The 2010 Revision’s Impact on Internal Audit Independence

The GAO’s 2010 proposed revision to the Yellow Book isn’t saying much that is new.  Instead it is saying the same stuff – just in a different way.

For instance, the section on independence regarding non-audit services caused plenty of heartburn in the 2007 revision.  The GAO asked auditors to evaluate whether they were 1. Auditing their own work in performing the non-audit service or 2. Making management decisions when performing the non-audit services.   Obviously, auditing your own work and making management decisions compromises and auditor’s independence because the auditor will not be motivated to admit that they messed up either the work or the decision if and when they do the audit. 

One state audit organization I worked with said that they had, many years ago, become frustrated with the state agency responsible for calculating pension obligations.  It seems that the auditor was constantly writing the agency up for not calculating it correctly, so the agency finally just said, “You know what? We don’t really know how to do it.  Will you do it for us?”  And unfortunately, the auditor decided that was a good idea. 

So, one assistant state auditor made the calculation for a decade or so until he retired.  When a new auditor took over the job, she quickly realized that the calculation had been wrong the whole time and that the state owed the pension plan major dinero.  How embarrassing is that for the state auditor to admit!?!   

And the state auditor didn’t want to admit it and was trying desperately to figure out a way to avoid admitting their mistake.  The only thing I can think for the auditor to do to avoid accountability is to write the state a check for a few million out of your personal state salaried accounts.  I am sure they can spare it.

This is the sort of dilemma that independence standards allow us to avoid. But at the same time, independence causes internal auditors a special brand of heartburn.

Let’s look at what the proposed new standards say:

Some 2010 Clauses Significant to Internal Auditors

The revision to the Yellow Book takes a different path, but ends up at the same place.  It talks about ‘threats’ to independence – and the following sound like they were written with internal auditors in mind:

GAGAS 2010 3.10  

b. Self-review threat - the threat that an auditor will not appropriately evaluate the results of a previous judgment made or service performed by the auditor, or the audit organization, on which the auditor will rely when forming a judgment significant to an audit;

d. Familiarity threat - the threat that due to a long or close relationship with management or personnel of an audited entity or employer, an auditor will be too sympathetic to their interests or too accepting of their work;

f. Management participation threat - the threat that results from an auditor’s taking on the role of management or otherwise performing management functions on behalf of the entity undergoing an audit or attestation engagement;

And then goes on to expressly prohibit one common internal audit activity:

3.49 Accepting responsibility for designing, implementing or maintaining internal control includes accepting responsibility for designing, implementing or maintaining monitoring procedures. Monitoring involves the use of ongoing monitoring procedures or separate evaluations to gather and analyze persuasive information supporting conclusions about the effectiveness of the internal control system. Ongoing monitoring procedures are built into the routine, recurring operating activities of an organization. Therefore, the management participation threat created by an auditor performing ongoing monitoring procedures is so significant that no safeguards could reduce the threat to an acceptable level. On the other hand, nonaudit services providing separate evaluations often are performed by individuals who are not directly involved in the operation of the controls being monitored. As such, it is possible for an auditor to provide an objective analysis of control effectiveness by performing separate evaluations without creating a significant threat of management participation that would impair independence. However, in all such cases, the significance of the threat created by performing separate evaluations should be evaluated and safeguards applied when necessary to eliminate the threat or reduce it to an acceptable level. Auditors should assess the frequency of the separate evaluations as well as the scope or extent of the controls (in relation to the scope of the audit performed) being tested in evaluating the significance of the threat.

This excerpt points out a significant thematic difference between the IIA’s Professional Practices Framework (the red book) and the yellow book.  Members of the IIA like to be helpful to their employers, the GAO does not.   The GAO standards are written as if the auditor is an “external” auditor – not an internal auditor.  A gentleman at the GAO once told me that internal auditor is a troublesome term.  How can you be internal and be an auditor.   The Yellow Book discourages auditors from performing ‘consulting’ engagements and instead prefers that internal auditors concentrate on the “assurance” aspect of their work.

