UNIFORM QUALITY CONTROL REVIEW GUIDE FOR A-128 SINGLE AUDITS President's Council on Integrity & Efficiency Standards Subcommittee 1991 Edition Purpose: The objective of a quality control review (QCR) of a single audit is to assure that the audit was conducted in accordance with applicable standards and meets the single audit requirements. The purpose of this document is to help assure that the scope of quality control reviews (1) is sufficient to fulfill the objective of a QCR and (2) is consistent among cognizant agency audit organizations. Applicability: This document is intended for use by all cognizant agency audit organizations when conducting QCRs of A-128 single audits. If an agency wishes to adapt this document to fit into its overall nonfederal audit quality control system rather than use it as is, all checklist items contained in this document should be included in the checklist that is developed. Agencies can supplement this guide with additional items if desired. Description: The checklist is generally organized by audit standards and elements of a single audit. The checklist items relating to (1) substantive audit work performed during the audit of the financial statements and (2) testing of specific program compliance for major programs are contained in Attachments I and II, respectively. It is intended that a separate Attachment I be completed for each segment of the financial statement audit that is reviewed during the QCR. Similarly, a separate Attachment II should be completed for each major program for which specific compliance testing is reviewed during the QCR. The questions in this checklist have been designed to indicate "Yes" or "N/A" ( not applicable) answers as favorable responses. All unfavorable responses must be fully explained. It should be noted that unfavorable answers identify situations that could be undesirable, but do not necessarily imply that the report is unacceptable. When deficiencies are noted, the checklist should be cross-referenced to the auditor's working papers. Where appropriate, copies of the working papers should be obtained to document deficiencies noted. This document is intended as a guide for areas to be covered by a QCR. The reviewer must exercise professional judgement when answering the questions and reaching specific and overall conclusions on the quality of the audit. All questions should be addressed. Conclusions: The guide includes items for reviewers' conclusions on specific audit areas as well as space to explain deficiencies or other items found during the QCR. It also provides for the reviewer's overall conclusions regarding the audit. The conclusions are expressed in terms which coincide with the categories for PCIE reporting on quality of non-Federal audits. Substandard work is that which requires correction of one or more major audit deficiencies which, if not corrected, result in diminished reliability or usability of the report. Examples of these types of deficiencies include inadequate coverage for some aspect(s) of the audit, inadequate documentation of some aspects of the audit work, and material errors in a major component of the report. Significant inadequacies are deficiencies so serious as to make the report unusable or unreliable in fulfilling one or more objectives of the audit. Examples include 1) the auditor or audit organization is not qualified or not independent, (2) documentation is sufficiently inadequate to preclude an assessment of the quality of the work, and (3) lack of sufficient audit testing for significant portions of the audit. References: References are provided to enable the reviewer to refer to relevant requirements and standards. The reviewer should be familiar with the requirements and standards and have them available when performing the QCR. Although its use is not mandatory, the reviewer should also be familiar with and have available the Compliance Supplement for Single Audits of State and Local Governments (Compliance Supplement), published by OMB. Below are the abbreviations used to reference the requirements and standards: A-128 OMB Circular A-128, Audits of State and Local Governments. AU U.S. Auditing Standards, promulgated by the AICPA. ASLGU Audit and Accounting Guide, Audits of State and Local Governmental Units, published by the AICPA. GAS Government Auditing Standards - Standards for Audit of Governmental Organizations, Programs, Activities and Functions, published by GAO. GASB Codification of Governmental Accounting and Financial Reporting Standards, promulgated by GASB. (Vol. 3) SOP 90-9 Statement of Position - The Auditor's Consideration of the Internal Control Structure Used in Administering Federal Financial Assistance Programs Under the Single Audit Act, promulgated by the AICPA November 28, 1990. Q & A Questions and Answers on the Single Audit Provisions of OMB Circular A-128 "Audits of State and Local Governments", published by OMB November 1987. General Information ACN: 1. Auditee: 2. Audit Period 3. Auditor or Audit Organization (including location): 4. Dates of Review: 5. Review Team Members 6. Basis of Selection: Indicate briefly the basis for selecting this report for a QCR. (Random or judgmental.) If judgmental, indicate the reason(s). 