GASBS 63 and 65 (Deferred Outflows and Deferred Inflows) – A Summary

It’s time to pay closer attention to two standards issued by the Governmental Accounting Standards Board (GASB):

  • Statement No. 63 – Financial Reporting of Deferred Outflows of Resources, Deferred Inflows of Resources, and Net Position
  • Statement No. 65 – Items Previously Reported as Assets and Liabilities

What are the effective dates for Statements 63 and 65?

  • GASBS 63 is effective for periods beginning after December 15, 2011; earlier application encouraged
  • GASBS 65 is effective for periods beginning after December 15, 2012; earlier application encouraged

It is best to implement GASBS 63 and 65 at the same time.

What is the purpose of these changes?

To put it succinctly, GASB is using one of its conceptual statements (specifically Concepts Statement 4) to make revisions to reporting requirements (to include deferred outflows and deferred inflows).

Prior to GASBS 63 and 65, debit balances were reported on the statement of net position (balance sheet) as assets; similarly, all non-equity credits were reported as liabilities. The new standards add deferred outflows and deferred inflows to the mix.

All debit balances in the statement of net position will be reported as:

  • Assets
  • Deferred Outflows

Assets represent present service capacity to the government; deferred outflows (e.g., prepaid bond insurance) represent the consumption of net position applicable to future reporting periods.

Liabilities represent amounts to be paid; however, some amounts previously reported as liabilities (e.g., deferred property taxes) involve no future payment. Consequently, with the implementation of GASB 63, all non-equity credits in the statement of net position will be reported as:

  • Liabilities
  • Deferred Inflows

The difference in liabilities and deferred inflows is primarily resources that are going out and resources that are coming in. Liabilities normally represent a future surrender of resources; deferred inflows do not.

What are the main points of GASBS 63?


This statement distinguishes assets from deferred outflows of resources and liabilities from deferred inflows of resources.

Additionally, many of your financial statement titles (e.g., Statement of Net Position), categories (e.g., Assets and Deferred Outflows of Resources), and notes will change. Net Assets will now be labeled Net Position.

The five elements of the statement of net position are:

  1. Assets
  2. Deferred Outflows of Resources
  3. Liabilities
  4. Deferred Inflows of Resources
  5. Net Position

The three categories of net position are:

  1. Net Investment in Capital Assets
  2. Restricted
  3. Unrestricted

Note – The requirement to change to a statement of net position (rather than a statement of net assets) – a GASBS 63 change – occurs one year earlier than the requirements of GASBS 65; you are required to change the term net assets to net position even though you may not have any deferred outflows or inflows until GASBS 65 is implemented – possibly a year later. Again it is easier to simply implement both GASBS 63 and 65 at the same time (both can be early adopted).

What are the main points of GASBS 65?


  • It identifies the specific items to be categorized as deferred inflows and deferred outflows.
  • It clarifies the effect of deferred inflows and deferred outflows on the major fund determination.
  • It limits the use of the term deferred in financial statements.

What are some examples of specific items to be categorized as deferred inflows and deferred outflows?

  • The gain or loss from current or advance refundings of debt (the gain or loss will no longer be netted with the related debt but will be shown separately as a deferred outflow or a deferred inflow)
  • Prepaid insurance related to the issuance of debt
  • Property taxes received or accrued prior to the period in which they will be used

How should debt issuance costs be treated?

Debt issuance costs should be expensed when incurred. GASB concluded that debt issuance costs do not relate to future periods, and, therefore, should be expensed.

If your government has debt issuance costs (recorded as assets), you will need to remove them as you implement these standards (using a prior period adjustment).

How should cash advances related to expenditure-driven grants be recorded?

Cash advances from expenditure-driven grants should be recorded as unearned revenue (a liability). The key eligibility requirement for an expenditure-driven grant is the use of funds (which does not occur until funds are spent). Any grant funds received prior to meeting eligibility requirements will be shown as a liability. It is improper to use the word deferred for this line item; for example, deferred revenue is not appropriate. The more appropriate title is unearned revenue.

How do these standards affect the determination of major funds?

Assets should be combined with deferred outflows of resources and liabilities should be combined with deferred inflows of resources for purposes of determining which elements meet the criteria for major fund determination.

New Data Collection Form – Single Audits

To what years will the new data collection form (DCF) apply?

