This is the accessible text file for GAO report number GAO-08-210G 
entitled 'Government Auditing Standards: Implementation Tool: 
Professional Requirements Tool for Use in Implementing Requirements 
Identified by "Must" and "Should" in the July 2007 Revision of 
Government Auditing Standards' which was released on January 2, 2008. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

United States Government Accountability Office: 

Government Auditing Standards: Implementation Tool: 

Professional Requirements Tool for Use in Implementing Requirements 
Identified by "Must" and "Should" in the July 2007 Revision of 
Government Auditing Standards: 

This Professional Requirements Tool lists the requirements for audit 
organizations and auditors included in the July 2007 Revision of 
Generally Accepted Government Auditing Standards (GAGAS), also commonly 
known as the Yellow Book. This tool lists professional responsibilities 
that are specifically identified in the standards by the words "must" 
and "should." 

This tool is divided into four sections. The general requirements 
section contains entity-wide requirements for the audit organization 
and is intended for use in addition to the specific sections for 
financial audits, attestation engagements, and performance audits, 
which contain engagement-specific requirements for the auditors 
conducting the engagement. Audit organizations and auditors should also 
refer to the complete text of the July 2007 Revision of GAGAS to 
understand the context for those requirements along with related 
guidance. 

This tool was prepared by GAO's government auditing standards staff to 
facilitate audit organizations' and auditors' implementation of the 
standards, and does not represent additional standards or requirements. 
The staff welcomes your feedback and comments. If you have questions or 
comments related to this tool, please contact Heather Keister, at (202) 
512-2943 or keisterh@gao.gov. For other questions on GAGAS, please 
contact us at yellowbook@gao.gov. 

Signed by: 

Jeanette M. Franzel: 

Director, Financial Management and Assurance: 

Contents: 

Background: 

General Requirements For Audit Organizations: 

Specific Requirements For Financial Audits: 

Specific Requirements For Attestation Engagements: 

Specific Requirements For Performance Audits: 

Background: 

In July 2007, the Comptroller General issued a major revision to 
Government Auditing Standards.[Footnote 1] The July 2007 Revision uses 
clarified language to define the auditors' level of responsibility and 
distinguish between auditor requirements and additional guidance. 

As described in the July 2007 Revision (paragraphs 1.05 through 1.08), 
GAGAS use two categories of professional requirements to describe the 
degree of responsibility for auditors and audit organizations, as 
follows: 

* Unconditional requirements: Auditors and audit organizations are 
required to comply with an unconditional requirement in all cases in 
which the circumstances exist to which the unconditional requirement 
applies. GAGAS use the words must or is required to specify an 
unconditional requirement. 

* Presumptively mandatory requirements: Auditors and audit 
organizations are also required to comply with a presumptively 
mandatory requirement in all cases in which the circumstances exist to 
which the presumptively mandatory requirement applies; however, in rare 
circumstances, auditors and audit organizations may depart from a 
presumptively mandatory requirement provided they document their 
justification for the departure and how the alternative procedures 
performed in the circumstances were sufficient to achieve the 
objectives of the presumptively mandatory requirement. GAGAS use the 
word should to specify a presumptively mandatory requirement. 

For financial audits and attestation engagements, GAGAS incorporates 
the AICPA field work and reporting standards and the related Statements 
on Auditing Standards (SAS) and Statements on Standards for Attestation 
Engagements (SSAE). Therefore, in addition to the requirements 
contained in this tool, documentation of compliance with the 
requirements in the AICPA field work and reporting standards is 
required for financial audits and attestation engagements conducted in 
accordance with GAGAS. 

This tool is intended to assist auditors with documenting compliance 
with GAGAS. The columns to the right of the requirements may be used 
for auditor notations to indicate the location of audit documentation 
that supports compliance with the GAGAS requirement. The words "must" 
and "should" that are applicable to each section are bolded and 
underlined in this tool for emphasis. 

Explanatory material that identifies or describes other procedures does 
not represent a professional requirement for the audit organization or 
auditor to perform such procedures. How and whether to carry out such 
procedures depends on the exercise of professional judgment consistent 
with the objective of the standard. This tool does not include 
explanatory material from the July 2007 Revision of Government Auditing 
Standards. Therefore, audit organizations and auditors should read the 
entire text of the July 2007 Revision of GAGAS, including the 
explanatory material when planning the audit and making professional 
judgments about compliance with professional requirements. 

General Requirements for Audit Organizations: 

General Requirements - Audit organizations: 

Chapter 1 - Use and Application of GAGAS; 
Types of GAGAS Audits and Attestation Engagements; 
Professional Services Other Than Audits (Nonaudit Services) Provided by 
Audit Organizations; 
1.33: GAGAS do not cover professional services other than audits or 
attestation engagements (nonaudit services)...Therefore, auditors must 
not report that the nonaudit services were conducted in accordance with 
GAGAS. When performing nonaudit services for an entity for which the 
audit organization performs a GAGAS audit or attestation engagement, 
audit organizations should communicate, as appropriate, with requestors 
and those charged with governance to clarify that the scope of work 
performed does not constitute an audit under GAGAS; 
Must: [Check]; 
Should: [Empty]. 

Chapter 1 - Use and Application of GAGAS; 
Types of GAGAS Audits and Attestation Engagements; 
Professional Services Other Than Audits (Nonaudit Services) Provided by 
Audit Organizations; 
1.34: Audit organizations that provide nonaudit services must evaluate 
whether providing nonaudit services creates an independence impairment 
either in fact or appearance with respect to the entities they audit... 
Must: [Empty] 
Should: [Check]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
Independence; 
3.02: In all matters relating to the audit work, the audit organization 
and the individual auditor, whether government or public, must be free 
from personal, external, and organizational impairments to 
independence, and must avoid the appearance of such impairments of 
independence; 
Must: [Empty] 
Should: [Check]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
Independence; 
3.03: Auditors and audit organizations must maintain independence so 
that their opinions, findings, conclusions, judgments, and 
recommendations will be impartial and viewed as impartial by objective 
third parties with knowledge of the relevant information. Auditors 
should avoid situations that could lead objective third parties with 
knowledge of the relevant information to conclude that the auditors are 
not able to maintain independence and thus are not capable of 
exercising objective and impartial judgment on all issues associated 
with conducting the audit and reporting on the work; 
Must: [Empty] 
Should: [Check]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
Independence; 
3.04: When evaluating whether independence impairments exist either in 
fact or appearance with respect to the entities for which audit 
organizations perform audits or attestation engagements, auditors and 
audit organizations must take into account the three general classes of 
impairments to independence--personal, external, and organizational. 
[Footnote not shown.] If one or more of these impairments affects or 
can be perceived to affect independence, the audit organization (or 
auditor) should decline to perform the work--except in those situations 
in which an audit organization in a government entity, because of a 
legislative requirement or for other reasons, cannot decline to perform 
the work, in which case the government audit organization must disclose 
the impairment(s) and modify the GAGAS compliance statement...; 
Must: [Empty]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
Independence; 
3.06: If an impairment to independence is identified after the audit 
report is issued, the audit organization should assess the impact on 
the audit. If the audit organization concludes that it did not comply 
with GAGAS, it should determine the impact on the auditors' report and 
notify entity management, those charged with governance, the 
requesters, or regulatory agencies that have jurisdiction over the 
audited entity and persons known to be using the audit report about the 
independence impairment and the impact on the audit. The audit 
organization should make such notifications in writing; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
Personal Impairments; 
3.08: Audit organizations and auditors may encounter many different 
circumstances or combinations of circumstances that could create a 
personal impairment. Therefore, it is impossible to identify every 
situation that could result in a personal impairment. Accordingly, 
audit organizations should include as part of their quality control 
system procedures to identify personal impairments and help ensure 
compliance with GAGAS independence requirements. At a minimum, audit 
organizations should: 
a. establish policies and procedures to identify, report, and resolve 
personal impairments to independence, 
b. communicate the audit organization's policies and procedures to all 
auditors in the organization and promote understanding of the policies 
and procedures, 
c. establish internal policies and procedures to monitor compliance 
with the audit organization's policies and procedures, 
d. establish a disciplinary mechanism to promote compliance with the 
audit organization's policies and procedures, 
e. stress the importance of independence and the expectation that 
auditors will always act in the public interest, and; 
f. maintain documentation of the steps taken to identify potential 
personal independence impairments; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
Personal Impairments; 
3.09: When the audit organization identifies a personal impairment to 
independence prior to or during an audit, the audit organization should 
take action to resolve the impairment in a timely manner. … If the 
personal impairment cannot be eliminated, the audit organization should 
withdraw from the audit. In situations in which auditors employed by 
government entities cannot withdraw from the audit, they should follow 
paragraph 3.04; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
External Impairments; 
3.10: Audit organizations must be free from external impairments to 
independence. Factors external to the audit organization may restrict 
the work or interfere with auditors' ability to form independent and 
objective opinions, findings, and conclusions. External impairments to 
independence occur when auditors are deterred from acting objectively 
and exercising professional skepticism by pressures, actual or 
perceived, from management and employees of the audited entity or 
oversight organizations...; 
Must: [Empty]; 
Should: [Check]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
External Impairments; 
3.11: Audit organizations should include policies and procedures for 
identifying and resolving external impairments as part of their quality 
control system for compliance with GAGAS independence requirements; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
Organizational Independence; 
3.12: The ability of audit organizations in government entities to 
perform work and report the results objectively can be affected by 
placement within government, and the structure of the government entity 
being audited. Whether reporting to third parties externally or to top 
management within the audited entity internally, audit organizations 
must be free from organizational impairments to independence with 
respect to the entities they audit. Impairments to organizational 
independence result when the audit function is organizationally located 
within the reporting line of the areas under audit or when the auditor 
is assigned or takes on responsibilities that affect operations of the 
area under audit; 
Must: [Empty]; 
Should: [Check]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
Organizational Independence for External Audit Functions; 
3.15:..For an external audit organization to be considered free from 
organizational impairments under a structure different from the ones 
[government entity structures] listed in paragraphs 3.13 and 3.14, the 
audit organization should have all of the following safeguards. In such 
situations, the audit organization should document how each of the 
following safeguards were satisfied and provide the documentation to 
those performing quality control monitoring and to the external peer 
reviewers to determine whether all the necessary safeguards have been 
met: 
a. statutory protections that prevent the audited entity from 
abolishing the audit organization; 
b. statutory protections that require that if the head of the audit 
organization is removed from office, the head of the agency report this 
fact and the reasons for the removal to the legislative body; 
c. statutory protections that prevent the audited entity from 
interfering with the initiation, scope, timing, and completion of any 
audit; 
d. statutory protections that prevent the audited entity from 
interfering with audit reporting, including the findings and 
conclusions or the manner, means, or timing of the audit organization's 
reports; 
e. statutory protections that require the audit organization to report 
to a legislative body or other independent governing body on a 
recurring basis; 
f. statutory protections that give the audit organization sole 
authority over the selection, retention, advancement, and dismissal of 
its staff; and; 
g. statutory access to records and documents related to the agency, 
program, or function being audited and access to government officials 
or other individuals as needed to conduct the audit. [Footnote not 
shown.]; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
Organizational Independence for Internal Audit Functions; 
3.17: The internal audit organization should report regularly to those 
charged with governance; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
Organizational Independence for Internal Audit Functions; 
3.19: The internal audit organization should document the conditions 
that allow it to be considered free of organizational impairments to 
independence for internal reporting and provide the documentation to 
those performing quality control monitoring and to the external peer 
reviewers to determine whether all the necessary safeguards have been 
met; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
Organizational Independence When Performing Nonaudit Services; 
3.20:...Audit organizations that provide nonaudit services must 
evaluate whether providing the services creates an independence 
impairment either in fact or appearance with respect to entities they 
audit. [Footnote not shown.]...; 
Must: [Empty]; 
Should: [Check]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
Organizational Independence When Performing Nonaudit Services; 
3.21: Audit organizations in government entities generally have broad 
audit responsibilities and, therefore, should establish policies and 
procedures for accepting engagements to perform nonaudit services so 
that independence is not impaired with respect to entities they 
audit...Independent public accountants may provide audit and nonaudit 
services (commonly referred to as consulting) under contractual 
commitments to an entity and should determine whether nonaudit services 
they have provided or are committed to provide have a significant or 
material effect on the subject matter of the audits; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
Overarching Independence Principles; 
3.22: The following two overarching principles apply to auditor 
independence when assessing the impact of performing a nonaudit service 
for an audited program or entity: (1) audit organizations must not 
provide nonaudit services that involve performing management functions 
or making management decisions and (2) audit organizations must not 
audit their own work or provide nonaudit services in situations in 
which the nonaudit services are significant or material to the subject 
matter of the audits. [Footnote not shown.]; 
Must: [Empty]; 
Should: [Check]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
Overarching Independence Principles; 
3.23: In considering whether audits performed by the audit organization 
could be significantly or materially affected by the nonaudit service, 
audit organizations should evaluate (1) ongoing audits; (2) planned 
audits; (3) requirements and commitments for providing audits, which 
includes laws, regulations, rules, contracts, and other agreements; and 
(4) policies placing responsibilities on the audit organization for 
providing audit services; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
Overarching Independence Principles; 
3.24: If requested [footnote not shown] to perform nonaudit services 
that would impair the audit organization's ability to meet either or 
both of the overarching independence principles for certain types of 
audit work, the audit organization should inform the requestor and the 
audited entity that performing the nonaudit service would impair the 
auditors' independence with regard to subsequent audit or attestation 
engagements; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
Supplemental Safeguards for Maintaining Auditor Independence When 
Performing Nonaudit Services; 
3.30: Performing nonaudit services described in paragraph 3.28 will not 
impair independence if the overarching independence principles stated 
in paragraph 3.22 are not violated. For these nonaudit services, the 
audit organization should comply with each of the following safeguards: 
a. document its consideration of the nonaudit services, including its 
conclusions about the impact on independence; 
b. establish in writing an understanding with the audited entity 
regarding the objectives, scope of work, and product or deliverables of 
the nonaudit service; and management's responsibility for (1) the 
subject matter of the nonaudit services, (2) the substantive outcomes 
of the work, and (3) making any decisions that involve management 
functions related to the nonaudit service and accepting full 
responsibility for such decisions; 
c. exclude personnel who provided the nonaudit services from planning, 
conducting, or reviewing audit work in the subject matter of the 
nonaudit service; [footnote not shown] and; 
d. do not reduce the scope and extent of the audit work below the level 
that would be appropriate if the nonaudit service were performed by an 
unrelated party; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
Competence; 
3.41: The audit organization's management should assess skill needs to 
consider whether its workforce has the essential skills that match 
those necessary to fulfill a particular audit mandate or scope of 
audits to be performed. Accordingly, audit organizations should have a 
process for recruitment, hiring, continuous development, assignment, 
and evaluation of staff to maintain a competent workforce. The nature, 
extent, and formality of the process will depend on various factors 
such as the size of the audit organization, its structure, and its 
work; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
Continuing Professional Education; 
3.48: Improving their own competencies and meeting CPE requirements are 
primarily the responsibilities of individual auditors. The audit 
organization should have quality control procedures to help ensure that 
auditors meet the continuing education requirements, including 
documentation of the CPE completed...; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
Quality Control and Assurance; 
3.50: Each audit organization performing audits or attestation 
engagements in accordance with GAGAS must: 
a. establish a system of quality control that is designed to provide 
the audit organization with reasonable assurance that the organization 
and its personnel comply with professional standards and applicable 
legal and regulatory requirements, and; 
b. have an external peer review at least once every 3 years.[35]. 
[35] An audit organization's noncompliance with the peer review 
requirements (paragraph 3.50b and 3.55 through 3.60) results in a 
modified GAGAS compliance statement. The audit organization's 
compliance (or noncompliance) with the requirements for a system of 
quality control in paragraphs 3.50a and 3.51 through 3.54 are tested 
and reported on as part of the peer review process and do not impact 
the GAGAS compliance statement...; 
Must: [Empty]; 
Should: [Check]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
System of Quality Control; 
3.52: Each audit organization must document its quality control 
policies and procedures and communicate those policies and procedures 
to its personnel. The audit organization should document compliance 
with its quality control policies and procedures and maintain such 
documentation for a period of time sufficient to enable those 
performing monitoring procedures and peer reviews to evaluate the 
extent of the audit organization's compliance with its quality control 
policies and procedures...; 
Must: [Empty]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
System of Quality Control; 
3.53 An audit organization should include policies and procedures in 
its system of quality control that collectively address: 
a. Leadership responsibilities for quality within the audit 
organization: Policies and procedures that designate responsibility for 
quality of audits and attestation engagements performed under GAGAS and 
communication of policies and procedures relating to quality...; 
b. Independence, legal, and ethical requirements: Policies and 
procedures designed to provide reasonable assurance that the audit 
organization and its personnel maintain independence, and comply with 
applicable legal and ethical requirements. [Footnote not shown.]; 
c. Initiation, [footnote not shown] acceptance, and continuance of 
audit and attestation engagements: Policies and procedures for the 
initiation, acceptance, and continuance of audit and attestation 
engagements, designed to provide reasonable assurance that the audit 
organization will undertake audit engagements only if it can comply 
with professional standards and ethical principles and is acting within 
the legal mandate or authority of the audit organization; 
d. Human resources: Policies and procedures designed to provide the 
audit organization with reasonable assurance that it has personnel with 
the capabilities and competence to perform its audits in accordance 
with professional standards and legal and regulatory requirements. 
[Footnote not shown.]; 
e. Audit and attestation engagement performance, documentation, and 
reporting: Policies and procedures designed to provide the audit 
organization with reasonable assurance that audits and attestation 
engagements are performed and reports are issued in accordance with 
professional standards and legal and regulatory requirements...; 
f. Monitoring of quality: An ongoing, periodic assessment of work 
completed on audits and attestation engagements designed to provide 
management of the audit organization with reasonable assurance that the 
policies and procedures related to the system of quality control are 
suitably designed and operating effectively in practice...The audit 
organization should perform monitoring procedures that enable it to 
assess compliance with applicable professional standards and quality 
control policies and procedures for GAGAS audits. Individuals 
performing monitoring should collectively have sufficient expertise and 
authority for this role; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
System of Quality Control; 
3.54 The audit organization should analyze and summarize the results of 
its monitoring procedures at least annually, with identification of any 
systemic issues needing improvement, along with recommendations for 
corrective action. (Under GAGAS, reviews of the work and the report 
that are performed as part of supervision are not monitoring controls 
when used alone. However, these types of pre-issuance reviews may be 
used as a part of this analysis and summary.); 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
External Peer Review; 
3.55 Audit organizations performing audits and attestation engagements 
in accordance with GAGAS must have an external peer review performed by 
reviewers independent of the audit organization being reviewed at least 
once every 3 years. [Footnote not shown.]; 
Must: [Empty]; 
Should: [Check]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
External Peer Review; 
3.56 The audit organization should obtain an external peer review 
sufficient in scope to provide a reasonable basis for determining 
whether, for the period under review, [footnote not shown] the reviewed 
audit organization's system of quality control was suitably designed 
and whether the audit organization is complying with its quality 
control system in order to provide the audit organization with 
reasonable assurance of conforming with applicable professional 
standards; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
External Peer Review; 
3.57: The peer review team should include the following elements in the 
scope of the peer review: 
a. review of the audit organization's quality control policies and 
procedures; 
b. consideration of the adequacy and results of the audit 
organization's internal monitoring procedures; 
c. review of selected audit and attestation engagement reports and 
related documentation; 
d. review of other documents necessary for assessing compliance with 
standards, for example, independence documentation, CPE records, and 
relevant human resource management files; and; 
e. interviews with a selection of the reviewed audit organization's 
professional staff at various levels to assess their understanding of 
and compliance with relevant quality control policies and procedures; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
External Peer Review; 
3.58: The peer review team should perform a risk assessment to help 
determine the number and types of engagements to select. Based on the 
risk assessment, the team should use one or a combination of the 
following approaches to selecting individual audits and attestation 
engagements for review: (1) select GAGAS audits and attestation 
engagements that provide a reasonable cross-section of the GAGAS 
assignments performed by the reviewed audit organization or (2) select 
audits and attestation engagements that provide a reasonable cross- 
section from all types of work subject to the reviewed audit 
organization's quality control system, including one or more 
assignments performed in accordance with GAGAS. [Footnote not shown.]; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
External Peer Review; 
3.59: The peer review team should prepare one or more written reports 
communicating the results of the peer review, including the following: 
a. description of the scope of the peer review, including any 
limitations; 
b. an opinion on whether the system of quality control of the reviewed 
audit organization's audit and/or attestation engagement practices was 
adequately designed and compiled with during the period reviewed to 
provide the audit organization with reasonable assurance of conforming 
with applicable professional standards; 
c. specification of the professional standards to which the reviewed 
audit organization is being held; 
d. for modified or adverse opinions, [footnote not shown] a description 
of reasons for the modification or adverse opinion, along with a 
detailed description of the findings and recommendations, in the peer 
review report, to enable the reviewed audit organization to take 
appropriate actions; and; 
e. reference to a separate letter of comments, if such a letter is 
issued; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
External Peer Review; 
3.60: The peer review team should meet the following criteria: 
a. The review team collectively has current knowledge of GAGAS and 
government auditing; 
b. The organization conducting the peer review and individual review 
team members are independent (as defined in GAGAS) of the audit 
organization being reviewed, its staff, and the audits and attestation 
engagements selected for the peer review; 
c. The review team collectively has sufficient knowledge of how to 
perform a peer review. Such knowledge may be obtained from on-the-job 
training, training courses, or a combination of both. Having personnel 
on the peer review team with prior experience on a peer review or 
internal inspection team is desirable; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
External Peer Review; 
3.61: An external audit organization [footnote not shown] should make 
its most recent peer review report[45] publicly available; for example, 
by posting the peer review report on an external Web site or to a 
publicly available file designed for public transparency of peer review 
results. If neither of these options is available to the audit 
organization, then it should use the same transparency mechanism it 
uses to make other information public, and also provide the peer review 
report to others upon request. Internal audit organizations that report 
internally to management should provide a copy of the external peer 
review report to those charged with governance. Government audit 
organizations should also communicate the overall results and the 
availability of their external peer review reports to appropriate 
oversight bodies. 
[45] This requirement does not include the letter of comment; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
External Peer Review; 
3.62:...audit organizations seeking to enter into a contract to perform 
an audit or attestation engagement in accordance with GAGAS should 
provide the following to the party contracting for such services: 
a. the audit organization's most recent peer review report and any 
letter of comment, and; 
b. any subsequent peer review reports and letters of comment received 
during the period of the contract; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Types of GAGAS Audits and Attestation Engagements; 
3.63:...Auditors who are using another audit organization's work should 
request a copy of the audit organization's latest peer review report 
and any letter of comment, and the audit organization should provide 
these documents when requested...; 
Must: [Check]; 
Should: [Empty]. 