7. Contacts (Indicate personnel contacted): Summary Results of Quality Control Review Auditee: ACN: Standards/Requirements Checklist Reference Acceptable Substandard Significantly Inadequate Audit Contract/Agreement 1 General Standards Auditor Qualifications 2-6 Independence 7-8 Due Professional Care 9-12 Quality Control 13 Field Work Standards Planning and Supervision 14-22 Working Papers 23 Internal Control Structure 24-31 Substantive Testing See Attach Other 32-40 Single Audit Requirements Internal Controls 41-54 Schedule of Federal Assistance 55-57 Compliance - General 58-64 Compliance - Specific Attach. I Attach. II Conclusions 1. In my opinion, the audit is : [ ] Acceptable, and requires no or only minor corrections. [ ] Substandard and requires the correction of one or more major audit deficiencies. [ ] Significantly inadequate and should be considered for referral. 2. Follow-up audit work should or should not be considered. (Describe any issues that warrant follow-up.) Reviewer/Title Date Signature of Supervisor Date Audit Contract/Engagement Letter/Agreement 1. If an audit contract, engagement letter or other agreement was executed: a. Did the audit contract, engagement letter or agreement include provisions that the audit would be conducted in accordance with: i. The Single Audit Act of 1984 and/or OMB Circular A-128? ii. Generally accepted auditing standards (GAAS)? iii. Government Auditing Standards, issued by the Comptroller General of the United States? (A reference to generally accepted government auditing standards is acceptable.) b. Did the audit contract, engagement letter or agreement include the following provisions: i. The period to be covered? ii. The financial statements to be audited? iii. The reports to be prepared? iv. That representatives of the cognizant audit agency (or its designee), other government audit staffs and GAO shall have access to the audit working papers upon request? (A-128 15; GAS 3.39) v. That working papers be maintained for at least three years after the date of the report, or longer if requested by the cognizant agency? (A-128 15; GAS 4.21) General Standards Auditor Qualifications 2. Is the auditor or audit organization a CPA (firm), governmental audit organization or a public accountant/public accounting firm licensed on or before December 31, 1970? (GAS 3.10) 3. If the auditor (firm) is a CPA or PA, did he/she (firm) meet the licensing requirements of the jurisdiction where the auditee is located? (GAS 3.10) 4. Did the staff assigned collectively possess the knowledge and experience necessary to perform the audit? (The overall results of the QCR should be considered when responding to this item.)(GAS 3.4) 5. Did those responsible for planning, directing, conducting and reporting on the audit meet the continuing professional education requirements? (GAS 3.6) 6. Were those responsible for planning, directing, conducting substantial portions of the audit, and reporting absent from the GSA Nonprocurement Suspension and Debarment listing? Independence 7. Were the working papers free of indications that the auditor or audit organization lacked independence due to: (GAS 3.11-3.17) a. Personal impairments? b. External impairments? 8. If the audit organization is a governmental audit organization does it meet the GAO standards for organizational independence? (GAS 3.18-3.25) Due Professional Care 9. Was adequate follow-up performed on significant findings and recommendations from previous audits that could have an effect on the current audit objectives, to determine whether appropriate corrective actions had been taken? (GAS 3.41) 10. If significant findings or recommendations from prior audits have not been corrected, is the status disclosed in the audit report? (GAS 3.41) 11. Based on the engagement letter, contract, agreement and/or working papers etc., determine the following: a. Was the scope of the engagement sufficient to meet the requirements of an A-128 audit? (A-128 6) b. Was the audit scope free of restrictions? (Note: If not, the reviewer should follow-up to determine if scope impairments actually existed; and whether and how they were overcome.) (GAS 3.42) 12. If scope impairments are found to have existed, were they disclosed in the audit report? (GAS 3.42) Quality Control 13. Did the audit organization have an external quality control review within the last 3 years? (GAS 3.46) Fieldwork Standards Planning and Supervision 14. Is there evidence in the working papers (including any permanent file) that the auditors possessed or performed procedures to acquire sufficient knowledge of: a. The entity's operations to provide an understanding of the events, transactions and practices that may have a significant effect on the financial statements and each major Federal program? (AU 311.06) b. The unique requirements of auditing federal financial assistance programs? (ASLGU 21.3) 15. Was an audit program (or set of audit programs) prepared that contained the audit procedures the auditor believed were necessary to accomplish the objectives of the audit? (AU 311.05) 16. Did the auditor consider the effect of computer processing on the nature, timing and extent of auditing procedures, including the need to assess the reliability of computer output? (AU 311.09) 17. Did the auditor perform analytical procedures during the planning phase of the audit to assist in planning the nature, timing and extent of auditing procedures used to obtain evidential matter for specific account balances or classes of transactions? (AU 329.03-329.06) 18. Did the audit program contain steps designed to provide reasonable assurance of detecting errors, irregularities or illegal acts that could have a material effect on the financial statements? (AU 316.05, 317.05; GAS 4.13-4.14) 19. If a change in auditors had taken place since the previous audit, did the successor auditor communicate with the predecessor auditor concerning: (AU 315.06) a. Facts that may bear on the integrity of management? b. Disagreements with management about accounting principles, auditing procedures, or other similarly significant matters? c. The predecessor's understanding as to the reason for the change of auditors? 