Category Archives for "Local Governments"

Dec 12

The New COSO Framework

By Charles Hall | Accounting and Auditing , Fraud , Local Governments

Rita Crundwell, the former comptroller for Dixon, Illinois, stole over $53 million from a city of 16,000 people with an annual budget of $6 to $8 million. In the early 1990s, she opened a secret bank account in the name of the city and began transferring funds (disguised as payments to the Illinois DOT). The monies (in the secret account) were used by Rita to fund one of the nicest quarter horse ranches in the world.

The theft was simple. The damage was massive.

COSO Framework

Picture courtesy of DollarPhoto.com

Losses from fraud and other risks can happen to any organization that lacks sufficient internal controls. Therefore, it’s imperative that your business, government, or nonprofit create a sound working internal control system.

Why COSO?

Prior to 1992 (the year COSO’s internal control framework came into existence), internal control guidance was sparse. Accountants knew that controls were needed, but many had no model to follow.

COSO to the Rescue

The Committee of Sponsoring Organizations (COSO), consisting of five organizations, such as the AICPA, came together to develop an internal control framework that accountants could use in any organization. Those standards have served well over the last twenty years, but with many changes in technology (e.g., cloud computing), the uptick in laws and regulations (e.g., Sarbanes Oxley), the increase in outsourcing (e.g., payroll), and the higher incidence of fraud, it became apparent that the framework needed amendments. So the COSO did just that, releasing the updated framework in May 2013; the effective date of the guidance is December 15, 2014.

The Hip Bone Connected to the Leg Bone

COSO added greater definition and guidance in regard to the five internal control components created back in 1992:

  1. Control Environment
  2. Risk Assessment
  3. Control Activities
  4. Information and Communication
  5. Monitoring

As the 1992 framework states, these five components should be holistically integrated to create a healthy and safe control environment for business, nonprofits, and other organizations.

And what does this integration look like?

Every entity needs ethical leadership (the control environment). Those leaders identify key risk areas, usually in terms of likelihood and dollar impact. Once the risk areas are known, controls are designed and implemented (control activities) to ensure the creation of financial information (information and communication). Lastly, the organization monitors the system to ensure that it all works as planned (monitoring).

Most auditors (and those who design internal controls) usually emphasize the control activities component. The reason? Audit opinions relate to financial statements and deficiencies in control activities often allow misstatements to occur. The result? The reporting of significant deficiencies and material weaknesses. As auditors issue control deficiency letters, they tend to focus on control activities, though those communications can and should address deficiencies in the other four internal control components.

What changed in the new COSO framework?

Key changes in the 2013 framework include:

  • The addition of 17 principles (each related to one of the five control components listed above)
  • The addition of points of focus (each applicable to one of the 17 principles)
  • An increased focus on fraud
  • An increased focus on governance
  • An increased focus on information technology
  • An increased focus on compliance with laws and regulations

Why should I care about these changes?

Think of the COSO framework as the fountainhead of all that is good in internal control land. And once COSO speaks, other important bodies (e.g., the AICPA Auditing Standards Board) listen and absorb what is published. Remember SAS 109, Understanding the Entity and Its Control Environment, issued in 2006? Guess where the five control components (control environment, risk assessment, control activities, information and communication, and monitoring) came from? Don’t be surprised if you see the 17 new COSO principles–and possibly the points of interest–embedded in future audit standards.

In any event, the new COSO guidance is a great place for any business or organization to develop a control system that identifies and mitigates risks.

Then disasters–like the one in Dixon, Illinois–can be avoided.

Deeper Dive

If you are interested in more information about the new COSO guidance, consider purchasing the book Executive’s Guide to COSO Internal Controls by Robert Moeller. Mr. Moeller provides a nice summary of the framework along with implementation steps.

You can buy the COSO Framework here.

Oct 17

Trick or Treat? GASB 68: The Governmental Pension Standard

By Charles Hall | Accounting and Auditing , Local Governments

GASB 68 (Accounting and Financial Reporting for Pensions) has eaten GASB 27–RIP.

The magic date when the Great Pumpkin–the net pension liability–will rise out of the footnotes and land on the statement of net position is quickly approaching (year-ends of June 30, 2015). Instead of saying, “It’s the Great Pumpkin Charlie Brown!” we’ll be saying, “It’s the Great Debt Charlie Brown!” ARRG.

