditor review increases as the risk of
material misstatement increases.
f. The specialist is an internal specialist. The level of review decreases if the

work the auditor wishes to use is subject to the auditor’s quality control
policies and procedures.
The auditor may need to reevaluate the planned level of review as the work
progresses. If serving as the COR, the auditor will assist the contracting officer to
ensure contractor compliance with the terms and conditions of the contract.
.26 It is not necessary to perform supplemental tests of the work of specialists. As

indicated in AU-C 620.12, the auditor should evaluate the adequacy of the work
of an auditor’s specialist for the auditor’s purposes, including
• evaluating the relevance and reasonableness of the specialist’s findings and

conclusions and consistency with other audit evidence (see FAM 620.29);
• obtaining an understanding of the significant assumptions and methods that

the specialist used and evaluating the relevance and reasonableness of
those assumptions and methods in the circumstances, giving consideration to
the rationale and support provided by the specialist and in relation to the
auditor’s other findings and conclusions (see FAM 620.30 through .32); and
• evaluating the relevance, completeness, and accuracy of source data that are
significant to the work of the auditor’s specialist (extent of testing is based on
risk and materiality) (see FAM 620.33 through .34).
.27 Specific procedures to evaluate the adequacy of the work of the auditor’s
specialist for the auditor’s purposes may include the following (AU-C 620.A36):
• making inquiries of the auditor’s specialist;
• reviewing the working papers and reports of the auditor’s specialist;
• performing corroborative procedures, such as
o observing the work of the auditor’s specialist,
o examining published data, such as statistical reports from reputable,

authoritative sources,
o confirming relevant matters with third parties,
o performing detailed analytical procedures, and
o reperforming calculations;

• engaging in discussion with another specialist with relevant expertise when,

for example, the findings or conclusions of the auditor’s specialist are not
consistent with other audit evidence; and
• discussing the report of the auditor’s specialist with management.
.28 If the auditor determines that the work of the auditor’s specialist is not adequate
for the auditor’s purposes, the auditor should agree with the auditor’s specialist
on the nature and extent of further work that the specialist is to perform, perform
additional audit procedures appropriate to the circumstances, or engage another
specialist (AU-C 620.13 and .A43).
Evaluating Findings and Conclusions
.29 Relevant factors when evaluating the relevance and reasonableness of the
findings or conclusions of the auditor’s specialist, whether in a report or other
form, may include whether they are (AU-C 620.A37)
• presented in a manner that is consistent with any standards of the auditor’s

specialist’s profession or industry;
• clearly expressed, including reference to the objectives agreed on with the

auditor, the scope of the work performed, and standards applied;
• based on an appropriate period and take into account subsequent events,

when relevant; and
• based on appropriate consideration of errors or deviations that the auditor’s

specialist encountered.
Evaluating Significant Assumptions and Methods
.30 When the work of an auditor’s specialist involves using significant assumptions
and methods, the appropriateness and reasonableness of those assumptions
and methods used and their application are the responsibility of the auditor's
specialist. Factors relevant to the auditor’s evaluation of those assumptions and
methods include whether they are (AU-C 620.A40)
• generally accepted within the specialist’s field;
• consistent with the requirements of the applicable financial reporting

framework (U.S. GAAP);
• dependent on the use of specialized models (see FAM 905); and
• consistent with those of management—if not consistent, the reason for, and
effects of, the differences should be provided.
.31 When the purpose of the auditor’s specialist’s work is to evaluate underlying
assumptions and methods, including models, when applicable, that management
uses in developing an accounting estimate, the auditor’s procedures are likely to
be primarily directed to evaluating whether the auditor’s specialist has adequately

reviewed those assumptions and methods. When the purpose of the auditor’s
specialist’s work is to develop an auditor’s point estimate or an auditor’s range for
comparison with management’s point estimate, the auditor’s procedures may be
primarily directed to evaluating the assumptions and methods, including models,
when appropriate, used by the specialist. (AU-C 620.A38)
.32 FAM 905 discusses the assumptions and methods that management uses in
making accounting estimates, including the use, in some cases, of highly
specialized, entity-developed models. Although that discussion is written in the
context of the auditor obtaining sufficient appropriate audit evidence regarding
management’s assumptions and methods, it also may assist the auditor when
evaluating the assumptions and methods of an auditor’s specialist
(AU-C 620.A39).
Evaluating Source Data
.33 When the work of an auditor’s specialist involves the use of source data that are
significant to the work of the auditor's specialist, procedures such as the following
may be used to test that data (AU-C 620.A41):
• verifying the origin of the data, including obtaining an understanding of and,

when applicable, testing the internal controls over the data and, when
relevant, their transmission to the auditor’s specialist, and
• reviewing the data for completeness and internal consistency.
.34 In many cases, the auditor may test source data. However, in other cases, when
the nature of the source data used by an auditor’s specialist is highly technical in
relation to the field of the auditor’s specialist, that auditor’s specialist may test the
source data. If the auditor’s specialist has tested the source data, it may be
appropriate for the auditor to conduct inquiry of the auditor’s specialist or to
supervise or review the specialist’s test to evaluate the data’s relevance,
completeness, and accuracy (AU-C 620.A42).
Reference to the Auditor’s Specialist in the Auditor’s Report

.35 The auditor has sole responsibility for the audit opinion expressed, and that
responsibility is not reduced by the auditor’s use of the work of an auditor’s
specialist. Nonetheless, if the auditor using an auditor’s specialist’s work, having
followed this section, concludes that the work of that specialist is adequate for
the auditor’s purposes, the auditor may accept that specialist’s findings or
conclusions in the specialist’s field as appropriate audit evidence (AU-C 620.03).
.36 If the auditor concludes that the work of the auditor’s specialist is not adequate
for the auditor’s purposes and the auditor cannot resolve the matter through the
additional audit procedures (refer to para. 29), it may be necessary to express a
modified opinion in the auditor’s report, as discussed in FAM 580
(AU-C 620.A43).
.37 The auditor should not refer to the work of an auditor’s specialist in an auditor’s
report containing an unmodified opinion (AU-C 620.14). In this situation, the
auditor issues the example report in FAM 595 A (as if no specialist were

involved). This means that the auditor takes responsibility for the specialist’s
work. Professional standards do not permit referring to a specialist, unless the
auditor issues a qualified or adverse opinion or a disclaimer of opinion based on
the specialist’s work.
.38 If the auditor makes reference to the work of an auditor’s external specialist in the
auditor’s report because such reference is relevant to an understanding of a
modification to the auditor’s opinion, the auditor should indicate in the auditor's
report that such reference does not reduce the auditor’s responsibility for that
opinion (AU-C 620.15). In such circumstances, the auditor may need the
specialist’s permission before making such a reference (AU-C 620.A44).
Documentation
.39 In the overall audit strategy, the auditor should include or refer to other
documentation where this information is described in more detail on the following
areas:
• Determination of whether to use the work of an auditor’s specialist

(AU-C 620.07).
• Matters considered when determining the nature, timing, and extent of the
auditor’s procedures with respect to the requirements of this section
(AU-C 620.08).
• Evaluation of whether the specialist has the necessary independence,

objectivity, competence, and capabilities for the auditor’s purposes. In the
case of an auditor’s external specialist, the evaluation of objectivity should
include inquiry regarding interests and relationships that may create a threat
to the auditor’s specialist’s objectivity (AU-C 620.09).This evaluation may be
limited if the individual or organization is subject to the auditor’s
organization’s quality control procedures or to formal contracts.
• Understanding of the auditor’s specialist’s field of expertise, enabling the

auditor to determine the nature, scope, and objectives of the auditor’s
specialist’s work for the auditor’s purposes and to evaluate the adequacy of
that work for the auditor’s purposes (AU-C 620.10).
.40 The auditor should document the understanding of the agreement between the
auditor and the specialist (AU-C 620.11). This documentation may consist of
planning memorandums, audit programs, policies and procedures of the auditor’s
organization, or formal contracts when appropriate.
.41 The auditor should document evaluation of the adequacy of the auditor’s
specialist’s work in the audit summary memorandum, including the auditor’s
conclusions on the (1) relevance and reasonableness of the auditor’s specialist’s
findings and conclusions and consistency with other audit evidence; (2)
relevance and reasonableness of any significant assumptions and methods the
specialist used; and (3) the relevance, completeness, and accuracy of any
source data that are significant to the auditor’s specialist’s work (AU-C 620.12).
In the memorandum, the auditor may refer to other documentation where this
information is described in more detail.

625 – Using the Work of Management’s Specialists

Overview
.01 FAM 625 provides guidance on the auditor’s responsibilities related to using the
work of management’s specialists. Management’s specialists are individuals or
organizations possessing expertise in a field other than accounting or auditing,
whose work in that field is used by the entity to assist it in preparing its financial
statements (AU-C 501.04).
.02 See FAM 620.04 through .05 for examples of specialists that management might
use.
Planning the Review of the Work of Management’s Specialists

.03 If information to be used as audit evidence has been prepared using the work of
management’s specialists, the auditor should, to the extent necessary, taking into
account the significance of those specialists’ work for the auditor’s purposes,
perform the following (AU-C 501.27):
• evaluate the competence, capabilities, and objectivity of those specialists;
• obtain an understanding of the work of those specialists; and
• evaluate the appropriateness of those specialists’ work as audit evidence for

the relevant assertion.
.04 Based on AU-C 501.A72, the nature, timing, and extent of audit procedures with
regard to the requirement in FAM 625.03 may be affected by such matters as the
following:
a. the nature and complexity of the matter to which the work of management’s
specialists relates;
b. the risks of material misstatement of the matter to which the work of

management’s specialists relates;
c. the availability of alternative sources of audit evidence;
d. the nature, scope, and objectives of the work of management’s specialists;
e. whether management’s specialists are employed by the entity or are engaged

by it to provide relevant services;
f. the extent to which management can exercise control or influence over the
work of its specialists;
g. whether management’s specialists are subject to technical performance

standards or other professional or industry requirements;

h. the nature and extent of any controls within the entity over the work of
management’s specialists;
i. the auditor’s knowledge of, and experience with, the fields of expertise of
management’s specialists; and
j. the auditor’s previous experience with the work of management’s specialists.
.05 It is necessary to apply professional judgment when considering how the

requirements of this section are affected by the fact that management’s
specialists may be either individuals or organizations. See FAM 620.17 for more
information.
Evaluating the Competence, Capabilities, and Objectivity of

Management’s Specialists
.06 As discussed in FAM 625.03, the auditor should evaluate whether management’s
specialists have the necessary competence, capabilities, and objectivity for the
auditor’s purposes. See FAM 615 for additional guidance.
Obtaining an Understanding of the Work of Management’s Specialists

.07 An understanding of the work of management’s specialists includes an
understanding of the relevant fields of expertise. An understanding of the
relevant fields of expertise may be obtained in conjunction with the auditor’s
determination of whether the auditor has the expertise to evaluate the work of
management’s specialists or whether the auditor needs an auditor’s specialist for
this purpose (AU-C 501.A80) (see FAM 620).
.08 Aspects of the fields of expertise of management’s specialists relevant to the

auditor’s understanding may include (AU-C 501.A81)
• whether those specialists’ fields include areas of specialty that are relevant to
the audit;
• whether any professional or other standards and legal or regulatory

requirements apply;
• what assumptions and methods are used by management’s specialists and

whether they are generally accepted within those specialists’ fields and
appropriate for financial reporting purposes; and
• the nature of internal and external data or information management’s

specialists use.
.09 In the case of management’s specialists engaged by the entity, there will
ordinarily be an engagement letter or other written form of agreement between
the entity and the specialist. Evaluating that agreement when obtaining an
understanding of the work of management’s specialists may assist the auditor in
determining, for the auditor’s purposes, the appropriateness of

• the nature, scope, and objectives of those specialists’ work;
• the respective roles and responsibilities of management and those

specialists; and
• the nature, timing, and extent of communication between management and

those specialists, including the form of any report to be provided by those
specialists (AU-C 501.A82).
.10 In the case of management’s specialists employed by the entity, it is less likely
that there will be a written agreement of this kind. Inquiry of the specialists and
other members of management may be the most appropriate way for the auditor
to obtain the necessary understanding (AU-C 501.A83).
Evaluating the Appropriateness of the Work of Management’s

Specialists
.11 Considerations when evaluating the appropriateness of the work of
management’s specialists as audit evidence for the relevant assertion may
include
• the relevance and reasonableness of those specialists’ findings or

conclusions, their consistency with other audit evidence, and whether they
have been appropriately reflected in the financial statements;
• if those specialists’ work involves use of significant assumptions and

methods, the relevance and reasonableness of those assumptions and
methods; and
• if those specialists’ work involves significant use of source data, the

relevance, completeness, and accuracy of those source data
(AU-C 501.A84).
.12 An auditor may use FAM 620.25, .27, and .29 through .34, adapted as necessary
in the circumstances, for the level of review and example procedures for
evaluating the appropriateness of the work of management’s specialists.
.13 If the auditor determines that the work of management’s specialists is not
appropriate for the auditor’s purposes, the auditor should perform additional audit
procedures appropriate to the circumstances.
Making Reference to Management’s Specialists in the Auditor’s

Report
.14 See FAM 620.35 through .38 for guidance related to making reference to a
specialist in the auditor’s report.

Documentation
.15 In the overall audit strategy, the auditor should include or refer to other
documentation where this information is described in more detail on the following
areas:
• determination of whether to use the work of management’s specialists as

audit evidence;
• matters considered when determining the nature, timing, and extent of the
auditor’s procedures with respect to the requirements of this section;
• understanding of the work of management’s specialists; and
• evaluation of whether management’s specialists have the necessary

competence, capabilities, and objectivity for the auditor’s purposes.
.16 The auditor should document the evaluation of the appropriateness of the work of
management’s specialists as audit evidence for the relevant assertion in the audit
summary memorandum, including the auditor’s conclusions on the
• relevance and reasonableness of the findings and conclusions of

management’s specialists and their consistency with other audit evidence;
• relevance and reasonableness of any significant assumptions and methods

used by management’s specialists; and
• the relevance, completeness, and accuracy of any source data that are
significant to the work of management’s specialists.
In the memorandum, the auditor may refer to other documentation where this
information is described in more detail.

630 – Audits of Group Financial Statements

Overview
.01 FAM 630 provides guidance to auditors on designing and performing a group
audit. 8 AU-C 600 also provides guidance in this area. This standard has different
requirements depending on whether the group auditor elects to make reference
or to not make reference to the work performed by the component auditors.
Under AU-C 600, the principal auditor (formerly under AU 543) is now referred to
as group engagement partner, group engagement team, auditor of the group
financial statements, or group auditor; all of these terms are used
interchangeably throughout this section.
.02 The objectives of the auditor are to determine whether to act as the auditor of the
group financial statements and, if so, to
• determine whether to make reference to the audit of a component auditor in

the auditor’s report on the group financial statements;
• communicate clearly with component auditors; and
• obtain sufficient appropriate audit evidence regarding the financial information

of the components and the consolidation process to express an opinion about
whether the group financial statements are prepared, in all material respects,
in accordance with the applicable financial reporting framework (U.S. GAAP).
.03 The group engagement partner is responsible for the following:
• directing, supervising, and performing the group audit engagement in

compliance with professional standards, applicable legal and regulatory
requirements, and the audit entity’s policies and procedures and
• determining whether the group auditor’s report issued is appropriate in the

circumstances.
.04 The group engagement team may use the work of component auditors. In the
federal environment, component auditors may be used in various situations, such
as audits of individual bureaus, agencies, funds, or other components performed
by either IGs or IPA firms.
Determining Whether to Accept and Continue

.05 The group engagement partner should determine whether sufficient appropriate
audit evidence can reasonably be expected to be obtained regarding the
consolidation process and the financial information of the components on which
8A group audit is the audit of group financial statements. Group financial statements are defined as financial
statements that include the financial information of more than one component. Group financial statements also refer
to combined financial statements aggregating the financial information prepared by components that are under
common control. (AU-C 600.11)

to base the group audit opinion. For this purpose, the group engagement team
should obtain an understanding of the group, its components, and their
environments that is sufficient to identify components that are likely to be
significant components (AU-C 600.14).
.06 The group engagement partner should evaluate whether the group engagement
team will be able to obtain sufficient appropriate audit evidence through the
group engagement team's work or use of the work of component auditors (that is,
through assuming responsibility for the work of component auditors or through
making reference to the audit of a component auditor or report on internal control
over financial reporting of a component auditor in the auditor’s report) to act as
the auditor of the group financial statements and report as such on the group
financial statements (AU-C 600.15 and AU-C 940.78). Factors in determining
whether the group engagement team can act as the auditor of the group financial
statements include, the financial significance of the components for which the
group engagement team is assuming responsibility and the extent to which the
group financial statements’ risks of material misstatement are included in those
components (AU-C 600.A18).
.07 In some circumstances, the group engagement partner may conclude that it will
not be possible, due to restrictions imposed by group management, for the group
engagement team to obtain sufficient appropriate audit evidence through the
group engagement team's work or use of component auditors’ work, and the
possible effect of this inability will result in a disclaimer of opinion on the group
financial statements. In such circumstances, the auditor of the group financial
statements should
• for a new engagement, not accept the engagement, or, for a continuing
engagement, withdraw from the engagement when withdrawal is possible
under applicable law or regulation or
• when the entity is required by law or regulation to have an audit, after having
performed the audit of the group financial statements to the extent possible,
disclaim an opinion on the group financial statements (AU-C 600.16).
Overall Audit Strategy and Audit Plan

.08 The group engagement team should establish both an overall group audit
strategy and a group audit plan. In developing the group audit plan, the group
engagement team should assess the extent to which the group engagement
team will use the work of component auditors and whether the auditor’s report on
the group financial statements will make reference to the audit of a component
auditor (AU-C 600.18). The group engagement partner should review and
approve the overall group audit strategy and group audit plan (AU-C 600.19).
.09 The group engagement team should determine the level of review to be
performed on the component auditor’s audit work on the financial information of a
component that will be used as audit evidence for the group audit. The level of
review is a matter of professional judgment. In some situations, the group
engagement team may determine that it is appropriate to perform significantly
more work, including performing additional audit procedures. In other situations,
the auditor may decide less review or no review is necessary. These situations

typically involve entities or line items that are very small in relation to the financial
statements as a whole. In these situations, the group engagement team may
decide to read the component auditor’s report and the financial statements and
ask questions if anything seems unusual.
.10 As noted above, the extent of the group engagement team’s review of the
component auditor’s documentation depends on the level of review and is a
matter of professional judgment. The group engagement team should consider
using the following framework in planning and performing the level of review of
the component auditor’s documentation:
For a low level of review, the group engagement team may limit the review of
documentation to key summary planning and completion documentation.
For a moderate level of review, in addition to the documentation reviewed at

the low level of review, the group engagement team should consider reviewing
more of the component auditor’s documentation, especially those documents
evidencing important decisions. For financial statement audits, this includes the
audit strategy and audit procedures (or equivalent documents); the Line Item
Risk Analysis (LIRA) form (or equivalent documentation) for significant accounts;
the Specific Control Evaluation (SCE) worksheet (or equivalent documentation)
for significant accounting applications; the documentation for accounts,
estimates, and judgments with high risk of material misstatement; the analytical
procedures; the audit completion checklist at FAM 1003 (or equivalent
documentation); the audit summary memorandum; and the summary of
uncorrected misstatements (see FAM 595 C).
For a high level of review, the group engagement team should consider
reviewing all of the items for the moderate level of review plus any important
detailed documentation, particularly relating to areas assessed with a high risk of
material misstatement, such as memorandums documenting key meetings and
discussions with management, the evaluation of sample results, and the
summary of uncorrected misstatements. In some cases, the group engagement
team may determine that it should coordinate or concur with the component
auditor’s major planning decisions before audit work is started. Additionally, in
some cases, the group engagement team should hold discussions with audited
entity management and/or perform additional audit procedures in order to meet
the relevant requirements of GAGAS.
Understanding the Group, Its Components, and Their Environments

.11 The auditor is required to identify and assess the risks of material misstatement
by obtaining an understanding of the entity and its environment. The group
engagement team should do the following (AU-C 600.20):
• enhance its understanding of the group, its components, and their

environments, including group-wide controls, obtained during the acceptance
or continuance stage and
• obtain an understanding of the consolidation process, including the

instructions that group management issued to components.

Group management ordinarily issues instructions to components in order to
achieve uniformity and comparability of financial information. A group
engagement team’s understanding of these instructions may include whether
the instructions describe the financial reporting framework (U.S. GAAP),
provide for disclosures consistent with the framework, and provide for
component management’s approval of the financial information (AU-C
600.A32 through .A34).
.12 The group engagement team should obtain an understanding that is sufficient to
• confirm or revise its initial identification of components that are likely to be

significant and
• assess the risks of material misstatement of the group financial statements,

whether due to fraud or error (AU-C 600.21).
The group engagement team’s assessment of the risks of material misstatement

of the group financial statements is based on information such as the following
(AU-C 600.A38–.A39):
• information obtained based on understanding of the group, its components,

and their environments and of the consolidation process, including audit
evidence obtained in evaluating the design and implementation of group-wide
controls and controls that are relevant to the consolidation (refer to appendix
B at AU-C 600.A95 for examples of conditions or events that may indicate
risks of material misstatement of the group financial statements), and
• information obtained from the component auditors.
.13 The auditor is required to identify and assess the risks of material misstatement
of the financial statements due to fraud or error and to design and implement
appropriate responses to the assessed risk. Information used to identify the risks
of material misstatement of the group financial statements due to fraud may
include the following (AU-C 600.A35):
a. group management’s assessment of the risks that the group financial

statements may be materially misstated as a result of fraud or error;
b. group management’s process for identifying and responding to the risks of

fraud and error in the group, including any specific fraud risks that group
management identified in account balances, classes of transactions, or note
disclosures for which a risk of fraud is likely;
c. whether particular components exist for which a risk of fraud or error is likely;
d. how those charged with governance of the group monitor group

management’s processes for identifying and responding to the risks of fraud
or error in the group and the controls group management has established to
mitigate these risks; and
e. responses of those charged with governance of the group, group

management, and appropriate individuals within the internal audit function

(and, if considered appropriate, component management, the component
auditors, and others) to the group engagement team’s inquiry of whether they
have knowledge of any actual, suspected, or alleged fraud or error affecting a
component or the group.
Understanding the Component Auditor

.14 Regardless of whether reference will be made in the auditor’s report on the group
financial statements to the audit of a component auditor, the group engagement
team should obtain an understanding of the following (AU-C 600.22):
a. whether a component auditor understands and will comply with the ethical
requirements relevant to the group audit and, in particular, is independent;
b. a component auditor’s professional competence;
c. the extent, if any, to which the group engagement team will be able to be
involved in the work of the component auditor;
d. whether the group engagement team will be able to obtain information

affecting the consolidation process from a component auditor; and
e. whether a component auditor operates in a regulatory environment that

actively oversees auditors.
See FAM 615 for requirements related to evaluating the component auditor’s
independence, objectivity, and qualifications.
.15 When a component auditor does not meet the independence requirements that
are relevant to the group audit or the group engagement team has serious
concerns about the other matters listed in FAM 630.14 regarding the component
auditor’s independence and professional competence, the group engagement
team should obtain sufficient appropriate audit evidence relating to the
component’s financial information without making reference to the audit of that
component auditor in the auditor’s report on the group financial statements or
otherwise using the work of that component auditor (AU-C 600.23).
Determining Whether to Make Reference to a Component Auditor in

the Auditor’s Report on the Group Financial Statements
.16 Having gained an understanding of each component auditor, the group
engagement partner should decide whether to make reference to a component
auditor in the auditor’s report on the group financial statements. (AU-C 600.24)
The decision about whether to make reference to a component auditor in the
report on the audit of internal control over financial reporting might differ from the
corresponding decision as it relates to the audit of the financial statements
(AU-C 940.A127).
.17 Reference to the audit of a component auditor in the auditor’s report on the group
financial statements or on internal control over financial reporting over the group
financial statements should not be made unless

a. the group engagement partner has determined that the component auditor
has performed an audit of the financial statements of the component or of the
component’s internal control over financial reporting in accordance with the
relevant requirements of GAGAS and
b. the component auditor has issued an auditor’s report that is not restricted as
to use (AU-C 600.25 and AU-C 940.79).
.18 For situations in which the component’s financial statements are prepared using
a different financial reporting framework than that used for the group financial
statements, see AU-C 600.26.
Making Reference in the Auditor’s Report

.19 When the group engagement partner decides to make reference to the audit of a
component auditor in the auditor’s report on the group financial statements, the
group engagement team should obtain sufficient appropriate audit evidence with
regard to such components by performing the following procedures (AU-C
600.27):
a. completing the procedures required by FAM 630, except for those required in
FAM 630.56 through .74, and
b. reading the component’s financial statements and the component auditor’s

report thereon to identify significant findings and issues and, when
considered necessary, communicating with the component auditor in this
regard.
.20 When the group engagement partner decides to make reference to the audit of a
component auditor in the auditor’s report on the group financial statements, the
report on the group financial statements should clearly indicate the following (AU-
C 600.28):
a. that the component was not audited by the auditor of the group financial
statements but was audited by the component auditor;
b. the magnitude of the portion of the financial statements that the component
auditor audited;
c. when the component’s financial statements are prepared using a different

financial reporting framework than that used for the group financial
statements,
• the financial reporting framework used by the component and
• that the auditor of the group financial statements is taking responsibility

for evaluating the appropriateness of the adjustments to convert the
component’s financial statements to the financial reporting framework
used by the group; and

d. when
• the component auditor’s report on the component’s financial statements

does not state that the audit was performed in accordance with GAGAS
and
• the group engagement partner has determined that the component

auditor performed additional audit procedures in order to meet the
relevant requirements of GAGAS,
o the set of auditing standards used by the component auditor and
o that additional audit procedures were performed by the component

auditor to meet the relevant requirements of GAGAS.
.21 If the group engagement partner decides to name a component auditor in the
auditor’s report on the group financial statements, the component auditor’s
express permission should be obtained and the component auditor’s report
should be presented together with that of the auditor’s report on the group
financial statements (AU-C 600.29). For IPA firms, this permission may be
obtained as part of the contracting process. As a professional courtesy, the group
engagement team generally should also provide component auditors with a draft
of its report so that the auditors can read the report before final issuance.
.22 When the auditor of the group’s internal control audit decides to make reference
to the report of the component auditor as a basis, in part, for the auditor’s opinion
on the group’s internal control, the auditor should modify the report on internal
control over financial reporting.
.23 If the group engagement partner decides to assume responsibility for work of a
component auditor, no reference should be made to the component auditor in the
auditor’s report on the group financial statements (AU-C 600.31).
Materiality
.24 The group engagement team should determine the following (AU-C 600.32):
a. Materiality, including performance materiality, for the group financial

statements as a whole when establishing the overall group audit strategy.
b. Whether, in the specific circumstances of the group, particular classes of

transactions, account balances, or note disclosures in the group financial
statements exist for which there is a substantial likelihood that misstatements
of lesser amounts than materiality for the group financial statements as a
whole would influence the judgment made by a reasonable user based on the
group financial statements. In such circumstances, the group engagement
team should determine materiality to be applied to those particular classes of
transactions, account balances, or note disclosures.
c. Component materiality for those components on which the group

engagement team will perform, or for which the auditor of the group financial
statements will assume responsibility for the work of a component auditor

who performs, an audit or a review. Determining component materiality
should take into account all components, regardless of whether reference is
made in the auditor’s report on the group financial statements to the audit of a
component auditor. To reduce the risk that the aggregate of uncorrected and
undetected misstatements in the group financial statements exceeds the
materiality for the group financial statements as a whole, component
materiality should be lower than the materiality for the group financial
statements as a whole, and component performance materiality should be
lower than performance materiality for the group financial statements as a
whole. Different materiality may be established for different components, and
the aggregate component materiality may exceed the group materiality (see
AU-C 600.A64–.A66 for further guidance).
d. The threshold above which misstatements cannot be regarded as clearly

trivial to the group financial statements.
See FAM 630.56 for additional requirements when assuming responsibility for
the work of a component auditor.
Responding to Assessed Risk

.25 The auditor is required to design and implement appropriate responses to
address the assessed risks of material misstatement of the financial statements.
If the nature, timing, and extent of the work to be performed on the consolidation
process or the component’s financial information are based on an expectation
that group-wide controls are operating effectively, or when substantive
procedures alone cannot provide sufficient appropriate audit evidence at the
assertion level, the group engagement team should test, or have a component
auditor test on the group engagement team’s behalf, the operating effectiveness
of those controls over specified risks that present a reasonable possibility of
material misstatement to the group financial statements (AU-C 600.33 and
AU-C 940.82). See FAM 630.66 for additional audit procedures when assuming
responsibility for the work of a component auditor.
.26 Responses to assessed risks of material misstatement for some or all accounts
may be implemented at the group level, without involving the component
auditors, if deemed appropriate by the group engagement team (AU-C 600.A68).
.27 In determining the components at which to perform tests of controls, the group
engagement team should assess the risk of material misstatement to the
financial statements associated with the component and correlate the amount of
attention devoted to a component with the degree of risk (AU-C 940.81).
Consolidation Process
.28 In accordance with FAM 630.11, the group engagement team obtains an
understanding of group-wide controls and the consolidation process, including
the instructions that group management issued to components. In accordance
with FAM 630.25, the group engagement team, or component auditor at the
request of the group engagement team, tests the operating effectiveness of
group-wide controls if the nature, timing, and extent of the work to be performed
on the consolidation process are based on an expectation that group-wide

controls are operating effectively or when substantive procedures alone cannot
provide sufficient appropriate audit evidence at the assertion level
(AU-C 600.34).
.29 The group engagement team should design and perform further audit procedures
on the consolidation process to respond to the assessed risks of material
misstatement of the group financial statements arising from the consolidation
process. This should include evaluating whether all components have been
included in the group financial statements (AU-C 600.35).
.30 The group engagement team should evaluate the appropriateness,

completeness, and accuracy of consolidation adjustments and reclassifications
and should evaluate whether any fraud risk factors or indicators of possible
management bias exist (AU-C 600.36). The group engagement team’s
evaluation may include (1) evaluating whether significant adjustments reflect
actual events and determining if the adjustments were correctly calculated and
supported and (2) checking the reconciliation of intragroup account balances
(AU-C 600.A69).
.31 If the financial information of a component has not been prepared in accordance
with the same accounting policies applied to the group financial statements, the
group engagement team should evaluate whether the financial information of that
component has been appropriately adjusted for purposes of the preparation and
fair presentation of the group financial statements in accordance with the
applicable financial reporting framework (U.S. GAAP) (AU-C 600.37).
.32 The group engagement team should determine whether the financial information
identified in a component auditor’s communication is the financial information that
is incorporated in the group financial statements (AU-C 600.38).
.33 If the group financial statements include the financial statements of a component
with a financial reporting period end that differs from that of the group, the group
engagement team should evaluate whether appropriate adjustments have been
made to those financial statements in accordance with the applicable financial
reporting framework (U.S. GAAP) (AU-C 600.39).
Subsequent Events
.34 When the group engagement team or component auditors perform audits on the
financial information of components, the group engagement team or the
component auditors should perform procedures designed to identify events at
those components that occur between the dates of the financial information of
the components and the date of the auditor’s report on the group financial
statements and that may require adjustment to, or disclosure in, the group
financial statements. See FAM 630.68 for additional requirements when
assuming responsibility for the work of a component auditor (AU-C 600.40).
.35 The group engagement team may ask the component auditors to update the
subsequent events review to the required date, or the group engagement team
may update the subsequent events review. However, since this requires
additional work, the group engagement team should attempt to complete audit
work when the component auditors complete their work. The group engagement

team should evaluate this issue and coordinate with the component auditors
when planning the audit.
Communication with the Component Auditor

.36 The group engagement team should communicate its requirements to a
component auditor on a timely basis. This communication should include the
following (AU-C 600.41):
a. A request that the component auditor, knowing the context in which the group
engagement team will use the component auditor’s work, confirm that the
component auditor will cooperate with the group engagement team.
b. The ethical requirements relevant to the group audit and, in particular, the
independence requirements.
c. A list of disclosure entities, related parties, and public-private partnerships

that group management prepared and any other related parties of which the
group engagement team is aware, including the nature of the entity’s
relationships and transactions with those parties. 9 The group engagement
team should request that the component auditor communicate on a timely
basis disclosure entities, related parties, and public-private partnerships that
group management or the group engagement team did not previously
identify. The group engagement team should identify such additional
disclosure entities, related parties, and public-private partnerships to other
component auditors.
d. Identified significant risks of material misstatement of the group financial

statements, due to fraud or error, that are relevant to the component auditor’s
work.
e. Any significant deviations in the methodologies or audit approaches that the

component auditor uses that are different from those the group engagement
team would have used and whether those deviations comply with GAGAS.
.37 The group engagement team should request that a component auditor
communicate matters relevant to the group engagement team’s conclusion with
regard to the group audit. Such communication should include the following
(AU-C 600.42):
9Under Federal Accounting Standards Advisory Board (FASAB) standards, organizations are considered to be
related parties if the existing relationship or one party to the existing relationship has the ability to exercise significant
influence over the other party’s policy decisions. In the federal government, there are additional relationships that
present risks similar to related parties, as defined by FASAB. These include disclosure entities and public-private
partnerships. Consequently, while the AICPA auditing standards address only related parties, the auditor should
apply audit procedures required for related parties to disclosure entities and public-private partnerships. Note that
FASAB and the Financial Accounting Standards Board (FASB) provide different definitions for related parties.
Procedures pertaining to disclosure entities and public-private partnerships do not apply to entities issuing financial
statements in accordance with FASB accounting standards.

a. whether the component auditor has complied with ethical requirements
relevant to the group audit, including independence and professional
competence;
b. identification of the financial information of the component on which the

component auditor is reporting; and
c. the component auditor’s overall findings, conclusions, or opinion.
See FAM 630.69 through .73 for additional requirements when assuming
responsibility for the work of a component auditor.
Evaluating the Sufficiency and Appropriateness of Audit Evidence

.38 The group engagement team should evaluate a component auditor’s
communication (see FAM 630.36). The group engagement team should discuss
significant findings and issues arising from that evaluation with the component
auditor, component management, or group management, as appropriate
(AU-C 600.43).
.39 The auditor is required to obtain sufficient appropriate audit evidence on which to
base the audit opinion. The group engagement team should evaluate whether
sufficient appropriate audit evidence on which to base the group audit opinion
has been obtained from the audit procedures performed on the consolidation
process and the work performed by the group engagement team and the
component auditors on the financial information of the components
(AU-C 600.44). If the group engagement team concludes that sufficient evidence
has not been obtained, the group engagement team may request that the
component auditor perform additional procedures or may alternatively perform its
own procedures (AU-C 600.A71). If the group engagement team has concerns
about whether the component auditor’s work provides sufficient appropriate
evidence, the group engagement team generally should discuss the matter with
the group engagement partner before formally discussing the issue with the
component auditor.
.40 Sometimes component auditors use methodologies or audit approaches that are
different from those that the group engagement team would have used. Auditing
requires a great deal of professional judgment and there often are alternative
ways to achieve audit objectives. Many IPA firms have developed, at
considerable expense, proprietary audit methodologies to use on a wide range of
public and private sector clients. Many of these audit methodologies use
electronic technology where all audit documentation exists only in electronic
form. Thus, the group engagement team generally should understand the
component auditor’s audit methodology and basis for the nature, extent, and
timing of audit procedures. This may require obtaining permission to use
proprietary software to review the audit documentation. Additionally, where the
IPA firm software is retained, the group engagement team should develop a
process to maintain the operability of the software to access the audit
documentation in the future.
As noted at FAM 630.36.e, the group engagement team should communicate its
requirements for a component auditor to communicate any significant deviations

in the methodologies or audit approaches used that are different from those that
the group engagement team would have used and whether those deviations
comply with GAGAS.
.41 The group auditor should determine the significance of the test results to the
audit of the financial statements on which the component auditor is reporting. For
example, the component auditor may have selected a nonstatistical sample or
the sample size may be smaller than the sample size the group auditor would
have selected. The group auditor may decide that this provides sufficient
evidence in an area that is less material or has low or moderate risk of material
misstatement. However, if the risk of material misstatement is high, the group
auditor may conclude that sufficient appropriate evidence has not been obtained
and that additional work is needed.
In this case, after consulting with the group engagement partner, the group
engagement team generally should either ask the component auditor to perform
additional tests or perform the additional tests itself. If this additional testing is not
done, the group engagement team should determine the effect of any scope
limitation on the group auditor’s report.
.42 Sometimes, the group engagement team may disagree with the conclusions or
judgments of the component auditors. In such a case, the group engagement
team should evaluate the component auditor’s work as well as any other
evidence or testing necessary to determine the appropriate conclusion.
.43 The group engagement team should discuss any issues of disagreement with the
component auditors to attempt to resolve the disagreements. The group
engagement team should attempt to resolve professional disagreements early to
reduce confusion that may arise from differing auditor views. Once issues of
disagreements are identified, the group engagement team should discuss the
issues with the component auditors to resolve them in a timely manner and
before the completion of the audit.
.44 If the group engagement team does not reach agreement with the component
auditors, the group engagement team should determine the impact that such
disagreement may have on its audit report.
.45 The group engagement partner should evaluate the effect on the group audit
opinion of any uncorrected misstatements (either identified by the group
engagement team or communicated by component auditors) and any instances
in which there has been an inability to obtain sufficient appropriate audit evidence
(AU-C 600.45).
.46 If a component auditor disclaims an opinion on the financial statements because

of a scope limitation, the group engagement team should consider the effect on
the group auditor’s opinion. The group engagement team should confirm the
nature and magnitude of the reason for the disclaimer. Additionally, the group
engagement team generally need not hold discussions with entity management
and/or perform additional audit procedures in this situation, and may limit the
review of documentation to summary documentation. However, the group
engagement team may do additional work to learn about the entity, to help the

component auditor plan future audits, or to help entity management correct the
causes of the scope limitation.
.47 If the component auditor’s work had a scope limitation that results in a qualified
opinion, the group engagement team should confirm the nature and magnitude of
the reason for the qualification and determine the effect on the group auditor’s
opinion.
Communication with Group Management and Those Charged with

Governance
.48 The group engagement team should communicate to group management and
those charged with governance of the group material weaknesses and significant
deficiencies in internal control that are relevant to the group (either identified by
the group engagement team or brought to its attention by a component auditor
during the audit) (AU-C 600.46).
.49 If fraud has been identified by the group engagement team or brought to its
attention by a component auditor or if information indicates that a fraud may
exist, the group engagement team should communicate this on a timely basis to
the appropriate level of group management in order to inform those with primary
responsibility for preventing and detecting fraud of matters relevant to their
responsibilities (AU-C 600.47).
.50 When a component auditor has been engaged to express an audit opinion on the
financial statements of a component, the group engagement team should request
that group management inform component management of any matter of which
the group engagement team becomes aware that may be significant to the
financial statements of the component, but of which component management
may be unaware. If group management refuses to communicate the matter to
component management, the group engagement team should discuss the matter
with those charged with governance of the group. If the matter remains
unresolved, the group engagement team, subject to legal and professional
confidentiality considerations, should consider whether to advise the component
auditor not to issue the auditor’s report on the financial statements of the
component until the matter is resolved and whether to withdraw from the
engagement (AU-C 600.48).
.51 The group engagement team should communicate the following matters—in
addition to those discussed in FAM 215.26 through .38—to those charged with
governance of the group (AU-C 600.49):
a. an overview of the type of work to be performed on the financial information

of the components, including the basis for the decision to make reference to
the audit of a component auditor in the auditor’s report on the group financial
statements;
b. an overview of the nature of the group engagement team’s planned

involvement in the work that the component auditors are to perform on the
financial information of significant components;

c. instances in which the group engagement team’s evaluation of a component
auditor’s work gave rise to a concern about the quality of that auditor’s work;
d. any limitations on the group audit (for example, when the group engagement
team’s access to information may have been restricted); and
e. fraud or suspected fraud involving group management, component

management, employees who have significant roles in group-wide controls,
or others in which a material misstatement of the group financial statements
has or may have resulted from fraud.
Documentation
.52 The group engagement team should include the following in the audit
documentation (AU-C 600.50):
a. an analysis of components indicating those that are significant and the type of
work performed on the financial information of the components;
b. those components for which reference to the reports of component auditors is

made in the auditor’s report on the group financial statements;
c. written communications between the group engagement team and the

component auditors about the group engagement team’s requirements; and
d. for those components for which reference is made in the auditor’s report on
the group financial statements to the audit of a component auditor,
• the financial statements of the component and the report of the

component auditor thereon and
• when the component auditor’s report on the component’s financial

statements does not state that the audit of the component’s financial
statements was performed in accordance with GAGAS (which
incorporates U.S. GAAS) or the standards promulgated by the PCAOB,
the basis for the group engagement partner’s determination that the
component auditor’s audit met the relevant requirements of GAGAS.
.53 In addition, when the group engagement team performs additional audit
procedures, the group engagement team’s documentation should contain a
description of the work (this may be a list of the documents the auditor examined
or tick marks on a copy of the component auditor’s documentation if that is the
basis for the selection) and the group engagement team’s conclusion. It is not
necessary to retain copies of the documents examined.
.54 There is a difference between the group engagement team’s responsibilities to

review the documentation of component auditors and what the group
engagement team may copy and retain from that documentation. The group
engagement team uses professional judgment in deciding which of the

component auditor’s documents to copy and retain. However, many auditors use
electronic technology to retain documentation for the entire audit. The group
engagement team may cite this documentation as part of the review to include
any additional audit procedures performed on the component auditor’s work. The
group engagement team may print any documents as necessary.
.55 The group engagement team may retain other documentation if it might be useful
in understanding the entity, training staff members, planning future audits,
reviewing the documentation, or writing the report. Documentation in this
category includes the entity profile (or equivalent), audit strategy, audit
procedures, LIRA and SCE worksheets (or equivalent), trial balance or lead
schedules, management representation letter, and legal counsel response.
Auditors often find it helpful to keep copies of documents (either electronically or
in hard copy) in case questions are raised in review but not to include those
copies in the audit documentation unless they are needed to document the work
performed.
The group engagement team should retain documents in accordance with the
contract or other legal requirements, but not less than 5 years from the report
release date (AU-C 230.17). Audit procedures may indicate which documents to
retain. These documents should be included in the final audit file by the
documentation completion date (no later than 60 days after the report release
date). The auditor should not discard documents between the documentation
completion date and the end of the specified retention period (AU-C 230.16
through .17). In documenting the review, auditors may indicate the document
number or index number used by the component auditor in order to locate the
document at a later date.
Ownership and confidentiality of audit documentation is determined by contract

and other legal requirements (see AU-C 230.A29).
Additional Procedures if Assuming Responsibility for a Component

Auditor’s Work
Materiality
.56 During an audit of a component’s financial information in which the auditor of the
group financial statements is assuming responsibility for the component auditor’s
work, the group engagement team should evaluate the appropriateness of
performance materiality at the component level (AU-C 600.51).
Determining the Type of Work to Be Performed on the Financial Information

of Components
.57 For components for which the auditor of the group financial statements is
assuming responsibility for the component auditors’ work, the group engagement
team should determine the type of work to be performed by the group
engagement team or by component auditors on its behalf on the components’

financial information. The group engagement team also should determine the
nature, timing, and extent of its involvement in the work of component auditors
(see FAM 630.09 through .10 for a suggested framework for planning and
performing a low, moderate, or high level of review of the component auditor’s
documentation) (AU-C 600.52).
.58 The group engagement team alone is responsible for determining the extent of
additional procedures, if any, based on professional judgment. This
determination in no way constitutes a reflection on the adequacy of the auditor’s
work.
.59 The objective of these additional procedures is for the group engagement team
to obtain additional evidence about whether key items are properly handled and
supported by sufficient appropriate evidence. For example, the group
engagement team generally should discuss key items with entity management,
especially estimates and judgments. This discussion generally should be
conducted with the component auditors present. The group engagement team
generally should attend the entrance and exit conferences and other key
meetings held by component auditors. For key items that have high risk of
material misstatement, discussions with entity management may not provide
sufficient evidence, and the group auditor should perform additional audit
procedures.
.60 The group engagement team may perform additional audit procedures on a
selection of the component auditor’s work, and/or additional tests of the
accounting records. To perform additional audit procedures, the group
engagement team should obtain access to the entity’s personnel and its books
and records. The group engagement team may coordinate access to the entity’s
personnel and records through the component auditor. The group engagement
team and the component auditor also may jointly perform parts of a test, where
the audit sample is planned jointly and the results are evaluated jointly. Although
additional audit procedures are usually performed only when the level of review
is high, the group engagement team may perform additional audit procedures in
other situations to learn about the entity, to help the component auditor plan
future audits, or to help entity management correct problems.
.61 The group engagement team generally should limit discussions with entity
management and/or additional audit procedures to significant assertions in line
items that have a high risk of material misstatement. This is especially true in
areas involving estimates and judgments or in areas on which users place
extensive reliance. The group engagement team’s additional audit procedures
generally should include some items tested by the component auditor,
particularly any that appear to be exceptions, in order to determine whether they
were appropriately evaluated in formulating an opinion. The group engagement
team generally should plan to perform additional audit procedures while the
component auditors are at the entity and have access to records, as this can
minimize the inconvenience for everyone.
Significant Components
.62 For a component that is significant due to its individual financial significance to
the group, the group engagement team, or a component auditor on its behalf,

should perform an audit of the financial information of the component, adapted as
necessary to meet the needs of the group engagement team, using component
materiality (AU-C 600.53).
.63 For a component that is significant not due to its individual financial significance
but because it is likely to include significant risks of material misstatement of the
group financial statements due to its specific nature or circumstances, the group
engagement team, or a component auditor on its behalf, should perform one or
more of the following (AU-C 600.54):
a. an audit, adapted as necessary to meet the needs of the group engagement

team, of the financial information of the component, using component
materiality;
b. an audit, adapted as necessary to meet the needs of the group engagement

team, of one or more account balances, classes of transactions, or note
disclosures relating to the likely significant risks of material misstatement of
the group financial statements; or
c. specified audit procedures relating to the likely significant risks of material

misstatement of the group financial statements.
Components That Are Not Significant
.64 For components that are not significant components, the group engagement
team should perform analytical procedures at the group level (AU-C 600.55).
.65 In some circumstances, the group engagement team may determine that
sufficient appropriate audit evidence on which to base the group audit opinion will
not be obtained from the following (AU-C 600.56):
a. the work performed on the financial information of significant components,
b. the work performed on group-wide controls and the consolidation process, or
c. the analytical procedures performed at group level.
In such circumstances, the group engagement team should select additional

components that are not significant components and should perform or request
that a component auditor perform one or more of the following on the financial
information of the individual components selected (AU-C 600.56):
a. an audit, adapted as necessary to meet the needs of the group engagement

team, of the financial information of the component, using component
materiality;
b. an audit, adapted as necessary to meet the needs of the group engagement

team, of one or more account balances, classes of transactions, or note
disclosures;

c. a review of the financial information of the component, adapted as necessary
to meet the needs of the group engagement team, using component
materiality; or
d. specified audit procedures.
The group engagement team should vary the selection of such individual
components over a period of time (AU-C 600.56).
Involvement in the Work Performed by Component Auditors

Significant Components – Risk Assessment
.66 When a component auditor performs an audit or other specified audit procedures
of the financial information of a significant component for which the auditor of the
group financial statements is assuming responsibility for the component auditor’s
work, the group engagement team should be involved in the risk assessment of
the component to identify significant risks of material misstatement of the group
financial statements. The nature, timing, and extent of this involvement are
affected by the group engagement team’s understanding of the component
auditor but, at a minimum, should include the following (AU-C 600.57):
a. discussing with the component auditor or component management the

component’s business activities of significance to the group,
b. discussing with the component auditor the susceptibility of the component to

material misstatement of the financial information due to fraud or error, and
c. reviewing the component auditor’s documentation of identified significant

risks of material misstatement of the group financial statements—such
documentation may take the form of a memorandum that reflects the
component auditor’s conclusion with regard to the identified significant risks.
Further Audit Procedures for Identified Significant Risk of Material

Misstatement of the Group Financial Statements
.67 When significant risks of material misstatement of the group financial statements
have been identified at a component for which the auditor of the group financial
statements is assuming responsibility for the work of the component’s auditor,
the group engagement team should evaluate the appropriateness of the further
audit procedures to be performed to respond to the identified significant risks of
material misstatement of the group financial statements. Based on its
understanding of the component auditor, the group engagement team should
determine whether it is necessary to be involved in the further audit procedures
(AU-C 600.58).
Subsequent Events
.68 When component auditors perform work other than audits of the components’
financial information at the request of the group engagement team, the group
engagement team should request that the component auditors notify the group

engagement team if they become aware of events at those components that
occur between the dates of the financial information of the components and the
date of the auditor’s report on the group financial statements that may require an
adjustment to, or disclosure in, the group financial statements (AU-C 600.59).
Communication with a Component Auditor
.69 When the auditor of the group financial statements is assuming responsibility for
the work of a component auditor, the communication required in FAM 630.36
should set out the work to be performed and the form and content of the
component auditor’s communication with the group engagement team. It also
should include, in the case of an audit or review of the financial information of the
component, component materiality (and the amount or amounts lower than the
materiality for particular classes of transactions, account balances, or note
disclosures, if applicable) and the threshold above which misstatements cannot
be regarded as clearly trivial to the group financial statements (AU-C 600.60).
.70 When the auditor of the group financial statements is assuming responsibility for
the work of a component auditor, the communication requested from the
component auditor, as required in FAM 630.37, also should include the following
(AU-C 600.61):
a. Whether the component auditor has complied with the group engagement
team’s requirements.
b. Information on instances of noncompliance with provisions of applicable laws

or regulations at the component or group level that could give rise to a
material misstatement of the group financial statements.
c. Significant risks of material misstatement of the group financial statements,

due to fraud or error, identified by the component auditor in the component
and the component auditor’s responses to such risks. The group engagement
team should request that the component auditor communicate such
significant risks on a timely basis.
d. A list of corrected and uncorrected misstatements of the financial information

of the component (the list need not include misstatements that are below the
threshold for clearly trivial misstatements communicated by the group
engagement team).
e. Indicators of possible management bias regarding accounting estimates and

the application of accounting principles.
f. Descriptions of any identified material weaknesses and significant

deficiencies in internal control at the component level.
g. Other significant findings and issues that the component auditor

communicated or expects to communicate to those charged with governance
of the component, including fraud or suspected fraud involving component
management, employees who have significant roles in internal control at the
component level, or others that resulted in a material misstatement of the
component’s financial information.

h. Any other matters that may be relevant to the group audit or that the
component auditor wishes to draw to the attention of the group engagement
team, including exceptions noted in the written representations that the
component auditor requested from component management.
Evaluating a Component Auditor’s Communication and Adequacy of the

Component Auditor’s Work
.71 The group engagement team should determine, based on the evaluation required
in FAM 630.38, whether it is necessary to review other relevant parts of a
component auditor’s audit documentation (see FAM 630.09 through .10 for a
suggested framework for planning and performing a low, moderate, or high level
of review of the component auditor’s documentation) (AU-C 600.62).
.72 If the group engagement team concludes that the work of a component auditor is
insufficient, the group engagement team should determine additional procedures
to be performed and whether they are to be performed by the component auditor
or by the group engagement team (AU-C 600.63).
Communication with Group Management and Those Charged with

Governance
.73 If assuming responsibility for the component auditors’ work, the group
engagement team should determine which material weaknesses and significant
deficiencies in internal control that component auditors have brought to the
attention of the group engagement team should be communicated to group
management and those charged with governance of the group (AU-C 600.64).
Documentation
.74 The group engagement team should include in the audit documentation the
nature, timing, and extent of the group engagement team’s involvement in the
work performed by the component auditors on significant components, including,
when applicable, the group engagement team's review of relevant parts of the
component auditors’ audit documentation and conclusions thereon
(AU-C 600.65).

640 – Entities Using a Service Organization

Overview
.01 FAM 640 provides guidance to auditors when considering the services provided
to the entity by a service organization. As discussed in FAM 310.11, the auditor
should obtain an understanding of how the entity uses the services of a service
organization in the entity’s operations for assessing risk and planning other audit
procedures. 10
.02 Many entities outsource aspects of their business activities to organizations that
provide services ranging from performing a specific task under the direction of
the entity to replacing entire business units or functions of the entity. Many of the
services provided by such organizations are integral to an entity’s business
operations; however, not all of those services are relevant to an audit
(AU-C 402.02). Services provided by service organizations that may be relevant
to an audit include maintenance of the entity’s accounting records; management
of the user entity’s assets; and initiating, authorizing, recording, or processing
transactions as an agent of the user entity.
.03 Services provided by a service organization are relevant to the audit of an entity’s
financial statements when those services and the controls over them affect the
entity’s information system, including related business processes, relevant to
financial reporting. Although most controls at a service organization are likely to
relate to financial reporting, other controls also may be relevant to the audit, such
as controls over the safeguarding of assets. A service organization’s services are
part of an entity’s information system, including related business processes,
relevant to financial reporting if these services affect any of the following
(AU-C 402.03):
a. The classes of transactions in the entity’s operations that are significant to the
entity’s financial statements.
b. The procedures within both information technology and manual systems by

which the entity’s transactions are initiated, authorized, recorded, processed,
corrected as necessary, transferred to the general ledger, and reported in the
c. The related accounting records, supporting information, and specific accounts

in the entity’s financial statements that are used to initiate, authorize, record,
process, and report the entity’s transactions. This includes correcting of
incorrect information and how information is transferred to the general ledger;
the records may be in either manual or electronic form.
d. How the entity’s information system captures events and conditions, other
than transactions, that are significant to the financial statements.
10In this section, “auditor” refers to the “user auditor” and “entity” refers to “user entity” as defined in AU-C 402.

e. The financial reporting process used to prepare the entity’s financial
statements, including significant accounting estimates and note disclosures.
f. Controls surrounding journal entries—including nonstandard journal entries

used to record nonrecurring, unusual transactions—or adjustments.
.04 The nature and extent of work to be performed by the auditor regarding the
services provided by a service organization depend on the nature and
significance of those services to the entity and the relevance of those services to
the audit (AU-C 402.04). If the service organization’s internal control activities are
included in the SCE worksheet, then the auditor should follow the guidance
outlined in the remaining paragraphs of this section.
.05 In responding to the assessed risks of material misstatement in accordance with

FAM 420, the auditor should determine whether sufficient appropriate audit
evidence concerning the relevant financial statement assertions is available from
records held at the entity. If not, then the auditor should perform further audit
procedures to obtain sufficient appropriate audit evidence or use another auditor
to perform those procedures at the service organization on the auditor’s behalf
(AU-C 402.15). For example, the auditor may consider (1) inspecting records and
documents held by the service organization or (2) obtaining confirmations of
balances and transactions from the service organization (AU-C 402.A28).
Alternatively, a service auditor may perform procedures under an agreed-upon
procedures engagement that are substantive in nature for the benefit of the
auditor (AU-C 402.A29).
.06 OMB audit guidance states that for those service organization controls that are
relevant to the audit and have been suitably designed and implemented, service
organizations must provide the entity with an auditor’s report or allow auditors to
perform appropriate tests of controls at the service organization. 11 A service
organization may provide the entity with one of the following (AU-C 402.08):
• Type 1 report – a report on management’s description of a service

organization’s system and a service auditor’s report on that description and
on the suitability of the design of controls.
• Type 2 report – a report on management’s description of a service

organization’s system and a service auditor’s report on that description and
on the suitability of the design and operating effectiveness of controls. 12
11The OMB audit guidance in effect as of the publication date of this version of the FAM is OMB Bulletin No. 22-01,
Audit Requirements for Federal Financial Statements, issued on August 26, 2022. OMB audit guidance is periodically
updated, and the current version can be found on the OMB website at https://www.whitehouse.gov/omb/bulletins
(accessed on May 1, 2023).
12Type 1 and type 2 reports focus on controls likely to be relevant to entities’ internal control over financial reporting,
issued under the AICPA’s Clarified Statement on Standards for Attestation Engagements (AT-C) 320, Reporting on
an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial
Reporting. There are other types of reports on service organizations that may be available, including reports on
controls at a service organization other than those likely to be relevant to entities’ internal control over financial
reporting (for example, controls that are relevant to entities’ compliance with specified requirements of laws,
regulations, contracts, or grant agreements).

Typically, the auditor will obtain a type 2 report that provides audit evidence
whether controls at the service organization are operating effectively. FAM 640 A
provides an assessment tool designed to assist the auditor in evaluating a type 2
report that can provide audit evidence about whether controls at a service
organization are operating effectively and support the auditor’s risk assessment
and report on internal control over financial reporting.
.07 In determining the sufficiency and appropriateness of the audit evidence provided
by a type 1 or type 2 report, the auditor should be satisfied regarding the
• the service auditor’s professional competence and independence from the

service organization (also see FAM 615) and
• the adequacy of the standards under which the type 1 or type 2 report was
issued.
.08 The auditor generally should obtain and review a type 1 or type 2 report, if
available, to determine if it contains information that may affect the audit or
increase the risks of material misstatement, even if the auditor does not plan to
rely on the report to support the auditor’s risk assessment or report on internal
.09 The auditor should not refer to the work of a service auditor in the auditor’s report
containing an unmodified opinion (AU-C 402.21). Based on AU-C 940.96, the
auditor also should not refer to the service auditor’s report in the report on internal
Evaluate the Design and Implementation of Controls

.10 As discussed in FAM 310.11, the auditor should evaluate the design and
implementation of relevant controls at the entity that relate to the services
provided by the service organization. The auditor should determine whether a
sufficient understanding of the nature and significance of the services provided by
the service organization and their effect on the entity’s internal control relevant to
the audit has been obtained to provide a basis for the identification and
assessment of risks of material misstatement (AU-C 402.11). If the auditor is
unable to obtain a sufficient understanding from the entity, the auditor should
obtain that understanding from one or more of the following procedures
(AU-C 402.12):
a. obtaining and reading a type 1 or type 2 report, if available;
b. contacting the service organization, through the entity, to obtain specific

information;
c. visiting the service organization and performing procedures that will provide
the necessary information about the relevant controls at the service
organization; or
d. using another auditor to perform procedures that will provide the necessary
information about the relevant controls at the service organization.

.11 As discussed in FAM 640.08, the auditor generally should obtain and read a type
1 or type 2 report, if available. The auditor may determine that additional
procedures are necessary based on reading the report. If the auditor plans to use
a type 1 or type 2 report as audit evidence to support the auditor’s understanding
about the design and implementation of controls at the service organization, the
auditor should
a. evaluate whether the type 1 report is as of a date, or in the case of a type 2

report, is for a period that is appropriate for the auditor’s purposes;
b. evaluate the sufficiency and appropriateness of the evidence provided by the

report for the understanding of the entity’s internal control relevant to the
audit; and
c. determine whether complementary user entity controls identified by the

service organization are relevant in addressing the risks of material
misstatement relating to the relevant assertions in the entity’s financial
statements and, if so, obtain an understanding of whether the entity has
designed and implemented such controls (AU-C 402.14).
Evaluate the Operating Effectiveness of Controls

.12 As discussed in FAM 310.02, OMB audit guidance requires the auditor to
perform sufficient tests of internal controls that have been suitably designed and
implemented to support a low level of assessed control risk. When the auditor’s
risk assessment includes an expectation that controls at the service organization
are operating effectively, the auditor should obtain audit evidence about the
operating effectiveness of those controls from one or more of the following
procedures (AU-C 402.16):
a. obtaining and reading a type 2 report, if available;
b. performing appropriate tests of controls at the service organization; or
c. using another auditor to perform tests of controls at the service organization

on behalf of the auditor.
As discussed in FAM 640.08, the auditor generally should obtain and read a type
2 report, if available. The auditor may determine that additional procedures are
necessary based on reading the report.
.13 If the auditor plans to use a type 2 report as audit evidence that controls at the
service organization are operating effectively, the auditor should determine
whether the service auditor’s report provides sufficient appropriate audit evidence
about the effectiveness of the controls to support the auditor’s risk assessment
by
a. evaluating whether the type 2 report is for a period that is appropriate for the
auditor’s purposes;
b. determining whether complementary user entity controls that the service

organization identified are relevant in addressing the risks of material

misstatement relating to the relevant assertions in the entity’s financial
statements and, if so, obtaining an understanding of whether the entity has
designed and implemented such controls effectively and, if so, testing their
operating effectiveness;
c. evaluating the adequacy of the time period covered by the tests of controls
and the time elapsed since the performance of the tests of controls; and
d. evaluating whether the tests of controls that the service auditor performed
and the results thereof, as described in the service auditor’s report, are
relevant to the assertions in the entity’s financial statements and provide
sufficient appropriate audit evidence to support the auditor’s risk assessment
(AU-C 402.17).
Audit of Internal Control over Financial Reporting
.14 As discussed in FAM 310.11, in performing an audit of internal control over

financial reporting, the auditor should consider the activities of the service
organization when determining the evidence required to support the auditor’s
opinion on the effectiveness of the entity’s internal control over financial
reporting. The auditor should obtain evidence that controls at the service
organization that are relevant to the auditor’s opinion on internal control over
financial reporting are operating effectively (AU-C 940.89). If the auditor plans to
use a type 2 report as audit evidence that controls are operating effectively, the
auditor should perform the following:
a. Determine whether the type 2 report provides sufficient appropriate audit

evidence about the effectiveness of the controls to support the auditor’s
opinion by evaluating
• the time period covered by the tests of controls and its relation to the date
specified in management’s assessment about the effectiveness of internal
control over financial reporting (i.e., balance sheet date);
• the scope of the service auditor’s work and the services and processes
covered, the controls tested, and the tests that were performed and the
way in which tested controls relate to the entity’s controls; and
• the results of those tests of controls and the service auditor’s opinion on
the operating effectiveness of the controls (AU-C 940.04a and .90).
b. Inquire of management to determine whether management has identified any

changes in the service organization’s controls subsequent to the period
covered by the service auditor’s report. If management has identified such
changes, the auditor should evaluate the effect of such changes on the
effectiveness of the entity’s internal control over financial reporting (AU-C
940.93).
c. Evaluate whether the results of other procedures the auditor performed

indicate that there have been changes in the controls at the service
organization (AU-C 940.93).

d. Determine whether to obtain additional evidence about the operating
effectiveness of controls at the service organization based on (1) the
procedures performed by management or the auditor and the results of those
procedures and (2) an evaluation of the following risk factors (AU-C 940.06b
and .94):
• the elapsed time between the time period covered by the tests of controls
in the service auditor’s report and the balance sheet date,
• the significance of the activities of the service organization,
• whether there are errors that have been identified in the service
organization’s processing, and
• the nature and significance of any changes in the service organization’s

controls identified by management or the auditor.
e. When a significant period of time has elapsed between the time period
covered by the tests of controls in the service auditor’s report and the balance
sheet date, perform additional procedures to obtain sufficient appropriate
audit evidence about the operating effectiveness of the controls at the service
organization that are relevant to the auditor’s opinion on internal control over
financial reporting (AU-C 940.06b and .95).
.15 If the auditor concludes that additional evidence about the operating
effectiveness of controls at the service organization is required, the auditor’s
additional procedures might include
a. evaluating procedures performed by management and the results of those

procedures;
b. contacting the service organization, through the entity, to obtain specific

information;
c. requesting that a service auditor be engaged to perform procedures that will

supply the necessary information; and
d. visiting the service organization and performing such procedures (AU-C

940.A147).
Use of Subservice Organizations

.16 An entity may use a service organization that in turn uses a subservice
organization to provide some of the services provided to the entity that are
relevant to the entity’s internal control over financial reporting. The subservice
organization may be a separate entity from the service organization or may be
related to the service organization.
In situations in which one or more subservice organizations are used, the

interaction between the activities of the entity and those of the service
organization is expanded to include the interaction between the entity, the
service organization, and the subservice organizations. The degree of this

interaction as well as the nature and materiality of the transactions processed by
the service organization and the subservice organizations are the most important
factors for the auditor to consider in determining the significance of the service
organization’s and subservice organization’s controls to the entity’s controls. (AU-
C 402.A20)
.17 If a service organization uses a subservice organization, the service auditor’s

report may either include or exclude the subservice organization’s relevant
control objectives and related controls in the service organization’s description of
its system and in the scope of the service auditor’s engagement. These two
methods of reporting are known as the inclusive method and the carve-out
method, respectively (AU-C 402.A42). The following describes each method (AT-
C 320.08):
• Inclusive method. Method of addressing the services provided by a

subservice organization whereby management’s description of the service
organization’s system includes a description of the nature of the services that
the subservice organization provided as well as the subservice organization’s
relevant control objectives and related controls.
• Carve-out method. Method of addressing the services provided by a

subservice organization whereby management’s description of the service
organization’s system identifies the nature of the services that the subservice
organization performed and excludes from the description and from the scope
of the service auditor’s engagement the subservice organization’s relevant
control objectives and related controls.
.18 Based on AU-C 402.18, if the auditor plans to use a type 1 or a type 2 report that
excludes the services provided by a subservice organization and those services
are relevant to the audit of the entity’s financial statements, the auditor should
apply the requirements of FAM 640 with respect to the services provided by the
subservice organization. These includes obtaining an understanding of whether
the subservice organization has effectively designed and implemented the
relevant subservice organization controls and, if so, obtaining audit evidence
about their operating effectiveness.
The nature and extent of the work to be performed by the auditor regarding the
services provided by a subservice organization depend on the nature and
significance of those services to the entity and the relevance of those services to
the audit (AU-C 402.A42). Based on AU-C 402.A42, the application of FAM
310.11 assists the auditor in determining the effect of the subservice organization
and the nature and extent of work to be performed.

640 A – Service Organization Type 2 Report Assessment Tool

A type 2 report can provide audit evidence about whether controls at a service organization
were operating effectively and support the auditor’s risk assessment and report on internal
control over financial reporting. 13 The auditor may complete the following tool for each type 2
report prepared for a service organization that performs controls likely to be relevant to an
entity’s internal control over financial reporting.
If available, the auditor generally should obtain or arrange access to (1) the most recent type 2
report, (2) documentation of management’s review of this report, and (3) the most recent peer
review report for the service auditor that prepared this report.
Based on review of the documentation, this tool will assist the auditor in determining whether
a. the audit evidence provided by the type 2 report is sufficient and appropriate for meeting the
auditor’s objectives;
b. the relevant internal controls at the service organization and any relevant complementary
user entity and subservice organization controls were designed, implemented, and operating
effectively;
c. effective compensating controls were in place for those relevant internal controls determined
to be ineffective;
d. management appropriately reviewed and documented the results of its review of the type 2
report, reached reasonable conclusions, and took appropriate actions to address any control
objectives not adequately addressed in the type 2 report and any exceptions identified that
have an impact on the relevant internal controls; and
e. additional procedures are needed to obtain sufficient appropriate audit evidence about the
operating effectiveness of controls at the service organization or at the entity.
13A type 2 report consists of a report on management’s description of a service organization’s system and a service
auditor’s report on that description and on the suitability of the design and operating effectiveness of controls. Type 2
reports focus on controls likely to be relevant to entities’ internal control over financial reporting, issued under the
AICPA’s Clarified Statement on Standards for Attestation Engagements (AT-C) 320, Reporting on an Examination of
Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting. There are
other types of reports on service organizations that may be available, including reports on controls at a service
organization other than those likely to be relevant to entities’ internal control over financial reporting (for example,
controls that are relevant to entities’ compliance with specified requirements of laws, regulations, contracts, or grant
agreements).
Updated May 2023 GAO/CIGIE Financial Audit Manual Page 640 A-1
I. Name of Service Organization
ABC Service Organization
II. Description of Service Provided or Name of Financial Reporting

System(s) the Service Organization Owns/Operates
ABC Service Organization processes XYZ Entity’s payroll transactions. ABC Service
Organization owns and operations XXX IT system to process payroll.
III. Description of Financial Statement Impact (e.g., nature of entity

transactions processed, prior-year or year-to-date dollar value,
transaction volume, and how it is reported in the financial statements)
Payroll transactions are recorded in “Payroll Expense” line item in the Statement of Net Cost
and “Accrued Liabilities” line item on the Balance Sheet. For FY 20XX, the amount of Payroll
Expense was $XXX million and the amount of Accrued Liabilities (related to payroll) was
$XXX million. Transactions are recorded biweekly.
IV. Date of the Type 2 Report and the Period Covered
Report issued September XX, 20X1, covering the period October 1, 20XX, through June 30,
20X1
V. Name of the Service Auditor and Date of Most Recent Peer Review
Report
IPA Public Accountants.

Peer review report certified through November 30, 20XX.
VI. Audit Cycles Affected by the Service Organization
Payroll cycle and Accounts Payable cycle
VII. List of Control Activities from the Specific Control Evaluation (SCE)
Worksheet That Are Being Reviewed for This Type 2 Report
SCE.1:
1a.1 Only authorized users have access to XXX IT System.
2a.2 ABC Service Organization accountant prepares a monthly reconciliation of payroll

disbursements recorded in XXX IT System and the reconciliation is reviewed and approved
by the ABC Service Organization manager.
VIII. Observations and Conclusions

The questions in this section are to be answered “yes,” “no,” or “N/A” (not applicable). For any “no” responses,
provide an explanation in the space provided at the end of this assessment tool to support the auditor’s assessment
of the effect of the “no” response on the audit. The auditor may also use this space to explain other responses and to
note additional observations.
Yes,
No, Initials Audit doc.
Questions N/A and date references
Assess the adequacy of the standards under which the type 2 report was issued
1) Did the auditor determine that the standards under which the report
was issued are adequate?
If the report states that the examination was conducted in accordance
with attestation standards established by the AICPA, answer “yes.”
Otherwise, assess the adequacy of the standards under which the
report was issued following guidance in AU-C 402.A21 and .A23.
Assess the service auditor’s independence and professional competence
2) Did the auditor determine that the service auditor is independent of

the service organization?
Unless evidence to the contrary comes to the auditor’s attention, a
service auditor’s report implies that the service auditor is independent
of the service organization (note that the service auditor need not be
independent of the entity). The auditor may assess the service
auditor’s independence using chapter 3 of GAGAS (2018)
(Independence). See FAM 615 for guidance.
3) Did the auditor determine that the service auditor has the necessary
competence for the auditor’s purposes?
If the service auditor passed a recent peer review with no deficiencies
and there is no evidence indicating that the service auditor is not
competent, answer “yes.”
If the service auditor passed a recent peer review with deficiencies or
a recent peer review report is not available, assess the service
auditor’s competence using chapter 4 of GAGAS (2018)
(Competence). See FAM 615 for guidance.
If the service auditor failed its recent peer review, answer “no” and
assess the effect on the audit.
Assess the time period covered by the type 2 report
4) If the time period of the report is not the same as the entire period of
the audit, did the auditor determine whether additional procedures are
needed to obtain sufficient appropriate audit evidence about the
operating effectiveness of the control activities listed in section VII for
the period not covered by the report?
a) If the auditor determined that additional audit evidence is needed,

did the auditor perform procedures to obtain such evidence?
Additional procedures may include (a) reviewing a bridge/gap
letter provided by the service organization indicating whether
there have been material changes in the service organization’s
Yes,
controls subsequent to the period covered by the type 2 report, (b)
reviewing a service organization report(s) for additional time
periods, or (c) testing the operating effectiveness of relevant
controls at the service organization.
5) [For audits of internal control over financial reporting]

If a significant period of time has elapsed between the time period
covered by the report and the balance sheet date, did the auditor
perform additional procedures to obtain sufficient appropriate audit
evidence about the operating effectiveness of the control activities
listed in section VII as of the balance sheet date?
Additional procedures may include (a) reviewing a bridge/gap letter
(or equivalent), (b) reviewing a service organization report(s) for
additional time periods, or (c) testing the operating effectiveness of
relevant controls at the service organization.

Did the auditor inquire of management to determine whether
management has identified any changes in the service organization’s
controls subsequent to the period covered by the report?
a) If management identified such changes, did the auditor evaluate

their effect on the auditor’s assessment of the effectiveness of
the control activities listed in section VII?

Did the auditor evaluate whether the results of other procedures
performed by the auditor indicate that there have been changes in the
service organization’s controls subsequent to the period covered by
the report?
a) If the auditor identified such changes, did the auditor evaluate

their effect on the auditor’s assessment of the effectiveness of
the control activities listed in section VII?
Evaluate the sufficiency and appropriateness of the audit evidence provided by the type 2 report
8) Are the internal control activities listed in section VII of this

assessment tool included in the report?
9) Did the auditor determine that there are no exceptions identified in the
report that affect the auditor’s assessment of the effectiveness of the
control activities listed in section VII? If no, see step 12 below.
10) Does the SCE worksheet include any complementary user entity and
subservice organization controls identified in the report that are
relevant in addressing the risks of material misstatement?
11) Did the auditor determine that the complementary user entity and
subservice organization controls identified in step 10 were designed,
implemented, and operating effectively? If no, see step 12 below.
12) If controls are determined to be ineffective in steps 9 or 11, were

there effective compensating controls in place?
Yes,
13) Did the auditor determine whether the report provides sufficient
appropriate audit evidence about the effectiveness of controls to
support the auditor’s risk assessment by:
• evaluating whether the report is for a period that is appropriate for
the auditor’s purposes;
• determining (a) whether complementary user entity controls that
the service organization identified are relevant in addressing the
risks of material misstatement relating to the relevant assertions in
the entity’s financial statements and, if so, (b) whether the entity
has designed, implemented, and operated such controls effectively;
• evaluating the adequacy of the time period covered by the test of
controls and the time elapsed since the performance of the tests of
controls; and
• evaluating whether the tests of controls that the service auditor
performed and the results thereof, as described in the type 2
report, are relevant to the assertions in the entity’s financial
statements and provide sufficient appropriate audit evidence to
support the auditor’s risk assessment.