20. If the auditor considered the work of an internal auditor on the scope of the audit, was GAS and GAAS followed? (GAS 3.37, AU 322.01-322.11) 21. Does the extent of supervision throughout the assignment appear appropriate, considering the qualifications of the staff members assigned to the job? (AU 311.11) 22. Is there evidence that an appropriate supervisory review was performed? (GAS 3.29; AU 311.11-311.14) Working Papers 23. Do the working papers: (GAS 4.20-4.22) a. Document the results and scope of the audit? b. Stand on their own and not require detailed, supplementary, oral explanations? (Note: Questions on documentation of specific areas are included throughout this checklist) Consideration of the Internal Control Structure in a Financial Statement Audit (Note: If the consideration of the internal control structure over Federal assistance programs was performed or is documented with the internal control work performed in the financial statement audit, the reviewer may want to address questions 41 to 54 simultaneously with this section.) 24. Did the auditor perform procedures to understand the design of relevant policies and procedures and determine whether they were placed in operation, in order to gain a sufficient understanding of each of the three elements of the internal control structure (i.e., the control environment, the accounting system and the control procedures) to plan the audit? (AU 319.02 -319.25) 25. Did the auditor document his/her understanding of the three internal control structure elements? (AU 319.26) 26. Did the auditor assess control risk for the significant assertions embodied in the material account balances, classes of transactions and disclosures in the financial statements? (AU 319.03, AU 319.27 - 319.39) 27. Did the auditor document the assessed level of control risk? (AU 319.39) 28. Did the auditor's understanding and assessment of control risk include all categories of controls identified in the auditor's report on internal control structure required by GAS for a financial statement audit? (AU 801.37) 29. Did the auditor's consideration of the internal control structure include consideration of controls designed to assure compliance with laws and regulations that could have a direct and material effect on the financial statements? (AU 801.11) 30. If the assessed level of control risk was below the maximum for one or more assertions related to material account balance(s) or class(es) of transactions: a. Were sufficient tests of controls performed to enable the auditor to reach a conclusion on the effectiveness of the internal control policies and procedures for preventing or detecting material misstatements in each specific assertion for which the control risk was assessed below the maximum? (AU 319.34) b. Do the working papers document the basis for the conclusion that the effectiveness of the design and operation of internal control structure policies and procedures supports that assessed level? (AU 319.39) c. In the judgement of the reviewer, were the appropriate conclusions reached? 31. Were all reportable conditions and material weaknesses in the internal control structure that were found by the auditor disclosed in the auditor's report? (GAS 5.17) Substantive Testing of Account Balances, Reporting Cycles or Classes of Transactions (Complete Attachment I for each segment of the financial statement audit. Other 32. Was a letter obtained from management which included management's written representations concerning the following: (AU 333.04, 801.16, 801.67) a. Management's acknowledgment of its responsibility for the fair presentation in the financial statements of financial position, results of operations, and cash flows in conformity with generally accepted accounting principles or other comprehensive basis of accounting? b. Availability of all financial records and related data? c. Completeness and availability of all minutes of meetings of stockholders, directors, and committees of directors? d. Absence of errors in the financial statements and unrecorded transactions? e. Information concerning related party transactions and related amounts receivable or payable? f. Noncompliance with aspects of contractual agreements that may affect the financial statements? g. Information concerning subsequent events? h. Irregularities involving management or employees? i. Communications from regulatory agencies concerning noncompliance with, or deficiencies in, financial reporting practices? j. Plans or intentions that may affect the carrying value or classification of assets or liabilities? k. Disclosure of compensating balance or other arrangements involving restrictions on cash balances, and disclosure of line-of-credit or similar arrangements? l. Satisfactory title to assets, liens on assets, and assets pledged as collateral? m. Violations or possible violations of laws or regulations whose effects should be considered for disclosure in the financial statements or as a basis for recording a loss