Courtesy of iStockphoto.com

Courtesy of iStockphoto.com

GASB 27 was a kind spook, allowing governments to bury pension liabilities in the notes. As long as public entities paid the “annually required contribution–ARC,” no liabilities were recognized on the statement of net position. But this is all changing. We have a new beast: the net pension liability–NPL, which will be recognized on the statement of net position. And, of course, as liabilities increase, equities (net positions) decrease. One saving grace: modified accrual accounting; governmental funds will not record the NPL, but the pension liability will appear on full accrual statements (i.e., government-wide statements and enterprise funds).

Under GASB 27, the ARC was treated as the funding amount. No longer. GASB 68 divorces funding from the pension expense.

So what is net pension liability?

It is the portion of the present value of projected benefit payments to be provided through the pension plan to current active and inactive employees that is attributed to those employees’ past periods of service, less the amount of the pension plan’s fiduciary net position.

In simple terms, it’s the computed debt less assets set aside for future payments.

What journal entry will be made to record the NPL?

Initial Entry to Record Pension Liability

AccountDr.Cr.
Net Position (Equity)XXXX
Net Pension LiabilityXXXX

Additionally, if the government previously recorded a net pension obligation (the result of the ARC not being paid), then this liability will also be removed (debited) as you record the NPL.

More Volatility

Governments will experience more volatility in their pension expenses since smoothing techniques are no longer used. Keep in mind that funding can (and I expect will be) fairly level. The pension expense is not intended to establish funding amounts. As a consequence, cash paid to fund the pension plan may remain fairly stable while the pension expense swings widely. Changes in the market value of pension plan investments will be felt more abruptly as they impact pension expense.

Changes Included in Current Pension Expense

Statement 68 requires that most changes in the net pension liability be included in pension expense in the period of the change. For example, changes in the total pension liability resulting from current-period service cost, interest on the total pension liability, and changes of benefit terms are required to be included in pension expense immediately. Projected earnings on the pension plan’s investments also are required to be included in the determination of pension expense immediately.

Changes Included in Current and Future Pension Expense

The effects of certain other changes in the net pension liability are required to be included in pension expense over the current and future periods. Changes in the net pension liability not included in pension expense are required to be reported as deferred outflows of resources or deferred inflows of resources related to pensions.

The effects on the total pension liability of (1) changes of economic and demographic assumptions or of other inputs and (2) differences between expected and actual experience are required to be included in pension expense in a systematic and rational manner over a closed period equal to the average of the expected remaining service lives of all employees that are provided with benefits through the pension plan (active employees and inactive employees), beginning with the current period.

The effect on the net pension liability of differences between the projected earnings on pension plan investments and actual experience with regard to those earnings is required to be included in pension expense in a systematic and rational manner over a closed period of five years, beginning with the current period.

Trick or Treat

When Charlie Brown would go Trick or Treating, he’d say, “I got a rock.” Governments, after knocking on the GASB 68 door, may feel the same way. Those entities that have not properly funded their pension plans will see sizable hits to their net position. Worse yet, a poorly funded plan is required to use a lower discount rate which increases the net pension liability.

If your government has debt covenants, it would be wise to consider the potential effects of these changes now.

Sep 30

Yellow Book: Preparation of Financial Statements – Threat to Independence?

By Charles Hall | Accounting and Auditing , Local Governments

An auditor’s preparation of financial statements can create an independence impairment. The self-review threat has to be overcome.

It was over two years ago that I posted the following information. I’m doing so again, just as a reminder and to provide some clarification.

There has been a great deal of discussion about maintaining independence when an external audit firm prepares the financial statements subject to the Yellow Book.

gao-yellow-book-199x300

Does the preparation of financial statements – considered a nonattest service – impair the external auditor’s independence?

In some cases, the answer is “yes”.

Let’s see how you can avoid this potential problem.

AICPA Practice Aid 

If you identify a significant threat to independence, then safeguards should be implemented to mitigate the threat; both the threat and the safeguards must be documented. (See examples below.)

The AICPA offers an editable 2011 Yellow Book Independence Documentation Practice Aid for $28 (for AICPA members);  the aid, which I recommend, can be purchased at: www.cpa2biz.com.