Did the auditor determine that the report provides sufficient
appropriate audit evidence about the effectiveness of controls to
support the auditor’s opinion by evaluating the
• time period covered by the tests of controls and its relation to the
balance sheet date;
• scope of the service auditor’s work and the services and processes
covered, the controls tested, and the tests that were performed and
the way in which tested controls relate to the entity’s controls; and
• results of those tests of controls and the service auditor’s opinion
on the operating effectiveness of controls?
Consider management’s evaluation of the type 2 report
15) Did management appropriately assess the report (including its timing,
scope, methodology, and any exceptions identified) to determine if it
provides management with reasonable assurance that the service
organization controls relevant to the entity’s financial reporting were
operating effectively?
a) If management determined that the report does not provide such

assurance, did management perform additional procedures to
obtain the assurance needed?
Additional procedures may include (1) contacting the service
organization to obtain specific information, (2) performing
procedures at the service organization that will provide the
necessary information about controls at the service organization,
or (3) obtaining an additional service organization report that will
provide the necessary information.
b) Did management assess whether the complementary user entity

and subservice organization controls, identified in the report and
relevant to the entity’s financial reporting, were operating
Yes,
effectively?
16) Did management appropriately document the results of its review of

the report and its assessment of the relevant complementary user
entity and subservice organization controls?
17) Are management’s conclusions reasonable and materially consistent

with the auditor’s conclusions?
18) Did management take appropriate actions to address any control

objectives not adequately addressed in the type 2 report and any
exceptions identified in the report that have an impact on the control
activities listed in section VII?
19) If any of the responses to questions 15 through 18 is “no,” did the

auditor determine the effect on the auditor’s (a) understanding of the
entity’s implementation of the Federal Managers’ Financial Integrity
Act of 1982 (FMFIA), (b) risk assessment, and (c) assessment of
internal control over financial reporting (see FAM 260)?
Determine whether sufficient appropriate audit evidence has been obtained

Based on the procedures performed by the auditor and management,
the results of those procedures, and an evaluation of the risk factors
listed below, did the auditor determine whether sufficient appropriate
audit evidence has been obtained about the operating effectiveness
of controls at the service organization to support the auditor’s opinion
on internal control over financial reporting?
• The elapsed time between the time period covered by the tests of
controls in the type 2 report and the balance sheet date.
• The significance of the activities of the service organization.
• Whether there are errors that have been identified in the service
organization’s process.
• The nature and significance of any changes in the service
organization’s controls identified by management or the auditor.
If the auditor determined that additional audit evidence is needed, see
FAM 640.15 for guidance.
Explanations for “no” responses
Additional observations, if any
645 – Using the Work of an Internal Auditor

Overview
.01 Certain entities employ auditors to work for entity management. These auditors
may be subject to administrative direction from persons involved in the entity
management process. Such audit organizations are internal auditors. FAM 645
addresses the auditor’s responsibilities when using the work of internal auditors.
Using the work of internal auditors includes (a) using the work of the internal
audit function in obtaining audit evidence and (b) using internal auditors to
provide direct assistance under the direction, supervision, and review of the
auditor (AU-C 610.01).
For purposes of U.S. GAAS, the meanings of the following terms are as follows
(AU-C 610.12):
• Internal audit function - a function of an entity that performs assurance and

consulting activities designed to evaluate and improve the effectiveness of
the entity’s governance, risk management, and internal control processes.
• Direct assistance - the use of internal auditors to perform audit procedures

under the direction, supervision, and review of the auditor.
.02 The auditor may be able to use the work of the internal audit function in obtaining
audit evidence in a constructive and complementary manner depending on
a. the level of competency of the internal audit function;
b. whether the internal audit function’s organizational status and relevant

policies and procedures adequately support the objectivity of the internal
auditors; and
c. whether the function applies a systematic and disciplined approach, including

quality control (AU-C 610.06).
This section addresses the auditor’s responsibilities when, based on the auditor’s
understanding of the internal audit function obtained as a result of procedures
performed in accordance with FAM 220 and 260, the auditor expects to use the
work of the internal audit function in obtaining audit evidence. Such use of that
work modifies the nature or timing, or reduces the extent, of audit procedures to
be performed directly by the auditor (AU-C 610.06).
.03 This section also addresses the auditor’s responsibilities if the auditor is
considering using internal auditors to provide direct assistance under the
direction, supervision, and review of the auditor (AU-C 610.07).
.04 There may be individuals in an entity who perform procedures similar to those
performed by an internal audit function. However, unless such procedures are
performed by an objective and competent function that applies a systematic and
disciplined approach, including quality control, such procedures would be
considered control activities, and obtaining evidence regarding the effectiveness

of such controls would be part of the auditor’s responses to assessed risks in
accordance with FAM 300 (AU-C 610.08).
.05 The auditor has sole responsibility for the audit opinion expressed, and that
responsibility is not reduced by the auditor’s use of the work of the internal audit
function in obtaining audit evidence or use of internal auditors to provide direct
assistance on the engagement. Although the function may perform audit
procedures similar to those performed by the auditor, neither the internal audit
function nor the internal auditors are independent of the entity as is required of
the auditor in an audit of financial statements in accordance with AU-C 200. This
section, therefore, defines the conditions that are necessary for the auditor to be
able to use the work of internal auditors. It also defines the effort necessary to
obtain sufficient appropriate evidence that the work of the internal audit function
or internal auditors providing direct assistance is adequate for the purposes of
the audit. The requirements are designed to provide a framework for the auditor’s
judgments regarding the use of the work of internal auditors to prevent overuse
or undue use of such work (AU-C 610.09).
Internal Audit Function

Planning for Using the Work of the Internal Audit Function
.06 The auditor should determine whether the work of the internal audit function can
be used in obtaining audit evidence by evaluating the following (AU-C 610.13):
a. The extent to which the internal audit function’s organizational status and
relevant policies and procedures support the objectivity of the internal
auditors.
b. The level of competence of the internal audit function.
c. The internal audit function’s application of a systematic and disciplined

approach, including quality control. Factors that may affect this determination
can include whether internal audit procedures include areas such as risk
assessments, work programs, documentation, and reporting. Another factor
includes whether the internal audit function has appropriate quality control
requirements in standards set by relevant professional bodies for internal
auditors (AU-C 610.A13).
See FAM 615 for guidance on evaluating the objectivity and competence of the
internal audit function.
.07 The auditor should not use the work of the internal audit function in obtaining
audit evidence if the external auditor determines that
a. the function’s organizational status and relevant policies and procedures do

not adequately support the objectivity of internal auditors;
b. the function lacks sufficient competence; or
c. the function does not apply a systematic and disciplined approach, including
quality control (AU-C 610.14).

.08 As a basis for determining the areas and the extent to which the work of the
internal audit function can be used, the auditor should consider the nature,
timing, and extent of the work that has been performed, or is planned to be
performed, by the internal audit function and its relevance to the auditor’s overall
audit strategy and audit plan (AU-C 610.15). For example, internal auditors may
be performing tests of relevant controls that address a material misstatement
related to the completeness of accounts payable. Alternatively, the internal
auditors may be observing physical inventories. In either case, the auditor may
change the timing or scope of its own testing when using the work of internal
auditors (AU-C 610.A20).
.09 The auditor should make all significant judgments in the audit engagement,
including when using the work of the internal audit function in obtaining audit
evidence (AU-C 610.16).
.10 To prevent undue use of the internal audit function in obtaining audit evidence,
the auditor should plan to use less of the work of the function and perform more
of the work directly
a. when there are greater levels of judgment involved in
• planning and performing relevant audit procedures or
• evaluating the audit evidence obtained;
b. the higher the assessed risk of material misstatement at the assertion level,
with special consideration given to significant risks;
c. the less the internal audit function’s organizational status and relevant
policies and procedures adequately support the objectivity of the internal
auditors; and
d. the lower the level of competence of the internal audit function

(AU-C 610.17).
.11 The auditor should also evaluate whether, in aggregate, using the work of the
internal audit function in obtaining audit evidence to the extent planned, together
with any planned use of internal auditors to provide direct assistance, would
result in the auditor still being sufficiently involved in the audit, given the auditor’s
sole responsibility for the audit opinion expressed (AU-C 610.18). This evaluation
should consider the auditor’s ability to address all relevant requirements of this
section and of AU-C 610 and other standards. It is not anticipated that the
auditor’s evaluation of using work of the internal audit function would be based
on a quantitative analysis, such as percentage of hours spent by internal audit
personnel in respect of the work being used by the auditor relative to total
engagement hours (AU-C 610.A23).
.12 In communicating an overview of the planned scope and timing of the audit to
those charged with governance in accordance with AU-C 260, the auditor should
communicate how the auditor has planned to use the work of the internal audit
function in obtaining audit evidence (AU-C 610.19). See FAM 215 for general
guidance on communicating with those charged with governance.

.13 If the auditor plans to use the work of the internal audit function in obtaining audit
evidence, the auditor should discuss the planned use of the work with the internal
audit function as a basis for coordinating their respective activities
(AU-C 610.20).
.14 The auditor should read the reports of the internal audit function that relate to the
work of the function that the auditor plans to use to obtain an understanding of
the nature and extent of audit procedures the internal audit function performed
and the related findings (AU-C 610.21).
Evaluating the Work of the Internal Audit Function
.15 The auditor should perform sufficient audit procedures on the body of work of the
internal audit function as a whole that the auditor plans to use to determine its
adequacy for purposes of the audit, including evaluating whether
a. the work of the function was properly planned, performed, supervised,

reviewed, and documented;
b. sufficient appropriate evidence was obtained to enable the function to draw

reasonable conclusions; and
c. conclusions reached are appropriate in the circumstances, and the reports

prepared by the function are consistent with the results of the work performed
(AU-C 610.22).
.16 The nature and extent of the auditor’s audit procedures should respond to the
auditor’s evaluation of
a. the amount of judgment involved in
• planning and performing relevant audit procedures and
• evaluating the audit evidence obtained;
b. the assessed risk of material misstatement;
c. the extent to which the internal audit function’s organizational status and
relevant policies and procedures support the objectivity of the internal
auditors; and
d. the function’s level of competence (AU-C 610.23).
.17 The auditor should also reperform some of the body of work of the internal audit
function that the auditor intends to use in obtaining audit evidence
(AU-C 610.23). The auditor may focus this reperforming on areas where more
judgment was used by the internal audit function in planning, performing, and
evaluating the results of the audit procedures and in areas at higher risk of
material misstatement (AU-C 610.A36).
.18 Before the conclusion of the audit, the auditor should evaluate whether the
auditor’s conclusions regarding the internal audit function based on FAM 645.06

and the determination of the nature and extent of use of the work of the function
for purposes of the audit in FAM 645.09 through .11 remain appropriate (AU-C
610.24).
Direct Assistance
Planning for Internal Auditors to Provide Direct Assistance
.19 If the auditor plans to use internal auditors to provide direct assistance on the
audit, the auditor should evaluate the existence and significance of threats to the
objectivity of the internal auditors who will be providing direct assistance, as well
as any safeguards applied to reduce or eliminate the threats, and the level of
competence of the internal auditors who will be providing such assistance.
(AU-C 610.25) See FAM 615 for guidance on evaluating the objectivity and
competence of internal auditors providing direct assistance.
.20 The auditor should not use an internal auditor to provide direct assistance if
a. the internal auditor lacks the necessary objectivity to perform the proposed
work or
b. the internal auditor lacks the necessary competence to perform the proposed
work (AU-C 610.26).
.21 In determining the nature and extent of work that may be assigned to internal
auditors providing direct assistance and the nature, timing, and extent of
direction, supervision, and review that is appropriate in the circumstances, the
auditor should consider
a. the auditor’s evaluation of the existence and significance of threats to the

internal auditors’ objectivity, the effectiveness of the safeguards applied to
reduce or eliminate the threats, and the level of competence of the internal
auditors who will be providing such assistance;
b. the assessed risk of material misstatement; and
c. the amount of judgment involved in
• planning and performing relevant audit procedures and
• evaluating the audit evidence obtained (AU-C 610.27).
.22 Examples of work not appropriate for assigning to internal auditors providing
direct assistance include fraud risk inquiries to management and the
determination of unpredictable audit procedures as addressed in FAM 260
(AU-C 610.A43).
.23 The auditor should evaluate whether, in aggregate, using internal auditors to
provide direct assistance to the extent planned, together with any planned use of
the work of the internal audit function in obtaining audit evidence, would result in
the auditor still being sufficiently involved in the audit, given the auditor’s sole
responsibility for the audit opinion expressed (AU-C 610.29).

.24 In communicating an overview of the planned scope and timing of the audit with
those charged with governance in accordance with AU-C 260, the auditor should
communicate how the auditor plans to use internal auditors to provide direct
assistance (AU-C 610.28). See FAM 215 for general guidance on communicating
with those charged with governance.
.25 Prior to using internal auditors to provide direct assistance, the auditor should
obtain written acknowledgment from management or those charged with
governance, as appropriate, that internal auditors providing direct assistance to
the auditor will be allowed to follow the auditor's instructions, and that the entity
will not intervene in the work the internal auditor performs for the auditor
(AU-C 610.30).
.26 This written acknowledgment may be included within the audit engagement letter
(or other suitable form of written agreement of the terms of engagement) or could
be included in a separate document prepared by the auditor and acknowledged
in writing by management or those charged with governance, as appropriate
(AU-C 610.A45).
Evaluating the Use of Internal Auditors Providing Direct Assistance
.27 The auditor should direct, supervise, and review the work performed by internal
auditors on the engagement in accordance with FAM 215. In so doing,
a. the nature, timing, and extent of direction, supervision, and review should be
responsive to the outcome of the evaluation of the factors in FAM 645.20;
b. the auditor should instruct the internal auditors to bring accounting and
auditing issues identified during the audit to the attention of the auditor; and
c. the review procedures should include the auditor testing some of the work
performed by the internal auditors (AU-C 610.31).
.28 When directing, supervising, and reviewing the work performed by internal
auditors, the auditor should remain alert for indications that the auditor’s
evaluations of internal auditors’ objectivity and competence (FAM 645.19) and of
the auditor’s level of involvement in the audit (FAM 645.23) are no longer
appropriate (AU-C 610.32).
Documentation
.29 If the auditor uses the work of the internal audit function in obtaining audit
evidence, the auditor should include the following in the audit summary
memorandum (AU-C 610.33):
a. the results of the evaluation of
• the function’s organizational status and relevant policies and procedures

to adequately support the objectivity of the internal auditors;
• the level of competence of the function; and

• the function’s application of a systematic and disciplined approach,

including quality control;
b. the nature and extent of the work used (including the period covered by, and
the results of, such work) and the basis for that decision; and
c. the audit procedures performed by the auditor to evaluate the adequacy of

the work used, including the procedures performed by the auditor to
reperform some of the body of work of the internal audit function in obtaining
audit evidence.
.30 If the auditor uses internal auditors to provide direct assistance on the audit, the
auditor should include the following in the audit summary memorandum (AU-C
610.34):
a. the evaluation of the existence and significance of threats to the objectivity of

the internal auditors, as well as any safeguards applied to reduce or eliminate
the threats, and the level of competence of the internal auditors who provided
direct assistance;
b. the basis for the decision regarding the nature and extent of the work
performed by the internal auditors; and
c. the nature and extent of the auditor’s review of the internal auditors’ work
(including the testing, by the auditor, of some of the work that the internal
auditors performed).
The auditor should also include in the audit documentation the working papers
prepared by the internal auditors who provided direct assistance on the audit
engagement (AU-C 610.34).
If the auditor uses the work of the internal audit function in obtaining audit
evidence, internal auditors to provide direct assistance, or both, the auditor
should include in the audit summary memorandum the auditor’s evaluation of
(see FAM 645.11 and .23) whether, either individually or in aggregate as
applicable, using the work of the internal audit function in obtaining audit
evidence and use of internal auditors to provide direct assistance resulted in the
auditor still being sufficiently involved in the audit, given the auditor’s sole
responsibility for the audit opinion expressed (AU-C 610.35).

670 – IG Oversight of Audits Performed by Contracted Independent Public Accounting (IPA)
Firms
670 – IG Oversight of Audits Performed by Contracted

Independent Public Accounting (IPA) Firms
.01 IGs may be in situations where they contract with an IPA firm to perform financial
statement audits, however, the IG still retains oversight responsibility of the IPA
firm. FAM 670 provides guidance to IGs in designing procedures for the oversight
of IPA firms contracted to perform financial statement audits, to assure that the
IPA firms comply with the audit standards established by the Comptroller General
of the United States (GAGAS). This guidance applies to financial statement
audits required by law for federal executive agencies and government
corporations. 14 The purpose of this guidance is to assist IGs in fulfilling the
requirement that such financial statement audits are performed in accordance
with GAGAS, and the requirement of the Inspector General Act of 1978, as
amended, (IG Act) that the IG take appropriate steps to assure that any work
performed for audits of federal establishments, organizations, programs,
activities, and functions by nonfederal auditors complies with GAGAS.
Except in cases where the Comptroller General performs the audit of a federal
entity financial statement, 15 for those entities with IGs, the IGs have the
responsibility to audit their financial statements or to select and participate in the
contracting of IPA firms to perform the audits. If an IG makes the decision to
contract with an IPA firm to perform the audit, the IG is responsible for oversight
and monitoring of the IPA firm to assure compliance with GAGAS. In addition, the
IG generally should communicate written results of its oversight and monitoring
of the IPA to entity management or those charged with governance.
.02 The guidance in this section is not to be used by a group engagement team in its
assessment of the work of a component auditor or specialist (FAM 630),
management’s specialists (FAM 625), a service auditor (FAM 640), or an internal
auditor (FAM 645).
.03 For purposes of the remainder of this section, the use of the terms auditor or IG
refers to the individual or entity overseeing of an IPA firm’s work as described in
FAM 670.01 and not to a group or component auditor.
.04 Auditors should develop comprehensive policies and procedures when providing
oversight of the work of an IPA firm in the following areas, as applicable:
• fulfilling entity contracting requirements for obtaining and monitoring the

services of a contracted IPA firm;
• complying with the requirements of the IG Act, federal financial statement

audit requirements, and related guidance from OMB and Treasury;
1431U.S.C. §§ 3521, 9105. The Chief Financial Officers Act of 1990, as expanded by the Government Management
Reform Act of 1994 and the Accountability for Tax Dollars Act of 2002.
15The Comptroller General may perform an executive agency or government corporation financial statement audit at
his or her discretion, at the request of a committee of Congress, or otherwise as required by law.

Firms
• implementing the guidance in FAM 670 regarding considerations to assure

the IPA firm’s compliance with GAGAS;
• determining the appropriate level of oversight and monitoring of an IPA firm

for an organization’s financial statements audits; and
• appropriate involvement with the group auditor (see FAM 630).
.05 An IG may choose to contract with an IPA firm to audit its entity’s financial
statements. The IG may use a contracting process that is part of its organization,
a procurement function within the entity to be audited, or a third party’s (e.g.,
another government agency) procurement function. However, to fulfill its
statutory responsibility to determine the IPA firm, the IG plays an important role in
contracting for the IPA firm even when legal authority to award the contract rests
with a contracting office of the entity being audited. 16 The IG generally should
• ensure that the contract provides for full and timely access to appropriate IPA
firm individuals and audit documentation for IG review;
• coordinate closely with the contracting office to ensure a timely solicitation

and award for an IPA firm’s contracted services;
• serve as a subject matter expert in developing the contract, task orders if

applicable, and the statement of work;
• ensure that the contract clearly establishes the scope for a financial
statement audit in accordance with GAGAS, other relevant federal
requirements, and any other scope issues specific to the entity (internal
control, FFMIA, etc.);
• chair the technical evaluation panel for the acquisition, assist in selecting the
members in the panel, and make a recommendation for award to the
contracting officer; and
• act as the contracting officer’s representative to assist in the administration of

the contract, monitor technical compliance, and assist the contracting officer
to ensure contractor compliance with the terms and conditions of the contract.
.06 When providing oversight of an audit performed by an IPA firm, the auditor’s
considerations should include
• evaluating the IPA firm’s independence, objectivity, and competence (FAM

670.08);
1631 U.S.C. §§ 3521, 9105. Under the CFO Act, if the executive entity has an IG, but neither the entity’s IG nor the
Comptroller General is performing the audit of the entity’s financial statements, then the entity’s IG is required to
determine the independent external auditor (e.g., IPA firm) that will perform the work.

Firms
• determining the type of written communication that the auditor will issue,
general level of oversight to perform, and scope of review of the IPA firm’s
audit documentation (FAM 670.09 through .11 and FAM 670 A); and
• communicating the written results of the auditor’s oversight of the IPA firm’s
audit to management, those charged with governance, and other interested
parties (FAM 670.21 through .22).
.07 The auditor and IPA firm generally should coordinate throughout the audit to
ensure that statutory, regulatory, contractual, and policy requirements related to
the financial statement audit are met. The IPA firm should also provide the
auditor full and timely access to appropriate engagement team members and
audit documentation for review (GAGAS (2018) 6.35). This may occur on an
ongoing basis during the audit, although supervisory review within the IPA firm
may not have been fully completed.
The Independence, Objectivity, and Competence of the IPA Firm

.08 The auditor should evaluate whether the IPA firm is independent and objective
with respect to the audited entity. The auditor should also evaluate the IPA firm’s
competence and capabilities to perform the audit. See FAM 615 for additional
guidance.
Planning the Review of the IPA Firm’s Audit Work

.09 The auditor should determine the type of written communication the auditor will
issue, and then develop a strategy and plan for overseeing the IPA firm’s work.
The strategy should be driven by a risk-based approach, which depends on the
type of communication the auditor plans on issuing. In this strategy, the auditor
should document the planned level of review as moderate or low.
Table 670.1 presents an overview of the suggested level of review the auditor
generally should perform for the two types of communication. The extent of
review in each category depends on the auditor’s professional judgment. See
FAM 670.21 through .22 for discussion on the types of communications.
Table 670.1: Overview of Review Performed for Each Type of

Communication
Suggested level of review

Type of communication (FAM 670.10 through .11)
Communication expresses no assurance Low

(FAM 670.22a)
Communication expresses negative assurance Moderate

on compliance with GAGAS (FAM 670.22b)
The auditor generally should also consider the extent to which the IPA firm has
completed its work when developing timing of procedures to perform. Prior to

Firms
review by the auditor, the IPA firm should have performed at least one level of
supervisory review for all audit work, with more material or sensitive areas having
multiple levels of internal review.
.10 The auditor should reevaluate the audit strategy and plan as the work
progresses. The auditor should base determination of the level of review on
professional judgment, considering the following factors:
a. The type of communication the auditor will issue. More review will be
necessary when the auditor issues a transmittal letter expressing negative
assurance on the IPA firm’s compliance with GAGAS than when no
assurance is provided by the auditor (FAM 670.09 and .21 through .22).
b. The IPA firm’s independence and objectivity (both for the audit
organization and its engagement team). The level of review increases as
threats to independence and objectivity increase.
c. The IPA firm’s qualifications to perform the work (both for the audit
organization and its engagement team). The level of review increases as
the IPA firm’s qualifications decrease.
d. The auditor’s prior experience with the IPA firm (both for its audit
organization and its engagement team). The level of review tends to
decrease as the auditor’s confidence increases from working with the IPA
firm.
e. The significance of line items, accounts, assertions, accounting

applications, cycles, and financial management systems. The level of
review for these items increases as they become more significant or material.
f. The risk of material misstatement, including the risk of fraud, for the
significant line items, accounts, assertions, accounting applications,
cycles, and financial management systems. The level of review increases
as the risk of material misstatement increases.
.11 The extent of the auditor’s review of the IPA firm’s audit documentation is a
matter of professional judgment and depends on the level of review based on the
factors discussed in FAM 670.10.
a. For a low level of review, the auditor may limit the review of documentation
to key summary planning and completion documentation. This includes the
audit strategy and audit program (or equivalent documents), the audit
completion checklist at FAM 1003 (or equivalent documentation), and the
audit summary memorandum.
b. For a moderate level of review, the auditor generally should review more of
the IPA firm’s documentation, especially documents evidencing important
decisions. For financial statement audits, this includes the LIRA form (or
equivalent documentation) for significant accounts; the SCE worksheet (or
equivalent documentation) for significant accounting applications; the
documentation for accounts, estimates, and judgments with high risk of

Firms
material misstatement; the analytical procedures; and the summary of
uncorrected misstatements (see FAM 595 C).
FAM 670 A illustrates the procedures that the auditor generally should perform
for each level of review at the entity level and for each significant assertion, line
item, account, or accounting application, as well as what audit documentation the
auditor should retain.
Staffing the Review of the IPA Firm’s Audit Work

.12 The auditor’s staff reviewing the audit work generally should have enough
experience in financial statement auditing to understand the professional
judgments that need to be made and to interact with the higher levels of the IPA
firm. An assistant director or a senior manager who has significant experience in
performing or reviewing financial statement audit work should supervise or
perform most of the review. Less qualified staff members may perform reviews
when supervised by more qualified auditors.
.13 When the IPA firm’s work involves the review of IS controls, the auditor should
ensure that the auditor’s staff has the requisite IS knowledge to review the firm’s
work to determine whether IS controls were adequate, audit work was properly
documented, and related audit objectives were achieved.
Evaluating the Audit Work of the IPA Firm

.14 The auditor should determine whether the work is sufficient and appropriate and
whether the IPA firm’s levels of internal review for the audit work were
appropriate. In addition, the auditor should determine whether any significant
issues related to the audit were identified or whether substantial deviations from
GAGAS, if applicable, were identified but not documented and explained in the
audit. The auditor should document this evaluation.
.15 Sometimes, IPA firms use methodologies or audit approaches that are different
from those the auditor would have used. Auditing requires a great deal of
professional judgment, and there are often alternative ways to achieve audit
objectives. Many IPA firms have developed, at considerable expense, proprietary
audit methodologies to use on a wide range of public and private sector clients.
Many of these audit methodologies use electronic technology where all audit
documentation exists only in electronic form. Thus, the auditor should understand
the IPA firm’s audit methodology and basis for the nature, timing, and extent of
audit procedures. This may require obtaining permission to use proprietary
software to review the audit documentation. Additionally, where the IPA firm’s
software is retained, the auditor should develop a process to maintain the
operability of the software to access the audit documentation in the future. If the
IPA firm’s methodology differs from the FAM, the IPA firm should discuss the
matter and obtain the IG’s advance approval for alternative audit methodologies,
in accordance with the terms of the contract.

Firms
The auditor should evaluate whether sufficient appropriate evidence has been
obtained to meet the audit objectives, 17 particularly for significant assertions in
line items with a high risk of material misstatement. If the auditor has concerns
about whether the IPA firm’s work provides sufficient appropriate evidence, the
auditor generally should discuss the matter with the audit director and the
reviewer before formally discussing the issue with the IPA firm. Sometimes, the
auditor may disagree with the IPA firm’s conclusions or judgments. In such a
case, the auditor should evaluate the IPA firm’s work as well as any other
evidence or testing necessary to determine the appropriate conclusion.
.16 If the auditor determines that sufficient appropriate evidence has not been
obtained, the auditor should discuss this with the engagement and second-level
review partners and with appropriate contacts of a group auditor. For unresolved
matters that are material to the financial statements or significantly affect the
auditor’s report, the IG should discuss these with management and consider how
to communicate to those charged with governance the IG’s concern about
compliance with GAGAS. At a minimum, the auditor should include in the
oversight files a description of the matter giving rise to the IG’s concern about the
audit evidence and its potential impact on the auditor’s transmittal.
Documenting the Review of the IPA Firm’s Audit Work

.17 There is a difference between the auditor’s responsibilities to review the
documentation of the IPA firm and what the auditor may copy and retain from
that documentation. The auditor generally should review the items listed in FAM
670 A, Table 1.
.18 The auditor uses professional judgment in deciding which of the IPA firm’s
documents to copy and retain. Based on the type of transmittal or the level of
review, the auditor’s documentation generally should contain the items listed in
FAM 670 A, Table 2, under “retain,” either electronically or in hard copy. Many
IPA firms use electronic technology to retain documentation for the entire audit.
The auditor may cite this documentation as part of the review and print any
documents as necessary.
.19 The auditor may retain other documentation reviewed if it might be useful in
understanding the entity, training staff members, planning future audits,
reviewing the documentation, or writing the transmittal letter. Documentation in
this category may include the items listed in FAM 670 A, Table 2, under
“optional.” Auditors often find it helpful to keep copies of documents (either
electronically or in hard copy) in case questions arise during review. However,
the auditor may decide not to include those copies in the oversight
documentation unless they are considered necessary to document the auditor
review of the IPA work performed.
17Sufficiency is the measure of the quantity of evidence. Appropriateness is the measure of the quality of audit
evidence, that is, its relevance and reliability in providing support for the conclusions on which the auditor’s opinion is
based. See AU-C 500.06.

Firms
.20 The auditor should retain oversight documents in accordance with legal
requirements, but not less than 5 years from the report release date, similar to
the audit documentation retention requirements of the audit standards
(AU-C 230.17). In documenting the review, the auditor may indicate the
document number or index number that IPA firm used to locate the document at
a later date.
Ownership and confidentiality of audit documentation are determined by contract

and other legal requirements (see AU-C 230.A29). The auditor should consult
legal counsel when determining ownership of audit documentation if questions
arise.
Communicating the Results of the Audit Performed by the IPA Firm

.21 For an auditor providing oversight of an IPA firm’s work, applying the guidance in
FAM 670 or the oversight requirements of the IG Act and related guidance from
Council of Inspectors General on Integrity and Efficiency applicable to IGs are
not intended to and do not create an association for the auditor with the financial
statements (see AU-C 200.03).
The auditor must ensure that any communication with those charged with
governance, management, or other interested parties about the results of the IPA
firm’s audit, or the auditor’s oversight of the audit, does not create the
appearance of the auditor having applied procedures sufficient to permit the
auditor to (1) express an opinion on the financial statements or (2) draw
conclusions on the effectiveness of internal control over financial reporting;
financial management systems’ substantial compliance with the three FFMIA
requirements; compliance with significant provisions of applicable laws,
regulations, contracts, and grant agreements; 18 or other matters. Consequently,
communication about audit and oversight results must contain a disclaimer of an
opinion and should not express concurrence with the IPA firm’s opinion or other
conclusions. These communications generally should be made in writing.
.22 While the auditors do not have an association with the financial statements, it is
appropriate for them to transmit the IPA firm’s report to the entity or other
interested parties summarizing the results, providing appropriate context and
disclaimers, and describing the auditor’s oversight procedures and results. The
considerations the auditor should address when deciding the type of written
communication include
• the level of oversight conducted,
• resource requirements and cost-benefit considerations,
• the timing of oversight procedures, and
• legal requirements.
18Inthe FAM, “applicable laws, regulations, contracts, and grant agreements” refers to those laws, regulations,
contracts, and grant agreements that are applicable to the audited entity.

Firms
The auditor generally should decide the type of written communication when
planning the engagement. Auditor decisions about the type and when it may
communicate the results of auditor oversight of the IPA firm’s work to
management and those charged with governance generally should be discussed
with the IPA firm during the planning stages of the audit. The auditor exercises
professional judgment in making these decisions and should document the basis
for the decisions. The type of communication will depend on legal requirements,
as applicable, and the auditor’s level of review (see FAM 670.09 through .11).
The auditor generally should issue communication in writing. There are two
possible types of transmittal letters based on the auditor’s oversight of the IPA
firm’s work: one expressing no assurance and one expressing negative
assurance related to the IPA firm’s compliance with GAGAS. Because the auditor
did not perform the audit, the auditor should disclaim an opinion and should not
express its concurrence with the IPA firm’s opinion or other conclusions. The
auditor may also expand the letter to highlight audit findings or information or to
describe oversight procedures that the auditor performed. See examples in FAM
670 B for wording for the two types of transmittal letters.
a. Express no assurance. For this communication, the auditor issues a

transmittal without reviewing the IPA firm’s audit documentation. In these
situations, the transmittal should be clear as to the limitations of the work of
the auditor. 19
b. Express negative assurance on compliance with GAGAS. This

communication indicates that the auditor reviewed the IPA firm’s report and
related audit documentation, inquired of its representatives, and found no
instances where the IPA firm did not comply, in all material respects, with
GAGAS.
19Ifthe IG contracts with an IPA firm, the contracting process generally will require the auditor to evaluate the IPA
firm’s independence, objectivity, and qualifications and to monitor its performance under the contract.

670 A – Summary of Procedures and Documentation for Oversight of Audits Performed by
Contracted IPA Firms
670 A – Summary of Procedures and Documentation for

Oversight of Audits Performed by Contracted IPA Firms
.01 Table 1 presents a summary of procedures that the auditor generally should
perform at the entity level and for significant assertions, line items, accounts, or
accounting applications when providing oversight of an audit performed by an
IPA firm. As discussed in FAM 670.09, the two levels of review are moderate or
low, as determined by the auditor’s professional judgment.
Table 2 presents a summary of documentation that the auditor generally should

retain from the auditor’s review of the IPA firm’s work. However, the summary
does not include work to be done by the auditor to determine the IPA firm’s
independence, objectivity, and competence (see FAM 670.08 for a discussion of
that work). Where the IPA firm uses equivalent documents, the auditor should
review those documents.
In both tables, procedures to be performed and documents to be retained at the

low or moderate levels of review are as indicated. For the moderate level, all
procedures and documents at the lower level of review should also be performed
and retained.
Table 1: Summary of Procedures for Providing Oversight of Audits Performed by

PROCEDURES
For significant assertions, line items,

At entity level accounts, or accounting applications
1. Communicate with the independent public 1. Review the following:

accounting (IPA) firm
• audit program (low)
• as to the objectives of the work (low) • conclusions about significant
• through discussions of their procedures issues and their resolution (often in
and results (low) audit summary) (low)
• by attending key entrance and exit • formal written communications on
meetings (moderate) findings (e.g., Notifications of
Findings and Recommendations)
2. Review the following:
(low)
• audit strategy (low) • line item risk analyses (LIRA)
• scope of work (low) (moderate)
• audit summary memorandum (low) • specific control evaluations (SCE)
• summary of uncorrected misstatements (moderate)
(low) • cycle memorandum (moderate)
• analytical procedures (low) • flowcharts (moderate)
• completion checklist (low) • determination of tolerable
• determination of materiality and misstatement (moderate)
performance materiality (low) • sampling plan (moderate)
• representation letters (low) • IPA firm’s documentation
• information systems background evidencing significant IPA firm
(moderate) judgments and conclusions
• general and application controls (moderate)
documentation (moderate) • IPA firm’s documentation of review
of high-risk accounts and
3. Read the following:
management’s estimates and
• financial statements and notes (low) judgments (moderate)
• required supplementary information, • analytical procedures (moderate)
including management’s discussion • evaluation of sample results
and analysis (low) (moderate)
• other information (low)
• the IPA firm’s audit reports (low)
• management’s response (low)
Table 2: Summary of Documentation for Providing Oversight of Audits Performed by

DOCUMENTATION
Required Optional
1. Auditor-prepared: 1. IPA-firm prepared:

• oversight plan (low) • entity profile
• results of review of documentation (low) • audit program
• memorandum documenting entrance • representation letters
and exit conference (moderate) • line item risk analyses (LIRAs)
2. Independent public accounting (IPA) firm • specific control evaluations (SCEs)
prepared: • sampling plans
• trial balance
At entity level: • lead schedules
• evaluation of sample results
• IPA firm’s reports, along with the entity’s
financial statements and notes, required
supplementary information (including
management’s discussion and
analysis), and other information (low)
• management letter, if prepared (low)
• IPA firm’s uncorrected known and likely
misstatements, consideration of risk of
further misstatements, and comparison
with materiality (low)
• audit completion checklist (low)
• IPA firm’s audit summary memorandum
(low)
At significant assertion, line item, account,
or accounting application level:
• IPA firm’s conclusions about significant
issues and their resolution (often in
audit summary) (low)
• IPA firm’s documentation evidencing
significant IPA firm judgments and
conclusions (moderate)
670 B – Example Transmittal Letter When Providing Oversight of Audits Performed by
670 B – Example Transmittal Letter When Providing

Oversight of Audits Performed by Contracted IPA Firms
As discussed in FAM 670.22, there are two types of transmittal letters based on the auditor’s
oversight of the IPA firm’s work: one expressing no assurance and one expressing negative
assurance specifically related to the IPA firm’s compliance with GAGAS. The example presents
a transmittal letter in which an IG contracts with an IPA firm to perform an audit of financial
statements and either expresses no assurance or expresses negative assurance specifically
related to the IPA firm’s compliance with GAGAS.
Updated May 2023 GAO/CIGIE Financial Audit Manual Page 670 B-1
Example: Transmittal Letter for IGs Who Contract with an IPA Firm and Expresses No
Assurance or Negative Assurance Related to the Firm’s Compliance with GAGAS
To [appropriate addressee]
We contracted with the independent public accounting firm of [IPA firm] to audit the financial
statements of [entity] as of and for the fiscal years ended [September 30, 20XX, and 20XX], to
provide an opinion [or a report] on internal control over financial reporting, report on
compliance with laws and other matters, and provide an opinion on whether [entity’s] financial
management systems complied substantially 20 with the requirements of the Federal Financial
Management Improvement Act of 1996 (FFMIA). 21 The contract required that the audit be
performed in accordance with U.S. generally accepted government auditing standards, Office of
Management and Budget audit guidance, and the GAO/CIGIE Financial Audit Manual [if
required by the contract].
In its audit of [entity], [IPA firm] reported
• the financial statements are presented fairly, in all material respects, in accordance with
U.S. generally accepted accounting principles;
• [entity] maintained, in all material respects, effective 22 internal control over financial
reporting;
• [entity’s] financial management systems complied substantially 23 with the requirements

of FFMIA; and
• no reportable noncompliance with provisions of laws tested or other matters.
[IPA firm] also described the following significant matters (if any):
• [Discuss any significant matters].
[For transmittal letters expressing no assurance, use the following paragraph:]
[IPA firm] is responsible for the attached auditor’s report dated [date] and the conclusions
expressed therein. We do not express opinions on [entity’s] financial statements or internal
control over financial reporting, or on whether [entity’s] financial management systems
20If the IPA firm did not provide an opinion (i.e., did not give positive assurance) on whether the entity’s systems
complied substantially with the three FFMIA requirements, change this to “to report on whether [entity’s] financial
management systems did not comply substantially” (negative assurance).
21For non-Chief Financial Officers Act of 1990 agencies, delete references to FFMIA in this paragraph and in the
bullet below.
22If the IPA firm did not provide an opinion on internal control over financial reporting, change this to “no material
weaknesses in internal control over financial reporting” (and include a definition of material weakness in a footnote).
23If the IPA firm did not provide an opinion (i.e., did not give positive assurance) on whether the entity’s systems
complied substantially with the three FFMIA requirements, change this to “no instances in which [entity’s] financial
management systems did not comply substantially” (negative assurance).
complied substantially with the three requirements of FFMIA, or conclusions on compliance and
other matters.
[For transmittal letters expressing negative assurance specifically related to the IPA
firm’s compliance with GAGAS, use the following paragraph:]
In connection with the contract, we reviewed [IPA firm’s] report and related documentation and
inquired of its representatives. Our review, as differentiated from an audit of the financial
statements in accordance with U.S. generally accepted government auditing standards, was not
intended to enable us to express, and we do not express, opinions on [entity’s] financial
statements or internal control over financial reporting, 24 or conclusions on whether [entity’s]
financial management systems complied substantially with the three FFMIA requirements, 25 or
on compliance with laws and other matters. [IPA firm] is responsible for the attached auditor’s
report dated [date] and the conclusions expressed therein. However, our review disclosed no
instances where [IPA firm] did not comply, in all material respects, with U.S. generally accepted
government auditing standards. 26
24If the IPA firm did not provide an opinion on internal control over financial reporting, change this to “conclusions
about the effectiveness of internal control over financial reporting.”

25If the IPA firm did not provide an opinion on FFMIA, change “opinion” to “conclusions.”
26If
the auditor found that the IPA firm did not comply with GAGAS, or if the auditor disagrees with the IPA firm’s
conclusions, see FAM 670.16.
SECTION 700
FFMIA Guidance and Agreed-Upon

Procedures Guidance
FFMIA Guidance and Agreed-Upon Procedures Guidance
700 – Contents of FFMIA Guidance and Agreed-Upon Procedures Guidance
Contents - FFMIA Guidance and Agreed-Upon Procedures

Guidance
FAM
Determining Financial Management Systems’ Compliance with the 701
Example Audit Procedures for Testing Systems for Compliance with 701 A
FFMIA
Summary Schedule of Instances of Financial Management Systems 701 B
Agreed-Upon Procedures 710
Example Agreed-Upon Procedures Engagement Letter 710 A
Example Representation Letter from Engaging Party on Agreed-Upon 710 B
Procedures Engagement
Example Representation Letter from Responsible Party on Agreed- 710 C
Upon Procedures Engagement
Example Agreed-Upon Procedures Report Where the Engaging Party 710 D
Is Not the Responsible Party
Agreed-Upon Procedures Engagement Completion Checklist 710 E

701 – Determining Financial Management Systems’ Compliance with FFMIA
701 – Determining Financial Management Systems’

Compliance with the Federal Financial Management
Improvement Act of 1996 (FFMIA)
.01 FFMIA 1 was designed to improve financial management systems. These
improvements would lead to Chief Financial Officers Act of 1990 (CFO Act)
agency managers routinely having access to timely, reliable, and useful
information with which to make informed decisions and to provide accountability.
FFMIA section 803(a) requires the 24 CFO Act agencies to implement and
maintain financial management systems that comply substantially with
a. federal financial management systems requirements,
b. applicable federal accounting standards, and
c. the U.S. Standard General Ledger (USSGL) at the transaction level.
.02 The law also requires the auditor to state in the CFO Act financial statement audit
report whether the agency’s financial management systems comply substantially
with these three FFMIA requirements. This section provides guidance to help the
auditor examine agency financial management systems’ compliance with
FFMIA. 2 It provides definitions, explains the FFMIA requirements, and discusses
related guidance as well as audit issues related to testing for substantial
compliance with the three requirements. An example audit program is included in
FAM 701 A.
FFMIA Definitions
.03 For purposes of FFMIA, see the following definitions:
a. Financial management systems include the financial systems and the

financial portion of mixed systems necessary to support financial
management, including automated and manual processes, procedures,
controls, data, hardware, software, and support personnel dedicated to
operating and maintaining system functions.
1The FAM and Office of Management and Budget (OMB) Circular No. A-123, Management’s Responsibility for
Enterprise Risk Management and Internal Control, address FFMIA as part of internal control. App. D of OMB Circular
No. A-123 provides information on the requirements of FFMIA and can be found at
https://www.whitehouse.gov/omb/information-for-agencies/circulars/ (accessed on May 1, 2023).
2OMB’s bulletin entitled “Audit Requirements for Federal Financial Statements” (i.e., OMB audit guidance) provides
additional information regarding FFMIA audit requirements and can be found at
https://www.whitehouse.gov/omb/information-for-agencies/bulletins/ (accessed on May 1, 2023).

b. The term financial system includes an information system, 3 comprising one or
more software programs (commonly referred to as applications), that is used
for
• collecting, processing, maintaining, transmitting, or reporting data about

financial events;
• supporting financial planning or budgeting activities;
• accumulating and reporting costs information; or
• supporting the preparation of financial statements.
c. A mixed system is an information system that supports both financial and

nonfinancial functions of the federal government or its components. 4
FFMIA Requirements
.04 The first requirement is addressing federal financial management systems

requirements. The Department of the Treasury develops and maintains, in
coordination with the Office of Management and Budget (OMB) and federal
agencies, the federal financial management systems requirements. 5 Treasury
publishes the Federal Financial Management System Requirements in its
Treasury Financial Manual (TFM), volume I, part 6, chapter 9500. 6 The financial
management systems requirements apply to financial systems as well as
administrative systems and programmatic systems that support financial
management business outcomes (i.e., mixed systems).
.05 The second requirement is the financial management systems’ use of applicable
federal accounting standards, promulgated by the Federal Accounting Standards
Advisory Board (FASAB). FASAB promulgates federal accounting standards
after considering the financial and budgetary information needs of the Congress,
executive agencies, and other users of federal financial information as well as
comments from the public. 7 FAM 560 describes the relationship of the FASAB
3Thefinancial system consists of six functional areas: general ledger management, funds management, payment
management, receivable management, cost management, and reporting.
4Mixed systems include payment and invoice systems, procurement systems, receivable systems, loan systems,
grants systems, payroll systems, budget formulation systems, billing systems, property management systems, travel
systems, or other mission operational systems that provide financial information to a financial system.
5The initial set of federal financial management systems requirements were a series of publications issued by the
Joint Financial Management Improvement Program. This initial set of requirements was rescinded in 2010 when
OMB assigned Treasury the responsibility of developing the revised set of financial management systems
requirements.
6The Federal Financial Management System Requirements can be found at
http://tfm.fiscal.treasury.gov/v1/p6/c950.html (accessed on May 1, 2023).
7FASAB standards can be found at https://fasab.gov/ (accessed on May 1, 2023).

standards to the hierarchy of U.S. generally accepted accounting principles (U.S.
GAAP).
.06 The third requirement is implementing the USSGL at the transaction level. The
USSGL provides a uniform chart of accounts and guidance for standardizing
federal agency accounting and supports the preparation of standard external
reports required by OMB and Treasury. The USSGL is defined in the latest
supplement, which is released annually in Treasury’s TFM. 8 The supplement is
composed of the following major sections:
• chart of accounts,
• accounts and definitions,
• account transactions,
• account attributes for USSGL proprietary account and budgetary account

reporting,
• crosswalks to standard external reports and reclassified statements, and
• validations and edits for fiscal reporting.
Auditor’s FFMIA Reporting Requirements
.07 For CFO Act agencies, which are subject to FFMIA, the auditor reports on
whether the agency’s financial management systems comply substantially with
the three FFMIA requirements. 9 The auditor who reports that agency financial
management systems do not comply substantially with FFMIA requirements shall
include the following in the report:
a. The entity or organization responsible for the financial management systems

that have been found not to be substantially compliant and all pertinent facts
relating to the noncompliance, including
• the nature and extent of the noncompliance, including areas in which

there is substantial but not full compliance;
• the primary reason or cause of the noncompliance;
• the entity or organization responsible for the noncompliance; and
• any relevant comments from any responsible officer or employee.
8The USSGL can be found at https://tfm.fiscal.treasury.gov/v1/supplements/ussgl (accessed on May 1, 2023).

9FFMIA also requires CFO Act agencies to determine whether their financial management systems comply
substantially with the FFMIA requirements.

b. A statement with respect to the recommended remedial actions and the time
frames for implementing these actions.
OMB Guidance
.08 OMB Circular No. A-123, appendix D, Management of Financial Management

Systems – Risk and Compliance, provides the FFMIA Compliance Determination
Framework that CFO Act agencies should use (and the auditor may use) in
determining whether the agency’s financial management systems comply
substantially with FFMIA requirements. Appendix D provides the following
guidance to assist in determining substantial compliance with each of the three
FFMIA system requirements:
a. Federal financial management systems requirements.
• Consistently, completely, and accurately record and account for federal

funds, assets, liabilities, revenues, expenditures, and costs.
• Provide timely and reliable federal financial management information of

appropriate form and content (1) to agency program managers for
managing current government programs and activities; (2) for continuing
use by stakeholders external to the agency, including the President, the
Congress, and the public; and (3) that can be linked to strategic goals and
performance information.
• Provide internal control to restrict federal obligations and outlays to those

authorized by law and within the amount available.
• Perform federal financial management operations effectively within

resources available.
• Minimize (1) waste, loss, unauthorized use, or misappropriation of federal

funds, property, and other assets within resources available and (2)
federal financial management systems security risks to an acceptable
level.
b. Federal accounting standards. Agency financial management systems will

maintain accounting data to permit reporting in accordance with U.S. GAAP.
c. USSGL at the transaction level. Agencies shall apply the requirements of

USSGL guidance in the TFM when recording financial events. Application of
the USSGL at the transaction level means that each time an agency records
an approved transaction in its financial system, the system will generate
appropriate general ledger accounts for posting the transaction according to
the rules defined in USSGL guidance. An agency may record individual
transactions in its financial system in detail or in summary as long as each
transaction is traceable to the transaction source.
According to appendix D, agencies that use shared service providers are
encouraged to use the service organization report as part of their assessment of
FFMIA compliance, provided the report is of appropriate time period, coverage,

and scope. 10 The service organization report is an important tool for agency
management and auditors as they evaluate the effect of the controls at the
service organization on the agency’s internal control over financial reporting. See
FAM 640 for further guidance related to service organizations.
.09 OMB audit guidance provides auditors the following guidance relevant to FFMIA.
a. A CFO Act agency’s components, including government corporations, are

subject to FFMIA. However, an auditor of separately issued component
reports is not required to separately report on whether a component’s
financial management systems comply substantially with the FFMIA
requirements.
b. Service organizations whose internal control over financial reporting have

been suitably designed and implemented and are relevant to an audit must
either provide their user organizations with a service organization report (type
2 report) or allow user auditors to perform appropriate tests of controls at the
service organization. 11
c. If an agency’s financial management systems do not comply substantially

with one or more of the three FFMIA requirements, the auditor’s mandatory
report on compliance (or an accompanying schedule that is referenced in the
compliance report) should disclose with which of the three requirements the
agency’s systems did not comply substantially, group findings together based
on the requirement to which they relate, and comply with the applicable
FFMIA reporting requirements (see FAM 580.86–.90). 12
Audit Approach
.10 To meet FFMIA’s reporting requirements, the auditor should plan and perform
audit work in sufficient detail to enable the auditor to determine the degree to
which agency financial management systems comply with the three requirements
and whether that degree of compliance is substantial. FFMIA does not require
systems to be in full compliance with each requirement, but rather in substantial
compliance. If systems are not in substantial compliance, the auditor must report
on all facts pertaining to the lack of substantial compliance for each applicable
requirement. See FAM 580.86 through .90 for reporting guidance related to
FFMIA.
.11 The auditor should design and implement appropriate testing to apply the criteria
in FFMIA. For example, in performing financial statement audits, the auditor
10Appendix D indicates that agencies using service providers may also use ongoing monitoring or separate
evaluations in determining FFMIA compliance.

11According to the AICPA’s Reporting on an Examination of Controls at a Service Organization Relevant to User
Entities’ Internal Control Over Financial Reporting (AT-C 320), a type 2 report provides management’s description of
a service organization’s system and a service auditor’s report on that description and on the suitability of the design
and operating effectiveness of controls.
12OMB audit guidance states that if an audit disclosed no instances in which a reporting entity’s systems did not
comply substantially with all three requirements, a single statement to this effect is sufficient.

generally should evaluate the capability of the financial management systems to
process and summarize financial information that flows into agency financial
statements. Under FFMIA, the auditor must assess and report on whether an
agency’s financial management systems comply substantially with the three
requirements. For purposes of FFMIA, financial management systems include
systems that produce the information management uses day-to-day, not just
systems that produce financial statements. Thus, to report on compliance with
FFMIA, the auditor should understand the design of and test, as needed, the
financial management systems (including the financial portion of any mixed
systems) used for managing financial operations, supporting financial planning,
management reporting, budgeting activities, and systems accumulating and
reporting cost information. In determining systems compliance with FFMIA, the
auditor should
• obtain an understanding of management’s process for determining whether

the systems comply substantially with FFMIA requirements and
• report any deficiencies in management’s process (for example, management

has not compared its systems with systems requirements).
As part of obtaining this understanding, the auditor should read any

management-developed documentation for (1) FFMIA compliance as described
in appendix D of OMB Circular No. A-123, such as the FFMIA Compliance
Determination Framework, and (2) management’s assertion about systems’
conformance with federal financial management systems requirements in its
Federal Managers’ Financial Integrity Act of 1982 (FMFIA) section 4 report. 13 The
auditor may also use the goals and compliance indicators found in the FFMIA
Compliance Determination Framework to help determine FFMIA compliance.
.12 Because of the overlapping scope and nature of FFMIA assessments and
financial statements audits, the auditor may use the work performed as part of
the financial statement audit in determining whether systems comply
substantially with FFMIA. Many control and substantive tests performed in a
financial statement audit may also provide evidence regarding compliance with
FFMIA and generally should be performed concurrently (multipurpose testing). In
the example audit program at FAM 701 A for testing systems for compliance with
FFMIA, several procedures indicate that the auditor may have performed the
procedures as part of the financial statement audit. Other procedures needed to
assess FFMIA compliance may require additional work not normally performed in
financial statement audits.
.13 The auditor may use management’s documentation as the basis for tests of
compliance with FFMIA. If, for example, management provides the auditor with a
checklist detailing the functions that the systems are able to perform, the auditor
generally should select some significant functions from the checklist and
determine whether the systems actually perform them. The auditor may do this
based on knowledge the auditor has acquired from gaining an understanding of
the systems and controls through walk-throughs, as well as by performing
13Thisrefers to the FMFIA report on conformance with federal financial management systems requirements. See 31
U.S.C. § 3512(d)(2). See FAM 580.85 for guidance on reporting on management’s FMFIA report.

additional procedures that involve observation, inquiry, inspection, or a
combination of these.
If management has not provided the documentation, the auditor may test the
systems directly. If management is unable to provide any documentation, the
auditor should ask for the reasons why and how management has determined
whether the agency’s systems are in substantial compliance. Lack of
documentation often indicates that the systems do not comply substantially with
the FFMIA requirements.
.14 The Federal Information Security Modernization Act of 2014 (FISMA) requires
federal agencies to periodically test, evaluate, and report on the effectiveness of
their information security policies, procedures, and practices. Agencies are also
required to have their information security programs evaluated each year by their
inspector general or by an independent external auditor. An external auditor may
be engaged by an inspector general or, if the agency does not have an inspector
general, by the agency. In a financial statement audit, the auditor assesses the
implications of any threats, incidents, and vulnerabilities identified in the most
recent FISMA report on the risks of material misstatement. The auditor should
consider the impact of any deficiencies identified in the FISMA report on systems’
compliance with FFMIA. For considerations related to FISMA, see FAM 260.78
through .80 and FAM 580.62.
.15 As discussed in FAM 350.25 and .26, the auditor may limit the scope of work
performed to support the FFMIA assessment with respect to those requirements
for which there is sufficient evidence that the agency’s financial management
systems do not comply substantially with FFMIA (e.g., continuation of previously
reported lack of substantial compliance with FFMIA). However, the auditor may
determine that additional evidence is needed to convince management of the
systems’ lack of substantial compliance.
.16 FAM 701 A provides an example audit program for testing systems compliance
with FFMIA. Because of the broad scope of federal operations and the many
variations that can flow from such a broad scope, the auditor may tailor the
example audit procedures to satisfy the objectives or intent of each step. The
auditor may use other work that addresses the objectives of the example audit
procedures.

701 A – Example Audit Procedures for Testing Systems for Compliance with FFMIA
701 A – Example Audit Procedures for Testing Systems for

Compliance with FFMIA
Agency _____________________________________________________________________
Date of review ________________________________________________________________
Job code ____________________________________________________________________
Objective: The Federal Financial Management Improvement Act of 1996 (FFMIA) requires the
24 agencies covered by the Chief Financial Officers Act of 1990 (CFO Act) to implement and
maintain financial management systems that comply substantially with (1) federal financial
management systems requirements, (2) applicable federal accounting standards, and (3) the
U.S. Standard General Ledger at the transaction level. The objective of these audit procedures
is to assess whether CFO Act agencies’ financial management systems comply substantially
with FFMIA requirements.
Initials/
Procedure date Doc. ref.
I. Planning (may be combined with the work to plan the

financial statement audit)
A. To understand the requirements, read the following:
• Federal Financial Management Improvement Act of 1996

(FFMIA), Pub. L. No. 104-208.
• Office of Management and Budget (OMB) Bulletin No.
22-01, Audit Requirements for Federal Financial
Statements. 14
• OMB Circular No. A-136, Financial Reporting
Requirements.
• OMB Circular No. A-123, appendix D, Management of
Financial Management Systems – Risk and Compliance.
• Treasury Financial Manual (TFM), volume I, part 6,
chapter 9500, Federal Financial Management System
Requirements.
• Federal Accounting Standards Advisory Board
standards.
• TFM, volume I, U.S. Standard General Ledger (USSGL).
• OMB Circular No. A-130, Managing Information as a
Strategic Resource.
• Federal Information Security Modernization Act of 2014
(FISMA), Pub. L. No. 113-283.
14The audit bulletin is updated periodically, and the current version can be found on the OMB website at
https://www.whitehouse.gov/omb/information-for-agencies/bulletins/ (accessed on May 1, 2023).
Initials/
B. Read the prior year’s audit documentation and audit report to

identify (1) the auditors’ FFMIA determinations,
(2) reported instances of noncompliance with FFMIA, and (3)
material weaknesses and significant deficiencies related to
the agency’s financial management systems.
1. Prepare a schedule of the previously identified

deficiencies for follow-up (include reviewing
management’s corrective action). See FAM 701 B for an
example of the schedule.
C. Read the most recent FMFIA, FISMA, 15 inspector general,

auditor, and GAO reports and internal control documentation
from the financial statement audit or other reports related to
financial management systems, such as financial systems,
payment and invoice systems, procurement systems,
receivable systems, loan systems, grants systems, payroll
systems, budget formulation systems, billing systems,
property management systems, and travel systems.
1. Evaluate the effect of any reported weaknesses on the

FFMIA assessment.
2. Obtain an update on the status of the issues (include

reviewing management’s corrective action) and
document problems identified in the schedule in FAM
701 B.
D. If an agency’s financial management system includes the

use of a shared service organization, obtain and read the
service organization type 2 report for each service provider
to identify any reported weaknesses that affect FFMIA
compliance.
1. If weaknesses are reported, determine whether the

agency has implemented additional controls to mitigate
those weaknesses
2. Evaluate the effectiveness of any additional controls and
the effect of any reported weaknesses on the FFMIA
assessment.
3. Obtain an update on the status of the issues (include
reviewing management’s corrective action) and
document problems identified in the schedule in FAM
701 B.
15FISMA requires the annual report on the effectiveness of information security policies and practices.
Initials/
E. Read the cycle memorandums or other equivalent narratives

for each of the audit cycles completed for the current-year
audit. Document issues (include reviewing management’s
corrective action) related to FFMIA compliance in the
schedule in FAM 701 B.
F. Obtain the agency’s risk-based and evidence-based

assessment conducted on its financial management systems
against the FFMIA Compliance Determination Framework in
appendix D to OMB Circular No. A-123, and all supporting
documentation of financial systems and financial portions of
mixed systems. Supporting documentation may include
criteria for consideration of low, medium, and high risk and
test work that the agency performed.
1. Determine whether the agency’s assessment of its

financial management systems provides a reasonable
basis for determining compliance with the goals and
compliance indicators as described in the FFMIA
Compliance Determination Framework in OMB Circular
No. A-123, appendix D.
2. Obtain background on agency management performing

its assessment and determine whether management
officials have reasonable expertise to perform the
assessment on agency financial management systems.
3. Using the FFMIA Compliance Determination Framework

in appendix D to OMB Circular No. A-123, review a
selection of management’s assessments of individual
financial management systems, sufficient to determine if
management’s FFMIA assessment process appears
reasonable and is supported by the information.
Document issues regarding the agency’s assessment in
the schedule in FAM 701 B.
II. Testing for compliance with federal financial management

systems requirements
A. Ask whether the agency has an agency-wide inventory of its

financial management systems, including those operated or
maintained by a shared service provider. If so, obtain the
inventory and any supporting documentation. If not, consult
with management to prepare/obtain an inventory of financial
management systems and perform the following steps:
Initials/
1. From the agency’s inventory of financial management

systems, identify the financial systems and the financial
portion of mixed systems and note whether they are
operated or maintained by a shared service provider.
2. Document the key internal controls and the information

flows between the financial systems and the financial
portion of mixed systems in a flowchart or narrative,
including those operated or maintained by a shared service
provider. (The auditor may perform this step as part of the
internal control phase.)
a. Determine whether the financial portions of mixed

systems are integrated or interfaced with the financial
system. Note: Financial portions of mixed systems that
are integrated with the financial system share data
tables. Therefore, the agency need not prepare
reconciliations.
b. If the financial portions of mixed systems interface with

the financial systems, determine whether
reconciliations are performed between the systems. If
reconciliations are performed, determine how often and
by whom, and assess the adequacy of the
reconciliation, including follow-up activities and
supervisory review.
c. Through interviews with agency management and

review of systems documentation, determine if the
agency’s systems have detective controls (e.g., batch
control or hash totals or supervisory reviews) and
preventive controls (e.g., segregated duties,
appropriate authorizations, or access controls) to
process transactions properly and timely. (The auditor
may perform this step as part of the internal control
phase.)
3. Document any issues regarding the agency’s inventory,

internal controls, and the flow of information between its
financial management systems in the schedule in FAM 701
B.
B. Determine whether the agency’s financial management

systems, as identified in step II.A above, conform to
Treasury’s Federal Financial Management System
Requirements in the TFM.
Initials/
1. Document whether the agency has assessed its financial

systems and financial portions of mixed systems using
Treasury’s Federal Financial Management System
Requirements in the TFM.
a. If agency management has not conducted an

assessment against the TFM requirements, obtain any
analyses that agency management performed to
support its FFMIA and FMFIA assessments that
document how the agency’s systems conform to the
applicable TFM requirements.
b. Determine whether the agency’s assessment is

reasonable and is supported.
2. If management’s results cannot be relied upon for each

system, assess the agency financial management
systems’ compliance with Federal Financial Management
System Requirements in the TFM.
3. Ask whether there have been significant changes in the

agency’s automated business processes. If so, determine
whether the agency has assessed any new functionality in
accordance with Treasury’s Federal Financial
Management System Requirements in the TFM. Document
the results.
4. Document in FAM 701 B the instances in which, and the

related effect of, the agency’s financial management
systems not complying substantially with Federal Financial
Management System Requirements in the TFM.
C. Determine if financial management system security risks are

at an acceptable level. Coordinate with an information system
(IS) controls auditor to determine if the agency has
implemented and maintains a program to provide adequate
security for all agency information that is collected, processed,
transmitted, stored, or disseminated in financial management
systems.
1. Have the IS controls auditor review the annual

management testing and evaluation of the effectiveness of
information security, policies, procedures, and practices in
accordance with FISMA.
2. Document any unacceptable security risks and the related
effect on the financial management systems identified by
the IS controls auditor in the schedule shown in FAM 701
B.
Initials/
D. Determine if financial management systems include effective

internal controls to (1) safeguard resources against waste,
loss, and misuse, and whether reliable data are obtained,
maintained, and disclosed in system-generated reports, and
(2) restrict federal obligations and outlays to those authorized
by law and within the amount, time, and purpose available
(i.e., Antideficiency Act). The auditor may obtain some of the
information needed to make this determination from the work
performed in the internal control phase. The auditor may
identify other systems’ internal control weaknesses from other
audit reports reviewed and steps performed. Document the
results in FAM 701 B.
III. Testing for compliance with federal accounting standards
A. Determine if the agency’s financial statements are compiled

in accordance with applicable accounting standards by
examining whether
• any issues reported as part of the financial statement

audit were related to agency implementation of
accounting standards in its financial management
systems,
• the standards were not properly applied because of
inadequate or improperly implemented manual
procedures, or
• the agency’s financial management systems tracked
financial events and summarized information to facilitate
the preparation of auditable financial statements.
1. From the deficiencies identified in performing step II and

from tests conducted as part step I, determine whether
the financial management systems record and
summarize transactions in accordance with applicable
accounting standards. Document the results in the
schedule shown in FAM 701 B.
B. Determine if the financial management systems enable the

agency to prepare, execute, and report on its budget in
accordance with the requirements of OMB Circular No. A-11,
Preparation, Submission and Execution of the Budget. This
determination can include work performed as part of the
financial statement audit. Document the deficiencies and the
related effect in the schedule shown in FAM 701 B.
Initials/
C. Determine if the financial management systems enable the

agency to prepare financial management information in
accordance with the requirements of OMB Circular No. A-
136, Financial Reporting Requirements, and align with
agency strategic goals and performance information.
Document the deficiencies and the related effect in the
IV. Testing for compliance with the USSGL
A. Determine whether the agency financial management

systems use financial data that can be traced directly to
USSGL accounts to produce reports providing financial
information for both internal and external reporting.
1. Ask agency management and, based on the

documentation prepared in step II.A, determine how
financial transaction data are summarized from the
financial portion of mixed systems to the financial systems.
2. Compare the agency’s chart of accounts to the USSGL

accounts and identify any deviations.
3. Review all of the standard entries allowed by the financial

systems to determine if these entries conform to the
USSGL posting rules.
4. Document any deficiencies and the related effect in the

B. Ask whether the agency uses a crosswalk from its chart of

accounts for its financial system to the USSGL. If so, perform
tests to determine the accuracy of the crosswalk.
1. Trace all USSGL accounts to the crosswalk.
2. Identify any USSGL accounts that are not included in the

crosswalk. Identify any agency accounts not associated
with an USSGL account in the crosswalk.
3. Compare the posting rules used by the system to those

included in the USSGL to determine whether the system
posting rules conform to the USSGL.
4. Document deficiencies and the related effect in the

Initials/
C. From the deficiencies identified in performing step II and from

tests conducted as part step I, determine whether the financial
management systems record and summarize transactions in
accordance with the USSGL at the transaction level.
Document the results in the schedule shown in FAM 701 B.
V. Summary
A. Summarize the results of the work performed above and

assess the agency’s compliance with FFMIA requirements.
1. Finalize the schedule of the FFMIA noncompliance

identified in the schedule prepared in FAM 701 B.
2. Read the agency’s management representation letter and

Management’s Discussion and Analysis covering the year
under audit to obtain agency management’s FFMIA
determination.
3. Document the entity or organization responsible for the

financial management systems that have been found not to
comply substantially with FFMIA requirements.
a. Document facts pertaining to the
i. nature and extent of the noncompliance and areas

where there is substantial but not full compliance,
ii. primary reason or cause of the noncompliance,
iii. effect of the noncompliance, and
iv. relevant comments from any responsible officer or

employee.
b. Assess the recommended remedial actions for each

instance of noncompliance and management’s time
frames for implementing these actions. Include this
assessment in the schedule in FAM 701 B.
4. After reviewing the nature and extent of deficiencies

identified, conclude whether the systems deficiencies
identified constitute lack of substantial compliance with
FFMIA requirements.
5. Prepare the FFMIA section of the audit report. See FAM

580.86 through .90 for guidance.
701 B – Summary Schedule of Instances of Financial Management Systems Noncompliance with FFMIA
701 B – Summary Schedule of Instances of Financial Management Systems

Source of information used in identifying deficiencies in entity systems Effect of systems’ noncompliance
Nature and extent of systems’ noncompliance Agency comments on systems’ noncompliance
Substantial but not full compliance? (Y or N) Corrective action in remediation plan? (Y or N)
Applicable criteria (OMB Circular No. A-123, app. D citation) Assessment of corrective actions, time frames
Responsible entity Doc. reference
Primary reason for or cause of Comments
systems’ noncompliance
Prior year's reported instances of noncompliance (step I.B)
Prior year's material weaknesses and significant deficiencies that affect FFMIA determination (step I.B)
Weaknesses in the agency's most recent FMFIA or FISMA report that affect FFMIA determination (step I.C)
Deficiencies identified in recent inspector general, auditor, and GAO reports that affect FFMIA determination (step I.C)
Deficiencies identified in service organization reports (step I.D)
Cycle memorandums for the current year's audit (step I.E)
Agency's assessment using OMB Circular No. A-123, app. D (step I.F)
Inventory of financial management systems, internal controls, and flow of information (step II.A)
Financial management systems conform to systems requirements in the TFM (step II.B)
Implementation and maintenance of an information security program (step II.C)
Internal controls as part of financial management to prevent waste, loss, misuse, and Antideficiency Act violations (step II.D)
Preparation of auditable financial statements in accordance with applicable accounting standards (step III.A)
Preparation, execution, and reporting on agency budget in accordance with OMB Circular No. A-11 (step III.B)
Preparation of financial statements in accordance with OMB Circular No. A-136 (step III.C)
Agency financial management systems’ implementation of the USSGL accounts (step IV.A)
Agency use of a crosswalk from its financial system to the USSGL (step IV.B)
Agency financial management systems recording and summarizing transactions in accordance with USSGL (step IV.C)
710 – Agreed-Upon Procedures

.01 In an agreed-upon procedures engagement, the auditor performs specific
procedures on a subject matter and reports on the results to assist the intended
users in evaluating the subject matter. Agreed-upon procedures should be
performed in accordance with generally accepted government accounting
standards (GAGAS), which incorporate the American Institute of Certified Public
Accountants’ (AICPA) financial audit and attestation standards. Statement on
Standards for Attestation Engagements (SSAE) No. 18, as amended by SSAE
No. 19, restructures the attestation standards so that the applicability of any AT-
C section to a particular engagement depends on the level of service provided
and the subject matter of the engagement. AT-C 105, Concepts Common to All
Attestation Engagements, applies to all attestation engagements. AT-C 205,
Examination Engagements; 210, Review Engagements; and 215, Agreed-Upon
Procedures Engagements, each contains incremental performance and reporting
requirements and application guidance specific to the level of service provided.
.02 The auditor may perform an agreed-upon procedures engagement on a variety of

subject matters. 16 The engagement will vary depending on the needs of the
engaging party. Examples of agreed-upon procedures include
• compare payroll information reported to the Office of Personnel Management

with the entity’s payroll records and general ledger (refer to OMB audit
guidance for additional information);
• compare entity reconciliations of intragovernmental activity and balances with

supporting documentation and compare amounts with the financial
statements and with reports to Treasury (refer to OMB audit guidance for
additional information);
• trace tax collections from the master file to deposit confirmations and
determine whether they were recorded in the appropriate period and in the
correct tax class;
• trace amounts on the entity’s financial statements to an “account grouping

worksheet,” foot the worksheet, read the CFO’s explanation for any
differences, and compare the explanation with supporting documentation;
• examine official receipt documents to determine whether they were included

in the weekly deposit, and compare deposit amounts to amounts reported on
the statement of funding; and
• inspect vendor invoices and related payment documentation to determine

whether payment was made within 30 days.
.03 Parties involved in agreed-upon procedures engagements include
16The practitioner, as used in SSAE No. 19, is referred to as the auditor in the FAM.

a. the engaging party, which is the party that engages the auditor to perform the
attestation engagement;
b. the responsible party, which is the party responsible for the underlying
subject matter (which can be the same as the engaging party);
c. the intended user(s) (which can be the same as the engaging party); and
d. the auditor.
All parties should clearly understand the procedures to be applied. The nature,
extent, and timing of agreed-upon procedures depend upon the needs of the
engaging party. As they best understand their own needs, the engaging parties,
and not the auditor, assume responsibility for the appropriateness of the design
and extent of the procedures, although the auditor may assist the engaging
parties in designing the procedures.
.04 The auditor should agree upon the terms of the engagement with the engaging
party. The agreed-upon terms of the engagement should be specified in sufficient
detail in an engagement letter, an example of which is provided in FAM 710 A, or
other suitable form of written agreement (AT-C 215.14). The agreed-upon terms
of the engagement should include the following (AT-C 215.15):
a. The nature of the engagement established pursuant to AT-C 215.12.
b. Identification of the subject matter and responsible party.
c. The responsibilities of the auditor.
d. A statement that the engagement will be conducted in accordance with the

AICPA’s attestation standards.
e. A statement that the responsible party is responsible for the subject matter.
f. A statement that the engaging party agrees to provide the auditor, before
completing the engagement, with a written agreement and acknowledgment
that the procedures performed are appropriate for the intended purpose of
the engagement.
g. A statement that the engaging party agrees to provide, at the conclusion of

the engagement, a representation letter.
h. If known at the onset of the engagement, identification of any other parties, in

addition to the engaging party, that will be requested to agree to the
procedures and acknowledge that the procedures performed are appropriate
for their purposes. If the request is expected to be made by the engaging
party, a statement that the engaging party agrees to provide, at the
conclusion of the engagement, a written representation that the engaging
party has obtained from all necessary other parties agreement to the
procedures and acknowledgment that the procedures performed are
appropriate for their purposes.

i. If the engaging party is not the responsible party, a statement that written
representations may be requested from the responsible party.
j. Reference to the expected form and content of the auditor’s agreed-upon

procedures report, including any use restrictions, if applicable.
k. Disclaimers expected to be included in the auditor’s report, if applicable.
l. Assistance to be provided to the auditor, if applicable.
m. Involvement of an auditor’s external specialist, if applicable.
n. Specified thresholds for reporting exceptions, if applicable.
.05 The agreed-upon procedures to be enumerated or referred to in the auditor’s

report should be performed entirely by the engagement team or other
independent practitioners and not by internal auditors (AT-C 215.21).
.06 The auditor should perform procedures agreed to and acknowledged by the
engaging party to meet the intended purpose of the engagement established with
the engaging party. The auditor should not perform overly subjective procedures
or use terms with uncertain meaning unless they are defined in the agreed-upon
procedures report (AT-C 215.16 and .17).
.07 The auditor should obtain evidence from applying the agreed-upon procedures to
provide a reasonable basis for the finding(s) expressed in the auditor’s report but
need not perform additional procedures outside the scope of the engagement to
gather additional evidence (AT-C 215.18). If matters come to the auditor’s
attention by other means that significantly contradict the subject matter, the
auditor should discuss the matter with the engaging party and take appropriate
action, including determining whether the auditor’s report should be revised to
disclose the matter (AT-C 215.40). For example, if during the course of applying
agreed-upon procedures regarding an entity’s operations, the auditor becomes
aware of a material weakness by means other than the agreed-upon procedures,
the auditor may include this matter in the report (AT-C 215.A72). The auditor may
do this by mentioning the material weakness with a footnote reference to another
report where it is described in detail.
.08 In the event the auditor encounters known or suspected fraud or noncompliance
with laws or regulations in connection with the engagement, the auditor should
consider responsibilities under the AICPA Code of Professional Conduct and
applicable law prior to communicating such information either to the responsible
party or to the engaging party (AT-C 215.41).
.09 When circumstances impose restrictions on performing the agreed-upon

procedures, the auditor should discuss with the engaging party whether those
restrictions are appropriate and, if so, describe them in the auditor’s report (AT-
C 215.39).