Chapter 4 - Field Work Standards for Financial Audits; 
Additional Government Auditing Standards; 
Audit Documentation; 
4.22: Audit organizations should establish policies and procedures for 
the safe custody and retention of audit documentation for a time 
sufficient to satisfy legal, regulatory, and administrative 
requirements for record retention...For audit documentation that is 
retained electronically, the audit organization should establish 
information systems controls concerning accessing and updating the 
audit documentation; 
Must: [Check]; 
Should: [Empty]. 

Chapter 4 - Field Work Standards for Financial Audits; 
Additional Government Auditing Standards; 
Audit Documentation; 
4.24: Audit organizations should develop policies to deal with requests 
by outside parties to obtain access to audit documentation, especially 
when an outside party attempts to obtain information indirectly through 
the auditor rather than directly from the audited entity. In developing 
such policies, audit organizations should determine what laws and 
regulations apply, if any; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Distributing Reports; 
5.44: Distribution of reports completed under GAGAS depends on the 
relationship of the auditors to the audited organization and the nature 
of the information contained in the report. If the subject of the audit 
involves material that is classified for security purposes or contains 
confidential or sensitive information, auditors may limit the report 
distribution. Auditors should document any limitation on report 
distribution. The following discussion outlines distribution for 
reports completed under GAGAS: [One of the following will apply 
depending on the type of audit organization.]; 
a. Audit organizations in government entities should distribute audit 
reports to those charged with governance, to the appropriate officials 
of the audited entity, and to the appropriate oversight bodies or 
organizations requiring or arranging for the audits. As appropriate, 
auditors should also distribute copies of the reports to other 
officials who have legal oversight authority or who may be responsible 
for acting on audit findings and recommendations, and to others 
authorized to receive such reports; 
b. Internal audit organizations in government entities may follow the 
Institute of Internal Auditors (IIA) International Standards for the 
Professional Practice of Internal Auditing. Under GAGAS and IIA 
standards, the head of the internal audit organization should 
communicate results to the parties who can ensure that the results are 
given due consideration. If not otherwise mandated by statutory or 
regulatory requirements, prior to releasing results to parties outside 
the organization, the head of the internal audit organization should: 
(1) assess the potential risk to the organization, (2) consult with 
senior management and/or legal counsel as appropriate, and (3) control 
dissemination by indicating the intended users in the report; 
c. Public accounting firms contracted to perform an audit under GAGAS 
should clarify report distribution responsibilities with the engaging 
organization. If the contracted firm is to make the distribution, it 
should reach agreement with the party contracting for the audit about 
which officials or organizations will receive the report and the steps 
being taken to make the report available to the public; 
Must: [Check]; 
Should: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Additional Government Auditing Standards; 
Attest Documentation; 
6.24: Audit organizations should establish policies and procedures for 
the safe custody and retention of documentation for a time sufficient 
to satisfy legal, regulatory, and administrative requirements for 
records retention...For attest documentation that is retained 
electronically, the audit organization should establish information 
systems controls concerning accessing and updating the attest 
documentation; 
Must: [Check]; 
Should: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Additional Government Auditing Standards; 
Attest Documentation; 
6.26: Audit organizations should develop policies to deal with requests 
by outside parties to obtain access to attest documentation, especially 
when an outside party attempts to obtain information indirectly through 
the auditor rather than directly from the entity. In developing such 
policies, audit organizations should determine what laws and 
regulations apply, if any; 
Must: [Check]; 
Should: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Distributing Reports; 
6.56: Distribution of reports completed under GAGAS depends on the 
relationship of the auditors to the entity and the nature of the 
information contained in the report. If the subject matter or the 
assertion involves material that is classified for security purposes or 
contains confidential or sensitive information, auditors may limit the 
report distribution. Auditors should document any limitation on report 
distribution. The following discussion outlines distribution for 
reports completed under GAGAS: [One of the following will apply 
depending on the type of audit organization.]; 
a. Audit organizations in government entities should distribute reports 
to those charged with governance, to the appropriate entity officials, 
and to the appropriate oversight bodies or organizations requiring or 
arranging for the engagements. As appropriate, auditors should also 
distribute copies of the reports to other officials who have legal 
oversight authority or who may be responsible for acting on engagement 
findings and recommendations, and to others authorized to receive such 
reports; 
b. Internal audit organizations in government entities may follow the 
Institute of Internal Auditors (IIA) International Standards for the 
Professional Practice of Internal Auditing. Under GAGAS and IIA 
standards, the head of the internal audit organization should 
communicate results to the parties who can ensure that the results are 
given due consideration. If not otherwise mandated by statutory or 
regulatory requirements, prior to releasing results to parties outside 
the organization, the head of the internal audit organization should: 
(1) assess the potential risk to the organization, (2) consult with 
senior management and/or legal counsel as appropriate, and (3) control 
dissemination by indicating the intended users in the report; 
c. Public accounting firms contracted to perform an engagement under 
GAGAS should clarify report distribution responsibilities with the 
engaging organization. If the contracting firm is to make the 
distribution, it should reach agreement with the party contracting for 
the engagement about which officials or organizations will receive the 
report and the steps being taken to make the report available to the 
public; 
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Audit Documentation; 
7.82: Audit organizations should establish policies and procedures for 
the safe custody and retention of audit documentation for a time 
sufficient to satisfy legal, regulatory, and administrative 
requirements for records retention...For audit documentation that is 
retained electronically, the audit organization should establish 
information systems controls concerning accessing and updating the 
audit documentation; 
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Audit Documentation; 
7.84: Audit organizations should develop policies to deal with requests 
by outside parties to obtain access to audit documentation, especially 
when an outside party attempts to obtain information indirectly through 
the auditor rather than directly from the audited entity. In developing 
such policies, audit organizations should determine what laws and 
regulations apply, if any; 
Must: [Check]; 
Should: [Empty]. 

Chapter 8 - Reporting Standards for Performance Audits. 
Distributing Reports; 
8.43: Distribution of reports completed under GAGAS depends on the 
relationship of the auditors to the audited organization and the nature 
of the information contained in the report. If the subject of the audit 
involves material that is classified for security purposes or contains 
confidential or sensitive information, auditors may limit the report 
distribution. … Auditors should document any limitation on report 
distribution. The following discussion outlines distribution for 
reports completed under GAGAS: [One of the following will apply 
depending on the type of audit organization.]; 
a. Audit organizations in government entities should distribute audit 
reports to those charged with governance, to the appropriate officials 
of the audited entity, and to the appropriate oversight bodies or 
organizations requiring or arranging for the audits. As appropriate, 
auditors should also distribute copies of the reports to other 
officials who have legal oversight authority or who may be responsible 
for acting on audit findings and recommendations, and to others 
authorized to receive such reports; 
b. Internal audit organizations in government entities may follow the 
Institute of Internal Auditors (IIA) International Standards for the 
Professional Practice of Internal Auditing. Under GAGAS and IIA 
standards, the head of the internal audit organization should 
communicate results to parties who can ensure that the results are 
given due consideration. If not otherwise mandated by statutory or 
regulatory requirements, prior to releasing results to parties outside 
the organization, the head of the internal audit organization should: 
(1) assess the potential risk to the organization, (2) consult with 
senior management and/or legal counsel as appropriate, and (3) control 
dissemination by indicating the intended users of the report; 
c. Public accounting firms contracted to perform an audit under GAGAS 
should clarify report distribution responsibilities with the engaging 
organization. If the contracted firm is to make the distribution, it 
should reach agreement with the party contracting for the audit about 
which officials or organizations will receive the report and the steps 
being taken to make the report available to the public; 
Must: [Check]; 
Should: [Empty]. 

Specific Requirements for Financial Audits: 

GAGAS incorporate the AICPA field work and reporting standards and the 
related Statements on Auditing Standards (SAS). The requirements listed 
in this professional requirements tool for financial audits represent 
the supplemental GAGAS requirements for financial audits. In addition 
to the requirements contained in this tool, documentation of compliance 
with the requirements in the AICPA field work and reporting standards 
is required for financial audits conducted in accordance with GAGAS. 
Auditors are advised to refer to the entire text of both GAGAS and the 
AICPA field work and reporting standards and the related Statements on 
Auditing Standards to obtain a comprehensive understanding of all the 
requirements for financial audits conducted in accordance with GAGAS. 
See paragraph 4.01a. 

Chapter 1 - Use and Application of GAGAS; 
Stating Compliance with GAGAS in the Auditors' Report; 
1.11 When auditors are required to follow GAGAS or are representing to 
others that they followed GAGAS, they should follow all applicable 
GAGAS requirements and should refer to compliance with GAGAS in the 
auditors' report as set forth in paragraphs 1.12 and 1.13; 
Must: [Check]; 
Should: [Empty]. 

Chapter 1 - Use and Application of GAGAS; 
Stating Compliance with GAGAS in the Auditors' Report; 
1.12: Auditors should include one of the following types of GAGAS 
compliance statements in reports on GAGAS audits and attestation 
engagements, as appropriate. [Footnote not shown.]; a. Unmodified GAGAS 
compliance statement: Stating that the auditor performed the audit or 
attestation engagement in accordance with GAGAS. Auditors should 
include an unmodified GAGAS compliance statement in the audit report 
when they have (1) followed all applicable unconditional and 
presumptively mandatory GAGAS requirements, or (2) have followed all 
unconditional requirements and documented justification for any 
departures from applicable presumptively mandatory requirements, and 
have achieved the objectives of those requirements through other means; 
b. Modified GAGAS compliance statement: Stating either that (1) the 
auditor performed the audit or attestation engagement in accordance 
with GAGAS, except for specific applicable requirements that were not 
followed or, (2) because of the significance of the departure(s) from 
the requirements, the auditor was unable to and did not perform the 
audit or attestation engagement in accordance with GAGAS. Situations 
when auditors use modified compliance statements include scope 
limitations, such as restrictions on access to records, government 
officials, or other individuals needed to conduct the audit. When 
auditors use a modified GAGAS statement, they should disclose in the 
report the applicable requirement(s) not followed, the reasons for not 
following the requirement(s), and how not following the requirements 
affected, or could have affected, the audit and the assurance provided; 
Must: [Check]; 
Should: [Empty]. 

Chapter 1 - Use and Application of GAGAS; 
Stating Compliance with GAGAS in the Auditors' Report; 
1.13: When auditors do not comply with any applicable requirements, 
they should (1) assess the significance of the noncompliance to the 
audit objectives, (2) document the assessment, along with their reasons 
for not following the requirement, and (3) determine the type of GAGAS 
compliance statement. [Footnote not shown.] The auditors' determination 
will depend on the significance of the requirements not followed in 
relation to the audit objectives; 
Must: [Check]; 
Should: [Empty]. 

Chapter 1 - Use and Application of GAGAS; 
Relationship between GAGAS and Other Professional Standards; 
1.14: Auditors may use GAGAS in conjunction with professional standards 
issued by other authoritative bodies. Auditors may also cite the use of 
other standards in their audit reports, as appropriate. If the auditor 
is citing compliance with GAGAS and inconsistencies exist between GAGAS 
and other standards cited, the auditor should use GAGAS as the 
prevailing standard for conducting the audit and reporting the results; 
Must: [Check]; 
Should: [Empty]. 

Chapter 1 - Use and Application of GAGAS; 
Types of GAGAS Audits and Attestation Engagements; 
1.19: In some audits and attestation engagements, the standards 
applicable to the specific audit objective will be apparent...However, 
some engagements may have multiple or overlapping objectives...In cases 
in which there is a choice between applicable standards, auditors 
should evaluate users' needs and the auditors' knowledge, skills, and 
experience in deciding which standards to follow; 
Must: [Check]; 
Should: [Empty]. 

Chapter 1 - Use and Application of GAGAS; 
Professional Services Other Than Audits (Nonaudit Services) Provided by 
Audit Organizations; 
1.33: GAGAS do not cover professional services other than audits or 
attestation engagements (nonaudit services). … Therefore, auditors must 
not report that the nonaudit services were conducted in accordance with 
GAGAS. When performing nonaudit services for an entity for which the 
audit organization performs a GAGAS audit or attestation engagement, 
audit organizations should communicate, as appropriate, with requestors 
and those charged with governance to clarify that the scope of work 
performed does not constitute an audit under GAGAS; 
Must: [Empty]; 
Should: [Check]. 

Chapter 3 - General Standards; 
Independence; 
3.02: In all matters relating to the audit work, the audit organization 
and the individual auditor, whether government or public, must be free 
from personal, external, and organizational impairments to 
independence, and must avoid the appearance of such impairments of 
independence; 
Must: [Empty]; 
Should: [Check]. 

Chapter 3 - General Standards; 
Independence; 
3.03: Auditors and audit organizations must maintain independence so 
that their opinions, findings, conclusions, judgments, and 
recommendations will be impartial and viewed as impartial by objective 
third parties with knowledge of the relevant information. Auditors 
should avoid situations that could lead objective third parties with 
knowledge of the relevant information to conclude that the auditors are 
not able to maintain independence and thus are not capable of 
exercising objective and impartial judgment on all issues associated 
with conducting the audit and reporting on the work; 
Must: [Empty]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Independence; 
3.04: When evaluating whether independence impairments exist either in 
fact or appearance with respect to the entities for which audit 
organizations perform audits or attestation engagements, auditors and 
audit organizations must take into account the three general classes of 
impairments to independence--personal, external, and organizational. 
[Footnote not shown.] If one or more of these impairments affects or 
can be perceived to affect independence, the audit organization (or 
auditor) should decline to perform the work--except in those situations 
in which an audit organization in a government entity, because of a 
legislative requirement or for other reasons, cannot decline to perform 
the work, in which case the government audit organization must disclose 
the impairment(s) and modify the GAGAS compliance statement...; 
Must: [Empty]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Independence; 
3.05: When auditors use the work of a specialist, [footnote not shown] 
auditors should assess the specialist's ability to perform the work and 
report results impartially as it relates to their relationship with the 
program or entity under audit. If the specialist's independence is 
impaired, auditors should not use the work of that specialist; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Personal Impairments; 
3.07: Auditors participating on an audit assignment must be free from 
personal impairments to independence. [Footnote not shown.] Personal 
impairments of auditors result from relationships or beliefs that might 
cause auditors to limit the extent of the inquiry, limit disclosure, or 
weaken or slant audit findings in any way. Individual auditors should 
notify the appropriate officials within their audit organizations if 
they have any personal impairment to independence...; 
Must: [Empty]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Organizational Independence; 
Organizational Independence When Performing Nonaudit Services; 
Nonaudit Services That Would Not Impair Independence if Supplemental 
Safeguards Are Implemented; 
3.28: Services that do not impair the audit organization's independence 
with respect to the entities they audit so long as they comply with 
supplemental safeguards include the following: 
a. providing basic accounting assistance limited to services such as 
preparing draft financial statements that are based on management's 
chart of accounts and trial balance and any adjusting, correcting, and 
closing entries that have been approved by management; preparing draft 
notes to the financial statements based on information determined and 
approved by management; … (If the audit organization has prepared draft 
financial statements and notes and performed the financial statement 
audit, the auditor should obtain documentation from management in which 
management acknowledges the audit organization's role in preparing the 
financial statements and related notes and management's review, 
approval, and responsibility for the financial statements and related 
notes in the management representation letter...); 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Professional Judgment; 
3.31: Auditors must use professional judgment in planning and 
performing audits and attestation engagements and in reporting the 
results; 
Must: [Empty]; 
Should: [Check]. 

Chapter 3 - General Standards; 
Professional Judgment; 
3.38: Auditors should document significant decisions affecting the 
audit objectives, scope, and methodology; findings; conclusions; and 
recommendations resulting from professional judgment; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Competence; 
3.40: The staff assigned to perform the audit or attestation engagement 
must collectively possess adequate professional competence for the 
tasks required; 
Must: [Empty]; 
Should: [Check]. 