Yellow-Book-Practice-Aidt-300x198

The following examples were taken from that practice aid (I have bolded certain words):

Preparation of Financial Statement – Threats to Independence

Example 1 (Client has sufficient skill, knowledge or experience (SKE), no significant threat)

The auditor has been requested to prepare the financial statements for an audited entity for which the requirements for performing nonaudit services have been met under paragraphs 3.37 and 3.39 (client assumes responsibility) of the 2011 Yellow Book.  The auditor considered the following in evaluating whether a significant threat to independence existed:

The audited entity’s books and records are substantially complete and accurate.  Few, if any, correcting entries are expected to be proposed.

The individual designated by the audited entity who oversees the preparation of the financial statements possesses SKE sufficient to reperform the service, not just oversee the service.  The designated individual, in order to make better use of his or her time, has asked the auditor to prepare the financial statements. The designated individual will also review the draft financial statements using a comprehensive disclosure checklist.

This is the only nonaudit service that the auditor has been requested to perform.

Conclusion:  Based on the foregoing; the auditor reached the conclusion that preparation of the financial statements would not result in a significant threat to independence; therefore, it is not necessary to apply safeguards.

Example 2 (Client has sufficient SKE, but cannot reperform the preparation of the financial statements, significant threat)

The auditor has been requested to prepare the financial statements for an audited entity for which the requirements for performing nonaudit services have been met under paragraphs 3.37 and 3.39 (client assumes responsibility)  of the 2011 Yellow Book.  The auditor considered the following in evaluating whether a significant threat to independence existed:

The audited entity’s books and records are substantially complete and accurate.  Few, if any, correcting entries are expected to be proposed.

The individual designated by the audited entity who oversees the preparation of the financial statements possesses SKE sufficient to oversee the service but is not capable of reperformance.

This is the only nonaudit service that the auditor has been requested to perform.

Conclusion:  Based on the foregoing; the auditor reached the conclusion that preparation of the financial statements would result in a significant threat to independence; therefore, it would be necessary to apply safeguards.

aid-example

 Safeguards

When there is a significant threat, the audit firm must apply safeguards; here are some examples of such safeguards:

  1. Have someone not involved in planning or supervising the audit engagement review the financial statements before releasing the statements.
  2. Educate management on the nonaudit services performed by reviewing and explaining the basis for preparing the financial statements, so that management is in a position to determine or approve all assumptions and judgments and take responsibility for the financial statements.
  3. Request that the audited entity complete a disclosure checklist as part of the overall review of the financial statements.
  4. Include the audit engagement as a required Engagement Quality Control Review under the audit firm’s system of quality control.

Not all of these safeguards need be applied, just the ones necessary to reduce the risk to an acceptable level.

Required Minimums

The audited entity must always accept responsibility for the financial statements and must approve them or else the general requirements under Interpretation No. 101-3 and paragraph 3.37 of the 2011 Yellow Book will not be met.

In all cases, management (or its designee) must possess sufficient skill, knowledge or experience; the designee may be a second CPA firm or professional but cannot be the audit firm.

Note as of November 19, 2017: The GAO is working on a revision of the Yellow Book. So, once the new Yellow Book is issued, you’ll need to follow that guidance. 

Jul 25

Fraud Prevention for Small Governments

By Charles Hall | Fraud , Local Governments

Many small governments suffer losses from theft since they lack a sufficient number of employees to segregate accounting duties. There are, however, steps you can take to protect your resources. In this post, I provide ideas for fraud prevention in small governments.

Most government officials don’t realize that external audits are not designed to detect immaterial fraud (immaterial can be tens of thousands of dollars – sometimes even more). Such officials incorrectly believe that a clean opinion means no fraud is occurring in their locale – this is a mistake. External financial statement opinion audits are not designed to look for fraud at immaterial levels. Even if your government has an external audit, consider implementing fraud prevention procedures.

fraud prevention for small governments

In a typical small government accounting setting, the city of In Between (as in between two stop lights) (population 1,202) has a mayor and three council members. The city has one bookkeeper (we’ll call him Dale) who orders and receives all purchased items; he writes all checks, reconciles bank statements, and keys all transactions into the accounting system. Dale also receipts all collections and makes all deposits. Mayor Chester signs all checks (vendor and payroll). (In a long-standing tradition, the mayor also graces the city Christmas parade float as Santa Claus.) With so little segregation of duties, what can be done?

The smaller the government, the greater the need for fraud prevention – even if Santa Claus in involved. And yet, these are the governments that most often don’t have the resources–whether the money to pay for outside assistance or employees to segregate duties–to prevent fraud. Here are few ideas for even the smallest of governments.