Written Representations
.10 The auditor should request written representations from the engaging party. The
engaging party should provide these in a letter addressed to the auditor. The
date of the written representations should be as of the date of the auditor’s
report; the representations should address the subject matter and periods
covered by the auditor’s findings (AT-C 215.29). The representations should
include the following (AT-C 215.27):
a. a statement that the responsible party is responsible for the subject matter;
b. if applicable, a statement that the engaging party has obtained from all
necessary parties agreement to the procedures and acknowledgment that the
procedures are appropriate for their purposes;
c. a statement that the engaging party has provided the auditor with all relevant
information and access, as applicable, as agreed upon in the terms of the
engagement;
d. a statement that all known matters contradicting the subject matter and any
communication from regulatory agencies or others affecting the subject
matter have been disclosed to the auditor, including communications
received between the end of the period addressed by the subject matter and
the date of the auditor’s report;
e. a statement that the engaging party is not aware of any material

misstatements in the subject matter;
f. a statement that the engaging party has disclosed to the auditor all known
events subsequent to the period (or point in time) of the subject matter being
reported on that would have a material effect on the subject matter; and
g. any additional representations that the auditor determines are appropriate.
FAM 710 B provides an example of an engaging party’s representation letter for

an agreed-upon procedures engagement.
.11 When the engaging party is not the responsible party, the auditor should consider
requesting the relevant written representations pursuant to paragraph .10 from
the responsible party. The responsible party should provide them in a letter
addressed to the auditor. FAM 710 C provides an example of a responsible
party’s representation letter for an agreed-upon procedures engagement.
.12 When one or more of the requested written representations are not provided, or
the auditor concludes either that there is sufficient doubt about the competence,
integrity, ethical values, or diligence of those providing the written
representations or that the written representations are otherwise not reliable, the
auditor should
a. discuss the matter with the engaging or responsible party, as appropriate;

b. reevaluate the integrity of those from whom the representations were
requested or received and evaluate the effect that this may have on the
reliability of representations and evidence in general; and
c. if any of the matters are not resolved to the auditor’s satisfaction, take
appropriate action, including determining the possible effect on the auditor’s
agreed-upon procedures report (AT-C 215.30).
Documentation
.13 The auditor should prepare engagement documentation on a timely basis that
includes the following:
a. the written agreement and acknowledgment from the engaging party

regarding the appropriateness of the procedures performed for the intended
purpose of the engagement;
b. the nature, timing, and extent of the procedures performed to comply with
relevant AT-C sections and applicable legal and regulatory requirements,
including
i. the identifying characteristics of the specific items or matters tested;
ii. who performed the engagement work and the date such work was
completed;
iii. when the appropriate party will not provide one or more of the requested
written representations or the auditor concludes either that there is
sufficient doubt about the competence, integrity, ethical values, or
diligence of those providing the written representations or that the written
representations are otherwise not reliable, the matters in paragraph .12;
and
iv. who reviewed the engagement work performed and the date and extent
of such review; and
c. the results of the procedures performed and the evidence obtained (AT-
C 215.42).
.14 The auditor should document sufficient information to enable an experienced

auditor having no previous connection with the engagement to ascertain from the
documentation the nature, extent, timing, and results of procedures performed
and the evidence that supports the auditor’s agreed-upon procedures report,
including its sources.
.15 Although the quantity, type, and content of documentation varies with the
circumstances, the auditor should document sufficient information to demonstrate
that the work was adequately planned and supervised and that the evidence
provides a reasonable basis for the report as discussed in GAGAS.
.16 The auditor generally should prepare a summary memorandum that recaps the
work performed; refers to the detailed documentation; and includes the auditor’s

conclusion on whether the work was performed in accordance with GAGAS, the
attestation standards, and the FAM and whether the report is appropriate.
FAM 710 E provides an agreed-upon procedures engagement completion
checklist.
Reporting
.17 The auditor should report on the agreed-upon procedures, in writing, in the form
of procedures and findings (AT-C 215.31 and .32). If, as a result of performing
procedures, the auditor determines that the description of the procedures
performed or the corresponding findings, in the auditor’s professional judgment,
are misleading in the circumstances of the engagement, the auditor should
discuss the matter with the engaging party and take appropriate action (AT-C
215.33).
.18 The auditor’s agreed-upon procedures report should include the following, as
shown in the example report in FAM 710 D (AT-C 215.34–.35):
a. A title that includes the word independent to clearly indicate that it is the
report of an independent accountant.
b. An appropriate addressee as required by the circumstances of the

engagement.
c. Identification of the engaging party;
d. Identification of the subject matter to which the procedures have been

applied.
e. Identification of the responsible party, including a statement that the

responsible party is responsible for the subject matter. When the engaging
party is not the responsible party and identification of the responsible party
and its responsibility for the subject matter is based solely on representations
received from the engaging party, the auditor’s agreed-upon procedures
report should include a statement to that effect.
f. A statement that the engaging party acknowledged that the procedures

performed are appropriate to meet the intended purpose of the engagement.
g. An identification of the intended purpose of the engagement in sufficient

detail to enable the user to understand the nature of the work performed.
h. A statement that the auditor’s report may not be suitable for any other
purpose.
i. A statement that the procedures performed may not address all the items of
interest to a user of the report and may not meet the needs of all users of the
report and, as such, users are responsible for determining whether the
procedures performed are appropriate for their purposes.
j. A statement that an agreed-upon procedures engagement involves the

auditor performing specific procedures that the engaging party has agreed to

and acknowledged to be appropriate for the intended purpose of the
engagement and reporting on findings based on the procedures performed.
k. A description of the procedures performed detailing the nature and extent and,
if applicable, the timing, of each procedure.
l. A description of the findings from each procedure performed, including

sufficient details on exceptions found.
m. If applicable, a description of any specified threshold that the engaging party

established for reporting exceptions.
n. A statement that the agreed-upon procedures engagement was conducted in

accordance with the AICPA’s attestation standards.
o. A statement that the auditor was not engaged to and did not conduct an
examination or review, the objective of which would be to express an opinion
or conclusion, respectively, on the subject matter.
p. A statement that the auditor does not express such an opinion or conclusion.
q. A statement that had the auditor performed additional procedures, other

matters might have come to the auditor’s attention that would have been
reported.
r. A statement that the auditor is required to be independent of the responsible

party and to meet the auditor’s other ethical responsibilities, in accordance
with the relevant ethical requirements relating to the agreed-upon procedures
engagement;
s. If applicable, a description of the nature of the assistance that an auditor’s

external specialist provided.
t. When applicable, reservations or restrictions concerning procedures or

results.
u. The manual or printed signature of the auditor, followed by the name of the
audit entity, the city and state in which the auditor practices, or both.
v. The date of the report. The report should be dated no earlier than the date on
which the auditor completed the procedures and determined the results,
including that
• the attestation documentation has been reviewed and
• if applicable, the written presentation of the subject matter has been

prepared.
w. If necessary, an alert, in a separate paragraph, that restricts the use of the

auditor’s agreed-upon procedures report, taking into account the
understanding with the engaging party regarding the nature of the
engagement.

.19 The auditor should present the results of applying agreed-upon procedures to
specific subject matter in the form of findings and should report all findings
arising from such application (AT-C 215.24 and .25). A threshold for reporting
exceptions does not apply to findings reported in an agreed-upon procedures
engagement unless the engaging party establishes such a threshold. If the
engaging party has established a threshold for reporting exceptions, the auditor
should describe it in the auditor’s report (AT-C 215.25 and .A37).
.20 Although use of the report may be restricted to specified parties for its intended
purpose(s), governmental reports are generally a matter of public record.
Therefore, generally the distribution of the report is not limited, and the audit
organization may provide copies upon request. However, contractual, legal, or
other restrictions may limit distribution. See AT-C 215.35 through .38 for
additional guidance on restricting the use of the report.
.21 The auditor may have performed agreed-upon procedures on an element,

account, or item of financial statements and also audited the same financial
statements. If the audit report on the financial statements includes a departure
from a standard report, the auditor generally should refer to the audit report and
the departure from the standard report in the agreed-upon procedures report.
.22 The auditor also may include explanatory language about matters such as the
following:
• stipulated facts, assumptions, or interpretations (including the source);
• description of the condition of records, controls, or data to which the

procedures were applied;
• explanation that the auditor has no responsibility to update the report; and
• explanation of sampling risk (for example, “Based on our sample, we are 95

percent confident that the population deviation not more than 15 percent.”).
.23 The auditor should state the findings in definitive, rather than qualified, language
and should not
• use vague or ambiguous language,
• include terms of uncertain meaning, and
• express an opinion or conclusion on the subject matter or about whether the
subject matter is in accordance with (or based on) the criteria (AT-C 215.26).
The following table provides examples of appropriate and inappropriate
descriptions of findings and results.

Table 710.1: Examples of appropriate/inappropriate description of findings and results
for agreed-upon procedures
Description of findings and results

Agreed-upon procedures Appropriate Inappropriate
Based on the total tax liability, Recomputed amounts for the Nothing came to
select and recompute the 50 selected excise tax returns agreed our attention as a
largest excise tax returns from with the amounts in the certified result of applying
the quarter ended audit file. this procedure.
September 30, 20XX, and
compare these amounts with
those in the certified audit file.
Select a random sample of 45 Revenue receipts selected randomly The revenue
general ledger postings of from the year’s general ledger receipts
revenue receipts for the year; postings were properly classified approximated the
compare with supporting and in agreement with supporting amount indicated
documentation to determine documentation. by supporting
whether reported revenue documentation.
receipts were properly
recorded as to amount and
classification.
Examine personnel files of 40 Thirty of the selected files contained Some of the
individuals randomly selected a current and approved Notification personnel files did
from the timekeeping records of Personnel Action. Ten files did not not contain a
for the year; determine contain a current and approved current and
whether the selected files Notification of Personnel Action (list approved
contain a current and and identify exceptions). Notification of
approved Notification of Personnel Action.
Personnel Action (Standard
Form 50).
FAM 710 D provides an example of an agreed-upon procedures report.
Other Report Issues
.24 If the audit organization’s procedure is to date reports with the issue date, the
auditor may state the date of completion of the engagement in the report, such
as “We completed the agreed-upon procedures on [date].”
.25 The auditor should obtain report comments from the party responsible for the
subject matter. These comments can be either written or oral. If oral comments
are obtained, the auditor should document them in a memorandum.
.26 Prior to issuing the agreed-upon procedures report, the auditor should obtain a
written agreement on the procedures and acknowledgment from the engaging
party that the procedures performed are appropriate for the intended purpose of
the engagement (AT-C 215.22). If the engaging party refuses to provide the
written agreement and acknowledgment, the auditor should withdraw from the
engagement (AT-C 215.23).

710 A – Example Agreed-Upon Procedures Engagement Letter
710 A – Example Agreed-Upon Procedures Engagement

Letter
(The examples in 710 A through 710 D assume that the engaging party is ABC Entity and the
responsible party is XYZ Entity.)
[Date]
Management of ABC Entity
Subject: Fiscal Year 20XX Agreed-Upon Procedures for the Tax Trust Fund
Dear Management Official:
This letter responds to your letter of [date] requesting that we assist ABC Entity in determining
the completeness and accuracy of receipts transferred to the ABC tax trust fund by XYZ Entity.
On [date], we met with you to discuss the scope and timing of our work. The detailed
procedures we agree to perform are enclosed. We plan to perform these procedures on
[provide date(s)].
This letter documents our agreement to perform these agreed-upon procedures related to fiscal
year 20XX. We will perform these procedures in accordance with U.S. generally accepted
government auditing standards, which incorporate the attestation standards established by the
American Institute of Certified Public Accountants. The procedures are included in the
enclosures to this letter.
We will provide XYZ Entity with a draft copy of our report for its review and comment and plan to
issue the report by [date]. At the conclusion of the audit, management of ABC Entity
acknowledges its responsibility to provide to us a representation letter. Written representations
may also be requested from XYZ Entity. We will meet with you as needed to discuss the
agreed-upon procedures, results, and other issues that may arise.
The appropriateness of the agreed-upon procedures to meet the objectives of ABC Entity is
solely your responsibility. Accordingly, we make no representation regarding their
appropriateness to meet your needs or for any other purpose. Prior to the completion of the
audit, management of ABC Entity acknowledges its responsibility to provide us with a written
agreement and acknowledgment that the procedures performed are appropriate for the intended
purpose of this engagement. In addition, because of the nature of agreed-upon procedures, the
results we obtain will only be applicable to the period for which they are performed. We are not
engaged to perform, and will not perform, an examination or audit, the objective of which would
be to express an opinion on the amount of receipts transferred to the tax trust fund for fiscal
year 20XX. Accordingly, we will not express such an opinion. If we were to perform an
examination or audit, other matters beyond the scope of the agreed-upon procedures might
come to our attention.
The report we will prepare is intended solely for your information and use and is not intended to
be, and should not be, used by any other party. However, our report will be a matter of public
record and will be provided to others upon request. Unless we hear from you, we will assume
710 A – Example Agreed-Upon Procedures Engagement Letter
that you concur with these procedures and their appropriateness for your purposes. 17 If you
have any questions, please contact me at [telephone number and email address] or
[alternative contact] at [telephone number and email address].
Sincerely yours,
[Signed]
[Name of Director]
[Title]
[Audit Entity]
Enclosure
cc: XYZ Entity
17The auditor may request that the users document their agreement with the procedures and their appropriateness
for their purposes by signing the engagement letter and returning it to the auditor.
710 B – Example Representation Letter from Engaging Party on Agreed-Upon Procedures
Engagement
710 B – Example Representation Letter from Engaging Party

on Agreed-Upon Procedures Engagement
[ABC Entity letterhead]
[Date (as of the date of the auditor’s report)]
Dear Auditor:
In connection with the agreed-upon procedures engagement for XYZ Entity’s budget execution
process for the period from October 1, 20XX, through September 30, 20XX, we confirm to the
best of our knowledge and belief, the following representations made to you in performing these
agreed-upon procedures.
• We acknowledge that XYZ Entity is responsible for the budget execution process.
• We have obtained from all necessary parties agreement to the procedures and
acknowledgment that the procedures are appropriate for their purposes.
• We know of no matters that would contradict our understanding of XYZ Entity’s budget
execution process, including matters occurring between September 30, 20XX, and the date
of the auditor’s report.
• There have been no communications from regulatory or oversight agencies concerning XYZ
Entity’s budget execution process or noncompliance with budgetary laws or the
Antideficiency Act, including communications received between September 30, 20XX, and
the date of the auditor’s report.
• We have made available to you all relevant information and access pertaining to XYZ
Entity’s budget execution process during the period from October 1, 20XX, through
September 30, 20XX, as agreed upon in the terms of the engagement.
• We are not aware of any material misstatement regarding XYZ Entity’s budget execution
process.
• We have disclosed to you all known events subsequent to the period being reported on that
would have a material effect on XYZ Entity’s budget execution process.
Sincerely yours,
[signed]
[Official’s Name]
[Official’s Title]
ABC Entity
710 C – Example Representation Letter from Responsible Party on Agreed-Upon Procedures
Engagement
710 C – Example Representation Letter from Responsible

Party on Agreed-Upon Procedures Engagement
[XYZ Entity letterhead]
[Date (as of the date of the auditor’s report)]
Dear Auditor:
In connection with the agreed-upon procedures engagement for ABC Entity’s budget execution
process for the period from October 1, 20XX, through September 30, 20XX, we confirm to the
best of our knowledge and belief the following representations made to you in performing these
agreed-upon procedures.
• We acknowledge responsibility for our budget execution process.
• We are not aware of any material misstatement regarding our budget execution process.
• We have made available to you all records and related data pertaining to our budget
execution process during the period from October 1, 20XX, through September 30, 20XX.
• We have disclosed to you all known events subsequent to the period (or point in time) being
reported on that would have a material effect on our budget execution process.
• XYZ Entity’s budget execution process is designed to meet the requirements of the
Antideficiency Act.
• XYZ Entity’s employees check the accounting records and fund status reports quarterly to
determine whether all source documents that affect the appropriation and fund balance have
been recorded properly, accurately, and timely.
• XYZ Entity’s accounting system provides timely disclosure of total valid obligations incurred
to date and total budgetary resources available for obligation within each apportionment.
• The system also provides timely disclosure of the authorization or creation of commitments,
obligations, or expenditures that exceed apportionments and allotments.
• We are not aware of instances of noncompliance with the above-stated procedures.
• We are not aware of instances of fraud involving management, employees, or contractor

staff who have significant roles in the operation of our budget execution process.
• We have no plans or intentions that would materially affect our budgetary process or
operations.
Sincerely yours,
[signed]
[Official’s name]
[Official’s title]
XYZ Entity
Updated May 2023 GAO/CIGIE Financial Audit Manual Page 710 C-1
710 D – Example Agreed-Upon Procedures Report Where the Engaging Party Is Not the
Responsible Party
710 D – Example Agreed-Upon Procedures Report Where the

Engaging Party Is Not the Responsible Party
[Date]
Management of ABC Entity
Subject: Independent Accountant’s Report on Applying Agreed-Upon Procedures: Count of

Cash and Related Items of XYZ Entity
Dear Management Official:
We have performed the procedures described in the enclosure to this report on the count of
cash and cash-related items of XYZ Entity at September 30, 20XX, with which you agreed. XYZ
Entity management is responsible for the count of its cash and cash-related items at
September 30, 20XX. ABC Entity acknowledged that the procedures performed are appropriate
to meet the intended purpose of the engagement. We performed these procedures solely to
meet your needs for an independent count of cash and cash-related items of XYZ Entity at
September 30, 20XX. Consequently, we make no representation regarding the appropriateness
of the procedures described in this report either for the purpose for which this report has been
requested or for any other purpose.
We conducted the engagement in accordance with U.S generally accepted government auditing
standards, which incorporate attestation standards established by the American Institute of
Certified Public Accountants. We were not engaged to perform, and did not perform, an
examination or review, the objective of which would have been to express an opinion or
conclusion, respectively, on the amount of cash on hand. Accordingly, we do not express such
an opinion or conclusion. Had we performed additional procedures, other matters might have
come to our attention that we would have reported to you.
The procedures we agreed to perform consist of counting amounts for cash and related receipts
and comparing combined totals to the authorized amounts. These procedures may not address
all the items of interest to a user of the report and may not meet the needs of all users of the
report. As such, users are responsible for determining whether these procedures are
appropriate for their purposes. The enclosure describes the agreed-upon procedures and our
results. We completed our agreed-upon procedures on [date of completion].
We are required to be independent of XYZ Entity and to meet our ethical responsibilities, in
accordance with the relevant ethical requirements related to our agreed-upon procedures
engagement.
We requested comments on a draft of this report from XYZ Entity representatives. They agreed
with the results presented in this report and had no comments.
The purpose of this report is solely to describe agreed-upon procedures related to an

independent count of the cash and cash-related items of XYZ Entity at September 30, 20XX,
and the report is not suitable for any other purpose. However, this report is a matter of public
record, and its distribution is not limited. The report is available at no charge at [website].
Updated May 2023 GAO/CIGIE Financial Audit Manual Page 710 D-1
Responsible Party
If you have any questions, please call [name, title, and telephone number].
Sincerely yours,
[Signed]
[Name of Director], Director

[Audit Entity]
[City, State]
Enclosure
cc: XYZ Entity
Responsible Party
Enclosure
Results of Cash Counts
Procedures
We counted and totaled cash on hand for the petty cash fund of XYZ Entity at
September 30, 20XX. We also listed and totaled the receipts on hand evidencing
disbursements from the fund. Finally, we compared the combined total of cash
and receipts available to the amount authorized for the fund of $500.
Results
We counted cash totaling $258.96 and scheduled 14 receipts totaling $174.85,
which accounted for $433.81 of the $500 in authorized petty cash funds. In
addition, the XYZ Entity custodian provided us two separate Expense Summary
Report and Petty Cash Itemization Sheets and related receipts for an additional
$65.09, which had been submitted for reimbursement to the fund. There remains
an unexplained difference (shortage) of $1.10 between the authorized amount
and the total cash and receipts evidencing petty cash fund disbursements.
710 E – Agreed-Upon Procedures Engagement Completion Checklist
710 E – Agreed-Upon Procedures Engagement Completion

Checklist
Engaging party: _______________________________________________________________
Job code: ___________________________________________________________________
Principal report: _______________________________________________________________
.01 This checklist is intended to help the auditor comply with the standards for
agreed-upon procedures engagements. No signatures are required on the
checklist in the planning phase.
.02 Several of the last questions include steps in GAO’s quality control process, GAO
Audit Documentation Set, and second partner review and reading of the report by
the Technical Accounting and Auditing Expert (Chief Accountant at GAO) when
that person is not the second partner. GAO auditors should complete these
questions and forms. Inspector general auditors and other auditors may use
these questions and forms or may substitute questions and forms that consider
their reporting style and quality control.
Yes, no, Doc.

Steps or N/A Ref.
1. Has the engagement team documented an understanding with

the individuals requesting the agreed-upon procedures in an
engagement letter?
2. Were appropriate engagement acceptance and risk designation

procedures followed?
3. Does the engagement letter cover the following?
• Independence of professionals working on the

engagement.
• The nature of the engagement.
• Identification of the subject matter and the responsible

entity.
• Auditor’s responsibilities.
• Reference to GAGAS and a statement that the

engagement will be conducted in accordance with the
AICPA’s attestation standards.
• Statement that the responsible party is responsible for

the subject matter.
Updated May 2023 GAO/CIGIE Financial Audit Manual Page 710 E-1
Yes, no, Doc.

Steps or N/A Ref.
• Agreement on the nature, extent, and timing, of

procedures and statement that the engaging party will
provide written agreement that procedures performed
are appropriate prior to completion of the audit.
• Agreement of the engaging party to provide a

representation letter or, if the engaging party is not the
responsible party, a statement that written
representations may be requested from the responsible
party.
• Anticipated reporting, including, if applicable, expected

disclaimers and use restrictions.
• If applicable, identification of other parties in addition to

the engaging party that will be requested to agree to the
procedures and acknowledge that the procedures
performed are appropriate for their purposes (see AT-C
215.15h).
• Assistance to be provided to the auditor, if applicable.
• Involvement of an auditor’s external specialist, if

applicable.
• Specified thresholds for reporting exceptions, if

applicable.
4. Was an entrance conference held with the responsible entity?
5. Did the auditor receive written representations from the

engaging party as of the date of the auditor’s report as required
by AT-C 215.27 and .29, and did they address the subject
matter and periods covered by the auditor’s findings and results?
6. When the engaging party is not the responsible party, did the
auditor receive relevant written representations from the
responsible party as of the date of the auditor’s report as
required by AT-C 215.28, and did they address the subject
matter and periods covered by the auditor’s findings and results?
7. If applicable to the procedures, were laws and regulations

documented?
8. Does the documentation contain the following?
• The scope and methodology, including any sampling

criteria used and consideration of the results of any
Yes, no, Doc.

Steps or N/A Ref.
previous agreed-upon procedures and follow-up on any
significant findings that directly relate to the agreed-upon
procedures engagement.
• Any indication of fraud, illegal acts, violations of

provisions of contracts or grant agreements, or abuse,
and—if there was such indication—the directed
procedures performed, results obtained, and related
communications.
• Descriptions of transactions and records examined.
• A description of the work performed to support reported

results.
• Who performed the engagement work and the date such

work was completed.
• Evidence of supervisory review.
9. Does the documentation assert that the applicable standards

were followed?
10. Does the documentation provide a reasonable basis for the

results of the agreed-upon procedures?
11. Does the summary memorandum appropriately summarize the

results of the procedures and refer to the documentation?
12. Did the auditor document any deviations from the standards?
Did the director approve the related documentation with copies
to the reviewer?
13. Was an exit conference held with the responsible entity?
14. Was the report referenced to supporting documentation?
15. Did the assistant director review the following?
• Documentation of the understanding with the individuals

requesting the procedures and officials of the entity.
• Memorandum of entrance conference with the

responsible entity.
• Completed work plans and procedures.
• Memorandums on key engagement issues.
Yes, no, Doc.

Steps or N/A Ref.
• Summary of the results of the procedures.
• Memorandum of exit conference with the responsible

entity.
• Deviations from standard reporting language.
• Financial schedules/statements, if applicable.
• Management representation letter.
• Agreed-upon procedures report.
• GAO Audit Documentation Set or equivalent.
16. Did the audit director review the following?
• Documentation of the understanding with the individuals

requesting the procedures and officials of the entity.
• Summary of results of the procedures.
• Memorandum of exit conference with responsible entity.
• Deviations from standard reporting language.
• Agreed-upon procedures report.
• Financial schedules/statements, if applicable.
• Management representation letter.
17. Did the assistant director or the auditor-in-charge determine that

all significant review notes were resolved appropriately?
18. Is the report appropriate as to the following?
• Wording.
• Scope of work.
• GAGAS.
• Explanatory paragraphs.
19. Is the agreed-upon procedures report dated appropriately, or

does the report indicate when the auditor completed the
engagement?
Note: The auditor should discuss all “No” answers in attached documentation. If the reason that
a question is “N/A” is not obvious, the auditor should document the reason on the checklist or in
an attachment.
Date of completion of the engagement _________________
Auditor-in-Charge _________________________________ Date _______________
Assistant Director _________________________________ Date _______________
Audit Director ____________________________________ Date _______________
SECOND PARTNER’S (OR EQUIVALENT) REVIEW OF
AGREED-UPON PROCEDURES WORK
Objective of second partner (or equivalent) review: To objectively review significant

engagement matters to conclude, based on all facts the second partner (or equivalent) has
knowledge of, that no matters were found that caused the second partner (or equivalent) to
believe that (1) the procedures were not performed in accordance with GAGAS, which
incorporate financial audit and attestation standards established by the AICPA, and (2) the
report does not meet professional standards and audit organization policies.
Procedures: Before the report was issued, I performed the following procedures:
• as necessary, discussed significant engagement issues with the audit director;
• read documentation of key decisions and consultations;
• read the agreed-upon procedures report; and
• confirmed with the audit director that there are no unresolved issues.
Conclusions: Based on all the relevant facts of which I have knowledge, I found no matters
that caused me to believe that (1) the agreed-upon procedures were not performed in
accordance with GAGAS and the AICPA’s attestation standards related to agreed-upon
procedures engagements and (2) the report is not in accordance with professional
standards and audit organization policies.
In signing this form, I acknowledge that there have been no personal or external
impairments to independence regarding my work on this engagement.
____________________________________________________________________
Title Signature Date
TECHNICAL ACCOUNTING AND AUDITING EXPERT’S
READING OF AGREED-UPON PROCEDURES REPORT
Objective of review: When the Technical Accounting and Auditing Expert is not the second
partner (or equivalent), the Technical Accounting and Auditing Expert should read the report
to determine whether the procedures were performed in accordance with GAGAS, which
incorporate financial audit and attestation standards established by the AICPA, and whether
the report meets professional standards and audit organization policies.
Conclusions: Based on my reading of the report, I found no matters that caused me to

believe that (1) the agreed-upon procedures were not performed in accordance with GAGAS
and the AICPA’s attestation standards related to agreed-upon procedures engagements and
(2) the report is not in accordance with professional standards and audit organization
policies.
In signing this form, I acknowledge that there have been no personal or external
impairments to independence regarding my work on this engagement.
____________________________________________________________________
Title Signature Date
SECTION 800
Compliance
Compliance
800 – Contents of Compliance
Contents – Compliance
FAM
General Compliance Checklist 802
Antideficiency Act (ADA), as Provided Primarily in 31 U.S.C. Chapters 13, 803

15
Federal Credit Reform Act of 1990 (FCRA), as Provided in 2 U.S.C. §§ 804

661-661f
Federal Debt Collection Authorities, as Provided in 31 U.S.C. Chapter 37 805
Prompt Payment Act (PPA), as Provided in 31 U.S.C. Chapter 39 806
Pay and Allowance System for Civilian Employees, as Provided Primarily 807
in 5 U.S.C. Chapters 51-59
Civil Service Retirement Act (CSRA), as Provided in 5 U.S.C. Chapter 83 808
Federal Employees Health Benefits Act (FEHBA), as Provided in 5 U.S.C. 809

Chapter 89
Federal Employees' Compensation Act (FECA), as Provided in 5 U.S.C. 810

Chapter 81
Federal Employees’ Retirement System Act (FERSA), as Provided in 5 811

U.S.C. Chapter 84

Compliance
802 – General Compliance Checklist

.01 The compliance testing section consists of the General Compliance Checklist in
FAM 802 (questionnaire) for identifying laws and regulations for compliance
testing (see FAM 245, Identify Significant Provisions of Applicable Laws,
Regulations, Contracts, and Grant Agreements, and FAM 295 H, List of General
Laws). This checklist assists the auditor with the requirement in FAM 245.03 to
obtain sufficient appropriate audit evidence regarding material amounts and
disclosures in the financial statements that are determined by provisions of those
laws, regulations, contracts, and grant agreements generally recognized to have a
direct effect on their determination and to thereby comply with GAGAS and AU-C
250, Consideration of Laws and Regulations in an Audit of Financial Statements.
The checklist does so by including frequently encountered laws that apply to
many federal entities and also a section that identifies other laws and regulations
based on a particular federal entity’s legal and regulatory framework. The
compliance supplements, which are found in FAM sections 803-811, provide
detailed guidance for assessing the effectiveness of compliance controls and
testing compliance with the significant provisions of frequently encountered laws.
The General Compliance Checklist does not include guidance related to contracts
and grant agreements, which are discussed in FAM 245.
.02 The auditor generally should complete the General Compliance Checklist (Form
802), or its equivalent, for federal financial statement audits. The auditor should
decide if a frequently encountered law is significant for purposes of compliance
testing. The auditor should complete compliance supplements (or equivalent) only
for laws identified for compliance testing on the General Compliance Checklist
(FAM 802.07). Use of these documents is described below.
.03 To understand and evaluate compliance controls, the auditor also should follow
the guidance in FAM 260, Identify Risk Factors, on identifying risk factors and in
FAM 320, Understand Information Systems, on understanding information
systems. The FAM also provides additional guidance on compliance
considerations for all audit phases.
Instructions for General Compliance Checklist

.04 The checklist contains a summary for each frequently encountered law. The
auditor should use this checklist or its equivalent to determine which of these laws
are significant for testing compliance, as discussed in FAM 245, Identify
Significant Provisions of Applicable Laws, Regulations, Contracts, and Grant
Agreements, and FAM 295 H, List of General Laws. The auditor may indicate
whether each law meets the criteria for significance by answering yes or no.
.05 The auditor may use estimates or interim information in the preliminary column.
The final amounts (based on the audited amounts or the final amounts of
available budget authority) are used to determine whether all laws that would be
significant in quantitative terms have been identified for control and compliance
testing. The auditor should document the sources of all amounts included in this
checklist. If the auditor determines the law is significant from a qualitative
standpoint, then the auditor should document the reasons for this conclusion.
.06 The checklist also contains procedures that the auditor should perform to identify
other laws and regulations for compliance testing, as discussed in FAM 245,

Compliance
Identify Significant Provisions of Applicable Laws, Regulations, Contracts, and
Grant Agreements.
.07 Frequently encountered laws contained in supplements to the General
Compliance Checklist (Form 802) that the auditor may test are as follows:
Supplement
Law number
Antideficiency Act (ADA), as provided primarily in 31 U.S.C. FAM 803

chapters 13, 15
Federal Credit Reform Act of 1990 (FCRA), as provided in 2 FAM 804

U.S.C. §§ 661-661f
Federal Debt Collection Authorities, as provided in 31 U.S.C. FAM 805

chapter 37
Prompt Payment Act (PPA), as provided in 31 U.S.C. chapter 39 FAM 806
Pay and Allowance System for Civilian Employees as provided FAM 807
primarily in 5 U.S.C. chapters 51-59
Civil Service Retirement Act (CSRA), as provided in 5 U.S.C. FAM 808

chapter 83
Federal Employees Health Benefits Act (FEHBA), as provided in FAM 809

5 U.S.C. chapter 89
Federal Employees’ Compensation Act (FECA), as provided in 5 FAM 810

U.S.C. chapter 81
Federal Employees’ Retirement System Act (FERSA), as FAM 811

provided in 5 U.S.C. chapter 84

Compliance
Entity _______________________________________________________________________
Period of financial statements ___________________________________________________
Job code ___________________________________________________________________
Description of law Yes / No
Antideficiency Act (ADA), as provided primarily in 31 U.S.C. chapters 13,

15 (31 U.S.C. §§ 1341(a)(1)(A), (B); and 31 U.S.C. § 1517(a)) 1
This law imposes restrictions on the amounts of obligations or expenditures
that entities may make. More specifically, this law provides that the entity’s
officers or employees, unless authorized by law, shall not:
1. make or authorize expenditures or obligations that exceed the amount
available for expenditure or obligation in an appropriation or a fund;
2. involve the U.S. government in a contract or an obligation for the
payment of money for any purpose before an appropriation for such
purpose is made; or
3. make or authorize expenditures or obligations that exceed the amount
of an apportionment (or reapportionment, if applicable) or a lesser
amount, if any, established by entity regulations (e.g., an allotment
level).
As discussed in FAM 250, Identify Relevant Budget Restrictions, the auditor
should obtain information on the entity’s budget authority, from sources such as
appropriation statutes, and identify all legally binding restrictions on budget
execution.
Does the entity have appropriations or other funds that are limited to an amount
or a specified period of availability?
________
Because the Antideficiency Act has no materiality limit, the auditor should
complete the compliance supplement at FAM 803.
1See also 31 U.S.C. § 1341(c), which provides that in the event of a lapse in appropriations beginning on or after
December 22, 2018, employees of the U.S. government or of a District of Columbia public employer, who are
furloughed or required to work during such a lapse, must subsequently be timely compensated after the lapse in
appropriations ends.

Compliance
Federal Credit Reform Act of 1990 (FCRA), as provided in 2 U.S.C. §§ 661-

661f (2 U.S.C. § 661c(b), (e))
This law contains numerous provisions relating to the recording of activity
related to direct loans, loan guarantees, and related loan modifications for
budget accounting purposes. The law provides that on or after October 1, 1991,
an agency may incur new direct loan obligations or make new loan guarantee
commitments only to the extent that an appropriation or other budget authority
is available to cover the costs of the direct loan or loan guarantee.
Does the entity’s budget authority available during the audit period for direct
loan obligations, loan guarantee commitments, or any related loan
modifications exceed materiality, or did the auditor determine that FCRA has a
direct effect on the determination of material amounts and disclosures in the ________
entity’s financial statements?
Preliminary Final
Total appropriations or other

budget authority available during
the fiscal year for costs of FCRA
activities (direct loans, direct loan
obligations, loan guarantees, loan
guarantee commitments, and related
loan modifications)
Materiality
If yes, then complete the compliance supplement at FAM 804

Compliance
Federal Debt Collection Authorities, as provided in 31 U.S.C. chapter 37

(31 U.S.C. § 3711; 31 U.S.C. § 3717(a), (b), (c), (e), (f); and 31 U.S.C. § 3719)
These authorities address the collection of claims of the U.S. government,
which involve most nontax amounts (a.k.a., debts) that have been determined
by an appropriate federal official to be owed to the U.S. government from
nonfederal parties. These authorities generally apply in the absence of more
specific legal requirements that directly address claims for particular
circumstances. Interest generally accrues from the date that a notice stating the
amount due and the interest policies is first mailed to the debtor. Interest
generally accrues at a rate established by the Secretary of the Treasury.
Generally, administrative costs and penalties shall also be charged.
The authorities also require the entity to take all appropriate steps to collect the
debt before discharging it and to notify Treasury about delinquent debt for the
use of certain debt collection tools, such as administrative offset. The
authorities also generally require the entity not to make or guarantee loans to
persons who owe delinquent debt. Further, in appropriate circumstances, the
authorities permit the compromise, termination, or suspension of claims.
Does the cumulative amount of receivables created during the audit period that ________
is subject to the Federal Debt Collection Authorities exceed materiality?
Does the amount of receivables at the end of the audit period that is subject to ________
the Federal Debt Collection Authorities exceed materiality?
Did the auditor determine that the Federal Debt Collection Authorities have a ________
direct effect on the determination of material amounts and disclosures in the
entity’s financial statements?
(continue to next page)

Compliance
Federal Debt Collection Authorities, as provided in 31 U.S.C. chapter 37

(31 U.S.C. § 3711; 31 U.S.C. § 3717(a), (b), (c), (e), (f); and 31 U.S.C. § 3719)
(continued from prior page)
Preliminary Final
Cumulative amount of
receivables created during the
audit period that is subject to
the Federal Debt Collection
Authorities
or
Amount of receivables at the

end of the audit period that is
subject to the Federal Debt
Collection Authorities
Materiality
If yes, then complete the compliance supplement at FAM 805.
Note: These Federal Debt Collection Authorities generally do not apply to

amounts payable to the entity under the Internal Revenue Code, the Social
Security Act, or the tariff laws. Those laws contain specific provisions for these
amounts.

Compliance
Prompt Payment Act (PPA), as provided in 31 U.S.C. chapter 39 (31 U.S.C.

§ 3902(a), (b), (f) and 31 U.S.C. § 3904)
The Prompt Payment Act requires federal entities to make payments for
property or services by the due dates specified in the related contracts or, if a
payment date is not specified in a contract, generally 30 days after a proper
invoice for the amount due is received. If payments are not made within the
appropriate period, then the entity shall pay an interest penalty. Also, discounts
offered by vendors may be taken only during the specified period. If they are
taken after the time period has expired, then an interest penalty shall be paid.
Further, federal entities may only pay late payment interest penalties out of
amounts made available to carry out the programs for which the penalties are
incurred.
Do the entity’s payments for property or services subject to the Prompt

Payment Act for the audit period exceed materiality, or did the auditor
determine that the Prompt Payment Act has a direct effect on the determination
of material amounts and disclosures in the entity’s financial statements? ________
Preliminary Final
Amount of payments made for

property and services subject
to the Prompt Payment Act
Materiality

Compliance
Pay and Allowance System for Civilian Employees, as provided primarily

in 5 U.S.C. chapters 51-59 (5 U.S.C. § 5332, 5 U.S.C. § 5343, 5 U.S.C. §
5376, and 5 U.S.C. § 5383)
These laws require that employees in specific positions be paid at the
appropriate pay rates or schedules established by law. These include
employees in positions subject to the General Schedule; prevailing rate
employees; employees in certain senior-level positions, such as specially
qualified scientific and professional personnel; employees appointed to the
Senior Executive Service; and employees paid the minimum wage.
Does the entity’s payroll expense for the audit period exceed materiality, or did
the auditor determine that the Pay and Allowance System for Civilian
Employees (as provided primarily in chapters 51 through 59 of Title 5, U.S.
Code) has a direct effect on the determination of material amounts and ________
disclosures in the entity’s financial statements?
Preliminary Final
Payroll expense
Materiality

The entity’s expenses for performance awards, cash awards, overtime, travel,
transportation, subsistence, or allowances for the audit period usually do not
exceed materiality. If, however, the auditor determines that these items or
related provisions of the Pay and Allowance System for Civilian Employees are
otherwise significant, then the auditor should consult with the Office of the
General Counsel (OGC) for specific provisions to be compliance tested.

Compliance
Civil Service Retirement Act (CSRA), as provided in 5 U.S.C. chapter 83,

subchapter III
This law provides retirement benefits to employees who were hired prior to
January 1, 1984. For each employee, the entity withholds a percentage of basic
pay from the employee’s compensation and contributes an equal amount for
retirement. For most employees, the entity contribution shall be paid from the
appropriation account or fund used to pay the employee. The employee and
entity amounts are deposited into the Treasury to the credit of the Civil Service
Retirement and Disability Fund.
Does the entity’s expense for retirement costs under the Civil Service
Retirement Act for the audit period exceed materiality, or did the auditor
determine that the Civil Service Retirement Act has a direct effect on the
determination of material amounts and disclosures in the entity’s financial ________
statements?
Preliminary Final
Expense for retirement

contributions
Materiality

Compliance
Federal Employees Health Benefits Act (FEHBA), as provided in 5 U.S.C.

chapter 89
This law provides health insurance coverage to employees who elect health
insurance benefits. For each employee who elects coverage, the entity pays an
amount set by the Office of Personnel Management (OPM) for health insurance
costs. The entity portion cannot exceed 75 percent of the insurance cost. For
most employees, the entity contribution shall be paid from the appropriation
account or fund used to pay the employee. The employee pays the remainder
of the total cost. The entity withholds the amount of the employee’s portion of
the cost from the employee’s pay and remits this amount, along with its own
contribution, to Treasury for deposit into the Employees Health Benefits Fund.
Does the entity’s expense for health insurance costs for the audit period
exceed materiality, or did the auditor determine that the Federal Employees
Health Benefits Act has a direct effect on the determination of material amounts ________
and disclosures in the entity’s financial statements?
Preliminary Final
Expense for health insurance
Materiality

Compliance
Federal Employees’ Compensation Act (FECA), as provided in 5 U.S.C.

chapter 81, subchapter I
This law provides for the compensation of employees who are injured while
performing their duties. Claims are paid out of the federal Employees’
Compensation Fund (Fund). Federal entities are billed annually by the fund for
claims paid on their behalf.
Billed federal entities, which are funded by annual appropriations, must request
an appropriation to cover the billed amounts in their budget requests during the
next year. Within 30 days of their availability, amounts appropriated pursuant to
the request shall be deposited into the Treasury to the credit of the Fund. If,
however, the billed entity does not receive annual appropriations, then it shall
make the required deposit into the Treasury to the credit of the Fund from funds
under its control during the first 15 days of October after it receives the Fund
cost statement.
Does the entity’s expense for the audit period for benefits paid by the Fund on
the entity’s behalf exceed materiality, or did the auditor determine that FECA
________
has a direct effect on the determination of material amounts and disclosures in
the entity’s financial statements?
Preliminary Final
Expense for Compensation Fund

claims
Materiality
If yes, then complete compliance supplement at FAM 810.

Compliance
Federal Employees’ Retirement System Act (FERSA), as provided in

5 U.S.C. chapter 84
This law provides retirement benefits for employees who were hired after
December 31, 1983, or employees who were previously covered under the Civil
Service Retirement Act and elected to be covered under FERSA. For each
employee, the entity withholds a percentage of basic pay from the employee’s
compensation and contributes an amount equal to the employing entity’s
applicable normal-cost percentage multiplied by the employee’s aggregate
amount of basic pay payable by the entity. For most employees, the entity
contribution shall be paid from the appropriation account or fund used to pay
the employee. The employee and entity amounts are deposited into the
Treasury to the credit of the Civil Service Retirement and Disability Fund.
Does the entity’s expense for retirement costs under FERSA for the audit
period exceed materiality, or did the auditor determine that FERSA has a direct
________
effect on the determination of material amounts and disclosures in the entity’s
financial statements?
Preliminary Final
Expense for retirement contributions
Materiality
If yes, then complete compliance supplement at FAM 811.

Compliance
Initials/
Procedures for other laws and regulations date Doc. ref.
1. Obtain a general understanding of the entity’s legal and

regulatory framework and how the entity complies with it by
performing the following (AU-C 250.12 and .A8):
a. Update the auditor’s existing understanding or knowledge of
the entity’s mission and programs, and legal, regulatory, and
other external factors.
b. Update the auditor’s understanding or knowledge of the
provisions of laws, regulations, contracts, or grant
agreements that are used to directly determine amounts and
disclosures in the financial statements.
c. Consider the known history of the entity’s noncompliance
with provisions of laws, regulations, contracts, or grant
agreements, including consideration of previous findings
identified in audit planning (GAGAS (2018) 6.11, Results of
Previous Engagements).
d. Inquire of management about the following:
i. Other provisions of laws, regulations, contracts, or
grant agreements that might have a fundamental
effect on the entity's operations.
ii. Entity policies and procedures regarding compliance
agreements and the prevention of noncompliance.
iii. Entity policies or procedures for identifying,
evaluating, and accounting for litigation, contract, or
grant agreement claims.
iv. The use of directives issued by the entity and periodic
representations obtained from management at
appropriate levels of authority regarding compliance
agreements.
2. Identify any other significant provisions of laws or regulations for

compliance testing. Attach a list of the other laws or regulations
identified to this form, and reference it to control and compliance
work performed. The list may be prepared as a table or any other
effective means of presenting the information.
3. As described in FAM 245.07, review the list of laws and

regulations identified by the entity as significant and modify the
listing in step 2 above to include any additional laws and
regulations as needed.

Compliance
4. Provide the laws and regulations listing to OGC. Working in

collaboration with the auditors, OGC will review and revise the
auditor-prepared listing for accuracy and completeness in
identifying and describing significant provisions in applicable laws
and regulations that could have a direct effect on the
determination of material amounts and disclosures in the entity’s
financial statements. The auditor makes all determinations
regarding materiality. After consulting with OGC, finalize the laws
and regulations listing.
5. Determine whether to test compliance with any indirect laws or

regulations and perform the procedures, as discussed in
FAM 245.08 through .09.
a. Inquire of management and, when appropriate, those
charged with governance regarding policies and procedures
that prevent noncompliance and whether they are in
compliance with those policies and procedures.
b. Through other audit procedures that the cycle teams perform
that are not directly designed for compliance, determine
whether any issues regarding significant provisions of
applicable laws, regulations, contracts, or grant agreements
were identified.
c. Review reports issued by other oversight bodies of the
audited entity, such as GAO and the office of the inspector
general, for any reported instances of noncompliance and
determine if those instances could be material to the
6. For all laws or regulations identified for testing above, identify

significant provisions using the criteria in FAM 245.06. Test
compliance controls and compliance as described in FAM 300,
Internal Control Phase, and FAM 460, Perform Compliance
Tests.

Compliance
Instructions for Compliance Supplements

.08 Each compliance supplement in FAM 803 through 811 consists of (1) a
compliance summary, (2) compliance audit procedures, and (3) footnotes.
Compliance Summary
.09 For each law identified for compliance testing on the General Compliance
Checklist, the auditor should complete the related compliance summary or
prepare equivalent documentation. The compliance summary is designed to assist
the auditor in planning compliance control tests and summarizing the results of
compliance control tests and compliance tests for reporting the results of the work
performed.
.10 The first column of the compliance summary contains a descriptive title of the
provision, an identification of the type of provision, a description of the specific
provisions of the law that have been identified for compliance testing, and the
legal reference(s) to the provision of law.
.11 The second column of the compliance summary contains the objective related to
the specific provision to be used for both compliance control and compliance
testing.
.12 In the third column of the compliance summary, the auditor should identify the
control activities that the entity has in place to achieve each objective and
document the control activity. If the entity does not have a control activity that
achieves the objective, then the auditor should document this condition in the third
column.
.13 The fourth column of the compliance summary is used to indicate (Yes or No)
whether the control activity is related to information systems (IS), as described in
FAM 295 F. IS controls are those whose effectiveness depends on information
system processing. They can generally be classified into general, application, and
user controls. Due to the technical nature of many IS controls, the auditor
generally should obtain assistance from an IS controls auditor in assessing these
controls.
.14 The fifth column of the compliance summary indicates whether the auditor
believes that compliance controls are effective (Yes or No). The auditor should
design control tests to determine whether the control activities that have been
identified in the third column are in place and operating effectively. A control
activity is considered to be effective if it achieves the control objective. The auditor
should provide a reference in the fifth column to the supporting documents of the
control testing procedures, the control tests, the results of these tests, and the
auditor’s conclusions on the effectiveness of the compliance controls.
.15 The sixth column of the compliance summary indicates whether the auditor has
noted any instances of noncompliance (Yes or No). The auditor should perform
compliance tests using the related Compliance Audit Procedures discussed below
or prepare equivalent documentation. In this column, the auditor should also refer
to the supporting documents for the results of the compliance tests.

Compliance
Compliance Audit Procedures

.16 Compliance audit procedures are provided for each law. For each law identified
for compliance testing on the General Compliance Checklist, the auditor generally
should perform each step of the related compliance audit procedures in the first
column. Because the subject matter of some laws is closely related to matters the
auditor will test in other parts of the audit, the auditor may coordinate with that
other testing and design multipurpose tests. For example, payroll compliance
testing could be performed using multipurpose tests of payroll controls and/or
substantive payroll testing.
The auditor performing the procedure in the first column should initial and date in
the second column when the procedure is performed. The auditor should include
a reference to the documentation recording the work performed for each step in
the third and last column of the compliance audit procedures.
Footnotes
.17 Footnotes are provided for each compliance supplement to assist the auditor in
understanding criteria, definitions, exemptions, and restrictions of law. The
footnotes also provide guidance to the auditor in testing and evaluating controls to
achieve the compliance objective.

Compliance
803 – Antideficiency Act (ADA), as Provided Primarily in 31 U.S.C. Chapters 13, 15

Note: The auditor should complete this compliance summary or prepare equivalent documentation if the entity has appropriations or
other funds that are limited to an amount or a specified period of availability. If so, the provisions of the Antideficiency Act (ADA), as
provided primarily in 31 U.S.C. chapters 13, 15, are applicable as indicated on Form 802, General Compliance Checklist, at page 802-3.
Office of Management and Budget (OMB) guidance on budget execution, including the Antideficiency Act, is included in OMB Circular
No. A-11, Preparing, Submitting, and Executing the Budget, Part 4, Instructions on Budget Execution.
Name of entity: Prepared by:

Compliance Summary
Audit period: Reviewed by:
Control Effective Instances of

Provision Description Objective Activities IS (Y/N) controls? noncompliance?
803.01. LIMITATIONS ON EXCESS EXPENDITURES AND OBLIGATIONS Expenditures or [Document the [Does control [Indicate yes or [Indicate yes or no;
obligations do not control activities depend on no; include include reference to
Provision Type: Quantitative-based. exceed the that the entity information reference to supporting
The entity’s officers or employees shall not make or authorize amount available used to achieve system supporting documentation.]
expenditures or obligations that exceed the amount available for for expenditure or the objective.] 2 processing?] documentation.]
obligation in an See Compliance
expenditure or obligation in an appropriation or a fund, unless Audit Procedures,
authorized by law. 31 U.S.C. § 1341(a)(1)(A). appropriation or a
fund. FAM 803 step 3.
2The auditor should consider the results of the evaluation and testing of budget controls (FAM 370.11). These controls relate to the execution of budget authority and
usually are the same controls that are used to comply with the Antideficiency Act. Accordingly, additional determinations of controls that achieve the compliance
objective generally are not necessary if the auditor has assessed whether the entity achieves all of the budget control objectives listed in FAM 395 F, Budget Control
Objectives. The auditor should reference this compliance summary to the budget control evaluation and testing and perform any additional procedures determined to
be necessary to conclude on whether compliance controls are effective.

Compliance

Compliance Summary

803.02. LIMITATIONS ON ADVANCE CONTRACTING OR OTHER LEGAL Legal obligations See Compliance
OBLIGATIONS do not occur Audit Procedures,
before an FAM 803 step 4.
Provision Type: Quantitative-based. appropriation is
The entity’s officers or employees shall not involve the U.S. made or otherwise
government in a contract or an obligation for the payment of authorized by law.
money for any purpose before an appropriation for such purpose
is made, unless authorized by law. 31 U.S.C. § 1341(a)(1)(B).
803.03 LIMITATIONS ON EXCESS EXPENDITURES AND OBLIGATIONS Expenditures or See Compliance

RELATED TO APPORTIONMENTS AND ALLOTMENTS obligations do not Audit Procedures,
exceed the legally FAM 803 step 5.
Provision Type: Quantitative-based. binding limit on
Unless authorized by law, the entity’s officers or employees shall the entity's budget
not make or authorize expenditures or obligations that exceed authority. (The
amount of the
(1) the amount of an apportionment (or a reapportionment, if apportionment or
applicable) or a lesser amount, if
any, established
(2) a lesser amount, if any, established by entity regulations by the entity's
(e.g., an allotment level). 3 regulations.) See
footnote 2 below.
31 U.S.C. § 1517(a).
3Entities are required to establish regulations that provide for a system of administrative controls over their execution of budget authority. 31 U.S.C. § 1514(a). As
discussed in FAM 250.03, an entity may elect to lower the level at which budget limitations are legally binding in these regulations. For example, the entity may elect to
reduce the legally binding limit on the obligation and expenditure of budget funds from the apportionment level to the allotment level. The auditor should determine the
level at which the entity’s legally binding limit has been established.

Compliance
Note: The auditor generally should perform these procedures or prepare equivalent
documentation if the entity has appropriations or other funds that are limited to an amount or a
specified period of availability. If so, the provisions of the Antideficiency Act (ADA), as provided
primarily in 31 U.S.C. chapters 13, 15, are applicable, as indicated on Form 802, General
Compliance Checklist, at page 802-3. These procedures test compliance with the provisions
listed on the Compliance Summary. OMB guidance on budget execution, including the
Antideficiency Act, is included in OMB Circular No. A-11, Preparing, Submitting, and Executing
the Budget, Part 4, Instructions on Budget Execution.
Name of entity: __________________________________________________________

Audit period: ____________________________________________________________
Reviewed by: ____________________________________________________________
Initials/ Doc.
Audit procedures date ref.
1. List the appropriations or other budget authority and the related

budget accounts that were identified for compliance testing on Form
802, General Compliance Checklist. Per FAM 802.07 at page 802-
2, the auditor should identify all legally binding restrictions on
budget execution, from sources such as appropriation statutes.
(The auditor may coordinate the following tests for compliance with
the Antideficiency Act with tests of the Statement of Budgetary
Resources and with tests of expenses.)
2. As discussed in FAM 460.03, the auditor should determine whether

the summarized budget information (obligations and expenditures)
used for compliance tests is reasonably accurate and complete.
The auditor may obtain assurance through effective controls that
the auditor tests (usually the budget controls) or, if the controls are
not effective, through substantive testing of budget amounts for
validity, completeness, cutoff, recording, classification, and
summarization, as described in FAM 495 B, Example Procedures
for Tests of Budget Information.
For the accounts listed in step 1, document if the auditor will obtain
this assurance by testing controls (as indicated on Form 803,
Compliance Summary) or if substantive tests of the budget
information are necessary.
If the auditor determines that controls are not effective in meeting
some or all of the budget control objectives listed in FAM 395 F,
Budget Control Objectives, then the auditor should perform
substantive tests of the budget amounts (obligations and
expenditures), as discussed in FAM 495 B. The auditor should
perform substantive tests only for those potential misstatements for
which the entity does not have effective budget controls.
After the auditor is satisfied as to the reasonableness of the budget
amounts to be used for the compliance tests, perform the
compliance tests in steps 3 and 4.

Compliance
Name of entity: __________________________________________________________

Audit period: ____________________________________________________________
Reviewed by: ____________________________________________________________
Initials/ Doc.
3. Compare the actual amounts of recorded obligations and

expenditures with the related appropriation or other budget authority
listed in step 1. If the entity does not appear to have complied with
the provision, then perform step 6. See FAM 803.01, Limitations on
Excess Expenditures and Obligations.
4. Compare timing of legal obligations (contractual or otherwise) with

available appropriation or other budget authority listed in step 1. If
the entity does not appear to have complied with the provision, then
perform step 6. See FAM 803.02, Limitations on Advance
Contracting or Other Legal Obligations.
5. Determine the entity’s legally binding level of budget authority (below

the appropriation level) that was identified during the planning
phase. This level is usually the apportionment level unless the entity
has elected a lower level, such as allotments. Compare the amount
of actual obligations and expenditures to the legally binding level of
restrictions on budget authority identified for compliance testing (the
apportionment or allotment level). If the entity does not appear to
have complied with the provision, then perform step 6. See FAM
803.03, Limitations on Excess Expenditures and Obligations
Related to Apportionments and Allotments.
6. If the entity does not appear to be in compliance based on the

results of tests performed, then discuss these matters with OGC
and, when appropriate, the Special Investigator Unit to conclude if
noncompliance actually has occurred and the implications of such
noncompliance. For any noncompliance noted
• identify the weakness in controls that allowed the
noncompliance to occur, if not previously identified during
control testing;
• determine the impact on the report on internal control as
appropriate (see FAM 580.56–.85);
• consider the implications of any instances of noncompliance on
the financial statements; and
• report instances of noncompliance, as appropriate (see FAM
580.91–.99).

Compliance
Name of entity: __________________________________________________________

Audit period: ____________________________________________________________
Reviewed by: ____________________________________________________________
Initials/ Doc.
7. Contact the entity office responsible for submitting Antideficiency
Act (ADA) violations to the President, the Congress, and GAO, and
do the following:
• obtain a listing of violations for the year under audit;
• inquire if all known violations have been included on the list and
reported; and
• for each ADA violation, determine whether it was reported to the
President, the Congress, and GAO.
8. Check GAO’s ADA reporting web page:
https://www.gao.gov/legal/appropriations-law/resources (accessed
on May 1, 2023) to identify and obtain background about ADA
violations reported by the entity and compare audit evidence with
what the entity reported in ADA violation reports. There may be time
lags as to when violations are reported, particularly at year-end.
9. Document conclusions on compliance with each provision on Form
803, Compliance Summary.
Note: The ADA requires that an entity report all violations to the
President and the Congress and contemporaneously transmit a copy
to GAO. Under implementing guidance in section 145 of OMB
Circular No. A-11, Preparation, Submission and Execution of the
Budget, entity heads must report all ADA violations by transmitting a
letter to the President through the Director of OMB (with identical
copies sent to the Congress and GAO), and the letter must set forth
all the required information. Auditor’s judgment is required in
determining the impact of these violations and whether these
violations constitute reportable noncompliance, as discussed in FAM
580.92. For example, if the auditor determines, based on
quantitative and qualitative considerations, that an ADA violation
does not have a material effect on the financial statements or other
financial data significant to the audit objectives, the auditor may
conclude that the violation is not reportable noncompliance in the
auditor’s report on compliance. The auditor should consult with the
entity’s legal counsel regarding conclusions on the entity’s
compliance with significant provisions of applicable laws,
regulations, contracts, and grant agreements. Also, FAM 580.93
discusses additional auditor considerations if the auditor identifies or
suspects instances of noncompliance with applicable provisions of
laws, regulations, contracts, or grant agreements that do not have a
material effect on the financial statements or other financial data
significant to the audit objectives.

Compliance
804 – Federal Credit Reform Act of 1990, as Provided in 2 U.S.C. §§ 661–661f

Note: The auditor should complete this compliance summary or prepare equivalent documentation only if provisions of the Federal Credit
Reform Act of 1990 (FCRA), as provided in 2 U.S.C. §§ 661–661f, are significant, as indicated on Form 802, General Compliance
Checklist, at page 802-4. OMB guidance on FCRA is included in OMB Circular No. A-11, Preparing, Submitting, and Executing the
Budget, part 5, Federal Credit.

Compliance Summary

804.01. ADVANCE BUDGET AUTHORITY REQUIRED FOR Direct loan obligations [Document the [Does control [Indicate yes or [Indicate yes or no;
NEW DIRECT LOAN OBLIGATIONS made on or after October control activities depend on no; include include reference to
1, 1991, do not exceed that the entity information reference to supporting
Provision Type: Quantitative-based. the available used to achieve system supporting documentation.]
New direct loan obligations may be incurred on or after appropriation or other the objective.] 9 processing?] documentation.]
budget authority. (See See Compliance
October 1, 1991, only to the extent that an Audit Procedures,
appropriation or other budget authority is available to footnotes 3 through 7
below.) FAM 804 steps 3 and
cover these costs. 4,5,6,7,8 2 U.S.C. § 661c(b). 4.
4A direct loan is a disbursement of funds by the U.S. government to a nonfederal borrower under a contract that requires the repayment of such funds with or without
interest. The term also includes the purchase of, or participation in, a loan made by another lender. The term does not include the acquisition of a federally guaranteed
loan in satisfaction of default claims or the price support loans of the Commodity Credit Corporation. 2 U.S.C. § 661a(1).
5A direct loan obligation is a binding agreement by a federal entity to make a direct loan when specified conditions are fulfilled by the borrower. 2 U.S.C. § 661a(2).
6Appropriations or other budget authority to cover the cost of budget obligations for direct loan obligations must be enacted in advance of new direct loan obligations
made on or after October 1, 1991. 2 U.S.C. § 661c(b). For revolving or other funds that otherwise would be available for these budget obligations, the Congress must
enact a limit on the use of such funds for these purposes to make them available for use.

Compliance

Compliance Summary

804.02. MODIFICATIONS OF OUTSTANDING DIRECT LOANS. Modifications made to Consider pre- See Compliance
outstanding direct loan testing Audit Procedures,
Provision Type: Quantitative-based. obligations or discussions with FAM 804 step 3.
A direct loan obligation or a direct loan, either of which outstanding direct loans OGC. 13
is currently outstanding, shall not be modified in a do not exceed the
manner that increases its cost unless budget authority available budget
for the additional cost is available. 10,11,12 2 U.S.C. § authority. (See footnotes
661c(e). 9 through 11 below.)
7Costs are defined as the estimated long-term cost to the U.S. government of a direct loan or a related loan modification, calculated on a net present value basis,
excluding administrative costs and any incidental effects on governmental receipts or outlays. These calculations are described in further detail under the valuation
control objective for obligations in FAM 395 F, Budget Control Objectives. 2 U.S.C. § 661a(5)(A).
8There is an exemption from the requirement regarding advance budget authority for entitlements (i.e., mandatory programs) and credit programs of the Commodity
Credit Corporation existing on the date of enactment of FCRA (Nov. 5, 1990). 2 U.S.C. § 661c(c).
9The auditor should determine the results of the evaluation and testing of budget controls and testing of the Statement of Budgetary Resources. These controls relate
to the execution of budget authority and usually are the same controls that are used to comply with the Antideficiency Act and FCRA. Accordingly, additional
consideration of controls that achieve the compliance objective generally is not necessary if the auditor has assessed whether the entity achieves all of the budget
control objectives listed in FAM 395 F, Budget Control Objective, including the supplemental control objectives for FCRA. The auditor should refer to the budget control
evaluation and testing and perform any additional procedures considered necessary to conclude on whether compliance controls are effective.
10Appropriations or other budget authority to cover the cost of budget obligations for direct loan obligations must be enacted in advance of new direct loan obligations
made on or after October 1, 1991. 2 U.S.C. § 661c(b). For revolving or other funds that otherwise would be available for these budget obligations, the Congress must
enact a limit on the use of such funds for these purposes to make them available for use.
11Modifications are government actions that alter the estimated cost of an outstanding direct loan (or direct loan obligation) from the current estimate of cash flows. 2
U.S.C. § 661a(9). This includes the sale of loan assets (with or without recourse), as well as any action resulting from new statutes, or from the exercise of
administrative discretion under existing law, that directly or indirectly alters the estimating cost of outstanding direct loans (or direct loan obligations). 2 U.S.C. §
661a(9). Thus, the sale of a direct loan, per SFFAS 2, paragraph 53, or a policy change affecting the repayment period or interest rate for a group of existing loans

Compliance

Compliance Summary

804.03. ADVANCE BUDGET AUTHORITY REQUIRED FOR Obligations for new loan Consider pre- See Compliance
NEW LOAN GUARANTEE COMMITMENTS. guarantee commitments testing Audit Procedures,
made on or after discussions with FAM 804 steps 3 and
Provision Type: Quantitative-based. October 1, 1991, do not OGC. 19 4.
Loan guarantee commitments may be made on or after exceed the available
October 1, 1991, only to the extent that an appropriation or other
appropriation or other budget authority is available to budget authority. (See
cover these costs. 14, 15,16,17,18 2 U.S.C. § 661c(b). footnotes 13 through 17
below.)
would constitute modifications, whereas changes within the terms of existing contracts or through other existing authorities would not be considered modifications.
Also, “work outs” of individual loans, such as a change in the amount or timing of payments to be made, would not be considered modifications. The effects of these
changes should be included in the annual reestimates of the estimated net present value of the obligations. Permanent indefinite authority is provided by FCRA for
these reestimates. 2 U.S.C. § 661c(f).
12Prior to performing control or compliance tests, the auditor should discuss with OGC the applicability of this budget restriction related to modification of direct loans or
direct loan obligations that were outstanding prior to October 1, 1991.
14A loan guarantee is any guarantee, insurance, or other pledge with respect to the payment of all or a part of the principal or interest on any debt obligation of a
nonfederal borrower to a nonfederal lender, but does not include the insurance of deposits, shares, or other withdrawable accounts in financial institutions. 2 U.S.C. §
661a(3).
15A loan guarantee commitment is a binding agreement by a federal entity to make a loan guarantee when specified conditions are fulfilled by the borrower, the lender,
or any other party to the guarantee agreement. 2 U.S.C. § 661a(4).

Compliance
16Appropriations
or other budget authority to cover the cost of budget obligations for loan guarantee commitments must be enacted in advance of new loan guarantee
commitments made after on or after October 1, 1991. 2 U.S.C. § 661c(b). For revolving or other funds that otherwise would be available for these budget obligations,
the Congress must enact a limit on the use of such funds for these purposes to make them available for use.
17Costs are defined as the estimated long-term cost to the U.S. government of a loan guarantee or a related loan modification, calculated on a net present value basis,
excluding administrative costs and any incidental effects on governmental receipts or outlays. These calculations are described in further detail under the valuation
control objective for obligations in FAM 395 F, Budget Control Objectives. 2 U.S.C. § 661a(5)(A).
18There is an exemption from the requirement regarding advance budget authority for entitlements (i.e., mandatory programs, such as the Department of Education
direct and guaranteed student loan programs and the Department of Veterans Affairs home loan guaranty program) and credit programs of the Commodity Credit
Corporation existing on the date of enactment of FCRA (Nov. 5, 1990). 2 U.S.C. § 661c(c).

Compliance

Compliance Summary

804.04. MODIFICATIONS OF OUTSTANDING LOAN Modifications made to Consider pre- See Compliance
GUARANTEES. outstanding loan testing Audit Procedures,
guarantee commitments discussions with FAM 804 step 3.
Provision Type: Quantitative-based. or outstanding loan OGC. 23
A loan guarantee commitment or a loan guarantee, guarantees do not
either of which is currently outstanding, shall not be exceed the available
modified in a manner that increases its cost unless budget authority. (See
budget authority for the additional cost is footnotes 19 through 21
available. 20,21,22 2 U.S.C. § 661c(e). below.)
20Appropriations or other budget authority to cover the cost of budget obligations for loan guarantee commitments must be enacted in advance of new loan guarantee
commitments made after on or after October 1, 1991. 2 U.S.C. § 661c(b). For revolving or other funds that otherwise would be available for these budget obligations,
the Congress must enact a limit on the use of such funds for these purposes to make them available for use.
21Modifications are government actions that alter the estimated cost of an outstanding loan guarantee (or loan guarantee commitment) from the current estimate of
cash flows. 2 U.S.C. § 661a(9). This includes the purchase of guaranteed loans, as well as any action resulting from new statutes, or from the exercise of
administrative discretion under existing law, that directly or indirectly alters the estimating cost of outstanding loan guarantees (or loan commitments) 2 U.S.C. §
661a(9). Thus, a policy change affecting the repayment period or interest rate for a group of existing loans would constitute a modification, whereas changes within the
terms of existing contracts or through other existing authorities would not be considered to be modifications. Also, “work outs” of individual loans, such as a change in
the amount or timing of payments to be made, would not be considered modifications. The effects of these changes should be included in the annual reestimates of the
estimated net present value of the obligations. Permanent indefinite authority is provided by FCRA for these reestimates. 2 U.S.C. § 661c(f).
22Prior
to performing control or compliance tests, the auditor should discuss with OGC the applicability of this budget restriction related to modification of loan
guarantees or loan guarantee commitments that were outstanding prior to October 1, 1991.

Compliance
805 – Federal Debt Collection Authorities, as Provided in 31 U.S.C. Chapter 37
Note: The auditor generally should perform these procedures or prepare equivalent documentation only if
provisions of the Federal Credit Reform Act of 1990 (FCRA), as provided in 2 U.S.C. §§ 661–661f, are
significant, as indicated on Form 802, General Compliance Checklist, at page 802-4. These procedures
test compliance with the provisions listed on the Compliance Summary. OMB guidance on FCRA
programs is included in OMB Circular No. A-11, Preparing, Submitting, and Executing the Budget, part 5,
Federal Credit.
Name of entity: ________________________________________________________

Audit period: __________________________________________________________
Reviewed by: __________________________________________________________
Initials/
Audit procedures date Doc. ref.
1. List the appropriations or other budget authority and the

related budget accounts that were identified for compliance
testing on Form 802, General Compliance Checklist, at page
802-4.
2. As discussed in FAM 460.03, the auditor should determine

whether summarized budget information (obligations and
expenditures) used for compliance tests is reasonably
accurate and complete. The auditor may obtain assurance
through effective controls that the auditor tests (usually the
budget controls) or, if the controls are not effective, through
substantive testing of budget amounts for validity,
completeness, cutoff, recording, classification, and
summarization, as described in FAM 495 B, Example
Procedures for Tests of Budget Information.
For the accounts listed in step 1, document if the auditor will
obtain assurance by testing controls (as indicated on Form
804, Compliance Summary) or whether substantive tests of
the budget information are necessary.
If the auditor determines that controls are not effective in
meeting some or all of the budget control objectives listed in
FAM 395 F.01 and the supplemental objectives for FCRA
listed in FAM 395 F.02, then the auditor should perform
substantive tests of the budget amounts (obligations and
expenditures), as discussed in FAM 495 B. The auditor should
perform substantive tests only for those potential
misstatements for which the entity does not have effective
budget controls.
After the auditor is satisfied as to the reasonableness of the
budget amounts to be used for the compliance tests, the
auditor should perform the compliance tests in steps 3 and 4.

Compliance
Name of entity: ________________________________________________________

Audit period: __________________________________________________________
Reviewed by: __________________________________________________________
Initials/
3. For each appropriation or other budget authority listed in step

1, perform the following procedures that are applicable for
direct and guaranteed loan programs that have a positive
subsidy (i.e., cash outflows exceed cash inflows); for direct
and guaranteed loan programs that have a negative subsidy
(i.e., cash inflows exceed cash outflows), perform step 4.
(a) Compare the amount of obligations for direct loans to the
amount of the available appropriation or other budget
authority. (Note: This budget restriction is applicable only
to obligations for direct loans made on or after October 1,
1991.)
(b) Compare the amount of obligations for modifications of

direct loan obligations or outstanding direct loans to the
amount of available budget authority. (Note: The sale of a
direct loan is considered a modification. See FAM
804.02, Modifications of Outstanding Direct Loans.)
(Discuss applicability of this budget restriction to direct
loans and direct loan obligations that were outstanding
prior to October 1, 1991, with OGC prior to performing
compliance test.)
(c) Compare the amount of obligations for loan guarantee

commitments to the amount of the available appropriation
or other budget authority. (Note: This budget restriction is
only applicable to obligations for loan guarantee
commitments made on or after October 1, 1991.)
(d) Compare the amount of obligations for modifications of

loan guarantee commitments or outstanding loan
guarantees to the amount of available budget authority.
(Note: Discuss applicability of this budget restriction to
loan guarantees and loan guarantee commitments that
were outstanding prior to
October 1, 1991, with OGC before performing
compliance test.) 2 U.S.C. § 661c(b), (e).
If the amounts of obligations in any of these comparisons
exceed the available budget authority, then the entity may not
be in compliance. Perform step 5.