contingency? n. Other liabilities and gain or loss contingencies that are required to be accrued or disclosed by Statement of Financial Accounting Standards No. 5? o. Unasserted claims or assessments that the client's lawyer has advised are probable of assertion and must be disclosed in accordance with Statement of Financial Accounting Standards No. 5? p. Management's acknowledgment of its responsibility for the entity's compliance with laws and regulations? q. That management has identified and disclosed to the auditor all laws and regulations that have a direct and material effect on the determination of financial statement amounts? r. Management has identified in the schedule of federal financial assistance all assistance provided by federal agencies in the form of grants, contracts, loans, loan guarantees, property, cooperative agreements, interest subsidies, insurance, or direct appropriations? s. Management has identified the requirements governing types of services allowed or unallowed; eligibility; matching, level of effort, earmarking; reporting; [include any special provisions]; claims for advances and reimbursements; and amounts claimed or used for matching that are applicable to its major federal financial assistance programs, which are identified in the schedule of federal financial assistance? t. Management has complied with reporting requirements in connection with federal financial assistance? u. Information presented in federal financial reports and claims for advances and reimbursements is supported by the books and records from which the basic financial statements have been prepared? v. Amounts claimed or used for matching were determined in accordance with OMB Circular A-87, Cost Principles for State and Local Governments, and OMB's Uniform Administrative Requirements for Grants and Cooperative Agreements to State and Local Governments? w. Management has monitored subrecipients to determine that the subrecipients expend financial assistance in accordance with applicable laws and regulations and have met the requirements of OMB Circular A-128 or OMB Circular A-133, Audits of Institutions of Higher Education and Other Nonprofit Institutions, whichever is applicable? x. Management has taken appropriate corrective action on a timely basis after receipt of a subrecipient's auditor's report that identifies noncompliance with federal laws and regulations? y. Management has considered the results of subrecipients' audits and made any necessary adjustments to the entity's own books and records? z. Management has identified and disclosed to the auditor all amounts questioned and known noncompliance with requirements that could have a material effect on a major federal financial assistance program? 33. Did the auditor perform the following required audit procedures concerning litigation, claims and assessments: (AU 337.05 and 337.08 - 337.09) a. Inquire of and discuss with management the policies and procedures adopted for identifying, evaluating, and accounting for litigation, claims, and assessments? b. Obtain from management or management's attorney, a description and evaluation of litigation, claims, and assessments that existed at the date of the balance sheet being reported on, and during the period from the balance sheet date to the date the information is furnished, including an identification of those matters referred to legal counsel, and obtain assurances from management, ordinarily in writing, that they have disclosed all such matters required to be disclosed by Statement of Financial Accounting Standards No. 5? c. Examine documents in the client's possession concerning litigation, claims, and assessments, including correspondence and invoices from lawyers. d. Obtain assurance from management, ordinarily in writing, that it has disclosed all unasserted claims that the lawyer has advised them are probable of assertion and must be disclosed in accordance with Statement of Financial Accounting Standards No. 5? (Also the auditor, with the client's permission, should inform the lawyer that the client has given the auditor this assurance. This client representation may be communicated by the client in the inquiry letter or by the auditor in a separate letter.) e. Send a letter to the auditee's attorney that included: i. Identification of the company, including subsidiaries, and the date of the audit? ii. A list prepared by management (or a request by management that the lawyer prepare a list) that describes and evaluates pending or threatened litigation, claims, and assessments with respect to which the lawyer has been engaged and to which he has devoted substantive attention on behalf of the company in the form of legal consultation or representation? iii. A list prepared by management that describes and evaluates unasserted claims and assessments that management considers to be probable of assertion, and that, if asserted, would have at least a reasonable possibility of an unfavorable outcome, with respect to which the lawyer has been engaged and to which he has devoted substantive attention on behalf of the company in the form of legal consultation or representation? iv. As to each matter listed in item b, a request that the lawyer either furnish the following information or comment on those matters as to which his views may differ from those stated by management, as appropriate: (1) A description of the nature of the matter, the progress the case to date, and the action the company