Low-Cost Fraud Prevention

First, let’s look at low-cost fraud prevention options:

  • Have all bank statements mailed directly to Mayor Chester who will open and inspect the bank statement activity before providing the bank statements to Dale; alternatively, provide online access to Mayor Chester who reviews bank statement activity and signs a monthly memo documenting his review
  • Once or twice a year, have council members pick two months at random (e.g., May and September) and review key bank statement activity (e.g., the operating and payroll accounts)
  • Once or twice a year, have council members randomly select checks (e.g., ten vendor checks and ten payroll checks) and review supporting documentation (e.g., invoices and time sheets)
  • Once or twice a year, have the mayor and council review receipt collections and related documentation (e.g., for two days deposits); agree receipts to bank deposits and to the general ledger
  • Provide monthly budget to actual reports to mayor and council
  • Provide monthly overtime summaries to mayor and council
  • Do not allow Dale to sign checks
  • Require two signatures on checks above a certain level (e.g., $5,000); have two of the council members (in addition to the mayor) on the bank signature cards; supporting documentation (e.g., invoice) should be provided to check signers for review
  • Require Mayor Chester and Dale to authorize any wire transfers
  • Have Dale provide the mayor with monthly bank reconciliations; the mayor should document (e.g., initial the reconciliation) his review
  • Don’t provide Dale with a credit card
  • If Dale is provided a credit card, provide him with one card; use a low maximum credit limit (e.g., $1,000); Dale’s credit card statements should be provided to the mayor when he signs the related check for payment
  • Use a centralized receipting location (if possible); receipts should always be written upon collection of a payment

Higher Cost Fraud Fraud Prevention

Now let’s examine some higher cost options (that are probably more effective):

  • Have an outside CPA or Certified Fraud Examiner (CFE) perform the receipting and payment tests listed above
  • Have an outside CPA or CFE map your internal control system and make system-design recommendations
  • Have an outside CPA or CFE make surprise unannounced visits (e.g., two per year) to examine the receipting system, payroll, and the payment system; at the beginning of the year, tell Dale that the surprise visits will occur (details of what will be tested should not be communicated to Dale)
  • Install a security camera to record all of Dale’s collection and receipting activity
  • Purchase fidelity bond to cover elected officials and Dale

Keep in mind that you can limit the cost of the outside CPA; simply include contract limits for the project; the contract might read Surprise audit of vendor payments with cost limited to $1,500. Try to contract with a CPA or CFE with governmental experience. The surprise audits and the fidelity bond recommendations are, in my opinion, the most critical steps.

Some states like New York audit local governments for fraud; consequently, if your local government is frequently audited by a state agency, there may be less of a need to hire an outside CPA or CFE to perform fraud prevention procedures.

Additional Fraud Prevention Resources

Click here for a list of local government controls to consider.

For additional insights into preventing fraud in your government, get The Little Book of Local Government Fraud Prevention on Amazon.

The above picture is courtesy of iStockphoto.com.

Steal Like a Boss
Apr 07

Steal Like a Boss

By Charles Hall | Accounting and Auditing , Fraud , Local Governments

Can you steal like a boss? White collar crime takes special skills and thoughts. Do you have what it takes? Here’s my tongue-in-cheek look at how I would steal.

Steal Like a Boss

Picture Courtesy of iStockphoto.com

To steal, I need to:

  1. Be Believable
  2. Have a Cause
  3. Calm My Conscience
  4. Develop My Plan
  5. Execute My Plan
  6. If Caught, Settle Out of Court

1. Be Believable

I must be seen as trustworthy. The more age, experience, and education I have, the better. The longer I work for the organization, the more I will be trusted.

And while I’m at it, I’ll do what I can to move to positions of higher authority which will provide me with greater opportunities. Being the boss will enable me to steal like a boss.

If possible, I will gain the ability to authorize or initiate purchases. Kickbacks (paid to those who authorize payments) are difficult to detect, even by professional fraud examiners, and the dollars can be significant. Like stealing candy from a baby.

2. Have a Cause

Any financial pressure will do–a gambling or drug habit, an affair, medical bills, or maybe I just want to appear more successful than I am. If I don’t have a need, I will create one. I am my own cause.

My unshareable need (cause) must not be known by others lest they suspect my need for cash.