Compliance
Name of entity: ________________________________________________________

Audit period: __________________________________________________________
Reviewed by: __________________________________________________________
Initials/
4. Compare the total number and dollar volume of loans made to

the loan limit in the applicable appropriations statute or other
law for direct and guaranteed loan programs that have a
negative subsidy (i.e., cash inflows exceed cash outflows).
Such programs do not receive an appropriation. However,
such programs often have a loan limit that cannot be
exceeded, that is, a maximum number of loans that can be
made or guaranteed. Perform step 5.

results of tests performed, then the auditor should discuss
these matters with OGC and, when appropriate, the Special
Investigator Unit to conclude on whether noncompliance has
actually occurred and the implications of such noncompliance.
For any noncompliance noted, the auditor should
• identify the weakness in controls that allowed the
noncompliance to occur, if not previously identified during
control testing;
• consider the implications of any instances of
noncompliance on the financial statements; and
• report instances of noncompliance, as appropriate (see
FAM 580.91–.99).
6. Document conclusions on compliance with each provision on

Form 804, Compliance Summary.

Compliance

Note: The auditor should complete this compliance summary or prepare equivalent documentation only if the Federal Debt Collection
Authorities, as provided in 31 U.S.C. chapter 37, are significant, as indicated on Form 802, General Compliance Checklist, at page 802-
5. Implementing regulations on the Federal Debt Collection Authorities, as provided in 31 U.S.C. chapter 37, are included in 31 C.F.R.
Parts 285 and 900-904.

Compliance Summary
Effective Instances of
Provision Description Objective Control Activities IS (Y/N) controls? noncompliance?
805.01. INTEREST ON OUTSTANDING DEBT OWED Interest is properly [Document the control [Does control [Indicate yes or [Indicate yes or no;
TO THE ENTITY. calculated and activities that the entity depend on no; include include reference to
charged on past used to achieve the information reference to supporting
Provision Type: Transaction-based. due amounts owed objective.] system supporting documentation.]
Generally, interest shall be charged on an to the entity at the processing?] documentation.]
correct rates. See Compliance Audit
outstanding nontax debt (or claim) 24 owed to Procedures, FAM 805
the entity. 25,26,27,28 31 § U.S.C. 3717(a). (See footnotes 23
through 27 below.) steps 3 (a), (b), and (c).
Normally, interest accrues from the date that
the notice of the amount due and interest
policies is first mailed to the debtor. 31 U.S.C.
§ 3717(b). Generally, interest is charged at the
rate established by the Secretary of the
Treasury that is in effect on that date; further,
that rate generally remains fixed for the
duration of the indebtedness. 31 U.S.C. §
3717(c).
24Under the Federal Debt Collection Authorities, a debt is defined as a nontax claim of the U.S. government for money or property from a nonfederal party that has
been determined by an appropriate entity official to be due to the U.S. government. 31 U.S.C. § 3701(b). This definition excludes amounts owed to an entity from
another federal entity; however, it includes amounts owed for loans insured or guaranteed by the federal government, overpayments, and fines or penalties assessed

Compliance
by the entity. 31 U.S.C. § 3701(b), (c). In this law, the term debt is used interchangeably with the term claim, and debts covered by this law do not apply to amounts
payable under the Internal Revenue Code, the Social Security Act, or tariff laws. 31 U.S.C. § 3701(b), (d).
25The entity shall waive the collection of interest on a claim (or any portion of the claim) that is paid within 30 days after the date on which interest began to accrue. 31
U.S.C. § 3717(d). Further, the entity head may extend this 30-day period. 31 U.S.C. § 3717(d). Interest that is either accrued or collected on claims that are paid within
the 30-day period would usually not be material or otherwise significant for purposes of compliance testing. If the auditor considers this provision to be significant for
compliance testing, then this form should be tailored to include the appropriate testing procedures.
26The requirements under 31 U.S.C. § 3717 regarding charging interest on a debt do not apply to the extent that a statute, a regulation required by statute, a loan
agreement, or a contract prohibits charging interest or explicitly fixes the interest. 31 U.S.C. § 3717(g)(1). Additionally, these requirements do not apply to a claim under
a contract executed before October 25, 1982, that is in effect on October 25, 1982. 31 U.S.C. § 3717(g)(2).
27The entity has the authority to waive the collection of interest, penalties, and administrative charges. 31 U.S.C. § 3717(h). To do so, the entity shall prescribe
regulations identifying the circumstances that are appropriate for waiving interest collection, and such regulations shall be in conformity with standards prescribed
jointly by the U.S. Comptroller General, the U.S. Attorney General, and the Secretary of the Treasury. 31 U.S.C. § 3717(h).
28The entity may increase an administrative claim (a debt not based on an extension of government credit through direct loans, guarantees, or insurance, including
fines, penalties, and overpayments) annually by the cost of living adjustment in lieu of charging interest and penalties. 31 U.S.C. § 3717(i).

Compliance

Compliance Summary
805.02. ADDITIONAL DEBT-RELATED CHARGES: Administrative See Compliance Audit

ADMINISTRATIVE COSTS AND PENALTIES. charges and late Procedures, FAM 805
payment penalties step 3 (d).
Provision Type: Transaction-based. are properly
The entity shall assess, on a claim owed to it calculated and
(i.e., a debt), a charge to cover the cost of charged on past
processing and handling a delinquent claim due amounts. (See
(administrative costs), which shall be based on footnotes 28
the actual costs incurred or upon estimated through 30 below.)
costs, as determined by the assessing entity.
31 U.S.C. § 3717(e)(1). The entity shall also
assess on a claim owed to it a penalty charge
(of not more than 6 percent a year) for failure
to pay a part of a claim more than 90 days
past due. 31 U.S.C. § 3717(e)(2). These
additional charges do not accrue
interest. 29,30,31 31 U.S.C. § 3717(f).
29The entity may not assess interest, administrative costs, or penalty charges under 31 U.S.C. § 3717 if a statute, a regulation required by statute, a loan agreement, or
a contract prohibits assessing charges or explicitly fixes the charges. 31 U.S.C. § 3717(g).
30The entity has the authority to waive the collection of interest, penalties, and administrative charges. 31 U.S.C. § 3717(h). To do so, the entity shall prescribe
regulations identifying the circumstances that are appropriate for waiving interest collection, and such regulations shall be in conformity with standards prescribed
jointly by the U.S. Comptroller General, the U.S. Attorney General, and the Secretary of the Treasury. 31 U.S.C. § 3717(h).
31The entity may increase an administrative claim (a debt not based on an extension of government credit through direct loans, guarantees, or insurance, including
fines, penalties, and overpayments) annually by the cost of living adjustment in lieu of charging interest and penalties. 31 U.S.C. § 3717(i).

Compliance

Compliance Summary
805.03. LESS THAN PAYMENT IN FULL: Claims of more See Compliance Audit
COMPROMISE, TERMINATION, OR than $100,000 Procedures, FAM 805
SUSPENSION OF CLAIMS. (excluding interest, step 5 (a).
penalties, and
Provision Type: Procedural-based. administrative
In general, the entity may compromise, costs) are referred
terminate, or suspend claims, 32 which have to the Department
not been referred to another entity for further of Justice for
collection action, when such claims are not compromise,
more than $100,000 (excluding interest, termination, or
penalties, and administrative costs) or such suspension. (See
higher amounts as the U.S. Attorney General footnotes 31 and
may prescribe. 31 U.S.C. § 3711(a)(2), (3). 32 below.)
Unless otherwise provided by law, claims of
more than $100,000 (excluding interest,
penalties, and administrative costs) shall be
referred to the Department of Justice for
compromise, termination, or suspension. 33 31
C.F.R. § 902.1(b) and § 903.1(b).
32Compromise is the term used when an amount less than the total amount of the claim is accepted by the entity as payment in full. 31 C.F.R. §902.2. Suspension
refers to the temporary deferral of collection activities until collection activity is expected to be more successful. 31 C.F.R. § 903.2. Termination refers to stopping of
collection activities. 31 C.F.R. § 903.3.
33Only the Department of Justice has the authority to compromise, terminate, or suspend collection on claims that are greater than $100,000 (excluding interest,
penalties, and administrative charges). Pursuant to 31 C.F.R. § 902.1 and § 903.1, entities generally should use a Claims Collection Litigation Report (CCLR) to refer
such matters to the Department of Justice.

Compliance

Compliance Summary
805.04. ADMINISTRATIVE OFFSET: TREASURY When nontax debt See Compliance Audit
NOTIFICATION AND REFERRAL OF becomes Procedures, FAM 805
CLAIMS. delinquent over step 5 (b).
120 days, it is
Provision Type: Procedural-based. referred to
In general, if the entity is owed a valid and Treasury for
legally enforceable, nontax debt delinquent administrative
over 120 days, and there are no bars to offset and
collection, then the entity shall notify Treasury collection. (See
about the debt for administrative offset; and footnotes 33
refer the debt to Treasury or a Treasury- through 38 below.)
designated debt collection center for collection
action. 34,35,36,37,38,39 31 U.S.C. § 3711(g)(1),
31 U.S.C. § 3716(c)(6)(A), and 31 C.F.R. §
285.12(g).
34Before discharging debt owed to the entity, the entity head shall take all appropriate steps to collect such debt, including administrative offset. 31 U.S.C. §
3711(g)(9)(A).
35Under implementing Treasury regulations, the 120-day referral requirement applies to all entities relying on Treasury’s Bureau of the Fiscal Service to submit debts
for administrative offset on the entity’s behalf. 31 C.F.R. § 285.12(g). Further, by referring the delinquent debt to Treasury or a Treasury-designated debt collection
center, the entity’s referral action will satisfy the 120-day notification requirement. 31 C.F.R. § 2815.12(g).
36There is no statute of limitation on using administrative offset for debt collection. 31 U.S.C. § 3716(e)(1). Under applicable regulations, however, generally the U.S.
government will not use administrative offset for claims collection purposes more than 10 years after the U.S. government’s right to collect the claim first accrued. 31
C.F.R. § 901.3(a)(4).
37An exception to the Treasury notification and referral requirement of nontax debt delinquent over 120 days for administrative offset is when a statute explicitly
prohibits using administrative offset or setoff to collect the type of claim involved. 31 U.S.C. § 3716(e)(2). Also, this section does not prohibit the use of any other
existing administrative offset authority. 31 U.S.C. § 3716(d).

Compliance

Compliance Summary
805.05. DENYING FEDERAL FINANCIAL Loans and loan See Compliance Audit
ASSISTANCE TO DELINQUENT DEBTORS. insurance or Procedures, FAM 805
guarantees are not step 4 (b).
Provision Type: Transaction-based. granted to persons
Unless waived by the entity, a person may not with delinquent
obtain any loan (other than one of the listed nontax debt.
exceptions, such as a disaster loan) or loan
insurance or guarantee administered by the
entity if the person has outstanding nontax
delinquent federal debt. 31 U.S.C. § 3720B(a).
Delinquency is determined under standards
prescribed in implementing Treasury
regulations. 31 U.S.C. § 3720B(a).
38Before collecting a claim by administrative offset, an entity must adopt regulations on collecting claims by administrative offset, which are be in conformity with the
regulations issued jointly by the U.S. Comptroller General, the U.S. Attorney General, and the Secretary of the Treasury. 31 U.S.C. § 3716(b). Such regulations must
provide that prior to initiating collection by administrative offset, the entity (1) shall provide written notice to the debtor of (A) the type and amount of the debt, (B) the
entity’s intention to use administrative offset to collect the debt, and (C) an explanation of the debtor’s rights under 31 U.S.C. § 3716; and (2) shall provide the debtor
with the opportunity (A) to inspect and copy entity records related to the debt, (B) for a review within the entity of the determination of indebtedness, and (C) to make a
written agreement to repay the debt. 31 C.F.R. § 901.3(b)(4).
39Exceptions to the requirement to transfer nontax debt delinquent for a period of 120 days to Treasury for collection are (1) a debt or claim that (A) is in litigation or
foreclosure, (B) will be disposed of under an asset sales program within 1 year after becoming eligible for sale, or later than 1 year if consistent with an asset sales
program and a schedule established by the entity and approved by OMB, (C) has been referred to a private collection contractor for collection for a period determined
by Treasury, (D) has been referred by, or with the consent of, Treasury to a debt collection center for a period determined by Treasury, or (E) will be collected under
internal offset, if such offset is sufficient to collect the claim within 3 years after the date the debt or claim is first delinquent; and (2) to any other specific class of debt or
claim, as determined by Treasury at the request of an entity. 31 U.S.C. § 3711(g)(2) and 31 U.S.C. § 3716(c)(6)(A).

Compliance
documentation only if the Federal Debt Collection Authorities, as provided in 31 U.S.C. chapter
37, are significant, as indicated on Form 802, General Compliance Checklist, at page 802-5.
These procedures test compliance with the provisions listed on the Compliance Summary.
Implementing regulations on the Federal Debt Collection Authorities, as provided in 31 U.S.C.
chapter 37, are included in 31 C.F.R. Parts 285 and 900-904.
Name of entity: __________________________________________________________

Audit period: ____________________________________________________________
Reviewed by: ____________________________________________________________
Initials/
1. Based on the preliminary assessment of compliance control

effectiveness (as documented on Form 805, Compliance
Summary), select a statistical sample of amounts owed to the
entity during or at the end of the audit period. The sample size
will vary based on the expected effectiveness of compliance
controls, as discussed in FAM 460.02. Document the sampling
approach (see example documentation in FAM 495 D). 40
Sample size ______________________________________
Sample selection method ___________________________
2. For each item selected in step 1, obtain the loan file or other
supporting documentation and note the following information as
of the date selected for testing:
• due date of debt;
• amount owed;
• date the notice of the amount due and the interest policies
is first mailed to the debtor;
• amount of interest accrued and other administrative
charges and penalties charged, if any; and
• number of days the debt is past due, if any.
Perform step 3 if the debt is past due.
Perform step 4 if the debt is not past due.
40If the auditor uses multipurpose testing for the compliance test and/or compliance control test and/or a substantive
test of accounts or loans receivable details, the sample items for the compliance test and/or compliance control test
should be selected using the sampling method used for the substantive test as described in FAM 430, Design Tests.
Otherwise, the auditor should select items using attribute sampling, as discussed in FAM 460.02.
As with all sampling applications, the auditor should determine the completeness of the test population. For
efficiency, the auditor should use records that were tested for validity, accuracy, and completeness (as well as the
other financial statement assertions) in conjunction with substantive tests of the population.

Compliance
Name of entity: __________________________________________________________

Audit period: ____________________________________________________________
Reviewed by: ____________________________________________________________
Initials/
3. If the amount selected is past due:

(a) Calculate the number of days that interest should be
accrued on the debt as of the date selected for testing.
Interest generally accrues from the date that the notice of
the amount due is first mailed to the debtor. Compare the
auditor’s calculation with the entity’s calculation and
obtain explanation and examine support for any
differences. See FAM 805.01, Interest on Outstanding
Debt Owed to the Entity.
(b) Determine the interest rate that should be used to accrue

interest on the debt. Unless otherwise established in a
contract, in a repayment agreement, or by statute, the
rate is the one published in the Federal Register and
should be the rate that was in effect on the date that the
notice of the amount due was first mailed to the debtor.
Compare the auditor’s determination of the rate to the
rate used by the entity, and obtain explanation and
examine support for any differences. See FAM 805.01,
Interest on Outstanding Debt Owed to the Entity.
(c) Calculate the amount of interest that should be owed as of

the date selected for testing using the number of days
tested in (a) and the interest rate tested in (b). Compare
the auditor’s calculation to the amount calculated by the
entity, and obtain an explanation and examine support for
any differences. See FAM 805.01, Interest on
Outstanding Debt Owed to the Entity.
(d) Obtain the entity’s schedule of administrative charges and

late payment penalties and determine if the appropriate
amounts were charged to the debtor. See FAM 805.02,
Additional Debt-Related Charges: Administrative Costs
and Penalties.

Compliance
Name of entity: __________________________________________________________

Audit period: ____________________________________________________________
Reviewed by: ____________________________________________________________
Initials/
4. If the debt is not past due, then determine through examination

of the entity’s records whether
(a) interest, administrative charges, or penalties are not being
charged and
(b) the debtor had no outstanding nontax delinquent federal
debt at the time the loan was obtained. See FAM 805.05,
Denying Federal Financial Assistance to Delinquent
Debtors.
5. The objectives listed below relate to procedural-based

provisions. As discussed in FAM 460.05, the auditor usually
performs sufficient procedures in conjunction with tests of
compliance controls for these procedural-based provisions to
conclude on the entity’s compliance without performing
additional procedures. The auditor should not perform
additional procedures to obtain evidence regarding compliance
with the provisions related to the following objectives unless
sufficient evidence regarding compliance was not obtained
during compliance control tests documented on Form 805,
Compliance Summary.
(a) Nontax claims of more than $100,000 (excluding interest,
penalties, and administrative costs) are referred to the
Department of Justice for compromise, termination, or
suspension. See FAM 805.03, Less Than Payment in Full:
Compromise, Termination, or Suspension of Claims.
(b) Unless an exception applies, nontax claims delinquent for
a period of 120 days have been referred to Treasury for
collection. See FAM 805.04, Administrative Offset:
Treasury Notification and Referral of Claims.

Investigator Unit to conclude on whether noncompliance
actually has occurred and the implications of such
noncompliance.
For any noncompliance noted, the auditor should
• identify the weakness in compliance controls that allowed
the noncompliance to occur, if they were not previously

Compliance
Name of entity: __________________________________________________________

Audit period: ____________________________________________________________
Reviewed by: ____________________________________________________________
Initials/
identified during compliance control testing;
FAM 580.91–.99).


Compliance
806 – Prompt Payment Act (PPA), as Provided in 31 U.S.C. Chapter 39

Note: The auditor should complete this compliance summary or prepare equivalent documentation only if provisions of the Prompt
Payment Act (PPA), as provided in 31 U.S.C. chapter 39, are significant, as indicated on Form 802, General Compliance Checklist, at
page 802-7. Implementing regulations for the Prompt Payment Act are included in 5 C.F.R. Part 1315.

Compliance Summary
806.01. INTEREST PENALTIES FOR LATE 1a. All payments for [Document the control [Does control [Indicate yes or [Indicate yes or no; include
PAYMENTS. property or activities that the entity depend on no; include reference to supporting
services that are used to achieve the information reference to documentation.]
Provision Type: Transaction-based. not made by the objective.] system supporting
payment due processing?] documenta- See Compliance Audit
If payment for property or services 41 from Procedures, FAM 806 step 4
a business concern is not made 42 by the date are tion.]
identified. (See (a) and (b).
required due date, 43 then an interest
penalty 44 shall be paid to the concern on note 1.)
the amount of the payment due. 45 31 1b. Interest penalties
U.S.C. § 3902(a). The interest penalty are calculated
shall be paid for the period beginning on and paid on the
the day after the required payment date past due amount
and ending on the date on which payment using the
is made. 46 31 U.S.C. § 3902(b). appropriate
interest rate and
period. (See
footnotes 40
through 45
below.)
41The payment requirement applies for each complete delivered item or each complete service performed. 31 U.S.C. § 3902(a).

Compliance

Compliance Summary
806.02. FUNDING SOURCE FOR LATE 2. Interest penalties See Compliance Audit
PAYMENT INTEREST PENALTIES. are paid out of Procedures, FAM 806 steps
the appropriation 4 (c), 5 (c), and 6.
Provision Type: Transaction-based. account used to
Interest penalties shall be paid out of pay related
amounts made available to carry out the program
programs for which the penalties are expenditures.
incurred. 47 31 U.S.C. § 3902(f).
42A payment is deemed to be made on the date that a check for payment is dated or an electronic transfer is made. 31 U.S.C. § 3901(a)(5).
43The required due date is generally the date specified in the contract or, if a date is not specified, 30 days after receipt of a proper invoice. 31 U.S.C. § 3903(a)(1). If
payment is for meat or meat food products, perishable agricultural products, dairy products, or construction contracts, then consult with OGC to determine the payment
due date. Specific payment due dates to avoid interest penalties are established by law for these items. 31 U.S.C. § 3903(a)(2), (3), (4), (6).
The invoice receipt date is established as the later of (1) the date the entity’s designated representative or office actually receives a proper invoice or (2) the 7th day
after the date on which, in accordance with the terms and conditions of the contract, the property is actually delivered or performance of the services is actually
completed, unless the entity accepted the property or services before the 7th day or a longer acceptance date is specified in the contract. 31 U.S.C. § 3901(a)(4)(A). If
the date of actual invoice receipt is not indicated, then the entity must use the invoice date. 31 U.S.C. § 3901(a)(4)(B).
44Interest shall be calculated at the rate set by the Secretary of the Treasury under section 12 of the Contract Disputes Act of 1978 (41 U.S.C. § 7109) that is in effect
at the time the entity accrues the obligation to pay a late payment interest penalty. 31 U.S.C. § 3902(a). The rates are published in the Federal Register. 31 U.S.C. §
3902(a).
45The temporary unavailability of funds to make a timely payment due for property or services does not relieve the entity head of the obligation to pay interest penalties
under this law. 31 U.S.C. § 3902(d).
46An interest penalty not paid after any 30-day period shall be added to the principal amount of the debt, and a penalty accrues thereafter on the combined amount of
principal and interest. 31 U.S.C. § 3902(e).
47The Prompt Payment Act does not authorize the appropriation of additional amounts to pay a late payment interest penalty. 31 U.S.C. § 3902(f).

Compliance

Compliance Summary
806.03. LIMITATIONS ON DISCOUNT 3a. Discounts taken See Compliance Audit

PAYMENTS. after the Procedures, FAM 806 step 5
specified time (a) and (b).
Provision Type: Transaction-based. period are
Discounts offered by a business concern identified.
may be taken only if payment is made 3b. Interest penalties
within the specified time as determined are properly
from the date of the invoice. 48 An interest calculated and
penalty shall be paid on improperly taken paid on the
discounts. 31 U.S.C. § 3904. amount of any
improperly taken
discounts using
the appropriate
interest rate and
period.
48For purposes of this law, a proper invoice for the amount due is an invoice containing or accompanied by substantiating documentation, which the entity head may
require by regulation or contract or OMB may require by regulation. 31 U.S.C. § 3901(a)(3).

Compliance
documentation only if provisions of the Prompt Payment Act (PPA), as provided in 31 U.S.C.
chapter 39, are significant, as indicated on Form 802, General Compliance Checklist, at page
802-7. These procedures test compliance with the provisions listed on the Compliance
Summary. Implementing regulations for the Prompt Payment Act are included in 5 C.F.R. Part
1315.
Name of entity: __________________________________________________________

Audit period: ____________________________________________________________
Reviewed by: ____________________________________________________________
Initials/
1) Based on the preliminary assessment of compliance control

Summary), select a statistical sample of payments from
throughout the audit period. The sample size will vary based on
the expected effectiveness of compliance controls, as
discussed in FAM 460.02. Document the sampling approach
(see example documentation in FAM 495 D). 49
Sample size _____________________________________
Sample selection method __________________________
2) For each item selected in step 1, obtain the supporting

documentation for the payment, such as the invoice voucher
package.
a) Document the following items:
• invoice number;
• payee;
• invoice amount;
• invoice date;
• invoice receipt date (or other date used for determining
compliance with this law—see step 2(b));
49If the auditor uses multipurpose testing for the compliance test and/or compliance control test and/or a substantive
test of payments details, the sample items for the compliance test and/or compliance control test should be selected
using the sampling method used for the substantive test, as described in FAM 430, Design Tests. Otherwise, the
auditor should select items using attribute sampling, as discussed in FAM 460.02.
As with all sampling applications, the auditor should consider the completeness of the test population. For efficiency,
the auditor should consider using records that were tested for validity, accuracy, and completeness (as well as the
other financial statement assertions) in conjunction with substantive tests of the population.

Compliance
Name of entity: __________________________________________________________

Audit period: ____________________________________________________________
Reviewed by: ____________________________________________________________
Initials/
• payment date;
• amount of interest penalty paid, if any;
• amount of discount taken, if any; and
• appropriation account(s) charged for the expenditure
and interest penalty, if any.
b) For each item selected, note whether the payment was

made by the required due date. The required due date
may be the date specified in the contract or, if a date is
not specified, 30 days after receipt of the invoice. If
payment is for meat or meat food products, perishable
agricultural products, dairy products, or construction
contracts, then consult with OGC to determine the
payment due date. Specific payment due dates to avoid
interest penalties are established by law for these items.
See FAM 806.01, Interest Penalties for Late Payments.
The invoice receipt date is the later of (1) the date the
entity’s designated representative or office actually
receives a proper invoice or (2) the 7th day after the date
on which, in accordance with the terms and conditions of
the contract, the property is actually delivered or
performance of the services is actually completed (unless
the entity accepted the property or services before the 7th
day or a longer acceptance period is specified in the
contract). If the date of actual invoice receipt is not
indicated, then the entity must use the invoice date. See
FAM 806.01, Interest Penalties for Late Payments.
If the payment was made on or prior to the payment due
date, then perform step 3.
If the payment was made after the payment due date,
then perform step 4.
If a discount was taken, then perform step 5.

Compliance
Name of entity: __________________________________________________________

Audit period: ____________________________________________________________
Reviewed by: ____________________________________________________________
Initials/
3) If the payment was made on or prior to the payment due date,

and no discount was taken, then determine that no interest
penalty was paid.
(Note: If the entity did not take advantage of a discount for
which it was eligible or if an interest penalty was paid when it
was not owed, then the auditor generally should determine the
cause of these items for purposes of reporting findings.)
4) If the payment was made after the payment due date, then
determine whether
a) an interest penalty was paid,
b) the amount of the interest penalty was properly
calculated, and
c) the interest penalty was paid out of the appropriation
account used to pay the related expenditures. See FAM
806.01, Interest Penalties for Late Payments.
Review the accounting codes indicated on the expense
voucher. Determine whether the accounting codes used to
record the interest penalty are the same as those used for the
related expenditure and whether the codes and amounts agree
with those recorded in the budgetary accounting records. (See
step 6 regarding proper summarization of amounts.) See FAM
806.01, Interest Penalties for Late Payments; and FAM 806.02,
Funding Source for Late Payment Interest Penalties.
Investigate any differences between the amount of interest
penalty calculated by the auditor and the amount paid by the
entity, including any instances when an interest penalty was
owed but not paid. Investigate any instances when the proper
appropriation account was not charged. See FAM 806.01,
Interest Penalties for Late Payments.

Compliance
Name of entity: __________________________________________________________

Audit period: ____________________________________________________________
Reviewed by: ____________________________________________________________
Initials/
5) If a discount was taken, then determine whether it was taken

during the specified period during which the discount was
available. If the discount was taken during the specified period,
then further consideration is not necessary.
If any discounts are taken after the appropriate time period,
determine whether
a) an interest penalty was paid,
b) the amount of the interest penalty was properly
calculated, and
c) the interest penalty was charged against the
appropriation account used for the related expenditures.
Review the budget accounting codes indicated on the expense
voucher. Determine whether the budget accounting codes
indicated on the voucher for the interest penalty are the same
as those used for the related expenditure. Determine whether
the codes and amounts on the voucher agree with those
recorded in the budgetary accounting records. (See step 6
regarding proper summarization of the budgetary amounts.) 31
U.S.C. § 3902 (a), (b), (f), and 31 U.S.C. § 3904.
Interest penalties (see FAM 806.01, Interest Penalties for Late
Payments) should be calculated on the amount of the discount.
The penalty accrues on the amount of the discount from the last
date specified that the discounted amount may be paid. See
FAM 806.03, Limitations on Discount Payments.
Investigate any differences between the amount of interest
penalty calculated by the auditor and the amount paid by the
entity, including any instances when an interest penalty was
owed but not paid. Investigate any instances when the proper
appropriation account was not charged.

Compliance
Name of entity: __________________________________________________________

Audit period: ____________________________________________________________
Reviewed by: ____________________________________________________________
Initials/
6) Consider the procedures performed on the entity’s budget

controls over summarization of expenditure balances as
discussed in FAM 395 F, Budget Control Objectives.
If the auditor has assessed the entity’s controls as effective in
achieving the control objective of summarizing expenditure
balances, then further procedures are not necessary to obtain
assurance as to whether interest penalties are paid out of the
proper appropriation account.
If the auditor has assessed the controls as ineffective, then the
auditor should perform procedures to determine if the entity has
properly summarized the expenditure balances, as described in
FAM 495 B, Example Procedures for Tests of Budget
Information.
7) If the entity does not appear to be in compliance based on the

Investigator Unit to conclude on whether noncompliance
noncompliance. For any noncompliance noted, the auditor
should
the noncompliance to occur, if it was not previously
• consider the implications of any instances of noncompliance
on the financial statements; and
FAM 580.91–.99).
8) Document conclusions on compliance with each provision on


Compliance
Note: If the auditor uses multipurpose testing for the compliance test and/or compliance
control test and/or a substantive test of payments details, then the sample items for
the compliance test and/or compliance control test should be selected using the
sampling method used for the substantive test, as described in FAM 430, Design
Tests. Otherwise, the auditor should select items using attribute sampling, as
discussed in FAM 460.02.
As with all sampling applications, the auditor should consider the completeness of the
test population. For efficiency, the auditor should consider using records that were
tested for validity, accuracy, and completeness (as well as the other financial
statement assertions) in conjunction with substantive tests of the population.

Compliance
807 – Pay and Allowance System for Civilian Employees, as Provided Primarily in 5 U.S.C. Chapters 51–59
807 – Pay and Allowance System for Civilian Employees, as Provided Primarily in 5
U.S.C. Chapters 51–59
Note: The auditor should complete this compliance summary or prepare equivalent documentation only if provisions of the Pay and
Allowance System for Civilian Employees, as provided primarily in 5 U.S.C. chapters 51–59, are significant, as indicated on Form 802,
General Compliance Checklist, at page 802-8. Implementing regulations issued by the Office of Personnel Management are included in
Title 5, U.S. Code of Federal Regulations.

Compliance Summary
807.01. PAY RATE OR SCHEDULE FOR Employees are [Document the control [Does control [Indicate yes or [Indicate yes or no;
EMPLOYEES IN SPECIFIC POSITIONS. paid at appropriate activities that the entity depend on no; include include reference to
rates. used to achieve the information reference to supporting
Provision Type: Transaction-based. objective.] system supporting documentation.]
Pay for employees in a specific position processing?] documentation.]
See Compliance Audit
should be based on those employees’ Procedures, FAM 807
appropriate pay schedule or pay rate. 50 step 4 (b).
These include employees in positions subject
to the General Schedule (5 U.S.C. § 5332);
prevailing rate employees (5 U.S.C. § 5343);
employees in certain senior-level positions,
such as specially qualified scientific and
professional personnel (5 U.S.C. § 5376);
employees appointed to the Senior Executive
Service (5 U.S.C. § 5383); and employees
paid the minimum wage (29 U.S.C. § 206).
50For employees receiving an annual rate of basic pay, calculate the corresponding hourly, daily, weekly, or biweekly rate, by applying the methodology set out in 5
U.S.C. § 5504(b). To derive an hourly rate, divide the annual rate by 2,087; to derive a daily rate, multiply the hourly rate by the number of daily hours of service
required; to derive a weekly rate, multiply the hourly rate by 40; and to derive a biweekly rate, multiply the hourly rate by 80. 5 U.S.C. § 5504(b).

Compliance
807 – Pay and Allowance System for Civilian Employees, as Provided Primarily in 5 U.S.C.
Chapters 51–59
documentation only if provisions of the Pay and Allowance System for Civilian Employees, as
provided primarily in 5 U.S.C. chapters 51–59, are significant, as indicated on Form 802,
General Compliance Checklist, at page 802-8. These procedures test compliance with the
provisions listed on the Compliance Summary. Implementing regulations issued by the Office of
Personnel Management are included in Title 5, U.S. Code of Federal Regulations.
Name of entity: __________________________________________________

Audit period: ____________________________________________________
Reviewed by: ____________________________________________________
Initials/
Note: These tests are closely related to procedures performed for substantive tests of payroll
expense details, and multipurpose testing in this situation is strongly encouraged.
1) Based on the preliminary assessment of compliance control

Summary), select a statistical sample of payroll records (e.g.,
each employee’s pay per pay period) throughout the audit
period. The sample size will vary based on the expected
effectiveness of compliance controls, as discussed in FAM
460.02. Document the sampling approach (see example
documentation in FAM 495 D). 51
Sample size __________________________________
Sample selection method ________________________
2) For each item selected in 1, note the following information:

• employee name;
• pay period (number and dates);
• amount of gross pay for the period;
• pay rate;
• total hours worked; and
51If the auditor uses multipurpose testing for the compliance test, compliance control test, or both and a substantive
test of payroll expense details, then the auditor should select the sample items for the compliance test, compliance
control test, or both using the sampling method used for the substantive test, as discussed in FAM 430, Design Tests.
As with all sampling applications, the auditor should consider the completeness of the population. For efficiency, the
auditor should consider using records that were tested for validity and completeness (as well as the other financial
statement assertions) in conjunction with substantive tests of payroll or other payroll-related compliance tests.

Compliance
Chapters 51–59
Name of entity: __________________________________________________

Audit period: ____________________________________________________
Reviewed by: ____________________________________________________
Initials/
• number of hours worked at regular pay and other pay (i.e.,
overtime, premium pay, etc.).
3) For each item selected in 1, obtain the employee’s personnel

file and note the following in effect for the pay period selected:
• the employee’s grade and step and
• the employee’s pay rate and pay plan (non-GS
employees).
4) For each item selected in 1, take the following actions:

a) Calculate the amount of gross pay using the hours
worked and the employee’s pay rate indicated on the
payroll records. Compare the amount of gross pay
calculated by the auditor to the amount shown on the
payroll records for the selected pay period, and obtain
explanation and examine support for any differences.
See FAM 807.01, Pay Rate or Schedule for Employees
in Specific Positions.
b) Compare the employee’s pay rate in the payroll records
to the appropriate pay rate for the employee’s approved
grade and step on the pay schedules established by
executive order. (Use the approved grade and step
indicated in the employee’s personnel records for this
test.) Obtain explanation and examine support for any
differences between the actual pay rate for the period
selected and the authorized amounts. See 5 U.S.C. §
5332 for employees in positions subject to the General
Schedule; 5 U.S.C. § 5343 for prevailing rate employees;
5 U.S.C. § 5376 for employees in certain senior-level
positions, such as specially qualified scientific and
professional personnel; 5 U.S.C. § 5383 for employees
appointed to the Senior Executive Service; and 29
U.S.C. § 206 for employees paid the minimum wage.
If the employee’s pay is not set by these pay schedules,
then determine whether the amount paid is properly
authorized.

Compliance
Chapters 51–59
Note: If the entity outsources payroll processing, then the entity remains responsible for
compliance. Dividing responsibility for payroll processing activities between the entity
and the service organization could make payroll testing more complicated; however, the
auditor should perform the same testing. The auditor may accomplish this testing with
the assistance of the service auditor, who may issue an internal control report on the
service organization under AT-C 320. Another approach may be for the service auditor
to assist the entity’s auditor by performing agreed-upon procedures at the service
organization (e.g., substantive testing) under AT-C 215 (see FAM 710, Agreed-Upon
Procedures).

Compliance
808 – Civil Service Retirement Act (CSRA), as Provided in 5 U.S.C. Chapter 83

Note: The auditor should complete this compliance summary or prepare equivalent documentation only if provisions of the Civil Service
Retirement Act (CSRA), as provided in 5 U.S.C. chapter 83, are significant, as indicated on Form 802, General Compliance Checklist, at
page 802-9. Implementing regulations for CSRA’s general administration are included in 5 C.F.R. Part 831.

Compliance Summary
808.01. ENTITY WITHHOLDINGS FROM The appropriate [Document the control [Does control [Indicate yes or [Indicate yes or no;
EMPLOYEE PAY FOR RETIREMENT amount is withheld activities that the entity depend on no; include include reference to
BENEFITS. from employee’s used to achieve the information reference to supporting
pay. (See objective.] system supporting documentation.]
Provision Type: Transaction-based. footnotes 52 processing?] documentation.]
through 54 below.) See Compliance Audit
For each employee 52 employed prior to Procedures, FAM 808
January 1, 1984, 53 the entity shall withhold a step 4 (b).
percentage of the employee’s basic pay. 54 5
U.S.C. § 8334(a)(1).
52For who qualifies as an employee for purposes of CSRA, see 5 U.S.C. § 8331(1).
53Employees employed before January 1, 1984, are generally covered by the Civil Service Retirement Act (CSRA) and on and after that date by the Federal
Employees’ Retirement System Act (FERSA), although some CSRA employees may have opted for coverage subject to FERSA.
54The percentage to be withheld for the service period for (1) most executive branch employees is 7 percent; (2) congressional employees, firefighters, and law
enforcement personnel is 7.5 percent; and (3) Members of the Congress is 8 percent. 5 U.S.C. § 8334(a)(1).

Compliance

Compliance Summary
808.02. ENTITY CONTRIBUTIONS FOR EMPLOYEE The entity See Compliance Audit
RETIREMENT BENEFITS. contribution for Procedures, FAM 808
employee steps 4 (c) and 5.
Provision Types: Transaction-based and retirement is
quantitative-based. calculated
An amount equal to the amount withheld from properly,
the employee’s pay shall be contributed by summarized
the entity. 5 U.S.C. § 8334(a)(1). For most properly, and
employees, the entity contribution shall be charged to the
paid from the appropriation account or fund proper
used to pay the employee. 5 U.S.C. § appropriation
8334(a)(1)(B). account or fund.

Compliance

Compliance Summary
808.03. DEPOSITS INTO THE CIVIL SERVICE Withholdings from See Compliance Audit
RETIREMENT AND DISABILITY FUND. employees and Procedures, FAM 808
entity contributions steps 6 and 7.
Provision Types: Procedural-based and for retirement
quantitative-based. benefits are
Amounts withheld from employees and the properly
sum contributed by the entity for retirement summarized and
benefits shall be deposited into the Treasury deposited into the
to the credit of the Civil Service Retirement Treasury to the
and Disability Fund. 55 5 U.S.C. § 8334(a)(2). credit of the Civil
Service Retirement
and Disability
Fund.
55The Civil Service Retirement and Disability Fund is the fund established under 5 U.S.C. § 8348 that is available for the payment of employee benefits (primarily
retirement) under 5 U.S.C. chapters 83 and 84 and for specified administrative expenses incurred by Office of Personnel Management (OPM) or the Merit Systems
Protection Board. 5 U.S.C. § 8331(5).

Compliance
documentation only if provisions of the Civil Service Retirement Act (CSRA), as provided in 5
U.S.C. chapter 83, are significant, as indicated on Form 802, General Compliance Checklist, at
page 802-9. These procedures test compliance with the provisions listed on the Compliance
Summary. Implementing regulations for CSRA’s general administration are included in 5 C.F.R.
Part 831.
Name of entity: __________________________________________________________

Audit period: ____________________________________________________________
Reviewed by: ____________________________________________________________
Initials/

Summary), select a statistical sample of payroll records
(e.g., each employee’s pay per pay period) for the audit
period for employees covered by the Civil Service
Retirement System (CSRS). See FAM 808.01, Entity
Withholdings From Employee Pay for Retirement Benefits.
The sample size will vary based on the expected
These tests should be coordinated with other tests of
payroll-related expenses and with the agreed-upon
procedures that entity auditors perform for the Office of
Personnel Management (OPM), per OMB audit guidance, if
performed.
Sample size ___________________________________
2. For each selection made in 1, document the following for

the pay period selected:
• the amount withheld for the cost of retirement benefits;
56If the auditor uses multipurpose testing for the compliance test, compliance control test, or both and a substantive
As with all sampling applications, the auditor should consider the completeness of the population. For efficiency, the
auditor should consider using records that were tested for validity and completeness (as well as the other financial
statement assertions) in conjunction with substantive tests of payroll or other payroll related compliance tests.

Compliance
Name of entity: __________________________________________________________

Audit period: ____________________________________________________________
Reviewed by: ____________________________________________________________
Initials/
• the amount of basic pay; and

• if indicated in the payroll disbursement records, the
retirement plan under which the withholdings were made
(CSRS or the Federal Employees Retirement System
(FERS)). (Only employees covered by CSRS should be
included in this compliance test. See FAM 811 for the
FERS compliance test.)
3. For each item selected in 1, obtain the employee’s

personnel file and note the following:
• employee hire date,
• amount of basic pay, and
• the retirement plan under which the employee is
covered.
4. For each selection made in 1, take the following actions:

(a) Compare the amount of basic pay indicated in the
employee’s personnel file with the amount indicated in
the payroll records, and obtain an explanation and
examine support for any differences. (This procedure
would be performed only if not already performed with
other testing.)
(b) Calculate the amount of the withholdings for retirement
costs based on 7 percent of basic pay for most
executive branch employees for the selected pay
period and document the amount. Compare to the
actual amount withheld for the selected pay period,
and obtain an explanation and examine support for any
differences. See FAM 808.01, Entity Withholdings
From Employee Pay for Retirement Benefits.
(c) Determine whether the entity contributed an equal

amount for the employee’s retirement for the selected
pay period. Obtain explanation and examine support
for any differences between the employee and entity
contributions. See FAM 808.02, Entity Contributions for
Retirement Benefits.

Compliance
Name of entity: __________________________________________________________

Audit period: ____________________________________________________________
Reviewed by: ____________________________________________________________
Initials/
5. Determine whether amounts contributed by the entity are

charged to the appropriation account or fund used to pay
the employee for the selected pay period by performing the
following procedures:
(a) Review the accounting codes indicated on the
supporting documentation.
(b) Determine whether the accounting codes used to
record the entity contribution are the same as those
used for the related payroll expenditure and whether
the codes and amounts agree with those recorded in
the budgetary accounting records. (This step assumes
other payroll testing would have included checking that
the codes represent the proper appropriation account.)
(c) Consider the procedures performed on the entity’s
budget controls for summarizing expenditure balances,
as discussed in FAM 395 F, Budget Control
Objectives.
If the auditor has assessed the entity’s controls as
effective in achieving the control objective of
summarization of expenditure balances, then further
procedures are not necessary to obtain assurance as
to whether the entity’s contributions are paid out of the
If the auditor has assessed the controls as ineffective,
then the auditor should perform procedures to
determine whether the entity has properly summarized
the expenditure balances, as described in FAM 495 B,
Example Procedures for Tests of Budget Information.
See FAM 808.02, Entity Contributions for Retirement
Benefits.
6. Determine whether the entity has effective internal controls

over the proper summarization of (a) the amounts withheld
from employees for retirement benefits under the law and
(b) the entity contributions for remittance to Treasury. If the
entity does not have effective controls for summarization,
then test the summarization of the totals that include the
items selected for testing in step 1.

Compliance
Name of entity: __________________________________________________________

Audit period: ____________________________________________________________
Reviewed by: ____________________________________________________________
Initials/
7. Compare the combined totals of employee withholdings and

entity contributions that include each selection made in step
1 to the deposit made to Treasury and the remittance sent
to OPM, and obtain an explanation and examine support for
any differences. The funds should be deposited in the
Treasury to the credit of the Civil Service Retirement and
Disability Fund. See FAM 808.03, Deposits into the Civil
Service Retirement and Disability Fund.
8. If the entity does not appear to be in compliance based on

the results of tests performed, then the auditor should
discuss these matters with OGC and, when appropriate, the
Special Investigator Unit to conclude if noncompliance
noncompliance. For any noncompliance noted, the auditor
should
• identify the weakness in compliance controls that
allowed the noncompliance to occur, if it was not
previously identified during compliance control testing;
appropriate (see FAM 580.56–85);
FAM 580.91–.99).
9. Document conclusions on compliance with each provision

on Form 808, Compliance Summary.
and the service organization could make payroll testing more complicated; however,
the auditor should perform the same testing. The auditor may accomplish this testing
with the assistance of the service auditor, who may issue an internal control report on
the service organization under AT-C 320. Another approach may be for the service
auditor to assist the entity’s auditor by performing agreed-upon procedures at the
service organization (e.g., substantive testing) under AT-C 215 (see FAM 710,
Agreed-Upon Procedures).

Compliance
809 - Federal Employees Health Benefits Act (FEHBA), as Provided in 5 U.S.C. Chapter 89
809 – Federal Employees Health Benefits Act (FEHBA), as Provided in 5 U.S.C.

Chapter 89
Note: The auditor should complete this compliance summary or prepare equivalent documentation only if provisions of the Federal
Employees Health Benefits Act (FEHBA), as provided in 5 U.S.C. chapter 89, are significant, as indicated on Form 802, General
Compliance Checklist, at page FAM 802-10.

Compliance Summary

809.01. BIWEEKLY The amount of the [Document the [Does control [Indicate yes or no; [Indicate yes or no; include
CONTRIBUTIONS FOR entity contribution for control activities depend on include reference to reference to supporting
EMPLOYEE HEALTH health insurance that the entity used information system supporting documentation.]
INSURANCE. benefits is calculated to achieve the processing?] documentation.]
properly for employees objective.] See Compliance Audit
Provision Type: Transaction- who elect to enroll in a Procedures, FAM 809 step 4
based. health insurance plan. (b).
In general, for each full-time
employee enrolled in a health
insurance plan, a biweekly
contribution shall be made by
the entity 57 in an amount
determined by OPM for each
type of insurance plan. 58 5
U.S.C. § 8906(b)(1).
57The biweekly entity contribution for the employee shall not exceed 75 percent of the health insurance cost. 5 U.S.C. § 8906(b)(2).
58For part-time career employees, the biweekly entity contribution shall be calculated on a pro rata basis based on the ratio of number of scheduled part-time hours to
the number of scheduled regular hours for an employee serving full-time in a comparable position. 5 U.S.C. § 8906(b)(3).

Compliance

Compliance Summary

809.02. PAYMENT SOURCE Entity contributions for See Compliance Audit

FOR ENTITY’S the cost of employee Procedures, FAM 809 step 4
EMPLOYEE HEALTH health insurance are (c).
INSURANCE summarized properly
CONTRIBUTIONS. and charged to the
proper appropriation
Provision Types: Transaction- account or fund.
based and quantitative-
based.
For employees generally, the
entity contribution for the cost
of health insurance shall be
paid from the appropriation
account or fund that is used
to pay the employee. 5
U.S.C. § 8906(f)(1).

Compliance

Compliance Summary

809.03. EMPLOYEE PAY Withholdings are made See Compliance Audit

WITHHOLDINGS FOR for the employee’s Procedures, FAM 809 step 4
HEALTH INSURANCE. share of the cost of (a).
health insurance and
Provision Type: Transaction- are calculated
based. properly.
An amount shall be withheld
from the employee’s pay to
cover the total cost of
enrollment in the health
insurance plan selected by
the employee after the
amount of the entity
contribution is subtracted. 5
U.S.C. § 8906(d).
809.04. DEPOSITS INTO THE Withholdings from See Compliance Audit

EMPLOYEES HEALTH employees’ pay and Procedures, FAM 809 steps 5
BENEFITS FUND. entity contributions for and 6.
health insurance costs
Provision Types: Procedural- are properly
based and quantitative- summarized and
based. deposited into the
Amounts withheld from Treasury to the credit
employees’ pay and the sum of the Employees
contributed by the entity for Health Benefits Fund.
health insurance costs shall
be deposited into the
Treasury to the credit of the
Employees Health Benefits
Fund. 5 U.S.C. § 8909(a).

Compliance
documentation only if provisions of the Federal Employees Health Benefits Act (FEHBA), as
provided in 5 U.S.C. chapter 89, are significant, as indicated on Form 802, General Compliance
Checklist, at page 802-10. These procedures test compliance with the provisions listed on the
Compliance Summary.
Name of entity: __________________________________________________________

Audit period: ____________________________________________________________
Reviewed by: ____________________________________________________________
Initials/
1. Based on the preliminary assessment of compliance

control effectiveness (as documented on Form 809,
Compliance Summary), select a statistical sample of
payroll records (e.g., each employee’s pay per pay
period) for the audit period.
effectiveness of compliance controls, as discussed in
FAM 460.02. Document the sampling approach (see
example documentation in FAM 495 D) 59
The auditor should coordinate these tests with other tests
of payroll-related expenses and with the agreed-upon
procedures entity auditors perform for OPM, per OMB
audit guidance, if performed.
Sample size ___________________________________
2. For each selection made in step 1, document the

employee, the pay period selected, and the amount
withheld for the pay period selected, if any, for the cost of
health insurance. If available, document the health
insurance plan enrollment code.
59Ifthe auditor uses multipurpose testing for the compliance test, compliance control test, or both and a substantive
the auditor should consider using records that were tested for validity and completeness (as well as the other
financial statement assertions) in conjunction with substantive tests of payroll or other payroll related compliance
tests.

Compliance
Name of entity: __________________________________________________________

Audit period: ____________________________________________________________
Reviewed by: ____________________________________________________________
Initials/
3. For each selection made in step 1, obtain the employee’s

personnel file and note whether the employee elected
health insurance coverage for the period to which payroll
disbursement relates. Such coverage should be indicated
on OPM form SF 2809 or other automated enrollment
process.
If the employee did not elect health insurance coverage,
then ask why amounts are being withheld for the cost of
insurance and determine whether any entity contributions
are being made inappropriately as well.
4. If the employee identified in step 3 elected coverage, then

perform the following steps:
(a) Obtain the schedule of health insurance costs for all
plans published by OPM. Using the enrollment
code for the plan selected by the employee on
OPM form SF 2809 or other automated enrollment
process, calculate the employee’s portion of the
health insurance cost and document it. Compare it
to the amount actually withheld for the selected pay
period, and obtain an explanation and examine
support for any differences. See FAM 809.03,
Employee Pay Withholdings for Health Insurance.
(b) For each employee in (a), determine the appropriate

amount of the entity’s contribution for its share of
health insurance costs by using the OPM schedule
of costs. Compare it to the amount actually
contributed by the entity for the employee’s health
insurance for the selected pay period and obtain an
explanation and examine support for any
differences. See FAM 809.01, Biweekly
Contributions For Employee Health Insurance.

Compliance
Name of entity: __________________________________________________________

Audit period: ____________________________________________________________
Reviewed by: ____________________________________________________________
Initials/
(c) For each employee in (b), determine if amounts

contributed by the entity are charged to the
appropriation account or fund that is used to pay the
employee for the selected pay period by performing
the following procedures:
i. Review the accounting codes indicated in the
ii. Determine whether the accounting codes
used to record the entity contribution are the
same as those used for the related payroll
expenditure and whether the codes and
amounts agree with those recorded in the
budgetary accounting records. (This step
assumes that other payroll testing would have
included checking that the codes represent
the proper appropriation account or fund.)
iii. Consider the procedures performed on the

entity’s budget controls over summarization
of expenditure balances, as discussed in
FAM 395 F, Budget Control Objectives.
If the auditor has assessed the entity’s
controls as effective in achieving the control
objective of summarization of expenditure
balances, then further procedures are not
necessary to obtain assurance as to whether
the entity’s contributions are paid out of the
proper appropriation account or fund.
If the auditor has assessed the controls as
ineffective, then the auditor should perform
procedures to determine whether the entity
has properly summarized the expenditure
balances, as described in FAM 495 B,
Example Procedures for Tests of Budget
Information. See FAM 809.02, Payment
Source for Entity’s Employee Health
Insurance Contributions.

Compliance
Name of entity: __________________________________________________________

Audit period: ____________________________________________________________
Reviewed by: ____________________________________________________________
Initials/
5. Determine whether the entity has effective controls over

the proper summarization of the amounts withheld from
employees for health insurance costs under this law and
the entity contributions for remittance to Treasury. If the
entity does not have effective controls for summarization,
then test the summarization of the totals that include the
items selected for testing in step 1.
6. Compare the total cost of health insurance on the entity’s

records (employee and employer portions) for the
selected pay period to the deposit made into the Treasury
and the documentation sent to OPM, and obtain an
explanation and examine support for any differences. The
funds should be deposited into the Treasury to the credit
of the Employees Health Benefits Fund. See FAM
809.04, Deposits into the Employees Health Benefits
Fund.

discuss these matters with OGC and, when appropriate,
the Special Investigator Unit to conclude on whether
noncompliance actually has occurred and the implications
of such noncompliance. For any noncompliance noted,
the auditor should
previously identified during compliance control
testing;
• determine the impact on the report on internal control
as appropriate (see FAM 580.56–.85);
• report instances of noncompliance, as appropriate
(see FAM 580.91–.99).


Compliance
and the service organization could make payroll testing more complicated; however,
the auditor should perform the same testing. The auditor may accomplish this testing
with the assistance of the service auditor, who may issue an internal control report on
the service organization under AT-C 320. Another approach may be for the service
auditor to assist the entity’s auditor by performing agreed-upon procedures at the
service organization (e.g., substantive testing) under AT-C 215 (see FAM 710,
Agreed-Upon Procedures).

Compliance
810 – Federal Employees' Compensation Act (FECA), as Provided in 5 U.S.C. Chapter 81
810 – Federal Employees' Compensation Act (FECA), as Provided in 5 U.S.C. Chapter

81
Employees’ Compensation Act (FECA), as provided in 5 U.S.C. chapter 81, are significant, as indicated on Form 802, General
Compliance Checklist, at page 802-11.

Compliance Summary
810.01. EMPLOYEES’ COMPENSATION FUND The entity’s budget request [Document the control [Does control [Indicate yes or [Indicate yes or no;
COSTS AND ANNUAL BUDGET includes a request for an activities that the entity depend on no; include include reference to
REQUEST. appropriation for any used to achieve the information reference to supporting
amounts paid by the Fund on objective.] system supporting documentation.]
Provision Type: Procedural-based the entity’s behalf for the processing?] documentation.]
prior fiscal year. See Compliance Audit
If the entity is funded by annual Procedures, FAM 810
appropriations and receives a statement step 1.
showing the costs of amounts paid from
the Employees’ Compensation Fund (the
Fund), 60 then the entity shall include a
request for an appropriation to cover such
amounts when submitting its budget
request during the next fiscal year. 61 5
U.S.C. § 8147(b).
60Under FECA, the Employees’ Compensation Fund is available without fiscal year limitation to the U.S. government to make compensation payments for the disability
or death of an employee resulting from personal injury sustained while in the performance of the employee’s duty, unless a statutory exception applies. 5 U.S.C. §
8102(a) and 5 U.S.C. § 8147(a).

Compliance

Compliance Summary
810.02. DEPOSITING FUNDS INTO THE 2a. For an entity funded by See Compliance Audit
EMPLOYEES’ COMPENSATION annual appropriations, Procedures, FAM 810
FUND. the appropriations step 1.
received for the costs of
Provision Type: Procedural-based. amounts paid out of the
Amounts appropriated pursuant to the Fund on behalf of the
request (described in 810.01 above) shall entity are credited to the
be deposited into the Treasury to the Fund within 30 days of
credit of the Fund within 30 days of their their availability.
availability. 5 U.S.C. § 8147(b). If, 2b. For an entity not funded
however, the entity does not receive by annual
annual appropriations and receives a appropriations, the entity
statement showing the costs of amounts makes the required
paid from the Fund on the entity’s behalf, deposit to the credit of
then the entity shall make the required the Fund during the first
deposit into the Treasury to the credit of 15 days of October after
the Fund from funds under its control it receives the Fund cost
during the first 15 days of October after it statement.
receives the Fund cost statement. 5
U.S.C. § 8147(b).
61By August 15 of each year, the Secretary of Labor is required to provide the entity a statement showing the total cost of benefits and other payments made from the
Employees’ Compensation Fund during the preceding July 1 through June 30 expense period on account of the injury or death of employees or individuals under the
jurisdiction of the entity. 5 U.S.C. § 8147(b).

Compliance
documentation only if provisions of the Federal Employees’ Compensation Act (FECA), as
Checklist, at page 802-11. These procedures test compliance with the provisions listed on the
Compliance Summary for this law.
Name of entity: __________________________________________________________

Audit period: ____________________________________________________________
Reviewed by: ____________________________________________________________
Initials/
Note: The provisions identified for testing are procedural-based provisions. As discussed in FAM
460.05, the auditor usually performs sufficient procedures in conjunction with tests of
compliance controls for these procedural-based provisions to conclude on the entity’s
compliance without performing additional procedures.
The auditor should not perform additional procedures to obtain evidence regarding compliance
with the provisions related to the following objectives unless sufficient evidence regarding
compliance was not obtained during compliance control tests documented on Form 810,
Compliance Summary.
1. Reference to conclusions on compliance controls on Form

810, Compliance Summary, and indicate whether any
additional procedures are necessary.

Special Investigator Unit to conclude on whether
noncompliance actually has occurred and the implications
of such noncompliance. For any noncompliance noted, the
auditor should
previously identified during compliance control testing;
FAM 580.91–.99).


Compliance
811 – Federal Employees’ Retirement System Act (FERSA), as Provided in 5 U.S.C. Chapter 84
811 – Federal Employees’ Retirement System Act (FERSA), as Provided in 5 U.S.C.

Chapter 84
Employees’ Retirement System Act (FERSA), as provided in 5 U.S.C. chapter 84, are significant, as indicated on Form 802, General
Compliance Checklist, at page 802-12. Implementing regulations for FERSA’s general administration are included in 5 C.F.R. Part 841.

Compliance Summary
811.01. ENTITY WITHHOLDINGS FROM The appropriate [Document the control [Does control [Indicate yes or [Indicate yes or no;
EMPLOYEE PAY FOR RETIREMENT amount is withheld techniques that the depend on no; include include reference to
BENEFITS. from employee’s entity used to achieve information reference to supporting documents.]
pay. (See the objective.] system supporting
Provision Type: Transaction-based. footnotes 61 processing?] documents.] See Compliance Audit
through 63 below.) Procedures, FAM 811
For each employee 62 employed after step 4 (b).
December 31, 1983, 63 the entity shall
withhold a percentage of the employee’s
basic pay (typically 0.80% of basic pay). 64 5
U.S.C. § 8422(a)(1).
62For who qualifies as an employee for purposes of FERSA, see 5 U.S.C. § 8401(11).
63Employees may be covered by the Civil Service Retirement Act (CSRA) or the Federal Employees’ Retirement System Act (FERSA), generally depending on their
employment dates. Generally, employees hired after January 1, 1984, are subject to FERSA.
64For most employees, the percentage to be withheld is 0.8 percent (7 percent minus the Social Security tax rate imposed by the Internal Revenue Code, 26 U.S.C. §
3101(a)). For congressional employees; Members of the Congress; and law enforcement officers, firefighters, air traffic controllers, and nuclear materials couriers, the
withholding rates are higher. See 5 U.S.C. § 8422(a)(1).

Compliance

Compliance Summary
811.02. ENTITY CONTRIBUTIONS FOR EMPLOYEE The entity See Compliance Audit
RETIREMENT BENEFITS. contribution for Procedures, FAM 811
employee steps 4 (c) and 5.
Provision Types: Transaction-based and retirement is
quantitative-based. calculated
The entity shall contribute an amount equal to properly,
the employing entity’s applicable normal-cost summarized
percentage 65 multiplied by the employee’s properly, and
aggregate amount of basic pay payable by charged to the
the entity. 5 U.S.C. § 8423(a)(1). For most proper
employees, the entity contribution shall be appropriation
paid from the appropriation account or fund account or fund.
used to pay the employee. 5 U.S.C. § (See footnote 64
8423(a)(3). below.)
65The Office of Personnel Management computes the normal-cost percentage, which is statutorily defined at 5 U.S.C. § 8401(23). For example, for fiscal year 2017, it
is 14.7 percent of basic pay for most employees. OPM lists the percentages in its Benefits Administration Letters related to “Cost Factors for Calculating Imputed
Costs,” which is accessible on its website at http://www.opm.gov/retirement-services/publications-forms/benefits-administration-letters/ (accessed on May 1, 2023).

Compliance

Compliance Summary
811.03. DEPOSITS INTO THE CIVIL SERVICE Withholdings from See Compliance Audit
RETIREMENT AND DISABILITY FUND. employees and Procedures, FAM 811
entity contributions steps 6 and 7.
Provision Types: Procedural-based and for retirement
quantitative-based. benefits are
Amounts withheld from employees and the properly
sum contributed by the entity for retirement summarized and
benefits shall be deposited into the Treasury deposited into the
to the credit of the Civil Service Retirement Treasury to the
and Disability Fund. 66 5 U.S.C. § 8422(c). credit of the Civil
Service Retirement
and Disability
Fund.
66The Civil Service Retirement and Disability Fund is the fund established under 5 U.S.C. § 8348 that is available for the payment of employee benefits (primarily
retirement) under 5 U.S.C. chapters 83 and 84, and for specified administrative expenses incurred by OPM or the Merit Systems Protection Board. 5 U.S.C. § 8401(6).

Compliance
documentation only if provisions of the Federal Employees’ Retirement System Act (FERSA), as
Checklist, at page 802-12. These procedures are designed to test compliance with the
provisions listed on the Compliance Summary. Implementing regulations for FERSA’s general
administration are included in 5 C.F.R. Part 841.
Name of entity: ___________________________________________________________

Audit period: _____________________________________________________________
Reviewed by: _____________________________________________________________
Initials/

Summary), select a statistical sample of payroll records
(e.g., each employee’s pay per pay period) for the audit
period for employees covered by the Federal Employees
Retirement System (FERS) established pursuant to FERSA.
See FAM 811.01, Entity Withholdings from Employee Pay
for Retirement Benefits.
The auditor should coordinate these tests with other tests of
payroll-related expenses and with the agreed-upon
procedures entity auditors perform for OPM, per OMB audit
guidance, if performed.
Sample size____________________________________
Sample selection method _________________________
67
If the auditor uses multipurpose testing for the compliance test, compliance control test, or both and a substantive
the auditor should consider using records that were tested for validity and completeness (as well as the other
financial statement assertions) in conjunction with substantive tests of payroll or other payroll related compliance
tests.

Compliance
Name of entity: ___________________________________________________________

Audit period: _____________________________________________________________
Reviewed by: _____________________________________________________________
Initials/
2. For each selection made in 1, document the following for the

pay period selected:
• the amount withheld for the cost of retirement benefits;
• the amount of basic pay; and
• if indicated in the payroll disbursement records, the
retirement plan under which the withholdings were made
(the Civil Service Retirement System (CSRS) or FERS).
(Only employees covered by FERS should be included in
this compliance test. See FAM 808 for the CSRS
compliance test.)
3. For each item selected in 1, obtain the employee’s

personnel file and note the
• employee hire date,
• amount of basic pay, and
• retirement plan under which the employee is covered.
4. For each selection made in 1, complete the following:

(a) Compare the amount of basic pay indicated in the
employee’s personnel file with the amount indicated in
the payroll records, and obtain an explanation and
examine support for any differences. (This procedure
would be performed only if it were not already
performed as part of other testing.)
(b) Calculate the amount of the withholdings for retirement

costs based on 0.8 percent of basic pay for most
employees for the selected pay period and document
the amount. Compare to the actual amount withheld for
the selected pay period, and obtain an explanation and
examine support for any differences. See FAM 811.01,
Entity Withholdings from Employee Pay for Retirement
Benefits.

Compliance
Name of entity: ___________________________________________________________

Audit period: _____________________________________________________________
Reviewed by: _____________________________________________________________
Initials/
(c) Determine whether the entity contributed the correct

amount for the employee’s retirement for the selected
pay period. Obtain an explanation and examine
support for any differences between the entity
contributions and the amount calculated using OPM’s
normal-cost percentage. See FAM 811.02, Entity
Contributions for Employee Retirement Benefits.
5. To determine if amounts contributed by the entity are

charged to the appropriation account or fund used to pay
the employee for the selected pay period, complete the
following:
(a) Review the accounting codes indicated on the
(b) Determine whether the accounting codes used to
record the entity contribution are the same as those
used for the related payroll expenditure and whether
the codes and amounts agree to those recorded in the
budgetary accounting records. (This step assumes
other payroll testing would have included checking that
the codes represent the proper appropriation account.)
(c) Consider the procedures performed on the entity’s
budget controls over summarizing expenditure
balances, as discussed in FAM 395 F, Budget Control
Objectives.
If the auditor has assessed the entity’s controls as
effective in achieving the control objective of
summarizing expenditure balances, then further
procedures are not necessary to obtain assurance as
to whether the entity’s contributions are paid out of the
If the auditor has assessed the controls as ineffective,
then the auditor should perform procedures to
determine whether the entity has properly summarized
the expenditure balances, as described in FAM 495 B,
Example Procedures for Tests of Budget Information.
See FAM 811.02, Entity Contributions for Employee
Retirement Benefits.

Compliance
Name of entity: ___________________________________________________________

Audit period: _____________________________________________________________
Reviewed by: _____________________________________________________________
Initials/
6. Determine whether the entity has effective controls over the

proper summarization of the amounts withheld from
employees for retirement costs under this law and the entity
contributions for remittance to Treasury. If the entity does not
have effective controls for summarization, then test the
summarization of the totals that include the items selected
for testing in step 1.
7. Compare the combined totals of employee withholdings and

entity contributions that include each selection made in step
1 to the deposit made to Treasury and the remittance sent to
OPM, and obtain explanation and examine support for any
differences. The funds should be deposited into the Treasury
to the credit of the Civil Service Retirement and Disability
Fund. See FAM 811.03, Deposits into the Civil Service
Retirement and Disability Fund.

Special Investigator Unit to conclude on whether
noncompliance actually has occurred and the implications of
such noncompliance. For any noncompliance noted, the
auditor should
the noncompliance to occur, if it was not previously
FAM 580.91–.99).


Compliance
compliance. Dividing responsibility for payroll processing activities between the entity and the
service organization could make payroll testing more complicated; however, the same testing
should be performed. The auditor may accomplish that testing with the assistance of the service
auditor, who may issue an internal control report on the service organization under AT-C 320.
Another approach may be for the service auditor to assist the entity’s auditor by performing
agreed-upon procedures at the service organization (e.g., substantive testing) under AT-C 215
(see FAM 710, Agreed-Upon Procedures).

SECTION 900
Substantive Testing Implementation

Guidance
Substantive Testing Implementation Guidance
900 – Contents of Substantive Testing Implementation Guidance
Contents – Substantive Testing Implementation Guidance

FAM
Intragovernmental Activity and Balances 902
Example Line Item Risk Analysis (LIRA) for Intragovernmental Accounts 902 A
Example Specific Control Evaluation (SCE) for Intragovernmental Accounts 902 B
Example Audit Procedures for Intragovernmental Activity and Balances 902 C
Auditing Cost Information 903
Disclosure Entities, Related Parties, and Public-Private Partnerships 904
Accounting Estimates 905
Auditing Fund Balance with Treasury (FBWT) 921
Example Line Item Risk Analysis for Fund Balance with Treasury 921 A
Example Specific Control Evaluation for Fund Balance with Treasury 921 B
Example Audit Procedures for Fund Balance with Treasury 921 C
Auditing Heritage Assets and Stewardship Land 931
Auditing the Statement of Social Insurance and the Statement of Changes in 941
Social Insurance Amounts

902 – Intragovernmental Activity and Balances

.01 This section provides guidance on the procedures that the auditor should perform
with respect to intragovernmental activity (i.e., costs and revenues) and balances
(i.e., assets and liabilities). The U.S. government in its entirety is an economic
entity and federal entities are components of that entity. Therefore, transactions
between federal entities are considered intragovernmental. Within the U.S.
government, many federal entities rely on other federal entities to help them
achieve their missions and fulfill their operating objectives. These arrangements
may be voluntary, stipulated by law, or established by mutual agreement of the
entities involved. Note that activity and balances of the General Fund of the U.S.
Government (General Fund) 1 are intragovernmental and are therefore addressed
in FAM 902.
In many cases, the entity receiving goods or services reimburses the providing
entity in accordance with an agreed-upon price, which may or may not represent
fair value. However, frequently one entity provides goods or services to another
entity free of charge (without reimbursement), and the cost of such activity is paid
with the providing entity’s appropriated funds. For example, the General Services
Administration routinely provides property management services and contract
award and administration services to other entities without charge.
.02 Intragovernmental amounts represent activity and balances both within a federal
entity and between federal entities. “Intra-entity” amounts are intragovernmental
activity and balances within a federal entity (any federal agency, department,
administration, or government corporation that is not part of a larger financial
reporting entity other than the government as a whole). “Inter-entity” amounts are
intragovernmental activity and balances between two federal entities that are
trading partners. Intra-entity amounts and inter-entity amounts constitute
intragovernmental activity and balances.
Although the Federal Accounting Standards Advisory Board (FASAB) has used
various terms for intragovernmental amounts, it has predominately used “intra-
entity” and “inter-entity” (as defined above), including in key intragovernmental
pronouncements. 2 In addition, Office of Management and Budget (OMB)
reporting guidance 3 uses “intra-entity” and “inter-entity.” In line with FASAB and
OMB, the FAM uses “intra-entity” and “inter-entity” to refer to the two types of
intragovernmental amounts.
1The General Fund of the U.S. Government is a component of the Department of the Treasury’s central accounting
function. It is a stand-alone reporting entity that comprises the activities fundamental to funding the federal
government (e.g., issued budget authority cash activity, and debt financing activities).
2See Statement of Federal Financial Accounting Standards (SFFAS 4), Managerial Cost Accounting Concepts and
Standards, and SFFAS 55, Amending Inter-entity Cost Provisions.
3The OMB reporting guidance in effect as of the publication date of this version of the FAM is OMB Circular No. A-
136, Financial Reporting Requirements, issued on June 3, 2022. OMB reporting guidance is updated annually, and
the current version can be found on the OMB website at https://www.whitehouse.gov/omb/information-for-
agencies/circulars/ (accessed on May 1, 2023).

.03 Inter-entity intragovernmental differences have specific terminology. These
differences occur when federal trading partners do not record the same
transaction in the same time period for the same amount. Differences, if
unresolved, are errors in the U.S. government’s consolidated financial
statements. At the entity level, intragovernmental amounts need to be reconciled
with trading partners, and then, any resulting differences need to be resolved.
The terms used for intragovernmental differences are as follows:
• Reconciliation
o Reconciled difference: the reason for the difference and its dollar
amount is known and identified.
o Unreconciled difference: the reason for the difference and its dollar
amount is not known and identified.
• Resolution
o Resolved difference: the difference is reconciled and an adjustment was

made to accounting records resulting in the difference no longer existing.
o Unresolved difference: a difference is reconciled; however, no

adjustment was made to accounting records resulting in the difference
continuing to exist.
.04 Common examples of intragovernmental activity include the following:
• goods and services provided from one federal entity to another (trade
transactions);
• transfers between entities based on statutory authority (including transfers

pursuant to agreements authorized by statute), expended appropriations,
taxes and fees collected, collections for others, accounts receivable from
appropriations, transfers payable, and custodial revenue;
• investments in federal securities issued by the Department of the Treasury’s

Bureau of the Fiscal Service (Fiscal Service), including interest accruals,
interest income and expense, and amortization of premiums and discounts;
• borrowings from Fiscal Service and the Federal Financing Bank, including
interest accruals, interest income, and expenses;
• costs of litigation paid by the Treasury Judgment Fund; 4
4A permanent, indefinite appropriation, commonly known as the Judgment Fund, is available to pay final judgments,
settlement agreements, and certain types of administrative awards against the United States, and interest and costs
specified in the judgments or otherwise authorized by law, when payment is not otherwise provided for. The
Secretary of the Treasury certifies all payments from the fund. (See 31 U.S.C. § 1304, Judgments, awards, and
compromise settlements.) FASAB Interpretation No. 2 clarifies how federal entities report the costs and liabilities
arising from claims to be paid by the Judgment Fund and how the Judgment Fund accounts for the amounts that it is
required to pay on behalf of federal entities.