intends to take (for example, to contest the matter vigorously or to seek an out-of-court settlement)? (2) An evaluation of the likelihood of an unfavorable outcome and an estimate, if one can be made, of the amount or range of potential loss? (3) With respect to a list prepared by management, an identification of the omission of any pending or threatened litigation, claims, and assessments or a statement that the list of such matters is complete? v. As to each matter listed in item c, a request that the lawyer comment on those matters as to which his views concerning the description or evaluation of the matter may differ from those stated by management? vi. A statement by the client that the client understands that whenever, in the course of performing legal services for the client with respect to a matter recognized to involve an unasserted possible claim or assessment that may call for financial statement disclosure, the lawyer has formed a professional conclusion that the client should disclose or consider disclosure concerning such possible claim or assessment, the lawyer, as a matter of professional responsibility to the client, will so advise the client and will consult with the client concerning the question of such disclosure and the applicable requirements of Statement of Financial Accounting Standards No. 5? vii. A request that the lawyer confirm whether the understanding described in item iv is correct? viii. A request that the lawyer specifically identify the nature of and reasons for any limitation on his response? 34. Did the auditor review support for management's determination of which component units to include in the reporting entity? (ASLGU 2.1-2.4) (Note: The reviewer should consider the effect of the omission of one or more potential component units on the audit coverage of Federal funds. If potential component units with significant Federal funds are omitted (either correctly or incorrectly) the cognizant agency may want to alert affected Federal agencies so they can follow-up to assure separate single audits are obtained.) 35. If part of the audit was performed by other auditors: (GAS 3.35-3.40) a. Did the principal auditor make inquiries concerning the professional reputation and independence of the other auditor? (AU 543.10) b. If the principal auditor did not refer to the other auditor in his or her report, did the principal auditor perform one or more of the additional procedures contained in AU 543.12 to assess the adequacy of the work performed by the other auditor? (AU 543.12) (Note: If the work done by the other auditor was significant with respect to the Federal objectives of the single audit, a QCR of the other auditor's working papers should be considered.) 36. If evidence of irregularities or illegal acts was found, did the auditor: a. Discuss the matter and approach to further investigation with an appropriate level of management, at least one level above those involved? (AU 316.25, 317.10) b. Attempt to obtain sufficient, competent evidential matter to determine whether in fact material irregularities or illegal acts occurred and, if so, their effect on the financial statements and on other aspects of the audit? (AU 316.24-316.25, 317.10, 317.16) c. If the auditor became aware that irregularities or illegal acts occurred: i. Did the auditor report the matter(s) to the top official of the entity and to the audit committee? (AU 316.28, 317.17; GAS 5.10) ii. Did the auditor assure him/herself that the audit committee or equivalent was adequately informed? (AU 316.28, 317.17) iii. If the top official is believed to be a party to the matter(s), did the auditor report directly to the audit committee or equivalent and to any other appropriate oversight body? (AU 316.28, AU 317.17; GAS 5.10) iv. If the act(s) involved funds from another governmental entity did the auditor: (GAS 5.10, 5.13) (1) (In the case of a government auditor) report to the proper officials, including the audit officials of the other governmental entities? (2) (In the case of a public accountant) follow-up to assure that the entity reported such matters in a reasonable period of time, and, if it had not, report the matter(s) directly to the officials of the other governmental entities? 37. Did the auditor perform analytical review procedures in the overall review stage of the audit? (AU 329.01, 329.03-329.06) 38. Is there evidence that the auditor performed procedures to determine if there were any subsequent events requiring financial statement adjustment or disclosure? (AU 560.10-560.12) 39. If reportable subsequent events were determined to have occurred were the required adjustments or disclosures made? (AU 560.01) 40. Do the working papers sufficiently document the work performed and conclusions reached in the above "Other" items (GAS 4.19-4.22; AU 339.05) Single Audit Requirements Consideration of Internal Control Structure Used in Administering Federal Assistance Programs - Major Programs (Note: The items in this section are based to a great extent on SOP 90-9. SOP 90-9 is effective for audits of fiscal years beginning January 1, 1991 and after, with early implementation permitted. For reviews of audits of periods beginning before January 1,1991, where SOP 90-9 has not been implemented, the reviewer should refer to items 34 to 38 in the September 1987 edition of this guide.) 