Sneak Preview: Auditors Making Internal Control Testing Errors

July 20, 2017 | By Jerry Ashworth | Post a Comment

xsass_bookshot(The following was excerpted from a recent article in the Single Audit Information Service.) Even though audit industry standards and provisions in the Office of Management and Budget’s uniform guidance require firms conducting single audits to perform procedures to obtain an understanding of the auditee’s internal control over compliance, a recent review of audit firms conducted by the American Institute of Certified Public Accountants (AICPA) still found numerous instances of auditors conducting insufficient tests of internal control, an auditor with Moss Adams LLP recently told attendees at the AICPA Not-for-Profit Conference in National Harbor, Md.

“We’re having some troubles as an audit community getting our act together as far as internal control,” said Erica Forhan, partner with Moss Adams’ Professional Practice Group.

Section 200.61 of the uniform guidance defines internal controls as “a process implemented by a nonfederal entity designed to provide reasonable assurance regarding the achievement of the following objectives: effectiveness and efficiency of operations; reliability of reporting for internal and external use; and compliance with applicable laws and regulations.” In response to the scope of audit provisions at §200.514(c)(2), firms performing single audits must: (1) perform procedures to obtain an understanding of internal control over federal programs sufficient to plan the audit to support a low-assessed level of control risk of noncompliance for major programs; (2) plan testing of internal control over the relevant compliance requirements for each major program; (3) perform testing of internal control as planned; and (4) report on internal control over compliance.

Forhan discussed the results of the recent AICPA Enhanced Oversight Project, in which audit subject matter experts assessed peer reviews of single audit engagements to determine the quality of the engagements and the reviews. The study determined that many peer reviewers were not identifying problems in these audit engagements. “If you are an audit firm doing single audits and you have a peer review, just because the peer reviewer hasn’t brought something to your attention, that doesn’t mean you are doing it right,” she stressed. “Peer reviewers are limited by their own knowledge and may not be catching the things you should know about.”

(The full version of this story has now been made available to all for a limited time on Thompson’s Grants Compliance Expert site.)

Post a Comment

Your email is never shared. Required fields are marked *