• transactions with the Office of Personnel Management (OPM) relating to

employee benefit programs, such as the Federal Employees’ Retirement
System, Civil Service Retirement System, and federal employees’ life
insurance and health benefits programs, that include routine payments,
imputed financing, and accruals; and
• transactions with the Department of Labor relating to the Federal Employees’
Compensation Act (FECA) that include routine payments to the department.
.05 Without proper and timely reconciliation of intragovernmental activity and

balances and resolution of intragovernmental differences, differences in these
account balances could materially affect the balances at both the entity level and
government-wide level. Entities should perform timely reconciliations of
intragovernmental transactions with trading partners, as annual or quarterly
reconciliations may not be sufficient to detect and resolve differences promptly.
When preparing its financial statements, the entity eliminates intra-entity
intragovernmental amounts. When preparing the U.S. government’s consolidated
financial statements, Treasury eliminates intra-entity and inter-entity
intragovernmental amounts. In cases where intragovernmental accounts are
significantly out of balance, entities and Treasury may not be able to eliminate
intragovernmental amounts from the entities’ and the U.S. government’s
consolidated financial statements, respectively.
Accounting and Reporting Information

FASAB Standards
.06 The FASAB Handbook of Federal Accounting Standards and Other

Pronouncements, as Amended (FASAB Handbook) contains the body of
accounting concepts and standards for the U.S. government. Some of the
Statements of Federal Financial Accounting Standards (SFFAS) that address
intragovernmental activity and balances include SFFAS 4, 5, and 7, which are
briefly discussed below. Auditors should refer to the FASAB Handbook for
additional information related to intragovernmental activity and balances.
.07 SFFAS 4, Managerial Cost Accounting Standards and Concepts, and related
interpretations address the accounting standards for inter-entity cost activity.
SFFAS 5, Accounting for Liabilities of the Federal Government, addresses inter-
entity liabilities, including federal debt, pensions, and retirement benefits. SFFAS
7, Accounting for Revenue and Other Financing Sources and Concepts for
Reconciling Budgetary and Financial Accounting, as amended, addresses inter-
entity revenue and requires disclosure of the nature of intragovernmental
exchange transactions in which an entity provides goods or services at a price
less than full cost or does not charge a price at all.
.08 In accordance with SFFAS 4, as amended by SFFAS 55, reporting entities’ costs
are to incorporate the full cost of goods and services received from other entities,
although there is flexibility for reporting imputed costs for non-business type

activities. 5 With the exception of imputed inter-entity costs for personnel benefits
and the Treasury Judgment Fund settlements or as otherwise directed by OMB,
imputed inter-entity costs for non-business type activities are not required to be
recognized. Although not required to do so, an entity may still elect to recognize
imputed cost and corresponding imputed financing for other types of inter-entity
costs related to non-business type activities. The entity providing the goods or
services has the responsibility to provide the receiving entity with information on
the full cost of services either through billing or other means. The reporting
entities are also to consult with the funding and administering agencies, such as
OPM, for information needed to properly record inter-entity costs. See OMB
reporting guidance for examples of inter-entity costs that should be recognized. 6
OMB Reporting Guidance
.09 OMB reporting guidance states that federal entities are to do the following:
• Reconcile intragovernmental balances and transactions with trading partners
and resolve any identified differences, throughout the fiscal year and at year-
end, with the goal of resolving all differences prior to final submission of data
for the U.S. government’s consolidated financial statements.
• Report intragovernmental assets separately from assets associated with the
Federal Reserve, government-sponsored enterprises, 7 and other entities not
considered to be consolidation entities 8 (which would include organizations
and individuals considered to be part of the general public).
• Report intragovernmental liabilities separately from claims against the entity
by the Federal Reserve, government-sponsored enterprises, and other
entities not considered to be consolidation entities (which would include
organizations and individuals considered to be part of the general public).
• Disclose intragovernmental amounts separately from other amounts for the
following: (1) nonentity assets (held by but not available to the entity), (2)
other assets, (3) liabilities not covered by budgetary resources, and (4) other
liabilities.
5Business-type activity is defined as a significantly self-sustaining activity which finances its continuing cycle of
operations through collection of exchange revenue as defined in SFFAS 7.
6In accordance with OMB reporting guidance, unreimbursed costs that reporting entities are required to recognize
include (1) employees’ pension and postretirement health and life insurance benefits; (2) other postemployment
benefits for retired, terminated, and inactive employees, which include unemployment and workers compensation
under the Federal Employees’ Compensation Act (5 U.S.C. chapter 81); and (3) losses in litigation proceedings
(addressed in FASAB Interpretation No. 2, Accounting for Treasury Judgment Fund Transactions). For employee
benefits, the imputed cost is the difference between employer and employee contributions and the total cost of the
benefit.
7A government-sponsored enterprise is statutorily established with its particular attributes defined in its enabling
statute and federal charter. Despite this diversity, there are at least four readily observable characteristics of
government-sponsored enterprises: (1) private sector ownership, (2) limited competition, (3) activities limited by
federal charter, and (4) chartered privileges that create an inferred federal guarantee of obligations (see FASAB
Handbook, app. E).
8Consolidation entities are entities that are consolidated in the U.S. government’s consolidated financial statements.

• Include a note disclosure in the significant entities’ audited financial

statements showing how line items in the entity’s financial statements relate
to line items in the U.S. government’s consolidated financial statements,
including intragovernmental line items that are later eliminated in compiling
the U.S. government’s consolidated financial statements. 9
Treasury Financial Manual
.10 The Treasury Financial Manual (TFM), 10 volume 1, part 2, chapter 4700 (TFM 2-
4700), Agency Reporting Requirements for the Financial Report of the United
States Government (FR), primarily appendix 6 (“Intragovernmental Transaction
Guide”), provides extensive, detailed information on how federal entities are to
properly account for, reconcile, and report intragovernmental activity and
balances (and resolve intragovernmental differences). The TFM has various
requirements for federal entities, including the following:
• Use the United States Standard General Ledger (USSGL) account attributes
and domains to indicate the nature of account balances and to identify
intragovernmental transactions. For example, the federal (i.e.,
intragovernmental) “F” attribute used in conjunction with USSGL account data
enables Fiscal Service to prepare elimination entries for the government-wide
• Add trading partner information to each USSGL account sent to Treasury
when the USSGL account has the federal attribute “F.” 11
• Perform various actions throughout the year, including reporting
intragovernmental data to Treasury, providing explanations to Treasury for
the entities’ inter-entity intragovernmental differences, and working with
trading partners to resolve differences.
In addition to requirements, the TFM includes instructions for fulfilling

requirements, including instructions for
• addressing recurring intragovernmental differences by identifying root causes
and implementing corrective action plans to resolve the root causes,
• submitting intragovernmental differences to Treasury’s dispute resolution
process when entities cannot resolve intragovernmental differences with
trading partners, and
• submitting year-end information to Treasury for inclusion in the U.S.
government’s consolidated financial statements.
9See TFM vol. 1, pt. 2, ch. 4700 (TFM 2-4700) for a listing of federal entities identified as significant to the U.S.
government’s consolidated financial statements (significant entities). Significant entities that are Financial Accounting
Standards Board reporters need to also report this note information and have it audited. Such information may be
reported by the significant entity in (i) its annual financial report within a note to the financial statements, (ii) a limited
use audited financial statements as a note to the financial statements, or (iii) an audited note (an audit of a special
element similar to a closing package).
10The TFM is available at https://tfm.fiscal.treasury.gov/.
11Trading partners are federal agencies, departments, or entities participating in transactions with each other.

The TFM also includes various aids, including
• an appendix dedicated to explaining the proper recording of
intragovernmental transactions with the General Fund;
• crosswalks indicating how the entities’ year-end information (which is
submitted to Treasury) is reported in the U.S. government’s consolidated
financial statements; and
• various tables listing federal entity identification codes, types of transactions
per reciprocal category, and USSGL accounts per reciprocal category. 12
Management Representations
.11 To emphasize entity management’s responsibility for identifying

intragovernmental transactions and balances and resolving inter-entity
differences, intragovernmental representations are included in two year-end
representations: (i) the management representation letter (which is provided for
the audits of the entity’s financial statements) and (ii) the CFO Representations
for Intragovernmental Activity and Balances Form (which is provided to the
entity’s inspector general, Fiscal Service, and GAO).
The management representation letter includes both intragovernmental and non-

intragovernmental representations. The intragovernmental representations
include those for intra-entity intragovernmental eliminations, proper accounting
and disclosure of transactions, and resolution (or inability to resolve) of inter-
entity intragovernmental transactions with trading partners. Note that if the
auditor believes that such representation is not supported by management, the
auditor should assess the effect of the inadequate disclosure on the auditor’s
opinion (see FAM 1001).
The CFO Representations for Intragovernmental Activity and Balances Form

includes intragovernmental representations regarding the consistency between
the information the entity submits to Treasury for consolidation and the sources
of that information, inter-entity intragovernmental activity and balances with
specific trading partners, the independent auditor’s proposed adjustments, and
the chief financial officer’s (CFO) monitoring of inter-entity intragovernmental
differences throughout the year.
Continuing Issues from Prior-Year Audits
.12 Since fiscal year 1997, the first year the U.S. government’s consolidated financial
statements were audited, the federal government has been unable to adequately
account for intragovernmental activity and balances between federal entities.
This has resulted in a material weakness at the U.S. government consolidated
financial statement level and is a major impediment to rendering an opinion on
the U.S. government’s accrual-based consolidated financial statements. At the
12Reciprocal accounts are offsetting USSGL accounts used by inter-entity trading partners to record transactions
(e.g., a seller’s receivable account and a buyer’s corresponding payable account). Treasury groups these USSGL
accounts into “reciprocal categories,” which Treasury uses to help manage intragovernmental transactions, including
calculating intragovernmental differences between trading partners, assisting entities in resolving differences, and at
year-end eliminating intragovernmental amounts from the U.S. government’s consolidated financial statements.

consolidated level, intragovernmental amounts do not completely eliminate,
resulting in an “unmatched transactions and balances” amount being reported on
the Statement of Operations and Changes in Net Position in order to balance the
accrual-based consolidated financial statements. 13
Intragovernmental Payment and Collection (IPAC) System
.13 IPAC is the primary method most federal entities use to bill and pay for services
and supplies within the U.S. government electronically. IPAC is used to
communicate to Treasury and the trading partner that the online billing and/or
payment for services and supplies has occurred. IPAC, however, is not intended
to be a control over the intragovernmental transactions (reciprocal accounts).
IPAC was not designed as an accounting system and does not require trading
partners to record transactions at the same time or in the same amounts. In
addition, unreconciled IPAC differences could affect the existence and
completeness of intragovernmental activity and balances.
.14 A federal entity initiates an IPAC transaction either as a collection or a payment.

An IPAC customer entity receives an IPAC transaction either as a payment or a
collection. Entities should establish procedures to reconcile intragovernmental
transactions recorded in IPAC with their subsidiary ledger records.
.15 As with non-intragovernmental collections and payments, federal entities should

record increases and decreases to their Fund Balance with Treasury (FBWT)
accounts for IPAC collections and payments, respectively. IPAC information is
reported to Treasury’s Central Accounting Reporting System (CARS), which
provides FBWT account statements and other reports to federal entities. Regular
reconciliation of entity FBWT records with Treasury records is a key control;
additional guidance for auditing FBWT is provided in FAM 921.
Audit Approach
.16 The following are summary narrative descriptions of intragovernmental audit

procedures. For examples of intragovernmental audit procedures, see
FAM 902 C.
.17 The auditor should assess inherent, fraud, and control risk. For example,
inherent risk may exist because of the nature of the intragovernmental activity,
such as a significant volume or dollar amount of transactions, number of trading
partners, or complexity of transactions.
.18 The auditor should consider the risk of material misstatement in determining the
nature, extent, and timing of control testing and substantive procedures for
auditing intragovernmental activity and balances and evaluating the results of
these procedures. Throughout the audit, the auditor evaluates the possible
existence of material intragovernmental activity and balances that could affect
13An unmatched amount is also reported in the Statement of Net Cost; however, it is not reported as a separate line
item.

the financial statements. The auditor also evaluates information concerning
material intragovernmental activity and balances to determine the adequacy and
appropriateness of note disclosures.
.19 The auditor generally should determine an intragovernmental materiality

benchmark as combining all the accounts may distort the auditor’s judgment
when designing the nature, extent, and timing of audit procedures. In determining
the materiality benchmark, the auditor should decide how to handle significant
intragovernmental balances (such as funds with the U.S. Treasury, U.S. Treasury
securities, and inter-entity balances) and offsetting balances (such as future
funding sources that offset certain liabilities and collections that are offset by
transfers to other government entities) due to their levels of risk (see FAM
230.10).
.20 In gaining an understanding of the entity, including its internal control, the auditor
should obtain an understanding of management responsibilities and the
relationship of each component within the entity to the total entity (i.e., intra-entity
amounts) and of the entity to other federal entities (i.e., inter-entity amounts).
This includes knowledge of
• the entity’s trading partners;
• the nature of intragovernmental transactions that occur;
• the volume and dollar amount of transactions;
• management’s attitude about and awareness of reconciliations of

intragovernmental activity and balances and the resolution of
intragovernmental differences with trading partners; and
• the entity’s operations to identify, respond to, and resolve accounting and
auditing problems.
.21 The auditor should obtain an understanding of the general phases of

intragovernmental accounting and reporting:
a. Identifying and properly recording intragovernmental transactions.
b. Reconciling the entity’s records of intragovernmental activity and balances

and resolving intragovernmental differences (i.e., make adjustments so that
the difference no longer exists) after appropriately researching the difference,
and/or completing corrective actions that fixed the cause of the difference, or
after Treasury issued a decision as part of its dispute resolution process.
Entities should:
• Coordinate with trading partners to reconcile intragovernmental activity

and balances.
• Resolve differences by either recording an adjustment in the entity’s

accounting records OR verifying that the trading partner recorded an
adjustment in its accounting records.

c. Reporting intragovernmental activity and balances in the entity financial
statements AND to Treasury for inclusion in the U.S. government’s
consolidated financial statements (the entity’s intra-entity and inter-entity
intragovernmental amounts are eliminated). 14 Entities include
intragovernmental activity and balances in the automated trial balance
submissions to Treasury sent via the Governmentwide Treasury Account
Symbol Adjusted Trial Balance System (GTAS). OMB reporting guidance
also requires significant entities to include a note to the financial statements,
titled Reclassification of Financial Statement Line Items for Financial Report
Compilation Process, as discussed in section 902.09 above.
.22 For all three general phases of intragovernmental accounting and reporting, the
auditor should assess the design of control activities, and for control activities
that have been designed and implemented effectively, test their operating
effectiveness. This begins with the auditor identifying policies and procedures
related to the entity’s ability to record, process, summarize, and report
intragovernmental activity and balances by trading partner. A good design
emphasizes the importance of identifying and classifying intragovernmental
transactions by trading partner when they are initiated and on all documentation
thereafter. Without this initial identification, the entity’s accounting system may
not be able to adequately track intragovernmental activity and balances.
.23 The auditor should design audit procedures to understand whether the entity
uses other collection and payment methods (e.g., electronic funds transfer,
checks, standard forms used to transfer funds between appropriations, and credit
cards) in addition to the IPAC system to process intragovernmental activity and
balances. The auditor should determine whether these methods affect the
accuracy of intragovernmental activity and balances.
.24 If the auditor determines that the entity’s reconciliation and resolution controls for
intragovernmental transactions are not designed or implemented effectively, the
auditor should consider the effect on the risk of material misstatement, the effect
on substantive testing procedures, and whether to report a significant deficiency
or material weakness in internal control. Where intragovernmental transactions
are or could be material, significant additional work is usually necessary to
express an unmodified opinion. In cases where the auditor finds significant
deficiencies or material weaknesses in the intragovernmental resolution control
and no other mitigating controls exist, the auditor must disclose this in the report
or opinion on internal controls (FAM 580).
.25 Since inadequate intragovernmental processes have been a long-standing

material weakness at the U.S. government consolidated financial statement level,
if there is evidence and a history of systemic or recurring problems in any of the
intragovernmental phases in FAM 902.21 the auditor should consider performing
additional testing procedures. These procedures should assist with identifying
issues related to accounting for and eliminating intragovernmental activity and
14There may be valid reasons to not eliminate certain intra-entity intragovernmental amounts from an entity’s financial
statements. In such instances, the entity should communicate with Treasury in order for any needed journal entries to
be recorded for the U.S. government’s consolidated financial statements.

balances in both the entity’s and the U.S. government’s consolidated financial
statements.
.26 The auditor may detect misstatements during testing of intragovernmental

transactions (i.e., a transaction was recorded with an incorrect amount) and
testing of the entity’s reconciliation and resolution of intragovernmental
differences. The reconciled intragovernmental differences are those for which the
entity determined its cause but did not yet resolve the difference; therefore, the
difference still exists at year-end. The unresolved intragovernmental differences
are those for which
• the entity appropriately researched and reconciled the difference with its
trading partner; however, no adjustment was made to either the entity’s or the
trading partner’s accounting records resulting in the difference continuing to
exist or
• Treasury’s Bureau of the Fiscal Service, as part of its dispute resolution

process, may issue a decision in which the entity or the trading partner is to
adjust its accounting records; however, this adjustment has not been made.
The auditor should record misstatements in the Summary of Uncorrected

Misstatements (see FAM 540 and FAM 595 C).
To avoid duplicate procedures, the auditor should consider other

intragovernmental related work (including FBWT) when designing the tests for
intragovernmental activity and balances. Examples of the line item risk analysis
(LIRA), specific control evaluation (SCE), and audit procedures for the audit of
intragovernmental activity and balances are in FAM 902 A, FAM 902 B, and FAM
902 C, respectively. Also see FAM 395 H and FAM 395 G for additional details
regarding the LIRA and SCE, respectively. The LIRA(s), SCE(s), and audit
procedures generally are customized by the auditor for the particular entity. For
example, if the auditor determines that the intragovernmental accounts
receivable line item is significant, the auditor generally should prepare separate
LIRA(s), SCE(s), and audit procedures for the intragovernmental accounts
receivable account and its related accounting applications. (Note that a single
SCE for a line-item/account-related accounting application is presented. There
are likely transaction-related accounting applications listed on the LIRA that also
would have SCEs.) In addition, for efficiency, the auditor may coordinate tests of
intragovernmental activity and balances with tests of nonfederal activity and
balances.

902 A – Example Line Item Risk Analysis (LIRA) for Intragovernmental Accounts
ENTITY: XYZ Entity (XYZ) PREPARER & DATE ______________________
LINE ITEM RISK ANALYSIS FORM
DATE OF FINANCIAL STATEMENTS: 9/30/xx REVIEWER & DATE ______________________
FILE: _____________
LINE ITEM: Intragovernmental Accounts
PLANNING PHASE INTERNAL CONTROL PHASE TESTING PHASE

Line Item Financial Inherent Risk Fraud Risk Control Risk Mitigating Cycle/ Effectiveness Control Risk of Timing Nature & Extent Audit Plan
Statement Factors Factors Factors Factors Accounting of Control Risk Material I/F Testing
Name Balance Assertions Application Activities Misstatement Step
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12) (13) (14)
Intragovern- $###,###,### Existence or Inherent risk No significant Control risk No mitigating Revenue / Effective Low Low I/F Examine intragovernmental
mental occurrence arises from (1) fraud risk arises from factors receipts transactions to determine
assets, the nature of factors (1) prior years' identified whether they are properly
liabilities, intragovernmen- identified. material Revenue / Effective supported.
revenues, tal transactions, weaknesses in accounts
expenses which are sus- accounting receivable Examine the reconciliation with
ceptible to and reporting trading partners and the
Expenses / Effective resolution of intragovernmental
misstatement where the
disbursements differences to determine
because of the entity was not
high volume of able to timely whether they are effectively
Expenses / Effective
transactions, resolve monitored by management.
accounts
large dollar intragovern- payable Determine whether
amounts, and mental adjustments made to accounts
large number of differences to resolve differences are
trading partners, and (2) man- reviewed, proper, and timely.
and (2) prior agement's
years’ significant attitude in not Review elimination entries and
adjustments timely determine whether they were
relating to intra- resolving reviewed and by whom.
governmental differences.
transactions.

Line Item Financial Inherent Risk Fraud Risk Control Risk Mitigating Cycle/ Effectiveness Control Risk of Timing Nature & Extent Audit Plan
Statement Factors Factors Factors Factors Accounting of Control Risk Material I/F Testing
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12) (13) (14)
Completeness Same as Same as Same as Same as Same as Effective Low Low I/F Same as existence above.
existence above. existence existence existence existence
above. above. above. above. Examine interagency
agreements and resulting
transactions to determine
whether they are properly
recorded in the general ledger.
Test cutoff: search for
unrecorded transactions (e.g.,
review transactions after year-
end to see if they were
recorded in the correct fiscal
year).
Accuracy, Same as Same as Same as Same as Same as Effective Low Moderate I/F Same as existence above.
valuation, and existence above. existence existence existence existence
allocation above. above. above. above.
Rights and Same as Same as Same as Same as Same as Effective Low Low I/F Same as existence above.
obligations existence above. existence existence existence existence
above. above. above. above. Review agreements between
trading partners.
Review representation letters
to see if obligations are
properly disclosed.
Presentation Same as Same as Same as Same as Same as Effective Low Low F Determine whether the entity
and disclosure existence above. existence existence existence existence appropriately classifies,
above. above. above. above. summarizes, and discloses
intragovernmental accounts in
financial statements and
whether related note
disclosures are in accordance
with Federal Accounting
Standards Advisory Board,
Office of Management and
Budget, and Department of the
Treasury guidance.
Line Item $###,###,###

Total
902 B – Example Specific Control Evaluation (SCE) for Intragovernmental Accounts

Entity: XYZ SPECIFIC CONTROL EVALUATION INTERNAL CONTROL PHASE TESTING PHASE SIGN-OFFS
SIGN-OFFS
Preparer & Date:
Date of Financial Statements: 9/30/xx FILE: __________ Preparer & Date:
Primary Review & Date:
Accounting Application: Intragovernmental Accounts Primary Review & Date:
SPECIFIC CONTROL EVALUATION: INTRAGOVERNMENTAL ACCOUNTS

ACCOUNTING RELEVANT ASSERTIONS IN POTENTIAL INTERNAL INTERNAL CONTROL Type of ICA: INTERNAL CONTROL TESTING
APPLICATION RELATED GROUPS OF MISSTATEMENT IN CONTROL ACTIVITIES (ICA) PHASE PHASE
ASSERTION ACCOUNTS 15 ACCOUNTING OBJECTIVES (ICO) IS,
APPLICATION Is the ICA Audit Is the ICA Is the ICO Audit Plan
Manual (M), or
ASSERTIONS Designed and Doc. Operating Achieved? Testing
Both IS and Implemented Ref. Effectively? Step 17
Manual (B) Effectively? 16
Various Various
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12)
Existence or Existence or Existence, Existence:
occurrence occurrence occurrence, or
completeness 1. Recorded 1a. Recorded 1a1. Quarterly, M Y Y Y
intragovernmental intragovernmental intragovernmental
assets and liabilities assets and liabilities balances recorded
do not exist at a exist at a given date. in the entity’s
given date. general ledgers are
confirmed and
reconciled with
trading partners.
15The third column is for use when the effects of the accounting application on the line items are different. For example, misstatements in the existence or occurrence assertion for cash receipts typically result in
misstatements in the existence assertion for cash and in the completeness assertion for accounts receivable (see Financial Audit Manual (FAM) 330.04).
16In this column, the auditor references the audit documentation supporting the conclusion.
17In this column, the auditor references the audit procedures in the control testing audit plan (and information systems audit plan, as applicable) that were designed to test each effective control determined to be relevant.
Such tests will involve inquiry, observation, inspection, or a combination thereof.

Manual (M), or
Various Various
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12)
1a2. The entity and M Y Y
trading partners
work together to
resolve
intragovernmental
differences.
1a3. Resolution M Y Y
adjustments and
supporting
documents are
reviewed and
approved by
authorized
personnel before
being entered in the
general ledgers.
1a4. Reconciliation B Y Y
between
intragovernmental
general ledger
balances and
subsidiary ledger
balances are
performed quarterly
and reviewed by
supervisory
personnel.

Manual (M), or
Various Various
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12)
1b. Recorded 1b1. Same as 1a. M Y Y Y
intragovernmental above.
assets and liabilities
of the entity, at a 1b2. Transaction logs B Y Y
given date, are and detailed
supported by records of
appropriate detailed transactions are
records that are maintained in
accurately electronic form to
summarized and facilitate the
reconciled to the reconciliation
account balance. process and to
provide sufficient
information on the
location of the
supporting
documents.
1c. Access to 1c1. Protection provided IS Y Y Y

intragovernmental by system
assets, critical forms, safeguards
records, and (passwords,
systems and storage permissions
areas are permitted provided based on
only in accordance need, and
with laws, separation of
regulations, and duties) and physical
management’s safeguards (safes
policy. and locks, guards,
cameras, and alarm
systems).

Manual (M), or
Various Various
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12)
1c2. Changes made to IS Y Y
the trading partner
codes file are
restricted to
authorized
accounting
personnel.
1d. Intragovernmental 1d. Same as 1a4. B Y Y Y

assets and liabilities
are recorded in the
proper accounts.
Completeness Completeness Completeness, Account completeness
existence, or
occurrence 2. Intragovernmental 2. All 2a. Same as existence Various Y Y Y
assets and liabilities intragovernmental above.
of the entity exist accounts that should
but are not recorded have been recorded 2b. Employees review M Y Y
in the proper period have been recorded all transactions to
or accounts, or are in the proper period identify and
omitted from the and accounts, and properly code
financial are properly included intragovernmental
in the financial transactions.

Manual (M), or
Various Various
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12)
statements. statements. 2c. Employees B Y Y
reconcile and
resolve
Intragovernmental
Payment and
Collection (IPAC)
differences (and
differences from
other systems /
methods, if any,
used to process
intragovernmental
transactions)
promptly and
record adjustments
properly.
2d. Supervisory M Y Y
personnel review
and approve monthly
account analyses of
intragovernmental
accounts and
examine budget-to-
actual and trend
analyses.
2e. Elimination journal M Y Y

entries and
supporting
documentation are
reviewed and
approved by
authorized
personnel.

Manual (M), or
Various Various
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12)
2f. Elimination entries M Y Y
are supported by
schedules
summarizing the
USSGL accounts
that are combined to
total the amounts
eliminated.
Accuracy / Valuation Valuation Valuation

valuation
3. Intragovernmental 3. Intragovernmental 3a. Same as existence Various Y Y Y
assets and liabilities assets and liabilities and completeness
have not been have been included above.
included in the in the financial
financial statements statements at 3b. Employees M Y Y
at appropriate appropriate periodically
amounts. Resulting amounts, and any evaluate the
valuation or resulting valuation or condition and
allocation allocation marketability of
adjustments have adjustments have intragovernmental
not been been appropriately assets, for
appropriately recorded. example,
recorded. receivables are
evaluated for
collectability.
Measurement:
4. Intragovernmental 4. Intragovernmental 4. Same as existence M Y Y Y

revenues and revenues and and completeness
expenses included expenses included in above.
in the financial the financial
statements are statements are
measured properly measured.
improperly.

Manual (M), or
Various Various
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12)
Rights and Rights and Rights and Ownership:
obligations obligations obligations
5. Recorded 5. Recorded 5. Same as existence Various Y Y Y
intragovernmental intragovernmental and completeness
assets are owned assets are owned by above.
by others because the entity.
of sales or other
contractual
arrangements.
Rights:
6. The entity does not 6. The entity holds or 6. Same as existence Various Y Y Y
hold or control the controls the rights to and completeness
rights to recorded intragovernmental above.
intragovernmental assets at a given
assets because of date.
certain restrictions.
Obligations:
7. The entity does not 7. Intragovernmental 7. Same as existence Various Y Y Y
have an obligation liabilities are the and completeness
for recorded intra- entity’s obligations at above.
governmental a given date.
liabilities at a given
date.

Manual (M), or
Various Various
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12)
Presentation and Presentation Presentation and Presentation:
disclosure and disclosure disclosure
8. Financial or other 8. Financial and other 8a. Employees use M Y Y Y
information in the information in the trading partner codes
financial statements financial statements to identify and track
related to intra- related to trading partners when
governmental intragovernmental the intragovern-
accounts is not accounts is mental transactions
appropriately appropriately are initiated and on
aggregated or aggregated or all documentation
disaggregated, or disaggregated, and thereafter.
clearly described. clearly described.
8b. Employees use M Y Y
USSGL account
attributes to identify
the nature of account
balances and to
identify
intragovernmental
transactions by
trading partner.
8c. Employees check that M Y Y
the intragovernmental
amounts reported in
the note disclosure
linking line items on
the entity’s financial
statements to line
items on the U.S.
government’s
consolidated financial
statements agree to
the entity’s financial
statements and
general ledger
records. .

Manual (M), or
Various Various
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12)
8d. Employees check M Y Y
that the
intragovernmental
amounts reported to
Treasury via GTAS
agree to the entity’s
financial statements
and general ledger
records.
Consistency:
9. The financial 9. The financial 9a. Employees track M Y Y Y
statement statement changes in applicable
components are components are accounting principles
based on based on accounting and requirements.
accounting principles that are
principles different applied consistently
from those used in from period to 9b. Employees have the M Y Y
prior periods. period. appropriate
education, training,
and resources to help
ensure the consistent
application of
accounting principles.

Manual (M), or
Various Various
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12)
Disclosure:
10. Note disclosures 10. Note disclosures 10. Employees consult M Y Y Y
related to related to applicable (Office of
intragovernmental intragovernmental Management and
accounts are not accounts are Budget (OMB),
appropriately appropriately Department of the
measured or measured and Treasury, and GAO)
described, or described, and guidance and then
relevant and relevant and verify that the
understandable in understandable in disclosure complies
the context of the the context of the with requirements.
requirements of requirements of U.S.
U.S. GAAP. Not all GAAP. All note
note disclosures disclosures related
related to to intragovernmental
intragovernmental accounts that should
accounts that have been included
should have been in the financial
included in the statements have
financial statements been included.
have been included. Disclosed
Disclosed transactions and
transactions and events have
events did not occurred and pertain
actually occur or to the entity.
pertain to the entity.
902 C – Example Audit Procedures for Intragovernmental Activity and Balances
902 C – Example Audit Procedures for Intragovernmental

Activity and Balances
Note: See FAM 902.02 for definitions of intragovernmental terms.
Procedures Initials/ Doc. ref.

date
I. PLANNING
Obtain an understanding of the entity and its operations, including
its internal control, that are significant to intragovernmental activity
and balances (FAM 220).
1) Inquire of entity management about the following:
a) The relationship of each unit within the entity to the total
entity and of the entity to other entities.
b) Management’s attitude and awareness of entity
operations and internal controls with respect to
intragovernmental accounting and reporting.
c) Three general phases of intragovernmental accounting
and reporting:
i. Identifying and recording intragovernmental

activity and balances;
ii. Reconciling the entity’s records of
intragovernmental activity and balances to those
reported by trading partners and resolving
intragovernmental differences (i.e., make
adjustments so that differences no longer exist) after
appropriately researching the difference, and/or
completing corrective actions that fixed the cause of
the difference, or after Treasury issued a decision
as part of its dispute resolution process by:
• coordinating with trading partners to reconcile
intragovernmental activity and balances; and
• recording an adjustment in the entity's
accounting records OR verifying that the
trading partner recorded an adjustment in its
accounting records; and
iii. Reporting intragovernmental data in the entity
financial statements AND to Treasury for inclusion
in the U.S. government’s consolidated financial
statement (the entity’s intra-entity and inter-entity
intragovernmental amounts are eliminated). (Note:
Reconciliation and resolution should occur prior to
reporting to Treasury, see ii above. For reporting to

date
Treasury, entities include intragovernmental activity
and balances in the automated trial balance
submissions sent via the Governmentwide Treasury
Account Symbol Adjusted Trial Balance System
(GTAS). Office of Management and Budget (OMB)
reporting guidance 18 also requires significant entities
to include a note in their audited financial
statements titled Reclassification of Financial
Statement Line Items for Financial Report
Compilation Process (see FAM 902.09).)
2) Obtain an understanding of significant accounting and
auditing issues relevant to intragovernmental activity and
balances by reading the entity’s prior year’s performance and
accountability report or agency financial report.
a) Review the prior year auditors’ reports.
b) Review prior year-end intragovernmental differences

reported by Treasury. 19
c) Review journal vouchers recorded by Treasury during

the prior year-end process for the U.S. government’s
consolidated financial statements and determine
whether (i) the underlying differences are still
outstanding, (ii) authorized entity personnel approved
the journal vouchers, and (iii) these journal vouchers will
impact current year audit procedures. 20
3) Identify the entity’s accounting and reporting requirements

for intragovernmental activity and balances such as by
reading the following:
18The OMB reporting guidance in effect as of the publication date of this version of the FAM is OMB Circular No. A-
136, Financial Reporting Requirements, issued on June 3, 2022. OMB reporting guidance is updated annually, and
the current version can be found on the OMB website at https://www.whitehouse.gov/omb/information-for-
agencies/circulars/ (accessed on May 1, 2023).
19Quarterly, Treasury generates and provides to entities various documents that report intragovernmental
differences. Treasury provides entities with differences over established thresholds with Material Difference Reports
(MDR), on which an entity provides Treasury explanations for its differences, and provides significant entities with a
scorecard containing metrics. Treasury also provides a concluding report that provides details (including the entities’
explanations) on all the significant differences (Comparative Status of Disposition Report, CSDR), and a spreadsheet
that breaks down differences to the USSGL level (IGT Raw Data File). Entities work with their trading partners and
use the CSDR and the IGT Raw Data File to reconcile intragovernmental amounts (research) and resolve resulting
differences before the start of the next quarterly cycle.
20During the year-end CFS consolidation process, Treasury analyzes intragovernmental differences calculated to
identify those that it can resolve by booking journal vouchers (JV). Doing so, Treasury changes the audited data the
entities sent to it, which lessens the total intragovernmental differences reported in the U.S. government’s
consolidated financial statements. Treasury generally contacts the entities prior to making the JVs.

date
a) Applicable Federal Accounting Standards Advisory
Board (FASAB) standards; OMB reporting guidance;
and Treasury Financial Manual, volume 1, part 2,
chapter 4700 (TFM 2-4700), Agency Reporting
Requirements for the Financial Report of the United
States Government (FR).
b) Entity policies and procedures covering the general
accounting and reporting phases (see I.1.c above),
including internal controls.
4) To identify the significant line items, accounts, assertions,
and cycles of intragovernmental activity and balances,
perform the following procedures:
a) Ask entity management to identify the following:
i. The names of all intragovernmental trading partners,
related contracts and agreements, and the volumes
and dollar amounts of intragovernmental activity and
balances with each trading partner.
ii. The nature and terms of all significant
intragovernmental activity and balances.
iii. The intragovernmental differences that Treasury
reported to the entity, are in Treasury’s dispute
resolution process, or are being addressed by
corrective actions that the entity is implementing.
b) Review vendor and customer master file listings, major
contracts, and Intragovernmental Payment and
Collection System (IPAC) activity for intragovernmental
trading partners to determine whether trading partner
codes and other document identifiers are used in
accordance with TFM chapter 4700 appendix 5.
5) To identify the systems/methods for processing, accounting,
and financial reporting of intragovernmental activity and
balances and the likelihood of effective information system
controls (FAM 270), perform the following procedures:
a) Interview the entity’s key management about processes,
for example, the systems/methods that are used to
process intragovernmental activity and balances for
each audit cycle (e.g., IPAC, credit cards, standard
forms used to transfer funds between appropriations,
etc.).
b) Consider coordinating this work with the audit of like
nonfederal (i.e., non-intragovernmental) activity and
balances (i.e., similar transactions by the entity with
parties other than other federal entities).

date
6) Determine and document the intragovernmental materiality
benchmark, materiality, and performance materiality, which
are separate from those calculated for the financial
statement audit (FAM 230.11).
7) Document the significant line items, accounts, assertions,
cycles, and various factors (relating to inherent risk, fraud
risk, and control risk) in the first eight columns of the line item
risk analysis (LIRA) form (FAM 395 H and FAM 902 A) or
equivalent.
II. INTERNAL CONTROL

Understand and document the design effectiveness of key control activities and determine
whether they were implemented effectively. Audit procedures to help identify control activities
(existence, completeness, valuation, rights and obligations, presentation, and disclosure) are
listed below per the general intragovernmental accounting and reporting phases.
Note: Each general phase should include appropriate, effective controls (including documented
policies and procedures). The federal government has been unable to adequately account for
intragovernmental activity and balances (and resolve resulting differences) between federal entities.
This has resulted in a long-standing material weakness at the U.S. government consolidated financial
statement level and is a major impediment to rendering an opinion on the U.S. government’s accrual-
based consolidated financial statements. Consequently, a key control objective is the timely resolution
of intragovernmental differences (control objectives are documented in the specific control evaluation
(SCE) form discussed later).
Phase I: Identifying and recording intragovernmental activity and balances
1) Determine, through inquiries of management, walk-throughs,
reviews of prior years’ documentation, and the following
procedures, how the entity identifies and records
a) Determine whether management reviews the current
OMB, Treasury, and other guidance for identifying and
recording intragovernmental activity and balances and
updates the entity’s policies and procedures, such as by
i. complying with the U.S. Standard General Ledger
(USSGL) at the transaction level by recording (1)
the intragovernmental (i.e., federal) attribute “F,” (2)
one of the intragovernmental domains (“F,” “G,” or
“Z”), and (3) the trading partner identifier code (TFM
2-4700), and
ii. using the correct reciprocal USSGL account
categories in TFM 2-4700. 21
21Reciprocal accounts are offsetting USSGL accounts used by inter-entity trading partners to record transactions
(e.g., a seller’s receivable account and a buyer’s corresponding payable account). Treasury groups these USSGL
accounts into “reciprocal categories,” which Treasury uses to help manage intragovernmental transactions, including
calculating intragovernmental differences between trading partners, assisting entities in resolving differences, and at

date
b) Determine whether the entity (i) identifies trading
partners when transactions are initiated and on all
documentation thereafter and (ii) reviews and approves
the trading partner codes before they are entered into
the system.
c) Determine when the entity recognizes intragovernmental
transactions and what controls are designed and
implemented effectively to reasonably assure that the
entity recognizes the transactions in the same period,
and uses the same accounting methodology, as its
trading partner.
Phase II: Reconciling entity’s records of intragovernmental activity and balances to
those reported by trading partners and resolving intragovernmental
differences (i.e., making adjustments so that differences no longer exist)
after appropriately researching the difference, and/or completing corrective
actions that fixed the cause of the difference, or after Treasury issued a
decision as part of its dispute resolution process. Entities should:
• Coordinate with trading partners to reconcile intragovernmental
activity and balances, and
• Resolve differences by either recording an adjustment in the
entity’s accounting records OR verifying that the trading partner
recorded an adjustment in its accounting records.
2) Determine, through inquiries of management, walk-
throughs, reviews of prior years’ documentation, and the
following procedures, how the entity reconciles its
intragovernmental amounts with its trading partners.
a) Determine whether the entity has established
processes, including routine communication and
confirmations, with each trading partner to reconcile
intragovernmental activity and balances timely.
b) Determine whether management reviews the current
OMB, Treasury, and other guidance for reconciling
intragovernmental activity and balances and updates
the entity’s policies and procedures.
c) Determine how often the entity reconciles its
intragovernmental amounts with its trading partners
(OMB reporting guidance requires reconciliation
throughout the year).
Note: For the reasons discussed at the beginning of
section II: Internal Control, in addition to differences
year-end eliminating intragovernmental amounts from the U.S. government’s consolidated financial statements (TFM
2-4700, appendices 2 and 3).

date
that are significant to the entity, the entity should also
work with trading partners to reconcile differences
that are only significant to the trading partner (i.e.,
not significant to the entity).
d) Determine whether the entity maintains a current
listing of its trading partners and monitors its
reconciliation with those trading partners in order to
assess the entity’s performance in timely reconciling
with its trading partners.
e) Determine whether entity accountants and managers
review journal vouchers recorded by Treasury during
the prior year-end process for the U.S. government’s
consolidated financial statements to determine
whether (i) these differences are still outstanding and
(ii) entity internal controls need to be improved so
that intragovernmental information sent to Treasury
eliminates in consolidation.
f) Determine whether the entity reviews the quarterly
intragovernmental differences reported by Treasury,
and reports to Treasury explanations for its
differences.
g) Determine whether management reviewed and
approved the reasons for any differences identified
and tracked, including any explanations reported to
Treasury.
3) Determine, through inquiry of management, walk-
throughs, reviews of prior years’ documentation, and the
following procedures, how the entity resolves
intragovernmental differences.
processes to resolve intragovernmental differences
timely (OMB reporting guidance requires resolution
of differences throughout the year with differences
resolved by year-end).
Note: In addition to differences that are significant to
the entity, the entity should also work with trading
partners to resolve differences that are only
significant to the trading partner (i.e., not significant
to the entity).
b) Determine whether management reviews the current
OMB, Treasury, and other guidance for resolving
intragovernmental activity and balances and updates
the entity’s policies and procedures.

date
c) Determine whether the entity maintains a current
listing of its differences and whether management
monitors it to assess the entity’s performance in
timely resolving differences.
d) Determine whether management identifies and
approves adjustments before adjusting the
accounting records. If the trading partners agree that
an adjustment is required in the trading partner’s
records, document what procedures management
has to confirm that the trading partner agrees to
record the adjustment.
Phase III: Reporting intragovernmental activity and balances
Note: This phase includes entity financial reporting, GTAS reporting, and reviews of GTAS generated
reclassified financial statements, which are produced by GTAS using the automated trial balance
information submitted by the entities. Significant entities should include a Reclassification of Financial
Statement Line Items for Financial Report Compilation Process note in audited financial statements in
accordance with OMB reporting guidance. Significant entities that are FASB reporters need to also
report the note information and have it audited (see TFM 2-4705.25). Treasury uses this information to
calculate the differences between trading partners on a quarterly basis (which the entities then need to
resolve).
4) For each audit cycle, determine, through inquiries of
management, walk-throughs, reviews of prior years’
documentation, and the following procedures, the entity’s
policies and procedures for reporting intragovernmental
activity and balances.
processes for ensuring appropriate inclusion of
intragovernmental activity and balances in its
b) Determine whether the entity has established
processes for ensuring appropriate reporting of
intragovernmental activity and balances to Treasury
for inclusion in the U.S. government’s consolidated
c) Determine whether management reviews the current
FASAB, OMB, Treasury, and other guidance for
reporting intragovernmental activity and balances
and updates the entity’s policies and procedures.
d) Determine whether the entity has designed and
implemented effective information system controls
over reporting processes such as to reasonably
assure that only appropriate personnel have access
to financial reporting systems including GTAS and
have appropriate roles assigned.

date
e) Determine how the entity eliminates intra-entity
activity from its consolidated financial statements.
Also, determine whether
i. the entity generates year-end reports of all the
intra-entity intragovernmental amounts to be
eliminated from the entity’s financial statements,
and
ii. management reviews and approves the results
of the procedures.
f) Determine whether procedures, such as
reconciliations (matching the data submitted to
Treasury to the entity’s general ledger and/or
subsidiary ledgers), are performed to ensure that the
intragovernmental data included in the agency
financial report or performance and accountability
report and sent to Treasury and are accurate and
complete.
g) Determine the entity’s processes for reviewing its
reclassified financial statement information from
GTAS and preparing the note linking line items on
the entity’s financial statements to line items on the
U.S. government’s consolidated financial statements.
h) Determine whether management reviews and
approves the results of the procedures done to
assess the reports in “f” and “g” above for accuracy
and completeness.
i) Determine whether the entity has developed
processes for resolving differences in year-end
activity and balances as part of its year-end reporting
process.
Note: The status of entity efforts for phase ii is
important to consider as part of the year-end
reporting process. Differences in amounts reported
by trading partners through IPAC, GTAS, or other
system should be resolved by year-end. Information
from these systems, including the GTAS raw data
file, are available to entities. However, Treasury year-
end scorecards for significant entities are not
available until after year-end reporting deadlines.
j) Determine whether management reviews and
approves the results of procedures in “i” above.

date
Other
5) Coordinate with other audit cycles to determine if the
entity has internal control deficiencies related to
intragovernmental activity and balances, including
intragovernmental differences. For example, coordinate
with the FBWT audit to determine if the entity has issues
on its FBWT/IPAC reconciliation, such as material
unresolved differences.
6) Prepare or update the following:
a) Cycle memorandum (FAM 390.05).
b) Flowcharts (FAM 390.05).
c) SCE worksheet (FAM 395 G and FAM 902 B, an
intragovernmental example), or equivalent, to
document the auditor’s evaluation of the design of
control activities.
Note: The SCE is later updated with the results of
testing control activities for operating effectiveness.
d) LIRA forms (FAM 395 H and FAM 902 A, an
intragovernmental example), or equivalent, to record
the auditor’s assessment of the (i) effectiveness of
control activities (from the SCE), (ii) control risk, and
(iii) risk of material misstatement.
e) Assess whether key control activities are designed
effectively (appropriate and consistent with the TFM
2-4700), documented, and implemented effectively.
Note: The auditor should identify the risk of material
misstatement in determining the nature, extent, and
timing of control testing and substantive procedures for
auditing intragovernmental activity and balances and in
evaluating the results of these procedures.
III. TESTING
If the auditor preliminarily determines that the entity’s key control activities are designed and
implemented effectively, the auditor generally should test them to determine whether they are
operating effectively. These procedures should be performed on an interim and year-end
basis.
However, if the auditor preliminarily determines that key controls are not designed effectively
or are not implemented effectively, determine the effect on substantive testing procedures
and whether to report a significant deficiency or material weakness in internal controls in the
audit report. When intragovernmental activity and balances are material, significant additional
work may be necessary to express an unmodified opinion on the financial statements.
Note: Listed below are possible testing procedures. Select procedures that test the key control
activities found to be designed and implemented effectively. In addition, determine when during the

date
year to perform the procedures.
Phase I: Identifying and recording intragovernmental activity and balances
1) Test this phase’s key control activities that are designed and
implemented effectively.
a) Review interagency (i.e., inter-entity) agreements and
test an audit sample of transactions to determine
whether they are recorded in the general ledger in the
proper period and with the proper dollar amount, trading
partner code, domain, attribute, and USSGL account.
b) Test an audit sample of intragovernmental activity and
balances to determine whether they are recorded in the
general ledger in the proper period and with the proper
dollar amount, trading partner code, domain, attribute,
and USSGL account. This includes sending
confirmations to the trading partners to corroborate the
existence, validity, and accuracy of the
c) Reconcile intragovernmental amounts in the general
ledger, by trading partner and reciprocal category, to
those in subsidiary ledgers.
d) Review all JV adjustments recorded from the point of the
signed interagency agreement until liquidation of the
obligation or unfilled customer order.
The following phase I procedures are done only at year-end
e) If misstatements are found (per above procedures),
document the misstatements, determine the potential
effect on the financial statements, and post the
misstatements to the Summary of Uncorrected
Misstatements (FAM 595 C). This is also noted at the
end of phase III.
f) Determine if there are unrecorded transactions and if the
transactions are recorded in the correct period by doing
the following:
i. Coordinating with the FBWT portion of the audit
to review results of the FBWT reconciliation tests.
ii. Searching for unrecorded revenue, accounts

receivable, purchases, and accounts payable.
For example, select invoices XX days after year-
end and trace to shipping records (or evidence of
service performance). Determine whether the
revenue and accounts receivable were recorded
in the correct period. Alternatively, select invoices
from shipping records to trading partners prior to

date
year-end and trace to invoices.
Also, to test the completeness of amounts

recorded as accounts payable at the balance
sheet date, select disbursements after the end of
the audit period and test whether the amounts
were recorded in payables.
Phase II: Reconciling entity’s records of intragovernmental activity and balances to

those reported by trading partners and resolving intragovernmental
differences (i.e., making adjustments so that differences no longer exist)
after appropriately researching the difference, and/or completing
corrective actions that fixed the cause of the difference, or after Treasury
issued a decision as part of its dispute resolution process. Entities
should:
• Coordinate with trading partners to reconcile intragovernmental
activity and balances, and
• Resolve differences by either recording an adjustment in the
entity’s accounting records OR verifying that the trading partner
recorded an adjustment in its accounting records.
Exhibit I to FAM 902 C provides an illustration of a tool that may be used to summarize reconciling
items and prove amounts between a buyer and a seller entity.
a) Review evidence that the entity identified
intragovernmental amounts and then contacted each
trading partner to reconcile intragovernmental amounts.
i. Determine whether each trading partner was
contacted and intragovernmental amounts were
compared in order to identify differences.
ii. Consider sending confirmations to significant
trading partners to corroborate the existence,
validity, and accuracy of the intragovernmental
amount recorded by the entity.
b) For intragovernmental differences identified, determine
whether the entity performed timely research to
determine the reasons for the differences. When the
entity is the receiver of the activity, contact trading
partners for supporting documentation to confirm the
balances. (Note: OMB reporting guidance requires
reconciliation throughout the year with all differences
resolved by year-end.)
If differences were not reconciled (i.e., the reasons for
the differences were not identified), determine why.

date
c) Review evidence of management’s monitoring of the
timely reconciliation of differences to determine whether
management’s monitoring is effective.
d) For intragovernmental differences identified in Treasury
quarterly reconciliations of GTAS submissions,
determine whether the entity researched the differences,
including contacting trading partners and Treasury as
needed, to determine the reasons for the differences.
i. Review and re-perform the entity’s
procedures to ensure that the
intragovernmental differences reports from
Treasury were accurate and complete.
ii. Review the explanations that the entity
provided Treasury to determine whether they
were reasonable and supported.
iii. Verify that the explanations were timely
provided to Treasury (per the schedule in the
TFM 2-4700).
iv. Verify that management reviewed and
approved the results of the procedures in “i”
and “ii” above.
v. Participate in the significant entity’s
teleconferences with Treasury to discuss the
entity’s draft scorecard, paying particular
attention to matters regarding reconciliation
and the identification of causes of
differences.
e) Use auditor judgment to conclude whether the entity
effectively worked with trading partners to reconcile
differences.
3) For any intragovernmental differences identified, determine
whether the differences were timely resolved by either (i)
recording an adjustment in the entity’s accounting records
and/or (ii) verifying that the trading partner recorded an
adjustment in its accounting records. (Note: OMB reporting
guidance requires resolution of differences throughout the
year with all differences resolved by year-end.)
If differences were not resolved by year-end, determine why.
a) Verify that management reviewed and approved the

adjustments before adjusting the accounting records.
b) Trace, from the source documents to the general ledger,
the adjustments that resolved differences.
c) Review the evidence of management’s monitoring of the
timely resolution of differences to determine whether
management’s monitoring is effective.

date
d) Use auditor judgment to conclude whether the entity
effectively worked with trading partners to resolve
differences.
Phase III: Reporting intragovernmental activity and balances
a) Determine whether the entity appropriately summarized
intragovernmental activity and balances in its financial
statements in accordance with relevant U.S. GAAP,
OMB, and Treasury guidance.
b) Obtain a list of the entity’s year-end intra-entity
intragovernmental amounts identified for elimination and
verify for each that
i. an eliminating journal entry was done and
ii. management reviewed and approved the journal

entry prior to booking the adjustment.
c) Read FASAB and OMB reporting guidance to determine

the requirements for reporting intragovernmental
information in the entity’s financial statements. Review
the information to determine whether the entity
complies.
d) Reconcile the intragovernmental data submitted to
Treasury to the entity’s general ledger and/or review and
re-perform other procedures the entity performed to
ensure that the data sent to Treasury was accurate and
complete.
e) Verify that the results of the procedures in “a” and “d”
above were reviewed and approved by management.
f) Verify that entity personnel that accessed financial
reporting systems, including Treasury’s GTAS, to report
the entity’s intragovernmental data were (i) authorized
by the entity to do so and (ii) have role descriptions that
include this work.
g) If the entity determines that it has recurring or
permanent differences with its trading partner (for
example, due to a difference in accounting
methodology), inquire of management how it
communicates this information to Treasury.

date
Other
5) At the conclusion of interim testing, based on the results of
testing, reassess the risk of material misstatement and the
overall audit assurance needed, then revise audit
procedures. If material weaknesses or other significant
deficiencies are identified, consider their implications on this
risk assessment.
6) Analytical procedures: After completing the tests of details,
perform analytical procedures to determine whether
balances are reasonable and reflect appropriate activity. For
example, take the following actions:
a) Develop expectations of the accounts payable and
receivable balances overall or for all significant trading
partners in light of the payment cycle during the year.
Then compare these to the recorded balances and
investigate differences in the recorded balances.
b) Develop expectations of recorded intragovernmental
revenue overall or for all significant trading partners
based on independent data. Then compare these to the
recorded amounts and investigate differences in the
recorded balance.
c) Examine accounting records for large, unusual, or
nonrecurring activity or balances.
7) The auditor may detect misstatements during testing of
intragovernmental activity and balances (i.e., in phase I, a
transaction was recorded with an incorrect amount) and
testing of the entity’s reconciliation or resolution of inter-entity
intragovernmental differences. (i.e., in phase II, the
reconciled intragovernmental differences are those for which
the entity determined cause but did not yet resolve the
differences; therefore, the differences still exists at year-end.
The reconciled yet unresolved intragovernmental differences
that are misstatements are those differences for which
• the entity appropriately researched and reconciled the
difference with its trading partner; however no
adjustment was made to accounting records resulting in
the difference continuing to exist or
• Treasury’s Bureau of the Fiscal Service, as part of its
dispute resolution process, may issue a decision in
which the entity or its trading partner is to adjust its
accounting records; however, this adjustment has not
been made.)
The auditor should document the misstatements, determine
the potential effect on the financial statements, and record

date
the misstatements in the Summary of Uncorrected
Misstatements (see FAM 540 and 595 C).
8) Read the entity’s financial statements and notes and
compare the reported intragovernmental activity and
balances with the test results.
9) Communicate with trading partner entities’ auditors (with
entity permission) to determine whether issues these auditors
identified affect the auditor’s conclusions on
intragovernmental transactions.
10) Summarize the results and propose any adjusting entries
(FAM 595 C).
11) Conclude on whether intragovernmental activity and balances
have been adequately accounted for and properly disclosed
in the financial statements.
12) For journal vouchers identified by Treasury, perform the
following.
a) For journal vouchers identified by Treasury in the prior
year, verify that the entity this year (i) determined why
Treasury, and not the entity, was able to resolve the
differences and (ii) fixed the causes of these
differences so that these differences will not exist at
the end of this year.
b) For journal vouchers that may be proposed by
Treasury this year, verify that the entity has procedures
to ensure that the personnel the entity identified to
review and approve Treasury’s proposed journal
vouchers are (i) authorized by the entity to do so and
(ii) sufficiently knowledgeable and “senior” to make
such a decision.
Reconciliation of Seller Entity Intragovernmental Earned Exhibit I

Revenue with Buyer Entity Cost
Seller Entity – Trading Partner 1
Intragovernmental funds received for each revenue, FY

20XX, From Trading Partner 2 (General Ledger before
adjustment) ......................................................................... $200,000
Less adjustment for timing difference
Funds received but revenue unearned at end

of the current year .................................................... (20,000)
Add adjustment for timing difference The contra accounts for timing
items should also reconcile.
Earned revenue recognized on unbilled work
at the end of the current year ................................... 50,000
Intragovernmental earned revenue – accrual basis, The Seller’s unearned revenue

FY 20XX, from Trading Partner 2 (General Ledger after account (liability) should
adjustment) ........................................................................ $230,000 reconcile with the Buyer’s
prepaid (asset) account.
When reconciled, Seller Revenue and Buyer
Cost must agree after adjustments are recorded
to correct for errors.
Buyer Entity – Trading Partner 2 The Seller’s earned but

unbilled receivable (asset)
Intragovernmental purchases – cash basis, FY 20XX, should reconcile with the
from Trading Partner 1 (General Ledger before Buyer’s accounts payable for
adjustment) ......................................................................... $190,000 unbilled work (liability) account.
Add:
Adjustment for cutoff error identified during

reconciliation process (funds sent to Trading
Partner 1 but not recorded) ..................................... 10,000
Adjustment for completed but unbilled work

at the end of the current year ................................... 50,000
Less:
Funds paid in the current year, but amount

prepaid at end of current year ................................. (20,000)
General ledger after adjustment for Trading Partner 1 230,000
Less:
When reconciled and adjusted, Seller
Reconciling item for purchases inventoried at Revenue and Buyer Cost may not agree
end of the current year ............................................. (50,000) because of timing differences. This
difference should be resolved by year-
Intragovernmental purchases included in cost – accrual end.
basis, FY 20XX, from Trading Partner 1 ............................. $180,000
903 – Auditing Cost Information

.01 FAM 903 provides general guidance for auditors on identifying cost information
and planning audit procedures. The auditor should coordinate these procedures
with procedures for auditing various line items and accounts. The auditor is
generally concerned about cost information for the following reasons:
• The auditor should obtain sufficient evidence to determine whether costs are
presented fairly in entity financial statements and are appropriately classified,
such as between intragovernmental and non-intragovernmental costs or by
designated programs. Proper classifications of costs at the entity level also
contribute to proper classification of costs in the consolidated financial
statements of the U.S. government.
• For Chief Financial Officers Act of 1990 (CFO Act) agencies, the auditor must
evaluate whether agency financial management systems comply substantially
with the three requirements of FFMIA, including applicable federal accounting
standards, such as cost accounting standards.
• Although the auditor does not opine on the MD&A, cost information is
important to the MD&A, particularly as it relates to developing performance
measures. The relevant accounting standard for cost information is SFFAS 4,
Managerial Cost Accounting, as amended by SFFAS 55, Amending Inter-
Entity Cost Provisions. These standards are relevant both to external
financial reporting and to cost information for internal management reporting.
The Effect of SFFAS 4 and SFFAS 55
.02 SFFAS 4, as amended by SFFAS 55, establishes the concepts and standards for
providing reliable and timely information on the full cost of federal programs, their
activities, and outputs. The objectives of managerial cost information specified in
SFFAS 4 are as follows:
• To provide program managers with relevant and reliable information relating
costs to outputs and activities. With this information, program managers
should understand the costs of the activities they manage. The cost
information should assist them in improving operational efficiency.
• To provide relevant and reliable cost information to assist the Congress and
executives in making decisions about allocating federal resources,
authorizing and modifying programs, and evaluating program performance.
• To provide consistency between costs reported in general purpose financial
reports and costs reported to program managers. This includes standardizing
terminology to improve communication among federal organizations and
users of cost information.
.03 The first two objectives primarily address the managerial use of cost information
in improving operating efficiency and cost-effectiveness, making planning and
budgeting decisions, and measuring performance. The third objective primarily
addresses external financial reporting, which can be achieved by reporting cost

information in financial statements that is consistent with costs generated by the
cost accounting process. Because of the differences in the three objectives,
some requirements in SFFAS 4 are relevant to managerial decision making and
operations improvement, while some requirements are relevant to external
financial reporting.
.04 The cost accounting concepts section of SFFAS 4 (paras. 41-66) establishes the
overall goals of cost accounting for federal agencies. Managerial cost accounting
should be a fundamental part of the financial management system and, to the
extent practicable, be integrated with the other parts of the system. Managerial
costing should use a basis of accounting, recognition, and measurement that is
appropriate for the intended purpose. Cost information developed for various
purposes should be drawn from a common data source, and output reports
should be reconcilable to each other.
.05 The five fundamental standards for managerial cost accounting set forth in
SFFAS 4 (paras. 67-162) are important for the auditor. These standards will lead
to the development of accurate and consistent cost information for internal and
external reporting by federal agencies. The five standards are as follows:
Requirement for cost accounting: Each reporting entity is to accumulate and

regularly report the cost of its activities for management information.
Responsibility segments: Management of each reporting entity is to define and

establish responsibility segments and report the costs of each segment’s
outputs.
Full costs: Reporting entities are to report the full costs of outputs, which is the
total amount of resources used to produce an output, including direct and
indirect costs.
Inter-entity costs: Each entity’s costs are to incorporate the full cost of goods
and services received from other entities. SFFAS 55 allows flexibility for
reporting imputed costs for non-business activities. Specifically, with the
exception of imputed inter-entity costs for personnel benefits and the
Treasury Judgment Fund settlements or as otherwise directed by the
Office of Management and Budget, imputed inter-entity costs for non-
business type activities are not required to be recognized. Although not
required to do so, an entity may still elect to recognize imputed cost and
corresponding imputed financing for other types of inter-entity costs related
to non-business type activities.
Costing methodology: The costs of resources that directly or indirectly

contribute to the production of outputs are to be accumulated and
assigned to outputs using appropriate methodologies. (FAM 903.07)
Audit Procedures for Financial Statement Opinion
.06 As part of understanding the entity’s operations, the auditor generally should
obtain an overview of how the entity applies FASAB cost standards. This may be
done by inquiry, observation, and walk-through procedures. The auditor generally

should determine what substantive testing procedures of the cost accounting
system are appropriate and may coordinate testing with other control and
substantive procedures. Based on the understanding of entity operations, the
auditor should determine whether the statement of net costs is designed to
include all costs of entity programs. Also, in testing the statement of net costs,
the auditor generally should test the financial statement assertions related to
costs, including whether expenses are properly classified in the statement of net
costs. Consistent with FAM 395 B, examples of subassertions related to costing
follow.
EXISTENCE OR OCCURRENCE
• Occurrence/validity—(1) Recorded costs, underlying goods and services
received, and related processing procedures are authorized by federal laws,
regulations, and management policy. (2) Recorded costs are approved by
appropriate individuals in accordance with management’s general or specific
criteria. (3) Recorded costs exist for goods and services received and are
properly classified.
• Cutoff—Costs recorded in the current period represent goods and services
received during the current period.
• Summarization—(1) The summarization of recorded costs is not overstated.
(2) Costs are assigned to appropriate classifications in the financial
statements.
COMPLETENESS
• Transaction completeness—All valid costs are recorded and properly
classified.
• Cutoff—All goods and services received in the current period are recorded in
the current period.
• Summarization—The summarization of recorded costs is not understated.
ACCURACY/VALUATION
• Accuracy—Costs are recorded at correct amounts.
• Valuation—Costs are valued in the financial statements using an appropriate
valuation basis.
• Measurement—Costs included in the financial statements are properly
measured.
PRESENTATION AND DISCLOSURE

• Account classification—Cost accounts are properly classified and
described in the financial statements.
• Consistency—Costs in financial statements are based on accounting
principles that are applied consistently from period to period.
• Disclosure—Financial statements and notes contain all information required
to be disclosed.

.07 SFFAS 4 discusses three methods of assigning costs: directly tracing costs,
assigning costs on a cause-and-effect basis, and allocating costs on a
reasonable and consistent basis. Although the standard discusses these three
methods in relation to assigning costs to responsibility segments and outputs, the
methods are also applicable to assigning costs to financial statement line items in
the statement of net costs, generally by program, and in the notes by budget
functional classification. The different methods of assigning costs may require
different auditing procedures for determining whether costs are properly
classified in the statement of net costs by program.
.08 For directly traced costs (such as materials used in production or employees who
worked on an output), the auditor generally should test whether costs were
assigned to the appropriate program and/or budget functional classification.
.09 In some cases, costs may be assigned on a cause-and-effect basis, by grouping

costs into cost pools where an intermediate activity may be a link between the
cause and the effect. For example, an information technology department may
provide support to other departments. The information technology department
may assign costs to other departments on a cause-and-effect basis by first
assigning costs to an intermediate activity, such as hardware installation or
software design. The costs in these pools may then be further assigned to other
departments based on their use of these technical services.
In auditing these types of costs, the auditor generally should test whether costs
are assigned to the appropriate cost pool (e.g., hardware installation or software
design) and also whether costs are appropriately summarized in the pool. When
costs are assigned to other departments, the auditor generally should test
whether costs assigned are based on appropriate usage information, cost
assignments are reasonable and consistent, and they are mathematically
accurate.
.10 If it is not economically feasible to either directly trace or assign costs on a

cause-and-effect basis, the entity may allocate costs. This is commonly done
with costs such as general management, depreciation, rent, maintenance,
security, and utilities that various segments use. These costs are generally
accumulated in cost pools and allocated to segments or outputs (or programs or
budget functional classifications) using a cost driver, such as number of
employees, square footage of office space, or amount of direct costs incurred in
segments.
In auditing these allocated costs, the auditor generally should test whether the
costs are assigned to the appropriate cost pool and summarized appropriately.
The auditor also generally should determine whether the allocation basis is
reasonable and consistent, the mathematical allocation is correct, and an
allocation is appropriate in the circumstances.
.11 The entity exercises professional judgment in determining the line item and
programs to include in its statement of net costs. The auditor generally should
consider whether such classifications are reasonable in the circumstances and to
ensure that cost assignment methods and procedures are reasonable and
documented.

.12 For audits of the CFO Act agencies, the auditor must evaluate whether agency
financial management systems comply substantially with the three requirements
of FFMIA (see FAM 110.02 and FAM 701). To determine compliance with
SFFAS 4 and SFFAS 55 for the purposes of FFMIA, the auditor generally should
ask the following questions (which relate to the standards discussed in FAM
903.05):
a. Has the agency defined its responsibility segments to delineate costs?
b. Does the agency properly accumulate full costs by those responsibility
segments?
c. Has the agency accounted for the full costs (including inter-entity costs) of
products, services, or outputs to be externally reported at the entity-wide
level?
d. Has the agency accounted for the full cost of resources that contribute to the
production of outputs by individual responsibility segment using appropriate
costing methodologies? (See FAM 903.07.)
e. Has the agency reported full costs in the year-end financial statements on the
accrual basis of accounting?
f. Are costs reported for external financial reporting and those reported for
internal management reporting consistent and reconcilable?
g. How does management determine compliance with FFMIA?
The auditor generally should combine this inquiry with the procedures in FAM
903.06, and consider the outcome in concluding about compliance with the cost
accounting requirements under FFMIA. Also, the auditor generally should review
evidence supporting management’s assertions in response to these questions,
as further discussed in FAM 701.
Management’s Discussion and Analysis (MD&A)
.13 The auditor does not provide an opinion on the MD&A and this information is
unaudited. Thus, the auditor’s main concern is consistency of this information,
rather than testing the reliability of the cost data in the MD&A. The auditor
generally should read the MD&A for consistency with the financial statements
and with the auditor’s knowledge of the entity. The auditor generally limits data
testing to data in the financial statements, as discussed in FAM 903.06, not the
data in the MD&A. The auditor may use analytical procedures to determine the
reasonableness of cost data in the MD&A. Based on this comparison, the auditor
should determine whether additional testing is needed.

904 – Disclosure Entities, Related Parties, and Public-Private Partnerships
904 – Disclosure Entities, Related Parties, and Public-Private

Partnerships
.01 Under FASAB standards, organizations are considered to be related parties if the
existing relationship or one party to the existing relationship has the ability to
exercise significant influence over the other party’s policy decisions. In the
federal government, there are additional relationships that present risks similar to
related parties, as defined by FASAB. These include disclosure entities and
public-private partnerships. Consequently, while AU-C 550 addresses only
related parties, the auditor should extend the audit procedures in AU-C 550 to
disclosure entities; public-private partnerships; and other relationships,
transactions, and balances that present similar risks. The requirements for
relationships and transactions with disclosure entities, related parties, and public-
private partnerships are discussed in FAM 280.07, FAM 550.15, and below in
FAM 904.04 through .10. Note that FASAB and the Financial Accounting
Standards Board (FASB) provide different definitions for related parties.
Procedures pertaining to disclosure entities and public-private partnerships do
not apply to entities issuing financial statements in accordance with FASB
accounting standards.
In addition, there may be similar risks of material misstatement related to

intragovernmental transactions and balances. Generally, the FAM addresses
intragovernmental transactions and balances separately given their significance
and prevalence. For example, see FAM sections 230, 902, 921, and 1001.
.02 As discussed in FAM 420, the auditor is to design and perform audit procedures
whose nature, timing, and extent respond to the assessed risks of material
misstatement, including risks arising from the entity’s failure to appropriately
account for or disclose relationships, transactions, or balances with disclosure
entities, related parties, and public-private partnerships.
.03 With respect to disclosure entities, related parties, and public-private

partnerships, the objectives of the auditor are to do the following (AU-C 550.09):
a. Obtain an understanding of the relationships and transactions sufficient to be

able to
i. recognize fraud risk factors, if any, arising from those relationships and
transactions that are relevant to the identification and assessment of the
risks of material misstatement due to fraud and
ii. conclude, based on the audit evidence obtained, whether the financial
statements, insofar as they are affected by those relationships and
transactions, achieve fair presentation.
b. Obtain sufficient appropriate audit evidence about whether the relationships

and transactions have been appropriately identified, accounted for, and
disclosed in the financial statements.

Further, the nature of relationships and transactions with disclosure entities,
related parties, and public-private partnerships may, in some circumstances, give
rise to higher risks of material misstatement of the financial statements than
transactions with unrelated parties (AU-C 550.03). For example,
• disclosure entities, related parties, and public-private partnerships may

operate through an extensive and complex range of relationships and
structures, with a corresponding increase in the complexity of the
transactions involved;
• information systems may be ineffective at identifying or summarizing

transactions and outstanding balances between an entity and its disclosure
entities, related parties, and public-private partnerships;
• transactions with disclosure entities, related parties, and public-private

partnerships may not be conducted under normal market terms and
conditions (for example, some transactions may be conducted with no
exchange of consideration); and
• transactions with disclosure entities, related parties, and public-private

partnerships may be motivated solely or in large measure to engage in
fraudulent financial reporting or conceal misappropriation of assets.
.04 The auditor should inspect the following for indications of the existence of
relationships or transactions with disclosure entities, related parties, and public-
private partnerships that management has not previously identified or disclosed
to the auditor (AU-C 550.17):
• bank and legal confirmations obtained as part of the auditor’s procedures,
• minutes of meetings of those charged with governance and summaries of

actions of recent meetings for which minutes have not yet been prepared,
and
• other records or documents considered necessary in the circumstances.
.05 If the auditor identifies significant unusual transactions (i.e., those outside the
entity’s normal course of business), the auditor should inquire of management
about the following (AU-C 550.18):
• the nature of these transactions and
• whether disclosure entities, related parties, or public-private partnerships

could be involved.
Further, if the auditor identifies fraud risk factors (including circumstances relating
to the existence of a disclosure entity, related party, or public-private partnership
with dominant influence) when performing the risk assessment procedures in
FAM 260 and related activities in connection with such entities, the auditor
should consider such information when identifying and assessing the risks of
material misstatement due to fraud (AU-C 550.21).

.06 The auditor should design and perform further audit procedures to obtain
sufficient appropriate audit evidence about the assessed risks of material
misstatement associated with relationships and transactions with disclosure
entities, related parties, and public-private partnerships. The auditor should
evaluate whether the entity has properly identified these relationships and
transactions. Evaluating whether an entity has properly identified these
relationships and transactions involves more than assessing the entity’s process.
The evaluation should include procedures to test the accuracy and completeness
of the relationships and transactions that the entity identified, taking into account
the information gathered during the audit. (AU-C 550.22)
.07 The auditor should perform procedures on balances with disclosure entities,
related parties, and public-private partnerships as of concurrent dates, even if
fiscal years of the respective entities differ. The procedures performed should
address the risks of material misstatement associated with the entity’s accounts
with these entities. (AU-C 550.23)
.08 If the auditor identifies arrangements or information that suggests the existence
of relationships or transactions with disclosure entities, related parties, or public-
private partnerships that management has not previously identified or disclosed
to the auditor, the auditor should determine whether the underlying
circumstances confirm the existence of those relationships or transactions (AU-C
550.24).
.09 If the auditor identifies disclosure entities, related parties, or public-private

partnerships or significant transactions with them that management has not
previously identified or disclosed to the auditor, the auditor should perform the
• Promptly communicate the relevant information to the other members of the

engagement team.
• Request that management identify all transactions with the newly identified
disclosure entities, related parties, and public-private partnerships for the
auditor’s further evaluation.
• Inquire why the entity’s controls over relationships and transactions with
disclosure entities, related parties, and public-private partnerships failed to
identify or disclose those relationships or transactions.
• Perform appropriate substantive audit procedures relating to such newly

identified disclosure entities, related parties, and public-private partnerships
or significant transactions with them.
• Reconsider the risk that other disclosure entities, related parties, and public-
private partnerships or significant transactions with them may exist that
management has not previously identified or disclosed to the auditor and
perform additional audit procedures as necessary.
• Evaluate the implications for the audit if management’s nondisclosure

appears intentional (and therefore indicative of a risk of material
misstatement due to fraud).

.10 For identified significant transactions with disclosure entities, related parties, and
public-private partnerships that are required to be disclosed in the financial
statements or determined to be a significant risk, the auditor should perform the
• Read the underlying contracts or agreements, if any, and evaluate whether
o the business purpose (or lack thereof) of the transactions suggests that
they may have been entered into to engage in fraudulent financial
reporting or to conceal misappropriation of assets,
o the terms of the transactions are consistent with management’s

explanations, and
o the transactions have been appropriately accounted for and disclosed.
• Obtain audit evidence that the transactions have been appropriately

authorized and approved.
If management has made an assertion in the financial statements to the effect

that a transaction with a disclosure entity, related party, or public-private
partnership was conducted on terms equivalent to those prevailing in an arm’s
length transaction, the auditor should obtain sufficient appropriate audit evidence
about the assertion (AU-C 550.27).

905 – Accounting Estimates

.01 As discussed in FAM 420, the auditor is to design and perform audit procedures
whose nature, timing, and extent are responsive to the assessed risks of material
misstatement, including risks related to accounting estimates, at the financial
statement and assertions levels. Certain accounting estimates may require
review by accounting specialists. Auditors should refer to AU-C 300.12 and FAM
620. In addition to those procedures, AU-C 540 requires specific responses at
the assertion level for accounting estimates. The auditor should determine
• whether management has appropriately applied the requirements of U.S.