41. Did the auditor perform procedures to understand the design of relevant internal control structure policies and procedures used in administering each major federal assistance program and to determine whether they were placed in operation, in order to gain a sufficient understanding of each of the three elements of the internal control structure (i.e., the control environment, the accounting system and the control procedures) to plan the audit of compliance? (AU 801.60) 42. Did the auditor document his/her understanding of the internal control structure policies and procedures used in administering major federal financial assistance programs? (SOP 90-9 15) 43. Did the auditor perform tests of controls to evaluate the effectiveness of the design and operation of significant internal control structure policies and procedures that were designed to prevent or detect material noncompliance with the following requirements pertaining to each major Federal assistance program: (Note: The auditor can omit tests of controls for requirements that the auditor concluded, based on the procedures performed to gain an understanding of the internal control structure, that internal control structure policies and procedures are likely to be ineffective in preventing or detecting noncompliance. If these are the only controls not tested, this item can be answered favorably, however, see item 45.) a. Applicable specific requirements addressing types of services allowed or not allowed; eligibility; matching, level of effort, or earmarking; reporting; and other special tests and provisions? (SOP 90-9 7) b. General requirements identified in the appropriate revision to the Compliance Supplement? (SOP 90-9 7) c. Monitoring of subrecipients and acting on their audit reports? (A-128 8a(2)) 44. In the judgement of the reviewer, was the nature and extent of the tests of controls sufficient to enable the auditor to reach a conclusion on the effectiveness of the internal control structure policies and procedures for preventing or detecting noncompliance with each compliance requirement for which tests of controls was performed? (AU 801.61) 45. If the auditor omitted testing of controls for any significant requirement because he/she concluded, based on the procedures performed to gain an understanding of the internal control structure, that the internal control structure policies and procedures were likely to be ineffective, did the report on internal control covering federal assistance programs: (GAS 5.19-5,20; SOP 90-9 9, Appendix C) a. Identify the programs and requirements for which the relevant internal control policies and procedures were not tested? b. Describe (or refer to a separate write-up of internal control findings) the absence of relevant policies and procedures or the circumstances that caused the auditor to conclude that policies and procedures are likely to be ineffective? c. Note that the conditions described are considered to be reportable conditions or material weaknesses? Consideration of Internal Control Structure Used in Administering Federal Assistance Programs - Nonmajor Programs 46. If major program expenditures represent less than 50% of total federal assistance program expenditures, was the coverage and documentation described in items 41-45 provided for nonmajor programs so that the control structure over programs that make up at least 50% of total federal financial assistance was provided such coverage and documentation? (SOP 90-9 10) 47. Did the auditor at a minimum, obtain an understanding of the significant internal control policies and procedures used in administering all nonmajor programs not covered by the tests described in items 41-45, or if not, did the auditor indicate a plan to cover all of these nonmajor programs on a cyclical basis over a period of not more than three years? (SOP 90-9 11-12, 14) 48. Did the auditor document his/her understanding of the control structure used in administering the nonmajor programs referred to in item 47? (SOP 90-9 15) 49. If the auditor indicated a plan to cover the other nonmajor programs on a cyclical basis: a. Is this departure from the 50% rule justified? (SOP 90-9 14) (Note: PCIE Standards Subcommittee Position Statement No. 3 states that a cyclical approach would be acceptable when there are a large number of nonmajor programs requiring such coverage that are administered by a number of different operating components of the entity. This would generally only occur at states and other very large governmental entities.) b. Was the report on internal control structure appropriately modified to clearly describe the coverage provided for nonmajor programs? (SOP 90-9 14) Consideration of Internal Control Structure Used in Administering Federal Assistance Programs - All Programs 50. Did the auditor assess control risk for all relevant significant requirements for all programs and document the assessment as follows? (GAS 4.9-4.10, 4.19, 4.27; AU 319.39, 801.62) a. For each significant category of control for which control risk was assessed below the maximum, was the basis for the auditor's conclusion documented? b. For each significant category of control that was assessed at the maximum level, was that conclusion documented? 51. Did the auditor's understanding of the internal control structure and assessment of control risk include all significant categories of control identified in the auditor's report? (SOP 90-9 16) 52. In the judgement of the reviewer, were the conclusions regarding any assessment of control risk below the maximum appropriate? 