Chapter 3 - General Standards; 
Technical Knowledge and Competence; 
3.43: The staff assigned to conduct an audit or attestation engagement 
under GAGAS must collectively possess the technical knowledge, skills, 
and experience necessary to be competent for the type of work being 
performed before beginning work on that assignment. The staff assigned 
to a GAGAS audit or attestation engagement should collectively possess; 
a. knowledge of GAGAS applicable to the type of work they are assigned 
and the education, skills, and experience to apply this knowledge to 
the work being performed; 
b. general knowledge of the environment in which the audited entity 
operates and the subject matter under review; 
c. skills to communicate clearly and effectively, both orally and in 
writing; and; 
d. skills appropriate for the work being performed. For example, staff 
or specialist skills in; 
(1) statistical sampling if the work involves use of statistical 
sampling; 
(2) information technology if the work involves review of information 
systems; 
(3) engineering if the work involves review of complex engineering 
data; 
(4) specialized audit methodologies or analytical techniques, such as 
the use of complex survey instruments, actuarial-based estimates, or 
statistical analysis tests, as applicable; or; 
(5) specialized knowledge in subject matters, such as scientific, 
medical, environmental, educational, or any other specialized subject 
matter, if the work calls for such expertise; 
Must: [Empty]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Additional Qualifications for Financial Audits and Attestation 
Engagements; 
3.44: Auditors performing financial audits should be knowledgeable in 
generally accepted accounting principles (GAAP), the American Institute 
of Certified Public Accountants (AICPA) generally accepted auditing 
standards for field work and reporting and the related Statements on 
Auditing Standards (SAS), and the application of these standards. Also, 
if auditors use GAGAS in conjunction with any other standards, they 
should be knowledgeable and competent in applying those standards. 
Auditors engaged to perform financial audits or attestation engagements 
should be licensed certified public accountants or persons working for 
a licensed certified public accounting firm or a government audit 
organization. [Footnote not shown.]; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Continuing Professional Education; 
3.46: Auditors performing work under GAGAS, including planning, 
directing, performing field work, or reporting on an audit or 
attestation engagement under GAGAS, should maintain their professional 
competence through continuing professional education (CPE). Therefore, 
each auditor performing work under GAGAS should complete, every 2 
years, at least 24 hours of CPE that directly relates to government 
auditing, the government environment, or the specific or unique 
environment in which the audited entity operates. For auditors who are 
involved in any amount of planning, directing, or reporting on GAGAS 
assignments and those auditors who are not involved in those activities 
but charge 20 percent or more of their time annually to GAGAS 
assignments should also obtain at least an additional 56 hours of CPE 
(for a total of 80 hours of CPE in every 2-year period) that enhances 
the auditor's professional proficiency to perform audits or attestation 
engagements. Auditors required to take the total 80 hours of CPE should 
complete at least 20 hours of CPE in each year of the 2-year period; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Continuing Professional Education; 
3.49: External specialists assisting in performing a GAGAS assignment 
should be qualified and maintain professional competence in their areas 
of specialization but are not required to meet the GAGAS CPE 
requirements described. However, auditors who use the work of external 
specialists should assess the professional qualifications of such 
specialists and document their findings and conclusions. Internal 
specialists who are part of the audit organization and perform as a 
member of the audit team should comply with GAGAS, including the CPE 
requirements; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Quality Control and Assurance; 
External Peer Review; 
3.63: Auditors who are using another audit organization's work should 
request a copy of the audit organization's latest peer review report 
and any letter of comment, and the audit organization should provide 
these documents when requested...; 
Must: [Check]; 
Should: [Empty]. 

Chapter 4 - Field Work Standards for Financial Audits; 
Introduction;  
4.01: This chapter establishes field work standards and provides 
guidance for financial audits conducted in accordance with generally 
accepted government auditing standards (GAGAS). This chapter identifies 
the American Institute of Certified Public Accountants (AICPA) field 
work standards and prescribes additional standards for financial audits 
performed in accordance with GAGAS; 
a. For financial audits, GAGAS incorporate the AICPA field work and 
reporting standards and the related statements on auditing standards 
(SAS) unless specifically excluded or modified by GAGAS; 
b. Under AICPA standards and GAGAS, auditors must plan and perform the 
audit to obtain sufficient appropriate audit evidence so that audit 
risk will be limited to a low level that is, in his or her professional 
judgment, appropriate for expressing an opinion on the financial 
statements. The high, but not absolute, level of assurance that is 
intended to be obtained by auditors is expressed in the auditor's 
report as obtaining reasonable assurance about whether the financial 
statements are free of material misstatement (whether caused by error 
or fraud). Absolute assurance is not attainable because of the nature 
of audit evidence and the characteristics of fraud. Therefore, an audit 
conducted in accordance with generally accepted auditing standards may 
not detect a material misstatement; 
Must: [Empty]; 
Should: [Check]. 

Chapter 4 - Field Work Standards for Financial Audits; 
AICPA Field Work Standards; 
4.03 The three AICPA generally accepted standards of field work are as 
follows: [Footnote not shown.]; 
[Documentation of compliance with the field work requirements in the 
AICPA standards and the related statements on auditing standards (SAS) 
is required for financial audits conducted in accordance with GAGAS. 
These AICPA standards and SAS contain requirements in addition to the 
requirements in 4.03 a-c below. Use of a checklist for the AICPA 
standards may be helpful for auditors to ensure compliance with these 
standards.]; 
Must: [Check]; 
Should: [Check]. 

Chapter 4 - Field Work Standards for Financial Audits; 
AICPA Field Work Standards; 
a. The auditor must adequately plan the work and must properly 
supervise any assistants; 
Must: [Empty]; 
Should: [Check]. 

Chapter 4 - Field Work Standards for Financial Audits; 
AICPA Field Work Standards; 
b. The auditor must obtain a sufficient understanding of the entity and 
its environment, including its internal control, to assess the risk of 
material misstatement of the financial statements whether due to error 
or fraud, and to design the nature, timing, and extent of further audit 
procedures; 
Must: [Empty]; 
Should: [Check]. 

Chapter 4 - Field Work Standards for Financial Audits; 
AICPA Field Work Standards; 
c. The auditor must obtain sufficient appropriate audit evidence by 
performing audit procedures to afford a reasonable basis for an opinion 
regarding the financial statements under audit; 
Must: [Empty]; 
Should: [Check]. 

Chapter 4 - Field Work Standards for Financial Audits; 
Additional Government Auditing Standards; 
4.04: GAGAS establish field work standards for financial audits in 
addition to the requirements contained in the AICPA standards. Auditors 
should comply with these additional standards when citing GAGAS in 
their audit reports. The additional government auditing standards 
relate to: 
a. auditor communication during planning (see paragraphs 4.05 through 
4.08); 
b. previous audits and attestation engagements (see paragraph 4.09); 
c. detecting material misstatements resulting from violations of 
provisions of contracts or grant agreements, or from abuse (see 
paragraphs 4.10 through 4.13); 
d. developing elements of a finding (see paragraphs 4.14 through 4.18); 
and; 
e. audit documentation (see paragraphs 4.19 through 4.24); 
Must: [Check]; 
Should: [Empty]. 

Chapter 4 - Field Work Standards for Financial Audits; 
Auditor Communication During Planning; 
4.05: Under AICPA standards and GAGAS, auditors should communicate with 
the audited entity their understanding of the services to be performed 
for each engagement and document that understanding through a written 
communication. [Footnote not shown.] GAGAS broaden the parties included 
in the communication and the items for the auditors to communicate; 
Must: [Check]; 
Should: [Empty]. 

Chapter 4 - Field Work Standards for Financial Audits; 
Auditor Communication During Planning; 
4.06: Under GAGAS, when planning the audit, auditors should communicate 
certain information in writing to management of the audited entity, 
those charged with governance, [footnote not shown] and to the 
individuals contracting for or requesting the audit. When auditors 
perform the audit pursuant to a law or regulation or they conduct the 
work for the legislative committee that has oversight of the audited 
entity, auditors should communicate with the legislative committee. In 
those situations where there is not a single individual or group that 
both oversees the strategic direction of the entity and the fulfillment 
of its accountability obligations or in other situations where the 
identity of those charged with governance is not clearly evident, 
auditors should document the process followed and conclusions reached 
for identifying the appropriate individuals to receive the required 
auditor communications. Auditors should communicate the following 
additional information under GAGAS: 
a. The nature of planned work and level of assurance to be provided 
related to internal control over financial reporting and compliance 
with laws, regulations, and provisions of contracts or grant 
agreements; 
b. Any potential restriction on the auditors' reports, in order to 
reduce the risk that the needs or expectations of the parties involved 
may be misinterpreted; 
Must: [Check]; 
Should: [Empty]. 

Chapter 4 - Field Work Standards for Financial Audits; 
Auditor Communication During Planning; 
4.08: If an audit is terminated before it is completed and an audit 
report is not issued, auditors should document the results of the work 
to the date of termination and why the audit was terminated...; 
Must: [Check]; 
Should: [Empty]. 

Chapter 4 - Field Work Standards for Financial Audits; 
Previous Audits and Attestation Engagements; 
4.09: Auditors should evaluate whether the audited entity has taken 
appropriate corrective action to address findings and recommendations 
from previous engagements that could have a material effect on the 
financial statements. When planning the audit, auditors should ask 
management of the audited entity to identify previous audits, 
attestation engagements, and other studies that directly relate to the 
objectives of the audit, including whether related recommendations have 
been implemented. Auditors should use this information in assessing 
risk and determining the nature, timing, and extent of current audit 
work, including determining the extent to which testing the 
implementation of the corrective actions is applicable to the current 
audit objectives; 
Must: [Check]; 
Should: [Empty]. 

Chapter 4 - Field Work Standards for Financial Audits; 
Detecting Material Misstatements Resulting from Violations of 
Provisions of Contracts or Grant Agreements, or from Abuse; 
4.10: Auditors should design the audit to provide reasonable assurance 
of detecting misstatements that result from violations of provisions of 
contracts or grant agreements and could have a direct and material 
effect on the determination of financial statement amounts or other 
financial data significant to the audit objectives; 
Must: [Check]; 
Should: [Empty]. 

Chapter 4 - Field Work Standards for Financial Audits; 
Detecting Material Misstatements Resulting from Violations of 
Provisions of Contracts or Grant Agreements, or from Abuse; 
4.11: If specific information comes to the auditors' attention that 
provides evidence concerning the existence of possible violations of 
provisions of contracts or grant agreements that could have a material 
indirect effect on the financial statements, the auditors should apply 
audit procedures specifically directed to ascertaining whether such 
violations have occurred When the auditors conclude that a violation of 
provisions of contracts or grant agreements has or is likely to have 
occurred, they should determine the effect on the financial statements 
as well as the implications for other aspects of the audit; 
Must: [Check]; 
Should: [Empty]. 

Chapter 4 - Field Work Standards for Financial Audits; 
Detecting Material Misstatements Resulting from Violations of 
Provisions of Contracts or Grant Agreements, or from Abuse; 
4.13: If during the course of the audit, auditors become aware of abuse 
that could be quantitatively or qualitatively material to the financial 
statements, auditors should apply audit procedures specifically 
directed to ascertain the potential effect on the financial statements 
or other financial data significant to the audit objectives...; 
Must: [Check]; 
Should: [Empty]. 

Chapter 4 - Field Work Standards for Financial Audits; 
Developing Elements of a Finding; 
4.14:... When auditors identify deficiencies, auditors should plan and 
perform procedures to develop the elements of the findings that are 
relevant and necessary to achieve the audit objectives...; 
Must: [Check]; 
Should: [Empty]. 

Chapter 4 - Field Work Standards for Financial Audits; 
Audit Documentation; 
4.19: Under AICPA standards and GAGAS, auditors must prepare audit 
documentation in connection with each audit in sufficient detail to 
provide a clear understanding of the work performed (including the 
nature, timing, extent, and results of audit procedures performed), the 
audit evidence obtained and its source, and the conclusions reached. 
[Footnote not shown.] Under AICPA standards and GAGAS, auditors should 
prepare audit documentation that enables an experienced auditor, 
[footnote not shown] having no previous connection to the audit, to 
understand: 
a. the nature, timing, and extent of auditing procedures performed to 
comply with GAGAS and other applicable standards and requirements; 
b. the results of the audit procedures performed and the audit evidence 
obtained; 
c. the conclusions reached on significant matters; and; 
d. that the accounting records agree or reconcile with the audited 
financial statements or other audited information; 
Must: [Check]; 
Should: [Empty]. 

Chapter 4 - Field Work Standards for Financial Audits; 
Audit Documentation; 
4.20 Under GAGAS, auditors also should document, before the audit 
report is issued, evidence of supervisory review of the work performed 
that supports findings, conclusions, and recommendations contained in 
the audit report; 
Must: [Check]; 
Should: [Empty]. 

Chapter 4 - Field Work Standards for Financial Audits; 
Audit Documentation; 
4.21: When auditors do not comply with applicable GAGAS requirements 
due to law, regulation, scope limitations, restrictions on access to 
records, or other issues impacting the audit, the auditors should 
document the departure from the GAGAS requirements and the impact on 
the audit and on the auditors' conclusions. This applies to departures 
from both mandatory requirements and presumptively mandatory 
requirements where alternative procedures performed in the 
circumstances were not sufficient to achieve the objectives of the 
standard...; 
Must: [Check]; 
Should: [Empty]. 

Chapter 4 - Field Work Standards for Financial Audits; 
Audit Documentation; 
4.23 ...Subject to applicable laws and regulations, auditors should 
make appropriate individuals, as well as audit documentation, available 
upon request and in a timely manner to other auditors or reviewers to 
satisfy these objectives...; 
Must: [Check]; 
Should: [Empty]. 

Chapter 4 - Field Work Standards for Financial Audits; 
Additional Considerations for GAGAS Financial Audits; 
Consideration of Fraud and Illegal Acts; 
4.27: Under both the AICPA standards [footnote not shown] and GAGAS, 
auditors should plan and perform the audit to obtain reasonable 
assurance about whether the financial statements are free of material 
misstatement, whether caused by error or fraud. [Footnote not 
shown.]...; 
Must: [Check]; 
Should: [Empty]. 

Chapter 4 - Field Work Standards for Financial Audits; 
Additional Considerations for GAGAS Financial Audits; 
Consideration of Fraud and Illegal Acts; 
4.28: Under both the AICPA standards [footnote not shown] and GAGAS, 
auditors should design the audit to provide reasonable assurance of 
detecting material misstatements resulting from illegal acts that could 
have a direct and material effect on the financial statements. 
[Footnote not shown.] If specific information comes to the auditors' 
attention that provides evidence concerning the existence of possible 
illegal acts [footnote not shown] that could have a material indirect 
effect on the financial statements, the auditors should apply audit 
procedures specifically directed to ascertaining whether an illegal act 
has occurred. When an illegal act has or is likely to have occurred, 
auditors should determine the effect on the financial statements as 
well as the implications for other aspects of the audit; 
Must: [Check]; 
Should: [Empty]. 