GAAP relevant to the accounting estimate;
• whether the methods for making the accounting estimates are appropriate
and have been applied consistently; and
• whether changes from the prior period, if any, in accounting estimates or the
method for making them are appropriate (e.g., based on a change in
circumstances or new information) (AU-C 540.12, .A52, and .A58).
.02 The auditor should perform one or more of the following, taking into account the
nature of the accounting estimate (AU-C 540.13; see AU-C 540.A60 through
.A101 for additional guidance):
• Determine whether events occurring up to the date of the auditor’s report

provide audit evidence regarding the accounting estimate.
• Test how management made the accounting estimate and the data on which
it is based. In doing so, the auditor should evaluate whether
o the method of measurement used is appropriate in the circumstances,
o the assumptions used by management are reasonable in light of the

measurement objectives of U.S. GAAP, and
o the data on which the estimate is based are sufficiently reliable for the
auditor’s purposes.
• Test the operating effectiveness of the controls over how management made
the accounting estimate, together with appropriate substantive procedures.
• Develop a point estimate or range to evaluate management’s point estimate.

For this purpose,
o if the auditor uses assumptions or methods that differ from

management’s, the auditor should obtain an understanding of
management’s assumptions or methods sufficient to establish that the
auditor’s point estimate or range takes into account relevant variables and
to evaluate any significant differences from management’s point estimate
and

o if the auditor concludes that it is appropriate to use a range, the auditor
should narrow the range, based on audit evidence available, until all
outcomes within the range are considered reasonable.
.03 In determining the matters identified in FAM 905.01 or in responding to the

assessed risks of material misstatement in accordance with FAM 905.02, the
auditor should consider whether specialized skills or knowledge with regard to
one or more aspects of the accounting estimates is required in order to obtain
sufficient appropriate audit evidence (AU-C 540.14).
.04 The auditor should review management’s judgments and decisions in making
accounting estimates to identify whether indicators of possible management bias
exist. Examples of indicators include (1) the selection of significant assumptions
that yield an estimate favorable for management’s objectives; (2) consistently
overstating or understating components of the financial statements, such as total
assets or total expenditures; and (3) changes in an estimate or method because
management has subjectively (arbitrarily) assessed a change in circumstances.
Indicators of possible management bias may affect the auditor’s conclusion on
the financial statements but do not, themselves, constitute misstatements for the
purposes of drawing conclusions on the reasonableness of individual accounting
estimates (see FAM 540.10). When indicators exist, the auditor may need to
consider the implications on the risk assessment and related responses. (AU-C
540.21, .A133, and .A134)
.05 For accounting estimates with significant risks, the auditor should evaluate the
• how management has considered alternative assumptions or outcomes and

why it has rejected them, or how management has otherwise addressed
estimation uncertainty in making the accounting estimate;
• whether the significant assumptions (those in which a reasonable variation

would materially affect the amount of the estimate) used by management are
reasonable; and
• when relevant to the reasonableness of the significant assumptions used by

management or the appropriate application of U.S. GAAP, management’s
intent to carry out specific courses of action and its ability to do so.
.06 For accounting estimates with significant risks and when the auditor determines
that management has not adequately addressed the effects of estimation
uncertainty, the auditor should, if considered necessary, develop a range with
which to evaluate the reasonableness of the accounting estimate (AU-C 540.16).
.07 For accounting estimates with significant risks, the auditor should obtain
sufficient appropriate audit evidence about whether the following are in
accordance with U.S. GAAP (AU-C 540.17):
• management’s decision to recognize or not recognize the accounting

estimates in the financial statements and
• the selected measurement basis for the accounting estimates.

When management has recognized an accounting estimate, the auditor’s
evaluation is on whether the measurement of the estimate is sufficiently reliable
to meet the recognition criteria of U.S. GAAP. If the estimate has not been
recognized, the auditor’s evaluation is on whether the recognition criteria of U.S.
GAAP have, in fact, been met. (AU-C 540.A119 through .A120)
.08 The auditor should evaluate, based on the audit evidence, whether the
accounting estimates in the financial statements are either reasonable in the
context of the financial reporting framework (U.S. GAAP) or are misstated (AU-C
540.18). Additionally, the auditor should evaluate whether management’s
estimates, while individually reasonable, consistently overstate or understate
components of the financial statements, such as total assets or total
expenditures, and indicate that possible management bias exists in the
accounting estimates. If so, the auditor should evaluate the effects on the
financial statements in addition to any uncorrected misstatements when
determining the appropriate type of opinion. Further guidance on uncorrected
misstatements, see FAM 540.
.09 The auditor should obtain sufficient appropriate audit evidence about whether the
disclosures in the financial statements related to accounting estimates are in
accordance with the requirements of U.S. GAAP (AU-C 540.19).

921 – Auditing Fund Balance with Treasury (FBWT)

.01 FAM 921 provides guidance to the auditor when auditing FBWT accounts. A
federal entity’s FBWT account (USSGL account 1010) is an asset account,
unique to the U.S. government, representing the aggregate amount of funds from
which the entity is authorized to make expenditures and pay liabilities. From the
reporting entity’s perspective, FBWT is an asset because it represents the
entity’s claim to the federal government’s resources.
.02 Entities record their budget authority in FBWT accounts with an offsetting amount
to unexpended appropriations (USSGL account series 3100). FBWT increases
as funding is obtained (for example, through appropriations, nonexpenditure
transfers, or offsetting collections 22) and decreases as amounts are disbursed
(for example, through cash or intragovernmental payments). Most entities have
multiple FBWT accounts funded by different appropriations that are included in
the financial statement FBWT line item. 23 Treasury maintains the Federal
Accounting Symbols and Titles Book (FAST Book), which lists receipt,
appropriation, and other fund account identifiers, symbols, and titles that
Treasury assigns.
.03 Federal entities may also maintain specific types of FBWT accounts, such as
those for collections pending litigation; amounts awaiting determination of the
proper accounting disposition; or moneys that the entity is holding in the capacity
of a banker or agent for others, such as nonentity, trust, or escrow accounts.
Certain funds may also be earmarked for specific purposes or restricted as to
use.
.04 Federal entities may also have FBWT balances in clearing or suspense accounts
as a result of unidentified and unclassified transactions. Clearing and suspense
accounts are used to temporarily record transactions prior to recording them in
the proper FBWT account. The suspense account is used because the proper
FBWT account could not be determined at the time the transaction was recorded.
When the proper account is determined, the amount should be moved from the
suspense account to the proper account.
.05 In the federal government, Treasury serves as the central banker. Most entities
use the banking services provided by Treasury’s Fiscal Service and therefore do
not keep cash in commercial bank accounts. Entities that use Treasury’s systems
to process their collections and disbursements and report their FBWT activity to
Treasury’s Central Accounting Reporting System (CARS) when transactions
occur are considered full CARS reporters. Fiscal Service compares the daily
22Offsetting collections are those authorized by law to be credited to appropriation or expenditure accounts.
Governmental receipts such as income tax collections are generally not available for expenditure by federal entities;
spending authority must be granted through appropriations acts or other statutes. All receipts that are not earmarked
by law for specific purposes are recorded in general fund receipt accounts, which are not included in federal entity
FBWT.
23Appropriations may be annual, multiyear, or no year.

cash activity processed through Treasury’s collection and disbursement systems
with Federal Reserve Bank records to ensure the accuracy of Treasury’s records
in CARS. Full CARS reporters also report some information, such as adjustments
or other supplementary information, directly to CARS using the Classification
Transactions and Accountability (CTA) module in CARS. These entities should
reconcile collection and disbursement activity recorded in their general ledger
with FBWT activity reported to CARS.
.06 Some entities have authority to collect or disburse funds on their own behalf, and
some maintain separate commercial bank accounts in U.S. or foreign currency.
These non-CARS reporters report monthly collection and disbursement totals to
CARS through the CTA module (Standard Forms 1219/1220 or 1218/1221). 24
These entities should reconcile collection and disbursement activity recorded in
their general ledger directly with banking system reports and other information as
appropriate. CTA submissions should be generated using entity general ledger
records of FBWT activity. These entities also receive monthly statements of
differences (Standard Form 6652) via CARS when collection and disbursement
totals reported through the CTA module do not agree with totals of collections
and disbursements reported to CARS through Treasury’s collection and
disbursement systems. 25
.07 Most federal entities use Treasury’s IPAC system as the primary tool for
electronically billing and/or paying for services and supplies within the U.S.
government. IPAC reports detailed or summary intragovernmental collection and
disbursement information to CARS on a daily basis.
.08 Treasury maintains CARS for government-wide accounting and reporting. CARS
provides the following functions relevant to the FBWT reporting process:
• Captures appropriation, 26 collection and disbursement (including

intragovernmental), and other FBWT activity by Treasury Account Symbol 27
and Agency Location Code. 28
• Allows federal entities access to transaction information reported through

Fiscal Service collection and disbursement systems and other sources to
support research and reconciliation of Fiscal Service and entity FBWT
records.
24Treasury is transitioning federal entities to full CARS reporting of collection and disbursement activity. This daily
reporting will eliminate the need for non-CARS reporters to report FBWT activity monthly using the CTA module
except in the case of some adjustments or other supplementary information.
25The transition to full CARS reporting will reduce the occurrence of and need to resolve monthly statements of
differences.
26Fiscal Service records appropriation authority in CARS using annual appropriations acts and other relevant
statutes.
27The FAST Book lists federal entity Treasury Account Symbols.
28The Agency Location Code is a unique four-digit or eight-digit numerical identifier for each federal entity that is used
for reporting collection and disbursement activity. Federal entities must have valid Agency Location Codes to process
transactions for authorized Treasury Account Symbols.

• Provides statements of differences for differences between information

reported by federal entities via the CTA module and information reported to
CARS by other Treasury collection and disbursement systems.
• Provides federal entities with FBWT account statements. Treasury provides

these statements by Treasury Account Symbol and Agency Location Code,
and the statements include a roll forward of the previous month’s balance; the
current month’s activity; and other account activity, such as supplemental
appropriations, rescissions, nonexpenditure transfers, and activity reported by
other entities. Entities can use these reports to reconcile FBWT.
.09 Regular reconciliation of entity FBWT records with Treasury records is a key
control in maintaining the accuracy and reliability of entity FBWT records.
Effective reconciliations serve as a detection control for identifying unauthorized
and unrecorded transactions at the entities and at Treasury. Reconciliations are
also important in preventing entity disbursements from exceeding appropriated
amounts and providing an accurate measurement of the status of available
resources.
.10 To obtain a further understanding of entity’s accounting and reporting for FBWT,
the auditor may refer to
• Fiscal Service’s external website at

https://www.fiscal.treasury.gov/fsservices/gov/acctg/cars/cars_home.htm
(accessed on May 1, 2023);
• OMB Circular No. A-136, Financial Reporting Requirements;
• SFFAS 1, Accounting for Selected Assets and Liabilities; and
• entity accounting policies and procedures for FBWT accounts.
Audit Issues
.11 Since most assets, liabilities, revenues, and expenses stem from or result in cash
transactions, misstatements in the collection or disbursement activity recorded in
the FBWT account affect the accuracy of year-end FBWT balances. They also
affect the accuracy of several entity financial statements, including the balance
sheet, the statement of net costs, and the statement of budgetary resources.
Further, these misstatements affect the integrity of entity budget execution
reports and various U.S. government accounts and reports.
.12 The amount of funds available for expenditure from each appropriation may
contain material misstatements for entities with ineffective processes and
controls over FBWT accounts. For example, entities may not have effective
processes to properly record and reconcile collection and disbursement activity in
their FBWT accounts, may arbitrarily adjust accounts to the amounts reported by
Treasury, or may record differences in suspense accounts without adequately

researching the causes of the differences. Unreconciled differences recorded in
suspense accounts could represent transactions that the entity has not properly
recorded to the appropriate accounts. Additionally, the entities’ failure to
reconcile their FBWT accounts timely makes it more difficult to identify and
resolve intragovernmental differences as time passes and to identify erroneous
or fraudulent transactions in time for entities to take appropriate actions.
.13 Implementation of CARS reporting by federal entities is expected to vary. 29 The

changing environment during this transition period increases the audit risk
associated with FBWT as federal entities resolve outstanding statements of
differences and transition from monthly to daily reporting to CARS.
Audit Approach
.14 Auditors should obtain and fully document their understanding of entity FBWT
accounting, FBWT procedures, and the FBWT control environment, including the
information system processing and security controls over systems that report or
transact FBWT activities or balances, to determine the level of audit procedures
required.
.15 Auditors should determine the effects of their respective entities’ implementation
of CARS reporting early in the audit to understand the risk presented during the
transition period. To design effective and efficient audit procedures during this
transition period, auditors should fully understand the status of CARS reporting at
their respective entities and the processes and procedures their entities use
during the year of the audit. This includes how agencies resolve outstanding
statements of differences during the transition to full CARS reporting.
.16 Auditors should design FBWT audit procedures that include tests of collection
and disbursement activity that flows through the FBWT accounts. These
procedures should include steps to determine whether the entities
• properly and timely record collection and disbursement activity in their FBWT
accounts;
• research and resolve the underlying causes of differences between amounts

reported by Treasury and by entities, including the collection and
disbursement activity flowing through the FBWT accounts, as well as the
monthly account balances, and make the proper adjustments; and
• timely and properly clear suspense account balances.
This includes testing whether the entities have properly reconciled and
classified the items that were recorded in suspense accounts and verifying
that the entities accurately performed all of the reconciliation, aging, and CFO
confirmation of balance requirements for these accounts. The auditor should
29The transition to full CARS reporting for federal entities has been primarily accomplished. Treasury continues to
transition federal entities to full CARS reporting for their daily collection and disbursement activity.

also obtain an understanding of the entities’ procedures for recording and
tracking adjustments to suspense accounts going forward and assess the
effect of suspense items on the entities’ FBWT at fiscal year-end.
.17 Auditors should determine the magnitude of the entities’ gross unreconciled
differences at year-end by analyzing their aggregate absolute values and the
resulting effect on the financial statements. Since each difference represents a
potential misstatement, the roll-up and netting of charges and credits can
significantly understate the total outstanding differences.
.18 Since FBWT is an intragovernmental item, except for fiduciary or other

nonfederal non-entity FBWT, auditors should incorporate FBWT as part of
procedures for auditing intragovernmental activity and balances (see FAM
section 902).
Practice Aids
.19 The following practice aids are presented as appendixes to FAM 921 to assist
the auditor in auditing FBWT:
• FAM 921 A – Example Line Item Risk Analysis (LIRA) for Fund Balance with
Treasury.
• FAM 921 B – Example Specific Control Evaluation (SCE) for Fund Balance
with Treasury. A single SCE of the line item/account-related accounting
application for FBWT is presented. There are transaction-related accounting
applications listed on the LIRA that affect FBWT, such as collections and
disbursements, which would require further description in the transaction-
related SCE.
• FAM 921 C – Example Audit Procedures for Fund Balance with Treasury.

921 A – Example Line Item Risk Analysis for Fund Balance with Treasury
ENTITY: XYZ Entity (XYZ) PREPARER & DATE_______________________
LINE ITEM RISK ANALYSIS FORM
DATE OF FINANCIAL STATEMENTS: 9/30/xx REVIEWER & DATE_______________________
FILE: _____________
LINE ITEM: Fund Balance With Treasury

Line Item Financial Inherent Risk Fraud Risk Control Risk Mitigating Factors Cycle/ Effectiveness Control Risk of Timing Nature & Extent Audit Plan
Statement Factors Factors Factors Accounting of Control Risk Material I/F Testing
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12) (13) (14)
FBWT $XX,XXX Existence or Inherent risk Fraud risk Control risk arises Entities reconcile recorded Cycles: Test budget
occurrence arises from the arises from from the budget authority with authority
high volume of entity (1) highly appropriation language and Revenue reconciliations,
transactions personnel decentralized law, Treasury warrants, and Payroll FBWT activity and
flowing through being structure of entity, funding transfers in CARS. Budget balance
this account. motivated to which may reduce Treasury reconciliations, and
disburse management’s Entities perform effective controls over
funds for knowledge of and FBWT reconciliations, adjustments to
including ensuring that entity Applications:
personal control over FBWT.
benefit. operations; personnel responsible for FBWT Analyze effect of
(2) significant authorizing collections and Collections unresolved
weaknesses in disbursements are not the Disbursements reconciling items at
general controls same as those responsible year-end.
over the for reconciling and resolving
automated FBWT differences. Prepare lead
systems on which schedule of
Entity staff record general ledger
the entity relies adjustments where
extensively to accounts that
appropriate to resolve constitute FBWT,
process collection and disbursement
transactions; and analytically review
differences, and supervisors with prior-year
(3) lack of review any adjustments
adequate data, and resolve
made. causes of
management
oversight of the Management has developed unexpected
reconciliation system accounting rules for changes.
process. general ledger system Test IS controls.
summarization of FBWT
transactions by Treasury
Account Symbol.

(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12) (13) (14)
Completeness Same as Same as Same as Same as existence. Cycles:
existence. existence. existence.
Revenue
Payroll
Budget
Treasury
Applications:
FBWT
Collections
Disbursements
Accuracy, Same as Same as Same as Same as existence. Cycles: Test budget

valuation, and existence. existence existence authority
allocation Revenue reconciliations,
Payroll FBWT activity and
Budget balance
Treasury reconciliations, and
Applications: controls over
adjustments to
FBWT FBWT. Analyze
Collections effect of
Disbursements unresolved
reconciling items at
year-end.
Test IS controls
Rights Inherent risk No significant Same as Same as existence. Treasury Review support for
arises from the fraud risk existence. recorded
high number of factors are appropriation and
appropriation and identified. budgetary
budgetary accounts included
accounts, in the FBWT line
including certain item.
special funds and
trust funds that do Review note
not belong to the disclosure.
entity. Because
these nonentity
accounts are

(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12) (13) (14)
maintained in the
same system
used to maintain
entity accounts
and financial
activity, there is a
risk that these
accounts will be
inappropriately
charged and be
included in the
FBWT line item.
Presentation No significant No significant Same as The Chief Financial Officer, Treasury Review FBWT-
and Disclosure inherent risk fraud risk existence. Reports and Analysis Branch related financial
factors identified. factors Chief, and Chief Accountant statement line
identified. review the financial items and note
statements for consistently disclosures for
applied accounting conformity with
principles. applicable
standards, and
trace amounts
reported in
financial statement
line items and note
disclosures to
general ledger and
supporting detailed
records.
Line Item $XX,XXX

Total
921 B – Example Specific Control Evaluation for Fund Balance with Treasury
ENTITY: XYZ INTERNAL CONTROL TESTING PHASE SIGN-OFFS
PHASE SIGN-OFFS
DATE OF FIN. STMTS: 9/30/xx SPECIFIC CONTROL EVALUATION
Preparer & Date: Prepare & Date:
ACCOUNTING APPLICATION: Fund Balance FILE: __________
with Treasury Primary Review & Date: Primary Review & Date:
SPECIFIC CONTROL EVALUATION: FUND BALANCE WITH TREASURY

Accounting Relevant Assertions in Potential Internal Control Internal Control Activities Type of ICA: INTERNAL CONTROL TESTING
Application Related Groups of Misstatement in Objectives (ICO) (ICA) PHASE PHASE
Assertion Accounts 30 Accounting IS,
Application Is the ICA Audit Is the ICA Is the ICO Audit Plan
Manual (M), or
Assertions Designed and Doc. Operating Achieved? Testing Step 32
Both IS and Implemented Ref. Effectively?
Manual (M) Effectively? 31
FBWT Various
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12)
Existence or Existence Existence or Existence:
occurrence completeness
1. Recorded FBWT 1a. Recorded FBWT 1a1. Budget Authority B Y/N Y/N Y/N
does not exist as amounts exist as of Reconciliation: Entity
of a given date. a given date. reconciles recorded
budget authority with
appropriation language
and law, Department of
the Treasury (Treasury)
warrants, and funding
transfers in the
30The third column is for use when the effects of the accounting application on the line items are different. For example, misstatements in the existence or occurrence assertion for cash receipts typically result in
misstatements in the existence assertion for cash and in the completeness assertion for accounts receivable (see Financial Audit Manual (FAM) 330.04).
31In this column, the auditor references the audit documentation supporting the conclusion.
32In
this column, the auditor references the audit procedures in the control testing audit plan (and information systems audit plan, as applicable) that were designed to test each effective control determined to be relevant.
Such tests will involve inquiry, observation, inspection, or a combination thereof.

Manual (M), or
FBWT Various
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12)
Centralized Accounting
Reporting System
(CARS).
1a2. Transaction M Y/N Y/N
Reconciliation: Entity
reconciles FBWT
collection and
disbursement activity
with Treasury disbursing
office, entity disbursing
center, banking system,
Intragovernmental
Payment and Collection
(IPAC) system, or other
collection and
disbursement processing
systems, depending on
the entity’s processes.
1a3. For entities that disburse B Y/N Y/N

funds on their own behalf
and maintain cash,
and/or check stock on
hand, entities maintain
control activities over
collection and
disbursement activity
processed through the
banking system and
IPAC.
1a4. Entity staff reconcile M Y/N Y/N

between entity general
ledger and Treasury
records (CARS FBWT
account statements).

Manual (M), or
FBWT Various
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12)
1a5. Entity staff reconcile M Y/N Y/N
collection and
disbursement data
reported to CARS,
including from Treasury
disbursing offices and
through the CARS Cash
Transaction
Accountability module, to
the applicable general
ledger accounts.
1a6. Entity staff track and B Y/N Y/N

resolve collection and
disbursement differences
identified during the
FBWT reconciliation or
reported on Treasury
statements of
differences.
Management reviews
the tracking and
resolution of differences.
1a7. Entity staff record B Y/N Y/N

adjustments where
appropriate to resolve
collection and
disbursement
differences, and
supervisors review any
adjustments made.

Manual (M), or
FBWT Various
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12)
1a8. Entity staff track and M Y/N Y/N
resolve collection and
disbursements recorded
in suspense or clearing
accounts. Management
reviews the tracking and
resolution of transactions
posted to suspense or
clearing accounts.
1b. Recorded FBWT, at 1b. Management has B Y/N Y/N Y/N

a given date, is developed system
supported by accounting rules for
appropriate detailed general ledger system
records that are summarization of FBWT
accurately transactions by Treasury
summarized and Account Symbol.
reconciled to the
account balance.
1c. Access to critical 1c. Management has M Y/N Y/N Y/N

forms, records, and written policies
processing and regarding computer and
storage areas file access levels.
permitted only in
accordance with
laws, regulations,
and management's
policy.
1d. FBWT is recorded in 1d. Same as activities listed B Y/N Y/N Y/N
the proper accounts. under 1a.

Manual (M), or
FBWT Various
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12)
2. Cutoff: 2a. Transactions and Same as 1a2, 1a3, and 1a4. Y/N Y/N Y/N
Transactions and events recorded in
events are the current period
recorded in the actually occurred in
current period but the current period.
occurred in a
different period.
3. Summarization: 3a. The summarization 3a. Management has B Y/N Y/N Y/N
Transactions are of recorded developed system
summarized transactions is not accounting rules for
improperly, be overstated. general ledger system
resulting in an summarization of FBWT
overstated total. transactions by Treasury
Account Symbol.
Completeness Complete- Completeness Account completeness:
ness or existence
4. FBWT exists but 4a. FBWT that should Same as existence. Y/N Y/N Y/N
is not recorded in have been recorded
the proper period has been recorded 4a1. Entity staff reconcile the M Y/N Y/N
or accounts, or is in the proper period FBWT line item
omitted from the and accounts, and crosswalk that includes
financial properly included in all general ledger FBWT
statements. the financial accounts to those in the
statements. Federal Account
Symbols and Titles
(FAST) Book.
4a2. Entity staff request an M Y/N Y/N

Agency Location Code in
accordance with
Treasury policies.

Manual (M), or
FBWT Various
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12)
5. Cutoff: 5a. All transactions and Same as 1a2, 1a3, and 1a4. Y/N Y/N Y/N
transactions and events that occurred
events occurred in the current period
in the current are recorded in the
period but are current period.
recorded in a
different period.
6. Summarization: 6a. The summarization 6a. Management has B Y/N Y/N Y/N
Transactions are of recorded developed system
summarized transactions is not accounting rules for
improperly, understated. general ledger system
resulting in an summarization of
understated total. collections and
disbursements by
Treasury Account
Symbol.
Accuracy/ Accuracy Accuracy Accuracy:

valuation
7. FBWT collection 7a. FBWT transactions Same as existence. Y/N Y/N Y/N
and have been
disbursement appropriately
transactions have recorded.
not been
appropriately
recorded.
Rights and Rights Rights Ownership:

obligations
8. Recorded FBWT 8a. Entity owns Same as 1a1. Y/N Y/N Y/N
is owned by recorded FBWT.
others.

Manual (M), or
FBWT Various
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12)
Rights:
9. Entity does not 9a. The entity holds or Same as 1a1. Y/N Y/N Y/N
hold or control controls the rights to
the rights to FBWT at a given
recorded FBWT date.
because of
appropriation
restrictions.
Presentation and Disclosure Disclosure Presentation:
disclosure
10. Financial or other 10a. Financial or other Same as existence. Y/N Y/N Y/N
information in the information in the
financial financial statements 10a. The Chief Accountant M Y/N Y/N
statements related to FBWT is reviews the FBWT
related to FBWT appropriately account analysis and
is not aggregated or crosswalk to the
appropriately disaggregated and financial statements
aggregated or clearly described. against the Treasury
disaggregated or Financial Manual
clearly described. Supplement–U.S.
Standard General
Ledger (sec. V).
Presentation Presentation Consistency:

11. The financial 11a. FBWT is based on 11a. The Chief Financial M Y/N Y/N Y/N
statements accounting Officer (CFO), Reports
components of principles that are and Analysis Branch
FBWT are based applied consistently Chief, and the Chief
on accounting from period to Accountant review the
principles period. financial statements for
different from consistently applied
those used in accounting principles.
prior periods.

Manual (M), or
FBWT Various
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12)
Disclosure Disclosure Disclosure:
12. Note disclosures 12a. Note disclosures 12a. The CFO, Reports and M Y/N Y/N Y/N
related to FBWT related to FBWT Analysis Branch Chief,
are not are appropriately and the Chief
appropriately measured and Accountant review the
measured or described, and financial statements for
described, or relevant and consistently applied
relevant and understandable in accounting principles
understandable the context of the and required
in the context of requirements of disclosure.
the requirements U.S. GAAP. All
of U.S. GAAP. note disclosures
Not all note that should have
disclosures that been included in
should have the financial
been included in statements have
the financial been included.
statements have Disclosed
been included. transactions and
Disclosed events have
transactions and occurred and
events did not pertain to the
actually occur or entity.
pertain to the
entity.

Manual (M), or
FBWT Various
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12)
Various Various Various Segregation of duties: 33
13. The entity is 13a. Persons are 13a. Entity personnel Y/N Y/N Y/N
exposed to loss prevented from responsible for
of assets and having uncontrolled processing collections
various potential access to both and disbursements are
misstatements, assets and records. not the same as those
including certain responsible for
of those above, reconciling FBWT.
as the result of
inadequate
segregation of
duties.
Safeguarding:
14. The entity is 14a. Entity assets are Not applicable to FBWT. N/A N/A N/A N/A N/A
exposed to loss controlled to
of assets and prevent
various potential unauthorized
misstatements as removal from the
a result of entity's premises.
inadequate
safeguarding.
33Segregation-of-duties controls are a type of safeguarding control and are often crucial to the effectiveness of controls, particularly over liquid, readily marketable assets that are highly susceptible to theft, loss, or
misappropriation.

Manual (M), or
FBWT Various
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12)
Laws, Regulations, Contracts, and Grant Agreements: 34
15. The entity has 15a. Compliance: The 15a1. Entity Chief Counsel M Y/N Y/N Y/N
not complied with entity complied with identifies the laws,
all laws, all laws, regulations, contracts,
regulations, regulations, and grant agreements
contracts, or contracts, or grant affecting FBWT.
grant agreements agreements that
that have a direct have a direct effect 15a2. Management has B Y/N Y/N
effect on the on the developed system
determination of determination of rules for the
material amounts material amounts summarization of
and note and note FBWT transactions by
disclosures. disclosures. Treasury Account
Symbol in accordance
with appropriation act
or other statutory
authority.
34The auditor may either commingle compliance controls (including budget) with financial reporting controls to the extent relevant, list them separately in this section, or present each of these types of controls in a separate SCE.
(See FAM 800 for examples of compliance SCEs for laws and regulations included in OMB guidance and other general laws.) If the auditor chooses to list the compliance controls separately in this section, the auditor begins by
inserting relevant control objectives and documents the effectiveness of the design and operation of the control activities in achieving the control objectives.
921 C – Example Audit Procedures for Fund Balance with Treasury
921 C – Example Audit Procedures for Fund Balance with

Treasury
Entity ________________________________________________________________
Period of financial statements _____________________________________________
Job code _____________________________________________________________
Procedures Initials/ Doc.

date ref.
I. Planning and Internal Control Phase
1) To obtain an understanding of the entity’s environment,

internal control over fund balance with Treasury (FBWT)
accounting, and reconciliation process in the planning and
internal control phase of the audit, the auditor may perform the
following steps:
a) Identify the entity’s FBWT accounting and reporting

procedures and applicable accounting guidance.
b) Read prior-year audit documentation, financial

statements, and related audit reports to determine if
there were any audit issues, matters for further
consideration, significant deficiencies, or material
weaknesses related to FBWT.
c) Identify FBWT line item general ledger accounts and

analytically review with prior-year data.
d) Interview key entity staff about their FBWT procedures

and key controls.
e) Determine how, in conjunction with work performed on

other audit cycles, the entity processes FBWT
collections and disbursements, either through Treasury
disbursing offices, entity disbursing centers, Federal
Reserve Bank systems, or a combination of these.
f) Obtain an understanding of the significant accounting

systems and key internal controls used in reporting and
accounting for FBWT activity and balances.

date ref.
g) Obtain an understanding and walk through entity internal

controls over its FBWT reconciliation process, including
procedures for aging and timely resolving unreconciled
differences, and determine whether reconciliation
controls have been implemented effectively.
h) Identify suspense and clearing accounts that the entity

uses that contain unreconciled differences and
determine if transactions are identified and removed
from these accounts to the proper accounts in a timely
manner.
i) Determine whether the entity is properly accounting for

the FBWT line item in accordance with U.S. GAAP by
having the entity complete FAM 2010, Federal Financial
Reporting Checklist.
j) Document results in a cycle memo, walk-through,

specific control evaluation, line item risk analysis, matter
for further consideration, or other documents as
appropriate.
II. Testing Phase
2) In the testing phase of the audit, the auditor may design an

audit program that includes steps to determine whether the
entity does the following:
a) Properly and timely records and reports collection and

disbursement activity in its FBWT accounts.
i. In conjunction with work performed on other cycles,

perform testing to determine whether the entity
reconciles FBWT collection and disbursement
activity with Treasury disbursing office, entity
disbursing center, banking system,
Intragovernmental Payment and Collection system,
or other reporting sources, depending on the
entity’s processes.
ii. Perform testing to determine whether FBWT

collection and disbursement transactions were
recorded in the appropriate FBWT accounts in the
entity’s general ledger system.
iii. Review entity FBWT general ledger account

records (for all entity Treasury Account Symbols
and Agency Location Codes) to identify any

date ref.
transactions recorded that were not included in
testing in conjunction with other cycles, and if
transactions were not included, determine whether
additional transaction testing is needed.
iv. Perform testing of FBWT information reported

through Treasury’s Central Accounting Reporting
System (CARS) Cash Transaction Accountability
module to ensure that the information is reported
consistent with entity general ledger system
records.
b) Appropriately records and reviews any adjustments

recorded to FBWT accounts.
c) Periodically and at year-end, reconciles its FBWT

accounts and researches and resolves the underlying
causes of differences between Treasury FBWT reports
(such as CARS FBWT account reports) and entity
records (including the collection and disbursement
activity flowing through the FBWT accounts and the
account balances each month) and reviews and makes
any needed adjustments timely.
d) Timely and properly investigates clearing and suspense

account balances.
e) At year-end, performs procedures to determine the

materiality of gross unreconciled differences and
suspense or clearing account balances by analyzing the
aggregate absolute values and resulting effect on the
financial statements. (As each difference represents a
potential misstatement, the roll-up and netting of charges
and credits can significantly understate the total
outstanding differences.)
f) Includes nonexpenditure transactions, such as

appropriation warrants, transfers, and rescissions.
g) Discloses the status of accounts, such as open, expired,

or canceled, and whether each account is appropriately
included in the FBWT line item.

date ref.
III. Reporting Phase
3) Prepare lead schedule of general ledger accounts that

constitute FBWT.
4) To assess whether the presentation of the financial

statements and notes for the FBWT line item are in
accordance with U.S. GAAP, the auditor may determine
whether the entity has done the following:
a) Disclosed and explained material unreconciled

differences in the notes to the financial statements.
b) Disclosed material unreconciled differences that were

written off by the entity during the fiscal year in the notes
to the financial statements.
c) Disclosed material restrictions.
d) Concluded that proposed audit adjustments are either

booked or were determined to be immaterial and were
attached to the management representation letter (see
FAM 1001).
e) Determined that the entity is properly reporting and

disclosing the FBWT line item in accordance with U.S.
GAAP by having the entity complete FAM 2010, Federal
Financial Reporting Checklist.
5) Other audit procedures for FBWT may include tests of entity
• fund controls,
• reconciliations of proprietary and budgetary amounts,
• compliance with significant provisions of applicable laws

and regulations, and
• year-end reporting to Treasury and OMB.
Note: These audit procedures are not intended to be all inclusive. They do not include all audit
work over FBWT accounts, such as
• cash on deposit bank accounts and petty cash (imprest) funds and
• steps to test the specific requirements and/or compliance with selected provisions
of applicable laws and regulations related to certain types of FBWT accounts.
931 – Auditing Heritage Assets and Stewardship Land

.01 Heritage assets are property, plant, and equipment (PP&E) that are unique for
one or more of the following reasons:
• historical or natural significance;
• cultural, educational, or artistic (or aesthetic) importance; or
• significant architectural characteristics.
Heritage assets consist of two types. Collection type heritage assets involve
objects gathered and maintained for exhibition and would include, for example,
museum collections, art collections, and library collections. Noncollection type
heritage assets would include, for example, parks, memorials, monuments, and
buildings.
.02 Stewardship land comprises land and land rights owned by the federal
government but not acquired for or in connection with items of general PP&E.
Examples of stewardship land include land used as forests and parks and land
used for wildlife and grazing. It excludes natural resources (for example,
minerals, timber, and petroleum) related to the land.
.03 Some investments in heritage assets (e.g., national parks) will also meet the
definition of stewardship land and be considered and reported as both heritage
assets and stewardship land. Such reporting would not be considered
duplication, as the type of information reported by physical unit would be different
for each category of stewardship asset.
.04 Heritage assets may in some cases be used to serve two purposes—a heritage
function and general government operations. In cases where a heritage asset
serves two purposes, the heritage asset should be considered a multiuse
heritage asset if the predominant use of the asset is in general government
operations. For example, the main Treasury building in Washington, D.C., is
used primarily as an office building. This multiuse asset would be considered
general property, capitalized on the balance sheet, and depreciated. Heritage
assets having an incidental use in government operations are not multiuse
heritage assets; they are simply heritage assets.
.05 Per SFFAS 29, Heritage Assets and Stewardship Land, entities’ balance sheets
should reference a note that discloses information about heritage assets and
stewardship land, but no dollar amount is shown. At a minimum, entities are to
present in a note disclosure a description of major categories of assets, physical
unit information for the end of the reporting period, physical units added and
withdrawn during the reporting period, and a description of the methods of
acquisition and withdrawal.

Entities are also required to disclose information about stewardship policies and
an explanation of how heritage assets and stewardship land relate to the mission
of the entity. The standard also includes disclosure requirements applicable to
the U.S. government’s consolidated financial statements, which must provide a
general discussion of heritage assets and stewardship land and direct users to
the applicable entities’ financial statements for more detailed information on
these assets.
SFFAS 29, as amended by SFFAS 59, Accounting and Reporting of Government

Land, for fiscal years 2022 through 2025, requires entities to report certain
information as required supplementary information (RSI) that includes general
PP&E land and stewardship land acreage by predominant use.
.06 To obtain a further understanding of the accounting and reporting requirements

(including recognition and measurement, note disclosure, and RSI), the auditor
should refer to SFFAS 29, including applicable SFFAS 59 amendments.
Audit Approach
.07 The auditor should develop an audit approach by identifying the extent of
heritage assets and stewardship land at the entity being audited. The auditor
should then obtain and fully document an understanding of this property in the
entity’s accounts, accounting systems, and related policies and procedures. The
auditor should also understand the control environment for this property,
including the information system processing and security controls over systems
that report or transact activities or balances, to determine the audit procedures
required.
.08 Heritage assets and stewardship land will vary by entity, and the auditor should
use professional judgment to design the audit procedures for a particular entity
after considering the types of heritage assets and stewardship land, the entity’s
accounts, materiality, audit risks, and the internal control environment. The
auditor may consider the example audit procedures provided below both in
auditing this property and in developing new procedures.
Planning Phase
.09 To obtain an understanding of entity heritage assets and stewardship land in the
planning phase of the audit, the auditor may do the following:
• Obtain an understanding of significant accounting and auditing issues and

read the entity’s prior year annual report (e.g., performance and
accountability report or agency financial report).
• Read applicable SFFAS (i.e., SFFAS 29, including applicable SFFAS 59

amendments) and OMB reporting guidance for accounting for, reporting on,
and disclosing of heritage assets and stewardship land.
• Understand and document the entity’s policies for identifying heritage assets
and stewardship land separate from multiuse heritage assets and other

general PP&E, and indicate how the designation of heritage assets and
stewardship land relates to the entity’s mission.
• Understand and document the entity’s procedures for identifying,

categorizing, accounting for, reconciling, and reporting heritage assets and
stewardship land. Note that SFFAS 29 allows the entity flexibility in
designating categories by determining a meaningful level of aggregation for
reporting and selecting physical units aligned with those categories based on
the entity’s mission and types of heritage assets and how it manages those
assets.
• Understand and document the entity’s methodology for acquisition and

withdrawal of heritage assets and stewardship land during the reporting
period.
• Identify and understand the impact of systems/methods for classifying,

accounting for, and processing transactions related to heritage assets and
stewardship land by interviewing the entity’s key personnel and identifying
and understanding its systems and methods for processing transactions.
• Acquire expertise related to the assets being audited (e.g., expertise in

valuation of multiuse heritage assets). Refer to AU-C 300.12 and FAM 620.
Internal Control Phase
.10 To understand the internal controls that the entity has implemented for
identifying, accounting for, and reporting heritage assets and stewardship land,
the auditor may take the following actions:
• Determine, through inquiries of management, walk-throughs, inspections of

documents, reviews of prior years’ documentation, and other means
applicable to the entity, the entity’s process for identifying, classifying, and
reporting heritage assets and stewardship land, specifically, the following:
a. Whether the entity has an authorization process and the related control
procedures for acquisition and withdrawal transactions related to heritage
assets and stewardship land.
b. How the entity has instituted a consistent methodology for categorizing

heritage assets and stewardship land based on the entity’s mission and in
accordance with SFFAS 29.
c. How the entity records acquisitions and withdrawal transactions in the

accounting system and performs reconciliations between the accounting
system and the asset accountability system. In accordance with SFFAS
29, costs related to the acquisition, improvement, reconstruction, and
renovation of heritage assets/stewardship land are recognized in the
statement of net cost for the period in which the costs are incurred. These
include all costs incurred to prepare the item for its intended use.
d. Whether the entity maintains transaction logs or detailed records of

transactions to facilitate the reconciliation process and whether the logs

include sufficient information to enable identification and location of
e. How the entity classifies and records transfers of heritage assets and
stewardship land to/from other federal entities.
f. How the entity classifies and records donation or devise 35 of heritage

assets and stewardship land.
g. Whether the entity implements internal control to safeguard collection

type heritage assets.
h. Whether the entity separates and capitalizes multiuse heritage assets.

The cost of acquisition, improvement, reconstruction, or renovation of
multiuse heritage assets should be capitalized as general PP&E and
depreciated over its useful life.
i. Whether and how the entity conducts periodic physical inventories

designed to verify the existence, location, and condition of all property
listed in the accounts and to verify the completeness of recorded units.
• Prepare or update the cycle memorandum, flowchart, LIRA form, and SCE
worksheet (see FAM 390, FAM 395 H, and FAM 395 G).
Testing Phase
.11 For heritage assets and stewardship land, if the auditor preliminarily determines
that the entity’s internal controls are designed and implemented effectively, the
auditor should test the operating effectiveness of such controls and perform
substantive procedures. The audit objectives for substantive procedures as
follows:
• Determine the existence of recorded heritage assets and stewardship land.
• Determine the completeness of recorded heritage assets and stewardship

land.
• Determine the entity’s ownership rights to record these assets as heritage

assets and stewardship land in accordance with SFFAS 29.
• Determine the clerical accuracy of unit schedules for additions and deletions.
• Determine that the aggregation and categorizations of physical units are in

accordance with guidelines established in SFFAS 29. For example, the
Department of the Interior has reported the number of federal parks, instead
of the number of acres those parks comprise, as physical units.
35A will or clause of a will disposing of property.

• Determine that the presentation and disclosure of heritage assets and

stewardship land and the note disclosures are in accordance with SFFAS 29.
.12 Existence. To determine the existence of heritage assets and stewardship land,
the auditor may take the following actions:
• Obtain a summary analysis of changes in heritage assets and stewardship

land (i.e., beginning balance, additions, deletions, and ending balance) in the
current fiscal year and reconcile these to supporting schedules. During a first-
year audit, the auditor should test the beginning balance for over- and
understatement.
• Test an audit sample of additions during the year by comparing the additions
to the original documentation, such as contracts, deeds, work orders, and
invoices.
• Make physical inspections of an audit sample of acquisitions. The auditor

should coordinate physical inspections with the appropriate entity staff,
particularly when visiting nonfederal repositories that hold federal museum
collections. This will ensure that visits are efficient and productive and that
relationships between repositories and the entity are maintained.
• Examine supporting documents on an audit sample of disposals.
.13 Completeness. The auditor may determine the completeness of recorded

heritage assets and stewardship land by tracing transactions recorded in
supporting schedules to the asset accountability system. The auditor may also
perform additional procedures, such as inquiries and field inspections. Usually,
there are few changes to heritage assets and stewardship land during the year,
and the auditor should investigate significant changes in balances. Since cutoff
errors are not a major risk in establishing the completeness of recorded assets, if
the auditor is satisfied with the beginning balances and verifies the acquisition
and withdrawals of the current period, the auditor may have sufficient appropriate
evidence about the ending balance.
.14 Rights and obligations. To determine the entity’s ownership rights to record
property as heritage assets and stewardship land, the auditor may do the
following:
• Examine FASAB definitions of heritage assets and stewardship land,

historical documents, and compliance procedures to determine the entity’s
ownership rights to record the property as heritage assets and stewardship
land (as opposed to another federal entity).
• Examine documents, such as public records, property deeds, property tax

bills (or exceptions), and other documents specific to the entity’s
documentation of legal ownership, to determine legal ownership.
Documentation of ownership may be in a variety of formats, including
permits, reports, and associated records that indicate where natural
resources were recovered from public lands.

• Examine the entity’s statements showing the assets’ direct link to the entity’s
mission. Auditors may perform this procedure to gain more information about
the entity’s assets, rather than to determine which assets are properly
included in the heritage assets and stewardship land category.
.15 Accuracy. To determine the accuracy of unit schedules for heritage assets and
stewardship land additions and deletions, the auditor may do the following:
• Agree subsidiary ledger for additions and deletions to controlling accounts

and examine detailed supporting documentation.
• Determine the propriety and accuracy of recorded transfers and donations,

examine subsidiary ledgers, and agree them to detailed supporting
documentation.
• Recompute footings and extensions in detailed documentation and summary

analysis.
.16 Classification. To determine the aggregation, unitization, and categorization of

physical units for heritage assets and stewardship land, the auditor may do the
following:
• Examine entity documentation and methodology for categorization of units to

determine whether the entity’s aggregation/categorization and physical unit of
measure are appropriate, based on the entity’s mission, how the entity views
the asset for management purposes, types of heritage assets, and materiality
considerations. The entity should designate asset categories that are
meaningful and reflect how it views assets for management purposes. It
would also be helpful if entities documented the reasoning for categorization.
• Determine whether the results of testing and the nature of misstatements

indicate that the auditor should reassess the risk of material misstatement
and revise procedures.
Reporting Phase
.17 To determine the proper reporting, presentation, and disclosure of heritage

assets and stewardship land, the auditor may review the balance sheet for the
appropriate note reference and determine whether these items are properly
reported and correctly classified as heritage assets and stewardship land in
accordance with SFFAS 29. The auditor should also read the note disclosures
and determine whether the entity reported the following:
• disclosure of how the heritage assets and stewardship land relate to the
entity’s mission;
• description of stewardship policies;
• description of each major category of heritage asset and stewardship land
use;
• disclosure of the number of physical units by major category, the number of
physical units by major category acquired and withdrawn, and a description of
the major methods of acquisition and withdrawal;

• discussion of multiuse heritage assets; and

• a reference to deferred maintenance and repairs information reported as RSI.
The auditor should summarize the results and determine if adjustments are
necessary, and conclude on whether heritage assets and stewardship land have
been adequately accounted for and properly disclosed in the financial
statements. The auditor should also determine if the entity included, as part of
RSI, certain information relating to general PP&E land and stewardship land
acreage by predominant use in accordance with SFFAS 59. See FAM 550.21
through .22 for the procedures the auditor should apply to the RSI.

Substantive Procedures Implementation Guidance
941 – Auditing the Statement of Social Insurance and the Statement of Changes in Social
Insurance Amounts
941 – Auditing the Statement of Social Insurance and the

Statement of Changes in Social Insurance Amounts
.01 The Statement of Social Insurance is required to be audited, along with certain
social insurance disclosure information, while other social insurance information
is to be presented as unaudited RSI. The Statement of Changes in Social
Insurance Amounts is required to be audited and reconciles the beginning and
ending open group measures presented in the Statement of Social Insurance
and presents the components of the changes in the open group measure from
the end of the previous reporting period. 36 FAM 941 provides auditors with
guidance for auditing the Statement of Social Insurance and the Statement of
Changes in Social Insurance Amounts in accordance with GAGAS. 37 Auditors
should also see the AICPA’s Statement of Position (SOP) 04-1, Auditing the
Statement of Social Insurance, and the AICPA’s Clarified Statements on Auditing
Standards (SAS) Nos. 122 through 127.
.02 FASAB has established accounting requirements for the Statement of Social
Insurance and the related Statement of Changes in Social Insurance Amounts
through various SFFAS requirements. The financial statements affected are
those of federal entities responsible for Social Security, Medicare, Railroad
Retirement, and Black Lung programs as well as the U.S. government’s
consolidated financial statements. For periods beginning after September 30,
2005, the Statement of Social Insurance is to be presented as a basic financial
statement with the underlying significant assumptions included in note
disclosures that are presented as an integral part of the financial statements. For
periods beginning after September 30, 2010, the Statement of Changes in Social
Insurance Amounts is to be presented as a basic financial statement with the
underlying significant changes to be disclosed on the face of the Statement of
Changes in Social Insurance Amounts or included in note disclosures that are
presented as an integral part of the financial statements.
.03 FASAB standards for social insurance programs require entities’ financial
statements and the U.S. consolidated federal financial statements to report the
following for the Statement of Social Insurance:
a. the estimated present value of the income/revenue to be received from or on

behalf of the following groups during a projection period sufficient to illustrate
the long-term sustainability of the social insurance programs for
• current participants who have not yet attained retirement age,
36The open group measure is the net present value of all expenditures to or on behalf of the open group population
(persons who, as of a valuation date, are or will be participants in a social insurance program) and all contributions or
other income/revenue from or on behalf of the open group population over a given projection period.
37Collectively, the Statement of Social Insurance, the Statement of Changes in Social Insurance Amounts, and the
Statement of Long-Term Fiscal Projections (only applicable at government-wide level) are referred to as sustainability

Insurance Amounts
• current participants who have attained retirement age, and
• individuals expected to become participants;
b. the estimated present value of the benefit payments to be made during that
same period to or on behalf of the groups listed in item (a) above;
c. the estimated net present value of the cash flows during the projection period
(the income/revenue described in item (a) above over the expenditures
described in item (b) above, or the expenditures described in item (b) above
over the income/revenue described in item (a) above);
d. in notes to the Statement of Social Insurance, the following:
• the accumulated excess of all past cash receipts, including interest on

investments, over all past cash disbursements within the social insurance
program, represented by the fund balance at the valuation date;
• an explanation of how the net present value referred to in item (c) above
is calculated for the closed group; 38
• comparative financial information for items (a), (b), (c), and d (1) above
for the current year and for each of the 4 preceding years; and
• the significant assumptions used in preparing the estimates.
.04 FASAB standards for social insurance programs require entities and the
consolidated federal financial statements to report the following for the Statement
of Changes in Social Insurance Amounts:
a. The significant components of the changes in the open group measure from
the end of the previous reporting period and the amounts associated with
each type of change.
b. The reasons for the changes, including explanations of the most significant
changes, in notes on the face of the Statement of Changes in Social
Insurance Amounts or in the notes that are presented as an integral part of
the financial statements.
c. An explanation of the reasons for the most significant changes in the open
group measure during the reporting periods in the entity’s MD&A. In addition,
the entity’s MD&A should discuss the closed group measure in the narrative
and explain how it differs from the open group measure and the significance
of the difference.
38The closed group is defined as those persons who, as of a valuation date, are participants in a social insurance
program as beneficiaries, covered workers, or payers of earmarked taxes or premiums.

Insurance Amounts

.05 FASAB has issued the following standards for reporting on social insurance
programs of federal entities.
• SFFAS 17, Accounting for Social Insurance, effective for periods beginning
after September 30, 1999, presents accounting standards for federal social
insurance programs covering Social Security (Old-Age, Survivors, and
Disability Insurance), Medicare (Hospital Insurance (Part A), Supplementary
Medical Insurance (Part B), and Prescription Drug Benefit (Part D)), 39
Railroad Retirement, and Black Lung benefits and Unemployment Insurance.
Social insurance programs covered by SFFAS 17 have five common
characteristics:
1. financing from participants or their employers,
2. eligibility from taxes or fees paid and time worked in covered

employment,
3. benefits not directly related to taxes or fees paid,
4. benefits prescribed in law, and
5. program intended for the general public.
• SFFAS 25, Reclassification of Stewardship Responsibilities and Eliminating

the Current Services Assessment, requires the Statement of Social Insurance
to become a basic audited financial statement. It also provides that certain
information about social insurance programs required by SFFAS 17 be
reported in audited notes or as unaudited RSI, rather than as unaudited
required supplementary stewardship information. In accordance with SFFAS
28, the effective period was deferred 1 year from fiscal year 2005 to fiscal
year 2006.
• SFFAS 26, Presentation of Significant Assumptions for the Statement of

Social Insurance: Amending SFFAS 25, requires that the underlying
significant assumptions relating to the Statement of Social Insurance be
included in audited notes with other information required by SFFAS 17—
including the sensitivity analysis—be presented as RSI, except to the extent
that the preparer elects to include some or all of that information in audited
notes. In accordance with SFFAS 28, the effective period was deferred 1 year
from fiscal year 2005 to fiscal year 2006.
• SFFAS 28, Deferral of the Effective Date of Reclassification of the Statement

of Social Insurance: Amending SFFAS 25 and 26, deferred the effective
39The Medicare Prescription Drug, Improvement, and Modernization Act of 2003, Pub. L. No. 108-173, 117 Stat.
2066 (Dec. 8, 2003), created a new prescription drug benefit under Medicare Part D, which is also covered by SFFAS
17.

Insurance Amounts
dates of SFFAS 25 and SFFAS 26 for 1 year to the fiscal year ended
September 30, 2006.
• SFFAS 37, Social Insurance: Additional Requirements for Management’s

Discussion and Analysis and Basic Financial Statements, effective for periods
beginning after September 30, 2010, requires that in addition to the current
requirements of SFFAS 17, entities that present a Statement of Social
Insurance
• include in one section of the MD&A information about costs, assets,

liabilities, social insurance commitments, budget flows, and long-term
fiscal projections;
• include in the MD&A a table or other singular presentation of key

measures drawn from the basic financial statements;
• add a section to the Statement of Social Insurance that summarizes the

net present values of cash flows and presents certain subtotals and
totals;
• present a Statement of Changes in Social Insurance Amounts that

indicates the reasons for the changes in the open group measure from
the end of the previous reporting period; and
• when comparative financial statements are presented, presentation of two

Statements of Changes in Social Insurance Amounts, one for the current
reporting period, and one for the previous reporting period.
SFFAS 17 is amended to conform to changes in SFFAS 37.
.06 Auditors generally should follow the FAM methodology contained in the planning,
internal control, testing, and reporting phases in FAM 200 through 500 and the
audit guidance included in SOP 04-1. SOP 04-1 provides guidance for auditing
the Statement of Social Insurance and the related Statement of Changes in
Social Insurance Amounts. 40
.07 As permitted by AU-C 600, a group auditor may fulfill the requirements of SOP
04-1 by using work that other component auditors have performed in conformity
with the provisions of SOP 04-1. For example, for the Old-Age Survivors and
Disability Insurance (OASDI) program, the group auditor of the consolidated
financial statements of the U.S. government may use the work and report of the
component auditor of the Social Security Administration’s Statement of Social
Insurance and related Statement of Changes in Social Insurance Amounts.
.08 According to AU-C 540.06, the auditor should obtain sufficient appropriate audit
evidence about whether accounting estimates in the financial statements are
40Theuser of SOP 04-1 should consider updates to the relevant accounting and auditing standards, including the
AICPA’s SAS Nos. 122 through 127.

Insurance Amounts
reasonable and related note disclosures are adequate. The auditor should obtain
an understanding of the following in order to provide a basis for the identification
and assessment of the risks of material misstatement for accounting estimates
(AU-C 540.08):
• the requirements of the applicable financial reporting framework relevant to

accounting estimates (U.S. GAAP), including related note disclosures (SOP
04-1, para. .02);
• how management identifies those transactions, events, and conditions that

give rise to the need for accounting estimates to be recognized or disclosed
in the financial statements (SOP 04-1, paras. .07 and .12–.15); and
• how management makes the accounting estimates and the data on which
they are based, including
i. the method(s), including when applicable, the model, used in making the
accounting estimate (SOP 04-1, paras. .07 and .15);
ii. relevant controls (SOP 04-1, paras. .08 and .24–.27);
iii. whether management has used a specialist (SOP 04-1, paras. .16–.21);
iv. the assumptions underlying the accounting estimates, and whether there
has been or ought to have been a change from the prior period in the
method(s) or assumption(s) for making the accounting estimates and, if
so, why (SOP 04-1, para. .37); and
v. whether and, if so, how management has assessed the effect of

estimation uncertainty (SOP 04-1, paras. .28 and .29).
.09 In auditing the Statement of Social Insurance and the related Statement of
Changes in Social Insurance Amounts, if the auditor has assessed
management’s controls over the estimation process to be effective, the auditor
may determine that the most practicable and efficient approach is to test
management’s process. However, if the auditor finds that controls over the
estimation process are ineffective, the auditor should consider whether it is
practicable to take one of the following actions:
• Develop an independent expectation of the estimate, or portions of the

estimate, to corroborate management’s estimate.
• Obtain competent evidence from outside the audited entity’s process that
would be sufficient to support the assertions in the Statement of Social
Insurance and the changes in the Statement of Changes in Social Insurance
Amounts. If it is not practicable to mitigate the effects of the ineffective
controls through substantive procedures such as these, the auditor’s report
on the Statement of Social Insurance and the related Statement of Changes
in Social Insurance Amounts should be modified (SOP 04-1, para. 9).

Insurance Amounts
.10 The auditor’s objective when auditing the Statement of Social Insurance and the
related Statement of Changes in Social Insurance Amounts is to obtain sufficient,
competent evidential matter to provide reasonable assurance that
• the estimates presented in both statements are reasonable in the
circumstances and
• the Statement of Social Insurance and the related Statement of Changes in
Social Insurance Amounts are presented fairly, in all material respects, in
conformity with U.S. GAAP, including adequate disclosure.
.11 If the auditor does not possess the level of competence in actuarial science to
qualify as an actuary, the auditor generally should obtain the services of an
independent actuary to assist the auditor in planning and performing auditing
procedures. 41 Generally, the auditor will need the assistance of an independent
actuary in performing various procedures during all phases of the audit and
related to all elements of the estimates. 42
Key Implementation Issues
Determining Materiality
.12 In FAM 230, materiality is one of the factors the auditor uses to determine the
nature, timing, and extent of procedures. Misstatements, including omissions, are
considered material if there is a substantial likelihood that, individually or in the
aggregate, they would influence the judgment made by a reasonable user based
on the financial statements. 43 Materiality has both quantitative and qualitative
aspects. Even though quantitatively immaterial, certain misstatements or
omissions could have a material impact on or warrant disclosure in the financial
statements for qualitative reasons.
.13 Auditors should use professional judgment in determining the appropriate

element of the financial statements to use as a materiality benchmark. Auditors
generally consider materiality in the context of the financial statements as a
whole, taking into account both quantitative as well as qualitative attributes of the
financial statements. Auditors should exercise due professional care when
setting the materiality benchmark, carefully assessing the information gained
41The actuary can either be under contract with the independent auditor or employed by the independent audit
organization. In either case, the actuary performing services for the auditor would need to meet the independence
standards of GAGAS, which are applicable to audits of Statements of Social Insurance and Statements of Changes in
Social Insurance Amounts.
42American Institute of Certified Public Accountants, Auditing the Statement of Social Insurance, SOP 04-1 (Nov. 22,
2004), para. 10, and AU-C 620, Using the Work of an Auditor’s Specialist (effective for audits of financial statements
for periods ending on or after December 15, 2012).
43FASAB’s Statement of Federal Financial Accounting Concepts (SFFAC) 1, Objectives of Federal Financial
Reporting, provides a slightly different definition of materiality. Since SFFACs are nonauthoritative, and in SFFAC 1,
the board recognizes differences from the audit definition, the FAM is based on the definition provided in AU-C
200.07.

Insurance Amounts
during the planning phase of the audit and the needs of a reasonable person
relying on the financial statements (SOP 04-1, para. 22).
.14 For certain federal entities, amounts reported in the Statement of Social
may vary significantly from the amounts reported in the other basic financial
statements or may differ significantly on a qualitative basis. In such cases, it may
not be appropriate to establish a single materiality threshold for the entire set of
financial statements. Instead, the auditor should use a separate materiality level
when planning and performing the audit of the Statement of Social Insurance, the
Statement of Changes in Social Insurance Amounts, and related note disclosures
(SOP 04-1, para. 23).
.15 The auditor generally should establish materiality in relation to the element of the
financial statements that is most significant to the primary users of the
statements (the materiality benchmark—see FAM 230.09. The auditor uses
professional judgment in determining the appropriate element of the financial
statements to use as the materiality benchmark. Also, since the materiality
benchmark may be based on unaudited preliminary information determined in the
planning phase, the auditor may estimate the year-end balance(s) of the
materiality benchmark(s). To provide reasonable assurance that sufficient audit
procedures are performed, any estimate of the materiality benchmark(s) should
use the low end of the range of estimated materiality so that sufficient testing is
performed.
.16 SFFAS 17 includes a discussion of SFFAC No. 1, Objectives of Federal Financial

Reporting, which established four major reporting objectives in applying
accounting standards:
1. budgetary integrity,
2. operating performance,
3. stewardship, and
4. systems and controls.
SFFAC No. 1 provides useful information to assist the auditor in determining an

appropriate materiality benchmark. For example, while all four of the objectives
are important, SFFAS 17 states that objectives 2 and 3 directly impact the social
insurance standards.
.17 Objective No. 2 of SFFAC No. 1 states that federal financial reporting should
assist report users to evaluate:
• service efforts, costs, and accomplishments of the reporting entity,
• the manner in which these efforts and accomplishments have been financed,
and
• the management of the entity’s assets and liabilities.

Insurance Amounts
SFFAS 17 indicates that information about social insurance that is relevant to this
objective includes the cost of the program as well as long-range estimates (and
ranges of estimates) of future costs and other obligations. Estimates of future
costs highlight the cost impact of changes in benefit levels as well as changes in
economic and demographic conditions, such as the cost of health care and life
expectancies.
.18 The third objective of SFFAC No. 1 states that federal financial reporting should
assist report users in assessing the impact on the country of the government’s
operations and investments for the period and how, as a result, the government’s
and the nation’s financial condition has changed and may change in the future.
Thus, federal financial reporting should provide information that helps the reader
to determine whether
• the government’s financial position has improved or deteriorated over the

period,
• future budgetary resources will likely be sufficient to sustain public services

and to meet obligations as they come due, and
• government operations have contributed to the nation’s current and future

well-being.
.19 Fundamental questions about social insurance programs that can be addressed
by accounting standards include whether
• programs are sustainable as currently constructed,
• the government’s financial condition has improved or deteriorated as a result

of its efforts to provide for these and other programs, and
• the likelihood that these programs will be able to provide benefits at current
levels to those who are planning on receiving them.
The information required by this standard, taken as a whole, will help users make
this assessment while acknowledging the complexity of the programs and the
uncertainty of long-term projections.
.20 In determining the materiality benchmark for planning and performing audits of
an entity’s Statement of Social Insurance and related Statement of Changes in
Social Insurance Amounts, the auditor should evaluate the actuarial present
value of the estimated future
• income/revenue (excluding interest 44) received from or on behalf of all current

and future participants (estimated future revenue),
44Income/revenue (excluding interest) includes payroll taxes from employers, employees, and self-employed
persons; revenue from federal income taxation of scheduled OASDI benefits; and miscellaneous reimbursements
from the Treasury’s General Fund.

Insurance Amounts
• expenditures for or on behalf of all current and future participants (estimated

future expenditures), and
• balance of estimated future income/revenue (excluding interest) over/(under)

estimated future expenditures (actuarial balance).
.21 The auditor may determine that the actuarial balance is the most significant
element of the Statement of Social Insurance and the related Statement of
Changes in Social Insurance Amounts to users of the financial statements. If so,
the materiality benchmark would be the actuarial balance. However, the auditor
may determine that it is more appropriate to select a materiality benchmark of
either the estimated future incomes/revenues or the estimated future
expenditures.
The auditor’s basis for the selection of the materiality benchmark(s) generally
should be documented, including consideration given to other possible measures
or separate benchmarks for estimated future income/revenue and estimated
future expenditures. Auditors generally should follow the guidance in FAM 230.08
through .13 in determining materiality for planning and performing audits of entity
Statements of Social Insurance and Statements of Changes in Social Insurance
Amounts.
Obtaining Management’s Representations
.22 Entity management is responsible for preparing the Statement of Social

and underlying estimates and changes in conformity with U.S. GAAP.
Management is also responsible for the accuracy and completeness of the
Statement of Social Insurance (SOP 04-1, para. 5) and the Statement of
Changes in Social Insurance Amounts. Therefore, management should
determine a reasonable estimate of the economic and demographic conditions
that will exist in the future. 45 Because estimates in the Statement of Social
Insurance and Statement of Changes in Social Insurance Amounts are based on
subjective as well as objective factors, management should use judgment to
estimate amounts included in these statements. Management’s judgment may be
based on its knowledge and experience about past and current events and its
assumptions about conditions it expects to exist.
.23 Consistent with FAM 1001, the auditor should obtain specific representations
relating to the Statement of Social Insurance and to the related Statement of
Changes in Social Insurance Amounts. For an audit of an entity’s Statement of
Social Insurance and related Statement of Changes in Social Insurance
45Para. 25 of SFFAS 17, Accounting for Social Insurance, states, in part, “The projections and estimates used should
be based on the entity’s best estimates of demographic and economic assumptions, taking each factor individually
and incorporating future changes mandated by current law.” Certain entities prepare social insurance information
using assumptions that a board of trustees prepares. Auditors should consider such assumptions to represent
“reasonable estimates” if the trustees have characterized them as such and entity management has determined them
to be reasonable. With respect to these assumptions, the auditor should perform audit procedures that are consistent
with the guidance in paras. 9 through 37 of SOP 04-1.

Insurance Amounts
Amounts, the representation letter should include, as applicable, representations
included in FAM 1001 A, the example management representation letter.
Auditor’s Report
.24 AU-C 700 addresses the auditor’s responsibility to form an opinion on the
financial statements. It also addresses the form and content of the auditor’s
report issued as a result of an audit of financial statements. AU-C 9700 provides
an illustration of an auditor’s report containing an opinion on component financial
statements that include sustainability financial statements. 46
46The sustainability financial statements do not articulate with the consolidated accrual-based financial statements.
For that reason, the opinion on the sustainability financial statements ordinarily will not affect the opinion on the
consolidated accrual-based financial statements.

SECTION 1000
Reporting Implementation Guidance

1000 – Contents of Reporting Implementation Guidance
Contents – Reporting Implementation Guidance

FAM
Management Representations 1001
Management Representation Letter Example 1001 A
Litigation, Claims, and Assessments 1002
Example Audit Procedures for Litigation, Claims, and Assessments 1002 A
Example Legal Counsel Request 1002 B
Example Legal Counsel Response 1002 C
Example Management Schedule 1002 D
Financial Statement Audit Completion Checklist 1003
Subsequent Events Review 1005

1001 – Management Representations

.01 This section deals with the management representations that the auditor should
obtain from management as part of the audit, as described in AU-C 580,
AU-C 940, Office of Management and Budget (OMB) audit guidance, FAM 280,
and FAM 550. It covers representations about
• financial statements;
• internal control over financial reporting;
• fraud;
• Chief Financial Officers Act of 1990 (CFO Act) agencies’ financial

management systems’ substantial compliance with the three requirements of
the Federal Financial Management Improvement Act of 1996 (FFMIA);
• compliance with applicable laws, regulations, contracts, and grant

agreements;
• social insurance; and
• budgetary and fund restrictions.
.02 Written representations from management ordinarily confirm oral representations

given to the auditor, indicate and document the continuing appropriateness of
those representations, and reduce the possibility of misunderstanding.
Management representations are not a substitute for obtaining other audit
evidence.
.03 If other audit evidence contradicts a representation, the auditor should

investigate the circumstances and evaluate the reliability of the representation.
The auditor should also determine whether it is appropriate to rely on other
management representations. In addition, if management does not provide
written representations, the auditor should discuss the matter with management.
In both cases, the auditor should reconsider the assessment of the competence,
integrity, ethical values, or diligence of management or of management’s
commitment to, or enforcement of, these and should determine the effect that
this may have on the reliability of representations and audit evidence in general.
The auditor should also determine whether this may indicate a scope limitation
sufficient to preclude an unmodified opinion (AU-C 580.23 through .26). See
FAM 580 for additional reporting guidance.
.04 The specific representations obtained will depend on the circumstances of the
engagement and the nature and basis of presentation of the financial statements.
These representations apply to all the financial statements and all periods
covered by the audit report. In addition to the representations in the AICPA
standards, the auditor should determine the need to obtain representations on
other matters based on the circumstances of the audited entity. Also, the auditor
should not include inapplicable representations listed in the example

representation letter in FAM 1001 A and should customize the letter to the
situation of the entity being audited.
The auditor should determine the need for additional customizing of the example
representation letter in FAM 1001 A and for the additional representations in
FAM 1001.21 to .28. Many of the representations may have to be qualified,
especially in an initial audit or in later audits where significant problems remain.
For instance, the entity may need to add “except as follows:” at the end of a
representation and describe the exceptions.
.05 The auditor should obtain the management representation letter from the highest
level of the audited entity. The auditor should decide who to ask to sign the
management representation letter. Signers should be officials who, in the
auditor’s view, are responsible for and knowledgeable, directly or through others,
about the matters in the representation letter. These officials typically would be
the head of the entity and the CFO or equivalent. The auditor should obtain
separate management representation letters from any component units for which
the auditor will issue separate reports.
.06 The auditor should ask management to prepare the representation letter on the
audited entity’s letterhead addressed to the auditor (AU-C 580.21). The auditor
should ensure that the representations are for all financial statements and the
period(s) referred to in the auditor’s report (AU-C 580.20). The date of the written
representations should be as of the date of the auditor’s report (AU-C 580.20).
The audit is complete when the auditor has enough evidence and has applied
enough quality controls (including supervisory, first partner, and second partner
review) to be ready to sign the audit report. To be sure that the letter is ready in
time, the auditor generally should provide a draft letter to management early in
the audit and update it for circumstances found throughout the audit.
.07 Especially for large audited entities, management, in agreement with its auditor,
should specify a materiality threshold for the management representation letter,
below which items would not be reported. OMB audit guidance states that the
management representation letter shall specify management’s materiality
threshold used for reporting items in the management representation letter and
that representations pertaining to potential violations of the Antideficiency Act are
limited to those that, if true, could have a material effect on the financial
statements. It also notes that management and the auditor should reach an
understanding on a materiality level. If no threshold is stated, management
should note all exceptions in the representation letter.
The auditor should be satisfied that such a materiality threshold is so far below
performance materiality that even many items below this level would not, in the
aggregate, approach performance materiality. For example, a threshold that is 5
percent (or less) of performance materiality may be sufficiently low. The
materiality level may be different for different representations and would not
apply to those representations not directly related to amounts in the financial
statements (such as the representation about responsibility for the statements).

Written Representations on Management’s Responsibilities
.08 FAM 1001 A (which incorporates AU-C 580.A35) lists management

representations that the auditor should obtain in a generally accepted
government auditing standards (GAGAS) audit, if applicable. These generally
relate to management acknowledging its responsibility for the financial
statements and its belief that the financial statements are fairly presented in
conformity with U.S. generally accepted accounting principles (U.S. GAAP), and
financial information is complete with appropriate recognition, measurement, and
disclosure.
The following paragraphs provide a description of required representations,

which are incorporated in the example representation letter at FAM 1001 A.
Representations Relating to Preparation and Presentation of the Financial

Statements, Required Supplementary Information, and Other Information
.09 Management’s representations should acknowledge management’s

responsibilities for the following, as applicable:
• preparation and fair presentation of the financial statements in accordance

with the applicable financial reporting framework (U.S. GAAP)
(AU-C 580.10a);
• preparation, presentation, and measurement of required supplementary

information (AU-C 730.05c); and
• preparation and presentation of other information included in the entity’s

annual report.
Common presentation and disclosure items are items 1 through 17. If the auditor
is engaged to report on whether supplementary information is fairly stated, in all
material respects, in relation to the financial statements as a whole, the auditor
should obtain management’s representation acknowledging its responsibility for
supplementary information as required by AU-C 725 and OMB audit guidance.
Representations Relating to Information Provided and Completeness of

Transactions
.10 Management’s representations should acknowledge that (a) management has

provided the auditor with all relevant information and access, as agreed upon in
the terms of the audit engagement, and (b) all transactions have been recorded
and are reflected in the financial statements (AU-C 580.11). See example items 5
and 7.
Representations Relating to Internal Control
.11 Internal control representations are found in AU-C 580.10b and 940.57. These
representations, examples for which are provided in FAM 1001 A, items 19
through 29, relate to management

a. acknowledging its responsibility for designing, implementing, and maintaining
effective internal control over financial reporting relevant to the preparation
and fair presentation of financial statements that are free from material
misstatement, whether due to fraud or error (item 19);
b. stating that management has performed an assessment of the effectiveness

of the entity’s internal control over financial reporting and specifying the
control criteria (item 21) (optional if the auditor is not opining on internal
control);
c. stating that management did not use the auditor’s procedures performed
during the integrated audit as part of the basis for its assessment (item 23)
(not applicable if the auditor is not opining on internal control);
d. stating its assessment about the effectiveness of the entity’s internal control
over financial reporting based on the criteria as of a specified date (item 24)
(optional if the auditor is not opining on internal control);
e. stating that management has disclosed to the auditor all deficiencies in the
design or operation of internal control over financial reporting, including
separately disclosing to the auditor all such deficiencies that it believes to be
significant deficiencies or material weaknesses in internal control over
financial reporting (item 25) (optional if the auditor is not opining on internal
control);
f. stating whether the significant deficiencies and material weaknesses

identified and communicated to management and those charged with
governance during previous engagements have been resolved and
specifically identifying any that have not (item 27); and
g. stating whether there were, subsequent to the date being reported on, any
changes in internal control over financial reporting or other conditions that
might significantly affect internal control over financial reporting, including any
corrective actions taken by management with regard to significant
deficiencies and material weaknesses (item 29).
.12 For bullets (b) and (d) in the paragraph above, entities may use criteria
established under FMFIA, including OMB Circular No. A-123, in their FMFIA
internal control assessments. GAO’s Standards for Internal Control in the Federal
Government (GAO-14-704G) were established as standards for federal entities
to follow. These standards incorporate concepts and principles from the private
sector guidance Internal Control—Integrated Framework issued by the
Committee of Sponsoring Organizations of the Treadway Commission (COSO).
Entities should summarize in their representation letters any material
weaknesses relating to financial reporting (including safeguarding) and
compliance (including budget).
Example wording for the representations, where management asserts the

effectiveness of internal control over financial reporting, is provided in
FAM 1001 A (item 24). If there are material weaknesses, management should
include a brief description of them in its representation letter and modify its
assessment accordingly.