3. Calm My Conscience

I hate when that little voice starts talking: “Charles, you can’t do this. Your grandmother would be so ashamed.” It takes skill and fortitude, but I must calm my conscience. All the more reason to have a cause (see point 2.). The more noble I can make my cause, the better. Something like, “I’ve earned this. The company should realize my greatness and provide me with appropriate compensation. I have three kids in college, and they need this. You know I really want to be good provider for my family.” I may need to start stealing borrowing or compensating myself in small amounts and then build up. This will make it easier for my conscience to adjust.

I need to think correctly. When that little voice speaks, I will reword those thoughts. I know I am right.

4. Develop My Plan

I will pay attention to control weaknesses.

Our auditors have told us for years that we lack appropriate segregation of duties. Opportunity awaits.

If I am going to steal be compensated appropriately, I need to make it worth my while. Be bold. Think big. I have noticed that one of our key vendors has been very kind to me, a free week-long trip to Vegas for the last three years. And a key contract renewal is coming up. I think cash would be better this year. Besides, I know the CFO received an even sweeter trip than I did last year. And bribes gifts don’t hurt anyone; the vendor pays for them (though I have noticed the vendor’s pricing seems to be increasing…actually, exploding).

5. Execute My Plan

Take Compensate myself in a steady under-the-radar kind of way. Most folks get greedy. I must be diligent to work in a measured way, not taking receiving more than would be noticed. Greed is my enemy, the element that lands good guys like me in the newspapers.

Also, I think I can consistently steal borrow money from the receipts cycle since I am in charge of daily deposits and all related accounting duties. This might cost me my vacation though. I need to be on the job to continue to hide perform my duties. But if the funds taken compensation is enough, I can forgo the Vegas trip.

6. If I Get Caught, Settle Out of Court

If I am discovered someone notices that I have borrowed funds, then I may have to beg for forgiveness and promise to pay it back. And, of course, I need to make sure the company understands my concern for its reputation; news like this does not coalesce well with the company’s mission statement: Honesty and Compassion for Those We Serve.

I don’t need a criminal record, especially if I need to steal borrow funds from my next employer.

More Fraud Information

You’ll find more information about fraud prevention in my book: The Little Book of Local Government Fraud Prevention.

corporate account takeover
Oct 10

Corporate Account Takeover

By Charles Hall | Accounting and Auditing , Fraud , Local Governments

Some thieves gain control of company bank accounts using a corporate account takeover scheme. And with that control they steal money. Below you’ll see how this type of theft occurs.

On March 17, 2010, cyber thieves hacked into the computers of Choice Escrow and stole the login ID and password to their online banking account. With that information, the thieves were able to submit a $440,000 wire transfer from Choice Escrow’s bank account to an account in Cyprus.

Corporate account takeover

Courtesy of istockphoto.com

When Choice Escrow and the bank were unable to resolve their differences, Choice Escrow filed suit. The back-and-forth legal battle lasted until March 18, 2013 when a court ruled the loss was the responsibility of Choice Escrow. A major determining factor in the decision was Choice Escrow’s refusal of the dual control security mechanism offered by Bancorpsouth Bank. According to Article 4A of the Uniform Commercial Code, if an institution offers a reasonable security procedure to a commercial customer and that customer turns down that security procedure, then the customer is liable in the event of a loss.

Bancorpsouth Bank offered dual control to Choice Escrow twice. Not only did the bank offer this security feature to Choice Escrow, but Bancorpsouth also documented the customer’s refusal to use the security feature. The documentation of the customer’s refusal of the security features was a determining factor in this case. From a bank’s perspective, this case underscores the importance of a written agreement with commercial online banking customers and, more importantly, the importance of documenting the security procedures offered to those customers. From a user’s perspective, the case highlights the need to use the security procedures offered.

Corporate Account Takeover

Corporate account takeover is a term which has become more prevalent over recent years. Generally speaking, corporate account takeover occurs when an unauthorized person or entity gains access or control over another entity’s finances or bank accounts. This usually results in the theft of money in the form of fraudulent wire transfers or ACH transactions.

These fraud schemes first began to be noticed in 2005 but have since become much more widespread and frequent. Recent statistics have revealed that the fraudsters carrying out these schemes are actually becoming less successful in getting money out of a bank account. This reduction is due to both increased efforts on the part of the financial institutions, as well as better education of the customer to help them avoid becoming a target.