Chapter 4 - Field Work Standards for Financial Audits; 
Additional Considerations for GAGAS Financial Audits; 
Ongoing Investigations or Legal Proceedings; 
4.29: ...When investigations or legal proceedings are initiated or in 
process, auditors should evaluate the impact on the current audit. In 
some cases, it may be appropriate for the auditors to work with 
investigators and/or legal authorities, or withdraw from or defer 
further work on the audit engagement or a portion of the engagement to 
avoid interfering with an investigation; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
AICPA Reporting Standards; 
5.03: The four AICPA generally accepted standards of reporting 
[footnote not shown] are as follows: 
[Documentation of compliance with the reporting requirements in the 
AICPA standards and the related statements on auditing standards (SAS) 
is required for financial audits conducted in accordance with GAGAS. 
These AICPA standards and SAS contain requirements in addition to the 
requirements in 5.03 a-d below. Use of a checklist for the AICPA 
standards may be helpful for auditors to ensure compliance with these 
standards.]; 
Must: [Check]; 
Should: [Check]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Considerations for GAGAS Financial Audits; 
AICPA Reporting Standards; 
a. The auditor must state in the auditor's report whether the financial 
statements are presented in accordance with generally accepted 
accounting principles (GAAP); 
Must: [Empty]; 
Should: [Check]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Considerations for GAGAS Financial Audits; 
AICPA Reporting Standards; 
b. The auditor must identify in the auditor's report those 
circumstances in which such principles have not been consistently 
observed in the current period in relation to the preceding period; 
Must: [Empty]; 
Should: [Check]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Considerations for GAGAS Financial Audits; 
AICPA Reporting Standards; 
c. When the auditor determines that informative disclosures are not 
reasonably adequate, the auditor must so state in the auditor's report; 
Must: [Empty]; 
Should: [Check]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Considerations for GAGAS Financial Audits; 
AICPA Reporting Standards; 
d. The auditor must either express an opinion regarding the financial 
statements, taken as a whole, or state that an opinion cannot be 
expressed, in the auditor's report. When the auditor cannot express an 
overall opinion, the auditor should state the reasons therefor in the 
auditor's report. In all cases where an auditor's name is associated 
with financial statements, the auditor should clearly indicate the 
character of the auditor's work, if any, and the degree of 
responsibility the auditor is taking in the auditor's report; 
Must: [Empty]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
5.04: GAGAS establish reporting standards for financial audits in 
addition to the standards contained in the AICPA standards. Auditors 
should comply with these additional standards when citing GAGAS in 
their audit reports. The additional government auditing standards 
relate to: 
a. reporting auditors' compliance with GAGAS (see paragraphs 5.05 and 
5.06); 
b. reporting on internal control and compliance with laws, regulations, 
and provisions of contracts or grant agreements (see paragraphs 5.07 
through 5.09); 
c. reporting deficiencies in internal control, fraud, illegal acts, 
violations of provisions of contracts or grant agreements, and abuse 
(see paragraphs 5.10 through 5.22); 
d. communicating significant matters in the auditors' report (see 
paragraphs 5.23 through 5.25); 
e. reporting on the restatement of previously-issued financial 
statements (see paragraphs 5.26 through 5.31); 
f. reporting views of responsible officials (see paragraphs 5.32 
through 5.38); 
g. reporting confidential or sensitive information (see paragraphs 5.39 
through 5.43); and; 
h. distributing reports (see paragraph 5.44); 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards;  
Reporting Auditors' Compliance with GAGAS;  
5.05: When auditors comply with all applicable GAGAS requirements, they 
should include a statement in the auditors' report that they performed 
the audit in accordance with GAGAS...; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards;  
Reporting on Internal Control and Compliance with Laws, Regulations, 
and Provisions of Contracts or Grant Agreements; 
5.07: When providing an opinion or a disclaimer on financial 
statements, auditors must also report on internal control over 
financial reporting and on compliance with laws, regulations, and 
provisions of contracts or grant agreements; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards;  
Reporting on Internal Control and Compliance with Laws, Regulations, 
and Provisions of Contracts or Grant Agreements; 
5.08: Auditors should include either in the same or in separate 
report(s) a description of the scope of the auditors' testing of 
internal control over financial reporting and compliance with laws, 
regulations, and provisions of contracts or grant agreements. If the 
auditors issue separate reports, they should include a reference to the 
separate reports in the report on financial statements. Auditors should 
state in the reports whether the tests they performed provided 
sufficient, appropriate evidence to support an opinion on the 
effectiveness of internal control over financial reporting and on 
compliance with laws, regulations, and provisions of contracts or grant 
agreements. The internal control reporting standard under GAGAS differs 
from the objective of an examination of internal control in accordance 
with the AICPA Statement on Standards for Attestation Engagements 
(SSAE), which is to express an opinion on the design or the design and 
operating effectiveness of an entity's internal control, as applicable. 
To form a basis for expressing such an opinion, the auditor must plan 
and perform the examination to obtain reasonable assurance about 
whether the entity maintained, in all material respects, effective 
internal control as of a point in time or for a specified period of 
time; 
Must: [Empty]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards;  
Reporting on Internal Control and Compliance with Laws, Regulations, 
and Provisions of Contracts or Grant Agreements; 
5.09: When auditors report separately (including separate reports bound 
in the same document) on internal control over financial reporting and 
compliance with laws and regulations and provisions of contracts or 
grant agreements, they should state in the financial statement audit 
report that they are issuing those additional reports. They should 
include a reference to the separate reports[54] and also state that the 
reports on internal control over financial reporting and compliance 
with laws and regulations and provisions of contracts or grant 
agreements are an integral part of a GAGAS audit and important for 
assessing the results of the audit. If auditors issued or intend to 
issue a management letter, they should refer to that management letter 
in the reports; 
[54] This requirement applies to financial statement audits described 
in paragraph 1.22a. It does not apply to other types of financial 
audits described in paragraph 1.22b; 
Must: [Empty]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Reporting Deficiencies in Internal Control, Fraud, Illegal Acts, 
Violations of Provisions of Contracts or Grant Agreements, and Abuse; 
5.10: For financial audits, including audits of financial statements in 
which auditors provide an opinion or disclaimer, auditors should 
report, as applicable to the objectives of the audit, and based upon 
the audit work performed, (1) significant deficiencies in internal 
control, identifying those considered to be material weaknesses; (2) 
all instances of fraud and illegal acts unless inconsequential; and (3) 
violations of provisions of contracts or grant agreements and abuse 
that could have a material effect on the financial statements. 
[Footnote not shown.]; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Deficiencies in Internal Control; 
5.11: For all financial audits, auditors should report the following 
deficiencies in internal control: 
a. Significant deficiency: a deficiency in internal control, or 
combination of deficiencies, that adversely affects the entity's 
ability to initiate, authorize, record, process, or report financial 
data reliably in accordance with GAAP such that there is more than a 
remote [footnote not shown] likelihood that a misstatement of the 
entity's financial statements that is more than inconsequential 
[footnote not shown]will not be prevented or detected. [Footnote not 
shown.]; 
b. Material weakness: a significant deficiency, or combination of 
significant deficiencies, that results in more than a remote likelihood 
that a material misstatement of the financial statements will not be 
prevented or detected; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Deficiencies in Internal Control; 
5.13: Auditors should include all significant deficiencies in the 
auditors' report on internal control over financial reporting and 
indicate those that represent material weaknesses. If (1) a significant 
deficiency is remediated before the auditors' report is issued and (2) 
the auditors obtain sufficient, appropriate evidence supporting the 
remediation of the significant deficiency, then the auditors should 
report the significant deficiency and the fact that it was remediated 
before the auditors' report was issued; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Deficiencies in Internal Control; 
5.14 Determining whether and how to communicate to officials of the 
audited entity internal control deficiencies that have an 
inconsequential effect on the financial statements is a matter of 
professional judgment. Auditors should document such communications; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Fraud, Illegal Acts, Violations of Provisions of Contracts or Grant 
Agreements, and Abuse; 
5.15 Under AICPA standards and GAGAS, auditors have responsibilities 
for detecting fraud and illegal acts that have a material effect on the 
financial statements and determining whether those charged with 
governance are adequately informed about fraud and illegal acts. GAGAS 
include additional reporting standards. When auditors conclude, based 
on sufficient, appropriate evidence, that any of the following either 
has occurred or is likely to have occurred, they should include in 
their audit report the relevant information about; 
a. fraud and illegal acts [footnote not shown] that have an effect on 
the financial statements that is more than inconsequential,; 
b. violations of provisions of contracts or grant agreements that have 
a material effect on the determination of financial statement amounts 
or other financial data significant to the audit, and; 
c. abuse that is material, either quantitatively or qualitatively...; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Fraud, Illegal Acts, Violations of Provisions of Contracts or Grant 
Agreements, and Abuse; 
5.16: When auditors detect violations of provisions of contracts or 
grant agreements or abuse that have an effect on the financial 
statements that is less than material but more than inconsequential, 
they should communicate those findings in writing to officials of the 
audited entity. Determining whether and how to communicate to officials 
of the audited entity fraud, illegal acts, violations of provisions of 
contracts or grant agreements, or abuse that is inconsequential is a 
matter of professional judgment. Auditors should document such 
communications; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Reporting Findings Directly to Parties Outside the Audited Entity; 
5.18: Auditors should report known or likely fraud, illegal acts, 
violations of provisions of contracts or grant agreements, or abuse 
directly to parties outside the audited entity in the following two 
circumstances. [Footnote not shown.]; 
a. When entity management fails to satisfy legal or regulatory 
requirements to report such information to external parties specified 
in law or regulation, auditors should first communicate the failure to 
report such information to those charged with governance. If the 
audited entity still does not report this information to the specified 
external parties as soon as practicable after the auditors' 
communication with those charged with governance, then the auditors 
should report the information directly to the specified external 
parties; 
b. When entity management fails to take timely and appropriate steps to 
respond to known or likely fraud, illegal acts, violations of 
provisions of contracts or grant agreements, or abuse that (1) is 
likely to have a material effect on the financial statements and (2) 
involves funding received directly or indirectly from a government 
agency, auditors should first report management's failure to take 
timely and appropriate steps to those charged with governance. If the 
audited entity still does not take timely and appropriate steps as soon 
as practicable after the auditors' communication with those charged 
with governance, then the auditors should report the entity's failure 
to take timely and appropriate steps directly to the funding agency; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Reporting Findings Directly to Parties Outside the Audited Entity; 
5.19: The reporting in paragraph 5.18 is in addition to any legal 
requirements to report such information directly to parties outside the 
audited entity. Auditors should comply with these requirements even if 
they have resigned or been dismissed from the audit prior to its 
completion; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Reporting Findings Directly to Parties Outside the Audited Entity; 
5.20: Auditors should obtain sufficient, appropriate evidence, such as 
confirmation from outside parties, to corroborate assertions by 
management of the audited entity that it has reported such findings in 
accordance with laws, regulations, and funding agreements. When 
auditors are unable to do so, they should report such information 
directly as discussed in paragraph 5.18; 
Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Reporting Findings Directly to Parties Outside the Audited Entity; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Presenting Findings in the Auditors' Report; 
5.21: In presenting findings such as deficiencies in internal control, 
fraud, illegal acts, violations of provisions of contracts or grant 
agreements, and abuse, auditors should develop the elements of the 
findings to the extent necessary to achieve the audit objectives...; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Presenting Findings in the Auditors' Report; 
5.22 Auditors should place their findings in perspective by describing 
the nature and extent of the issues being reported and the extent of 
the work performed that resulted in the finding. To give the reader a 
basis for judging the prevalence and consequences of these findings, 
auditors should, as applicable, relate the instances identified to the 
population or the number of cases examined and quantify the results in 
terms of dollar value or other measures, as appropriate. If the results 
cannot be projected, auditors should limit their conclusions 
appropriately; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Reporting on Restatement of Previously-Issued Financial Statements; 
5.26: AICPA Professional Standards, AU Section 561, "Subsequent 
Discovery of Facts Existing at the Date of the Auditor's Report," 
establish standards and provide guidance for situations when auditors 
become aware of new information that could have affected their report 
on previously-issued financial statements. [Footnote not shown.] Under 
AU Section 561, if auditors become aware of new information that might 
have affected their opinion on previously-issued financial 
statement(s), then the auditors should advise entity management to 
determine the potential effect(s) of the new information on the 
previously-issued financial statement(s) as soon as reasonably 
possible. Such new information may lead management to conclude that 
previously-issued financial statements were materially misstated and to 
restate and reissue the misstated financial statements. In such 
circumstances, auditors should advise management to make appropriate 
disclosure of the newly discovered facts and their impact on the 
financial statements to those who are likely to rely on the financial 
statements. [Footnote not shown.]; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Reporting on Restatement of Previously-Issued Financial Statements; 
5.27: Under GAGAS, auditors should advise management to make 
appropriate disclosures when the auditors believe that the following 
conditions exist: (1) it is likely that previously-issued financial 
statements are misstated and (2) the misstatement is or reasonably 
could be material. Under GAGAS, auditors also should perform the 
following procedures related to restated financial statements:[65]; 
[65] These additional GAGAS requirements also apply to other financial 
information on which auditors opine, such as schedules of expenditures 
of federal awards; 
a. evaluate the timeliness and appropriateness of management's 
disclosure and actions to determine and correct misstatements in 
previously-issued financial statements (see paragraph 5.28),; 
b. report on restated financial statements (see paragraphs 5.29 and 
5.30), and; 
c. report directly to appropriate officials when the audited entity 
does not take the necessary steps (see paragraph 5.31); 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Evaluate the Timeliness and Appropriateness of Management's Disclosure 
and Actions to Determine and Correct Misstatements in Previously-Issued 
Financial Statements; 
5.28: Auditors should evaluate the timeliness and appropriateness of 
management's disclosure to those who are likely to rely on the 
financial statements and management's actions to determine and correct 
misstatements in previously-issued financial statements in accordance 
with AU Sections 561.06 through 561.08. Under GAGAS, auditors also 
should evaluate whether management; 
a. acted in an appropriate time frame after new information was 
available to (1) determine the financial statement effects of the new 
information and (2) notify those who are likely to rely on the 
financial statements; 
b. disclosed the nature and extent of the known or likely material 
misstatements on Web pages where management has published the auditors' 
report on the previously-issued financial statements; and; 
c. disclosed the following information in the entity's restated 
financial statements: (1) the nature and cause(s) of the 
misstatement(s) that led to the need for restatement, (2) the specific 
amount(s) of the material misstatement(s), and (3) the related 
effect(s) on the previously-issued financial statement(s) (e.g., 
year(s) being restated, specific financial statement(s) affected and 
line items restated, actions the agency's management took after 
discovering the misstatement), and (4) the impact on the financial 
statements as a whole (e.g., change in overall net position, change in 
the audit opinion) and on key information included in the Management 
Discussion & Analysis; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Report on Restated Financial Statements; 
5.29: When management restates financial statements, auditors should 
perform audit procedures sufficient to reissue or update the auditors' 
report on the restated financial statements regardless of whether the 
restated financial statements are separately issued or presented on a 
comparative basis with those of a subsequent period. [Footnote not 
shown.] Auditors should include the following in an explanatory 
paragraph in the reissued or updated auditors' report: 
a. a statement disclosing that the previously-issued financial 
statements have been restated; 
b. a statement that (1) the previously-issued auditors' report 
(identified by report date) is not to be relied on because the 
previously-issued financial statements were materially misstated and 
(2) the previously-issued auditors' report is replaced by the auditors' 
report on the restated financial statements; 
c. a reference to the note(s) to the restated financial statements that 
discusses the restatement; and; 
d. if applicable, a reference to the report on internal control 
containing a discussion of any significant internal control deficiency 
identified by the auditors as having failed to prevent or detect the 
misstatement and any corrective action taken by management to address 
the deficiency; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Evaluate the Timeliness and Appropriateness of Management's Disclosure 
and Actions to Determine and Correct Misstatements in Previously-Issued 
Financial Statements; 
5.30: Management's failure to include appropriate disclosures, as 
discussed in paragraph 5.28c, in restated financial statements may have 
implications for the audit. In addition, auditors should include the 
omitted disclosures in the auditors' report, if practicable; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Report Directly to Appropriate Officials When the Audited Entity Does 
Not Take the Necessary Steps; 
5.31: Auditors should notify those charged with governance if entity 
management (1) does not act in an appropriate time frame after new 
information was available to determine the financial statement effects 
of the new information and take the necessary steps to timely inform 
those who are likely to rely on the financial statements and the 
related auditors' reports of the situation or (2) does not restate with 
reasonable timeliness the financial statements under circumstances in 
which auditors believe they need to be restated. Auditors should inform 
those charged with governance that the auditors will take steps to 
prevent further reliance on the auditors' report and advise them to 
notify oversight bodies and funding agencies that rely on the financial 
statements. If those charged with governance do not notify appropriate 
oversight bodies and funding agencies, then the auditors should do so. 
[Footnote not shown.]; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Reporting Views of Responsible Officials; 
5.32: If the auditors' report discloses deficiencies in internal 
control, fraud, illegal acts, violations of provisions of contracts or 
grant agreements, or abuse, auditors should obtain and report the views 
of responsible officials concerning the findings, conclusions, and 
recommendations, as well as planned corrective actions; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Reporting Views of Responsible Officials; 
5.34: When auditors receive written comments from the responsible 
officials, they should include in their report a copy of the officials' 
written comments, or a summary of the comments received. When the 
responsible officials provide oral comments only, auditors should 
prepare a summary of the oral comments and provide a copy of the 
summary to the responsible officials to verify that the comments are 
accurately stated; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Reporting Views of Responsible Officials; 
5.35: Auditors should also include in the report an evaluation of the 
comments, as appropriate...; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Reporting Views of Responsible Officials; 
5.37: When the audited entity's comments are inconsistent or in 
conflict with findings, conclusions, or recommendations in the draft 
report, or when planned corrective actions do not adequately address 
the auditors' recommendations, the auditors should evaluate the 
validity of the audited entity's comments. If the auditors disagree 
with the comments, they should explain in the report their reasons for 
disagreement. Conversely, the auditors should modify their report as 
necessary if they find the comments valid and supported with 
sufficient, appropriate evidence; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Reporting Views of Responsible Officials; 
5.38: If the audited entity refuses to provide comments or is unable to 
provide comments within a reasonable period of time, the auditors may 
issue the report without receiving comments from the audited entity. In 
such cases, the auditors should indicate in the report that the audited 
entity did not provide comments; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Reporting Confidential or Sensitive Information; 
5.39: If certain pertinent information is prohibited from public 
disclosure or is excluded from a report due to the confidential or 
sensitive nature of the information, auditors should disclose in the 
report that certain information has been omitted and the reason or 
other circumstances that makes the omission necessary; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Reporting Confidential or Sensitive Information; 
5.42: Considering the broad public interest in the program or activity 
under review assists auditors when deciding whether to exclude certain 
information from publicly available reports. When circumstances call 
for omission of certain information, auditors should evaluate whether 
this omission could distort the audit results or conceal improper or 
illegal practices; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Reporting Confidential or Sensitive Information; 
5.43: When audit organizations are subject to public records laws, 
auditors should determine whether public records laws could impact the 
availability of classified or limited use reports and determine whether 
other means of communicating with management and those charged with 
governance would be more appropriate...; 
Must: [Check]; 
Should: [Empty]. 

Chapter 5 - Reporting Standards for Financial Audits; 
Additional Government Auditing Standards; 
Distributing Reports; 
5.44: Distribution of reports completed under GAGAS depends on the 
relationship of the auditors to the audited organization and the nature 
of the information contained in the report. If the subject of the audit 
involves material that is classified for security purposes or contains 
confidential or sensitive information, auditors may limit the report 
distribution. Auditors should document any limitation on report 
distribution. The following discussion outlines distribution for 
reports completed under GAGAS: [One of the following will apply 
depending on the type of audit organization.]; 
a. Audit organizations in government entities should distribute audit 
reports to those charged with governance, to the appropriate officials 
of the audited entity, and to the appropriate oversight bodies or 
organizations requiring or arranging for the audits. As appropriate, 
auditors should also distribute copies of the reports to other 
officials who have legal oversight authority or who may be responsible 
for acting on audit findings and recommendations, and to others 
authorized to receive such reports; 
b. Internal audit organizations in government entities may follow the 
Institute of Internal Auditors (IIA) International Standards for the 
Professional Practice of Internal Auditing. Under GAGAS and IIA 
standards, the head of the internal audit organization should 
communicate results to the parties who can ensure that the results are 
given due consideration. If not otherwise mandated by statutory or 
regulatory requirements, prior to releasing results to parties outside 
the organization, the head of the internal audit organization should: 
(1) assess the potential risk to the organization, (2) consult with 
senior management and/or legal counsel as appropriate, and (3) control 
dissemination by indicating the intended users in the report; 
c. Public accounting firms contracted to perform an audit under GAGAS 
should clarify report distribution responsibilities with the engaging 
organization. If the contracted firm is to make the distribution, it 
should reach agreement with the party contracting for the audit about 
which officials or organizations will receive the report and the steps 
being taken to make the report available to the public; 
Must: [Check]; 
Should: [Empty]. 

[End of table] 

Specific Requirements for Attestation Engagements: 

GAGAS incorporate the AICPA general standard on criteria, and the field 
work and reporting standards and the related Statements on Standards 
for Attestation Engagements (SSAE). The requirements listed in this 
professional requirements tool for attestation engagements represent 
the supplemental GAGAS requirements for attestation engagements. In 
addition to the requirements contained in this tool, documentation of 
compliance with the requirements in the AICPA general standard on 
criteria and the field work and reporting standards is required for 
attestation engagements conducted in accordance with GAGAS. Auditors 
are advised to refer to the entire text of the both GAGAS and the AICPA 
general standard on criteria, and the field work and reporting 
standards and the related Statements on Standards for Attestation 
Engagements to obtain a comprehensive understanding of all the 
requirements for attestation engagements conducted in accordance with 
GAGAS. See paragraph 6.01. 
Must: [Check]; 
Should: [Empty]. 

Chapter 1 - Use and Application of GAGAS; 
Stating Compliance with GAGAS in the Auditors' Report; 
1.11: When auditors are required to follow GAGAS or are representing to 
others that they followed GAGAS, they should follow all applicable 
GAGAS requirements and should refer to compliance with GAGAS in the 
auditors' report as set forth in paragraphs 1.12 and 1.13; 
Must: [Check]; 
Should: [Empty]. 

Chapter 1 - Use and Application of GAGAS; 
Stating Compliance with GAGAS in the Auditors' Report; 
1.12: Auditors should include one of the following types of GAGAS 
compliance statements in reports on GAGAS audits and attestation 
engagements, as appropriate. [Footnote not shown.]; a. Unmodified GAGAS 
compliance statement: Stating that the auditor performed the audit or 
attestation engagement in accordance with GAGAS. Auditors should 
include an unmodified GAGAS compliance statement in the audit report 
when they have (1) followed all applicable unconditional and 
presumptively mandatory GAGAS requirements, or (2) have followed all 
unconditional requirements and documented justification for any 
departures from applicable presumptively mandatory requirements, and 
have achieved the objectives of those requirements through other means; 
b. Modified GAGAS compliance statement: Stating either that (1) the 
auditor performed the audit or attestation engagement in accordance 
with GAGAS, except for specific applicable requirements that were not 
followed or, (2) because of the significance of the departure(s) from 
the requirements, the auditor was unable to and did not perform the 
audit or attestation engagement in accordance with GAGAS. Situations 
when auditors use modified compliance statements include scope 
limitations, such as restrictions on access to records, government 
officials, or other individuals needed to conduct the audit. When 
auditors use a modified GAGAS statement, they should disclose in the 
report the applicable requirement(s) not followed, the reasons for not 
following the requirement(s), and how not following the requirements 
affected, or could have affected, the audit and the assurance provided; 
Must: [Check]; 
Should: [Empty]. 

Chapter 1 - Use and Application of GAGAS; 
Stating Compliance with GAGAS in the Auditors' Report; 
1.13: When auditors do not comply with any applicable requirements, 
they should (1) assess the significance of the noncompliance to the 
audit objectives, (2) document the assessment, along with their reasons 
for not following the requirement, and (3) determine the type of GAGAS 
compliance statement. [Footnote not shown.] The auditors' determination 
will depend on the significance of the requirements not followed in 
relation to the audit objectives; 
Must: [Check]; 
Should: [Empty]. 

Chapter 1 - Use and Application of GAGAS; 
Relationship between GAGAS and Other Professional Standards; 
1.14: Auditors may use GAGAS in conjunction with professional standards 
issued by other authoritative bodies. Auditors may also cite the use of 
other standards in their audit reports, as appropriate. If the auditor 
is citing compliance with GAGAS and inconsistencies exist between GAGAS 
and other standards cited, the auditor should use GAGAS as the 
prevailing standard for conducting the audit and reporting the results; 
Must: [Check]; 
Should: [Empty]. 

Chapter 1 - Use and Application of GAGAS; 
Types of GAGAS Audits and Attestation Engagements; 
1.19: In some audits and attestation engagements, the standards 
applicable to the specific audit objective will be apparent...However, 
some engagements may have multiple or overlapping objectives...In cases 
in which there is a choice between applicable standards, auditors 
should evaluate users' needs and the auditors' knowledge, skills, and 
experience in deciding which standards to follow; 
Must: [Check]; 
Should: [Empty]. 

Chapter 1 - Use and Application of GAGAS; 
Attestation Engagements; 
1.23: Attestation engagements can cover a broad range of financial or 
nonfinancial objectives and may provide different levels of assurance 
about the subject matter or assertion depending on the users' needs. 
Attestation engagements result in an examination, a review, or an 
agreed-upon procedures report on a subject matter or on an assertion 
about a subject matter that is the responsibility of another party. The 
three types of attestation engagements are: 
a. Examination: Consists of obtaining sufficient, appropriate evidence 
to express an opinion on whether the subject matter is based on (or in 
conformity with) the criteria in all material respects or the assertion 
is presented (or fairly stated), in all material respects, based on the 
criteria; 
b. Review: Consists of sufficient testing to express a conclusion about 
whether any information came to the auditors' attention on the basis of 
the work performed that indicates the subject matter is not based on 
(or not in conformity with) the criteria or the assertion is not 
presented (or not fairly stated) in all material respects based on the 
criteria. As stated in the AICPA SSAE, auditors should not perform 
review-level work for reporting on internal control or compliance with 
laws and regulations; 
c. Agreed-Upon Procedures: Consists of specific procedures performed on 
a subject matter; 
Must: [Check]; 
Should: [Empty]. 