Audit periods ending in 2013, 2014 and 2015

When will the form be finalized?

The form was to be finalized by late November, but the government shut-down may delay this time-frame. (The first Federal Register notice was issued in May with a comment due date of July 8, 2013. A second Federal Register notice was to be issued in mid-October, but, again, the federal shut-down will probably delay this date.)

Has OMB provided an extension for filing due-dates?

The Federal Audit Clearinghouse (FAC) web site states (or at least before the government shutdown stated):

If a single audit for a fiscal period ending in 2013 is due
before the 2013 Form is available, auditees will not be able
to meet the thirty day deadline for submission prescribed
by OMB Circular A-133 §_.320(a). Therefore, OMB has
granted an extension until December 31, 2013, for
reporting packages due to the Clearinghouse before
that date. The extension is automatic and there is no
approval required. The extension applies only to single
audits for the fiscal periods ending in 2013.

(New extended date through January 31, 2014 – as of November 7, 2013; click here for more information.)

When will the new Internet Data Entry System (IDES) be available?

It was suppose to be available on October 7, 2013. I tried to access the site today (October 14, 2013), but, due to the government shut-down, it was not available.

Will there be any changes in registration?

Each user must create one account using one email address; this is true even if you have used the system prior to the update. You will only register once. On the new log-in page, you will see “Register” just under the “Account Log-in” section; click “Register” to access the registration screen.

CaptureOn the registration page, you will enter:

  1. Your name
  2. Your email address

The name entered here will not show up on the data collection form; it is purely for communication purposes with the FAC. Your new account name will be your email address.

Then click the “register” tab.

Now you will receive a confirmation email from; this email will have a hotlink that you will click. Clicking the link will take you to a password entry screen. Now enter your unique password. These passwords will expire after 60 days, regardless, and 30 days if there is no activity. Passwords cannot be reused.

The passwords must meet the following requirements:

  1. 12 characters in length (minimum)
  2. must contain at least one of each of the following:
    1. Upper case letters (A-Z)
    2. Lower case letters (a-z)
    3. Numbers (0-9)
    4. Special characters from !@#$%^&*()
    5. No character repeated more than 4 times (Charles22222# will not work)

For example: ThisisComplicated2556!  – This works (even though it’s complicated).

Previous submissions will be available (the system matches email addresses used for previous reports).

Once you enter your password, you can go to the “Account Home.”


From here you will enter, revise or view your report.

You will see new improved data entry formats; I think you will like them. They are cleaner and easier to understand.

There is still a requirement for auditor and auditee certification. On the “Submission Access” page you will need to enter an email address for the auditor and the auditee. (The auditee will receive a password email like the one you – the auditor – received.)

You will also be required to submit an unlocked and unencrypted audit report. You can find instructions for creating a compliant PDF Single Audit Report at: (this link may not work until the government shutdown is resolved).

There is a requirement that audit reports be unlocked and unencrypted beginning with the 2014 reports. (The auditor will receive a warning page for 2013 reports that don’t comply, but the report can still be submitted.)


I must say it concerns me greatly that CPA firms are being required to submit unlocked and unencrypted files. These reports contain signed CPA firm opinions. Could not someone change the numbers?

Corporate Account Takeover

On March 17, 2010, cyber thieves hacked into the computers of Choice Escrow and stole the login ID and password to their online banking account. With that information, the thieves were able to submit a $440,000 wire transfer from Choice Escrow’s bank account to an account in Cyprus.


Courtesy of

When Choice Escrow and the bank were unable to resolve their differences, Choice Escrow filed suit. The back-and-forth legal battle lasted until March 18, 2013 when a court ruled the loss was the responsibility of Choice Escrow. A major determining factor in the decision was Choice Escrow’s refusal of the dual control security mechanism offered by Bancorpsouth Bank. According to Article 4A of the Uniform Commercial Code, if an institution offers a reasonable security procedure to a commercial customer and that customer turns down that security procedure, then the customer is liable in the event of a loss.

Bancorpsouth Bank offered dual control to Choice Escrow twice. Not only did the bank offer this security feature to Choice Escrow, but Bancorpsouth also documented the customer’s refusal to use the security feature. The documentation of the customer’s refusal of the security features was a determining factor in this case. From a bank’s perspective, this case underscores the importance of a written agreement with commercial online banking customers and, more importantly, the importance of documenting the security procedures offered to those customers. From a user’s perspective, the case highlights the need to use the security procedures offered.