Usually, the financial institutions themselves are not the targets of the attack but rather the corporate customers of the institution. Using malware, social engineering and various other methods, the fraudster obtains information about the customer’s online banking credentials. Once the online banking credentials have been obtained, a request for wire or ACH transfers is placed by the thief. Any business may be targeted for these types of attacks, but those at risk mostly are small businesses, governments, and nonprofits who have limited resources to protect against such threats.

This Post Contributed by John McLeod

This post was contributed by John McLeod, one my firm associates who audits financial institutions and specializes in technology issues. John is a CPA and is CISA certified. He often speaks to banking groups about technology and internal controls. You can reach him at jmcleod@mmmcpa.com.

Click here to see my recent post about wire fraud prevention.

Sep 11

Yellow Book CPE Requirements – A Summary

By Charles Hall | Accounting and Auditing , Local Governments

What are the requirements for Yellow Book continuing professional education (CPE)?

Below we will address (1) who is subject to the Yellow Book CPE requirements and (2) what CPE classes satisfy those requirements.

Yellow Book CPEOverview

First realize there are two rules:

  1. The 80-hour rule (every two years)
  2. The 24-hour rule (every two years)

Then you must answer:

  1. Who is subject to each rule?
  2. What classes qualify for each rule?

The 24 Hour Rule – Who is Subject?

The answer: each auditor performing work on a Yellow Book audit; if as an auditor you work on the engagement, you are subject to this rule. If your audit report contains a Yellow Book report (usually located just after the notes to the financial statements), then that engagement is subject to generally accepted government auditing standards (GAGAS).

The 80-Hour Rule – Who is Subject?

The answer: Auditors who are involved in any amount of:

1. Planning,
2. Directing, or
3. Reporting on GAGAS assignments
and
4. Those auditors who are not involved in those activities but charge 20 percent or more of their time annually to GAGAS assignments.

I interpret 1., 2. and 3. as mainly partners, managers, and in-charges. 4. relates to staff who support the audit.

So a staff person that does not meet the criteria in 4., but still works on a Yellow Book engagement must still satisfy the 24-hour rule (but not the 80-hour rule).

What Classes Qualify?

The Yellow Book states, “Determining what subjects are appropriate for individual auditors to satisfy both the 80-hour and the 24-hour requirements is a matter of professional judgment to be exercised by auditors in consultation with appropriate officials in their audit organizations.”

First we see that there is judgment in what qualifies (no bright yellow lines). But there are differences in the 80-hour rule and the 24-hour rule; otherwise, there would be only one category.

The 80-Hour Rule – Classes that Qualify

The 80-hour rule is broad (encompassing any CPE that enhances the auditor’s professional proficiency); so, for example, CPE classes about writing skills or using Excel would qualify. (Taxation CPE usually does not qualify unless the class addresses audit-related issues. For example, a 1040 tax class does not qualify.)

For those subject to the 80 hour rule, at least 20 hours of CPE should be taken in each year of the two-year period; a total of 80 hours is to be taken in the two-year period.

The 24-Hour Rule – Classes that Qualify

Each auditor performing work under GAGAS should complete, every 2 years, at least 24 hours of CPE that directly relates to government auditing, the government environment, or the specific or unique environment in which the audited entity operates.

The 24-hour rule is specific to:
(1) Government auditing,
(2) The government environment or
(3) To the specific or unique environment in which the audited entity operates.

Government Auditing

Classes directly related to standards used in governmental auditing qualify; since GAGAS incorporates the AICPA statements on auditing standards (SASs) for field work and reporting, then audit classes that include a study of the SASs as they relate to the audit of your governmental entity would qualify. The same is true of pronouncements issued by the FASB. Single Audit classes also obviously qualify.

Government Environment

CPE dealing with Governmental Accounting Standards (GASB pronouncements) will qualify for the 24-hour rule since the class focuses on accounting standards in the government environment.

If you audit a county or a city, then most any CPE dealing with GASB pronouncements or governmental issues (e.g., sales taxes) will satisfy the 24-hour rule; also classes dealing with compliance with laws and regulations qualify.

Classes addressing economic conditions, fiscal trends, and pressures facing the governmental entity qualify.