Representations Relating to Fraud
.13 Internal control over financial reporting representations related to fraud can be
found in AU-C 580 and AU-C 940. These representations, examples of which are
provided in FAM 1001 A (items 30 through 36), relate to management
a. acknowledging its responsibility for the design, implementation, and

maintenance of internal controls to prevent and detect fraud (AU-C 580.12a);
b. disclosing the results of its assessment of the risk that the financial
statements may be materially misstated as a result of fraud (AU-C 580.12b);
c. disclosing knowledge of fraud or suspected fraud that affects the entity and
involves (1) management, (2) employees who have significant roles in
internal control over financial reporting, or (3) others when the fraud could
have a material effect on the financial statements (AU-C 580.12c and
AU-C 940.57f); and
d. disclosing knowledge of any allegations of fraud or suspected fraud affecting

the entity’s financial statements received in communications from employees,
former employees, analysts, regulators, or others (AU-C 580.12d).
Representations Relating to Applicable Laws, Regulations, Contracts, and

Grant Agreements
.14 Management’s representations should include that all instances of identified or

suspected noncompliance with laws, regulations, contracts, and grant
agreements applicable to the entity whose effects should be considered when
preparing the financial statements have been disclosed to the auditor (items 40
through 43) (AU-C 580.13).
Representations Relating to Uncorrected Misstatements
.15 Management’s representations should acknowledge whether it believes that the

effects of uncorrected misstatements are immaterial, individually and in the
aggregate, to the financial statements as a whole (item 8) (AU-C 580.14).
.16 The effect of any uncorrected financial statement misstatements per FAM 540
should be included in a schedule and attached to the representation letter (AU-C
580.14). (For this representation, the auditor may tailor the example schedule in
FAM 595 C by removing the auditor’s conclusions.)
Representations Relating to Litigation and Claims
.17 Management’s representations should acknowledge that all known actual or

possible litigation and claims whose effects should be considered by
management when preparing the financial statements have been disclosed to the
auditor and accounted for and disclosed in accordance with the applicable
financial reporting framework (U.S. GAAP) (items 14 and 15) (AU-C 580.15).

Representations Relating to Estimates
.18 Management’s representations should acknowledge whether it believes that

significant assumptions it used in making accounting estimates are reasonable
(item 4) (AU-C 580.16).
Representations Relating to Disclosure Entities, Related-Parties, and

Public-Private Partnerships
.19 Management’s representations should acknowledge that it has disclosed to the

auditor the identities of all the entity’s disclosure entities, related parties, and
public-private partnerships, and all the relationships and transactions related to
them, and it has appropriately accounted for and disclosed such relationships
and transactions in the financial statements (items 11 and 12) (AU-C 580.17).
For entities issuing financial statements in accordance with Financial Accounting
Standards Board (FASB) accounting standards, this representation does not
include disclosure entities and public-private partnerships.
Representations Relating to Subsequent Events
.20 Management’s representations should acknowledge that all events occurring

subsequent to the date of the financial statements and for which the applicable
financial reporting framework (U.S. GAAP) requires adjustment or disclosure
have been adjusted or disclosed (item 16) (AU-C 580.18).
Additional Written Representations on the Financial Statements
.21 In addition to the AU-C sections referenced in FAM 1001.09 through .20, other
AU-C sections require the auditor to request written representations (AU-C
580.19). For example, AU-C sections 560, 570, 700, and 720 specify additional
representations that are required in certain circumstances. Additionally, if the
auditor determines that it is necessary to obtain one or more written
representations to support other audit evidence relevant to the financial
statements or one or more specific assertions in the financial statements, the
auditor should request such other written representations (AU-C 580.19). This is
important when the corroborating information that can be obtained by procedures
other than inquiry is limited. Examples of additional representations that may be
appropriate depending on an entity’s operations are provided in AU-C 580.A18
through .A21 and .A36 and in the paragraphs below.
.22 Intragovernmental Activities – OMB audit guidance has emphasized the

importance of identifying and eliminating intragovernmental transactions and
resolving intragovernmental differences for federal entities and their components
(item 18).
.23 Financial management systems’ substantial compliance with the three

requirements of FFMIA – FFMIA requires an auditor auditing the financial
statements of a CFO Act agency to report whether the agency’s financial
management systems comply substantially with (1) federal financial management
systems requirements, (2) applicable federal accounting standards (U.S. GAAP),

and (3) the U.S. Standard General Ledger (USSGL) at the transaction level. To
report in accordance with FFMIA, the auditor should obtain representations from
management as to the agency’s financial management systems’ compliance with
these requirements.
.24 The auditor should obtain representations that management is responsible for
having its systems comply with the FFMIA requirements, stating that it has
assessed the systems’ compliance, stating the criteria used, and asserting the
systems’ substantial compliance (or lack thereof) (items 37- 39). The criteria are
the requirements in OMB Circular No. A-123, appendix D, Management of
Financial Management Systems – Risk and Compliance. The federal financial
management systems requirements are further described, including authoritative
references, in the Treasury Financial Manual, volume 1, part 6, chapter 9500,
Revised Federal Financial Management System Requirements.
.25 Statement of Social Insurance and Changes in Social Insurance Amounts –

FASAB standards require a Statement of Social Insurance for certain entities.
See AICPA publication SOP 04-1, Auditing the Statement of Social Insurance
(AU-C 580.19; SOP 04-1 § 36) (items 44-52).
.26 Budgetary Funds – OMB audit guidance includes a representation by

management on the consistency of budgetary data (item 53).
.27 Restricted Funds – All material funds from dedicated collections, as defined by
Statement of Federal Financial Accounting Standards (SFFAS) 43, Funds from
Dedicated Collections: Amending Statement of Federal Financial Accounting
Standards 27, Identifying and Reporting Earmarked Funds, and all other material
restricted funds (e.g., restricted cash), are to be presented and/or disclosed in
the financial statements (item 54).
.28 Service Organizations – OMB audit guidance includes representations by

management on its knowledge of (1) any fraud, non-compliance, or uncorrected
misstatements reported by, or related to, service organizations, and (2) any
changes in internal controls at service organizations subsequent to the effective
dates of the service organizations’ report(s) (items 55–56).
Effect of Change in Management on Representation Letter
.29 Sometimes management is reluctant to sign representations for periods when it

did not manage the entity. The auditor may explain to management that by
issuing the financial statements, it is making the assertions implicit in the financial
statements. Additionally, the auditor may discuss the following with management
in order to obtain representations when a change in management occurs:
a. Auditing standards require management representations covering all financial

statements presented.
b. In the engagement letter (FAM 215), entity management indicated that it

would provide certain representations covering all financial statements
presented.

c. New executives may consult with prior management and appropriate staff
members who were present during the period audited to determine whether
the representations that officials will sign are complete and accurate.
d. Representations are made to the best of the signer’s knowledge and belief.
e. Not signing will result in a scope limitation and disclaimer of the auditor’s
opinion.

1001 A – Management Representation Letter Example

[Entity Letterhead]
[Date of Auditor’s Report and Completion of the Audit]
[Name and Title of Audit Organization Head]

[Address of Audit Organization]
Dear [Name of Audit Organization Head]:
We are providing this letter in connection with your integrated [if expressing an opinion on the
effectiveness of internal control over financial reporting] audits of the balance sheets of
[name of entity] as of September 30, 20X2, and 20X1, [or the dates of the audited financial
statements] and the related statements of net costs, changes in net position, budgetary
resources, and custodial activity [if custodial activity is reported] for the years then ended,
and [if social insurance is reported] the [years presented] statements of social insurance
(SOSI) and the statements of changes in social insurance amounts (SCSIA) for the years ended
[dates presented], and the related notes to the financial statements, hereinafter referred to as
the financial statements.
Certain representations in this letter are described as being limited to matters that are material.
Items are considered material, regardless of size, if they involve an omission or misstatement of
accounting information that, in the light of surrounding circumstances, makes it probable that the
judgment of a reasonable person relying on the information would be changed or influenced by
the omission or misstatement.
Except where otherwise stated below, immaterial matters less than $[Insert amount]
collectively are not considered to be exceptions that require disclosure for the purpose of the
following representations. This amount is not necessarily indicative of amounts that would
require adjustment to or disclosure in the financial statements. Such quantitative materiality
considerations do not apply to representations that are not directly related to amounts included
in the financial statements, required supplementary information (RSI) [if RSI is presented] 1 and
other information [if other information is presented]. 2
We confirm, as of [date of auditor’s report], the following representations made to you during
your audits. These representations pertain to both years’ financial statements and update the
representations we provided in the prior year.
Financial Statements, RSI, and Other Information
1. We have fulfilled our responsibilities, as set out in the terms of the audit engagement letter
dated [insert date of engagement letter], for the preparation and fair presentation of the
financial statements, including related notes, in accordance with U.S. generally accepted
accounting principles (U.S. GAAP), issued by [name of standard setter, such as Federal
Accounting Standards Advisory Board or Financial Accounting Standards Board].
1RSI consists of [insert description].

2Other information consists of [insert description].
The financial statements are fairly presented in accordance with U.S. GAAP. [If there are
departures from generally accepted accounting principles, this statement should be
modified to disclose all known instances of material departure.]
2. [If RSI is presented] We have fulfilled our responsibilities for the measurement,
preparation, and presentation of the RSI in accordance with prescribed guidelines
established in U.S. GAAP.
a. The RSI is measured and presented in accordance with prescribed guidelines in U.S.
GAAP, is consistent with the financial statements, and contains no material misstatement
of fact.
b. There are no changes in the methods of measurement or presentation of the RSI from
the prior year that have not been disclosed to you, including the reasons for such
changes. [If there were no such changes, the underlined text should be omitted.]
c. There are no significant assumptions or interpretations underlying the measurement or
presentation of the RSI that have not been disclosed to you. [If there are no
assumptions or interpretations, the underlined text should be omitted.]
3. [If other information is presented] We have fulfilled our responsibilities for the preparation
and presentation of the other information (OI) included in [entity’s] [insert name of annual
report, e.g., agency financial report] and for ensuring the consistency of that information
with the audited financial statements and RSI.
a. The OI included in [entity’s] [insert name of annual report, e.g., agency financial
report] is consistent with the financial statements and RSI and contains no material
misstatement of fact.
b. There are no changes in the methods of measurement or presentation of the OI from the
prior year that have not been disclosed to you, including the reasons for such changes.
[If there were no such changes, the underlined text should be omitted.]
c. There are no significant assumptions or interpretations underlying the measurement or
presentation of the OI that have not been disclosed to you. [If there are no
assumptions or interpretations, the underlined text should be omitted.]
4. Significant assumptions that we used in making accounting estimates, including those
measured at fair value, are reasonable.
5. We have provided you with all relevant information and access, as agreed upon in the terms
of the audit engagement letter, including the following:
a. access to all information that is relevant to the preparation and fair presentation of the
financial statements, such as records, documentation, and other matters;
b. additional information that you have requested from us for the purpose of the audit,
including
i. minutes of meetings, or summaries of actions of recent meetings for which minutes
have not been prepared, of the [Board of Directors or other similar bodies of
those charged with governance] and
ii. any communications from the Office of Management and Budget (OMB) or the
Department of the Treasury’s Bureau of the Fiscal Service concerning
noncompliance with, or deficiencies in, financial reporting practices;
c. unrestricted access to and full cooperation of personnel within the entity from whom you
determined it necessary to obtain audit evidence; and
d. all reports obtained from [Entity’s] service organizations.
6. Except as disclosed to you in writing, there have been none of the following:
a. Circumstances that have resulted in communications from [Entity’s] legal counsel
reporting evidence of a material violation of law or breach of fiduciary duty, or similar
violations by [Entity] or any agent thereof.
b. Communications from regulatory or oversight agencies (such as OMB and GAO), other
government entities or agencies, governmental representatives, employees, or others
concerning investigations or allegations of noncompliance with laws or regulations,
deficiencies in financial reporting practices, or other matters that could have a material
adverse effect on the financial statements, RSI, and OI.
7. All transactions have been recorded in the accounting records and are reflected in the
8. There are no uncorrected misstatements in the financial statements, as we have corrected

the financial statements for any misstatements you have identified during the audit and
communicated to us. OR The effects of uncorrected misstatements in the attached summary
are immaterial, both individually and in the aggregate, to the financial statements as a
whole. (Note: As discussed in AU-C 580.A12, if management believes that certain of the
identified items are not misstatements, management’s belief may be acknowledged by
adding to the representation, for example, “We believe that items XX and XX do not
constitute misstatements because (description of reason).”)
9. [Entity] has satisfactory title to all owned assets, including stewardship land and heritage
assets. There are no liens or encumbrances on these assets, and no assets have been
pledged. OR [Entity] has satisfactory title to all owned assets. There are no liens or
encumbrances on these assets, and no assets have been pledged. [Entity] has no
stewardship land or heritage assets.
10. We have no plans or intentions that may materially affect the recognition, measurement,
presentation, disclosure, or classification of assets and liabilities.
11. We have disclosed to you the identities of all [Entity’s] disclosure entities, related parties,
and public-private partnerships, and all the relationships and transactions related to them.
12. All relationships and transactions with disclosure entities, related parties, and public-private
partnerships have been appropriately accounted for and disclosed in the financial
statements in accordance with U.S. GAAP and do not prevent the financial statements from
achieving fair presentation.
13. Guarantees under which [Entity] is contingently liable have been properly reported or
disclosed. OR There are no guarantees under which [Entity] is contingently liable that
require reporting or disclosure in the financial statements.
14. We have disclosed to you all known actual or possible litigation, claims, and assessments,
including those related to treaties and other international agreements, whose effects
should be considered when preparing the financial statements. OR We are not aware of
any pending or threatened litigation and claims whose effects should be considered when
preparing the financial statements.
15. The effects of all known actual or possible litigation, claims, and assessments, including
those related to treaties and other international agreements, have been accounted for and
disclosed in the financial statements in accordance with U.S. GAAP.
16. All events or transactions subsequent to September 30, 20X2 [or date of latest audited
financial statements], and for which U.S. GAAP requires adjustment or disclosure have
been adjusted or disclosed in the financial statements.
17. We have properly recorded or disclosed in the financial statements changes in accounting
principle that affect the consistency of the financial statements between the periods
presented. OR There are no changes in accounting principle that affect the consistency of
the financial statements between the periods presented.
Intragovernmental Activities
18. All intra-entity transactions and balances have been appropriately identified and eliminated
for financial reporting purposes [if no intra-entity transactions or balances, replace with
“There are no intra-entity transactions or balances”]. All intragovernmental transactions
and activities have been appropriately identified, recorded, and disclosed in the financial
statements. There are no [OR “There are”] material unresolved differences in
intragovernmental transactions and balances with Federal entity trading partners, and
appropriate adjustments have been made to address reconciling items.
Internal Control
19. We acknowledge our responsibility for designing, implementing, and maintaining effective
internal control over financial reporting relevant to the preparation and fair presentation of
financial statements that are free from material misstatement, whether due to fraud or error.
20. We have fulfilled our responsibility for designing, implementing, and maintaining effective
internal control over financial reporting relevant to the preparation and fair presentation of
financial statements that are free from material misstatement, whether due to fraud or error.
21. We are responsible for assessing the effectiveness of internal control over financial
reporting based on the criteria established under 31 U.S.C. § 3512 (c), (d) (commonly
known as the Federal Managers’ Financial Integrity Act of 1982 (FMFIA)) [or other
appropriate criteria], providing our assessment of the effectiveness of internal control over
financial reporting as of [date of most recent financial statement presented 3], based on our
assessment, and supporting our assessment about the effectiveness of internal control over
financial reporting with sufficient evaluations and documentation.
3Ifthe auditor is opining on internal control, the date must be the date of the opinion. However, management may
choose to include this representation even if the auditor is not opining on internal control. If that occurs, the date must
be the date of management’s assurance statement in accordance with OMB Circular No. A-123.
[This item is optional if the auditor is not opining on internal control. Also, if the entity
bases its internal control assessment on suitable criteria other than 31 U.S.C. §
3512(c), (d), cite the criteria used (for example, Internal Control—Integrated
Framework issued by the Committee of Sponsoring Organizations of the Treadway
Commission (COSO)).]
22. We assessed the effectiveness of [Entity’s] internal control over financial reporting as of
September 30, 20X2 [or date of latest audited financial statements], based on the criteria
established under FMFIA. [Entity’s] internal control over financial reporting is a process
effected by those charged with governance, management, and other personnel, the
objectives of which are to provide reasonable assurance that (1) transactions are properly
recorded, processed, and summarized to permit the preparation of financial statements in
accordance with U.S. GAAP, and assets are safeguarded against loss from unauthorized
acquisition, use, or disposition, and (2) transactions are executed in accordance with
provisions of applicable laws, including those governing the use of budget authority;
regulations; contracts; and grant agreements, noncompliance with which could have a
material effect on the financial statements.
[This item is optional if the auditor is not opining on internal control. Also, if the entity
bases its internal control assessment on suitable criteria other than 31 U.S.C. §
3512(c), (d), cite the criteria used (for example, COSO’s Internal Control—Integrated
Framework).]
23. We did not use [auditor’s] audit procedures performed during the integrated audits of
[Entity’s] 20X2 and 20X1 financial statements as part of the basis for our assessment about
[Entity’s] internal control over financial reporting as of September 30, 20X2 [or date of
latest audited financial statements]. [Delete this item if the auditor is not opining on
internal control.]
24. Based on the assessment in number 22, we conclude that as of September 30, 20X2 [or
date of latest audited financial statements], [Entity’s] internal control over financial
reporting was effective. [This item is optional if the auditor is not opining on internal
control.]
If there are material weaknesses: Based on the assessment in number 22, we conclude that
as of September 30, 20X2 [or date of latest audited financial statements], [Entity’s]
internal control over financial reporting was not effective because of the effects of the
material weaknesses discussed below [or in an attachment].
25. We have disclosed to you all [OR “There are no”] deficiencies in the design or operation of
internal control over financial reporting as of September 30, 20X2 [or date of latest audited
financial statements], and we have separately disclosed all such deficiencies that we
believe to be significant deficiencies or material weaknesses. [This item is optional if the
auditor is not opining on internal control.]
26. We have disclosed to you all significant deficiencies and material weaknesses in the design
or operation of internal control over financial reporting that existed at any time during the
years ended [date of most recent financial statement presented], and [date of prior
year financial statement presented], and indicated which deficiencies were corrected by
[date of most recent financial statement presented].
27. All significant deficiencies and material weaknesses identified and communicated to us by
[auditor] in prior years’ audits that remained unresolved as of September 30, 20X1 [or date
of prior-year audited financial statements] have been resolved OR [indicate specifically
any that have not been resolved] as of September 30, 20X2 [or date of latest audited
financial statements].
If there were no significant deficiencies or material weaknesses: During the audit of the
financial statements for the year ended September 30, 20X1 [or date of prior-year audited
financial statements], [auditor] did not communicate any significant deficiencies or
material weaknesses to us.
28. We have identified to you all previous audits, attestation engagements, and other studies
that relate to the objectives of this audit, including whether related recommendations have
been implemented.
29. There have been no changes to internal control over financial reporting subsequent to
September 30, 20X2 [or date of latest audited financial statements], or other conditions
that might significantly affect internal control over financial reporting. [If there were
changes, describe them, including any corrective actions taken with regard to any
significant deficiencies or material weaknesses.]
Fraud
30. We acknowledge our responsibility for designing, implementing, and maintaining effective
internal control to prevent and detect fraud.
31. We have fulfilled our responsibility for designing, implementing, and maintaining effective
internal control to prevent or detect fraud.
32. We have [no knowledge of any] OR [disclosed to you all information that we are aware
of regarding] fraud or suspected fraud that affects the entity and involves (1) management,
(2) employees who have significant roles in internal control over financial reporting, or (3)
others when the fraud could have a material effect on the financial statements. [If there is
knowledge of any instances, including those that do not result in a material
misstatement to the financial statements, describe them.]
of regarding] fraud or suspected fraud that resulted in a material misstatement to [Entity’s]
financial statements or RSI.
of regarding] allegations of fraud or suspected fraud affecting the financial statements
communicated by employees, former employees, or others.
35. We have disclosed to you the results of our assessment of the risk that the financial
statements may be materially misstated as a result of fraud.
36. We have no knowledge of any officer of [Entity], or any other person acting under the
direction thereof, having taken any action to fraudulently influence, coerce, manipulate, or
mislead you during your audit.
Compliance of Systems with FFMIA
[If a CFO Act agency, which is subject to the Federal Financial Management Improvement
Act of 1996 (FFMIA).]
37. We are responsible for implementing and maintaining financial management systems that
comply substantially with federal financial management systems requirements, federal
accounting standards (U.S. GAAP), and application of the U.S. Standard General Ledger
(USSGL) at the transaction level.
38. We have assessed the financial management systems to determine whether they comply
substantially with federal financial management systems requirements, federal accounting
standards, and application of the USSGL at the transaction level. Our assessment was
based on OMB guidance.
39. [Entity’s] financial management systems complied substantially with federal financial
management systems requirements, federal accounting standards, and application of the
USSGL at the transaction level as of [date of the latest financial statements].
[If the financial management systems comply substantially with only one or two of the
above elements, modify as follows:]
As of [date of financial statements], [Entity’s] financial management systems comply

substantially with [specify which of the three elements comply substantially (e.g.,
federal accounting standards and application of the USSGL at the transaction level)],
but did not comply substantially with [specify which of the three elements do not comply
substantially (e.g., federal financial management systems requirements)], as described
below [or in an attachment].
[If the financial management systems do not comply substantially with any of these
three elements, use the following paragraph:]
As of [date of financial statements], [Entity’s] financial management systems do not

comply substantially with the federal financial management systems requirements,
applicable federal accounting standards, and application of the USSGL at the transaction
level.
[If the financial management systems do not comply substantially with one or more of
the three elements, the representation should (1) identify the entity or organization
responsible for the financial management systems that were found to not comply
substantially with any of the three elements; (2) identify all the facts pertaining to the
noncompliance, including the nature and extent of the noncompliance and the
primary reason or cause of the noncompliance; and (3) indicate whether the
remediation plan that includes the resources, remedies, and intermediate target dates
necessary to bring the entity’s financial management systems into substantial
compliance has been provided to the auditor or has not been prepared.]
Compliance with Applicable Laws, Regulations, Contracts, and Grant Agreements
40. We are responsible for complying with laws, regulations, contracts, and grant agreements
applicable to [Entity].
41. We have identified and disclosed to you all provisions of laws, regulations, contracts, and
grant agreements applicable to [Entity], noncompliance with which could have a material
effect on the financial statements.
42. There are no instances of noncompliance or suspected noncompliance with laws,

regulations, contracts, and grant agreements applicable to [Entity] whose effects should be
considered when preparing the financial statements. OR We have disclosed to you all
instances of noncompliance or suspected noncompliance with laws, regulations, contracts,
and grant agreements applicable to [Entity] whose effects should be considered when
preparing financial statements.
43. We are not aware of any violations, or potential violations, of the Antideficiency Act for the
years ended September 30, 20X2, and 20X1, and through the date of this letter. OR We
have communicated to you all violations of the Antideficiency Act for the years ended
September 30, 20X2, and 20X1, and through the date of this letter, and [except for {add
list of Antideficiency Act violations that do not have a material effect on the financial
statements},] such violations have or could have a material effect on the financial
statements for the years ended September 30, 20X2, and 20X1. In addition, we have
communicated to you all potential violations of the Antideficiency Act for the years ended
September 30, 20X2, and 20X1, and through the date of this letter that, if true, could have a
material effect on the financial statements for the years ended September 30, 20X2, and
20X1.
Statement of Social Insurance and Statement of Changes in Social Insurance Amounts
[If a SOSI and an SCSIA are presented, see AICPA publication SOP 04-1, Auditing the
Statement of Social Insurance (SOP 04-1 § 39), which suggests the following
management representations.]
44. Management is responsible for the assumptions and methods used in the preparation of the
SOSI and SCSIA. Management agrees with the actuarial methods and assumptions that
[Entity’s] actuary used and has no knowledge or belief that would make such methods or
assumptions inappropriate in the circumstances. Management did not give any instructions,
or cause any instructions to be given to [Entity’s] actuary with respect to values or amounts
derived, and is not aware of any matters that have affected the objectivity of [Entity’s]
actuary. Management believes that the actuarial assumptions and methods used to
measure the amounts in the SOSI and SCSIA for financial accounting purposes are
appropriate in the circumstances.
45. Actuarial assumptions and methods used to measure the amounts in the SOSI and SCSIA
for financial accounting and disclosure purposes represent management’s reasonable
estimates regarding future events based on demographic and economic assumptions and
future changes mandated by law.
46. There were no material omissions from the data provided to [Entity’s] actuary for the
purpose of determining the actuarial present value of the estimated future income to be
received and estimated future expenditures to be paid during the projection period sufficient
to illustrate the long-term sustainability of [name of the social insurance program] as of [dates
of SOSI presented].
47. The SOSI covers a projection period sufficient to illustrate the long-term sustainability of the
social insurance program.
48. Management provided the auditor with all the reports developed by external review groups
appointed by [Entity’s or the program’s trustees] related to estimates in the SOSI.
49. The following matters relating to the SOSI have been disclosed properly in the notes to the
financial statements:
a. The accumulated excess of all past cash receipts, including interest on investments,
over all past cash disbursements within the social insurance program represented by the
fund balance at the valuation date.
b. An explanation of how the net present value is calculated for the closed group.
c. Comparative financial information for items in paragraphs 2a, 2b, 2c, and 2d (1) of
SOP 04-1, for the current year and for each of the preceding 4 years. (Note any
preceding years that are unaudited.)
d. Significant assumptions used in preparing estimates.
50. There have been no changes in [or, Changes in the following have been properly
reported or disclosed in] the actuarial methods or assumptions used to calculate amounts
recorded or disclosed in the financial statements between the
a. valuation dates of (for example, January 1, 20X2, and January 1, 20X1, and other
valuation dates presented) or changes in the method of collecting data and
b. valuation date of (for example, January 1, 20X2, and the other valuation dates
presented) and the financial reporting date of (September 30, 20X2) or changes in the
method of collecting data.
51. There have been no changes in [or, Changes in the following have been properly
reported or disclosed in] laws and regulations affecting social insurance program income
and benefits between the
a. valuation dates of (for example, January 1, 20X2, and January 1, 20X1, and other
valuation dates presented) and
b. valuation date of (for example, January 1, 20X2) and the financial reporting date of
(September 30, 20X2).
52. Accounting estimates applicable to the financial information of [Entity] included in the SOSI
and SCSIA are based on management’s reasonable estimate, after considering past and
current events and assumptions about future events.
Budgetary and Restricted Funds
53. [If a statement of budgetary resources is presented] The information presented in

[Entity’s] statement of budgetary resources is reconcilable to the information submitted in
its year-end Reports on Budget Execution and Budgetary Resources (SF-133). This
information will be used as input for the fiscal year 20X2 actual-year column of the Program
and Financing Schedules reported in the fiscal year 20X4 Budget of the U.S. Government.
Such information is supported by the related financial records and data.
54. We have presented and disclosed in the financial statements all material dedicated
collections as defined by Statement of Federal Financial Accounting Standards 43 and all
other material restricted funds OR There are no material dedicated collections or other
material restricted funds that require presentation and disclosure in the financial statements.
Service Organizations
55. [Entity] does not use service organizations. OR Service organizations [and subservice
organizations, if any] that we use have not reported to us, nor are we otherwise aware of,
any (1) fraud; (2) noncompliance with applicable laws, regulations, contracts, or grant
agreements; or (3) uncorrected misstatements affecting the financial statements that are
attributable to such service [or subservice, if any] organizations.
[If any such knowledge has been obtained, it should be described or specifically state
how it was communicated to us.]
56. [If entity uses service organizations] Service organizations [and subservice
organizations, if any] that we use have not reported to us, nor are we otherwise aware of,
any changes in the design, implementation, or operating effectiveness of internal controls at
the service organizations [or subservice organizations, if any] subsequent to the effective
dates of the service and subservice organizations’ report(s) provided to you that could (1)
affect the risks of material misstatement of the financial statements or (2) result in material
misstatements of the financial statements arising from processing errors that would not be
prevented, or detected and corrected, on a timely basis.
[If any such knowledge has been obtained, the letter should describe it or refer to
how it was communicated to us, including the effects, if any, on the financial
statements or the effectiveness of internal control over financial reporting, including
specific identification of any internal control deficiencies that are considered to be
material weaknesses or significant deficiencies.]
[Signed by Entity Head]
[Signed by Chief Financial Officer]
Enclosure(s)
1002 – Litigation, Claims, and Assessments

.01 FAM 1002 provides guidance for obtaining evidence that the entity’s financial
accounting and reporting of contingencies arising from litigation, claims, and
assessments conform with U.S. GAAP. 4 This section discusses the applicable
accounting and reporting guidance and audit procedures and includes the
following practice aids:
• FAM 1002 A – Example Audit Procedures for Litigation, Claims, and
Assessments
• FAM 1002 B – Example Legal Counsel Request
• FAM 1002 C – Example Legal Counsel Response
• FAM 1002 D – Example Management Schedule
Accounting and Reporting Guidance
.02 Entity management is responsible for implementing policies and procedures to

identify, evaluate, account for, and disclose litigation, claims, and assessments
as a basis for the preparation of financial statements in conformity with U.S.
GAAP.
.03 SFFAS 5, Accounting for Liabilities of the Federal Government, as amended by

SFFAS 12, Recognition of Contingent Liabilities Arising from Litigation, contains
accounting and reporting standards for loss contingencies, including those
arising from litigation, claims, and assessments. 5 Federal Accounting Standards
Advisory Board (FASAB) Interpretation No. 2, Accounting for Treasury Judgment
Fund Transactions, provides additional guidance related to claims to be paid
through the Treasury Judgment Fund. 6 Statement of Financial Accounting
Standards (FAS) No. 5, Accounting for Contingencies, also provides guidance for
financial accounting and reporting for loss and gain contingencies for government
corporations and for entities following U.S. GAAP for the private sector
promulgated by FASB. The definition of probable for legal contingencies is
essentially the same in FAS No. 5 and SFFAS 5.
.04 A contingency is an existing condition, situation, or set of circumstances involving

uncertainty as to possible gain or loss to an entity. The uncertainty will ultimately
be resolved when one or more future events occur or fail to occur. When a loss
4Reporting of contingencies includes environmental and disposal liabilities—a contingency that is often a significant
issue for the federal government.
5SFFAS 7 has guidance for reporting claims for tax refunds. SFFAS 7 indicates that rather than recognizing probable
claims and disclosing other claims in the notes to the financial statements, other claims for refunds that are probable
should be included as supplementary information.
6A permanent, indefinite appropriation, commonly known as the Judgment Fund, is available to pay final judgments,
settlement agreements, and certain types of administrative awards against the United States, and interest and costs
specified in the judgments or otherwise authorized by law, when payment is not otherwise provided for. The
Secretary of the Treasury certifies all payments from the fund. (See 31 U.S.C. § 1304, Judgments, awards, and
compromise settlements.) FASAB Interpretation No. 2 clarifies how federal entities report the costs and liabilities
arising from claims to be paid by the Judgment Fund and how the Judgment Fund accounts for the amounts that it is
required to pay on behalf of federal entities.

contingency exists, the likelihood that the future event or events will confirm the
loss or impairment of an asset or the incurrence of a liability can range from
probable to remote. SFFAS 5 and 12 use the terms probable, reasonably
possible, and remote to identify three areas within the range of probability, as
follows:
• Probable: Generally, the future confirming event or events are more likely
than not to occur. For pending or threatened litigation and unasserted claims,
the future confirming event or events are likely to occur.
• Reasonably possible: The chance of the future event or events occurring is

more than remote but less than probable.
• Remote: The chance of the future event or events occurring is slight.
.05 The entity should recognize a liability and a related charge to expense for an
estimated loss from a loss contingency only when 7
• a past event or exchange transaction has occurred,
• a future outflow or other sacrifice of resources is probable, and
• the future outflow or sacrifice of resources is measurable.
.06 Disclosure of the nature of an accrued liability for loss contingencies, including
the amount accrued, may be necessary for the financial statements to not be
misleading. For example, if the amount accrued is large or unusual, the entity
should determine whether to disclose the contingency.
If no accrual is made for a loss contingency because one or more of the

conditions in FAM 1002.05 are not met, and there is at least a reasonable
possibility that a loss may be incurred, the entity should disclose the nature of the
contingency and provide an estimate of the possible liability or range of possible
liability, if estimable, or a statement that such an estimate cannot be made. The
reporting of contingent losses depends on the likelihood that a future event or
events will confirm the loss or impairment of an asset or the incurrence of a
liability. Terms used to assess the likelihood of loss are probable, reasonably
possible, and remote as discussed in FAM 1002.04.
.07 Contingent losses that are assessed as probable and measurable are accrued in
the financial statements. Losses that are assessed to be at least reasonably
possible are disclosed in the notes. In addition, if the Judgment Fund might be
involved in the payment of the possible loss, the entity should discuss the
Judgment Fund’s role in a note to the financial statements.
7Ifthe Judgment Fund will pay the claim, the entity still recognizes the liability and cost at this time. Once the claim is
settled or a court judgment is assessed and the Judgment Fund is determined to be the appropriate source for
payment, the entity reduces the liability by recognizing an (imputed) financing source. Note that for Judgment Fund
payments made under the Contract Disputes Act and the Notification and Federal Employee Antidiscrimination and
Retaliation Act, the entity establishes a payable to reimburse the Judgment Fund.

For an overview of the standards that provide criteria for how entities are to
account for contingent losses based on the likelihood of loss and measurability,
see table 1002.1.
Table 1002.1: Accounting for Contingent Losses
Likelihood of future Loss amount or

outflow or other Loss amount can be Loss range can be range cannot be
sacrifice of reasonably reasonably reasonably
resources measured measured measured
Probable: Accrue the liability. Accrue liability of best Disclose nature of

Generally, the future Report on Balance estimate or minimum contingency and
confirming event(s) Sheet and Statement amount in loss range include a statement
is(are) more likely of Net Cost. if there is no best that an estimate
than not to occur. estimate, and disclose cannot be made.
For pending or nature of contingency
threatened litigation and range of
and unasserted estimated liability.
claims, the future
confirming event(s)
is(are) likely to
occur.
Reasonably Disclose nature of Disclose nature of Disclose nature of

possible: 8 contingency and contingency and contingency and
Possibility of future estimated amount. estimated loss range. include a statement
confirming event(s) that an estimate
occurring is more cannot be made.
than remote and less
than likely.
Remote: Possibility No action is required. No action is required. No action is required.

of future event(s)
occurring is slight.
.08 Although management often relies on the advice of legal counsel about the
(a) likelihood of an unfavorable outcome and (b) estimates of the amount or
range of potential loss for litigation, claims, and assessments, management is
ultimately responsible for determining whether these contingencies are probable,
reasonably possible, or remote. Management does this to decide whether these
contingencies should be recognized as liabilities, disclosed in the notes to the
financial statements, or both. Thus, OMB audit guidance requires entity
management to (a) document in a schedule how the information contained in the
8The financial reporting treatment for cases where the likelihood of future outflow or other sacrifice of resources is
assessed as “unable to determine” should be consistent with the disclosure requirements for reasonably possible
cases. Per the Treasury Financial Manual, entities significant to the consolidated financial statements of the U.S.
government should avoid excessive use (and misuse) of the "unable to determine" assessment. This likelihood
should only be used to categorize cases for which the general counsel is unable to express an opinion because of
inherent uncertainties.

legal counsel response was considered in preparing the financial statements and
(b) provide this schedule to the auditor as soon as practical after the legal
counsel response is provided to the auditor. An example management schedule
is provided at FAM 1002 D.
Audit Procedures
.09 As discussed in FAM 280.03, the auditor should design and perform audit
procedures to identify litigation, claims, and assessments involving the entity that
may give rise to a risk of material misstatement. Such procedures include making
inquiries of management, which may involve a discussion about their policies and
procedures for identifying, evaluating, and accounting for litigation, claims, and
assessments. The auditor should also design procedures to test the entity’s
accounting for and disclosure of litigation, claims, and assessments. See
example audit procedures and other practice aids at FAM 1002 A, FAM 1002 B,
and FAM 1002 C, which incorporate the applicable AU-C audit requirements.
OMB audit guidance also provides procedures related to litigation, claims, and
assessments.
.10 Based on AU-C 501.18, for actual or potential litigation, claims, and assessments
identified in performing the required audit procedures discussed in FAM 280.03,
the auditor should obtain audit evidence relevant to the following factors:
a. the period in which the underlying cause for legal action occurred;
b. the likelihood of an unfavorable outcome (probable, reasonably possible, or

remote); and
c. the amount or range of potential loss, if estimable.
Additionally, as discussed in FAM 1001.16, the auditor should obtain written

representation from management related to litigation, claims, and assessments.
.11 The auditor should perform procedures to learn about certain legal claims against
the government involving interaction between the government and its
environment. This could include events where federal operations caused (1)
hazardous waste for cleanup, (2) accidental damage to nonfederal property, or
(3) other damage to federal property. In these cases, no monetary damages are
being sought, but rather plaintiffs generally seek that the government either take
or cease particular actions, which if the claims are successful, could cost the
government significant amounts of money to comply.
An example is a claim that was brought against the Department of Energy over
its classification of certain radioactive waste for disposal. Because the
classification affected how the waste could be disposed of and thus the cost of
disposal, a successful claim could have resulted in a material increase in the
entity’s environmental liabilities. Auditors should make inquiries of management
and legal counsel to determine whether the entity has such cases that could
create a loss contingency, and whether the entity considered those cases in
determining the amount of liability to be reported or disclosed per table 1002.1. If
such cases exist, the auditor should apply the audit procedures in FAM 1002 to
these cases as well.
.12 Based on AU-C 501.19 and .20, the auditor should perform procedures to
corroborate the information management provides, including seeking direct
communication with the entity’s legal counsel through a legal counsel request
prepared by management and sent by the auditor requesting that legal counsel
communicate directly with the auditor. The auditor may assist management with
preparing this request. The auditor should also request management to authorize
the entity’s legal counsel to discuss applicable matters with the auditor (AU-C
501.22).
Legal counsel’s response to the legal counsel request is the auditor’s primary
means of corroborating the information furnished by management concerning the
accuracy and completeness of litigation, claims, and assessments. As such, the
auditor should document the basis for any determination not to seek direct
communication with the entity’s legal counsel (AU-C 501.21).
Inquiries of Legal Counsel
.13 Most federal entities have a general counsel (i.e., in-house legal counsel) who
has primary responsibility for and knowledge about the entity’s litigation, claims,
and assessments. The auditor should ask management or the entity’s general
counsel whether the entity uses external legal counsel whose engagement may
be limited to particular matters (e.g., specific litigation).
In the federal government, the main legal counsel outside of the entity is the
Department of Justice. 9 Management, the entity’s general counsel, or the auditor
may consult with Justice and other external legal counsels to verify completeness
and accuracy of the presentation of matters related to litigation, claims, and
assessments. Such consultation may include requesting a list of pending
litigation, claims, and assessments from Justice or other external legal counsel or
discussion of specific cases.
.14 The auditor should ask the entity to request that its general counsel cover all
litigation, claims, and assessments, including matters handled by Justice and
other external legal counsel on behalf of the entity. If Justice or other external
legal counsel has overall responsibility for handling and evaluating the entity’s
litigation, claims, and assessments, the auditor should also seek direct
communication with that counsel through a legal counsel request similar to the
request made to the entity’s general counsel.
.15 When the auditor is aware that the entity has changed legal counsel or that the
legal counsel previously engaged by the entity has resigned, the auditor should
consider making inquiries of management or others about the reasons such legal
counsel is no longer associated with the entity (AU-C 501.24).
9The Accounting and Auditing Policy Committee (AAPC) guidance (Technical Release No. 1) clarifies FASAB
Interpretation No. 2, with respect to Justice’s role related to legal counsel responses for cases in which Justice’s legal
counsels handle legal matters on behalf of other federal reporting entities. The legal counsel response from the
entity’s general counsel may provide sufficient evidence for the auditor in such cases. If the auditor determines that
additional evidence is needed about a specific case, the auditor may request that entity management and the legal
counsel send a legal counsel request to Justice, directed to the lead Justice legal counsel handling the case, asking
that counsel to provide a description and evaluation of the case directly to the auditor.

.16 Based on AU-C 501.23, the auditor should request, through the legal counsel
request discussed in FAM 1002.12, that the entity’s legal counsel inform the
auditor of any litigation, claims, and assessments that the counsel is aware of,
and provide an assessment of the outcome of the litigation, claims, and
assessments and an estimate of the financial implications, including losses
involved. The legal counsel request should include, but not be limited to, the
following matters:
a. identification of the entity, including any subcomponents of the entity, and the
date of the audit;
b. a list prepared by management (or a request by management that the legal

counsel prepare a list) that describes and evaluates pending or threatened
litigation, claims, and assessments with respect to which legal counsel has
been engaged and to which legal counsel has devoted substantive attention
on behalf of the entity in the form of legal consultation or representation;
c. a list prepared by management (or by general counsel if general counsel is

part of management) that describes and evaluates unasserted claims and
assessments that management considers to be probable of assertion and
that, if asserted, would have at least a reasonable possibility of an
unfavorable outcome with respect to which legal counsel has been engaged
and to which legal counsel has devoted substantive attention on the entity’s
behalf in the form of legal consultation or representation;
d. regarding each matter listed in item b, a request that legal counsel either
provide the following information or comment on those matters on which legal
counsel’s views may differ from those stated by management, as appropriate:
i. a description of the nature of the matter, the progress of the case to date,
and the action that the entity intends to take (for example, to contest the
matter vigorously or to seek an out-of-court settlement);
ii. an evaluation of the likelihood of an unfavorable outcome and an

estimate, if one can be made, of the amount or range of potential loss;
and
iii. with respect to a list prepared by management (or by legal counsel at

management’s request), an identification of the omission of any pending
or threatened litigation, claims, and assessments or a statement that the
list of such matters is complete;
e. regarding each matter listed in item c, a request that legal counsel comment
on those matters on which legal counsel’s views concerning the description
or evaluation of the matter may differ from those stated by management;
f. a statement that management understands that whenever, in the course of

performing legal services for the entity with respect to a matter recognized to
involve an unasserted possible claim or assessment that may call for financial
statement disclosure, legal counsel has formed a professional conclusion that
the entity should disclose or consider disclosure concerning such possible
claim or assessment, legal counsel, as a matter of professional responsibility

to the entity, will so advise the entity and will consult with the entity
concerning the question of such disclosure and the requirements of the
applicable financial reporting framework (U.S. GAAP);
g. a request that legal counsel confirm whether the understanding described in

item f is correct;
h. a request that legal counsel specifically identify the nature of, and reasons
for, any limitation on the response; and
i. a request that legal counsel specify the effective date of the response.
.17 The auditor should ask the entity to request that its legal counsel include in the
response all entity components included in the financial statements being
audited. Additionally, legal counsel generally should indicate the disposition of
cases included in prior year’s legal counsel response that are no longer
contingencies.
.18 The legal counsel request should be on the entity’s letterhead, signed by the
CFO or equivalent. The legal counsel request should be sent by the auditor and
ask that the response be sent directly to the auditor with a copy to management
by specified due dates (see FAM 1002.33–.36 for guidance on timing of legal
counsel requests and responses). FAM 1002 B provides an example legal
counsel request.
Agree on Materiality Level for Legal Inquiries
.19 The auditor and the entity may agree to limit the legal inquiry to matters that are
considered individually or collectively material to the financial statements,
provided that the entity and the auditor have reached an understanding on the
materiality level. The auditor should ask the entity to indicate the materiality level,
if used, in the legal counsel request, and the entity should ask legal counsel to
include the materiality in the response.
.20 In determining a legal counsel materiality, the auditor and the entity should set
the level sufficiently low so that the cases not included in the legal counsel
response would not be material to the financial statements as a whole when
aggregated with
a. other cases not included in the legal counsel response,
b. all other types of contingencies,
c. all other items that would not be adjusted because they are judged immaterial
(unadjusted misstatements),
d. all other amounts in the financial statements that would not be tested directly
because they were judged to be immaterial, and
e. all other items resolved on the basis of materiality considerations.

For example, a threshold that is 5 percent (or less) of performance materiality
may be sufficiently low.
.21 In aggregating cases, the auditor and the entity may use two levels of
aggregation. First, similar cases are aggregated (such as employment
discrimination cases, harbor maintenance fee cases, spent nuclear fuel cases, or
military promotion board challenges), treated as a group, and the auditor should
compare the total with the individual materiality level. The aggregation generally
includes a list of the individual cases and a discussion of the information on the
aggregated cases included in the legal counsel response (see FAM 1002 C).
Second, cases not included in the legal counsel response individually or as part
of a group of similar cases are aggregated. The auditor may use a higher
materiality level for such an aggregation. However, the auditor may set this
higher materiality level sufficiently low so that the cases not included in the legal
counsel response would not be material to the financial statements as a whole
when aggregated with the other items listed in the previous paragraph.
.22 Where the entity engages more than one legal counsel, the entity and the auditor
should determine whether matters considered not material individually would
exceed the materiality limit when aggregated. In addition, when separate legal
counsel responses are requested on individual components (such as bureaus or
offices) of a consolidated entity because of individual component audits, the
auditor may determine materiality levels for each component.
Evaluation of Legal Counsel Responses
.23 The legal counsel response on legal counsel letterhead is sent to the auditor with
a copy to management by specified due dates. Legal counsel may indicate that
the response is provided for the auditor’s use in connection with the audit. See
FAM 1002 C for an example legal counsel response.
.24 The legal counsel response should include matters that existed at the date of the
financial statements being reported on and during the period from the date of the
financial statements to the date the information is furnished. See FAM 1002.33
through .36 for additional guidance on the timing of legal counsel requests and
responses.
.25 Written responses from legal counsel will vary considerably in scope of
information provided and opinions expressed. Guidance on preparing responses
is contained in the American Bar Association’s (ABA) Statement of Policy
Regarding Lawyers’ Responses to Auditors’ Requests for Information (ABA
statement) (included in its entirety in AU-C 501 Exhibit A). Although the ABA
statement says that legal counsel “may in appropriate circumstances
communicate to the auditor his view that an unfavorable outcome is ‘probable’ or
‘remote,’” legal counsel is not required to use those terms in communicating the
evaluation to the auditor (AU-C 501.A66). See AU-C 501.A66 for examples of
responses the auditor may receive that are either unclear or provide sufficient
clarity using other general terms.
.26 The auditor should evaluate each legal counsel response in terms of sufficiency
as evidence and consider (a) the possible limitations on the scope of the

response and (b) the lack of sufficient opinion on the resolution of a case. The
auditor should evaluate any “unable to determine” and vague and unclear
responses. The auditor also should evaluate the legal counsel response in light
of any other information that comes to the auditor’s attention. See AU-C 501.A66
for additional guidance on evaluating legal counsel responses.
.27 To avoid unclear and incomplete responses, the auditor generally should ask
management to request that legal counsel use Justice’s standard forms to
describe legal contingencies. 10 FAM 1002 C provides an example of a legal
counsel response that uses Justice’s legal contingency standard forms for each
case or group of cases. If used, the auditor should verify that current forms were
used.
.28 When legal counsel does not indicate whether the unfavorable outcome is
probable or remote, (a) management and the auditor should conclude that the
outcome is reasonably possible and (b) management should determine the
disclosure. If the auditor is not certain about legal counsel’s evaluation, the
auditor should discuss the matters with legal counsel and management (and
document the oral discussion), obtain written clarification from legal counsel, or
do both. Sometimes legal counsel may give a clearer indication of likelihood
orally. If legal counsel is unable to give a clear evaluation of the likelihood of an
unfavorable outcome, management should disclose the uncertainty, and the
auditor should evaluate the uncertainty’s effect on the audit report.
.29 In circumstances in which legal counsel is unable to respond concerning the

likelihood of an unfavorable outcome of litigation, claims, and assessments or the
amount or range of potential loss due to inherent uncertainties, the auditor
generally should conclude that the financial statements are affected by an
uncertainty concerning the outcome of a future event, which is not susceptible to
reasonable estimation. See FAM 580 for reporting on uncertainties.
Possible Limitations on the Scope of the Legal Counsel Response
.30 When legal counsel limits the response, the auditor should determine whether
the limitation affects the auditor’s report. Legal counsel may appropriately limit
the response to certain matters. For example, legal counsel may limit the
response to matters that (a) legal counsel has given substantive attention to in
the form of legal consultation or representation and (b) counsel determined are
individually or collectively material to the financial statements, provided the entity
and the auditor have reached an understanding on materiality levels. These
limitations are acceptable and do not limit the audit scope.
.31 The following are examples of limitations of legal counsel responses that the
auditor should not accept and that would ordinarily result in a scope limitation:
a. Legal counsel refuses to furnish the requested information. Based on AU-C

501.25, when legal counsel refuses to respond appropriately to the legal
counsel request and the auditor is unable to obtain sufficient appropriate
10Forms can be obtained on Justice’s website at https://www.justice.gov/civil/documents-and-forms (accessed on

May 1, 2023).

audit evidence by performing alternative audit procedures, or management
refuses to give the auditor permission to communicate or meet with the
entity’s legal counsel, the auditor should modify the opinion in the auditor’s
report in accordance with AU-C 705.
b. Legal counsel excludes information requested. The legal counsel response

may not address all information requested. The auditor should compare the
legal counsel response to the legal counsel request and determine whether
legal counsel addressed all of the information requested. If legal counsel has
excluded any of the requested information, the auditor should obtain the
needed information from legal counsel. If the auditor is unable to obtain all
the needed information, the auditor should evaluate this as a scope limitation
that could be sufficient to preclude an unmodified opinion.
c. Legal counsel indicates that certain information is being withheld due to

attorney-client privilege. Under the ABA Model Rules of Professional
Conduct, legal counsel is required to preserve the confidences of the client.
Legal counsel may disclose confidences to the auditor only with the consent
of the client. If the legal counsel request is prepared in accordance with
AU-C 501, the auditor should expect that legal counsel will respond;
otherwise the scope of the audit would be restricted. On the other hand,
explanatory language in the legal counsel request or legal counsel response
emphasizing that management or legal counsel does not intend to waive
attorney-client privilege or attorney work-product privilege does not result in a
scope limitation.
Review of Management Schedule
.32 OMB audit guidance requires entities to prepare a management schedule

documenting how the information contained in the legal counsel response was
considered in preparing the financial statements (see FAM 1002.08). The auditor
should verify that management prepared this schedule. In particular, the auditor
should determine whether management has concluded on the likelihood of loss
for each case, in order to determine whether (a) an amount should be reported in
the financial statements, (b) a note disclosure is necessary, or (c) both. Although
most of the information in the management schedule comes directly from the
legal counsel response, the auditor should determine whether management has
accurately summarized the amounts in the management schedule so that the
disposition of each case can be properly reflected in the financial statements. If
there are differences between management’s and legal counsel’s determinations,
the auditor should obtain sufficient appropriate evidence to support the reasons
for the differences.
Timing of Legal Counsel Requests and Responses
.33 Based on AU-C 501.A54, it is preferable that the legal counsel response be as
close to the date of the auditor’s report as practicable in the circumstances, and
the auditor may specify the effective date of the response to reasonably
approximate the date of the auditor’s report to avoid the need to obtain updated
information from legal counsel. Based on AU-C 501.A55, the auditor may also
specify the earliest acceptable effective date of the legal counsel response and

the latest date by which it is to be sent to the auditor. If the effective date of the
legal counsel response is substantially in advance of the auditor’s report date (for
example, earlier than 2 weeks before this date), the auditor should obtain an
updated legal counsel response.
.34 To assist the auditor in completing the review of legal matters in a timely manner
(and to assist management in preparing the financial statements), the auditor
may ask management to request that legal counsel submit a preliminary or
interim response covering matters that existed at an interim date so that a
preliminary evaluation of the significance of material legal matters can be made.
This is particularly applicable to large entities with numerous and complex
cases. 11
If an interim response is used, the auditor should ask management to request

that legal counsel submit a final or updated response covering matters from the
interim date through a date as close to the auditor’s report date as practicable in
the circumstances. Management should request that the updated response
contain only changes and any new matters or a statement indicating that there
are no changes or new matters from the interim response through the date of the
updated response. See FAM 1002 B for an example legal counsel request that
includes requests for interim and updated responses from legal counsel.
.35 The auditor may determine that it is appropriate to make inquiries of legal
counsel and document whether material changes have occurred from the date of
the legal counsel response or updated response to the date of the auditor’s
report. However, if the auditor becomes aware of new matters or aware of
material changes in the status of existing matters or management’s evaluation of
the outcome, the auditor should obtain a written confirmation or updated
response from legal counsel.
.36 To meet deadlines, the auditor, management, and legal counsel generally should
coordinate the timing of legal counsel requests, responses (including interim
responses), and related management schedules. The auditor and management
should determine the due dates for responses from component units for the
entity’s financial statements as well as for the U.S. government’s consolidated
financial statements. In setting the due dates, the auditor and management
generally should consult with Justice’s legal counsel, if applicable.
In addition, for audits of group financial statements, the group auditor and
component auditor generally should coordinate the timing of legal counsel
requests, responses, and management schedules, and determine the due dates
for the component financial statements as well as the group financial statements.
The group auditor generally should receive copies of the legal counsel responses
and management schedules from the component auditors by these due dates.
For significant entities, 12 OMB audit guidance requires the office of inspector
11The Treasury Financial Manual (TFM) provides guidance for significant entities to submit their interim and final legal
counsel responses, which the Department of the Treasury updates annually through its Year-end Closing Bulletin.
For a listing of its published bulletins, see https://tfm.fiscal.treasury.gov/v1/bull.
12See TFM vol. 1, pt. 2, ch. 4700 (TFM 2-4700), for a listing of federal entities identified as significant to the U.S.
government’s consolidated financial statements (significant entities).

general to submit interim and updated responses and management schedules to
specified parties by specific dates established by the Department of the
Treasury.

1002 A – Example Audit Procedures for Litigation, Claims, and Assessments
1002 A – Example Audit Procedures for Litigation, Claims,

and Assessments
Entity ______________________________________________________________________
Period of financial statements ___________________________________________________
Job code ___________________________________________________________________
Initials
and Doc.
Example audit procedures date ref.
I. Testing procedures
1) Ask management about the entity’s policies and procedures for

identifying, evaluating, and accounting for litigation, claims, and
assessments.
2) Obtain from management (or the entity’s legal counsel) a
description and evaluation of litigation, claims, and assessments
that existed at the date of the financial statements being reported
on and during the period from the date of the financial statements to
the date the information is furnished.
3) Inquire of management or the entity’s general counsel whether the

entity uses external legal counsel whose engagement may be
limited to particular matters (e.g., specific litigation). Ask
management for a list of pending litigation, claims, and
assessments from the Department of Justice and other external
legal counsel, if any. Review related correspondence, legal
expense accounts, and invoices.
4) Ask management whether there have been changes in the status of

the general counsel or external legal counsel, such as resignations
or intentions to resign. If so, inquire of management or others about
the reasons for the resignation or intention to resign. For example,
in appropriate circumstances, a legal counsel may be permitted by
rules of professional conduct to resign if the legal counsel’s advice
is disregarded by the entity.
5) To identify litigation, claims, and assessments, review minutes of

meetings of those charged with governance; documents obtained
from management concerning litigation, claims, and assessments;
and correspondence between the entity and its legal counsel. The
auditor may also read contracts and other agreements and leases,
noncompliance with which could have a material effect on the
Initials
and Doc.
6) If information comes to the auditor’s attention that indicates a

potential contingency requiring adjustment to or disclosure in the
financial statements with respect to litigation, claims, or
assessments, discuss with the entity the need to consult legal
counsel. Depending on the severity of the matter, refusal by the
entity to consult legal counsel may result in a modification of the
opinion in the auditor’s report. Determine the effect of such
limitation on the auditor’s report.
7) Request that management prepare a legal counsel request to be

sent by the auditor to the entity’s general counsel asking that the
counsel communicate directly with the auditor. The request should
cover all litigation, claims, and assessments, including matters
handled by Justice or other external legal counsel on behalf of the
entity. If Justice or other external legal counsel has overall
responsibility for the entity’s litigation, claims, and assessments,
also request a legal counsel response from that counsel. (See FAM
1002 B for an example legal counsel request.)
Coordinate with management and legal counsel to determine
• the timing of legal counsel requests, responses, and related

management schedules and
• a materiality level to be included in the legal counsel response.
8) Read the legal counsel response and management schedule to

identify litigation, claims, and assessments.
9) Compare the description and evaluation of the current year’s legal

counsel response to the prior year’s audit documentation. If this
comparison indicates that certain legal matters in the prior year are
no longer included, discuss these matters with management or
legal counsel to obtain an understanding of the reasons for the
changes.
10) Determine whether the information in the legal counsel response is

consistent with the related management schedule. If there are
differences between management’s and legal counsel’s
determinations, obtain sufficient appropriate evidence to support the
reasons for the differences.
11) Document and discuss with the entity’s legal counsel if the
information obtained is not complete, clear, or consistent.
Initials
and Doc.
12) Evaluate the legal counsel response and determine the effects of
the response on liabilities and related note disclosures in the
financial statements and on the auditor’s report.
13) If the effective date of the response is substantially in advance of

the auditor’s report date, for example, an interim response or a
response earlier than 2 weeks before the auditor’s report date,
obtain an updated written response.
The auditor may determine that it is appropriate to make inquiries of

legal counsel and document whether material changes have
occurred from the date of the legal counsel response or updated
response to the date of the auditor’s report. However, if the auditor
becomes aware of new matters or aware of material changes in the
status of existing matters or management’s evaluation of the
outcome, the auditor should obtain a written confirmation or
updated response from legal counsel.
II. Reporting procedures
1) Obtain representation from management in the management

representation letter related to litigation, claims, and assessments
(see FAM 1001).
2) Read the entity’s financial statements and notes.
a) Determine whether contingencies for litigation, claims, and

assessments are properly reported in the financial
statements.
b) Evaluate the adequacy of note disclosures for these

contingencies, including whether they are prepared in
accordance with OMB reporting guidance.
c) For entities involved in litigation for which the Judgment Fund

is a likely source of judgment or settlement, determine if a
note to the financial statements discusses the Judgment
Fund’s role in the payment of a possible loss, as required by
FASAB Interpretation No. 2, Accounting for Treasury
Judgment Fund Transactions.
3) Document conclusions reached concerning the accounting for and

disclosure of litigation, claims, and assessments; determine if
adjustments are necessary and whether modification of the auditor’s
report is necessary (see FAM 580).
1002 B – Example Legal Counsel Request
[Audited Entity Letterhead]
[Date]
[General Counsel]
[Entity or Firm Name]
[City]
Subject: [Auditor’s] Audits of 20XX and 20XX Financial Statements
Pursuant to [cite applicable legal authority to conduct the audit, such as 31 U.S.C. §
3521], [auditor’s name] is auditing the financial statements of [Entity] as of and for the years
ended September 30, 20XX, and 20XX. In performing financial statement audits of government
entities, auditors comply with Government Auditing Standards, issued by the Comptroller
General of the United States. Government Auditing Standards incorporates the Statements on
Auditing Standards promulgated by the Auditing Standards Board of the American Institute of
Certified Public Accountants (AICPA).
Consistent with AU-C 501, Audit Evidence – Specific Considerations for Selected Items, of
the AICPA’s Codification of Statements on Auditing Standards, [auditor] has inquired about
litigation, claims, and assessments to obtain evidence of the financial accounting and
reporting of such matters in the financial statements. The purpose of this request is to obtain
your assistance in responding to that inquiry and to provide our consent to furnish our auditor
with the information requested herein. The American Bar Association’s Statement of Policy
Regarding Lawyers’ Responses to Auditors’ Requests for Information (December 1975)
provides guidance for a lawyer’s response to an auditor’s request.
In accordance with Statement of Federal Financial Accounting Standards (SFFAS) 5,

Accounting for Liabilities of the Federal Government, as amended by SFFAS 12, and
Interpretation No. 2 of SFFAS 4 and 5, [Entity] may need to report certain information in its
financial statements and notes concerning contingencies for litigation, claims, and assessments.
We request that you provide [auditor] (with a copy to me) information on matters with respect to
which you have been engaged and to which you have devoted substantive attention on behalf
of [Entity] in the form of legal consultation or representation.
Please furnish an interim response to our auditor by [due date], including matters that existed
as of [date appropriate for the audit]. Our auditor would appreciate receiving your updated or
final response by [due date] that includes matters that existed at [date of financial
statements] and during the period from that date through the effective date of your response,
which should be no earlier than [effective date]. The final response should separately identify
any new matters or significant changes from the interim response, or include a statement that
there are no new matters or significant changes, and should specify the effective date of the
response. (Note: The auditor and the entity should determine whether to request an
interim legal counsel response based on the circumstances of the audit. Refer to FAM
1002.34.)
Please include any cases 13 with respect to which you have been engaged and to which you
have devoted substantive attention on behalf of [Entity] in the form of legal consultation or
representation, including those cases for which you believe the Judgment Fund or other
external financing source will pay any potential loss. Under U.S. generally accepted accounting
principles, these amounts will be included as liabilities or disclosure items in [Entity]’s financial
statements. Please aggregate cases similar in nature where appropriate. Please list the matters
in order of the amount of potential loss, starting with the largest.
Pending or Threatened Litigation, Claims, and Assessments (Excluding Unasserted Claims)
We have determined that any matters for which (1) the amount of potential loss exceeds
[$XX], individually or in the aggregate for similar cases, or (2) the amount of potential loss
exceeds [$XXX] in the aggregate for cases not listed individually or as part of similar cases
could be material to the financial statements. We request that you provide to [auditor] the
information described below about pending or threatened litigation, claims, and assessments
where the amount of potential loss exceeds these amounts:
1. The nature of the matter. Include a description of the case or cases and amount claimed, if
specified.
2. The progress of the case to date.
3. The government’s response or planned response (for example, to contest the case
vigorously or to seek an out-of-court settlement).
4. An evaluation of the likelihood of unfavorable outcome. Please categorize likelihood as

probable (an unfavorable outcome is likely to occur), reasonably possible (the chance of an
unfavorable outcome is less than probable but more than remote), or remote (the chance of
an unfavorable outcome is slight).
5. An estimate of the amount or range of potential loss, if one can be made, for losses
considered to be probable or reasonably possible.
6. The name of [Entity]’s legal counsel handling the case and names of any external legal
counsel/other lawyers representing or advising the government in the matter (e.g., the
Department of Justice or external law firms).
Additionally, please provide a statement that the list of such matters is complete.
We also request that you identify litigation reported in your prior-year response letter as
pending or threatened that is no longer pending or threatened and a short description of the
disposition.
Unasserted Claims and Assessments [Considered by management to be probable of

assertion and that if asserted would have at least a reasonable possibility of an
unfavorable outcome]
(Note: If legal counsel is a part of management use this paragraph to request a list of
13
This includes any cases that do not seek monetary damage awards, but would require the government to use
financial resources to implement remedies or actions sought by litigation or unasserted claims (for example, to
increase the scope of, or change to a more costly methodology of, environmental restoration and cleanup).
unasserted claims instead of the next paragraph.) For all unasserted claims and
assessments that you consider to be probable of assertion and that if asserted would have at
least a reasonable possibility (more than remote) of an unfavorable outcome for which (1) the
amount of potential loss exceeds [$XX], individually or in the aggregate for similar cases, or
(2) the amount of the potential loss exceeds [$XXX] in the aggregate for cases not listed
individually or as part of similar cases, please provide the following information:
1. A description of the nature of the matter.
2. The government’s planned response if the claim is asserted.
3. An evaluation of the likelihood of an unfavorable outcome. (Categorize likelihood as

probable (likely to occur) or reasonably possible (less than probable but more than remote).)
4. An estimate of the amount or range of potential loss, if one can be made.
Also, please include a statement that the list of such matters is complete.
(Note: If legal counsel is not part of management, such as an external legal counsel, use
this paragraph instead of the previous paragraph and attach management’s listing of
unasserted claims.) We have provided an attachment to this request that lists the unasserted
claims and assessments involving matters to which you have devoted substantive attention that
we consider to be probable of assertion and that if asserted would have at least a reasonable
possibility (more than remote) of an unfavorable outcome for which (1) the amount of potential
loss exceeds [$XX], individually or in the aggregate for similar cases, or (2) the amount of
potential loss exceeds [$XXX] in the aggregate for cases not listed individually or as part of
similar cases. Please provide to [auditor] information or explanations, if any, that you consider
necessary to supplement the attached information, including an explanation for any matters for
which your views differ from those stated in the attachment. Please provide the following
information for any additional matters that you believe meet these criteria or include a statement
that the list of such matters provided by management is complete:
1. A description of the nature of the matter.
2. The government’s planned response if the claim is asserted.
3. An evaluation of the likelihood of an unfavorable outcome. (Categorize likelihood as

probable (likely to occur) or reasonably possible (less than probable but more than remote).)
4. An estimate of the amount or range of potential loss, if one can be made.
We understand that whenever, in the course of performing legal services for us with respect to
matters recognized to involve an unasserted possible claim or assessment that may call for
financial statement disclosure, you have formed a professional conclusion that we should
disclose or consider disclosure concerning such possible claim or assessment, as a matter of
professional responsibility to us, you will so advise us and will consult with us concerning the
question of such disclosure and the applicable requirements of SFFAS 5, as amended. Please
specifically confirm to [auditor] that our understanding is correct.
We request that you describe the cases using the following Department of Justice forms:
(1) Pending or Threatened Litigation, (2) Unasserted Claims and Assessments, and (3) Claims
Reported in Prior Year That Are No Longer Pending. The current forms and instructions are
available at http://www.justice.gov/civil/common/Legalrepletters_nonDOJ.html. (Note: Update
link as necessary.)
With respect to those matters that you have been engaged and to which you have devoted
substantive attention on behalf of [entity] in the form of legal consultation or representation,
please separately identify any pending or threatened litigation and unasserted claims, along with
the name of the other governmental entity(s) that you believe to be defendants and responsible
for any potential liability.
Please specifically identify the nature of and reasons for any limitations in your response to this
request.
Please address your reply to [Insert name, Director, GAO, or commensurate inspector
general official], and contact [him/her] at [phone number], when your reply is available for
pick up and send a copy of your reply to me. Do not hesitate to contact me or [auditor] if you
have any questions about this request.
1002 C – Example Legal Counsel Response

[General Counsel Letterhead]
[Date]
[Auditor]
[Title]
[Entity or Firm Name]
[City]
Subject: Legal Counsel Response in Connection with the 20XX and 20XX Financial Statement
Audits of [Entity]
Dear [Auditor]:
As General Counsel of [Entity], I am writing in response to the legal counsel request from
[Entity]’s Chief Financial Officer (CFO) dated [date], in connection with the audit of [Entity]’s
financial statements as of and for the years ended September 30, 20XX, and 20XX. [In an
interim response, add “I will, as further requested by the CFO, provide an updated
response by [date].”]
I call your attention to the fact that as General Counsel for [Entity], I have general supervision
of [Entity]’s legal affairs. [If the general legal supervisory responsibilities of the person
signing the response letter are limited, set forth a clear description of those legal matters
over which the signer exercises general supervision, indicating exceptions to such
supervision and situations where the auditor may primarily rely on other sources.] In
such capacity, I have reviewed litigation, claims, and assessments threatened or asserted
involving [Entity] and have consulted with external legal counsel about them when I have
deemed it appropriate.
Subject to the foregoing and to the last paragraph of this response letter, I advise you that since
[insert date of beginning of period under audit] neither I, nor any of the lawyers over whom I
exercise general legal supervision, have given substantive attention to or represented [Entity]
in connection with (1) loss contingencies [over the amount of (state the legal counsel
materiality agreed to with auditor and stated in the legal counsel request, for example, $1
million for cases listed individually or in the aggregate for similar cases)], or (2) loss
contingencies that are less than or equal to [for example, $1 million] but in the aggregate
exceed [for example, $5 million for cases not listed individually or as part of similar
cases] coming within the scope of clause (a) of paragraph 5 of the Statement of Policy referred
to in the last paragraph of this response letter, except as follows:
[Describe litigation, claims, and assessments that fit the foregoing criteria as follows.
General Counsel should use current Department of Justice forms to describe the cases
(one for pending or threatened litigation, another for unasserted claims and
assessments); see the Department of Justice website at
http://www.justice.gov/civil/common/Legalrepletters_nonDOJ.html (accessed on May 1,
2023). 14]
14It is expected that cases or matters will be aggregated where appropriate.
Pending or Threatened Litigation, Claims, and Assessments
(Excluding unasserted claims and assessments, which are discussed below.)
1. Nature of the matter (include a description of the case or cases and amount claimed, if
specified).
2. Progress of the case to date.
3. Current or intended response.
4. Evaluation of the likelihood of an unfavorable outcome (categorize likelihood as probable,

reasonably possible, or remote).
5. Estimated amount or range of potential loss, if determinable, for losses considered to be

probable or reasonably possible.
6. Name of [Entity]’s legal counsel handling the case and names of any external legal counsel
representing or advising the government in the matter.
[Identify omission of any pending or threatened litigation, claims, and assessments or

add a statement that the list of such matters is complete.]
Pending or threatened litigation that was reported in the prior year’s response letter, which is no
longer pending or threatened, is as follows:
[Identify litigation with a short description of its disposition.]
With respect to matters that have been specifically identified as contemplated by clauses (b) or
(c) of paragraph 5 of the American Bar Association’s (ABA) Statement of Policy Regarding
Lawyers’ Responses to Auditors’ Requests for Information (December 1975), I advise you,
subject to the last paragraph of this response letter, as follows.
Unasserted Claims and Assessments
(Considered to be probable of assertion and that if asserted would have at least a reasonable
possibility of an unfavorable outcome.)
1. Nature of the matter.
2. Intended response if claim would be asserted.
3. Evaluation of the likelihood of an unfavorable outcome. (Categorize likelihood as probable or

reasonably possible.)
4. Estimated amount or range of potential loss, if determinable.
*****
The information set forth herein is as of the date of this response letter OR [as of [insert date],
the effective date on which we commenced our internal review procedures for purposes
of preparing this response], except as otherwise noted. [If an interim response, add “Upon
receipt of a request to update the response, I will provide an updated response, which is
due on [date],”] [If a final response: I disclaim any undertaking to advise you of changes
that after the date of this response letter, may be brought to my attention or the attention
of lawyers over whom I exercise general legal supervision.]
(The following language is generally consistent with AU-C 501 Exhibit A.)
This response is limited by, and in accordance with, the ABA Statement of Policy Regarding
Lawyers’ Responses to Auditors’ Requests for Information (December 1975). Without limiting
the generality of the foregoing, the limitations set forth in such statement on the scope and use
of this response (paragraphs 2 and 7) are specifically incorporated herein by reference, and any
description herein of any “loss contingencies” is qualified in its entirety by paragraph 5 of the
statement and the accompanying commentary (which is an integral part of the statement).
Consistent with the last sentence of paragraph 6 of the ABA Statement of Policy Regarding
Lawyers’ Responses to Auditors’ Requests for Information (December 1975), this will confirm as
correct [Entity]’s understanding that whenever, in the course of performing legal services for
[Entity] with respect to a matter recognized to involve an unasserted possible claim or
assessment that may call for financial statement disclosure, I have formed a professional
conclusion that [Entity] must disclose or consider disclosure concerning such possible claim or
assessment. I, as a matter of professional responsibility to [Entity], will so advise [Entity] and
will consult with [Entity] concerning the question of such disclosure and the applicable
requirements of Statement of Federal Financial Accounting Standards (SFFAS) 5, Accounting
for Liabilities of the Federal Government, as amended by SFFAS 12, and Interpretation No. 2 of
SFFAS 4 and 5.
[Describe any other or additional limitation as indicated by paragraph 4 of the statement.]
Sincerely yours,
_______________________________________
[Name of General Counsel]

[Title]
cc: Chief Financial Officer
Attachments (DOJ forms or other case information)
1002 D – Example Management Schedule

OMB audit guidance requires entity management to document in a schedule how the information contained in the legal counsel response was considered in preparing the financial statements. Management should include
each case discussed in the legal counsel response and (1) indicate the amount accrued for probable cases and (2) include information to support the note disclosure for reasonably possible cases and “unable to determine”
cases, probable cases where the amount cannot be estimated, and probable cases where a range of amounts above the accrued amount is estimated. The financial reporting treatment for cases where the likelihood of future
outflow or other sacrifice of resources is assessed as “unable to determine” should be consistent with the disclosure requirements for reasonably possible cases. Per the Treasury Financial Manual, entities significant to the
consolidated financial statements of the U.S. government should avoid excessive use (and misuse) of the “unable to determine” assessment. This likelihood should only be used to categorize cases for which the general
counsel is unable to express an opinion because of inherent uncertainties.
Management's Schedule of Information Contained in the Legal Counsel Response

for Financial Reporting Purposes
Effective Date:
Reported in Actual Amounts
Name of Name of
Component Component
Entity (list component entities separately to the right, if applicable): A B
Entity materiality level for reporting (ensure consistency with
underlying legal counsel response):
Individual cases or the aggregate for similar cases
Cases not listed individually or as part of a group of similar
cases
Points of Contact:
Management Schedule - Name, email address, phone
number
Legal Counsel Response - Name, email address, phone
number
Fiscal Service reference key, if a
significant entity
1
(must correspond to same case from
Remote
cases - 3
cases - 3
cases - 3
cases - 3
Total # of
Total # of
Total # of
Total # of
Probable
interim to final)
14
13
12
11
10
9
8
7
6
5
4
3
2
1
Entity reference key
2
Updated May 2023

Unable to Determine
Reasonably Possible
Name of case/
3
related cases
(a) Type of contingency

(legal or legal-environmental)
4
Unasserted Claims and Assessments

***insert rows here as necessary***
(b) Description of Contingency
Total Unable to Determine

Total Reasonably Possible
Total Probable
Total Remote
Amount claimed
5
Likelihood of loss
Probable/
6
Reasonably Possible/
Remote/
Unable to Determine
(a) P
(b) RP
7
Potential Loss
(c) Upper
last column if Unknown]
Estimated Amount or Range of
(d)
[enter single amount in dollars, or "U" in
Unknown
Is assessment of case(s) on the

management schedule consistent with
8
the assessment of case(s) by general

counsel in the supporting interim or
updated legal counsel response?
Provide a brief description of

9
inconsistencies noted in column 8.
Is the legal case considered a "shared

10
case" with another entity?
Is this case related to a treaty or

11
international agreement?
12
Sheet
Amount
Balance
recorded on
GAO/CIGIE Financial Audit Manual

Statements
13
Note
(enter
Disposition in Financial
financial
statement
disclosure
note number)
For amounts recorded in column 12 and

note disclosures indicated in column 13,
did the entity record/disclose the
estimated loss (i.e., dollar amounts) for
14
probable and reasonably possible cases

in accordance with requirements in
SFFAS No. 5, paras. 38-41?
Do the amounts recorded in column 12

and note disclosures indicated in
15
column 13 agree with the amounts in

column 7?
Provide an explanation for any "No"

16
responses in columns 14 and/or 15.
If updates to case(s) were provided in

the final legal counsel response, were
these updates related to likelihood of
loss, estimated amount or range of
17
potential loss, new case, no longer

pending, progress update, other, or no
updates since interim? (This
requirement only applies to the final
management schedule.)
Provide a brief description of the update
18
entered in column 17.
If the lead counsel for the case is

external to the entity (e.g., DOJ), does
the lead counsel concur with the entity's
19
assessments of the likelihood of loss

and estimated amount or range of
potential loss? If the lead counsel is not
external to the entity, input "N/A."
Provide an explanation for any "No"
20
responses in column 19.