Corporate Account Takeover

Corporate account takeover is a term which has become more prevalent over recent years. Generally speaking, corporate account takeover occurs when an unauthorized person or entity gains access or control over another entity’s finances or bank accounts. This usually results in the theft of money in the form of fraudulent wire transfers or ACH transactions.

These fraud schemes first began to be noticed in 2005 but have since become much more widespread and frequent. Recent statistics have revealed that the fraudsters carrying out these schemes are actually becoming less successful in getting money out of a bank account. This reduction is due to both increased efforts on the part of the financial institutions, as well as better education of the customer to help them avoid becoming a target.

Usually, the financial institutions themselves are not the targets of the attack but rather the corporate customers of the institution. Using malware, social engineering and various other methods, the fraudster obtains information about the customer’s online banking credentials. Once the online banking credentials have been obtained, a request for wire or ACH transfers is placed by the thief. Any business may be targeted for these types of attacks, but those at risk mostly are small businesses, governments, and nonprofits who have limited resources to protect against such threats.

This Post Contributed by John McLeod

This post was contributed by John McLeod, one my firm associates who audits financial institutions and specializes in technology issues. John is a CPA and is CISA certified. He often speaks to banking groups about technology and internal controls. You can reach him at

Click here to see my recent post about wire fraud prevention.

Additional Yellow Book Requirements for Performing Financial Audits

Previously, we discussed the applicability of the Yellow Book to your audits. (The Yellow Book is commonly applicable when required by grant agreement or by law – e.g., state law.)

So if the Yellow Book is applicable to your audit, what additional audit performance requirements are in play?

There are five areas where generally accepted government auditing standards (GAGAS; a.k.a. the Yellow Book) specifies additional audit requirements for performing the engagement:

  1. Auditor communications
  2. Previous audits and attestation engagements
  3. Fraud, noncompliance with provisions with laws, regulations, contracts, and grant agreements, and abuse
  4. Developing elements of a finding; and
  5. Audit documentation

Let’s take a look at each requirement.

Auditor Communications

Paragraph 4.03 of the Yellow Book states:

when performing a GAGAS financial audit, auditors should communicate pertinent information that in the auditors’ professional judgment needs to be communicated to individuals contracting for or requesting the audit, and to cognizant legislative committees when auditors perform the audit pursuant to a law or regulation, or they conduct the work for the legislative committee that has oversight of the audited entity. This requirement does not apply if the law or regulation requiring an audit of the financial statements does not specifically identify the entities to be audited, such as audits required by the Single Audit Act Amendments of 1996

Previous Audits and Attestation Engagements

Paragraph 4.04 of the Yellow Book states:

auditors should evaluate whether the audited entity has taken appropriate corrective action to address findings and recommendations from previous engagements that could have a material effect on the financial statements or other financial data significant to the audit objectives

Fraud, Noncompliance with Provisions with Laws, Regulations, Contracts, and Grant Agreements, and Abuse

Paragraph 4.06 of the Yellow Book states:

auditors should extend the AICPA requirements pertaining to the auditors’ responsibilities for laws and regulations to also apply to consideration of compliance with provisions of contracts or grant agreements

Developing Elements of a Finding

Paragraph 4.10 of the Yellow Book states:

when auditors identify findings, auditors should plan and perform procedures to develop the elements of the findings that are relevant and necessary to achieve the audit objectives

The elements of a finding (per the Yellow Book) are:

  1. Criteria
  2. Condition
  3. Cause
  4. Effect or potential effect

Audit Documentation

Paragraph 4.15 of the Yellow Book requires additional documentation of:

  1. supervisory review, before the report release date, of the evidence that supports the findings, conclusions, and recommendations contained in the auditors’ report
  2. any departures from the GAGAS requirements and the impact on the audit and on the auditors’ conclusions when the audit is not in compliance with applicable GAGAS requirements due to law, regulation, scope limitations, restrictions on access to records, or other issues impacting the audit

See paragraphs 4.02 through 4.16 of the 2011 Yellow Book for additional information concerning the information provided above. We have addressed, in this post, additional requirements in performing a Yellow Book audit; please be mindful there are also additional reporting requirements.