Chapter 1 - Use and Application of GAGAS; 
Professional Services Other Than Audits (Nonaudit Services) Provided by 
Audit Organizations; 
1.33: GAGAS do not cover professional services other than audits or 
attestation engagements (nonaudit services). … Therefore, auditors must 
not report that the nonaudit services were conducted in accordance with 
GAGAS. When performing nonaudit services for an entity for which the 
audit organization performs a GAGAS audit or attestation engagement, 
audit organizations should communicate, as appropriate, with requestors 
and those charged with governance to clarify that the scope of work 
performed does not constitute an audit under GAGAS; 
Must: [Empty]; 
Should: [Check]. 

Chapter 3 - General Standards; 
Independence; 
3.02: In all matters relating to the audit work, the audit organization 
and the individual auditor, whether government or public, must be free 
from personal, external, and organizational impairments to 
independence, and must avoid the appearance of such impairments of 
independence; 
Must: [Empty]; 
Should: [Check]. 

Chapter 3 - General Standards; 
Independence; 
3.03: Auditors and audit organizations must maintain independence so 
that their opinions, findings, conclusions, judgments, and 
recommendations will be impartial and viewed as impartial by objective 
third parties with knowledge of the relevant information. Auditors 
should avoid situations that could lead objective third parties with 
knowledge of the relevant information to conclude that the auditors are 
not able to maintain independence and thus are not capable of 
exercising objective and impartial judgment on all issues associated 
with conducting the audit and reporting on the work; 
Must: [Empty]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Independence; 
3.04: When evaluating whether independence impairments exist either in 
fact or appearance with respect to the entities for which audit 
organizations perform audits or attestation engagements, auditors and 
audit organizations must take into account the three general classes of 
impairments to independence--personal, external, and organizational. 
[Footnote not shown.] If one or more of these impairments affects or 
can be perceived to affect independence, the audit organization (or 
auditor) should decline to perform the work--except in those situations 
in which an audit organization in a government entity, because of a 
legislative requirement or for other reasons, cannot decline to perform 
the work, in which case the government audit organization must disclose 
the impairment(s) and modify the GAGAS compliance statement...; 
Must: [Empty]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Independence; 
3.05: When auditors use the work of a specialist, [footnote not shown] 
auditors should assess the specialist's ability to perform the work and 
report results impartially as it relates to their relationship with the 
program or entity under audit. If the specialist's independence is 
impaired, auditors should not use the work of that specialist; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Personal Impairments; 
3.07: Auditors participating on an audit assignment must be free from 
personal impairments to independence. [Footnote not shown.] Personal 
impairments of auditors result from relationships or beliefs that might 
cause auditors to limit the extent of the inquiry, limit disclosure, or 
weaken or slant audit findings in any way. Individual auditors should 
notify the appropriate officials within their audit organizations if 
they have any personal impairment to independence...; 
Must: [Empty]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Professional Judgment; 
3.31: Auditors must use professional judgment in planning and 
performing audits and attestation engagements and in reporting the 
results; 
Must: [Empty]; 
Should: [Check]. 

Chapter 3 - General Standards; 
Professional Judgment; 
3.38: Auditors should document significant decisions affecting the 
audit objectives, scope, and methodology; findings; conclusions; and 
recommendations resulting from professional judgment; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Competence; 
3.40: The staff assigned to perform the audit or attestation engagement 
must collectively possess adequate professional competence for the 
tasks required; 
Must: [Empty]; 
Should: [Check]. 

Chapter 3 - General Standards; 
Technical Knowledge and Competence; 
3.43: The staff assigned to conduct an audit or attestation engagement 
under GAGAS must collectively possess the technical knowledge, skills, 
and experience necessary to be competent for the type of work being 
performed before beginning work on that assignment. The staff assigned 
to a GAGAS audit or attestation engagement should collectively possess; 
a. knowledge of GAGAS applicable to the type of work they are assigned 
and the education, skills, and experience to apply this knowledge to 
the work being performed; 
b. general knowledge of the environment in which the audited entity 
operates and the subject matter under review; 
c. skills to communicate clearly and effectively, both orally and in 
writing; and; 
d. skills appropriate for the work being performed. For example, staff 
or specialist skills in; 
(1) statistical sampling if the work involves use of statistical 
sampling; 
(2) information technology if the work involves review of information 
systems; 
(3) engineering if the work involves review of complex engineering 
data; 
(4) specialized audit methodologies or analytical techniques, such as 
the use of complex survey instruments, actuarial-based estimates, or 
statistical analysis tests, as applicable; or: 
(5) specialized knowledge in subject matters, such as scientific, 
medical, environmental, educational, or any other specialized subject 
matter, if the work calls for such expertise; 
Must: [Empty]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Additional Qualifications for Financial Audits and Attestation 
Engagements; 
3.44: Auditors performing financial audits should be knowledgeable in 
generally accepted accounting principles (GAAP), the American Institute 
of Certified Public Accountants (AICPA) generally accepted auditing 
standards for field work and reporting and the related Statements on 
Auditing Standards (SAS), and the application of these standards. Also, 
if auditors use GAGAS in conjunction with any other standards, they 
should be knowledgeable and competent in applying those standards. 
Auditors engaged to perform financial audits or attestation engagements 
should be licensed certified public accountants or persons working for 
a licensed certified public accounting firm or a government audit 
organization. [Footnote not shown.]; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Additional Qualifications for Financial Audits and Attestation 
Engagements; 
3.45: Similarly, for attestation engagements, GAGAS incorporate the 
AICPA attestation standards. Auditors should be knowledgeable in the 
AICPA general attestation standard related to criteria, the AICPA 
attestation standards for field work and reporting, and the related 
Statements on Standards for Attestation Engagements (SSAE), and they 
should be competent in applying these standards and SSAE to the task 
assigned. Also, if auditors use GAGAS in conjunction with any other 
standards, they should be knowledgeable and competent in applying those 
standards; 

Chapter 3 - General Standards; 
Continuing Professional Education; 
3.46: Auditors performing work under GAGAS, including planning, 
directing, performing field work, or reporting on an audit or 
attestation engagement under GAGAS, should maintain their professional 
competence through continuing professional education (CPE). Therefore, 
each auditor performing work under GAGAS should complete, every 2 
years, at least 24 hours of CPE that directly relates to government 
auditing, the government environment, or the specific or unique 
environment in which the audited entity operates. For auditors who are 
involved in any amount of planning, directing, or reporting on GAGAS 
assignments and those auditors who are not involved in those activities 
but charge 20 percent or more of their time annually to GAGAS 
assignments should also obtain at least an additional 56 hours of CPE 
(for a total of 80 hours of CPE in every 2-year period) that enhances 
the auditor's professional proficiency to perform audits or attestation 
engagements. Auditors required to take the total 80 hours of CPE should 
complete at least 20 hours of CPE in each year of the 2-year period; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Continuing Professional Education; 
3.49 External specialists assisting in performing a GAGAS assignment 
should be qualified and maintain professional competence in their areas 
of specialization but are not required to meet the GAGAS CPE 
requirements described. However, auditors who use the work of external 
specialists should assess the professional qualifications of such 
specialists and document their findings and conclusions. Internal 
specialists who are part of the audit organization and perform as a 
member of the audit team should comply with GAGAS, including the CPE 
requirements; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Quality Control and Assurance; 
External Peer Review; 
3.63: Auditors who are using another audit organization's work should 
request a copy of the audit organization's latest peer review report 
and any letter of comment, and the audit organization should provide 
these documents when requested...; 
Must: [Check]; 
Should: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
AICPA General and Field Work Standards for Attestation Engagements; 
6.03: The AICPA general standard related to criteria is as follows: 
The practitioner [auditor] must have reason to believe that the subject 
matter is capable of evaluation against criteria that are suitable and 
available to users. 
[Documentation of compliance with the AICPA general standard related to 
criteria is required for attestation engagements conducted in 
accordance with GAGAS. These AICPA standards and SSAE contain 
requirements in addition to the requirements in 6.03 above. Use of a 
checklist for the AICPA standards may be helpful for auditors to ensure 
compliance with these standards.]; 
Must: [Empty]; 
Should: [Check]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
AICPA General and Field Work Standards for Attestation Engagements; 
6.04: The two AICPA field work standards for attestation engagements 
are as follows: 
[Documentation of compliance with the field work requirements in the 
AICPA standards and the related statements on standards for attestation 
engagements (SSAE) is required for attestation engagements conducted in 
accordance with GAGAS. These AICPA standards and SSAE contain 
requirements in addition to the requirements in 6.04 a-b below. Use of 
a checklist for the AICPA standards may be helpful for auditors to 
ensure compliance with these standards.]; 
Must: [Check]; 
Should: [Check]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
AICPA General and Field Work Standards for Attestation Engagements; 
a. The practitioner [auditor] must adequately plan the work and must 
properly supervise any assistants; 
Must: [Empty]; 
Should: [Check]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
AICPA General and Field Work Standards for Attestation Engagements; 
b. The practitioner [auditor] must obtain sufficient evidence to 
provide a reasonable basis for the conclusion that is expressed in the 
report; 
Must: [Empty]; 
Should: [Check]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Additional Government Auditing Standards; 
6.05: GAGAS establish attestation engagement field work standards in 
addition to the requirements contained in the AICPA standards. Auditors 
should comply with these additional standards when citing GAGAS in 
their attestation engagement reports. The additional government 
auditing standards relate to; a. auditor communication during planning 
(see paragraphs 6.06 through 6.08); 
b. previous audits and attestation engagements (see paragraph 6.09); 
c. internal control (see paragraphs 6.10 through 6.12); 
d. fraud, illegal acts, violations of provisions of contracts or grant 
agreements, or abuse that could have a material effect on the subject 
matter (see paragraphs 6.13 and 6.14); 
e. developing elements of a finding (see paragraphs 6.15 through 6.19); 
and; 
f. documentation (see paragraphs 6.20 through 6.26); 
Must: [Check]; 
Empty: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Auditor Communication During Planning. 
6.06: Under AICPA standards and GAGAS, auditors should establish an 
understanding with the entity regarding the services to be performed 
for each engagement. Auditors also should obtain written acknowledgment 
or other evidence of the entity's responsibilities for the subject 
matter or the written assertion as it relates to the objectives of the 
engagement. GAGAS broaden the parties included in the communications 
during planning and contain additional items in the communications; 
Must: [Check]; 
Empty: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Auditor Communication During Planning; 
6.07: Under GAGAS, when planning the engagement, auditors should 
communicate certain information, including their understanding of the 
services to be performed for each engagement, in writing to entity 
management, those charged with governance, [footnote not shown] and to 
the individuals contracting for or requesting the engagement. When 
auditors perform the engagement pursuant to a law or regulation or they 
conduct the work for the legislative committee that has oversight of 
the entity, auditors should communicate with the legislative committee. 
In those situations where there is not a single individual or group 
that both oversees the strategic direction of the entity and the 
fulfillment of its accountability obligations or in other situations 
where the identity of those charged with governance is not clearly 
evident, the auditors should document the process followed and 
conclusions reached for identifying the appropriate individuals to 
receive the required auditor communications. Auditors should 
communicate the following additional information under GAGAS: 
a. the nature, timing, and extent of planned testing and reporting; 
b. the level of assurance the auditor will provide; and; 
c. any potential restriction on the auditors' reports, in order to 
reduce the risk that the needs or expectations of the parties involved 
may be misinterpreted; 
Must: [Check]; 
Empty: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Auditor Communication During Planning; 
6.08: If an engagement is terminated before it is completed and a 
report is not issued, auditors should document the results of the work 
to the date of termination and why the engagement was terminated...; 
Must: [Check]; 
Empty: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Previous Audits and Attestation Engagements; 
6.09: Auditors should evaluate whether the audited entity has taken 
appropriate corrective action to address findings and recommendations 
from previous engagements that could have a material effect on the 
subject matter. When planning the engagement, auditors should ask 
entity management to identify previous audits, attestation engagements, 
and other studies that directly relate to the subject matter of the 
attestation engagement being undertaken, including whether related 
recommendations have been implemented. Auditors should use this 
information in assessing risk and determining the nature, timing, and 
extent of current work, including determining the extent to which 
testing the implementation of the corrective actions is applicable to 
the current engagement objectives; 
Must: [Check]; 
Empty: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Internal Control; 
6.10: In planning examination-level attestation engagements, auditors 
should obtain a sufficient understanding of internal control that is 
material to the subject matter in order to plan the engagement and 
design procedures to achieve the objectives of the attestation 
engagement; 
Must: [Check]; 
Empty: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Internal Control; 
6.11: In planning an examination-level attestation engagement, auditors 
should obtain an understanding of internal control as it relates to the 
subject matter to which the auditors are attesting. The subject matter 
may be financial or nonfinancial...;
Must: [Check]; 
Empty: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Fraud, Illegal Acts, Violations of Provisions of Contracts or Grant 
Agreements, or Abuse That Could Have a Material Effect on the Subject 
Matter; 
6.13 :The auditors' responsibility with regard to fraud, [footnote not 
shown] illegal acts, violations of provisions of contracts or grant 
agreements, or abuse for attestation engagements performed in 
accordance with GAGAS is as follows: 
Must: [Check]; 
Empty: [Check]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Fraud, Illegal Acts, Violations of Provisions of Contracts or Grant 
Agreements, or Abuse That Could Have a Material Effect on the Subject 
Matter; 
a. Examination-level engagements: In planning, auditors should design 
the engagement to provide reasonable assurance of detecting fraud, 
illegal acts, or violations of provisions of contracts or grant 
agreements that could have a material effect on the subject matter of 
the attestation engagement. Thus, auditors should assess the risk and 
possible effects of material fraud, illegal acts, or violations of 
provisions of contracts or grant agreements on the subject matter of 
the attestation engagement. When risk factors are identified, auditors 
should document the risk factors identified, the auditors' response to 
those risk factors individually or in combination, and the auditors' 
conclusions; 
b. Review-level and agreed-upon-procedures-level engagements: If during 
the course of the engagement, information comes to the auditors' 
attention indicating that fraud, illegal acts, or violations of 
provisions of contracts or grant agreements that could have a material 
effect on the subject matter may have occurred, auditors should perform 
procedures as necessary to (1) determine if fraud, illegal acts, or 
violations of provisions of contracts or grant agreements are likely to 
have occurred and, if so, (2) determine their effect on the results of 
the attestation engagement. Auditors are not expected to provide 
assurance of detecting potential fraud, illegal acts, or violations of 
provisions of contracts or grant agreements for these types of 
engagements unless it is specified in the procedures; 
c. For all levels of attestation engagements: If during the course of 
the engagement, auditors become aware of abuse that could be 
quantitatively or qualitatively material, auditors should apply 
procedures specifically directed to ascertain the potential effect on 
the subject matter or other data significant to the engagement 
objectives....;
Must: [Check]; 
Empty: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Developing Elements of a Finding; 
6.15:...When auditors identify deficiencies, auditors should plan and 
perform procedures to develop the elements of the findings that are 
relevant and necessary to achieve the engagement objectives....;
Must: [Check]; 
Empty: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Documentation; 
6.20: Under GAGAS, auditors must prepare attest documentation in 
connection with each engagement in sufficient detail to provide a clear 
understanding of the work performed (including the nature, timing, 
extent, and results of engagement procedures performed); the evidence 
obtained and its source; and the conclusions reached....;
Must: [Empty]; 
Empty: [Check]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Documentation; 
6.21: Auditors should prepare attest documentation in sufficient detail 
to enable an experienced auditor, [footnote not shown] having no 
previous connection to the attestation engagement, to understand from 
the documentation the nature, timing, extent, and results of procedures 
performed and the evidence obtained and its source and the conclusions 
reached, including evidence that supports the auditors' significant 
judgments and conclusions. Auditors should prepare attest documentation 
that contains support for findings, conclusions, and recommendations 
before they issue their report; 
Must: [Check]; 
Empty: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Documentation; 
6.22: Auditors also should document the following for attestation 
engagements performed under GAGAS: 
a. the objectives, scope, and methodology of the attestation 
engagement; 
b. the work performed to support significant judgments and conclusions, 
including descriptions of transactions and records examined;[74]. 
[74] Auditors may meet this requirement by listing file numbers, case 
numbers, or other means of identifying specific documents they 
examined. They are not required to include copies of documents they 
examined as part of the audit documentation, nor are they required to 
list detailed information from those documents; 
c. evidence of supervisory review, before the engagement report is 
issued, of the work performed that supports findings, conclusions, and 
recommendations contained in the engagement report; and; 
d. the auditors' consideration that the planned procedures be designed 
to achieve objectives of the attestation engagement when (1) evidence 
obtained is dependent on computerized information systems, (2) such 
evidence is material to the objective of the engagement, and (3) the 
auditors are not relying on the effectiveness of internal control over 
those computerized systems that produced the evidence. Auditors should 
document (1) the rationale for determining the nature, timing, and 
extent of planned procedures; (2) the kinds and competence of available 
evidence produced outside a computerized information system, or plans 
for direct testing of data produced from a computerized information 
system; and (3) the effect on the attestation engagement report if 
evidence to be gathered does not afford a reasonable basis for 
achieving the objectives of the engagement; 
Must: [Check]; 
Empty: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Documentation; 
6.23 When auditors do not comply with applicable GAGAS requirements due 
to law, regulation, scope limitations, restrictions on access to 
records, or other issues impacting the engagement, the auditors should 
document the departure, the impact on the engagement and on the 
auditors' conclusions. This applies to departures from mandatory 
requirements and presumptively mandatory requirements where alternative 
procedures performed in the circumstances were not sufficient to 
achieve the objectives of the standard....; 
Must: [Check]; 
Empty: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Documentation;  
6.25...Subject to applicable laws and regulations, auditors should make 
appropriate individuals, as well as attest documentation, available 
upon request and in a timely manner to other auditors or reviewers to 
satisfy these objectives....;
Must: [Check]; 
Empty: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Additional Considerations for GAGAS Attestation Engagements; 
Ongoing Investigations or Legal Proceedings; 
6.29:...When investigations or legal proceedings are initiated or in 
process, auditors should evaluate the impact on the current engagement. 
In some cases, it may be appropriate for the auditors to work with 
investigators and/or legal authorities, or withdraw from or defer 
further work on the engagement or a portion of the engagement to avoid 
interfering with an investigation; 
Must: [Check]; 
Empty: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
AICPA Reporting Standards for Attestation Engagements; 
6.30: The four AICPA reporting standards that apply to all levels of 
attestation engagements are as follows: [Footnote not shown.]; 
[Documentation of compliance with the reporting requirements in the 
AICPA standards and the related statements on standards for attestation 
engagements (SSAE) is required for attestation engagements conducted in 
accordance with GAGAS. These AICPA standards and SSAE contain 
requirements in addition to the requirements in 6.30 a-d below. Use of 
a checklist for the AICPA standards may be helpful for auditors to 
ensure compliance with these standards.]; 
a. The practitioner [auditor] must identify the subject matter or the 
assertion being reported on and state the character of the engagement 
in the report; 
b. The practitioner [auditor] must state the practitioner's [auditor's] 
conclusion about the subject matter or the assertion in relation to the 
criteria against which the subject matter was evaluated in the report; 
c. The practitioner [auditor] must state all of the practitioner's 
[auditor's] significant reservations about the engagement, the subject 
matter, and, if applicable, the assertion related thereto in the 
report; 
d. The practitioner [auditor] must state in the report that the report 
is intended for use by specified parties under the following 
circumstances: 
(1) When the criteria used to evaluate the subject matter are 
determined by the practitioner [auditor] to be appropriate only for a 
limited number of parties who either participated in their 
establishment or can be presumed to have an adequate understanding of 
the criteria; 
(2) When the criteria used to evaluate the subject matter are available 
only to specified parties; 
(3) When reporting on subject matter and a written assertion has not 
been provided by the responsible party; 
(4) When the report is on an attest engagement to apply agreed-upon 
procedures to the subject matter; 
Must: [Empty]; 
Should: [Check]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Additional Government Auditing Standards; 
6.31: GAGAS establish reporting standards for attestation engagements 
in addition to the requirements contained in the AICPA standards. 
Auditors should comply with these additional standards when citing 
GAGAS in their attestation engagement reports. The additional 
government auditing standards relate to; 
a. reporting auditors' compliance with GAGAS (see paragraph 6.32); 
b. reporting deficiencies in internal control, fraud, illegal acts, 
violations of provisions of contracts or grant agreements, and abuse 
(see paragraphs 6.33 through 6.43); 
c. reporting views of responsible officials (see paragraphs 6.44 
through 6.50); 
d. reporting confidential or sensitive information (see paragraphs 6.51 
through 6.55); and; 
e. distributing reports (see paragraph 6.56); 
Must: [Check]; 
Should: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Additional Government Auditing Standards; 
Reporting Auditors' Compliance with GAGAS; 
6.32: When auditors comply with all applicable GAGAS requirements, they 
should include a statement in the attestation report that they 
performed the engagement in accordance with GAGAS...GAGAS do not 
prohibit auditors from issuing a separate report conforming only to the 
requirements of other standards; 
Must: [Check]; 
Should: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Additional Government Auditing Standards; 
Reporting Deficiencies in Internal Control, Fraud, Illegal Acts, 
Violations of Provisions of Contracts or Grant Agreements, and Abuse; 
6.33: For attestation engagements, auditors should report, as 
applicable to the objectives of the engagement, and based upon the work 
performed, (1) significant deficiencies in internal control, 
identifying those considered to be material weaknesses; (2) all 
instances of fraud and illegal acts unless inconsequential; and (3) 
violations of provisions of contracts or grant agreements and abuse 
that could have a material effect on the subject matter of the 
engagement; 
Must: [Check]; 
Should: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Additional Government Auditing Standards; 
Deficiencies in Internal Control; 
6.34: For all attestation engagements, auditors should report the 
following deficiencies in internal control: 
a. Significant deficiency: a deficiency in internal control, or 
combination of deficiencies, that adversely affects the entity's 
ability to initiate, authorize, record, process, or report data 
reliably in accordance with the applicable criteria or framework such 
that there is more than a remote [footnote not shown] likelihood that a 
misstatement of the subject matter that is more than inconsequential 
[footnote not shown] will not be prevented or detected; 
b. Material weakness: a significant deficiency or combination of 
significant deficiencies, that results in more than a remote likelihood 
that a material misstatement of the subject matter will not be 
prevented or detected; 
Must: [Check]; 
Should: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Additional Government Auditing Standards; 
Deficiencies in Internal Control; 
6.35: Determining whether and how to communicate to entity officials 
internal control deficiencies that have an inconsequential effect on 
the subject matter is a matter of professional judgment. Auditors 
should document such communications; 
Must: [Check]; 
Should: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Additional Government Auditing Standards; 
Fraud, Illegal Acts, Violations of Provisions of Contracts or Grant 
Agreements, and Abuse; 
6.36: Under GAGAS, when auditors conclude, based on sufficient, 
appropriate evidence, that any of the following either has occurred or 
is likely to have occurred, they should include in their report the 
relevant information about; 
a. fraud and illegal acts [footnote not shown] that have an effect on 
the subject matter that is more than inconsequential,; 
b. violations of provisions of contracts or grant agreements that have 
a material effect on the subject matter, and: 
c. abuse that is material to the subject matter, either quantitatively 
or qualitatively....;
Must: [Check]; 
Should: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Additional Government Auditing Standards; 
Fraud, Illegal Acts, Violations of Provisions of Contracts or Grant 
Agreements, and Abuse; 
6.37: When auditors detect violations of provisions of contracts or 
grant agreements or abuse that have an effect on the subject matter 
that is less than material but more than inconsequential, they should 
communicate those findings in writing to entity officials. Determining 
whether and how to communicate to entity officials fraud, illegal acts, 
violations of provisions of contracts or grant agreements, or abuse 
that is inconsequential is a matter of professional judgment. Auditors 
should document such communications; 
Must: [Check]; 
Should: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Additional Government Auditing Standards; 
Reporting Findings Directly to Parties Outside the Entity; 
6.39: Auditors should report known or likely fraud, illegal acts, 
violations of provisions of contracts or grant agreements, or abuse 
directly to parties outside the audited entity in the following two 
circumstances. [Footnote not shown.]; 
a. When entity management fails to satisfy legal or regulatory 
requirements to report such information to external parties specified 
in law or regulation, auditors should first communicate the failure to 
report such information to those charged with governance. If the 
audited entity still does not report this information to the specified 
external parties as soon as practicable after the auditors' 
communication with those charged with governance, then the auditors 
should report the information directly to the specified external 
parties; 
b. When entity management fails to take timely and appropriate steps to 
respond to known or likely fraud, illegal acts, violations of 
provisions of contracts or grant agreements, or abuse that (1) is 
likely to have a material effect on the subject matter and (2) involves 
funding received directly or indirectly from a government agency, 
auditors should first report management's failure to take timely and 
appropriate steps to those charged with governance. If the audited 
entity still does not take timely and appropriate steps as soon as 
practicable after the auditors' communication with those charged with 
governance, then the auditors should report the entity's failure to 
take timely and appropriate steps directly to the funding agency; 
Must: [Check]; 
Should: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Additional Government Auditing Standards; 
Reporting Findings Directly to Parties Outside the Entity; 
6.40: The reporting in paragraph 6.39 is in addition to any legal 
requirements to report such information directly to parties outside the 
entity. Auditors should comply with these requirements even if they 
have resigned or been dismissed from the engagement prior to its 
completion; 
Must: [Check]; 
Should: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Additional Government Auditing Standards; 
Reporting Findings Directly to Parties Outside the Entity; 
6.41: Auditors should obtain sufficient, appropriate evidence, such as 
confirmation from outside parties, to corroborate assertions by entity 
management that it has reported such findings in accordance with laws, 
regulations, and funding agreements. When auditors are unable to do so, 
they should report such information directly as discussed in paragraph 
6.39; 
Must: [Check]; 
Should: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Additional Government Auditing Standards; 
Presenting Findings in the Auditors' Report; 
6.42: In presenting findings such as deficiencies in internal control, 
fraud, illegal acts, violations of provisions of contracts or grant 
agreements, and abuse, auditors should develop the elements of the 
findings to the extent necessary to achieve the engagement 
objectives....; 
Must: [Check]; 
Should: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Additional Government Auditing Standards; 
Presenting Findings in the Auditors' Report; 
6.43: Auditors should place their findings in perspective by describing 
the nature and extent of the issues being reported and the extent of 
the work performed that resulted in the finding. To give the reader a 
basis for judging the prevalence and consequences of these findings, 
auditors should, as applicable, relate the instances identified to the 
population or the number of cases examined and quantify the results in 
terms of dollar value or other measures, as appropriate. If the results 
cannot be projected, auditors should limit their conclusions 
appropriately; 
Must: [Check]; 
Should: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Additional Government Auditing Standards; 
Reporting Views of Responsible Officials; 
6.44: If the attestation engagement report discloses deficiencies in 
internal control, fraud, illegal acts, violations of provisions of 
contracts or grant agreements, or abuse, auditors should obtain and 
report the views of responsible officials concerning the findings, 
conclusions, and recommendations, as well as planned corrective 
actions; 
Must: [Check]; 
Should: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Additional Government Auditing Standards; 
Reporting Views of Responsible Officials; 
6.46: When auditors receive written comments from the responsible 
officials, they should include in their report a copy of the officials' 
written comments, or a summary of the comments received. When the 
responsible officials provide oral comments only, auditors should 
prepare a summary of the oral comments and provide a copy of the 
summary to the responsible officials to verify that the comments are 
accurately stated; 
Must: [Check]; 
Should: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Additional Government Auditing Standards; 
Reporting Views of Responsible Officials; 
6.47: Auditors should also include in the report an evaluation of the 
comments, as appropriate....;
Must: [Check]; 
Should: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Additional Government Auditing Standards; 
Reporting Views of Responsible Officials; 
6.49: When the entity's comments are inconsistent or in conflict with 
the findings, conclusions, or recommendations in the draft report, or 
when planned corrective actions do not adequately address the auditors' 
recommendations, the auditors should evaluate the validity of the 
audited entity's comments. If the auditors disagree with the comments, 
they should explain in the report their reasons for disagreement. 
Conversely, the auditors should modify their report as necessary if 
they find the comments valid and supported with sufficient, appropriate 
evidence; 
Must: [Check]; 
Should: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Additional Government Auditing Standards; 
Reporting Views of Responsible Officials; 
6.50: If the entity refuses to provide comments or is unable to provide 
comments within a reasonable period of time, the auditors may issue the 
report without receiving comments from the entity. In such cases, the 
auditors should indicate in the report that the audited entity did not 
provide comments; 
Must: [Check]; 
Should: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Additional Government Auditing Standards; 
Reporting Confidential or Sensitive Information; 
6.51: If certain pertinent information is prohibited from public 
disclosure or is excluded from a report due to the confidential or 
sensitive nature of the information, auditors should disclose in the 
report that certain information has been omitted and the reason or 
other circumstances that make the omission necessary; 
Must: [Check]; 
Should: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Additional Government Auditing Standards; 
Reporting Confidential or Sensitive Information; 
6.54: Considering the broad public interest in the program or activity 
under review assists auditors when deciding whether to exclude certain 
information from publicly available reports. When circumstances call 
for omission of certain information, auditors should evaluate whether 
this omission could distort the engagement results or conceal improper 
or illegal practices; 
Must: [Check]; 
Should: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Additional Government Auditing Standards; 
Reporting Confidential or Sensitive Information; 
6.55 When audit organizations are subject to public records laws, 
auditors should determine whether public records laws could impact the 
availability of classified or limited use reports and determine whether 
other means of communicating with management and those charged with 
governance would be more appropriate....;
Must: [Check]; 
Should: [Empty]. 