One of the ‘hot’ topics – if you can go as far as to call anything in auditing “HOT” – at the HOTlanta IIA International Conference last summer was continuous monitoring.  Internal auditors are working themselves into a frenzy figuring out how to do it.

BUT – when working in Yellow Book land, continuous monitoring – unless used by the internal audit shop to do their audit risk assessments – compromises auditor independence.

In one of my recent courses, we were discussing the COSO model and were talking about controls that the auditee should have in place over a federal grant.   An internal auditor in the audience said that one of the best controls over a federal grant possible would be a strong internal audit shop monitoring the grant.  And I immediately went, “No, I am not writing that up on the board!”  A sharp reaction to a simple idea. 

I immediately regretted shutting him down so hard and wrote it up on the board because I didn’t want to dwell on auditor independence that particular afternoon because it was off topic.   But in Yellow Book land, the internal auditor is not to perform management functions.  An auditor is an objective third-party that can give an unbiased assessment of what is really going on.  This participant was looking at things from the IIA perspective – where it is OK to help management. 

If the auditor took on monitoring the federal grant and then later criticized compliance or operations for same federal grant… they’d be in a bind, wouldn’t they?  Because they were responsible for monitoring and thus for helping the client out.  And unless the client is superhuman – they will usually come to depend on the auditor and assume (wrongly) that everything is OK and they have nothing to worry about.  And then the auditor will have to write them a big fat check from his personal account for the questioned cost that they were complicit in generating. (I do realize that auditors won’t be writing any checks) by the way.

If this discussion has made you a little hot under the collar – go to the 2010 Proposed Revision at http://www.gao.gov/new.items/d10853g.pdf  and carefully read Sections 3.02-3.50.  Yes, it is a lot to look over.  But it is new and worth the time.

This is the time to let the GAO know what you think.  Write to yellowbook@gao.gov by November 22 to have an impact on the next revision.

If you want to discuss the major differences between the Yellow Book and the Red Book – attend the 2010 Single Audit and Government Conference in Austin and catch Helen Young and I arguing over which standard is best.  We had a huge laugh fest last week talking about our opposing views on the red book and yellow book.  For more info, see:  http://www.tscpa.org/Public/Catalog/CourseDetails.aspx?courseID=11CGC01

 

This blog

Governmental auditors unite! Leita Hart-Fanta, CPA, CGFM, and CGAP is the author of “The Yellow Book Interpreted” and owner of Yellowbook-CPE.com a website devoted to training for governmental auditors. Whether you are an internal auditor or monitor for a government entity or a CPA doing grant audits, you will enjoy Leita’s humorous take on the complexity of auditing in the government environment.

More from this blog

Bloggers crew

Steve Knowles has spent 25 years in business and practice in the UK, but he also worked in the states and the years haven't dulled his way of seeing an alternative view to everyone else, and every day is a new adventure.

42445

Joel M. Ungar, CPA is a lifelong resident of the Detroit area and a graduate of The University of Michigan. He is a principal with Silberstein Ungar, PLLC, a Top 15 auditor of SEC public reporting companies.

74650

Allan Boress, CPA, with over 25 years as a practitioner and consultant to the accounting profession. Mr. Boress is the author of 12 published books in 6 different languages, including a best-seller, The "I-Hate-Selling" Book.

47424

Larry Perry, CPA, CPA Firm Support Services, LLC, is the author of accounting and auditing manuals, author and presenter of live staff training seminars, and author of webcast and self-study CPE programs. He blogs about small audits, reviews, and compilations.

87074
Sandra Wiley, COO and Shareholder, is ranked by Accounting Today as one of the 100 Most Influential People in Accounting as a result of her prominent role as an industry expert on HR and training as well as influence as a management and planning consultant. She is also a founding member of The CPA Consultant's Alliance. Sandra is a certified Kolbe™ trainer who advises firms on building balanced teams, managing employee conflict and hiring staff.
19931

Maria Calabrese, CIR, Human Resources manager for Fazio, Mannuzza, Roche, Tankel, LaPilusa, LLC in Cranford, New Jersey, Maria's topics revolve around the world of: Mentoring, Performance management, and The "Y Generation," a.k.a. "The whY generation".