53. Were the procedures performed to gain the understanding of control structure, test controls and assess control risk adequately documented? (GAS 4.19) 54. Were all reportable conditions and material weaknesses in the internal control structure that were found by the auditor disclosed in the auditor's report? (GAS 5.17) Schedule of Federal Assistance 55. Was the financial data included in the schedule of Federal assistance derived from the books and records from which the basic financial statements were prepared and if so, does it agree or reconcile with such records? (ASLGU 23.9) 56. If the schedule was prepared from books and records other than those from which the financial statements were prepared, were such records tested? 57. Are all Federal programs that the working papers show being administered by the recipient included in the schedule? (A-128 13) Compliance - General 58. Did the auditor test compliance with each of the applicable general requirements contained in the compliance supplement concerning: (AU 801.43, 801.80-801.82) a. Political activity? b. Civil rights? c. Davis-Bacon Act? d. Cash management? e. Relocation assistance and real property acquisition? f. Federal financial reports? g. Allowable costs/cost principles (including indirect costs)? h. Drug-free Workplace? i. Administrative Requirements? 59. Were all transactions selected from nonmajor programs in the audit of the financial statements and the consideration of internal control structure also tested for compliance with laws and regulations pertaining to such transactions (including program specific requirements and the cost principles in OMB Circular A-87 or A-21)? (A-128 8; AU 801.85-801.86) 60. Did the auditor consider the effect of reported deficiencies at the subrecipient level or subrecipient noncompliance with the audit requirements on the auditee's financial statements and/or supporting schedules? (A-128 9b; AU 801.65) 61. Do the working papers adequately document the work performed and the conclusions reached pertaining to the above compliance testing ? (GAS 4.19-4.22; AU 339.05) 62. In the reviewer's judgement, was sufficient work performed in the above compliance areas? (AU 326.19-326.22) 63. Were all findings of noncompliance disclosed in the audit report? (A-128 13) 64. Did the auditor test compliance with laws and regulations for all major programs identified? (A-128 8; AU 801.49) Compliance - Specific (Major Programs) Complete Attachment II for each major program for which the testing was reviewed. REVIEW ITEM YES NO N/A REF Review of Substantive Testing of Financial Statements A separate attachment should be completed for each audit segment that is reviewed. Identify segment of the audit (i.e. account, class of transaction, fund type, etc.) ____________________________________________________________________ 1. Do the working papers demonstrate that the information reported in the financial statements agreed or reconciled with the recipient's records? (AU 339.05) 2. Considering the auditor's assessments of inherent and control risk, was the nature, timing and extent of substantive audit tests (tests of transactions or analytical procedures) appropriately designed to detect errors in the account balance or class of transactions which could be material when aggregated with errors in other balances or classes? (AU 312.18, 319.61-319.64) 3. Was sufficient competent (valid and relevant) evidential matter obtained to enable the auditor to form conclusions concerning the validity of the following assertions embodied in the financial statements: (AU 326.01-326.23) a. Existence or occurrence? b. Completeness? c. Rights and obligations? d. Valuation or allocation? e. Presentation and disclosure? 4. Were all audit exceptions resolved? 5. Do the working papers sufficiently document the work performed and conclusions reached? (GAS 4.19-4.22; AU 339.05) REFERENCE NOTES REVIEW ITEM YES NO N/A REF Review of Testing of Specific Compliance Requirements 1. Was compliance with all applicable requirements contained in the appropriate Compliance Supplement tested? If not: a. Are the working papers documented as to why not? b. In the reviewer's judgement, was the lack of coverage justified? 2. If the program is not included in the Compliance Supplement: a. Did the auditor review applicable laws, regulations, etc., to determine the compliance requirements? (A-128 8) b. At a minimum, did the auditor test compliance with the following types of requirements, where applicable: (A-128 8) i. Allowability? ii. Eligibility? iii. Matching, level of effort, and earmarking requirements? iv. Special reporting requirements? v. Other special tests and provisions? 3. Do the working papers adequately document the work performed and the conclusions reached? (AU 4.19-4.22, 339.05) 4. Were the nature and extent of audit testing adequate to provide sufficient competent evidential matter to enable the auditor to render an opinion regarding the entity's compliance with the various requirements? (AU 801.49) 5. Do the results of the audit tests support the auditor's report on compliance and reported findings as it pertains to this program? 6. Were all findings of noncompliance disclosed in the working papers reported? (A-128 13) 7. Did the auditor consider the potential projected effect of noncompliance individually and in the aggregate in forming his or her opinions on the financial statements, schedule of Federal assistance and compliance? (AU 801.69-801.72, 350.26) REFERENCE NOTES