Specific or Unique Environment in Which the Audited Entity Operates

Suppose you audit electric membership corporations (EMCs) subject to the Yellow Book; a CPE class about electrical supply grids qualifies. Or if you audit banks subject to Yellow Book requirements (e.g., FHA loans), then a CPE class dealing with lending qualifies. These classes address issues in the unique environment in which the audited entity operates.

Two-Year Cycle

An audit organization can adopt a standard 2-year period for all of its auditors to simplify administration of the CPE requirements.

Carryover Credit

Auditors are not allowed to carry over hours taken in excess of the 24-hour or 80-hour rule to the next reporting period.

Proration of Hours for New-Hires (or Those Newly Assigned to a Yellow Book Audit)

You will prorate the hourly requirements based on the remaining 6-month intervals in your two-year reporting period. For example, you hire someone on May 1, 2013 and your two-year cycle ends December 31, 2013. There is only one remaining 6-month period. If you are subject to the 24 hour rule, then you will multiply 25% (one six-month period divided by the four six-month periods in the two-year cycle) times 24 to compute the hours required: 6 hours.

GAO Guidance

Click here for the April 2005 GAO publication: Government Auditing Standards, Guidance on GAGAS Requirements for Continuing Professional Education.

GASB 61
Jul 07

GASB 61 – Financial Reporting Entity

By Charles Hall | Accounting and Auditing , Local Governments

I well remember how confused I was when GASB 14 came out – even though Harold Monk did his best to enlighten me. Since then, I don’t know how many entities I’ve looked at, trying to determine whether they were component units. I do know I have become well acquainted with the flowchart in GASB 14; strangely enough, we have become friends (yes, I know it’s weird having a flowchart for a friend, but such is my life). We now have an updated flowchart in GASB 61 – a new friend I guess.

GASB 61

GASB reconsidered GASB 14 and created GASB 61, Financial Reporting Entity: Omnibus – an Amendment to GASB Statements No. 14 and No. 34. The effective date is for periods beginning after June 15, 2012. 

Let’s take a look at GASB 61. First, we will consider whether an entity should be included as a component unit, and then we will look at whether the entity should be blended or discretely presented.

1. Evaluating Inclusion of Potential Component Units

First ask, “does the primary government appoint a voting majority of the potential component unit’s board?”

If yes, you will include the component unit if the primary government:

  1. has the ability to impose its will upon the potential component unit or
  2. has a potential financial benefit or burden related to the potential component unit (PCU)

If no, consider whether the potential component unit meets the fiscal dependency and financial benefit/burden criteria. If yes, then include the component unit. If no, ask whether it would be misleading to exclude the potential component unit; if it would be misleading, then you will include the PCU (normally discretely presented).

2. Blended or Discretely Presented Decision

Blend the component unit if any of the following three criteria is true:

1. If the component unit’s governing body is substantively the same (basically having the same board members) as the governing body of the primary government, then you will blend the component unit into the primary government provided:

    • there is a financial benefit or burden relationship, or
    • the primary government has operational responsibility for the component unit.

Operational responsibility is defined as managing “the activities in the essentially the same manner in which it manages its own programs, departments, or agencies.”

(Notice the primary government’s legal control of the component unit does not affect the blending decision.)

2. Another consideration – commonly known as the exclusive benefit criterion –  is whether the component unit’s goods or services are entirely or almost entirely provided to the government itself (this does not include providing services to the government’s citizenry or customers). If the answer is yes, then the component unit will be blended.

university foundation, for example, is usually designed to (and often does) exclusively benefit the university (the primary government) and would, therefore, be blended.

A university hospital, by contrast, will be presented discretely (in the university’s financial statements) since the hospital is primarily providing benefits to patients rather than the government. (This is true even if the articles of incorporation for the hospital state that the entity is designed for the exclusive benefit of the university.)

3. GASB 61 includes one new blending criteria: if the primary government will repay entirely or almost entirely (with resources of the primary government) a component unit’s total debt outstanding (including leases), the component unit will be blended. The standard does allow for discrete presentation if the primary government’s resources are the second source of debt repayment or if resources received from the primary government are among other sources of repayment available.

If the component unit does not meet any of the three blending criteria, then it will be presented discretely.

OCBOA Financial statements
Jan 05

OCBOA Governmental Financial Statements

By Charles Hall | Accounting and Auditing , Local Governments

The AICPA recently provided a webcast titled: The New AICPA OCBOA Publications: What They Are and How They Apply to Governments and Not-for-Profits Using Cash, Modified Cash, and Regulatory Frameworks.

