DOC

GUIDE FOR CONDUCTING EXTERNAL QUALITY

By Bradley Dunn,2014-05-19 23:01
11 views 0
A modified opinion should be considered when the quality control system did notWe have reviewed the system of quality control for the audit function of

    ADDENDUM 3

INSTRUCTIONS

Report Format. All reports should contain a transmittal letter, standardized language regarding

    the review, an opinion paragraph, and required exhibits. The page subsequent to the signature

    block should be entitled “Findings and Recommendations” and include all consequential matters

    of interest. Findings should be presented on an “issue” basis, linked by commonality (e.g.,

    similar causal factors, to promote cohesiveness, readability, and understanding). The detail

    provided should be limited to that which is necessary to persuasively establish the nature and

    extent of the weakness identified and the recommended corrective action. The reply of the

    reviewed entity should be summarized after the Recommendations and, in cases of disagreement,

    responded to, as necessary, by the external peer review team. A description of the external peer

    review scope and methodology, a listing of the offices visited, and the individual audits reviewed

    should be included as Exhibit A (see Attachment 1 for an example). General Comments, to

    include positive statements regarding best practices, etc., should be included as Exhibit B (see

    Attachment 2 for an example). The written reply of the reviewed organization should be

    included in its entirety as Exhibit C.

Transmittal Letters. The initial, or “discussion” draft shall be transmitted to the reviewed OIG

    prior to the exit conference (see Attachment 3 for an example). Subsequent to the exit

    conference, the draft report should be modified as needed. The final, or “official,” draft should

    then be transmitted with a request for formal written comments, generally within 30 days (see

    Attachment 4 for an example). The final report should again be modified as needed based upon

    the written response and transmitted to the reviewed OIG (see Attachment 5 for an example).

Opinions. Generally, three types of opinions can be issued: unmodified, modified, and adverse,

    although provision has also been made for a disclaimer.

    1

    a. Unmodified Opinion. An unmodified opinion should be issued when the review team

    found that the quality control system was designed adequately and was functioning as prescribed,

    and thus yielded reasonable assurance that GAGAS was met.

    b. Modified Opinion. A modified opinion should be considered when the quality control

    system did not function satisfactorily as prescribed to preclude significant deficiencies from

    arising in the conduct of audits; with the exception of the deficiencies noted, however, the

    quality control system provided reasonable assurance that GAGAS had been met. It is to be

    applied in situations where qualifications have been heretofore rendered; generally, the system

    was deemed to be adequate “except for” the deficiencies noted.

1 A disclaimer of opinion, although considered highly unusual, is nonetheless included as an option. Disclaimers

    would normally result only in those cases where records critical to selected audits could not be produced. In these

    cases, due diligence should be exercised to provide assurance that the underlying audits were not significantly

    flawed. Consideration may be given to selecting replacement audits (and thus lifting the disclaimer) only when the

    explanation provided for the missing records was reasonable and the number of instances was isolated.

    ADDENDUM 3

    c. Adverse Opinion. An adverse opinion should be considered when the quality control

    system was inadequate as prescribed, and not functioning adequately to provide reasonable assurance that the GAGAS was met.

    d. Disclaimer of Opinion. A disclaimer should be issued when the review was limited by

    conditions that precluded the application of one or more critical review procedures considered necessary in the circumstances and the review team could not accomplish the objectives of those procedures through alternative procedures.

    The formulation of the opinion should be based upon the overall conclusion drawn from the evaluation of the design of the reviewed organization‟s internal quality control system and the findings disclosed when determining the extent of compliance with the system.

    The significance of disclosed deficiencies in the review of audit reports should be determined by the extent to which it is found that the audits could not be relied upon due to failure to adhere to GAGAS. Reliability of reports can be impaired if, for example: evidence presented is untrue and findings are not correctly portrayed; findings and conclusions are not supported by sufficient, competent, and relevant evidence; evidence included in audit reports does not demonstrate the correctness and reasonableness of the matters reported; the report does not accurately describe the audit scope and methodology and findings and conclusions are not presented in a manner consistent with the scope of work; and/or the report contains errors in logic and reasoning. The pervasiveness (meaning identified in multiple audits issued by multiple organizational units) of the deficiencies should also be considered. A single, isolated (nonsystemic) deficiency would be insufficient to support a modified opinion unless extraordinary circumstances prevail (i.e., the magnitude of the deficiency significantly or irretrievably caused a lack of organizational credibility).