Chapter 6 - General, Field Work, and Reporting Standards for 
Attestation Engagements; 
Additional Government Auditing Standards; 
Distributing Reports; 
6.56: Distribution of reports completed under GAGAS depends on the 
relationship of the auditors to the entity and the nature of the 
information contained in the report. If the subject matter or the 
assertion involves material that is classified for security purposes or 
contains confidential or sensitive information, auditors may limit the 
report distribution. Auditors should document any limitation on report 
distribution. The following discussion outlines distribution for 
reports completed under GAGAS: [One of the following will apply 
depending on the type of audit organization.];
a. Audit organizations in government entities should distribute reports 
to those charged with governance, to the appropriate entity officials, 
and to the appropriate oversight bodies or organizations requiring or 
arranging for the engagements. As appropriate, auditors should also 
distribute copies of the reports to other officials who have legal 
oversight authority or who may be responsible for acting on engagement 
findings and recommendations, and to others authorized to receive such 
reports; 
b. Internal audit organizations in government entities may follow the 
Institute of Internal Auditors (IIA) International Standards for the 
Professional Practice of Internal Auditing. Under GAGAS and IIA 
standards, the head of the internal audit organization should 
communicate results to the parties who can ensure that the results are 
given due consideration. If not otherwise mandated by statutory or 
regulatory requirements, prior to releasing results to parties outside 
the organization, the head of the internal audit organization should: 
(1) assess the potential risk to the organization, (2) consult with 
senior management and/or legal counsel as appropriate, and (3) control 
dissemination by indicating the intended users in the report; 
c. Public accounting firms contracted to perform an engagement under 
GAGAS should clarify report distribution responsibilities with the 
engaging organization. If the contracting firm is to make the 
distribution, it should reach agreement with the party contracting for 
the engagement about which officials or organizations will receive the 
report and the steps being taken to make the report available to the 
public; 
Must: [Check]; 
Should: [Empty]. 

[End of table] 

Specific Requirements for Performance Audits: 

Chapter 1 - Use and Application of GAGAS; 
Stating Compliance with GAGAS in the Auditors' Report; 
1.11: When auditors are required to follow GAGAS or are representing to 
others that they followed GAGAS, they should follow all applicable 
GAGAS requirements and should refer to compliance with GAGAS in the 
auditors' report as set forth in paragraphs 1.12 and 1.13; 
Must: [Check]; 
Should: [Empty]. 

Chapter 1 - Use and Application of GAGAS; 
Stating Compliance with GAGAS in the Auditors' Report; 
1.12: Auditors should include one of the following types of GAGAS 
compliance statements in reports on GAGAS audits and attestation 
engagements, as appropriate. [Footnote not shown.]; 
a. Unmodified GAGAS compliance statement: Stating that the auditor 
performed the audit or attestation engagement in accordance with GAGAS. 
Auditors should include an unmodified GAGAS compliance statement in the 
audit report when they have (1) followed all applicable unconditional 
and presumptively mandatory GAGAS requirements, or (2) have followed 
all unconditional requirements and documented justification for any 
departures from applicable presumptively mandatory requirements, and 
have achieved the objectives of those requirements through other means; 
b. Modified GAGAS compliance statement: Stating either that (1) the 
auditor performed the audit or attestation engagement in accordance 
with GAGAS, except for specific applicable requirements that were not 
followed or, (2) because of the significance of the departure(s) from 
the requirements, the auditor was unable to and did not perform the 
audit or attestation engagement in accordance with GAGAS. Situations 
when auditors use modified compliance statements include scope 
limitations, such as restrictions on access to records, government 
officials, or other individuals needed to conduct the audit. When 
auditors use a modified GAGAS statement, they should disclose in the 
report the applicable requirement(s) not followed, the reasons for not 
following the requirement(s), and how not following the requirements 
affected, or could have affected, the audit and the assurance provided; 
Must: [Check]; 
Should: [Empty]. 

Chapter 1 - Use and Application of GAGAS; 
Stating Compliance with GAGAS in the Auditors' Report; 
1.13: When auditors do not comply with any applicable requirements, 
they should (1) assess the significance of the noncompliance to the 
audit objectives, (2) document the assessment, along with their reasons 
for not following the requirement, and (3) determine the type of GAGAS 
compliance statement. [Footnote not shown.] The auditors' determination 
will depend on the significance of the requirements not followed in 
relation to the audit objectives; 
Must: [Check]; 
Should: [Empty]. 

Chapter 1 - Use and Application of GAGAS; 
Relationship between GAGAS and Other Professional Standards; 
1.14: Auditors may use GAGAS in conjunction with professional standards 
issued by other authoritative bodies. Auditors may also cite the use of 
other standards in their audit reports, as appropriate. If the auditor 
is citing compliance with GAGAS and inconsistencies exist between GAGAS 
and other standards cited, the auditor should use GAGAS as the 
prevailing standard for conducting the audit and reporting the results; 
Must: [Check]; 
Should: [Empty]. 

Chapter 1 - Use and Application of GAGAS; 
Types of GAGAS Audits and Attestation Engagements; 
1.19: In some audits and attestation engagements, the standards 
applicable to the specific audit objective will be apparent....However, 
some engagements may have multiple or overlapping objectives....In 
cases in which there is a choice between applicable standards, auditors 
should evaluate users' needs and the auditors' knowledge, skills, and 
experience in deciding which standards to follow; 
Must: [Check]; 
Should: [Empty]. 

Chapter 1 - Use and Application of GAGAS; 
Types of GAGAS Audits and Attestation Engagements; 
Professional Services Other Than Audits (Nonaudit Services) Provided by 
Audit Organizations; 
1.33: GAGAS do not cover professional services other than audits or 
attestation engagements (nonaudit services). … Therefore, auditors must 
not report that the nonaudit services were conducted in accordance with 
GAGAS. When performing nonaudit services for an entity for which the 
audit organization performs a GAGAS audit or attestation engagement, 
audit organizations should communicate, as appropriate, with requestors 
and those charged with governance to clarify that the scope of work 
performed does not constitute an audit under GAGAS; 
Must: [Empty]; 
Should: [Check]. 

Chapter 1 - Use and Application of GAGAS; 
Independence; 
3.02: In all matters relating to the audit work, the audit organization 
and the individual auditor, whether government or public, must be free 
from personal, external, and organizational impairments to 
independence, and must avoid the appearance of such impairments of 
independence; 
Must: [Empty]; 
Should: [Check]. 

Chapter 1 - Use and Application of GAGAS; 
Independence; 
3.03: Auditors and audit organizations must maintain independence so 
that their opinions, findings, conclusions, judgments, and 
recommendations will be impartial and viewed as impartial by objective 
third parties with knowledge of the relevant information. Auditors 
should avoid situations that could lead objective third parties with 
knowledge of the relevant information to conclude that the auditors are 
not able to maintain independence and thus are not capable of 
exercising objective and impartial judgment on all issues associated 
with conducting the audit and reporting on the work; 
Must: [Empty]; 
Should: [Empty]. 

Chapter 1 - Use and Application of GAGAS; 
Independence; 
3.04: When evaluating whether independence impairments exist either in 
fact or appearance with respect to the entities for which audit 
organizations perform audits or attestation engagements, auditors and 
audit organizations must take into account the three general classes of 
impairments to independence--personal, external, and organizational. 
[Footnote not shown.] If one or more of these impairments affects or 
can be perceived to affect independence, the audit organization (or 
auditor) should decline to perform the work--except in those situations 
in which an audit organization in a government entity, because of a 
legislative requirement or for other reasons, cannot decline to perform 
the work, in which case the government audit organization must disclose 
the impairment(s) and modify the GAGAS compliance statement....;
Must: [Empty]; 
Should: [Empty]. 

Chapter 1 - Use and Application of GAGAS; 
Independence; 
3.05: When auditors use the work of a specialist, [footnote not shown] 
auditors should assess the specialist's ability to perform the work and 
report results impartially as it relates to their relationship with the 
program or entity under audit. If the specialist's independence is 
impaired, auditors should not use the work of that specialist; 
Must: [Check]; 
Should: [Empty]. 

Chapter 1 - Use and Application of GAGAS; 
Independence; 
Personal Impairments; 
3.07: Auditors participating on an audit assignment must be free from 
personal impairments to independence. [Footnote not shown.] Personal 
impairments of auditors result from relationships or beliefs that might 
cause auditors to limit the extent of the inquiry, limit disclosure, or 
weaken or slant audit findings in any way. Individual auditors should 
notify the appropriate officials within their audit organizations if 
they have any personal impairment to independence....;
Must: [Empty]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Professional Judgment; 
3.31: Auditors must use professional judgment in planning and 
performing audits and attestation engagements and in reporting the 
results; 
Must: [Empty]; 
Should: [Check]. 

Chapter 3 - General Standards; 
Professional Judgment; 
3.38: Auditors should document significant decisions affecting the 
audit objectives, scope, and methodology; findings; conclusions; and 
recommendations resulting from professional judgment; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Competence; 
3.40: The staff assigned to perform the audit or attestation engagement 
must collectively possess adequate professional competence for the 
tasks required; 
Must: [Empty]; 
Should: [Check]. 