Page 1002 D-2
15
Total # of Total Unasserted Claims and
claims - 3 Assessments
Reconciliation - Management Schedule to Financial

Statements
Management Schedule Financial Statements or
totals other totals Variance Explanation for variance
Accrued probable
Probable low end of range
Probable high end of range
Reasonably possible low end of range

Reasonably possible high end of range
Instructions for Management Schedule Completion (by column):
(1) Fiscal Service Reference Key (if a significant entity) - Assign a numeric value to each case that will be used by the Department of the Treasury’s Bureau of the Fiscal Service to identify the matter throughout the legal counsel response reporting process for the
current fiscal year. This value will not change from interim through the final legal counsel response update.
(2) Entity Reference Key - Enter the entity's reference number for identifying the case(s) listed on each line. This represents the page number of the legal counsel response obtained from general counsel discussing the case, or other reference information.
(3) Name of case/related cases - Enter the case name or name of aggregated cases from field 1 on DOJ’s “Pending or Threatened Litigation” form or for unasserted claims and assessments, enter the name of the matter from field 1 on DOJ’s “Unasserted Claims
and Assessments” form.
(4) (a) Type of contingency – Enter either “legal” or “legal-environmental”

(b) Description of contingency - Enter a description of the case(s) from field 2 on DOJ’s “Pending or Threatened Litigation” form or from DOJ’s “Unasserted Claims and Assessments” form.
(5) Amount claimed - If specified, enter the claim amount (single dollar estimate) for the litigation, claim, or assessment as specified on the supporting legal counsel response prepared by the entity's general counsel.
(6) Likelihood of loss - Indicate management’s evaluation of the likelihood of loss on individual or aggregated cases. Input “Probable” (loss more likely than not to occur, except for pending/threatened ligation and unasserted claims for which loss is likely to occur),
“Reasonably Possible” (the chance of loss is less than probable, but more than remote), “Remote” (the chance of loss is slight), or “Unable to Determine” (per the Treasury Financial Manual, entities significant to the consolidated financial statements of the
U.S. government should avoid excessive use and misuse of the “unable to determine” assessment; this likelihood should only be used to categorize cases for which the general counsel is unable to express an opinion because of inherent uncertainties). The
evaluation should be consistent with the supporting legal counsel response prepared by the entity’s general counsel.
(7) Estimated amount or range of potential loss (should be consistent with the supporting legal counsel response prepared by the entity’s general counsel):
(a) Probable - For single estimate, enter single estimate in Column 7(a) and Column 7(c). For estimated range, enter low end of the range in Column 7(a) and upper end of the range in Column 7(c).
(b) Reasonably Possible - For single estimate, enter single estimate in Column 7(b) and Column 7(c). For estimated range, enter low end of the range in Column 7(b) and upper end of the range in Column 7(c).
(c) Upper - Enter the single estimate or the upper end of the range of potential loss for probable and reasonably possible cases.
(d) Unknown - Enter “U” if estimated amount or range of potential loss cannot be determined.
(8) Is assessment of case(s) on the management schedule consistent with the assessment of case(s) by general counsel in supporting the interim or updated legal counsel response? - Indicate whether the likelihood of loss (Column 6) and estimated amount or
range of potential loss (Column 7) for the case(s) is consistent with the supporting interim or updated legal counsel response prepared by the entity’s general counsel (i.e., responses to fields 5-6 on DOJ’s “Pending or Threatened Litigation” form or to fields
4-5 on DOJ’s “Unasserted Claims and Assessments” form) by entering “Yes – Interim legal counsel response,” “Yes – Updated legal counsel response,” or “No.”
(9) Provide a brief description of inconsistencies noted in column 8. - If entity management’s assessment of likelihood of loss (Column 6) and estimated amount or range of potential loss (Column 7) differs from that of the entity’s general counsel’s (i.e., responses
to fields 5-6 on DOJ’s “Pending or Threatened Litigation” form or to fields 4-5 on DOJ's "Unasserted Claims and Assessments" form), provide a brief description of and explanation for the inconsistency.
(10) In cases in which more than one entity is affected, entities must collaborate with each other on shared cases to ensure appropriate reporting. Responsibility for the case must be allocated among affected entities to ensure that 100 percent of the contingency is
accounted for. Is the legal case considered a "shared case" with another entity?
(11) Is this case related to a treaty or international agreement? - Enter “Yes” or “No.”
(12) Disposition in Financial Statements: amount recorded as a liability on the balance sheet - For probable contingencies that are reasonably estimable, enter the single estimate amount or low end of the range recorded on the entity’s balance sheet.
(13) Disposition in Financial Statements: note disclosure - For probable contingencies where the estimated loss is a range of amounts, provide the financial statement note number where the entity discloses the range and a description of the nature of the
contingency (SFFAS 5, para. 39). For reasonably possible contingencies where the estimated loss amount or range can be reasonably measured, provide the financial statement note number where the entity discloses the nature of the contingency and an
estimate of the possible liability (SFFAS No. 5, paras. 40–41). For probable and reasonably possible contingencies where the estimated loss amount cannot be reasonably measured, provide the financial statement note number where the entity discloses
the nature of the contingency and a statement that an estimate of the potential loss amount cannot be made (SFFAS No. 5, paras. 40–41). For contingencies where the likelihood of loss is not able to be determined and the estimated loss amount cannot be
reasonably measured, provide the financial statement note number where the entity discloses the nature of the contingency and a statement that an estimate of the potential loss amount cannot be made.
(14) For amounts recorded in column 12 and note disclosures indicated in column 13, did the entity record/disclose the estimated loss, that is, dollar amounts, for probable and reasonably possible cases in accordance with requirements in SFFAS No. 5, paras.
38–41, - For probable and reasonably possible contingencies, indicate whether the entity reports, discloses, or both the amounts of potential loss (dollar amounts) on the financial statements, in the notes to the financial statements, or both in alignment with
guidance in SFFAS No. 5, paras. 38–41.
(15) Do the amounts recorded in column 12 and note disclosures indicated in column 13 agree with the amounts in column 7?
(16) Provide an explanation for any “No” responses in column 14, column 15, or both. - Provide an explanation for any instances in which the entity did not record on the financial statements or disclose in the notes to the financial statements contingencies meeting
the criteria for recognition and/or disclosure in SFFAS No. 5, pars. 39-41.
(17) If updates to case(s) were provided in the final legal counsel response, were these updates related to likelihood of loss, estimated amount or range of potential loss, new case, no longer pending, progress update, other, or no updates since interim? - Indicate
whether there were updates to case(s) between the entity’s interim and final legal counsel responses. If there is more than one type of update from interim, input one type of update (i.e., likelihood of loss, estimated amount or range of potential loss, new
case, no longer pending, progress update, or other) and describe all applicable updates in column 18. This requirement only applies to the final management schedule.
(18) Provide a brief description of the update entered in column 17. - Describe updates to likelihood of loss, estimated amount or range of potential loss, and/or other change indicated in column 17. At a minimum, be sure to include any updates to likelihood of loss
and estimated amount or range of potential loss. This requirement only applies to the final management schedule.
(19) If the lead counsel for the case is external to the entity (e.g., DOJ), does the lead counsel concur with the entity's assessments of the likelihood of loss and estimated amount or range of potential loss? If the lead counsel is not external to the entity, input “N/A.”
- For circumstances where the lead representation is external to the entity (e.g., DOJ), indicate whether the lead attorney concurs with the entity's general counsel’s assessments of the case's likelihood of loss and estimated amount or range of potential loss
(i.e., responses to fields 5-6 on DOJ’s “Pending or Threatened Litigation” form or to fields 4-5 on DOJ’s “Unasserted Claims and Assessments” form).
(20) Provide an explanation for any “No” responses in column 19. - Provide an explanation for any circumstances where the entity’s general counsel’s assessments of a case (e.g., likelihood of loss, estimated amount or range of potential loss, or both) differ from
those of the lead counsel handling the case.
1003 – Financial Statement Audit Completion Checklist

Entity: _____________________________________________________________________
Job Code: __________________________________________________________________
Principal Report: ____________________________________________________________
Other Reports (including separate reports to management and testimonies): ______________
___________________________________________________________________________
Instructions
This checklist is intended to help financial statement auditors determine whether they have
complied with GAGAS, clarified AICPA audit standards (AU-Cs), and the FAM. The auditor-in-
charge (AIC) should ensure that this checklist is prepared before the auditor’s report date (i.e.,
audit completion date) and sign in section VII. The assistant director and first partner (audit
director) should review this checklist before the auditor’s report date and also sign in section VII.
For GAO audits, the chief accountant or second partner should review the checklist and sign in
section VIII when the engagement quality control review (second partner review) is completed
before the report release date. While parts of the checklist are useful in audit planning, no
signatures are required on the checklist in the planning phase.
The checklist is a combination of auditing standard objectives and selected procedures related
to the objectives. The checklist does not contain all procedures that should be performed to
meet the audit objectives, and the auditor still has the responsibility to ensure that all FAM
requirements are met.
The detailed questions in this checklist are to be answered “Yes,” “No,” or “N/A (not applicable).”
For most questions, “No” answers indicate departures from professional standards or from the
FAM. The auditor should explain all “No” answers in section VI of this checklist and determine
the effects and significance of “No” answers, including any effects on the auditor’s report.
Auditors should enter “N/A” when an item does not exist or when the item exists but is judged to
be immaterial. Because the checklist is designed for a wide range of financial statement audits,
there may be many “N/A” answers. If the reason why a question is not applicable is not obvious,
the auditor should document the reason on the checklist or in an attachment. It is not necessary
to create additional documentation to support the “Yes” answers, but a column is provided to
insert a reference to related audit documentation (“Ref.”). The questions are summarized. For
most questions, there is a reference to professional literature that provides more detail.
Section V has questions on GAO’s quality control. GAO auditors should complete this section.
References
Clarified AICPA Professional Standards (vol. 1, Auditing) .................................................... AU-C

GAO/CIGIE Financial Audit Manual ....................................................................................... FAM
Government Auditing Standards (2018 edition) ................................................................ GAGAS

Section I: Planning and Risk Assessment
Yes,
No,*
Section I: Planning and Risk Assessment N/A Doc. ref.
1. Has the auditor documented that it has
a. established an understanding with the entity’s management

and, when appropriate, those charged with governance on
the terms of the engagement, including the objectives and
scope of the work; management’s responsibilities; auditors’
responsibilities; and the expected form and content of reports
on the financial statements, internal control, and compliance
and
b. issued an audit engagement letter or other suitable form of

written agreement to describe the terms of the engagement
and obtained agreement from management that it
acknowledges and understands its responsibility? (FAM 215)
2. If, prior to completing the engagement, the terms of the audit

engagement are changed, does the engagement letter or other
suitable form of written agreement contain the new terms of the
engagement? (AU-C 210.16)
3. Was an entrance conference held and documented?
4. Does the audit documentation contain an understanding of the

entity, its operations, and its internal controls sufficient for
assessing risk and planning the audit? (FAM 290 and 390)
5. Does the audit documentation contain an adequate audit strategy

and audit plan? (FAM 290)
6. Did the auditor adequately plan the audit, including the following
steps: (FAM 290)
a. Perform preliminary analytical procedures? (FAM 225)
b. Determine materiality? (FAM 230)
i. Did the auditor consider intragovernmental and offsetting

balances when determining materiality? (FAM 230.09–
.10)

Yes,
No,*
c. Identify the methodology used to assess information system

(IS) controls and document the basis for believing that the
methodology used is appropriate? (GAO auditors should use
the Federal Information System Controls Audit Manual
(FISCAM).) (FAM 240)
d. Identify significant provisions of applicable laws and

regulations? (FAM 245)
e. Determine the approach for identifying and testing significant

provisions of contracts and grant agreements? (FAM 245)
f. Identify relevant budget restrictions? (FAM 250)
g. Design the audit to achieve an acceptable level of audit

assurance that the financial statements as a whole are free
from material misstatement, whether due to fraud or error?
(GAO uses 95 percent.) (FAM 260)
h. Brainstorm among the engagement team members, including

the first/engagement partner, about how and where the
entity’s financial statements (at the financial statement and
assertion levels) might be susceptible to material
misstatement due to fraud or error, how management could
perpetrate and conceal fraudulent financial reporting, and
how assets of the entity could be misappropriated? (FAM
260)
i. Assess fraud risks, including any related to revenue

recognition, management override of controls, significant
unusual transactions, disclosure entities, related parties, and
public-private partnerships, and exercise professional
skepticism throughout the audit? (FAM 260 and FAM 290)
j. Assess inherent risk and evaluate overall effectiveness of the

design and implementation of the control environment, entity
risk assessment, information and communication, and
monitoring, to assess the risk of material misstatement,
including whether an effective control environment precludes
the effectiveness of specific control activities? (FAM 260)
k. Consider the likelihood of effective IS controls? (FAM 270)
l. Consider operations controls to test? (FAM 275)

Yes,
No,*
m. Plan other procedures (e.g., legal inquiries, management

representations, RSI, other information, and relationships
and transactions with disclosure entities, related parties, and
public-private partnerships)? (FAM 280)
n. Consider the appropriateness of performing interim testing?

(FAM 295 D)
o. Determine locations to be tested? (FAM 285)
p. Determine staffing and review requirements? (FAM 290)
q. Determine whether the engagement team can comply with

relevant ethical requirements, including independence
requirements? (FAM 215)
r. Determine audit timing, including milestones? (FAM 290)
s. Determine extent of assistance from entity personnel?

(FAM 290)
7. Does the audit strategy consider findings and recommendations

from previous audits that could affect the current audit
objectives? (GAGAS (2018) 6.11)
8. Did the auditor identify compliance controls over significant

provisions of applicable laws, regulations, contracts, and grant
agreements? (FAM 245, 310, and 330)
9. If expertise in a field other than accounting or auditing is

necessary to obtain sufficient appropriate audit evidence, did the
auditor plan to use the work of an auditor’s specialist (e.g.,
information technology specialist, actuaries, or those who value
assets)? (FAM 620) Also, see section III of this checklist.
10. In addition to the questions above, answer the following

regarding whether the auditor achieved the following objectives: 15
15AU-C 200.23 states that the auditor should use the objectives stated in individual AU-C sections in planning and
performing the audit, considering the interrelationships within generally accepted auditing standards to (a) determine
whether any audit procedures in addition to those required by individual AU-C sections are necessary in pursuance of
the objectives stated in each AU-C section and (b) evaluate whether sufficient appropriate audit evidence has been
obtained.

Yes,
No,*
a. For a new or existing audit client, did the auditor:
• establish whether the preconditions for an audit are

present and
• confirm that a common understanding of the terms of the

audit engagement exists between the auditor and
management and, when appropriate, those charged with
governance? (AU-C 210)
b. Did the auditor identify and assess the risks of material

misstatement of the financial statements due to fraud?
(AU-C 240.10a)
c. Did the auditor
• communicate clearly with those charged with governance

the responsibilities of the auditor regarding the financial
statement audit and an overview of the planned scope
and timing of the audit, including significant risks
identified by the auditor, and
• obtain from those charged with governance information

relevant to the audit? (AU-C 260)
d. Did the auditor identify and assess the risks of material

misstatement, whether due to fraud or error, at the financial
statement and relevant assertion levels through
understanding the entity and its environment, including the
entity’s internal control, thereby providing a basis for
designing and implementing responses to the assessed risks
of material misstatement? (AU-C 315)
e. Did the auditor plan the audit so that it will be performed in

an effective manner? (AU-C 300)
f. Did the auditor apply the concept of materiality appropriately

in planning and performing the audit? (AU-C 320)
g. Did the auditor obtain an understanding of the nature and

significance of the services provided by the entity’s service
organization(s) and their effect on the user entity’s internal
controls relevant to the audit, sufficient to identify and assess
the risks of material misstatement? (AU-C 402 and FAM 310)

Section II: Performing the Engagement
Yes,
No,*
Section II: Performing the Engagement N/A Doc. ref.
1. Did the auditor prepare the following documentation summarizing

considerations in planning and performing the work in the key
audit areas and cycles:
a. Cycle Matrix or an equivalent (or documentation in Line Item

Risk Analysis or an equivalent) showing links between
accounts, cycles, accounting applications, and line items?
(FAM 290)
b. Line Item Risk Analysis or an equivalent? (FAM 290 and

FAM 390)
c. Cycle Memorandum and/or flowchart or equivalents?

(FAM 390)
d. Specific Control Evaluation or an equivalent? (FAM 390)
e. Written audit plan and procedures? (FAM 290 and 390)
2. If conditions changed during the course of the audit, were the

audit strategy, audit plans, and procedures modified as
appropriate in the circumstances, including evidence of first
partner/audit director approval? (FAM 210)
3. Has the audit director determined that communications have

occurred among the engagement team regarding fraud risks and
error risks? (FAM 260 and FAM 290)
4. When the auditor performed audit sampling, did the auditor

properly determine and document the
a. method used in relation to test objectives, such as statistical

sampling (e.g., monetary unit sample or attribute sample) or
nonstatistical sampling;
b. sample size and method (i.e., IDEA) of determining the

sample size;
c. tests performed;
d. results (misstatements and deviations found);
e. evaluation (including projection to the population if statistical

sampling was used);

Yes,
No,*
f. conclusions; and
g. requirements described in section III, item 4, of this

checklist—consulting with the auditing specialist? (FAM 490)
5. Did the auditor properly perform and document its substantive

analytical procedures? (FAM 475.04 and 490)
6. When the auditor performed interim testing, did the auditor
a. test the roll-forward period and
b. properly document the
i. basis for using interim testing and the line items/accounts

and assertions tested,
ii. procedures performed, and
iii. effects of any misstatements found? (FAM 495 C)
7. Did the auditor evaluate the reasonableness of significant

accounting estimates made by management? (FAM 905)
8. Did an IS controls auditor concur with the auditor’s identification

of IS controls that will be tested (including controls performed at
service organizations used by the entity)? (FAM 350)
9. For any identified budget controls, did the auditor perform

sufficient work to support the conclusions on internal control?
(FAM 250, 330 and 460)
10. For any identified compliance controls, did the auditor perform
sufficient work to support the conclusions on internal control?
(FAM 245, 330, and 460)
Based on the assessed risk of material misstatement, did the

auditor perform adequate substantive audit procedures for line
items/accounts for items 11 through 19? (If not a material area,
check N/A.)
11. Intragovernmental Activity and Balances (FAM 902)
Did the auditor do the following:

Yes,
No,*
a. Determine whether the entity resolved (i.e., reconciled and

adjusted the accounting records resulting in the difference no
longer existing) all material intragovernmental differences
quarterly and, most importantly, at year-end?
b. Assess (at absolute value) the materiality of unresolved

differences at year-end?
c. Determine (1) whether the entity reviewed journal vouchers

that Treasury recorded to the entity’s data in order to remove
intragovernmental differences in preparing the prior-year
U.S. government’s consolidated financial statements; (2) why
the entity did not resolve these differences (even though
Treasury was able to reconcile and remove them); and (3) if
appropriate, whether the entity fixed the causes of these
differences so that they will not exist at the end of the current
year?
12. Fund Balance with Treasury (FBWT) (FAM 921)
Note: Although FBWT is intragovernmental, FBWT is separately

addressed because of its significance.
a. Did the auditor test the entity’s year-end reconciliation of

FBWT to the U.S. Treasury accounts?
b. Did the auditor determine if the entity
i. researched and resolved differences before making

adjustments;
ii. recorded any necessary adjustments in the entity’s FBWT

accounts;
iii. reported the adjustments to the Department of the

Treasury, if applicable;
iv. timely and properly cleared suspense account balances;

and
v. disclosed in the notes to the financial statements material

unreconciled differences and budget clearing account
differences at year-end, and material unreconciled
differences written off by the entity during the year?

Yes,
No,*
c. Did the auditor assess (at absolute value) the materiality of

unresolved differences, including those in budget clearing
accounts?
13. Receivables
Consider these issues:
a. Were receivables confirmed and appropriate follow-up steps

taken, including second requests and subsequent collections
(AU-C 505)?
b. Are receivables stated at net realizable value after allowance

for uncollectible accounts (AU-C 540)?
14. Valuation of Investments in Securities and Derivative

Instruments (AU-C 501)
a. Investments Accounted for Using the Equity Method of

Accounting
When investments in securities are valued based on an

investee’s financial results, excluding investments accounted
for using the equity method of accounting, did the auditor
obtain sufficient appropriate audit evidence in support of the
investee’s financial results, as follows:
i. Obtain and read available financial statements of the

investee and the accompanying audit report, if any,
including determining whether the report of the other
auditor is satisfactory for this purpose?
ii. If the investee’s financial statements are not audited, or if

the audit report on such financial statements is not
satisfactory to the auditor, apply—or request that the
investor entity arrange with the investee to have another
auditor apply—appropriate auditing procedures to such
financial statements, considering the materiality of the
investment in relation to the financial statements of the
investor entity?
iii. If the carrying amount of the investment reflects factors

that are not recognized in the investee’s financial
statements or fair values of assets that are materially
different from the investee’s carrying amounts, obtain
sufficient appropriate audit evidence in support of such
amounts?

Yes,
No,*
iv. If the difference between the financial statement period of

the entity and the investee has or could have a material
effect on the entity’s financial statements, determine
whether the entity’s management has properly considered
the lack of comparability and determine the effect, if any,
on the auditor’s report?
v. With respect to subsequent events and transactions of the

investee occurring after the date of the investee’s financial
statements but before the date of the auditor’s report, did
the auditor obtain and read available interim financial
statements of the investee and make appropriate inquiries
of management of the investor to identify such events and
transactions that may be material to the investor’s
financial statements and that may need to be recognized
or disclosed in the investor’s financial statements?
b. Investments in Derivative Instruments and Securities

Measured or Disclosed at Fair Value
With respect to investments in derivative instruments and

securities measured or disclosed at fair value, did the auditor
do the following:
i. Determine whether the applicable financial reporting

framework (U.S. GAAP) specifies the method to be used
to determine the fair value of the entity’s derivative
instruments and investments in securities?
ii. Evaluate whether the determination of fair value is

consistent with the specified valuation method?
iii. If estimates of fair value of derivative instruments or

securities are obtained from broker-dealers or other third-
party sources based on valuation models, develop an
understanding of the method that the broker-dealer or
other third-party source used in developing the estimate
and consider the applicability of section AU-C 500?
iv. If derivative instruments or securities are valued by the

entity using a valuation model, obtain sufficient
appropriate audit evidence supporting management’s
assertions about fair value determined using the model?
c. Impairment Losses
Did the auditor

Yes,
No,*
i. evaluate management’s conclusion (including the

relevance of the information considered) about the need
to recognize an impairment loss for a decline in a
security’s fair value below its cost or carrying amount and
ii. obtain sufficient appropriate audit evidence supporting the

amount of any impairment adjustment recorded, including
evaluating whether the requirements of the applicable
financial reporting framework (U.S. GAAP) have been
complied with?
d. Unrealized Appreciation or Depreciation
i. Did the auditor obtain sufficient appropriate audit

evidence about the amount of unrealized appreciation or
depreciation in the fair value of a derivative that is
recognized or that is disclosed because of the
ineffectiveness of a hedge, including evaluating whether
the requirements of the applicable financial reporting
framework (U.S. GAAP) have been complied with?
15. Inventories (AU-C 501)
a. Did the auditor consider the effects of SFFAS 48, Opening

Balances for Inventory, Operating Materials and Supplies,
and Stockpile Materials if applied by the entity? SFFAS 48 is
intended to provide an alternative valuation method to
adoption of U.S. GAAP when historical records and systems
do not provide a basis for valuation of opening balances in
accordance with SFFAS 3, Accounting for Inventory and
Related Property.

Yes,
No,*
b. Did the auditor obtain sufficient appropriate audit evidence

regarding the existence and condition of inventory by
i. attending physical inventory counting, unless

impracticable, to
• evaluate management’s instructions and procedures

for recording and controlling the results of the entity’s
physical inventory counting,
• observe the performance of management’s count

procedures,
• inspect the inventory, and
• perform test counts?
ii. performing audit procedures over the entity’s final

inventory records to determine whether they actually
reflect actual inventory count results?
c. If physical inventory counting was conducted at a date other

than the date of the financial statements, did the auditor, in
addition to the procedures required in B. above, perform audit
procedures to obtain audit evidence about whether changes
in inventory between the count date and the date of the
financial statements are recorded properly? (AU-C 501.12)
d. If the auditor was unable to attend physical inventory counting

due to unforeseen circumstances, did the auditor make or
observe some physical counts on an alternative date and
perform audit procedures on intervening transactions? (AU-C
501.13)
e. If attending physical inventory counting was impracticable, did

the auditor perform alternative audit procedures to obtain
sufficient appropriate audit evidence regarding the existence
and condition of inventory? If it was not possible to do so, did
the auditor modify the opinion in the auditor’s report, in
accordance with AU-C 705? (AU-C 501.14)

Yes,
No,*
f. If inventory under the custody and control of a third party was

material to the financial statements, did the auditor obtain
sufficient appropriate audit evidence regarding the existence
and condition of that inventory by performing one or both of
the following:
i. Request confirmation from the third party regarding the
quantities and condition of inventory held on behalf of the
entity?
ii. Perform inspection or other audit procedures appropriate
in the circumstances? (AU-C 501.15)
16. Property, Plant, and Equipment
a. Was a summary schedule prepared (or obtained) to show

beginning balances, changes during the period, and ending
balances for
i. property, plant, and equipment and
ii. accumulated depreciation?
b. Did the auditor consider the effects of SFFAS 50,

Establishing Opening Balances for General Property, Plant,
and Equipment, if applied by the entity? SFFAS 50 provides
implementation guidance to allow a reporting entity, under
specific conditions, to apply alternative methods in
establishing opening balances for general property, plant,
and equipment.
c. Were significant activity and balances tested, particularly for

existence and other significant assertions?
d. Were property items capitalized or expensed in accordance

with consistent capitalization limits?
e. Did the auditor perform tests of completeness, such as

testing from disbursements to property records?
17. Liabilities

Yes,
No,*
a. Did the auditor perform an adequate search for unrecorded

liabilities as close as possible to the opinion date?
b. Did the auditor consider expenses that might require accrual

(e.g., pensions, compensated absences, other postretirement
benefits, or postemployment benefits provided to former or
inactive employees prior to retirement) and whether accrued
expenses were reasonably stated?
18. Revenue and Expenses

Consider these issues
a. Did the auditor compare revenue and expenses for the

period to expectations, based on the budget and the results
of the preceding period?
b. For significant variances and fluctuations from expectations,

were management’s explanations corroborated with other
audit evidence, or if explanations could not be obtained, were
other audit procedures performed to determine whether the
variance is a misstatement?
c. Did the auditor consider
i. the entity’s revenue recognition policy,
ii. unusual transactions, and
iii. fraud risks?
19. Statement of Budgetary Resources (SBR)

a. Were appropriate procedures applied, such as
i. understanding and testing the budget execution

controls;
ii. tests of the process of preparing the SBR and controls

for ensuring validity of undelivered order (UDO)
balances;

Yes,
No,*
iii. tests of budgetary resources reported in the SBR, such
as appropriations and recoveries from downward
adjustments to prior-year UDOs, and including the
consistency of recorded offsetting collections to related
assets, liabilities, revenues, and expended and
unexpended appropriation accounts;
iv. tests of obligations incurred, and upward and downward

adjustments to obligations, for the fiscal year;
v. tests of UDO balances, as of the reporting date;
vi. tests of budgetary balances for ending obligations, such

as delivered orders unpaid, delivered orders paid, and
unobligated balances, among others, to related
components of the FBWT account for consistency; and
vii. review of the reconciliation of the prior-year SBR to the

President’s Budget?
20. Did the auditor evaluate the design and implementation of

relevant controls at the entity (user entity) that relate to the
services provided by the service organization(s), including those
that are applied to the transactions processed by the service
organization? (FAM 640)
21. Does the documentation indicate that the auditor properly

performed procedures in the reporting phase of the audit (FAM
590) as follows:
a. Perform overall analytical procedures? (FAM 520)
b. Reassess materiality and risks of material misstatement?

(FAM 530)
c. Evaluate the effects of misstatements on the financial

statements and auditor’s reports, including consideration of
whether any misstatements indicate fraud? (FAM 540)
d. Document all misstatements accumulated during the audit

(other than clearly trivial ones) and identify those that were
not corrected? (FAM 540)

Yes,
No,*
e. Classify the uncorrected misstatements identified in step d

above as either factual, judgmental, or projected on the
Summary of Uncorrected Misstatements (FAM 540 and FAM
595 C), and bring them to the attention of entity management
and those charged with governance? (FAM 540)
f. Assess audit exposure, including uncorrected misstatements,

potential undetected misstatements (e.g., untested amounts,
sampling precision, imprecision of analytical procedures
upon which complete substantive reliance was placed), and
qualitative considerations, and determine the effect on the
financial statements, including note disclosures? (FAM 545)
g. Directly obtain the legal counsel response? (FAM 550 and

FAM 1002)
h. Perform procedures to identify material subsequent events?

(FAM 550 and FAM 1005)
i. Obtain management representations? (FAM 550 and

FAM 1001)
j. Identify and evaluate relationships and transactions with

related parties, disclosure entities, and public-private
partnerships? (FAM 550 and FAM 904)
k. Communicate with those charged with governance? (FAM

550)
l. Assess and conclude on procedures performed for RSI,

including Management’s Discussion and Analysis (MD&A),
and other information in the entity’s annual report (e.g.,
performance and accountability report or agency financial
report)? (FAM 550)
22. Did the auditor evaluate the severity of each internal control
deficiency identified and determine whether the deficiency,
individually or in combination with others, is a material weakness
or a significant deficiency? (FAM 540 and FAM 580)
23. Does the audit summary memorandum or equivalent properly

summarize or refer to documentation addressing the following
(FAM 590)? (Note: If the situation/issue did not occur, then
answer N/A.)

Yes,
No,*
a. Any significant changes from the auditor’s original

assessment of materiality for the financial statements as a
whole and the risks of material misstatement.
b. Any additional fraud risks or other conditions beyond those

considered in planning (FAM 260), including analytical
relationships identified during the audit that caused the
auditor to believe that additional audit procedures or any
other response was required, as well as any further response
that the auditor concluded was appropriate.
c. The results of the procedures performed to specifically

address the risk of management override of controls,
including the consideration of the qualitative aspects of the
entity’s accounting practices, including indicators of possible
bias in management’s judgments.
d. The work performed that demonstrates that information in the

financial statements agrees or reconciles with the underlying
accounting records, including agreeing or reconciling note
disclosures, whether such information is obtained from within
or outside of the general and subsidiary ledgers.
e. The auditor’s evaluation of misstatements that the auditor

believes are or might be the result of fraud.
f. The nature of any communications about fraud or possible

fraud (and any significant abuse) made to management,
those charged with governance, the Special Investigator
Unit, the Office of Inspector General, or others.
g. The auditor’s summary conclusions related to the

consideration of fraud.
h. Significant accounting, auditing, or reporting issues.
i. If the auditor identified information that is inconsistent with

the auditor’s final conclusion regarding a significant finding or
issue, how the auditor addressed the inconsistencies.
j. Any limitations on the audit scope.

Yes,
No,*
k. The auditor’s conclusions on whether the audit evidence

obtained is sufficient and appropriate, and supports the
auditor’s reports on the financial statements; RSI (including
MD&A), and other information included in the annual report;
internal control over financial reporting; financial
management systems’ substantial compliance with the three
FFMIA requirements (for CFO Act agencies); and
compliance with significant provisions of applicable laws,
regulations, contracts, and grant agreements.
l. The auditor’s conclusions on whether sufficient appropriate

audit evidence was obtained to reduce audit risk to an
appropriately low level.
m. The auditor’s conclusion on whether the audit was performed

in accordance with GAGAS; OMB audit guidance, if
applicable; and the FAM, and whether the report is
appropriate.
n. The auditor’s conclusion on whether the entity’s financial

statements are in accordance with U.S. GAAP.
o. Significant subsequent events, if any.
p. Findings with respect to transactions with disclosure entities,

related parties, and public-private partnerships and complex
or unusual transactions.
q. The Summary of Uncorrected Misstatements (FAM 595 C)

and communication of factual, judgmental, and projected
misstatements to management and those charged with
governance.
r. A summary of internal control deficiencies classified as

material weaknesses, significant deficiencies, and other
control deficiencies, and a comparison of material
weaknesses that the auditor found to the material
weaknesses reported in management’s assertion about the
effectiveness of internal control.
s. A summary of instances of the systems’ lack of substantial

compliance with FFMIA requirements, as well as areas in
which there is substantial but not full compliance (for CFO
Act agencies).

Yes,
No,*
t. A summary of instances of noncompliance with significant

provisions of applicable laws, regulations, contracts, and
grant agreements.
u. Documentation of overall analytical procedures.
v. Documentation of oral or written communication required to

be communicated with management, those charged with
governance, and others, including the nature of the
significant findings or issues discussed, and when and with
whom the discussions took place.
w. A copy or summary of management’s communications

provided to those charged with governance if, as part of its
communication to those charged with governance,
management communicated some or all of the matters the
auditor is required to communicate, and as a result, the
auditor did not communicate these matters at the same level
of detail as management.
x. The auditor’s conclusion on the adequacy of two-way

communication with those charged with governance.
y. Whether the audit director and reviewer approved any

deviations from the applicable “should” procedures in the
FAM and the basis for the deviations. (See section III).
24. In addition to the questions above, determine whether the

following objectives were achieved (AU-C 200.23).
a. Did the auditor
• obtain sufficient appropriate audit evidence regarding the

assessed risks of material misstatement due to fraud,
through designing and implementing appropriate
responses, and
• respond appropriately to fraud or suspected fraud

identified during the audit? (AU-C 240)

Yes,
No,*
b. Did the auditor
• obtain sufficient appropriate audit evidence regarding

material amounts and disclosures in the financial
statements that are determined by the provisions of those
laws and regulations generally recognized to have a direct
effect on their determination?
• perform specified audit procedures that may identify

instances of noncompliance with provisions of other laws
and regulations that may have a material effect on the
financial statements?
• respond appropriately to noncompliance or suspected

noncompliance with provisions of laws and regulations
identified during the audit? (AU-C 250)
c. In addition to the AICPA requirements (AU-C 250) concerning

fraud and noncompliance with provisions of applicable laws
and regulations, when performing a GAGAS financial audit,
did the auditor extend the AICPA requirements pertaining to
the auditor’s responsibilities for laws and regulations to also
apply to consideration of compliance with provisions of
contracts or grant agreements? (GAGAS (2018) 6.15)
d. Did the auditor obtain sufficient appropriate audit evidence

regarding the assessed risks of material misstatement
through designing and implementing appropriate responses
to those risks? (AU-C 330)
e. When the user entity used the services of a service

organization, did the auditor design and perform audit
procedures responsive to those risks? (AU-C 402)
f. Did the auditor evaluate the effect of identified misstatements

on the audit and uncorrected misstatements, if any, on the
financial statements, including note disclosures? (AU-C
450.03a and .03b)
g. Did the auditor design and perform audit procedures that

enable the auditor to obtain sufficient appropriate audit
evidence to be able to draw reasonable conclusions on which
to base the auditor’s opinion? (AU-C 500)

Yes,
No,*
h. Did the auditor obtain sufficient and appropriate audit

evidence regarding
• valuation of investments in securities and derivative

instruments;
• existence and condition of inventory;
• completeness of litigation, claims, and assessments

involving the entity;
• presentation and disclosure of segment information, in

accordance with the applicable financial reporting
framework (U.S. GAAP); and
• use of management’s specialists? (AU-C 501)
i. Did the auditor, when using external confirmation procedures,

design and perform such procedures to obtain relevant and
reliable audit evidence?
j. Did the auditor, in conducting an initial audit engagement,

including a reaudit engagement (an initial audit engagement
to audit financial statements that have been previously
audited by a predecessor auditor), obtain sufficient
appropriate audit evidence regarding opening balances about
whether
• opening balances contain misstatements that materially

affect the current period’s financial statements and
• appropriate accounting policies reflected in the opening

balances have been consistently applied in the current
period’s financial statements, or changes thereto are
appropriately accounted for and adequately presented and
disclosed in accordance with the applicable financial
reporting framework (U.S. GAAP)? (AU-C 510)

Yes,
No,*
k. Did the auditor
• obtain relevant and reliable audit evidence when using

substantive analytical procedures and
• design and perform analytical procedures near the end of

the audit that assist the auditor when forming an overall
conclusion about whether the financial statements are
consistent with the auditor's understanding of the entity?
(AU-C 520)
l. Did the auditor, when using audit sampling, provide a

reasonable basis for the auditor to draw conclusions about
the population from which the sample is selected? (AU-C
530)
m. In the context of the applicable financial reporting framework

(U.S. GAAP), did the auditor obtain sufficient appropriate
audit evidence about whether
• accounting estimates, including fair value accounting

estimates, in the financial statements, whether recognized
or disclosed, are reasonable and
• related disclosures in the financial statements are

adequate? (AU-C 540)
n. Did the auditor do the following:
• Obtain an understanding of relationships and transactions

with disclosure entities, related parties, and public-private
partnerships sufficient to be able to
º recognize fraud risk factors, if any, arising from

such relationships and transactions that are
relevant to identifying and assessing the risks of
material misstatement due to fraud and
º conclude, based on the audit evidence obtained,

whether the financial statements, insofar as they
are affected by those relationships and
transactions, achieve fair presentation?
• Obtain sufficient appropriate audit evidence about whether

relationships and transactions with disclosure entities,
related parties, and public-private partnerships have been
appropriately identified, accounted for, and disclosed in

Yes,
No,*
the financial statements? (AU-C 550)
o. Did the auditor
• obtain sufficient appropriate audit evidence about whether

events occurring between the date of the financial
statements and the date of the auditor’s report that require
adjustment of, or disclosure in, the financial statements
are appropriately reflected in those financial statements in
accordance with the applicable financial reporting
framework (U.S. GAAP) and
• respond appropriately to facts that become known to the

auditor after the date of the auditor’s report that had they
been known to the auditor at that date, may have caused
the auditor to revise the auditor’s report? (AU-C 560)
p. If the auditor is a predecessor auditor who is requested to

reissue a previously issued auditor’s report on financial
statements that are to be presented on a comparative basis
with audited financial statements of a subsequent period, did
the auditor perform specified procedures to determine
whether the previously issued auditor’s report is still
appropriate before such report is reissued? (AU-C 560)
q. For entities that conform to FASB standards, did the auditor
• evaluate and conclude, based on the audit evidence

obtained, whether there is substantial doubt about the
entity’s ability to continue as a going concern for a
reasonable period of time;
• assess the possible financial statement effects, including

the adequacy of disclosure regarding uncertainties about
the entity’s ability to continue as a going concern for a
reasonable period of time; and
• determine the implications for the auditor’s report? (AU-C

570)

Yes,
No,*
r. Did the auditor
• obtain written representations from management and,

when appropriate, those charged with governance that
they believe that they have fulfilled their responsibilities for
the preparation and fair presentation of the financial
statements and for the completeness of the information
provided to the auditor (AU-C 580.A2);
• support other audit evidence relevant to the financial

statements or specific assertions in the financial
statements through written representations if determined
necessary by the auditor or required by other AU-C
sections; and
• respond appropriately to written representations provided

by management and, when appropriate, those charged
with governance or if management or, when appropriate,
those charged with governance do not provide the written
representations requested by the auditor? (AU-C 580)
s. Did the auditor assess the effect of omitted procedures of

which the auditor becomes aware on the auditor’s present
ability to support the previously expressed opinion on the
financial statements and respond appropriately? (AU-C 585)

Section III: Consulting and Using Auditor’s Specialists
Yes,
No,*
Section III: Consulting and Using Auditor’s Specialists N/A Doc. ref.
1. If expertise in a field other than accounting or auditing is

necessary to obtain sufficient appropriate audit evidence, did the
auditor use the work of an auditor’s specialist (information
technology specialists, actuaries, and those who value assets)?
(FAM 620)
2. Where warranted by the complexity or unusual nature of an issue

(for example, issues where the FAM requires consultation, issues
not discussed in the FAM or professional standards, going
concern issues, economic dependency issues, issues arising
after report issuance), was there appropriate consultation that
was fully documented with specialists, including the
a. reviewer,
b. audit sampling specialist, and
c. Office of the General Counsel (OGC)?
3. When applicable, did the engagement team consult with the

reviewer when taking the following steps:
a. Using nonstatistical sampling? (This is not the same as

nonstatistical selection, which is not intended to be
representative of the population.) (FAM 480)
b. Determining the adequacy of substantive procedures in light

of any reassessment of risk of material misstatement? (FAM
530)
c. Determining the need to perform additional procedures

when there are questions about the adequacy of work
performed? (FAM 530)
d. Evaluating audit risk, including uncorrected misstatements,

potential undetected misstatements (e.g., untested amounts,
sampling precision, and imprecision of analytical procedures
upon which complete substantive reliance was placed), and
qualitative considerations, and determining its effect on the
financial statements, including note disclosures? (FAM 545)

Yes,
No,*
e. Determining the effects on the auditor’s report and current-

period statements, if any, of material misstatements detected
in the current year that arose during prior periods but were
not detected during prior audits? (FAM 540)
f. Deciding to perform additional procedures to increase

assurance of any projected misstatements? (FAM 440 and
480)
g. The engagement team believes a misstatement may be the

result of fraud? (FAM 540)
h. Deciding to include a discussion of fraud in the audit report

that involves senior management or that causes a material
misstatement of the financial statements? (FAM 540)
i. Concluding on whether the financial statements are

materially affected by a departure from U.S. GAAP and the
reviewer should approve? (FAM 580)
j. Determining the appropriate type of opinion on internal

control when there is a scope limitation? (FAM 580)
k. Determining the effects on the auditor’s report if

weaknesses are found in compliance controls but no
instances of noncompliance are detected? (FAM 580)
4. When applicable, did the auditor consult with the audit sampling
specialist when taking the following steps:
a. Designing and evaluating audit samples and determining

the costs and benefits when deciding the appropriate type of
audit sampling to use? (FAM 400)
b. Computing the combined precision for all statistical

sampling applications? (FAM 545)
c. Expanding the audit sample size to test additional items?

(FAM 440, 450, 460, and 480)
d. Continuing to test an audit sample when deviations exceed

the acceptable number? (FAM 450)
e. Deciding to perform nonstatistical sampling? (FAM 480)

Yes,
No,*
f. Using regression analysis for analytical procedures?

(FAM 495 A)
5. When applicable, did the engagement team consult with the

OGC when taking the following steps:
a. Identifying provisions of laws and regulations that have a

direct effect on the determination of material amounts and
disclosures in the financial statements? (FAM 245)
b. Identifying relevant budget restrictions? (FAM 250)
c. Identifying any impoundments (rescissions or deferrals) as a

result of evaluating budgetary controls? (FAM 395 F)
d. Evaluating possible instances of noncompliance noted in

connection with compliance testing (including testing of
contracts and grant agreements)? (FAM 460)
e. After consulting with the audit director and reviewer, the

engagement team believes that a misstatement is or might
be a result of fraud? (FAM 540)
f. Concluding on any noncompliance with significant

provisions of applicable laws and regulations? (FAM 580)
g. Concluding whether the entity’s financial management

systems comply substantially with the requirements of
FFMIA? (FAM 580)
h. Determining the effects on the auditor’s report if

weaknesses are found in compliance controls but no
instances of noncompliance are detected? (FAM 580)
6. In addition to the questions above, answer the following

regarding whether the auditor achieved the following objectives
(AU-C 200.23).
Did the auditor
• determine whether to use the work of an auditor’s specialist

and
• if using the work of an auditor’s specialist, determine whether

that work is adequate for the auditor’s purposes? (AU-C 620)

Section IV: Communicating and Reporting Results
Yes,
No,*
Section IV: Communicating and Reporting Results N/A Doc. ref.
1. Is the auditor’s report appropriate as to the following (FAM 580):
a. Format, including section titles and organization?
b. Opinion and basis for opinion, or disclaimer and basis for

disclaimer, on the financial statements?
c. Opinion and basis for opinion on internal control over

financial reporting, or results of consideration of internal
control over financial reporting and basis for those results?
d. Management’s responsibilities?
e. Auditor’s responsibilities?
f. Definition and inherent limitations of internal control over

financial reporting
g. Reporting on RSI and other information?
h. Reporting on compliance with significant provisions of

applicable laws, regulations, contracts, and grant
agreements?
i. Conclusions on whether the entity’s financial management

systems comply substantially with the requirements of
FFMIA (for CFO Act agencies)?
j. Emphasis-of-matter and other-matter paragraphs, as

applicable?
k. Agency comments?
2. Is background material (purpose, authority, and functions of

programs/activities) limited to what is necessary?
3. Were the auditor’s report and the management representation

letter dated when all appropriate, sufficient audit evidence is
obtained to support the opinion and all significant issues have
been resolved? (FAM 550 and FAM 580)
4. If the financial statements of a prior period are presented and

have been audited by a predecessor auditor whose report is not
presented, does the auditor’s report refer to the predecessor

Yes,
No,*
auditor’s report? (FAM 580)
5. When illegal acts occurred involving funds received from other

governmental entities, did the auditor
a. satisfy itself that the audited entity notified the proper

officials of those entities within a reasonable time and
b. report these acts to the officials of those other governmental

entities if the entity did not, or was unable to do so because
the top official was involved? (GAGAS (2018) 6.53)
6. Does the auditor’s report include
a. identification of significant deficiencies and material

weaknesses (GAGAS (2018) 6.40);
b. [for audits where no opinion on internal control over financial

reporting is expressed] a statement that the auditor did not
identify any deficiencies in internal control over financial
reporting that were considered to be material weaknesses, if
such were true (OMB audit guidance); and
c. presentation of all identified (1) instances of fraud and illegal

acts that are more than inconsequential and (2) material
violations of provisions of contracts or grant agreements?
(GAGAS (2018) 6.41)
7. When appropriate, did the auditor report directly to outside

parties on fraud, illegal acts, or violations of provisions of
contracts or grant agreements? (GAGAS (2018) 6.53)
8. Did the auditor consider the status of all known significant

findings and recommendations from prior audits that affect the
current-year report, including whether any failure to correct
previously identified deficiencies in internal control is a
significant deficiency or material weakness? (GAGAS (2018)
6.11)
9. Did the auditor document the basis to support the (FAM 590)
a. opinion about whether the financial statements and note

disclosures comply in all material respects with U.S. GAAP;
b. opinion/conclusion on internal control,
c. conclusion on whether the entity’s financial management

Yes,
No,*
systems comply substantially with the requirements of FFMIA
(for CFO act agencies); and
d. conclusion on compliance with significant provisions of

applicable laws, regulations, contracts, and grant
agreements?
10. Did the auditor document the basis for reported findings on
a. internal control deficiencies, including classification of control

deficiencies as material weaknesses, significant deficiencies,
or other control deficiencies (FAM 590);
b. the entity’s financial management systems not complying

substantially with the requirements of FFMIA (for CFO act
agencies) (FAM 590); and
c. noncompliance with significant provisions of applicable laws,

regulations, contracts, and grant agreements (FAM 590), if
any?
11. Did the auditor develop the elements of audit findings to include
(where appropriate and known) the
a. condition (describe the existing situation),
b. criteria (state what we are comparing to),
c. cause (reflect reason or reasons why the condition and

criteria differ), and
d. effect (describe the result of the difference between the

condition and criteria)? (FAM 580 and GAGAS (2018) 6.25
through 6.28)
12. Are recommendations and suggestions (if any) reasonable,

doable, and cost-effective?
13. Did the auditor obtain and report the views of responsible
officials in agency comments, including
a. either oral or written comments;
b. accurate characterization of general agreement or

disagreement with the report;
c. description of the substance of the comments; and

Yes,
No,*
d. auditor evaluation of the comments, particularly if comments

disagree, are inconsistent, or conflict with the report findings,
conclusions, or recommendations. (GAGAS (2018) 6.57
through 6.62)

following objectives were achieved. (AU-C 200.23)
a. Did the auditor
• provide those charged with governance with timely

observations arising from the audit that are significant
and relevant to their responsibility to oversee the
financial reporting process and
• promote effective two-way communication between the

auditor and those charged with governance? (AU-C 260)
b. Did the auditor appropriately communicate to those charged

with governance, management, and others, as appropriate,
significant findings and issues and internal control
deficiencies that, in the auditor’s professional judgment, are
of sufficient importance to merit their respective attentions
(e.g., material weaknesses, significant deficiencies, and any
other identified deficiencies in internal control)? (FAM 550
and 580 and AU-C 265)
c. If the auditor decides to act as the auditor of the group

financial statements, did the auditor
• determine whether to make reference to the audit of a

component auditor in the auditor’s report on the group
financial statements;
• communicate clearly with component auditors; and
• obtain sufficient appropriate audit evidence regarding

the financial information of the components and the
consolidation process to express an opinion about
whether the group financial statements are prepared, in
all material respects, in accordance with the applicable
financial reporting framework (U.S. GAAP)? (AU-C 600)
d. Did the auditor
• form an opinion on the financial statements based on an

evaluation of the audit evidence obtained, including

Yes,
No,*
evidence obtained about comparative financial
statements or comparative financial information, and
• express clearly that opinion on the financial statements

through a written report that also describes the basis for
that opinion? (AU-C 700)
e. Did the auditor express clearly an appropriately modified

opinion on the financial statements that is necessary when
• the auditor concludes, based on the audit evidence

obtained, that the financial statements as a whole are
materially misstated or
• the auditor is unable to obtain sufficient appropriate audit

evidence to conclude that the financial statements as a
whole are free from material misstatement? (AU-C 705)
f. Did the auditor, having formed an opinion on the financial

statements, draw users’ attention—when in the auditor’s
judgment it is necessary to do so, by way of clear additional
communication in the auditor’s report—to
• a matter, although appropriately presented or disclosed

in the financial statements, that is of such importance
that it is fundamental to users’ understanding of the
financial statements or
• as appropriate, any other matter that is relevant to users’

understanding of the audit, the auditor’s responsibilities,
or the auditor’s report? (AU-C 706)
g. Did the auditor
• evaluate the consistency of the financial statements for

the periods presented and
• communicate appropriately in the auditor’s report when

the comparability of financial statements between
periods has been materially affected by a change in
accounting principle or by adjustments to correct a
material misstatement in previously issued financial
statements? (AU-C 708)
h. Did the auditor respond appropriately when the auditor

became aware that the entity’s annual report included other
information that could undermine the credibility of those

Yes,
No,*
financial statements and the auditor’s report? (AU-C 720)
i. When providing an opinion or a disclaimer on financial

statements, did the auditor also report on internal control
over financial reporting and on compliance with selected
provisions of applicable laws, regulations, contracts, or grant
agreements that have a material effect on the financial
statements?
Did the auditor report on internal control and compliance,

regardless of whether the auditor identified internal control
deficiencies or instances of noncompliance?
(GAGAS (2018) 6.39 and 6.40)
j. When a designated accounting standards setter required

information to accompany an entity’s financial statements,
did the auditor perform specified procedures in order to
• describe, in the auditor’s report, whether required

supplementary information is presented and
• communicate when some or all of the required

supplementary information has not been presented in
accordance with guidelines that a designated accounting
standards setter established or when the auditor has
identified material modifications that should be made to
the RSI for it to be in accordance with the standards
setter’s guidelines? (AU-C 730)
k. Did the auditor restrict the use of the auditor’s written

communication by including an alert when the potential
exists for such written communication to be misunderstood if
taken out of the context in which it is intended to be used
(e.g., restricted use of report on compliance with laws,
regulations, contracts, and grant agreements)? (AU-C 905)

Section V: GAO’s Quality Control (GAO Only)

(See Financial Audit Practice (FAP) Memo 1: Quality Control for Financial Statement Audits Performed by
GAO, and FAP 6: Supplemental Financial Audit Manual Guidance Applicable Only to GAO Engagements
for details.)
Yes,
No,*
Section V: GAO’s Quality Control (GAO Only) N/A Doc. ref.
1. Was the GAO report reviewed by the
a. audit director (first/engagement partner),
b. engagement quality control reviewer (second partner),
c. OGC (Form 124A), and
d. other stakeholders (Form124C)?
2. Did the audit director (first/engagement partner) review the
a. audit strategy or equivalent, including audit sampling

approach (FAM 290);
b. line item risk analyses or equivalent for material areas with

high or moderate risk of material misstatement (FAM 290),
c. cycle summary memos for material areas with high or

moderate risk of material misstatement (FAM 490);
d. audit summary memorandum (FAM 590),
e. management representation letter (FAM 1001),
f. legal counsel response (FAM 1002),
g. summary of uncorrected misstatements (FAM 595 C),
h. GAO report with entity financial statements and note

disclosures,
i. exit conference memorandum (FAM 590), and
j. memorandum(s) on key accounting and auditing issues

(FAM 290 and 490)?
3. Did the assistant director review the
a. entity profile or equivalent (FAM 290);

Yes,
No,*
b. audit strategy or equivalent, including audit sampling

approach (FAM 290);
c. line item risk analyses or equivalent (FAM 290);
d. initial audit plan with procedures (FAM 290);
e. line item/account lead schedules;
f. completed audit plan with procedures (FAM 290);
g. specific control evaluations (FAM 390);
h. cycle summary memos (FAM 490);
i. audit summary memorandum (FAM 590);
j. documentation used to evaluate whether the financial

statements are presented in accordance with U.S. GAAP
(e.g., Federal Financial Reporting Checklist for statements
using U.S. GAAP promulgated by FASAB, 16 financial
reporting and disclosure checklist for statements using U.S.
GAAP promulgated by Financial Accounting Standards
Board, or an equivalent U.S. GAAP checklist);
k. management representation letter (FAM 1001);
l. legal counsel response (FAM 1002);
m. summary of uncorrected misstatements (FAM 595 C);
n. exit conference memorandum (FAM 590); and
o. GAO report with entity financial statements and note

disclosures, and
p. memorandum(s) on key accounting and auditing issues (FAM

290 and 490)?
4. Did the assistant director determine that all significant review

notes were resolved appropriately?
16Auditors may obtain the Federal Financial Reporting Checklist by contacting FAM@gao.gov.

Yes,
No,*
5. Did the assistant director indicate that all documentation was

sufficiently reviewed by the auditor’s report date (FAM 580),
including any required secondary reviews?
(Note: There may be instances where the audit documentation is not

completely organized by the auditor’s report date. However, the
auditor’s review date represents when the audit evidence has been
obtained, discussed, and agreed to by relevant members of the
engagement team. Certain documentation, such as agency comments
on a draft report or procedures related to subsequently discovered facts,
cannot be reviewed until after the auditor’s report date.)
6. Were review responsibilities documented and communicated to

all individuals on the engagement?
7. Did the audit director determine that the work performed by the IS
controls auditor is sufficient and appropriate for meeting the audit
objectives?
8. Was any documentation prepared by an IS controls auditor

reviewed by an individual with sufficient technical knowledge to
determine whether the work was properly performed and the
conclusions reached are reasonable and supported?
9. For areas that are both material and have high risk of material
misstatement, did the audit director or assistant director perform
secondary reviews of the documentation?
10. Was all documentation prepared by the audit director or assistant

directors read by the auditor-in-charge to determine its
consistency with any related documentation?
11. If the documentation indicated a difference of opinion between

engagement personnel or between engagement personnel and a
specialist or other person consulted, was the difference resolved
appropriately and was the basis of the resolution documented?

following objectives were achieved. (AU-C 200.23)

Yes,
No,*
a. Did the auditor, in conducting an audit of financial statements,
• obtain reasonable assurance about whether the financial

statements as a whole are free from material
misstatement, whether due to fraud or error, thereby
enabling the auditor to express an opinion on whether the
financial statements are presented fairly, in all material
respects, in accordance with an applicable financial
reporting framework (U.S. GAAP), and
• report on the financial statements, and communicate as

required by GAGAS, in accordance with the auditor’s
findings? (AU-C 200)
b. In all cases when reasonable assurance cannot be obtained

and a qualified opinion in the auditor’s report is insufficient in
the circumstances for reporting to the intended users of the
financial statements, did the auditor disclaim an opinion or
withdraw from the engagement, when withdrawal is possible
under applicable law or regulation, as required by GAGAS?
(AU-C 200)
c. Did the auditor implement quality control procedures at the

engagement level that provide the auditor with reasonable
assurance that
• the audit complies with professional standards and

applicable legal and regulatory requirements and
• the auditor’s report issued is appropriate in the

circumstances? (AU-C 220)
d. Did the auditor prepare documentation that provides
• a sufficient and appropriate record of the basis for the

auditor’s report and
• evidence that the audit was planned and performed in

accordance with GAGAS and applicable legal and
regulatory requirements? (AU-C 230 and GAGAS (2018)
6.31 and 6.32)

Section VI: Explanation of “No” Answers and Other Comments
Section VI: Explanation of “No” Answers and Other Comments
The page below is provided for comments on all “No”* answers or to expand upon any of the
“Yes” and “N/A” answers as needed, and may be modified as necessary.
*For some questions, “No” answers may indicate departures from professional standards or
from auditor policies. The auditor should explain all “No” answers below and determine the
effects and significance of “No” answers, including any effect on the auditor’s report.
Page no. Question no. Explanatory comments Conclusion

Section VII: Conclusions
Section VII: Conclusions Yes No**
Based on your review and knowledge, are the following statements

correct?
1. The engagement team planned and performed the engagement, in

all material respects, in accordance with GAGAS (which includes
U.S. GAAS) and OMB audit guidance, or if not the auditor’s report
was appropriately modified.
2. The financial statements conformed, in all material respects, with

U.S. GAAP, or if not the auditor’s report was appropriately modified.
3. The auditor’s report was appropriate in the circumstances

(AU-C 220.03).
4. The documentation on this engagement supports the auditor’s
• opinion on the financial statements;
• opinion or conclusions on internal control;
• conclusions on whether the entity’s financial management

systems comply substantially with the requirements of FFMIA
(for CFO Act agencies); and
• conclusions on compliance with significant provisions of

applicable laws, regulations, contracts, and grant agreements.
5. The engagement team complied, in all material respects, with the

audit organization’s policies and procedures.
**If any of the above five statements have “No” responses, describe the response in a
memorandum to the reviewer.
Auditor’s report date _________________________

Auditor-in-Charge ______________________________ Date _______________
Assistant Director _____________________________ Date _______________
Audit Director ________________________________ Date _______________

Section VIII: Engagement Quality Control Review (Second Partner)
Section VIII: Engagement Quality Control Review (Second Partner)
Objective of second partner review: 17 To evaluate the engagement team’s judgments and the
conclusions reached in formulating the auditor’s report objectively.
Procedures: My evaluation, including that required for documenting the engagement quality
control review, involved the following:
1. Discussing significant auditing, accounting, and reporting findings or issues with the
audit director (first/engagement partner).
2. Reading the financial report, including the financial statements, notes, RSI, and other
information and the proposed audit report.
3. Reviewing selected documentation relating to the significant judgments and key

decisions of the engagement team and the related conclusions it reached, including,
as appropriate, reviewing selected documentation consisting of
a. the audit summary memorandum, which contains the conclusions reached in

formulating the auditor’s report and other selected documentation as appropriate;
b. the summary of uncorrected misstatements; and
c. consultations with audit sampling specialists, information technology specialists,

and others.
4. Confirming with the audit director (first/engagement partner) that there are no
unresolved issues.
Conclusion: Based on all the relevant facts of which I have knowledge, I found no matters,
other than those that may be discussed in the auditor’s report, that cause me to believe that
(1) the audit was not performed in accordance with GAGAS; (2) the financial statements are
not, in all material respects, in conformity with U.S. GAAP; and (3) the report is not in
accordance with professional standards and the auditor’s policies. Also, I am unaware of any
unresolved matters that cause me to believe that the significant judgments of the
engagement team and the conclusions it reached were not appropriate.
In signing this form, I acknowledge that there have been no personal or external impairments
to independence regarding my work on this engagement.
__________________________________________________________________________
Engagement quality control reviewer name and title Signature Date
17For GAO financial audits, this is the chief accountant.

1005 – Subsequent Events Review

.01 This section discusses the subsequent events review that the auditor should
perform as part of the audit, as described in FAM 550. AU-C 560 describes and
provides guidance on the types of subsequent events that the auditor should
evaluate as well as the procedures that the auditor should perform to discover
whether such events have occurred. The auditor should perform audit
procedures designed to obtain sufficient appropriate audit evidence that all
subsequent events that require adjustment of, or disclosure in, the financial
statements have been identified. The auditor is not, however, expected to
perform additional audit procedures on matters to which previously applied audit
procedures have provided satisfactory conclusions (AU-C 560.09).
.02 Subsequent events are those events or transactions that affect the financial
statements, notes, or RSI that may occur or become known between the date of
the financial statements and the date of the auditor’s report.
.03 Two types of subsequent events may occur:
• Recognized events: Subsequent events that provide additional evidence

with respect to conditions that existed at the date of the financial statements
and affect the estimates inherent in the process of preparing the financial
statements, notes, and RSI. For example, a subsequent event may reveal
that an accounting estimate is materially incorrect and that the auditor should
ask management to adjust the financial statements for the effect of the event.
• Nonrecognized events: Subsequent events that provide evidence with

respect to conditions that did not exist at the date of the financial statements
but arose subsequent to that date. For example, a fire or flood after year-end
may cause a significant loss (SFFAS 39).
.04 The purpose of a subsequent events review is to determine whether all

subsequent events that have a material effect on the financial statements have
been considered and treated appropriately in the financial statements. The
subsequent period covered is from the date of the financial statements to the
date of the auditor’s report.
.05 In addition, close to but prior to the report release date, the auditor may inquire of
management to determine if it is aware of any subsequently discovered facts that
could materially affect the financial statements (see FAM 550.06). If management
revises the financial statements for subsequently discovered facts after the
original date of the auditor’s report, see AU-C 560.13 for further guidance.
Audit Procedures
.06 At or near the completion of the audit, the auditor should perform procedures to
be aware of any subsequent events that the auditor may ask management to
adjust or disclose in the financial statements. These procedures are in addition to
substantive tests that the auditor may apply to transactions occurring after the

date of the financial statements, such as examining subsequent disbursements
to test completeness of accounts payable.
.07 The following program describes audit procedures that the auditor should
perform as part of a subsequent events review. The auditor should customize the
procedures for the particular entity and should take into account the auditor’s risk
assessment in determining the nature and extent of such audit procedures (AU-C
560.10).

Entity _______________________________________________________________________
Period of financial statements ____________________________________________________
Job code ____________________________________________________________________
Subsequent Events Review – Audit Procedures Initials Doc. ref.

and date
I. Management’s procedures
1) Obtain an understanding of any procedures that management

has established to ensure that subsequent events are
identified (AU-C 560.10a). See SFFAS 39 for management’s
responsibilities.
II. Read latest subsequent interim financial statements (AU-C

560.10d)
1) Compare the latest available interim financial statements, if
any, with the financial statements under audit to identify any
unusual adjustments and investigate any significant variations
from expectations.
2) Inquire as to whether the interim statements have been
prepared on the same basis as the annual statements.
3) Compare items in the statement of net costs to similar interim

financial statements of the prior year; determine expectations
and investigate any significant variations from expectations.
4) If interim financial statements are not available:
a) Compare interim internal financial reports or analyses,

budgets, or cash flow forecasts, considering any
adjustments to the internal reports that may be
necessary to make meaningful comparisons.
b) Review the accounting records prepared since the date

of the financial statements for material transactions that
may require adjustment to or disclosure in the financial
statements. For example, scan the general ledger and/or
journals, or both for material, unusual entries.


and date
III. Inquire of management
Based on AU-C 560.10b and .A6, inquire of management and,

when appropriate, those charged with governance, whether any
subsequent events have occurred that might materially affect the
financial statements. Inquiries may include the following:
1) whether new commitments, borrowings, or guarantees have

been entered into
2) whether any significant changes occurred in the financial
condition of the entity or in net position or long-term debt
3) whether there are any items in the financial statements that

were accounted for on the basis of preliminary or inconclusive
data and the current status of such items
4) whether any significant changes in estimates were made with

respect to amounts included or disclosed in the financial
statements, or any significant changes in assumptions or
factors were considered in determining estimates
5) whether any unusual accounting adjustments have been made

or are contemplated
6) whether there have been any developments regarding

contingencies, including those related to litigation, claims, and
assessments
7) whether any significant acquisitions or disposals of assets

have occurred or are planned
8) whether any events have occurred or are likely to occur that

will bring into question the appropriateness of accounting
policies used in the financial statements
9) whether any events have occurred that are relevant to the

measurement of estimates or provisions made in the financial
statements
10) whether any events have occurred that are relevant to the
recoverability of assets (e.g., impairment of property, plant,
and equipment)
11) whether there have been any changes in the entity’s

disclosure entities, related parties, and public-private
partnerships
12) whether there have been any significant new transactions with


and date
disclosure entities, related parties, and public-private
partnerships
13) whether the entity has entered into any significant unusual
transactions
14) [For audits of internal control over financial reporting] whether
there were any changes in internal control over financial
reporting or conditions that might significantly affect internal
control over financial reporting subsequent to the balance
sheet date but before the date of the auditor’s report (AU-C
940.06b and .48)
IV. Read minutes and related reports
1) Read the available minutes of meetings of management and/or

those charged with governance, such as entity management
committees, audit committees, or other appropriate groups,
held after the date of the financial statements for information
about events or transactions authorized or discussed that may
require adjustment to or disclosure in the financial statements
(AU-C 560.10c).
2) With regard to meetings for which no minutes are available,

inquire about matters discussed at such meetings and
conclusions reached (AU-C 560.10c).
3) Obtain additional information about changes in internal control

or other conditions that might significantly affect the
effectiveness of the entity’s internal control over financial
reporting, by inquiring about and reading, for this subsequent
period, the following (AU-C 940.48):
• Relevant internal audit (or inspector general) reports

issued during the subsequent period.
• Reports regarding deficiencies issued by other

Independent auditors.
• Information about the effectiveness of the entity’s internal

control over financial reporting obtained through other
engagements performed for the entity by the auditor.


and date
V. Litigation, claims, and assessments
1) Determine if there are subsequent events related to litigation,

claims, and assessments (see FAM 1002).
VI. Coverage in management representation letter
1) Obtain representation in the management representation letter

regarding whether any events occurred subsequent to the date
of the financial statements that management should adjust for
or disclose in the financial statements. See FAM 1001.
2) Obtain written representations from management relating to

any changes in internal control or other factors that might
significantly affect internal control subsequent to the date as of
which internal control is being examined.
VII. Other
1) Use other sources of information to learn of subsequent

events, such as
a) the inspector general or internal audit department,
b) program divisions, and
c) newspapers or other media sources.
2) Make additional inquiries or perform additional procedures

deemed necessary to resolve any questions raised in the
foregoing audit steps.
VIII. Summarize
1) Prepare a summary memo documenting the results of the

work performed above and conclusions reached. If
subsequent events were identified, ensure that the information
was treated appropriately in the financial statements.

MAF GAO - Volume 2 - 2023.05

Uploaded by

Copyright:

Available Formats

MAF GAO - Volume 2 - 2023.05

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MAF GAO - Volume 2 - 2023.05

Uploaded by

Copyright:

Available Formats

Financial Audit Manual

COUNCIL OF THE INSPECTORS GENERAL

Should you need additional information, please contact us at fam@gao.gov.

Beryl H. Davis Hannibal “Mike” Ware

Page 1 GAO-22-105895 GAO/CIGIE Financial Audit Manual

Beryl H. Davis, Managing Director

Robert F. Dacey, Chief Accountant

Dawn B. Simpson, Director

Joshua Y. Marcus, Assistant Director

Carrie J. Morrison, Assistant Director

Lien T. To, Senior Auditor

Sharon O. Byrd, Audit Sampling Specialist

Lauren S. Fassler, Senior Attorney

CIGIE FAM Working Group Members

Kelly McFadden, Office of the Inspector General, U.S. Department of Justice

Sandra John, Office of Inspector General, U.S. Department of Homeland Security

Todd Jones, Office of Inspector General, U.S. Department of State

Page 2 GAO-22-105895 GAO/CIGIE Financial Audit Manual

Summary of Significant Changes

Change Description Section or paragraph

Updated May 2023 GAO/CIGIE Financial Audit Manual Changes-1

Updated May 2023 GAO/CIGIE Financial Audit Manual Contents-1

Contents of FAM Volume 2 – Detailed Implementation

600 Using the Work of Others

Updated May 2023 GAO/CIGIE Financial Audit Manual Contents-2

808 Civil Service Retirement Act (CSRA), as Provided in 5 U.S.C. Chapter 83

Updated May 2023 GAO/CIGIE Financial Audit Manual Contents-3

Using the Work of Others

Contents - Using the Work of Others

Overview of Using the Work of Others 610

Evaluating the Objectivity and Competence of Other Auditors or Specialists 615

Using the Work of an Auditor’s Specialist 620

Using the Work of Management’s Specialists 625

Entities Using a Service Organization 640

Service Organization Type 2 Report Assessment Tool 640 A

Using the Work of an Internal Auditor 645

IG Oversight of Audits Performed by Contracted Independent Public 670

Summary of Procedures and Documentation for Oversight of Audits 670 A

Example Transmittal Letter When Providing Oversight of Audits Performed 670 B

Updated May 2023 GAO/CIGIE Financial Audit Manual Page 600-1

610 – Overview of Using the Work of Others

• evaluating the objectivity and competence of other auditors or specialists

• using the work of an auditor’s specialist (FAM 620),

• using the work of management’s specialists (FAM 625),

• audits of group financial statements and using the work of component

• entities using the work of a service organization (FAM 640),

• using the work of an internal auditor (FAM 645), and

• IG oversight of contracted IPAs (FAM 670).

Updated May 2023 GAO/CIGIE Financial Audit Manual Page 610-1

615 – Evaluating the Objectivity and Competence of Other

Relevant FAM 600 section Objectivity Competence

FAM 670 – Oversight of Audits FAM 615.03–.05 FAM 615.12–.14, .19–

Evaluating the Other Auditors’ or Specialists’ Objectivity

Updated May 2023 GAO/CIGIE Financial Audit Manual Page 615-1

• are independent and objective with respect to the audited entity,

• will remain independent throughout the audit,

• will disclose any independence issues discovered, and

• will immediately notify the appropriate official(s) (such as the contracting

Updated May 2023 GAO/CIGIE Financial Audit Manual Page 615-2

• reading the SOW or RFP,