    If nonconformity with GAGAS is identified, the extent of the lack of adherence should be considered, given the flexibility afforded by the Standards. The field work standard related to supervision, for example, requires that “reviews of audit work should be documented.” As GAGAS is generally not prescriptive, it understandably contains limited specificity as to what actions must be evidenced to be considered “proper supervision.” In contrast, GAGAS provides

    for substantial leeway in fulfilling the standard contingent upon the circumstances of the audit, to include “the significance of the work, and the experience of the staff.” Reasonableness and

    judgment must be employed in assessing adherence with GAGAS. It is incumbent upon the peer reviewer to support assertions that GAGAS has not been met by citing the specific criteria (GAGAS provision) that was not compiled with and providing the basis for the conclusion.

    In the absence of identifying significant and pervasive deficiencies in the audits reviewed, design deficiencies alone generally would not be sufficient to result in a modification of the peer review opinion. If, however, reports are identified which are found to be unreliable, the causes of the deficiencies need to be examined, particularly as to whether design deficiencies were the sole or contributing factor. Causes attributable to design flaws in the system generally are of greater concern in that the system should contain the necessary methods and measures to preclude, or detect in a timely manner, lack of adherence with GAGAS. If the design appears adequate as

    ADDENDUM 3

    prescribed but the deficiencies noted in reviewed reports were due to lack of compliance with the system, the design itself may need to be strengthened in order to foster compliance.

    Illustrative Reports

[DATE]

To (Name), Inspector General

    (Name of Agency)

All Reports

    We have reviewed the system of quality control for the audit function of (name of the OIG) in effect for the year ended June 30, 20XX. A system of quality control encompasses the OIG‟s organizational structure, and the policies adopted and procedures established to provide it with reasonable assurance of conforming with generally accepted government auditing standards (GAGAS). The elements of quality control are described in GAGAS, promulgated by the Comptroller General of the United States. The design of the system, and compliance with it in all material respects, are the responsibility of (the reviewed OIG). Our objective was to determine whether the internal quality control system was adequate as designed and complied with to provide reasonable assurance that applicable auditing standards, policies, and procedures were met. Our responsibility is to express an opinion on the design of the system and the OIG‟s compliance with the system based on our review.

    Our review was conducted in accordance with the guidelines established by the President‟s Council on Integrity and Efficiency and the Executive Council on Integrity and Efficiency. In performing our review, we obtained an understanding of the system of quality control for the OIG. In addition, we tested compliance with the OIG‟s quality control policies and procedures to

    the extent we considered appropriate. These tests included the application of the OIG‟s policies and procedures on selected audits. Because our review was based on selective tests, it would not necessarily disclose all weaknesses in the system of quality control or all instances of lack of compliance with it. Nevertheless, we believe that the procedures we performed provide a reasonable basis for our opinion.

    Because there are inherent limitations in the effectiveness of any system of quality control, departures from the system may occur and not be detected. Also, projection of any evaluation of a system of quality control to future periods is subject to risk that the system of quality control may become inadequate because of changes in conditions, or because the degree of compliance with the policies or procedures may deteriorate.

    Our scope and methodology appears as Exhibit A. General comments (if applicable) appear as Exhibit B.

    ADDENDUM 3

    UNMODIFIED OPINION REPORT

In our opinion, the system of quality control for the audit function of the (name of OIG) in effect

    for the year ended June 30, 20XX, has been designed to meet the requirements of the quality

    control standards established by the Comptroller General of the United States for a Federal

    Government audit organization and was complied with during the year ended to provide the OIG

    with reasonable assurance of conforming with applicable auditing standards, policies, and

    procedures.

(If applicable, insert the following: We noted, however, conditions that warrant your attention

    though they did not impact our opinion. These matters are described in the Findings and

    Recommendations that follow. Also, refer to Exhibit B, General Comments, if applicable)

Findings and Recommendations2

Finding 1. Independence - Required Checklist Not Completed.