Chapter 3 - General Standards; 
Competence; 
Technical Knowledge and Competence; 
3.43: The staff assigned to conduct an audit or attestation engagement 
under GAGAS must collectively possess the technical knowledge, skills, 
and experience necessary to be competent for the type of work being 
performed before beginning work on that assignment. The staff assigned 
to a GAGAS audit or attestation engagement should collectively possess; 
a. knowledge of GAGAS applicable to the type of work they are assigned 
and the education, skills, and experience to apply this knowledge to 
the work being performed; 
b. general knowledge of the environment in which the audited entity 
operates and the subject matter under review; 
c. skills to communicate clearly and effectively, both orally and in 
writing; and; 
d. skills appropriate for the work being performed. For example, staff 
or specialist skills in; 
(1) statistical sampling if the work involves use of statistical 
sampling; 
(2) information technology if the work involves review of information 
systems; 
(3) engineering if the work involves review of complex engineering 
data; 
(4) specialized audit methodologies or analytical techniques, such as 
the use of complex survey instruments, actuarial-based estimates, or 
statistical analysis tests, as applicable; or; (5) specialized 
knowledge in subject matters, such as scientific, medical, 
environmental, educational, or any other specialized subject matter, if 
the work calls for such expertise; 
Must: [Empty]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Competence; 
Continuing Professional Education; 
3.46: Auditors performing work under GAGAS, including planning, 
directing, performing field work, or reporting on an audit or 
attestation engagement under GAGAS, should maintain their professional 
competence through continuing professional education (CPE). Therefore, 
each auditor performing work under GAGAS should complete, every 2 
years, at least 24 hours of CPE that directly relates to government 
auditing, the government environment, or the specific or unique 
environment in which the audited entity operates. For auditors who are 
involved in any amount of planning, directing, or reporting on GAGAS 
assignments and those auditors who are not involved in those activities 
but charge 20 percent or more of their time annually to GAGAS 
assignments should also obtain at least an additional 56 hours of CPE 
(for a total of 80 hours of CPE in every 2-year period) that enhances 
the auditor's professional proficiency to perform audits or attestation 
engagements. Auditors required to take the total 80 hours of CPE should 
complete at least 20 hours of CPE in each year of the 2-year period; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Competence; 
Continuing Professional Education; 
3.49: External specialists assisting in performing a GAGAS assignment 
should be qualified and maintain professional competence in their areas 
of specialization but are not required to meet the GAGAS CPE 
requirements described. However, auditors who use the work of external 
specialists should assess the professional qualifications of such 
specialists and document their findings and conclusions. Internal 
specialists who are part of the audit organization and perform as a 
member of the audit team should comply with GAGAS, including the CPE 
requirements; 
Must: [Check]; 
Should: [Empty]. 

Chapter 3 - General Standards; 
Quality Control and Assurance; 
External Peer Review; 
3.63: Auditors who are using another audit organization's work should 
request a copy of the audit organization's latest peer review report 
and any letter of comment, and the audit organization should provide 
these documents when requested....;
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Planning; 
7.06: Auditors must adequately plan and document the planning of the 
work necessary to address the audit objectives; 
Must: [Empty]; 
Should: [Check]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Planning; 
7.07: Auditors must plan the audit to reduce audit risk to an 
appropriate level for the auditors to provide reasonable assurance that 
the evidence is sufficient and appropriate to support the auditors' 
findings and conclusions. This determination is a matter of 
professional judgment. In planning the audit, auditors should assess 
significance and audit risk and apply these assessments in defining the 
audit objectives and the scope and methodology to address those 
objectives. [Footnote not shown.]...;
Must: [Empty]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Planning; 
7.10:...Auditors should design the methodology to obtain sufficient, 
appropriate evidence to address the audit objectives, reduce audit risk 
to an acceptable level, and provide reasonable assurance that the 
evidence is sufficient and appropriate to support the auditors' 
findings and conclusions....;
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Planning; 
7.11: Auditors should assess audit risk and significance within the 
context of the audit objectives by gaining an understanding of the 
following: 
a. the nature and profile of the programs and the needs of potential 
users of the audit report (see paragraphs 7.13 through 7.15); 
b. internal control as it relates to the specific objectives and scope 
of the audit (see paragraphs 7.16 through 7.22); 
c. information systems controls for purposes of assessing audit risk 
and planning the audit within the context of the audit objectives (see 
paragraphs 7.23 through 7.27); 
d. legal and regulatory requirements, contract provisions or grant 
agreements, potential fraud, or abuse that are significant within the 
context of the audit objectives (see paragraphs 7.28 through 7.35); 
and; 
e. the results of previous audits and attestation engagements that 
directly relate to the current audit objectives (see paragraph 7.36); 
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Planning; 
7.12: During planning, auditors also should; 
a. identify the potential criteria needed to evaluate matters subject 
to audit (see paragraphs 7.37 and 7.38); 
b. identify sources of audit evidence and determine the amount and type 
of evidence needed given audit risk and significance (see paragraphs 
7.39 and 7.40); 
c. evaluate whether to use the work of other auditors and experts to 
address some of the audit objectives (see paragraphs 7.41 through 
7.43); 
d. assign sufficient staff and specialists with adequate collective 
professional competence and identify other resources needed to perform 
the audit (see paragraphs 7.44 and 7.45); 
e. communicate about planning and performance of the audit to 
management officials, those charged with governance, and others as 
applicable (see paragraphs 7.46 through 7.49); and; 
f. prepare a written audit plan (see paragraphs 7.50 and 7.51); 
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Planning; 
Nature and Profile of the Program and User Needs; 
7.13: Auditors should obtain an understanding of the nature of the 
program or program component under audit and the potential use that 
will be made of the audit results or report as they plan a performance 
audit. The nature and profile of a program include; 
a. visibility, sensitivity, and relevant risks associated with the 
program under audit; 
b. age of the program or changes in its conditions; 
c. the size of the program in terms of total dollars, number of 
citizens affected, or other measures; 
d. level and extent of review or other forms of independent oversight; 
e. program's strategic plan and objectives; and; 
f. external factors or conditions that could directly affect the 
program; 
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Planning;
Internal Control; 
7.16: Auditors should obtain an understanding of internal control 
[footnote not shown] that is significant within the context of the 
audit objectives. For internal control that is significant within the 
context of the audit objectives, auditors should assess whether 
internal control has been properly designed and implemented. For those 
internal controls that are deemed significant within the context of the 
audit objectives, auditors should plan to obtain sufficient, 
appropriate evidence to support their assessment about the 
effectiveness of those controls. … Thus, when obtaining an 
understanding of internal control significant to the audit objectives, 
auditors should also determine whether it is necessary to evaluate 
information systems controls. (See paragraphs 7.23 through 7.27 for 
additional discussion on evaluating the effectiveness of information 
systems controls.); 
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Planning;
Information Systems Controls; 
7.24:...When information systems controls are determined to be 
significant to the audit objectives, auditors should then evaluate the 
design and operating effectiveness of such controls. …Auditors should 
obtain a sufficient understanding of information systems controls 
necessary to assess audit risk and plan the audit within the context of 
the audit objectives. [Footnote not shown.]; 
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Planning;
Information Systems Controls; 
7.27 Auditors should determine which audit procedures related to 
information systems controls are needed to obtain sufficient, 
appropriate evidence to support the audit findings and conclusions. The 
following factors may assist auditors in making this determination: … 
[7.27 a-c do not contain auditor requirements.]; 
d. Evaluating the effectiveness of information systems controls as an 
audit objective: When evaluating the effectiveness of information 
systems controls is directly a part of an audit objective, auditors 
should test information systems controls necessary to address the audit 
objectives. For example, the audit may involve the effectiveness of 
information systems controls related to certain systems, facilities, or 
organizations; 
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Planning;
Legal and Regulatory Requirements, Provisions of Contracts or Grant 
Agreements, Fraud, or Abuse; 
Legal and Regulatory Requirements, Contracts, and Grants; 
7.28: Auditors should determine which laws, regulations, and provisions 
of contracts or grant agreements are significant within the context of 
the audit objectives and assess the risk that violations of those laws, 
regulations, and provisions of contracts or grant agreements could 
occur. Based on that risk assessment, the auditors should design and 
perform procedures to provide reasonable assurance of detecting 
instances of violations of legal and regulatory requirements or 
violations of provisions of contracts or grant agreements that are 
significant within the context of the audit objectives; 
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Planning;
Legal and Regulatory Requirements, Provisions of Contracts or Grant 
Agreements, Fraud, or Abuse; 
Fraud; 
7.30: In planning the audit, auditors should assess risks of fraud 
[footnote not shown] occurring that is significant within the context 
of the audit objectives. Audit team members should discuss among the 
team fraud risks, including factors such as individuals' incentives or 
pressures to commit fraud, the opportunity for fraud to occur, and 
rationalizations or attitudes that could allow individuals to commit 
fraud. Auditors should gather and assess information to identify risks 
of fraud that are significant within the scope of the audit objectives 
or that could affect the findings and conclusions....;
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Planning;
Legal and Regulatory Requirements, Provisions of Contracts or Grant 
Agreements, Fraud, or Abuse; 
Fraud;
7.31: When auditors identify factors or risks related to fraud that has 
occurred or is likely to have occurred that they believe are 
significant within the context of the audit objectives, they should 
design procedures to provide reasonable assurance of detecting such 
fraud. Assessing the risk of fraud is an ongoing process throughout the 
audit and relates not only to planning the audit but also to evaluating 
evidence obtained during the audit; 
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Planning;
Legal and Regulatory Requirements, Provisions of Contracts or Grant 
Agreements, Fraud, or Abuse; 
Fraud; 
7.32: When information comes to the auditors' attention indicating that 
fraud that is significant within the context of the audit objectives 
may have occurred, auditors should extend the audit steps and 
procedures, as necessary, to (1) determine whether fraud has likely 
occurred and (2) if so, determine its effect on the audit findings....;
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Planning;
Legal and Regulatory Requirements, Provisions of Contracts or Grant 
Agreements, Fraud, or Abuse; 
Abuse; 
7.34: If during the course of the audit, auditors become aware of abuse 
that could be quantitatively or qualitatively significant to the 
program under audit, auditors should apply audit procedures 
specifically directed to ascertain the potential effect on the program 
under audit within the context of the audit objectives....;
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Planning;
Legal and Regulatory Requirements, Provisions of Contracts or Grant 
Agreements, Fraud, or Abuse; 
Ongoing Investigations or Legal Proceedings; 
7.35...When investigations or legal proceedings are initiated or in 
process, auditors should evaluate the impact on the current audit. In 
some cases, it may be appropriate for the auditors to work with 
investigators and/or legal authorities, or withdraw from or defer 
further work on the audit or a portion of the audit to avoid 
interfering with an investigation; 
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Planning;
Legal and Regulatory Requirements, Provisions of Contracts or Grant 
Agreements, Fraud, or Abuse; 
Previous Audits and Attestation Engagements; 
7.36: Auditors should evaluate whether the audited entity has taken 
appropriate corrective action to address findings and recommendations 
from previous engagements that are significant within the context of 
the audit objectives. When planning the audit, auditors should ask 
management of the audited entity to identify previous audits, 
attestation engagements, performance audits, or other studies that 
directly relate to the objectives of the audit, including whether 
related recommendations have been implemented. Auditors should use this 
information in assessing risk and determining the nature, timing, and 
extent of current audit work, including determining the extent to which 
testing the implementation of the corrective actions is applicable to 
the current audit objectives; 
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Planning;
Legal and Regulatory Requirements, Provisions of Contracts or Grant 
Agreements, Fraud, or Abuse; 
Identifying Audit Criteria; 
7.37: Auditors should identify criteria. Criteria represent the laws, 
regulations, contracts, grant agreements, standards, measures, expected 
performance, defined business practices, and benchmarks against which 
performance is compared or evaluated. … Auditors should use criteria 
that are relevant to the audit objectives and permit consistent 
assessment of the subject matter; 
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Planning;
Legal and Regulatory Requirements, Provisions of Contracts or Grant 
Agreements, Fraud, or Abuse; 
Identifying Sources of Evidence and the Amount and Type of Evidence 
Required; 
7.39: Auditors should identify potential sources of information that 
could be used as evidence. Auditors should determine the amount and 
type of evidence needed to obtain sufficient, appropriate evidence to 
address the audit objectives and adequately plan audit work; 
7.40 If auditors believe that it is likely that sufficient, appropriate 
evidence will not be available, they may revise the audit objectives or 
modify the scope and methodology and determine alternative procedures 
to obtain additional evidence or other forms of evidence to address the 
current audit objectives. Auditors should also evaluate whether the 
lack of sufficient, appropriate evidence is due to internal control 
deficiencies or other program weaknesses, and whether the lack of 
sufficient, appropriate evidence could be the basis for audit 
findings....; 
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Planning;
Legal and Regulatory Requirements, Provisions of Contracts or Grant 
Agreements, Fraud, or Abuse; 
Using the Work of Others; 
7.41: Auditors should determine whether other auditors have conducted, 
or are conducting, audits of the program that could be relevant to the 
current audit objectives....;
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Planning;
Legal and Regulatory Requirements, Provisions of Contracts or Grant 
Agreements, Fraud, or Abuse; 
Using the Work of Others; 
7.42...If auditors use the work of other auditors, they should perform 
procedures that provide a sufficient basis for using that work. 
Auditors should obtain evidence concerning the other auditors' 
qualifications and independence and should determine whether the scope, 
quality, and timing of the audit work performed by the other auditors 
is adequate for reliance in the context of the current audit 
objectives....;
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Planning;
Legal and Regulatory Requirements, Provisions of Contracts or Grant 
Agreements, Fraud, or Abuse; 
Using the Work of Others; 
7.43....If auditors intend to use the work of specialists, they should 
obtain an understanding of the qualifications and independence of the 
specialists...Evaluating the professional qualifications of the 
specialist involves the following: 
a. the professional certification, license, or other recognition of the 
competence of the specialist in his or her field, as appropriate; 
b. the reputation and standing of the specialist in the views of peers 
and others familiar with the specialist's capability or performance; 
c. the specialist's experience and previous work in the subject matter; 
and; 
d. the auditors' prior experience in using the specialist's work; 
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Planning;
Legal and Regulatory Requirements, Provisions of Contracts or Grant 
Agreements, Fraud, or Abuse; 
Assigning Staff and Other Resources; 
7.44: Audit management should assign sufficient staff and specialists 
with adequate collective professional competence to perform the audit. 
...Staffing an audit includes, among other things: 
a. assigning staff and specialists with the collective knowledge, 
skills, and experience appropriate for the job,; 
b. assigning a sufficient number of staff and supervisors to the 
audit,; 
c. providing for on-the-job training of staff, and; 
d. engaging specialists when necessary; 
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Legal and Regulatory Requirements, Provisions of Contracts or Grant 
Agreements, Fraud, or Abuse; 
Assigning Staff and Other Resources; 
7.45: If planning to use the work of a specialist, auditors should 
document the nature and scope of the work to be performed by the 
specialist, including; 
a. the objectives and scope of the specialist's work,; 
b. the intended use of the specialist's work to support the audit 
objectives,; 
c. the specialist's procedures and findings so they can be evaluated 
and related to other planned audit procedures, and; 
d. the assumptions and methods used by the specialist; 
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Legal and Regulatory Requirements, Provisions of Contracts or Grant 
Agreements, Fraud, or Abuse; 
Communicating with Management, Those Charged with Governance, and 
Others; 
7.46: Auditors should communicate an overview of the objectives, scope, 
and methodology, and timing of the performance audit [footnote not 
shown] and planned reporting (including any potential restrictions on 
the report) to the following, as applicable: 
a. management of the audited entity, including those with sufficient 
authority and responsibility to implement corrective action in the 
program or activity being audited; 
b. those charged with governance; [footnote not shown] and; 
c. the individuals contracting for or requesting audit services, such 
as contracting officials, grantees; and; 
d. when auditors perform the audit pursuant to a law or regulation or 
they conduct the work for the legislative committee that has oversight 
of the audited entity, auditors should communicate with the legislative 
committee; 
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Legal and Regulatory Requirements, Provisions of Contracts or Grant 
Agreements, Fraud, or Abuse; 
Communicating with Management, Those Charged with Governance, and 
Others; 
7.47: In situations in which those charged with governance are not 
clearly evident, auditors should document the process followed and 
conclusions reached for identifying those charged with governance; 
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Legal and Regulatory Requirements, Provisions of Contracts or Grant 
Agreements, Fraud, or Abuse; 
Communicating with Management, Those Charged with Governance, and 
Others; 
7.48: Determining the form, content, and frequency of the communication 
is a matter of professional judgment, although written communication is 
preferred. Auditors may use an engagement letter to communicate the 
information. Auditors should document this communication; 
Must: [Check]; 
Should: [Empty].

Chapter 7 - Field Work Standards for Performance Audits; 
Legal and Regulatory Requirements, Provisions of Contracts or Grant 
Agreements, Fraud, or Abuse; 
Communicating with Management, Those Charged with Governance, and 
Others; 
7.49: If an audit is terminated before it is completed and an audit 
report is not issued, auditors should document the results of the work 
to the date of termination and why the audit was terminated....;
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Legal and Regulatory Requirements, Provisions of Contracts or Grant 
Agreements, Fraud, or Abuse;
Preparing the Audit Plan; 
7.50: Auditors must prepare a written audit plan for each audit. … 
Auditors should update the plan, as necessary, to reflect any 
significant changes to the plan made during the audit; 
Must: [Empty]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Legal and Regulatory Requirements, Provisions of Contracts or Grant 
Agreements, Fraud, or Abuse;
Supervision; 
7.52: Audit supervisors or those designated to supervise auditors must 
properly supervise audit staff; 
Must: [Empty]; 
Should: [Check]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Obtaining Sufficient, Appropriate Evidence; 
7.55: Auditors must obtain sufficient, appropriate evidence to provide 
a reasonable basis for their findings and conclusions; 
Must: [Empty]; 
Should: [Check]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Obtaining Sufficient, Appropriate Evidence; 
7.56:...Appropriateness is the measure of the quality of evidence that 
encompasses its relevance, validity, and reliability in providing 
support for findings and conclusions related to the audit objectives. 
In assessing the overall appropriateness of evidence, auditors should 
assess whether the evidence is relevant, valid, and reliable. 
Sufficiency is a measure of the quantity of evidence used to support 
the findings and conclusions related to the audit objectives. In 
assessing the sufficiency of evidence, auditors should determine 
whether enough evidence has been obtained to persuade a knowledgeable 
person that the findings are reasonable; 
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Obtaining Sufficient, Appropriate Evidence; 
7.57: In assessing evidence, auditors should evaluate whether the 
evidence taken as a whole is sufficient and appropriate for addressing 
the audit objectives and supporting findings and conclusions....;
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Obtaining Sufficient, Appropriate Evidence; 
Appropriateness; 
7.61: Testimonial evidence may be useful in interpreting or 
corroborating documentary or physical information. Auditors should 
evaluate the objectivity, credibility, and reliability of the 
testimonial evidence....;
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Obtaining Sufficient, Appropriate Evidence; 
Appropriateness; 
7.64: When auditors use information gathered by officials of the 
audited entity as part of their evidence, they should determine what 
the officials of the audited entity or other auditors did to obtain 
assurance over the reliability of the information....;
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Obtaining Sufficient, Appropriate Evidence; 
Appropriateness; 
7.65: Auditors should assess the sufficiency and appropriateness of 
computer-processed information regardless of whether this information 
is provided to auditors or auditors independently extract it....;
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Obtaining Sufficient, Appropriate Evidence; 
Sufficiency; 
7.66...In determining the sufficiency of evidence, auditors should 
determine whether enough appropriate evidence exists to address the 
audit objectives and support the findings and conclusions; 
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Obtaining Sufficient, Appropriate Evidence; 
Sufficiency; 
Overall Assessment of Evidence; 
7.68: Auditors should determine the overall sufficiency and 
appropriateness of evidence to provide a reasonable basis for the 
findings and conclusions, within the context of the audit objectives. … 
Auditors should perform and document an overall assessment of the 
collective evidence used to support findings and conclusions, including 
the results of any specific assessments conducted to conclude on the 
validity and reliability of specific evidence; 
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Obtaining Sufficient, Appropriate Evidence; 
Sufficiency; 
Overall Assessment of Evidence; 
7.70: When assessing the sufficiency and appropriateness of evidence, 
auditors should evaluate the expected significance of evidence to the 
audit objectives, findings, and conclusions, available corroborating 
evidence, and the level of audit risk....; 
a. Evidence is sufficient and appropriate when it provides a reasonable 
basis for supporting the findings or conclusions within the context of 
the audit objectives; 
b. Evidence is not sufficient or not appropriate when (1) using the 
evidence carries an unacceptably high risk that it could lead to an 
incorrect or improper conclusion, (2) the evidence has significant 
limitations, given the audit objectives and intended use of the 
evidence, or (3) the evidence does not provide an adequate basis for 
addressing the audit objectives or supporting the findings and 
conclusions. Auditors should not use such evidence as support for 
findings and conclusions; 
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Obtaining Sufficient, Appropriate Evidence; 
Overall Assessment of Evidence; 
7.71:...When the auditors identify limitations or uncertainties in 
evidence that is significant to the audit findings and conclusions, 
they should apply additional procedures, as appropriate. Such 
procedures include; 
a. seeking independent, corroborating evidence from other sources; 
b. redefining the audit objectives or limiting the audit scope to 
eliminate the need to use the evidence; 
c. presenting the findings and conclusions so that the supporting 
evidence is sufficient and appropriate and describing in the report the 
limitations or uncertainties with the validity or reliability of the 
evidence, if such disclosure is necessary to avoid misleading the 
report users about the findings or conclusions (see paragraph 8.15 for 
additional reporting requirements when there are limitations or 
uncertainties with the validity or reliability of evidence); or; 
d. determining whether to report the limitations or uncertainties as a 
finding, including any related, significant internal control 
deficiencies; 
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Obtaining Sufficient, Appropriate Evidence; 
Developing Elements of a Finding; 
7.72: Auditors should plan and perform procedures to develop the 
elements of a finding necessary to address the audit objectives. In 
addition, if auditors are able to sufficiently develop the elements of 
a finding, they should develop recommendations for corrective action if 
they are significant within the context of the audit objectives....;
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Audit Documentation; 
7.77: Auditors must prepare audit documentation related to planning, 
conducting, and reporting for each audit. Auditors should prepare audit 
documentation in sufficient detail to enable an experienced auditor, 
[footnote not shown] having no previous connection to the audit, to 
understand from the audit documentation the nature, timing, extent, and 
results of audit procedures performed, the audit evidence obtained and 
its source and the conclusions reached, including evidence that 
supports the auditors' significant judgments and conclusions. Auditors 
should prepare audit documentation that contains support for findings, 
conclusions, and recommendations before they issue their report; 
Must: [Empty]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Audit Documentation; 
7.78: Auditors should design the form and content of audit 
documentation to meet the circumstances of the particular audit. The 
audit documentation constitutes the principal record of the work that 
the auditors have performed in accordance with standards and the 
conclusions that the auditors have reached....; 
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Audit Documentation; 
7.80: Under GAGAS, auditors should document the following: 
a. the objectives, scope, and methodology of the audit; 
b. the work performed to support significant judgments and conclusions, 
including descriptions of transactions and records examined;[92] and. 
[92] Auditors may meet this requirement by listing file numbers, case 
numbers, or other means of identifying specific documents they 
examined. They are not required to include copies of documents they 
examined as part of the audit documentation, nor are they required to 
list detailed information from those documents.]; 
c. evidence of supervisory review, before the audit report is issued, 
of the work performed that supports findings, conclusions, and 
recommendations contained in the audit report; 
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Audit Documentation; 
7.81: When auditors do not comply with applicable GAGAS requirements 
due to law, regulation, scope limitations, restrictions on access to 
records, or other issues impacting the audit, the auditors should 
document the departure from the GAGAS requirements and the impact on 
the audit and on the auditors' conclusions. This applies to departures 
from both mandatory requirements and presumptively mandatory 
requirements when alternative procedures performed in the circumstances 
were not sufficient to achieve the objectives of the standard...; 
Must: [Check]; 
Should: [Empty]. 