54536

William Brighenti is a CPA, Certified QuickBooks ProAdvisor, and Certified [Business] Valuation Analyst, operating an accounting, tax, and QuickBooks consulting firm in Hartford, Connecticut, Accountants CPA Hartford.

79195

Ken Garen, CPA, is the co-founder and President of Universal Business Computing Company (www.ubcc.com), a software development firm of high-volume, high-productivity accounting and payroll technology.

24526

Eva Rosenberg, MBA, EA, is the publisher of TaxMama.com, and author of the weekly syndicated Ask TaxMama column. She provides answers to tax questions from taxpayers and tax professionals worldwide.

62933

Amy Vetter, CPA, CITP is the CPA Programs Leader for Intacct Corporation responsible for leading the CPA/BPO Partners nationally.

33909
Brian Strahle is the owner of LEVERAGE SALT, LLC where he provides state and local tax technical services to accounting firms, law firms and tax research organizations across the United States. He also writes a weekly column in Tax Analysts State tax Notes entitled, "The SALT Effect." For more info, visit his website: www.leveragestateandlocaltax.com
100932
Scott H. Cytron, ABC, is president of Cytron and Company, known for helping companies and organizations improve their bottom line through a hybrid of strategic public relations, communications, marketing programs and top-notch client service. An accredited consultant, Scott works with companies, organizations and individuals in professional services (accounting, finance, medical, legal, engineering), high-tech and B2B/B2C product/service sales.
25188

Rita Keller is a nationally known CPA firm management consultant, speaker, author, mentor and blogger. She has over 30 years hands-on experience in CPA firm management, marketing, technology and administrative operations.

51391
Stacy Kildal is the mom of two fantastic kids, an Advanced Certified QuickBooks ProAdvisor, Certified Enterprise Solutions ProAdvisor, Sleeter Group Certified Consultant, a nationally recognized member of the Intuit Trainer and Writer Network, and co-host of RadioFree QuickBooks.
27013
Michael Alter's blog specializes in providing practical advice to those who seek greater profitability and practice management tactics that enhance deeper client relationships.
31328

Sally Glick, CMO, Principal, Marketer of the Year in 2003 and AAM Hall of Famer in 2007, leads a lively discussion of the constantly expanding roles of marketing and the professional marketers that drive this initiative in accounting firms of all sizes.

98310

The IMA Young Professionals Blog features the insights of IMA’s Young Professionals Committee. Committee members share advice and experiences on careers, continuing education, work/life balance, and other issues affecting young accounting and finance professionals.

32512

FEI Financial Reporting Blog provides highlights from SEC, PCAOB, FASB, IASB, and other regulatory news, including reporting under Sarbanes-Oxley Sect 404. It is written by Edith Orenstein, Director of Technical Policy Analysis at FEI.

109195

Sue Anderson has 30 years of experience in continuing education for accountants. Currently she is the program director for online CPE provider CPE Link.

59631

Jim Fahey is COO of Apple Growth Partners, a regional CPA firm in Ohio. His focus is on the effective and efficient use of technology within the firm by all team members.

38557
Caleb Newquist is the Editor-in-Chief of Sift Media US, overseeing content for both AccountingWEB and Going Concern.
65493

Leita Hart-Fanta, CPA, CGFM, and CGAP is the author of "The Yellow Book Interpreted" and owner of Yellowbook-CPE.com a website devoted to training for governmental auditors.

91320

AccountingWEB is more than just a U.S. team of journalists and financial and technology experts - we have an international side, too! Members of our British team who publish AccountingWEB.co.uk share their ideas, insights, and perspectives from across the pond.

52404