For every audit, the OIG's quality control policies and procedures require each member of the

    audit team to complete a checklist designed to help identify personal and external impairments to

    independence and document compliance with the Government Auditing Standards‟ independence requirements. These checklists were not completed on three of the ten audits

    reviewed. Based on discussions with the members of the audit teams involved, we concluded that

    no actual impairments existed.

    Recommendation - The OIG should reemphasize its policy on independence checklists and amend its referencing checklist to include a review item for the completion of the independence

    checklist.

Views of Responsible Official. Agree.

Finding 2. Audit Performance Timeliness of Supervisory Review of Work

The OIG's policies and procedures require that supervisors be involved and review work on an

    on-going basis throughout the audit. On four of ten audits reviewed, documentation of the

    supervisory review of the work indicated it occurred solely at the end of the audit. According to

    the supervisors involved, review was performed onsite during the course of the audit but was not

    always documented at the time of the review. We confirmed these assertions via review of travel

    vouchers and did not note any other deficiencies in the audit process in the reports we reviewed.

    2 The findings presented in this Addendum are for the purpose of illustrating the reporting format. They

    are not intended to illustrate complete presentations of findings. Other information, such as in which or how many

    offices a condition was found, the cause of a problem, and the potential or actual effect should be included for a

    complete presentation of the findings.

    ADDENDUM 3

Recommendation - OIG management should reemphasize the need to document supervisory

    reviews in a timely manner.

Views of Responsible Official. Agree.

Signature

    ADDENDUM 3

    MODIFIED OPINION REPORT

    Example 1

In our opinion, except for the deficiency(ies) described in the following Findings and

    Recommendations, the system of quality control for the audit function of the (name of OIG) in

    effect for the year ended June 30, 20XX, has been designed to meet the requirements of the

    quality control standards established by the Comptroller General of the United States for a

    Federal Government audit organization and was complied with during the year ended to provide

    the OIG with reasonable assurance of conforming with applicable auditing standards, policies,

    and procedures.

Findings and Recommendations

Finding 1. Systemic Noncompliances in Audit Reports

Deficiencies were identified in four of the ten audit reports we examined that limited the

    reliability of the reports. These four audits were issued by two of the four audit divisions

    reviewed. We attributed these deficiencies to the absence of control measures in the

    organization‟s policies and procedures designed to assure compliance with stated requirements.

    The deficiencies found, and the impact they had on the reliability of the reports, are summarized

    below:

    1. Report No. xx, “Title” (Date). Our review of this report disclosed eight significant

    deficiencies that impacted the report. (Provide examples, such as: “The report stated that

    the actions taken by the program office were in noncompliance with Departmental

    Regulation No. xx „Title.‟ The support contained in the audit documentation shows that

    the program office was in compliance with the regulation as it existed at the time the

    program office took the action. The audit documentation shows that the issue for which

    noncompliance was cited did not become effective until six months later. Therefore, the

    report finding was inaccurate and the recommendation was not applicable. Although an

    independent referencing step in the guide called for validation of the finding‟s criteria, we

    were informed that it was not performed due to time constraints.”

2. (et al) Report No. xx, "Title" (Date)

Recommendation - The OIG should strengthen its referencing requirements to include a

    certification by the referencer that all required steps have been completed.

Views of Responsible Official. Agree. The OIG will revise its referencing checklist as

    recommended.

    Reportable Conditions Not Affecting the Opinion

    ADDENDUM 3

Finding 2. Continuing Professional Education Records Incomplete

Our review of the continuing professional education (CPE) records of 20 employees selected at

    random disclosed that 9 (45%) were incomplete. The records showed that the nine employees

    had accrued between 55-70 CPE hours, whereas GAGAS requires at least 80 hours every 2 years.

    Our further review disclosed that 7 of the 9 employees had evidence to show that they had, in

    fact, earned the requisite number of hours but the official records had not been properly or timely

    updated. The remaining 2 employees could not provide any additional documentation to support

    that the required 80-hour threshold had been met. Accurate CPE records are critical evidence to

    support an OIG‟s fulfillment of the General Standard of Competence.

Recommendation The OIG should establish controls to provide reasonable assurance that CPE

    records are accurate, up-to-date, and that all affected employees meet the GAGAS CPE

    requirements.

