“I have been ranting and raving to my peers, family and friends about your seminar… you had me on the edge of my seat just absorbing all the information you covered! Anyone that can teach [auditing]… in such a fun, exciting and upbeat way… deserves more than just KUDOS. I am already looking into other seminars you teach.”
 

Home

Seminars & Workshops

Schedule

About

Clients

Newsletter / Archives

Store

Resources

Links

Contact
 

SIGN UP FOR OUR
FREE NEWSLETTERS
First Name
Last Name
*  Email Address
*  Preferred Format
 
Mailing Lists:
 
*  Enter security code:

 
AuditSkills Archives
Happy Cash Flow Archives

 

Contact Us
P.O. Box 202138
Austin, Texas 78720

P: 512-996-8588
F: 512-996-8585
Email


View Leita Hart-Fanta's profile on LinkedIn

New Study on the Quality of Single Audits

July 2007

The Feds (the President’s Council on Integrity and Efficiency, a.k.a. “PCIE”) recently reviewed 208 single audits. They found that 35.5%—or 63 audits—were unacceptable and could not be relied upon. That is a mighty high percentage! Another 16% had limited reliability.

That means that over half of the Single Audits the Feds sampled are shoddy. And since they used statistical sampling on this project, we could project that shoddiness to the whole population of audits. More than half of all Single Audits are either unreliable or close to unreliable. Ew.

What made these Single Audits shoddy?

It looks like the auditors are unaware of a significant requirement of the Yellow Book (government auditing) standards. In a plain-jane financial audit—auditors follow the SASs (the AICPA’s Statements on Auditing Standards).

And in the SAS world, two no-no's are specifically mentioned: internal control weaknesses and fraud. (By “no-no’s”, I mean issues that cause auditors to write a finding.)

BUT—obviously unbeknownst to half of these auditors—the Yellow Book creates two more no-no’s: noncompliance with contracts and grant agreements, and abuse. The Yellow Book takes violations of contracts and grant agreements very seriously—so seriously that they ask you to design your audit to detect noncompliance.

Check out the flaws that the PCIE criticizes the shoddy audits for:

  • Not documenting the understanding of internal controls over compliance requirements
  • Not documenting testing internal controls of at least some compliance requirements
  • Not documenting compliance testing of at least some compliance requirements

See any pattern here? See the words “compliance requirements” in every line?

And what does the PCIE recommend be done about it?

They recommend a three-pronged approach (my smarty-pants comments are in italics):

  1. Revise and improve single audit standards, criteria and guidance—How about writing the requirements in ENGLISH—our national language—as a start!?! Ha. The AICPA is particularly skilled at writing in smlegalese (smarmy legalese).
  2. Establish minimum requirements for training on performing single audits—Hey, this may mean more work for me!
  3. Review and enhance processes to address unacceptable single audits—You mean hold people accountable for the quality of their work!?! Like we do with our auditees? What a wacky idea!

Take a minute and go look at the report yourself, especially if you are conducting Single Audits:

http://www.ignet.gov/pande/audit/NatSamProjRptFINAL2.pdf.

I expect the revised Yellow Book to come out any minute. When it does, I’ll let you know.

Next month: What the New Yellow Book requires for Peer Review and Quality Assurance

NASBA Certified

  © 2000 to 2010 Leita Hart-Fanta. All rights reserved. | Privacy Policy