"I have been ranting and raving to my peers, family and friends about your seminar… you had me on the edge of my seat just absorbing all the information you covered! Anyone that can teach [auditing]… in such a fun, exciting and upbeat way… deserves more than just KUDOS. I am already looking into other seminars you teach."
 

Home

Seminars & Workshops

Schedule

About

Clients

Newsletter / Archives

Store

Blog

Resources

Links

Contact
 

SIGN UP FOR OUR
FREE NEWSLETTERS
First Name
Last Name
*  Email Address
*  Preferred Format
 
Mailing Lists:
 
*  Enter security code:

 
AuditSkills Archives
Happy Cash Flow Archives

 

Contact Us
P.O. Box 202138
Austin, Texas 78720

P: 512-996-8588
F: 512-996-8585
Email
 
Share

    View Leita Hart-Fanta's Twitter posts

    View Leita Hart-Fanta's profile on LinkedIn

The 2007 Yellow Book Revision

February 2007

The GAO issued the 2007 version of the Yellow Book on February 1. To get your copy go to www.gao.gov. It is free!

Not long ago, I had the opportunity to talk to David Walker, the Comptroller General of the United States and the head of the GAO, in person. He and I chatted about how the various standard-setting bodies were unable to come to agreement about the standards, and how hard it was for practitioners to reconcile all of them. He said he was working on that.

Then I put my size-11 foot in my mouth and said that the PCAOB had the toughest standards out there. Mr. Walker corrected me quickly. "No," he said, "we are the toughest standard out there." And with this 2007 revision, they aren’t pulling any punches. Pow! Wham! Pop!

Here is what I have noticed so far about the standards:

  1. Defining must, should, and may – Chapter 1 clarifies that "must" means must, that "should" means you have to have a really good reason to weasel out of it, and that "may" allows you to weasel out of it completely if you really want to.
  2. New chapter on ethics – Much of the information in this new chapter—Chapter 2—existed in the 2003 version of the Yellow Book in either, the introduction, the independence standards, or chapter 1. Now, the Yellow Book spells out five areas of an auditor’s ethical responsibility:

    1    .the public interest;
    2.     integrity;
    3. objectivity;
    4. proper use of government information, resources, and position; and
    5.     professional behavior.

    This chapter is worth a read as it sets the tone for the rest of the document.
  3. The independence section has been reorganized and clarified – The 2003 version of the Yellow Book rambled on a bit about auditor independence and confused a lot of auditors. The confusion was so pronounced that the GAO had to issue a Q&A document to answer practitioners’ questions about the new tougher standards. The independence standards have not changed since 2003, but now, with the reorganization of the chapter, the GAO makes it clear which non-audit services compromise your independence. They spell out non-audit services that are OK to do, non-audit services that are not OK to do, and non-audit services that are sort-of-OK to do. They provide several lists of possible non-audit services that cover the majority of situations you might find yourself in.
  4. The professional judgment standard has been expanded – In the past, due professional care (the name was changed in 2003 to professional judgment) was a very short section. This section has now been expanded to remind the auditor of all the places where an auditor’s brain needs to be pulled out of the filing cabinet and used on an audit.
  5. The quality control and peer review standards – These general standards are still not finalized. The 2006 exposure draft altered the time periods for peer review and added more detail on what a quality control system should look like. The 2006 exposure draft obviously caused so much comment that the GAO is still thinking about these standards. These two general standards—quality control and peer review—are now re-exposed and should be finalized sometime this year.

    Peer review is an especially touchy area, as every standard-setting body and state board of public accountancy seems to have different requirements surrounding it. For instance, the Board of Public Accountancy in California does not require CPAs to undergo a peer review, while the State of Texas Board does. The IIA requires peer reviews on a five-year cycle while the AICPA requires a three-year cycle. For the re-exposed standard, see http://www.gao.gov/govaud/d07431g.pdf
  6. Language synchronized with the AICPA – The financial and performance standards are synchronized with AICPA language. Both the financial standards and the performance standards are using similar language now in regards to evidence, fraud, documentation, and risk assessment. I am a little surprised that the performance audit standards are so similar to the AICPA standards in this new version. I know that an audit is an audit is an audit, but performance auditors have always thought of themselves as "special".
  7. Mandatory fraud procedures in the performance audit standards – Now the performance audit standards require auditors to assess the risks of fraud and have a meeting to discuss the risks. This is a similar requirement to SAS 99.
  8. Mandatory reporting language for performance audits – The reporting standards for performance audits (Chapter 8) contain a mandatory paragraph for the audit report.

Overall, the 2007 is easier to read and better organized. Huge chunks have been cut out and replaced with bullet lists. Much of the guidance has been moved to an appendix in the back—similar to what the Institute of Internal Auditors does with its Practice Advisories.

If you are a performance auditor and have not read chapters 7 and 8 since the 2003 version, I highly recommend that you read them now. They are thick with new terminology and contain several requirements you may not be aware of.

NASBA Certified

  © 2000 to 2010 Leita Hart-Fanta. All rights reserved. | Privacy Policy