    Views of Responsible Officials. Agree. The OIG will establish controls to ensure the CPE requirements are met and that the centralized record is accurate.

Signature

    ADDENDUM 3

    ADVERSE OPINION REPORT

In our opinion, because of the deficiency(ies) described in the following Findings and

    Recommendations, the system of quality control for (the OIG) in effect for the year ended June

    30, 20XX, has not been designed to meet the requirements of the quality control standards

    established by the Comptroller General of the United States for a Federal Government audit

    organization and was not complied with during the year ended, to provide reasonable assurance

    of conforming with applicable auditing standards, policies, and procedures.

    Findings and Recommendations

Finding 1. Quality Control System Weaknesses

The OIG‟s quality control system does not include a quality control process for each audit, such

    as independent referencing, and was not otherwise compensated for. As a result, the system as

    designed did not provide reasonable assurance that applicable auditing standards, policies, and

    procedures were met. The system design inadequacies were attributable to management‟s

    determination that a quality control process for each audit was redundant, given other control

    measures, such as supervisory reviews. In addition, our review of individual audits disclosed

    significant deficiencies in eight of the ten audit reports reviewed. These eight audit reports were

    issued by all four of the audit divisions reviewed. In our opinion, these deficiencies had not been

    precluded or detected in a timely manner due to the quality control system weaknesses. The

    significant deficiencies found and the impact they had on the reliability of these eight reports are

    summarized below:

1. Report No. xx, “Title” (Date). Our review of this report disclosed fifteen significant

    deficiencies that negatively impacted the reliability of the audit report. (Provide examples, such

    as: “The audit report stated that internal controls had been evaluated over the program activity

    audited but the audit program did not include a provision for internal control testing nor did the

    audit documentation reflect the performance of any such tests. Our discussions with audit

    management and assigned staff disclosed that they interpreted program compliance issues to be

    internal control weaknesses, and thus formalized testing was not needed. We attributed the

    report‟s misstatements to a lack of formalized policies and procedures requiring an independent

    quality control process for each audit.”

    2-8. Report No. xx, “Title” (Date).

Recommendation - The OIG should develop and implement policies for providing reasonable

    assurance of the accuracy of data in final audit reports such as a quality control process for each

    audit.

    Views of Responsible Official. Agree. The OIG will immediately develop and implement policies establishing an independent referencing process to provide reasonable assurance of the

    accuracy of data in final audit reports.

Signature

    ADDENDUM 3

    DISCLAIMER OF OPINION

We were unable to express an opinion on the system of quality control for the audit function of

    the (name of OIG) in effect for the year ended June 30, 20XX, because audit documentation

    requested for selected audits was not made available and the absence of these records precluded

    the application of alternative tests.

Accordingly, the scope of our work was not sufficient to enable us to express, and we do not

    express, an opinion on the system of quality control.

Signature

Note: Verbiage used in the reporting examples throughout this Addendum, though modified, was drawn

    extensively from the AICPA‟s “Standards for Performing and Reporting on Peer Reviews.”

    Attachment 1 REPORTS ON EXTERNAL PEER REVIEWS

    Peer Review Scope and Methodology (Exhibit A)

Scope and Methodology

Identify the peer review scope and methodology. For example:

We tested compliance with the Office of Inspector General‟s system of quality control to the

    extent we considered appropriate. These tests included a review of X of XX audit reports issued

    during the September 30, 20XX, March 31, 20XX, and semiannual reporting periods. In

    addition, we reviewed the financial statement audit and [and/or] monitoring activities covering

    the FY 20XX financial statements for [Agency/Department] [that were performed under contract

    by [CPA firm].] We also reviewed the internal quality control reviews performed by the

    [reviewed OIG].

OIG Offices Reviewed

Identify locations visited/reviewed. For example:

We visited the Houston, TX; Louisville, KY; and Atlanta, GA offices of the [OIG organization

    reviewed].

Audit Reports Reviewed

Identify audit reports selected for review. For example:

Report Number Report Date Report Title

    AA9908765C 12/30/20XX Audit Report on Research on the

    Hibernating Habits of Polar Bears

Report this document

For any questions or suggestions please email
cust-service@docsford.com