I was surprised to see the number of governments that present financial statements in accordance with an other comprehensive basis of accounting (OCBOA). The webcast did not provide an exact percentage of governments using OCBOA, but it looks like you can easily conclude that over 33% of governments use OCBOA. 

OCBOA Financial statements

Why Issue OCBOA Financial Statements?

As I said in my prior OCBOA post, the short answer is: Cost. If you’ve created GAAP basis governmental financial statements, you know how complicated these statements are. OCBOA statements—whether cash basis, modified cash basis or tax basis—are simpler to create. 

Many governments require GAAP basis statements so make sure, before making any changes, that OCBOA statements are permissible in your locale.

Modified Cash Basis of Accounting

The modified cash basis is the pure cash basis with modifications having substantial support. (A pure cash basis of accounting would reflect only cash inflows and outflows with beginning and ending cash.)

A common modification to the cash basis is the capitalization of assets purchased and recognition of depreciation over estimated useful lives. Though using the modified cash basis, impaired capital assets may also be written down. In addition, the related long-term debt would normally also be recorded. 

Another common modification is the deferral of revenue recognition for governments receiving cash that will be used in future periods; the deferral would be shown as a liability.

OCBOA Presentation Issues

GAAP basis governmental financial statements reflect government-wide and fund-level presentations. OCBOA statements will normally include the same type of presentation – government-wide and fund-level statements – though you are using different recognition criteria. A general rule for OCBOA statements is: follow GAAP guidelines where you can; this includes disclosures (though the notes are amended in accordance with the framework used).

While not required for OCBOA statements, you may include supplementary information.

Required supplementary information (RSI) is not required under the modified cash basis, but can be provided; if provided, the information is not considered RSI but supplementary information or additional information. RSI can only be “required” by GAAP.

While certain disclosures are not required in OCBOA statements (e.g., fair value of investments or the funded status of a defined benefit plan), such information can be provided in the notes. 

Use of the AICPA Financial Reporting Framework for Small- and Medium-Sized Entities 

Governments should not use the AICPA small- and medium-sized entity framework.

Updated AICPA Guidance

If you are issuing governmental OCBOA statements, I strongly recommend that you purchase the AICPA’s updated book: Applying OCBOA in State and Local Governmental Financial Statements. Mike Crawford and Mike Glynn have done a fine job in preparing this publication.

Yellow Book independence
May 11

Yellow Book Independence and Preparing Financial Statements

By Charles Hall | Accounting and Auditing , Local Governments

Yellow Book independence is critical for Yellow Book engagements.

Yellow Book Independence

Are you a CPA that prepares city or county financial statements for an audit client?

If yes, are you independent?

The 2011 Yellow Book (effective for periods ending after December 15, 2012; http://www.gao.gov/yellowbook) requires that the external auditor document the CPA firm’s independence when the firm also provides nonaudit services (such as preparation of financial statements).  Many small governments have their external auditors prepare their financial statements.

Having Sufficient Skill, Knowledge, and Experience

When auditors prepare financial statements, the independence determination will largely hinge on one factor: whether the city or county has a person with sufficient skill, knowledge or experience (SKE) to qualify as a reviewer.

If the government has no one with sufficient SKE, then the external auditor is not independent and can’t ethically perform the audit (and prepare the financial statements).

Yellow Book independence

Consider the following potential reviewer scenarios:

1. A 15-year mayor who is a businessman, no accounting education, no formal training in reading governmental financial statements, he understands the fund level statements but can’t grasp the reconciliation between the government-wide financial statements and the fund level financial statements.

2. Second-year finance director with no prior accounting experience graduated from a two-year college with a degree in general business.

3. Finance director with 25 years experience and is a CPA, member of GFOA, trains others in governmental accounting.

4. Finance director with a high school education but has extensive governmental accounting training from the Carl Vinson Institute, could if he liked, create the financial statements from scratch.

As you can see, the independence assessment will sometimes be black and white, but sometimes there will be shades of gray.

An Alternative

If the auditor can’t get comfortable with the SKE of the government’s financial statement reviewer, there is one alternative: the local government can hire someone outside the government with sufficient SKE to be the reviewer (for example a CPA not affiliated with the external audit firm).

Bottom Line

At the end of the day, the local government must have a designated person (either internally or externally) with sufficient SKE for the audit firm to be independent.

>