Chapter 7 - Field Work Standards for Performance Audits; 
Audit Documentation; 
7.83...Subject to applicable laws and regulations, auditors should make 
appropriate individuals, as well as audit documentation, available upon 
request and in a timely manner to other auditors or reviewers to 
satisfy these objectives....;
Must: [Check]; 
Should: [Empty]. 

Chapter 8 - Reporting Standards for Performance Audits; 
Reporting; 
8.03: Auditors must issue audit reports communicating the results of 
each completed performance audit; 
Must: [Empty]; 
Should: [Check]. 

Chapter 8 - Reporting Standards for Performance Audits; 
Reporting; 
8.04: Auditors should use a form of the audit report that is 
appropriate for its intended use and is in writing or in some other 
retrievable form....; 
Must: [Check]; 
Should: [Empty].  

Chapter 8 - Reporting Standards for Performance Audits; 
Reporting; 
8.06: If an audit is terminated before it is completed and an audit 
report is not issued, auditors should follow the guidance in paragraph 
7.49; 
Must: [Check]; 
Should: [Empty].  

Chapter 8 - Reporting Standards for Performance Audits; 
Reporting; 
8.07: If after the report is issued, the auditors discover that they 
did not have sufficient, appropriate evidence to support the reported 
findings or conclusions, they should communicate with those charged 
with governance, the appropriate officials of the audited entity, and 
the appropriate officials of the organizations requiring or arranging 
for the audits, so that they do not continue to rely on the findings or 
conclusions that were not supported. If the report was previously 
posted to the auditors' publicly accessible website, the auditors 
should remove the report and post a public notification that the report 
was removed. The auditors should then determine whether to conduct 
additional audit work necessary to reissue the report with revised 
findings or conclusions; 
Must: [Check]; 
Should: [Empty].  

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
8.08: Auditors should prepare audit reports that contain (1) the 
objectives, scope, and methodology of the audit; (2) the audit results, 
including findings, conclusions, and recommendations, as appropriate; 
(3) a statement about the auditors' compliance with GAGAS; (4) a 
summary of the views of responsible officials; and (5) if applicable, 
the nature of any confidential or sensitive information omitted; 
Must: [Check]; 
Should: [Empty].  

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Objectives, Scope, and Methodology; 
8.09: Auditors should include in the report a description of the audit 
objectives and the scope and methodology used for addressing the audit 
objectives....; 
Must: [Check]; 
Should: [Empty].  

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Objectives, Scope, and Methodology; 
8.10:...Auditors should communicate audit objectives in the audit 
report in a clear, specific, neutral, and unbiased manner that includes 
relevant assumptions, including why the audit organization undertook 
the assignment and the underlying purpose of the audit and resulting 
report....; 
Must: [Check]; 
Should: [Empty].  

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Objectives, Scope, and Methodology; 
8.11: Auditors should describe the scope of the work performed and any 
limitations, including issues that would be relevant to likely users, 
so that they could reasonably interpret the findings, conclusions, and 
recommendations in the report without being misled. Auditors should 
also report any significant constraints imposed on the audit approach 
by information limitations or scope impairments, including denials of 
access to certain records or individuals; 
Must: [Check]; 
Should: [Empty].  

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Objectives, Scope, and Methodology; 
8.12: In describing the work conducted to address the audit objectives 
and support the reported findings and conclusions, auditors should, as 
applicable, explain the relationship between the population and the 
items tested; identify organizations, geographic locations, and the 
period covered; report the kinds and sources of evidence; and explain 
any significant limitations or uncertainties based on the auditors' 
overall assessment of the sufficiency and appropriateness of the 
evidence in the aggregate; 
Must: [Check]; 
Should: [Empty]. 

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Objectives, Scope, and Methodology; 
8.13: In reporting audit methodology, auditors should explain how the 
completed audit work supports the audit objectives, including the 
evidence gathering and analysis techniques, in sufficient detail to 
allow knowledgeable users of their reports to understand how the 
auditors addressed the audit objectives....Auditors should identify 
significant assumptions made in conducting the audit; describe 
comparative techniques applied; describe the criteria used; and, when 
sampling significantly supports the auditors' findings, conclusions, or 
recommendations, describe the sample design and state why the design 
was chosen, including whether the results can be projected to the 
intended population; 
Must: [Check]; 
Should: [Empty]. 

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Reporting Findings; 
8.14: In the audit report, auditors should present sufficient, 
appropriate evidence to support the findings and conclusions in 
relation to the audit objectives. …. If auditors are able to 
sufficiently develop the elements of a finding, they should provide 
recommendations for corrective action if they are significant within 
the context of the audit objectives....; 
Must: [Check]; 
Should: [Empty]. 

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Reporting Findings; 
8.15 Auditors should describe in their report limitations or 
uncertainties with the reliability or validity of evidence if (1) the 
evidence is significant to the findings and conclusions within the 
context of the audit objectives and (2) such disclosure is necessary to 
avoid misleading the report users about the findings and conclusions. … 
Auditors should describe the limitations or uncertainties regarding 
evidence in conjunction with the findings and conclusions, in addition 
to describing those limitations or uncertainties as part of the 
objectives, scope, and methodology....; 
Must: [Check]; 
Should: [Empty]. 

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Reporting Findings; 
8.16: Auditors should place their findings in perspective by describing 
the nature and extent of the issues being reported and the extent of 
the work performed that resulted in the finding. To give the reader a 
basis for judging the prevalence and consequences of these findings, 
auditors should, as applicable, relate the instances identified to the 
population or the number of cases examined and quantify the results in 
terms of dollar value, or other measures, as appropriate. If the 
results cannot be projected, auditors should limit their conclusions 
appropriately; 
Must: [Check]; 
Should: [Empty]. 

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Reporting Findings; 
8.17:...When reporting on the results of their work, auditors should 
disclose significant facts relevant to the objectives of their work and 
known to them which, if not disclosed, could mislead knowledgeable 
users, misrepresent the results, or conceal significant improper or 
illegal practices; 
Must: [Check]; 
Should: [Empty]. 

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Reporting Findings; 
8.18 Auditors should report deficiencies [footnote not shown] in 
internal control that are significant within the context of the 
objectives of the audit, all instances of fraud, illegal acts [footnote 
not shown] unless they are inconsequential within the context of the 
audit objectives, significant violations of provisions of contracts or 
grant agreements, and significant abuse that have occurred or are 
likely to have occurred; 
Must: [Check]; 
Should: [Empty]. 

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Deficiencies in Internal Control; 
8.19: Auditors should include in the audit report (1) the scope of 
their work on internal control and (2) any deficiencies in internal 
control that are significant within the context of the audit objectives 
and based upon the audit work performed. When auditors detect 
deficiencies in internal control that are not significant to the 
objectives of the audit, they may include those deficiencies in the 
report or communicate those deficiencies in writing to officials of the 
audited entity unless the deficiencies are inconsequential considering 
both qualitative and quantitative factors. Auditors should refer to 
that written communication in the audit report, if the written 
communication is separate from the audit report. Determining whether or 
how to communicate to officials of the audited entity deficiencies that 
are inconsequential within the context of the audit objectives is a 
matter of professional judgment. Auditors should document such 
communications; 
Must: [Check]; 
Should: [Empty]. 

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Fraud, Illegal Acts, Violations of Provisions of Contracts or Grant 
Agreements, and Abuse; 
8.21: When auditors conclude, based on sufficient, appropriate 
evidence, that fraud, illegal acts, significant violations of 
provisions of contracts or grant agreements, or significant abuse 
either has occurred or is likely to have occurred, they should report 
the matter as a finding; 
Must: [Check]; 
Should: [Empty]. 

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Fraud, Illegal Acts, Violations of Provisions of Contracts or Grant 
Agreements, and Abuse; 
8.22 When auditors detect violations of provisions of contracts or 
grant agreements, or abuse that are not significant, they should 
communicate those findings in writing to officials of the audited 
entity unless the findings are inconsequential within the context of 
the audit objectives, considering both qualitative and quantitative 
factors. Determining whether or how to communicate to officials of the 
audited entity fraud, illegal acts, violations of provisions of 
contracts or grant agreements, or abuse that is inconsequential is a 
matter of the auditors' professional judgment. Auditors should document 
such communications; 
Must: [Check]; 
Should: [Empty]. 

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Reporting Findings Directly to Parties Outside the Audited Entity; 
8.24: Auditors should report known or likely fraud, illegal acts, 
violations of provisions of contracts or grant agreements, or abuse 
directly to parties outside the audited entity in the following two 
circumstances. [Footnote not shown.]; 
a. When entity management fails to satisfy legal or regulatory 
requirements to report such information to external parties specified 
in law or regulation, auditors should first communicate the failure to 
report such information to those charged with governance. If the 
audited entity still does not report this information to the specified 
external parties as soon as practicable after the auditors' 
communication with those charged with governance, then the auditors 
should report the information directly to the specified external 
parties; 
b. When entity management fails to take timely and appropriate steps to 
respond to known or likely fraud, illegal acts, violations of 
provisions of contracts or grant agreements, or abuse that (1) is 
significant to the findings and conclusions, and (2) involves funding 
received directly or indirectly from a government agency, auditors 
should first report management's failure to take timely and appropriate 
steps to those charged with governance. If the audited entity still 
does not take timely and appropriate steps as soon as practicable after 
the auditors' communication with those charged with governance, then 
the auditors should report the entity's failure to take timely and 
appropriate steps directly to the funding agency; 
Must: [Check]; 
Should: [Empty]. 

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Reporting Findings Directly to Parties Outside the Audited Entity; 
8.25: The reporting in paragraph 8.24 is in addition to any legal 
requirements to report such information directly to parties outside the 
audited entity. Auditors should comply with these requirements even if 
they have resigned or been dismissed from the audit prior to its 
completion; 
Must: [Check]; 
Should: [Empty]. 

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Reporting Findings Directly to Parties Outside the Audited Entity; 
8.26: Auditors should obtain sufficient, appropriate evidence, such as 
confirmation from outside parties, to corroborate assertions by 
management of the audited entity that it has reported such findings in 
accordance with laws, regulations, and funding agreements. When 
auditors are unable to do so, they should report such information 
directly as discussed in paragraph 8.24; 
Must: [Check]; 
Should: [Empty]. 

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Conclusions; 
8.27: Auditors should report conclusions, as applicable, based on the 
audit objectives and the audit findings....;
Must: [Check]; 
Should: [Empty]. 

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Recommendations; 
8.28: Auditors should recommend actions to correct problems identified 
during the audit and to improve programs and operations when the 
potential for improvement in programs, operations, and performance is 
substantiated by the reported findings and conclusions. Auditors should 
make recommendations that flow logically from the findings and 
conclusions, are directed at resolving the cause of identified 
problems, and clearly state the actions recommended; 
Must: [Check]; 
Should: [Empty]. 

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Reporting Auditors' Compliance with GAGAS; 
8.30: When auditors comply with all applicable GAGAS requirements, they 
should use the following language, which represents an unmodified GAGAS 
compliance statement, in the audit report to indicate that they 
performed the audit in accordance with GAGAS....;We conducted this 
performance audit in accordance with generally accepted government 
auditing standards. Those standards require that we plan and perform 
the audit to obtain sufficient, appropriate evidence to provide a 
reasonable basis for our findings and conclusions based on our audit 
objectives. We believe that the evidence obtained provides a reasonable 
basis for our findings and conclusions based on our audit objectives; 
Must: [Check]; 
Should: [Empty]. 

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Reporting Auditors' Compliance with GAGAS; 
8.31: When auditors do not comply with all applicable GAGAS 
requirements, they should include a modified GAGAS compliance statement 
in the audit report. For performance audits, auditors should use a 
statement that includes either (1) the language in 8.30, modified to 
indicate the standards that were not followed or (2) language that the 
auditor did not follow GAGAS....;
Must: [Check]; 
Should: [Empty]. 

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Reporting Views of Responsible Officials; 
8.33: When auditors receive written comments from the responsible 
officials, they should include in their report a copy of the officials' 
written comments, or a summary of the comments received. When the 
responsible officials provide oral comments only, auditors should 
prepare a summary of the oral comments and provide a copy of the 
summary to the responsible officials to verify that the comments are 
accurately stated; 
Must: [Check]; 
Should: [Empty]. 

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Reporting Views of Responsible Officials; 
8.34: Auditors should also include in the report an evaluation of the 
comments, as appropriate....; 
Must: [Check]; 
Should: [Empty]. 

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Reporting Views of Responsible Officials; 
8.36: When the audited entity's comments are inconsistent or in 
conflict with the findings, conclusions, or recommendations in the 
draft report, or when planned corrective actions do not adequately 
address the auditors' recommendations, the auditors should evaluate the 
validity of the audited entity's comments. If the auditors disagree 
with the comments, they should explain in the report their reasons for 
disagreement. Conversely, the auditors should modify their report as 
necessary if they find the comments valid and supported with 
sufficient, appropriate evidence; 
Must: [Check]; 
Should: [Empty]. 

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Reporting Views of Responsible Officials; 
8.37: If the audited entity refuses to provide comments or is unable to 
provide comments within a reasonable period of time, the auditors may 
issue the report without receiving comments from the audited entity. In 
such cases, the auditors should indicate in the report that the audited 
entity did not provide comments; 
Must: [Check]; 
Should: [Empty]. 

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Reporting Confidential or Sensitive Information; 
8.38: If certain pertinent information is prohibited from public 
disclosure or is excluded from a report due to the confidential or 
sensitive nature of the information, auditors should disclose in the 
report that certain information has been omitted and the reason or 
other circumstances that makes the omission necessary; 
entity did not provide comments; 
Must: [Check]; 
Should: [Empty]. 

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Reporting Confidential or Sensitive Information; 
8.41: Considering the broad public interest in the program or activity 
under review assists auditors when deciding whether to exclude certain 
information from publicly available reports. When circumstances call 
for omission of certain information, auditors should evaluate whether 
this omission could distort the audit results or conceal improper or 
illegal practices; 
Must: [Check]; 
Should: [Empty]. 

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Reporting Confidential or Sensitive Information; 
8.42 When audit organizations are subject to public records laws, 
auditors should determine whether public records laws could impact the 
availability of classified or limited use reports and determine whether 
other means of communicating with management and those charged with 
governance would be more appropriate....;
Must: [Check]; 
Should: [Empty]. 

Chapter 8 - Reporting Standards for Performance Audits; 
Report Contents; 
Distributing Reports;
8.43: Distribution of reports completed under GAGAS depends on the 
relationship of the auditors to the audited organization and the nature 
of the information contained in the report. If the subject of the audit 
involves material that is classified for security purposes or contains 
confidential or sensitive information, auditors may limit the report 
distribution. … Auditors should document any limitation on report 
distribution. The following discussion outlines distribution for 
reports completed under GAGAS: [One of the following will apply 
depending on the type of audit organization.]; 
a. Audit organizations in government entities should distribute audit 
reports to those charged with governance, to the appropriate officials 
of the audited entity, and to the appropriate oversight bodies or 
organizations requiring or arranging for the audits. As appropriate, 
auditors should also distribute copies of the reports to other 
officials who have legal oversight authority or who may be responsible 
for acting on audit findings and recommendations, and to others 
authorized to receive such reports; 
b. Internal audit organizations in government entities may follow the 
Institute of Internal Auditors (IIA) International Standards for the 
Professional Practice of Internal Auditing. Under GAGAS and IIA 
standards, the head of the internal audit organization should 
communicate results to parties who can ensure that the results are 
given due consideration. If not otherwise mandated by statutory or 
regulatory requirements, prior to releasing results to parties outside 
the organization, the head of the internal audit organization should: 
(1) assess the potential risk to the organization, (2) consult with 
senior management and/or legal counsel as appropriate, and (3) control 
dissemination by indicating the intended users of the report; 
c. Public accounting firms contracted to perform an audit under GAGAS 
should clarify report distribution responsibilities with the engaging 
organization. If the contracted firm is to make the distribution, it 
should reach agreement with the party contracting for the audit about 
which officials or organizations will receive the report and the steps 
being taken to make the report available to the public; 
Must: [Check]; 
Should: [Empty]. 

[End of table] 

Footnotes:  

[1] U.S. Government Accountability Office, Government Auditing 
Standards, GAO-07-731G (Washington, D.C.: July 2007). 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation, and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates." 

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to: 

U.S. Government Accountability Office: 
441 G Street NW, Room LM: 
Washington, DC 20548: 

To order by Phone: 
Voice: (202) 512-6000: 
TDD: (202) 512-2537: 
Fax: (202) 512-6061: 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Gloria Jarmon, Managing Director, jarmong@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, DC 20548: 

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, DC 20548: